harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #14 from matter-labs/snowfall

Browse source 
feat: use snowfall flake for nix
This commit is contained in:
Harald Hoyer 2024-02-14 13:04:41 +01:00 committed by GitHub
commit ef53f14c55
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 202 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

123
flake.lock generated
View file

@ -16,16 +16,32 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -36,7 +52,25 @@
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1696331477,
@ -57,11 +91,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -75,11 +109,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -100,16 +134,17 @@
"original": {
"owner": "numtide",
"repo": "nix-filter",
"rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1707347730,
"narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=",
"lastModified": 1707786466,
"narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6",
"rev": "01885a071465e223f8f68971f864b15829988504",
"type": "github"
},
"original": {
@ -119,22 +154,6 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixsgx-flake": {
"inputs": {
"nixpkgs": [
@ -143,11 +162,11 @@
"snowfall-lib": "snowfall-lib"
},
"locked": {
"lastModified": 1707314146,
"narHash": "sha256-NcqWVXkGBautT44YcQgZdVK1Vwqop1V8nDoPEzKr0uE=",
"lastModified": 1707844282,
"narHash": "sha256-V8JkiRtQBw0mjw7NozRQqF4yWxRpp6og0LeutWgqyEY=",
"owner": "matter-labs",
"repo": "nixsgx",
"rev": "e3bbd5415eb845c8857dd0963febcef71866cd4a",
"rev": "c837db99a811dc1762e3ed25abb1465a1b3d96c2",
"type": "github"
},
"original": {
@ -158,29 +177,32 @@
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs",
"nixsgx-flake": "nixsgx-flake",
"rust-overlay": "rust-overlay"
"rust-overlay": "rust-overlay",
"snowfall-lib": "snowfall-lib_2"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707444620,
"narHash": "sha256-P8kRkiJLFttN+hbAOlm11wPxUrQZqKle+QtVCqFiGXY=",
"lastModified": 1707876656,
"narHash": "sha256-urnZg6e2JjziBosarDB1MnjPeVqcu3PeSqIpqQKYrdg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "78503e9199010a4df714f29a4f9c00eb2ccae071",
"rev": "3ad32bb27c700b59306224e285b66577e3532dfc",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "3ad32bb27c700b59306224e285b66577e3532dfc",
"type": "github"
}
},
@ -207,6 +229,29 @@
"type": "github"
}
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696432959,
"narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

116
flake.nix
View file

@ -4,112 +4,48 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nix-filter.url = "github:numtide/nix-filter";
flake-utils.url = "github:numtide/flake-utils";
nixsgx-flake = {
url = "github:matter-labs/nixsgx";
inputs.nixpkgs.follows = "nixpkgs";
};
rust-overlay.url = "github:oxalica/rust-overlay";
snowfall-lib = {
url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, flake-utils, nix-filter, nixsgx-flake, rust-overlay }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; overlays = [ (import rust-overlay) nixsgx-flake.overlays.default ]; };
rustVersion = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
makeRustPlatform = pkgs.makeRustPlatform.override {
stdenv = pkgs.stdenvAdapters.useMoldLinker pkgs.gccStdenv;
};
rustPlatform = makeRustPlatform {
cargo = rustVersion;
rustc = rustVersion;
rust-overlay = {
url = "github:oxalica/rust-overlay?rev=3ad32bb27c700b59306224e285b66577e3532dfc";
inputs.nixpkgs.follows = "nixpkgs";
};
filter = nix-filter.lib;
nix-filter.url = "github:numtide/nix-filter?rev=3449dc925982ad46246cfc36469baf66e1b64f17";
};
bin = rustPlatform.buildRustPackage {
pname = "teepot";
version = "0.1.0";
outputs = inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
nativeBuildInputs = with pkgs; [
pkg-config
rustPlatform.bindgenHook
package-namespace = "teepot";
overlays = with inputs; [
nixsgx-flake.overlays.default
rust-overlay.overlays.default
nix-filter.overlays.default
];
buildInputs = with pkgs; [
nixsgx.sgx-sdk
nixsgx.sgx-dcap
nixsgx.sgx-dcap.quote_verify
];
src = filter {
root = ./.;
exclude = [
".github"
".gitignore"
"flake.lock"
"flake.nix"
"LICENSE-APACHE"
"LICENSE-MIT"
"README.md"
"renovate.json"
"deny.toml"
(filter.inDirectory "examples")
(filter.inDirectory "vault")
];
alias = {
packages = {
default = "teepot";
};
shells = {
default = "teepot";
};
RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
cargoBuildFlags = "--all";
checkType = "debug";
cargoLock = {
lockFile = ./Cargo.lock;
};
outputs = [
"out"
"tee_key_preexec"
"tee_self_attestation_test"
"tee_stress_client"
"tee_vault_admin"
"tee_vault_unseal"
"teepot_read"
"teepot_write"
"vault_admin"
"vault_unseal"
"verify_attestation"
];
postInstall = ''
mkdir -p $out/nix-support
for i in $outputs; do
[[ $i == "out" ]] && continue
mkdir -p "''${!i}/bin"
echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
binname=''${i//_/-}
mv "$out/bin/$binname" "''${!i}/bin/"
done
'';
};
in
{
formatter = pkgs.nixpkgs-fmt;
packages = rec {
teepot = bin;
default = teepot;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = [ bin ];
nativeBuildInputs = with pkgs; [
rustup
rustVersion
];
outputs-builder = channels: {
formatter = channels.nixpkgs.nixpkgs-fmt;
};
};
});
}

77
packages/teepot/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ lib
, gccStdenv
, makeRustPlatform
, nix-filter
, nixsgx
, pkg-config
, rust-bin
, ...
}:
let
cargoToml = (builtins.fromTOML (builtins.readFile ../../Cargo.toml));
rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml;
rustPlatform = makeRustPlatform {
cargo = rustVersion;
rustc = rustVersion;
};
in
rustPlatform.buildRustPackage {
pname = cargoToml.package.name;
version = cargoToml.workspace.package.version;
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
];
buildInputs = [
nixsgx.sgx-sdk
nixsgx.sgx-dcap
nixsgx.sgx-dcap.quote_verify
];
src = nix-filter {
root = ./../..;
include = [
"Cargo.lock"
"Cargo.toml"
"assets"
"bin"
"crates"
"rust-toolchain.toml"
"src"
"tests"
];
};
RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
cargoBuildFlags = "--all";
checkType = "debug";
cargoLock = {
lockFile = ../../Cargo.lock;
};
outputs = [
"out"
"tee_key_preexec"
"tee_self_attestation_test"
"tee_stress_client"
"tee_vault_admin"
"tee_vault_unseal"
"teepot_read"
"teepot_write"
"vault_admin"
"vault_unseal"
"verify_attestation"
];
postInstall = ''
mkdir -p $out/nix-support
for i in $outputs; do
[[ $i == "out" ]] && continue
mkdir -p "''${!i}/bin"
echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
binname=''${i//_/-}
mv "$out/bin/$binname" "''${!i}/bin/"
done
'';
}

7
shells/teepot/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib
, pkgs
, ...
}:
pkgs.mkShell {
inputsFrom = [ pkgs.teepot.teepot ];
}