From c790cc376718ba0b9704b3226d2c9be646f48b72 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 04:11:56 +0000 Subject: [PATCH 01/31] simple nix flake --- nix/flake.nix | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 nix/flake.nix diff --git a/nix/flake.nix b/nix/flake.nix new file mode 100644 index 0000000000..76a70f122c --- /dev/null +++ b/nix/flake.nix @@ -0,0 +1,51 @@ +{ + description = "e3-cli"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + }: + flake-utils.lib.eachDefaultSystem ( + system: let + pkgs = nixpkgs.legacyPackages.${system}; + + e3-cli = pkgs.rustPlatform.buildRustPackage { + pname = "e3-cli"; + version = (builtins.fromTOML (builtins.readFile (self + "/crates/cli/Cargo.toml"))).package.version; + + src = self; + + cargoLock.lockFile = self + "/Cargo.lock"; + + buildAndTestSubdir = "crates/cli"; + + nativeBuildInputs = [ + pkgs.pkg-config + ]; + + buildInputs = + [ + pkgs.openssl + ] + ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ + pkgs.darwin.apple_sdk.frameworks.Security + pkgs.darwin.apple_sdk.frameworks.SystemConfiguration + ]; + + meta = { + description = "e3 CLI"; + license = pkgs.lib.licenses.mit; + }; + }; + in { + packages.default = e3-cli; + packages.e3-cli = e3-cli; + } + ); +} From 29469215f8544b3deeefe9487b481007523796f1 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 04:21:14 +0000 Subject: [PATCH 02/31] relocate flake --- nix/flake.nix => flake.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) rename nix/flake.nix => flake.nix (84%) diff --git a/nix/flake.nix b/flake.nix similarity index 84% rename from nix/flake.nix rename to flake.nix index 76a70f122c..be63b23c8b 100644 --- a/nix/flake.nix +++ b/flake.nix @@ -1,3 +1,4 @@ +# /flake.nix { description = "e3-cli"; @@ -17,11 +18,11 @@ e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; - version = (builtins.fromTOML (builtins.readFile (self + "/crates/cli/Cargo.toml"))).package.version; + version = (builtins.fromTOML (builtins.readFile ./crates/cli/Cargo.toml)).package.version; - src = self; + src = ./.; - cargoLock.lockFile = self + "/Cargo.lock"; + cargoLock.lockFile = ./Cargo.lock; buildAndTestSubdir = "crates/cli"; From e8fd7720bda6d8107fa2aea379978754e54512f9 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 04:26:52 +0000 Subject: [PATCH 03/31] use version from workspace --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index be63b23c8b..786fbf413c 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; - version = (builtins.fromTOML (builtins.readFile ./crates/cli/Cargo.toml)).package.version; + version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; src = ./.; From 4766bc22e1625e4ad667e53b6017a841abd35d66 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 06:25:26 +0000 Subject: [PATCH 04/31] flake compiles --- flake.lock | 61 ++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 122 insertions(+), 10 deletions(-) create mode 100644 flake.lock diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000000..c993e94b50 --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1772542754, + "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 786fbf413c..7ab4570c83 100644 --- a/flake.nix +++ b/flake.nix @@ -1,35 +1,87 @@ -# /flake.nix { description = "e3-cli"; - inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { - self, nixpkgs, flake-utils, + self, }: flake-utils.lib.eachDefaultSystem ( system: let pkgs = nixpkgs.legacyPackages.${system}; + noirSrc = pkgs.fetchFromGitHub { + owner = "noir-lang"; + repo = "noir"; + rev = "v1.0.0-beta.16"; + hash = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + }; + e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; - src = ./.; + GIT_COMMIT = "unknown"; + GIT_DIRTY = "false"; + preBuild = '' + # noirc_driver needs the real noir_stdlib + for d in $(find /build -type d -name 'noirc_driver*'); do + if [ -d "$d/src" ]; then + cp -r ${noirSrc}/noir_stdlib "$d/../../noir_stdlib" + fi + done - cargoLock.lockFile = ./Cargo.lock; - + # build scripts need a git repo + export HOME=$(mktemp -d) + git config --global user.email "nix@nix" + git config --global user.name "nix" + git init + git add -A + git commit -m "nix build" --allow-empty + ''; + cargoLock = { + lockFile = ./Cargo.lock; + outputHashes = { + "acir-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "acir_field-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "acvm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "acvm_blackbox_solver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "bn254_blackbox_solver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "brillig-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "brillig_vm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "fhe-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; + "fhe-math-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; + "fhe-traits-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; + "fhe-util-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; + "fm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "iter-extended-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "nargo-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noir_greybox_fuzzer-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noir_protobuf-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_abi-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_arena-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_artifacts-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_driver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_errors-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_evaluator-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_frontend-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_printable_type-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "noirc_span-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + "vfs-0.12.1" = "sha256-+d8RFk7UgOXDCE/LizCTV+UX/Xm/1mYWrR7W0l6mAl8="; + }; + }; buildAndTestSubdir = "crates/cli"; - nativeBuildInputs = [ pkgs.pkg-config + pkgs.git + pkgs.pnpm + pkgs.nodejs + pkgs.jq + pkgs.solc ]; - buildInputs = [ pkgs.openssl @@ -38,7 +90,6 @@ pkgs.darwin.apple_sdk.frameworks.Security pkgs.darwin.apple_sdk.frameworks.SystemConfiguration ]; - meta = { description = "e3 CLI"; license = pkgs.lib.licenses.mit; From c9c7d35074b16dca7258efb6a5c31b1ba4318eff Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 06:59:03 +0000 Subject: [PATCH 05/31] remove openssl as it gets built in --- flake.nix | 259 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 172 insertions(+), 87 deletions(-) diff --git a/flake.nix b/flake.nix index 7ab4570c83..153b6fae0a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,103 +1,188 @@ { - description = "e3-cli"; + description = "Enclave"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; }; outputs = { + self, nixpkgs, flake-utils, - self, - }: - flake-utils.lib.eachDefaultSystem ( - system: let - pkgs = nixpkgs.legacyPackages.${system}; + }: let + depLock = builtins.fromJSON (builtins.readFile ./versions/dep.lock.json); + bbVersions = builtins.fromJSON (builtins.readFile ./versions/bb.versions.json); - noirSrc = pkgs.fetchFromGitHub { - owner = "noir-lang"; - repo = "noir"; - rev = "v1.0.0-beta.16"; - hash = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - }; + noirHash = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; + fheHash = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; + vfsHash = "sha256-+d8RFk7UgOXDCE/LizCTV+UX/Xm/1mYWrR7W0l6mAl8="; + in + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; - e3-cli = pkgs.rustPlatform.buildRustPackage { - pname = "e3-cli"; - version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; - src = ./.; - GIT_COMMIT = "unknown"; - GIT_DIRTY = "false"; - preBuild = '' - # noirc_driver needs the real noir_stdlib - for d in $(find /build -type d -name 'noirc_driver*'); do - if [ -d "$d/src" ]; then - cp -r ${noirSrc}/noir_stdlib "$d/../../noir_stdlib" - fi - done + noirSrc = pkgs.fetchFromGitHub { + owner = "noir-lang"; + repo = "noir"; + rev = "v1.0.0-beta.16"; + hash = noirHash; + }; - # build scripts need a git repo - export HOME=$(mktemp -d) - git config --global user.email "nix@nix" - git config --global user.name "nix" - git init - git add -A - git commit -m "nix build" --allow-empty - ''; - cargoLock = { - lockFile = ./Cargo.lock; - outputHashes = { - "acir-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "acir_field-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "acvm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "acvm_blackbox_solver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "bn254_blackbox_solver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "brillig-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "brillig_vm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "fhe-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; - "fhe-math-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; - "fhe-traits-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; - "fhe-util-0.1.0-beta.7" = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; - "fm-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "iter-extended-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "nargo-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noir_greybox_fuzzer-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noir_protobuf-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_abi-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_arena-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_artifacts-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_driver-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_errors-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_evaluator-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_frontend-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_printable_type-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "noirc_span-1.0.0-beta.16" = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; - "vfs-0.12.1" = "sha256-+d8RFk7UgOXDCE/LizCTV+UX/Xm/1mYWrR7W0l6mAl8="; - }; + mkBB = {version}: let + hashes = bbVersions.${version} or (throw "Unknown bb version ${version}. Available: ${builtins.concatStringsSep ", " (builtins.attrNames bbVersions)}"); + bbPlatform = + if pkgs.stdenv.isLinux + then + if pkgs.stdenv.isAarch64 + then "arm64-linux" + else "amd64-linux" + else if pkgs.stdenv.isDarwin + then + if pkgs.stdenv.isAarch64 + then "arm64-darwin" + else "amd64-darwin" + else throw "Unsupported platform"; + bb = pkgs.stdenv.mkDerivation { + pname = "barretenberg"; + inherit version; + src = pkgs.fetchurl { + url = "https://github.com/AztecProtocol/aztec-packages/releases/download/v${version}/barretenberg-${bbPlatform}.tar.gz"; + sha256 = hashes.${bbPlatform} or (throw "No hash for ${bbPlatform} in version ${version}"); }; - buildAndTestSubdir = "crates/cli"; - nativeBuildInputs = [ - pkgs.pkg-config - pkgs.git - pkgs.pnpm - pkgs.nodejs - pkgs.jq - pkgs.solc - ]; - buildInputs = - [ - pkgs.openssl - ] - ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ - pkgs.darwin.apple_sdk.frameworks.Security - pkgs.darwin.apple_sdk.frameworks.SystemConfiguration - ]; + nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.autoPatchelfHook]; + buildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.stdenv.cc.cc.lib]; + sourceRoot = "."; + installPhase = '' + mkdir -p $out/bin + install -D -m755 bb $out/bin/bb + ''; meta = { - description = "e3 CLI"; - license = pkgs.lib.licenses.mit; + description = "Barretenberg proving system"; + homepage = "https://github.com/AztecProtocol/aztec-packages"; }; }; - in { - packages.default = e3-cli; - packages.e3-cli = e3-cli; - } - ); + in + if pkgs.stdenv.isLinux + then + pkgs.buildFHSEnv { + name = "bb"; + targetPkgs = p: [bb p.stdenv.cc.cc.lib]; + runScript = "${bb}/bin/bb"; + } + else bb; + + e3-cli = pkgs.rustPlatform.buildRustPackage { + pname = "e3-cli"; + version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; + src = ./.; + GIT_COMMIT = "unknown"; + GIT_DIRTY = "false"; + preBuild = '' + for d in $(find /build -type d -name 'noirc_driver*'); do + if [ -d "$d/src" ]; then + cp -r ${noirSrc}/noir_stdlib "$d/../../noir_stdlib" + fi + done + + export HOME=$(mktemp -d) + git config --global user.email "nix@nix" + git config --global user.name "nix" + git init + git add -A + git commit -m "nix build" --allow-empty + ''; + cargoLock = { + lockFile = ./Cargo.lock; + outputHashes = builtins.listToAttrs ( + map (name: { + inherit name; + value = noirHash; + }) [ + "acir-1.0.0-beta.16" + "acir_field-1.0.0-beta.16" + "acvm-1.0.0-beta.16" + "acvm_blackbox_solver-1.0.0-beta.16" + "bn254_blackbox_solver-1.0.0-beta.16" + "brillig-1.0.0-beta.16" + "brillig_vm-1.0.0-beta.16" + "fm-1.0.0-beta.16" + "iter-extended-1.0.0-beta.16" + "nargo-1.0.0-beta.16" + "noir_greybox_fuzzer-1.0.0-beta.16" + "noir_protobuf-1.0.0-beta.16" + "noirc_abi-1.0.0-beta.16" + "noirc_arena-1.0.0-beta.16" + "noirc_artifacts-1.0.0-beta.16" + "noirc_driver-1.0.0-beta.16" + "noirc_errors-1.0.0-beta.16" + "noirc_evaluator-1.0.0-beta.16" + "noirc_frontend-1.0.0-beta.16" + "noirc_printable_type-1.0.0-beta.16" + "noirc_span-1.0.0-beta.16" + ] + ++ map (name: { + inherit name; + value = fheHash; + }) [ + "fhe-0.1.0-beta.7" + "fhe-math-0.1.0-beta.7" + "fhe-traits-0.1.0-beta.7" + "fhe-util-0.1.0-beta.7" + ] + ++ map (name: { + inherit name; + value = vfsHash; + }) [ + "vfs-0.12.1" + ] + ); + }; + buildAndTestSubdir = "crates/cli"; + nativeBuildInputs = [ + pkgs.pkg-config + pkgs.git + pkgs.pnpm + pkgs.nodejs + pkgs.jq + pkgs.solc + ]; + buildInputs = + [ + pkgs.openssl + ] + ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ + pkgs.darwin.apple_sdk.frameworks.Security + pkgs.darwin.apple_sdk.frameworks.SystemConfiguration + ]; + meta = { + description = "e3 CLI"; + license = pkgs.lib.licenses.mit; + }; + }; + + mkE3Shell = {version}: let + deps = depLock.${version} or (throw "Unknown e3 version ${version}. Available: ${builtins.concatStringsSep ", " (builtins.attrNames depLock)}"); + bb = mkBB {version = deps.bb;}; + in + pkgs.mkShell { + packages = [ + e3-cli + bb + ]; + shellHook = '' + export E3_CUSTOM_BB="${bb}/bin/bb" + ''; + }; + in { + packages.default = e3-cli; + packages.e3-cli = e3-cli; + + lib = {inherit mkBB mkE3Shell;}; + + devShells.default = mkE3Shell {version = "0.1.14";}; + }) + // { + templates.default = { + path = ./template; + description = "New project using e3 tools"; + }; + }; } From d24f2d30a512f9865e9c42e113e29412395b32a9 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 07:29:50 +0000 Subject: [PATCH 06/31] get git rev working correctly --- crates/cli/build.rs | 26 +++++----- flake.nix | 113 ++++++++++++++++++++++---------------------- result | 1 + 3 files changed, 71 insertions(+), 69 deletions(-) create mode 120000 result diff --git a/crates/cli/build.rs b/crates/cli/build.rs index fc319d9aa5..ff97c3133e 100644 --- a/crates/cli/build.rs +++ b/crates/cli/build.rs @@ -7,19 +7,19 @@ use std::process::Command; fn main() { - // Try to get local git SHA first - let output = Command::new("git") - .args(&["rev-parse", "--short=9", "HEAD"]) - .output(); - - let git_sha = match output { - Ok(output) if output.status.success() => String::from_utf8(output.stdout) - .unwrap_or_else(|_| "unknown".to_string()) - .trim() - .to_string(), - _ => { - // Fallback to remote commit hash - get_remote_commit_hash().unwrap_or_else(|| "unknown".to_string()) + let git_sha = if let Ok(sha) = std::env::var("GIT_SHA") { + sha + } else { + // Try to get local git SHA first + let output = Command::new("git") + .args(&["rev-parse", "--short=9", "HEAD"]) + .output(); + match output { + Ok(output) if output.status.success() => String::from_utf8(output.stdout) + .unwrap_or_else(|_| "unknown".to_string()) + .trim() + .to_string(), + _ => get_remote_commit_hash().unwrap_or_else(|| "unknown".to_string()), } }; diff --git a/flake.nix b/flake.nix index 153b6fae0a..4480d0ca95 100644 --- a/flake.nix +++ b/flake.nix @@ -9,12 +9,19 @@ nixpkgs, flake-utils, }: let - depLock = builtins.fromJSON (builtins.readFile ./versions/dep.lock.json); - bbVersions = builtins.fromJSON (builtins.readFile ./versions/bb.versions.json); - + # define the version hashes. everytime we change dependencies these need to change noirHash = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; fheHash = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; vfsHash = "sha256-+d8RFk7UgOXDCE/LizCTV+UX/Xm/1mYWrR7W0l6mAl8="; + + # bb version hashes + bbVersion = "3.0.0-nightly.20251104"; + bbHashes = { + "amd64-linux" = "sha256-l0ABPRqg6xsLstcUhMiz3rxQUKQJvV8S+EVPv8fLVBk="; + "arm64-linux" = "sha256-rmv4UYmYUjtOE1zWOPMFqAL1Lo36XqmxwhDefQTFU0M="; + "amd64-darwin" = "sha256-eHRJTdEjhlWZOkS4XZTp3MNYnSmYDv+LA6fxZ6RcMuQ="; + "arm64-darwin" = "sha256-bTU8BdvsxXPRsMqZLIsiLbjoc4U7eRC3kpFWKTR/Z4k="; + }; in flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; @@ -26,53 +33,54 @@ hash = noirHash; }; - mkBB = {version}: let - hashes = bbVersions.${version} or (throw "Unknown bb version ${version}. Available: ${builtins.concatStringsSep ", " (builtins.attrNames bbVersions)}"); - bbPlatform = - if pkgs.stdenv.isLinux - then - if pkgs.stdenv.isAarch64 - then "arm64-linux" - else "amd64-linux" - else if pkgs.stdenv.isDarwin - then - if pkgs.stdenv.isAarch64 - then "arm64-darwin" - else "amd64-darwin" - else throw "Unsupported platform"; - bb = pkgs.stdenv.mkDerivation { - pname = "barretenberg"; - inherit version; - src = pkgs.fetchurl { - url = "https://github.com/AztecProtocol/aztec-packages/releases/download/v${version}/barretenberg-${bbPlatform}.tar.gz"; - sha256 = hashes.${bbPlatform} or (throw "No hash for ${bbPlatform} in version ${version}"); - }; - nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.autoPatchelfHook]; - buildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.stdenv.cc.cc.lib]; - sourceRoot = "."; - installPhase = '' - mkdir -p $out/bin - install -D -m755 bb $out/bin/bb - ''; - meta = { - description = "Barretenberg proving system"; - homepage = "https://github.com/AztecProtocol/aztec-packages"; - }; + bbPlatform = + if pkgs.stdenv.isLinux + then + if pkgs.stdenv.isAarch64 + then "arm64-linux" + else "amd64-linux" + else if pkgs.stdenv.isDarwin + then + if pkgs.stdenv.isAarch64 + then "arm64-darwin" + else "amd64-darwin" + else throw "Unsupported platform"; + + bbBin = pkgs.stdenv.mkDerivation { + pname = "barretenberg"; + version = bbVersion; + src = pkgs.fetchurl { + url = "https://github.com/AztecProtocol/aztec-packages/releases/download/v${bbVersion}/barretenberg-${bbPlatform}.tar.gz"; + sha256 = bbHashes.${bbPlatform}; + }; + nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.autoPatchelfHook]; + buildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.stdenv.cc.cc.lib]; + sourceRoot = "."; + installPhase = '' + mkdir -p $out/bin + install -D -m755 bb $out/bin/bb + ''; + meta = { + description = "Barretenberg proving system"; + homepage = "https://github.com/AztecProtocol/aztec-packages"; }; - in + }; + + bb = if pkgs.stdenv.isLinux then pkgs.buildFHSEnv { name = "bb"; - targetPkgs = p: [bb p.stdenv.cc.cc.lib]; - runScript = "${bb}/bin/bb"; + targetPkgs = p: [bbBin p.stdenv.cc.cc.lib]; + runScript = "${bbBin}/bin/bb"; } - else bb; + else bbBin; e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; src = ./.; + GIT_SHA = self.rev or self.dirtyRev or "unknown"; GIT_COMMIT = "unknown"; GIT_DIRTY = "false"; preBuild = '' @@ -157,27 +165,20 @@ license = pkgs.lib.licenses.mit; }; }; - - mkE3Shell = {version}: let - deps = depLock.${version} or (throw "Unknown e3 version ${version}. Available: ${builtins.concatStringsSep ", " (builtins.attrNames depLock)}"); - bb = mkBB {version = deps.bb;}; - in - pkgs.mkShell { - packages = [ - e3-cli - bb - ]; - shellHook = '' - export E3_CUSTOM_BB="${bb}/bin/bb" - ''; - }; in { packages.default = e3-cli; packages.e3-cli = e3-cli; + packages.bb = bb; - lib = {inherit mkBB mkE3Shell;}; - - devShells.default = mkE3Shell {version = "0.1.14";}; + devShells.default = pkgs.mkShell { + packages = [ + e3-cli + bb + ]; + shellHook = '' + export E3_CUSTOM_BB="${bb}/bin/bb" + ''; + }; }) // { templates.default = { diff --git a/result b/result new file mode 120000 index 0000000000..61d760b6e7 --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/hw16ymwwipnyndz82kf9vf6myj1n9c0j-e3-cli-0.1.15 \ No newline at end of file From b2329bf7df943c09360d13a1ac0584e1ca355c54 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 07:39:14 +0000 Subject: [PATCH 07/31] add wrapped bb because c++ --- flake.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 4480d0ca95..6489106256 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,10 @@ } else bbBin; + wrapped-bb = pkgs.writeShellScriptBin "bb" '' + exec ${pkgs.steam-run}/bin/steam-run ${bb}/bin/bb "$@" + ''; + e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; @@ -168,7 +172,7 @@ in { packages.default = e3-cli; packages.e3-cli = e3-cli; - packages.bb = bb; + packages.bb = wrapped-bb; devShells.default = pkgs.mkShell { packages = [ From e6d684f20f5311d1010a5d1f1b6b5d6d3fe79860 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 07:42:02 +0000 Subject: [PATCH 08/31] update bad refs --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 6489106256..00ec6d0b56 100644 --- a/flake.nix +++ b/flake.nix @@ -177,10 +177,10 @@ devShells.default = pkgs.mkShell { packages = [ e3-cli - bb + wrapped-bb ]; shellHook = '' - export E3_CUSTOM_BB="${bb}/bin/bb" + export E3_CUSTOM_BB="${wrapped-bb}/bin/bb" ''; }; }) From 0ba1906ecb04b356d2f00eab6cc200106ba62e83 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 07:45:04 +0000 Subject: [PATCH 09/31] allow unfree so that steam run works --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 00ec6d0b56..0ef1d442f1 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,10 @@ }; in flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; noirSrc = pkgs.fetchFromGitHub { owner = "noir-lang"; From 79dc3106670a4ec47fe68d98c181dd83e3c28e6d Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 08:07:24 +0000 Subject: [PATCH 10/31] remove result --- result | 1 - 1 file changed, 1 deletion(-) delete mode 120000 result diff --git a/result b/result deleted file mode 120000 index 61d760b6e7..0000000000 --- a/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/hw16ymwwipnyndz82kf9vf6myj1n9c0j-e3-cli-0.1.15 \ No newline at end of file From 69355ff032a00bbb3a2b4cc8047709b5cf02d040 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 08:30:59 +0000 Subject: [PATCH 11/31] automate nix build --- .github/workflows/releases.yml | 16 +++++++++++++++- scripts/nix-versions.sh | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100755 scripts/nix-versions.sh diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index b281d87dec..ef8a6a4c93 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -138,6 +138,19 @@ jobs: cache-to: | type=gha,mode=max,scope=e3-support + build-nix-flake: + name: Build Nix Flake + runs-on: ubuntu-latest + needs: validate-and-prepare + steps: + - uses: actions/checkout@v6 + - uses: cachix/install-nix-action@v30 + with: + extra_nix_config: | + experimental-features = nix-command flakes + - run: bash ./scripts/nix-versions.sh # display bad versions when deps change + - run: nix build .#e3-cli # build the nix flake + build-binaries: name: Build Binaries (${{ matrix.os_name }}-${{ matrix.arch }}) runs-on: ${{ matrix.os }} @@ -371,8 +384,9 @@ jobs: publish-rust-crates, publish-npm-packages, download-circuits, + build-nix-flake, ] - if: always() && needs.validate-and-prepare.result == 'success' && needs.build-binaries.result == 'success' + if: always() && needs.validate-and-prepare.result == 'success' && needs.build-binaries.result == 'success' && needs.build-nix-flake.result == 'success' steps: - name: Checkout uses: actions/checkout@v6 diff --git a/scripts/nix-versions.sh b/scripts/nix-versions.sh new file mode 100755 index 0000000000..c9a28935d7 --- /dev/null +++ b/scripts/nix-versions.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -euo pipefail + +val() { grep "$1 = " flake.nix | head -1 | sed 's/.*"\(.*\)".*/\1/'; } + +NOIR_REV=$(grep 'rev = ' flake.nix | head -1 | sed 's/.*"\(.*\)".*/\1/') +BB_VER=$(val bbVersion) +FAIL=0 + +check() { + local name="$1" url="$2" expected="$3" unpack="${4:-}" + printf "%-35s" "$name" + got=$(nix hash convert --to sri --hash-algo sha256 "$(nix-prefetch-url $unpack --type sha256 "$url" 2>/dev/null)") + if [[ "$got" == "$expected" ]]; then echo "$name is correct ✅" + else echo "❌ expected $expected got $got"; FAIL=1; fi +} + +check "noir" \ + "https://github.com/noir-lang/noir/archive/${NOIR_REV}.tar.gz" \ + "$(val noirHash)" --unpack + +for p in amd64-linux arm64-linux amd64-darwin arm64-darwin; do + check "bb-${p}" \ + "https://github.com/AztecProtocol/aztec-packages/releases/download/v${BB_VER}/barretenberg-${p}.tar.gz" \ + "$(grep "\"${p}\" = " flake.nix | sed 's/.*"\(sha256-[^"]*\)".*/\1/')" +done + +exit $FAIL From 4a5c15b90c764e4ba6dd689ae0561697ec330a1a Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 08:46:44 +0000 Subject: [PATCH 12/31] update docs --- docs/pages/installation.mdx | 54 +++++++++++++++++++++++++++++++++++++ flake.nix | 2 +- 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index 312e2a1f91..86c58efd1d 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -47,6 +47,60 @@ enclaveup install --system Running `enclaveup install` will install the latest version of the Enclave CLI. See `enclaveup --help` for more options. + +## Install with Nix + +If you use [Nix](https://nixos.org/) with flakes enabled, you can get a complete runtime environment with no additional dependencies — Nix handles everything including installing the `bb` backend. + +Run the CLI directly without installing it: + +```bash +nix run github:gnosisguild/enclave -- --help +``` + +This will build from source using the nix framework. + +To add Enclave to a project, create a `flake.nix` in your project root: + +```nix +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + enclave.url = "github:gnosisguild/enclave"; + }; + outputs = { + nixpkgs, + enclave, + ... + }: let + system = "x86_64-linux"; + e = enclave.packages.${system}; + in { + devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell { + packages = [e.default e.bb]; + shellHook = '' + export E3_CUSTOM_BB="${e.bb}/bin/bb" + ''; + }; + }; +} +``` + +Then enter the development shell: + +```bash +nix develop +``` + +Replace `x86_64-linux` with `aarch64-linux`, `x86_64-darwin`, or `aarch64-darwin` as appropriate for your platform. + +To check your installation: + +```bash +enclave --version +bb --version +``` + ## Manual Installation If you prefer to install manually: diff --git a/flake.nix b/flake.nix index 0ef1d442f1..450b6d498e 100644 --- a/flake.nix +++ b/flake.nix @@ -174,7 +174,7 @@ }; in { packages.default = e3-cli; - packages.e3-cli = e3-cli; + packages.cli = e3-cli; packages.bb = wrapped-bb; devShells.default = pkgs.mkShell { From db00f300e02445e83aa098025efbea275e73a59f Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 08:54:19 +0000 Subject: [PATCH 13/31] update release script comments --- .github/workflows/releases.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index ef8a6a4c93..59437432ee 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -148,6 +148,10 @@ jobs: with: extra_nix_config: | experimental-features = nix-command flakes + # if the following fails it means some of our git dependencies or bb has updated + # to fix this basically what you need to do here is copy the actual hashes + # into the flake.nix where those hashes are expected. if you want to do this locally + # install the nix package manager and try running the scripts below. - run: bash ./scripts/nix-versions.sh # display bad versions when deps change - run: nix build .#e3-cli # build the nix flake From 96bb13f62c684fdc60f0a22a90425bdec53694be Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 08:58:51 +0000 Subject: [PATCH 14/31] add tag to docs --- docs/pages/installation.mdx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index 86c58efd1d..84a960882c 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -55,7 +55,7 @@ If you use [Nix](https://nixos.org/) with flakes enabled, you can get a complete Run the CLI directly without installing it: ```bash -nix run github:gnosisguild/enclave -- --help +nix run github:gnosisguild/enclave/v0.1.15 -- --help ``` This will build from source using the nix framework. @@ -66,18 +66,14 @@ To add Enclave to a project, create a `flake.nix` in your project root: { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - enclave.url = "github:gnosisguild/enclave"; + enclave.url = "github:gnosisguild/enclave/v0.1.15"; }; - outputs = { - nixpkgs, - enclave, - ... - }: let + outputs = { nixpkgs, enclave, ... }: let system = "x86_64-linux"; e = enclave.packages.${system}; in { devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell { - packages = [e.default e.bb]; + packages = [ e.default e.bb ]; shellHook = '' export E3_CUSTOM_BB="${e.bb}/bin/bb" ''; @@ -94,6 +90,8 @@ nix develop Replace `x86_64-linux` with `aarch64-linux`, `x86_64-darwin`, or `aarch64-darwin` as appropriate for your platform. +Replace `v0.1.15` with the desired [release tag](https://github.com/gnosisguild/enclave/releases). To update later, run `nix flake update enclave`. + To check your installation: ```bash From edbc4be43eaeb71a73d15f6e6272486b4c0985b8 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 5 Mar 2026 09:00:50 +0000 Subject: [PATCH 15/31] add information on commit hash --- docs/pages/installation.mdx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index 84a960882c..efc9927ddc 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -90,7 +90,13 @@ nix develop Replace `x86_64-linux` with `aarch64-linux`, `x86_64-darwin`, or `aarch64-darwin` as appropriate for your platform. -Replace `v0.1.15` with the desired [release tag](https://github.com/gnosisguild/enclave/releases). To update later, run `nix flake update enclave`. +Replace `v0.1.15` with the desired [release tag](https://github.com/gnosisguild/enclave/releases). You can also pin to a specific commit: + +```nix +enclave.url = "github:gnosisguild/enclave/a1b2c3d"; +``` + +To update later, run `nix flake update enclave`. To check your installation: From 2b255ca182c37e8b6ca3e514d7552a729aefd2c7 Mon Sep 17 00:00:00 2001 From: ryardley Date: Fri, 6 Mar 2026 05:33:59 +0000 Subject: [PATCH 16/31] fix up code rabbit --- .github/workflows/releases.yml | 2 +- crates/cli/build.rs | 2 ++ flake.nix | 10 +++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 59437432ee..e5809af98c 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -153,7 +153,7 @@ jobs: # into the flake.nix where those hashes are expected. if you want to do this locally # install the nix package manager and try running the scripts below. - run: bash ./scripts/nix-versions.sh # display bad versions when deps change - - run: nix build .#e3-cli # build the nix flake + - run: nix build .#cli # build the nix flake build-binaries: name: Build Binaries (${{ matrix.os_name }}-${{ matrix.arch }}) diff --git a/crates/cli/build.rs b/crates/cli/build.rs index ff97c3133e..23239d653c 100644 --- a/crates/cli/build.rs +++ b/crates/cli/build.rs @@ -25,6 +25,8 @@ fn main() { // Set environment variable for compilation println!("cargo:rustc-env=GIT_SHA={}", git_sha); + println!("cargo:rerun-if-env-changed=GIT_SHA"); + // Rebuild if git HEAD changes println!("cargo:rerun-if-changed=.git/HEAD"); } diff --git a/flake.nix b/flake.nix index 450b6d498e..905cc468c5 100644 --- a/flake.nix +++ b/flake.nix @@ -79,9 +79,13 @@ } else bbBin; - wrapped-bb = pkgs.writeShellScriptBin "bb" '' - exec ${pkgs.steam-run}/bin/steam-run ${bb}/bin/bb "$@" - ''; + wrapped-bb = + if pkgs.stdenv.isLinux + then + pkgs.writeShellScriptBin "bb" '' + exec ${pkgs.steam-run}/bin/steam-run ${bb}/bin/bb "$@" + '' + else bb; e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; From e00749d9435831576826749ac4b748095ae50148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=B3=CE=BB?= Date: Sun, 8 Mar 2026 08:23:41 +0000 Subject: [PATCH 17/31] Update flake.nix Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 905cc468c5..7681fe3929 100644 --- a/flake.nix +++ b/flake.nix @@ -173,7 +173,7 @@ ]; meta = { description = "e3 CLI"; - license = pkgs.lib.licenses.mit; + license = pkgs.lib.licenses.lgpl3Only; }; }; in { From 1487dd54b66de51ac4191fea7645ad08d8f6bb4d Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 08:28:03 +0000 Subject: [PATCH 18/31] remove template --- flake.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 7681fe3929..502b5c16c4 100644 --- a/flake.nix +++ b/flake.nix @@ -190,11 +190,5 @@ export E3_CUSTOM_BB="${wrapped-bb}/bin/bb" ''; }; - }) - // { - templates.default = { - path = ./template; - description = "New project using e3 tools"; - }; - }; + }); } From 86fb004f754d4e6c31068de6a4beb0891779df7d Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 08:28:47 +0000 Subject: [PATCH 19/31] update pnpm --- pnpm-lock.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0d7669afc7..412e3a8a9c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -709,7 +709,7 @@ importers: version: 5.3.0 '@risc0/ethereum': specifier: file:lib/risc0-ethereum - version: file:templates/default/lib/risc0-ethereum + version: risc0-ethereum@file:templates/default/lib/risc0-ethereum '@types/chai': specifier: ^4.2.0 version: 4.3.20 @@ -3065,9 +3065,6 @@ packages: '@reown/appkit@1.7.8': resolution: {integrity: sha512-51kTleozhA618T1UvMghkhKfaPcc9JlKwLJ5uV+riHyvSoWPKPRIa5A6M1Wano5puNyW0s3fwywhyqTHSilkaA==} - '@risc0/ethereum@file:templates/default/lib/risc0-ethereum': - resolution: {directory: templates/default/lib/risc0-ethereum, type: directory} - '@rolldown/pluginutils@1.0.0-beta.27': resolution: {integrity: sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==} @@ -8700,6 +8697,9 @@ packages: resolution: {integrity: sha512-5Di9UC0+8h1L6ZD2d7awM7E/T4uA1fJRlx6zk/NvdCCVEoAnFqvHmCuNeIKoCeIixBX/q8uM+6ycDvF8woqosA==} engines: {node: '>= 0.8'} + risc0-ethereum@file:templates/default/lib/risc0-ethereum: + resolution: {directory: templates/default/lib/risc0-ethereum, type: directory} + robust-predicates@3.0.2: resolution: {integrity: sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==} @@ -13124,8 +13124,6 @@ snapshots: - utf-8-validate - zod - '@risc0/ethereum@file:templates/default/lib/risc0-ethereum': {} - '@rolldown/pluginutils@1.0.0-beta.27': {} '@rollup/plugin-inject@5.0.5(rollup@4.52.5)': @@ -19917,7 +19915,7 @@ snapshots: '@noble/hashes': 1.8.0 '@scure/bip32': 1.7.0 '@scure/bip39': 1.6.0 - abitype: 1.1.1(typescript@5.8.3)(zod@3.25.76) + abitype: 1.1.1(typescript@5.8.3)(zod@3.22.4) eventemitter3: 5.0.1 optionalDependencies: typescript: 5.8.3 @@ -20765,6 +20763,8 @@ snapshots: hash-base: 3.1.2 inherits: 2.0.4 + risc0-ethereum@file:templates/default/lib/risc0-ethereum: {} + robust-predicates@3.0.2: {} rollup@4.52.5: @@ -21965,7 +21965,7 @@ snapshots: '@noble/hashes': 1.8.0 '@scure/bip32': 1.7.0 '@scure/bip39': 1.6.0 - abitype: 1.1.0(typescript@5.8.3)(zod@3.25.76) + abitype: 1.1.0(typescript@5.8.3)(zod@3.22.4) isows: 1.0.7(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10)) ox: 0.9.6(typescript@5.8.3) ws: 8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10) From e76e7e32edd9e0561ef84a6136f1a1f52f791780 Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 08:34:56 +0000 Subject: [PATCH 20/31] add check nix flake to CI to avoid commits not being installable --- .github/workflows/ci.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf67ce45ed..e8dbe4cdf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -963,3 +963,19 @@ jobs: auto_detect_branch_protection: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + check-nix-flake: + name: Build Nix Flake + runs-on: ubuntu-latest + needs: validate-and-prepare + steps: + - uses: actions/checkout@v6 + - uses: cachix/install-nix-action@v30 + with: + extra_nix_config: | + experimental-features = nix-command flakes + # if the following fails it means some of our git dependencies or bb has updated + # to fix this basically what you need to do here is copy the actual hashes + # into the flake.nix where those hashes are expected. if you want to do this locally + # install the nix package manager and try running the scripts below. + - run: bash ./scripts/nix-versions.sh # display bad versions when deps change From 37eac72280b7fbd69c53f1635446e80bf7f501b3 Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 08:41:11 +0000 Subject: [PATCH 21/31] fix bad actions command --- .github/workflows/ci.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8dbe4cdf9..e3a2ee8e25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -290,6 +290,21 @@ jobs: target/debug/pack_e3_params if-no-files-found: error + check-nix-flake: + name: Build Nix Flake + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: cachix/install-nix-action@v30 + with: + extra_nix_config: | + experimental-features = nix-command flakes + # if the following fails it means some of our git dependencies or bb has updated + # to fix this basically what you need to do here is copy the actual hashes + # into the flake.nix where those hashes are expected. if you want to do this locally + # install the nix package manager and try running the scripts below. + - run: bash ./scripts/nix-versions.sh # display bad versions when deps change + ciphernode_integration_test: needs: [integration_prebuild, build_enclave_cli, build_sdk] runs-on: @@ -963,19 +978,3 @@ jobs: auto_detect_branch_protection: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - check-nix-flake: - name: Build Nix Flake - runs-on: ubuntu-latest - needs: validate-and-prepare - steps: - - uses: actions/checkout@v6 - - uses: cachix/install-nix-action@v30 - with: - extra_nix_config: | - experimental-features = nix-command flakes - # if the following fails it means some of our git dependencies or bb has updated - # to fix this basically what you need to do here is copy the actual hashes - # into the flake.nix where those hashes are expected. if you want to do this locally - # install the nix package manager and try running the scripts below. - - run: bash ./scripts/nix-versions.sh # display bad versions when deps change From 68b180e6440d4ec58870a3ce66e4a64dea708c0c Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 08:45:36 +0000 Subject: [PATCH 22/31] update name --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3a2ee8e25..f4f54070be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -291,7 +291,6 @@ jobs: if-no-files-found: error check-nix-flake: - name: Build Nix Flake runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 From e14a1c876050c1890a1a4495063e641830e90763 Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 09:51:10 +0000 Subject: [PATCH 23/31] update docs to be more concice --- docs/pages/installation.mdx | 61 +++++++++---------------------------- 1 file changed, 14 insertions(+), 47 deletions(-) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index efc9927ddc..f263b4fc15 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -47,62 +47,29 @@ enclaveup install --system Running `enclaveup install` will install the latest version of the Enclave CLI. See `enclaveup --help` for more options. - ## Install with Nix -If you use [Nix](https://nixos.org/) with flakes enabled, you can get a complete runtime environment with no additional dependencies — Nix handles everything including installing the `bb` backend. - -Run the CLI directly without installing it: - -```bash -nix run github:gnosisguild/enclave/v0.1.15 -- --help -``` - -This will build from source using the nix framework. - -To add Enclave to a project, create a `flake.nix` in your project root: - -```nix -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - enclave.url = "github:gnosisguild/enclave/v0.1.15"; - }; - outputs = { nixpkgs, enclave, ... }: let - system = "x86_64-linux"; - e = enclave.packages.${system}; - in { - devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell { - packages = [ e.default e.bb ]; - shellHook = '' - export E3_CUSTOM_BB="${e.bb}/bin/bb" - ''; - }; - }; -} -``` +If you use [Nix](https://nixos.org/) with flakes enabled, you can get a complete runtime environment +with no additional dependencies — Nix handles everything including installing the `bb` backend. -Then enter the development shell: +Get a devshell directly without installing it: ```bash -nix develop -``` - -Replace `x86_64-linux` with `aarch64-linux`, `x86_64-darwin`, or `aarch64-darwin` as appropriate for your platform. - -Replace `v0.1.15` with the desired [release tag](https://github.com/gnosisguild/enclave/releases). You can also pin to a specific commit: - -```nix -enclave.url = "github:gnosisguild/enclave/a1b2c3d"; +nix develop github:gnosisguild/enclave/{branch,tag,commit} ``` -To update later, run `nix flake update enclave`. - -To check your installation: +This will build from source using the nix package manager and provide a runtime environemnt for +enclave. It might take some time but the result will be cached on your local nix store for future +execution. ```bash -enclave --version -bb --version +❯ nix develop github:gnosisguild/enclave/ry/v0.1.16 +❯ enclave --version +enclave 0.1.15 +❯ bb --version +3.0.0-nightly.20251104 +❯ echo $E3_CUSTOM_BB +/nix/store/6da5va1malbj4pjrzn5lan6n51m4hg9h-bb/bin/bb ``` ## Manual Installation From 4cb13f3acb7cc46ecbbfad16e8120c6eb74620cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=B3=CE=BB?= Date: Sun, 8 Mar 2026 09:52:59 +0000 Subject: [PATCH 24/31] Update installation.mdx --- docs/pages/installation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index f263b4fc15..12cdce321e 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -65,7 +65,7 @@ execution. ```bash ❯ nix develop github:gnosisguild/enclave/ry/v0.1.16 ❯ enclave --version -enclave 0.1.15 +enclave 0.1.16 ❯ bb --version 3.0.0-nightly.20251104 ❯ echo $E3_CUSTOM_BB From 2503c86e02ce4f731135b39334e06c2164f12838 Mon Sep 17 00:00:00 2001 From: ryardley Date: Sun, 8 Mar 2026 10:21:43 +0000 Subject: [PATCH 25/31] add flake.nix and flake.lock so that we can use nix in docker --- .dockerignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.dockerignore b/.dockerignore index 6000c736f3..c20776424b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -12,6 +12,8 @@ !pnpm-lock.yaml !rust-toolchain.toml !**/*.sh +!flake.nix +!flake.lock # Explicitly ignore build artifacts everywhere target/ From b344417d3841e1f6e0b0788b9f51bc953e0e7819 Mon Sep 17 00:00:00 2001 From: ryardley Date: Mon, 9 Mar 2026 03:24:18 +0000 Subject: [PATCH 26/31] update nix flake to be driven from versions,json --- flake.nix | 21 ++++----------------- scripts/nix-versions.sh | 13 +++++-------- 2 files changed, 9 insertions(+), 25 deletions(-) diff --git a/flake.nix b/flake.nix index 502b5c16c4..782d9eae1f 100644 --- a/flake.nix +++ b/flake.nix @@ -13,29 +13,22 @@ noirHash = "sha256-RoeWaqgFwr8A4HAlu5DzuxrNrexMolIZG14fHQA0KmM="; fheHash = "sha256-dS8LcKDI/D9ycsRXbQnMVkUc2ymFBFL8kDrEtRGuHNI="; vfsHash = "sha256-+d8RFk7UgOXDCE/LizCTV+UX/Xm/1mYWrR7W0l6mAl8="; - - # bb version hashes - bbVersion = "3.0.0-nightly.20251104"; - bbHashes = { - "amd64-linux" = "sha256-l0ABPRqg6xsLstcUhMiz3rxQUKQJvV8S+EVPv8fLVBk="; - "arm64-linux" = "sha256-rmv4UYmYUjtOE1zWOPMFqAL1Lo36XqmxwhDefQTFU0M="; - "amd64-darwin" = "sha256-eHRJTdEjhlWZOkS4XZTp3MNYnSmYDv+LA6fxZ6RcMuQ="; - "arm64-darwin" = "sha256-bTU8BdvsxXPRsMqZLIsiLbjoc4U7eRC3kpFWKTR/Z4k="; - }; + # bb version + checksums driven from versions.json + versionsJson = builtins.fromJSON (builtins.readFile ./crates/zk-prover/versions.json); + bbVersion = versionsJson.required_bb_version; + bbHashes = versionsJson.bb_checksums; in flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; - noirSrc = pkgs.fetchFromGitHub { owner = "noir-lang"; repo = "noir"; rev = "v1.0.0-beta.16"; hash = noirHash; }; - bbPlatform = if pkgs.stdenv.isLinux then @@ -48,7 +41,6 @@ then "arm64-darwin" else "amd64-darwin" else throw "Unsupported platform"; - bbBin = pkgs.stdenv.mkDerivation { pname = "barretenberg"; version = bbVersion; @@ -68,7 +60,6 @@ homepage = "https://github.com/AztecProtocol/aztec-packages"; }; }; - bb = if pkgs.stdenv.isLinux then @@ -78,7 +69,6 @@ runScript = "${bbBin}/bin/bb"; } else bbBin; - wrapped-bb = if pkgs.stdenv.isLinux then @@ -86,7 +76,6 @@ exec ${pkgs.steam-run}/bin/steam-run ${bb}/bin/bb "$@" '' else bb; - e3-cli = pkgs.rustPlatform.buildRustPackage { pname = "e3-cli"; version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; @@ -100,7 +89,6 @@ cp -r ${noirSrc}/noir_stdlib "$d/../../noir_stdlib" fi done - export HOME=$(mktemp -d) git config --global user.email "nix@nix" git config --global user.name "nix" @@ -180,7 +168,6 @@ packages.default = e3-cli; packages.cli = e3-cli; packages.bb = wrapped-bb; - devShells.default = pkgs.mkShell { packages = [ e3-cli diff --git a/scripts/nix-versions.sh b/scripts/nix-versions.sh index c9a28935d7..de7823522b 100755 --- a/scripts/nix-versions.sh +++ b/scripts/nix-versions.sh @@ -1,12 +1,10 @@ #!/usr/bin/env bash set -euo pipefail - val() { grep "$1 = " flake.nix | head -1 | sed 's/.*"\(.*\)".*/\1/'; } - NOIR_REV=$(grep 'rev = ' flake.nix | head -1 | sed 's/.*"\(.*\)".*/\1/') -BB_VER=$(val bbVersion) +VERSIONS_JSON="./crates/zk-prover/versions.json" +BB_VER=$(jq -r '.required_bb_version' "$VERSIONS_JSON") FAIL=0 - check() { local name="$1" url="$2" expected="$3" unpack="${4:-}" printf "%-35s" "$name" @@ -14,15 +12,14 @@ check() { if [[ "$got" == "$expected" ]]; then echo "$name is correct ✅" else echo "❌ expected $expected got $got"; FAIL=1; fi } - check "noir" \ "https://github.com/noir-lang/noir/archive/${NOIR_REV}.tar.gz" \ "$(val noirHash)" --unpack - for p in amd64-linux arm64-linux amd64-darwin arm64-darwin; do + hex=$(jq -r ".bb_checksums[\"${p}\"]" "$VERSIONS_JSON") + sri=$(nix hash convert --to sri --hash-algo sha256 "$hex") check "bb-${p}" \ "https://github.com/AztecProtocol/aztec-packages/releases/download/v${BB_VER}/barretenberg-${p}.tar.gz" \ - "$(grep "\"${p}\" = " flake.nix | sed 's/.*"\(sha256-[^"]*\)".*/\1/')" + "$sri" done - exit $FAIL From 7c6ea309b6491dbc9c86d138e59cfa313099b72a Mon Sep 17 00:00:00 2001 From: ryardley Date: Tue, 10 Mar 2026 07:52:05 +0000 Subject: [PATCH 27/31] add cachix --- .github/workflows/releases.yml | 15 +++++++++++---- flake.nix | 4 ++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index e5809af98c..3a39eb76b0 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -148,12 +148,17 @@ jobs: with: extra_nix_config: | experimental-features = nix-command flakes + - uses: cachix/install-nix-action@v4 + - uses: cachix/cachix-action@v15 + with: + name: enclave + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' # if the following fails it means some of our git dependencies or bb has updated - # to fix this basically what you need to do here is copy the actual hashes - # into the flake.nix where those hashes are expected. if you want to do this locally + # to fix this basically what you need to do here is copy the actual hashes + # into the flake.nix where those hashes are expected. if you want to do this locally # install the nix package manager and try running the scripts below. - run: bash ./scripts/nix-versions.sh # display bad versions when deps change - - run: nix build .#cli # build the nix flake + - run: nix build .#default # build the nix flake build-binaries: name: Build Binaries (${{ matrix.os_name }}-${{ matrix.arch }}) @@ -390,7 +395,9 @@ jobs: download-circuits, build-nix-flake, ] - if: always() && needs.validate-and-prepare.result == 'success' && needs.build-binaries.result == 'success' && needs.build-nix-flake.result == 'success' + if: + always() && needs.validate-and-prepare.result == 'success' && needs.build-binaries.result == 'success' && needs.build-nix-flake.result + == 'success' steps: - name: Checkout uses: actions/checkout@v6 diff --git a/flake.nix b/flake.nix index 782d9eae1f..8e0367e0b8 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,9 @@ { description = "Enclave"; + nixConfig = { + extra-substituters = ["https://enclave.cachix.org"]; + extra-trusted-public-keys = ["enclave.cachix.org-1:B5SynR85iX/TRueDpZu4dh1xVR8lNfKoAaVWZkux1ss="]; + }; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; From d42fb902c91b611fe65a7b529b103d44cb641ca0 Mon Sep 17 00:00:00 2001 From: ryardley Date: Tue, 10 Mar 2026 08:12:46 +0000 Subject: [PATCH 28/31] add note about cachix --- docs/pages/installation.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx index 12cdce321e..627f8b9d50 100644 --- a/docs/pages/installation.mdx +++ b/docs/pages/installation.mdx @@ -72,6 +72,16 @@ enclave 0.1.16 /nix/store/6da5va1malbj4pjrzn5lan6n51m4hg9h-bb/bin/bb ``` +NOTE: On first run, Nix will ask you to trust our binary cache. Say yes to both prompts to download +pre-built binaries instead of building from source: + +``` +do you want to allow configuration setting 'extra-substituters' to be set to '...'? y +do you want to permanently mark this value as trusted? y +``` + +If you decline, everything still works — it just builds from source, which takes longer. + ## Manual Installation If you prefer to install manually: From faa78524b52fbd39f643edcdc30a1484b21d2d46 Mon Sep 17 00:00:00 2001 From: ryardley Date: Tue, 10 Mar 2026 08:20:50 +0000 Subject: [PATCH 29/31] attempt to fix mac build error --- flake.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index 8e0367e0b8..eae8f767df 100644 --- a/flake.nix +++ b/flake.nix @@ -155,14 +155,9 @@ pkgs.jq pkgs.solc ]; - buildInputs = - [ - pkgs.openssl - ] - ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ - pkgs.darwin.apple_sdk.frameworks.Security - pkgs.darwin.apple_sdk.frameworks.SystemConfiguration - ]; + buildInputs = [ + pkgs.openssl + ]; meta = { description = "e3 CLI"; license = pkgs.lib.licenses.lgpl3Only; From ac0f9fbffef78205b0c647ee82d5d1ee84b4103d Mon Sep 17 00:00:00 2001 From: Cedoor Date: Wed, 25 Mar 2026 16:23:22 +0100 Subject: [PATCH 30/31] chore: update barretenberg download url --- flake.nix | 2 +- scripts/nix-versions.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index eae8f767df..ed3f3b74bb 100644 --- a/flake.nix +++ b/flake.nix @@ -49,7 +49,7 @@ pname = "barretenberg"; version = bbVersion; src = pkgs.fetchurl { - url = "https://github.com/AztecProtocol/aztec-packages/releases/download/v${bbVersion}/barretenberg-${bbPlatform}.tar.gz"; + url = "https://github.com/gnosisguild/aztec-packages/releases/download/v${bbVersion}/barretenberg-${bbPlatform}.tar.gz"; sha256 = bbHashes.${bbPlatform}; }; nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.autoPatchelfHook]; diff --git a/scripts/nix-versions.sh b/scripts/nix-versions.sh index de7823522b..56462432ee 100755 --- a/scripts/nix-versions.sh +++ b/scripts/nix-versions.sh @@ -19,7 +19,7 @@ for p in amd64-linux arm64-linux amd64-darwin arm64-darwin; do hex=$(jq -r ".bb_checksums[\"${p}\"]" "$VERSIONS_JSON") sri=$(nix hash convert --to sri --hash-algo sha256 "$hex") check "bb-${p}" \ - "https://github.com/AztecProtocol/aztec-packages/releases/download/v${BB_VER}/barretenberg-${p}.tar.gz" \ + "https://github.com/gnosisguild/aztec-packages/releases/download/v${BB_VER}/barretenberg-${p}.tar.gz" \ "$sri" done exit $FAIL From b0f98203191e18e77794d2d801f79f8c306ac426 Mon Sep 17 00:00:00 2001 From: ryardley Date: Thu, 26 Mar 2026 09:44:59 +0000 Subject: [PATCH 31/31] comment out other versions --- scripts/nix-versions.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/nix-versions.sh b/scripts/nix-versions.sh index 56462432ee..11a61be988 100755 --- a/scripts/nix-versions.sh +++ b/scripts/nix-versions.sh @@ -15,7 +15,11 @@ check() { check "noir" \ "https://github.com/noir-lang/noir/archive/${NOIR_REV}.tar.gz" \ "$(val noirHash)" --unpack -for p in amd64-linux arm64-linux amd64-darwin arm64-darwin; do + +# COMMENTING OUT WHILE WE ARE MISSING THE CORRECT VERSION +# WAITING FOR UPGRADE OF BB VERSION +# for p in amd64-linux arm64-linux amd64-darwin arm64-darwin; do +for p in amd64-linux; do hex=$(jq -r ".bb_checksums[\"${p}\"]" "$VERSIONS_JSON") sri=$(nix hash convert --to sri --hash-algo sha256 "$hex") check "bb-${p}" \