mirror of
https://github.com/rosenpass/rosenpass.git
synced 2025-12-05 20:40:02 -08:00
49be83847b
- Adds a devShell with Miri - Marks some of the tests which Miri cannot execute as ignored for Miri Signed-off-by: wucke13 <wucke13+github@gmail.com>
248 lines
8.2 KiB
Nix
248 lines
8.2 KiB
Nix
{
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
nix-vm-test.url = "github:numtide/nix-vm-test";
|
|
nix-vm-test.inputs.nixpkgs.follows = "nixpkgs";
|
|
nix-vm-test.inputs.flake-utils.follows = "flake-utils";
|
|
|
|
# for rust nightly with llvm-tools-preview
|
|
rust-overlay.url = "github:oxalica/rust-overlay";
|
|
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
|
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
# Older version of rosenpass, referenced here for backwards compatibility
|
|
rosenpassOld.url = "github:rosenpass/rosenpass?rev=916a9ebb7133f0b22057fb097a473217f261928a";
|
|
rosenpassOld.inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
flake-utils,
|
|
nix-vm-test,
|
|
rust-overlay,
|
|
treefmt-nix,
|
|
rosenpassOld,
|
|
...
|
|
}@inputs:
|
|
nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [
|
|
|
|
#
|
|
### Export the overlay.nix from this flake ###
|
|
#
|
|
{ overlays.default = import ./overlay.nix; }
|
|
|
|
#
|
|
### Actual Rosenpass Package and Docker Container Images ###
|
|
#
|
|
(flake-utils.lib.eachSystem
|
|
[
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
|
|
# unsuported best-effort
|
|
"i686-linux"
|
|
"x86_64-darwin"
|
|
"aarch64-darwin"
|
|
# "x86_64-windows"
|
|
]
|
|
(
|
|
system:
|
|
let
|
|
# normal nixpkgs
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
|
|
# apply our own overlay, overriding/inserting our packages as defined in ./pkgs
|
|
overlays = [ self.overlays.default ];
|
|
};
|
|
in
|
|
{
|
|
packages =
|
|
{
|
|
default = pkgs.rosenpass;
|
|
rosenpass = pkgs.rosenpass;
|
|
rosenpass-oci-image = pkgs.rosenpass-oci-image;
|
|
rp = pkgs.rp;
|
|
|
|
release-package = pkgs.release-package;
|
|
|
|
# for good measure, we also offer to cross compile to Linux on Arm
|
|
aarch64-linux-rosenpass-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass;
|
|
aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp;
|
|
}
|
|
//
|
|
# We only offer static builds for linux, as this is not supported on OS X
|
|
(nixpkgs.lib.attrsets.optionalAttrs pkgs.stdenv.isLinux {
|
|
rosenpass-static = pkgs.pkgsStatic.rosenpass;
|
|
rosenpass-static-oci-image = pkgs.pkgsStatic.rosenpass-oci-image;
|
|
rp-static = pkgs.pkgsStatic.rp;
|
|
});
|
|
}
|
|
)
|
|
)
|
|
|
|
#
|
|
### Linux specifics ###
|
|
#
|
|
(flake-utils.lib.eachSystem
|
|
[
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"i686-linux"
|
|
]
|
|
(
|
|
system:
|
|
let
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
|
|
overlays = [
|
|
# apply our own overlay, overriding/inserting our packages as defined in ./pkgs
|
|
self.overlays.default
|
|
|
|
nix-vm-test.overlays.default
|
|
|
|
# apply rust-overlay to get specific versions of the rust toolchain for a MSRV check
|
|
(import rust-overlay)
|
|
];
|
|
};
|
|
|
|
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
|
|
in
|
|
{
|
|
packages.package-deb = pkgs.callPackage ./pkgs/package-deb.nix {
|
|
rosenpass = pkgs.pkgsStatic.rosenpass;
|
|
};
|
|
packages.package-rpm = pkgs.callPackage ./pkgs/package-rpm.nix {
|
|
rosenpass = pkgs.pkgsStatic.rosenpass;
|
|
};
|
|
|
|
#
|
|
### Reading materials ###
|
|
#
|
|
packages.whitepaper = pkgs.whitepaper;
|
|
|
|
#
|
|
### Proof and Proof Tools ###
|
|
#
|
|
packages.proverif-patched = pkgs.proverif-patched;
|
|
packages.proof-proverif = pkgs.proof-proverif;
|
|
|
|
#
|
|
### Devshells ###
|
|
#
|
|
devShells.default = pkgs.mkShell {
|
|
inherit (pkgs.proof-proverif) CRYPTOVERIF_LIB;
|
|
inputsFrom = [ pkgs.rosenpass ];
|
|
nativeBuildInputs = with pkgs; [
|
|
cargo-release
|
|
clippy
|
|
rustfmt
|
|
nodePackages.prettier
|
|
nushell # for the .ci/gen-workflow-files.nu script
|
|
proverif-patched
|
|
];
|
|
};
|
|
# TODO: Write this as a patched version of the default environment
|
|
devShells.fullEnv = pkgs.mkShell {
|
|
inherit (pkgs.proof-proverif) CRYPTOVERIF_LIB;
|
|
inputsFrom = [ pkgs.rosenpass ];
|
|
nativeBuildInputs = with pkgs; [
|
|
cargo-audit
|
|
cargo-msrv
|
|
cargo-release
|
|
cargo-vet
|
|
rustfmt
|
|
nodePackages.prettier
|
|
nushell # for the .ci/gen-workflow-files.nu script
|
|
proverif-patched
|
|
pkgs.cargo-llvm-cov
|
|
pkgs.grcov
|
|
pkgs.rust-bin.stable.latest.complete
|
|
];
|
|
};
|
|
devShells.coverage = pkgs.mkShell {
|
|
inputsFrom = [ pkgs.rosenpass ];
|
|
nativeBuildInputs = [
|
|
pkgs.cargo-llvm-cov
|
|
pkgs.grcov
|
|
pkgs.rustc.llvmPackages.llvm
|
|
];
|
|
env = {
|
|
inherit (pkgs.cargo-llvm-cov) LLVM_COV LLVM_PROFDATA;
|
|
};
|
|
};
|
|
devShells.benchmarks = pkgs.mkShell {
|
|
inputsFrom = [ pkgs.rosenpass ];
|
|
nativeBuildInputs = with pkgs; [
|
|
cargo-release
|
|
clippy
|
|
rustfmt
|
|
];
|
|
};
|
|
# a devshell to hunt unsafe `unsafe` in the code
|
|
devShells.miri = pkgs.mkShell {
|
|
# inputsFrom = [ self.packages.${system}.rosenpass ];
|
|
nativeBuildInputs = with pkgs; [
|
|
((rust-bin.selectLatestNightlyWith (toolchain: toolchain.default)).override {
|
|
extensions = [
|
|
"rust-analysis"
|
|
"rust-src"
|
|
"miri-preview"
|
|
];
|
|
})
|
|
pkgs.cmake
|
|
pkgs.rustPlatform.bindgenHook
|
|
];
|
|
# Run this to find unsafe `unsafe`:
|
|
# MIRIFLAGS="-Zmiri-disable-isolation" cargo miri test --no-fail-fast --lib --bins --tests
|
|
#
|
|
# - Some test failure is expected.
|
|
};
|
|
|
|
checks =
|
|
import ./tests/integration/integration-checks.nix {
|
|
inherit system;
|
|
pkgs = inputs.nixpkgs;
|
|
lib = nixpkgs.lib;
|
|
rosenpassNew = self.packages.${system}.default;
|
|
rosenpassOld = rosenpassOld.packages.${system}.default;
|
|
}
|
|
// {
|
|
systemd-rosenpass = pkgs.testers.runNixOSTest ./tests/systemd/rosenpass.nix;
|
|
systemd-rp = pkgs.testers.runNixOSTest ./tests/systemd/rp.nix;
|
|
formatting = treefmtEval.config.build.check self;
|
|
rosenpass-msrv-check =
|
|
let
|
|
rosenpassCargoToml = pkgs.lib.trivial.importTOML ./rosenpass/Cargo.toml;
|
|
|
|
rustToolchain = pkgs.rust-bin.stable.${rosenpassCargoToml.package.rust-version}.default;
|
|
rustPlatform = pkgs.makeRustPlatform {
|
|
cargo = rustToolchain;
|
|
rustc = rustToolchain;
|
|
};
|
|
in
|
|
pkgs.rosenpass.override { inherit rustPlatform; };
|
|
}
|
|
// pkgs.lib.optionalAttrs (system == "x86_64-linux") (
|
|
import ./tests/legacy-distro-packaging.nix {
|
|
inherit pkgs;
|
|
rosenpass-deb = self.packages.${system}.package-deb;
|
|
rosenpass-rpm = self.packages.${system}.package-rpm;
|
|
}
|
|
);
|
|
|
|
# for `nix fmt`
|
|
formatter = treefmtEval.config.build.wrapper;
|
|
}
|
|
)
|
|
)
|
|
];
|
|
}
|