nix: Make status-go mobile artifacts reproducible

- Replace random build paths in with fixed string
- Remove build ID sections

derivation.nix

@@ -8,9 +8,10 @@ let
   # TODO: Try to use stdenv for iOS. The problem is with building iOS as the build is trying to pass parameters to Apple's ld that are meant for GNU's ld (e.g. -dynamiclib)
   stdenv = pkgs.stdenvNoCC;
   gradle = pkgs.gradle_4_10;
-  go = pkgs.go_1_11;
+  baseGo = pkgs.go_1_11;
+  go = pkgs.callPackage ./nix/patched-go { inherit baseGo; };
   buildGoPackage = pkgs.buildGoPackage.override { inherit go; };
-  statusDesktop = pkgs.callPackage ./nix/desktop { inherit target-os stdenv status-go pkgs nodejs go; inherit (pkgs) darwin; };
+  statusDesktop = pkgs.callPackage ./nix/desktop { inherit target-os stdenv status-go pkgs nodejs; inherit (pkgs) darwin; go = baseGo; };
   statusMobile = pkgs.callPackage ./nix/mobile { inherit target-os config stdenv pkgs nodejs status-go gradle; inherit (pkgs.xcodeenv) composeXcodeWrapper; };
   status-go = pkgs.callPackage ./nix/status-go { inherit target-os go buildGoPackage; inherit (pkgs.xcodeenv) composeXcodeWrapper; inherit (statusMobile) xcodewrapperArgs; androidPkgs = statusMobile.androidComposition; };
   nodejs = pkgs.nodejs-10_x;
@@ -35,7 +36,7 @@ in with stdenv; mkDerivation rec {
   ] ++ nodePkgBuildInputs
     ++ lib.optional isDarwin cocoapods
     ++ lib.optional (isDarwin && !platform.targetIOS) clang
-    ++ lib.optional (!isDarwin) gcc7
+    ++ lib.optional (!isDarwin) gcc8
     ++ lib.catAttrs "buildInputs" selectedSources;
   shellHook = lib.concatStrings (lib.catAttrs "shellHook" selectedSources);
 }

nix/patched-go/default.nix

@@ -0,0 +1,23 @@
+#
+# Patch the Go compiler so that we can have a say (using a NIX_GOWORKDIR environment variable) as to the temporary directory it uses for linking,
+#  since that directory path ends up in the string table and .gnu.version_d ELF header
+#
+
+{ baseGo }:
+
+let
+  go = baseGo.overrideDerivation(oldAttrs: {
+    postPatch = (oldAttrs.postPatch or "") + ''
+      substituteInPlace "src/cmd/go/internal/work/action.go" --replace \
+        'tmp, err := ioutil.TempDir(os.Getenv("GOTMPDIR"), "go-build")' \
+        'var err error
+		tmp := os.Getenv("NIX_GOWORKDIR")
+		if tmp == "" {
+			tmp, err = ioutil.TempDir(os.Getenv("GOTMPDIR"), "go-build")
+		}'
+      # Disable chown tests, they fail with 'invalid argument'
+      rm src/os/os_unix_test.go
+    '';
+  });
+
+in go

nix/status-go/build-mobile-status-go.nix

@@ -21,13 +21,18 @@ let
     buildMessage = "Building mobile library for ${targetConfig.name}";
     # Build mobile libraries
     buildPhase = ''
+      mkdir $NIX_BUILD_TOP/go-build
+
       GOPATH=${gomobile.dev}:$GOPATH \
       PATH=${lib.makeBinPath [ gomobile.bin ]}:$PATH \
       ${lib.concatStringsSep " " targetConfig.envVars} \
+      NIX_GOWORKDIR=$NIX_BUILD_TOP/go-build \
       gomobile bind ${goBuildFlags} -target=${targetConfig.name} ${lib.concatStringsSep " " targetConfig.gomobileExtraFlags} \
                     -o ${targetConfig.outputFileName} \
                     ${goBuildLdFlags} \
                     ${goPackagePath}/mobile
+
+      rm -rf $NIX_BUILD_TOP/go-build
     '';
 
     installPhase = ''

nix/status-go/build-status-go.nix

@@ -5,6 +5,7 @@
   buildPhase, buildMessage,
   installPhase ? "",
   postInstall ? "",
+  preFixup ? "",
   outputs, meta } @ args':
 
 with stdenv;
@@ -17,7 +18,9 @@ let
   buildStatusGo = buildGoPackage (args // {
     name = "${repo}-${version}-${host}";
 
-    nativeBuildInputs = nativeBuildInputs ++ lib.optional isDarwin xcodeWrapper;
+    nativeBuildInputs = 
+      nativeBuildInputs ++
+      lib.optional isDarwin xcodeWrapper;
 
     # Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
     hardeningDisable = [ "fortify" ];
@@ -64,8 +67,10 @@ let
       runHook postInstall
     '';
 
-    # remove hardcoded paths to go package in /nix/store, otherwise Nix will fail the build
+    # replace hardcoded paths to go package in /nix/store, otherwise Nix will fail the build
     preFixup = ''
+      ${preFixup}
+
       find $out -type f -exec ${removeExpr removeReferences} '{}' + || true
       return
     '';

nix/status-go/default.nix

@@ -50,7 +50,7 @@ let
   currentHostConfig = if isDarwin then hostConfigs.darwin else hostConfigs.linux;
 
   goBuildFlags = "-v";
-  # TODO: Manage to pass -s -w to -ldflags. Seems to only accept a single flag
+  # TODO: Manage to pass "-s -w" to -ldflags. Seems to only accept a single flag
   goBuildLdFlags = "-ldflags=-s";
 
   xcodeWrapper = composeXcodeWrapper xcodewrapperArgs;

nix/status-go/gomobile/default.nix

@@ -31,12 +31,27 @@ in buildGoPackage rec {
     lib.optionalString platform.targetAndroid ''
     substituteInPlace cmd/gomobile/install.go --replace "\`adb\`" "\`${platform-tools}/bin/adb\`"
     '' + ''
+    WORK=$NIX_BUILD_TOP/gomobile-work
+
+    # Prevent a non-deterministic temporary directory from polluting the resulting object files
+    substituteInPlace cmd/gomobile/env.go --replace \
+      'tmpdir, err = ioutil.TempDir("", "gomobile-work-")' \
+      "tmpdir = \"$WORK\"" \
+      --replace '"io/ioutil"' ""
+
     echo "Creating $dev"
     mkdir -p $dev/src/$goPackagePath
     echo "Copying from $src"
     cp -a $src/. $dev/src/$goPackagePath
   '';
 
+  preBuild = ''
+    mkdir $WORK
+  '';
+  postBuild = ''
+    rm -rf $WORK
+  '';
+
   postInstall = ''
     mkdir -p $out $bin/lib