diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml index 57b637493..7b974f590 100644 --- a/.github/workflows/basic.yml +++ b/.github/workflows/basic.yml @@ -156,3 +156,18 @@ jobs: - name: Short fuzz check (30s) run: ./tests/fuzz_test_sig -max_total_time=30 working-directory: ${{ env.RANDOM_BUILD_DIR }} + + nixflakecheck: + name: Check that Nix flake has correct syntax and can build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 + - name: Install Nix + uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 + - name: Check devShell + run: nix develop --command echo + - name: Check flake syntax + run: nix flake check --no-build # check for accurate syntax + - name: Check that the flake builds + run: nix build # check that the build runs diff --git a/.gitignore b/.gitignore index 8cd494a1f..52d6be309 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,6 @@ __pycache__ .CMake/a.out compile_commands.json +# Generated by Nix flake +result/ + diff --git a/README.md b/README.md index 51851b1af..0fa5c5a9a 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,10 @@ In order to optimize support effort, brew install cmake ninja openssl@3 wget doxygen graphviz astyle valgrind pip3 install pytest pytest-xdist pyyaml + Using Nix: + + nix develop + Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL installed (version 3.x recommended; EOL version 1.1.1 also still possible). 2. Get the source: diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..441515129 --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..bbdae197e --- /dev/null +++ b/flake.nix @@ -0,0 +1,94 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + flake-utils.url = "github:numtide/flake-utils"; + }; + outputs = { + self, + nixpkgs, + flake-utils, + }: + flake-utils.lib.eachDefaultSystem (system: let + name = "liboqs"; + src = ./.; + pkgs = nixpkgs.legacyPackages.${system}; + + # Function to create compiler-specific package sets + mkPackageSet = compiler: let + # Override the stdenv to use the specified compiler + stdenv = + if compiler == "clang" + then pkgs.clangStdenv + else pkgs.stdenv; + + mkLib = shared: + stdenv.mkDerivation { + inherit name src; + # for whatever reason, trying to 'fix' the CMake file causes a failure + dontFixCmake = true; + + nativeBuildInputs = with pkgs; + [cmake ninja doxygen pkg-config graphviz] + ++ ( + if compiler == "clang" + then [pkgs.clang] + else [pkgs.gcc] + ); + + buildInputs = with pkgs; [openssl]; + + cmakeFlags = [ + "-GNinja" + "-DOQS_DIST_BUILD=ON" + "-DOQS_BUILD_ONLY_LIB=ON" + "-DBUILD_SHARED_LIBS=${ + if shared + then "ON" + else "OFF" + }" + "-DCMAKE_INSTALL_LIBDIR=lib" + "-DCMAKE_INSTALL_INCLUDEDIR=include" + "-DCMAKE_INSTALL_PREFIX=${placeholder "out"}" + "-DCMAKE_INSTALL_FULL_LIBDIR=${placeholder "out"}/lib" + "-DCMAKE_INSTALL_FULL_INCLUDEDIR=${placeholder "out"}/include" + ]; + }; + in { + shared = mkLib true; + static = mkLib false; + }; + + # Create development shell for specified compiler + mkDevShell = compiler: let + packageSet = mkPackageSet compiler; + in + pkgs.mkShell { + inherit (packageSet.shared) nativeBuildInputs buildInputs; + + # astyle formats C source code and alejandra formats nix source code + packages = with pkgs; [astyle alejandra]; + + shellHook = '' + export CMAKE_EXPORT_COMPILE_COMMANDS=1 + echo "Using ${compiler} toolchain" + ''; + }; + in { + formatter = pkgs.alejandra; + + packages = { + default = (mkPackageSet "gcc").shared; # default is gcc shared + gcc-shared = (mkPackageSet "gcc").shared; + clang-shared = (mkPackageSet "clang").shared; + gcc-static = (mkPackageSet "gcc").static; + clang-static = (mkPackageSet "clang").static; + }; + + # Development shells + devShells = { + default = mkDevShell "gcc"; + gcc = mkDevShell "gcc"; + clang = mkDevShell "clang"; + }; + }); +}