From 8eeaffbb35b527f8c6612b6991281985151dfa95 Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Wed, 4 Oct 2023 10:51:17 +0200 Subject: [PATCH] bazel: always use nix --- .bazelrc | 5 +- .github/workflows/build-os-image.yml | 4 +- WORKSPACE.bazel | 51 ++++++++-------- bazel/ci/BUILD.bazel | 18 ++---- bazel/mkosi/BUILD.bazel | 3 - bazel/mkosi/BUILD.tpl | 13 ---- bazel/mkosi/mkosi_configure.bzl | 40 +------------ bazel/nixos-support/BUILD.bazel | 0 bazel/nixos-support/WORKSPACE.bazel | 0 bazel/nixos-support/nixos-support.bzl | 69 ---------------------- dev-docs/workflows/build-develop-deploy.md | 18 +----- image/README.md | 5 +- image/measured-boot/cmd/BUILD.bazel | 18 ++---- 13 files changed, 49 insertions(+), 195 deletions(-) delete mode 100644 bazel/mkosi/BUILD.tpl delete mode 100644 bazel/nixos-support/BUILD.bazel delete mode 100644 bazel/nixos-support/WORKSPACE.bazel delete mode 100644 bazel/nixos-support/nixos-support.bzl diff --git a/.bazelrc b/.bazelrc index b4c4eb3366f..9e144fb2064 100644 --- a/.bazelrc +++ b/.bazelrc @@ -40,9 +40,8 @@ common:linux_amd64_static --platforms @zig_sdk//libc_aware/platform:linux_amd64_ common:linux_arm64_static --platforms @zig_sdk//libc_aware/platform:linux_arm64_musl # bazel configs to explicitly target NixOS -common:nix --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host -common:nix --crosstool_top=@local_config_cc//:toolchain -common:nix --action_env=BAZEL_NIX_HOST_PLATFORM=1 +common --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host +common --crosstool_top=@local_config_cc//:toolchain # bazel config to explicitly disable stamping (hide version information at build time) common:nostamp --nostamp --workspace_status_command= diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 3a0b9851abc..306203cd2ce 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -172,9 +172,9 @@ jobs: TARGET: //image/system:${{ matrix.csp }}_${{ matrix.attestation_variant }}_${{ needs.build-settings.outputs.stream }} run: | echo "::group::Build" - bazel build --host_platform=@rules_nixpkgs_core//platforms:host "${TARGET}" + bazel build "${TARGET}" { - echo "image-dir=$(bazel cquery --host_platform=@rules_nixpkgs_core//platforms:host --output=files "$TARGET")" + echo "image-dir=$(bazel cquery --output=files "$TARGET")" } | tee -a "$GITHUB_OUTPUT" echo "::endgroup::" diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index 224713682c3..84221d0a168 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -13,7 +13,7 @@ load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_depende rules_nixpkgs_dependencies() -load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure") +load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure") nixpkgs_git_repository( name = "nixpkgs", @@ -38,32 +38,27 @@ nixpkgs_package( repository = "@nixpkgs", ) -load("//bazel/mkosi:mkosi_configure.bzl", "find_system_mkosi") +load("//bazel/mkosi:mkosi_configure.bzl", "register_mkosi") -find_system_mkosi(name = "constellation_mkosi") +register_mkosi( + name = "mkosi_nix_toolchain", +) # Python toolchain load("//bazel/toolchains:python_deps.bzl", "python_deps") python_deps() -load("@rules_python//python:repositories.bzl", "py_repositories", "python_register_toolchains") +load("@rules_python//python:repositories.bzl", "py_repositories") py_repositories() -# if nix is installed, use nixpkgs python toolchain... nixpkgs_python_configure( fail_not_supported = False, - python3_attribute_path = "python311.withPackages(ps: with ps; [ numpy ])", + python3_attribute_path = "python311", repository = "@nixpkgs", ) -# ... otherwise, fall back to rules_python toolchain -python_register_toolchains( - name = "python3_11", - python_version = "3.11", -) - # Go toolchain load("//bazel/toolchains:go_rules_deps.bzl", "go_deps") @@ -78,18 +73,12 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_rules_dependencies") go_rules_dependencies() -local_repository( - name = "nixos-support", - path = "bazel/nixos-support", -) - -load("@nixos-support//:nixos-support.bzl", "gen_imports") +load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure") -gen_imports() - -load("@nixos_support//:imports.bzl", "cc_toolchain", "go_toolchain") - -go_toolchain() +nixpkgs_go_configure( + attribute_path = "go_1_21", + repository = "@nixpkgs", +) load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") @@ -152,7 +141,21 @@ load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains" zig_toolchains() -cc_toolchain() +nixpkgs_cc_configure(repository = "@nixpkgs") + +register_toolchains( + "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", + "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", + "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", + "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", + "@zig_sdk//toolchain:linux_amd64_gnu.2.23", + "@zig_sdk//toolchain:linux_arm64_gnu.2.23", + "@zig_sdk//toolchain:linux_amd64_musl", + "@zig_sdk//toolchain:linux_arm64_musl", + "@zig_sdk//toolchain:darwin_amd64", + "@zig_sdk//toolchain:darwin_arm64", + "@zig_sdk//toolchain:windows_amd64", +) load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index ab37db626b8..bc8a916ead7 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -410,18 +410,12 @@ repo_command( sh_template( name = "proto_targets_check", - data = select({ - "@rules_nixpkgs_core//constraints:support_nix": [ - "@diffutils//:bin/diff", - ], - "//conditions:default": [], - }), - env = select({ - "@rules_nixpkgs_core//constraints:support_nix": { - "DIFF": "$(rootpath @diffutils//:bin/diff)", - }, - "//conditions:default": {}, - }), + data = [ + "@diffutils//:bin/diff", + ], + env = { + "DIFF": "$(rootpath @diffutils//:bin/diff)", + }, substitutions = { "@@PROTO_TARGETS@@": " ".join(proto_targets()), }, diff --git a/bazel/mkosi/BUILD.bazel b/bazel/mkosi/BUILD.bazel index 06ae1742236..7ac90354c9b 100644 --- a/bazel/mkosi/BUILD.bazel +++ b/bazel/mkosi/BUILD.bazel @@ -5,9 +5,6 @@ Type: @constellation//bazel/mkosi:toolchain_type Toolchains: - mkosi_missing_toolchain: provides a fallback toolchain for exec platforms where mkosi might not be available. - -- mkosi_auto_toolchain: a toolchain that uses the installed mkosi. See - mkosi_configure.bzl%find_system_mkosi for usage. """ load(":toolchain.bzl", "is_mkosi_available", "mkosi_make_variables", "mkosi_toolchain") diff --git a/bazel/mkosi/BUILD.tpl b/bazel/mkosi/BUILD.tpl deleted file mode 100644 index a983918db1d..00000000000 --- a/bazel/mkosi/BUILD.tpl +++ /dev/null @@ -1,13 +0,0 @@ -# This content is generated by {GENERATOR} -load("@constellation//bazel/mkosi:toolchain.bzl", "mkosi_toolchain") - -mkosi_toolchain( - name = "mkosi_auto", - path = "{MKOSI_PATH}", -) - -toolchain( - name = "mkosi_auto_toolchain", - toolchain = ":mkosi_auto", - toolchain_type = "@constellation//bazel/mkosi:toolchain_type", -) diff --git a/bazel/mkosi/mkosi_configure.bzl b/bazel/mkosi/mkosi_configure.bzl index 23a7d9c239f..fe517016a88 100644 --- a/bazel/mkosi/mkosi_configure.bzl +++ b/bazel/mkosi/mkosi_configure.bzl @@ -1,43 +1,7 @@ -"""Repository rule to autoconfigure a toolchain using the system mkosi.""" +"""Repository rule to configure a toolchain using nixpkgs mkosi.""" -def _write_build(rctx, path): - if not path: - path = "" - rctx.template( - "BUILD", - Label("//bazel/mkosi:BUILD.tpl"), - substitutions = { - "{GENERATOR}": "@constellation//bazel/mkosi/mkosi_configure.bzl%find_system_mkosi", - "{MKOSI_PATH}": str(path), - }, - executable = False, - ) - -def _find_system_mkosi_impl(rctx): - mkosi_path = rctx.which("mkosi") - if rctx.attr.verbose: - if mkosi_path: - print("Found mkosi at '%s'" % mkosi_path) # buildifier: disable=print - else: - print("No system mkosi found.") # buildifier: disable=print - _write_build(rctx = rctx, path = mkosi_path) - -_find_system_mkosi = repository_rule( - implementation = _find_system_mkosi_impl, - doc = """Create a repository that defines an mkosi toolchain based on the system mkosi.""", - local = True, - environ = ["PATH"], - attrs = { - "verbose": attr.bool( - doc = "If true, print status messages.", - ), - }, -) - -def find_system_mkosi(name, verbose = False): - _find_system_mkosi(name = name, verbose = verbose) +def register_mkosi(name): native.register_toolchains( "@constellation//bazel/mkosi:mkosi_nix_toolchain", - "@%s//:mkosi_auto_toolchain" % name, "@constellation//bazel/mkosi:mkosi_missing_toolchain", ) diff --git a/bazel/nixos-support/BUILD.bazel b/bazel/nixos-support/BUILD.bazel deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/bazel/nixos-support/WORKSPACE.bazel b/bazel/nixos-support/WORKSPACE.bazel deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/bazel/nixos-support/nixos-support.bzl b/bazel/nixos-support/nixos-support.bzl deleted file mode 100644 index ee95182a91c..00000000000 --- a/bazel/nixos-support/nixos-support.bzl +++ /dev/null @@ -1,69 +0,0 @@ -""" A repository rule use either nixpkgs or download a go toolchain / SDK """ - -def _has_nix(ctx): - return ctx.os.environ.get("BAZEL_NIX_HOST_PLATFORM", "0") == "1" - -def _gen_imports_impl(ctx): - ctx.file("BUILD", "") - - imports_for_nix = """ -load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure") -load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure") - -def go_toolchain(): - nixpkgs_go_configure( - repository = "@nixpkgs", - attribute_path = "go_1_21", - ) - -def cc_toolchain(): - nixpkgs_cc_configure(repository = "@nixpkgs") - native.register_toolchains( - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", - "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//toolchain:linux_amd64_musl", - "@zig_sdk//toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:darwin_amd64", - "@zig_sdk//toolchain:darwin_arm64", - "@zig_sdk//toolchain:windows_amd64", - ) - """ - imports_for_non_nix = """ -load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains") - -def go_toolchain(): - go_register_toolchains(version = "1.21.1") - -def cc_toolchain(): - native.register_toolchains( - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", - "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//toolchain:linux_amd64_musl", - "@zig_sdk//toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:darwin_amd64", - "@zig_sdk//toolchain:darwin_arm64", - "@zig_sdk//toolchain:windows_amd64", - ) - """ - - if _has_nix(ctx): - ctx.file("imports.bzl", imports_for_nix) - else: - ctx.file("imports.bzl", imports_for_non_nix) - -_gen_imports = repository_rule( - implementation = _gen_imports_impl, -) - -def gen_imports(): - _gen_imports( - name = "nixos_support", - ) diff --git a/dev-docs/workflows/build-develop-deploy.md b/dev-docs/workflows/build-develop-deploy.md index 913c42fd2de..eaf81a1d113 100644 --- a/dev-docs/workflows/build-develop-deploy.md +++ b/dev-docs/workflows/build-develop-deploy.md @@ -7,35 +7,21 @@ Prerequisites: * 20GB (minimum), better 40 GB disk space (required if you want to cross compile for all platforms) * [Latest version of Go](https://go.dev/doc/install). * Unless you use Nix / NixOS: [Bazelisk installed as `bazel` in your path](https://github.com/bazelbuild/bazelisk/releases). -* We recommend Nix installed via [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or NixOS as host system). +* We require Nix installed via [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or NixOS as host system). * [Docker](https://docs.docker.com/engine/install/). Can be installed with these commands on Ubuntu 22.04: `sudo apt update && sudo apt install docker.io`. As the build spawns docker containers your user account either needs to be in the `docker` group (Add with `sudo usermod -a -G docker $USER`) or you have to run builds with `sudo`. When using `sudo` remember that your root user might (depending on your distro and local config) not have the go binary in it's PATH. The current PATH can be forwarded to the root env with `sudo env PATH=$PATH `. ## Prequisites ### Linux -* Packages on NixOS or with Nix installed (use flake.nix in this repo): +* If you don't want to perform any setup, you can get a shell with Bazel and all required dependencies by running: ```sh - # add "common --config=nix" to your .bazeloverwriterc if you want to get nix compatible toolchains - echo "common --config=nix" >> .bazeloverwriterc # better would be: nix develop -i # but this doesn't play nice with bashrc, colored output and non-hermetic tools nix develop ``` -* Packages on Ubuntu: - - ```sh - sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev - ``` - -* Packages on Fedora: - - ```sh - sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel - ``` - ### Mac * To fix unsupported shell options used in some build script: diff --git a/image/README.md b/image/README.md index 63c11e24e34..9d9de99525a 100644 --- a/image/README.md +++ b/image/README.md @@ -1,9 +1,8 @@ ## Setup -Ensure you have Nix installed. This is recommended in general but a requirement for the following steps. +Ensure you have Nix installed. This is a requirement for the following steps. Consult the [developer docs](/dev-docs/workflows/build-develop-deploy.md) for more info. -At the very least, `nix` should be in your PATH and either `common --config=nix` -has to be set in the `.bazelrc` or you need to append `--config=nix` to each Bazel command. +At the very least, `nix` should be in your PATH. ## Build diff --git a/image/measured-boot/cmd/BUILD.bazel b/image/measured-boot/cmd/BUILD.bazel index a3bb2d4f87d..f2245c0258d 100644 --- a/image/measured-boot/cmd/BUILD.bazel +++ b/image/measured-boot/cmd/BUILD.bazel @@ -16,19 +16,13 @@ go_library( go_binary( name = "cmd", # keep - data = select({ - "@rules_nixpkgs_core//constraints:support_nix": [ - "@systemd//:bin/systemd-dissect", - ], - "//conditions:default": [], - }), + data = [ + "@systemd//:bin/systemd-dissect", + ], embed = [":cmd_lib"], # keep - env = select({ - "@rules_nixpkgs_core//constraints:support_nix": { - "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", - }, - "//conditions:default": {}, - }), + env = { + "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", + }, visibility = ["//visibility:public"], )