Trustix is structured as a monorepo consisting of many subpackages:
The main package with all log functionality. This component is generic and doesn't know anything about any Nix or other package manager specifics.
The main documentation package that aggregates documentation from the various subpackages.
This is a supplemental daemon to the main Trustix daemon that layers some knowledge about Nix on top of the generic log functionality. It contains a post-build hook used to submit newly built packages to the logs, a binary cache HTTP interface and a development tool to submit already built closures.
This package is an implementation of a reproducibility tracker backed by logs.
Trustix-proto contains all shared protobuf definitions shared by various components, as well as generated Go libraries to interact with Trustix over it's RPC mechanism (gRPC).
Trustix doesn't depend on much in the way of globally installed tools.
We do make two assumptions in regards to tooling managed outside of the repository though:
If you've read this far you likely already know Nix and what it is, so we won't go into any detail about this.
A shell extension to load directory local environments in a currently running shell and/or editor.
This will load a present
default.nix when used with the direnv rule
use nix, which is the mode of operation we are using direnv in.
All subpackages have their own shell environments which all needs to be explicitly whitelisted to be loaded.
For convenience we have a Makefile target in the root of the project called
To whitelist all subpackages run:
$ make direnv-allow
All components are using Makefile's as their development entry points for ease of use.
All standard Make targets are always implemented, even though they are no-ops in some cases where they don't make sense. For example a build step doesn't make sense for most Python code.
These are all standard make targets you can expect to find for any given package:
Builds the package.
Runs the tests for a given package.
This target runs all configured linter steps.
This target checks the formatting of a given package.
This target runs the package in development (watch) mode.
This target builds documentation.
This is mostly outputing markdown files in the relevant location for the
trustix-doc package to compose.
To run individual components change directory to the relevant package and run:
$ make develop
This also works from the project root where it will start all packages in watch mode.
From the root directory run:
$ make all
Cryptographic keys for development is checked in to the repository for ease of use and a very quick getting started experience.