pyrox.dev
1{ lib, stdenv, buildGoModule, fetchFromGitHub, git, Cocoa, Virtualization, sigtool, testers, linuxkit }:
2
3buildGoModule rec {
4 pname = "linuxkit";
5 version = "1.0.1";
6
7 src = fetchFromGitHub {
8 owner = "linuxkit";
9 repo = "linuxkit";
10 rev = "v${version}";
11 sha256 = "sha256-8x9oJaYb/mN2TUaVrGOYi5/6TETD78jif0SwCSc0kyo=";
12 };
13
14 vendorHash = null;
15
16 modRoot = "./src/cmd/linuxkit";
17
18 patches = [
19 ./darwin-os-version.patch
20 ./support-apple-11-sdk.patch
21 ];
22
23 # - On macOS, an executable must be signed with the right entitlement(s) to be
24 # able to use the Virtualization framework at runtime.
25 # - sigtool is allows us to validly sign such executables with a dummy
26 # authority.
27 nativeBuildInputs = lib.optionals stdenv.isDarwin [ sigtool ];
28 buildInputs = lib.optionals stdenv.isDarwin [ Cocoa Virtualization ];
29
30 ldflags = [
31 "-s"
32 "-w"
33 "-X github.com/linuxkit/linuxkit/src/cmd/linuxkit/version.Version=${version}"
34 ];
35
36 nativeCheckInputs = [ git ];
37
38 # - Because this package definition doesn't build using the source's Makefile,
39 # we must manually call the sign target.
40 # - The binary stripping that nixpkgs does by default in the
41 # fixup phase removes such signing and entitlements, so we have to sign
42 # after stripping.
43 # - Finally, at the start of the fixup phase, the working directory is
44 # $sourceRoot/src/cmd/linuxkit, so it's simpler to use the sign target from
45 # the Makefile in that directory rather than $sourceRoot/Makefile.
46 postFixup = lib.optionalString stdenv.isDarwin ''
47 make sign LOCAL_TARGET=$out/bin/linuxkit
48 '';
49 passthru.tests.version = testers.testVersion {
50 package = linuxkit;
51 command = "linuxkit version";
52 };
53
54 meta = with lib; {
55 description = "A toolkit for building secure, portable and lean operating systems for containers";
56 license = licenses.asl20;
57 homepage = "https://github.com/linuxkit/linuxkit";
58 maintainers = with maintainers; [ nicknovitski ];
59 };
60}