proj: add initial Nix flake support

[cpu]

The tooling required to work in this repo can be a little bit challenging to set up (largely as a side effect of supporting multiple platforms/languages, each with their own tooling requirements).

In an effort to make this easier and more reproducible this commit adds the start of a Nix flake.

Some starting points (assuming you've set up nix, which is outside of the scope of this PR):

• nix build . - builds the platform verifier Rust library in a release configuration using stable Rust.
• nix build .#rustls-platform-verifier-dbg - same as above, but with the "dbg", "base64", and "docsrs" Cargo features enabled.
• nix develop - enter a development shell offering a nightly rust toolchain, Android studio, Android SDK/NDK, Java, and Maven tools for building the Android project and using the release tooling.
• nix develop .#stable - same as above, but with the stable Rust toolchain.
• nix develop .#msrv - same as above, but with the project MSRV Rust toolchain.

There's also an android-emu output for creating an Android device emulator that can be used to run unit tests:

# Terminal 1 - Android emulator
nix develop
nix build .#android-emu
./result/bin/run-test-emulator&
adb devices
adb logcat

# Terminal 2 - Unit tests
nix develop
pushd android && ./gradlew connectedAndroidTest

Future work:

• The NDK version is presently pinned to a 23.x version to avoid a clang libc++ error. This should be resolved so we can use 24.x (Some debugging notes here)
• Support for additional platforms. I believe most of this will work on other systems/targets but I've only tested on x86_64 so have left out additional support for now
• ~It should be possible to configure an Android emulator, and to run the unit tests within the emulator, without using Android studio or manually configuring an emulator.~ I added an output to create an emulator device.
• ~I'm not sure whether there's interest in CI integration. It might be a good idea to add a nix build step somewhere to try and prevent bitrot.~ I added a CI task.

[djc]

I think @Ralith has some Nix experience, maybe he can help review?

[cpu]

I don't have a lot of experience with flakes specifically, but this looks generally reasonable.

Thanks for taking a look :-)

I think we should have CI coverage for it.

I pushed a simple CI job :+1:

[cpu]

It should be possible to configure an Android emulator, and to run the unit tests within the emulator, without using Android studio or manually configuring an emulator.

I pushed one last revision to add an emulator image output. The PR description is updated with some quick usage instructions. This is sufficient for being able to build the project and run the Android tests in an emulator without doing any manual setup in Android studio.

Going to call this done for now and pick up on the NDK version pinning the next time I have a chance to fiddle with this.

[cpu]

CI / Clippy (-Zbuild-std) (pull_request) Failing after 14s cargo deny / audit (pull_request) Failing after 23s CI / Test (Android) (pull_request) Failing after 6m

Unrelated to this branch, resolving these in https://github.com/rustls/rustls-platform-verifier/pull/91

@complexspaces Are you thinking that you'd like to do some further reviewing/testing of this branch or could it be merged soon?

[cpu]

I've gotten slightly better (only slightly 😄) with Nix since I last looked at this, but AFAICT this looks fine. I'm looking forward to trying this out when time permits.

Awesome! I'm not particularly skilled myself so I'm sure there are some improvements we could make down the road. 🚀

[cpu]

cpu force-pushed the cpu-start-nix-flake_dev branch from 25440f2 to 58a085c

Rebased on main to pick up the CI fixes. Will merge once this is all green.