diff options
author | Alex Auvolat <alex@adnab.me> | 2023-01-26 12:20:12 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-01-26 12:25:48 +0100 |
commit | f251b4721f2c016e3a90d913cb766a57a53a3d30 (patch) | |
tree | cb4773a8ca81cc9bea205d9b84b3959f8241b4b5 /nix | |
parent | 1311742fe07ca619d1f37f9f1eabd07ee0d141db (diff) | |
download | garage-f251b4721f2c016e3a90d913cb766a57a53a3d30.tar.gz garage-f251b4721f2c016e3a90d913cb766a57a53a3d30.zip |
Apply nixfmt to all .nix files; fix devshell and add it to cache
Diffstat (limited to 'nix')
-rw-r--r-- | nix/build_index.nix | 257 | ||||
-rw-r--r-- | nix/common.nix | 11 | ||||
-rw-r--r-- | nix/compile.nix | 417 | ||||
-rw-r--r-- | nix/kaniko.nix | 3 | ||||
-rw-r--r-- | nix/manifest-tool.nix | 3 | ||||
-rw-r--r-- | nix/toolchain.nix | 38 | ||||
-rw-r--r-- | nix/winscp.nix | 10 |
7 files changed, 393 insertions, 346 deletions
diff --git a/nix/build_index.nix b/nix/build_index.nix index 4625e3ae..7cc4f62c 100644 --- a/nix/build_index.nix +++ b/nix/build_index.nix @@ -1,10 +1,8 @@ -{ - path ? "/../aws-list.txt", -}: +{ path ? "/../aws-list.txt", }: with import ./common.nix; -let - pkgs = import pkgsSrc {}; +let + pkgs = import pkgsSrc { }; lib = pkgs.lib; /* Converts a key list and a value list to a set @@ -13,139 +11,182 @@ let listToSet [ "name" "version" ] [ "latex" "3.14" ] => { name = "latex"; version = "3.14"; } */ - listToSet = keys: values: - builtins.listToAttrs - (lib.zipListsWith - (a: b: { name = a; value = b; }) - keys - values); + listToSet = keys: values: + builtins.listToAttrs (lib.zipListsWith (a: b: { + name = a; + value = b; + }) keys values); /* Says if datetime a is more recent than datetime b - Example: - cmpDate { date = "2021-09-10"; time = "22:12:15"; } { date = "2021-02-03"; time = "23:54:12"; } - => true + Example: + cmpDate { date = "2021-09-10"; time = "22:12:15"; } { date = "2021-02-03"; time = "23:54:12"; } + => true */ - cmpDate = a: b: - let da = (builtins.head a.builds).date; - db = (builtins.head b.builds).date; - in - if da == db then (builtins.head a.builds).time > (builtins.head b.builds).time - else da > db; - - /* Pretty platforms */ + cmpDate = a: b: + let + da = (builtins.head a.builds).date; + db = (builtins.head b.builds).date; + in if da == db then + (builtins.head a.builds).time > (builtins.head b.builds).time + else + da > db; + + # Pretty platforms prettyPlatform = name: - if name == "aarch64-unknown-linux-musl" then "linux/arm64" - else if name == "armv6l-unknown-linux-musleabihf" then "linux/arm" - else if name == "x86_64-unknown-linux-musl" then "linux/amd64" - else if name == "i686-unknown-linux-musl" then "linux/386" - else name; - - /* Parsing */ + if name == "aarch64-unknown-linux-musl" then + "linux/arm64" + else if name == "armv6l-unknown-linux-musleabihf" then + "linux/arm" + else if name == "x86_64-unknown-linux-musl" then + "linux/amd64" + else if name == "i686-unknown-linux-musl" then + "linux/386" + else + name; + + # Parsing list = builtins.readFile (./. + path); entries = lib.splitString "\n" list; - elems = builtins.filter - (e: (builtins.length e) == 4) - (map - (x: builtins.filter (e: e != "") (lib.splitString " " x)) - entries); + elems = builtins.filter (e: (builtins.length e) == 4) + (map (x: builtins.filter (e: e != "") (lib.splitString " " x)) entries); - keys = ["date" "time" "size" "path"]; + keys = [ "date" "time" "size" "path" ]; parsed = map (entry: listToSet keys entry) elems; - subkeys = ["root" "version" "platform" "binary" ]; - builds = map (entry: entry // listToSet subkeys (lib.splitString "/" entry.path) // { url = "https://garagehq.deuxfleurs.fr/" + entry.path; }) parsed; - - /* Aggregation */ - builds_per_version = lib.foldl (acc: v: acc // { ${v.version} = if builtins.hasAttr v.version acc then acc.${v.version} ++ [ v ] else [ v ]; }) {} builds; + subkeys = [ "root" "version" "platform" "binary" ]; + builds = map (entry: + entry // listToSet subkeys (lib.splitString "/" entry.path) // { + url = "https://garagehq.deuxfleurs.fr/" + entry.path; + }) parsed; + + # Aggregation + builds_per_version = lib.foldl (acc: v: + acc // { + ${v.version} = if builtins.hasAttr v.version acc then + acc.${v.version} ++ [ v ] + else + [ v ]; + }) { } builds; versions = builtins.attrNames builds_per_version; - versions_release = builtins.filter (x: builtins.match "v[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?" x != null) versions; - versions_commit = builtins.filter (x: builtins.match "[0-9a-f]{40}" x != null) versions; - versions_extra = lib.subtractLists (versions_release ++ versions_commit) versions; + versions_release = builtins.filter + (x: builtins.match "v[0-9]+.[0-9]+.[0-9]+(.[0-9]+)?" x != null) versions; + versions_commit = + builtins.filter (x: builtins.match "[0-9a-f]{40}" x != null) versions; + versions_extra = + lib.subtractLists (versions_release ++ versions_commit) versions; sorted_builds = [ { name = "Release"; hide = false; type = "tag"; - description = "Release builds are the official builds, they are tailored for productions and are the most tested."; - builds = builtins.sort (a: b: a.version > b.version) (map (x: { version = x; builds = builtins.getAttr x builds_per_version; }) versions_release); + description = + "Release builds are the official builds, they are tailored for productions and are the most tested."; + builds = builtins.sort (a: b: a.version > b.version) (map (x: { + version = x; + builds = builtins.getAttr x builds_per_version; + }) versions_release); } { name = "Extra"; hide = true; type = "tag"; - description = "Extra builds are built on demand to test a specific feature or a specific need."; - builds = builtins.sort cmpDate (map (x: { version = x; builds = builtins.getAttr x builds_per_version; }) versions_extra); + description = + "Extra builds are built on demand to test a specific feature or a specific need."; + builds = builtins.sort cmpDate (map (x: { + version = x; + builds = builtins.getAttr x builds_per_version; + }) versions_extra); } { name = "Development"; hide = true; type = "commit"; - description = "Development builds are built periodically. Use them if you want to test a specific feature that is not yet released."; - builds = builtins.sort cmpDate (map (x: { version = x; builds = builtins.getAttr x builds_per_version; }) versions_commit); + description = + "Development builds are built periodically. Use them if you want to test a specific feature that is not yet released."; + builds = builtins.sort cmpDate (map (x: { + version = x; + builds = builtins.getAttr x builds_per_version; + }) versions_commit); } ]; - json = pkgs.writeTextDir "share/_releases.json" (builtins.toJSON sorted_builds); + json = + pkgs.writeTextDir "share/_releases.json" (builtins.toJSON sorted_builds); html = pkgs.writeTextDir "share/_releases.html" '' -<!doctype html> -<html> - <head> - <meta charset="utf-8" /> - <title>Garage releases</title> - <style> - html, body { margin:0; padding: 0 } - body { font-family: 'Helvetica', Sans; } - section { margin: 1rem; } - ul { padding:0; margin: 0.2rem } - li { - border-radius: 0.2rem; - display: inline; - border: 2px #0b5d83 solid; - padding: 0.5rem; - line-height: 3rem; - color: #0b5d83; - } - li:hover { background-color: #0b5d83; color: #fff; } - li a, li a:hover { color: inherit; text-decoration: none } - </style> - </head> - <body> - ${ builtins.toString (lib.forEach sorted_builds (r: '' - <section> - <h2>${r.name} builds</h2> - - <p>${r.description}</p> - - ${if r.hide then "<details><summary>Show ${r.name} builds</summary>" else ""} - ${ builtins.toString (lib.forEach r.builds (x: '' - <h3> ${x.version} (${(builtins.head x.builds).date}) </h3> - <p>See this build on</p> - <p> Binaries: - <ul> - ${ builtins.toString (lib.forEach x.builds (b: '' - <li><a href="/${b.path}">${prettyPlatform b.platform}</a></li> - ''))} - </ul></p> - <p> Sources: - <ul> - <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/src/${r.type}/${x.version}">gitea</a></li> - <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/archive/${x.version}.zip">.zip</a></li> - <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/archive/${x.version}.tar.gz">.tar.gz</a></li> - </ul></p> - '')) } - ${ if builtins.length r.builds == 0 then "<em>There is no build for this category</em>" else "" } - ${if r.hide then "</details>" else ""} - </section> - ''))} - </body> -</html> -''; -in - pkgs.symlinkJoin { - name = "releases"; - paths = [ json html ]; - } + <!doctype html> + <html> + <head> + <meta charset="utf-8" /> + <title>Garage releases</title> + <style> + html, body { margin:0; padding: 0 } + body { font-family: 'Helvetica', Sans; } + section { margin: 1rem; } + ul { padding:0; margin: 0.2rem } + li { + border-radius: 0.2rem; + display: inline; + border: 2px #0b5d83 solid; + padding: 0.5rem; + line-height: 3rem; + color: #0b5d83; + } + li:hover { background-color: #0b5d83; color: #fff; } + li a, li a:hover { color: inherit; text-decoration: none } + </style> + </head> + <body> + ${ + builtins.toString (lib.forEach sorted_builds (r: '' + <section> + <h2>${r.name} builds</h2> + + <p>${r.description}</p> + + ${ + if r.hide then + "<details><summary>Show ${r.name} builds</summary>" + else + "" + } + ${ + builtins.toString (lib.forEach r.builds (x: '' + <h3> ${x.version} (${(builtins.head x.builds).date}) </h3> + <p>See this build on</p> + <p> Binaries: + <ul> + ${builtins.toString (lib.forEach x.builds (b: '' + <li><a href="/${b.path}">${ + prettyPlatform b.platform + }</a></li> + ''))} + </ul></p> + <p> Sources: + <ul> + <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/src/${r.type}/${x.version}">gitea</a></li> + <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/archive/${x.version}.zip">.zip</a></li> + <li><a href="https://git.deuxfleurs.fr/Deuxfleurs/garage/archive/${x.version}.tar.gz">.tar.gz</a></li> + </ul></p> + '')) + } + ${ + if builtins.length r.builds == 0 then + "<em>There is no build for this category</em>" + else + "" + } + ${if r.hide then "</details>" else ""} + </section> + '')) + } + </body> + </html> + ''; +in pkgs.symlinkJoin { + name = "releases"; + paths = [ json html ]; +} diff --git a/nix/common.nix b/nix/common.nix index 90e3afaf..57f354dd 100644 --- a/nix/common.nix +++ b/nix/common.nix @@ -1,10 +1,9 @@ rec { - /* - * Fixed dependencies - */ + # * Fixed dependencies pkgsSrc = fetchTarball { # As of 2022-10-13 - url = "https://github.com/NixOS/nixpkgs/archive/a3073c49bc0163fea6a121c276f526837672b555.zip"; + url = + "https://github.com/NixOS/nixpkgs/archive/a3073c49bc0163fea6a121c276f526837672b555.zip"; sha256 = "1bz632psfbpmicyzjb8b4265y50shylccvfm6ry6mgnv5hvz324s"; }; cargo2nixSrc = fetchGit { @@ -14,9 +13,7 @@ rec { rev = "a7a61179b66054904ef6a195d8da736eaaa06c36"; }; - /* - * Shared objects - */ + # * Shared objects cargo2nix = import cargo2nixSrc; cargo2nixOverlay = cargo2nix.overlays.default; } diff --git a/nix/compile.nix b/nix/compile.nix index 3ea5035e..54e920db 100644 --- a/nix/compile.nix +++ b/nix/compile.nix @@ -1,227 +1,240 @@ -{ - system, - target ? null, - pkgsSrc, - cargo2nixOverlay, - compiler ? "rustc", - release ? false, - git_version ? null, - features ? null, -}: +{ system, target ? null, pkgsSrc, cargo2nixOverlay, compiler ? "rustc" +, release ? false, git_version ? null, features ? null, }: let log = v: builtins.trace v v; - pkgs = - if target != null then - import pkgsSrc { - inherit system; - crossSystem = { - config = target; - isStatic = true; - }; - overlays = [ cargo2nixOverlay ]; - } - else - import pkgsSrc { - inherit system; - overlays = [ cargo2nixOverlay ]; + pkgs = if target != null then + import pkgsSrc { + inherit system; + crossSystem = { + config = target; + isStatic = true; }; + overlays = [ cargo2nixOverlay ]; + } + else + import pkgsSrc { + inherit system; + overlays = [ cargo2nixOverlay ]; + }; - /* - Cargo2nix is built for rustOverlay which installs Rust from Mozilla releases. - This is fine for 64-bit platforms, but for 32-bit platforms, we need our own Rust - to avoid incompatibilities with time_t between different versions of musl - (>= 1.2.0 shipped by NixOS, < 1.2.0 with which rustc was built), which lead to compilation breakage. - So we want a Rust release that is bound to our Nix repository to avoid these problems. - See here for more info: https://musl.libc.org/time64.html - Because Cargo2nix does not support the Rust environment shipped by NixOS, - we emulate the structure of the Rust object created by rustOverlay. - In practise, rustOverlay ships rustc+cargo in a single derivation while - NixOS ships them in separate ones. We reunite them with symlinkJoin. + /* Cargo2nix is built for rustOverlay which installs Rust from Mozilla releases. + This is fine for 64-bit platforms, but for 32-bit platforms, we need our own Rust + to avoid incompatibilities with time_t between different versions of musl + (>= 1.2.0 shipped by NixOS, < 1.2.0 with which rustc was built), which lead to compilation breakage. + So we want a Rust release that is bound to our Nix repository to avoid these problems. + See here for more info: https://musl.libc.org/time64.html + Because Cargo2nix does not support the Rust environment shipped by NixOS, + we emulate the structure of the Rust object created by rustOverlay. + In practise, rustOverlay ships rustc+cargo in a single derivation while + NixOS ships them in separate ones. We reunite them with symlinkJoin. */ - toolchainOptions = - if target == null || target == "x86_64-unknown-linux-musl" || target == "aarch64-unknown-linux-musl" then { - rustVersion = "1.63.0"; - extraRustComponents = [ "clippy" ]; - } else { - rustToolchain = pkgs.symlinkJoin { - name = "rust-static-toolchain-${target}"; - paths = [ - pkgs.rustPlatform.rust.cargo - pkgs.rustPlatform.rust.rustc - # clippy not needed, it only runs on amd64 - ]; - }; + toolchainOptions = if target == null || target == "x86_64-unknown-linux-musl" + || target == "aarch64-unknown-linux-musl" then { + rustVersion = "1.63.0"; + extraRustComponents = [ "clippy" ]; + } else { + rustToolchain = pkgs.symlinkJoin { + name = "rust-static-toolchain-${target}"; + paths = [ + pkgs.rustPlatform.rust.cargo + pkgs.rustPlatform.rust.rustc + # clippy not needed, it only runs on amd64 + ]; }; + }; + buildEnv = (drv: + { + rustc = drv.setBuildEnv; + clippy = '' + ${drv.setBuildEnv or ""} + echo + echo --- BUILDING WITH CLIPPY --- + echo + + export NIX_RUST_BUILD_FLAGS="''${NIX_RUST_BUILD_FLAGS} --deny warnings" + export RUSTC="''${CLIPPY_DRIVER}" + ''; + }.${compiler}); + + /* Cargo2nix provides many overrides by default, you can take inspiration from them: + https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix + + You can have a complete list of the available options by looking at the overriden object, mkcrate: + https://github.com/cargo2nix/cargo2nix/blob/master/overlay/mkcrate.nix + */ + packageOverrides = pkgs: + pkgs.rustBuilder.overrides.all ++ [ + /* [1] We add some logic to compile our crates with clippy, it provides us many additional lints + + [2] We need to alter Nix hardening to make static binaries: PIE, + Position Independent Executables seems to be supported only on amd64. Having + this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms. + Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets + (only amd64 curently) through the `-static-pie` flag. + PIE is a feature used by ASLR, which helps mitigate security issues. + Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh + + [3] We want to inject the git version while keeping the build deterministic. + As we do not want to consider the .git folder as part of the input source, + we ask the user (the CI often) to pass the value to Nix. + + [4] We don't want libsodium-sys and zstd-sys to try to use pkgconfig to build against a system library. + However the features to do so get activated for some reason (due to a bug in cargo2nix?), + so disable them manually here. + */ + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage"; + overrideAttrs = drv: + (if git_version != null then { + # [3] + preConfigure = '' + ${drv.preConfigure or ""} + export GIT_VERSION="${git_version}" + ''; + } else + { }) // { + # [1] + setBuildEnv = (buildEnv drv); + # [2] + hardeningDisable = [ "pie" ]; + }; + }) + + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_rpc"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) - buildEnv = (drv: { - rustc = drv.setBuildEnv; - clippy = '' - ${drv.setBuildEnv or "" } - echo - echo --- BUILDING WITH CLIPPY --- - echo + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_db"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) - export NIX_RUST_BUILD_FLAGS="''${NIX_RUST_BUILD_FLAGS} --deny warnings" - export RUSTC="''${CLIPPY_DRIVER}" - ''; - }.${compiler}); + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_util"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) - /* - Cargo2nix provides many overrides by default, you can take inspiration from them: - https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_table"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) - You can have a complete list of the available options by looking at the overriden object, mkcrate: - https://github.com/cargo2nix/cargo2nix/blob/master/overlay/mkcrate.nix - */ - packageOverrides = pkgs: pkgs.rustBuilder.overrides.all ++ [ - /* - [1] We add some logic to compile our crates with clippy, it provides us many additional lints - - [2] We need to alter Nix hardening to make static binaries: PIE, - Position Independent Executables seems to be supported only on amd64. Having - this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms. - Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets - (only amd64 curently) through the `-static-pie` flag. - PIE is a feature used by ASLR, which helps mitigate security issues. - Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh - - [3] We want to inject the git version while keeping the build deterministic. - As we do not want to consider the .git folder as part of the input source, - we ask the user (the CI often) to pass the value to Nix. - - [4] We don't want libsodium-sys and zstd-sys to try to use pkgconfig to build against a system library. - However the features to do so get activated for some reason (due to a bug in cargo2nix?), - so disable them manually here. - */ - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage"; - overrideAttrs = drv: - (if git_version != null then { - /* [3] */ preConfigure = '' - ${drv.preConfigure or ""} - export GIT_VERSION="${git_version}" - ''; - } else {}) - // - { - /* [1] */ setBuildEnv = (buildEnv drv); - /* [2] */ hardeningDisable = [ "pie" ]; - }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_rpc"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_db"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_util"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_table"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_block"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_model"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_api"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "garage_web"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "k2v-client"; - overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); }; - }) - - (pkgs.rustBuilder.rustLib.makeOverride { - name = "libsodium-sys"; - overrideArgs = old: { - features = [ ]; /* [4] */ - }; - }) + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_block"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) - (pkgs.rustBuilder.rustLib.makeOverride { - name = "zstd-sys"; - overrideArgs = old: { - features = [ ]; /* [4] */ - }; - }) - ]; - - /* - We ship some parts of the code disabled by default by putting them behind a flag. - It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.). - But we want to ship these additional features when we release Garage. - In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds. - */ - rootFeatures = if features != null then features else - ([ - "garage/bundled-libs" - "garage/sled" - "garage/k2v" - ] ++ (if release then [ - "garage/consul-discovery" - "garage/kubernetes-discovery" - "garage/metrics" - "garage/telemetry-otlp" - "garage/lmdb" - "garage/sqlite" - ] else [])); + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_model"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) + + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_api"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) + + (pkgs.rustBuilder.rustLib.makeOverride { + name = "garage_web"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) + + (pkgs.rustBuilder.rustLib.makeOverride { + name = "k2v-client"; + overrideAttrs = drv: { # [1] + setBuildEnv = (buildEnv drv); + }; + }) + (pkgs.rustBuilder.rustLib.makeOverride { + name = "libsodium-sys"; + overrideArgs = old: { + features = [ ]; # [4] + }; + }) + + (pkgs.rustBuilder.rustLib.makeOverride { + name = "zstd-sys"; + overrideArgs = old: { + features = [ ]; # [4] + }; + }) + ]; + + /* We ship some parts of the code disabled by default by putting them behind a flag. + It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.). + But we want to ship these additional features when we release Garage. + In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds. + */ + rootFeatures = if features != null then + features + else + ([ "garage/bundled-libs" "garage/sled" "garage/k2v" ] ++ (if release then [ + "garage/consul-discovery" + "garage/kubernetes-discovery" + "garage/metrics" + "garage/telemetry-otlp" + "garage/lmdb" + "garage/sqlite" + ] else + [ ])); packageFun = import ../Cargo.nix; - /* - We compile fully static binaries with musl to simplify deployment on most systems. - When possible, we reactivate PIE hardening (see above). + /* We compile fully static binaries with musl to simplify deployment on most systems. + When possible, we reactivate PIE hardening (see above). - Also, if you set the RUSTFLAGS environment variable, the following parameters will - be ignored. + Also, if you set the RUSTFLAGS environment variable, the following parameters will + be ignored. - For more information on static builds, please refer to Rust's RFC 1721. - https://rust-lang.github.io/rfcs/1721-crt-static.html#specifying-dynamicstatic-c-runtime-linkage + For more information on static builds, please refer to Rust's RFC 1721. + https://rust-lang.github.io/rfcs/1721-crt-static.html#specifying-dynamicstatic-c-runtime-linkage */ codegenOpts = { - "armv6l-unknown-linux-musleabihf" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* compile as dynamic with static-pie */ - "aarch64-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* segfault with static-pie */ - "i686-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* segfault with static-pie */ - "x86_64-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static-pie" ]; + "armv6l-unknown-linux-musleabihf" = [ + "target-feature=+crt-static" + "link-arg=-static" + ]; # compile as dynamic with static-pie + "aarch64-unknown-linux-musl" = [ + "target-feature=+crt-static" + "link-arg=-static" + ]; # segfault with static-pie + "i686-unknown-linux-musl" = [ + "target-feature=+crt-static" + "link-arg=-static" + ]; # segfault with static-pie + "x86_64-unknown-linux-musl" = + [ "target-feature=+crt-static" "link-arg=-static-pie" ]; }; - /* - NixOS and Rust/Cargo triples do not match for ARM, fix it here. - */ - rustTarget = if target == "armv6l-unknown-linux-musleabihf" - then "arm-unknown-linux-musleabihf" - else target; - -in - pkgs.rustBuilder.makePackageSet ({ - inherit release packageFun packageOverrides codegenOpts rootFeatures; - target = rustTarget; - } // toolchainOptions) + # NixOS and Rust/Cargo triples do not match for ARM, fix it here. + rustTarget = if target == "armv6l-unknown-linux-musleabihf" then + "arm-unknown-linux-musleabihf" + else + target; + +in pkgs.rustBuilder.makePackageSet ({ + inherit release packageFun packageOverrides codegenOpts rootFeatures; + target = rustTarget; +} // toolchainOptions) diff --git a/nix/kaniko.nix b/nix/kaniko.nix index 140328b8..64cadd14 100644 --- a/nix/kaniko.nix +++ b/nix/kaniko.nix @@ -15,7 +15,8 @@ pkgs.buildGoModule rec { checkPhase = "true"; meta = with pkgs.lib; { - description = "kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster."; + description = + "kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster."; homepage = "https://github.com/GoogleContainerTools/kaniko"; license = licenses.asl20; platforms = platforms.linux; diff --git a/nix/manifest-tool.nix b/nix/manifest-tool.nix index 182ccc0e..1090a6ef 100644 --- a/nix/manifest-tool.nix +++ b/nix/manifest-tool.nix @@ -15,7 +15,8 @@ pkgs.buildGoModule rec { checkPhase = "true"; meta = with pkgs.lib; { - description = "Command line tool to create and query container image manifest list/indexes"; + description = + "Command line tool to create and query container image manifest list/indexes"; homepage = "https://github.com/estesp/manifest-tool"; license = licenses.asl20; platforms = platforms.linux; diff --git a/nix/toolchain.nix b/nix/toolchain.nix index 079fcf13..532db74e 100644 --- a/nix/toolchain.nix +++ b/nix/toolchain.nix @@ -1,6 +1,4 @@ -{ - system ? builtins.currentSystem, -}: +{ system ? builtins.currentSystem, }: with import ./common.nix; @@ -11,27 +9,23 @@ let #"aarch64-unknown-linux-musl" "armv6l-unknown-linux-musleabihf" ]; - pkgsList = builtins.map (target: import pkgsSrc { - inherit system; - crossSystem = { - config = target; - isStatic = true; - }; - overlays = [ cargo2nixOverlay ]; - }) platforms; - pkgsHost = import pkgsSrc {}; + pkgsList = builtins.map (target: + import pkgsSrc { + inherit system; + crossSystem = { + config = target; + isStatic = true; + }; + overlays = [ cargo2nixOverlay ]; + }) platforms; + pkgsHost = import pkgsSrc { }; lib = pkgsHost.lib; kaniko = (import ./kaniko.nix) pkgsHost; winscp = (import ./winscp.nix) pkgsHost; manifestTool = (import ./manifest-tool.nix) pkgsHost; -in - lib.flatten (builtins.map (pkgs: [ - pkgs.rustPlatform.rust.rustc - pkgs.rustPlatform.rust.cargo - pkgs.buildPackages.stdenv.cc - ]) pkgsList) ++ [ - kaniko - winscp - manifestTool - ] +in lib.flatten (builtins.map (pkgs: [ + pkgs.rustPlatform.rust.rustc + pkgs.rustPlatform.rust.cargo + pkgs.buildPackages.stdenv.cc +]) pkgsList) ++ [ kaniko winscp manifestTool ] diff --git a/nix/winscp.nix b/nix/winscp.nix index 10d3cb28..113f4506 100644 --- a/nix/winscp.nix +++ b/nix/winscp.nix @@ -11,12 +11,12 @@ pkgs.stdenv.mkDerivation rec { }; buildPhase = '' - cat > winscp <<EOF -#!${pkgs.bash}/bin/bash + cat > winscp <<EOF + #!${pkgs.bash}/bin/bash -WINEDEBUG=-all -${pkgs.winePackages.minimal}/bin/wine $out/opt/WinSCP.com -EOF + WINEDEBUG=-all + ${pkgs.winePackages.minimal}/bin/wine $out/opt/WinSCP.com + EOF ''; installPhase = '' |