search

metalbear-co / mirrord

Connect your local process and your cloud environment, and run local code in cloud conditions.
https://mirrord.dev
MIT License
3.83k stars 105 forks source link

Add mirrord nix package #551

Open aviramha opened 2 years ago

aviramha commented 2 years ago

I saw in #531 that the user uses devbox/nix packages so thought it'd be nice to publish mirrord there as well.

nxy7 commented 1 year ago

I've made some progress toward packaging mirrord (http://github.com/nxy7/mirrord-nix), but it seems that somewhere during build process it tries to use frida gum which itself is not packaged yet and I'm not familiar enough with C to dive into it right now. If someone wants feel free to use my flake as a base. EDIT. To add some additional context, this is the error that I ran into

 Compiling frida-gum-sys v0.8.1 (https://github.com/metalbear-co/frida-rust?branch=capstone_remove#f5c12b62)
   Compiling apple-flat-package v0.13.0
   Compiling actix-web v4.4.0
   Compiling apple-codesign v0.22.0
The following warnings were emitted during compilation:

warning: Frida gum devkit not found, downloading from https://github.com/frida/frida/releases/download/16.0.19/frida-gum-devkit-16.0.19-linux-x86_64.tar.xz...

error: failed to run custom build command for `frida-gum-sys v0.8.1 (https://github.com/metalbear-co/frida-rust?branch=capstone_remove#f5c12b62)`

Caused by:
  process didn't exit successfully: `/build/source/target/release/build/frida-gum-sys-8db122f65ccd3c77/build-script-build` (exit status: 101)
  --- stdout
  cargo:rerun-if-changed=build.rs
  cargo:rustc-link-search=/build/cargo-vendor-dir/frida-gum-sys-0.8.1
  cargo:warning=Frida gum devkit not found, downloading from https://github.com/frida/frida/releases/download/16.0.19/frida-gum-devkit-16.0.19-linux-x86_64.tar.xz...

  --- stderr
  thread 'main' panicked at /build/cargo-vendor-dir/frida-build-0.2.1/src/lib.rs:59:52:
  devkit download request failed: reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("github.com")), port: None>
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...

During nix build we've no access to the internet so obviously any automatic download will fail.

aviramha commented 1 year ago

Appreciate the work you did @nyx7 - I actually tried too but failed very early (nix is quite big to grasp, at least for me). I think "nyxing" frida should be quite easy, since it's all very scripted - would understand if you don't want to delve into that though

nxy7 commented 1 year ago

Frida has some derivations on nixpkgs (frida-tools) but for whatever reason it doesn't include frida-gum. I'll have another try at including it soon, if I succeed then I'll update this issue :-)

rusty-jules commented 1 year ago

Hello! Wish I'd seen this before, but I have a working darwin nix build for mirrord. Took a slightly different approach, but it doesn't have the frida gum issue that appears on linux (and the if statements here were not tested against linux). Please feel free to use @nxy7!

mk-rust-nightly.nix

# https://www.breakds.org/post/build-rust-package/
{ callPackage, fetchFromGitHub, makeRustPlatform }:

{ date, channel }:

let
  mozillaOverlay = fetchFromGitHub {
    owner = "mozilla";
    repo = "nixpkgs-mozilla";
    rev = "6eabade97bc28d707a8b9d82ad13ef143836736e";
    hash = "sha256-1ElPLD8eFfnuIk0G52HGGpRtQZ4QPCjChRlEOfkZ5ro=";
  };
  mozilla = callPackage "${mozillaOverlay.out}/package-set.nix" { };
  rustSpecific = (mozilla.rustChannelOf { inherit date channel; }).rust;
in
makeRustPlatform {
  cargo = rustSpecific;
  rustc = rustSpecific;
}

default.nix

self: super:
let
  mkRustPlatform = super.pkgs.callPackage ./mk-rust-nightly.nix { };
  nightlyRustPackageBuild = {
    inherit (super) lib pkgs;
    inherit (super.pkgs) fetchFromGitHub stdenv;
    rustPlatform = mkRustPlatform {
      date = "2023-09-07";
      channel = "nightly";
    };
  };
in
{
  mirrord = import ./mirrord.nix
    (nightlyRustPackageBuild // { inherit (super.pkgs) protobuf; });
}

mirrord.nix

{ lib
, pkgs
, stdenv
, fetchFromGitHub
, rustPlatform
, protobuf
, doCheck ? false
, ...
}:

let
  version = "3.72.0";

  src = fetchFromGitHub {
    owner = "metalbear-co";
    repo = "mirrord";
    rev = version;
    hash = "sha256-rtDvVQd3qoiQFNoYDcSZZBx3/VONZPNxJJQTcfR/KSo=";
  };

  cargoLock = {
    lockFile = src + "/Cargo.lock";
    outputHashes = {
      # bs-filter is actually part of the rawsocket git source
      "bs-filter-0.1.0" = "sha256-IxuilE2MGdM/1lfvqJ1k5blE036IZEXam6VMgZBHZsQ=";
      # this is the "rust-extensions" derivation
      "containerd-client-0.3.0" =
        "sha256-eUnOe4Epze7qVuM5iyDIIoewIAnhbAvBdFagOpM3fh4=";
      "frida-build-0.2.1" =
        "sha256-MXIPudKEtqvNnekemTcULz2pZBzSWjMFhgWBr4+U8nw=";
      "hyper-1.0.0-rc.4" =
        "sha256-glfvjO+7GNH3zJIc/2ZXhF/EtjN60+z4ov3oNmfaDqg=";
      "hyper-util-0.0.0" =
        "sha256-BMW8fpLt1jg27VKa/x2MkntDs7dLnElXO12rucsc780=";
      "kube-0.86.0" = "sha256-IN6viKcyIw3odWwMX1VIH7epmOj7FPynO+XDI/24l60=";
      "rasn-0.6.1" = "sha256-Pn0v+UR+gMKHMkhGTeL8bYBXoNQNnYrJ8Tluc2HVEZo=";
      "tracing-0.1.37" = "sha256-VVIVJz1+u4PqRFj1lAKGB6EbnP+b4dnimOWaNEkBAos=";
      "rawsocket-0.1.0" = "sha256-IxuilE2MGdM/1lfvqJ1k5blE036IZEXam6VMgZBHZsQ=";
    };
  };

  systemConfiguration = lib.optionals stdenv.isDarwin
    [ pkgs.darwin.apple_sdk.frameworks.SystemConfiguration ];

  mirrord-layer = rustPlatform.buildRustPackage {
    inherit version src cargoLock doCheck;

    pname = "mirrord-layer";

    cargoBuildFlags = [ "-p" "mirrord-layer" ];

    buildInputs = systemConfiguration;

    nativeBuildInputs = [ protobuf ];
  };
in
rustPlatform.buildRustPackage {
  inherit version src cargoLock doCheck;

  pname = "mirrord";

  cargoBuildFlags = [ "-p" "mirrord" ];

  buildInputs = [ mirrord-layer ] ++ systemConfiguration;

  MIRRORD_LAYER_FILE =
    if stdenv.isDarwin then
      "${mirrord-layer}/lib/libmirrord_layer.dylib"
    else
      "${mirrord-layer}/lib/libmirrord_layer.so";
}
nxy7 commented 1 year ago

On linux I have the same issue while building mirrord-layer, so it doesn't work for me. I've tried passing frida gum to library search path via 

  frida-gum = pkgs.stdenv.mkDerivation {
    name = "copy-frida";
    src = ./fridaDeps;
    phases = [ "unpackPhase" "installPhase" ];
    installPhase = ''
      mkdir -p $out/lib
      cp $src/frida-gum.h $out/lib
      cp $src/libfrida-gum.a $out/lib
    '';
  };

....

  buildPhase = ''
    RUSTFLAGS="-Clink-arg=-L${frida-gum}/lib" cargo build --release -p mirrord -Z bindeps
  '';

but it doesn't work and I'm still getting the same error, but this line in error message got me wondering: > cargo:rustc-link-search=/build/cargo-vendor-dir/frida-gum-sys-0.8.1 rustc-link-search doesn't have my ${frida-gum} path appended, I think that's because frida-gum-sys has it's own build.rs. Can we actually pass rustc options to crates that we depend on? I'm not really sure. We'll see if I get anywhere with that.