-
-
Notifications
You must be signed in to change notification settings - Fork 41
/
flake.nix
166 lines (153 loc) · 7.01 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
crane = {
url = "github:ipetkov/crane";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
advisory-db = {
url = "github:rustsec/advisory-db";
flake = false;
};
};
outputs = { self, nixpkgs, nix-filter, rust-overlay, crane, advisory-db, flake-utils }:
flake-utils.lib.eachDefaultSystem
(system:
let
overlays = [
(import rust-overlay)
(final: prev: {
nix-filter = nix-filter.lib;
rust-toolchain = pkgs.rust-bin.stable.latest.default;
rust-dev-toolchain = pkgs.rust-toolchain.override {
extensions = [ "rust-src" ];
};
})
];
pkgs = import nixpkgs {
inherit system overlays;
};
craneLib =
(crane.mkLib pkgs).overrideToolchain pkgs.rust-toolchain;
lib = pkgs.lib;
stdenv = pkgs.stdenv;
commonNativeBuildInputs = with pkgs; [
libiconv
libtool
libxml2
libxslt
llvmPackages.libclang
openssl
pkg-config
xmlsec
];
fixtureFilter = path: _type:
builtins.match ".*test_vectors.*" path != null ||
builtins.match ".*\.h" path != null;
sourceAndFixtures = path: type:
(fixtureFilter path type) || (craneLib.filterCargoSources path type);
src = lib.cleanSourceWith {
src = ./.;
filter = sourceAndFixtures;
};
cargoFile = builtins.fromTOML (builtins.readFile ./Cargo.toml);
commonArgs = {
pname = "samael";
inherit src;
version = cargoFile.package.version;
# Need to tell bindgen where to find libclang
LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
# Set C flags for Rust's bindgen program. Unlike ordinary C
# compilation, bindgen does not invoke $CC directly. Instead it
# uses LLVM's libclang. To make sure all necessary flags are
# included we need to look in a few places.
# See https://web.archive.org/web/20220523141208/https://hoverbear.org/blog/rust-bindgen-in-nix/
BINDGEN_EXTRA_CLANG_ARGS = "${builtins.readFile "${stdenv.cc}/nix-support/libc-crt1-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/libc-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/cc-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/libcxx-cxxflags"} \
-idirafter ${pkgs.libiconv}/include \
${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \
${lib.optionalString stdenv.cc.isGNU "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config} -idirafter ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include"} \
";
nativeBuildInputs = commonNativeBuildInputs;
cargoExtraArgs = "--features xmlsec";
cargoTestExtraArgs = "--features xmlsec";
};
# Build *just* the cargo dependencies, so we can reuse
# all of that work (e.g. via cachix) when running in CI
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
samael = craneLib.buildPackage (commonArgs // {
inherit cargoArtifacts;
});
in
rec {
# `nix build`
packages.default = samael;
# `nix develop`
devShells.default = pkgs.mkShell {
# Need to tell bindgen where to find libclang
LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
# Set C flags for Rust's bindgen program. Unlike ordinary C
# compilation, bindgen does not invoke $CC directly. Instead it
# uses LLVM's libclang. To make sure all necessary flags are
# included we need to look in a few places.
# See https://web.archive.org/web/20220523141208/https://hoverbear.org/blog/rust-bindgen-in-nix/
BINDGEN_EXTRA_CLANG_ARGS = "${builtins.readFile "${stdenv.cc}/nix-support/libc-crt1-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/libc-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/cc-cflags"} \
${builtins.readFile "${stdenv.cc}/nix-support/libcxx-cxxflags"} \
-idirafter ${pkgs.libiconv}/include \
${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \
${lib.optionalString stdenv.cc.isGNU "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config} -idirafter ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include"} \
";
buildInputs = with pkgs; [ rust-dev-toolchain nixpkgs-fmt ];
nativeBuildInputs = commonNativeBuildInputs;
};
checks = {
# Build the crate as part of `nix flake check` for convenience
inherit samael;
# Run clippy (and deny all warnings) on the crate source,
# again, resuing the dependency artifacts from above.
#
# Note that this is done as a separate derivation so that
# we can block the CI if there are issues here, but not
# prevent downstream consumers from building our crate by itself.
samael-clippy = craneLib.cargoClippy (commonArgs // {
inherit cargoArtifacts;
cargoClippyExtraArgs = "--all-targets"; #-- --deny warnings
});
samael-doc = craneLib.cargoDoc (commonArgs // {
inherit cargoArtifacts;
});
# Check formatting
samael-fmt = craneLib.cargoFmt {
inherit src;
};
# Audit dependencies
samael-audit = craneLib.cargoAudit {
inherit src advisory-db;
};
# Run tests with cargo-nextest
# Consider setting `doCheck = false` on `samael` if you do not want
# the tests to run twice
samael-nextest = craneLib.cargoNextest (commonArgs // {
inherit cargoArtifacts;
cargoExtraArgs = "";
cargoNextestExtraArgs = "--features xmlsec";
partitions = 1;
partitionType = "count";
});
};
});
}