From ffe35573b8ae545e26f64c8c0210a5bdc08f8eaf Mon Sep 17 00:00:00 2001 From: Cale Gibbard Date: Tue, 7 Feb 2023 14:25:28 -0500 Subject: [PATCH] Add an example of adding nixpkgs overlays and some work toward obtaining libchallenge-bypass-ristretto. Also, go back to plain Obelisk develop. --- .obelisk/impl/github.json | 6 +-- default.nix | 46 ++++------------- .../default.nix | 2 + .../github.json | 8 +++ .../thunk.nix | 12 +++++ nixpkgs-overlay.nix | 51 +++++++++++++++++++ 6 files changed, 86 insertions(+), 39 deletions(-) create mode 100644 dep/python-challenge-bypass-ristretto/default.nix create mode 100644 dep/python-challenge-bypass-ristretto/github.json create mode 100644 dep/python-challenge-bypass-ristretto/thunk.nix create mode 100644 nixpkgs-overlay.nix diff --git a/.obelisk/impl/github.json b/.obelisk/impl/github.json index d40cc9c..2896be5 100644 --- a/.obelisk/impl/github.json +++ b/.obelisk/impl/github.json @@ -1,8 +1,8 @@ { "owner": "obsidiansystems", "repo": "obelisk", - "branch": "cg/user-nixpkgs-overlays", + "branch": "develop", "private": false, - "rev": "c1c1e7e0aedefdf39497f4dda91cda76df1a05a9", - "sha256": "1xsp20j12sg6mg9wl640b709ksl3zs3bbkylm559gyvfbvll74p6" + "rev": "1c4b07ec67639356316b610142d3be8d302c07cc", + "sha256": "1j8zjdwv912s7gxzfi3bfy1kh840j2bvhqycxgi7v4pc0mi54fav" } diff --git a/default.nix b/default.nix index fd923d6..b12eabc 100644 --- a/default.nix +++ b/default.nix @@ -3,41 +3,12 @@ , obelisk ? import ./.obelisk/impl { inherit system; iosSdkVersion = "13.2"; - # This argument (which is new, but was easy to add to Obelisk, thankfully), allows one to specify nixpkgs overlays. - # We'll use it to ensure we have the appropriate version of botan. - nixpkgsOverlays = - [ - (self: super: rec { - botan2 = - (super.botan2.overrideAttrs (old: { - # Get rid of some patches that nixpkgs was applying to botan2 and which didn't apply to the branch. - patches = []; - # The --with-openssl flag didn't work for some reason, might need further figuring out. - configurePhase = builtins.replaceStrings [ "--with-openssl" ] [ " " ] old.configurePhase; - # Here, we use nix-thunk to get the source of the correct branch of the botan repo via a thunk. - # Nix thunks are essentially references to git repositories that can be unpacked to their - # source in-place when working on the project, or packed up into a few small files. - # After installing the nix-thunk command from https://github.com/obsidiansystems/nix-thunk - # you can run: - # nix-thunk unpack dep/botan - # from the top level of this repo to clone a copy of the botan git repo at the appropriate - # commit, and work on it from there. Similarly, - # nix-thunk pack dep/botan - # will pack it back up again, provided that the changes have been pushed somewhere. - # Note: there's a bug in the current version of Obelisk which occasionally gives it some trouble - # if certain repos are unpacked. If you have any trouble running an ob command - # (ob run, ob repl, etc.) with a thunk unpacked, try adding the flag --no-interpret dep - # and hopefully that will sort it out. - src = nix-thunk.thunkSource ./dep/botan; - })).override (old: { - # Also, turn on debugging. - extraConfigureFlags = "--debug-mode"; - }); - # For whatever reason, it seems callCabal2nix below wants to use the botan package rather than botan2. - # We could override the pkgconfigDepends of the resulting package, but this is easier. - botan = self.botan2; - }) - ]; + # Here we insert our own nixpkgs overlays. Since it's a bit awkward, a future version of Obelisk will make + # this more straightforward, but for now, the way to do this is by modifying the reflex-platform function + # to modify its nixpkgsOverlays argument. Be sure to also have a look at ./nixpkgs-overlay.nix for the botan2 + # overlay. + reflex-platform-func = (args: import (nix-thunk.thunkSource ./.obelisk/impl + "/dep/reflex-platform") + (args // { nixpkgsOverlays = args.nixpkgsOverlays ++ [(import ./nixpkgs-overlay.nix { inherit nix-thunk; })]; } ) ); # You must accept the Android Software Development Kit License Agreement at # https://developer.android.com/studio/terms in order to build Android apps. @@ -58,7 +29,10 @@ project ./. ({ pkgs, hackGet, ... }: { ios.bundleName = "Obelisk Minimal Example"; overrides = self: super: with pkgs.haskell.lib; { - # Here, we get the tahoe-chk package from the chk.hs thunk, and use callCabal2nix to get a nix derivation to build it. + # Here, we get the tahoe-chk package from the chk.hs thunk, + # and use callCabal2nix to get a nix derivation to build it. + # See the comment in ./nixpkgs-overlay.nix for a description + # of how to interact with nix thunks. tahoe-chk = self.callCabal2nix "tahoe-chk" (nix-thunk.thunkSource ./dep/chkhs) {}; # We also ended up needing an override of the base32 library, which we obtain from Hackage. base32 = self.callHackageDirect { diff --git a/dep/python-challenge-bypass-ristretto/default.nix b/dep/python-challenge-bypass-ristretto/default.nix new file mode 100644 index 0000000..2b4d4ab --- /dev/null +++ b/dep/python-challenge-bypass-ristretto/default.nix @@ -0,0 +1,2 @@ +# DO NOT HAND-EDIT THIS FILE +import (import ./thunk.nix) \ No newline at end of file diff --git a/dep/python-challenge-bypass-ristretto/github.json b/dep/python-challenge-bypass-ristretto/github.json new file mode 100644 index 0000000..9c2fd39 --- /dev/null +++ b/dep/python-challenge-bypass-ristretto/github.json @@ -0,0 +1,8 @@ +{ + "owner": "LeastAuthority", + "repo": "python-challenge-bypass-ristretto", + "branch": "master", + "private": false, + "rev": "30b47c2a0ab00edbc6e3142ff806c7ac7e84e715", + "sha256": "14206h5b80xna6y070pk54qh228v4h43c8z1b0ibiv32ns1dhq5w" +} diff --git a/dep/python-challenge-bypass-ristretto/thunk.nix b/dep/python-challenge-bypass-ristretto/thunk.nix new file mode 100644 index 0000000..20f2d28 --- /dev/null +++ b/dep/python-challenge-bypass-ristretto/thunk.nix @@ -0,0 +1,12 @@ +# DO NOT HAND-EDIT THIS FILE +let fetch = { private ? false, fetchSubmodules ? false, owner, repo, rev, sha256, ... }: + if !fetchSubmodules && !private then builtins.fetchTarball { + url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; inherit sha256; + } else (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/3aad50c30c826430b0270fcf8264c8c41b005403.tar.gz"; + sha256 = "0xwqsf08sywd23x0xvw4c4ghq0l28w2ki22h0bdn766i16z9q2gr"; +}) {}).fetchFromGitHub { + inherit owner repo rev sha256 fetchSubmodules private; + }; + json = builtins.fromJSON (builtins.readFile ./github.json); +in fetch json \ No newline at end of file diff --git a/nixpkgs-overlay.nix b/nixpkgs-overlay.nix new file mode 100644 index 0000000..9435931 --- /dev/null +++ b/nixpkgs-overlay.nix @@ -0,0 +1,51 @@ +{ nix-thunk }: self: super: rec { + botan2 = + (super.botan2.overrideAttrs (old: { + # Get rid of some patches that nixpkgs was applying to botan2 and which didn't apply to the branch. + patches = []; + # The --with-openssl flag didn't work for some reason, might need further figuring out. + configurePhase = builtins.replaceStrings [ "--with-openssl" ] [ " " ] old.configurePhase; + # Here, we use nix-thunk to get the source of the correct branch of the botan repo via a thunk. + # Nix thunks are essentially references to git repositories that can be unpacked to their + # source in-place when working on the project, or packed up into a few small files. + # After installing the nix-thunk command from https://github.com/obsidiansystems/nix-thunk + # you can run: + # nix-thunk unpack dep/botan + # from the top level of this repo to clone a copy of the botan git repo at the appropriate + # commit, and work on it from there. Similarly, + # nix-thunk pack dep/botan + # will pack it back up again, provided that the changes have been pushed somewhere. + # Note: there's a bug in the current version of Obelisk which occasionally gives it some trouble + # if certain repos are unpacked. If you have any trouble running an ob command + # (ob run, ob repl, etc.) with a thunk unpacked, try adding the flag --no-interpret dep + # and hopefully that will sort it out. + src = nix-thunk.thunkSource ./dep/botan; + })).override (old: { + # Also, turn on debugging. + extraConfigureFlags = "--debug-mode"; + }); + # For whatever reason, it seems callCabal2nix for tahoe-chk + # wants to use the botan package rather than botan2. + # We could override the pkgconfigDepends of the resulting + # package if we needed both, but this is easier. + botan = self.botan2; + + # Next, we'll try to obtain challenge-bypass-ristretto-ffi, for which we have a nix flake. + # To use the flake, we'll obtain Eelco Dolstra's flake-compat. + flake-compat = import (fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9.tar.gz"; + sha256 = "sha256:1prd9b1xx8c0sfwnyzkspplh30m613j42l1k789s521f4kv4c2z2"; + }); + # This has the top level of the flake... + challenge-bypass-ristretto-ffi-flake = + (self.flake-compat { src = nix-thunk.thunkSource ./dep/python-challenge-bypass-ristretto ; }).defaultNix; + # ... from which we can extract whatever packages we need. + challenge-bypass-ristretto-ffi = + challenge-bypass-ristretto-ffi-flake.packages."${builtins.currentSystem}".libchallenge_bypass_ristretto_ffi; + challenge-bypass-ristretto-ffi-android = + challenge-bypass-ristretto-ffi-flake.legacyPackages."${builtins.currentSystem}".pkgsCross.aarch64-android.libchallenge_bypass_ristretto_ffi; + # We can branch on the target platform to choose between the different architecture libraries from the flake. Modifying the flake might be easier. + libchallenge_bypass_ristretto_ffi = if self.stdenv.targetPlatform.isAndroid + then challenge-bypass-ristretto-ffi-flake.legacyPackages.${builtins.currentSystem}.pkgsCross.aarch64-android.libchallenge_bypass_ristretto_ffi + else challenge-bypass-ristretto-ffi-flake.packages.${builtins.currentSystem}.libchallenge_bypass_ristretto_ffi; +}