Add an example of adding nixpkgs overlays and some work toward obtaining libchallenge-bypass-ristretto.

Also, go back to plain Obelisk develop.
2023-02-07 14:25:28 -05:00 · 2023-02-07 14:25:28 -05:00 · ffe35573b8
commit ffe35573b8
parent 2bfa91eca1
6 changed files with 86 additions and 39 deletions
--- a/.obelisk/impl/github.json
+++ b/.obelisk/impl/github.json
@ -1,8 +1,8 @@
 {
  "owner": "obsidiansystems",
  "repo": "obelisk",
-  "branch": "cg/user-nixpkgs-overlays",
+  "branch": "develop",
  "private": false,
-  "rev": "c1c1e7e0aedefdf39497f4dda91cda76df1a05a9",
+  "rev": "1c4b07ec67639356316b610142d3be8d302c07cc",
-  "sha256": "1xsp20j12sg6mg9wl640b709ksl3zs3bbkylm559gyvfbvll74p6"
+  "sha256": "1j8zjdwv912s7gxzfi3bfy1kh840j2bvhqycxgi7v4pc0mi54fav"
 }
--- a/default.nix
+++ b/default.nix
@ -3,41 +3,12 @@
 , obelisk ? import ./.obelisk/impl {
    inherit system;
    iosSdkVersion = "13.2";
-    # This argument (which is new, but was easy to add to Obelisk, thankfully), allows one to specify nixpkgs overlays.
+    # Here we insert our own nixpkgs overlays. Since it's a bit awkward, a future version of Obelisk will make
-    # We'll use it to ensure we have the appropriate version of botan.
+    # this more straightforward, but for now, the way to do this is by modifying the reflex-platform function
-    nixpkgsOverlays =
+    # to modify its nixpkgsOverlays argument. Be sure to also have a look at ./nixpkgs-overlay.nix for the botan2
-      [
+    # overlay.
-        (self: super: rec {
+    reflex-platform-func = (args: import (nix-thunk.thunkSource ./.obelisk/impl + "/dep/reflex-platform")
-            botan2 =
+      (args // { nixpkgsOverlays = args.nixpkgsOverlays ++ [(import ./nixpkgs-overlay.nix { inherit nix-thunk; })]; } ) );
              (super.botan2.overrideAttrs (old: {
                # Get rid of some patches that nixpkgs was applying to botan2 and which didn't apply to the branch.
                patches = [];
                # The --with-openssl flag didn't work for some reason, might need further figuring out.
                configurePhase = builtins.replaceStrings [ "--with-openssl" ] [ " " ] old.configurePhase;
                # Here, we use nix-thunk to get the source of the correct branch of the botan repo via a thunk.
                # Nix thunks are essentially references to git repositories that can be unpacked to their
                # source in-place when working on the project, or packed up into a few small files.
                # After installing the nix-thunk command from https://github.com/obsidiansystems/nix-thunk
                # you can run:
                # nix-thunk unpack dep/botan
                # from the top level of this repo to clone a copy of the botan git repo at the appropriate
                # commit, and work on it from there. Similarly,
                # nix-thunk pack dep/botan
                # will pack it back up again, provided that the changes have been pushed somewhere.
                # Note: there's a bug in the current version of Obelisk which occasionally gives it some trouble
                # if certain repos are unpacked. If you have any trouble running an ob command
                # (ob run, ob repl, etc.) with a thunk unpacked, try adding the flag  --no-interpret dep
                # and hopefully that will sort it out.
                src = nix-thunk.thunkSource ./dep/botan;
              })).override (old: {
                # Also, turn on debugging.
                extraConfigureFlags = "--debug-mode";
              });
            # For whatever reason, it seems callCabal2nix below wants to use the botan package rather than botan2.
            # We could override the pkgconfigDepends of the resulting package, but this is easier.
            botan = self.botan2;
        })
      ];
    # You must accept the Android Software Development Kit License Agreement at
    # https://developer.android.com/studio/terms in order to build Android apps.
@ -58,7 +29,10 @@ project ./. ({ pkgs, hackGet, ... }: {
  ios.bundleName = "Obelisk Minimal Example";
  overrides = self: super:
    with pkgs.haskell.lib; {
-      # Here, we get the tahoe-chk package from the chk.hs thunk, and use callCabal2nix to get a nix derivation to build it.
+      # Here, we get the tahoe-chk package from the chk.hs thunk,
      # and use callCabal2nix to get a nix derivation to build it.
      # See the comment in ./nixpkgs-overlay.nix for a description
      # of how to interact with nix thunks.
      tahoe-chk = self.callCabal2nix "tahoe-chk" (nix-thunk.thunkSource ./dep/chkhs) {};
      # We also ended up needing an override of the base32 library, which we obtain from Hackage.
      base32 = self.callHackageDirect {
--- a/dep/python-challenge-bypass-ristretto/default.nix
+++ b/dep/python-challenge-bypass-ristretto/default.nix
@ -0,0 +1,2 @@
 # DO NOT HAND-EDIT THIS FILE
 import (import ./thunk.nix)
--- a/dep/python-challenge-bypass-ristretto/github.json
+++ b/dep/python-challenge-bypass-ristretto/github.json
@ -0,0 +1,8 @@
 {
  "owner": "LeastAuthority",
  "repo": "python-challenge-bypass-ristretto",
  "branch": "master",
  "private": false,
  "rev": "30b47c2a0ab00edbc6e3142ff806c7ac7e84e715",
  "sha256": "14206h5b80xna6y070pk54qh228v4h43c8z1b0ibiv32ns1dhq5w"
 }
--- a/dep/python-challenge-bypass-ristretto/thunk.nix
+++ b/dep/python-challenge-bypass-ristretto/thunk.nix
@ -0,0 +1,12 @@
 # DO NOT HAND-EDIT THIS FILE
 let fetch = { private ? false, fetchSubmodules ? false, owner, repo, rev, sha256, ... }:
  if !fetchSubmodules && !private then builtins.fetchTarball {
    url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; inherit sha256;
  } else (import (builtins.fetchTarball {
  url = "https://github.com/NixOS/nixpkgs/archive/3aad50c30c826430b0270fcf8264c8c41b005403.tar.gz";
  sha256 = "0xwqsf08sywd23x0xvw4c4ghq0l28w2ki22h0bdn766i16z9q2gr";
 }) {}).fetchFromGitHub {
    inherit owner repo rev sha256 fetchSubmodules private;
  };
  json = builtins.fromJSON (builtins.readFile ./github.json);
 in fetch json
--- a/nixpkgs-overlay.nix
+++ b/nixpkgs-overlay.nix
@ -0,0 +1,51 @@
 { nix-thunk }: self: super: rec {
  botan2 =
    (super.botan2.overrideAttrs (old: {
      # Get rid of some patches that nixpkgs was applying to botan2 and which didn't apply to the branch.
      patches = [];
      # The --with-openssl flag didn't work for some reason, might need further figuring out.
      configurePhase = builtins.replaceStrings [ "--with-openssl" ] [ " " ] old.configurePhase;
      # Here, we use nix-thunk to get the source of the correct branch of the botan repo via a thunk.
      # Nix thunks are essentially references to git repositories that can be unpacked to their
      # source in-place when working on the project, or packed up into a few small files.
      # After installing the nix-thunk command from https://github.com/obsidiansystems/nix-thunk
      # you can run:
      # nix-thunk unpack dep/botan
      # from the top level of this repo to clone a copy of the botan git repo at the appropriate
      # commit, and work on it from there. Similarly,
      # nix-thunk pack dep/botan
      # will pack it back up again, provided that the changes have been pushed somewhere.
      # Note: there's a bug in the current version of Obelisk which occasionally gives it some trouble
      # if certain repos are unpacked. If you have any trouble running an ob command
      # (ob run, ob repl, etc.) with a thunk unpacked, try adding the flag  --no-interpret dep
      # and hopefully that will sort it out.
      src = nix-thunk.thunkSource ./dep/botan;
    })).override (old: {
      # Also, turn on debugging.
      extraConfigureFlags = "--debug-mode";
    });
  # For whatever reason, it seems callCabal2nix for tahoe-chk
  # wants to use the botan package rather than botan2.
  # We could override the pkgconfigDepends of the resulting
  # package if we needed both, but this is easier.
  botan = self.botan2;
  # Next, we'll try to obtain challenge-bypass-ristretto-ffi, for which we have a nix flake.
  # To use the flake, we'll obtain Eelco Dolstra's flake-compat.
  flake-compat = import (fetchTarball {
    url = "https://github.com/edolstra/flake-compat/archive/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9.tar.gz";
    sha256 = "sha256:1prd9b1xx8c0sfwnyzkspplh30m613j42l1k789s521f4kv4c2z2";
  });
  # This has the top level of the flake...
  challenge-bypass-ristretto-ffi-flake =
    (self.flake-compat { src = nix-thunk.thunkSource ./dep/python-challenge-bypass-ristretto ; }).defaultNix;
  # ... from which we can extract whatever packages we need.
  challenge-bypass-ristretto-ffi =
    challenge-bypass-ristretto-ffi-flake.packages."${builtins.currentSystem}".libchallenge_bypass_ristretto_ffi;
  challenge-bypass-ristretto-ffi-android =
    challenge-bypass-ristretto-ffi-flake.legacyPackages."${builtins.currentSystem}".pkgsCross.aarch64-android.libchallenge_bypass_ristretto_ffi;
  # We can branch on the target platform to choose between the different architecture libraries from the flake. Modifying the flake might be easier.
  libchallenge_bypass_ristretto_ffi = if self.stdenv.targetPlatform.isAndroid
    then challenge-bypass-ristretto-ffi-flake.legacyPackages.${builtins.currentSystem}.pkgsCross.aarch64-android.libchallenge_bypass_ristretto_ffi
    else challenge-bypass-ristretto-ffi-flake.packages.${builtins.currentSystem}.libchallenge_bypass_ristretto_ffi;
 }
		`@ -0,0 +1,2 @@`
							`# DO NOT HAND-EDIT THIS FILE`
							`import (import ./thunk.nix)`