diff options
| -rw-r--r-- | .github/workflows/nix.yml | 59 | ||||
| -rw-r--r-- | README.md | 32 | ||||
| -rw-r--r-- | flake.nix | 81 |
3 files changed, 166 insertions, 6 deletions
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 71efe06..9c3ff62 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -50,3 +50,62 @@ jobs: - name: List library run: nix run ".?submodules=1#${{ matrix.library }}.default" -- list-libs + + reader: + runs-on: ubuntu-latest + permissions: + contents: read + + name: Build reader + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + fetch-tags: true + fetch-depth: -1 + + - uses: DeterminateSystems/nix-installer-action@v13 + with: + diagnostic-endpoint: "" + + - uses: DeterminateSystems/magic-nix-cache-action@v7 + with: + diagnostic-endpoint: "" + + - name: Build reader + run: | + nix build ".?submodules=1#reader" + + - name: Show reader --help + run: | + nix run ".?submodules=1#reader" -- --help + + applet: + runs-on: ubuntu-latest + permissions: + contents: read + + strategy: + matrix: + sdk: [ "222", "305", "320", "All" ] + fail-fast: false + + name: Build applet ${{ matrix.sdk }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + fetch-tags: true + fetch-depth: -1 + + - uses: DeterminateSystems/nix-installer-action@v13 + with: + diagnostic-endpoint: "" + + - uses: DeterminateSystems/magic-nix-cache-action@v7 + with: + diagnostic-endpoint: "" + + - name: Build applet + run: | + nix build ".?submodules=1#applet${{ matrix.sdk }}" @@ -341,21 +341,41 @@ nix build "#lib.openssl.v331" # To build a shim using a given version of a library (example mbedTLS 3.5): nix build "#shim.mbedtls.v35" # To build ECTesterStandalone.jar with a given version of a library (example libgcrypt 1.9.4): -nix build "?submodules=1#gcrypt.v194" +nix build ".?submodules=1#gcrypt.v194" # The available versions of the libraries are in the nix/*_pkg_versions.json files. # The "default" version always points to the most recent version. # To build ECTesterStandalone with all the libraries in default versions: -nix build "?submodules=1#" +nix build ".?submodules=1#" ``` -Each of the build steps above puts (symlinks really) its results into `./result` directory. -However, subsequent builds then replace that with their own results. To run ECTesterStandalone -with a given library version and arguments do: +Each of the build steps above puts (symlinks really) its results into `./result` directory (use `-o/--out-link {path}` +to change that directory). However, subsequent builds then replace that with their own results. To run +ECTesterStandalone with a given library version and arguments do: ```shell # This runs the default test-suite agains LibreSSL 3.9.2 -nix run "?submodules=1#libressl.v392" -- test default LibreSSL +nix run ".?submodules=1#libressl.v392" -- test default LibreSSL +``` + +To build the JavaCard applets: +```shell +nix build ".?submodules=1#applets" +# or individually +nix build ".?submodules=1#applet222" +nix build ".?submodules=1#applet305" +nix build ".?submodules=1#applet320" +``` + +To build or run the reader you can: +```shell +nix build '.?submodules=1#reader' +nix run '.?submodules=1#reader' +``` + +If needed, you can also build the `common` library: +```shell +nix build '.?submodules=1#common' ``` #### Gradle @@ -689,6 +689,73 @@ } ); + buildReader = + with pkgs; + { + jdkVersion ? jdk17_headless, + }: + gradle2nix.builders.${system}.buildGradlePackage rec { + pname = "ECTesterReader"; + version = "0.3.3"; + lockFile = ./gradle.lock; + buildJdk = pkgs.jdk_headless; + gradleBuildFlags = [ ":reader:uberJar" ]; + src = ./.; + + installPhase = '' + mkdir -p $out + cp -r reader/build $out + ''; + + nativeBuildInputs = [ makeWrapper ]; + + postFixup = '' + makeWrapper \ + ${jdk_headless}/bin/java $out/bin/${pname} \ + --add-flags "-Dstdout.encoding=UTF8 -Dstderr.encoding=UTF8 -jar $out/build/libs/${pname}.jar" + ''; + }; + + buildApplet = + with pkgs; + { + jdkVersion ? jdk8_headless, + }: + gradle2nix.builders.${system}.buildGradlePackage rec { + pname = "applet"; + # since the gradle target builds applets for multiple JC SDKs, the + # single version cannot reflet that + version = "0.3.3"; + lockFile = ./gradle.lock; + buildJdk = jdkVersion; + gradleBuildFlags = [ ":applet:buildJavaCard" ]; + src = ./.; + + installPhase = '' + mkdir --parents $out + cp --recursive applet/build/* $out + ''; + }; + + buildCommon = + with pkgs; + { + jdkVersion ? jdk17_headless, + }: + gradle2nix.builders.${system}.buildGradlePackage rec { + pname = "common"; + version = "0.3.3"; + lockFile = ./gradle.lock; + buildJdk = jdkVersion; + gradleBuildFlags = [ ":common:build" ]; + src = ./.; + + installPhase = '' + mkdir --parents $out + cp --recursive common/build/* $out + ''; + }; + defaultVersion = # Default version is the last one, aka the newest that we fetched libName: @@ -774,6 +841,20 @@ function = buildECTesterStandalone; }; + reader = buildReader { }; + common = buildCommon { }; + appletAll = pkgs.buildEnv { + name = "applets"; + paths = [ + applet222 + applet305 + applet320 + ]; + }; + applet222 = buildApplet { jdkVersion = pkgs.jdk8_headless; }; + applet305 = buildApplet { jdkVersion = pkgs.jdk8_headless; }; + applet320 = buildApplet { jdkVersion = pkgs.jdk17_headless; }; + shim = { tomcrypt = loadVersionsForShim { libName = "tomcrypt"; |