diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5a66e9f --- /dev/null +++ b/flake.lock @@ -0,0 +1,160 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1696331477, + "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1707650010, + "narHash": "sha256-dOhphIA4MGrH4ElNCy/OlwmN24MsnEqFjRR6+RY7jZw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixsgx-flake": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "snowfall-lib": "snowfall-lib" + }, + "locked": { + "lastModified": 1707314146, + "narHash": "sha256-NcqWVXkGBautT44YcQgZdVK1Vwqop1V8nDoPEzKr0uE=", + "owner": "matter-labs", + "repo": "nixsgx", + "rev": "e3bbd5415eb845c8857dd0963febcef71866cd4a", + "type": "github" + }, + "original": { + "owner": "matter-labs", + "repo": "nixsgx", + "type": "github" + } + }, + "root": { + "inputs": { + "gitignore": "gitignore", + "nixpkgs": "nixpkgs", + "nixsgx-flake": "nixsgx-flake" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils-plus": "flake-utils-plus", + "nixpkgs": [ + "nixsgx-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696432959, + "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 34f43fc..798a841 100644 --- a/flake.nix +++ b/flake.nix @@ -3,30 +3,37 @@ inputs = { # for libsgx-dcap-quote-verify - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; - mynixpkgs.url = - "github:haraldh/nixpkgs/intel-dcap-openssl"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + nixsgx-flake = { + url = "github:matter-labs/nixsgx"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + gitignore = { url = "github:hercules-ci/gitignore.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, gitignore, mynixpkgs, ... }: + outputs = { self, nixpkgs, gitignore, nixsgx-flake, ... }: let system = "x86_64-linux"; - pkgs = import nixpkgs { inherit system; }; - mypkgs = import mynixpkgs { inherit system; }; + pkgs = import nixpkgs { inherit system; overlays = [ nixsgx-flake.overlays.default ]; }; bin = pkgs.buildGoModule { - buildInputs = with mypkgs; [ sgx-sdk libsgx-dcap-quote-verify ]; + buildInputs = with pkgs; [ + nixsgx.sgx-sdk + nixsgx.sgx-dcap + nixsgx.sgx-dcap.quote_verify + ]; CGO_CFLAGS = - "-I${mypkgs.libsgx-dcap-quote-verify.dev}/include -I${mypkgs.sgx-sdk}/include"; - LDFLAGS = "-L${mypkgs.libsgx-dcap-quote-verify.dev}/lib"; + "-I${pkgs.nixsgx.sgx-dcap}/include -I${pkgs.nixsgx.sgx-sdk}/include"; + LDFLAGS = "-L${pkgs.nixsgx.sgx-dcap}/lib"; name = "vault-auth-tee"; src = gitignore.lib.gitignoreSource ./.; - vendorSha256 = "sha256-9l1EVnWIJ+FdIcEic14M/B2BLD/Ffj+dCkompa06KJQ="; + vendorHash = "sha256-xYLgfLYzi5N/+jhMo/ynR0EXO8hVJuYqy/6PdMaRHNU="; }; dockerImage = pkgs.dockerTools.buildImage { name = "vault-auth-tee";