From 318ea8572a347a10e73fde90b24381dcbbaf5986 Mon Sep 17 00:00:00 2001 From: Moritz Angermann Date: Fri, 27 Feb 2026 17:56:09 +0900 Subject: [PATCH 1/2] Centralize IOG library lists in iog-libs.nix Extract the duplicated IOG dependency lists from dynamic.nix, static.nix, cross-js.nix, and cross-windows.nix into a single iog-libs.nix file. This eliminates manual synchronization when adding new libraries (e.g., lmdb was previously missing from cross-compilation targets) and provides a canonical source of truth for IOG-specific dependencies. The centralized file categorizes dependencies into: - crypto: libblst, libsodium-vrf, secp256k1 (all shell types) - data: lmdb (dynamic/static only) - tools: cbor-diag, cddl, gh, icu, jq, yq-go (dynamic/static) - cross-tools: cbor-diag, cddl (cross-compilation targets) Each consumer imports iog-libs.nix and transforms as needed (e.g., static.nix passes static=true to resolve static-* variants). Addresses #56 --- cross-js.nix | 8 +++----- cross-windows.nix | 10 +++++----- dynamic.nix | 19 ++++--------------- iog-libs.nix | 34 ++++++++++++++++++++++++++++++++++ static.nix | 22 ++++++++++------------ 5 files changed, 56 insertions(+), 37 deletions(-) create mode 100644 iog-libs.nix diff --git a/cross-js.nix b/cross-js.nix index 88fa132..aca8e83 100644 --- a/cross-js.nix +++ b/cross-js.nix @@ -1,5 +1,6 @@ { self, pkgs, compiler, compiler-nix-name, toolsModule, withHLS ? true, withHlint ? true, withIOG ? true }: -let tool-version-map = (import ./tool-map.nix) self; +let iog = import ./iog-libs.nix { inherit pkgs; }; + tool-version-map = (import ./tool-map.nix) self; tool = tool-name: pkgs.pkgsBuildBuild.haskell-nix.tool compiler-nix-name tool-name [(tool-version-map compiler-nix-name tool-name) toolsModule]; cabal-install = tool "cabal"; haskell-tools = @@ -107,10 +108,7 @@ pkgs.mkShell ({ ]) ++ builtins.attrValues haskell-tools ++ pkgs.lib.optional withIOG - (with pkgs; [ cddl cbor-diag ] - ++ map pkgs.lib.getDev (with pkgs; [ - libblst libsodium-vrf secp256k1 - ])) + (iog.cross-tools ++ map pkgs.lib.getDev iog.crypto) ; passthru = { diff --git a/cross-windows.nix b/cross-windows.nix index 81ccbe0..b359a49 100644 --- a/cross-windows.nix +++ b/cross-windows.nix @@ -1,5 +1,8 @@ { self, pkgs, compiler, compiler-nix-name, toolsModule, withHLS ? true, withHlint ? true, withIOG ? true }: -let tool-version-map = (import ./tool-map.nix) self; +let iog = import ./iog-libs.nix { inherit pkgs; }; + # Build-platform tools (cbor-diag, cddl) — must run on the builder, not Windows. + iog-build = import ./iog-libs.nix { pkgs = pkgs.pkgsBuildBuild; }; + tool-version-map = (import ./tool-map.nix) self; tool = tool-name: pkgs.pkgsBuildBuild.haskell-nix.tool compiler-nix-name tool-name [(tool-version-map compiler-nix-name tool-name) toolsModule]; cabal-install = tool "cabal"; haskell-tools = @@ -216,10 +219,7 @@ pkgs.pkgsBuildBuild.mkShell ({ ]) ++ builtins.attrValues haskell-tools ++ pkgs.lib.optional withIOG - (with pkgs.pkgsBuildBuild; [ cddl cbor-diag ] - ++ map pkgs.lib.getDev (with pkgs; [ - libblst libsodium-vrf secp256k1 - ])) + (iog-build.cross-tools ++ map pkgs.lib.getDev iog.crypto) ; passthru = { diff --git a/dynamic.nix b/dynamic.nix index ee45a67..5d2728c 100644 --- a/dynamic.nix +++ b/dynamic.nix @@ -1,6 +1,7 @@ # define a development shell for dynamically linked applications (default) { self, pkgs, compiler, compiler-nix-name, toolsModule, withHLS ? true, withHlint ? true, withIOG ? true, withIOGFull ? false, withGHCTooling ? false }: -let tool-version-map = (import ./tool-map.nix) self; +let iog = import ./iog-libs.nix { inherit pkgs; }; + tool-version-map = (import ./tool-map.nix) self; tool = tool-name: pkgs.pkgsBuildBuild.haskell-nix.tool compiler-nix-name tool-name [(tool-version-map compiler-nix-name tool-name) toolsModule]; cabal-install = tool "cabal"; haskell-tools = @@ -127,21 +128,9 @@ pkgs.mkShell { zlib ]) ++ optional stdenv.hostPlatform.isLinux pkgs.systemd - ++ optionals withIOG ( - with pkgs; [ - cbor-diag - cddl - gh - icu - jq - libblst - libsodium-vrf - lmdb # required by ouroboros-consensus (cardano-lmdb) - secp256k1 - yq-go - ] + ++ optionals withIOG (iog.tools ++ iog.crypto ++ iog.data ++ optionals withIOGFull ( - [ postgresql ] ++ (optional stdenv.hostPlatform.isAarch64 R) + with pkgs; [ postgresql ] ++ (optional stdenv.hostPlatform.isAarch64 R) ) ) ++ attrValues haskell-tools diff --git a/iog-libs.nix b/iog-libs.nix new file mode 100644 index 0000000..dcc701e --- /dev/null +++ b/iog-libs.nix @@ -0,0 +1,34 @@ +# iog-libs.nix — Canonical list of IOG-specific dependencies. +# +# Copyright 2025 Input Output Group +# SPDX-License-Identifier: Apache-2.0 +# +# Imported by dynamic.nix, static.nix, cross-js.nix, cross-windows.nix. +# When adding a new IOG library, update the relevant category here +# and each consumer file will pick it up automatically. +# +# The `static` flag controls whether linked libraries resolve to their +# static-* variants (for musl cross-compilation in static.nix). +{ pkgs, static ? false }: +let + # For linked libraries, resolve to static-* variants when building + # static shells (musl cross-compilation). + resolve = name: + if static + then builtins.getAttr ("static-" + name) pkgs + else builtins.getAttr name pkgs; +in { + # Cryptographic libraries required by the Cardano stack. + # Present in ALL shell types (dynamic, static, cross-js, cross-windows). + crypto = map resolve [ "libblst" "libsodium-vrf" "secp256k1" ]; + + # Data-storage libraries (ouroboros-consensus / cardano-lmdb). + # Dynamic and static shells only — not meaningful for JS/Windows cross. + data = map resolve [ "lmdb" ]; + + # Development/CI tools (not linked into builds). Dynamic and static only. + tools = with pkgs; [ cbor-diag cddl gh icu jq yq-go ]; + + # Minimal tool set for cross-compilation targets (CDDL/CBOR validation). + cross-tools = with pkgs; [ cbor-diag cddl ]; +} diff --git a/static.nix b/static.nix index 54b2cc4..78fb317 100644 --- a/static.nix +++ b/static.nix @@ -1,5 +1,7 @@ { self, pkgs, compiler, compiler-nix-name, toolsModule, withHLS ? true, withHlint ? true, withIOG ? true, withIOGFull ? false }: -let tool-version-map = (import ./tool-map.nix) self; +let iog = import ./iog-libs.nix { inherit pkgs; static = true; }; + iog-tools = import ./iog-libs.nix { inherit pkgs; }; + tool-version-map = (import ./tool-map.nix) self; tool = tool-name: pkgs.pkgsBuildBuild.haskell-nix.tool compiler-nix-name tool-name [(tool-version-map compiler-nix-name tool-name) toolsModule]; cabal-install = tool "cabal"; haskell-tools = @@ -47,6 +49,7 @@ let tool-version-map = (import ./tool-map.nix) self; $NIX_CABAL_FLAGS \ --disable-shared --enable-static \ --ghc-option=-L${lib.getLib static-gmp}/lib \ + # IOG crypto/data libs — keep in sync with iog-libs.nix --ghc-option=-L${lib.getLib static-libsodium-vrf}/lib \ --ghc-option=-L${lib.getLib static-secp256k1}/lib \ --ghc-option=-L${lib.getLib static-libblst}/lib \ @@ -134,16 +137,11 @@ pkgs.mkShell (rec { static-gmp static-openssl static-zlib - ] ++ lib.optionals withIOG [ - static-libblst - static-libsodium-vrf - static-lmdb # required by ouroboros-consensus (cardano-lmdb) - static-secp256k1 - icu # for cardano-cli - gh - jq - yq-go - ] ++ lib.optionals withIOGFull [ + ] ++ lib.optionals withIOG ( + # IOG crypto/data libs — keep in sync with iog-libs.nix + iog.crypto ++ iog.data + ++ [ icu gh jq yq-go ] # dev tools (non-static, through getDev) + ) ++ lib.optionals withIOGFull [ # for plutus; but unavailable for static/aarch64, or static even. # R fails in almost any direction. For now, we just disable it. (if (pkgs.stdenv.hostPlatform.isAarch64 || pkgs.stdenv.hostPlatform.isMusl) then null else R) @@ -166,7 +164,7 @@ pkgs.mkShell (rec { ]) ++ (with pkgs.buildPackages; [ ]) ++ builtins.attrValues haskell-tools - ++ pkgs.lib.optional withIOG (with pkgs; [ cddl cbor-diag ]) + ++ pkgs.lib.optional withIOG iog-tools.cross-tools ; passthru = { From c7b22a33a88f7637a1f32f7333e90a0dbdc666fa Mon Sep 17 00:00:00 2001 From: Moritz Angermann Date: Sat, 28 Feb 2026 09:59:45 +0900 Subject: [PATCH 2/2] Fix ShellCheck SC2215 in wrapped-cabal script Move the iog-libs.nix sync comment from inside the shell heredoc (where it breaks line continuation and triggers SC2215) to a Nix comment above the writeShellApplicationWithRuntime block. --- static.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static.nix b/static.nix index 78fb317..e06927c 100644 --- a/static.nix +++ b/static.nix @@ -34,6 +34,7 @@ let iog = import ./iog-libs.nix { inherit pkgs; static = true; }; ''; }; # A cabal-install wrapper that sets the appropriate static flags. + # The -L flags below must cover all IOG crypto/data libs from iog-libs.nix. # See writers.nix for why writeShellApplicationWithRuntime is needed. wrapped-cabal = writers.writeShellApplicationWithRuntime { name = "cabal"; @@ -49,7 +50,6 @@ let iog = import ./iog-libs.nix { inherit pkgs; static = true; }; $NIX_CABAL_FLAGS \ --disable-shared --enable-static \ --ghc-option=-L${lib.getLib static-gmp}/lib \ - # IOG crypto/data libs — keep in sync with iog-libs.nix --ghc-option=-L${lib.getLib static-libsodium-vrf}/lib \ --ghc-option=-L${lib.getLib static-secp256k1}/lib \ --ghc-option=-L${lib.getLib static-libblst}/lib \