diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-07-05 11:02:11 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-07-05 11:02:11 -0700 |
| commit | 8790ea90d279f4437b0467f54f84d0bbc1a1ccdd (patch) | |
| tree | 4a6856178d0151fac94e2c939a67e8de61af5524 | |
| parent | remove configuration for drone (diff) | |
| download | x-8790ea90d279f4437b0467f54f84d0bbc1a1ccdd.tar.gz | |
replace rust-overlay with naersk
This is mostly coming from
https://github.com/DeterminateSystems/nix-installer/blob/main/flake.nix
| -rw-r--r-- | src/x509-info/flake.lock | 186 | ||||
| -rw-r--r-- | src/x509-info/flake.nix | 221 | ||||
| -rw-r--r-- | src/x509-info/nix/check.nix | 44 | ||||
| -rw-r--r-- | src/x509-info/rust-toolchain.toml | 2 |
4 files changed, 282 insertions, 171 deletions
diff --git a/src/x509-info/flake.lock b/src/x509-info/flake.lock index f97f3bc..4542a21 100644 --- a/src/x509-info/flake.lock +++ b/src/x509-info/flake.lock @@ -1,36 +1,34 @@ { "nodes": { - "crane": { + "fenix": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay" + "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1667522439, - "narHash": "sha256-1tDYoumL5337T4BkC87iRXbAfeyeeOXa5WAbeP/ENqQ=", - "owner": "ipetkov", - "repo": "crane", - "rev": "b70e77d2e2d480a3a0bce3ecd2d981679588b23f", + "lastModified": 1688538381, + "narHash": "sha256-CH4j882pozkEmzvOlnyflnla+BpzRL+DeOiGUz4aK2E=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b95669bcfa88a372848fb9f5f24c1679e641e7e2", "type": "github" }, "original": { - "owner": "ipetkov", - "repo": "crane", + "owner": "nix-community", + "repo": "fenix", "type": "github" } }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -39,128 +37,134 @@ "type": "github" } }, - "flake-utils": { + "lowdown-src": { + "flake": false, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "kristapsdz", + "repo": "lowdown", "type": "github" } }, - "flake-utils_2": { + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "lastModified": 1688534083, + "narHash": "sha256-/bI5vsioXscQTsx+Hk9X5HfweeNZz/6kVKsbdqfwW7g=", + "owner": "nix-community", + "repo": "naersk", + "rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1674678482, + "narHash": "sha256-MtVatZVsV+dtjdD4AC4bztrnDFas+WZYHzQMt41FwzU=", + "owner": "nixos", + "repo": "nix", + "rev": "435a16b5556f4171b4204a3f65c9dedf215f168c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "2.13.2", + "repo": "nix", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1667877958, - "narHash": "sha256-InhzugdvWBvvR5/6hVDRngkSOeqjcw0SI9brZtY5y+g=", + "lastModified": 1670461440, + "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d29ae3a66395506fd85655a8d74279ad4f9098f", + "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-22.11-small", "repo": "nixpkgs", "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, + "nixpkgs-regression": { "locked": { - "lastModified": 1667760143, - "narHash": "sha256-+X5CyeNEKp41bY/I1AJgW/fn69q5cLJ1bgiaMMCKB3M=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "06f48d63d473516ce5b8abe70d15be96a0147fcd", + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "type": "github" }, "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "type": "github" } }, - "root": { - "inputs": { - "crane": "crane", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs", - "pre-commit-hooks": "pre-commit-hooks", - "rust-overlay": "rust-overlay_2" - } - }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "crane", - "flake-utils" - ], - "nixpkgs": [ - "crane", - "nixpkgs" - ] - }, + "nixpkgs_2": { "locked": { - "lastModified": 1667487142, - "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b", + "lastModified": 1688556768, + "narHash": "sha256-mhd6g0iJGjEfOr3+6mZZOclUveeNr64OwxdbNtLc8mY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "27bd67e55fe09f9d68c77ff151c3e44c4f81f7de", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "rust-overlay", + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", "type": "github" } }, - "rust-overlay_2": { + "root": { "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, + "fenix": "fenix", + "flake-compat": "flake-compat", + "naersk": "naersk", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + } + }, + "rust-analyzer-src": { + "flake": false, "locked": { - "lastModified": 1667875464, - "narHash": "sha256-0rO2Pzn//ANT3AphpEUantCbm86XcmKNEKhM73LFr04=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "9235990723630e1a55e1ed6bca5954e4e31cfbd7", + "lastModified": 1688494220, + "narHash": "sha256-9rYDFNKgbSHis5k13pHLvXMMZLBrvKyu+xyzsArXAJw=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "e95644e279592ea36061633779a2648afeb9536f", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "rust-overlay", + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", "type": "github" } } diff --git a/src/x509-info/flake.nix b/src/x509-info/flake.nix index 4b7967a..4b95c2e 100644 --- a/src/x509-info/flake.nix +++ b/src/x509-info/flake.nix @@ -2,103 +2,166 @@ description = "A CLI to display information about x509 certificates."; inputs = { - flake-utils.url = "github:numtide/flake-utils"; - nixpkgs.url = "github:NixOS/nixpkgs"; - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + + fenix = { + url = "github:nix-community/fenix"; + inputs.nixpkgs.follows = "nixpkgs"; }; - crane = { - url = "github:ipetkov/crane"; + + naersk = { + url = "github:nix-community/naersk"; inputs.nixpkgs.follows = "nixpkgs"; }; - pre-commit-hooks = { - url = "github:cachix/pre-commit-hooks.nix"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; + + nix = { + url = "github:nixos/nix/2.13.2"; }; + + flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; }; outputs = { self - , flake-utils , nixpkgs - , rust-overlay - , crane - , pre-commit-hooks - }: - - flake-utils.lib.eachDefaultSystem - (system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ (import rust-overlay) ]; - }; - rust-toolchain = (pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml).override { - extensions = [ "rust-src" ]; - }; + , fenix + , naersk + , nix + , ... + } @ inputs: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ]; - craneLib = (crane.mkLib pkgs).overrideScope' (_: _: { - cargo = rust-toolchain; - clippy = rust-toolchain; - rustc = rust-toolchain; - rustfmt = rust-toolchain; - }); + forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: (forSystem system f)); - src = ./.; + forSystem = system: f: f rec { + inherit system; + pkgs = import nixpkgs { inherit system; overlays = [ self.overlays.default ]; }; + lib = pkgs.lib; + }; - cargoArtifacts = craneLib.buildDepsOnly { - inherit src; - }; + fenixToolchain = system: with fenix.packages.${system}; + combine ([ + stable.clippy + stable.rustc + stable.cargo + stable.rustfmt + stable.rust-src + ] ++ nixpkgs.lib.optionals (system == "x86_64-linux") [ + targets.x86_64-unknown-linux-musl.stable.rust-std + ]); + in + { + overlays.default = final: prev: + let + toolchain = fenixToolchain final.stdenv.system; + naerskLib = final.callPackage naersk { + cargo = toolchain; + rustc = toolchain; + }; + sharedAttrs = { + pname = "x509-info"; + version = "0.1.0"; + src = builtins.path { + name = "x509-info"; + path = self; + }; - x509-info = craneLib.buildPackage { - inherit cargoArtifacts src; - }; - in - { - packages.default = x509-info; - apps.default = flake-utils.lib.mkApp { - drv = x509-info; - }; + nativeBuildInputs = with final; [ ]; + buildInputs = with final; [ ] ++ lib.optionals (final.stdenv.isDarwin) (with final.darwin.apple_sdk.frameworks; [ + SystemConfiguration + ]); + + copyBins = true; + copyDocsToSeparateOutput = true; + + doCheck = true; + doDoc = true; + doDocFail = true; + cargoTestOptions = f: f ++ [ "--all" ]; - checks = { - pre-commit = pre-commit-hooks.lib.${system}.run { - inherit src; - hooks = { - clippy = { - enable = true; - entry = pkgs.lib.mkForce "cargo clippy -- -D warnings"; - }; - nixpkgs-fmt = { - enable = true; - }; - rustfmt = { - enable = true; - entry = pkgs.lib.mkForce "cargo fmt -- --check --color always"; - }; + override = { preBuild ? "", ... }: { + preBuild = preBuild + '' + # logRun "cargo clippy --all-targets --all-features -- -D warnings" + ''; }; }; + in + rec { + x509-info = naerskLib.buildPackage sharedAttrs; + } // nixpkgs.lib.optionalAttrs (prev.stdenv.system == "x86_64-linux") rec { + default = x509-info-static; + x509-info-static = naerskLib.buildPackage + (sharedAttrs // { + CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl"; + }); }; - devShell = pkgs.mkShell { - nativeBuildInputs = with pkgs; [ - rust-toolchain - cargo-deny - ]; + devShells = forAllSystems ({ system, pkgs, ... }: + let + toolchain = fenixToolchain system; + check = import ./nix/check.nix { inherit pkgs toolchain; }; + in + { + default = pkgs.mkShell { + name = "x509-info-shell"; - inherit (self.checks.${system}.pre-commit) shellHook; - }; - }) - // { - overlay = final: prev: { - x509-info = self.packages.${prev.system}.default; - }; + RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; + + nativeBuildInputs = with pkgs; [ ]; + buildInputs = with pkgs; [ + toolchain + rust-analyzer + cargo-outdated + cacert + cargo-audit + nixpkgs-fmt + check.check-rustfmt + check.check-spelling + check.check-nixpkgs-fmt + check.check-semver + ] + ++ lib.optionals (pkgs.stdenv.isDarwin) (with pkgs; [ + libiconv + darwin.apple_sdk.frameworks.Security + ]) + ++ lib.optionals (pkgs.stdenv.isLinux) (with pkgs; [ + checkpolicy + ]); + }; + }); + + checks = forAllSystems ({ system, pkgs, ... }: + let + toolchain = fenixToolchain system; + check = import ./nix/check.nix { inherit pkgs toolchain; }; + in + { + check-rustfmt = pkgs.runCommand "check-rustfmt" { buildInputs = [ check.check-rustfmt ]; } '' + cd ${./.} + check-rustfmt + touch $out + ''; + check-spelling = pkgs.runCommand "check-spelling" { buildInputs = [ check.check-spelling ]; } '' + cd ${./.} + check-spelling + touch $out + ''; + check-nixpkgs-fmt = pkgs.runCommand "check-nixpkgs-fmt" { buildInputs = [ check.check-nixpkgs-fmt ]; } '' + cd ${./.} + check-nixpkgs-fmt + touch $out + ''; + }); + + packages = forAllSystems ({ system, pkgs, ... }: + { + inherit (pkgs) x509-info; + } // nixpkgs.lib.optionalAttrs (system == "x86_64-linux") { + inherit (pkgs) x509-info-static; + default = pkgs.x509-info-static; + } // nixpkgs.lib.optionalAttrs (pkgs.stdenv.isDarwin) { + default = pkgs.x509-info; + }); }; } - diff --git a/src/x509-info/nix/check.nix b/src/x509-info/nix/check.nix new file mode 100644 index 0000000..4d7743c --- /dev/null +++ b/src/x509-info/nix/check.nix @@ -0,0 +1,44 @@ +{ pkgs, toolchain }: + +let + inherit (pkgs) writeShellApplication; +in +{ + + # Format + check-rustfmt = (writeShellApplication { + name = "check-rustfmt"; + runtimeInputs = [ toolchain ]; + text = "cargo fmt --check"; + }); + + # Spelling + check-spelling = (writeShellApplication { + name = "check-spelling"; + runtimeInputs = with pkgs; [ git codespell ]; + text = '' + codespell \ + --ignore-words-list="crate" \ + --skip="./target,.git" \ + . + ''; + }); + + # NixFormatting + check-nixpkgs-fmt = (writeShellApplication { + name = "check-nixpkgs-fmt"; + runtimeInputs = with pkgs; [ git nixpkgs-fmt findutils ]; + text = '' + nixpkgs-fmt --check . + ''; + }); + + # Semver + check-semver = (writeShellApplication { + name = "check-semver"; + runtimeInputs = with pkgs; [ cargo-semver-checks ]; + text = '' + cargo-semver-checks semver-checks check-release + ''; + }); +} diff --git a/src/x509-info/rust-toolchain.toml b/src/x509-info/rust-toolchain.toml index e7ae097..f4ebfd7 100644 --- a/src/x509-info/rust-toolchain.toml +++ b/src/x509-info/rust-toolchain.toml @@ -1,3 +1,3 @@ [toolchain] -channel = "1.64.0" +channel = "stable" components = [ "rustfmt", "clippy" ] |