diff --git a/.bazelrc b/.bazelrc index b4c4eb336..9e144fb20 100644 --- a/.bazelrc +++ b/.bazelrc @@ -40,9 +40,8 @@ common:linux_amd64_static --platforms @zig_sdk//libc_aware/platform:linux_amd64_ common:linux_arm64_static --platforms @zig_sdk//libc_aware/platform:linux_arm64_musl # bazel configs to explicitly target NixOS -common:nix --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host -common:nix --crosstool_top=@local_config_cc//:toolchain -common:nix --action_env=BAZEL_NIX_HOST_PLATFORM=1 +common --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host +common --crosstool_top=@local_config_cc//:toolchain # bazel config to explicitly disable stamping (hide version information at build time) common:nostamp --nostamp --workspace_status_command= diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 89f31c1b8..b12d99fcc 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -172,9 +172,9 @@ jobs: TARGET: //image/system:${{ matrix.csp }}_${{ matrix.attestation_variant }}_${{ needs.build-settings.outputs.stream }} run: | echo "::group::Build" - bazel build --host_platform=@rules_nixpkgs_core//platforms:host "${TARGET}" + bazel build "${TARGET}" { - echo "image-dir=$(bazel cquery --host_platform=@rules_nixpkgs_core//platforms:host --output=files "$TARGET")" + echo "image-dir=$(bazel cquery --output=files "$TARGET")" } | tee -a "$GITHUB_OUTPUT" echo "::endgroup::" diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index 224713682..84221d0a1 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -13,7 +13,7 @@ load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_depende rules_nixpkgs_dependencies() -load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure") +load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure") nixpkgs_git_repository( name = "nixpkgs", @@ -38,32 +38,27 @@ nixpkgs_package( repository = "@nixpkgs", ) -load("//bazel/mkosi:mkosi_configure.bzl", "find_system_mkosi") +load("//bazel/mkosi:mkosi_configure.bzl", "register_mkosi") -find_system_mkosi(name = "constellation_mkosi") +register_mkosi( + name = "mkosi_nix_toolchain", +) # Python toolchain load("//bazel/toolchains:python_deps.bzl", "python_deps") python_deps() -load("@rules_python//python:repositories.bzl", "py_repositories", "python_register_toolchains") +load("@rules_python//python:repositories.bzl", "py_repositories") py_repositories() -# if nix is installed, use nixpkgs python toolchain... nixpkgs_python_configure( fail_not_supported = False, - python3_attribute_path = "python311.withPackages(ps: with ps; [ numpy ])", + python3_attribute_path = "python311", repository = "@nixpkgs", ) -# ... otherwise, fall back to rules_python toolchain -python_register_toolchains( - name = "python3_11", - python_version = "3.11", -) - # Go toolchain load("//bazel/toolchains:go_rules_deps.bzl", "go_deps") @@ -78,19 +73,13 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_rules_dependencies") go_rules_dependencies() -local_repository( - name = "nixos-support", - path = "bazel/nixos-support", +load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure") + +nixpkgs_go_configure( + attribute_path = "go_1_21", + repository = "@nixpkgs", ) -load("@nixos-support//:nixos-support.bzl", "gen_imports") - -gen_imports() - -load("@nixos_support//:imports.bzl", "cc_toolchain", "go_toolchain") - -go_toolchain() - load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bazel") @@ -152,7 +141,21 @@ load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains" zig_toolchains() -cc_toolchain() +nixpkgs_cc_configure(repository = "@nixpkgs") + +register_toolchains( + "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", + "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", + "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", + "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", + "@zig_sdk//toolchain:linux_amd64_gnu.2.23", + "@zig_sdk//toolchain:linux_arm64_gnu.2.23", + "@zig_sdk//toolchain:linux_amd64_musl", + "@zig_sdk//toolchain:linux_arm64_musl", + "@zig_sdk//toolchain:darwin_amd64", + "@zig_sdk//toolchain:darwin_arm64", + "@zig_sdk//toolchain:windows_amd64", +) load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index ab37db626..bc8a916ea 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -410,18 +410,12 @@ repo_command( sh_template( name = "proto_targets_check", - data = select({ - "@rules_nixpkgs_core//constraints:support_nix": [ - "@diffutils//:bin/diff", - ], - "//conditions:default": [], - }), - env = select({ - "@rules_nixpkgs_core//constraints:support_nix": { - "DIFF": "$(rootpath @diffutils//:bin/diff)", - }, - "//conditions:default": {}, - }), + data = [ + "@diffutils//:bin/diff", + ], + env = { + "DIFF": "$(rootpath @diffutils//:bin/diff)", + }, substitutions = { "@@PROTO_TARGETS@@": " ".join(proto_targets()), }, diff --git a/bazel/mkosi/BUILD.bazel b/bazel/mkosi/BUILD.bazel index 06ae17422..7ac90354c 100644 --- a/bazel/mkosi/BUILD.bazel +++ b/bazel/mkosi/BUILD.bazel @@ -5,9 +5,6 @@ Type: @constellation//bazel/mkosi:toolchain_type Toolchains: - mkosi_missing_toolchain: provides a fallback toolchain for exec platforms where mkosi might not be available. - -- mkosi_auto_toolchain: a toolchain that uses the installed mkosi. See - mkosi_configure.bzl%find_system_mkosi for usage. """ load(":toolchain.bzl", "is_mkosi_available", "mkosi_make_variables", "mkosi_toolchain") diff --git a/bazel/mkosi/BUILD.tpl b/bazel/mkosi/BUILD.tpl deleted file mode 100644 index a983918db..000000000 --- a/bazel/mkosi/BUILD.tpl +++ /dev/null @@ -1,13 +0,0 @@ -# This content is generated by {GENERATOR} -load("@constellation//bazel/mkosi:toolchain.bzl", "mkosi_toolchain") - -mkosi_toolchain( - name = "mkosi_auto", - path = "{MKOSI_PATH}", -) - -toolchain( - name = "mkosi_auto_toolchain", - toolchain = ":mkosi_auto", - toolchain_type = "@constellation//bazel/mkosi:toolchain_type", -) diff --git a/bazel/mkosi/mkosi_configure.bzl b/bazel/mkosi/mkosi_configure.bzl index 23a7d9c23..fe517016a 100644 --- a/bazel/mkosi/mkosi_configure.bzl +++ b/bazel/mkosi/mkosi_configure.bzl @@ -1,43 +1,7 @@ -"""Repository rule to autoconfigure a toolchain using the system mkosi.""" +"""Repository rule to configure a toolchain using nixpkgs mkosi.""" -def _write_build(rctx, path): - if not path: - path = "" - rctx.template( - "BUILD", - Label("//bazel/mkosi:BUILD.tpl"), - substitutions = { - "{GENERATOR}": "@constellation//bazel/mkosi/mkosi_configure.bzl%find_system_mkosi", - "{MKOSI_PATH}": str(path), - }, - executable = False, - ) - -def _find_system_mkosi_impl(rctx): - mkosi_path = rctx.which("mkosi") - if rctx.attr.verbose: - if mkosi_path: - print("Found mkosi at '%s'" % mkosi_path) # buildifier: disable=print - else: - print("No system mkosi found.") # buildifier: disable=print - _write_build(rctx = rctx, path = mkosi_path) - -_find_system_mkosi = repository_rule( - implementation = _find_system_mkosi_impl, - doc = """Create a repository that defines an mkosi toolchain based on the system mkosi.""", - local = True, - environ = ["PATH"], - attrs = { - "verbose": attr.bool( - doc = "If true, print status messages.", - ), - }, -) - -def find_system_mkosi(name, verbose = False): - _find_system_mkosi(name = name, verbose = verbose) +def register_mkosi(name): native.register_toolchains( "@constellation//bazel/mkosi:mkosi_nix_toolchain", - "@%s//:mkosi_auto_toolchain" % name, "@constellation//bazel/mkosi:mkosi_missing_toolchain", ) diff --git a/bazel/nixos-support/BUILD.bazel b/bazel/nixos-support/BUILD.bazel deleted file mode 100644 index e69de29bb..000000000 diff --git a/bazel/nixos-support/WORKSPACE.bazel b/bazel/nixos-support/WORKSPACE.bazel deleted file mode 100644 index e69de29bb..000000000 diff --git a/bazel/nixos-support/nixos-support.bzl b/bazel/nixos-support/nixos-support.bzl deleted file mode 100644 index ee95182a9..000000000 --- a/bazel/nixos-support/nixos-support.bzl +++ /dev/null @@ -1,69 +0,0 @@ -""" A repository rule use either nixpkgs or download a go toolchain / SDK """ - -def _has_nix(ctx): - return ctx.os.environ.get("BAZEL_NIX_HOST_PLATFORM", "0") == "1" - -def _gen_imports_impl(ctx): - ctx.file("BUILD", "") - - imports_for_nix = """ -load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure") -load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure") - -def go_toolchain(): - nixpkgs_go_configure( - repository = "@nixpkgs", - attribute_path = "go_1_21", - ) - -def cc_toolchain(): - nixpkgs_cc_configure(repository = "@nixpkgs") - native.register_toolchains( - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", - "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//toolchain:linux_amd64_musl", - "@zig_sdk//toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:darwin_amd64", - "@zig_sdk//toolchain:darwin_arm64", - "@zig_sdk//toolchain:windows_amd64", - ) - """ - imports_for_non_nix = """ -load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains") - -def go_toolchain(): - go_register_toolchains(version = "1.21.1") - -def cc_toolchain(): - native.register_toolchains( - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", - "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:linux_amd64_gnu.2.23", - "@zig_sdk//toolchain:linux_arm64_gnu.2.23", - "@zig_sdk//toolchain:linux_amd64_musl", - "@zig_sdk//toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:darwin_amd64", - "@zig_sdk//toolchain:darwin_arm64", - "@zig_sdk//toolchain:windows_amd64", - ) - """ - - if _has_nix(ctx): - ctx.file("imports.bzl", imports_for_nix) - else: - ctx.file("imports.bzl", imports_for_non_nix) - -_gen_imports = repository_rule( - implementation = _gen_imports_impl, -) - -def gen_imports(): - _gen_imports( - name = "nixos_support", - ) diff --git a/dev-docs/workflows/build-develop-deploy.md b/dev-docs/workflows/build-develop-deploy.md index 913c42fd2..8c061c56a 100644 --- a/dev-docs/workflows/build-develop-deploy.md +++ b/dev-docs/workflows/build-develop-deploy.md @@ -7,35 +7,21 @@ Prerequisites: * 20GB (minimum), better 40 GB disk space (required if you want to cross compile for all platforms) * [Latest version of Go](https://go.dev/doc/install). * Unless you use Nix / NixOS: [Bazelisk installed as `bazel` in your path](https://github.com/bazelbuild/bazelisk/releases). -* We recommend Nix installed via [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or NixOS as host system). +* We require Nix to be installed. It is recommended to install nix using the [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or to use NixOS as host system). * [Docker](https://docs.docker.com/engine/install/). Can be installed with these commands on Ubuntu 22.04: `sudo apt update && sudo apt install docker.io`. As the build spawns docker containers your user account either needs to be in the `docker` group (Add with `sudo usermod -a -G docker $USER`) or you have to run builds with `sudo`. When using `sudo` remember that your root user might (depending on your distro and local config) not have the go binary in it's PATH. The current PATH can be forwarded to the root env with `sudo env PATH=$PATH `. ## Prequisites ### Linux -* Packages on NixOS or with Nix installed (use flake.nix in this repo): +* If you don't want to perform any setup, you can get a shell with Bazel and all required dependencies by running: ```sh - # add "common --config=nix" to your .bazeloverwriterc if you want to get nix compatible toolchains - echo "common --config=nix" >> .bazeloverwriterc # better would be: nix develop -i # but this doesn't play nice with bashrc, colored output and non-hermetic tools nix develop ``` -* Packages on Ubuntu: - - ```sh - sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev - ``` - -* Packages on Fedora: - - ```sh - sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel - ``` - ### Mac * To fix unsupported shell options used in some build script: diff --git a/image/README.md b/image/README.md index 63c11e24e..9d9de9952 100644 --- a/image/README.md +++ b/image/README.md @@ -1,9 +1,8 @@ ## Setup -Ensure you have Nix installed. This is recommended in general but a requirement for the following steps. +Ensure you have Nix installed. This is a requirement for the following steps. Consult the [developer docs](/dev-docs/workflows/build-develop-deploy.md) for more info. -At the very least, `nix` should be in your PATH and either `common --config=nix` -has to be set in the `.bazelrc` or you need to append `--config=nix` to each Bazel command. +At the very least, `nix` should be in your PATH. ## Build diff --git a/image/measured-boot/cmd/BUILD.bazel b/image/measured-boot/cmd/BUILD.bazel index a3bb2d4f8..f2245c025 100644 --- a/image/measured-boot/cmd/BUILD.bazel +++ b/image/measured-boot/cmd/BUILD.bazel @@ -16,19 +16,13 @@ go_library( go_binary( name = "cmd", # keep - data = select({ - "@rules_nixpkgs_core//constraints:support_nix": [ - "@systemd//:bin/systemd-dissect", - ], - "//conditions:default": [], - }), + data = [ + "@systemd//:bin/systemd-dissect", + ], embed = [":cmd_lib"], # keep - env = select({ - "@rules_nixpkgs_core//constraints:support_nix": { - "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", - }, - "//conditions:default": {}, - }), + env = { + "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", + }, visibility = ["//visibility:public"], )