diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/http/envoy')
5 files changed, 507 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch b/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch new file mode 100644 index 000000000000..fc10f5999233 --- /dev/null +++ b/nixpkgs/pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch @@ -0,0 +1,83 @@ +From 4a9739da420b9584d5b9582c19cf3f86a6a90609 Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown <git@lukegb.com> +Date: Fri, 12 May 2023 08:12:04 +0100 +Subject: [PATCH 1/3] nixpkgs: use system Python + +--- + bazel/python_dependencies.bzl | 11 ++++------- + bazel/repositories_extra.bzl | 16 ---------------- + 2 files changed, 4 insertions(+), 23 deletions(-) + +diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl +index ea50bf30ba..b82f374720 100644 +--- a/bazel/python_dependencies.bzl ++++ b/bazel/python_dependencies.bzl +@@ -1,27 +1,24 @@ + load("@rules_python//python:pip.bzl", "pip_parse") +-load("@python3_11//:defs.bzl", "interpreter") +-load("@envoy_toolshed//:packages.bzl", "load_packages") + + def envoy_python_dependencies(): +- # TODO(phlax): rename base_pip3 -> pip3 and remove this +- load_packages() ++ pip_parse( ++ name = "pip3", ++ requirements_lock = "@envoy_toolshed//:requirements.txt", ++ ) + pip_parse( + name = "base_pip3", +- python_interpreter_target = interpreter, + requirements_lock = "@envoy//tools/base:requirements.txt", + extra_pip_args = ["--require-hashes"], + ) + + pip_parse( + name = "dev_pip3", +- python_interpreter_target = interpreter, + requirements_lock = "@envoy//tools/dev:requirements.txt", + extra_pip_args = ["--require-hashes"], + ) + + pip_parse( + name = "fuzzing_pip3", +- python_interpreter_target = interpreter, + requirements_lock = "@rules_fuzzing//fuzzing:requirements.txt", + extra_pip_args = ["--require-hashes"], + ) +diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl +index 40d348073f..17b98b1ea1 100644 +--- a/bazel/repositories_extra.bzl ++++ b/bazel/repositories_extra.bzl +@@ -1,29 +1,13 @@ + load("@emsdk//:deps.bzl", emsdk_deps = "deps") +-load("@rules_python//python:repositories.bzl", "python_register_toolchains") + load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") + load("//bazel/external/cargo:crates.bzl", "raze_fetch_remote_crates") + load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies") + +-def _python_minor_version(python_version): +- return "_".join(python_version.split(".")[:-1]) +- +-# Python version for `rules_python` +-PYTHON_VERSION = "3.11.3" +-PYTHON_MINOR_VERSION = _python_minor_version(PYTHON_VERSION) +- + # Envoy deps that rely on a first stage of dependency loading in envoy_dependencies(). + def envoy_dependencies_extra( +- python_version = PYTHON_VERSION, + ignore_root_user_error = False): + emsdk_deps() + raze_fetch_remote_crates() + wasmtime_fetch_remote_crates() + +- # Registers underscored Python minor version - eg `python3_10` +- python_register_toolchains( +- name = "python%s" % _python_minor_version(python_version), +- python_version = python_version, +- ignore_root_user_error = ignore_root_user_error, +- ) +- + aspect_bazel_lib_dependencies() +-- +2.42.0 + diff --git a/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch b/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch new file mode 100644 index 000000000000..494b1e4e7262 --- /dev/null +++ b/nixpkgs/pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch @@ -0,0 +1,78 @@ +From 10e577a3c300f76ead5a5512f2fe970f12e46592 Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown <git@lukegb.com> +Date: Fri, 12 May 2023 08:13:21 +0100 +Subject: [PATCH 2/3] nixpkgs: use system Go + +--- + bazel/dependency_imports.bzl | 29 +---------------------------- + bazel/repositories.bzl | 3 --- + 2 files changed, 1 insertion(+), 31 deletions(-) + +diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl +index b743a1936d..afa04ef5c0 100644 +--- a/bazel/dependency_imports.bzl ++++ b/bazel/dependency_imports.bzl +@@ -18,7 +18,7 @@ load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps") + load("@com_github_chrusty_protoc_gen_jsonschema//:deps.bzl", protoc_gen_jsonschema_go_dependencies = "go_dependencies") + + # go version for rules_go +-GO_VERSION = "1.18" ++GO_VERSION = "host" + + JQ_VERSION = "1.6" + YQ_VERSION = "4.24.4" +@@ -27,7 +27,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + rules_foreign_cc_dependencies() + go_rules_dependencies() + go_register_toolchains(go_version) +- envoy_download_go_sdks(go_version) + gazelle_dependencies(go_sdk = "go_sdk") + apple_rules_dependencies() + pip_dependencies() +@@ -148,29 +147,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y + ) + + protoc_gen_jsonschema_go_dependencies() +- +-def envoy_download_go_sdks(go_version): +- go_download_sdk( +- name = "go_linux_amd64", +- goos = "linux", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_linux_arm64", +- goos = "linux", +- goarch = "arm64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_amd64", +- goos = "darwin", +- goarch = "amd64", +- version = go_version, +- ) +- go_download_sdk( +- name = "go_darwin_arm64", +- goos = "darwin", +- goarch = "arm64", +- version = go_version, +- ) +diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl +index 71667227f7..b10a47d344 100644 +--- a/bazel/repositories.bzl ++++ b/bazel/repositories.bzl +@@ -215,9 +215,6 @@ def _go_deps(skip_targets): + if "io_bazel_rules_go" not in skip_targets: + external_http_archive( + name = "io_bazel_rules_go", +- # TODO(wrowe, sunjayBhatia): remove when Windows RBE supports batch file invocation +- patch_args = ["-p1"], +- patches = ["@envoy//bazel:rules_go.patch"], + ) + external_http_archive("bazel_gazelle") + +-- +2.42.0 + diff --git a/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch b/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch new file mode 100644 index 000000000000..5a24e7e4a90d --- /dev/null +++ b/nixpkgs/pkgs/servers/http/envoy/0003-nixpkgs-use-system-C-C-toolchains.patch @@ -0,0 +1,29 @@ +From 6175deb13a2df8bd25a56021ba8754e4be445219 Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown <git@lukegb.com> +Date: Fri, 13 Oct 2023 21:42:51 +0000 +Subject: [PATCH 3/3] nixpkgs: use system C/C++ toolchains + +--- + bazel/dependency_imports.bzl | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl +index afa04ef5c0..a5ffaf4ff3 100644 +--- a/bazel/dependency_imports.bzl ++++ b/bazel/dependency_imports.bzl +@@ -24,7 +24,11 @@ JQ_VERSION = "1.6" + YQ_VERSION = "4.24.4" + + def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, yq_version = YQ_VERSION): +- rules_foreign_cc_dependencies() ++ rules_foreign_cc_dependencies( ++ register_default_tools=False, # no prebuilt toolchains ++ register_built_tools=False, # nor from source ++ register_preinstalled_tools=True, # use host tools (default) ++ ) + go_rules_dependencies() + go_register_toolchains(go_version) + gazelle_dependencies(go_sdk = "go_sdk") +-- +2.42.0 + diff --git a/nixpkgs/pkgs/servers/http/envoy/default.nix b/nixpkgs/pkgs/servers/http/envoy/default.nix new file mode 100644 index 000000000000..bb8a5e6a575c --- /dev/null +++ b/nixpkgs/pkgs/servers/http/envoy/default.nix @@ -0,0 +1,201 @@ +{ lib +, bazel_6 +, bazel-gazelle +, buildBazelPackage +, fetchFromGitHub +, fetchpatch +, stdenv +, cmake +, gn +, go +, jdk +, ninja +, patchelf +, python3 +, linuxHeaders +, nixosTests + + # v8 (upstream default), wavm, wamr, wasmtime, disabled +, wasmRuntime ? "wamr" +}: + +let + srcVer = { + # We need the commit hash, since Bazel stamps the build with it. + # However, the version string is more useful for end-users. + # These are contained in a attrset of their own to make it obvious that + # people should update both. + version = "1.27.3"; + rev = "0fd81ee7ffcd7cfc864094b24dc9b5c3ade89ff2"; + hash = "sha256-WNyyUw3517oKqMd1sJMk9CiLa/V7UrhwlRS+AWNNOOo="; + }; + + # these need to be updated for any changes to fetchAttrs + depsHash = { + x86_64-linux = "sha256-wTGHfeFkCuijPdX//lT5GPspaxZsxzBHJffH1tpVM2w="; + aarch64-linux = "sha256-9/Wem+Gk/7bFeMNFC4J3mdTm3mrNmyMxiu5oadQcovU="; + }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); +in +buildBazelPackage { + pname = "envoy"; + inherit (srcVer) version; + bazel = bazel_6; + src = fetchFromGitHub { + owner = "envoyproxy"; + repo = "envoy"; + inherit (srcVer) hash rev; + + postFetch = '' + chmod -R +w $out + rm $out/.bazelversion + echo ${srcVer.rev} > $out/SOURCE_VERSION + ''; + }; + + postPatch = '' + sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch + sed -i '/javabase=/d' .bazelrc + sed -i '/"-Werror"/d' bazel/envoy_internal.bzl + + cp ${./protobuf.patch} bazel/protobuf.patch + ''; + + patches = [ + # use system Python, not bazel-fetched binary Python + ./0001-nixpkgs-use-system-Python.patch + + # use system Go, not bazel-fetched binary Go + ./0002-nixpkgs-use-system-Go.patch + + # use system C/C++ tools + ./0003-nixpkgs-use-system-C-C-toolchains.patch + + # bump proxy-wasm-cpp-host until > 1.27.3/1.28.0 + (fetchpatch { + url = "https://github.com/envoyproxy/envoy/pull/31451.patch"; + hash = "sha256-n8k7bho3B8Gm0dJbgf43kU7ymvo15aGJ2Twi2xR450g="; + }) + ]; + + nativeBuildInputs = [ + cmake + python3 + gn + go + jdk + ninja + patchelf + ]; + + buildInputs = [ + linuxHeaders + ]; + + # external/com_github_grpc_grpc/src/core/ext/transport/binder/transport/binder_transport.cc:756:29: error: format not a string literal and no format arguments [-Werror=format-security] + hardeningDisable = [ "format" ]; + + fetchAttrs = { + sha256 = depsHash; + dontUseCmakeConfigure = true; + dontUseGnConfigure = true; + preInstall = '' + # Strip out the path to the build location (by deleting the comment line). + find $bazelOut/external -name requirements.bzl | while read requirements; do + sed -i '/# Generated from /d' "$requirements" + done + + # Remove references to paths in the Nix store. + sed -i \ + -e 's,${python3},__NIXPYTHON__,' \ + -e 's,${stdenv.shellPackage},__NIXSHELL__,' \ + $bazelOut/external/com_github_luajit_luajit/build.py \ + $bazelOut/external/local_config_sh/BUILD \ + $bazelOut/external/*_pip3/BUILD.bazel + + rm -r $bazelOut/external/go_sdk + rm -r $bazelOut/external/local_jdk + rm -r $bazelOut/external/bazel_gazelle_go_repository_tools/bin + + # Remove compiled python + find $bazelOut -name '*.pyc' -delete + + # Remove Unix timestamps from go cache. + rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb} + + # fix tcmalloc failure https://github.com/envoyproxy/envoy/issues/30838 + sed -i '/TCMALLOC_GCC_FLAGS = \[/a"-Wno-changes-meaning",' $bazelOut/external/com_github_google_tcmalloc/tcmalloc/copts.bzl + ''; + }; + buildAttrs = { + dontUseCmakeConfigure = true; + dontUseGnConfigure = true; + dontUseNinjaInstall = true; + preConfigure = '' + # Make executables work, for the most part. + find $bazelOut/external -type f -executable | while read execbin; do + file "$execbin" | grep -q ': ELF .*, dynamically linked,' || continue + patchelf \ + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ + "$execbin" + done + + ln -s ${bazel-gazelle}/bin $bazelOut/external/bazel_gazelle_go_repository_tools/bin + + sed -i 's,#!/usr/bin/env bash,#!${stdenv.shell},' $bazelOut/external/rules_foreign_cc/foreign_cc/private/framework/toolchains/linux_commands.bzl + + # Add paths to Nix store back. + sed -i \ + -e 's,__NIXPYTHON__,${python3},' \ + -e 's,__NIXSHELL__,${stdenv.shellPackage},' \ + $bazelOut/external/com_github_luajit_luajit/build.py \ + $bazelOut/external/local_config_sh/BUILD \ + $bazelOut/external/*_pip3/BUILD.bazel + ''; + installPhase = '' + install -Dm0755 bazel-bin/source/exe/envoy-static $out/bin/envoy + ''; + }; + + removeRulesCC = false; + removeLocalConfigCc = true; + removeLocal = false; + bazelTargets = [ "//source/exe:envoy-static" ]; + bazelBuildFlags = [ + "-c opt" + "--spawn_strategy=standalone" + "--noexperimental_strict_action_env" + "--cxxopt=-Wno-error" + "--linkopt=-Wl,-z,noexecstack" + + # Force use of system Java. + "--extra_toolchains=@local_jdk//:all" + "--java_runtime_version=local_jdk" + "--tool_java_runtime_version=local_jdk" + + "--define=wasm=${wasmRuntime}" + ] ++ (lib.optionals stdenv.isAarch64 [ + # external/com_github_google_tcmalloc/tcmalloc/internal/percpu_tcmalloc.h:611:9: error: expected ':' or '::' before '[' token + # 611 | : [end_ptr] "=&r"(end_ptr), [cpu_id] "=&r"(cpu_id), + # | ^ + "--define=tcmalloc=disabled" + ]); + bazelFetchFlags = [ + "--define=wasm=${wasmRuntime}" + ]; + + passthru.tests = { + envoy = nixosTests.envoy; + # tested as a core component of Pomerium + pomerium = nixosTests.pomerium; + }; + + meta = with lib; { + homepage = "https://envoyproxy.io"; + changelog = "https://github.com/envoyproxy/envoy/releases/tag/v${version}"; + description = "Cloud-native edge and service proxy"; + mainProgram = "envoy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/servers/http/envoy/protobuf.patch b/nixpkgs/pkgs/servers/http/envoy/protobuf.patch new file mode 100644 index 000000000000..dc7026350316 --- /dev/null +++ b/nixpkgs/pkgs/servers/http/envoy/protobuf.patch @@ -0,0 +1,116 @@ +diff --git a/BUILD.bazel b/BUILD.bazel +index 637882c49..2cb08f1b0 100644 +--- a/BUILD.bazel ++++ b/BUILD.bazel +@@ -165,6 +165,8 @@ alias( + visibility = ["//visibility:public"], + ) + ++# Envoy: Patch ++ + cc_binary( + name = "protoc", + copts = COPTS, +@@ -173,6 +175,14 @@ cc_binary( + deps = ["//src/google/protobuf/compiler:protoc_lib"], + ) + ++alias( ++ name = "protobuf_python_genproto", ++ actual = "//python:well_known_types_py_pb2_genproto", ++ visibility = ["//visibility:public"], ++) ++ ++# /Envoy: Patch ++ + cc_binary( + name = "protoc_static", + copts = COPTS, +diff --git a/python/google/protobuf/__init__.py b/python/google/protobuf/__init__.py +index 88de4cf8a..b3e046997 100755 +--- a/python/google/protobuf/__init__.py ++++ b/python/google/protobuf/__init__.py +@@ -31,3 +31,10 @@ + # Copyright 2007 Google Inc. All Rights Reserved. + + __version__ = '4.23.1' ++ ++ ++if __name__ != '__main__': ++ try: ++ __import__('pkg_resources').declare_namespace(__name__) ++ except ImportError: ++ __path__ = __import__('pkgutil').extend_path(__path__, __name__) +diff --git a/src/google/protobuf/compiler/BUILD.bazel b/src/google/protobuf/compiler/BUILD.bazel +index a2171c806..8aec6187f 100644 +--- a/src/google/protobuf/compiler/BUILD.bazel ++++ b/src/google/protobuf/compiler/BUILD.bazel +@@ -306,7 +306,7 @@ cc_library( + srcs = ["retention.cc"], + hdrs = ["retention.h"], + include_prefix = "google/protobuf/compiler", +- visibility = ["//src/google/protobuf:__subpackages__"], ++ visibility = ["//visibility:public"], + deps = [ + "//src/google/protobuf:protobuf_nowkt", + "@com_google_absl//absl/types:span", +diff --git a/src/google/protobuf/io/BUILD.bazel b/src/google/protobuf/io/BUILD.bazel +index 8f39625c2..2c2c73dcd 100644 +--- a/src/google/protobuf/io/BUILD.bazel ++++ b/src/google/protobuf/io/BUILD.bazel +@@ -142,7 +142,7 @@ cc_library( + "@com_google_absl//absl/log:absl_log", + ] + select({ + "//build_defs:config_msvc": [], +- "//conditions:default": ["@zlib//:zlib"], ++ "//conditions:default": ["//external:zlib"], + }), + ) + +diff --git a/src/google/protobuf/map.h b/src/google/protobuf/map.h +index 869ebf100..fec92e2b1 100644 +--- a/src/google/protobuf/map.h ++++ b/src/google/protobuf/map.h +@@ -883,7 +883,7 @@ class KeyMapBase : public UntypedMapBase { + TreeConvert(b); + } + ABSL_DCHECK(TableEntryIsTree(b)) +- << (void*)table_[b] << " " << (uintptr_t)table_[b]; ++ << reinterpret_cast<void*>(table_[b]) << " " << static_cast<uintptr_t>(table_[b]); + InsertUniqueInTree(b, node); + index_of_first_non_null_ = (std::min)(index_of_first_non_null_, b); + } +diff --git a/src/google/protobuf/map_field.h b/src/google/protobuf/map_field.h +index 70b12b1e7..b8f46db45 100644 +--- a/src/google/protobuf/map_field.h ++++ b/src/google/protobuf/map_field.h +@@ -345,7 +345,7 @@ class PROTOBUF_EXPORT MapFieldBase : public MapFieldBaseForParse { + + protected: + // "protected" stops users from deleting a `MapFieldBase *` +- ~MapFieldBase(); ++ virtual ~MapFieldBase(); + + public: + // Returns reference to internal repeated field. Data written using +diff --git a/src/google/protobuf/port_def.inc b/src/google/protobuf/port_def.inc +index 1c6a24945..6186c2ad1 100644 +--- a/src/google/protobuf/port_def.inc ++++ b/src/google/protobuf/port_def.inc +@@ -1004,7 +1004,7 @@ static_assert(PROTOBUF_ABSL_MIN(20230125, 3), + #pragma clang diagnostic ignored "-Wshorten-64-to-32" + // Turn on -Wdeprecated-enum-enum-conversion. This deprecation comes in C++20 + // via http://wg21.link/p1120r0. +-#pragma clang diagnostic error "-Wdeprecated-enum-enum-conversion" ++// #pragma clang diagnostic error "-Wdeprecated-enum-enum-conversion" + // This error has been generally flaky, but we need to disable it specifically + // to fix https://github.com/protocolbuffers/protobuf/issues/12313 + #pragma clang diagnostic ignored "-Wunused-parameter" +@@ -1062,6 +1062,7 @@ static_assert(PROTOBUF_ABSL_MIN(20230125, 3), + #pragma warning(disable: 4125) + #endif + ++#pragma GCC diagnostic ignored "-Wundef" + #if PROTOBUF_ENABLE_DEBUG_LOGGING_MAY_LEAK_PII + #define PROTOBUF_DEBUG true + #else |