nixpkgs/pkgs/tools/security/nsjail/default.nix

{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkg-config, which
, libnl, protobuf, protobufc, shadow, installShellFiles
}:

stdenv.mkDerivation rec {
  pname = "nsjail";
  version = "3.4";

  src = fetchFromGitHub {
    owner           = "google";
    repo            = "nsjail";
    rev             = version;
    fetchSubmodules = true;
    hash            = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";
  };

  nativeBuildInputs = [ autoconf bison flex installShellFiles libtool pkg-config which ];
  buildInputs = [ libnl protobuf protobufc ];
  enableParallelBuilding = true;

  env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ];

  preBuild = ''
    makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
  '';

  installPhase = ''
    runHook preInstall
    install -Dm755 nsjail "$out/bin/nsjail"
    installManPage nsjail.1
    runHook postInstall
  '';

  meta = with lib; {
    description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
    homepage    = "https://nsjail.dev/";
    changelog   = "https://github.com/google/nsjail/releases/tag/${version}";
    license     = licenses.asl20;
    maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
    platforms   = platforms.linux;
    mainProgram = "nsjail";
  };
}
pkgs/tools: pkgconfig -> pkg-config 2021-01-17 03:51:22 +00:00			`{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkg-config, which`
nsjail: 3.0 -> 3.1 2022-09-16 10:39:20 +01:00			`, libnl, protobuf, protobufc, shadow, installShellFiles`
nsjail: fix path to new{u\|g}idmap (#51523) 2018-12-04 21:47:48 +00:00			`}:`
nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00
			`stdenv.mkDerivation rec {`
treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 13:41:18 +01:00			`pname = "nsjail";`
nsjail: 3.3 -> 3.4 2023-10-11 20:58:01 +01:00			`version = "3.4";`
nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00
nsjail: git-2015-08-10 -> 2.1 2017-10-21 23:13:11 +01:00			`src = fetchFromGitHub {`
			`owner = "google";`
			`repo = "nsjail";`
			`rev = version;`
			`fetchSubmodules = true;`
nsjail: 3.3 -> 3.4 2023-10-11 20:58:01 +01:00			`hash = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";`
nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00			`};`

nsjail: 3.2 -> 3.3 * nsjail: 3.2 -> 3.3 (#205507) * nsjail: update homepage for v3.3 Co-authored-by: Renaud <c0bw3b@users.noreply.github.com> 2022-12-10 19:23:41 +00:00			`nativeBuildInputs = [ autoconf bison flex installShellFiles libtool pkg-config which ];`
nsjail: 2.2 -> 2.7 (#48024) 2018-10-10 22:33:43 +01:00			`buildInputs = [ libnl protobuf protobufc ];`
nsjail: 2.1 -> 2.2 plus fixed meta.license which should be Apache License 2.0 2017-11-04 19:02:23 +00:00			`enableParallelBuilding = true;`
nsjail: git-2015-08-10 -> 2.1 2017-10-21 23:13:11 +01:00
nsjail: fix build 2024-01-19 14:20:43 +00:00			`env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ];`

nsjail: 2.9 -> 3.0 2020-07-23 16:49:56 +01:00			`preBuild = ''`
			`makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')`
			`'';`

nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00			`installPhase = ''`
nsjail: fix hooks invoked in `installPhase` 2022-12-16 21:31:09 +00:00			`runHook preInstall`
nsjail: 3.0 -> 3.1 2022-09-16 10:39:20 +01:00			`install -Dm755 nsjail "$out/bin/nsjail"`
			`installManPage nsjail.1`
nsjail: fix hooks invoked in `installPhase` 2022-12-16 21:31:09 +00:00			`runHook postInstall`
nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00			`'';`

treewide: with stdenv.lib; in meta -> with lib; Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix 2021-01-11 07:54:33 +00:00			`meta = with lib; {`
nsjail: git-2015-08-10 -> 2.1 2017-10-21 23:13:11 +01:00			`description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";`
nsjail: 3.2 -> 3.3 * nsjail: 3.2 -> 3.3 (#205507) * nsjail: update homepage for v3.3 Co-authored-by: Renaud <c0bw3b@users.noreply.github.com> 2022-12-10 19:23:41 +00:00			`homepage = "https://nsjail.dev/";`
nsjail: add changelog to meta 2023-10-11 20:58:01 +01:00			`changelog = "https://github.com/google/nsjail/releases/tag/${version}";`
nsjail: 2.1 -> 2.2 plus fixed meta.license which should be Apache License 2.0 2017-11-04 19:02:23 +00:00			`license = licenses.asl20;`
nsjail: 2.9 -> 3.0 2020-07-23 16:49:56 +01:00			`maintainers = with maintainers; [ arturcygan bosu c0bw3b ];`
nsjail: git-2015-08-10 -> 2.1 2017-10-21 23:13:11 +01:00			`platforms = platforms.linux;`
treewide: add mainProgram 2023-11-23 02:51:17 +00:00			`mainProgram = "nsjail";`
nsjail: init at 8b951e6 2015-08-10 18:34:09 +01:00			`};`
			`}`