2021-02-05 17:12:51 +00:00
{ lib
2022-09-09 14:08:57 +00:00
, bazel_5
2022-09-11 13:49:41 +00:00
, bazel-gazelle
2021-02-05 17:12:51 +00:00
, buildBazelPackage
2021-01-17 00:15:33 +00:00
, fetchFromGitHub
, stdenv
, cmake
2021-06-28 23:13:55 +00:00
, gn
2021-01-17 00:15:33 +00:00
, go
2021-06-28 23:13:55 +00:00
, jdk
2021-01-17 00:15:33 +00:00
, ninja
2022-09-09 14:08:57 +00:00
, patchelf
2021-01-17 00:15:33 +00:00
, python3
2022-03-05 16:20:37 +00:00
, linuxHeaders
2021-04-05 15:23:46 +00:00
, nixosTests
2022-04-27 09:35:20 +00:00
# v8 (upstream default), wavm, wamr, wasmtime, disabled
, wasmRuntime ? " w a m r "
2021-01-17 00:15:33 +00:00
} :
let
srcVer = {
# We need the commit hash, since Bazel stamps the build with it.
# However, the version string is more useful for end-users.
# These are contained in a attrset of their own to make it obvious that
# people should update both.
2023-02-19 20:43:05 +00:00
version = " 1 . 2 5 . 1 " ;
rev = " b a e 2 e 9 d 6 4 2 a 6 a 8 a e 6 c 5 d 3 8 1 0 f 7 7 f 3 e 8 8 8 f 0 d 9 7 d a " ;
2021-01-17 00:15:33 +00:00
} ;
in
buildBazelPackage rec {
pname = " e n v o y " ;
2022-03-05 16:20:37 +00:00
inherit ( srcVer ) version ;
2022-09-09 14:08:57 +00:00
bazel = bazel_5 ;
2021-01-17 00:15:33 +00:00
src = fetchFromGitHub {
owner = " e n v o y p r o x y " ;
repo = " e n v o y " ;
2022-04-27 09:35:20 +00:00
inherit ( srcVer ) rev ;
2023-02-19 20:43:05 +00:00
sha256 = " s h a 2 5 6 - q A 3 + b t a 2 v X G t A Y X 3 m g + C m S I E i t k 4 5 7 6 J Q B / Q L P s j 9 V c = " ;
2021-01-17 00:15:33 +00:00
2022-06-16 17:23:12 +00:00
postFetch = ''
2021-01-17 00:15:33 +00:00
chmod - R + w $ out
rm $ out/.bazelversion
2022-03-05 16:20:37 +00:00
echo $ { srcVer . rev } > $ out/SOURCE_VERSION
2021-01-17 00:15:33 +00:00
'' ;
} ;
postPatch = ''
sed - i ' s , #!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
2021-06-28 23:13:55 +00:00
sed - i ' /javabase = /d ' . bazelrc
2022-09-11 13:49:41 +00:00
sed - i ' / " - W e r r o r " /d ' bazel/envoy_internal.bzl
2022-09-09 14:08:57 +00:00
2023-02-19 20:43:05 +00:00
cp $ { ./protobuf.patch } bazel/protobuf.patch
2021-01-17 00:15:33 +00:00
'' ;
2022-03-05 16:20:37 +00:00
patches = [
2022-09-09 14:08:57 +00:00
# use system Python, not bazel-fetched binary Python
2023-02-19 20:43:05 +00:00
./0001-nixpkgs-use-system-Python.patch
# use system Go, not bazel-fetched binary Go
./0002-nixpkgs-use-system-Go.patch
2022-03-05 16:20:37 +00:00
] ;
2021-01-17 00:15:33 +00:00
nativeBuildInputs = [
cmake
python3
2021-06-28 23:13:55 +00:00
gn
2021-01-17 00:15:33 +00:00
go
2021-06-28 23:13:55 +00:00
jdk
2021-01-17 00:15:33 +00:00
ninja
2022-09-09 14:08:57 +00:00
patchelf
2021-01-17 00:15:33 +00:00
] ;
2022-03-05 16:20:37 +00:00
buildInputs = [
linuxHeaders
] ;
2023-02-19 20:43:05 +00:00
# external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security]
hardeningDisable = [ " f o r m a t " ] ;
2021-01-17 00:15:33 +00:00
fetchAttrs = {
2022-04-27 09:35:20 +00:00
sha256 = {
2023-02-19 20:43:05 +00:00
x86_64-linux = " s h a 2 5 6 - H 2 s 8 s T b m K F + y R f S z L s Z A T 2 c k F u u n F w h / F M S K j + G Y y P M = " ;
aarch64-linux = " s h a 2 5 6 - R 9 j z y / d p d C c G g T 9 y q 5 9 W o / I N / b V o 6 f x n V P G h L M Z 9 f b M = " ;
2022-04-27 09:35:20 +00:00
} . ${ stdenv . system } or ( throw " u n s u p p o r t e d s y s t e m ${ stdenv . system } " ) ;
2021-01-17 00:15:33 +00:00
dontUseCmakeConfigure = true ;
2021-06-28 23:13:55 +00:00
dontUseGnConfigure = true ;
2021-01-17 00:15:33 +00:00
preInstall = ''
# Strip out the path to the build location (by deleting the comment line).
find $ bazelOut/external - name requirements . bzl | while read requirements ; do
sed - i ' / # Generated from /d' "$requirements"
done
# Remove references to paths in the Nix store.
sed - i \
- e ' s , $ { python3 } , __NIXPYTHON__ , ' \
- e ' s , $ { stdenv . shellPackage } , __NIXSHELL__ , ' \
$ bazelOut/external/com_github_luajit_luajit/build.py \
2022-09-11 13:49:41 +00:00
$ bazelOut/external/local_config_sh/BUILD \
$ bazelOut/external/base_pip3/BUILD.bazel
2021-01-17 00:15:33 +00:00
rm - r $ bazelOut/external/go_sdk
2022-09-11 13:49:41 +00:00
rm - r $ bazelOut/external/local_jdk
rm - r $ bazelOut/external/bazel_gazelle_go_repository_tools/bin
2021-01-17 00:15:33 +00:00
2021-06-28 23:13:55 +00:00
# Remove Unix timestamps from go cache.
rm - rf $ bazelOut/external/bazel_gazelle_go_repository_cache / { gocache , pkg/mod/cache , pkg/sumdb }
2021-01-17 00:15:33 +00:00
'' ;
} ;
buildAttrs = {
dontUseCmakeConfigure = true ;
2021-06-28 23:13:55 +00:00
dontUseGnConfigure = true ;
2021-01-17 00:15:33 +00:00
dontUseNinjaInstall = true ;
preConfigure = ''
2022-09-11 13:49:41 +00:00
# Make executables work, for the most part.
find $ bazelOut/external - type f - executable | while read execbin ; do
file " $ e x e c b i n " | grep - q ' : ELF . * , dynamically linked , ' || continue
patchelf \
- - set-interpreter $ ( cat $ { stdenv . cc } /nix-support/dynamic-linker ) \
" $ e x e c b i n "
done
ln - s $ { bazel-gazelle } /bin $ bazelOut/external/bazel_gazelle_go_repository_tools/bin
2022-03-05 16:20:37 +00:00
sed - i ' s , #!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl
2021-01-17 00:15:33 +00:00
# Add paths to Nix store back.
sed - i \
- e ' s , __NIXPYTHON__ , $ { python3 } , ' \
- e ' s , __NIXSHELL__ , $ { stdenv . shellPackage } , ' \
$ bazelOut/external/com_github_luajit_luajit/build.py \
2022-09-11 13:49:41 +00:00
$ bazelOut/external/local_config_sh/BUILD \
$ bazelOut/external/base_pip3/BUILD.bazel
2021-01-17 00:15:33 +00:00
'' ;
installPhase = ''
install - Dm0755 bazel-bin/source/exe/envoy-static $ out/bin/envoy
'' ;
} ;
removeRulesCC = false ;
removeLocalConfigCc = true ;
removeLocal = false ;
bazelTarget = " / / s o u r c e / e x e : e n v o y - s t a t i c " ;
bazelBuildFlags = [
" - c o p t "
" - - s p a w n _ s t r a t e g y = s t a n d a l o n e "
" - - n o e x p e r i m e n t a l _ s t r i c t _ a c t i o n _ e n v "
2022-09-11 13:49:41 +00:00
" - - c x x o p t = - W n o - e r r o r "
2023-02-16 17:41:37 +00:00
" - - l i n k o p t = - W l , - z , n o e x e c s t a c k "
2022-09-09 14:08:57 +00:00
# Force use of system Java.
" - - e x t r a _ t o o l c h a i n s = @ l o c a l _ j d k / / : a l l "
" - - j a v a _ r u n t i m e _ v e r s i o n = l o c a l _ j d k "
" - - t o o l _ j a v a _ r u n t i m e _ v e r s i o n = l o c a l _ j d k "
2022-04-27 09:35:20 +00:00
" - - d e f i n e = w a s m = ${ wasmRuntime } "
2022-09-11 13:49:41 +00:00
] ++ ( lib . optionals stdenv . isAarch64 [
# external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token
# 611 | : [end_ptr] "=&r"(end_ptr), [cpu_id] "=&r"(cpu_id),
# | ^
" - - d e f i n e = t c m a l l o c = d i s a b l e d "
] ) ;
2022-04-27 09:35:20 +00:00
bazelFetchFlags = [
" - - d e f i n e = w a s m = ${ wasmRuntime } "
2021-01-17 00:15:33 +00:00
] ;
2021-04-05 15:23:46 +00:00
passthru . tests = {
2022-04-15 01:41:22 +00:00
envoy = nixosTests . envoy ;
# tested as a core component of Pomerium
pomerium = nixosTests . pomerium ;
2021-04-05 15:23:46 +00:00
} ;
2021-02-05 17:12:51 +00:00
meta = with lib ; {
2021-01-17 00:15:33 +00:00
homepage = " h t t p s : / / e n v o y p r o x y . i o " ;
description = " C l o u d - n a t i v e e d g e a n d s e r v i c e p r o x y " ;
license = licenses . asl20 ;
maintainers = with maintainers ; [ lukegb ] ;
2022-04-27 09:35:20 +00:00
platforms = [ " x 8 6 _ 6 4 - l i n u x " " a a r c h 6 4 - l i n u x " ] ;
2021-01-17 00:15:33 +00:00
} ;
}