diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need index 8e33335e3..83b388537 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need @@ -229,7 +229,7 @@ cc_library( ], deps = [ ":ms_tpm_20_ref_google_samples", - "@org_openssl//:org_openssl", + "@//nix/cc:org_openssl", ], target_compatible_with = [ "@platforms//os:linux", diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch index 9e4bb7fc7..e98141b8a 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch @@ -229,7 +229,7 @@ + ], + deps = [ + ":ms_tpm_20_ref_google_samples", -+ "@org_openssl//:org_openssl", ++ "@//nix/cc:org_openssl", + ], + target_compatible_with = [ + "@platforms//os:linux", diff --git a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch index bd68a4699..f87c1a730 100644 --- a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch +++ b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch @@ -5,7 +5,7 @@ ], cgo = True, + cdeps = [ -+ "@cryptsetup//:cryptsetup", ++ "@//nix/cc:cryptsetup", + ], importpath = "github.com/martinjungblut/go-cryptsetup", visibility = ["//visibility:public"], diff --git a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.need b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.need index 6f847207f..7c33852ea 100644 --- a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.need +++ b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.need @@ -96,7 +96,7 @@ go_library( "typedparams.go", ], cdeps = [ - "@//rpm:libvirt", + "@libvirt//:libvirt", ], cgo = True, importpath = "libvirt.org/go/libvirt", diff --git a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch index 5ce4bc2fd..d2c799cae 100644 --- a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch +++ b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch @@ -5,7 +5,7 @@ "typedparams.go", ], + cdeps = [ -+ "@//rpm:libvirt", ++ "@//nix/cc:libvirt", + ], cgo = True, importpath = "libvirt.org/go/libvirt", diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index 6e351adb7..251b174b0 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -56,50 +56,6 @@ nixpkgs_flake_package( package = "mkosi", ) -nixpkgs_flake_package( - name = "org_openssl", - build_file_content = """\ -load("@rules_cc//cc:defs.bzl", "cc_library") -filegroup( - name = "include", - srcs = glob(["include/**/*.h"]), - visibility = ["//visibility:public"], -) -cc_library( - name = "org_openssl", - srcs = glob(["lib/**/*.a"]), - hdrs = [":include"], - strip_include_prefix = "include", - visibility = ["//visibility:public"], -) -""", - nix_flake_file = "//:flake.nix", - nix_flake_lock_file = "//:flake.lock", - package = "openssl", -) - -nixpkgs_flake_package( - name = "cryptsetup", - build_file_content = """\ -load("@rules_cc//cc:defs.bzl", "cc_library") -filegroup( - name = "include", - srcs = glob(["include/**/*.h"]), - visibility = ["//visibility:public"], -) -cc_library( - name = "cryptsetup", - srcs = glob(["lib/**/*.so*"]), - hdrs = [":include"], - strip_include_prefix = "include", - visibility = ["//visibility:public"], -) -""", - nix_flake_file = "//:flake.nix", - nix_flake_lock_file = "//:flake.lock", - package = "cryptsetup", -) - nixpkgs_package( name = "diffutils", repository = "@nixpkgs", @@ -110,6 +66,10 @@ nixpkgs_package( repository = "@nixpkgs", ) +load("//nix/cc:nixpkgs_cc_libraries.bzl", "nixpkgs_cc_library_deps") + +nixpkgs_cc_library_deps() + load("//bazel/mkosi:mkosi_configure.bzl", "register_mkosi") register_mkosi( diff --git a/bazel/go/platform.bzl b/bazel/go/platform.bzl index c4e48ec1e..6509813bc 100644 --- a/bazel/go/platform.bzl +++ b/bazel/go/platform.bzl @@ -17,12 +17,16 @@ _platform_transition = transition( def _platform_binary_impl(ctx): out = ctx.actions.declare_file("{}_{}".format(ctx.file.target_file.basename, ctx.attr.platform)) ctx.actions.symlink(output = out, target_file = ctx.file.target_file) + runfiles = ctx.runfiles(files = ctx.files.target_file) + runfiles = runfiles.merge(ctx.attr.target_file[DefaultInfo].default_runfiles) + runfiles = runfiles.merge(ctx.attr.target_file[DefaultInfo].data_runfiles) return [ DefaultInfo( executable = out, files = depset([out]), - runfiles = ctx.runfiles(files = ctx.files.target_file), + runfiles = runfiles, + # runfiles = ctx.attr.target_file[DefaultInfo].default_runfiles, ), ] diff --git a/bazel/patchelf/patchelf.bzl b/bazel/patchelf/patchelf.bzl new file mode 100644 index 000000000..e69de29bb diff --git a/bazel/platforms/BUILD.bazel b/bazel/platforms/BUILD.bazel index 746a8adb8..c5f909b50 100644 --- a/bazel/platforms/BUILD.bazel +++ b/bazel/platforms/BUILD.bazel @@ -3,6 +3,42 @@ platform( constraint_values = [ "@platforms//cpu:x86_64", "@platforms//os:linux", - # TODO: decide if this needs a nixpkgs constraint "@rules_nixpkgs_core//platforms:host", + "@rules_nixpkgs_core//constraints:support_nix", + ], +) + +platform( + name = "aarch64-linux_nix", + constraint_values = [ + "@platforms//cpu:aarch64", + "@platforms//os:linux", + "@rules_nixpkgs_core//constraints:support_nix", + ], +) + +platform( + name = "aarch64-darwin_nix", + constraint_values = [ + "@platforms//cpu:aarch64", + "@platforms//os:macos", + "@rules_nixpkgs_core//constraints:support_nix", + ], +) + +platform( + name = "x86_64-linux_nix", + constraint_values = [ + "@platforms//cpu:x86_64", + "@platforms//os:linux", + "@rules_nixpkgs_core//constraints:support_nix", + ], +) + +platform( + name = "x86_64-darwin_nix", + constraint_values = [ + "@platforms//cpu:x86_64", + "@platforms//os:macos", + "@rules_nixpkgs_core//constraints:support_nix", ], ) diff --git a/flake.nix b/flake.nix index e442cf1c2..74a9152fb 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,8 @@ let pkgsUnstable = import nixpkgsUnstable { inherit system; }; + callPackage = pkgsUnstable.callPackage; + mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec { propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable; [ # package management @@ -36,22 +38,15 @@ ]); })); - openssl-static = pkgsUnstable.openssl.override { static = true; }; - in { packages.mkosi = mkosiDev; - packages.openssl = pkgsUnstable.symlinkJoin { - name = "openssl"; - paths = [ openssl-static.out openssl-static.dev ]; - }; + packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; }; - packages.cryptsetup = pkgsUnstable.symlinkJoin { - name = "cryptsetup"; - paths = [ pkgsUnstable.cryptsetup.out pkgsUnstable.cryptsetup.dev ]; - }; + packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; }; + packages.libvirt = pkgsUnstable.libvirt; packages.awscli2 = pkgsUnstable.awscli2; diff --git a/hack/qemu-metadata-api/BUILD.bazel b/hack/qemu-metadata-api/BUILD.bazel index fdb802d2a..5eeeec91d 100644 --- a/hack/qemu-metadata-api/BUILD.bazel +++ b/hack/qemu-metadata-api/BUILD.bazel @@ -29,7 +29,7 @@ go_binary( platform_binary( name = "qemu_metadata_api_linux_amd64", - platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23", + platform = "//bazel/platforms:constellation_os_x86_64", target_file = ":qemu-metadata-api", visibility = ["//visibility:public"], ) diff --git a/internal/cryptsetup/BUILD.bazel b/internal/cryptsetup/BUILD.bazel index e2e5173db..ddb3e9a0b 100644 --- a/internal/cryptsetup/BUILD.bazel +++ b/internal/cryptsetup/BUILD.bazel @@ -9,7 +9,7 @@ go_library( ], # keep cdeps = [ - "@cryptsetup//:cryptsetup", + "@//nix/cc:cryptsetup", ], cgo = True, importpath = "github.com/edgelesssys/constellation/v2/internal/cryptsetup", diff --git a/nix/BUILD.bazel b/nix/BUILD.bazel new file mode 100644 index 000000000..e69de29bb diff --git a/nix/cc/BUILD.bazel b/nix/cc/BUILD.bazel new file mode 100644 index 000000000..ea5badc5d --- /dev/null +++ b/nix/cc/BUILD.bazel @@ -0,0 +1,66 @@ +load("@bazel_skylib//lib:selects.bzl", "selects") + +alias( + name = "org_openssl", + actual = select({ + ":aarch64-linux": "@org_openssl_aarch64-linux//:org_openssl", + ":aarch64-darwin": "@org_openssl_aarch64-darwin//:org_openssl", + ":x86_64-linux": "@org_openssl_x86_64-linux//:org_openssl", + ":x86_64-darwin": "@org_openssl_x86_64-darwin//:org_openssl", + }), + visibility = ["//visibility:public"], +) + +alias( + name = "cryptsetup", + actual = select({ + ":aarch64-linux": "@cryptsetup_aarch64-linux//:cryptsetup", + ":aarch64-darwin": "@cryptsetup_aarch64-darwin//:cryptsetup", + ":x86_64-linux": "@cryptsetup_x86_64-linux//:cryptsetup", + ":x86_64-darwin": "@cryptsetup_x86_64-darwin//:cryptsetup", + }), + visibility = ["//visibility:public"], +) + +alias( + name = "libvirt", + actual = select({ + ":aarch64-linux": "@libvirt_aarch64-linux//:libvirt", + ":aarch64-darwin": "@libvirt_aarch64-darwin//:libvirt", + ":x86_64-linux": "@libvirt_x86_64-linux//:libvirt", + ":x86_64-darwin": "@libvirt_x86_64-darwin//:libvirt", + }), + visibility = ["//visibility:public"], +) + +selects.config_setting_group( + name = "aarch64-linux", + match_all = [ + "@platforms//cpu:aarch64", + "@platforms//os:linux", + ], +) + +selects.config_setting_group( + name = "aarch64-darwin", + match_all = [ + "@platforms//cpu:aarch64", + "@platforms//os:macos", + ], +) + +selects.config_setting_group( + name = "x86_64-darwin", + match_all = [ + "@platforms//cpu:x86_64", + "@platforms//os:macos", + ], +) + +selects.config_setting_group( + name = "x86_64-linux", + match_all = [ + "@platforms//cpu:x86_64", + "@platforms//os:linux", + ], +) diff --git a/nix/cc/cryptsetup.nix b/nix/cc/cryptsetup.nix new file mode 100644 index 000000000..71c483af8 --- /dev/null +++ b/nix/cc/cryptsetup.nix @@ -0,0 +1,5 @@ +{ pkgs }: +pkgs.symlinkJoin { + name = "cryptsetup"; + paths = [ pkgs.cryptsetup.out pkgs.cryptsetup.dev ]; +} diff --git a/nix/cc/nixpkgs_cc_libraries.bzl b/nix/cc/nixpkgs_cc_libraries.bzl new file mode 100644 index 000000000..75533d0f4 --- /dev/null +++ b/nix/cc/nixpkgs_cc_libraries.bzl @@ -0,0 +1,107 @@ +""" Bazel cc_library definitions for Nixpkgs. """ + +load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_flake_package") + +def nixpkgs_cc_library_deps(): + """ Generate cc_library rules for Nixpkgs. """ + return [ + nixpkgs_flake_package( + name = "org_openssl_%s" % system, + nix_flake_file = "//:flake.nix", + nix_flake_lock_file = "//:flake.lock", + package = "packages.%s.openssl" % system, + build_file_content = OPENSSL_BUILD, + ) + for system in openssl_systems + ] + [ + nixpkgs_flake_package( + name = "cryptsetup_%s" % system, + nix_flake_file = "//:flake.nix", + nix_flake_lock_file = "//:flake.lock", + package = "packages.%s.cryptsetup" % system, + build_file_content = CRYPTSETUP_BUILD, + ) + for system in cryptsetup_systems + ] + [ + nixpkgs_flake_package( + name = "libvirt_%s" % system, + nix_flake_file = "//:flake.nix", + nix_flake_lock_file = "//:flake.lock", + package = "packages.%s.libvirt" % system, + build_file_content = LIBVIRT_BUILD, + ) + for system in libvirt_systems + ] + +openssl_systems = [ + "aarch64-linux", + "aarch64-darwin", + "x86_64-linux", + "x86_64-darwin", +] + +cryptsetup_systems = [ + "aarch64-linux", + "x86_64-linux", +] + +libvirt_systems = [ + "aarch64-linux", + "x86_64-linux", +] + +OPENSSL_BUILD = """\ +load("@rules_cc//cc:defs.bzl", "cc_library") +filegroup( + name = "include", + srcs = glob(["include/**/*.h"]), + visibility = ["//visibility:public"], +) +cc_library( + name = "org_openssl", + srcs = glob(["lib/**/*.a"]), + hdrs = [":include"], + strip_include_prefix = "include", + visibility = ["//visibility:public"], +) +""" + +CRYPTSETUP_BUILD = """\ +filegroup( + name = "include", + srcs = glob(["include/**/*.h"]), + visibility = ["//visibility:public"], +) +cc_library( + name = "cryptsetup", + srcs = glob(["lib/**/*.so*"]), + hdrs = [":include"], + strip_include_prefix = "include", + target_compatible_with = [ + "@platforms//os:linux", + ], + visibility = ["//visibility:public"], +) +""" + +LIBVIRT_BUILD = """\ +load("@rules_cc//cc:defs.bzl", "cc_library") +filegroup( + name = "include", + srcs = glob(["include/**/*.h"]), + visibility = ["//visibility:public"], +) +cc_library( + name = "libvirt", + srcs = glob([ + "lib/*.so", + "lib/*.so.*", + ]), + hdrs = [":include"], + strip_include_prefix = "include", + target_compatible_with = [ + "@platforms//os:linux", + ], + visibility = ["//visibility:public"], +) +""" diff --git a/nix/cc/openssl.nix b/nix/cc/openssl.nix new file mode 100644 index 000000000..0651fea67 --- /dev/null +++ b/nix/cc/openssl.nix @@ -0,0 +1,8 @@ +{ pkgs }: +let + openssl-static = pkgs.openssl.override { static = true; }; +in +pkgs.symlinkJoin { + name = "openssl"; + paths = [ openssl-static.out openssl-static.dev ]; +} diff --git a/nix/shells/toolchains/BUILD.bazel b/nix/shells/toolchains/BUILD.bazel new file mode 100644 index 000000000..e69de29bb