nix: switch everything to crane and drop naersk

This commit is contained in:
Julian Stecklina 2022-11-28 13:48:25 +01:00
parent 7926ab9e5e
commit 28bb93c5f3
3 changed files with 57 additions and 74 deletions

View File

@ -69,24 +69,6 @@
"type": "github" "type": "github"
} }
}, },
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1662220400,
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
"owner": "nix-community",
"repo": "naersk",
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1669535121, "lastModified": 1669535121,
@ -97,8 +79,10 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"type": "indirect" "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-test": { "nixpkgs-test": {
@ -118,22 +102,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1669535121,
"narHash": "sha256-koZLM7oWVGrjyHnYDo7/w5qlmUn9UZUKSFNfmIjueE8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b45ec953794bb07922f0468152ad1ebaf8a084b3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1665296151, "lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
@ -152,8 +120,7 @@
"root": { "root": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"naersk": "naersk", "nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-test": "nixpkgs-test", "nixpkgs-test": "nixpkgs-test",
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
} }
@ -186,7 +153,7 @@
"rust-overlay_2": { "rust-overlay_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1669602829, "lastModified": 1669602829,

View File

@ -11,10 +11,9 @@
nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot"; nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot";
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
naersk.url = "github:nix-community/naersk";
}; };
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay, naersk }: outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay }:
let let
pkgs = import nixpkgs { pkgs = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";
@ -28,40 +27,56 @@
rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml; rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml;
craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly; craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly;
naersk-nightly = pkgs.callPackage naersk {
cargo = rust-nightly;
rustc = rust-nightly;
};
uefi-run = pkgs.callPackage ./nix/uefi-run.nix { uefi-run = pkgs.callPackage ./nix/uefi-run.nix {
naersk = naersk-nightly; inherit craneLib;
}; };
buildRustEfiApp = src: naersk-nightly.buildPackage { # Build attributes for a Rust application.
inherit src; buildRustApp = {
cargoBuildOptions = old: old ++ [ src, target ? null, doCheck ? true
"--target x86_64-unknown-uefi" }: let
]; cleanedSrc = craneLib.cleanCargoSource src;
}; commonArgs = {
src = cleanedSrc;
CARGO_BUILD_TARGET = target;
inherit doCheck;
};
buildRustLinuxApp = src: naersk-nightly.buildPackage { cargoArtifacts = craneLib.buildDepsOnly commonArgs;
inherit src; in {
package = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
clippy = craneLib.cargoClippy (commonArgs // {
inherit cargoArtifacts;
cargoClippyExtraArgs = "-- --deny warnings";
});
}; };
# This is basically an empty EFI application that we use as a # This is basically an empty EFI application that we use as a
# carrier for the initrd. # carrier for the initrd.
initrd-stub = buildRustEfiApp ./rust/initrd-stub; initrdStubCrane = buildRustApp {
src = ./rust/initrd-stub;
lanzaboote = buildRustEfiApp ./rust/lanzaboote; target = "x86_64-unknown-uefi";
doCheck = false;
lanzatool-unwrapped-src = craneLib.cleanCargoSource ./rust/lanzatool;
lanzatool-unwrapped-deps = craneLib.buildDepsOnly { src = lanzatool-unwrapped-src; };
lanzatool-unwrapped = craneLib.buildPackage {
src = lanzatool-unwrapped-src;
cargoArtifacts = lanzatool-unwrapped-deps;
}; };
lanzabooteCrane = buildRustApp {
src = ./rust/lanzaboote;
target = "x86_64-unknown-uefi";
doCheck = false;
};
initrd-stub = initrdStubCrane.package;
lanzaboote = lanzabooteCrane.package;
lanzatoolCrane = buildRustApp {
src = ./rust/lanzatool;
};
lanzatool-unwrapped = lanzatoolCrane.package;
lanzatool = pkgs.runCommand "lanzatool" { lanzatool = pkgs.runCommand "lanzatool" {
nativeBuildInputs = [ pkgs.makeWrapper ]; nativeBuildInputs = [ pkgs.makeWrapper ];
} '' } ''
@ -159,11 +174,8 @@
}; };
in in
{ {
lanzatool-unwrapped-clippy = craneLib.cargoClippy { lanzatool-clippy = lanzatoolCrane.clippy;
src = lanzatool-unwrapped-src; lanzaboote-clippy = lanzabooteCrane.clippy;
cargoArtifacts = lanzatool-unwrapped-deps;
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
};
# TODO: user mode: OK # TODO: user mode: OK
# TODO: how to get in: {deployed, audited} mode ? # TODO: how to get in: {deployed, audited} mode ?

View File

@ -1,5 +1,5 @@
{ fetchFromGitHub, naersk, makeWrapper, OVMF, qemu }: { fetchFromGitHub, craneLib, makeWrapper, OVMF, qemu }:
naersk.buildPackage { craneLib.buildPackage {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "Richard-W"; owner = "Richard-W";
repo = "uefi-run"; repo = "uefi-run";
@ -11,7 +11,11 @@ naersk.buildPackage {
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
postInstall = '' postInstall = ''
wrapProgram "$out/bin/uefi-run" \ # The hook runs for the dependency-only derivation where the binary is not
--add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64' # produced. We need to skip it there.
if [ -f $out/bin/uefi-run ]; then
wrapProgram "$out/bin/uefi-run" \
--add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64'
fi
''; '';
} }