commit ddf6a38b15cfd3e18214ba539a8190de210db215 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #155704 from reedriley/firejail

firejail: minor improvements and apparmor support

authored by 7c6f434c and committed by GitHub 4 years ago ddf6a38b a97ae545

+23 -8

1 changed file

expand all

unified split

pkgs

os-specific

linux

firejail

default.nix

+23 -8

pkgs/os-specific/linux/firejail/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, fetchpatch, which, xdg-dbus-proxy, nixosTests }: 2 3 stdenv.mkDerivation rec { 4 pname = "firejail"; ··· 11 sha256 = "sha256-oKstTiGt0r4wePaZ9u1o78GZ1XWJ27aS0BdLxmfYk9Q="; 12 }; 13 14 - buildInputs = [ which ]; 15 16 patches = [ 17 # Adds the /nix directory when using an overlay. ··· 26 ]; 27 28 prePatch = '' 29 - # Allow whitelisting ~/.nix-profile 30 - substituteInPlace etc/firejail.config --replace \ 31 - '# follow-symlink-as-user yes' \ 32 - 'follow-symlink-as-user no' 33 - 34 # Fix the path to 'xdg-dbus-proxy' hardcoded in the 'common.h' file 35 substituteInPlace src/include/common.h \ 36 --replace '/usr/bin/xdg-dbus-proxy' '${xdg-dbus-proxy}/bin/xdg-dbus-proxy' ··· 62 # See https://github.com/netblue30/firejail/blob/e4cb6b42743ad18bd11d07fd32b51e8576239318/src/firejail/profile.c#L68-L83 63 # for the profile file lookup implementation. 64 postInstall = '' 65 - for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*.profile | awk '{print $2}' | sort | uniq) 66 do 67 echo "include /etc/firejail/$local" >$out/etc/firejail/$local 68 done

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , pkg-config 6 + , libapparmor 7 + , which 8 + , xdg-dbus-proxy 9 + , nixosTests 10 + }: 11 12 stdenv.mkDerivation rec { 13 pname = "firejail"; ··· 20 sha256 = "sha256-oKstTiGt0r4wePaZ9u1o78GZ1XWJ27aS0BdLxmfYk9Q="; 21 }; 22 23 + nativeBuildInputs = [ 24 + pkg-config 25 + ]; 26 + 27 + buildInputs = [ 28 + libapparmor 29 + which 30 + ]; 31 + 32 + configureFlags = [ 33 + "--enable-apparmor" 34 + ]; 35 36 patches = [ 37 # Adds the /nix directory when using an overlay. ··· 46 ]; 47 48 prePatch = '' 49 # Fix the path to 'xdg-dbus-proxy' hardcoded in the 'common.h' file 50 substituteInPlace src/include/common.h \ 51 --replace '/usr/bin/xdg-dbus-proxy' '${xdg-dbus-proxy}/bin/xdg-dbus-proxy' ··· 77 # See https://github.com/netblue30/firejail/blob/e4cb6b42743ad18bd11d07fd32b51e8576239318/src/firejail/profile.c#L68-L83 78 # for the profile file lookup implementation. 79 postInstall = '' 80 + for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*{.inc,.profile} | awk '{print $2}' | sort | uniq) 81 do 82 echo "include /etc/firejail/$local" >$out/etc/firejail/$local 83 done