chore(devshell): add test shell without static glibc

The default shell links cgo statically against glibc.static for the production gitea binary. Test binaries built in that shell segfault inside cgo NSS calls (getaddrinfo/getpwuid_r) because the static glibc NSS modules need matching dynamic libs at runtime. Split the shell: - `nix develop` -> production build shell (static, unchanged) - `nix develop .#test` -> test/dev shell, no static glibc Verified: TestAPIProjects passes in the `test` shell.
2026-05-11 15:58:29 +03:00
parent 77e3801a9c
commit 921b32984b
1 changed files with 62 additions and 58 deletions
@@ -27,70 +27,74 @@
    {
      devShells = forEachSupportedSystem (
        { pkgs, ... }:
+        let
+          inherit (pkgs) lib;
+
+          # only bump toolchain versions here
+          go = pkgs.go_1_26;
+          nodejs = pkgs.nodejs_24;
+          python3 = pkgs.python314;
+          pnpm = pkgs.pnpm_10;
+
+          commonPackages = with pkgs; [
+            # generic
+            git
+            git-lfs
+            gnumake
+            gnused
+            gnutar
+            gzip
+            zip
+
+            # frontend
+            nodejs
+            pnpm
+            cairo
+            pixman
+            pkg-config
+
+            # linting
+            python3
+            uv
+
+            # backend
+            go
+            gofumpt
+            sqlite
+            golangci-lint
+            govulncheck
+            tea
+          ];
+
+          commonEnv = {
+            GO = "${go}/bin/go";
+            GOROOT = "${go}/share/go";
+            TAGS = "";
+          };
+        in
        {
-          default =
-            let
-              inherit (pkgs) lib;
+          # production build shell: cgo links statically against glibc.static
+          default = pkgs.mkShell {
+            packages =
+              commonPackages
+              ++ lib.optionals pkgs.stdenv.isLinux [ pkgs.glibc.static ];

-              # only bump toolchain versions here
-              go = pkgs.go_1_26;
-              nodejs = pkgs.nodejs_24;
-              python3 = pkgs.python314;
-              pnpm = pkgs.pnpm_10;
-
-              # Platform-specific dependencies
-              linuxOnlyInputs = lib.optionals pkgs.stdenv.isLinux [
-                pkgs.glibc.static
-              ];
-
-              linuxOnlyEnv = lib.optionalAttrs pkgs.stdenv.isLinux {
+            env =
+              commonEnv
+              // {
+                STATIC = "true";
+              }
+              // lib.optionalAttrs pkgs.stdenv.isLinux {
                CFLAGS = "-I${pkgs.glibc.static.dev}/include";
                LDFLAGS = "-L ${pkgs.glibc.static}/lib";
              };
-            in
-            pkgs.mkShell {
-              packages =
-                with pkgs;
-                [
-                  # generic
-                  git
-                  git-lfs
-                  gnumake
-                  gnused
-                  gnutar
-                  gzip
-                  zip
+          };

-                  # frontend
-                  nodejs
-                  pnpm
-                  cairo
-                  pixman
-                  pkg-config
-
-                  # linting
-                  python3
-                  uv
-
-                  # backend
-                  go
-                  gofumpt
-                  sqlite
-                  golangci-lint
-                  govulncheck
-                  tea
-                ]
-                ++ linuxOnlyInputs;
-
-              env = {
-                GO = "${go}/bin/go";
-                GOROOT = "${go}/share/go";
-
-                TAGS = "";
-                STATIC = "true";
-              }
-              // linuxOnlyEnv;
-            };
+          # test/dev shell: no static glibc — avoids cgo NSS segfaults in `go test`
+          test = pkgs.mkShell {
+            packages = commonPackages;
+            env = commonEnv;
+          };
        }
      );
    };