From 807d9164c63873fbc3956b232a6591387a61a95f Mon Sep 17 00:00:00 2001
From: Psionik K <73710933+psionic-k@users.noreply.github.com>
Date: Tue, 17 Oct 2023 02:24:42 -0500
Subject: [PATCH] Sanitize workspace & package tomls

Instead of the existing whitelist style jq statements, a blacklist is produced
to eliminate keys that cause issues in sandbox builds or will conflict with
configuration via nix expressions

The workspace toml is reduced so that it becomes a workspace for just a single
member, the crate we want to build.

The crate toml is reduced separately.

The build happens from the workspace level.
---
 overlay/mkcrate-utils.sh | 42 ++++++++++++++++++++++++++++------------
 overlay/mkcrate.nix      | 20 +++++++++++++------
 2 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/overlay/mkcrate-utils.sh b/overlay/mkcrate-utils.sh
index 2484a11b..3d6b7faa 100644
--- a/overlay/mkcrate-utils.sh
+++ b/overlay/mkcrate-utils.sh
@@ -334,20 +334,38 @@ sanitizeTomlForRemarshal () {
     done;
 }
 
-removeTomlDeps () {
+reducePackageToml () {
+    # This function needs to remove any package keys that conflict with
+    # dependency control or target and profile configuration.
+    # https://doc.rust-lang.org/cargo/reference/manifest.html
     local manifestPatch="$3"
+    local registry="$registry"
+    remarshal -if toml -of json "$1" \
+      | jq 'del(."cargo-features",
+                .replace,
+                .patch,
+                .dependencies,
+                ."build-dependencies",
+                .["dev-dependencies"],
+                .target)
+            + '"$manifestPatch" \
+            | jq 'del(.[][] | nulls)' \
+            | remarshal -if json -of toml > "$2"
+}
+
+reduceWorkspaceToml () {
+    # This function needs to remove any workspace keys that conflict with
+    # dependency control or target and profile configuration.
+    # https://doc.rust-lang.org/cargo/reference/workspaces.html
+    local crate_path="$3"
     remarshal -if toml -of json $1 \
-      | jq "{ package: .package
-            , workspace: .workspace
-            , lib: .lib
-            , bin: .bin
-            , test: .test
-            , example: .example
-            , bench: (if \"$registry\" == \"unknown\" then .bench else null end)
-            }
-            | with_entries(select( .value != null )) \
-            | del( .package.workspace )
-            + $manifestPatch" \
+      | jq ".workspace.members = [\"$crate_path\"]
+            | del( .workspace.dependencies?,
+                   .workspace.\"default-members\",
+                   .workspace.exclude?,
+                   .patch,
+                   .replace)
+            | with_entries(select( .value != null ))" \
       | jq "del(.[][] | nulls)" \
       | remarshal -if json -of toml > $2
 }
diff --git a/overlay/mkcrate.nix b/overlay/mkcrate.nix
index c7863fa8..618c9023 100644
--- a/overlay/mkcrate.nix
+++ b/overlay/mkcrate.nix
@@ -164,6 +164,7 @@ let
 
     extraRustcBuildFlags = rustcBuildFlags;
 
+    # If the crate is a workspace, reduce it to a crate of just a single workspace
     findCrate =  ''
       . ${./mkcrate-utils.sh}
       manifest_path=$(cargoRelativeManifest ${name})
@@ -171,11 +172,13 @@ let
 
       if [ $manifest_path != "Cargo.toml" ]; then
         shopt -s globstar
-        mv Cargo.toml Cargo.toml.workspace
         if [[ -d .cargo ]]; then
           mv .cargo .cargo.workspace
         fi
-        cd "$manifest_dir"
+
+        mv Cargo.toml Cargo.workspace.toml
+        sanitizeTomlForRemarshal Cargo.workspace.toml
+        reduceWorkspaceToml Cargo.workspace.toml Cargo.toml "$manifest_dir"
       fi
     '';
 
@@ -223,6 +226,9 @@ let
     };
 
     overrideCargoManifest = ''
+      manifest_path=$(cargoRelativeManifest ${name})
+      manifest_dir=''${manifest_path%Cargo.toml}
+
       echo "[[package]]" > Cargo.lock
       echo name = \"${name}\" >> Cargo.lock
       echo version = \"${version}\" >> Cargo.lock
@@ -231,9 +237,11 @@ let
         echo source = \"registry+''${registry}\" >> Cargo.lock
       fi
 
+      if [ -n "$manifest_dir" ]; then pushd $manifest_dir; fi
       mv Cargo.toml Cargo.original.toml
       sanitizeTomlForRemarshal Cargo.original.toml
-      removeTomlDeps Cargo.original.toml Cargo.toml "$manifestPatch"
+      reducePackageToml Cargo.original.toml Cargo.toml "$manifestPatch"
+      if [ -n "$manifest_dir" ]; then popd; fi
     '';
 
     setBuildEnv = ''
@@ -242,13 +250,13 @@ let
 
       if (( MINOR_RUSTC_VERSION < 41 )); then
         isProcMacro="$(
-          remarshal -if toml -of json Cargo.original.toml \
+          remarshal -if toml -of json "''${manifest_dir}Cargo.original.toml" \
           | jq -r 'if .lib."proc-macro" or .lib."proc_macro" then "1" else "" end' \
         )"
       fi
 
       crateName="$(
-        remarshal -if toml -of json Cargo.original.toml \
+        remarshal -if toml -of json "''${manifest_dir}Cargo.original.toml" \
         | jq -r 'if .lib."name" then .lib."name" else "${replaceStrings ["-"] ["_"] name}" end' \
       )"
 
@@ -311,7 +319,7 @@ let
       runHook preInstall
     '' + (if compileMode != "doctest" then ''
       mkdir -p $out/lib
-      cargo_links="$(remarshal -if toml -of json Cargo.original.toml | jq -r '.package.links | select(. != null)')"
+      cargo_links="$(remarshal -if toml -of json "''${manifest_dir}Cargo.original.toml" | jq -r '.package.links | select(. != null)')"
       if (( MINOR_RUSTC_VERSION < 41 )); then
         install_crate ${rustHostTriple} ${if release then "release" else "debug"}
       else