From d9f8fa0092f63de0326e4a788fecef065bd34ef8 Mon Sep 17 00:00:00 2001 From: wucke13 Date: Mon, 7 Oct 2024 19:56:22 +0200 Subject: [PATCH] refactor(flake.nix): externalize pkgs, add overlay This splits the complexity of the `flake.nix` into multiple files. At cross-compiled and static builds at the benefit of simpler nix expressions and generally better cross compilation compatibility. the same time, naersk is removed; causing much slower builds for cross- compiled packages. This partially addresses the points mentioned in #412. --- .prettierignore | 3 +- flake.lock | 49 ++--- flake.nix | 410 +++++------------------------------ overlay.nix | 39 ++++ pkgs/release-package.nix | 27 +++ pkgs/rosenpass-oci-image.nix | 11 + pkgs/rosenpass.nix | 78 +++++++ pkgs/whitepaper.nix | 29 +++ 8 files changed, 253 insertions(+), 393 deletions(-) create mode 100644 overlay.nix create mode 100644 pkgs/release-package.nix create mode 100644 pkgs/rosenpass-oci-image.nix create mode 100644 pkgs/rosenpass.nix create mode 100644 pkgs/whitepaper.nix diff --git a/.prettierignore b/.prettierignore index 1e30fd2..a09e188 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,4 +1,5 @@ .direnv/ +flake.lock papers/whitepaper.md -target/ src/usage.md +target/ diff --git a/flake.lock b/flake.lock index de773f7..06183ae 100644 --- a/flake.lock +++ b/flake.lock @@ -2,15 +2,17 @@ "nodes": { "fenix": { "inputs": { - "nixpkgs": ["nixpkgs"], + "nixpkgs": [ + "nixpkgs" + ], "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1712298178, - "narHash": "sha256-590fpCPXYAkaAeBz/V91GX4/KGzPObdYtqsTWzT6AhI=", + "lastModified": 1728282832, + "narHash": "sha256-I7AbcwGggf+CHqpyd/9PiAjpIBGTGx5woYHqtwxaV7I=", "owner": "nix-community", "repo": "fenix", - "rev": "569b5b5781395da08e7064e825953c548c26af76", + "rev": "1ec71be1f4b8f3105c5d38da339cb061fefc43f4", "type": "github" }, "original": { @@ -24,11 +26,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -37,36 +39,18 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": ["nixpkgs"] - }, - "locked": { - "lastModified": 1698420672, - "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=", - "owner": "nix-community", - "repo": "naersk", - "rev": "aeb58d5e8faead8980a807c840232697982d47b9", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1712168706, - "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", + "lastModified": 1728193676, + "narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", + "rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -75,18 +59,17 @@ "inputs": { "fenix": "fenix", "flake-utils": "flake-utils", - "naersk": "naersk", "nixpkgs": "nixpkgs" } }, "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1712156296, - "narHash": "sha256-St7ZQrkrr5lmQX9wC1ZJAFxL8W7alswnyZk9d1se3Us=", + "lastModified": 1728249780, + "narHash": "sha256-J269DvCI5dzBmPrXhAAtj566qt0b22TJtF3TIK+tMsI=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8e581ac348e223488622f4d3003cb2bd412bf27e", + "rev": "2b750da1a1a2c1d2c70896108d7096089842d877", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4a54604..f2a5c79 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,8 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils.url = "github:numtide/flake-utils"; - # for quicker rust builds - naersk.url = "github:nix-community/naersk"; - naersk.inputs.nixpkgs.follows = "nixpkgs"; - # for rust nightly with llvm-tools-preview fenix.url = "github:nix-community/fenix"; fenix.inputs.nixpkgs.follows = "nixpkgs"; @@ -15,6 +11,15 @@ outputs = { self, nixpkgs, flake-utils, ... }@inputs: nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [ + + # + ### Export the overlay.nix from this flake ### + # + { + overlays.default = import ./overlay.nix; + } + + # ### Actual Rosenpass Package and Docker Container Images ### # @@ -30,310 +35,39 @@ ] (system: let - scoped = (scope: scope.result); - lib = nixpkgs.lib; - # normal nixpkgs pkgs = import nixpkgs { inherit system; - }; - # parsed Cargo.toml - cargoToml = builtins.fromTOML (builtins.readFile ./rosenpass/Cargo.toml); - - # source files relevant for rust - src = scoped rec { - # File suffices to include - extensions = [ - "lock" - "rs" - "toml" - ]; - # Files to explicitly include - files = [ - "to/README.md" - ]; - - src = ./.; - filter = (path: type: scoped rec { - inherit (lib) any id removePrefix hasSuffix; - anyof = (any id); - - basename = baseNameOf (toString path); - relative = removePrefix (toString src + "/") (toString path); - - result = anyof [ - (type == "directory") - (any (ext: hasSuffix ".${ext}" basename) extensions) - (any (file: file == relative) files) - ]; - }); - - result = pkgs.lib.sources.cleanSourceWith { inherit src filter; }; - }; - - # a function to generate a nix derivation for rosenpass against any - # given set of nixpkgs - rosenpassDerivation = p: - let - # whether we want to build a statically linked binary - isStatic = p.targetPlatform.isStatic; - - # the rust target of `p` - target = p.rust.toRustTargetSpec p.targetPlatform; - - # convert a string to shout case - shout = string: builtins.replaceStrings [ "-" ] [ "_" ] (pkgs.lib.toUpper string); - - # suitable Rust toolchain - toolchain = with inputs.fenix.packages.${system}; combine [ - stable.cargo - stable.rustc - targets.${target}.stable.rust-std - ]; - - # naersk with a custom toolchain - naersk = pkgs.callPackage inputs.naersk { - cargo = toolchain; - rustc = toolchain; - }; - - # used to trick the build.rs into believing that CMake was ran **again** - fakecmake = pkgs.writeScriptBin "cmake" '' - #! ${pkgs.stdenv.shell} -e - true - ''; - in - naersk.buildPackage - { - # metadata and source - name = cargoToml.package.name; - version = cargoToml.package.version; - inherit src; - - cargoBuildOptions = x: x ++ [ "-p" "rosenpass" ]; - cargoTestOptions = x: x ++ [ "-p" "rosenpass" ]; - - doCheck = true; - - nativeBuildInputs = with pkgs; [ - p.stdenv.cc - cmake # for oqs build in the oqs-sys crate - mandoc # for the built-in manual - removeReferencesTo - rustPlatform.bindgenHook # for C-bindings in the crypto libs - ]; - buildInputs = with p; [ bash ]; - - override = x: { - preBuild = - # nix defaults to building for aarch64 _without_ the armv8-a crypto - # extensions, but liboqs depens on these - (lib.optionalString (system == "aarch64-linux") '' - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -march=armv8-a+crypto" - '' - ); - - # fortify is only compatible with dynamic linking - hardeningDisable = lib.optional isStatic "fortify"; - }; - - overrideMain = x: { - # CMake detects that it was served a _foreign_ target dir, and CMake - # would be executed again upon the second build step of naersk. - # By adding our specially optimized CMake version, we reduce the cost - # of recompilation by 99 % while, while avoiding any CMake errors. - nativeBuildInputs = [ (lib.hiPrio fakecmake) ] ++ x.nativeBuildInputs; - - # make sure that libc is linked, under musl this is not the case per - # default - preBuild = (lib.optionalString isStatic '' - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -lc" - ''); - }; - - # We want to build for a specific target... - CARGO_BUILD_TARGET = target; - - # ... which might require a non-default linker: - "CARGO_TARGET_${shout target}_LINKER" = - let - inherit (p.stdenv) cc; - in - "${cc}/bin/${cc.targetPrefix}cc"; - - meta = with pkgs.lib; - { - inherit (cargoToml.package) description homepage; - license = with licenses; [ mit asl20 ]; - maintainers = [ maintainers.wucke13 ]; - platforms = platforms.all; - }; - } // (lib.mkIf isStatic { - # otherwise pkg-config tries to link non-existent dynamic libs - # documented here: https://docs.rs/pkg-config/latest/pkg_config/ - PKG_CONFIG_ALL_STATIC = true; - - # tell rust to build everything statically linked - CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static"; - }); - # a function to generate a nix derivation for the rp helper against any - # given set of nixpkgs - rpDerivation = p: - let - # whether we want to build a statically linked binary - isStatic = p.targetPlatform.isStatic; - - # the rust target of `p` - target = p.rust.toRustTargetSpec p.targetPlatform; - - # convert a string to shout case - shout = string: builtins.replaceStrings [ "-" ] [ "_" ] (pkgs.lib.toUpper string); - - # suitable Rust toolchain - toolchain = with inputs.fenix.packages.${system}; combine [ - stable.cargo - stable.rustc - targets.${target}.stable.rust-std - ]; - - # naersk with a custom toolchain - naersk = pkgs.callPackage inputs.naersk { - cargo = toolchain; - rustc = toolchain; - }; - - # used to trick the build.rs into believing that CMake was ran **again** - fakecmake = pkgs.writeScriptBin "cmake" '' - #! ${pkgs.stdenv.shell} -e - true - ''; - in - naersk.buildPackage - { - # metadata and source - name = cargoToml.package.name; - version = cargoToml.package.version; - inherit src; - - cargoBuildOptions = x: x ++ [ "-p" "rp" ]; - cargoTestOptions = x: x ++ [ "-p" "rp" ]; - - doCheck = true; - - nativeBuildInputs = with pkgs; [ - p.stdenv.cc - cmake # for oqs build in the oqs-sys crate - mandoc # for the built-in manual - removeReferencesTo - rustPlatform.bindgenHook # for C-bindings in the crypto libs - ]; - buildInputs = with p; [ bash ]; - - override = x: { - preBuild = - # nix defaults to building for aarch64 _without_ the armv8-a crypto - # extensions, but liboqs depens on these - (lib.optionalString (system == "aarch64-linux") '' - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -march=armv8-a+crypto" - '' - ); - - # fortify is only compatible with dynamic linking - hardeningDisable = lib.optional isStatic "fortify"; - }; - - overrideMain = x: { - # CMake detects that it was served a _foreign_ target dir, and CMake - # would be executed again upon the second build step of naersk. - # By adding our specially optimized CMake version, we reduce the cost - # of recompilation by 99 % while, while avoiding any CMake errors. - nativeBuildInputs = [ (lib.hiPrio fakecmake) ] ++ x.nativeBuildInputs; - - # make sure that libc is linked, under musl this is not the case per - # default - preBuild = (lib.optionalString isStatic '' - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -lc" - ''); - }; - - # We want to build for a specific target... - CARGO_BUILD_TARGET = target; - - # ... which might require a non-default linker: - "CARGO_TARGET_${shout target}_LINKER" = - let - inherit (p.stdenv) cc; - in - "${cc}/bin/${cc.targetPrefix}cc"; - - meta = with pkgs.lib; - { - inherit (cargoToml.package) description homepage; - license = with licenses; [ mit asl20 ]; - maintainers = [ maintainers.wucke13 ]; - platforms = platforms.all; - }; - } // (lib.mkIf isStatic { - # otherwise pkg-config tries to link non-existent dynamic libs - # documented here: https://docs.rs/pkg-config/latest/pkg_config/ - PKG_CONFIG_ALL_STATIC = true; - - # tell rust to build everything statically linked - CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static"; - }); - # a function to generate a docker image based of rosenpass - rosenpassOCI = name: pkgs.dockerTools.buildImage rec { - inherit name; - copyToRoot = pkgs.buildEnv { - name = "image-root"; - paths = [ self.packages.${system}.${name} ]; - pathsToLink = [ "/bin" ]; - }; - config.Cmd = [ "/bin/rosenpass" ]; + # apply our own overlay, overriding/inserting our packages as defined in ./pkgs + overlays = [ self.overlays.default ]; }; in - rec { - packages = rec { - default = rosenpass; - rosenpass = rosenpassDerivation pkgs; - rp = rpDerivation pkgs; - rosenpass-oci-image = rosenpassOCI "rosenpass"; + { + packages = { + default = pkgs.rosenpass; + rosenpass = pkgs.rosenpass; + rosenpass-oci-image = pkgs.rosenpass-oci-image; + rp = pkgs.rp; - # derivation for the release - release-package = - let - version = cargoToml.package.version; - package = - if pkgs.hostPlatform.isLinux then - packages.rosenpass-static - else packages.rosenpass; - rp = - if pkgs.hostPlatform.isLinux then - packages.rp-static - else packages.rp; - oci-image = - if pkgs.hostPlatform.isLinux then - packages.rosenpass-static-oci-image - else packages.rosenpass-oci-image; - in - pkgs.runCommandNoCC "lace-result" { } - '' - mkdir {bin,$out} - tar -cvf $out/rosenpass-${system}-${version}.tar \ - -C ${package} bin/rosenpass \ - -C ${rp} bin/rp - cp ${oci-image} \ - $out/rosenpass-oci-image-${system}-${version}.tar.gz - ''; - } // (if pkgs.stdenv.isLinux then rec { - rosenpass-static = rosenpassDerivation pkgs.pkgsStatic; - rp-static = rpDerivation pkgs.pkgsStatic; - rosenpass-static-oci-image = rosenpassOCI "rosenpass-static"; - } else { }); + release-package = pkgs.release-package; + + # for good measure, we also offer to cross compile to Linux on Arm + aarch64-linux-rosenpass-static = + pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass; + aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp; + } + // + # We only offer static builds for linux, as this is not supported on OS X + (nixpkgs.lib.attrsets.optionalAttrs pkgs.stdenv.isLinux { + rosenpass-static = pkgs.pkgsStatic.rosenpass; + rosenpass-static-oci-image = pkgs.pkgsStatic.rosenpass-oci-image; + rp-static = pkgs.pkgsStatic.rp; + }); } )) + # ### Linux specifics ### # @@ -341,88 +75,46 @@ let pkgs = import nixpkgs { inherit system; + + # apply our own overlay, overriding/inserting our packages as defined in ./pkgs + overlays = [ self.overlays.default ]; }; - packages = self.packages.${system}; in { - # - ### Whitepaper ### - # - packages.whitepaper = - let - tlsetup = (pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-basic acmart amsfonts ccicons - csquotes csvsimple doclicense fancyvrb fontspec gobble - koma-script ifmtarg latexmk lm markdown mathtools minted noto - nunito pgf soul unicode-math lualatex-math paralist - gitinfo2 eso-pic biblatex biblatex-trad biblatex-software - xkeyval xurl xifthen biber; - }); - in - pkgs.stdenvNoCC.mkDerivation { - name = "whitepaper"; - src = ./papers; - nativeBuildInputs = with pkgs; [ - ncurses # tput - python3Packages.pygments - tlsetup # custom tex live scheme - which - ]; - buildPhase = '' - export HOME=$(mktemp -d) - latexmk -r tex/CI.rc - ''; - installPhase = '' - mkdir -p $out - mv *.pdf readme.md $out/ - ''; - }; + # + ### Reading materials ### + # + packages.whitepaper = pkgs.whitepaper; # ### Proof and Proof Tools ### # - packages.proverif-patched = pkgs.proverif.overrideAttrs (old: { - postInstall = '' - install -D -t $out/lib cryptoverif.pvl - ''; - }); - packages.proof-proverif = pkgs.stdenv.mkDerivation { - name = "rosenpass-proverif-proof"; - version = "unstable"; - src = pkgs.lib.sources.sourceByRegex ./. [ - "analyze.sh" - "marzipan(/marzipan.awk)?" - "analysis(/.*)?" - ]; - nativeBuildInputs = [ pkgs.proverif pkgs.graphviz ]; - CRYPTOVERIF_LIB = packages.proverif-patched + "/lib/cryptoverif.pvl"; - installPhase = '' - mkdir -p $out - bash analyze.sh -color -html $out - ''; - }; + packages.proverif-patched = pkgs.proverif-patched; + packages.proof-proverif = pkgs.proof-proverif; # ### Devshells ### # devShells.default = pkgs.mkShell { - inherit (packages.proof-proverif) CRYPTOVERIF_LIB; - inputsFrom = [ packages.default ]; + inherit (pkgs.proof-proverif) CRYPTOVERIF_LIB; + inputsFrom = [ pkgs.rosenpass ]; nativeBuildInputs = with pkgs; [ - inputs.fenix.packages.${system}.complete.toolchain - cmake # override the fakecmake from the main step above cargo-release clippy + rustfmt nodePackages.prettier nushell # for the .ci/gen-workflow-files.nu script - packages.proverif-patched + proverif-patched ]; }; devShells.coverage = pkgs.mkShell { - inputsFrom = [ packages.default ]; - nativeBuildInputs = with pkgs; [ inputs.fenix.packages.${system}.complete.toolchain cargo-llvm-cov ]; + inputsFrom = [ pkgs.rosenpass ]; + nativeBuildInputs = [ + inputs.fenix.packages.${system}.complete.toolchain + pkgs.cargo-llvm-cov + ]; }; diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..5e98dfc --- /dev/null +++ b/overlay.nix @@ -0,0 +1,39 @@ +final: prev: { + + + # + ### Actual rosenpass software ### + # + rosenpass = final.callPackage ./pkgs/rosenpass.nix { }; + rosenpass-oci-image = final.callPackage ./pkgs/rosenpass-oci-image.nix { }; + rp = final.callPackage ./pkgs/rosenpass.nix { package = "rp"; }; + + release-package = final.callPackage ./pkgs/release-package.nix { }; + + # + ### Appendix ### + # + proverif-patched = prev.proverif.overrideAttrs (old: { + postInstall = '' + install -D -t $out/lib cryptoverif.pvl + ''; + }); + + proof-proverif = final.stdenv.mkDerivation { + name = "rosenpass-proverif-proof"; + version = "unstable"; + src = final.lib.sources.sourceByRegex ./. [ + "analyze.sh" + "marzipan(/marzipan.awk)?" + "analysis(/.*)?" + ]; + nativeBuildInputs = [ final.proverif final.graphviz ]; + CRYPTOVERIF_LIB = final.proverif-patched + "/lib/cryptoverif.pvl"; + installPhase = '' + mkdir -p $out + bash analyze.sh -color -html $out + ''; + }; + + whitepaper = final.callPackage ./pkgs/whitepaper.nix { }; +} diff --git a/pkgs/release-package.nix b/pkgs/release-package.nix new file mode 100644 index 0000000..4a7e58a --- /dev/null +++ b/pkgs/release-package.nix @@ -0,0 +1,27 @@ +{ lib, stdenvNoCC, runCommandNoCC, pkgsStatic, rosenpass, rosenpass-oci-image, rp } @ args: + +let + version = rosenpass.version; + + # select static packages on Linux, default packages otherwise + package = + if stdenvNoCC.hostPlatform.isLinux then + pkgsStatic.rosenpass + else args.rosenpass; + rp = + if stdenvNoCC.hostPlatform.isLinux then + pkgsStatic.rp + else args.rp; + oci-image = + if stdenvNoCC.hostPlatform.isLinux then + pkgsStatic.rosenpass-oci-image + else args.rosenpass-oci-image; +in +runCommandNoCC "lace-result" { } '' + mkdir {bin,$out} + tar -cvf $out/rosenpass-${stdenvNoCC.hostPlatform.system}-${version}.tar \ + -C ${package} bin/rosenpass \ + -C ${rp} bin/rp + cp ${oci-image} \ + $out/rosenpass-oci-image-${stdenvNoCC.hostPlatform.system}-${version}.tar.gz +'' diff --git a/pkgs/rosenpass-oci-image.nix b/pkgs/rosenpass-oci-image.nix new file mode 100644 index 0000000..f68e037 --- /dev/null +++ b/pkgs/rosenpass-oci-image.nix @@ -0,0 +1,11 @@ +{ dockerTools, buildEnv, rosenpass }: + +dockerTools.buildImage { + name = rosenpass.name + "-oci"; + copyToRoot = buildEnv { + name = "image-root"; + paths = [ rosenpass ]; + pathsToLink = [ "/bin" ]; + }; + config.Cmd = [ "/bin/rosenpass" ]; +} diff --git a/pkgs/rosenpass.nix b/pkgs/rosenpass.nix new file mode 100644 index 0000000..b5afa29 --- /dev/null +++ b/pkgs/rosenpass.nix @@ -0,0 +1,78 @@ +{ lib, stdenv, rustPlatform, cmake, mandoc, removeReferencesTo, bash, package ? "rosenpass" }: + +let + # whether we want to build a statically linked binary + isStatic = stdenv.targetPlatform.isStatic; + + scoped = (scope: scope.result); + + # source files relevant for rust + src = scoped rec { + # File suffices to include + extensions = [ + "lock" + "rs" + "toml" + ]; + # Files to explicitly include + files = [ + "to/README.md" + ]; + + src = ../.; + filter = (path: type: scoped rec { + inherit (lib) any id removePrefix hasSuffix; + anyof = (any id); + + basename = baseNameOf (toString path); + relative = removePrefix (toString src + "/") (toString path); + + result = anyof [ + (type == "directory") + (any (ext: hasSuffix ".${ext}" basename) extensions) + (any (file: file == relative) files) + ]; + }); + + result = lib.sources.cleanSourceWith { inherit src filter; }; + }; + + # parsed Cargo.toml + cargoToml = builtins.fromTOML (builtins.readFile (src + "/rosenpass/Cargo.toml")); +in +rustPlatform.buildRustPackage { + name = cargoToml.package.name; + version = cargoToml.package.version; + inherit src; + + cargoBuildOptions = [ "--package" package ]; + cargoTestOptions = [ "--package" package ]; + + doCheck = true; + + cargoLock = { + lockFile = src + "/Cargo.lock"; + outputHashes = { + "memsec-0.6.3" = "sha256-4ri+IEqLd77cLcul3lZrmpDKj4cwuYJ8oPRAiQNGeLw="; + "uds-0.4.2" = "sha256-qlxr/iJt2AV4WryePIvqm/8/MK/iqtzegztNliR93W8="; + }; + }; + + nativeBuildInputs = [ + stdenv.cc + cmake # for oqs build in the oqs-sys crate + mandoc # for the built-in manual + removeReferencesTo + rustPlatform.bindgenHook # for C-bindings in the crypto libs + ]; + buildInputs = [ bash ]; + + hardeningDisable = lib.optional isStatic "fortify"; + + meta = { + inherit (cargoToml.package) description homepage; + license = with lib.licenses; [ mit asl20 ]; + maintainers = [ lib.maintainers.wucke13 ]; + platforms = lib.platforms.all; + }; +} diff --git a/pkgs/whitepaper.nix b/pkgs/whitepaper.nix new file mode 100644 index 0000000..558e967 --- /dev/null +++ b/pkgs/whitepaper.nix @@ -0,0 +1,29 @@ +{ stdenvNoCC, texlive, ncurses, python3Packages, which }: + +let + customTexLiveSetup = (texlive.combine { + inherit (texlive) acmart amsfonts biber biblatex biblatex-software + biblatex-trad ccicons csquotes csvsimple doclicense eso-pic fancyvrb + fontspec gitinfo2 gobble ifmtarg koma-script latexmk lm lualatex-math + markdown mathtools minted noto nunito paralist pgf scheme-basic soul + unicode-math upquote xifthen xkeyval xurl; + }); +in +stdenvNoCC.mkDerivation { + name = "whitepaper"; + src = ../papers; + nativeBuildInputs = [ + ncurses # tput + python3Packages.pygments + customTexLiveSetup # custom tex live scheme + which + ]; + buildPhase = '' + export HOME=$(mktemp -d) + latexmk -r tex/CI.rc + ''; + installPhase = '' + mkdir -p $out + mv *.pdf readme.md $out/ + ''; +}