System API for ECDSA signing

.github/workflows/docs.yml

@@ -18,6 +18,8 @@ jobs:
         ghc-version: '8.10'
     - name: Build
       run: |
+        sudo apt-get update
+        sudo apt-get install -y libsecp256k1-0 libsecp256k1-dev
         cabal --version
         ghc --version
         cabal update

.github/workflows/release.yml

@@ -11,37 +11,20 @@ jobs:
       matrix:
         os:
         - ubuntu-latest
-
-        # TODO: nixbuild.net currently does not have x86_64-darwin nor aarch64-darwin support but they're working on it:
-        #
-        # | I do have another question: do you support x86_64-darwin builds and
-        # | ideally aarch64-darwin as well (I just got a new M1 MacBook)?
-        #
-        # Our long-term goal is to support x86_64-darwin and aarch64-darwin, but
-        # we don't do it today. The reason is that we really like all builds to
-        # run inside our virtualized sandbox (with our own virtual file system),
-        # since it gives us full control and also lots of insights about the
-        # builds. We have not yet ported this sandbox to MacOS, but it is
-        # definitely something we want to do.
-        #
-        # We actually _have_ aarch64-darwin machines in our build cluster,
-        # running build sandboxes for aarch64-linux. We use a mix of Hetzner
-        # instances (https://www.hetzner.com/dedicated-rootserver/mac-mini-m1)
-        # and self-hosted M1 machines for this. The aarch64-linux support is EA
-        # in nixbuild.net, so we are still experimenting a bit.
-        #
-        # - macos-latest
+        - macos-latest
       fail-fast: false
     runs-on: ${{ matrix.os }}
     env:
-      SSH_KEY_FOR_NIXBUILD: secrets.SSH_KEY_FOR_NIXBUILD
+      SSH_KEY_FOR_NIXBUILD: ${{ secrets.SSH_KEY_FOR_NIXBUILD }}
     steps:
     - uses: actions/checkout@v2
-    - uses: nixbuild/nix-quick-install-action@v13
+    - if: matrix.os == 'macos-latest'
+      uses: cachix/install-nix-action@v16
+    - if: matrix.os == 'ubuntu-latest'
+      uses: nixbuild/nix-quick-install-action@v13
       with:
         nix_conf: experimental-features = nix-command
-    - name: Configure Nix to use nixbuild.net as a remote builder
-      if: env.SSH_KEY_FOR_NIXBUILD != ''
+    - if: matrix.os == 'ubuntu-latest' && ${{ env.SSH_KEY_FOR_NIXBUILD != '' }}
       uses: nixbuild/nixbuild-action@v10
       with:
         nixbuild_ssh_key: ${{ secrets.SSH_KEY_FOR_NIXBUILD }}

default.nix

@@ -32,9 +32,11 @@ let haskellPackages = nixpkgs.haskellPackages.override {
       # the downgrade of cborg in nix/generated.nix makes cborgs test suite depend on
       # older versions of stuff, so let’s ignore the test suite.
       cborg = nixpkgs.haskell.lib.dontCheck generated.cborg;
-
       # here more adjustments can be made if needed, e.g.
       # crc = nixpkgs.haskell.lib.markUnbroken (nixpkgs.haskell.lib.dontCheck super.crc);
+      murmur3 = nixpkgs.haskell.lib.markUnbroken super.murmur3;
+      secp256k1-haskell = nixpkgs.haskell.lib.markUnbroken super.secp256k1-haskell_0_6_0;
+      haskoin-core = nixpkgs.haskell.lib.dontCheck super.haskoin-core;
     };
 }; in
 
@@ -91,46 +93,49 @@ let
     # (once we can use ghc-9.0 we can maybe use ghc-bignum native, which should be faster)
     else
       let
-        muslHaskellPackages = nixpkgs.pkgsMusl.haskell.packages.integer-simple.ghc8107.override {
+        staticHaskellPackages = nixpkgs.pkgsStatic.haskell.packages.integer-simple.ghc8107.override {
           overrides = self: super:
             let generated = import nix/generated/all.nix self super; in
             generated //
             {
               # the downgrade of cborg in nix/generated.nix makes cborgs test suite depend on
               # older versions of stuff, so let’s ignore the test suite.
               cborg = nixpkgs.haskell.lib.dontCheck (
-                generated.cborg.overrideAttrs(old: {
-                configureFlags = ["-f-optimize-gmp"];
-              }));
+                nixpkgs.haskell.lib.appendConfigureFlag generated.cborg "-f-optimize-gmp"
+              );
+
+              murmur3 = nixpkgs.haskell.lib.markUnbroken super.murmur3;
+              secp256k1-haskell = nixpkgs.haskell.lib.markUnbroken super.secp256k1-haskell_0_6_0;
+              haskoin-core = nixpkgs.haskell.lib.dontCheck super.haskoin-core;
 
-              cryptonite = super.cryptonite.overrideAttrs(old: {
-                configureFlags = "-f-integer-gmp";
-                doCheck = false; # test suite too slow without integer-gmp
-              });
+              cryptonite = nixpkgs.haskell.lib.dontCheck (
+                nixpkgs.haskell.lib.appendConfigureFlag super.cryptonite "-f-integer-gmp"
+              );
 
               # more test suites too slow withour integer-gmp
               scientific = nixpkgs.haskell.lib.dontCheck super.scientific;
               math-functions = nixpkgs.haskell.lib.dontCheck super.math-functions;
 
+              # If we enable TemplateHaskell support in QuickCheck we get the following error:
+              #
+              # > Building library for QuickCheck-2.14.2..
+              # > [ 1 of 16] Compiling Test.QuickCheck.Exception ( src/Test/QuickCheck/Exception.hs, dist/build/Test/QuickCheck/Exception.o, dist/build/Test/QuickCheck/Exception.dyn_o )
+              # > [ 2 of 16] Compiling Test.QuickCheck.Random ( src/Test/QuickCheck/Random.hs, dist/build/Test/QuickCheck/Random.o, dist/build/Test/QuickCheck/Random.dyn_o )
+              # > [ 3 of 16] Compiling Test.QuickCheck.Gen ( src/Test/QuickCheck/Gen.hs, dist/build/Test/QuickCheck/Gen.o, dist/build/Test/QuickCheck/Gen.dyn_o )
+              # > attempting to use module ‘QuickCheck-2.14.2-FmmIi43N1T8HDWnA1W6fPq:Test.QuickCheck.Random’ (src/Test/QuickCheck/Random.hs) which is not loaded
+              QuickCheck = nixpkgs.haskell.lib.appendConfigureFlag super.QuickCheck "-f-templateHaskell";
             };
         };
-        ic-hs-musl =
-          muslHaskellPackages.ic-hs.overrideAttrs (
-            old: {
-              configureFlags = [
-                "-frelease"
-                "-f-library"
-                "--ghc-option=-optl=-static"
-                "--extra-lib-dirs=${nixpkgs.pkgsMusl.zlib.static}/lib"
-                "--extra-lib-dirs=${nixpkgs.pkgsMusl.libffi.overrideAttrs (old: { dontDisableStatic = true; })}/lib"
-              ];
-            }
-          );
+        ic-hs-static = nixpkgs.haskell.lib.appendConfigureFlags staticHaskellPackages.ic-hs [
+          "-frelease"
+          "-f-library"
+          "--ghc-option=-optl=-static"
+        ];
         in nixpkgs.runCommandNoCC "ic-ref-dist" {
           allowedRequisites = [];
         } ''
           mkdir -p $out/bin
-          cp ${ic-hs-musl}/bin/ic-ref $out/bin
+          cp ${ic-hs-static}/bin/ic-ref $out/bin
         '';
 
 
@@ -149,6 +154,8 @@ rec {
   inherit ic-hs-coverage;
   inherit universal-canister;
 
+  haskoin-core = haskellPackages.haskoin-core;
+
   ic-ref-test = nixpkgs.runCommandNoCC "ic-ref-test" {
       nativeBuildInputs = [ ic-hs ];
     } ''