diff --git a/flake.nix b/flake.nix index b1929d5..29a6367 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,7 @@ nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); in { - nixosModules.fortify = import ./nixos.nix; + nixosModules.fortify = import ./nixos.nix self.packages; buildPackage = forAllSystems ( system: @@ -105,9 +105,21 @@ default = fortify; fortify = pkgs.pkgsStatic.callPackage ./package.nix { inherit (pkgs) + # passthru.buildInputs + go + gcc + + # nativeBuildInputs + pkg-config + wayland-scanner + makeBinaryWrapper + + # appPackages + glibc bubblewrap xdg-dbus-proxy - glibc + + # fpkg zstd gnutar coreutils @@ -115,7 +127,7 @@ }; fsu = pkgs.callPackage ./cmd/fsu/package.nix { inherit (self.packages.${system}) fortify; }; - dist = pkgs.runCommand "${fortify.name}-dist" { inherit (self.devShells.${system}.default) buildInputs; } '' + dist = pkgs.runCommand "${fortify.name}-dist" { buildInputs = fortify.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' # go requires XDG_CACHE_HOME for the build cache export XDG_CACHE_HOME="$(mktemp -d)" @@ -128,93 +140,21 @@ export FORTIFY_VERSION="v${fortify.version}" ./dist/release.sh && mkdir $out && cp -v "dist/fortify-$FORTIFY_VERSION.tar.gz"* $out ''; - - fhs = pkgs.buildFHSEnv { - pname = "fortify-fhs"; - inherit (fortify) version; - targetPkgs = - pkgs: - with pkgs; - [ - go - gcc - pkg-config - wayland-scanner - ] - ++ ( - with pkgs.pkgsStatic; - [ - musl - libffi - libseccomp - acl - wayland - wayland-protocols - ] - ++ (with xorg; [ - libxcb - libXau - libXdmcp - - xorgproto - ]) - ); - extraOutputsToInstall = [ "dev" ]; - profile = '' - export PKG_CONFIG_PATH="/usr/share/pkgconfig:$PKG_CONFIG_PATH" - ''; - }; } ); devShells = forAllSystems ( system: let - inherit (self.packages.${system}) fortify fhs; + inherit (self.packages.${system}) fortify; pkgs = nixpkgsFor.${system}; in { - default = pkgs.mkShell { - buildInputs = - with pkgs; - [ - go - gcc - ] - # buildInputs - ++ ( - with pkgsStatic; - [ - musl - libffi - libseccomp - acl - wayland - wayland-protocols - ] - ++ (with xorg; [ - libxcb - libXau - libXdmcp - ]) - ) - # nativeBuildInputs - ++ [ - pkg-config - wayland-scanner - makeBinaryWrapper - ]; - }; - - fhs = fhs.env; - - withPackage = nixpkgsFor.${system}.mkShell { - buildInputs = [ self.packages.${system}.fortify ] ++ self.devShells.${system}.default.buildInputs; - }; + default = pkgs.mkShell { buildInputs = fortify.targetPkgs; }; + withPackage = pkgs.mkShell { buildInputs = [ fortify ] ++ fortify.targetPkgs; }; generateDoc = let - pkgs = nixpkgsFor.${system}; inherit (pkgs) lib; doc = @@ -223,7 +163,7 @@ specialArgs = { inherit pkgs; }; - modules = [ ./options.nix ]; + modules = [ (import ./options.nix self.packages) ]; }; cleanEval = lib.filterAttrsRecursive (n: _: n != "_module") eval; in @@ -233,7 +173,7 @@ sed -i '/*Declared by:*/,+1 d' $out ''; in - nixpkgsFor.${system}.mkShell { + pkgs.mkShell { shellHook = '' exec cat ${docText} > options.md ''; diff --git a/nixos.nix b/nixos.nix index aa2f178..37ef556 100644 --- a/nixos.nix +++ b/nixos.nix @@ -1,3 +1,4 @@ +packages: { lib, pkgs, @@ -26,7 +27,7 @@ let in { - imports = [ ./options.nix ]; + imports = [ (import ./options.nix packages) ]; config = mkIf cfg.enable { security.wrappers.fsu = { diff --git a/options.nix b/options.nix index 5bad55d..d9ccfb7 100644 --- a/options.nix +++ b/options.nix @@ -1,17 +1,8 @@ +packages: { lib, pkgs, ... }: let inherit (lib) types mkOption mkEnableOption; - fortify = pkgs.pkgsStatic.callPackage ./package.nix { - inherit (pkgs) - bubblewrap - xdg-dbus-proxy - glibc - zstd - gnutar - coreutils - ; - }; in { @@ -21,13 +12,13 @@ in package = mkOption { type = types.package; - default = fortify; + default = packages.${pkgs.system}.fortify; description = "The fortify package to use."; }; fsuPackage = mkOption { type = types.package; - default = pkgs.callPackage ./cmd/fsu/package.nix { inherit fortify; }; + default = packages.${pkgs.system}.fsu; description = "The fsu package to use."; }; diff --git a/package.nix b/package.nix index 3088ec3..5169bea 100644 --- a/package.nix +++ b/package.nix @@ -19,6 +19,10 @@ gnutar, coreutils, + # for passthru.buildInputs + go, + gcc, + glibc, # for ldd withStatic ? stdenv.hostPlatform.isStatic, }: @@ -108,4 +112,13 @@ buildGoModule rec { ) } ''; + + passthru.targetPkgs = + [ + go + gcc + xorg.xorgproto + ] + ++ buildInputs + ++ nativeBuildInputs; } diff --git a/test/default.nix b/test/default.nix index 068ca70..d53dcfc 100644 --- a/test/default.nix +++ b/test/default.nix @@ -1,6 +1,7 @@ { lib, nixosTest, + buildFHSEnv, writeShellScriptBin, system, @@ -12,6 +13,21 @@ nixosTest { name = "fortify" + (if withRace then "-race" else ""); nodes.machine = { options, pkgs, ... }: + let + fhs = + let + fortify = options.environment.fortify.package.default; + in + buildFHSEnv { + pname = "fortify-fhs"; + inherit (fortify) version; + targetPkgs = _: fortify.targetPkgs; + extraOutputsToInstall = [ "dev" ]; + profile = '' + export PKG_CONFIG_PATH="/usr/share/pkgconfig:$PKG_CONFIG_PATH" + ''; + }; + in { environment.systemPackages = [ # For go tests: @@ -21,7 +37,7 @@ nixosTest { cp -r "${self.packages.${system}.fortify.src}" "$WORK" chmod -R +w "$WORK" cd "$WORK" - ${self.packages.${system}.fhs}/bin/fortify-fhs -c \ + ${fhs}/bin/fortify-fhs -c \ 'go generate ./... && go test ${if withRace then "-race" else "-count 16"} ./... && touch /tmp/go-test-ok' '') ];