Build with nix

justsmth · justsmth · commit 431194460b48 · 2025-11-11T08:26:07.000-05:00
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
@@ -0,0 +1,41 @@
+---
+name: "Nix checks"
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+jobs:
+  nixflake:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: cachix/install-nix-action@v29
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: nix build
+      - run: nix flake check
+  nixfmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: nixbuild/nix-quick-install-action@v29
+      - name: nix fmt
+        run: nix fmt $(find . -name \*nix -type f -not -path "./.git/*")
+      - name: Changed files
+        id: dirty
+        run: |
+          echo "Checking nix files with: nix fmt ..."
+          git diff --exit-code
+        continue-on-error: true
+      - name: Failure case
+        if: steps.dirty.outcome != 'success'
+        run: |
+          echo "Please fix formatting with nix fmt (file)"
+          exit 1
+      - name: Success
+        run: echo "All nix files passed format check"
diff --git a/aws-lc-sys/builder/cc_builder.rs b/aws-lc-sys/builder/cc_builder.rs
@@ -383,8 +383,11 @@ impl CcBuilder {
             let mut new_cflags = original_cflags.clone();
             // The `_FORTIFY_SOURCE` macro often requires optimizations to also be enabled, so unset it.
             new_cflags.push_str(" -O0 -Wp,-U_FORTIFY_SOURCE");
+            /*
+            Reproduce the failure, then we'll find the best place to put this.
             // Certain MacOS system headers are guarded by _POSIX_C_SOURCE and _DARWIN_C_SOURCE
             new_cflags.push_str(" -D_DARWIN_C_SOURCE");
+            */
             set_env_for_target("CFLAGS", &new_cflags);
             // cc-rs currently prioritizes flags provided by CFLAGS over the flags provided by the build script.
             // The environment variables used by the compiler are set when `get_compiler` is called.
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,89 @@
+{
+  description = "aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        # Common build inputs needed for aws-lc-sys
+        awsLcBuildInputs = with pkgs; [
+          cmake
+          ninja
+          perl
+          go
+          clang
+        ];
+
+        aws-lc-rs = pkgs.rustPlatform.buildRustPackage {
+          pname = "aws-lc-rs";
+          version = "1.0.0";
+
+          src = ./.;
+
+          cargoLock = {
+            lockFile = ./Cargo.lock;
+          };
+
+          nativeBuildInputs = awsLcBuildInputs;
+
+          # Environment variables needed for building aws-lc
+          preBuild = ''
+            export HOME=$PWD
+          '';
+
+          # Run tests
+          checkPhase = ''
+            cargo test --workspace --all-features
+          '';
+
+          doCheck = true;
+
+          meta = with pkgs.lib; {
+            description = "aws-lc-rs is a cryptographic library using AWS-LC";
+            homepage = "https://github.com/aws/aws-lc-rs";
+            license = with licenses; [ asl20 isc ];
+          };
+        };
+
+        devShell = pkgs.mkShell {
+          name = "aws-lc-rs-dev";
+
+          buildInputs = with pkgs; [
+            # Rust toolchain
+            rustc
+            cargo
+            rustfmt
+            clippy
+            rust-analyzer
+
+            # AWS-LC build dependencies
+          ] ++ awsLcBuildInputs;
+
+          shellHook = ''
+            echo "aws-lc-rs development environment"
+            echo "Rust version: $(rustc --version)"
+          '';
+        };
+
+      in rec {
+        packages = {
+          aws-lc-rs = aws-lc-rs;
+          default = aws-lc-rs;
+        };
+
+        formatter = pkgs.nixfmt-classic;
+
+        devShells.default = devShell;
+
+        # Checks that run in CI
+        checks = {
+          inherit aws-lc-rs;
+        };
+      });
+}
