Skip to content

Update libchallenge bypass ristretto ffi #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
exarkun merged 7 commits into from
Jan 13, 2022
Merged

Update libchallenge bypass ristretto ffi #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5b77e72
add a source for it with niv
exarkun Jan 13, 2022
3806636
use the niv source instead of this other thing
exarkun Jan 13, 2022
253be20
update to in-development version of dep that fixes pkg-config
exarkun Jan 13, 2022
1231602
update CircleCI caching logic
exarkun Jan 13, 2022
4116dd6
correct typo in cache key in save_cache step
exarkun Jan 13, 2022
22c9868
callPackage to propagate our nixpkgs
exarkun Jan 13, 2022
9232d31
Point at fixed master revision of libchallenge_bypass_ristretto_ffi
exarkun Jan 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 3 additions & 34 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,46 +24,16 @@ jobs:

resource_class: "xlarge"

environment:
# Specify a revision of NixOS/nixpkgs to run against. This essentially
# pins the majority of the software involved in the build. This
# revision is selected arbitrarily. It's somewhat current as of the
# time of this comment. We can bump it to a newer version when that
# makes sense. Meanwhile, the platform won't shift around beneath us
# unexpectedly.
NIXPKGS_REV: "92609f3d9bc3acffbdbe54fa1c591a885612aa73"
Copy link
Copy Markdown
Contributor

@tomprince tomprince Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the only place this was being used was for the fetchFromGitHub call in nix/challenge-bypass-ristretto-repo.nix so is now unneeded.


steps:
- run:
name: "Setup Environment Variables"
command: |
# Get NIX_PATH set for the rest of the job so that the revision of
# nixpkgs we selected will be used everywhere Nix pulls in software.
# There is no way to set an environment variable containing the
# value of another environment variable on CircleCI except to use
# the `BASH_ENV` feature as we do here.
echo "export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
# Set XDG_CONFIG_DIRS to point at the source directory, so that nix
# will pickup nix/nix.conf as a configuration file from there.
echo "export XDG_CONFIG_DIRS=$CIRCLE_WORKING_DIRECTORY" >> $BASH_ENV

# Get *our* source code.
- "checkout"

- "run":
# CircleCI won't let us interpolate NIXPKGS_REV into a cache key.
# Only CircleCI's own environment variables or variables set via the
# web interface in a "context" can be interpolated into cache keys.
# However, we can interpolate the checksum of a file... Since we
# don't care about the exact revision, we just care that a new
# revision gives us a new string, we can write the revision to a
# file and then put the checksum of that file into the cache key.
# This way, we don't have to maintain the nixpkgs revision in two
# places and risk having them desynchronize.
name: "Prepare For Cache Key"
command: |
echo "${NIXPKGS_REV}" > nixpkgs.rev

- restore_cache:
# Get all of Nix's state relating to the particular revision of
# nixpkgs we're using. It will always be the same. CircleCI
Expand All @@ -87,9 +57,8 @@ jobs:
# If nixpkgs changes then potentially a lot of cached packages for
# the base system will be invalidated so we may as well drop them
# and make a new cache with the new packages.
- paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-{{ checksum "nix/challenge-bypass-ristretto-repo.nix" }}
- paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-
- paymentserver-nix-store-v5-
- paymentserver-nix-store-v6-{{ checksum "nix/sources.json" }}
- paymentserver-nix-store-v6-

- run:
name: "Building with Nix"
Expand All @@ -114,7 +83,7 @@ jobs:

- save_cache:
name: "Cache Nix Store Paths"
key: paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-{{ checksum "nix/challenge-bypass-ristretto-repo.nix" }}
key: paymentserver-nix-store-v6-{{ checksum "nix/sources.json" }}
paths:
- "/nix"

Expand Down
9 changes: 0 additions & 9 deletions nix/challenge-bypass-ristretto-repo.nix
View file
Open in desktop

This file was deleted.

8 changes: 5 additions & 3 deletions nix/challenge-bypass-ristretto.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Provide the ffi bindings to the Rust challenge-bypass-ristretto library.
{ fetchFromGitHub, callPackage }:
let
src = import ./challenge-bypass-ristretto-repo.nix;
sources = import ./sources.nix;
in
import "${src}/default-challenge-bypass-ristretto-ffi.nix" { }
{ callPackage
Copy link
Copy Markdown
Contributor

@tomprince tomprince Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this means that we use whatever pinned version of nixpkgs that we get from haskell.nix for compiling the rust library. I wonder if we should instead be using our own pin, which we can update on our own schedule (in practice, we'd pass in the version from PrivateStorageio for deployment, I think).

I think for the haskell packages, it makes sense to use the haskell.nix pins, since that we we can use their binaries, and it matches what they test. But they update the pin less often than we do, so it would make sense to use our pin for things not related to haskell.

However, this is out-of-scope for this PR.

Copy link
Copy Markdown
Collaborator Author

@exarkun exarkun Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yea, that sounds like a reasonable future change.

, libchallenge_bypass_ristretto_ffi_repo ? sources.libchallenge_bypass_ristretto_ffi
}:
callPackage "${libchallenge_bypass_ristretto_ffi_repo}/challenge-bypass-ristretto.nix" { }
12 changes: 12 additions & 0 deletions nix/sources.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,18 @@
"url": "https://github.com/input-output-hk/haskell.nix/archive/f624ca56629d5be438c7d44a721b0c1d944eda23.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"libchallenge_bypass_ristretto_ffi": {
"branch": "master",
"description": "Python bindings for Brave's challenge-bypass-ristretto library",
"homepage": null,
"owner": "leastauthority",
"repo": "python-challenge-bypass-ristretto",
"rev": "6e25af8a721a9d8507745efad3d15dae75b78909",
"sha256": "0w5vpq9kqhdbbynbbky1ibx1im5582yacqnb9y2y3h114diywdyq",
"type": "tarball",
"url": "https://github.com/leastauthority/python-challenge-bypass-ristretto/archive/6e25af8a721a9d8507745efad3d15dae75b78909.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"niv": {
"branch": "master",
"description": "Easy dependency management for Nix projects",
Expand Down