commit 5b30dd9b1c6a62cd10f3854117cf61ed2c2d841a

pyrox.dev / nixpkgs

lol

gvisor: 2019-11-14 -> 20210518.0

This also now seems to depend on protoc, but we substitute out the
version of protoc so that we don't download the binary artifacts,
and instead compile protoc from support.

TBD: using the Nixpkgs built version of protoc instead of building from
source.

Luke Granger-Brown 4 years ago 5b30dd9b cfd38a40

+30 -7

2 changed files

expand all

unified split

pkgs

applications

virtualization

gvisor

default.nix

top-level

all-packages.nix

+29 -6

pkgs/applications/virtualization/gvisor/default.nix

··· 1 1 { lib 2 2 , buildBazelPackage 3 3 , fetchFromGitHub 4 + , callPackage 5 + , bash 4 6 , cacert 5 7 , git 6 8 , glibcLocales ··· 9 11 , iptables 10 12 , makeWrapper 11 13 , procps 14 + , protobuf 12 15 , python3 13 16 }: 14 17 ··· 16 19 preBuild = '' 17 20 patchShebangs . 18 21 22 + substituteInPlace tools/defs.bzl \ 23 + --replace "#!/bin/bash" "#!${bash}/bin/bash" 24 + 19 25 # Tell rules_go to use the Go binary found in the PATH 20 26 sed -E -i \ 21 - -e 's|go_version\s*=\s*"[^"]+",|go_version = "host",|g' \ 27 + -e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \ 22 28 WORKSPACE 23 29 24 30 # The gazelle Go tooling needs CA certs ··· 31 37 export GOPATH= 32 38 ''; 33 39 40 + # Patch the protoc alias so that it always builds from source. 41 + rulesProto = fetchFromGitHub { 42 + owner = "bazelbuild"; 43 + repo = "rules_proto"; 44 + rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf"; 45 + sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8"; 46 + extraPostFetch = '' 47 + sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release 48 + cat <<EOF >>$out/proto/private/BUILD.release 49 + alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"]) 50 + EOF 51 + ''; 52 + }; 53 + 34 54 in buildBazelPackage rec { 35 55 name = "gvisor-${version}"; 36 - version = "2019-11-14"; 56 + version = "20210518.0"; 37 57 38 58 src = fetchFromGitHub { 39 59 owner = "google"; 40 60 repo = "gvisor"; 41 - rev = "release-20191114.0"; 42 - sha256 = "0kyixjjlws9iz2r2srgpdd4rrq94vpxkmh2rmmzxd9mcqy2i9bg1"; 61 + rev = "release-${version}"; 62 + sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn"; 43 63 }; 44 64 45 65 nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ]; 46 66 47 67 bazelTarget = "//runsc:runsc"; 68 + bazelFlags = [ 69 + "--override_repository=rules_proto=${rulesProto}" 70 + ]; 48 71 49 72 # gvisor uses the Starlark implementation of rules_cc, not the built-in one, 50 73 # so we shouldn't delete it from our dependencies. ··· 76 99 rm -f "$bazelOut"/java.log "$bazelOut"/java.log.* 77 100 ''; 78 101 79 - sha256 = "0fhmlq0d2317gwhma2mz1anb69j4chybk90j71j88wpgw1hxbk34"; 102 + sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb"; 80 103 }; 81 104 82 105 buildAttrs = { 83 106 inherit preBuild; 84 107 85 108 installPhase = '' 86 - install -Dm755 bazel-bin/runsc/*_pure_stripped/runsc $out/bin/runsc 109 + install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc 87 110 88 111 # Needed for the 'runsc do' subcomand 89 112 wrapProgram $out/bin/runsc \

+1 -1

pkgs/top-level/all-packages.nix

··· 24160 24160 gv = callPackage ../applications/misc/gv { }; 24161 24161 24162 24162 gvisor = callPackage ../applications/virtualization/gvisor { 24163 - go = go_1_14; 24163 + go = go_1_16; 24164 24164 }; 24165 24165 24166 24166 gvisor-containerd-shim = callPackage ../applications/virtualization/gvisor/containerd-shim.nix { };