Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
crane
A Nix library for building cargo projects. Never build twice thanks to incremental artifact caching.
The JSON schema does not map to any existing format. We tried, but they just aren't suitable for the task. The existing formats are not designed for this, and so end up being verbose, and don't play nice with reproducible builds (e.g. SPDX includes a timestamp). And you still need the binary parsing step and the zlib decompression step, so embedding SPDX doesn't end up making it much easier to consume than the custom format, which is dead simple and maps very well to data structures that vulnerability scanners already use.
Many thanks to u/dpc_pw, whose notes on GitHub were my starting point for the flake definition. (I also just realized I unwittingly gave my article an almost-identical title by the time I was done refining it, so I’m more indebted to them than I thought.)
If you haven't already, I recommend checking out crane for building extensible workflows using cargo and Nix (e.g. running clippy, cargo-audit, cargo-nextest, cargo-tarpaulin, etc.)
Thank you. It looks very useful, so I’ll give it a try. Do you know, offhand, whether I can use crane to build a dependency specified in Cargo.toml with extra settings? I have a more complicated Rust application I’m trying to build with Nix. The solution I’ve arrived at for the moment is building with nocargo just so I can override OUT_DIR when building opencv, but it doesn’t work with LTO and the end result is inferior to my starting point. (If there’s a way to customize the opencv build without needing any extra packages, I’d love to hear about that too.)
I can second that. If you're looking for a non-trivial reference project that uses crane: https://github.com/fedimint/fedimint/blob/master/flake.nix - I'm working on this project full time now and keep tweaking and optimizing as the real needs and requirements arise.
I’m trying to get around a known build issue—it would be great for it to be fixed upstream, but I don’t have any control over it except for setting OUT_DIR during its compilation.