pyrox.dev
1{ lib
2, buildGoModule
3, fetchFromGitHub
4, iproute2
5, iptables
6, makeWrapper
7, procps
8}:
9
10buildGoModule rec {
11 pname = "gvisor";
12 version = "20221102.1";
13
14 # gvisor provides a synthetic go branch (https://github.com/google/gvisor/tree/go)
15 # that can be used to build gvisor without bazel.
16 # For updates, you should stick to the commits labeled "Merge release-** (automated)"
17
18 src = fetchFromGitHub {
19 owner = "google";
20 repo = "gvisor";
21 rev = "bf8eeee3a9eb966bc72c773da060a3c8bb73b8ff";
22 sha256 = "sha256-rADQsJ+AnBVlfQURGJl1xR6Ad5NyRWSrBSpOFMRld+o=";
23 };
24
25 vendorHash = "sha256-iGLWxx/Kn1QaJTNOZcc+mwoF3ecEDOkaqmA0DH4pdgU=";
26
27 nativeBuildInputs = [ makeWrapper ];
28
29 CGO_ENABLED = 0;
30
31 ldflags = [ "-s" "-w" ];
32
33 subPackages = [ "runsc" "shim" ];
34
35 postInstall = ''
36 # Needed for the 'runsc do' subcommand
37 wrapProgram $out/bin/runsc \
38 --prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
39 mv $out/bin/shim $out/bin/containerd-shim-runsc-v1
40 '';
41
42 meta = with lib; {
43 description = "Application Kernel for Containers";
44 homepage = "https://github.com/google/gvisor";
45 license = licenses.asl20;
46 maintainers = with maintainers; [ andrew-d gpl ];
47 platforms = [ "x86_64-linux" ];
48 };
49}