From 994ac5580e7747b90933a25ddb21c5778b0a8877 Mon Sep 17 00:00:00 2001 From: Oscar Le Dauphin Date: Thu, 18 Jun 2026 17:36:27 +0200 Subject: [PATCH 1/3] suggest: large suggestion to flake.nix Mostly style changes and missing tools - format with alejandra for better readability - add missing cargo-nextest, rust-src component (for lsp), alejandra - use specialized pkg.mkShell instead of mkDerivation - remove hardeningDisable, not sure it's needed --- flake.nix | 73 ++++++++++++++++++++++----------------------- rust-toolchain.toml | 2 +- 2 files changed, 37 insertions(+), 38 deletions(-) diff --git a/flake.nix b/flake.nix index fc9fc420e6..abc5fb7c52 100644 --- a/flake.nix +++ b/flake.nix @@ -1,62 +1,61 @@ # Copyright 2026-Present Datadog, Inc. https://www.datadoghq.com/ # SPDX-License-Identifier: Apache-2.0 - { + description = "A dev environment with the tools needed to work on libdatadog."; inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-25.11"; - - # cross-platform convenience flake-utils.url = "github:numtide/flake-utils"; - # backwards compatibility with nix-build and nix-shell - flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; - # pinned, exact upstream Rust toolchains rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # backwards compatibility with nix-build and nix-shell + flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; }; - outputs = { self, nixpkgs, flake-utils, flake-compat, rust-overlay }: - # resolve for all platforms in turn - flake-utils.lib.eachDefaultSystem (system: - let - # packages for this system platform, with the rust-overlay applied + outputs = { + nixpkgs, + flake-utils, + rust-overlay, + ... + }: + flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; - overlays = [ (import rust-overlay) ]; - }; - - # A devshell for a given Rust toolchain (read from a toolchain file via - # rust-overlay), with the rest of the build dependencies. - mkDevShell = rust: pkgs.stdenv.mkDerivation { - name = "libdatadog-devshell"; - - # The stdenv cc-wrapper injects -D_FORTIFY_SOURCE, which glibc rejects - # when compiling without optimization. Some build scripts (e.g. - # spawn_worker's trampoline.c) compile C at -O0 with -Werror, so the - # resulting fortify #warning becomes a hard error. Disable fortify - # hardening in the shell so those builds succeed. - hardeningDisable = [ "fortify" "fortify3" ]; - - nativeBuildInputs = [ - rust # rustc + cargo + rustfmt + clippy, pinned via toolchain file - pkgs.rust-cbindgen - pkgs.cmake - pkgs.autoconf - pkgs.automake - pkgs.libtool - ]; + overlays = [(import rust-overlay)]; }; + mkShell = rust-toolchain: + pkgs.mkShell { + name = "libdatadog-devshell"; + packages = [ + rust-toolchain + pkgs.rust-cbindgen + pkgs.cargo-nextest + pkgs.cmake + pkgs.autoconf + pkgs.automake + pkgs.libtool + pkgs.alejandra + ]; + env = { + # Required by rust-analyzer + RUST_SRC_PATH = "${rust-toolchain}/lib/rustlib/src/rust/library"; + }; + }; in { # Default: the pinned stable toolchain (single source of truth is # ./rust-toolchain.toml), matching CI and rustup. - devShells.default = mkDevShell (pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml); + # Use with `nix develop` + devShells.default = mkShell (pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml); # Nightly toolchain (./nightly-toolchain.toml) for the jobs that - # genuinely need a nightly compiler. Use with `nix develop .#nightly`. - devShells.nightly = mkDevShell (pkgs.rust-bin.fromRustupToolchainFile ./nightly-toolchain.toml); + # genuinely need a nightly compiler. + # Use with `nix develop .#nightly`. + devShells.nightly = mkShell (pkgs.rust-bin.fromRustupToolchainFile ./nightly-toolchain.toml); } ); } diff --git a/rust-toolchain.toml b/rust-toolchain.toml index f2004ae052..6ab7631f09 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] channel = "1.87.0" -components = ["rustfmt", "clippy"] +components = ["clippy", "rust-src"] profile = "minimal" From a32bae52279ff6ec7346918e71d592426a1539b0 Mon Sep 17 00:00:00 2001 From: Oscar Le Dauphin Date: Thu, 18 Jun 2026 17:58:25 +0200 Subject: [PATCH 2/3] fix: re-add hardeningDisable --- flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/flake.nix b/flake.nix index abc5fb7c52..7e8408d161 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,16 @@ mkShell = rust-toolchain: pkgs.mkShell { name = "libdatadog-devshell"; + # The stdenv cc-wrapper injects -D_FORTIFY_SOURCE, which glibc rejects + # when compiling without optimization. Some build scripts (e.g. + # spawn_worker's trampoline.c) compile C at -O0 with -Werror, so the + # resulting fortify #warning becomes a hard error. Disable fortify + # hardening in the shell so those builds succeed. + hardeningDisable = [ + "fortify" + "fortify3" + ]; + packages = [ rust-toolchain pkgs.rust-cbindgen From 0a490fd4ee5beb26e0578557df9481c704fede55 Mon Sep 17 00:00:00 2001 From: Oscar Le Dauphin Date: Thu, 18 Jun 2026 18:11:19 +0200 Subject: [PATCH 3/3] nit: apply `with pkgs;` suggestion --- flake.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 7e8408d161..4126b985d6 100644 --- a/flake.nix +++ b/flake.nix @@ -41,16 +41,17 @@ "fortify3" ]; - packages = [ - rust-toolchain - pkgs.rust-cbindgen - pkgs.cargo-nextest - pkgs.cmake - pkgs.autoconf - pkgs.automake - pkgs.libtool - pkgs.alejandra - ]; + packages = + [rust-toolchain] + ++ (with pkgs; [ + rust-cbindgen + cargo-nextest + cmake + autoconf + automake + libtool + alejandra + ]); env = { # Required by rust-analyzer RUST_SRC_PATH = "${rust-toolchain}/lib/rustlib/src/rust/library";