-
Notifications
You must be signed in to change notification settings - Fork 271
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build: add nix-env for building the proxy
This branch adds a simple nix-env configuration for building the proxy locally on NixOS. This does *not* yet introduce a derivation for *packaging* the proxy as a Nix package, just a nix-env for local development for Nix users. Actually packaging the proxy for Nix could be fun, but it's not really necessary, since the proxy is not currently distributed as a package for other package managers --- it's distributed as a docker image. If we were going to actually distribute something as a Nix package, it would be the Linkerd CLI (which could be worth doing!). This branch *does* include the necessary configuration to build `cloudflare/boring`, which is added as a dependency by @olix0r's PR #1351. I've confirmed that it is possible to build that branch with these configs, but I opened this as a separate PR against `main` so that we can merge it separately. Currently, we do have to build `boringssl` from source, rather than depending on it from nixpkgs, which is kind of a bummer, but this can be fixed later.
- Loading branch information
Showing
3 changed files
with
104 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| use nix; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| scope@{ pkgs ? import <nixpkgs> { } }: | ||
|
|
||
| let locale = "en_US.UTF8"; | ||
| in with pkgs; | ||
| buildEnv { | ||
| name = "linkerd2-proxy-env"; | ||
| paths = with pkgs; | ||
| [ | ||
| git | ||
| bash | ||
| direnv | ||
| binutils | ||
| stdenv | ||
| bashInteractive | ||
| docker | ||
| cacert | ||
| gcc | ||
| cmake | ||
| rustup | ||
| pkg-config | ||
| openssl | ||
| protobuf | ||
| docker | ||
| (glibcLocales.override { locales = [ locale ]; }) | ||
| ] ++ lib.optional stdenv.isDarwin [ Security libiconv ]; | ||
|
|
||
| buildInputs = [ clang libclang ]; | ||
|
|
||
| passthru = with pkgs; { | ||
| PROTOC = "${protobuf}/bin/protoc"; | ||
| PROTOC_INCLUDE = "${protobuf}/include"; | ||
|
|
||
| LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive"; | ||
| LC_ALL = locale; | ||
|
|
||
| SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
| GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
| CURL_CA_BUNDLE = "${cacert}/etc/ca-bundle.crt"; | ||
| CARGO_TERM_COLOR = "always"; | ||
| RUST_BACKTRACE = "full"; | ||
|
|
||
| LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; | ||
|
|
||
| OPENSSL_DIR = "${openssl.dev}"; | ||
| OPENSSL_LIB_DIR = "${openssl.out}/lib"; | ||
| }; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| scope@{ pkgs ? import <nixpkgs> { } }: | ||
|
|
||
| let env = (import ./default.nix scope); | ||
| in with pkgs; | ||
| mkShell { | ||
| name = env.name; | ||
|
|
||
| buildInputs = [ (import ./default.nix { inherit pkgs; }) ]; | ||
|
|
||
| # From: https://github.com/NixOS/nixpkgs/blob/1fab95f5190d087e66a3502481e34e15d62090aa/pkgs/applications/networking/browsers/firefox/common.nix#L247-L253 | ||
| # Set C flags for Rust's bindgen program. Unlike ordinary C | ||
| # compilation, bindgen does not invoke $CC directly. Instead it | ||
| # uses LLVM's libclang. To make sure all necessary flags are | ||
| # included we need to look in a few places. | ||
| shellHook = '' | ||
| export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ | ||
| $(< ${stdenv.cc}/nix-support/libc-cflags) \ | ||
| $(< ${stdenv.cc}/nix-support/cc-cflags) \ | ||
| $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ | ||
| ${ | ||
| lib.optionalString stdenv.cc.isClang | ||
| "-idirafter ${stdenv.cc.cc}/lib/clang/${ | ||
| lib.getVersion stdenv.cc.cc | ||
| }/include" | ||
| } \ | ||
| ${ | ||
| lib.optionalString stdenv.cc.isGNU | ||
| "-isystem ${stdenv.cc.cc}/include/c++/${ | ||
| lib.getVersion stdenv.cc.cc | ||
| } -isystem ${stdenv.cc.cc}/include/c++/${ | ||
| lib.getVersion stdenv.cc.cc | ||
| }/${stdenv.hostPlatform.config} -idirafter ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${ | ||
| lib.getVersion stdenv.cc.cc | ||
| }/include" | ||
| } \ | ||
| " | ||
| ''; | ||
|
|
||
| PROTOC = "${protobuf}/bin/protoc"; | ||
| PROTOC_INCLUDE = "${protobuf}/include"; | ||
|
|
||
| LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive"; | ||
| LC_ALL = "en_US.UTF-8"; | ||
|
|
||
| SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
| GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
| CURL_CA_BUNDLE = "${cacert}/etc/ca-bundle.crt"; | ||
|
|
||
| CARGO_TERM_COLOR = "always"; | ||
| RUST_BACKTRACE = "full"; | ||
|
|
||
| LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; | ||
|
|
||
| OPENSSL_DIR = "${openssl.dev}"; | ||
| OPENSSL_LIB_DIR = "${openssl.out}/lib"; | ||
| } |