treewide: migrate more to bzlmod
This does migrate nearly everything to bzlmod and away from the "old"
WORKSPACE system. We do have to use some workarounds and there is no
good way to get the path to a repository. This definitively requires
some more love in future CLs but this should cover the basics. See
monogon-dev/monogon#343 for more information.
Change-Id: I0e188d8708b66fcdbdf0adc9143c93160e3395ae
Reviewed-on: https://review.monogon.dev/c/monogon/+/3357
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI
diff --git a/MODULE.bazel b/MODULE.bazel
index a25ccc7..ca7bde1 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -78,6 +78,14 @@
bazel_dep(name = "toolchains_protoc", version = "0.3.1")
bazel_dep(name = "protobuf", version = "27.2")
+# Load musl toolchain Metropolis sysroot tarball into external repository.
+musl_sysroot_rule = use_repo_rule("//build/toolchain/musl-host-gcc:sysroot_repository.bzl", "musl_sysroot_rule")
+
+musl_sysroot_rule(
+ name = "musl_sysroot",
+ snapshot = "//build/toolchain/musl-host-gcc:sysroot.tar.xz",
+)
+
# Register our custom CC toolchains. Order matters - more specific toolchains must be registered first.
# (host_cc_toolchain won't care about //build/platforms/linkmode, but musl_host_toolchain won't
# match anything unless its linkmode is set).
diff --git a/WORKSPACE b/WORKSPACE
index 47cb9f3..d6d637c 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -1,147 +1,5 @@
workspace(name = "dev_source_monogon")
-# Assert minimum Bazel version
-load("@bazel_skylib//lib:versions.bzl", "versions")
-
-versions.check(minimum_bazel_version = "7.2.1")
-
-# third_party external repositories
-load("//third_party/linux:external.bzl", "linux_external")
-
-linux_external(
- name = "linux",
- version = "6.6.42",
-)
-
-load("//third_party/linux-firmware:external.bzl", "linux_firmware_external")
-
-linux_firmware_external(
- name = "linux-firmware",
- version = "20240513",
-)
-
-load("//third_party/intel_ucode:external.bzl", "intel_ucode_external")
-
-intel_ucode_external(
- name = "intel_ucode",
- version = "20231114",
-)
-
-load("//third_party/edk2:external.bzl", "edk2_external")
-
-edk2_external(name = "edk2")
-
-load("//third_party/musl:external.bzl", "musl_external")
-
-musl_external(
- name = "musl",
- version = "1.1.24",
-)
-
-load("//third_party/util-linux:external.bzl", "util_linux_external")
-
-util_linux_external(
- name = "util_linux",
- version = "2.36.2",
-)
-load("//third_party/urcu:external.bzl", "urcu_external")
-
-urcu_external(
- name = "urcu",
- version = "0.14.0",
-)
-
-load("//third_party/xfsprogs:external.bzl", "xfsprogs_external")
-
-xfsprogs_external(
- name = "xfsprogs",
- version = "6.9.0",
-)
-
-load("//third_party/pixman:external.bzl", "pixman_external")
-
-pixman_external(
- name = "pixman",
- version = "0.40.0",
-)
-
-load("//third_party/uring:external.bzl", "uring_external")
-
-uring_external(
- name = "uring",
- version = "2.0",
-)
-
-
-load("//third_party/seccomp:external.bzl", "seccomp_external")
-
-seccomp_external(
- name = "seccomp",
- version = "2.5.1",
-)
-
-load("//third_party/glib:external.bzl", "glib_external")
-
-glib_external(
- name = "glib",
- version = "2.67.5",
-)
-
-load("//third_party/qemu:external.bzl", "qemu_external")
-
-qemu_external(
- name = "qemu",
- version = "5.2.0",
-)
-
-load("//third_party/chrony:external.bzl", "chrony_external")
-
-chrony_external(
- name = "chrony",
-)
-
-load("//third_party/cap:external.bzl", "cap_external")
-
-cap_external(
- name = "cap",
- version = "1.2.55",
-)
-
-load("//third_party/gnuefi:external.bzl", "gnuefi_external")
-
-gnuefi_external(
- name = "gnuefi",
- version = "3.0.14",
-)
-
-load("//third_party/efistub:external.bzl", "efistub_external")
-
-efistub_external(
- name = "efistub",
- # Developed in the systemd monorepo, pinned to master as there have been a bunch of critical fixes for the
- # EFI stub since 249.
- version = "3542da2442d8b29661b47c42ad7e5fa9bc8562ec",
-)
-
-load("//third_party/libpg_query:external.bzl", "libpg_query_external")
-
-libpg_query_external(
- name = "libpg_query",
- version = "15-4.2.3",
-)
-
-load("//third_party/dosfstools:external.bzl", "dosfstools_external")
-
-dosfstools_external(
- name = "com_github_dosfstools_dosfstools",
- version = "c888797b1d84ffbb949f147e3116e8bfb2e145a7",
-)
-
-# Load musl toolchain Metropolis sysroot tarball into external repository.
-load("//build/toolchain/musl-host-gcc:sysroot.bzl", "musl_sysroot_repositories")
-
-musl_sysroot_repositories()
-
# bazeldnf is used to generate our sandbox root.
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
@@ -160,17 +18,3 @@
load("//third_party/sandboxroot:repositories.bzl", "sandbox_dependencies")
sandbox_dependencies()
-
-load("//third_party/libtpms:external.bzl", "libtpms_external")
-
-libtpms_external(
- name = "libtpms",
- version = "93a827aeccd3ab2178281571b1545dcfffa2991b",
-)
-
-load("//third_party/swtpm:external.bzl", "swtpm_external")
-
-swtpm_external(
- name = "swtpm",
- version = "0c9a6c4a12a63b86ab472e69e95bd75853d4fa96",
-)
diff --git a/build/bazel/third_party.MODULE.bazel b/build/bazel/third_party.MODULE.bazel
index 52fe2bc..fa68cb8 100644
--- a/build/bazel/third_party.MODULE.bazel
+++ b/build/bazel/third_party.MODULE.bazel
@@ -9,7 +9,7 @@
# Used by tests in cloud/takeover
http_file(
name = "debian_11_cloudimage",
- sha256 = "14caeec68ba3129a115a9b57396d08dc0973cc9f569ce049232d7d15d768ad41",
+ integrity = "sha256-FMruxoujEpoRWptXOW0I3AlzzJ9WnOBJIy19FddorUE=",
urls = [
"https://cloud.debian.org/images/cloud/bullseye/20230124-1270/debian-11-genericcloud-amd64-20230124-1270.qcow2",
],
@@ -35,64 +35,67 @@
#
# WARNING: Not distributed under an OSI certified license. Must only be used in
# tests, not be redistributed!
+COCKROACH_VERSION = "22.1.6"
+
http_archive(
name = "cockroach",
- build_file_content = """
-exports_files([
- "cockroach"
-])
-""",
- sha256 = "0821cff5770400fb94c8b6c2ab338d96f4114fbf2b3206bc8a6dcf62f9c0f4ea",
- strip_prefix = "cockroach-v22.1.6.linux-amd64",
+ build_file = "//third_party/cockroach:BUILD.repo",
+ integrity = "sha256-CCHP9XcEAPuUyLbCqzONlvQRT78rMga8im3PYvnA9Oo=",
+ strip_prefix = "cockroach-v%s.linux-amd64" % COCKROACH_VERSION,
urls = [
# TODO: select() to pick other host architectures.
- "https://binaries.cockroachdb.com/cockroach-v22.1.6.linux-amd64.tgz",
+ "https://binaries.cockroachdb.com/cockroach-v%s.linux-amd64.tgz" % COCKROACH_VERSION,
],
)
# CockroachDB repository used for linter passes.
http_archive(
name = "com_github_cockroachdb_cockroach",
- integrity = "sha256-3xYgvXmuPvrGgtSzfoK/K9p/FCH0eMZywAAL10A41k0=",
- strip_prefix = "cockroach-23.2.4",
+ integrity = "sha256-bDVo7yRM5rh0aU7u7Lg+1PXV3/bPA3yVLs3naCimxQI=",
+ strip_prefix = "cockroach-" + COCKROACH_VERSION,
urls = [
- "https://github.com/cockroachdb/cockroach/archive/v23.2.4.tar.gz",
+ "https://github.com/cockroachdb/cockroach/archive/v%s.tar.gz" % COCKROACH_VERSION,
],
)
# Derived from Mozilla NSS, currently needed for containerd to be able to pull images
http_file(
name = "cacerts",
- sha256 = "1bf458412568e134a4514f5e170a328d11091e071c7110955c9884ed87972ac9",
+ integrity = "sha256-G/RYQSVo4TSkUU9eFwoyjREJHgcccRCVXJiE7YeXKsk=",
urls = ["https://curl.se/ca/cacert-2024-07-02.pem"],
)
# lz4, the library and the tool.
+LZ4_VERSION = "1.9.2"
+
http_archive(
name = "com_github_lz4_lz4",
patch_args = ["-p1"],
patches = ["//third_party/lz4:build.patch"],
- sha256 = "658ba6191fa44c92280d4aa2c271b0f4fbc0e34d249578dd05e50e76d0e5efcc",
- strip_prefix = "lz4-1.9.2",
- urls = ["https://github.com/lz4/lz4/archive/v1.9.2.tar.gz"],
+ strip_prefix = "lz4-" + LZ4_VERSION,
+ urls = ["https://github.com/lz4/lz4/archive/v%s.tar.gz" % LZ4_VERSION],
)
# ini.h, a tiny ini parser library
+INIH_VERSION = "r53"
+
http_archive(
name = "inih",
- build_file = "@//third_party/inih:inih.bzl",
- sha256 = "01b0366fdfdf6363efc070c2f856f1afa33e7a6546548bada5456ad94a516241",
- strip_prefix = "inih-r53",
- urls = ["https://github.com/benhoyt/inih/archive/r53.tar.gz"],
+ build_file = "//third_party/inih:inih.bzl",
+ integrity = "sha256-AbA2b9/fY2PvwHDC+Fbxr6M+emVGVIutpUVq2UpRYkE=",
+ strip_prefix = "inih-" + INIH_VERSION,
+ urls = ["https://github.com/benhoyt/inih/archive/%s.tar.gz" % INIH_VERSION],
)
# qboot bootloader for MicroVMs
+QBOOT_VERSION = "a5300c4949b8d4de2d34bedfaed66793f48ec948"
+
http_archive(
name = "com_github_bonzini_qboot",
build_file = "//third_party/qboot:qboot.bzl",
- sha256 = "a643b2486fbee57b969659d408984094ca9afa1a048317dd3f5d3022e47213e8",
- strip_prefix = "qboot-a5300c4949b8d4de2d34bedfaed66793f48ec948",
- urls = ["https://github.com/bonzini/qboot/archive/a5300c4949b8d4de2d34bedfaed66793f48ec948.tar.gz"],
+ integrity = "sha256-pkOySG++5XuWllnUCJhAlMqa+hoEgxfdP10wIuRyE+g=",
+ strip_prefix = "qboot-" + QBOOT_VERSION,
+ urls = ["https://github.com/bonzini/qboot/archive/%s.tar.gz" % QBOOT_VERSION],
)
git_repository(
@@ -101,3 +104,293 @@
remote = "https://github.com/monogon-dev/gperf.git",
shallow_since = "1615306886 +0100",
)
+
+LINUX_VERSION = "6.6.42"
+
+http_archive(
+ name = "linux",
+ build_file = "//third_party/linux/external:BUILD.repo",
+ integrity = "sha256-iAHIwpfXdOdgRJd+w9BoQ5ncTnzONH1zCHTseLd05oM=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/linux/external:0001-block-partition-expose-PARTUUID-through-uevent.patch",
+ "//third_party/linux/external:disable-static-ifs.patch",
+ "//third_party/linux/external:enable-pmsg.patch",
+ "//third_party/linux/external:lacp_fix.patch",
+ ],
+ strip_prefix = "linux-" + LINUX_VERSION,
+ urls = ["https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-%s.tar.xz" % LINUX_VERSION],
+)
+
+LINUX_FIRMWARE_VERSION = "20240513"
+
+http_archive(
+ name = "linux-firmware",
+ build_file = "//third_party/linux-firmware:BUILD.repo",
+ integrity = "sha256-tyJDZOH9fua4A/hhdH+czefCAwr5Of3B7uoIPqhc5Rw=",
+ strip_prefix = "linux-firmware-" + LINUX_FIRMWARE_VERSION,
+ urls = ["https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-%s.tar.gz" % LINUX_FIRMWARE_VERSION],
+)
+
+INTEL_UCODE_VERSION = "20231114"
+
+http_archive(
+ name = "intel_ucode",
+ build_file = "//third_party/intel_ucode:BUILD.repo",
+ integrity = "sha256-zuJvMR9+LAOd1IzTD5lRg73puY+0wwOYAOLdr1wJDlU=",
+ strip_prefix = "Intel-Linux-Processor-Microcode-Data-Files-microcode-" + INTEL_UCODE_VERSION,
+ urls = ["https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-%s.tar.gz" % INTEL_UCODE_VERSION],
+)
+
+git_repository(
+ name = "edk2",
+ build_file = "//third_party/edk2/external:BUILD.repo",
+ commit = "b24306f15daa2ff8510b06702114724b33895d3c", # stable202202
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/edk2/patches:disable-werror.patch",
+ "//third_party/edk2/patches:remove-brotli-build.patch",
+ ],
+ recursive_init_submodules = True,
+ remote = "https://github.com/tianocore/edk2",
+ shallow_since = "1645456780 +0000",
+)
+
+MUSL_VERSION = "1.1.24"
+
+http_archive(
+ name = "musl",
+ build_file = "//third_party/musl:BUILD.repo",
+ integrity = "sha256-E3DJqBKyzyp9koAlEMygBYzDfmanvt1wBR8KNAFQIqM=",
+ strip_prefix = "musl-" + MUSL_VERSION,
+ urls = ["https://www.musl-libc.org/releases/musl-%s.tar.gz" % MUSL_VERSION],
+)
+
+UTIL_LINUX_VERSION = "2.36.2"
+
+http_archive(
+ name = "util_linux",
+ build_file = "//third_party/util-linux:util-linux.bzl",
+ integrity = "sha256-CEvG+b1Hm/146JJOY/hbsXlTaBvx2tJA5NhgGiEpTQs=",
+ patch_args = ["-p1"],
+ patches = ["//third_party/util-linux/patches:bazel_cc_fix.patch"],
+ strip_prefix = "util-linux-" + UTIL_LINUX_VERSION,
+ urls = ["https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/snapshot/util-linux-%s.tar.gz" % UTIL_LINUX_VERSION],
+)
+
+URCU_VERSION = "0.14.0"
+
+http_archive(
+ name = "urcu",
+ build_file = "//third_party/urcu:urcu.bzl",
+ integrity = "sha256-QvtRKaP//lpLeQ3+HqOnNMae4JX++/ZJMmJpu6lMJi0=",
+ patch_args = ["-p1"],
+ patches = ["//third_party/urcu/patches:generated-files.patch"],
+ strip_prefix = "userspace-rcu-" + URCU_VERSION,
+ urls = ["https://github.com/urcu/userspace-rcu/archive/refs/tags/v%s.tar.gz" % URCU_VERSION],
+)
+
+XFSPROGS_VERSION = "6.9.0"
+
+http_archive(
+ name = "xfsprogs",
+ build_file = "//third_party/xfsprogs:xfsprogs.bzl",
+ integrity = "sha256-/nIGlou9gXd1S6cy9jn4Ubacj3CsX5a7DhgtiGZBQL8=",
+ patch_args = ["-p1"],
+ patches = ["//third_party/xfsprogs/patches:bazel_cc_fix.patch"],
+ strip_prefix = "xfsprogs-dev-" + XFSPROGS_VERSION,
+ urls = ["https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/snapshot/xfsprogs-dev-%s.tar.gz" % XFSPROGS_VERSION],
+)
+
+PIXMAN_VERSION = "0.40.0"
+
+http_archive(
+ name = "pixman",
+ build_file = "//third_party/pixman:pixman.bzl",
+ integrity = "sha256-bSAN7DdA2exOyNEYDiV3nAC8dJ+UJ4yLkCH1U02yI/w=",
+ strip_prefix = "pixman-" + PIXMAN_VERSION + "/pixman",
+ urls = ["https://www.cairographics.org/releases/pixman-%s.tar.gz" % PIXMAN_VERSION],
+)
+
+URING_VERSION = "2.0"
+
+http_archive(
+ name = "uring",
+ build_file = "//third_party/uring:uring.bzl",
+ integrity = "sha256-ygaezEqhuvEDG9dy5Ol/fibftrtzPXn3AVlYmyKrTcA=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/uring/patches:bazel_cc_fix.patch",
+ "//third_party/uring/patches:include-compat-h.patch",
+ ],
+ strip_prefix = "liburing-liburing-" + URING_VERSION,
+ urls = ["https://github.com/axboe/liburing/archive/liburing-%s.tar.gz" % URING_VERSION],
+)
+
+# NOTE: Remember to update seccomp.bzl's seccomp.h template rule
+# with the correct version.
+SECCOMP_VERSION = "2.5.1"
+
+http_archive(
+ name = "seccomp",
+ build_file = "//third_party/seccomp:seccomp.bzl",
+ integrity = "sha256-dq1U4x0UOzmpkINWQEUhKpZeAmoQEKdC7deT0m1pmCk=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/seccomp/patches:bazel_cc_fix.patch",
+ "//third_party/seccomp/patches:fix_generated_includes.patch",
+ ],
+ strip_prefix = "libseccomp-" + SECCOMP_VERSION,
+ # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
+ urls = ["https://github.com/seccomp/libseccomp/archive/v%s.tar.gz" % SECCOMP_VERSION],
+)
+
+GLIB_VERSION = "2.67.5"
+
+http_archive(
+ name = "glib",
+ integrity = "sha256-QQlm23EmONx0kFTAo8MIdUXVEGZDE5wlgGOZpRqNSrE=",
+ patch_args = [
+ "-p1",
+ "-u",
+ ],
+ patches = [
+ "//third_party/glib/patches:bazel_cc_fix.patch",
+ "//third_party/glib/patches:bazel_support.patch",
+ ],
+ strip_prefix = "glib-" + GLIB_VERSION,
+ # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
+ urls = ["https://gitlab.gnome.org/GNOME/glib/-/archive/%s/glib-%s.tar.gz" % (GLIB_VERSION, GLIB_VERSION)],
+)
+
+QEMU_VERSION = "5.2.0"
+
+http_archive(
+ name = "qemu",
+ integrity = "sha256-yxjYibYo++Y3ZysDJnidmw47gCfgRFuTZTfHhUnfF7w=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/qemu/patches:fix_code_issues.patch",
+ "//third_party/qemu/patches:bazel_support.patch",
+ "//third_party/qemu/patches:pregenerated_config_files.patch",
+ "//third_party/qemu/patches:headers_fix.patch",
+ "//third_party/qemu/patches:linux-headers-update.patch",
+ "//third_party/qemu/patches:standard-headers-removal.patch",
+ ],
+ strip_prefix = "qemu-" + QEMU_VERSION,
+ urls = ["https://download.qemu.org/qemu-%s.tar.xz" % QEMU_VERSION],
+)
+
+# ONCHANGE(//third_party/chrony:chrony.bzl): version needs to be kept in sync
+CHRONY_VERSION = "4.1"
+
+http_archive(
+ name = "chrony",
+ build_file = "//third_party/chrony:chrony.bzl",
+ integrity = "sha256-7Xby0/k0esYiGpGtS9VT3QVlrBiM10kNCAHQj3FxFkw=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/chrony/patches:disable_defaults.patch",
+ "//third_party/chrony/patches:support_fixed_uids.patch",
+ ],
+ strip_prefix = "chrony-" + CHRONY_VERSION,
+ urls = ["https://download.tuxfamily.org/chrony/chrony-%s.tar.gz" % CHRONY_VERSION],
+)
+
+CAP_VERSION = "1.2.55"
+
+http_archive(
+ name = "cap",
+ build_file = "//third_party/cap:cap.bzl",
+ integrity = "sha256-4pMiAy6pTpBpauLRdTDtyRTHF2UjLuj9T944umOcslY=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/cap/patches:add_go_codegen.patch",
+ ],
+ strip_prefix = "libcap-cap/v%s/libcap" % CAP_VERSION,
+ urls = ["https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/libcap-cap/v%s.tar.gz" % CAP_VERSION],
+)
+
+GNUEFI_VERSION = "3.0.14"
+
+http_archive(
+ name = "gnuefi",
+ build_file = "//third_party/gnuefi:gnuefi.bzl",
+ integrity = "sha256-V4XneCX+xeZm5MINeqqa9M2VI1GywJWTlydE/oQ2+Vc=",
+ strip_prefix = "gnu-efi-%s" % GNUEFI_VERSION,
+ urls = ["https://github.com/ncroxon/gnu-efi/archive/refs/tags/%s.tar.gz" % GNUEFI_VERSION],
+)
+
+# Developed in the systemd monorepo, pinned to master as there have been a bunch of critical fixes for the
+# EFI stub since 249.
+EFISTUB_VERSION = "3542da2442d8b29661b47c42ad7e5fa9bc8562ec"
+
+http_archive(
+ name = "efistub",
+ build_file = "//third_party/efistub:efistub.bzl",
+ integrity = "sha256-AhwTW+45ynNG0fCZI758BEo9NYZv9BGnyWJnAv9MlSM=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/efistub/patches:use-sysv-for-kernel.patch",
+ "//third_party/efistub/patches:remove-wrong-cmdline-assertion.patch",
+ "//third_party/efistub/patches:ab-slot-handling.patch",
+ ],
+ strip_prefix = "systemd-%s" % EFISTUB_VERSION,
+ urls = ["https://github.com/systemd/systemd/archive/%s.zip" % EFISTUB_VERSION],
+)
+
+LIBPG_QUERY_VERSION = "15-4.2.3"
+
+http_archive(
+ name = "libpg_query",
+ build_file = "//third_party/libpg_query/external:BUILD.repo",
+ integrity = "sha256-i4INY0QrFnfOTw3yqVs/r9vFIKgpAd74EhdVnsTfnms=",
+ strip_prefix = "libpg_query-" + LIBPG_QUERY_VERSION,
+ urls = ["https://github.com/pganalyze/libpg_query/archive/refs/tags/%s.tar.gz" % LIBPG_QUERY_VERSION],
+)
+
+DOSFSTOOLS_VERSION = "c888797b1d84ffbb949f147e3116e8bfb2e145a7"
+
+http_archive(
+ name = "com_github_dosfstools_dosfstools",
+ build_file = "//third_party/dosfstools:dosfstools.bzl",
+ integrity = "sha256-SkC0iMDCWcEftUeD/G8B5e6RJYK7SdM9DRGxH4WkLo0=",
+ strip_prefix = "dosfstools-" + DOSFSTOOLS_VERSION,
+ urls = ["https://github.com/dosfstools/dosfstools/archive/%s.zip" % DOSFSTOOLS_VERSION],
+)
+
+# master at 2024/01/09 (0.10.0 prerelease).
+LIBTPMS_VERSION = "93a827aeccd3ab2178281571b1545dcfffa2991b"
+
+http_archive(
+ name = "libtpms",
+ integrity = "sha256-5QnguhCfd9pRe15YqfCTvrBAUl5r5R3gbRFTyCeMcNE=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/libtpms/patches:0001-boringssl-compat-new-SHA-types.patch",
+ "//third_party/libtpms/patches:0002-boringssl-compat-removed-const_DES_cblock.patch",
+ "//third_party/libtpms/patches:0003-boringssl-compat-removed-EC_POINTs_mul.patch",
+ "//third_party/libtpms/patches:0004-boringssl-compat-removed-camellia-support.patch",
+ "//third_party/libtpms/patches:0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch",
+ "//third_party/libtpms/patches:0006-bazel-support-implement.patch",
+ ],
+ strip_prefix = "libtpms-" + LIBTPMS_VERSION,
+ urls = ["https://github.com/stefanberger/libtpms/archive/%s.tar.gz" % LIBTPMS_VERSION],
+)
+
+# master at 2024/06/04
+SWTPM_VERSION = "0c9a6c4a12a63b86ab472e69e95bd75853d4fa96"
+
+http_archive(
+ name = "swtpm",
+ integrity = "sha256-Fp3bE5WX+oCOES1FJFdEXHntUhuzT5mQZtIN6SFAVs4=",
+ patch_args = ["-p1"],
+ patches = [
+ "//third_party/swtpm/patches:0001-bazel-compat-glib.h-glib-glib.h.patch",
+ "//third_party/swtpm/patches:0002-swtpm_localca-replace-gmp-mpz-dependency-with-boring.patch",
+ "//third_party/swtpm/patches:0003-swtpm_setup-replace-dep-on-JSON-GLib-with-sheredom-j.patch",
+ "//third_party/swtpm/patches:0004-bazel-support-implement.patch",
+ ],
+ strip_prefix = "swtpm-" + SWTPM_VERSION,
+ urls = ["https://github.com/stefanberger/swtpm/archive/%s.tar.gz" % SWTPM_VERSION],
+)
diff --git a/build/toolchain/musl-host-gcc/BUILD.bazel b/build/toolchain/musl-host-gcc/BUILD.bazel
index 5b83901..94f2953 100644
--- a/build/toolchain/musl-host-gcc/BUILD.bazel
+++ b/build/toolchain/musl-host-gcc/BUILD.bazel
@@ -29,7 +29,7 @@
has_cpp = False,
host_includes = [],
is_glibc = False,
- sysroot = "external/musl_sysroot",
+ sysroot = "external/_main~_repo_rules~musl_sysroot",
)
filegroup(
diff --git a/third_party/cap/external.bzl b/third_party/cap/external.bzl
deleted file mode 100644
index 075851b..0000000
--- a/third_party/cap/external.bzl
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2021 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def cap_external(name, version):
- sums = {
- "1.2.55": "e29322032ea94e90696ae2d17530edc914c71765232ee8fd4fde38ba639cb256",
- }
-
- http_archive(
- name = name,
- sha256 = sums[version],
- build_file = "@//third_party/cap:cap.bzl",
- strip_prefix = "libcap-cap/v%s/libcap" % version,
- patch_args = ["-p1"],
- patches = [
- "//third_party/cap/patches:add_go_codegen.patch",
- ],
- urls = ["https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/libcap-cap/v%s.tar.gz" % version],
- )
diff --git a/third_party/chrony/chrony.bzl b/third_party/chrony/chrony.bzl
index 82b39aa..bb1477c 100644
--- a/third_party/chrony/chrony.bzl
+++ b/third_party/chrony/chrony.bzl
@@ -5,7 +5,7 @@
name = "config.h",
src = "@@//third_party/chrony:config.h.in",
substitutions = {
- # ONCHANGE(//third_party/chrony:external.bzl): version needs to be kept in sync
+ # ONCHANGE(//build/bazel:third_party.MODULE.bazel): version needs to be kept in sync
"%CHRONY_VERSION%": "4.1-monogon",
},
)
diff --git a/third_party/chrony/external.bzl b/third_party/chrony/external.bzl
deleted file mode 100644
index f28a427..0000000
--- a/third_party/chrony/external.bzl
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def chrony_external(name):
- # ONCHANGE(//third_party/chrony:chrony.bzl): version needs to be kept in sync
- version = "4.1"
-
- http_archive(
- name = name,
- sha256 = "ed76f2d3f9347ac6221a91ad4bd553dd0565ac188cd7490d0801d08f7171164c",
- build_file = "@//third_party/chrony:chrony.bzl",
- strip_prefix = "chrony-" + version,
- patch_args = ["-p1"],
- patches = [
- "//third_party/chrony/patches:disable_defaults.patch",
- "//third_party/chrony/patches:support_fixed_uids.patch",
- ],
- urls = ["https://download.tuxfamily.org/chrony/chrony-%s.tar.gz" % version],
- )
diff --git a/third_party/cockroach/BUILD.bazel b/third_party/cockroach/BUILD.bazel
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/third_party/cockroach/BUILD.bazel
diff --git a/third_party/cockroach/BUILD.repo b/third_party/cockroach/BUILD.repo
new file mode 100644
index 0000000..e9ec3f7
--- /dev/null
+++ b/third_party/cockroach/BUILD.repo
@@ -0,0 +1,3 @@
+exports_files([
+ "cockroach"
+])
\ No newline at end of file
diff --git a/third_party/dosfstools/dosfstools.bzl b/third_party/dosfstools/dosfstools.bzl
index b1984ee..cfe4b28 100644
--- a/third_party/dosfstools/dosfstools.bzl
+++ b/third_party/dosfstools/dosfstools.bzl
@@ -35,7 +35,7 @@
name = "version.h",
src = "src/version.h.in",
substitutions = {
- # ONCHANGE(//third_party/dosfstools:external.bzl): version needs to be kept in sync
+ # ONCHANGE(//build/bazel:third_party.MODULE.bazel): version needs to be kept in sync
"@PACKAGE_VERSION@": "unstable-2022-07-25",
"@RELEASE_DATE@": "2022-07-25",
},
diff --git a/third_party/dosfstools/external.bzl b/third_party/dosfstools/external.bzl
deleted file mode 100644
index 459f725..0000000
--- a/third_party/dosfstools/external.bzl
+++ /dev/null
@@ -1,14 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def dosfstools_external(name, version):
- sums = {
- "c888797b1d84ffbb949f147e3116e8bfb2e145a7": "4a40b488c0c259c11fb54783fc6f01e5ee912582bb49d33d0d11b11f85a42e8d",
- }
-
- http_archive(
- name = name,
- sha256 = sums[version],
- strip_prefix = "dosfstools-" + version,
- build_file = "@//third_party/dosfstools:dosfstools.bzl",
- urls = ["https://github.com/dosfstools/dosfstools/archive/%s.zip" % (version)],
- )
diff --git a/third_party/edk2/external.bzl b/third_party/edk2/external.bzl
deleted file mode 100644
index 975769c..0000000
--- a/third_party/edk2/external.bzl
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:git.bzl", "new_git_repository")
-
-def edk2_external(name):
- new_git_repository(
- name = name,
- build_file = "//third_party/edk2/external:BUILD.repo",
- commit = "b24306f15daa2ff8510b06702114724b33895d3c", # stable202202
- recursive_init_submodules = True,
- remote = "https://github.com/tianocore/edk2",
- shallow_since = "1645456780 +0000",
- patches = ["//third_party/edk2/patches:disable-werror.patch", "//third_party/edk2/patches:remove-brotli-build.patch"],
- patch_args = ["-p1"],
- )
diff --git a/third_party/edk2/external/BUILD.repo b/third_party/edk2/external/BUILD.repo
index 9faa930..acb27b8 100644
--- a/third_party/edk2/external/BUILD.repo
+++ b/third_party/edk2/external/BUILD.repo
@@ -16,13 +16,13 @@
# The edk2 build does not like Bazel's default genrule environment.
set +u
- cd external/edk2
+ cd external/_main~_repo_rules~edk2
. edksetup.sh
make -C BaseTools/Source/C
build -DTPM2_ENABLE -DSECURE_BOOT_ENABLE -t GCC5 -a X64 -b RELEASE -p $$PWD/OvmfPkg/OvmfPkgX64.dsc
) > /dev/null
- cp external/edk2/Build/OvmfX64/RELEASE_GCC5/FV/{OVMF_CODE.fd,OVMF_VARS.fd} $(RULEDIR)
+ cp external/_main~_repo_rules~edk2/Build/OvmfX64/RELEASE_GCC5/FV/{OVMF_CODE.fd,OVMF_VARS.fd} $(RULEDIR)
""",
visibility = ["//visibility:public"],
)
diff --git a/third_party/efistub/external.bzl b/third_party/efistub/external.bzl
deleted file mode 100644
index ababb53..0000000
--- a/third_party/efistub/external.bzl
+++ /dev/null
@@ -1,20 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def efistub_external(name, version):
- sums = {
- "3542da2442d8b29661b47c42ad7e5fa9bc8562ec": "021c135bee39ca7346d1f09923be7c044a3d35866ff411a7c9626702ff4c9523",
- }
-
- http_archive(
- name = name,
- build_file = "@//third_party/efistub:efistub.bzl",
- sha256 = sums[version],
- strip_prefix = "systemd-%s" % version,
- patch_args = ["-p1"],
- patches = [
- "//third_party/efistub/patches:use-sysv-for-kernel.patch",
- "//third_party/efistub/patches:remove-wrong-cmdline-assertion.patch",
- "//third_party/efistub/patches:ab-slot-handling.patch",
- ],
- urls = ["https://github.com/systemd/systemd/archive/%s.zip" % version],
- )
diff --git a/third_party/glib/external.bzl b/third_party/glib/external.bzl
deleted file mode 100644
index 0edd3f9..0000000
--- a/third_party/glib/external.bzl
+++ /dev/null
@@ -1,35 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def glib_external(name, version):
- sums = {
- "2.67.5": "410966db712638dc749054c0a3c3087545d5106643139c25806399a51a8d4ab1",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1", "-u"],
- patches = [
- "//third_party/glib/patches:bazel_cc_fix.patch",
- "//third_party/glib/patches:bazel_support.patch",
- ],
- sha256 = sums[version],
- strip_prefix = "glib-" + version,
- # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
- urls = ["https://gitlab.gnome.org/GNOME/glib/-/archive/%s/glib-%s.tar.gz" % (version, version)],
- )
diff --git a/third_party/gnuefi/external.bzl b/third_party/gnuefi/external.bzl
deleted file mode 100644
index 83bf66e..0000000
--- a/third_party/gnuefi/external.bzl
+++ /dev/null
@@ -1,15 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def gnuefi_external(name, version):
- sums = {
- "3.0.14": "5785e77825fec5e666e4c20d7aaa9af4cd952351b2c09593972744fe8436f957",
- }
-
- http_archive(
- name = name,
- sha256 = sums[version],
- build_file = "@//third_party/gnuefi:gnuefi.bzl",
- strip_prefix = "gnu-efi-%s" % version,
- urls = ["https://github.com/ncroxon/gnu-efi/archive/refs/tags/%s.tar.gz" % version],
- )
-
diff --git a/third_party/intel_ucode/BUILD.repo b/third_party/intel_ucode/BUILD.repo
new file mode 100644
index 0000000..351b565
--- /dev/null
+++ b/third_party/intel_ucode/BUILD.repo
@@ -0,0 +1,2 @@
+# Anything other than family 6 is not interesting to us
+filegroup(name = "fam6h", srcs = glob(["intel-ucode/06-*"]), visibility = ["//visibility:public"])
\ No newline at end of file
diff --git a/third_party/intel_ucode/external.bzl b/third_party/intel_ucode/external.bzl
deleted file mode 100644
index f94a1e9..0000000
--- a/third_party/intel_ucode/external.bzl
+++ /dev/null
@@ -1,21 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def intel_ucode_external(name, version):
- sums = {
- "20220207": "532527bd17f3ea6664452b536699818a3bf896e4ace689a43a73624711b7c921",
- "20230214": "3a3cfe2c7642339af9f4c2ad69f5f367dfa4cd1f7f9fd4124dedefb7803591d4",
- "20230808": "fe49bb719441f20335ed6004090ab38cdc374134d36d4f5d30be7ed93b820313",
- "20231114": "cee26f311f7e2c039dd48cd30f995183bde9b98fb4c3039800e2ddaf5c090e55",
- }
- all_content = """
-# Anything other than family 6 is not interesting to us
-filegroup(name = "fam6h", srcs = glob(["intel-ucode/06-*"]), visibility = ["//visibility:public"])
- """
-
- http_archive(
- name = name,
- build_file_content = all_content,
- sha256 = sums[version],
- strip_prefix = "Intel-Linux-Processor-Microcode-Data-Files-microcode-" + version,
- urls = ["https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-%s.tar.gz" % version],
- )
diff --git a/third_party/libpg_query/external.bzl b/third_party/libpg_query/external.bzl
deleted file mode 100644
index 2a22ad4..0000000
--- a/third_party/libpg_query/external.bzl
+++ /dev/null
@@ -1,13 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def libpg_query_external(name, version):
- sums = {
- "15-4.2.3": "8b820d63442b1677ce4f0df2a95b3fafdbc520a82901def81217559ec4df9e6b",
- }
- http_archive(
- name = name,
- build_file = "//third_party/libpg_query/external:BUILD.repo",
- sha256 = sums[version],
- strip_prefix = "libpg_query-" + version,
- urls = ["https://github.com/pganalyze/libpg_query/archive/refs/tags/%s.tar.gz" % version],
- )
diff --git a/third_party/libtpms/BUILD.bazel b/third_party/libtpms/BUILD.bazel
index e69de29..6bbc4eb 100644
--- a/third_party/libtpms/BUILD.bazel
+++ b/third_party/libtpms/BUILD.bazel
@@ -0,0 +1,6 @@
+# TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301
+alias(
+ name = "libtpms_tpm2",
+ actual = "@libtpms//:libtpms_tpm2",
+ visibility = ["//visibility:public"],
+)
diff --git a/third_party/libtpms/external.bzl b/third_party/libtpms/external.bzl
deleted file mode 100644
index d6052b4..0000000
--- a/third_party/libtpms/external.bzl
+++ /dev/null
@@ -1,23 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def libtpms_external(name, version):
- sums = {
- # master at 2024/01/09 (0.10.0 prerelease).
- "93a827aeccd3ab2178281571b1545dcfffa2991b": "e509e0ba109f77da517b5e58a9f093beb040525e6be51de06d1153c8278c70d1",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = [
- "//third_party/libtpms/patches:0001-boringssl-compat-new-SHA-types.patch",
- "//third_party/libtpms/patches:0002-boringssl-compat-removed-const_DES_cblock.patch",
- "//third_party/libtpms/patches:0003-boringssl-compat-removed-EC_POINTs_mul.patch",
- "//third_party/libtpms/patches:0004-boringssl-compat-removed-camellia-support.patch",
- "//third_party/libtpms/patches:0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch",
- "//third_party/libtpms/patches:0006-bazel-support-implement.patch",
- ],
- sha256 = sums[version],
- strip_prefix = "libtpms-" + version,
- urls = ["https://github.com/stefanberger/libtpms/archive/%s.tar.gz" % version],
- )
diff --git a/third_party/libtpms/patches/0006-bazel-support-implement.patch b/third_party/libtpms/patches/0006-bazel-support-implement.patch
index 8152a55..ed540b1 100644
--- a/third_party/libtpms/patches/0006-bazel-support-implement.patch
+++ b/third_party/libtpms/patches/0006-bazel-support-implement.patch
@@ -26,11 +26,11 @@
+ "include",
+ ],
+ copts = [
-+ "-Iexternal/libtpms/include/libtpms",
-+ "-Iexternal/libtpms/src",
-+ "-Iexternal/libtpms/src/tpm2",
-+ "-Iexternal/libtpms/src/tpm2/crypto",
-+ "-Iexternal/libtpms/src/tpm2/crypto/openssl",
++ "-Iexternal/_main~_repo_rules~libtpms/include/libtpms",
++ "-Iexternal/_main~_repo_rules~libtpms/src",
++ "-Iexternal/_main~_repo_rules~libtpms/src/tpm2",
++ "-Iexternal/_main~_repo_rules~libtpms/src/tpm2/crypto",
++ "-Iexternal/_main~_repo_rules~libtpms/src/tpm2/crypto/openssl",
+ ],
+ defines = [
+ "TPM_LIBTPMS_CALLBACKS",
diff --git a/third_party/linux-firmware/BUILD.repo b/third_party/linux-firmware/BUILD.repo
new file mode 100644
index 0000000..a6ba223
--- /dev/null
+++ b/third_party/linux-firmware/BUILD.repo
@@ -0,0 +1,3 @@
+filegroup(name = "all_files", srcs = glob(["**"]), visibility = ["//visibility:public"])
+filegroup(name = "metadata", srcs = ["WHENCE"], visibility = ["//visibility:public"])
+filegroup(name = "amd_ucode", srcs = glob(["amd-ucode/*.bin"]), visibility = ["//visibility:public"])
\ No newline at end of file
diff --git a/third_party/linux-firmware/external.bzl b/third_party/linux-firmware/external.bzl
deleted file mode 100644
index 50faa36..0000000
--- a/third_party/linux-firmware/external.bzl
+++ /dev/null
@@ -1,28 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def linux_firmware_external(name, version):
- sums = {
- "20211216": "c0f735dd232c22d41ce4d23a050a8d6efe3b6b8cbf9d0a636af5f9df66a619a3",
- "20230310": "14c472af10f9b566c4f575aeb30d8a274d54b1660007e7426b7e4ea21dff81aa",
- # 2023-07-25 master for Zenbleed (CVE-2023-20593)
- "b6ea35ff6b9869470a0c68813f1668acb3d356a8": "67e58b74fb0eebb17fdf95c58a24c6244f93bb0ae8e880f1814ad80463f3a935",
- # 2023-08-09 master for Inception (CVE-2023-20569) and
- # Phantom (CVE-2022-23825)
- "f2eb058afc57348cde66852272d6bf11da1eef8f": "fcd570b8b259049dd84a0326f17a313271962f806ca32dbd9e40cdd9079857d0",
- "20230919": "1dac602218f83f2c81dd72e599ae6c926901b3d36babccce46cd84293a37e473",
- "20231211": "d0ba54f05f5dd34b0fc5a1e1970cd9cbc48491d2da97f3798a9e13530dc18298",
- "20240513": "b7224364e1fd7ee6b803f861747f9ccde7c2030af939fdc1eeea083ea85ce51c",
- }
- all_content = """
-filegroup(name = "all_files", srcs = glob(["**"]), visibility = ["//visibility:public"])
-filegroup(name = "metadata", srcs = ["WHENCE"], visibility = ["//visibility:public"])
-filegroup(name = "amd_ucode", srcs = glob(["amd-ucode/*.bin"]), visibility = ["//visibility:public"])
- """
-
- http_archive(
- name = name,
- build_file_content = all_content,
- sha256 = sums[version],
- strip_prefix = "linux-firmware-" + version,
- urls = ["https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-%s.tar.gz" % version],
- )
diff --git a/third_party/linux/external.bzl b/third_party/linux/external.bzl
deleted file mode 100644
index 548d192..0000000
--- a/third_party/linux/external.bzl
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def linux_external(name, version):
- sums = {
- "6.6.13": "88b89e7dd41ead4e3ab1e411c8bb8d592575acf815cf1df3c0dc57e2e882c0bc",
- "6.6.30": "b66a5b863b0f8669448b74ca83bd641a856f164b29956e539bbcb5fdeeab9cc6",
- "6.6.42": "8801c8c297d774e76044977ec3d0684399dc4e7cce347d730874ec78b774e683",
- }
- http_archive(
- name = name,
- build_file = "//third_party/linux/external:BUILD.repo",
- patch_args = ["-p1"],
- patches = [
- "//third_party/linux/external:0001-block-partition-expose-PARTUUID-through-uevent.patch",
- "//third_party/linux/external:disable-static-ifs.patch",
- "//third_party/linux/external:enable-pmsg.patch",
- "//third_party/linux/external:lacp_fix.patch",
- ],
- sha256 = sums[version],
- strip_prefix = "linux-" + version,
- urls = ["https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-%s.tar.xz" % version],
- )
diff --git a/third_party/musl/BUILD.bazel b/third_party/musl/BUILD.bazel
index afd1212..91d7398 100644
--- a/third_party/musl/BUILD.bazel
+++ b/third_party/musl/BUILD.bazel
@@ -27,7 +27,7 @@
cmd = """
OUT=$$PWD/$(RULEDIR)
(
- cd external/musl
+ cd external/_main~_repo_rules~musl
./configure --prefix=$$OUT --syslibdir=$$OUT --libdir=$$OUT
make -j $$(nproc) install-libs
) > /dev/null
diff --git a/third_party/musl/BUILD.repo b/third_party/musl/BUILD.repo
new file mode 100644
index 0000000..0f930c5
--- /dev/null
+++ b/third_party/musl/BUILD.repo
@@ -0,0 +1 @@
+filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])
\ No newline at end of file
diff --git a/third_party/musl/external.bzl b/third_party/musl/external.bzl
deleted file mode 100644
index b9b4f83..0000000
--- a/third_party/musl/external.bzl
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def musl_external(name, version):
- sums = {
- "1.1.24": "1370c9a812b2cf2a7d92802510cca0058cc37e66a7bedd70051f0a34015022a3"
- }
- all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
-
- http_archive(
- name = name,
- build_file_content = all_content,
- sha256 = sums[version],
- strip_prefix = "musl-" + version,
- urls = ["https://www.musl-libc.org/releases/musl-%s.tar.gz" % version],
- )
-
diff --git a/third_party/pixman/external.bzl b/third_party/pixman/external.bzl
deleted file mode 100644
index b64660c..0000000
--- a/third_party/pixman/external.bzl
+++ /dev/null
@@ -1,30 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def pixman_external(name, version):
- sums = {
- "0.40.0": "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc",
- }
-
- http_archive(
- name = name,
- sha256 = sums[version],
- build_file = "@//third_party/pixman:pixman.bzl",
- strip_prefix = "pixman-" + version + "/pixman",
- urls = ["https://www.cairographics.org/releases/pixman-%s.tar.gz" % version],
- )
diff --git a/third_party/qemu/external.bzl b/third_party/qemu/external.bzl
deleted file mode 100644
index cae80da..0000000
--- a/third_party/qemu/external.bzl
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def qemu_external(name, version):
- sums = {
- "5.2.0": "cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = [
- "//third_party/qemu/patches:fix_code_issues.patch",
- "//third_party/qemu/patches:bazel_support.patch",
- "//third_party/qemu/patches:pregenerated_config_files.patch",
- "//third_party/qemu/patches:headers_fix.patch",
- "//third_party/qemu/patches:linux-headers-update.patch",
- "//third_party/qemu/patches:standard-headers-removal.patch",
- ],
- sha256 = sums[version],
- strip_prefix = "qemu-" + version,
- urls = ["https://download.qemu.org/qemu-%s.tar.xz" % version],
- )
diff --git a/third_party/qemu/patches/bazel_support.patch b/third_party/qemu/patches/bazel_support.patch
index 00c1ff2..2b2c66a 100644
--- a/third_party/qemu/patches/bazel_support.patch
+++ b/third_party/qemu/patches/bazel_support.patch
@@ -1684,7 +1684,7 @@
+def _impl_cc_qemu_trace(ctx):
+ outs = []
+ for src in ctx.files.srcs:
-+ name = src.path.replace("external/qemu/", "").replace("/trace-events", "").replace("/", "_")
++ name = src.path.replace("external/_main~_repo_rules~qemu/", "").replace("/trace-events", "").replace("/", "_")
+ if name == "trace-events":
+ name = "root"
+ trace_h = ctx.actions.declare_file("trace-{}.h".format(name))
diff --git a/third_party/qemu/patches/pregenerated_config_files.patch b/third_party/qemu/patches/pregenerated_config_files.patch
index ced72f5..8facc61 100644
--- a/third_party/qemu/patches/pregenerated_config_files.patch
+++ b/third_party/qemu/patches/pregenerated_config_files.patch
@@ -198,7 +198,7 @@
+
+#define CONFIG_QEMU_DESKTOPDIR "/nonexistent"
+
-+#define CONFIG_QEMU_FIRMWAREPATH "external/qemu/pc-bios"
++#define CONFIG_QEMU_FIRMWAREPATH "external/_main~_repo_rules~qemu/pc-bios"
+
+#define CONFIG_QEMU_HELPERDIR "/nonexistent"
+
diff --git a/third_party/seccomp/external.bzl b/third_party/seccomp/external.bzl
deleted file mode 100644
index 7f558c6..0000000
--- a/third_party/seccomp/external.bzl
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def seccomp_external(name, version):
- # NOTE: Remember to update seccomp.bzl's seccomp.h template rule
- # with the correct version.
- sums = {
- "2.5.1": "76ad54e31d143b39a99083564045212a965e026a1010a742edd793d26d699829",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = [
- "//third_party/seccomp/patches:bazel_cc_fix.patch",
- "//third_party/seccomp/patches:fix_generated_includes.patch",
- ],
- sha256 = sums[version],
- build_file = "@//third_party/seccomp:seccomp.bzl",
- strip_prefix = "libseccomp-" + version,
- # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
- urls = ["https://github.com/seccomp/libseccomp/archive/v%s.tar.gz" % version],
- )
diff --git a/third_party/swtpm/external.bzl b/third_party/swtpm/external.bzl
deleted file mode 100644
index 903bb33..0000000
--- a/third_party/swtpm/external.bzl
+++ /dev/null
@@ -1,21 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def swtpm_external(name, version):
- sums = {
- # master at 2024/06/04
- "0c9a6c4a12a63b86ab472e69e95bd75853d4fa96": "169ddb139597fa808e112d452457445c79ed521bb34f999066d20de9214056ce",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = [
- "//third_party/swtpm/patches:0001-bazel-compat-glib.h-glib-glib.h.patch",
- "//third_party/swtpm/patches:0002-swtpm_localca-replace-gmp-mpz-dependency-with-boring.patch",
- "//third_party/swtpm/patches:0003-swtpm_setup-replace-dep-on-JSON-GLib-with-sheredom-j.patch",
- "//third_party/swtpm/patches:0004-bazel-support-implement.patch",
- ],
- sha256 = sums[version],
- strip_prefix = "swtpm-" + version,
- urls = ["https://github.com/stefanberger/swtpm/archive/%s.tar.gz" % version],
- )
diff --git a/third_party/swtpm/patches/0004-bazel-support-implement.patch b/third_party/swtpm/patches/0004-bazel-support-implement.patch
index 15245c6..ce69992 100644
--- a/third_party/swtpm/patches/0004-bazel-support-implement.patch
+++ b/third_party/swtpm/patches/0004-bazel-support-implement.patch
@@ -47,8 +47,8 @@
+cc_binary(
+ name = "swtpm",
+ deps = [
-+ "@libtpms//:libtpms_tpm2",
-+ "@glib//glib",
++ "@@//third_party/libtpms:libtpms_tpm2",
++ "@@//third_party/glib",
+ ],
+ srcs = glob([
+ "src/swtpm/*.h",
@@ -64,9 +64,9 @@
+ "src/utils/swtpm_utils.c",
+ ]),
+ copts = [
-+ "-Iexternal/swtpm/include",
-+ "-Iexternal/swtpm/include/swtpm",
-+ "-Iexternal/swtpm/src/utils",
++ "-Iexternal/_main~_repo_rules~swtpm/include",
++ "-Iexternal/_main~_repo_rules~swtpm/include/swtpm",
++ "-Iexternal/_main~_repo_rules~swtpm/src/utils",
+ ],
+ visibility = [
+ "//visibility:public",
@@ -76,8 +76,8 @@
+cc_binary(
+ name = "swtpm_localca",
+ deps = [
-+ "@libtpms//:libtpms_tpm2",
-+ "@glib//glib",
++ "@@//third_party/libtpms:libtpms_tpm2",
++ "@@//third_party/glib",
+ ],
+ srcs = glob([
+ "src/swtpm_localca/*.h",
@@ -88,9 +88,9 @@
+ "src/utils/*.c",
+ ], []),
+ copts = [
-+ "-Iexternal/swtpm/include",
-+ "-Iexternal/swtpm/include/swtpm",
-+ "-Iexternal/swtpm/src/utils",
++ "-Iexternal/_main~_repo_rules~swtpm/include",
++ "-Iexternal/_main~_repo_rules~swtpm/include/swtpm",
++ "-Iexternal/_main~_repo_rules~swtpm/src/utils",
+ ],
+ visibility = [
+ "//visibility:public",
@@ -100,8 +100,8 @@
+cc_binary(
+ name = "swtpm_setup",
+ deps = [
-+ "@libtpms//:libtpms_tpm2",
-+ "@glib//glib",
++ "@@//third_party/libtpms:libtpms_tpm2",
++ "@@//third_party/glib",
+ ],
+ srcs = glob([
+ "src/swtpm_setup/*.h",
@@ -112,9 +112,9 @@
+ "src/utils/*.c",
+ ], []),
+ copts = [
-+ "-Iexternal/swtpm/include",
-+ "-Iexternal/swtpm/include/swtpm",
-+ "-Iexternal/swtpm/src/utils",
++ "-Iexternal/_main~_repo_rules~swtpm/include",
++ "-Iexternal/_main~_repo_rules~swtpm/include/swtpm",
++ "-Iexternal/_main~_repo_rules~swtpm/src/utils",
+ ],
+ visibility = [
+ "//visibility:public",
@@ -132,7 +132,7 @@
+ "include/*.h",
+ ], []),
+ copts = [
-+ "-Iexternal/swtpm/include",
++ "-Iexternal/_main~_repo_rules~swtpm/include",
+ ],
+ visibility = [
+ "//visibility:public",
diff --git a/third_party/urcu/external.bzl b/third_party/urcu/external.bzl
deleted file mode 100644
index df78388..0000000
--- a/third_party/urcu/external.bzl
+++ /dev/null
@@ -1,16 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def urcu_external(name, version):
- sums = {
- "0.14.0": "sha256-QvtRKaP//lpLeQ3+HqOnNMae4JX++/ZJMmJpu6lMJi0=",
- }
-
- http_archive(
- name = name,
- integrity = sums[version],
- strip_prefix = "userspace-rcu-" + version,
- build_file = "@//third_party/urcu:urcu.bzl",
- patch_args = ["-p1"],
- patches = ["//third_party/urcu/patches:generated-files.patch"],
- urls = ["https://github.com/urcu/userspace-rcu/archive/refs/tags/v%s.tar.gz" % version],
- )
diff --git a/third_party/uring/external.bzl b/third_party/uring/external.bzl
deleted file mode 100644
index 35f9924..0000000
--- a/third_party/uring/external.bzl
+++ /dev/null
@@ -1,35 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def uring_external(name, version):
- sums = {
- "2.0": "ca069ecc4aa1baf1031bd772e4e97f7e26dfb6bb733d79f70159589b22ab4dc0",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = [
- "//third_party/uring/patches:bazel_cc_fix.patch",
- "//third_party/uring/patches:include-compat-h.patch",
- ],
- sha256 = sums[version],
- build_file = "@//third_party/uring:uring.bzl",
- strip_prefix = "liburing-liburing-" + version,
- urls = ["https://github.com/axboe/liburing/archive/liburing-%s.tar.gz" % version],
- )
diff --git a/third_party/util-linux/external.bzl b/third_party/util-linux/external.bzl
deleted file mode 100644
index d764b4d..0000000
--- a/third_party/util-linux/external.bzl
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def util_linux_external(name, version):
- sums = {
- "2.34": "1d0c1a38f8c14a2c251681907203cccc78704f5702f2ef4b438bed08344242f7",
- "2.36.2": "084bc6f9bd479bfd78e8924e63f85bb17953681bf1dad240e4d8601a21294d0b",
- }
-
- http_archive(
- name = name,
- sha256 = sums[version],
- strip_prefix = "util-linux-" + version,
- build_file = "@//third_party/util-linux:util-linux.bzl",
- patch_args = ["-p1"],
- patches = ["//third_party/util-linux/patches:bazel_cc_fix.patch"],
- urls = ["https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/snapshot/util-linux-%s.tar.gz" % version],
- )
diff --git a/third_party/xfsprogs/external.bzl b/third_party/xfsprogs/external.bzl
deleted file mode 100644
index 2c19a60..0000000
--- a/third_party/xfsprogs/external.bzl
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2020 The Monogon Project Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-def xfsprogs_external(name, version):
- sums = {
- "5.2.1": "6187f25f1744d1ecbb028b0ea210ad586d0f2dae24e258e4688c67740cc861ef",
- "5.10.0": "e807ca9fd8f01e45c9ec8ffb3c123bdb7dfcfd8e05340520d2ff1ddbc3bd7c88",
- "6.9.0": "fe7206968bbd8177754ba732f639f851b69c8f70ac5f96bb0e182d88664140bf",
- }
-
- http_archive(
- name = name,
- patch_args = ["-p1"],
- patches = ["//third_party/xfsprogs/patches:bazel_cc_fix.patch"],
- sha256 = sums[version],
- build_file = "@//third_party/xfsprogs:xfsprogs.bzl",
- strip_prefix = "xfsprogs-dev-" + version,
- urls = ["https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/snapshot/xfsprogs-dev-%s.tar.gz" % version],
- )