rustPlatform.buildRustPackage: build auditable binaries

This commit is contained in:
figsoda 2022-12-04 20:52:06 -05:00
parent fe21b9ccd3
commit 8a041c63c0
6 changed files with 45 additions and 21 deletions

View File

@ -11,6 +11,7 @@
, cargoInstallHook
, cargoNextestHook
, cargoSetupHook
, cargo-auditable
, rustc
, libiconv
, windows
@ -42,6 +43,7 @@
, buildFeatures ? [ ]
, checkFeatures ? buildFeatures
, useNextest ? false
, auditable ? true
, depsExtraArgs ? {}
# Toggles whether a custom sysroot is created when the target is a .json file.
@ -113,6 +115,8 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
cargoCheckFeatures = checkFeatures;
cargoCommand = if auditable then "cargo auditable" else "cargo";
patchRegistryDeps = ./patch-registry-deps;
nativeBuildInputs = nativeBuildInputs ++ [
@ -123,6 +127,8 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
cargoInstallHook
cargoSetupHook
rustc
] ++ lib.optionals auditable [
cargo-auditable
];
buildInputs = buildInputs

View File

@ -31,7 +31,7 @@ cargoBuildHook() {
"CXX_@rustBuildPlatform@=@cxxForBuild@" \
"CC_@rustTargetPlatform@=@ccForHost@" \
"CXX_@rustTargetPlatform@=@cxxForHost@" \
cargo build -j $NIX_BUILD_CORES \
${cargoCommand-cargo} build -j $NIX_BUILD_CORES \
--target @rustTargetPlatformSpec@ \
--frozen \
${cargoBuildProfileFlag} \

View File

@ -33,7 +33,7 @@ cargoCheckHook() {
(
set -x
cargo test \
${cargoCommand-cargo} test \
-j $NIX_BUILD_CORES \
${argstr} -- \
--test-threads=${threads} \

View File

@ -33,7 +33,7 @@ cargoNextestHook() {
(
set -x
cargo nextest run \
${cargoCommand-cargo} nextest run \
-j ${threads} \
${argstr} -- \
${checkFlags} \

View File

@ -2,6 +2,7 @@
, file, curl, pkg-config, python3, openssl, cmake, zlib
, installShellFiles, makeWrapper, cacert, rustPlatform, rustc
, libiconv, CoreFoundation, Security
, auditable ? true
}:
rustPlatform.buildRustPackage {
@ -12,6 +13,8 @@ rustPlatform.buildRustPackage {
cargoVendorDir = "vendor";
buildAndTestSubdir = "src/tools/cargo";
inherit auditable;
passthru = {
rustc = rustc;
inherit (rustc) tests;

View File

@ -1,23 +1,38 @@
{ lib, rustPlatform, fetchFromGitHub }:
{ lib, fetchFromGitHub, makeRustPlatform, rustc, cargo }:
rustPlatform.buildRustPackage rec {
pname = "cargo-auditable";
version = "0.5.5";
let
args = rec {
pname = "cargo-auditable";
version = "0.5.5";
src = fetchFromGitHub {
owner = "rust-secure-code";
repo = pname;
rev = "v${version}";
sha256 = "sha256-mEmTgd7sC2jmYeb5pEO985v/aWWKlq/mSQUAGi32loY=";
src = fetchFromGitHub {
owner = "rust-secure-code";
repo = pname;
rev = "v${version}";
sha256 = "sha256-mEmTgd7sC2jmYeb5pEO985v/aWWKlq/mSQUAGi32loY=";
};
cargoSha256 = "sha256-G72UUqvFaTY/GQSkpz1wIzjb7vIWuAjvKMZosUB6YsA=";
meta = with lib; {
description = "A tool to make production Rust binaries auditable";
homepage = "https://github.com/rust-secure-code/cargo-auditable";
changelog = "https://github.com/rust-secure-code/cargo-auditable/blob/v${version}/cargo-auditable/CHANGELOG.md";
license = with licenses; [ mit /* or */ asl20 ];
maintainers = with maintainers; [ figsoda ];
};
};
cargoSha256 = "sha256-G72UUqvFaTY/GQSkpz1wIzjb7vIWuAjvKMZosUB6YsA=";
meta = with lib; {
description = "A tool to make production Rust binaries auditable";
homepage = "https://github.com/rust-secure-code/cargo-auditable";
changelog = "https://github.com/rust-secure-code/cargo-auditable/blob/v${version}/cargo-auditable/CHANGELOG.md";
license = with licenses; [ mit /* or */ asl20 ];
maintainers = with maintainers; [ figsoda ];
rustPlatform = makeRustPlatform {
inherit rustc;
cargo = cargo.override {
auditable = false;
};
};
}
bootstrap = rustPlatform.buildRustPackage (args // {
auditable = false;
});
in
rustPlatform.buildRustPackage.override { cargo-auditable = bootstrap; } args