snapshot

avelanarius · avelanarius · commit e21dc7fc75ca · 2025-08-29T00:28:09.000+02:00
diff --git a/.github/workflows/build-toolbox.yml b/.github/workflows/build-toolbox.yml
@@ -0,0 +1,61 @@
+name: Build toolbox
+
+on:
+  push:
+    branches: [ master, main ]
+    paths:
+      - 'toolbox/**'
+      - 'app/playbooks/**'
+      - '.github/workflows/build-toolbox.yml'
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: ubuntu-24.04
+            arch_tag: x86_64-linux
+          - runner: ubuntu-24.04-arm64
+            arch_tag: aarch64-linux
+    runs-on: ${{ matrix.runner }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22.x'
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v27
+
+      - name: Build toolbox builder
+        shell: bash
+        run: |
+          set -euo pipefail
+          cd toolbox
+          go build -o toolbox-builder
+
+      - name: Build toolbox archive
+        shell: bash
+        run: |
+          set -euo pipefail
+          cd toolbox
+          ./toolbox-builder -yaml ../app/playbooks/60-second-linux.yaml -out toolbox-${{ matrix.arch_tag }}.tar.xz
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: toolbox-${{ matrix.arch_tag }}
+          path: toolbox/toolbox-${{ matrix.arch_tag }}.tar.xz
+          if-no-files-found: error
+          retention-days: 7
+
+
diff --git a/toolbox/go.mod b/toolbox/go.mod
@@ -0,0 +1,10 @@
+module gradient-toolbox
+
+go 1.22
+
+require (
+    gopkg.in/yaml.v3 v3.0.1
+    github.com/ulikunitz/xz v0.5.14
+)
+
+
diff --git a/toolbox/go.sum b/toolbox/go.sum
@@ -0,0 +1,5 @@
+github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg=
+github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/toolbox/main.go b/toolbox/main.go
@@ -0,0 +1,222 @@
+package main
+
+import (
+	"bytes"
+	"flag"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"gopkg.in/yaml.v3"
+)
+
+type playbookConfig struct {
+	Nixpkgs struct {
+		Version  string   `yaml:"version"`
+		Packages []string `yaml:"packages"`
+	} `yaml:"nixpkgs"`
+}
+
+func main() {
+	var yamlPath string
+	var outPath string
+	var workDir string
+
+	flag.StringVar(&yamlPath, "yaml", "", "Path to YAML with nixpkgs.packages")
+	flag.StringVar(&outPath, "out", "toolbox.tar.xz", "Output archive path")
+	flag.StringVar(&workDir, "workdir", ".", "Working directory where toolbox/ is created")
+	flag.Parse()
+
+	if yamlPath == "" {
+		fmt.Fprintln(os.Stderr, "error: -yaml path is required")
+		os.Exit(2)
+	}
+	if runtime.GOOS != "linux" {
+		fmt.Fprintln(os.Stderr, "error: this utility must run on Linux")
+		os.Exit(2)
+	}
+
+	cfg, err := readYAML(yamlPath)
+	if err != nil {
+		fatalf("failed to read YAML: %v", err)
+	}
+	if len(cfg.Nixpkgs.Packages) == 0 {
+		fatalf("no nixpkgs.packages listed in %s", yamlPath)
+	}
+
+	toolboxDir, _ := filepath.Abs(filepath.Join(workDir, "toolbox"))
+	_ = exec.Command("chmod", "-R", "u+w", toolboxDir).Run()
+	_ = exec.Command("rm", "-rf", toolboxDir).Run()
+
+	defer func() {
+		_ = exec.Command("chmod", "-R", "u+w", toolboxDir).Run()
+		_ = exec.Command("rm", "-rf", toolboxDir).Run()
+	}()
+
+	if err := nixCopy(toolboxDir, cfg.Nixpkgs.Packages); err != nil {
+		fatalf("nix copy failed: %v", err)
+	}
+
+	if err := fetchAndInstallProot(toolboxDir); err != nil {
+		fatalf("failed to install proot: %v", err)
+	}
+
+	if err := createTarXz(outPath, toolboxDir); err != nil {
+		fatalf("failed to create tar.xz: %v", err)
+	}
+
+	fmt.Printf("created %s\n", outPath)
+}
+
+func readYAML(path string) (*playbookConfig, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	var cfg playbookConfig
+	if err := yaml.Unmarshal(data, &cfg); err != nil {
+		return nil, err
+	}
+	return &cfg, nil
+}
+
+func nixCopy(destDir string, pkgs []string) error {
+	if _, err := exec.LookPath("nix"); err != nil {
+		return fmt.Errorf("nix not found in PATH: %w", err)
+	}
+	args := []string{
+		"--extra-experimental-features", "flakes",
+		"--extra-experimental-features", "nix-command",
+		"copy",
+		"--to", destDir,
+	}
+	for _, p := range pkgs {
+		args = append(args, "nixpkgs#"+p)
+	}
+	cmd := exec.Command("nix", args...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
+func fetchAndInstallProot(destDir string) error {
+	arch := runtime.GOARCH
+	var url string
+	// Values provided by user; nix base32 style digests
+	switch arch {
+	case "amd64":
+		url = "https://web.archive.org/web/20240412082958if_/http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/proot-static-5.4.0-r0.apk"
+	case "arm64":
+		url = "https://web.archive.org/web/20240412083320if_/http://dl-cdn.alpinelinux.org/alpine/edge/testing/aarch64/proot-static-5.4.0-r0.apk"
+	default:
+		return fmt.Errorf("unsupported architecture %s; only amd64 and arm64 are supported", arch)
+	}
+
+	client := &http.Client{Timeout: 60 * time.Second}
+	resp, err := client.Get(url)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("download failed: %s", resp.Status)
+	}
+	buf := &bytes.Buffer{}
+	if _, err := io.Copy(buf, resp.Body); err != nil {
+		return err
+	}
+
+	if err := extractProotFromAPK(buf.Bytes(), filepath.Join(destDir, "proot")); err != nil {
+		return err
+	}
+	return nil
+}
+
+
+
+func extractProotFromAPK(apk []byte, destPath string) error {
+	workDir, err := os.MkdirTemp("", "proot_apk_*")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(workDir)
+
+	apkPath := filepath.Join(workDir, "proot.apk")
+	if err := os.WriteFile(apkPath, apk, 0o644); err != nil {
+		return err
+	}
+
+	gzPath := apkPath + ".tar.gz"
+	if err := os.Rename(apkPath, gzPath); err != nil {
+		return err
+	}
+
+	cmd := exec.Command("tar", "-xzf", gzPath, "-C", workDir)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("tar extract failed: %w", err)
+	}
+
+	candidate := filepath.Join(workDir, "usr", "bin", "proot.static")
+	if _, err := os.Stat(candidate); err == nil {
+		return copyExecutable(candidate, destPath)
+	}
+
+	var found string
+	_ = filepath.WalkDir(workDir, func(p string, d os.DirEntry, _ error) error {
+		if d != nil && !d.IsDir() && filepath.Base(p) == "proot.static" {
+			found = p
+			return io.EOF
+		}
+		return nil
+	})
+	if found == "" {
+		return fmt.Errorf("proot.static not found in APK")
+	}
+	return copyExecutable(found, destPath)
+}
+
+func copyExecutable(src, dst string) error {
+	if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
+		return err
+	}
+	srcF, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer srcF.Close()
+
+	dstF, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o755)
+	if err != nil {
+		return err
+	}
+	if _, err := io.Copy(dstF, srcF); err != nil {
+		dstF.Close()
+		return err
+	}
+	return dstF.Close()
+}
+
+func createTarXz(outPath string, dir string) error {
+	parent := filepath.Dir(dir)
+	base := filepath.Base(dir)
+
+	cmd := exec.Command("tar", "-I", "xz -e -9 -T0", "-cf", outPath, base)
+	cmd.Dir = parent
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
+func fatalf(format string, a ...any) {
+	fmt.Fprintf(os.Stderr, format+"\n", a...)
+	os.Exit(1)
+}
+
+
