2021-02-05 17:12:51 +00:00
{ lib
2023-05-24 13:37:59 +00:00
, bazel_6
2022-09-11 13:49:41 +00:00
, bazel-gazelle
2021-02-05 17:12:51 +00:00
, buildBazelPackage
2021-01-17 00:15:33 +00:00
, fetchFromGitHub
2024-01-25 14:12:00 +00:00
, fetchpatch
2021-01-17 00:15:33 +00:00
, stdenv
, cmake
2021-06-28 23:13:55 +00:00
, gn
2021-01-17 00:15:33 +00:00
, go
2021-06-28 23:13:55 +00:00
, jdk
2021-01-17 00:15:33 +00:00
, ninja
2022-09-09 14:08:57 +00:00
, patchelf
2021-01-17 00:15:33 +00:00
, python3
2022-03-05 16:20:37 +00:00
, linuxHeaders
2021-04-05 15:23:46 +00:00
, nixosTests
2022-04-27 09:35:20 +00:00
2023-11-16 04:20:00 +00:00
# v8 (upstream default), wavm, wamr, wasmtime, disabled
2022-04-27 09:35:20 +00:00
, wasmRuntime ? " w a m r "
2021-01-17 00:15:33 +00:00
} :
let
srcVer = {
# We need the commit hash, since Bazel stamps the build with it.
# However, the version string is more useful for end-users.
# These are contained in a attrset of their own to make it obvious that
# people should update both.
2024-02-29 20:09:43 +00:00
version = " 1 . 2 7 . 3 " ;
rev = " 0 f d 8 1 e e 7 f f c d 7 c f c 8 6 4 0 9 4 b 2 4 d c 9 b 5 c 3 a d e 8 9 f f 2 " ;
hash = " s h a 2 5 6 - W N y y U w 3 5 1 7 o K q M d 1 s J M k 9 C i L a / V 7 U r h w l R S + A W N N O O o = " ;
2021-01-17 00:15:33 +00:00
} ;
2024-01-25 14:12:00 +00:00
# these need to be updated for any changes to fetchAttrs
depsHash = {
2024-02-29 20:09:43 +00:00
x86_64-linux = " s h a 2 5 6 - w T G H f e F k C u i j P d X / / l T 5 G P s p a x Z s x z B H J f f H 1 t p V M 2 w = " ;
aarch64-linux = " s h a 2 5 6 - 9 / W e m + G k / 7 b F e M N F C 4 J 3 m d T m 3 m r N m y M x i u 5 o a d Q c o v U = " ;
2024-01-25 14:12:00 +00:00
} . ${ stdenv . system } or ( throw " u n s u p p o r t e d s y s t e m ${ stdenv . system } " ) ;
2021-01-17 00:15:33 +00:00
in
2024-01-25 14:12:00 +00:00
buildBazelPackage {
2021-01-17 00:15:33 +00:00
pname = " e n v o y " ;
2022-03-05 16:20:37 +00:00
inherit ( srcVer ) version ;
2023-05-24 13:37:59 +00:00
bazel = bazel_6 ;
2021-01-17 00:15:33 +00:00
src = fetchFromGitHub {
owner = " e n v o y p r o x y " ;
repo = " e n v o y " ;
2024-01-25 14:12:00 +00:00
inherit ( srcVer ) hash rev ;
2021-01-17 00:15:33 +00:00
2022-06-16 17:23:12 +00:00
postFetch = ''
2021-01-17 00:15:33 +00:00
chmod - R + w $ out
rm $ out/.bazelversion
2022-03-05 16:20:37 +00:00
echo $ { srcVer . rev } > $ out/SOURCE_VERSION
2021-01-17 00:15:33 +00:00
'' ;
} ;
postPatch = ''
sed - i ' s , #!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
2021-06-28 23:13:55 +00:00
sed - i ' /javabase = /d ' . bazelrc
2022-09-11 13:49:41 +00:00
sed - i ' / " - W e r r o r " /d ' bazel/envoy_internal.bzl
2022-09-09 14:08:57 +00:00
2023-02-19 20:43:05 +00:00
cp $ { ./protobuf.patch } bazel/protobuf.patch
2021-01-17 00:15:33 +00:00
'' ;
2022-03-05 16:20:37 +00:00
patches = [
2022-09-09 14:08:57 +00:00
# use system Python, not bazel-fetched binary Python
2023-02-19 20:43:05 +00:00
./0001-nixpkgs-use-system-Python.patch
# use system Go, not bazel-fetched binary Go
./0002-nixpkgs-use-system-Go.patch
2023-10-19 13:55:26 +00:00
# use system C/C++ tools
./0003-nixpkgs-use-system-C-C-toolchains.patch
2024-01-25 14:12:00 +00:00
2024-02-29 20:09:43 +00:00
# bump proxy-wasm-cpp-host until > 1.27.3/1.28.0
2024-01-25 14:12:00 +00:00
( fetchpatch {
url = " h t t p s : / / g i t h u b . c o m / e n v o y p r o x y / e n v o y / p u l l / 3 1 4 5 1 . p a t c h " ;
hash = " s h a 2 5 6 - n 8 k 7 b h o 3 B 8 G m 0 d J b g f 4 3 k U 7 y m v o 1 5 a G J 2 T w i 2 x R 4 5 0 g = " ;
} )
2022-03-05 16:20:37 +00:00
] ;
2021-01-17 00:15:33 +00:00
nativeBuildInputs = [
cmake
python3
2021-06-28 23:13:55 +00:00
gn
2021-01-17 00:15:33 +00:00
go
2021-06-28 23:13:55 +00:00
jdk
2021-01-17 00:15:33 +00:00
ninja
2022-09-09 14:08:57 +00:00
patchelf
2021-01-17 00:15:33 +00:00
] ;
2022-03-05 16:20:37 +00:00
buildInputs = [
linuxHeaders
] ;
2023-02-19 20:43:05 +00:00
# external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security]
hardeningDisable = [ " f o r m a t " ] ;
2021-01-17 00:15:33 +00:00
fetchAttrs = {
2024-01-25 14:12:00 +00:00
sha256 = depsHash ;
2021-01-17 00:15:33 +00:00
dontUseCmakeConfigure = true ;
2021-06-28 23:13:55 +00:00
dontUseGnConfigure = true ;
2021-01-17 00:15:33 +00:00
preInstall = ''
# Strip out the path to the build location (by deleting the comment line).
find $ bazelOut/external - name requirements . bzl | while read requirements ; do
sed - i ' / # Generated from /d' "$requirements"
done
# Remove references to paths in the Nix store.
sed - i \
- e ' s , $ { python3 } , __NIXPYTHON__ , ' \
- e ' s , $ { stdenv . shellPackage } , __NIXSHELL__ , ' \
$ bazelOut/external/com_github_luajit_luajit/build.py \
2022-09-11 13:49:41 +00:00
$ bazelOut/external/local_config_sh/BUILD \
2023-10-09 19:29:22 +00:00
$ bazelOut/external /* _ p i p 3 / B U I L D . b a z e l
2022-09-11 13:49:41 +00:00
2021-01-17 00:15:33 +00:00
rm - r $ bazelOut/external/go_sdk
2022-09-11 13:49:41 +00:00
rm - r $ bazelOut/external/local_jdk
rm - r $ bazelOut/external/bazel_gazelle_go_repository_tools/bin
2021-01-17 00:15:33 +00:00
2023-10-09 19:29:22 +00:00
# Remove compiled python
find $ bazelOut - name ' * . pyc' - delete
2021-06-28 23:13:55 +00:00
# Remove Unix timestamps from go cache.
rm - rf $ bazelOut/external/bazel_gazelle_go_repository_cache / { gocache , pkg/mod/cache , pkg/sumdb }
2024-01-25 14:12:00 +00:00
# fix tcmalloc failure https://github.com/envoyproxy/envoy/issues/30838
sed - i ' /TCMALLOC_GCC_FLAGS = \ [ /a " - W n o - c h a n g e s - m e a n i n g " , ' $ bazelOut/external/com_github_google_tcmalloc/tcmalloc/copts.bzl
2021-01-17 00:15:33 +00:00
'' ;
} ;
buildAttrs = {
dontUseCmakeConfigure = true ;
2021-06-28 23:13:55 +00:00
dontUseGnConfigure = true ;
2021-01-17 00:15:33 +00:00
dontUseNinjaInstall = true ;
preConfigure = ''
2022-09-11 13:49:41 +00:00
# Make executables work, for the most part.
find $ bazelOut/external - type f - executable | while read execbin ; do
file " $ e x e c b i n " | grep - q ' : ELF . * , dynamically linked , ' || continue
patchelf \
- - set-interpreter $ ( cat $ { stdenv . cc } /nix-support/dynamic-linker ) \
" $ e x e c b i n "
done
ln - s $ { bazel-gazelle } /bin $ bazelOut/external/bazel_gazelle_go_repository_tools/bin
2022-03-05 16:20:37 +00:00
sed - i ' s , #!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl
2021-01-17 00:15:33 +00:00
# Add paths to Nix store back.
sed - i \
- e ' s , __NIXPYTHON__ , $ { python3 } , ' \
- e ' s , __NIXSHELL__ , $ { stdenv . shellPackage } , ' \
$ bazelOut/external/com_github_luajit_luajit/build.py \
2022-09-11 13:49:41 +00:00
$ bazelOut/external/local_config_sh/BUILD \
2023-10-09 19:29:22 +00:00
$ bazelOut/external /* _ p i p 3 / B U I L D . b a z e l
2021-01-17 00:15:33 +00:00
'' ;
installPhase = ''
install - Dm0755 bazel-bin/source/exe/envoy-static $ out/bin/envoy
'' ;
} ;
removeRulesCC = false ;
removeLocalConfigCc = true ;
removeLocal = false ;
2023-04-12 12:48:02 +00:00
bazelTargets = [ " / / s o u r c e / e x e : e n v o y - s t a t i c " ] ;
2021-01-17 00:15:33 +00:00
bazelBuildFlags = [
" - c o p t "
" - - s p a w n _ s t r a t e g y = s t a n d a l o n e "
" - - n o e x p e r i m e n t a l _ s t r i c t _ a c t i o n _ e n v "
2022-09-11 13:49:41 +00:00
" - - c x x o p t = - W n o - e r r o r "
2023-02-16 17:41:37 +00:00
" - - l i n k o p t = - W l , - z , n o e x e c s t a c k "
2022-09-09 14:08:57 +00:00
# Force use of system Java.
" - - e x t r a _ t o o l c h a i n s = @ l o c a l _ j d k / / : a l l "
" - - j a v a _ r u n t i m e _ v e r s i o n = l o c a l _ j d k "
" - - t o o l _ j a v a _ r u n t i m e _ v e r s i o n = l o c a l _ j d k "
2022-04-27 09:35:20 +00:00
" - - d e f i n e = w a s m = ${ wasmRuntime } "
2022-09-11 13:49:41 +00:00
] ++ ( lib . optionals stdenv . isAarch64 [
# external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token
# 611 | : [end_ptr] "=&r"(end_ptr), [cpu_id] "=&r"(cpu_id),
# | ^
" - - d e f i n e = t c m a l l o c = d i s a b l e d "
] ) ;
2022-04-27 09:35:20 +00:00
bazelFetchFlags = [
" - - d e f i n e = w a s m = ${ wasmRuntime } "
2021-01-17 00:15:33 +00:00
] ;
2021-04-05 15:23:46 +00:00
passthru . tests = {
2022-04-15 01:41:22 +00:00
envoy = nixosTests . envoy ;
# tested as a core component of Pomerium
pomerium = nixosTests . pomerium ;
2021-04-05 15:23:46 +00:00
} ;
2021-02-05 17:12:51 +00:00
meta = with lib ; {
2021-01-17 00:15:33 +00:00
homepage = " h t t p s : / / e n v o y p r o x y . i o " ;
2024-02-29 20:09:43 +00:00
changelog = " h t t p s : / / g i t h u b . c o m / e n v o y p r o x y / e n v o y / r e l e a s e s / t a g / v ${ version } " ;
2021-01-17 00:15:33 +00:00
description = " C l o u d - n a t i v e e d g e a n d s e r v i c e p r o x y " ;
2024-04-21 15:54:59 +00:00
mainProgram = " e n v o y " ;
2021-01-17 00:15:33 +00:00
license = licenses . asl20 ;
maintainers = with maintainers ; [ lukegb ] ;
2022-04-27 09:35:20 +00:00
platforms = [ " x 8 6 _ 6 4 - l i n u x " " a a r c h 6 4 - l i n u x " ] ;
2024-04-21 15:54:59 +00:00
knownVulnerabilities = [ " C V E - 2 0 2 4 - 3 0 2 5 5 " ] ;
2021-01-17 00:15:33 +00:00
} ;
}