Merge pull request #204686 from figsoda/auditable
rustPlatform.buildRustPackage: build auditable binaries
This commit is contained in:
commit
cfc6213879
@ -60,6 +60,8 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoSha256 = "sha256-t6ckX0PYI8UHfXhGRpcX8ly3DzE9A6i9P6f3Ny3DBzw=";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
installShellFiles
|
||||
|
@ -11,6 +11,8 @@
|
||||
, cargoInstallHook
|
||||
, cargoNextestHook
|
||||
, cargoSetupHook
|
||||
, cargo-auditable
|
||||
, cargo-auditable-cargo-wrapper
|
||||
, rustc
|
||||
, libiconv
|
||||
, windows
|
||||
@ -42,6 +44,8 @@
|
||||
, buildFeatures ? [ ]
|
||||
, checkFeatures ? buildFeatures
|
||||
, useNextest ? false
|
||||
, auditable ? false # TODO: change to true
|
||||
|
||||
, depsExtraArgs ? {}
|
||||
|
||||
# Toggles whether a custom sysroot is created when the target is a .json file.
|
||||
@ -115,7 +119,11 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
|
||||
|
||||
patchRegistryDeps = ./patch-registry-deps;
|
||||
|
||||
nativeBuildInputs = nativeBuildInputs ++ [
|
||||
nativeBuildInputs = nativeBuildInputs ++ lib.optionals auditable [
|
||||
(cargo-auditable-cargo-wrapper.override {
|
||||
inherit cargo-auditable;
|
||||
})
|
||||
] ++ [
|
||||
cacert
|
||||
git
|
||||
cargoBuildHook
|
||||
|
@ -2,6 +2,7 @@
|
||||
, file, curl, pkg-config, python3, openssl, cmake, zlib
|
||||
, installShellFiles, makeWrapper, cacert, rustPlatform, rustc
|
||||
, libiconv, CoreFoundation, Security
|
||||
, auditable ? false # TODO: change to true when this is the default
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage {
|
||||
@ -12,6 +13,8 @@ rustPlatform.buildRustPackage {
|
||||
cargoVendorDir = "vendor";
|
||||
buildAndTestSubdir = "src/tools/cargo";
|
||||
|
||||
inherit auditable;
|
||||
|
||||
passthru = {
|
||||
rustc = rustc;
|
||||
inherit (rustc) tests;
|
||||
|
@ -15,7 +15,7 @@
|
||||
, rustPlatform
|
||||
, rustc
|
||||
, rust
|
||||
, cargo
|
||||
, cargo-auditable-cargo-wrapper
|
||||
, gi-docgen
|
||||
, python3Packages
|
||||
, gnome
|
||||
@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
|
||||
gdk-pixbuf
|
||||
pkg-config
|
||||
rustc
|
||||
cargo
|
||||
cargo-auditable-cargo-wrapper
|
||||
python3Packages.docutils
|
||||
vala
|
||||
rustPlatform.cargoSetupHook
|
||||
|
@ -0,0 +1,13 @@
|
||||
{ lib, writeShellApplication, cargo, cargo-auditable }:
|
||||
|
||||
(writeShellApplication {
|
||||
name = "cargo";
|
||||
runtimeInputs = [ cargo cargo-auditable ];
|
||||
text = ''
|
||||
CARGO_AUDITABLE_IGNORE_UNSUPPORTED=1 cargo auditable "$@"
|
||||
'';
|
||||
}) // {
|
||||
meta = cargo-auditable.meta // {
|
||||
mainProgram = "cargo";
|
||||
};
|
||||
}
|
@ -1,17 +1,18 @@
|
||||
{ lib, rustPlatform, fetchFromGitHub }:
|
||||
{ lib, fetchFromGitHub, makeRustPlatform, rustc, cargo }:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
let
|
||||
args = rec {
|
||||
pname = "cargo-auditable";
|
||||
version = "0.5.5";
|
||||
version = "0.6.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rust-secure-code";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-mEmTgd7sC2jmYeb5pEO985v/aWWKlq/mSQUAGi32loY=";
|
||||
sha256 = "sha256-mSiEC+9QtRjWmywJnGgUqp+q8fhY0qUYrgjrAVaY114=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-G72UUqvFaTY/GQSkpz1wIzjb7vIWuAjvKMZosUB6YsA=";
|
||||
cargoSha256 = "sha256-Wz5My/QxPpZVsPBUe3KHT3ttD6CTU8NCY8rhFEC+UlA=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "A tool to make production Rust binaries auditable";
|
||||
@ -20,4 +21,20 @@ rustPlatform.buildRustPackage rec {
|
||||
license = with licenses; [ mit /* or */ asl20 ];
|
||||
maintainers = with maintainers; [ figsoda ];
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
rustPlatform = makeRustPlatform {
|
||||
inherit rustc;
|
||||
cargo = cargo.override {
|
||||
auditable = false;
|
||||
};
|
||||
};
|
||||
|
||||
bootstrap = rustPlatform.buildRustPackage (args // {
|
||||
auditable = false;
|
||||
});
|
||||
in
|
||||
|
||||
rustPlatform.buildRustPackage.override { cargo-auditable = bootstrap; } (args // {
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
})
|
||||
|
@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
|
||||
sha256 = "sha256-2Syd2jVpY0UIfsYlmzvWICZTDVRG4UchcbRlNhuJSpM=";
|
||||
};
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];
|
||||
cargoTestFlags = [ "--package" "rust-analyzer" "--package" "proc-macro-srv-cli" ];
|
||||
|
||||
|
@ -24,6 +24,8 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoSha256 = "sha256-AXaGuRqSFiq+Uiy+UaqPdPVyDhCogC64KZZ0Ah1Yo7A=";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
nativeBuildInputs = lib.optionals stdenv.isLinux [
|
||||
pkg-config
|
||||
];
|
||||
|
@ -16,6 +16,8 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoSha256 = "sha256-QFh47Pr+7lIdT++huziKgMJxvsZElTTwu11c7/wjyHE=";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
preFixup = ''
|
||||
|
@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoSha256 = "sha256-KVoMC8ypikABVkIj5dCSHzYZ9CV8UMuAFxSEYLaQTSk=";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ];
|
||||
|
||||
# Tests rely on unset 'RUST_LOG' value to emit INFO messages.
|
||||
|
@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoSha256 = "1kfdgh8dra4jxgcdb0lln5wwrimz0dpp33bq3h7jgs8ngaq2a9wp";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
nativeBuildInputs = [ asciidoctor installShellFiles ]
|
||||
++ lib.optional withPCRE2 pkg-config;
|
||||
buildInputs = lib.optional withPCRE2 pcre2
|
||||
|
@ -22,6 +22,8 @@ in rustPlatform.buildRustPackage rec {
|
||||
|
||||
cargoHash = "sha256-iHOmItooNsGq6iTIb9M5IPXMwYh2nQ03qfjomkgCdgw=";
|
||||
|
||||
auditable = true; # TODO: remove when this is the default
|
||||
|
||||
nativeBuildInputs = [ nasm cargo-c ];
|
||||
|
||||
buildInputs = lib.optionals stdenv.isDarwin [
|
||||
|
@ -15245,6 +15245,7 @@ with pkgs;
|
||||
inherit (darwin.apple_sdk.frameworks) Security;
|
||||
};
|
||||
cargo-auditable = callPackage ../development/tools/rust/cargo-auditable { };
|
||||
cargo-auditable-cargo-wrapper = callPackage ../development/tools/rust/cargo-auditable/cargo-wrapper.nix { };
|
||||
cargo-bisect-rustc = callPackage ../development/tools/rust/cargo-bisect-rustc {
|
||||
inherit (darwin.apple_sdk.frameworks) Security;
|
||||
openssl = openssl_1_1;
|
||||
|
Loading…
Reference in New Issue
Block a user