From 30539e068f90fada74b37299878c3b9226305a70 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 14 Feb 2024 11:28:34 +0100 Subject: [PATCH] feat: use snowfall flake for nix to make packages reusable by other flakes Signed-off-by: Harald Hoyer --- flake.lock | 123 +++++++++++++++++++++++------------ flake.nix | 124 +++++++++--------------------------- packages/teepot/default.nix | 77 ++++++++++++++++++++++ shells/teepot/default.nix | 7 ++ 4 files changed, 198 insertions(+), 133 deletions(-) create mode 100644 packages/teepot/default.nix create mode 100644 shells/teepot/default.nix diff --git a/flake.lock b/flake.lock index cebcff2..d1e3df7 100644 --- a/flake.lock +++ b/flake.lock @@ -16,16 +16,32 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -36,7 +52,25 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_2" + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1696331477, + "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils-plus_2": { + "inputs": { + "flake-utils": "flake-utils_3" }, "locked": { "lastModified": 1696331477, @@ -57,11 +91,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -75,11 +109,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -100,16 +134,17 @@ "original": { "owner": "numtide", "repo": "nix-filter", + "rev": "3449dc925982ad46246cfc36469baf66e1b64f17", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1707347730, - "narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=", + "lastModified": 1707786466, + "narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6", + "rev": "01885a071465e223f8f68971f864b15829988504", "type": "github" }, "original": { @@ -119,22 +154,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1706487304, - "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixsgx-flake": { "inputs": { "nixpkgs": [ @@ -143,11 +162,11 @@ "snowfall-lib": "snowfall-lib" }, "locked": { - "lastModified": 1707314146, - "narHash": "sha256-NcqWVXkGBautT44YcQgZdVK1Vwqop1V8nDoPEzKr0uE=", + "lastModified": 1707844282, + "narHash": "sha256-V8JkiRtQBw0mjw7NozRQqF4yWxRpp6og0LeutWgqyEY=", "owner": "matter-labs", "repo": "nixsgx", - "rev": "e3bbd5415eb845c8857dd0963febcef71866cd4a", + "rev": "c837db99a811dc1762e3ed25abb1465a1b3d96c2", "type": "github" }, "original": { @@ -158,29 +177,32 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", "nixsgx-flake": "nixsgx-flake", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay", + "snowfall-lib": "snowfall-lib_2" } }, "rust-overlay": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1707444620, - "narHash": "sha256-P8kRkiJLFttN+hbAOlm11wPxUrQZqKle+QtVCqFiGXY=", + "lastModified": 1707876656, + "narHash": "sha256-urnZg6e2JjziBosarDB1MnjPeVqcu3PeSqIpqQKYrdg=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "78503e9199010a4df714f29a4f9c00eb2ccae071", + "rev": "3ad32bb27c700b59306224e285b66577e3532dfc", "type": "github" }, "original": { "owner": "oxalica", "repo": "rust-overlay", + "rev": "3ad32bb27c700b59306224e285b66577e3532dfc", "type": "github" } }, @@ -207,6 +229,29 @@ "type": "github" } }, + "snowfall-lib_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils-plus": "flake-utils-plus_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696432959, + "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index f43378a..463e003 100644 --- a/flake.nix +++ b/flake.nix @@ -4,112 +4,48 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - nix-filter.url = "github:numtide/nix-filter"; - flake-utils.url = "github:numtide/flake-utils"; - nixsgx-flake = { url = "github:matter-labs/nixsgx"; inputs.nixpkgs.follows = "nixpkgs"; }; - rust-overlay.url = "github:oxalica/rust-overlay"; - }; - - outputs = { self, nixpkgs, flake-utils, nix-filter, nixsgx-flake, rust-overlay }: - flake-utils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { inherit system; overlays = [ (import rust-overlay) nixsgx-flake.overlays.default ]; }; - rustVersion = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - makeRustPlatform = pkgs.makeRustPlatform.override { - stdenv = pkgs.stdenvAdapters.useMoldLinker pkgs.gccStdenv; - }; - rustPlatform = makeRustPlatform { - cargo = rustVersion; - rustc = rustVersion; - }; - - filter = nix-filter.lib; + snowfall-lib = { + url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - bin = rustPlatform.buildRustPackage { - pname = "teepot"; - version = "0.1.0"; + rust-overlay = { + url = "github:oxalica/rust-overlay?rev=3ad32bb27c700b59306224e285b66577e3532dfc"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - nativeBuildInputs = with pkgs; [ - pkg-config - rustPlatform.bindgenHook - ]; + nix-filter.url = "github:numtide/nix-filter?rev=3449dc925982ad46246cfc36469baf66e1b64f17"; + }; - buildInputs = with pkgs; [ - nixsgx.sgx-sdk - nixsgx.sgx-dcap - nixsgx.sgx-dcap.quote_verify - ]; + outputs = inputs: + inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; - src = filter { - root = ./.; - exclude = [ - ".github" - ".gitignore" - "flake.lock" - "flake.nix" - "LICENSE-APACHE" - "LICENSE-MIT" - "README.md" - "renovate.json" - "deny.toml" - (filter.inDirectory "examples") - (filter.inDirectory "vault") - ]; - }; - RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe"; - cargoBuildFlags = "--all"; - checkType = "debug"; - cargoLock = { - lockFile = ./Cargo.lock; - }; + package-namespace = "teepot"; - outputs = [ - "out" - "tee_key_preexec" - "tee_self_attestation_test" - "tee_stress_client" - "tee_vault_admin" - "tee_vault_unseal" - "teepot_read" - "teepot_write" - "vault_admin" - "vault_unseal" - "verify_attestation" - ]; + overlays = with inputs; [ + nixsgx-flake.overlays.default + rust-overlay.overlays.default + nix-filter.overlays.default + ]; - postInstall = '' - mkdir -p $out/nix-support - for i in $outputs; do - [[ $i == "out" ]] && continue - mkdir -p "''${!i}/bin" - echo "''${!i}" >> $out/nix-support/propagated-user-env-packages - binname=''${i//_/-} - mv "$out/bin/$binname" "''${!i}/bin/" - done - ''; + alias = { + packages = { + default = "teepot"; }; - in - { - formatter = pkgs.nixpkgs-fmt; - - packages = rec { - teepot = bin; - default = teepot; + shells = { + default = "teepot"; }; + }; - devShells = { - default = pkgs.mkShell { - inputsFrom = [ bin ]; - nativeBuildInputs = with pkgs; [ - rustup - rustVersion - ]; - }; - }; - }); + outputs-builder = channels: { + formatter = channels.nixpkgs.nixpkgs-fmt; + }; + }; } diff --git a/packages/teepot/default.nix b/packages/teepot/default.nix new file mode 100644 index 0000000..cbc28e6 --- /dev/null +++ b/packages/teepot/default.nix @@ -0,0 +1,77 @@ +{ lib +, gccStdenv +, makeRustPlatform +, nix-filter +, nixsgx +, pkg-config +, rust-bin +, ... +}: +let + cargoToml = (builtins.fromTOML (builtins.readFile ../../Cargo.toml)); + rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml; + rustPlatform = makeRustPlatform { + cargo = rustVersion; + rustc = rustVersion; + }; +in +rustPlatform.buildRustPackage { + pname = cargoToml.package.name; + version = cargoToml.workspace.package.version; + + nativeBuildInputs = [ + pkg-config + rustPlatform.bindgenHook + ]; + + buildInputs = [ + nixsgx.sgx-sdk + nixsgx.sgx-dcap + nixsgx.sgx-dcap.quote_verify + ]; + + src = nix-filter { + root = ./../..; + include = [ + "Cargo.lock" + "Cargo.toml" + "assets" + "bin" + "crates" + "rust-toolchain.toml" + "src" + "tests" + ]; + }; + RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe"; + cargoBuildFlags = "--all"; + checkType = "debug"; + cargoLock = { + lockFile = ../../Cargo.lock; + }; + + outputs = [ + "out" + "tee_key_preexec" + "tee_self_attestation_test" + "tee_stress_client" + "tee_vault_admin" + "tee_vault_unseal" + "teepot_read" + "teepot_write" + "vault_admin" + "vault_unseal" + "verify_attestation" + ]; + + postInstall = '' + mkdir -p $out/nix-support + for i in $outputs; do + [[ $i == "out" ]] && continue + mkdir -p "''${!i}/bin" + echo "''${!i}" >> $out/nix-support/propagated-user-env-packages + binname=''${i//_/-} + mv "$out/bin/$binname" "''${!i}/bin/" + done + ''; +} diff --git a/shells/teepot/default.nix b/shells/teepot/default.nix new file mode 100644 index 0000000..97268b7 --- /dev/null +++ b/shells/teepot/default.nix @@ -0,0 +1,7 @@ +{ lib +, pkgs +, ... +}: +pkgs.mkShell { + inputsFrom = [ pkgs.teepot.teepot ]; +}