From 9a7c81a44e4876f2efde1e2d71a5ffbb0b3e96a8 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sat, 7 Jun 2025 03:10:36 +0900 Subject: [PATCH] nix: go generate in src derivation This saves the generated files in the nix store and exposes them for use by external tools. Signed-off-by: Ophestra --- package.nix | 33 ++++++++++++++++++++++++++------- test/default.nix | 13 ++++++------- test/test.py | 12 ++++++------ 3 files changed, 38 insertions(+), 20 deletions(-) diff --git a/package.nix b/package.nix index e0f01c6..57a7711 100644 --- a/package.nix +++ b/package.nix @@ -33,13 +33,34 @@ buildGoModule rec { pname = "fortify"; version = "0.4.1"; - src = builtins.path { + srcFiltered = builtins.path { name = "${pname}-src"; path = lib.cleanSource ./.; filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/fsu" path); }; vendorHash = null; + src = stdenv.mkDerivation { + name = "${pname}-src-full"; + inherit version; + enableParallelBuilding = true; + src = srcFiltered; + + buildInputs = [ + wayland + wayland-protocols + ]; + + nativeBuildInputs = [ + go + pkg-config + wayland-scanner + ]; + + buildPhase = "GOCACHE=$(mktemp -d) go generate ./..."; + installPhase = "cp -r . $out"; + }; + ldflags = lib.attrsets.foldlAttrs ( @@ -67,7 +88,6 @@ buildGoModule rec { libseccomp acl wayland - wayland-protocols ] ++ (with xorg; [ libxcb @@ -77,14 +97,9 @@ buildGoModule rec { nativeBuildInputs = [ pkg-config - wayland-scanner makeBinaryWrapper ]; - preBuild = '' - HOME="$(mktemp -d)" PATH="${pkg-config}/bin:$PATH" go generate ./... - ''; - postInstall = let appPackages = [ @@ -120,6 +135,10 @@ buildGoModule rec { gcc xorg.xorgproto util-linux + + # for go generate + wayland-protocols + wayland-scanner ] ++ buildInputs ++ nativeBuildInputs; diff --git a/test/default.nix b/test/default.nix index d53dcfc..385b343 100644 --- a/test/default.nix +++ b/test/default.nix @@ -31,14 +31,13 @@ nixosTest { { environment.systemPackages = [ # For go tests: - (writeShellScriptBin "fortify-go-test" '' - set -e - WORK="$(mktemp -ud)" - cp -r "${self.packages.${system}.fortify.src}" "$WORK" - chmod -R +w "$WORK" - cd "$WORK" + (writeShellScriptBin "fortify-test" '' + cd ${self.packages.${system}.fortify.src} ${fhs}/bin/fortify-fhs -c \ - 'go generate ./... && go test ${if withRace then "-race" else "-count 16"} ./... && touch /tmp/go-test-ok' + 'go test ${if withRace then "-race" else "-count 16"} ./...' \ + &> /tmp/fortify-test.log && \ + touch /tmp/fortify-test-ok + touch /tmp/fortify-test-done '') ]; diff --git a/test/test.py b/test/test.py index ceb067e..b912d6e 100644 --- a/test/test.py +++ b/test/test.py @@ -80,9 +80,6 @@ def fortify(command): start_all() machine.wait_for_unit("multi-user.target") -# Run fortify Go tests outside of nix build in the background: -machine.succeed("sudo -u untrusted -i fortify-go-test &> /tmp/go-test &") - # To check fortify's version: print(machine.succeed("sudo -u alice -i fortify version")) @@ -90,6 +87,9 @@ print(machine.succeed("sudo -u alice -i fortify version")) machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") +# Run fortify Go tests outside of nix build in the background: +swaymsg("exec fortify-test") + # Deny unmapped uid: denyOutput = machine.fail("sudo -u untrusted -i fortify run &>/dev/stdout") print(denyOutput) @@ -255,6 +255,6 @@ machine.wait_for_file("/tmp/sway-exit-ok") print(machine.succeed("find /run/user/1000/fortify")) # Verify go test status: -machine.wait_for_file("/tmp/go-test", timeout=5) -print(machine.succeed("cat /tmp/go-test")) -machine.wait_for_file("/tmp/go-test-ok", timeout=5) +machine.wait_for_file("/tmp/fortify-test-done") +print(machine.succeed("cat /tmp/fortify-test.log")) +machine.wait_for_file("/tmp/fortify-test-ok", timeout=2)