0a087095ac
To do this, this commit does several things: * Move the set-interpreter patching to outside the fixed-output derivation * Patch base_pip3/BUILD.bazel, which ends up getting Python's full path * Drop local_jdk, which contains symlinks to our jdk input * Drop bazel_gazelle_go_repository_tools, which contains built artifacts using our go ...and updates the FOD hash to match. Checked that this appears to remove the currently obvious FOD problems by checking out an older nixpkgs commit and applying this on top, and verifying that the FOD hash doesn't change between that older glibc and the current tip-of-tree. This also disables tcmalloc on ARM because I couldn't get this to build properly otherwise.
182 lines
5.3 KiB
Nix
182 lines
5.3 KiB
Nix
{ lib
|
|
, bazel_5
|
|
, bazel-gazelle
|
|
, buildBazelPackage
|
|
, fetchFromGitHub
|
|
, stdenv
|
|
, cmake
|
|
, gn
|
|
, go
|
|
, jdk
|
|
, ninja
|
|
, patchelf
|
|
, python3
|
|
, linuxHeaders
|
|
, nixosTests
|
|
|
|
# v8 (upstream default), wavm, wamr, wasmtime, disabled
|
|
, wasmRuntime ? "wamr"
|
|
}:
|
|
|
|
let
|
|
srcVer = {
|
|
# We need the commit hash, since Bazel stamps the build with it.
|
|
# However, the version string is more useful for end-users.
|
|
# These are contained in a attrset of their own to make it obvious that
|
|
# people should update both.
|
|
version = "1.23.1";
|
|
rev = "edd69583372955fdfa0b8ca3820dd7312c094e46";
|
|
};
|
|
in
|
|
buildBazelPackage rec {
|
|
pname = "envoy";
|
|
inherit (srcVer) version;
|
|
bazel = bazel_5;
|
|
src = fetchFromGitHub {
|
|
owner = "envoyproxy";
|
|
repo = "envoy";
|
|
inherit (srcVer) rev;
|
|
sha256 = "sha256:157dbmp479xv5507n48yibvlgi2ac0l3sl9rzm28cm9lhzwva3k0";
|
|
|
|
postFetch = ''
|
|
chmod -R +w $out
|
|
rm $out/.bazelversion
|
|
echo ${srcVer.rev} > $out/SOURCE_VERSION
|
|
sed -i 's/GO_VERSION = ".*"/GO_VERSION = "host"/g' $out/bazel/dependency_imports.bzl
|
|
'';
|
|
};
|
|
|
|
postPatch = ''
|
|
sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch
|
|
sed -i '/javabase=/d' .bazelrc
|
|
sed -i '/"-Werror"/d' bazel/envoy_internal.bzl
|
|
|
|
# Use system Python.
|
|
sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl
|
|
'';
|
|
|
|
patches = [
|
|
# fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter)
|
|
./bump-brotli.patch
|
|
|
|
# fix linux-aarch64 WAMR builds
|
|
# (upstream WAMR only detects aarch64 on Darwin, not Linux)
|
|
./fix-aarch64-wamr.patch
|
|
|
|
# use system Python, not bazel-fetched binary Python
|
|
./use-system-python.patch
|
|
];
|
|
|
|
nativeBuildInputs = [
|
|
cmake
|
|
python3
|
|
gn
|
|
go
|
|
jdk
|
|
ninja
|
|
patchelf
|
|
];
|
|
|
|
buildInputs = [
|
|
linuxHeaders
|
|
];
|
|
|
|
fetchAttrs = {
|
|
sha256 = {
|
|
x86_64-linux = "10f1lcn8pynqcj2hlz100zbpmawvn0f2hwpcw3m9v6v3fcs2l6pr";
|
|
aarch64-linux = "1na7gna9563mm1y7sy34fh64f1kxz151xn26zigbi9amwcpjbav6";
|
|
}.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
|
|
dontUseCmakeConfigure = true;
|
|
dontUseGnConfigure = true;
|
|
preInstall = ''
|
|
# Strip out the path to the build location (by deleting the comment line).
|
|
find $bazelOut/external -name requirements.bzl | while read requirements; do
|
|
sed -i '/# Generated from /d' "$requirements"
|
|
done
|
|
|
|
# Remove references to paths in the Nix store.
|
|
sed -i \
|
|
-e 's,${python3},__NIXPYTHON__,' \
|
|
-e 's,${stdenv.shellPackage},__NIXSHELL__,' \
|
|
$bazelOut/external/com_github_luajit_luajit/build.py \
|
|
$bazelOut/external/local_config_sh/BUILD \
|
|
$bazelOut/external/base_pip3/BUILD.bazel
|
|
|
|
rm -r $bazelOut/external/go_sdk
|
|
rm -r $bazelOut/external/local_jdk
|
|
rm -r $bazelOut/external/bazel_gazelle_go_repository_tools/bin
|
|
|
|
# Remove Unix timestamps from go cache.
|
|
rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb}
|
|
'';
|
|
};
|
|
buildAttrs = {
|
|
dontUseCmakeConfigure = true;
|
|
dontUseGnConfigure = true;
|
|
dontUseNinjaInstall = true;
|
|
preConfigure = ''
|
|
# Make executables work, for the most part.
|
|
find $bazelOut/external -type f -executable | while read execbin; do
|
|
file "$execbin" | grep -q ': ELF .*, dynamically linked,' || continue
|
|
patchelf \
|
|
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
|
|
"$execbin"
|
|
done
|
|
|
|
ln -s ${bazel-gazelle}/bin $bazelOut/external/bazel_gazelle_go_repository_tools/bin
|
|
|
|
sed -i 's,#!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl
|
|
|
|
# Add paths to Nix store back.
|
|
sed -i \
|
|
-e 's,__NIXPYTHON__,${python3},' \
|
|
-e 's,__NIXSHELL__,${stdenv.shellPackage},' \
|
|
$bazelOut/external/com_github_luajit_luajit/build.py \
|
|
$bazelOut/external/local_config_sh/BUILD \
|
|
$bazelOut/external/base_pip3/BUILD.bazel
|
|
'';
|
|
installPhase = ''
|
|
install -Dm0755 bazel-bin/source/exe/envoy-static $out/bin/envoy
|
|
'';
|
|
};
|
|
|
|
removeRulesCC = false;
|
|
removeLocalConfigCc = true;
|
|
removeLocal = false;
|
|
bazelTarget = "//source/exe:envoy-static";
|
|
bazelBuildFlags = [
|
|
"-c opt"
|
|
"--spawn_strategy=standalone"
|
|
"--noexperimental_strict_action_env"
|
|
"--cxxopt=-Wno-error"
|
|
|
|
# Force use of system Java.
|
|
"--extra_toolchains=@local_jdk//:all"
|
|
"--java_runtime_version=local_jdk"
|
|
"--tool_java_runtime_version=local_jdk"
|
|
|
|
"--define=wasm=${wasmRuntime}"
|
|
] ++ (lib.optionals stdenv.isAarch64 [
|
|
# external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token
|
|
# 611 | : [end_ptr] "=&r"(end_ptr), [cpu_id] "=&r"(cpu_id),
|
|
# | ^
|
|
"--define=tcmalloc=disabled"
|
|
]);
|
|
bazelFetchFlags = [
|
|
"--define=wasm=${wasmRuntime}"
|
|
];
|
|
|
|
passthru.tests = {
|
|
envoy = nixosTests.envoy;
|
|
# tested as a core component of Pomerium
|
|
pomerium = nixosTests.pomerium;
|
|
};
|
|
|
|
meta = with lib; {
|
|
homepage = "https://envoyproxy.io";
|
|
description = "Cloud-native edge and service proxy";
|
|
license = licenses.asl20;
|
|
maintainers = with maintainers; [ lukegb ];
|
|
platforms = [ "x86_64-linux" "aarch64-linux" ];
|
|
};
|
|
}
|