Merge pull request #9 from onekey-sec/nix

Nix packaging and CI jobs

.github/workflows/build-nix.yml

@@ -0,0 +1,37 @@
+name: "Nix"
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            arch: x86_64-linux
+          - os: ubuntu-latest
+            arch: aarch64-linux
+    name: Build Nix - ${{ matrix.arch }}.${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v19
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Setup emulation
+        if: ${{ matrix.arch == 'aarch64-linux' }}
+        run: |
+          sudo apt install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
+          mkdir -p ~/.config/nix
+          echo "system-features = aarch64-linux arm-linux" | sudo tee -a /etc/nix/nix.conf
+      - uses: cachix/cachix-action@v12
+        with:
+          name: unblob
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - run: |
+          nix flake check -L --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }}
+      - run: |
+          nix build -L --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }}

.github/workflows/build.yml

@@ -7,10 +7,8 @@ on:
   # Triggers the workflow on push or pull request events but only for the sasquatch branch
   push:
     branches:
-      - '*'
+      - sasquatch
   pull_request:
-    branches:
-      - '*'
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -58,4 +56,3 @@ jobs:
         with:
           path: ${{ github.workspace }}/*.deb
           if-no-files-found: error
-

flake.nix

@@ -0,0 +1,66 @@
+{
+  description = ''
+    Set of patches to the standard unsquashfs utility (part of
+    squashfs-tools) that attempts to add support for as many hacked-up
+    vendor-specific SquashFS implementations as possible
+  '';
+
+  inputs.nixpkgs.url = "nixpkgs/nixpkgs-unstable";
+
+  outputs = { self, nixpkgs }:
+    let
+      # Generate a user-friendly version number.
+      version = builtins.substring 0 8 self.lastModifiedDate;
+
+      # System types to support.
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
+
+      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
+      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+
+      # Nixpkgs instantiated for supported system types.
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = builtins.attrValues self.overlays; });
+    in
+    {
+      overlays.default = final: prev: {
+        sasquatch-le = final.squashfsTools.overrideAttrs (_: {
+          pname = "sasquatch-le";
+          inherit version;
+
+          src = ./.;
+          patches = [ ]; # Patches are already applied to input
+        });
+
+        sasquatch-be = final.sasquatch-le.overrideAttrs (super: {
+          pname = "sasquatch-be";
+          preConfigure = (super.preConfigure or "") + ''
+            export CFLAGS="-DFIX_BE"
+          '';
+          postInstall = (super.postInstall or "") + ''
+            mv $out/bin/sasquatch{,-v4be}
+          '';
+        });
+
+        sasquatch = final.buildEnv {
+          name = "sasquatch";
+          paths = with final; [
+            sasquatch-be
+            sasquatch-le
+          ];
+        };
+      };
+      packages = forAllSystems (system: rec {
+        inherit (nixpkgsFor.${system}) sasquatch sasquatch-be sasquatch-le;
+        default = sasquatch;
+      });
+      devShells = forAllSystems (system:
+        let
+          pkgs = nixpkgsFor.${system};
+        in
+        {
+          default = pkgs.mkShell {
+            inputsFrom = [ pkgs.sasquatch-le ];
+          };
+        });
+    };
+}