From 28bb93c5f37c144d995366699bf51b5263b51d44 Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Mon, 28 Nov 2022 13:48:25 +0100 Subject: [PATCH] nix: switch everything to crane and drop naersk --- flake.lock | 45 ++++------------------------- flake.nix | 74 ++++++++++++++++++++++++++++-------------------- nix/uefi-run.nix | 12 +++++--- 3 files changed, 57 insertions(+), 74 deletions(-) diff --git a/flake.lock b/flake.lock index a6a08a2..3f8cce3 100644 --- a/flake.lock +++ b/flake.lock @@ -69,24 +69,6 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1662220400, - "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", - "owner": "nix-community", - "repo": "naersk", - "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1669535121, @@ -97,8 +79,10 @@ "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-test": { @@ -118,22 +102,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1669535121, - "narHash": "sha256-koZLM7oWVGrjyHnYDo7/w5qlmUn9UZUKSFNfmIjueE8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b45ec953794bb07922f0468152ad1ebaf8a084b3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1665296151, "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", @@ -152,8 +120,7 @@ "root": { "inputs": { "crane": "crane", - "naersk": "naersk", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-test": "nixpkgs-test", "rust-overlay": "rust-overlay_2" } @@ -186,7 +153,7 @@ "rust-overlay_2": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1669602829, diff --git a/flake.nix b/flake.nix index bdb5e22..80912fe 100644 --- a/flake.nix +++ b/flake.nix @@ -11,10 +11,9 @@ nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot"; rust-overlay.url = "github:oxalica/rust-overlay"; - naersk.url = "github:nix-community/naersk"; }; - outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay, naersk }: + outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay }: let pkgs = import nixpkgs { system = "x86_64-linux"; @@ -28,40 +27,56 @@ rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml; craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly; - naersk-nightly = pkgs.callPackage naersk { - cargo = rust-nightly; - rustc = rust-nightly; - }; - uefi-run = pkgs.callPackage ./nix/uefi-run.nix { - naersk = naersk-nightly; + inherit craneLib; }; - buildRustEfiApp = src: naersk-nightly.buildPackage { - inherit src; - cargoBuildOptions = old: old ++ [ - "--target x86_64-unknown-uefi" - ]; - }; + # Build attributes for a Rust application. + buildRustApp = { + src, target ? null, doCheck ? true + }: let + cleanedSrc = craneLib.cleanCargoSource src; + commonArgs = { + src = cleanedSrc; + CARGO_BUILD_TARGET = target; + inherit doCheck; + }; - buildRustLinuxApp = src: naersk-nightly.buildPackage { - inherit src; + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + in { + package = craneLib.buildPackage (commonArgs // { + inherit cargoArtifacts; + }); + + clippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "-- --deny warnings"; + }); }; # This is basically an empty EFI application that we use as a # carrier for the initrd. - initrd-stub = buildRustEfiApp ./rust/initrd-stub; - - lanzaboote = buildRustEfiApp ./rust/lanzaboote; - - lanzatool-unwrapped-src = craneLib.cleanCargoSource ./rust/lanzatool; - lanzatool-unwrapped-deps = craneLib.buildDepsOnly { src = lanzatool-unwrapped-src; }; - - lanzatool-unwrapped = craneLib.buildPackage { - src = lanzatool-unwrapped-src; - cargoArtifacts = lanzatool-unwrapped-deps; + initrdStubCrane = buildRustApp { + src = ./rust/initrd-stub; + target = "x86_64-unknown-uefi"; + doCheck = false; }; + lanzabooteCrane = buildRustApp { + src = ./rust/lanzaboote; + target = "x86_64-unknown-uefi"; + doCheck = false; + }; + + initrd-stub = initrdStubCrane.package; + lanzaboote = lanzabooteCrane.package; + + lanzatoolCrane = buildRustApp { + src = ./rust/lanzatool; + }; + + lanzatool-unwrapped = lanzatoolCrane.package; + lanzatool = pkgs.runCommand "lanzatool" { nativeBuildInputs = [ pkgs.makeWrapper ]; } '' @@ -159,11 +174,8 @@ }; in { - lanzatool-unwrapped-clippy = craneLib.cargoClippy { - src = lanzatool-unwrapped-src; - cargoArtifacts = lanzatool-unwrapped-deps; - cargoClippyExtraArgs = "--all-targets -- --deny warnings"; - }; + lanzatool-clippy = lanzatoolCrane.clippy; + lanzaboote-clippy = lanzabooteCrane.clippy; # TODO: user mode: OK # TODO: how to get in: {deployed, audited} mode ? diff --git a/nix/uefi-run.nix b/nix/uefi-run.nix index f2ae3b6..4f13d6b 100644 --- a/nix/uefi-run.nix +++ b/nix/uefi-run.nix @@ -1,5 +1,5 @@ -{ fetchFromGitHub, naersk, makeWrapper, OVMF, qemu }: -naersk.buildPackage { +{ fetchFromGitHub, craneLib, makeWrapper, OVMF, qemu }: +craneLib.buildPackage { src = fetchFromGitHub { owner = "Richard-W"; repo = "uefi-run"; @@ -11,7 +11,11 @@ naersk.buildPackage { nativeBuildInputs = [ makeWrapper ]; postInstall = '' - wrapProgram "$out/bin/uefi-run" \ - --add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64' + # The hook runs for the dependency-only derivation where the binary is not + # produced. We need to skip it there. + if [ -f $out/bin/uefi-run ]; then + wrapProgram "$out/bin/uefi-run" \ + --add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64' + fi ''; }