diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2021-12-07 15:04:09 +0000 |
|---|---|---|
| committer | Luke Granger-Brown <git@lukegb.com> | 2021-12-07 15:04:09 +0000 |
| commit | 74560e35e5c8ada70bb170be352d8996160f7be3 (patch) | |
| tree | 7a84d5a5334a7228be5427609ae7f6897206f300 /pkgs/servers/http | |
| parent | 4099f938597110708889eed18e81511fdfecc1db (diff) | |
| download | nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar.gz nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar.bz2 nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar.lz nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar.xz nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.tar.zst nixpkgs-74560e35e5c8ada70bb170be352d8996160f7be3.zip | |
pomerium: use on-disk envoy
We can set an override path for Envoy's binary location now, so do that instead of the previous thing of embedding the binary. Note that we still need to include the SHA256/version of the binary we're referring to, but Through The Power Of Nix™ we can do that with relative ease.
Diffstat (limited to 'pkgs/servers/http')
| -rw-r--r-- | pkgs/servers/http/pomerium/default.nix | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 9f24d64ae6c..cbf2fe19435 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -7,7 +7,7 @@ }: let - inherit (lib) concatStringsSep mapAttrsToList; + inherit (lib) concatStringsSep concatMap id mapAttrsToList; in buildGoModule rec { pname = "pomerium"; @@ -28,24 +28,38 @@ buildGoModule rec { ldflags = let # Set a variety of useful meta variables for stamping the build with. setVars = { - Version = "v${version}"; - BuildMeta = "nixpkgs"; - ProjectName = "pomerium"; - ProjectURL = "github.com/pomerium/pomerium"; + "github.com/pomerium/pomerium/internal/version" = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + "github.com/pomerium/pomerium/internal/envoy" = { + OverrideEnvoyPath = "${envoy}/bin/envoy"; + }; }; - varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + concatStringsSpace = list: concatStringsSep " " list; + mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list); + varFlags = concatStringsSpace ( + mapAttrsToFlatList (package: packageVars: + mapAttrsToList (variable: value: + "-X ${package}.${variable}=${value}" + ) packageVars + ) setVars); in [ "${varFlags}" ]; preBuild = '' + # Replace embedded envoy with nothing. + # We set OverrideEnvoyPath above, so rawBinary should never get looked at + # but we still need to set a checksum/version. rm internal/envoy/files/files_{darwin,linux}*.go cat <<EOF >internal/envoy/files/files_generic.go package files import _ "embed" // embed - //go:embed envoy var rawBinary []byte //go:embed envoy.sha256 @@ -54,14 +68,10 @@ buildGoModule rec { //go:embed envoy.version var rawVersion string EOF - cp ${envoy}/bin/envoy internal/envoy/files/envoy - sha256sum ${envoy}/bin/envoy > internal/envoy/files/envoy.sha256 - echo ${envoy.version} > internal/envoy/files/envoy.version + sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256 + echo '${envoy.version}' > internal/envoy/files/envoy.version ''; - # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end. - dontStrip = true; - installPhase = '' install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli |