BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

gvisor: 20210518.0 -> 20220905.0

Browse source 
switch gvisor to build with synthetic go branch instead of bazel.
This commit is contained in:
night 2022-09-07 02:30:52 -07:00 committed by Alyssa Ross
parent 9071fb55f6
commit 4c8a3de137
3 changed files with 18 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
pkgs/applications/virtualization/gvisor/containerd-shim.nix
View file

@ -1,35 +0,0 @@
{ lib, fetchFromGitHub, buildGoModule }:
buildGoModule rec {
pname = "gvisor-containerd-shim";
version = "unstable-2019-10-09";
src = fetchFromGitHub {
owner = "google";
repo = "gvisor-containerd-shim";
rev = "f299b553afdd8455a0057862004061ea12e660f5";
sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm";
};
vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k";
buildPhase = ''
make
'';
checkPhase = ''
make test
'';
installPhase = ''
make install DESTDIR="$out"
'';
meta = with lib; {
description = "containerd shim for gVisor";
homepage = "https://github.com/google/gvisor-containerd-shim";
license = licenses.asl20;
maintainers = with maintainers; [ andrew-d ];
platforms = [ "x86_64-linux" ];
};
}

120
pkgs/applications/virtualization/gvisor/default.nix
View file

@ -1,127 +1,43 @@
{ lib
, buildBazelPackage
, buildGoModule
, fetchFromGitHub
, callPackage
, bash
, cacert
, git
, glibcLocales
, go
, iproute2
, iptables
, makeWrapper
, procps
, protobuf
, python3
}:
let
preBuild = ''
patchShebangs .
substituteInPlace tools/defs.bzl \
--replace "#!/bin/bash" "#!${bash}/bin/bash"
# Tell rules_go to use the Go binary found in the PATH
sed -E -i \
-e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
WORKSPACE
# The gazelle Go tooling needs CA certs
export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
# If we don't reset our GOPATH, the rules_go stdlib builder tries to
# install something into it. Ideally that wouldn't happen, but for now we
# can also get around it by unsetting GOPATH entirely, since rules_go
# doesn't need it.
export GOPATH=
'';
# Patch the protoc alias so that it always builds from source.
rulesProto = fetchFromGitHub {
owner = "bazelbuild";
repo = "rules_proto";
rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
postFetch = ''
sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
cat <<EOF >>$out/proto/private/BUILD.release
alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
EOF
'';
};
in buildBazelPackage rec {
buildGoModule rec {
pname = "gvisor";
version = "20210518.0";
version = "20220905.0";
src = fetchFromGitHub {
owner = "google";
repo = "gvisor";
rev = "release-${version}";
sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
repo = "gvisor";
rev = "442a3cd44a0858ac2a8e773b6fbba67cf3bd3767";
sha256 = "sha256-LKY7AKAHX29eGuXRrkCVCFl/bdHAVOC0QNZfzlpXqwc=";
};
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
vendorSha256 = "sha256-Fn8A8iwTv0lNI9ZBJkq3SlRelnAGIQY0GInTxaCzSAU=";
bazelTarget = "//runsc:runsc";
bazelFlags = [
"--override_repository=rules_proto=${rulesProto}"
];
nativeBuildInputs = [ makeWrapper ];
# gvisor uses the Starlark implementation of rules_cc, not the built-in one,
# so we shouldn't delete it from our dependencies.
removeRulesCC = false;
ldflags = [ "-s" "-w" ];
fetchAttrs = {
inherit preBuild;
subPackages = [ "runsc" "shim" ];
preInstall = ''
# Remove the go_sdk (it's just a copy of the go derivation) and all
# references to it from the marker files. Bazel does not need to download
# this sdk because we have patched the WORKSPACE file to point to the one
# currently present in PATH. Without removing the go_sdk from the marker
# file, the hash of it will change anytime the Go derivation changes and
# that would lead to impurities in the marker files which would result in
# a different sha256 for the fetch phase.
rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker}
# Remove the gazelle tools, they contain go binaries that are built
# non-deterministically. As long as the gazelle version matches the tools
# should be equivalent.
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
# Remove the gazelle repository cache
chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker}
# Remove log file(s)
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
'';
sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
};
buildAttrs = {
inherit preBuild;
installPhase = ''
install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc
# Needed for the 'runsc do' subcomand
wrapProgram $out/bin/runsc \
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
'';
};
postInstall = ''
# Needed for the 'runsc do' subcomand
wrapProgram $out/bin/runsc \
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
mv $out/bin/shim $out/bin/containerd-shim-runsc-v1
'';
meta = with lib; {
description = "Container Runtime Sandbox";
description = "Application Kernel for Containers";
homepage = "https://github.com/google/gvisor";
license = licenses.asl20;
maintainers = with maintainers; [ andrew-d ];
maintainers = with maintainers; [ andrew-d gpl ];
platforms = [ "x86_64-linux" ];
# The version we have right now does not compile with go 1.17
# See https://github.com/NixOS/nixpkgs/pull/174003 if you want to upgrade gvisor
broken = true;
};
}

2
pkgs/top-level/all-packages.nix
View file

@ -28128,8 +28128,6 @@ with pkgs;
gvisor = callPackage ../applications/virtualization/gvisor { };
gvisor-containerd-shim = callPackage ../applications/virtualization/gvisor/containerd-shim.nix { };
guvcview = libsForQt5.callPackage ../os-specific/linux/guvcview { };
gwc = callPackage ../applications/audio/gwc { };