project: perform clippy/rustfmt checking via a higher order derivation transformer

Instead of patching the derivation in-place via flags, we just have a higher order function that takes the Rust package derivation and override it into a Rustfmt / Clippy oriented derivation: it turns off checks and adds its required dependencies.
2023-05-29 00:09:07 +02:00 · 2023-05-29 00:09:07 +02:00 · b77ef07cec
parent 5b22893473
commit b77ef07cec
4 changed files with 105 additions and 136 deletions
--- a/flake.nix
+++ b/flake.nix
@ -62,12 +62,14 @@
          uefiPkgs = import nixpkgs {
            inherit system;
            crossSystem = {
-              config = "${pkgs.hostPlatform.linuxArch}-windows";
+              # linuxArch is wrong here, it will yield arm64 instead of aarch64.
-              rustc.config = "${pkgs.hostPlatform.linuxArch}-unknown-uefi";
+              config = "${pkgs.hostPlatform.qemuArch}-windows";
              rustc.config = "${pkgs.hostPlatform.qemuArch}-unknown-uefi";
              libc = null;
              useLLVM = true;
            };
          };
          utils = import ./nix/packages/utils.nix;
          inherit (pkgs) lib;
@ -100,26 +102,28 @@
          overlayAttrs = { inherit (config.packages) tool; };
-          checks = let
+          checks =
-            nixosLib = import (pkgs.path + "/nixos/lib") { };
+            let
-            runTest = module:
+              nixosLib = import (pkgs.path + "/nixos/lib") { };
-              nixosLib.runTest {
+              runTest = module:
-                imports = [ module ];
+                nixosLib.runTest {
-                hostPkgs = pkgs;
+                  imports = [ module ];
-              };
+                  hostPkgs = pkgs;
-          in {
+                };
-            toolFmt = (tool.override { enableFmt = true; });
+            in
-            stubFmt = (stub.override { enableFmt = true; });
+            {
-            toolClippy = (tool.override { enableLint = true; });
+              stubFmt = uefiPkgs.callPackage (utils.rustfmt stub) { };
-            stubClippy = (stub.override { enableLint = true; });
+              toolFmt = pkgs.callPackage (utils.rustfmt tool) { };
-            fatStubClippy = (fatStub.override { enableLint = true; });
+              toolClippy = pkgs.callPackage (utils.clippy tool) { };
-          } // (import ./nix/tests/lanzaboote.nix {
+              stubClippy = uefiPkgs.callPackage (utils.clippy stub) { };
-            inherit pkgs;
+              fatStubClippy = uefiPkgs.callPackage (utils.clippy fatStub) { };
-            lanzabooteModule = self.nixosModules.lanzaboote;
+            } // (import ./nix/tests/lanzaboote.nix {
-          }) // (import ./nix/tests/stub.nix {
+              inherit pkgs;
-            inherit pkgs runTest;
+              lanzabooteModule = self.nixosModules.lanzaboote;
-            ukiModule = self.nixosModules.uki;
+            }) // (import ./nix/tests/stub.nix {
-          });
+              inherit pkgs runTest;
              ukiModule = self.nixosModules.uki;
            });
          pre-commit = {
            check.enable = true;
--- a/nix/packages/stub.nix
+++ b/nix/packages/stub.nix
@ -1,66 +1,29 @@
-{ rust, rustPlatform, clippy, rustfmt, stdenv, lib, runCommand, enableFmt ? false, enableLint ? false, fatVariant ? false }:
+{ rustPlatform, stdenv, lib, fatVariant ? false }:
 let
  targetSpec = rust.toRustTargetSpec stdenv.hostPlatform;
  targetIsJSON = lib.hasSuffix ".json" targetSpec;
  shortTarget =
    if targetIsJSON then
      (lib.removeSuffix ".json" (builtins.baseNameOf "${targetSpec}"))
    else targetSpec;
 in
 rustPlatform.buildRustPackage
-  ({
+{
-    pname = "lanzaboote_stub";
+  pname = "lanzaboote_stub";
-    version = "0.3.0";
+  version = "0.3.0";
-    src = runCommand "src" { } ''
+  src = lib.cleanSource ../../rust/stub;
      install -D ${../../rust/stub/Cargo.toml} $out/Cargo.toml
      install -D ${../../rust/stub/Cargo.lock} $out/Cargo.lock
      cp -r ${../../rust/stub/src} $out/src
    '';
  # We don't want the thin code.
  buildNoDefaultFeatures = true;
  buildFeatures = if fatVariant then [ "fat" ] else [ "thin" ];
-    # We don't want the thin code.
+  cargoLock = {
-    buildNoDefaultFeatures = fatVariant;
+    lockFile = ../../rust/stub/Cargo.lock;
-    buildFeatures = lib.optional fatVariant "fat";
+  };
-    cargoLock = {
+  # Necessary because our `cc-wrapper` doesn't understand MSVC link options.
-      lockFile = ../../rust/stub/Cargo.lock;
+  RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link";
-    };
+  # Necessary because otherwise we will get (useless) hardening options in front of
  # -flavor link which will break the whole command-line processing for the ld.lld linker.
  hardeningDisable = [ "all" ];
-    # Necessary because our `cc-wrapper` doesn't understand MSVC link options.
+  meta = with lib; {
-    RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link";
+    description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems";
-    # Necessary because otherwise we will get (useless) hardening options in front of
+    homepage = "https://github.com/nix-community/lanzaboote";
-    # -flavor link which will break the whole command-line processing for the ld.lld linker.
+    license = licenses.mit;
-    hardeningDisable = [ "all" ];
+    platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ];
-
+  };
-    meta = with lib; {
+}
      description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems";
      homepage = "https://github.com/nix-community/lanzaboote";
      license = licenses.mit;
      platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ];
    };
  } // lib.optionalAttrs enableLint {
    buildPhase = ''
      cargo clippy --target ${shortTarget} --all-features -- -D warnings
      if grep -R 'dbg!' ./src; then
        echo "use of dbg macro found in code!"
        false
      fi
    '';
    installPhase = ''
      touch $out
    '';
  } // lib.optionalAttrs enableFmt {
    buildPhase = ''
      echo "checking formatting..."
      cargo fmt --all -- --check
    '';
    installPhase = ''
      touch $out
    '';
  })
--- a/nix/packages/tool.nix
+++ b/nix/packages/tool.nix
@ -1,67 +1,30 @@
-{ stdenv
+{ systemd
 , systemd
 , binutils-unwrapped
 , sbsigntool
 , rustPlatform
 , lib
 , runCommand
 , fetchurl
 , clippy
 , rustfmt
 , path
 , enableLint ? false
 , enableFmt ? false
 }:
 rustPlatform.buildRustPackage
-  ({
+{
-    pname = "lanzaboote_tool";
+  pname = "lanzaboote_tool";
-    version = "0.3.0";
+  version = "0.3.0";
-    src = runCommand "src" { } ''
+  src = lib.cleanSource ../../rust/tool;
      install -D ${../../rust/tool/Cargo.toml} $out/Cargo.toml
      install -D ${../../rust/tool/Cargo.lock} $out/Cargo.lock
      cp -r ${../../rust/tool/src} $out/src
    '';
-    TEST_SYSTEMD = systemd;
+  TEST_SYSTEMD = systemd;
-    nativeBuildInputs = lib.optional enableLint clippy ++ lib.optional enableFmt rustfmt;
+  cargoLock = {
    lockFile = ../../rust/tool/Cargo.lock;
  };
-    cargoLock = {
+  nativeCheckInputs = [
-      lockFile = ../../rust/tool/Cargo.lock;
+    binutils-unwrapped
-    };
+    sbsigntool
  ];
-    nativeCheckInputs = [
+  meta = with lib; {
-      binutils-unwrapped
+    description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems";
-      sbsigntool
+    homepage = "https://github.com/nix-community/lanzaboote";
-    ];
+    license = licenses.mit;
-
+  };
-    meta = with lib; {
+}
      description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems";
      homepage = "https://github.com/nix-community/lanzaboote";
      license = licenses.mit;
    };
  } // lib.optionalAttrs enableLint {
    doCheck = false;
    buildPhase = ''
      cargo clippy --all-targets --all-features -- -D warnings
      if grep -R 'dbg!' ./src; then
        echo "use of dbg macro found in code!"
        false
      fi
    '';
    installPhase = ''
      touch $out
    '';
  } // lib.optionalAttrs enableFmt {
    doCheck = false;
    buildPhase = ''
      echo "checking formatting..."
      cargo fmt --all -- --check
    '';
    installPhase = ''
      touch $out
    '';
  })
--- a/nix/packages/utils.nix
+++ b/nix/packages/utils.nix
@ -0,0 +1,39 @@
 {
  clippy = rustPackage: { lib, rust, clippy }:
    let
      targetSpec = rust.toRustTargetSpec rustPackage.stdenv.hostPlatform;
      inherit (lib) optionalString concatStringsSep;
    in
    rustPackage.overrideAttrs (old: {
      nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ clippy ];
      doCheck = false;
      buildPhase = ''
        echo "checking via clippy..."
        cargo clippy --target ${targetSpec} ${optionalString (old.buildNoDefaultFeatures or false) "--no-default-features "}${optionalString ((old.buildFeatures or null) != null) ''--features="${concatStringsSep " " old.buildFeatures}" ''}-- -D warnings
        if grep -R 'dbg!' ./src; then
          echo "use of dbg macro found in code!"
          false
        fi
      '';
      installPhase = ''
        touch $out
      '';
    });
  rustfmt = rustPackage: { rustfmt }: rustPackage.overrideAttrs (old: {
    nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ rustfmt ];
    doCheck = false;
    buildPhase = ''
      echo "checking formatting..."
      cargo fmt --all -- --check
    '';
    installPhase = ''
      touch $out
    '';
  });
 }