nixpkgs-suyu/pkgs/tools/security/nsjail/default.nix

44 lines
1.3 KiB
Nix
Raw Normal View History

2021-01-17 04:51:22 +01:00
{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkg-config, which
, libnl, protobuf, protobufc, shadow
}:
2015-08-10 19:34:09 +02:00
stdenv.mkDerivation rec {
pname = "nsjail";
version = "3.0"; # Bumping? Remove the bison patch.
2015-08-10 19:34:09 +02:00
2017-10-22 00:13:11 +02:00
src = fetchFromGitHub {
owner = "google";
repo = "nsjail";
rev = version;
fetchSubmodules = true;
2020-07-23 17:49:56 +02:00
sha256 = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh";
2015-08-10 19:34:09 +02:00
};
2021-01-17 04:51:22 +01:00
nativeBuildInputs = [ autoconf bison flex libtool pkg-config which ];
2018-10-10 23:33:43 +02:00
buildInputs = [ libnl protobuf protobufc ];
enableParallelBuilding = true;
2017-10-22 00:13:11 +02:00
patches = [
# To remove after bumping 3.0
./001-fix-bison-link-error.patch
];
2020-07-23 17:49:56 +02:00
preBuild = ''
makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
'';
2015-08-10 19:34:09 +02:00
installPhase = ''
mkdir -p $out/bin $out/share/man/man1
install nsjail $out/bin/
install nsjail.1 $out/share/man/man1/
2015-08-10 19:34:09 +02:00
'';
meta = with lib; {
2017-10-22 00:13:11 +02:00
description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
homepage = "http://nsjail.com/";
license = licenses.asl20;
2020-07-23 17:49:56 +02:00
maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
2017-10-22 00:13:11 +02:00
platforms = platforms.linux;
2015-08-10 19:34:09 +02:00
};
}