Skip to content

Commit

Permalink
project: move to nixpkgs Rust infrastructure
Browse files Browse the repository at this point in the history 
This builds the stub and tool using `rustPlatform.buildRustPackage`
which features a stable Rust compiler, recent enough to support UEFI
targets.

In the future, it will rely on properly defined targets for UEFI in
nixpkgs.
  • Loading branch information
@RaitoBezarius
RaitoBezarius committed May 28, 2023
1 parent f641dcf commit 5ddb719
Show file tree
Hide file tree
Showing 6 changed files with 152 additions and 190 deletions.
68 changes: 7 additions & 61 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

116 changes: 17 additions & 99 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,27 +18,13 @@
# avoid having multiple versions in our dependencies.
flake-utils.url = "github:numtide/flake-utils";

crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
inputs.flake-utils.follows = "flake-utils";
inputs.flake-compat.follows = "flake-compat";
};

rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};

flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
};

outputs = inputs@{ self, nixpkgs, crane, rust-overlay, flake-parts, ... }:
outputs = inputs@{ self, nixpkgs, flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ moduleWithSystem, ... }: {
imports = [
# Derive the output overlay automatically from all packages that we define.
Expand Down Expand Up @@ -69,85 +55,22 @@
perSystem = { config, system, pkgs, ... }:
let
pkgs = import nixpkgs {
system = system;
overlays = [
rust-overlay.overlays.default
];
inherit system;
};

inherit (pkgs) lib;

uefi-rust-stable = pkgs.rust-bin.fromRustupToolchainFile ./rust/stub/rust-toolchain.toml;
craneLib = crane.lib.x86_64-linux.overrideToolchain uefi-rust-stable;

# Build attributes for a Rust application.
buildRustApp =
{ src
, target ? null
, doCheck ? true
, extraArgs ? { }
}:
let
commonArgs = {
inherit src;
CARGO_BUILD_TARGET = target;
inherit doCheck;

# Workaround for https://github.com/ipetkov/crane/issues/262.
dummyrs = pkgs.writeText "dummy.rs" ''
#![allow(unused)]
#![cfg_attr(
any(target_os = "none", target_os = "uefi"),
no_std,
no_main,
)]
#[cfg_attr(any(target_os = "none", target_os = "uefi"), panic_handler)]
fn panic(_info: &::core::panic::PanicInfo<'_>) -> ! {
loop {}
}
#[cfg_attr(any(target_os = "none", target_os = "uefi"), export_name = "efi_main")]
fn main() {}
'';
} // extraArgs;

cargoArtifacts = craneLib.buildDepsOnly commonArgs;
in
{
package = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});

clippy = craneLib.cargoClippy (commonArgs // {
inherit cargoArtifacts;
cargoClippyExtraArgs = "-- --deny warnings";
});

rustfmt = craneLib.cargoFmt (commonArgs // { inherit cargoArtifacts; });
uefiPkgs = import nixpkgs {
inherit system;
crossSystem = {
config = "${pkgs.hostPlatform.linuxArch}-windows";
rustc.config = "${pkgs.hostPlatform.linuxArch}-unknown-uefi";
libc = null;
useLLVM = true;
};

stubCrane = buildRustApp {
src = craneLib.cleanCargoSource ./rust/stub;
target = "x86_64-unknown-uefi";
doCheck = false;
};

stub = stubCrane.package;

toolCrane = buildRustApp {
src = ./rust/tool;
extraArgs = {
TEST_SYSTEMD = pkgs.systemd;
nativeCheckInputs = with pkgs; [
binutils-unwrapped
sbsigntool
];
};
};
inherit (pkgs) lib;

tool = toolCrane.package;
stub = uefiPkgs.callPackage ./nix/packages/stub.nix { };
tool = pkgs.callPackage ./nix/packages/tool.nix { };

wrappedTool = pkgs.runCommand "lzbt"
{
Expand All @@ -174,10 +97,10 @@
};

checks = {
toolClippy = toolCrane.clippy;
stubClippy = stubCrane.clippy;
toolFmt = toolCrane.rustfmt;
stubFmt = stubCrane.rustfmt;
toolFmt = (tool.override { enableFmt = true; });
stubFmt = (stub.override { enableFmt = true; });
toolClippy = (tool.override { enableLint = true; });
stubClippy = (stub.override { enableLint = true; });
} // (import ./nix/tests/lanzaboote.nix {
inherit pkgs;
lanzabooteModule = self.nixosModules.lanzaboote;
Expand All @@ -198,13 +121,8 @@
'';

packages =
let
uefi-run = pkgs.callPackage ./nix/packages/uefi-run.nix {
inherit craneLib;
};
in
[
uefi-run
pkgs.uefi-run
pkgs.openssl
(pkgs.sbctl.override {
databasePath = "pki";
Expand Down
52 changes: 52 additions & 0 deletions nix/packages/stub.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{ rustPlatform, clippy, rustfmt, stdenv, lib, runCommand, enableFmt ? false, enableLint ? false }:

rustPlatform.buildRustPackage
({
pname = "lanzastub";
version = "0.3.0";
src = runCommand "src" { } ''
install -D ${../../rust/stub/Cargo.toml} $out/Cargo.toml
install -D ${../../rust/stub/Cargo.lock} $out/Cargo.lock
cp -r ${../../rust/stub/src} $out/src
'';

nativeBuildInputs = lib.optional enableLint clippy ++ lib.optional enableFmt rustfmt;

cargoLock = {
lockFile = ../../rust/stub/Cargo.lock;
};

# Necessary because our `cc-wrapper` doesn't understand MSVC link options.
RUSTFLAGS = "-Clinker=${stdenv.cc.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld -Clinker-flavor=lld-link";
# Necessary because otherwise we will get (useless) hardening options in front of
# -flavor link which will break the whole command-line processing for the ld.lld linker.
hardeningDisable = [ "all" ];

meta = with lib; {
description = "Lanzaboote UEFI stub for SecureBoot enablement on NixOS systems";
homepage = "https://github.com/nix-community/lanzaboote";
license = licenses.mit;
platforms = [ "x86_64-windows" "aarch64-windows" "i686-windows" ];
};
} // lib.optionalAttrs enableLint {
buildPhase = ''
cargo clippy --all-targets --all-features -- -D warnings
if grep -R 'dbg!' ./src; then
echo "use of dbg macro found in code!"
false
fi
'';

installPhase = ''
touch $out
'';
} // (lib.optionalAttrs enableFmt {
buildPhase = ''
echo "checking formatting..."
cargo fmt --all -- --check
'';

installPhase = ''
touch $out
'';
}))
67 changes: 67 additions & 0 deletions nix/packages/tool.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{ stdenv
, systemd
, binutils-unwrapped
, sbsigntool
, rustPlatform
, lib
, runCommand
, fetchurl
, clippy
, rustfmt
, path
, enableLint ? false
, enableFmt ? false
}:
rustPlatform.buildRustPackage
({
pname = "lanzatool";
version = "0.3.0";
src = runCommand "src" { } ''
install -D ${../../rust/tool/Cargo.toml} $out/Cargo.toml
install -D ${../../rust/tool/Cargo.lock} $out/Cargo.lock
cp -r ${../../rust/tool/src} $out/src
'';

TEST_SYSTEMD = systemd;

nativeBuildInputs = lib.optional enableLint clippy ++ lib.optional enableFmt rustfmt;

cargoLock = {
lockFile = ../../rust/tool/Cargo.lock;
};

nativeCheckInputs = [
binutils-unwrapped
sbsigntool
];

meta = with lib; {
description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems";
homepage = "https://github.com/nix-community/lanzaboote";
license = licenses.mit;
};
} // lib.optionalAttrs enableLint {
doCheck = false;
buildPhase = ''
cargo clippy --all-targets --all-features -- -D warnings
if grep -R 'dbg!' ./src; then
echo "use of dbg macro found in code!"
false
fi
'';

installPhase = ''
touch $out
'';
} // lib.optionalAttrs enableFmt {
doCheck = false;

buildPhase = ''
echo "checking formatting..."
cargo fmt --all -- --check
'';

installPhase = ''
touch $out
'';
})
Loading

0 comments on commit 5ddb719

Please sign in to comment.