diff --git a/pkgs/development/tools/build-managers/gn/default.nix b/pkgs/development/tools/build-managers/gn/default.nix index 3c0abb3edeab5..508a821d74950 100644 --- a/pkgs/development/tools/build-managers/gn/default.nix +++ b/pkgs/development/tools/build-managers/gn/default.nix @@ -1,64 +1,10 @@ -{ stdenv, lib, fetchgit, darwin, writeText -, ninja, python3 -}: +{ callPackage, ... } @ args: -let +callPackage ./generic.nix args { # Note: Please use the recommended version for Chromium, e.g.: # https://git.archlinux.org/svntogit/packages.git/tree/trunk/chromium-gn-version.sh?h=packages/gn rev = "fd3d768bcfd44a8d9639fe278581bd9851d0ce3a"; revNum = "1718"; # git describe HEAD --match initial-commit | cut -d- -f3 version = "2020-03-09"; sha256 = "1asc14y8by7qcn10vbk467hvx93s30pif8r0brissl0sihsaqazr"; - - revShort = builtins.substring 0 7 rev; - lastCommitPosition = writeText "last_commit_position.h" '' - #ifndef OUT_LAST_COMMIT_POSITION_H_ - #define OUT_LAST_COMMIT_POSITION_H_ - - #define LAST_COMMIT_POSITION_NUM ${revNum} - #define LAST_COMMIT_POSITION "${revNum} (${revShort})" - - #endif // OUT_LAST_COMMIT_POSITION_H_ - ''; - -in stdenv.mkDerivation { - pname = "gn-unstable"; - inherit version; - - src = fetchgit { - # Note: The TAR-Archives (+archive/${rev}.tar.gz) are not deterministic! - url = "https://gn.googlesource.com/gn"; - inherit rev sha256; - }; - - nativeBuildInputs = [ ninja python3 ]; - buildInputs = lib.optionals stdenv.isDarwin (with darwin; with apple_sdk.frameworks; [ - libobjc - cctools - - # frameworks - ApplicationServices - Foundation - AppKit - ]); - - buildPhase = '' - python build/gen.py --no-last-commit-position - ln -s ${lastCommitPosition} out/last_commit_position.h - ninja -j $NIX_BUILD_CORES -C out gn - ''; - - installPhase = '' - install -vD out/gn "$out/bin/gn" - ''; - - setupHook = ./setup-hook.sh; - - meta = with lib; { - description = "A meta-build system that generates build files for Ninja"; - homepage = "https://gn.googlesource.com/gn"; - license = licenses.bsd3; - platforms = platforms.unix; - maintainers = with maintainers; [ stesie matthewbauer primeos ]; - }; } diff --git a/pkgs/development/tools/build-managers/gn/generic.nix b/pkgs/development/tools/build-managers/gn/generic.nix new file mode 100644 index 0000000000000..4214bb822b994 --- /dev/null +++ b/pkgs/development/tools/build-managers/gn/generic.nix @@ -0,0 +1,60 @@ +{ stdenv, lib, fetchgit, darwin, writeText +, ninja, python3 +, ... +}: + +{ rev, revNum, version, sha256 }: + +let + revShort = builtins.substring 0 7 rev; + lastCommitPosition = writeText "last_commit_position.h" '' + #ifndef OUT_LAST_COMMIT_POSITION_H_ + #define OUT_LAST_COMMIT_POSITION_H_ + + #define LAST_COMMIT_POSITION_NUM ${revNum} + #define LAST_COMMIT_POSITION "${revNum} (${revShort})" + + #endif // OUT_LAST_COMMIT_POSITION_H_ + ''; + +in stdenv.mkDerivation { + pname = "gn-unstable"; + inherit version; + + src = fetchgit { + # Note: The TAR-Archives (+archive/${rev}.tar.gz) are not deterministic! + url = "https://gn.googlesource.com/gn"; + inherit rev sha256; + }; + + nativeBuildInputs = [ ninja python3 ]; + buildInputs = lib.optionals stdenv.isDarwin (with darwin; with apple_sdk.frameworks; [ + libobjc + cctools + + # frameworks + ApplicationServices + Foundation + AppKit + ]); + + buildPhase = '' + python build/gen.py --no-last-commit-position + ln -s ${lastCommitPosition} out/last_commit_position.h + ninja -j $NIX_BUILD_CORES -C out gn + ''; + + installPhase = '' + install -vD out/gn "$out/bin/gn" + ''; + + setupHook = ./setup-hook.sh; + + meta = with lib; { + description = "A meta-build system that generates build files for Ninja"; + homepage = "https://gn.googlesource.com/gn"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ stesie matthewbauer primeos ]; + }; +} diff --git a/pkgs/development/tools/build-managers/gn/rev1924.nix b/pkgs/development/tools/build-managers/gn/rev1924.nix new file mode 100644 index 0000000000000..1b17328f2e095 --- /dev/null +++ b/pkgs/development/tools/build-managers/gn/rev1924.nix @@ -0,0 +1,8 @@ +{ callPackage, ... } @ args: + +callPackage ./generic.nix args { + rev = "24e2f7df92641de0351a96096fb2c490b2436bb8"; + revNum = "1924"; # git describe HEAD --match initial-commit | cut -d- -f3 + version = "2021-08-08"; + sha256 = "1lwkyhfhw0zd7daqz466n7x5cddf0danr799h4jg3s0yvd4galjl"; +} diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix index d26782560a470..c81d79dbb24be 100644 --- a/pkgs/servers/http/envoy/default.nix +++ b/pkgs/servers/http/envoy/default.nix @@ -17,8 +17,8 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.17.3"; - commit = "46bf743b97d0d3f01ff437b2f10cc0bd9cdfe6e4"; + version = "1.19.1"; + commit = "a2a1e3eed4214a38608ec223859fcfa8fb679b14"; }; in buildBazelPackage rec { @@ -28,7 +28,7 @@ buildBazelPackage rec { owner = "envoyproxy"; repo = "envoy"; rev = srcVer.commit; - hash = "sha256:09zzr4h3zjsb2rkxrvlazpx0jy33yn9j65ilxiqbvv0ckaralqfc"; + hash = "sha256:1v1hv4blrppnhllsxd9d3k2wl6nhd59r4ydljy389na3bb41jwf9"; extraPostFetch = '' chmod -R +w $out @@ -58,7 +58,7 @@ buildBazelPackage rec { ]; fetchAttrs = { - sha256 = "sha256:1cy2b73x8jzczq9z9c1kl7zrg5iasvsakb50zxn4mswpmajkbj5h"; + sha256 = "sha256:0vnl0gq6nhvyzz39jg1bvvna0xyhxalg71bp1jbxib7ql026004r"; dontUseCmakeConfigure = true; dontUseGnConfigure = true; preInstall = '' @@ -75,12 +75,6 @@ buildBazelPackage rec { $bazelOut/external/local_config_sh/BUILD rm -r $bazelOut/external/go_sdk - # Replace some wheels which are only used for tests with empty files; - # they're nondeterministically built and packed. - >$bazelOut/external/config_validation_pip3/PyYAML-5.3.1-cp38-cp38-linux_x86_64.whl - >$bazelOut/external/protodoc_pip3/PyYAML-5.3.1-cp38-cp38-linux_x86_64.whl - >$bazelOut/external/thrift_pip3/thrift-0.13.0-cp38-cp38-linux_x86_64.whl - # Remove Unix timestamps from go cache. rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb} ''; diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 7b28200b284e6..cbf2fe1943542 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -7,19 +7,19 @@ }: let - inherit (lib) concatStringsSep mapAttrsToList; + inherit (lib) concatStringsSep concatMap id mapAttrsToList; in buildGoModule rec { pname = "pomerium"; - version = "0.14.7"; + version = "0.15.7"; src = fetchFromGitHub { owner = "pomerium"; repo = "pomerium"; rev = "v${version}"; - hash = "sha256:1jb96jk5qmary4fi1z9zwmppdyskj0qb6qii8s8mwazjjxqj1z2s"; + hash = "sha256:0adlk4ylny1z43x1dw3ny0s1932vhb61hpf5wdz4r65y8k9qyfgr"; }; - vendorSha256 = "sha256:1daabi9qc9nx8bafn26iw6rv4vx2xpd0nnk06265aqaksx26db0s"; + vendorSha256 = "sha256:1fszfbra84pcs8v1h2kf7iy603vf9v2ysg6il76aqmqrxmb1p7nv"; subPackages = [ "cmd/pomerium" "cmd/pomerium-cli" @@ -28,38 +28,49 @@ buildGoModule rec { ldflags = let # Set a variety of useful meta variables for stamping the build with. setVars = { - Version = "v${version}"; - BuildMeta = "nixpkgs"; - ProjectName = "pomerium"; - ProjectURL = "github.com/pomerium/pomerium"; + "github.com/pomerium/pomerium/internal/version" = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + "github.com/pomerium/pomerium/internal/envoy" = { + OverrideEnvoyPath = "${envoy}/bin/envoy"; + }; }; - varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + concatStringsSpace = list: concatStringsSep " " list; + mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list); + varFlags = concatStringsSpace ( + mapAttrsToFlatList (package: packageVars: + mapAttrsToList (variable: value: + "-X ${package}.${variable}=${value}" + ) packageVars + ) setVars); in [ "${varFlags}" ]; - nativeBuildInputs = [ - zip - ]; + preBuild = '' + # Replace embedded envoy with nothing. + # We set OverrideEnvoyPath above, so rawBinary should never get looked at + # but we still need to set a checksum/version. + rm internal/envoy/files/files_{darwin,linux}*.go + cat <internal/envoy/files/files_generic.go + package files - # Pomerium expects to have envoy append to it in a zip. - # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary. - postBuild = '' - # Append Envoy - pushd $NIX_BUILD_TOP - mkdir -p envoy - cd envoy - cp ${envoy}/bin/envoy envoy - zip -0 envoy.zip envoy - popd + import _ "embed" // embed - mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old - cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium - zip --adjust-sfx $GOPATH/bin/pomerium - ''; + var rawBinary []byte - # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end. - dontStrip = true; + //go:embed envoy.sha256 + var rawChecksum string + + //go:embed envoy.version + var rawVersion string + EOF + sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256 + echo '${envoy.version}' > internal/envoy/files/envoy.version + ''; installPhase = '' install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 542235a61f109..3cfdd5f4edb85 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14956,6 +14956,7 @@ with pkgs; nimbo = with python3Packages; callPackage ../applications/misc/nimbo { }; gn = callPackage ../development/tools/build-managers/gn { }; + gn1924 = callPackage ../development/tools/build-managers/gn/rev1924.nix { }; nixbang = callPackage ../development/tools/misc/nixbang { pythonPackages = python3Packages; @@ -20738,6 +20739,7 @@ with pkgs; envoy = callPackage ../servers/http/envoy { go = go_1_15; jdk = openjdk11; + gn = gn1924; }; etcd = callPackage ../servers/etcd { };