From 2a98cf780ab549bbb5ef0e9908d39b8bbbd6be15 Mon Sep 17 00:00:00 2001
From: Cottand <45274424+Cottand@users.noreply.github.com>
Date: Fri, 30 Aug 2024 11:56:50 +0100
Subject: [PATCH] Improve examples/ subfolder with cross-compilation and more
 docs

---
 examples/README.md                | 31 ++++++++++++++++++++++++++++++-
 examples/flake.lock               | 15 +++++++++------
 examples/flake.nix                | 23 +++++++++++++++++++++--
 examples/withCrossCompilation.nix | 28 ++++++++++++++++++++++++++++
 examples/withShellScript.nix      |  2 --
 5 files changed, 88 insertions(+), 11 deletions(-)
 create mode 100644 examples/withCrossCompilation.nix

diff --git a/examples/README.md b/examples/README.md
index 0f23c94..b90ba41 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -7,4 +7,33 @@ To see the overall plumbing to use the aws-nitro-util flake, see [flake.nix](./f
 To see examples for specific EIFs, see the individual package definitions:
 
 - Booting an enclave with a shell script only: [`withShellScript.nix`](./withShellScript.nix)
-- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix)
\ No newline at end of file
+- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix)
+
+## Building the examples
+
+**To show what examples can be built**
+
+```bash
+nix flake show
+```
+
+**To compile `shellScriptEif` for your current architecture:**
+```bash
+nix build .#shellScriptEif
+```
+Note this will produce an `aarch64-linux` EIF if you are running it in an ARM Mac.
+
+Assuming you have a linux [remote builder](https://nix.dev/manual/nix/2.18/advanced-topics/distributed-builds) available,
+**to compile EIFs natively for `x86_64-linux` on an ARM Mac:**
+
+```bash
+nix build .#packages.x86_64-linux.shellScriptEif
+```
+
+If you do not have remote builders, you can always try to cross-compile. Keep in mind this requires all dependencies
+of your EIF to be cross-compiled too (which is tricky for bash scripts). **To cross-compile an EIF from your local system
+to `x86_64-linux`:**
+
+```bash
+nix build .#x86_64-linux-shellScriptEif
+```
diff --git a/examples/flake.lock b/examples/flake.lock
index 6aa915c..fd5a595 100644
--- a/examples/flake.lock
+++ b/examples/flake.lock
@@ -44,14 +44,17 @@
         ]
       },
       "locked": {
-        "lastModified": 0,
-        "narHash": "sha256-9ui9jwz/cjxkvl38/dacy0tM6WZohx7kh3rIXtbG7eA=",
-        "path": "../",
-        "type": "path"
+        "lastModified": 1724920755,
+        "narHash": "sha256-TbHvAat+18FRbbz02of5MBeldPm1MN5B0iapR3T52VA=",
+        "owner": "monzo",
+        "repo": "aws-nitro-util",
+        "rev": "e0ef65c961b853a44bb47cbf06126a4acce29ae7",
+        "type": "github"
       },
       "original": {
-        "path": "../",
-        "type": "path"
+        "owner": "monzo",
+        "repo": "aws-nitro-util",
+        "type": "github"
       }
     },
     "nixpkgs": {
diff --git a/examples/flake.nix b/examples/flake.nix
index 0eea73a..77f2250 100644
--- a/examples/flake.nix
+++ b/examples/flake.nix
@@ -2,7 +2,7 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
-    nitro-util.url = "path:../";
+    nitro-util.url = "github:monzo/aws-nitro-util";
     nitro-util.inputs.nixpkgs.follows = "nixpkgs";
 
     flake-utils.url = "github:numtide/flake-utils";
@@ -14,7 +14,7 @@
     in
     {
       packages = {
-
+        # the EIFs below will be for your machine's architecture
         shellScriptEif = pkgs.callPackage ./withShellScript.nix {
           inherit nitro;
         };
@@ -28,6 +28,25 @@
           inherit nitro;
         };
 
+        # the EIFs below will be for the architecture in the package name,
+        # even if you build from a different machine
+        x86_64-linux-crossCompiledEif =
+          let
+            crossArch = "x86_64";
+            crossPkgs = import nixpkgs { inherit system; crossSystem = "${crossArch}-linux"; };
+          in
+          crossPkgs.callPackage ./withCrossCompilation.nix {
+            inherit crossArch nitro;
+          };
+
+        aarch64-linux-crossCompiledEif =
+          let
+            crossArch = "aarch64";
+            crossPkgs = import nixpkgs { inherit system; crossSystem = "${crossArch}-linux"; };
+          in
+          crossPkgs.callPackage ./withCrossCompilation.nix {
+            inherit crossArch nitro;
+          };
       };
     }));
 }
diff --git a/examples/withCrossCompilation.nix b/examples/withCrossCompilation.nix
new file mode 100644
index 0000000..8d0abd4
--- /dev/null
+++ b/examples/withCrossCompilation.nix
@@ -0,0 +1,28 @@
+{ buildEnv
+, hello
+, nitro # when you call this function pass `nitro-util.lib.${system}` here
+, crossArch
+}:
+nitro.buildEif {
+  arch = crossArch;
+  kernel = nitro.blobs.${crossArch}.kernel;
+  kernelConfig = nitro.blobs.${crossArch}.kernelConfig;
+
+  name = "eif-hello-world";
+
+  nsmKo = nitro.blobs.${crossArch}.nsmKo;
+
+  copyToRoot = buildEnv {
+    name = "image-root";
+    # the image passed here must be a Nix derivation that can be cross-compiled
+    # we did not use a shell script here because that is hard for GNU coreutils
+    paths = [ hello ];
+    pathsToLink = [ "/bin" ];
+  };
+
+  entrypoint = ''
+    /bin/hello
+  '';
+
+  env = "";
+}
diff --git a/examples/withShellScript.nix b/examples/withShellScript.nix
index ee7f4bf..c40b99e 100644
--- a/examples/withShellScript.nix
+++ b/examples/withShellScript.nix
@@ -6,8 +6,6 @@
 }:
 let
   myScript = writeShellScriptBin "hello" ''
-    # note busybox can be used for building EIFs but only on Linux
-    # so remove this line if you are building an EIF on MacOS
     export PATH="$PATH:${busybox}/bin"
 
     while true;