Merge pull request #204686 from figsoda/auditable

rustPlatform.buildRustPackage: build auditable binaries
This commit is contained in:
figsoda 2022-12-09 16:46:45 -05:00 committed by GitHub
commit cfc6213879
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 77 additions and 21 deletions

View file

@ -60,6 +60,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "sha256-t6ckX0PYI8UHfXhGRpcX8ly3DzE9A6i9P6f3Ny3DBzw=";
auditable = true; # TODO: remove when this is the default
nativeBuildInputs = [
cmake
installShellFiles

View file

@ -11,6 +11,8 @@
, cargoInstallHook
, cargoNextestHook
, cargoSetupHook
, cargo-auditable
, cargo-auditable-cargo-wrapper
, rustc
, libiconv
, windows
@ -42,6 +44,8 @@
, buildFeatures ? [ ]
, checkFeatures ? buildFeatures
, useNextest ? false
, auditable ? false # TODO: change to true
, depsExtraArgs ? {}
# Toggles whether a custom sysroot is created when the target is a .json file.
@ -115,7 +119,11 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
patchRegistryDeps = ./patch-registry-deps;
nativeBuildInputs = nativeBuildInputs ++ [
nativeBuildInputs = nativeBuildInputs ++ lib.optionals auditable [
(cargo-auditable-cargo-wrapper.override {
inherit cargo-auditable;
})
] ++ [
cacert
git
cargoBuildHook

View file

@ -2,6 +2,7 @@
, file, curl, pkg-config, python3, openssl, cmake, zlib
, installShellFiles, makeWrapper, cacert, rustPlatform, rustc
, libiconv, CoreFoundation, Security
, auditable ? false # TODO: change to true when this is the default
}:
rustPlatform.buildRustPackage {
@ -12,6 +13,8 @@ rustPlatform.buildRustPackage {
cargoVendorDir = "vendor";
buildAndTestSubdir = "src/tools/cargo";
inherit auditable;
passthru = {
rustc = rustc;
inherit (rustc) tests;

View file

@ -15,7 +15,7 @@
, rustPlatform
, rustc
, rust
, cargo
, cargo-auditable-cargo-wrapper
, gi-docgen
, python3Packages
, gnome
@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
gdk-pixbuf
pkg-config
rustc
cargo
cargo-auditable-cargo-wrapper
python3Packages.docutils
vala
rustPlatform.cargoSetupHook

View file

@ -0,0 +1,13 @@
{ lib, writeShellApplication, cargo, cargo-auditable }:
(writeShellApplication {
name = "cargo";
runtimeInputs = [ cargo cargo-auditable ];
text = ''
CARGO_AUDITABLE_IGNORE_UNSUPPORTED=1 cargo auditable "$@"
'';
}) // {
meta = cargo-auditable.meta // {
mainProgram = "cargo";
};
}

View file

@ -1,17 +1,18 @@
{ lib, rustPlatform, fetchFromGitHub }:
{ lib, fetchFromGitHub, makeRustPlatform, rustc, cargo }:
rustPlatform.buildRustPackage rec {
let
args = rec {
pname = "cargo-auditable";
version = "0.5.5";
version = "0.6.0";
src = fetchFromGitHub {
owner = "rust-secure-code";
repo = pname;
rev = "v${version}";
sha256 = "sha256-mEmTgd7sC2jmYeb5pEO985v/aWWKlq/mSQUAGi32loY=";
sha256 = "sha256-mSiEC+9QtRjWmywJnGgUqp+q8fhY0qUYrgjrAVaY114=";
};
cargoSha256 = "sha256-G72UUqvFaTY/GQSkpz1wIzjb7vIWuAjvKMZosUB6YsA=";
cargoSha256 = "sha256-Wz5My/QxPpZVsPBUe3KHT3ttD6CTU8NCY8rhFEC+UlA=";
meta = with lib; {
description = "A tool to make production Rust binaries auditable";
@ -20,4 +21,20 @@ rustPlatform.buildRustPackage rec {
license = with licenses; [ mit /* or */ asl20 ];
maintainers = with maintainers; [ figsoda ];
};
}
};
rustPlatform = makeRustPlatform {
inherit rustc;
cargo = cargo.override {
auditable = false;
};
};
bootstrap = rustPlatform.buildRustPackage (args // {
auditable = false;
});
in
rustPlatform.buildRustPackage.override { cargo-auditable = bootstrap; } (args // {
auditable = true; # TODO: remove when this is the default
})

View file

@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
sha256 = "sha256-2Syd2jVpY0UIfsYlmzvWICZTDVRG4UchcbRlNhuJSpM=";
};
auditable = true; # TODO: remove when this is the default
cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];
cargoTestFlags = [ "--package" "rust-analyzer" "--package" "proc-macro-srv-cli" ];

View file

@ -24,6 +24,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "sha256-AXaGuRqSFiq+Uiy+UaqPdPVyDhCogC64KZZ0Ah1Yo7A=";
auditable = true; # TODO: remove when this is the default
nativeBuildInputs = lib.optionals stdenv.isLinux [
pkg-config
];

View file

@ -16,6 +16,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "sha256-QFh47Pr+7lIdT++huziKgMJxvsZElTTwu11c7/wjyHE=";
auditable = true; # TODO: remove when this is the default
nativeBuildInputs = [ installShellFiles ];
preFixup = ''

View file

@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "sha256-KVoMC8ypikABVkIj5dCSHzYZ9CV8UMuAFxSEYLaQTSk=";
auditable = true; # TODO: remove when this is the default
buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ];
# Tests rely on unset 'RUST_LOG' value to emit INFO messages.

View file

@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "1kfdgh8dra4jxgcdb0lln5wwrimz0dpp33bq3h7jgs8ngaq2a9wp";
auditable = true; # TODO: remove when this is the default
nativeBuildInputs = [ asciidoctor installShellFiles ]
++ lib.optional withPCRE2 pkg-config;
buildInputs = lib.optional withPCRE2 pcre2

View file

@ -22,6 +22,8 @@ in rustPlatform.buildRustPackage rec {
cargoHash = "sha256-iHOmItooNsGq6iTIb9M5IPXMwYh2nQ03qfjomkgCdgw=";
auditable = true; # TODO: remove when this is the default
nativeBuildInputs = [ nasm cargo-c ];
buildInputs = lib.optionals stdenv.isDarwin [

View file

@ -15245,6 +15245,7 @@ with pkgs;
inherit (darwin.apple_sdk.frameworks) Security;
};
cargo-auditable = callPackage ../development/tools/rust/cargo-auditable { };
cargo-auditable-cargo-wrapper = callPackage ../development/tools/rust/cargo-auditable/cargo-wrapper.nix { };
cargo-bisect-rustc = callPackage ../development/tools/rust/cargo-bisect-rustc {
inherit (darwin.apple_sdk.frameworks) Security;
openssl = openssl_1_1;