pkgs/tools/system/minijail/default.nix

   1 {
   2   stdenv,
   3   lib,
   4   fetchFromGitiles,
   5   libcap,
   6 }:
   7
   8 stdenv.mkDerivation rec {
   9   pname = "minijail";
  10   version = "2024.05.22";
  11
  12   src = fetchFromGitiles {
  13     url = "https://chromium.googlesource.com/chromiumos/platform/minijail";
  14     rev = "linux-v${version}";
  15     sha256 = "sha256-1NNjNEC0pNb0WW0PG5smltT1/dGYNRfhNxJtW0hngI8=";
  16   };
  17
  18   buildInputs = [ libcap ];
  19
  20   makeFlags = [
  21     "ECHO=echo"
  22     "LIBDIR=$(out)/lib"
  23   ];
  24
  25   postPatch = ''
  26     substituteInPlace Makefile --replace /bin/echo echo
  27     patchShebangs platform2_preinstall.sh
  28   '';
  29
  30   # causes redefinition of _FORTIFY_SOURCE
  31   hardeningDisable = [ "fortify3" ];
  32
  33   installPhase = ''
  34     ./platform2_preinstall.sh ${version} $out/include/chromeos
  35
  36     mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \
  37         $out/share/minijail
  38
  39     cp -v *.so $out/lib
  40     cp -v *.pc $out/lib/pkgconfig
  41     cp -v libminijail.h scoped_minijail.h $out/include/chromeos
  42     cp -v minijail0 $out/bin
  43   '';
  44
  45   enableParallelBuilding = true;
  46
  47   meta = with lib; {
  48     homepage = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/heads/main/README.md";
  49     description = "Sandboxing library and application using Linux namespaces and capabilities";
  50     changelog = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/tags/linux-v${version}";
  51     license = licenses.bsd3;
  52     maintainers = with maintainers; [
  53       pcarrier
  54       qyliss
  55     ];
  56     platforms = platforms.linux;
  57     mainProgram = "minijail0";
  58   };
  59 }