From 875fde78de099f986f954154f40d53213b7b9b16 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Fri, 17 Sep 2021 17:33:56 +0200 Subject: [PATCH] orjail: init at 1.1 --- pkgs/tools/security/orjail/default.nix | 55 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 57 insertions(+) create mode 100644 pkgs/tools/security/orjail/default.nix diff --git a/pkgs/tools/security/orjail/default.nix b/pkgs/tools/security/orjail/default.nix new file mode 100644 index 000000000000..adcbf5ae4f9f --- /dev/null +++ b/pkgs/tools/security/orjail/default.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, fetchFromGitHub +, tor +, firejail +, iptables +, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "orjail"; + version = "1.1"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + patchShebangs make-helper.bsh + mkdir bin + mv usr/sbin/orjail bin/orjail + rm -r usr + ''; + + makeFlags = [ + "DESTDIR=${placeholder "out"}" + ]; + + postInstall = '' + # Specify binary paths: tor, firejail, iptables + # mktemp fails with /tmp path prefix, will work without it anyway + # https://github.com/orjail/orjail/issues/78 + # firejail will fail reading /etc/hosts, therefore remove --hostname arg + # https://github.com/netblue30/firejail/issues/2758 + substituteInPlace $out/bin/orjail \ + --replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \ + --replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \ + --replace 'iptables -' '${iptables}/bin/iptables -' \ + --replace 'mktemp /tmp/' 'mktemp ' \ + --replace '--hostname=host ' "" + ''; + + meta = with lib; { + description = "Force programs to exclusively use tor network"; + homepage = "https://github.com/orjail/orjail"; + license = licenses.wtfpl; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3e9f41a0506b..ef8a486032bf 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3591,6 +3591,8 @@ with pkgs; oneshot = callPackage ../tools/networking/oneshot { }; + orjail = callPackage ../tools/security/orjail { }; + online-judge-tools = with python3.pkgs; toPythonApplication online-judge-tools; xkbd = callPackage ../applications/misc/xkbd { };