From b77ef07cec5f94d7eeb39efcacb739f0017c6e37 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 29 May 2023 00:09:07 +0200 Subject: [PATCH] project: perform clippy/rustfmt checking via a higher order derivation transformer Instead of patching the derivation in-place via flags, we just have a higher order function that takes the Rust package derivation and override it into a Rustfmt / Clippy oriented derivation: it turns off checks and adds its required dependencies. --- flake.nix | 48 ++++++++++++++------------ nix/packages/stub.nix | 77 +++++++++++------------------------------- nix/packages/tool.nix | 77 +++++++++++------------------------------- nix/packages/utils.nix | 39 +++++++++++++++++++++ 4 files changed, 105 insertions(+), 136 deletions(-) create mode 100644 nix/packages/utils.nix diff --git a/flake.nix b/flake.nix index 888a398..b90361b 100644 --- a/flake.nix +++ b/flake.nix @@ -62,12 +62,14 @@ uefiPkgs = import nixpkgs { inherit system; crossSystem = { - config = "${pkgs.hostPlatform.linuxArch}-windows"; - rustc.config = "${pkgs.hostPlatform.linuxArch}-unknown-uefi"; + # linuxArch is wrong here, it will yield arm64 instead of aarch64. + config = "${pkgs.hostPlatform.qemuArch}-windows"; + rustc.config = "${pkgs.hostPlatform.qemuArch}-unknown-uefi"; libc = null; useLLVM = true; }; }; + utils = import ./nix/packages/utils.nix; inherit (pkgs) lib; @@ -100,26 +102,28 @@ overlayAttrs = { inherit (config.packages) tool; }; - checks = let - nixosLib = import (pkgs.path + "/nixos/lib") { }; - runTest = module: - nixosLib.runTest { - imports = [ module ]; - hostPkgs = pkgs; - }; - in { - toolFmt = (tool.override { enableFmt = true; }); - stubFmt = (stub.override { enableFmt = true; }); - toolClippy = (tool.override { enableLint = true; }); - stubClippy = (stub.override { enableLint = true; }); - fatStubClippy = (fatStub.override { enableLint = true; }); - } // (import ./nix/tests/lanzaboote.nix { - inherit pkgs; - lanzabooteModule = self.nixosModules.lanzaboote; - }) // (import ./nix/tests/stub.nix { - inherit pkgs runTest; - ukiModule = self.nixosModules.uki; - }); + checks = + let + nixosLib = import (pkgs.path + "/nixos/lib") { }; + runTest = module: + nixosLib.runTest { + imports = [ module ]; + hostPkgs = pkgs; + }; + in + { + stubFmt = uefiPkgs.callPackage (utils.rustfmt stub) { }; + toolFmt = pkgs.callPackage (utils.rustfmt tool) { }; + toolClippy = pkgs.callPackage (utils.clippy tool) { }; + stubClippy = uefiPkgs.callPackage (utils.clippy stub) { }; + fatStubClippy = uefiPkgs.callPackage (utils.clippy fatStub) { }; + } // (import ./nix/tests/lanzaboote.nix { + inherit pkgs; + lanzabooteModule = self.nixosModules.lanzaboote; + }) // (import ./nix/tests/stub.nix { + inherit pkgs runTest; + ukiModule = self.nixosModules.uki; + }); pre-commit = { check.enable = true; diff --git a/nix/packages/stub.nix b/nix/packages/stub.nix index 9daab7b..83435a2 100644 --- a/nix/packages/stub.nix +++ b/nix/packages/stub.nix @@ -1,66 +1,29 @@ -{ rust, rustPlatform, clippy, rustfmt, stdenv, lib, runCommand, enableFmt ? false, enableLint ? false, fatVariant ? false }: +{ rustPlatform, stdenv, lib, fatVariant ? false }: -let - targetSpec = rust.toRustTargetSpec stdenv.hostPlatform; - targetIsJSON = lib.hasSuffix ".json" targetSpec; - shortTarget = - if targetIsJSON then - (lib.removeSuffix ".json" (builtins.baseNameOf "${targetSpec}")) - else targetSpec; -in rustPlatform.buildRustPackage - ({ - pname = "lanzaboote_stub"; - version = "0.3.0"; - src = runCommand "src" { } '' - install -D ${../../rust/stub/Cargo.toml} $out/Cargo.toml - install -D ${../../rust/stub/Cargo.lock} $out/Cargo.lock - cp -r ${../../rust/stub/src} $out/src - ''; +{ + pname = "lanzaboote_stub"; + version = "0.3.0"; + src = lib.cleanSource ../../rust/stub; # We don't want the thin code. buildNoDefaultFeatures = true; buildFeatures = if fatVariant then [ "fat" ] else [ "thin" ]; - # We don't want the thin code. - buildNoDefaultFeatures = fatVariant; - buildFeatures = lib.optional fatVariant "fat"; + cargoLock = { + lockFile = ../../rust/stub/Cargo.lock; + }; - cargoLock = { - lockFile = ../../rust/stub/Cargo.lock; - }; + # Necessary because our `cc-wrapper` doesn't understand MSVC link options. + RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link"; + # Necessary because otherwise we will get (useless) hardening options in front of + # -flavor link which will break the whole command-line processing for the ld.lld linker. + hardeningDisable = [ "all" ]; - # Necessary because our `cc-wrapper` doesn't understand MSVC link options. - RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link"; - # Necessary because otherwise we will get (useless) hardening options in front of - # -flavor link which will break the whole command-line processing for the ld.lld linker. - hardeningDisable = [ "all" ]; - - meta = with lib; { - description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems"; - homepage = "https://github.com/nix-community/lanzaboote"; - license = licenses.mit; - platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ]; - }; - } // lib.optionalAttrs enableLint { - buildPhase = '' - cargo clippy --target ${shortTarget} --all-features -- -D warnings - if grep -R 'dbg!' ./src; then - echo "use of dbg macro found in code!" - false - fi - ''; - - installPhase = '' - touch $out - ''; - } // lib.optionalAttrs enableFmt { - buildPhase = '' - echo "checking formatting..." - cargo fmt --all -- --check - ''; - - installPhase = '' - touch $out - ''; - }) + meta = with lib; { + description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems"; + homepage = "https://github.com/nix-community/lanzaboote"; + license = licenses.mit; + platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ]; + }; +} diff --git a/nix/packages/tool.nix b/nix/packages/tool.nix index 5d3bb9c..ce2faed 100644 --- a/nix/packages/tool.nix +++ b/nix/packages/tool.nix @@ -1,67 +1,30 @@ -{ stdenv -, systemd +{ systemd , binutils-unwrapped , sbsigntool , rustPlatform , lib -, runCommand -, fetchurl -, clippy -, rustfmt -, path -, enableLint ? false -, enableFmt ? false }: + rustPlatform.buildRustPackage - ({ - pname = "lanzaboote_tool"; - version = "0.3.0"; - src = runCommand "src" { } '' - install -D ${../../rust/tool/Cargo.toml} $out/Cargo.toml - install -D ${../../rust/tool/Cargo.lock} $out/Cargo.lock - cp -r ${../../rust/tool/src} $out/src - ''; +{ + pname = "lanzaboote_tool"; + version = "0.3.0"; + src = lib.cleanSource ../../rust/tool; - TEST_SYSTEMD = systemd; + TEST_SYSTEMD = systemd; - nativeBuildInputs = lib.optional enableLint clippy ++ lib.optional enableFmt rustfmt; + cargoLock = { + lockFile = ../../rust/tool/Cargo.lock; + }; - cargoLock = { - lockFile = ../../rust/tool/Cargo.lock; - }; + nativeCheckInputs = [ + binutils-unwrapped + sbsigntool + ]; - nativeCheckInputs = [ - binutils-unwrapped - sbsigntool - ]; - - meta = with lib; { - description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems"; - homepage = "https://github.com/nix-community/lanzaboote"; - license = licenses.mit; - }; - } // lib.optionalAttrs enableLint { - doCheck = false; - buildPhase = '' - cargo clippy --all-targets --all-features -- -D warnings - if grep -R 'dbg!' ./src; then - echo "use of dbg macro found in code!" - false - fi - ''; - - installPhase = '' - touch $out - ''; - } // lib.optionalAttrs enableFmt { - doCheck = false; - - buildPhase = '' - echo "checking formatting..." - cargo fmt --all -- --check - ''; - - installPhase = '' - touch $out - ''; - }) + meta = with lib; { + description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems"; + homepage = "https://github.com/nix-community/lanzaboote"; + license = licenses.mit; + }; +} diff --git a/nix/packages/utils.nix b/nix/packages/utils.nix new file mode 100644 index 0000000..a5b0e56 --- /dev/null +++ b/nix/packages/utils.nix @@ -0,0 +1,39 @@ +{ + clippy = rustPackage: { lib, rust, clippy }: + let + targetSpec = rust.toRustTargetSpec rustPackage.stdenv.hostPlatform; + inherit (lib) optionalString concatStringsSep; + in + rustPackage.overrideAttrs (old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ clippy ]; + + doCheck = false; + + buildPhase = '' + echo "checking via clippy..." + cargo clippy --target ${targetSpec} ${optionalString (old.buildNoDefaultFeatures or false) "--no-default-features "}${optionalString ((old.buildFeatures or null) != null) ''--features="${concatStringsSep " " old.buildFeatures}" ''}-- -D warnings + if grep -R 'dbg!' ./src; then + echo "use of dbg macro found in code!" + false + fi + ''; + + installPhase = '' + touch $out + ''; + }); + rustfmt = rustPackage: { rustfmt }: rustPackage.overrideAttrs (old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ rustfmt ]; + + doCheck = false; + + buildPhase = '' + echo "checking formatting..." + cargo fmt --all -- --check + ''; + + installPhase = '' + touch $out + ''; + }); +}