pyrox.dev
1{
2 lib,
3 stdenv,
4 buildGoModule,
5 fetchFromGitHub,
6 git,
7 sigtool,
8 testers,
9 linuxkit,
10}:
11
12buildGoModule rec {
13 pname = "linuxkit";
14 version = "1.8.2";
15
16 src = fetchFromGitHub {
17 owner = "linuxkit";
18 repo = "linuxkit";
19 rev = "v${version}";
20 sha256 = "sha256-0W3YWj6amNI6jr10FfLAqF1kEUwx4BU5+gjkg4iqX1Q=";
21 };
22
23 vendorHash = null;
24
25 modRoot = "./src/cmd/linuxkit";
26
27 patches = [
28 ./darwin-os-version.patch
29 ./support-apple-11-sdk.patch
30 ];
31
32 # - On macOS, an executable must be signed with the right entitlement(s) to be
33 # able to use the Virtualization framework at runtime.
34 # - sigtool is allows us to validly sign such executables with a dummy
35 # authority.
36 nativeBuildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ sigtool ];
37
38 ldflags = [
39 "-s"
40 "-w"
41 "-X github.com/linuxkit/linuxkit/src/cmd/linuxkit/version.Version=${version}"
42 ];
43
44 nativeCheckInputs = [ git ];
45
46 # - Because this package definition doesn't build using the source's Makefile,
47 # we must manually call the sign target.
48 # - The binary stripping that nixpkgs does by default in the
49 # fixup phase removes such signing and entitlements, so we have to sign
50 # after stripping.
51 # - Finally, at the start of the fixup phase, the working directory is
52 # $sourceRoot/src/cmd/linuxkit, so it's simpler to use the sign target from
53 # the Makefile in that directory rather than $sourceRoot/Makefile.
54 postFixup = lib.optionalString stdenv.hostPlatform.isDarwin ''
55 make sign LOCAL_TARGET=$out/bin/linuxkit
56 '';
57 passthru.tests.version = testers.testVersion {
58 package = linuxkit;
59 command = "linuxkit version";
60 };
61
62 meta = with lib; {
63 description = "Toolkit for building secure, portable and lean operating systems for containers";
64 mainProgram = "linuxkit";
65 license = licenses.asl20;
66 homepage = "https://github.com/linuxkit/linuxkit";
67 maintainers = with maintainers; [ nicknovitski ];
68 };
69}