pyrox.dev
gvisor: 2019-11-14 -> 20210518.0
This also now seems to depend on protoc, but we substitute out the
version of protoc so that we don't download the binary artifacts,
and instead compile protoc from support.
TBD: using the Nixpkgs built version of protoc instead of building from
source.
+29
-6
pkgs/applications/virtualization/gvisor/default.nix
+29
-6
pkgs/applications/virtualization/gvisor/default.nix
···
1
{ lib
2
, buildBazelPackage
3
, fetchFromGitHub
4
, cacert
5
, git
6
, glibcLocales
···
9
, iptables
10
, makeWrapper
11
, procps
12
, python3
13
}:
14
···
16
preBuild = ''
17
patchShebangs .
18
19
# Tell rules_go to use the Go binary found in the PATH
20
sed -E -i \
21
-
-e 's|go_version\s*=\s*"[^"]+",|go_version = "host",|g' \
22
WORKSPACE
23
24
# The gazelle Go tooling needs CA certs
···
31
export GOPATH=
32
'';
33
34
in buildBazelPackage rec {
35
name = "gvisor-${version}";
36
-
version = "2019-11-14";
37
38
src = fetchFromGitHub {
39
owner = "google";
40
repo = "gvisor";
41
-
rev = "release-20191114.0";
42
-
sha256 = "0kyixjjlws9iz2r2srgpdd4rrq94vpxkmh2rmmzxd9mcqy2i9bg1";
43
};
44
45
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
46
47
bazelTarget = "//runsc:runsc";
48
49
# gvisor uses the Starlark implementation of rules_cc, not the built-in one,
50
# so we shouldn't delete it from our dependencies.
···
76
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
77
'';
78
79
-
sha256 = "0fhmlq0d2317gwhma2mz1anb69j4chybk90j71j88wpgw1hxbk34";
80
};
81
82
buildAttrs = {
83
inherit preBuild;
84
85
installPhase = ''
86
-
install -Dm755 bazel-bin/runsc/*_pure_stripped/runsc $out/bin/runsc
87
88
# Needed for the 'runsc do' subcomand
89
wrapProgram $out/bin/runsc \
···
1
{ lib
2
, buildBazelPackage
3
, fetchFromGitHub
4
+
, callPackage
5
+
, bash
6
, cacert
7
, git
8
, glibcLocales
···
11
, iptables
12
, makeWrapper
13
, procps
14
+
, protobuf
15
, python3
16
}:
17
···
19
preBuild = ''
20
patchShebangs .
21
22
+
substituteInPlace tools/defs.bzl \
23
+
--replace "#!/bin/bash" "#!${bash}/bin/bash"
24
+
25
# Tell rules_go to use the Go binary found in the PATH
26
sed -E -i \
27
+
-e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
28
WORKSPACE
29
30
# The gazelle Go tooling needs CA certs
···
37
export GOPATH=
38
'';
39
40
+
# Patch the protoc alias so that it always builds from source.
41
+
rulesProto = fetchFromGitHub {
42
+
owner = "bazelbuild";
43
+
repo = "rules_proto";
44
+
rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
45
+
sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
46
+
extraPostFetch = ''
47
+
sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
48
+
cat <<EOF >>$out/proto/private/BUILD.release
49
+
alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
50
+
EOF
51
+
'';
52
+
};
53
+
54
in buildBazelPackage rec {
55
name = "gvisor-${version}";
56
+
version = "20210518.0";
57
58
src = fetchFromGitHub {
59
owner = "google";
60
repo = "gvisor";
61
+
rev = "release-${version}";
62
+
sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
63
};
64
65
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
66
67
bazelTarget = "//runsc:runsc";
68
+
bazelFlags = [
69
+
"--override_repository=rules_proto=${rulesProto}"
70
+
];
71
72
# gvisor uses the Starlark implementation of rules_cc, not the built-in one,
73
# so we shouldn't delete it from our dependencies.
···
99
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
100
'';
101
102
+
sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
103
};
104
105
buildAttrs = {
106
inherit preBuild;
107
108
installPhase = ''
109
+
install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc
110
111
# Needed for the 'runsc do' subcomand
112
wrapProgram $out/bin/runsc \
+1
-1
pkgs/top-level/all-packages.nix
+1
-1
pkgs/top-level/all-packages.nix