Merge pull request #138293 from onny/orjail
This commit is contained in:
commit
fcbcbc1545
2 changed files with 57 additions and 0 deletions
55
pkgs/tools/security/orjail/default.nix
Normal file
55
pkgs/tools/security/orjail/default.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, tor
|
||||
, firejail
|
||||
, iptables
|
||||
, makeWrapper
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "orjail";
|
||||
version = "1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs make-helper.bsh
|
||||
mkdir bin
|
||||
mv usr/sbin/orjail bin/orjail
|
||||
rm -r usr
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"DESTDIR=${placeholder "out"}"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
# Specify binary paths: tor, firejail, iptables
|
||||
# mktemp fails with /tmp path prefix, will work without it anyway
|
||||
# https://github.com/orjail/orjail/issues/78
|
||||
# firejail will fail reading /etc/hosts, therefore remove --hostname arg
|
||||
# https://github.com/netblue30/firejail/issues/2758
|
||||
substituteInPlace $out/bin/orjail \
|
||||
--replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \
|
||||
--replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \
|
||||
--replace 'iptables -' '${iptables}/bin/iptables -' \
|
||||
--replace 'mktemp /tmp/' 'mktemp ' \
|
||||
--replace '--hostname=host ' ""
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Force programs to exclusively use tor network";
|
||||
homepage = "https://github.com/orjail/orjail";
|
||||
license = licenses.wtfpl;
|
||||
maintainers = with maintainers; [ onny ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -3537,6 +3537,8 @@ with pkgs;
|
|||
|
||||
oneshot = callPackage ../tools/networking/oneshot { };
|
||||
|
||||
orjail = callPackage ../tools/security/orjail { };
|
||||
|
||||
online-judge-tools = with python3.pkgs; toPythonApplication online-judge-tools;
|
||||
|
||||
xkbd = callPackage ../applications/misc/xkbd { };
|
||||
|
|
Loading…
Reference in a new issue