simplify flake.nix

chore: Release rosenpass version 0.1.2-rc.3
does darwin support static builds?
2025-12-19 05:44:38 +03:00 · 2023-03-08 21:59:25 +01:00 · 2023-03-02 22:18:06 +01:00 · 2023-03-02 22:17:45 +01:00 · 2023-03-02 22:01:52 +01:00 · 2023-03-02 22:01:32 +01:00
5 changed files with 30 additions and 41 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -12,7 +12,6 @@ jobs:
      - nix
      - ${{ matrix.nix-system }}
    strategy:
      fail-fast: false
      matrix:
        nix-system:
          - x86_64-linux
@@ -28,3 +27,23 @@ jobs:
          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
          files: |
            result/*
  release-darwin:
    name: Release for x86_64-darwin
    runs-on:
      - macos-latest
    steps:
      - uses: actions/checkout@v3
      - uses: cachix/install-nix-action@v20
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - name: Build release-package for ${{ matrix.nix-system }}
        run: nix build .#release-package --print-build-logs
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          draft: ${{ contains(github.ref_name, 'rc') }}
          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
          files: |
            result/*
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -865,7 +865,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 [[package]]
 name = "rosenpass"
-version = "0.1.1"
+version = "0.1.2-rc.3"
 dependencies = [
 "anyhow",
 "base64",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rosenpass"
-version = "0.1.1"
+version = "0.1.2-rc.3"
 authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
--- a/flake.nix
+++ b/flake.nix
@@ -66,27 +66,9 @@
            # given set of nixpkgs
            rpDerivation = p:
              let
-                # whether we want to build a statically linked binary
+                isStatic = p.stdenv.hostPlatform.isStatic;
                isStatic = p.targetPlatform.isStatic;
                # the rust target of `p`
                target = p.rust.toRustTargetSpec p.targetPlatform;
                # convert a string to shout case
                shout = string: builtins.replaceStrings ["-"] ["_"] (pkgs.lib.toUpper string);
                # suitable Rust toolchain
                toolchain = with inputs.fenix.packages.${system}; combine [
                  stable.cargo
                  stable.rustc
                  targets.${target}.stable.rust-std
                ];
                myRustPlatform = p.makeRustPlatform {
                  cargo = toolchain;
                  rustc = toolchain;
                };
              in
-              myRustPlatform.buildRustPackage {
+              p.rustPlatform.buildRustPackage {
                # metadata and source
                pname = cargoToml.package.name;
                version = cargoToml.package.version;
@@ -101,17 +83,12 @@
                  pkg-config # let libsodium-sys-stable find libsodium
                  removeReferencesTo
                  rustPlatform.bindgenHook # for C-bindings in the crypto libs
                  pkgs.stdenv.cc # for Rust proc macro linking we need a non-cross compiler
                ];
                buildInputs = with p; [ bash libsodium ];
                # otherwise pkg-config tries to link non-existent dynamic libs
                PKG_CONFIG_ALL_STATIC = true;
                CARGO_BUILD_TARGET = target;
                # for final linking, a cross compiler needs to be used
                "CARGO_TARGET_${shout target}_LINKER" = "${pkgs.stdenv.cc.targetPrefix}ld";
                # nix defaults to building for aarch64 _without_ the armv8-a
                # crypto extensions, but liboqs depens on these
                preBuild =
@@ -155,19 +132,15 @@
              default = rosenpass;
              rosenpass = rpDerivation pkgs;
              rosenpass-oci-image = rosenpassOCI "rosenpass";
              rosenpass-static = rpDerivation pkgs.pkgsStatic;
              rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
              # derivation for the release
              release-package =
                let
                  version = cargoToml.package.version;
-                  package =
+                  package = packages.rosenpass-static;
-                    if pkgs.hostPlatform.isLinux then
+                  oci-image = packages.rosenpass-static-oci-image;
                      packages.rosenpass-static
                    else packages.rosenpass;
                  oci-image =
                    if pkgs.hostPlatform.isLinux then
                      packages.rosenpass-static-oci-image
                    else packages.rosenpass-oci-image;
                in
                pkgs.runCommandNoCC "lace-result" { }
                  ''
@@ -178,10 +151,7 @@
                    cp ${oci-image} \
                      $out/rosenpass-oci-image-${system}-${version}.tar.gz
                  '';
-            } // (if pkgs.stdenv.isLinux then rec {
+            };
              rosenpass-static = rpDerivation pkgs.pkgsStatic;
              rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
            } else { });
          }
        ))
--- a/papers/whitepaper.md
+++ b/papers/whitepaper.md
@@ -33,7 +33,7 @@ abstract: |
 Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository. 
 ## Secrecy
-Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
+Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
 ## Authenticity
Author	SHA1	Message	Date
wucke13	7fcc4d1b66	simplify flake.nix	2023-03-08 21:59:25 +01:00
wucke13	c361e41c18	chore: Release rosenpass version 0.1.2-rc.3	2023-03-02 22:18:06 +01:00
wucke13	f04461307f	does darwin support static builds?	2023-03-02 22:17:45 +01:00
wucke13	83ef709519	chore: Release rosenpass version 0.1.2-rc.2	2023-03-02 22:01:52 +01:00
wucke13	f1d06658f6	fix typo in GitHub Actions	2023-03-02 22:01:32 +01:00
wucke13	3b1321d33f	chore: Release rosenpass version 0.1.2-rc.1	2023-03-02 21:40:34 +01:00
wucke13	170e0e7088	add first draft of osx release	2023-03-02 21:33:48 +01:00
wucke13	becc8c057a	Merge pull request #17 from rosenpass/dev/karo/kem_is_mechanism chore: Consistently use the term `Key Encapsulation Mechanism`	2023-02-28 19:18:08 +01:00
Karolin Varner	a62405190e	chore: Consistently use the term `Key Encapsulation Mechanism`	2023-02-27 21:37:56 +01:00