nix: switch everything to crane and drop naersk
This commit is contained in:
parent
7926ab9e5e
commit
28bb93c5f3
45
flake.lock
45
flake.lock
|
@ -69,24 +69,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1662220400,
|
||||
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1669535121,
|
||||
|
@ -97,8 +79,10 @@
|
|||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-test": {
|
||||
|
@ -118,22 +102,6 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1669535121,
|
||||
"narHash": "sha256-koZLM7oWVGrjyHnYDo7/w5qlmUn9UZUKSFNfmIjueE8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b45ec953794bb07922f0468152ad1ebaf8a084b3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1665296151,
|
||||
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
|
||||
|
@ -152,8 +120,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-test": "nixpkgs-test",
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
}
|
||||
|
@ -186,7 +153,7 @@
|
|||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669602829,
|
||||
|
|
72
flake.nix
72
flake.nix
|
@ -11,10 +11,9 @@
|
|||
|
||||
nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot";
|
||||
rust-overlay.url = "github:oxalica/rust-overlay";
|
||||
naersk.url = "github:nix-community/naersk";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay, naersk }:
|
||||
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay }:
|
||||
let
|
||||
pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
|
@ -28,40 +27,56 @@
|
|||
rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml;
|
||||
craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly;
|
||||
|
||||
naersk-nightly = pkgs.callPackage naersk {
|
||||
cargo = rust-nightly;
|
||||
rustc = rust-nightly;
|
||||
};
|
||||
|
||||
uefi-run = pkgs.callPackage ./nix/uefi-run.nix {
|
||||
naersk = naersk-nightly;
|
||||
inherit craneLib;
|
||||
};
|
||||
|
||||
buildRustEfiApp = src: naersk-nightly.buildPackage {
|
||||
inherit src;
|
||||
cargoBuildOptions = old: old ++ [
|
||||
"--target x86_64-unknown-uefi"
|
||||
];
|
||||
# Build attributes for a Rust application.
|
||||
buildRustApp = {
|
||||
src, target ? null, doCheck ? true
|
||||
}: let
|
||||
cleanedSrc = craneLib.cleanCargoSource src;
|
||||
commonArgs = {
|
||||
src = cleanedSrc;
|
||||
CARGO_BUILD_TARGET = target;
|
||||
inherit doCheck;
|
||||
};
|
||||
|
||||
buildRustLinuxApp = src: naersk-nightly.buildPackage {
|
||||
inherit src;
|
||||
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
|
||||
in {
|
||||
package = craneLib.buildPackage (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
|
||||
clippy = craneLib.cargoClippy (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
cargoClippyExtraArgs = "-- --deny warnings";
|
||||
});
|
||||
};
|
||||
|
||||
# This is basically an empty EFI application that we use as a
|
||||
# carrier for the initrd.
|
||||
initrd-stub = buildRustEfiApp ./rust/initrd-stub;
|
||||
|
||||
lanzaboote = buildRustEfiApp ./rust/lanzaboote;
|
||||
|
||||
lanzatool-unwrapped-src = craneLib.cleanCargoSource ./rust/lanzatool;
|
||||
lanzatool-unwrapped-deps = craneLib.buildDepsOnly { src = lanzatool-unwrapped-src; };
|
||||
|
||||
lanzatool-unwrapped = craneLib.buildPackage {
|
||||
src = lanzatool-unwrapped-src;
|
||||
cargoArtifacts = lanzatool-unwrapped-deps;
|
||||
initrdStubCrane = buildRustApp {
|
||||
src = ./rust/initrd-stub;
|
||||
target = "x86_64-unknown-uefi";
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
lanzabooteCrane = buildRustApp {
|
||||
src = ./rust/lanzaboote;
|
||||
target = "x86_64-unknown-uefi";
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
initrd-stub = initrdStubCrane.package;
|
||||
lanzaboote = lanzabooteCrane.package;
|
||||
|
||||
lanzatoolCrane = buildRustApp {
|
||||
src = ./rust/lanzatool;
|
||||
};
|
||||
|
||||
lanzatool-unwrapped = lanzatoolCrane.package;
|
||||
|
||||
lanzatool = pkgs.runCommand "lanzatool" {
|
||||
nativeBuildInputs = [ pkgs.makeWrapper ];
|
||||
} ''
|
||||
|
@ -159,11 +174,8 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
lanzatool-unwrapped-clippy = craneLib.cargoClippy {
|
||||
src = lanzatool-unwrapped-src;
|
||||
cargoArtifacts = lanzatool-unwrapped-deps;
|
||||
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
|
||||
};
|
||||
lanzatool-clippy = lanzatoolCrane.clippy;
|
||||
lanzaboote-clippy = lanzabooteCrane.clippy;
|
||||
|
||||
# TODO: user mode: OK
|
||||
# TODO: how to get in: {deployed, audited} mode ?
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ fetchFromGitHub, naersk, makeWrapper, OVMF, qemu }:
|
||||
naersk.buildPackage {
|
||||
{ fetchFromGitHub, craneLib, makeWrapper, OVMF, qemu }:
|
||||
craneLib.buildPackage {
|
||||
src = fetchFromGitHub {
|
||||
owner = "Richard-W";
|
||||
repo = "uefi-run";
|
||||
|
@ -11,7 +11,11 @@ naersk.buildPackage {
|
|||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postInstall = ''
|
||||
# The hook runs for the dependency-only derivation where the binary is not
|
||||
# produced. We need to skip it there.
|
||||
if [ -f $out/bin/uefi-run ]; then
|
||||
wrapProgram "$out/bin/uefi-run" \
|
||||
--add-flags '--bios-path ${OVMF.fd}/FV/OVMF.fd --qemu-path ${qemu}/bin/qemu-system-x86_64'
|
||||
fi
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue