rustPlatform.buildRustPackage: fix cross compiling auditable packages

4 files changed, 62 insertions, 2 deletions

diff --git a/pkgs/development/compilers/rust/cargo-auditable-cargo-wrapper.nix b/pkgs/development/compilers/rust/cargo-auditable-cargo-wrapper.nix
new file mode 100644
index 000000000000..3afa59739a37
--- /dev/null
+++ b/pkgs/development/compilers/rust/cargo-auditable-cargo-wrapper.nix
@@ -0,0 +1,13 @@
+{ lib, writeShellApplication, cargo, cargo-auditable }:
+
+(writeShellApplication {
+  name = "cargo";
+  runtimeInputs = [ cargo cargo-auditable ];
+  text = ''
+    CARGO_AUDITABLE_IGNORE_UNSUPPORTED=1 cargo auditable "$@"
+  '';
+}) // {
+  meta = cargo-auditable.meta // {
+    mainProgram = "cargo";
+  };
+}
diff --git a/pkgs/development/compilers/rust/cargo-auditable.nix b/pkgs/development/compilers/rust/cargo-auditable.nix
new file mode 100644
index 000000000000..1c621276021a
--- /dev/null
+++ b/pkgs/development/compilers/rust/cargo-auditable.nix
@@ -0,0 +1,40 @@
+{ lib, fetchFromGitHub, makeRustPlatform, rustc, cargo }:
+
+let
+  args = rec {
+    pname = "cargo-auditable";
+    version = "0.6.0";
+
+    src = fetchFromGitHub {
+      owner = "rust-secure-code";
+      repo = pname;
+      rev = "v${version}";
+      sha256 = "sha256-mSiEC+9QtRjWmywJnGgUqp+q8fhY0qUYrgjrAVaY114=";
+    };
+
+    cargoSha256 = "sha256-Wz5My/QxPpZVsPBUe3KHT3ttD6CTU8NCY8rhFEC+UlA=";
+
+    meta = with lib; {
+      description = "A tool to make production Rust binaries auditable";
+      homepage = "https://github.com/rust-secure-code/cargo-auditable";
+      changelog = "https://github.com/rust-secure-code/cargo-auditable/blob/v${version}/cargo-auditable/CHANGELOG.md";
+      license = with licenses; [ mit /* or */ asl20 ];
+      maintainers = with maintainers; [ figsoda ];
+    };
+  };
+
+  rustPlatform = makeRustPlatform {
+    inherit rustc;
+    cargo = cargo.override {
+      auditable = false;
+    };
+  };
+
+  bootstrap = rustPlatform.buildRustPackage (args // {
+    auditable = false;
+  });
+in
+
+rustPlatform.buildRustPackage.override { cargo-auditable = bootstrap; } (args // {
+  auditable = true; # TODO: remove when this is the default
+})
diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix
index 7a100f7ec911..42ca74c7164d 100644
--- a/pkgs/development/compilers/rust/default.nix
+++ b/pkgs/development/compilers/rust/default.nix
@@ -81,6 +81,8 @@ in
         rustPlatform = bootRustPlatform;
         inherit CoreFoundation Security;
       };
+      cargo-auditable = self.callPackage ./cargo-auditable.nix { };
+      cargo-auditable-cargo-wrapper = self.callPackage ./cargo-auditable-cargo-wrapper.nix { };
       clippy = self.callPackage ./clippy.nix { inherit Security; };
     });
   };
diff --git a/pkgs/development/compilers/rust/make-rust-platform.nix b/pkgs/development/compilers/rust/make-rust-platform.nix
index fcfd02dcf6cd..25a692565db3 100644
--- a/pkgs/development/compilers/rust/make-rust-platform.nix
+++ b/pkgs/development/compilers/rust/make-rust-platform.nix
@@ -1,6 +1,11 @@
 { buildPackages, callPackage, stdenv, runCommand }@prev:
 
-{ rustc, cargo, stdenv ? prev.stdenv, ... }:
+{ rustc
+, cargo
+, cargo-auditable ? null
+, stdenv ? prev.stdenv
+, ...
+}:
 
 rec {
   rust = {
@@ -14,7 +19,7 @@ rec {
 
   buildRustPackage = callPackage ../../../build-support/rust/build-rust-package {
     inherit stdenv cargoBuildHook cargoCheckHook cargoInstallHook cargoNextestHook cargoSetupHook
-      fetchCargoTarball importCargoLock rustc;
+      fetchCargoTarball importCargoLock rustc cargo cargo-auditable;
   };
 
   importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix { inherit cargo; };