From 47d7d4892898451f825a2e334ddb282681a4b726 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Fri, 2 Aug 2019 13:51:38 -0700 Subject: [PATCH] moves ca-bundle header generation into a separate nix derivation --- nix/crossdeps.nix | 1 + nix/deps-env.nix | 2 +- nix/deps/ca-header/builder.sh | 27 +++++++++++++++++++++++++++ nix/deps/ca-header/cross.nix | 8 ++++++++ nix/deps/ca-header/default.nix | 7 +++++++ nix/deps/default.nix | 1 + nix/pkgs/default.nix | 2 +- nix/pkgs/urbit/default.nix | 6 +++--- nix/pkgs/urbit/release.nix | 6 ++---- nix/pkgs/urbit/shell.nix | 2 +- nix/release.nix | 3 +-- pkg/urbit/Makefile | 14 ++------------ pkg/urbit/configure | 4 ++-- 13 files changed, 57 insertions(+), 26 deletions(-) create mode 100755 nix/deps/ca-header/builder.sh create mode 100644 nix/deps/ca-header/cross.nix create mode 100644 nix/deps/ca-header/default.nix diff --git a/nix/crossdeps.nix b/nix/crossdeps.nix index da65f2403..df2829fd9 100644 --- a/nix/crossdeps.nix +++ b/nix/crossdeps.nix @@ -11,4 +11,5 @@ rec { secp256k1 = import ./deps/secp256k1/cross.nix { inherit crossenv; }; h2o = import ./deps/h2o/cross.nix { inherit crossenv uv; }; ivory-header = import ./deps/ivory-header/cross.nix { inherit crossenv; }; + ca-header = import ./deps/ca-header/cross.nix { inherit crossenv; }; } diff --git a/nix/deps-env.nix b/nix/deps-env.nix index 5c6f5351f..cd945bceb 100644 --- a/nix/deps-env.nix +++ b/nix/deps-env.nix @@ -20,7 +20,7 @@ let vendor = with deps; - [ argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ent ge-additions ivory-header ]; + [ argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ent ge-additions ivory-header ca-header ]; in diff --git a/nix/deps/ca-header/builder.sh b/nix/deps/ca-header/builder.sh new file mode 100755 index 000000000..413a515ec --- /dev/null +++ b/nix/deps/ca-header/builder.sh @@ -0,0 +1,27 @@ +source $stdenv/setup + +set -ex + +cleanup () { + echo "done" +} + +trap cleanup EXIT + + +if ! [ -f "$SSL_CERT_FILE" ]; then + echo "$SSL_CERT_FILE doesn't exist" + exit 1 +fi + +mkdir -p ./include + +cat $SSL_CERT_FILE > include/ca-bundle.crt +xxd -i include/ca-bundle.crt > ca-bundle.h + +mkdir -p $out/include + +mv ca-bundle.h $out/include +rm -rf ./include + +set +x diff --git a/nix/deps/ca-header/cross.nix b/nix/deps/ca-header/cross.nix new file mode 100644 index 000000000..2595eb01a --- /dev/null +++ b/nix/deps/ca-header/cross.nix @@ -0,0 +1,8 @@ +{ crossenv }: + +crossenv.make_derivation rec { + name = "ca-bundle.h"; + builder = ./builder.sh; + native_inputs = with crossenv.nixpkgs; [ cacert xxd ]; + SSL_CERT_FILE = "${crossenv.nixpkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; +} diff --git a/nix/deps/ca-header/default.nix b/nix/deps/ca-header/default.nix new file mode 100644 index 000000000..6e65f1454 --- /dev/null +++ b/nix/deps/ca-header/default.nix @@ -0,0 +1,7 @@ +{ pkgs }: + +pkgs.stdenv.mkDerivation { + name = "ca-bundle.h"; + builder = ./builder.sh; + nativeBuildInputs = with pkgs; [ cacert xxd ]; +} diff --git a/nix/deps/default.nix b/nix/deps/default.nix index ecbc4601b..b14746f1a 100644 --- a/nix/deps/default.nix +++ b/nix/deps/default.nix @@ -11,4 +11,5 @@ rec { secp256k1 = import ./secp256k1 { inherit pkgs; }; h2o = import ./h2o { inherit pkgs uv; }; ivory-header = import ./ivory-header { inherit pkgs; }; + ca-header = import ./ca-header { inherit pkgs; }; } diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 9e3f6b110..15285186a 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -17,7 +17,7 @@ let import ./urbit { inherit pkgs ent debug ge-additions; inherit (deps) argon2 murmur3 uv ed25519 sni scrypt softfloat3; - inherit (deps) secp256k1 h2o ivory-header; + inherit (deps) secp256k1 h2o ivory-header ca-header; }; urbit = mkUrbit { debug=false; }; diff --git a/nix/pkgs/urbit/default.nix b/nix/pkgs/urbit/default.nix index b45bd7306..0e64c5cf1 100644 --- a/nix/pkgs/urbit/default.nix +++ b/nix/pkgs/urbit/default.nix @@ -1,7 +1,7 @@ { pkgs, debug, - argon2, ed25519, ent, ge-additions, h2o, murmur3, scrypt, secp256k1, sni, softfloat3, uv, ivory-header + argon2, ed25519, ent, ge-additions, h2o, murmur3, scrypt, secp256k1, sni, softfloat3, uv, ivory-header, ca-header }: let @@ -11,10 +11,10 @@ let deps = with pkgs; - [ curl gmp libsigsegv ncurses openssl zlib lmdb cacert xxd ]; + [ curl gmp libsigsegv ncurses openssl zlib lmdb ]; vendor = - [ argon2 softfloat3 ed25519 ent ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ]; + [ argon2 softfloat3 ed25519 ent ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ca-header ]; in diff --git a/nix/pkgs/urbit/release.nix b/nix/pkgs/urbit/release.nix index f9e3636db..d30514878 100644 --- a/nix/pkgs/urbit/release.nix +++ b/nix/pkgs/urbit/release.nix @@ -4,7 +4,7 @@ ent, name ? "urbit", debug ? false, - ge-additions, cacert, xxd + ge-additions }: let @@ -15,7 +15,7 @@ let vendor = with deps; - [ argon2 softfloat3 ed25519 ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ]; + [ argon2 softfloat3 ed25519 ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ca-header ]; in @@ -26,12 +26,10 @@ env.make_derivation { CPU_DEBUG = debug; EVENT_TIME_DEBUG = false; NCURSES = env.ncurses; - SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; name = "${name}-${env_name}"; exename = name; src = ../../../pkg/urbit; - native_inputs = [ xxd ]; cross_inputs = crossdeps ++ vendor ++ [ ent ]; builder = ./release.sh; } diff --git a/nix/pkgs/urbit/shell.nix b/nix/pkgs/urbit/shell.nix index 253e6c8d5..2c7475c0d 100644 --- a/nix/pkgs/urbit/shell.nix +++ b/nix/pkgs/urbit/shell.nix @@ -12,5 +12,5 @@ import ./default.nix { inherit (tlon) ent ge-additions; inherit (deps) - argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ivory-header; + argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ivory-header ca-header; } diff --git a/nix/release.nix b/nix/release.nix index 648d5e6b1..3e563fa91 100644 --- a/nix/release.nix +++ b/nix/release.nix @@ -21,8 +21,7 @@ let urbit = env: import ./pkgs/urbit/release.nix env - { ent = ent env; ge-additions = ge-additions env; cacert = nixpkgs.cacert; - xxd = nixpkgs.xxd; debug = false; name = "urbit"; }; + { ent = ent env; ge-additions = ge-additions env; debug = false; name = "urbit"; }; builds-for-platform = plat: plat.deps // { diff --git a/pkg/urbit/Makefile b/pkg/urbit/Makefile index f1606e403..be4b9e684 100644 --- a/pkg/urbit/Makefile +++ b/pkg/urbit/Makefile @@ -7,7 +7,7 @@ daemon = $(wildcard daemon/*.c) worker = $(wildcard worker/*.c) common = $(jets) $(noun) $(vere) -headers = $(shell find include -type f) include/ca-bundle.h +headers = $(shell find include -type f) common_objs = $(shell echo $(common) | sed 's/\.c/.o/g') daemon_objs = $(shell echo $(daemon) | sed 's/\.c/.o/g') @@ -23,10 +23,6 @@ all_exes = ./build/mug_tests ./build/jam_tests ./build/hashtable_tests \ # -Wall issues all types of errors. This is off (for now) CFLAGS := $(CFLAGS) -ifeq ($(SSL_CERT_FILE),) - $(error SSL_CERT_FILE is undefined) -endif - ################################################################################ .PHONY: all test clean mkproper @@ -44,16 +40,10 @@ clean: rm -f ./tags $(all_objs) $(all_exes) mrproper: clean - rm -f config.mk include/config.h include/ca-bundle.h + rm -f config.mk include/config.h ################################################################################ -include/ca-bundle.h: - @echo XXD -i $(SSL_CERT_FILE) - @cat $(SSL_CERT_FILE) > include/ca-bundle.crt - @xxd -i include/ca-bundle.crt > include/ca-bundle.h - @rm include/ca-bundle.crt - build/hashtable_tests: $(common_objs) tests/hashtable_tests.o @echo CC -o $@ @mkdir -p ./build diff --git a/pkg/urbit/configure b/pkg/urbit/configure index d3b365a23..05b80cff2 100755 --- a/pkg/urbit/configure +++ b/pkg/urbit/configure @@ -9,8 +9,8 @@ deps=" \ softfloat3 ncurses ssl crypto z lmdb ge-additions \ " -headers=" \ - ivory.h \ +headers=" \ + ivory.h ca-bundle.h \ " echo '#pragma once' >include/config.h