Improve examples/ subfolder with cross-compilation and more docs

examples/README.md

@@ -7,4 +7,33 @@ To see the overall plumbing to use the aws-nitro-util flake, see [flake.nix](./f
 To see examples for specific EIFs, see the individual package definitions:
 
 - Booting an enclave with a shell script only: [`withShellScript.nix`](./withShellScript.nix)
-- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix)
+- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix)
+
+## Building the examples
+
+**To show what examples can be built**
+
+```bash
+nix flake show
+```
+
+**To compile `shellScriptEif` for your current architecture:**
+```bash
+nix build .#shellScriptEif
+```
+Note this will produce an `aarch64-linux` EIF if you are running it in an ARM Mac.
+
+Assuming you have a linux [remote builder](https://nix.dev/manual/nix/2.18/advanced-topics/distributed-builds) available,
+**to compile EIFs natively for `x86_64-linux` on an ARM Mac:**
+
+```bash
+nix build .#packages.x86_64-linux.shellScriptEif
+```
+
+If you do not have remote builders, you can always try to cross-compile. Keep in mind this requires all dependencies
+of your EIF to be cross-compiled too (which is tricky for bash scripts). **To cross-compile an EIF from your local system
+to `x86_64-linux`:**
+
+```bash
+nix build .#x86_64-linux-shellScriptEif
+```

examples/flake.nix

@@ -2,7 +2,7 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
-    nitro-util.url = "path:../";
+    nitro-util.url = "github:monzo/aws-nitro-util";
     nitro-util.inputs.nixpkgs.follows = "nixpkgs";
 
     flake-utils.url = "github:numtide/flake-utils";
@@ -14,7 +14,7 @@
     in
     {
       packages = {
-
+        # the EIFs below will be for your machine's architecture
         shellScriptEif = pkgs.callPackage ./withShellScript.nix {
           inherit nitro;
         };
@@ -28,6 +28,25 @@
           inherit nitro;
         };
 
+        # the EIFs below will be for the architecture in the package name,
+        # even if you build from a different machine
+        x86_64-linux-crossCompiledEif =
+          let
+            crossArch = "x86_64";
+            crossPkgs = import nixpkgs { inherit system; crossSystem = "${crossArch}-linux"; };
+          in
+          crossPkgs.callPackage ./withCrossCompilation.nix {
+            inherit crossArch nitro;
+          };
+
+        aarch64-linux-crossCompiledEif =
+          let
+            crossArch = "aarch64";
+            crossPkgs = import nixpkgs { inherit system; crossSystem = "${crossArch}-linux"; };
+          in
+          crossPkgs.callPackage ./withCrossCompilation.nix {
+            inherit crossArch nitro;
+          };
       };
     }));
 }

examples/withCrossCompilation.nix

@@ -0,0 +1,28 @@
+{ buildEnv
+, hello
+, nitro # when you call this function pass `nitro-util.lib.${system}` here
+, crossArch
+}:
+nitro.buildEif {
+  arch = crossArch;
+  kernel = nitro.blobs.${crossArch}.kernel;
+  kernelConfig = nitro.blobs.${crossArch}.kernelConfig;
+
+  name = "eif-hello-world";
+
+  nsmKo = nitro.blobs.${crossArch}.nsmKo;
+
+  copyToRoot = buildEnv {
+    name = "image-root";
+    # the image passed here must be a Nix derivation that can be cross-compiled
+    # we did not use a shell script here because that is hard for GNU coreutils
+    paths = [ hello ];
+    pathsToLink = [ "/bin" ];
+  };
+
+  entrypoint = ''
+    /bin/hello
+  '';
+
+  env = "";
+}

examples/withShellScript.nix

@@ -6,8 +6,6 @@
 }:
 let
   myScript = writeShellScriptBin "hello" ''
-    # note busybox can be used for building EIFs but only on Linux
-    # so remove this line if you are building an EIF on MacOS
     export PATH="$PATH:${busybox}/bin"
 
     while true;