i-probably-didnt-backdoor-this
crane
i-probably-didnt-backdoor-this | crane | |
---|---|---|
5 | 12 | |
148 | 759 | |
- | - | |
0.0 | 9.2 | |
9 months ago | 8 days ago | |
Dockerfile | Nix | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
i-probably-didnt-backdoor-this
-
Can rustc generate identical binaries, with the same hash, from the same souce code?
It's well explored for Linux (I wrote documentation for this in the past: https://github.com/kpcyrd/i-probably-didnt-backdoor-this)
- I-probably-didnt-backdoor-this – experiment on supply-chain security
- A practical experiment on supply-chain security using reproducible builds
- Using Reproducible Builds to reproduce 3rd party packages
- i-probably-didnt-backdoor-this: Using Reproducible Builds to verify a Rust Binary
crane
- Can rustc generate identical binaries, with the same hash, from the same souce code?
- Transitioning to Rust as a company
-
Help with building a 32bit library with cargo
i would also recommend using crane or naersk since iirc rustPlaform.buildRustPackage can mangle some of these options (or maybe i just did something wrong lol)
-
Better support of Docker layer caching in Cargo
Notably crane is doing what cargo-chef is doing for Nix.
-
20 Years of Nix
I don't think it's very valid to compare the two. It is a little bit just to compare the experiences using them bit they aren't meant to solve the same set of issues. In fact, they are better together in my experience. I use nix to manage my terraform configurations with a lot of success. It reduces my boilerplate and helps me build abstractions on top of HCL.
If you ever decide to take a stab at nix again, consider looking at https://github.com/ipetkov/crane and using flakes. I've got it down to the point that I can get a new rust project set up with nix in about 30 seconds with linting, package building, and test running all in the checks
-
Has anyone packaged Rust programs as nix packages?
Take a look at Crane, though it is squarely aimed at non-beginners. If you want to submit whatever you're packaging to nixpkgs and not just for personal use, you can't use crane, though.
-
Crafting container images without Dockerfiles
To get Rust incremental builds, did you consider using something such as crane https://github.com/ipetkov/crane ?
And regarding OCI images, i built nix2container (https://github.com/nlewo/nix2container) to speed up image build and push times.
-
How to setup devShell for rust development with bevy?
This is the relevant part of my flake (which uses the quick-start template of crane):
-
yarnpnp2nix: More efficient way of packaging NodeJS applications
I imagine/hope you've seen this, but over in Rust-land I do something similar using https://github.com/ipetkov/crane. I've been on the lookout for something precisely like this for a while. I don't know much about the newer versions of yarn but imagined such a thing was possible. I am looking forward to trying this out, especially if the above is eventually addressed.
-
Perfect Docker Images for Rust with Nix
If you haven't already, I recommend checking out crane for building extensible workflows using cargo and Nix (e.g. running clippy, cargo-audit, cargo-nextest, cargo-tarpaulin, etc.)
What are some alternatives?
nginx-waf - Nginx + ModSecurity WAF
naersk - Build Rust projects in Nix - no configuration, no code generation, no IFD, sandbox friendly.
docker-bloodhound - BloodHound Docker Ready to Use
api - 🎭 API
platform_external_vanadium - Vanadium integration for GrapheneOS. See https://github.com/GrapheneOS/Vanadium for the Vanadium build configuration and patches.
yarnpnp2nix - A performance focused and space efficient way of packaging NodeJS applications with Nix
openvas-docker - A Docker container for Openvas
cargo-auditable - Make production Rust binaries auditable
in-toto - in-toto is a framework to protect supply chain integrity.
dream2nix - Simplified nix packaging for various programming language ecosystems [maintainer=@DavHau]
gokart-action - Integrate GoKart security static analysis to GitHub Actions
rustshop - Rust Shop is a fake cloud-based software company that you can fork.