pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / opensnitch-ebpf / default.nix
at master 76 lines 1.7 kB view raw
Grimmauld linuxPackages.opensnitch-ebpf: add grimmauld to maintainers
5ecc3350
1{ 2 lib, 3 kernel, 4 stdenv, 5 clang-tools, 6 llvmPackages, 7 elfutils, 8 flex, 9 bison, 10 bc, 11 opensnitch, 12 nixosTests, 13}: 14 15stdenv.mkDerivation rec { 16 pname = "opensnitch_ebpf"; 17 version = "${opensnitch.version}-${kernel.version}"; 18 19 inherit (opensnitch) src; 20 21 sourceRoot = "${src.name}/ebpf_prog"; 22 23 nativeBuildInputs = with llvmPackages; [ 24 bc 25 bison 26 clang 27 clang-tools 28 elfutils 29 flex 30 libllvm 31 ]; 32 33 # We set -fno-stack-protector here to work around a clang regression. 34 # This is fine - bpf programs do not use stack protectors 35 # https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=opensnitch-ebpf-module&id=984b952a784eb701f691dd9f2d45dfeb8d15053b 36 env.NIX_CFLAGS_COMPILE = "-fno-stack-protector"; 37 38 env.KERNEL_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"; 39 env.KERNEL_HEADERS = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; 40 41 extraConfig = '' 42 CONFIG_UPROBE_EVENTS=y 43 ''; 44 45 installPhase = '' 46 runHook preInstall 47 48 for file in opensnitch*.o; do 49 install -Dm644 "$file" "$out/etc/opensnitchd/$file" 50 done 51 52 runHook postInstall 53 ''; 54 55 postFixup = '' 56 # reduces closure size significantly (fixes https://github.com/NixOS/nixpkgs/issues/391351) 57 for file in $out/etc/opensnitchd/*.o; do 58 llvm-strip --strip-debug $file 59 done 60 ''; 61 62 passthru.tests = { 63 inherit (nixosTests) opensnitch; 64 }; 65 66 meta = with lib; { 67 description = "eBPF process monitor module for OpenSnitch"; 68 homepage = "https://github.com/evilsocket/opensnitch"; 69 license = licenses.gpl3Only; 70 maintainers = with maintainers; [ 71 onny 72 grimmauld 73 ]; 74 platforms = platforms.linux; 75 }; 76}