pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #27629 from cstrahan/envoy-staged

Envoy: init at 1.3.0

authored by Charles Strahan and committed by GitHub c1d8a84d 670e1e51

+473 -26
unified split
+30
pkgs/development/libraries/backward-cpp/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub }: 2 + 3 + stdenv.mkDerivation rec { 4 + name = "backward-${version}"; 5 + version = "1.3"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "bombela"; 9 + repo = "backward-cpp"; 10 + rev = "v${version}"; 11 + sha256 = "1nx77qamal53rq8qxsjzax6ljawb345a1v3cqmfwa0hx26srxcln"; 12 + }; 13 + 14 + installPhase = '' 15 + runHook preInstall 16 + 17 + mkdir -p $out/include 18 + cp backward.hpp $out/include 19 + 20 + runHook postInstall 21 + ''; 22 + 23 + meta = with lib; { 24 + description = "Beautiful stack trace pretty printer for C++"; 25 + homepage = "https://github.com/bombela/backward-cpp"; 26 + license = licenses.mit; 27 + platforms = platforms.linux; 28 + maintainers = with maintainers; [ cstrahan ]; 29 + }; 30 + }
+10 -5
pkgs/development/libraries/boringssl/default.nix
··· 1 1 { stdenv, fetchgit, cmake, perl, go }: 2 2 3 + # reference: https://boringssl.googlesource.com/boringssl/+/2661/BUILDING.md 3 4 stdenv.mkDerivation rec { 4 5 name = "boringssl-${version}"; 5 - version = "2016-03-08"; 6 + version = "2017-02-23"; 6 7 7 8 src = fetchgit { 8 9 url = "https://boringssl.googlesource.com/boringssl"; 9 - rev = "bfb38b1a3c5e37d43188bbd02365a87bebc8d122"; 10 - sha256 = "0bm7vqg3bk716xmw2af99p44zizfhknq9z3cphf7klfdrr7ibqm5"; 10 + rev = "be2ee342d3781ddb954f91f8a7e660c6f59e87e5"; 11 + sha256 = "022zq7wlkhrg6al7drr3555lam3zw5bb10ylf9mznp83s854f975"; 11 12 }; 12 13 13 14 buildInputs = [ cmake perl go ]; ··· 17 18 installPhase = '' 18 19 mkdir -p $out/bin $out/include $out/lib 19 20 20 - mv tool/bssl $out/bin 21 - mv ssl/libssl.a $out/lib 21 + mv tool/bssl $out/bin 22 + 23 + mv ssl/libssl.a $out/lib 24 + mv crypto/libcrypto.a $out/lib 25 + mv decrepit/libdecrepit.a $out/lib 26 + 22 27 mv ../include/openssl $out/include 23 28 ''; 24 29
+3 -17
pkgs/development/libraries/libevent/default.nix
··· 1 1 { stdenv, fetchurl, openssl, findutils }: 2 2 3 - let version = "2.0.22"; in 4 - stdenv.mkDerivation { 3 + stdenv.mkDerivation rec { 5 4 name = "libevent-${version}"; 5 + version = "2.1.8"; 6 6 7 7 src = fetchurl { 8 8 url = "https://github.com/libevent/libevent/releases/download/release-${version}-stable/libevent-${version}-stable.tar.gz"; 9 - sha256 = "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"; 9 + sha256 = "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n"; 10 10 }; 11 - 12 - prePatch = let 13 - # https://lwn.net/Vulnerabilities/714581/ 14 - debian = fetchurl { 15 - url = "http://http.debian.net/debian/pool/main/libe/libevent/" 16 - + "libevent_2.0.21-stable-3.debian.tar.xz"; 17 - sha256 = "0b2syswiq3cvfbdvi4lbca15c31lilxnahax4a4b4qxi5fcab7h5"; 18 - }; 19 - in '' 20 - tar xf '${debian}' 21 - patches="$patches $(cat debian/patches/series | grep -v '^$\|^#' \ 22 - | grep -v '^20d6d445.patch' \ 23 - | grep -v '^dh-autoreconf' | sed 's|^|debian/patches/|')" 24 - ''; 25 11 26 12 # libevent_openssl is moved into its own output, so that openssl isn't present 27 13 # in the default closure.
+52
pkgs/development/libraries/lightstep-tracer-cpp/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub, pkgconfig, protobuf3_2, automake 2 + , autoreconfHook, zlib 3 + , enableGrpc ? false 4 + }: 5 + 6 + let 7 + # be sure to use the right revision based on the submodule! 8 + common = 9 + fetchFromGitHub { 10 + owner = "lightstep"; 11 + repo = "lightstep-tracer-common"; 12 + rev = "fe1f65f4a221746f9fffe8bf544c81d4e1b8aded"; 13 + sha256 = "1qqpjxfrjmhnhs15nhbfv28fsgzi57vmfabxlzc99j4vl78h5iln"; 14 + }; 15 + 16 + in 17 + 18 + stdenv.mkDerivation rec { 19 + name = "lightstep-tracer-cpp-${version}"; 20 + version = "0.36"; 21 + 22 + src = fetchFromGitHub { 23 + owner = "lightstep"; 24 + repo = "lightstep-tracer-cpp"; 25 + rev = "v0_36"; 26 + sha256 = "1sfj91bn7gw7fga7xawag076c8j9l7kiwhm4x3zh17qhycmaqq16"; 27 + }; 28 + 29 + postUnpack = '' 30 + cp -r ${common}/* $sourceRoot/lightstep-tracer-common 31 + ''; 32 + 33 + preConfigure = lib.optionalString (!enableGrpc) '' 34 + configureFlagsArray+=("--disable-grpc") 35 + ''; 36 + 37 + nativeBuildInputs = [ 38 + pkgconfig automake autoreconfHook 39 + ]; 40 + 41 + buildInputs = [ 42 + protobuf3_2 zlib 43 + ]; 44 + 45 + meta = with lib; { 46 + description = "Distributed tracing system built on top of the OpenTracing standard"; 47 + homepage = "http://lightstep.com/"; 48 + license = licenses.mit; 49 + platforms = platforms.linux; 50 + maintainers = with maintainers; [ cstrahan ]; 51 + }; 52 + }
+23
pkgs/development/libraries/rapidjson/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub, pkgconfig, cmake }: 2 + 3 + stdenv.mkDerivation rec { 4 + name = "rapidjson-${version}"; 5 + version = "1.1.0"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "miloyip"; 9 + repo = "rapidjson"; 10 + rev = "v${version}"; 11 + sha256 = "1jixgb8w97l9gdh3inihz7avz7i770gy2j2irvvlyrq3wi41f5ab"; 12 + }; 13 + 14 + nativeBuildInputs = [ pkgconfig cmake ]; 15 + 16 + meta = with lib; { 17 + description = "Fast JSON parser/generator for C++ with both SAX/DOM style API"; 18 + homepage = "http://rapidjson.org/"; 19 + license = licenses.mit; 20 + platforms = platforms.linux; 21 + maintainers = with maintainers; [ cstrahan ]; 22 + }; 23 + }
+3 -4
pkgs/development/libraries/spdlog/default.nix
··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 name = "spdlog-${version}"; 5 - version = stdenv.lib.strings.substring 0 7 rev; 6 - rev = "292bdc5eb4929f183c78d2c67082b715306f81c9"; 5 + version = "0.13.0"; 7 6 8 7 src = fetchFromGitHub { 9 8 owner = "gabime"; 10 9 repo = "spdlog"; 11 - inherit rev; 12 - sha256 = "1b6b0c81a8hisaibqlzj5mrk3snrfl8p5sqa056q2f02i62zksbn"; 10 + rev = "v${version}"; 11 + sha256 = "0pfagrkq6afpkl269vbi1fd6ckakzpr5b5cbapb8rr7hgsrilxza"; 13 12 }; 14 13 15 14 buildInputs = [ cmake ];
+303
pkgs/tools/networking/envoy/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub, pkgconfig, bazel, c-ares, backward-cpp 2 + , libevent, gtest, gperftools, http-parser, lightstep-tracer-cpp 3 + , nghttp2, protobuf3_2, tclap, rapidjson, spdlog, boringssl, buildEnv 4 + }: 5 + 6 + let 7 + protobuf_bzl = 8 + fetchFromGitHub { 9 + owner = "htuch"; 10 + repo = "protobuf"; 11 + rev = "d490587268931da78c942a6372ef57bb53db80da"; 12 + sha256 = "100494s66xclw88bdnpb6d386vgw0gwz90sni37q7fqmi9w99z6v"; 13 + }; 14 + 15 + # Based on ci/prebuilt/BUILD 16 + # 17 + # The paths have been fixed up, and the static archives have been replaced 18 + # with dynamic libraries where presently possible. 19 + # 20 + # At the moment, this doesn't _need_ to be a map that we dynamically create a 21 + # BUILD file from (we could instead just include the contents directly); 22 + # however, this sets us up to be ready if we (or upstream) decide to split 23 + # things into multiple bazel repos, instead of one. 24 + ccTargets = { 25 + ares = { 26 + pkg = c-ares; 27 + srcs = ''["lib/libcares.so"]''; 28 + hdrs = ''glob(["include/ares*.h"])''; 29 + includes = ''["include"]''; 30 + }; 31 + 32 + backward = { 33 + pkg = backward-cpp; 34 + hdrs = ''["include/backward.hpp"]''; 35 + includes = ''["include"]''; 36 + }; 37 + 38 + crypto = { 39 + pkg = boringssl; 40 + srcs = ''["lib/libcrypto.a"]''; 41 + hdrs = ''glob(["include/openssl/**/*.h"])''; 42 + includes = ''["include"]''; 43 + }; 44 + 45 + event = { 46 + pkg = libevent; 47 + srcs = ''["lib/libevent.so"]''; 48 + hdrs = ''glob(["include/event2/**/*.h"])''; 49 + includes = ''["include"]''; 50 + }; 51 + 52 + event_pthreads = { 53 + pkg = libevent; 54 + srcs = ''["lib/libevent_pthreads.so"]''; 55 + deps = ''[":event"]''; 56 + }; 57 + 58 + googletest = { 59 + pkg = gtest; 60 + srcs = ''[ "lib/libgmock.so", "lib/libgtest.so" ]''; 61 + hdrs = ''glob(["include/gmock/**/*.h", "include/gtest/**/*.h"])''; 62 + includes = ''["include"]''; 63 + }; 64 + 65 + http_parser = { 66 + pkg = http-parser; 67 + srcs = ''["lib/libhttp_parser.so"]''; 68 + hdrs = ''glob(["include/http_parser.h"])''; 69 + includes = ''["include"]''; 70 + }; 71 + 72 + lightstep = { 73 + pkg = lightstep-tracer-cpp; 74 + srcs = ''["lib/liblightstep_core_cxx11.a"]''; 75 + hdrs = ''glob([ "include/lightstep/**/*.h", "include/mapbox_variant/**/*.hpp" ]) + [ "include/collector.pb.h", "include/lightstep_carrier.pb.h" ]''; 76 + includes = ''["include"]''; 77 + deps = ''[":protobuf"]''; 78 + }; 79 + 80 + nghttp2 = { 81 + pkg = nghttp2; 82 + srcs = ''["lib/libnghttp2.so"]''; 83 + hdrs = ''glob(["include/nghttp2/**/*.h"])''; 84 + includes = ''["include"]''; 85 + }; 86 + 87 + protobuf = { 88 + pkg = protobuf3_2; 89 + srcs = ''glob(["lib/libproto*.so"])''; 90 + hdrs = ''glob(["include/google/protobuf/**/*.h"])''; 91 + includes = ''["include"]''; 92 + }; 93 + 94 + rapidjson = { 95 + pkg = rapidjson; 96 + hdrs = ''glob(["include/rapidjson/**/*.h"])''; 97 + includes = ''["include"]''; 98 + }; 99 + 100 + spdlog = { 101 + pkg = spdlog; 102 + name = "spdlog"; 103 + hdrs = ''glob([ "include/spdlog/**/*.cc", "include/spdlog/**/*.h" ])''; 104 + includes = ''["include"]''; 105 + }; 106 + 107 + ssl = { 108 + pkg = boringssl; 109 + srcs = ''["lib/libssl.a"]''; 110 + deps = ''[":crypto"]''; 111 + }; 112 + 113 + tclap = { 114 + pkg = tclap; 115 + hdrs = ''glob(["include/tclap/**/*.h"])''; 116 + includes = ''["include"]''; 117 + }; 118 + 119 + tcmalloc_and_profiler = { 120 + pkg = gperftools; 121 + srcs = ''["lib/libtcmalloc_and_profiler.so"]''; 122 + hdrs = ''glob(["include/gperftools/**/*.h"])''; 123 + strip_include_prefix = ''"include"''; 124 + }; 125 + }; 126 + 127 + # Generate the BUILD file. 128 + buildFile = 129 + let field = name: attrs: 130 + if attrs ? "${name}" then " ${name} = ${attrs.${name}},\n" else ""; 131 + in 132 + '' 133 + licenses(["notice"]) # Apache 2 134 + 135 + package(default_visibility = ["//visibility:public"]) 136 + 137 + '' + 138 + lib.concatStringsSep "\n\n" ( 139 + lib.mapAttrsToList (name: value: 140 + "cc_library(\n" 141 + + " name = \"${name}\",\n" 142 + + field "srcs" value 143 + + field "hdrs" value 144 + + field "deps" value 145 + + field "includes" value 146 + + field "strip_include_prefix" value 147 + + ")" 148 + ) ccTargets 149 + ) + '' 150 + 151 + filegroup( 152 + name = "protoc", 153 + srcs = ["bin/protoc"], 154 + ) 155 + ''; 156 + 157 + workspaceFile = 158 + '' 159 + workspace(name = "nix") 160 + 161 + load("//bazel:repositories.bzl", "envoy_dependencies") 162 + load("//bazel:cc_configure.bzl", "cc_configure") 163 + 164 + new_local_repository( 165 + name = "nix_envoy_deps", 166 + path = "${repoEnv}", 167 + build_file = "nix_envoy_deps.BUILD" 168 + ) 169 + 170 + envoy_dependencies( 171 + path = "@nix_envoy_deps//", 172 + skip_protobuf_bzl = True, 173 + ) 174 + 175 + new_local_repository( 176 + name = "protobuf_bzl", 177 + path = "${protobuf_bzl}", 178 + # We only want protobuf.bzl, so don't support building out of this repo. 179 + build_file_content = "", 180 + ) 181 + 182 + cc_configure() 183 + ''; 184 + 185 + # The tree we'll use for our new_local_repository in our generated WORKSPACE. 186 + repoEnv = buildEnv { 187 + name = "repo-env"; 188 + paths = lib.concatMap (p: 189 + lib.unique [(lib.getBin p) (lib.getLib p) (lib.getDev p)] 190 + ) allDeps; 191 + }; 192 + 193 + rpath = stdenv.lib.makeLibraryPath (allDeps ++ [ stdenv.cc.cc ]); 194 + 195 + allDeps = [ 196 + c-ares 197 + backward-cpp 198 + libevent 199 + gtest 200 + gperftools 201 + http-parser 202 + lightstep-tracer-cpp 203 + nghttp2 204 + protobuf3_2 205 + tclap 206 + rapidjson 207 + spdlog 208 + boringssl 209 + ]; 210 + 211 + # Envoy checks at runtime that the git sha is valid, 212 + # so we really can't avoid putting some sort of sha here. 213 + rev = "3afc7712a04907ffd25ed497626639febfe65735"; 214 + 215 + in 216 + 217 + stdenv.mkDerivation rec { 218 + name = "envoy-${version}"; 219 + version = "1.3.0"; 220 + 221 + src = fetchFromGitHub { 222 + owner = "lyft"; 223 + repo = "envoy"; 224 + rev = "v${version}"; 225 + sha256 = "0j1c9lyvncyhiq3kyhx91ckcjd2h68x56js7xb6ni6bzxinv6zb6"; 226 + }; 227 + 228 + nativeBuildInputs = [ 229 + pkgconfig bazel 230 + ]; 231 + 232 + buildInputs = allDeps; 233 + 234 + patches = [ ./nixos.patch ]; 235 + 236 + hardeningDisable = "all"; 237 + dontPatchELF = true; 238 + dontStrip = true; 239 + 240 + # set up our workspace, 241 + # and prevent an error where bazel/get_workspace_status tries to determine the 242 + # version by invoking git. 243 + postUnpack = '' 244 + cat <<'EOF' > $sourceRoot/WORKSPACE 245 + ${workspaceFile} 246 + EOF 247 + 248 + cat <<'EOF' > $sourceRoot/nix_envoy_deps.BUILD 249 + ${buildFile} 250 + EOF 251 + 252 + cat <<'EOF' > $sourceRoot/bazel/get_workspace_status 253 + #!${stdenv.shell} 254 + echo "BUILD_SCM_REVISION ${rev}" 255 + echo "BUILD_SCM_STATUS Modified" 256 + EOF 257 + ''; 258 + 259 + buildPhase = '' 260 + runHook preBuild 261 + 262 + mkdir .home 263 + export HOME=$PWD/.home 264 + 265 + BAZEL_OPTIONS="--package_path %workspace%:$PWD" 266 + BAZEL_BUILD_OPTIONS="\ 267 + --strategy=Genrule=standalone \ 268 + --spawn_strategy=standalone \ 269 + --verbose_failures \ 270 + $BAZEL_OPTIONS \ 271 + --action_env=HOME \ 272 + --action_env=PYTHONUSERBASE \ 273 + --show_task_finish" 274 + 275 + bazel \ 276 + --batch \ 277 + build \ 278 + -s --verbose_failures \ 279 + --experimental_ui \ 280 + $BAZEL_BUILD_OPTIONS \ 281 + -c opt \ 282 + //source/exe:envoy-static 283 + 284 + exe=bazel-bin/source/exe/envoy-static 285 + chmod +w $exe 286 + patchelf --set-rpath ${rpath} $exe 287 + 288 + runHook postBuild 289 + ''; 290 + 291 + installPhase = '' 292 + mkdir -p $out/bin 293 + mv $exe $out/bin/envoy 294 + ''; 295 + 296 + meta = with lib; { 297 + description = "L7 proxy and communication bus designed for large modern service oriented architectures"; 298 + homepage = "https://lyft.github.io/envoy/"; 299 + license = licenses.asl20; 300 + platforms = platforms.linux; 301 + maintainers = with maintainers; [ cstrahan ]; 302 + }; 303 + }
+41
pkgs/tools/networking/envoy/nixos.patch
··· 1 + diff --git a/bazel/cc_configure.bzl b/bazel/cc_configure.bzl 2 + index 8a7a69c4f..75526520c 100644 3 + --- a/bazel/cc_configure.bzl 4 + +++ b/bazel/cc_configure.bzl 5 + @@ -292,6 +292,8 @@ def _crosstool_content(repository_ctx, cc, cpu_value, darwin): 6 + "-fstack-protector", 7 + # All warnings are enabled. Maybe enable -Werror as well? 8 + "-Wall", 9 + + 10 + + "-Wno-error=strict-aliasing" 11 + # Enable a few more warnings that aren't part of -Wall. 12 + ] + (["-Wthread-safety", "-Wself-assign"] if darwin else [ 13 + "-B" + str(repository_ctx.path(cc).dirname), 14 + @@ -365,10 +367,6 @@ def _opt_content(darwin): 15 + # Profile first and / or use FDO if you need better performance than this. 16 + "-O2", 17 + 18 + - # Security hardening on by default. 19 + - # Conservative choice; -D_FORTIFY_SOURCE=2 may be unsafe in some cases. 20 + - "-D_FORTIFY_SOURCE=1", 21 + - 22 + # Disable assertions 23 + "-DNDEBUG", 24 + 25 + diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl 26 + index f17671035..7938047bd 100644 27 + --- a/bazel/envoy_build_system.bzl 28 + +++ b/bazel/envoy_build_system.bzl 29 + @@ -131,11 +131,9 @@ def envoy_cc_binary(name, 30 + # --build-id and avoid doing the following. 31 + '-Wl,--build-id=md5', 32 + '-Wl,--hash-style=gnu', 33 + - "-static-libstdc++", 34 + - "-static-libgcc", 35 + ], 36 + testonly = testonly, 37 + - linkstatic = 1, 38 + + linkstatic = 0, 39 + visibility = visibility, 40 + malloc = tcmalloc_external_dep(repository), 41 + # See above comment on MD5 hash, this is another "force MD5 stamps" to make sure our
+8
pkgs/top-level/all-packages.nix
··· 1816 1816 1817 1817 entr = callPackage ../tools/misc/entr { }; 1818 1818 1819 + envoy = callPackage ../tools/networking/envoy { }; 1820 + 1819 1821 eot_utilities = callPackage ../tools/misc/eot-utilities { }; 1820 1822 1821 1823 eplot = callPackage ../tools/graphics/eplot { }; ··· 7469 7471 7470 7472 babl = callPackage ../development/libraries/babl { }; 7471 7473 7474 + backward-cpp = callPackage ../development/libraries/backward-cpp { }; 7475 + 7472 7476 bctoolbox = callPackage ../development/libraries/bctoolbox { 7473 7477 mbedtls = mbedtls_1_3; 7474 7478 }; ··· 9379 9383 9380 9384 lightlocker = callPackage ../misc/screensavers/light-locker { }; 9381 9385 9386 + lightstep-tracer-cpp = callPackage ../development/libraries/lightstep-tracer-cpp { }; 9387 + 9382 9388 linenoise = callPackage ../development/libraries/linenoise { }; 9383 9389 9384 9390 linenoise-ng = callPackage ../development/libraries/linenoise-ng { }; ··· 10060 10066 range-v3 = callPackage ../development/libraries/range-v3 {}; 10061 10067 10062 10068 rabbitmq-java-client = callPackage ../development/libraries/rabbitmq-java-client {}; 10069 + 10070 + rapidjson = callPackage ../development/libraries/rapidjson {}; 10063 10071 10064 10072 raul = callPackage ../development/libraries/audio/raul { }; 10065 10073