nix: provide a python2 toolchain
This allows us to use rules_docker from NixOS. However, the built
binaries are broken because of the Docker base image not being NixOS
based.
Change-Id: I29b93f1bae1575b04f97265c67497081d11a1910
diff --git a/third_party/nix/BUILD b/third_party/nix/BUILD
index c0821e6..12ae0fa 100644
--- a/third_party/nix/BUILD
+++ b/third_party/nix/BUILD
@@ -1,6 +1,6 @@
load("@rules_python//python:defs.bzl", "py_runtime_pair")
-# Python3 toolchain definition that uses //third_party/nix:python.nix (via
+# Python toolchain definition that uses //third_party/nix:python.nix (via
# external repository).
py_runtime(
@@ -9,8 +9,16 @@
python_version = "PY3",
)
+py_runtime(
+ name = "py2_runtime",
+ interpreter = "@hscloud_nix_python2//:python2",
+ python_version = "PY2",
+)
+
+
py_runtime_pair(
name = "py_runtime_pair",
+ py2_runtime = ":py2_runtime",
py3_runtime = ":py3_runtime",
)
diff --git a/third_party/nix/python.nix b/third_party/nix/python.nix
index 5571a60..078b711 100644
--- a/third_party/nix/python.nix
+++ b/third_party/nix/python.nix
@@ -8,26 +8,23 @@
with import <nixpkgs> {};
let
- # Add cffi for import _cffi_backend in `cryptography` to work.
- py = pkgs.python37.withPackages (ps: with ps; [ cffi ]);
-
-# We use mkDerivation instead of writeScript or writeScriptBin as we need a
-# derivation that both:
-# - has a directory structure (for rules_nixpkgs to be able to use it)
-# - has the Python interpreter directly in that structure and not in bin/, as
-# rules_python's pip3_import interpreter_path requires a file target, and
-# will not take an alias. Meanwhile, rules_nixpkgs only creates a BUILD file
-# in the root path of the external repository (which is populated with a
-# symlink tree from the nix derivation), so we can onlly directly reference
-# file in the root of a Nix derivation.
-in stdenv.mkDerivation {
- name = "py-wrapper";
- version = "1.0";
- src = ./.;
- unpackPhase = "";
- buildPhase = ''
- mkdir -p $out
- cat > $out/python3 <<EOF
+ # We use mkDerivation instead of writeScript or writeScriptBin as we need a
+ # derivation that both:
+ # - has a directory structure (for rules_nixpkgs to be able to use it)
+ # - has the Python interpreter directly in that structure and not in bin/, as
+ # rules_python's pip3_import interpreter_path requires a file target, and
+ # will not take an alias. Meanwhile, rules_nixpkgs only creates a BUILD file
+ # in the root path of the external repository (which is populated with a
+ # symlink tree from the nix derivation), so we can onlly directly reference
+ # file in the root of a Nix derivation.
+ generic = package: binary: stdenv.mkDerivation {
+ name = "${binary}-wrapper";
+ version = "1.0";
+ src = ./.;
+ unpackPhase = "";
+ buildPhase = ''
+ mkdir -p $out
+ cat > $out/${binary} <<EOF
#!/bin/bash
# pyscopg wants libpq, and uses pg_config to find paths. Inject pg_config into
@@ -37,10 +34,16 @@
# uWSGI has a truly cheese-grade build system, and this is the only way to let
# it know where to find ncurses.
export LDFLAGS="-L${pkgs.ncurses}/lib"
-exec ${py}/bin/python3 "\$@"
+exec ${package}/bin/${binary} "\$@"
EOF
- '';
- installPhase = ''
- chmod +x $out/python3
- '';
+ '';
+ installPhase = ''
+ chmod +x $out/${binary}
+ '';
+ };
+
+in {
+ # Add cffi for import _cffi_backend in `cryptography` to work.
+ python2 = generic (pkgs.python27.withPackages (ps: with ps; [ cffi ])) "python2";
+ python3 = generic (pkgs.python37.withPackages (ps: with ps; [ cffi ])) "python3";
}
diff --git a/third_party/nix/repository_rules.bzl b/third_party/nix/repository_rules.bzl
index 1a02962..35c3d2d 100644
--- a/third_party/nix/repository_rules.bzl
+++ b/third_party/nix/repository_rules.bzl
@@ -74,14 +74,25 @@
sha256 = "8b64041bfb9760de9e797c0a985a4830880c21732489f397e217d877edd9a990",
)
- # Load python3 from nixpkgs. Python is a large source of non-hermiticity,
+ # Load python from nixpkgs. Python is a large source of non-hermiticity,
# and loading it from nix vastly hermeticizes the build - well, at least to
# also be dependent on this Nix store state. That's still better than just
# grabbing whatever random system Python a user might have.
nixpkgs_package(
+ name = "hscloud_nix_python2",
+ repositories = { "nixpkgs": "@nixpkgs//:default.nix" },
+ nix_file = "//third_party/nix:python.nix",
+ attribute_path = "python2",
+ build_file_content = """
+package(default_visibility = ["//visibility:public"])
+exports_files(["python2"])
+ """,
+ )
+ nixpkgs_package(
name = "hscloud_nix_python3",
repositories = { "nixpkgs": "@nixpkgs//:default.nix" },
nix_file = "//third_party/nix:python.nix",
+ attribute_path = "python3",
build_file_content = """
package(default_visibility = ["//visibility:public"])
exports_files(["python3"])