nixpkgs/pkgs/servers/http/envoy/default.nix

{ lib
, bazel_4
, buildBazelPackage
, fetchFromGitHub
, fetchpatch
, stdenv
, cmake
, gn
, go
, jdk
, ninja
, python3
, linuxHeaders
, nixosTests

# v8 (upstream default), wavm, wamr, wasmtime, disabled
, wasmRuntime ? "wamr"
}:

let
  srcVer = {
    # We need the commit hash, since Bazel stamps the build with it.
    # However, the version string is more useful for end-users.
    # These are contained in a attrset of their own to make it obvious that
    # people should update both.
    version = "1.21.1";
    rev = "af50070ee60866874b0a9383daf9364e884ded22";
  };
in
buildBazelPackage rec {
  pname = "envoy";
  inherit (srcVer) version;
  bazel = bazel_4;
  src = fetchFromGitHub {
    owner = "envoyproxy";
    repo = "envoy";
    inherit (srcVer) rev;
    hash = "sha256:11mm72zmb479ss585jzqzhklyyqmdadnvr91ghzvjxc0j2a1hrr4";

    extraPostFetch = ''
      chmod -R +w $out
      rm $out/.bazelversion
      echo ${srcVer.rev} > $out/SOURCE_VERSION
      sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl
    '';
  };

  postPatch = ''
    sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
    sed -i '/javabase=/d' .bazelrc
    # Patch paths to build tools, and disable gold because it just segfaults.
    substituteInPlace bazel/external/wee8.genrule_cmd \
      --replace '"''$$gn"' '"''$$(command -v gn)"' \
      --replace '"''$$ninja"' '"''$$(command -v ninja)"' \
      --replace '"''$$WEE8_BUILD_ARGS"' '"''$$WEE8_BUILD_ARGS use_gold=false"'
  '';

  patches = [
    # make linux/tcp.h relative. drop when upgrading to >1.21
    (fetchpatch {
      url = "https://github.com/envoyproxy/envoy/commit/68448aae7a78a3123097b6ea96016b270457e7b8.patch";
      sha256 = "123kv3x37p8fgfp29jhw5xg5js5q5ipibs8hsm7gzfd5bcllnpfh";
    })

    # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter)
    ./bump-brotli.patch

    # fix linux-aarch64 WAMR builds
    # (upstream WAMR only detects aarch64 on Darwin, not Linux)
    ./fix-aarch64-wamr.patch
  ];

  nativeBuildInputs = [
    cmake
    python3
    gn
    go
    jdk
    ninja
  ];

  buildInputs = [
    linuxHeaders
  ];

  fetchAttrs = {
    sha256 = {
      x86_64-linux = "sha256-23Z6SbKnbah/NCrdMrXhrNFFASd/8xRH3fSyIE++heA=";
      aarch64-linux = "1ijv4arw67nprykn2wkn4ji8fbr284mc7p74zxfsky772s42yy9j";
    }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
    dontUseCmakeConfigure = true;
    dontUseGnConfigure = true;
    preInstall = ''
      # Strip out the path to the build location (by deleting the comment line).
      find $bazelOut/external -name requirements.bzl | while read requirements; do
        sed -i '/# Generated from /d' "$requirements"
      done

      # Remove references to paths in the Nix store.
      sed -i \
        -e 's,${python3},__NIXPYTHON__,' \
        -e 's,${stdenv.shellPackage},__NIXSHELL__,' \
        $bazelOut/external/com_github_luajit_luajit/build.py \
        $bazelOut/external/local_config_sh/BUILD
      rm -r $bazelOut/external/go_sdk

      # Remove Unix timestamps from go cache.
      rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb}
    '';
  };
  buildAttrs = {
    dontUseCmakeConfigure = true;
    dontUseGnConfigure = true;
    dontUseNinjaInstall = true;
    preConfigure = ''
      sed -i 's,#!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl

      # Add paths to Nix store back.
      sed -i \
        -e 's,__NIXPYTHON__,${python3},' \
        -e 's,__NIXSHELL__,${stdenv.shellPackage},' \
        $bazelOut/external/com_github_luajit_luajit/build.py \
        $bazelOut/external/local_config_sh/BUILD
    '';
    installPhase = ''
      install -Dm0755 bazel-bin/source/exe/envoy-static $out/bin/envoy
    '';
  };

  removeRulesCC = false;
  removeLocalConfigCc = true;
  removeLocal = false;
  bazelTarget = "//source/exe:envoy-static";
  bazelBuildFlags = [
    "-c opt"
    "--spawn_strategy=standalone"
    "--noexperimental_strict_action_env"
    "--cxxopt=-Wno-maybe-uninitialized"
    "--cxxopt=-Wno-uninitialized"
    "--cxxopt=-Wno-error=type-limits"

    "--define=wasm=${wasmRuntime}"
  ];
  bazelFetchFlags = [
    "--define=wasm=${wasmRuntime}"
  ];

  passthru.tests = {
    envoy = nixosTests.envoy;
    # tested as a core component of Pomerium
    pomerium = nixosTests.pomerium;
  };

  meta = with lib; {
    homepage = "https://envoyproxy.io";
    description = "Cloud-native edge and service proxy";
    license = licenses.asl20;
    maintainers = with maintainers; [ lukegb ];
    platforms = [ "x86_64-linux" "aarch64-linux" ];
  };
}
treewide: stdenv.lib -> lib 2021-01-24 03:40:18 +03:00			`{ lib`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`, bazel_4`
treewide: stdenv.lib -> lib 2021-01-24 03:40:18 +03:00			`, buildBazelPackage`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`, fetchFromGitHub`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`, fetchpatch`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`, stdenv`
			`, cmake`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`, gn`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`, go`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`, jdk`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`, ninja`
			`, python3`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`, linuxHeaders`
envoy, pomerium: add Pomerium NixOS test to passthru.tests 2021-01-08 06:04:24 +03:00			`, nixosTests`
envoy: fix builds for x86_64-linux and aarch64-linux * Bumps brotli version to incorporate a fix for some GCC warnings which get promoted to errors. * Switches from wee8 to WAMR because it's easier to make it build sensibly on a range of GCC versions that aren't just "whatever ships with Ubuntu LTS". * Adds a patch for WAMR's build in Envoy because it won't build properly under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on macOS. 2022-05-09 00:44:47 +03:00
			`# v8 (upstream default), wavm, wamr, wasmtime, disabled`
			`, wasmRuntime ? "wamr"`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`}:`

			`let`
			`srcVer = {`
			`# We need the commit hash, since Bazel stamps the build with it.`
			`# However, the version string is more useful for end-users.`
			`# These are contained in a attrset of their own to make it obvious that`
			`# people should update both.`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`version = "1.21.1";`
			`rev = "af50070ee60866874b0a9383daf9364e884ded22";`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`};`
			`in`
			`buildBazelPackage rec {`
			`pname = "envoy";`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`inherit (srcVer) version;`
			`bazel = bazel_4;`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`src = fetchFromGitHub {`
			`owner = "envoyproxy";`
			`repo = "envoy";`
envoy: fix builds for x86_64-linux and aarch64-linux * Bumps brotli version to incorporate a fix for some GCC warnings which get promoted to errors. * Switches from wee8 to WAMR because it's easier to make it build sensibly on a range of GCC versions that aren't just "whatever ships with Ubuntu LTS". * Adds a patch for WAMR's build in Envoy because it won't build properly under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on macOS. 2022-05-09 00:44:47 +03:00			`inherit (srcVer) rev;`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`hash = "sha256:11mm72zmb479ss585jzqzhklyyqmdadnvr91ghzvjxc0j2a1hrr4";`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00
			`extraPostFetch = ''`
			`chmod -R +w $out`
			`rm $out/.bazelversion`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`echo ${srcVer.rev} > $out/SOURCE_VERSION`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl`
			`'';`
			`};`

			`postPatch = ''`
			`sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`sed -i '/javabase=/d' .bazelrc`
			`# Patch paths to build tools, and disable gold because it just segfaults.`
			`substituteInPlace bazel/external/wee8.genrule_cmd \`
			`--replace '"''$$gn"' '"''$$(command -v gn)"' \`
			`--replace '"''$$ninja"' '"''$$(command -v ninja)"' \`
			`--replace '"''$$WEE8_BUILD_ARGS"' '"''$$WEE8_BUILD_ARGS use_gold=false"'`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`'';`

envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`patches = [`
			`# make linux/tcp.h relative. drop when upgrading to >1.21`
			`(fetchpatch {`
			`url = "https://github.com/envoyproxy/envoy/commit/68448aae7a78a3123097b6ea96016b270457e7b8.patch";`
			`sha256 = "123kv3x37p8fgfp29jhw5xg5js5q5ipibs8hsm7gzfd5bcllnpfh";`
			`})`
envoy: fix builds for x86_64-linux and aarch64-linux * Bumps brotli version to incorporate a fix for some GCC warnings which get promoted to errors. * Switches from wee8 to WAMR because it's easier to make it build sensibly on a range of GCC versions that aren't just "whatever ships with Ubuntu LTS". * Adds a patch for WAMR's build in Envoy because it won't build properly under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on macOS. 2022-05-09 00:44:47 +03:00
			`# fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter)`
			`./bump-brotli.patch`

			`# fix linux-aarch64 WAMR builds`
			`# (upstream WAMR only detects aarch64 on Darwin, not Linux)`
			`./fix-aarch64-wamr.patch`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`];`

envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`nativeBuildInputs = [`
			`cmake`
			`python3`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`gn`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`go`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`jdk`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`ninja`
			`];`

envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`buildInputs = [`
			`linuxHeaders`
			`];`

envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`fetchAttrs = {`
envoy: add fetch hash for aarch64-linux 2022-04-15 12:17:48 +03:00			`sha256 = {`
envoy: fix sha256 for x86_64-linux 2022-05-10 08:28:43 +03:00			`x86_64-linux = "sha256-23Z6SbKnbah/NCrdMrXhrNFFASd/8xRH3fSyIE++heA=";`
envoy: fix builds for x86_64-linux and aarch64-linux * Bumps brotli version to incorporate a fix for some GCC warnings which get promoted to errors. * Switches from wee8 to WAMR because it's easier to make it build sensibly on a range of GCC versions that aren't just "whatever ships with Ubuntu LTS". * Adds a patch for WAMR's build in Envoy because it won't build properly under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on macOS. 2022-05-09 00:44:47 +03:00			`aarch64-linux = "1ijv4arw67nprykn2wkn4ji8fbr284mc7p74zxfsky772s42yy9j";`
envoy: add fetch hash for aarch64-linux 2022-04-15 12:17:48 +03:00			`}.${stdenv.system} or (throw "unsupported system ${stdenv.system}");`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`dontUseCmakeConfigure = true;`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`dontUseGnConfigure = true;`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`preInstall = ''`
			`# Strip out the path to the build location (by deleting the comment line).`
			`find $bazelOut/external -name requirements.bzl \| while read requirements; do`
			`sed -i '/# Generated from /d' "$requirements"`
			`done`

			`# Remove references to paths in the Nix store.`
			`sed -i \`
			`-e 's,${python3},__NIXPYTHON__,' \`
			`-e 's,${stdenv.shellPackage},__NIXSHELL__,' \`
			`$bazelOut/external/com_github_luajit_luajit/build.py \`
			`$bazelOut/external/local_config_sh/BUILD`
			`rm -r $bazelOut/external/go_sdk`

envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`# Remove Unix timestamps from go cache.`
			`rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb}`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`'';`
			`};`
			`buildAttrs = {`
			`dontUseCmakeConfigure = true;`
envoy: 1.16.2 -> 1.17.3 2021-06-07 04:18:01 +03:00			`dontUseGnConfigure = true;`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`dontUseNinjaInstall = true;`
			`preConfigure = ''`
envoy: 1.19.1 -> 1.21.1 2022-02-24 04:36:53 +03:00			`sed -i 's,#!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00
			`# Add paths to Nix store back.`
			`sed -i \`
			`-e 's,__NIXPYTHON__,${python3},' \`
			`-e 's,__NIXSHELL__,${stdenv.shellPackage},' \`
			`$bazelOut/external/com_github_luajit_luajit/build.py \`
			`$bazelOut/external/local_config_sh/BUILD`
			`'';`
			`installPhase = ''`
			`install -Dm0755 bazel-bin/source/exe/envoy-static $out/bin/envoy`
			`'';`
			`};`

			`removeRulesCC = false;`
			`removeLocalConfigCc = true;`
			`removeLocal = false;`
			`bazelTarget = "//source/exe:envoy-static";`
			`bazelBuildFlags = [`
			`"-c opt"`
			`"--spawn_strategy=standalone"`
			`"--noexperimental_strict_action_env"`
			`"--cxxopt=-Wno-maybe-uninitialized"`
			`"--cxxopt=-Wno-uninitialized"`
envoy: add fetch hash for aarch64-linux 2022-04-15 12:17:48 +03:00			`"--cxxopt=-Wno-error=type-limits"`
envoy: fix builds for x86_64-linux and aarch64-linux * Bumps brotli version to incorporate a fix for some GCC warnings which get promoted to errors. * Switches from wee8 to WAMR because it's easier to make it build sensibly on a range of GCC versions that aren't just "whatever ships with Ubuntu LTS". * Adds a patch for WAMR's build in Envoy because it won't build properly under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on macOS. 2022-05-09 00:44:47 +03:00
			`"--define=wasm=${wasmRuntime}"`
			`];`
			`bazelFetchFlags = [`
			`"--define=wasm=${wasmRuntime}"`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`];`

envoy, pomerium: add Pomerium NixOS test to passthru.tests 2021-01-08 06:04:24 +03:00			`passthru.tests = {`
nixos/envoy: init 2021-08-28 05:28:27 +03:00			`envoy = nixosTests.envoy;`
			`# tested as a core component of Pomerium`
			`pomerium = nixosTests.pomerium;`
envoy, pomerium: add Pomerium NixOS test to passthru.tests 2021-01-08 06:04:24 +03:00			`};`

treewide: stdenv.lib -> lib 2021-01-24 03:40:18 +03:00			`meta = with lib; {`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`homepage = "https://envoyproxy.io";`
			`description = "Cloud-native edge and service proxy";`
			`license = licenses.asl20;`
			`maintainers = with maintainers; [ lukegb ];`
envoy: add fetch hash for aarch64-linux 2022-04-15 12:17:48 +03:00			`platforms = [ "x86_64-linux" "aarch64-linux" ];`
envoy: init at 1.16.2 2021-01-08 04:35:50 +03:00			`};`
			`}`