harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: use snowfall flake for nix

Browse source 
to make packages reusable by other flakes

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-02-14 11:28:34 +01:00
parent 69398b2a20
commit 30539e068f
Signed by: harald
GPG key ID: F519A1143B3FBE32
4 changed files with 202 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

123
flake.lock generated
View file

@ -16,16 +16,32 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1694529238,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,7 +52,25 @@
}, },
"flake-utils-plus": { "flake-utils-plus": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2" "flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_3"
}, },
"locked": { "locked": {
"lastModified": 1696331477, "lastModified": 1696331477,
@ -57,11 +91,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1705309234,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -75,11 +109,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1694529238,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -100,16 +134,17 @@
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"repo": "nix-filter", "repo": "nix-filter",
"rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1707347730, "lastModified": 1707786466,
"narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=", "narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6", "rev": "01885a071465e223f8f68971f864b15829988504",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -119,22 +154,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixsgx-flake": { "nixsgx-flake": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -143,11 +162,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1707314146, "lastModified": 1707844282,
"narHash": "sha256-NcqWVXkGBautT44YcQgZdVK1Vwqop1V8nDoPEzKr0uE=", "narHash": "sha256-V8JkiRtQBw0mjw7NozRQqF4yWxRpp6og0LeutWgqyEY=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "e3bbd5415eb845c8857dd0963febcef71866cd4a", "rev": "c837db99a811dc1762e3ed25abb1465a1b3d96c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -158,29 +177,32 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixsgx-flake": "nixsgx-flake", "nixsgx-flake": "nixsgx-flake",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay",
"snowfall-lib": "snowfall-lib_2"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1707444620, "lastModified": 1707876656,
"narHash": "sha256-P8kRkiJLFttN+hbAOlm11wPxUrQZqKle+QtVCqFiGXY=", "narHash": "sha256-urnZg6e2JjziBosarDB1MnjPeVqcu3PeSqIpqQKYrdg=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "78503e9199010a4df714f29a4f9c00eb2ccae071", "rev": "3ad32bb27c700b59306224e285b66577e3532dfc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "3ad32bb27c700b59306224e285b66577e3532dfc",
"type": "github" "type": "github"
} }
}, },
@ -207,6 +229,29 @@
"type": "github" "type": "github"
} }
}, },
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696432959,
"narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

132
flake.nix
View file

@ -4,112 +4,48 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nix-filter.url = "github:numtide/nix-filter";
flake-utils.url = "github:numtide/flake-utils";
nixsgx-flake = { nixsgx-flake = {
url = "github:matter-labs/nixsgx"; url = "github:matter-labs/nixsgx";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
rust-overlay.url = "github:oxalica/rust-overlay"; snowfall-lib = {
url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6";
inputs.nixpkgs.follows = "nixpkgs";
};
rust-overlay = {
url = "github:oxalica/rust-overlay?rev=3ad32bb27c700b59306224e285b66577e3532dfc";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-filter.url = "github:numtide/nix-filter?rev=3449dc925982ad46246cfc36469baf66e1b64f17";
}; };
outputs = { self, nixpkgs, flake-utils, nix-filter, nixsgx-flake, rust-overlay }: outputs = inputs:
flake-utils.lib.eachDefaultSystem (system: inputs.snowfall-lib.mkFlake {
let inherit inputs;
pkgs = import nixpkgs { inherit system; overlays = [ (import rust-overlay) nixsgx-flake.overlays.default ]; }; src = ./.;
rustVersion = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
makeRustPlatform = pkgs.makeRustPlatform.override { package-namespace = "teepot";
stdenv = pkgs.stdenvAdapters.useMoldLinker pkgs.gccStdenv;
overlays = with inputs; [
nixsgx-flake.overlays.default
rust-overlay.overlays.default
nix-filter.overlays.default
];
alias = {
packages = {
default = "teepot";
}; };
rustPlatform = makeRustPlatform { shells = {
cargo = rustVersion; default = "teepot";
rustc = rustVersion;
}; };
};
filter = nix-filter.lib; outputs-builder = channels: {
formatter = channels.nixpkgs.nixpkgs-fmt;
bin = rustPlatform.buildRustPackage { };
pname = "teepot"; };
version = "0.1.0";
nativeBuildInputs = with pkgs; [
pkg-config
rustPlatform.bindgenHook
];
buildInputs = with pkgs; [
nixsgx.sgx-sdk
nixsgx.sgx-dcap
nixsgx.sgx-dcap.quote_verify
];
src = filter {
root = ./.;
exclude = [
".github"
".gitignore"
"flake.lock"
"flake.nix"
"LICENSE-APACHE"
"LICENSE-MIT"
"README.md"
"renovate.json"
"deny.toml"
(filter.inDirectory "examples")
(filter.inDirectory "vault")
];
};
RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
cargoBuildFlags = "--all";
checkType = "debug";
cargoLock = {
lockFile = ./Cargo.lock;
};
outputs = [
"out"
"tee_key_preexec"
"tee_self_attestation_test"
"tee_stress_client"
"tee_vault_admin"
"tee_vault_unseal"
"teepot_read"
"teepot_write"
"vault_admin"
"vault_unseal"
"verify_attestation"
];
postInstall = ''
mkdir -p $out/nix-support
for i in $outputs; do
[[ $i == "out" ]] && continue
mkdir -p "''${!i}/bin"
echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
binname=''${i//_/-}
mv "$out/bin/$binname" "''${!i}/bin/"
done
'';
};
in
{
formatter = pkgs.nixpkgs-fmt;
packages = rec {
teepot = bin;
default = teepot;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = [ bin ];
nativeBuildInputs = with pkgs; [
rustup
rustVersion
];
};
};
});
} }

77
packages/teepot/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ lib
, gccStdenv
, makeRustPlatform
, nix-filter
, nixsgx
, pkg-config
, rust-bin
, ...
}:
let
cargoToml = (builtins.fromTOML (builtins.readFile ../../Cargo.toml));
rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml;
rustPlatform = makeRustPlatform {
cargo = rustVersion;
rustc = rustVersion;
};
in
rustPlatform.buildRustPackage {
pname = cargoToml.package.name;
version = cargoToml.workspace.package.version;
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
];
buildInputs = [
nixsgx.sgx-sdk
nixsgx.sgx-dcap
nixsgx.sgx-dcap.quote_verify
];
src = nix-filter {
root = ./../..;
include = [
"Cargo.lock"
"Cargo.toml"
"assets"
"bin"
"crates"
"rust-toolchain.toml"
"src"
"tests"
];
};
RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
cargoBuildFlags = "--all";
checkType = "debug";
cargoLock = {
lockFile = ../../Cargo.lock;
};
outputs = [
"out"
"tee_key_preexec"
"tee_self_attestation_test"
"tee_stress_client"
"tee_vault_admin"
"tee_vault_unseal"
"teepot_read"
"teepot_write"
"vault_admin"
"vault_unseal"
"verify_attestation"
];
postInstall = ''
mkdir -p $out/nix-support
for i in $outputs; do
[[ $i == "out" ]] && continue
mkdir -p "''${!i}/bin"
echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
binname=''${i//_/-}
mv "$out/bin/$binname" "''${!i}/bin/"
done
'';
}

7
shells/teepot/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib
, pkgs
, ...
}:
pkgs.mkShell {
inputsFrom = [ pkgs.teepot.teepot ];
}