[M7] buildCppPackage: hermetic single-derivation, sandbox-safe
Resolve dep store paths and synthesize vendor.toml at outer eval time. Add tests/e2e/buildCppPackage smoke fixture with a run.sh Update CHANGELOG.md with the M7 changes.
This commit is contained in:
83
flake.nix
83
flake.nix
@@ -10,19 +10,13 @@
|
||||
flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
|
||||
cargoxx-bin = pkgs.gcc15Stdenv.mkDerivation {
|
||||
pname = "cargoxx";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
nativeBuildInputs = [
|
||||
pkgs.cmake
|
||||
pkgs.ninja
|
||||
];
|
||||
buildInputs = [
|
||||
pkgs.sqlite
|
||||
pkgs.reproc
|
||||
pkgs.catch2_3
|
||||
];
|
||||
nativeBuildInputs = [ pkgs.cmake pkgs.ninja ];
|
||||
buildInputs = [ pkgs.sqlite pkgs.reproc pkgs.catch2_3 ];
|
||||
configurePhase = ''
|
||||
cmake -S build -B build/release -G Ninja \
|
||||
-DCMAKE_BUILD_TYPE=Release
|
||||
@@ -40,16 +34,67 @@
|
||||
buildCppPackage = { src, name ? null, ... }@args:
|
||||
let
|
||||
lock = builtins.fromTOML (builtins.readFile (src + "/Cargoxx.lock"));
|
||||
root = builtins.head
|
||||
(builtins.filter (p: !(p ? linkdb_source)) lock.package);
|
||||
isDep = p: p ? linkdb_source;
|
||||
isRoot = p: !(isDep p);
|
||||
root = builtins.head (builtins.filter isRoot lock.package);
|
||||
depPkgs = builtins.filter isDep lock.package;
|
||||
pname = if name != null then name else root.name;
|
||||
|
||||
pkgsAt = rev:
|
||||
(builtins.getFlake "github:NixOS/nixpkgs/${rev}")
|
||||
.legacyPackages.${system};
|
||||
|
||||
evalDep = p:
|
||||
let rev = if (p ? nixpkgs_rev) && (p.nixpkgs_rev != "")
|
||||
then p.nixpkgs_rev
|
||||
else lock.nixpkgs_rev;
|
||||
in (pkgsAt rev).${p.nixpkgs_attr};
|
||||
|
||||
depInputs = map evalDep depPkgs;
|
||||
|
||||
usesPkgConfig = builtins.any
|
||||
(p: (p.linkdb_source or "") == "pkg-config") depPkgs;
|
||||
|
||||
nixpkgsSource = (builtins.getFlake
|
||||
"github:NixOS/nixpkgs/${lock.nixpkgs_rev}").outPath;
|
||||
flakeUtilsSource = (builtins.getFlake
|
||||
"github:numtide/flake-utils/${lock.flake_utils_rev}").outPath;
|
||||
|
||||
mkDepTomlEntry = p:
|
||||
let
|
||||
derivation = evalDep p;
|
||||
rev = if (p ? nixpkgs_rev) && (p.nixpkgs_rev != "")
|
||||
then p.nixpkgs_rev else lock.nixpkgs_rev;
|
||||
in ''
|
||||
[[dep]]
|
||||
name = "${p.name}"
|
||||
nixpkgs_attr = "${p.nixpkgs_attr}"
|
||||
nixpkgs_rev = "${rev}"
|
||||
store_path = "${derivation}"
|
||||
'';
|
||||
|
||||
vendorToml = pkgs.writeText "vendor.toml" (''
|
||||
schema = 1
|
||||
|
||||
[nixpkgs]
|
||||
rev = "${lock.nixpkgs_rev}"
|
||||
store_path = "${nixpkgsSource}"
|
||||
|
||||
[flake_utils]
|
||||
rev = "${lock.flake_utils_rev}"
|
||||
store_path = "${flakeUtilsSource}"
|
||||
'' + builtins.concatStringsSep "\n" (map mkDepTomlEntry depPkgs));
|
||||
in pkgs.gcc15Stdenv.mkDerivation {
|
||||
inherit pname src;
|
||||
version = root.version;
|
||||
nativeBuildInputs = [ cargoxx-bin pkgs.nix ];
|
||||
nativeBuildInputs =
|
||||
[ cargoxx-bin pkgs.cmake pkgs.ninja ]
|
||||
++ pkgs.lib.optional usesPkgConfig pkgs.pkg-config;
|
||||
buildInputs = depInputs;
|
||||
dontConfigure = true;
|
||||
buildPhase = ''
|
||||
export HOME=$(mktemp -d)
|
||||
cargoxx build --release
|
||||
cargoxx build --release --offline --vendor ${vendorToml}
|
||||
'';
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
@@ -57,7 +102,6 @@
|
||||
cp build/release/${pname}_bin $out/bin/${pname}
|
||||
'';
|
||||
hardeningDisable = [ "all" ];
|
||||
__noChroot = false;
|
||||
};
|
||||
in {
|
||||
packages.default = cargoxx-bin;
|
||||
@@ -65,15 +109,8 @@
|
||||
devShells.default = pkgs.gcc15Stdenv.mkDerivation {
|
||||
name = "cargoxx-dev";
|
||||
version = "0.1.0";
|
||||
nativeBuildInputs = [
|
||||
pkgs.ninja
|
||||
pkgs.cmake
|
||||
];
|
||||
buildInputs = [
|
||||
pkgs.reproc
|
||||
pkgs.sqlite
|
||||
pkgs.catch2_3
|
||||
];
|
||||
nativeBuildInputs = [ pkgs.ninja pkgs.cmake ];
|
||||
buildInputs = [ pkgs.reproc pkgs.sqlite pkgs.catch2_3 ];
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user