67 lines
2.1 KiB
Nix
67 lines
2.1 KiB
Nix
|
{ rust, rustPlatform, clippy, rustfmt, stdenv, lib, runCommand, enableFmt ? false, enableLint ? false, fatVariant ? false }:
|
||
|
|
||
|
let
|
||
|
targetSpec = rust.toRustTargetSpec stdenv.hostPlatform;
|
||
|
targetIsJSON = lib.hasSuffix ".json" targetSpec;
|
||
|
shortTarget =
|
||
|
if targetIsJSON then
|
||
|
(lib.removeSuffix ".json" (builtins.baseNameOf "${targetSpec}"))
|
||
|
else targetSpec;
|
||
|
in
|
||
|
rustPlatform.buildRustPackage
|
||
|
({
|
||
|
pname = "lanzaboote_stub";
|
||
|
version = "0.3.0";
|
||
|
src = runCommand "src" { } ''
|
||
|
install -D ${../../rust/stub/Cargo.toml} $out/Cargo.toml
|
||
|
install -D ${../../rust/stub/Cargo.lock} $out/Cargo.lock
|
||
|
cp -r ${../../rust/stub/src} $out/src
|
||
|
'';
|
||
|
|
||
|
# We don't want the thin code.
|
||
|
buildNoDefaultFeatures = true;
|
||
|
buildFeatures = if fatVariant then [ "fat" ] else [ "thin" ];
|
||
|
|
||
|
# We don't want the thin code.
|
||
|
buildNoDefaultFeatures = fatVariant;
|
||
|
buildFeatures = lib.optional fatVariant "fat";
|
||
|
|
||
|
cargoLock = {
|
||
|
lockFile = ../../rust/stub/Cargo.lock;
|
||
|
};
|
||
|
|
||
|
# Necessary because our `cc-wrapper` doesn't understand MSVC link options.
|
||
|
RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link";
|
||
|
# Necessary because otherwise we will get (useless) hardening options in front of
|
||
|
# -flavor link which will break the whole command-line processing for the ld.lld linker.
|
||
|
hardeningDisable = [ "all" ];
|
||
|
|
||
|
meta = with lib; {
|
||
|
description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems";
|
||
|
homepage = "https://github.com/nix-community/lanzaboote";
|
||
|
license = licenses.mit;
|
||
|
platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ];
|
||
|
};
|
||
|
} // lib.optionalAttrs enableLint {
|
||
|
buildPhase = ''
|
||
|
cargo clippy --target ${shortTarget} --all-features -- -D warnings
|
||
|
if grep -R 'dbg!' ./src; then
|
||
|
echo "use of dbg macro found in code!"
|
||
|
false
|
||
|
fi
|
||
|
'';
|
||
|
|
||
|
installPhase = ''
|
||
|
touch $out
|
||
|
'';
|
||
|
} // lib.optionalAttrs enableFmt {
|
||
|
buildPhase = ''
|
||
|
echo "checking formatting..."
|
||
|
cargo fmt --all -- --check
|
||
|
'';
|
||
|
|
||
|
installPhase = ''
|
||
|
touch $out
|
||
|
'';
|
||
|
})
|