pkgs/tools/system/minijail/default.nix

   1 { stdenv, lib, fetchFromGitiles, libcap }:
   2
   3 stdenv.mkDerivation rec {
   4   pname = "minijail";
   5   version = "2024.05.22";
   6
   7   src = fetchFromGitiles {
   8     url = "https://chromium.googlesource.com/chromiumos/platform/minijail";
   9     rev = "linux-v${version}";
  10     sha256 = "sha256-1NNjNEC0pNb0WW0PG5smltT1/dGYNRfhNxJtW0hngI8=";
  11   };
  12
  13   buildInputs = [ libcap ];
  14
  15   makeFlags = [ "ECHO=echo" "LIBDIR=$(out)/lib" ];
  16
  17   postPatch = ''
  18     substituteInPlace Makefile --replace /bin/echo echo
  19     patchShebangs platform2_preinstall.sh
  20   '';
  21
  22   # causes redefinition of _FORTIFY_SOURCE
  23   hardeningDisable = [ "fortify3" ];
  24
  25   installPhase = ''
  26     ./platform2_preinstall.sh ${version} $out/include/chromeos
  27
  28     mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \
  29         $out/share/minijail
  30
  31     cp -v *.so $out/lib
  32     cp -v *.pc $out/lib/pkgconfig
  33     cp -v libminijail.h scoped_minijail.h $out/include/chromeos
  34     cp -v minijail0 $out/bin
  35   '';
  36
  37   enableParallelBuilding = true;
  38
  39   meta = with lib; {
  40     homepage = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/heads/main/README.md";
  41     description = "Sandboxing library and application using Linux namespaces and capabilities";
  42     changelog = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/tags/linux-v${version}";
  43     license = licenses.bsd3;
  44     maintainers = with maintainers; [ pcarrier qyliss ];
  45     platforms = platforms.linux;
  46     mainProgram = "minijail0";
  47   };
  48 }