moves ca-bundle header generation into a separate nix derivation

This commit is contained in:
Joe Bryan 2019-08-02 13:51:38 -07:00
parent e9def4d3d8
commit 47d7d48928
13 changed files with 57 additions and 26 deletions

View File

@ -11,4 +11,5 @@ rec {
secp256k1 = import ./deps/secp256k1/cross.nix { inherit crossenv; };
h2o = import ./deps/h2o/cross.nix { inherit crossenv uv; };
ivory-header = import ./deps/ivory-header/cross.nix { inherit crossenv; };
ca-header = import ./deps/ca-header/cross.nix { inherit crossenv; };
}

View File

@ -20,7 +20,7 @@ let
vendor =
with deps;
[ argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ent ge-additions ivory-header ];
[ argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ent ge-additions ivory-header ca-header ];
in

27
nix/deps/ca-header/builder.sh Executable file
View File

@ -0,0 +1,27 @@
source $stdenv/setup
set -ex
cleanup () {
echo "done"
}
trap cleanup EXIT
if ! [ -f "$SSL_CERT_FILE" ]; then
echo "$SSL_CERT_FILE doesn't exist"
exit 1
fi
mkdir -p ./include
cat $SSL_CERT_FILE > include/ca-bundle.crt
xxd -i include/ca-bundle.crt > ca-bundle.h
mkdir -p $out/include
mv ca-bundle.h $out/include
rm -rf ./include
set +x

View File

@ -0,0 +1,8 @@
{ crossenv }:
crossenv.make_derivation rec {
name = "ca-bundle.h";
builder = ./builder.sh;
native_inputs = with crossenv.nixpkgs; [ cacert xxd ];
SSL_CERT_FILE = "${crossenv.nixpkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}

View File

@ -0,0 +1,7 @@
{ pkgs }:
pkgs.stdenv.mkDerivation {
name = "ca-bundle.h";
builder = ./builder.sh;
nativeBuildInputs = with pkgs; [ cacert xxd ];
}

View File

@ -11,4 +11,5 @@ rec {
secp256k1 = import ./secp256k1 { inherit pkgs; };
h2o = import ./h2o { inherit pkgs uv; };
ivory-header = import ./ivory-header { inherit pkgs; };
ca-header = import ./ca-header { inherit pkgs; };
}

View File

@ -17,7 +17,7 @@ let
import ./urbit {
inherit pkgs ent debug ge-additions;
inherit (deps) argon2 murmur3 uv ed25519 sni scrypt softfloat3;
inherit (deps) secp256k1 h2o ivory-header;
inherit (deps) secp256k1 h2o ivory-header ca-header;
};
urbit = mkUrbit { debug=false; };

View File

@ -1,7 +1,7 @@
{
pkgs,
debug,
argon2, ed25519, ent, ge-additions, h2o, murmur3, scrypt, secp256k1, sni, softfloat3, uv, ivory-header
argon2, ed25519, ent, ge-additions, h2o, murmur3, scrypt, secp256k1, sni, softfloat3, uv, ivory-header, ca-header
}:
let
@ -11,10 +11,10 @@ let
deps =
with pkgs;
[ curl gmp libsigsegv ncurses openssl zlib lmdb cacert xxd ];
[ curl gmp libsigsegv ncurses openssl zlib lmdb ];
vendor =
[ argon2 softfloat3 ed25519 ent ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ];
[ argon2 softfloat3 ed25519 ent ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ca-header ];
in

View File

@ -4,7 +4,7 @@
ent,
name ? "urbit",
debug ? false,
ge-additions, cacert, xxd
ge-additions
}:
let
@ -15,7 +15,7 @@ let
vendor =
with deps;
[ argon2 softfloat3 ed25519 ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ];
[ argon2 softfloat3 ed25519 ge-additions h2o scrypt uv murmur3 secp256k1 sni ivory-header ca-header ];
in
@ -26,12 +26,10 @@ env.make_derivation {
CPU_DEBUG = debug;
EVENT_TIME_DEBUG = false;
NCURSES = env.ncurses;
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
name = "${name}-${env_name}";
exename = name;
src = ../../../pkg/urbit;
native_inputs = [ xxd ];
cross_inputs = crossdeps ++ vendor ++ [ ent ];
builder = ./release.sh;
}

View File

@ -12,5 +12,5 @@ import ./default.nix {
inherit (tlon)
ent ge-additions;
inherit (deps)
argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ivory-header;
argon2 ed25519 h2o murmur3 scrypt secp256k1 sni softfloat3 uv ivory-header ca-header;
}

View File

@ -21,8 +21,7 @@ let
urbit = env:
import ./pkgs/urbit/release.nix env
{ ent = ent env; ge-additions = ge-additions env; cacert = nixpkgs.cacert;
xxd = nixpkgs.xxd; debug = false; name = "urbit"; };
{ ent = ent env; ge-additions = ge-additions env; debug = false; name = "urbit"; };
builds-for-platform = plat:
plat.deps // {

View File

@ -7,7 +7,7 @@ daemon = $(wildcard daemon/*.c)
worker = $(wildcard worker/*.c)
common = $(jets) $(noun) $(vere)
headers = $(shell find include -type f) include/ca-bundle.h
headers = $(shell find include -type f)
common_objs = $(shell echo $(common) | sed 's/\.c/.o/g')
daemon_objs = $(shell echo $(daemon) | sed 's/\.c/.o/g')
@ -23,10 +23,6 @@ all_exes = ./build/mug_tests ./build/jam_tests ./build/hashtable_tests \
# -Wall issues all types of errors. This is off (for now)
CFLAGS := $(CFLAGS)
ifeq ($(SSL_CERT_FILE),)
$(error SSL_CERT_FILE is undefined)
endif
################################################################################
.PHONY: all test clean mkproper
@ -44,16 +40,10 @@ clean:
rm -f ./tags $(all_objs) $(all_exes)
mrproper: clean
rm -f config.mk include/config.h include/ca-bundle.h
rm -f config.mk include/config.h
################################################################################
include/ca-bundle.h:
@echo XXD -i $(SSL_CERT_FILE)
@cat $(SSL_CERT_FILE) > include/ca-bundle.crt
@xxd -i include/ca-bundle.crt > include/ca-bundle.h
@rm include/ca-bundle.crt
build/hashtable_tests: $(common_objs) tests/hashtable_tests.o
@echo CC -o $@
@mkdir -p ./build

2
pkg/urbit/configure vendored
View File

@ -10,7 +10,7 @@ deps=" \
"
headers=" \
ivory.h \
ivory.h ca-bundle.h \
"
echo '#pragma once' >include/config.h