nixpkgs/pkgs/servers/http/envoy/default.nix
Luke Granger-Brown 0a087095ac envoy: remove remaining nix store references from deps
To do this, this commit does several things:

* Move the set-interpreter patching to outside the fixed-output
  derivation
* Patch base_pip3/BUILD.bazel, which ends up getting Python's full path
* Drop local_jdk, which contains symlinks to our jdk input
* Drop bazel_gazelle_go_repository_tools, which contains built artifacts
  using our go

...and updates the FOD hash to match. Checked that this appears to
remove the currently obvious FOD problems by checking out an older
nixpkgs commit and applying this on top, and verifying that the FOD hash
doesn't change between that older glibc and the current tip-of-tree.

This also disables tcmalloc on ARM because I couldn't get this to build
properly otherwise.
2022-09-11 04:58:53 +01:00

182 lines
5.3 KiB
Nix

{ lib
, bazel_5
, bazel-gazelle
, buildBazelPackage
, fetchFromGitHub
, stdenv
, cmake
, gn
, go
, jdk
, ninja
, patchelf
, python3
, linuxHeaders
, nixosTests
# v8 (upstream default), wavm, wamr, wasmtime, disabled
, wasmRuntime ? "wamr"
}:
let
srcVer = {
# We need the commit hash, since Bazel stamps the build with it.
# However, the version string is more useful for end-users.
# These are contained in a attrset of their own to make it obvious that
# people should update both.
version = "1.23.1";
rev = "edd69583372955fdfa0b8ca3820dd7312c094e46";
};
in
buildBazelPackage rec {
pname = "envoy";
inherit (srcVer) version;
bazel = bazel_5;
src = fetchFromGitHub {
owner = "envoyproxy";
repo = "envoy";
inherit (srcVer) rev;
sha256 = "sha256:157dbmp479xv5507n48yibvlgi2ac0l3sl9rzm28cm9lhzwva3k0";
postFetch = ''
chmod -R +w $out
rm $out/.bazelversion
echo ${srcVer.rev} > $out/SOURCE_VERSION
sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl
'';
};
postPatch = ''
sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
sed -i '/javabase=/d' .bazelrc
sed -i '/"-Werror"/d' bazel/envoy_internal.bzl
# Use system Python.
sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl
'';
patches = [
# fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter)
./bump-brotli.patch
# fix linux-aarch64 WAMR builds
# (upstream WAMR only detects aarch64 on Darwin, not Linux)
./fix-aarch64-wamr.patch
# use system Python, not bazel-fetched binary Python
./use-system-python.patch
];
nativeBuildInputs = [
cmake
python3
gn
go
jdk
ninja
patchelf
];
buildInputs = [
linuxHeaders
];
fetchAttrs = {
sha256 = {
x86_64-linux = "10f1lcn8pynqcj2hlz100zbpmawvn0f2hwpcw3m9v6v3fcs2l6pr";
aarch64-linux = "1na7gna9563mm1y7sy34fh64f1kxz151xn26zigbi9amwcpjbav6";
}.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
dontUseCmakeConfigure = true;
dontUseGnConfigure = true;
preInstall = ''
# Strip out the path to the build location (by deleting the comment line).
find $bazelOut/external -name requirements.bzl | while read requirements; do
sed -i '/# Generated from /d' "$requirements"
done
# Remove references to paths in the Nix store.
sed -i \
-e 's,${python3},__NIXPYTHON__,' \
-e 's,${stdenv.shellPackage},__NIXSHELL__,' \
$bazelOut/external/com_github_luajit_luajit/build.py \
$bazelOut/external/local_config_sh/BUILD \
$bazelOut/external/base_pip3/BUILD.bazel
rm -r $bazelOut/external/go_sdk
rm -r $bazelOut/external/local_jdk
rm -r $bazelOut/external/bazel_gazelle_go_repository_tools/bin
# Remove Unix timestamps from go cache.
rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb}
'';
};
buildAttrs = {
dontUseCmakeConfigure = true;
dontUseGnConfigure = true;
dontUseNinjaInstall = true;
preConfigure = ''
# Make executables work, for the most part.
find $bazelOut/external -type f -executable | while read execbin; do
file "$execbin" | grep -q ': ELF .*, dynamically linked,' || continue
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
"$execbin"
done
ln -s ${bazel-gazelle}/bin $bazelOut/external/bazel_gazelle_go_repository_tools/bin
sed -i 's,#!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl
# Add paths to Nix store back.
sed -i \
-e 's,__NIXPYTHON__,${python3},' \
-e 's,__NIXSHELL__,${stdenv.shellPackage},' \
$bazelOut/external/com_github_luajit_luajit/build.py \
$bazelOut/external/local_config_sh/BUILD \
$bazelOut/external/base_pip3/BUILD.bazel
'';
installPhase = ''
install -Dm0755 bazel-bin/source/exe/envoy-static $out/bin/envoy
'';
};
removeRulesCC = false;
removeLocalConfigCc = true;
removeLocal = false;
bazelTarget = "//source/exe:envoy-static";
bazelBuildFlags = [
"-c opt"
"--spawn_strategy=standalone"
"--noexperimental_strict_action_env"
"--cxxopt=-Wno-error"
# Force use of system Java.
"--extra_toolchains=@local_jdk//:all"
"--java_runtime_version=local_jdk"
"--tool_java_runtime_version=local_jdk"
"--define=wasm=${wasmRuntime}"
] ++ (lib.optionals stdenv.isAarch64 [
# external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token
# 611 | : [end_ptr] "=&r"(end_ptr), [cpu_id] "=&r"(cpu_id),
# | ^
"--define=tcmalloc=disabled"
]);
bazelFetchFlags = [
"--define=wasm=${wasmRuntime}"
];
passthru.tests = {
envoy = nixosTests.envoy;
# tested as a core component of Pomerium
pomerium = nixosTests.pomerium;
};
meta = with lib; {
homepage = "https://envoyproxy.io";
description = "Cloud-native edge and service proxy";
license = licenses.asl20;
maintainers = with maintainers; [ lukegb ];
platforms = [ "x86_64-linux" "aarch64-linux" ];
};
}