From e7ec7ceefda9f3a196780e6d8f54eb604ace3e99 Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Sat, 7 Jan 2023 11:09:35 +0100 Subject: [PATCH] flake: add flake-parts without moving attributes This commit adds flake-parts and does minimal enabling without moving any of the attributes into their "proper" locations yet. --- flake.lock | 37 ++++++++ flake.nix | 243 ++++++++++++++++++++++++++++------------------------- 2 files changed, 166 insertions(+), 114 deletions(-) diff --git a/flake.lock b/flake.lock index 3d7c8c7..7ec6565 100644 --- a/flake.lock +++ b/flake.lock @@ -59,6 +59,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1673047662, + "narHash": "sha256-dXYxH/0Ea5oQSkGAWWNy7HzmFutguycDGn2dt6lTYRQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "aa1f6ca773b6e740037ebfb35f7010e0c3960638", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -90,6 +108,24 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1672350804, + "narHash": "sha256-jo6zkiCabUBn3ObuKXHGqqORUMH27gYDIFFfLq5P4wg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "677ed08a50931e38382dbef01cba08a8f7eac8f6", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-test": { "locked": { "lastModified": 1671812130, @@ -110,6 +146,7 @@ "inputs": { "crane": "crane", "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "nixpkgs-test": "nixpkgs-test", diff --git a/flake.nix b/flake.nix index 0aedd7c..62cb8f9 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,12 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/simplified-qemu-boot-disks"; + flake-parts.url = "github:hercules-ci/flake-parts"; + + # We only have this input to pass it to other dependencies and + # avoid having mulitple versions in our dependencies. + flake-utils.url = "github:numtide/flake-utils"; + crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; @@ -22,81 +28,81 @@ url = "github:edolstra/flake-compat"; flake = false; }; - flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, nixpkgs, nixpkgs-test, crane, rust-overlay, ... }: - let - pkgs = import nixpkgs { - system = "x86_64-linux"; - overlays = [ - rust-overlay.overlays.default - ]; - }; - - testPkgs = import nixpkgs-test { system = "x86_64-linux"; }; - - inherit (pkgs) lib; - - rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml; - craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly; - - uefi-run = pkgs.callPackage ./nix/packages/uefi-run.nix { - inherit craneLib; - }; - - # Build attributes for a Rust application. - buildRustApp = - { src - , target ? null - , doCheck ? true - , extraArgs ? { } - }: - let - commonArgs = { - inherit src; - CARGO_BUILD_TARGET = target; - inherit doCheck; - } // extraArgs; - - cargoArtifacts = craneLib.buildDepsOnly commonArgs; - in - { - package = craneLib.buildPackage (commonArgs // { - inherit cargoArtifacts; - }); - - clippy = craneLib.cargoClippy (commonArgs // { - inherit cargoArtifacts; - cargoClippyExtraArgs = "-- --deny warnings"; - }); - }; - - lanzabooteCrane = buildRustApp { - src = craneLib.cleanCargoSource ./rust/lanzaboote; - target = "x86_64-unknown-uefi"; - doCheck = false; - }; - - lanzaboote = lanzabooteCrane.package; - - lanzatoolCrane = buildRustApp { - src = ./rust/lanzatool; - extraArgs = { - TEST_SYSTEMD = pkgs.systemd; - checkInputs = with pkgs; [ - binutils-unwrapped - sbsigntool + outputs = inputs@{ self, nixpkgs, nixpkgs-test, crane, rust-overlay, flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + flake = let + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + rust-overlay.overlays.default ]; }; - }; - lanzatool-unwrapped = lanzatoolCrane.package; + testPkgs = import nixpkgs-test { system = "x86_64-linux"; }; - lanzatool = pkgs.runCommand "lanzatool" - { - nativeBuildInputs = [ pkgs.makeWrapper ]; - } '' + inherit (pkgs) lib; + + rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml; + craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly; + + uefi-run = pkgs.callPackage ./nix/packages/uefi-run.nix { + inherit craneLib; + }; + + # Build attributes for a Rust application. + buildRustApp = + { src + , target ? null + , doCheck ? true + , extraArgs ? { } + }: + let + commonArgs = { + inherit src; + CARGO_BUILD_TARGET = target; + inherit doCheck; + } // extraArgs; + + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + in + { + package = craneLib.buildPackage (commonArgs // { + inherit cargoArtifacts; + }); + + clippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "-- --deny warnings"; + }); + }; + + lanzabooteCrane = buildRustApp { + src = craneLib.cleanCargoSource ./rust/lanzaboote; + target = "x86_64-unknown-uefi"; + doCheck = false; + }; + + lanzaboote = lanzabooteCrane.package; + + lanzatoolCrane = buildRustApp { + src = ./rust/lanzatool; + extraArgs = { + TEST_SYSTEMD = pkgs.systemd; + checkInputs = with pkgs; [ + binutils-unwrapped + sbsigntool + ]; + }; + }; + + lanzatool-unwrapped = lanzatoolCrane.package; + + lanzatool = pkgs.runCommand "lanzatool" + { + nativeBuildInputs = [ pkgs.makeWrapper ]; + } '' mkdir -p $out/bin # Clean PATH to only contain what we need to do objcopy. Also @@ -106,51 +112,60 @@ --set RUST_BACKTRACE full \ --set LANZABOOTE_STUB ${lanzaboote}/bin/lanzaboote.efi ''; - in - { - overlays.default = final: prev: { - inherit lanzatool; + in + { + overlays.default = final: prev: { + inherit lanzatool; + }; + + nixosModules.lanzaboote = { pkgs, lib, ... }: { + imports = [ ./nix/modules/lanzaboote.nix ]; + boot.lanzaboote.package = lib.mkDefault self.packages.${pkgs.system}.lanzatool; + }; + + packages.x86_64-linux = { + inherit lanzaboote lanzatool; + default = lanzatool; + }; + + devShells.x86_64-linux.default = pkgs.mkShell { + packages = [ + uefi-run + pkgs.openssl + (pkgs.sbctl.override { + databasePath = "pki"; + }) + pkgs.sbsigntool + pkgs.efitools + pkgs.python39Packages.ovmfvartool + pkgs.qemu + pkgs.nixpkgs-fmt + pkgs.statix + ]; + + inputsFrom = [ + lanzaboote + lanzatool + ]; + + TEST_SYSTEMD = pkgs.systemd; + }; + + checks.x86_64-linux = { + lanzatool-clippy = lanzatoolCrane.clippy; + lanzaboote-clippy = lanzabooteCrane.clippy; + } // (import ./nix/tests/lanzaboote.nix { + inherit pkgs testPkgs; + lanzabooteModule = self.nixosModules.lanzaboote; + }); + }; + + systems = [ + "x86_64-linux" + ]; + + perSystem = { config, ... }: { + # Nothing here yet. }; - - nixosModules.lanzaboote = { pkgs, lib, ... }: { - imports = [ ./nix/modules/lanzaboote.nix ]; - boot.lanzaboote.package = lib.mkDefault self.packages.${pkgs.system}.lanzatool; - }; - - packages.x86_64-linux = { - inherit lanzaboote lanzatool; - default = lanzatool; - }; - - devShells.x86_64-linux.default = pkgs.mkShell { - packages = [ - uefi-run - pkgs.openssl - (pkgs.sbctl.override { - databasePath = "pki"; - }) - pkgs.sbsigntool - pkgs.efitools - pkgs.python39Packages.ovmfvartool - pkgs.qemu - pkgs.nixpkgs-fmt - pkgs.statix - ]; - - inputsFrom = [ - lanzaboote - lanzatool - ]; - - TEST_SYSTEMD = pkgs.systemd; - }; - - checks.x86_64-linux = { - lanzatool-clippy = lanzatoolCrane.clippy; - lanzaboote-clippy = lanzabooteCrane.clippy; - } // (import ./nix/tests/lanzaboote.nix { - inherit pkgs testPkgs; - lanzabooteModule = self.nixosModules.lanzaboote; - }); }; }