[wip] all cc deps from nix

3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need

@@ -229,7 +229,7 @@ cc_library(
     ],
     deps = [
         ":ms_tpm_20_ref_google_samples",
-        "@org_openssl//:org_openssl",
+        "@//nix/cc:org_openssl",
     ],
     target_compatible_with = [
         "@platforms//os:linux",

3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch

@@ -229,7 +229,7 @@
 +    ],
 +    deps = [
 +        ":ms_tpm_20_ref_google_samples",
-+        "@org_openssl//:org_openssl",
++        "@//nix/cc:org_openssl",
 +    ],
 +    target_compatible_with = [
 +        "@platforms//os:linux",

3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch

@@ -5,7 +5,7 @@
      ],
      cgo = True,
 +    cdeps = [
-+        "@cryptsetup//:cryptsetup",
++        "@//nix/cc:cryptsetup",
 +    ],
      importpath = "github.com/martinjungblut/go-cryptsetup",
      visibility = ["//visibility:public"],

3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.need

@@ -96,7 +96,7 @@ go_library(
         "typedparams.go",
     ],
     cdeps = [
-        "@//rpm:libvirt",
+        "@libvirt//:libvirt",
     ],
     cgo = True,
     importpath = "libvirt.org/go/libvirt",

3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch

@@ -5,7 +5,7 @@
          "typedparams.go",
      ],
 +    cdeps = [
-+        "@//rpm:libvirt",
++        "@//nix/cc:libvirt",
 +    ],
      cgo = True,
      importpath = "libvirt.org/go/libvirt",

WORKSPACE.bazel

@@ -56,50 +56,6 @@ nixpkgs_flake_package(
     package = "mkosi",
 )
 
-nixpkgs_flake_package(
-    name = "org_openssl",
-    build_file_content = """\
-load("@rules_cc//cc:defs.bzl", "cc_library")
-filegroup(
-    name = "include",
-    srcs = glob(["include/**/*.h"]),
-    visibility = ["//visibility:public"],
-)
-cc_library(
-    name = "org_openssl",
-    srcs = glob(["lib/**/*.a"]),
-    hdrs = [":include"],
-    strip_include_prefix = "include",
-    visibility = ["//visibility:public"],
-)
-""",
-    nix_flake_file = "//:flake.nix",
-    nix_flake_lock_file = "//:flake.lock",
-    package = "openssl",
-)
-
-nixpkgs_flake_package(
-    name = "cryptsetup",
-    build_file_content = """\
-load("@rules_cc//cc:defs.bzl", "cc_library")
-filegroup(
-    name = "include",
-    srcs = glob(["include/**/*.h"]),
-    visibility = ["//visibility:public"],
-)
-cc_library(
-    name = "cryptsetup",
-    srcs = glob(["lib/**/*.so*"]),
-    hdrs = [":include"],
-    strip_include_prefix = "include",
-    visibility = ["//visibility:public"],
-)
-""",
-    nix_flake_file = "//:flake.nix",
-    nix_flake_lock_file = "//:flake.lock",
-    package = "cryptsetup",
-)
-
 nixpkgs_package(
     name = "diffutils",
     repository = "@nixpkgs",
@@ -110,6 +66,10 @@ nixpkgs_package(
     repository = "@nixpkgs",
 )
 
+load("//nix/cc:nixpkgs_cc_libraries.bzl", "nixpkgs_cc_library_deps")
+
+nixpkgs_cc_library_deps()
+
 load("//bazel/mkosi:mkosi_configure.bzl", "register_mkosi")
 
 register_mkosi(

bazel/go/platform.bzl

@@ -17,12 +17,16 @@ _platform_transition = transition(
 def _platform_binary_impl(ctx):
     out = ctx.actions.declare_file("{}_{}".format(ctx.file.target_file.basename, ctx.attr.platform))
     ctx.actions.symlink(output = out, target_file = ctx.file.target_file)
+    runfiles = ctx.runfiles(files = ctx.files.target_file)
+    runfiles = runfiles.merge(ctx.attr.target_file[DefaultInfo].default_runfiles)
+    runfiles = runfiles.merge(ctx.attr.target_file[DefaultInfo].data_runfiles)
 
     return [
         DefaultInfo(
             executable = out,
             files = depset([out]),
-            runfiles = ctx.runfiles(files = ctx.files.target_file),
+            runfiles = runfiles,
+            # runfiles = ctx.attr.target_file[DefaultInfo].default_runfiles,
         ),
     ]
 

bazel/platforms/BUILD.bazel

@@ -3,6 +3,42 @@ platform(
     constraint_values = [
         "@platforms//cpu:x86_64",
         "@platforms//os:linux",
-        # TODO: decide if this needs a nixpkgs constraint "@rules_nixpkgs_core//platforms:host",
+        "@rules_nixpkgs_core//constraints:support_nix",
+    ],
+)
+
+platform(
+    name = "aarch64-linux_nix",
+    constraint_values = [
+        "@platforms//cpu:aarch64",
+        "@platforms//os:linux",
+        "@rules_nixpkgs_core//constraints:support_nix",
+    ],
+)
+
+platform(
+    name = "aarch64-darwin_nix",
+    constraint_values = [
+        "@platforms//cpu:aarch64",
+        "@platforms//os:macos",
+        "@rules_nixpkgs_core//constraints:support_nix",
+    ],
+)
+
+platform(
+    name = "x86_64-linux_nix",
+    constraint_values = [
+        "@platforms//cpu:x86_64",
+        "@platforms//os:linux",
+        "@rules_nixpkgs_core//constraints:support_nix",
+    ],
+)
+
+platform(
+    name = "x86_64-darwin_nix",
+    constraint_values = [
+        "@platforms//cpu:x86_64",
+        "@platforms//os:macos",
+        "@rules_nixpkgs_core//constraints:support_nix",
     ],
 )

flake.nix

@@ -20,6 +20,8 @@
       let
         pkgsUnstable = import nixpkgsUnstable { inherit system; };
 
+        callPackage = pkgsUnstable.callPackage;
+
         mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec {
           propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable;  [
             # package management
@@ -36,22 +38,15 @@
           ]);
         }));
 
-        openssl-static = pkgsUnstable.openssl.override { static = true; };
-
       in
       {
         packages.mkosi = mkosiDev;
 
-        packages.openssl = pkgsUnstable.symlinkJoin {
+        packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; };
-          name = "openssl";
-          paths = [ openssl-static.out openssl-static.dev ];
-        };
 
-        packages.cryptsetup = pkgsUnstable.symlinkJoin {
+        packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; };
-          name = "cryptsetup";
-          paths = [ pkgsUnstable.cryptsetup.out pkgsUnstable.cryptsetup.dev ];
-        };
 
+        packages.libvirt = pkgsUnstable.libvirt;
 
         packages.awscli2 = pkgsUnstable.awscli2;
 

hack/qemu-metadata-api/BUILD.bazel

@@ -29,7 +29,7 @@ go_binary(
 
 platform_binary(
     name = "qemu_metadata_api_linux_amd64",
-    platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
+    platform = "//bazel/platforms:constellation_os_x86_64",
     target_file = ":qemu-metadata-api",
     visibility = ["//visibility:public"],
 )

internal/cryptsetup/BUILD.bazel

@@ -9,7 +9,7 @@ go_library(
     ],
     # keep
     cdeps = [
-        "@cryptsetup//:cryptsetup",
+        "@//nix/cc:cryptsetup",
     ],
     cgo = True,
     importpath = "github.com/edgelesssys/constellation/v2/internal/cryptsetup",

nix/cc/BUILD.bazel

@@ -0,0 +1,66 @@
+load("@bazel_skylib//lib:selects.bzl", "selects")
+
+alias(
+    name = "org_openssl",
+    actual = select({
+        ":aarch64-linux": "@org_openssl_aarch64-linux//:org_openssl",
+        ":aarch64-darwin": "@org_openssl_aarch64-darwin//:org_openssl",
+        ":x86_64-linux": "@org_openssl_x86_64-linux//:org_openssl",
+        ":x86_64-darwin": "@org_openssl_x86_64-darwin//:org_openssl",
+    }),
+    visibility = ["//visibility:public"],
+)
+
+alias(
+    name = "cryptsetup",
+    actual = select({
+        ":aarch64-linux": "@cryptsetup_aarch64-linux//:cryptsetup",
+        ":aarch64-darwin": "@cryptsetup_aarch64-darwin//:cryptsetup",
+        ":x86_64-linux": "@cryptsetup_x86_64-linux//:cryptsetup",
+        ":x86_64-darwin": "@cryptsetup_x86_64-darwin//:cryptsetup",
+    }),
+    visibility = ["//visibility:public"],
+)
+
+alias(
+    name = "libvirt",
+    actual = select({
+        ":aarch64-linux": "@libvirt_aarch64-linux//:libvirt",
+        ":aarch64-darwin": "@libvirt_aarch64-darwin//:libvirt",
+        ":x86_64-linux": "@libvirt_x86_64-linux//:libvirt",
+        ":x86_64-darwin": "@libvirt_x86_64-darwin//:libvirt",
+    }),
+    visibility = ["//visibility:public"],
+)
+
+selects.config_setting_group(
+    name = "aarch64-linux",
+    match_all = [
+        "@platforms//cpu:aarch64",
+        "@platforms//os:linux",
+    ],
+)
+
+selects.config_setting_group(
+    name = "aarch64-darwin",
+    match_all = [
+        "@platforms//cpu:aarch64",
+        "@platforms//os:macos",
+    ],
+)
+
+selects.config_setting_group(
+    name = "x86_64-darwin",
+    match_all = [
+        "@platforms//cpu:x86_64",
+        "@platforms//os:macos",
+    ],
+)
+
+selects.config_setting_group(
+    name = "x86_64-linux",
+    match_all = [
+        "@platforms//cpu:x86_64",
+        "@platforms//os:linux",
+    ],
+)

nix/cc/cryptsetup.nix

@@ -0,0 +1,5 @@
+{ pkgs }:
+pkgs.symlinkJoin {
+  name = "cryptsetup";
+  paths = [ pkgs.cryptsetup.out pkgs.cryptsetup.dev ];
+}

nix/cc/nixpkgs_cc_libraries.bzl

@@ -0,0 +1,107 @@
+""" Bazel cc_library definitions for Nixpkgs. """
+
+load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_flake_package")
+
+def nixpkgs_cc_library_deps():
+    """ Generate cc_library rules for Nixpkgs. """
+    return [
+        nixpkgs_flake_package(
+            name = "org_openssl_%s" % system,
+            nix_flake_file = "//:flake.nix",
+            nix_flake_lock_file = "//:flake.lock",
+            package = "packages.%s.openssl" % system,
+            build_file_content = OPENSSL_BUILD,
+        )
+        for system in openssl_systems
+    ] + [
+        nixpkgs_flake_package(
+            name = "cryptsetup_%s" % system,
+            nix_flake_file = "//:flake.nix",
+            nix_flake_lock_file = "//:flake.lock",
+            package = "packages.%s.cryptsetup" % system,
+            build_file_content = CRYPTSETUP_BUILD,
+        )
+        for system in cryptsetup_systems
+    ] + [
+        nixpkgs_flake_package(
+            name = "libvirt_%s" % system,
+            nix_flake_file = "//:flake.nix",
+            nix_flake_lock_file = "//:flake.lock",
+            package = "packages.%s.libvirt" % system,
+            build_file_content = LIBVIRT_BUILD,
+        )
+        for system in libvirt_systems
+    ]
+
+openssl_systems = [
+    "aarch64-linux",
+    "aarch64-darwin",
+    "x86_64-linux",
+    "x86_64-darwin",
+]
+
+cryptsetup_systems = [
+    "aarch64-linux",
+    "x86_64-linux",
+]
+
+libvirt_systems = [
+    "aarch64-linux",
+    "x86_64-linux",
+]
+
+OPENSSL_BUILD = """\
+load("@rules_cc//cc:defs.bzl", "cc_library")
+filegroup(
+    name = "include",
+    srcs = glob(["include/**/*.h"]),
+    visibility = ["//visibility:public"],
+)
+cc_library(
+    name = "org_openssl",
+    srcs = glob(["lib/**/*.a"]),
+    hdrs = [":include"],
+    strip_include_prefix = "include",
+    visibility = ["//visibility:public"],
+)
+"""
+
+CRYPTSETUP_BUILD = """\
+filegroup(
+    name = "include",
+    srcs = glob(["include/**/*.h"]),
+    visibility = ["//visibility:public"],
+)
+cc_library(
+    name = "cryptsetup",
+    srcs = glob(["lib/**/*.so*"]),
+    hdrs = [":include"],
+    strip_include_prefix = "include",
+    target_compatible_with = [
+        "@platforms//os:linux",
+    ],
+    visibility = ["//visibility:public"],
+)
+"""
+
+LIBVIRT_BUILD = """\
+load("@rules_cc//cc:defs.bzl", "cc_library")
+filegroup(
+    name = "include",
+    srcs = glob(["include/**/*.h"]),
+    visibility = ["//visibility:public"],
+)
+cc_library(
+    name = "libvirt",
+    srcs = glob([
+        "lib/*.so",
+        "lib/*.so.*",
+    ]),
+    hdrs = [":include"],
+    strip_include_prefix = "include",
+    target_compatible_with = [
+        "@platforms//os:linux",
+    ],
+    visibility = ["//visibility:public"],
+)
+"""

nix/cc/openssl.nix

@@ -0,0 +1,8 @@
+{ pkgs }:
+let
+  openssl-static = pkgs.openssl.override { static = true; };
+in
+pkgs.symlinkJoin {
+  name = "openssl";
+  paths = [ openssl-static.out openssl-static.dev ];
+}