nix build: remove clippy build env that doesn't work

This commit is contained in:
Alex 2025-01-12 17:40:34 +01:00
parent 0a15db6960
commit 83887a8519
4 changed files with 11 additions and 99 deletions

View file

@ -16,7 +16,7 @@ steps:
- name: build - name: build
image: nixpkgs/nix:nixos-22.05 image: nixpkgs/nix:nixos-22.05
commands: commands:
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA} - nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA}
- name: unit + func tests - name: unit + func tests
image: nixpkgs/nix:nixos-22.05 image: nixpkgs/nix:nixos-22.05
@ -24,7 +24,7 @@ steps:
GARAGE_TEST_INTEGRATION_EXE: result-bin/bin/garage GARAGE_TEST_INTEGRATION_EXE: result-bin/bin/garage
GARAGE_TEST_INTEGRATION_PATH: tmp-garage-integration GARAGE_TEST_INTEGRATION_PATH: tmp-garage-integration
commands: commands:
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA} - nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA}
- nix-build --no-build-output --attr test.amd64 - nix-build --no-build-output --attr test.amd64
- ./result/bin/garage_db-* - ./result/bin/garage_db-*
- ./result/bin/garage_api-* - ./result/bin/garage_api-*
@ -43,5 +43,5 @@ steps:
- name: integration tests - name: integration tests
image: nixpkgs/nix:nixos-22.05 image: nixpkgs/nix:nixos-22.05
commands: commands:
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA} - nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version ${CI_COMMIT_TAG:-$CI_COMMIT_SHA}
- nix-shell --attr ci --run ./script/test-smoke.sh || (cat /tmp/garage.log; false) - nix-shell --attr ci --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)

View file

@ -45,11 +45,4 @@ in {
]; ];
}); });
}; };
clippy = {
amd64 = (compile {
inherit system git_version pkgsSrc cargo2nixOverlay;
target = "x86_64-unknown-linux-musl";
compiler = "clippy";
}).workspace.garage { compileMode = "build"; };
};
} }

View file

@ -1,4 +1,4 @@
{ system, target ? null, pkgsSrc, cargo2nixOverlay, compiler ? "rustc" { system, target ? null, pkgsSrc, cargo2nixOverlay
, release ? false, git_version ? null, features ? null, }: , release ? false, git_version ? null, features ? null, }:
let let
@ -24,20 +24,6 @@ let
extraRustComponents = [ "clippy" ]; extraRustComponents = [ "clippy" ];
}; };
buildEnv = (drv:
{
rustc = drv.setBuildEnv;
clippy = ''
${drv.setBuildEnv or ""}
echo
echo --- BUILDING WITH CLIPPY ---
echo
export NIX_RUST_BUILD_FLAGS="''${NIX_RUST_BUILD_FLAGS} --deny warnings"
export RUSTC="''${CLIPPY_DRIVER}"
'';
}.${compiler});
/* Cargo2nix provides many overrides by default, you can take inspiration from them: /* Cargo2nix provides many overrides by default, you can take inspiration from them:
https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix
@ -46,9 +32,7 @@ let
*/ */
packageOverrides = pkgs: packageOverrides = pkgs:
pkgs.rustBuilder.overrides.all ++ [ pkgs.rustBuilder.overrides.all ++ [
/* [1] We add some logic to compile our crates with clippy, it provides us many additional lints /* [1] We need to alter Nix hardening to make static binaries: PIE,
[2] We need to alter Nix hardening to make static binaries: PIE,
Position Independent Executables seems to be supported only on amd64. Having Position Independent Executables seems to be supported only on amd64. Having
this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms. this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms.
Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets
@ -56,11 +40,11 @@ let
PIE is a feature used by ASLR, which helps mitigate security issues. PIE is a feature used by ASLR, which helps mitigate security issues.
Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh
[3] We want to inject the git version while keeping the build deterministic. [2] We want to inject the git version while keeping the build deterministic.
As we do not want to consider the .git folder as part of the input source, As we do not want to consider the .git folder as part of the input source,
we ask the user (the CI often) to pass the value to Nix. we ask the user (the CI often) to pass the value to Nix.
[4] We don't want libsodium-sys and zstd-sys to try to use pkgconfig to build against a system library. [3] We don't want libsodium-sys and zstd-sys to try to use pkgconfig to build against a system library.
However the features to do so get activated for some reason (due to a bug in cargo2nix?), However the features to do so get activated for some reason (due to a bug in cargo2nix?),
so disable them manually here. so disable them manually here.
*/ */
@ -68,7 +52,7 @@ let
name = "garage"; name = "garage";
overrideAttrs = drv: overrideAttrs = drv:
(if git_version != null then { (if git_version != null then {
# [3] # [2]
preConfigure = '' preConfigure = ''
${drv.preConfigure or ""} ${drv.preConfigure or ""}
export GIT_VERSION="${git_version}" export GIT_VERSION="${git_version}"
@ -76,86 +60,21 @@ let
} else } else
{ }) // { { }) // {
# [1] # [1]
setBuildEnv = (buildEnv drv);
# [2]
hardeningDisable = [ "pie" ]; hardeningDisable = [ "pie" ];
}; };
}) })
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_rpc";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_db";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_util";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_table";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_block";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_model";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_api";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_web";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "k2v-client";
overrideAttrs = drv: { # [1]
setBuildEnv = (buildEnv drv);
};
})
(pkgs.rustBuilder.rustLib.makeOverride { (pkgs.rustBuilder.rustLib.makeOverride {
name = "libsodium-sys"; name = "libsodium-sys";
overrideArgs = old: { overrideArgs = old: {
features = [ ]; # [4] features = [ ]; # [3]
}; };
}) })
(pkgs.rustBuilder.rustLib.makeOverride { (pkgs.rustBuilder.rustLib.makeOverride {
name = "zstd-sys"; name = "zstd-sys";
overrideArgs = old: { overrideArgs = old: {
features = [ ]; # [4] features = [ ]; # [3]
}; };
}) })
]; ];

View file

@ -115,7 +115,7 @@ in
shellHook = '' shellHook = ''
function refresh_cache { function refresh_cache {
pass show deuxfleurs/nix_priv_key > /tmp/nix-signing-key.sec pass show deuxfleurs/nix_priv_key > /tmp/nix-signing-key.sec
for attr in clippy.amd64 test.amd64 pkgs.{amd64,i386,arm,arm64}.release; do for attr in pkgs.amd64.debug test.amd64 pkgs.{amd64,i386,arm,arm64}.release; do
echo "Updating cache for ''${attr}" echo "Updating cache for ''${attr}"
nix copy -j8 \ nix copy -j8 \
--to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/tmp/nix-signing-key.sec' \ --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/tmp/nix-signing-key.sec' \