Merge branch 'main' into feat/mythril

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+    time: '00:00'
+    timezone: UTC
+  open-pull-requests-limit: 10
+  commit-message:
+      prefix: "chore"
+      include: "scope"

.github/workflows/ci.yml

@@ -20,12 +20,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - uses: cachix/install-nix-action@v19
+      - uses: cachix/install-nix-action@v20
         with:
           nix_path: nixpkgs=channel:nixos-22.11
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: cachix/cachix-action@v11
+      - uses: cachix/cachix-action@v12
         with:
           name: nix-blockchain-development
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

.github/workflows/update-flake-lock.yml

@@ -0,0 +1,42 @@
+name: Update Nix Flake lockfile
+
+on:
+  # Enable option to manually run the action:
+  workflow_dispatch:
+
+  # Run every Sunday at 00:00:
+  schedule:
+    - cron: 0 0 * * 0
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: cachix/install-nix-action@v20
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run `nix flake update`
+        id: update-lockfile
+        run: ./scripts/commit_flake_update.bash
+
+      - uses: tibdex/[email protected]
+        id: generate-token
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          title: 'Update Nix Flake lockfile'
+          commit-message: ${{ env.COMMIT_MSG }}
+          branch: 'create-pull-request/update-flake-lockfile'
+          delete-branch: true
+          branch-suffix: timestamp
+          add-paths: flake.lock

overlay.nix

@@ -1,24 +1,27 @@
 _finalNixpkgs: prevNixpkgs: let
-  solana-rust-artifacts = prevNixpkgs.callPackage ./packages/solana-rust-artifacts {};
+  inherit (prevNixpkgs) callPackage symlinkJoin fetchFromGitHub;
+  inherit (prevNixpkgs.lib) optionalAttrs;
 
-  solana-bpf-tools = prevNixpkgs.callPackage ./packages/solana-bpf-tools {};
+  solana-rust-artifacts = callPackage ./packages/solana-rust-artifacts {};
 
-  solana-full-sdk = prevNixpkgs.callPackage ./packages/solana-full-sdk {
+  solana-bpf-tools = callPackage ./packages/solana-bpf-tools {};
+
+  solana-full-sdk = callPackage ./packages/solana-full-sdk {
     inherit solana-rust-artifacts solana-bpf-tools;
   };
 
-  cosmos-theta-testnet = prevNixpkgs.callPackage ./packages/cosmos-theta-testnet {};
+  cosmos-theta-testnet = callPackage ./packages/cosmos-theta-testnet {};
 
-  circom = prevNixpkgs.callPackage ./packages/circom/default.nix {};
-  circ = prevNixpkgs.callPackage ./packages/circ/default.nix {};
+  circom = callPackage ./packages/circom/default.nix {};
+  circ = callPackage ./packages/circ/default.nix {};
 
-  wasmd = prevNixpkgs.callPackage ./packages/wasmd/default.nix {};
+  wasmd = callPackage ./packages/wasmd/default.nix {};
 
   # erdpy depends on cattrs >= 22.2
   cattrs22-2 = prevNixpkgs.python3Packages.cattrs.overridePythonAttrs (previousAttrs: rec {
     version = "22.2.0";
 
-    src = prevNixpkgs.fetchFromGitHub {
+    src = fetchFromGitHub {
       owner = "python-attrs";
       repo = "cattrs";
       rev = "v${version}";
@@ -34,7 +37,7 @@ _finalNixpkgs: prevNixpkgs: let
       prevNixpkgs.buildGoModule (args
         // {
           version = "1.11.1";
-          src = prevNixpkgs.fetchFromGitHub {
+          src = fetchFromGitHub {
             owner = "ethereum";
             repo = "go-ethereum";
             rev = "v1.11.1";
@@ -46,26 +49,26 @@ _finalNixpkgs: prevNixpkgs: let
   };
 
   # copied from https://github.com/NixOS/nixpkgs/blob/8df7949791250b580220eb266e72e77211bedad9/pkgs/development/python-modules/cryptography/default.nix
-  cryptography36 = prevNixpkgs.callPackage ./packages/python-modules/cryptography36/default.nix {};
+  cryptography36 = callPackage ./packages/python-modules/cryptography36/default.nix {};
 
-  ledgercomm = prevNixpkgs.callPackage ./packages/python-modules/ledgercomm/default.nix {};
-  requests-cache = prevNixpkgs.callPackage ./packages/python-modules/requests-cache/default.nix {};
+  ledgercomm = callPackage ./packages/python-modules/ledgercomm/default.nix {};
+  requests-cache = callPackage ./packages/python-modules/requests-cache/default.nix {};
 
-  erdpy = prevNixpkgs.callPackage ./packages/erdpy/default.nix {};
-  elrond-go = prevNixpkgs.callPackage ./packages/elrond-go/default.nix {};
-  elrond-proxy-go = prevNixpkgs.callPackage ./packages/elrond-proxy-go/default.nix {};
+  erdpy = callPackage ./packages/erdpy/default.nix {};
+  elrond-go = callPackage ./packages/elrond-go/default.nix {};
+  elrond-proxy-go = callPackage ./packages/elrond-proxy-go/default.nix {};
 
-  go-opera = prevNixpkgs.callPackage ./packages/go-opera/default.nix {};
+  go-opera = callPackage ./packages/go-opera/default.nix {};
 
-  leap = prevNixpkgs.callPackage ./packages/leap/default.nix {};
-  eos-vm = prevNixpkgs.callPackage ./packages/eos-vm/default.nix {};
-  cdt = prevNixpkgs.callPackage ./packages/cdt/default.nix {};
+  leap = callPackage ./packages/leap/default.nix {};
+  eos-vm = callPackage ./packages/eos-vm/default.nix {};
+  cdt = callPackage ./packages/cdt/default.nix {};
 
-  nimbus = prevNixpkgs.callPackage ./packages/nimbus/default.nix {};
+  nimbus = callPackage ./packages/nimbus/default.nix {};
 
-  pistache = prevNixpkgs.callPackage ./packages/pistache/default.nix {};
-  ffiasm-src = prevNixpkgs.callPackage ./packages/ffiasm/src.nix {};
-  zqfield = prevNixpkgs.callPackage ./packages/ffiasm/zqfield.nix {
+  pistache = callPackage ./packages/pistache/default.nix {};
+  ffiasm-src = callPackage ./packages/ffiasm/src.nix {};
+  zqfield = callPackage ./packages/ffiasm/zqfield.nix {
     inherit ffiasm-src;
   };
   # Pairing Groups on BN-254, aka alt_bn128
@@ -76,7 +79,7 @@ _finalNixpkgs: prevNixpkgs: let
   # https://eips.ethereum.org/EIPS/eip-197
   # https://hackmd.io/@aztec-network/ByzgNxBfd
   # https://hackmd.io/@jpw/bn254
-  zqfield-bn254 = prevNixpkgs.symlinkJoin {
+  zqfield-bn254 = symlinkJoin {
     name = "zqfield-bn254";
     paths = [
       (zqfield {
@@ -90,14 +93,14 @@ _finalNixpkgs: prevNixpkgs: let
         })
     ];
   };
-  ffiasm = prevNixpkgs.callPackage ./packages/ffiasm/default.nix {
+  ffiasm = callPackage ./packages/ffiasm/default.nix {
     inherit ffiasm-src zqfield-bn254;
   };
-  circom_runtime = prevNixpkgs.callPackage ./packages/circom_runtime/default.nix {};
-  rapidsnark = prevNixpkgs.callPackage ./packages/rapidsnark/default.nix {
+  circom_runtime = callPackage ./packages/circom_runtime/default.nix {};
+  rapidsnark = callPackage ./packages/rapidsnark/default.nix {
     inherit ffiasm zqfield-bn254;
   };
-  rapidsnark-server = prevNixpkgs.callPackage ./packages/rapidsnark-server/default.nix {
+  rapidsnark-server = callPackage ./packages/rapidsnark-server/default.nix {
     inherit ffiasm zqfield-bn254 rapidsnark pistache;
   };
 
@@ -540,43 +543,49 @@ _finalNixpkgs: prevNixpkgs: let
   eth-bloom-104 = prevNixpkgs.callPackage ./packages/python-modules/eth-bloom-104/default.nix {};
   z3-solver = prevNixpkgs.callPackage ./packages/python-modules/z3-solver/default.nix {inherit jinja2_fixed;};
 in {
-  metacraft-labs = rec {
-    solana = solana-full-sdk;
-    inherit cosmos-theta-testnet;
-    inherit circom;
-
-    # Disabled until cvc4 compiles again
-    # inherit circ;
-
-    inherit wasmd;
-    inherit ledgercomm;
-    inherit cryptography36;
-    inherit requests-cache;
-    inherit erdpy;
-    inherit cattrs22-2;
-
-    # Disabled until elrond-go can build with Go >= 1.19
-    # inherit elrond-go;
-    # inherit elrond-proxy-go;
-    inherit go-opera;
-    inherit leap;
-    inherit eos-vm;
-    inherit cdt;
-
-    # Ethereum
-    inherit nimbus;
-    inherit go-ethereum-capella;
-
-    inherit pistache;
-    inherit zqfield-bn254;
-    inherit zqfield;
-    inherit ffiasm;
-    inherit circom_runtime;
-    inherit rapidsnark;
-    inherit rapidsnark-server;
-
-    inherit mythril;
-    inherit blake2b-py;
-    inherit py-solc-x;
-  };
+  metacraft-labs =
+    rec {
+      solana = solana-full-sdk;
+      inherit cosmos-theta-testnet;
+      inherit circom;
+
+      # Disabled until cvc4 compiles again
+      # inherit circ;
+
+      inherit wasmd;
+
+      # ElrondGo:
+      inherit ledgercomm;
+      inherit cryptography36;
+      inherit cattrs22-2;
+      inherit requests-cache;
+      # Disabled until elrond-go can build with Go >= 1.19
+      # Issue #65
+      # inherit elrond-go;
+      # inherit elrond-proxy-go;
+      # inherit erdpy;
+
+      inherit go-opera;
+      inherit leap;
+      inherit eos-vm;
+      inherit cdt;
+
+      # Ethereum
+      inherit nimbus;
+      inherit go-ethereum-capella;
+
+      inherit zqfield-bn254;
+      inherit ffiasm;
+      inherit circom_runtime;
+      inherit rapidsnark;
+
+      # Mythril
+      inherit mythril;
+      inherit blake2b-py;
+      inherit py-solc-x;
+    }
+    // optionalAttrs (prevNixpkgs.hostPlatform.isLinux) {
+      inherit pistache;
+      inherit rapidsnark-server;
+    };
 }

packages/rapidsnark-server/default.nix

@@ -1,4 +1,5 @@
 {
+  lib,
   stdenv,
   pistache,
   ffiasm,
@@ -9,7 +10,12 @@
 in
   stdenv.mkDerivation rec {
     pname = "rapidsnark-server";
-    inherit (rapidsnark) version src nativeBuildInputs doCheck meta;
+    inherit (rapidsnark) version src nativeBuildInputs doCheck;
+    meta =
+      rapidsnark.meta
+      // {
+        platforms = with lib.platforms; linux;
+      };
     buildInputs = rapidsnark.buildInputs ++ [pistache];
 
     buildPhase = ''

packages/solana-bpf-tools/default.nix

@@ -10,7 +10,7 @@ with pkgs;
     };
 
     # TODO autoPatchElf is Linux-specific. We need a cross-platform solution.
-    nativeBuildInputs = [autoPatchelfHook];
+    nativeBuildInputs = lib.optionals stdenv.isLinux [autoPatchelfHook];
 
     buildInputs = with pkgs; [
       zlib

packages/wasmd/default.nix

@@ -21,21 +21,21 @@
 in
   buildGoModule rec {
     pname = "wasmd";
-    version = "0.40.0-rc.0";
+    version = "0.31.0";
 
     src = fetchFromGitHub {
       owner = "CosmWasm";
       repo = "wasmd";
       rev = "v${version}";
-      hash = "sha256-y+yCzOLR2nRdA6w+u3iI3c8XSHeCIpqdX90msJj+cVA=";
+      hash = "sha256-lxx1rKvgzvWKeGnUG4Ij7K6tfL7u3cIaf6/CYRvkqLg=";
     };
 
     proxyVendor = true;
-    vendorSha256 = "sha256-hRFnF/GmMYy8aOU4lPO6WQOTAmqsyyf+PI0hDEJWf8k=";
+    vendorSha256 = "sha256-Mv4Y7bsmBBnRkOxgosQDXD8jLXlS+rbz7GPCXjj5cto=";
 
     subPackages = ["cmd/wasmd"];
 
-    buildInputs = [autoPatchelfHook];
+    nativeBuildInputs = lib.optionals stdenv.isLinux [autoPatchelfHook];
 
     postBuild = ''
       mkdir -p "$out/lib"

scripts/ci.sh

@@ -37,4 +37,5 @@ get_platform() {
 }
 
 set -x
+nix flake check
 nix build --json --print-build-logs ".#devShells.$(get_platform).default"

scripts/commit_flake_update.bash

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if ! git config --get user.name >/dev/null 2>&1 || \
+  [ "$(git config --get user.name)" = "" ] ||
+  ! git config --get user.email >/dev/null 2>&1 || \
+  [ "$(git config --get user.email)" = "" ]; then
+  echo "git config user.{name,email} is not set - configuring"
+  set -x
+  git config --local user.email "actions-bot"
+  git config --local user.name "[email protected]"
+fi
+
+nix flake update --commit-lock-file
+
+cat >commit_msg <<EOF
+chore(flake.lock): Update all Flake inputs ($(date -I))
+
+$(git log -1 '--pretty=format:%b' | sed '1,2d')
+EOF
+
+git reset --soft 'HEAD~'
+
+if [[ -z "${GITHUB_ENV:-}" ]]; then
+  echo "Not running in CI - exiting"
+  exit 0
+fi
+
+>> "$GITHUB_ENV" cat <<EOF
+COMMIT_MSG<<EOV
+$(cat ./commit_msg)
+EOV
+EOF