nix: switch everything to crane and drop naersk

This commit is contained in:
Julian Stecklina 2022-11-28 13:48:25 +01:00
parent 7926ab9e5e
commit 28bb93c5f3
3 changed files with 57 additions and 74 deletions

View File

@ -69,24 +69,6 @@
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1662220400,
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
"owner": "nix-community",
"repo": "naersk",
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1669535121,
@ -97,8 +79,10 @@
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-test": {
@ -118,22 +102,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1669535121,
"narHash": "sha256-koZLM7oWVGrjyHnYDo7/w5qlmUn9UZUKSFNfmIjueE8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b45ec953794bb07922f0468152ad1ebaf8a084b3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
@ -152,8 +120,7 @@
"root": {
"inputs": {
"crane": "crane",
"naersk": "naersk",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-test": "nixpkgs-test",
"rust-overlay": "rust-overlay_2"
}
@ -186,7 +153,7 @@
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1669602829,

View File

@ -11,10 +11,9 @@
nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot";
rust-overlay.url = "github:oxalica/rust-overlay";
naersk.url = "github:nix-community/naersk";
};
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay, naersk }:
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay }:
let
pkgs = import nixpkgs {
system = "x86_64-linux";
@ -28,40 +27,56 @@
rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml;
craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly;
naersk-nightly = pkgs.callPackage naersk {
cargo = rust-nightly;
rustc = rust-nightly;
};
uefi-run = pkgs.callPackage ./nix/uefi-run.nix {
naersk = naersk-nightly;
inherit craneLib;
};
buildRustEfiApp = src: naersk-nightly.buildPackage {
inherit src;
cargoBuildOptions = old: old ++ [
"--target x86_64-unknown-uefi"
];
# Build attributes for a Rust application.
buildRustApp = {
src, target ? null, doCheck ? true
}: let
cleanedSrc = craneLib.cleanCargoSource src;
commonArgs = {
src = cleanedSrc;
CARGO_BUILD_TARGET = target;
inherit doCheck;
};
buildRustLinuxApp = src: naersk-nightly.buildPackage {
inherit src;
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
in {
package = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
clippy = craneLib.cargoClippy (commonArgs // {
inherit cargoArtifacts;
cargoClippyExtraArgs = "-- --deny warnings";
});
};
# This is basically an empty EFI application that we use as a
# carrier for the initrd.
initrd-stub = buildRustEfiApp ./rust/initrd-stub;
lanzaboote = buildRustEfiApp ./rust/lanzaboote;
lanzatool-unwrapped-src = craneLib.cleanCargoSource ./rust/lanzatool;
lanzatool-unwrapped-deps = craneLib.buildDepsOnly { src = lanzatool-unwrapped-src; };
lanzatool-unwrapped = craneLib.buildPackage {
src = lanzatool-unwrapped-src;
cargoArtifacts = lanzatool-unwrapped-deps;
initrdStubCrane = buildRustApp {
src = ./rust/initrd-stub;
target = "x86_64-unknown-uefi";
doCheck = false;
};
lanzabooteCrane = buildRustApp {
src = ./rust/lanzaboote;
target = "x86_64-unknown-uefi";
doCheck = false;
};
initrd-stub = initrdStubCrane.package;
lanzaboote = lanzabooteCrane.package;
lanzatoolCrane = buildRustApp {
src = ./rust/lanzatool;
};
lanzatool-unwrapped = lanzatoolCrane.package;
lanzatool = pkgs.runCommand "lanzatool" {
nativeBuildInputs = [ pkgs.makeWrapper ];
} ''
@ -159,11 +174,8 @@
};
in
{
lanzatool-unwrapped-clippy = craneLib.cargoClippy {
src = lanzatool-unwrapped-src;
cargoArtifacts = lanzatool-unwrapped-deps;
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
};
lanzatool-clippy = lanzatoolCrane.clippy;
lanzaboote-clippy = lanzabooteCrane.clippy;
# TODO: user mode: OK
# TODO: how to get in: {deployed, audited} mode ?

View File

@ -1,5 +1,5 @@
{ fetchFromGitHub, naersk, makeWrapper, OVMF, qemu }:
naersk.buildPackage {
{ fetchFromGitHub, craneLib, makeWrapper, OVMF, qemu }:
craneLib.buildPackage {
src = fetchFromGitHub {
owner = "Richard-W";
repo = "uefi-run";
@ -11,7 +11,11 @@ naersk.buildPackage {
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
# The hook runs for the dependency-only derivation where the binary is not
# produced. We need to skip it there.
if [ -f $out/bin/uefi-run ]; then
wrapProgram "$out/bin/uefi-run" \
--add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64'
fi
'';
}