Files
cargoxx/flake.nix
Amadey Vorontsov 1f63984b60 [M7] buildCppPackage: hermetic single-derivation, sandbox-safe
Resolve dep store paths and synthesize vendor.toml at outer eval time.
Add tests/e2e/buildCppPackage smoke fixture with a run.sh
Update CHANGELOG.md with the M7 changes.
2026-05-16 01:13:38 +00:00

118 lines
4.1 KiB
Nix

{
description = "cargoxx";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
cargoxx-bin = pkgs.gcc15Stdenv.mkDerivation {
pname = "cargoxx";
version = "0.1.0";
src = ./.;
nativeBuildInputs = [ pkgs.cmake pkgs.ninja ];
buildInputs = [ pkgs.sqlite pkgs.reproc pkgs.catch2_3 ];
configurePhase = ''
cmake -S build -B build/release -G Ninja \
-DCMAKE_BUILD_TYPE=Release
'';
buildPhase = ''
cmake --build build/release
'';
installPhase = ''
mkdir -p $out/bin
cp build/release/cargoxx $out/bin/
'';
hardeningDisable = [ "all" ];
};
buildCppPackage = { src, name ? null, ... }@args:
let
lock = builtins.fromTOML (builtins.readFile (src + "/Cargoxx.lock"));
isDep = p: p ? linkdb_source;
isRoot = p: !(isDep p);
root = builtins.head (builtins.filter isRoot lock.package);
depPkgs = builtins.filter isDep lock.package;
pname = if name != null then name else root.name;
pkgsAt = rev:
(builtins.getFlake "github:NixOS/nixpkgs/${rev}")
.legacyPackages.${system};
evalDep = p:
let rev = if (p ? nixpkgs_rev) && (p.nixpkgs_rev != "")
then p.nixpkgs_rev
else lock.nixpkgs_rev;
in (pkgsAt rev).${p.nixpkgs_attr};
depInputs = map evalDep depPkgs;
usesPkgConfig = builtins.any
(p: (p.linkdb_source or "") == "pkg-config") depPkgs;
nixpkgsSource = (builtins.getFlake
"github:NixOS/nixpkgs/${lock.nixpkgs_rev}").outPath;
flakeUtilsSource = (builtins.getFlake
"github:numtide/flake-utils/${lock.flake_utils_rev}").outPath;
mkDepTomlEntry = p:
let
derivation = evalDep p;
rev = if (p ? nixpkgs_rev) && (p.nixpkgs_rev != "")
then p.nixpkgs_rev else lock.nixpkgs_rev;
in ''
[[dep]]
name = "${p.name}"
nixpkgs_attr = "${p.nixpkgs_attr}"
nixpkgs_rev = "${rev}"
store_path = "${derivation}"
'';
vendorToml = pkgs.writeText "vendor.toml" (''
schema = 1
[nixpkgs]
rev = "${lock.nixpkgs_rev}"
store_path = "${nixpkgsSource}"
[flake_utils]
rev = "${lock.flake_utils_rev}"
store_path = "${flakeUtilsSource}"
'' + builtins.concatStringsSep "\n" (map mkDepTomlEntry depPkgs));
in pkgs.gcc15Stdenv.mkDerivation {
inherit pname src;
version = root.version;
nativeBuildInputs =
[ cargoxx-bin pkgs.cmake pkgs.ninja ]
++ pkgs.lib.optional usesPkgConfig pkgs.pkg-config;
buildInputs = depInputs;
dontConfigure = true;
buildPhase = ''
export HOME=$(mktemp -d)
cargoxx build --release --offline --vendor ${vendorToml}
'';
installPhase = ''
mkdir -p $out/bin
cp build/release/${pname} $out/bin/ 2>/dev/null || \
cp build/release/${pname}_bin $out/bin/${pname}
'';
hardeningDisable = [ "all" ];
};
in {
packages.default = cargoxx-bin;
lib.buildCppPackage = buildCppPackage;
devShells.default = pkgs.gcc15Stdenv.mkDerivation {
name = "cargoxx-dev";
version = "0.1.0";
nativeBuildInputs = [ pkgs.ninja pkgs.cmake ];
buildInputs = [ pkgs.reproc pkgs.sqlite pkgs.catch2_3 ];
hardeningDisable = [ "all" ];
};
});
}