pkgs/by-name/fi/firecracker/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / fi / firecracker / package.nix
at devShellTools-shell 99 lines 2.8 kB view raw
 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  cmake,
 6  gcc,
 7  libseccomp,
 8  rust-bindgen,
 9  rustPlatform,
10}:
11
12rustPlatform.buildRustPackage rec {
13  pname = "firecracker";
14  version = "1.12.1";
15
16  src = fetchFromGitHub {
17    owner = "firecracker-microvm";
18    repo = "firecracker";
19    rev = "v${version}";
20    hash = "sha256-95SvakhepL4P+3SqbPkjAKaehBkDyn/psMfFASbv8Gg=";
21  };
22
23  cargoHash = "sha256-0ycF+uoz4ZK4xJJL+qOpxBn7yUW1k5RdnvEhOhawxcI=";
24
25  # For aws-lc-sys@0.22.0: use external bindgen.
26  AWS_LC_SYS_EXTERNAL_BINDGEN = "true";
27
28  # For aws-lc-sys@0.22.0: fix gcc error:
29  # In function 'memcpy',
30  #   inlined from 'OPENSSL_memcpy' at aws-lc/crypto/asn1/../internal.h
31  #   inlined from 'aws_lc_0_22_0_i2c_ASN1_BIT_STRING' at aws-lc/crypto/asn1/a_bitstr.c
32  # glibc/.../string_fortified.h: error: '__builtin_memcpy' specified bound exceeds maximum object size [-Werror=stringop-overflow=]
33  postPatch = ''
34    substituteInPlace $cargoDepsCopy/aws-lc-sys-*/aws-lc/crypto/asn1/a_bitstr.c \
35      --replace-warn '(len > INT_MAX - 1)' '(len < 0 || len > INT_MAX - 1)'
36  '';
37
38  buildInputs = [ libseccomp ];
39
40  nativeBuildInputs = [
41    cmake
42    gcc
43    rust-bindgen # for aws-lc-sys@0.22.0
44    rustPlatform.bindgenHook
45  ];
46
47  cargoBuildFlags = [ "--workspace" ];
48  cargoTestFlags = [
49    "--package"
50    "firecracker"
51    "--package"
52    "jailer"
53  ];
54
55  checkFlags = [
56    # basic tests to skip in sandbox
57    "--skip=fingerprint::dump::tests::test_read_valid_sysfs_file"
58    "--skip=template::dump::tests::test_dump"
59    "--skip=tests::test_filter_apply"
60    "--skip=tests::test_fingerprint_dump_command"
61    "--skip=tests::test_template_dump_command"
62    "--skip=tests::test_template_verify_command"
63    "--skip=utils::tests::test_build_microvm"
64    # more tests to skip in sandbox
65    "--skip=env::tests::test_copy_cache_info"
66    "--skip=env::tests::test_dup2"
67    "--skip=env::tests::test_mknod_and_own_dev"
68    "--skip=env::tests::test_setup_jailed_folder"
69    "--skip=env::tests::test_userfaultfd_dev"
70    "--skip=resource_limits::tests::test_set_resource_limits"
71  ];
72
73  installPhase = ''
74    runHook preInstall
75
76    mkdir -p $out/bin
77    releaseDir="build/cargo_target/${stdenv.hostPlatform.rust.rustcTarget}/release"
78    for bin in $(find $releaseDir -maxdepth 1 -type f -executable); do
79      install -Dm555 -t $out/bin $bin
80    done
81
82    runHook postInstall
83  '';
84
85  meta = {
86    description = "Secure, fast, minimal micro-container virtualization";
87    homepage = "http://firecracker-microvm.io";
88    changelog = "https://github.com/firecracker-microvm/firecracker/releases/tag/v${version}";
89    mainProgram = "firecracker";
90    license = lib.licenses.asl20;
91    platforms = lib.platforms.linux;
92    maintainers = with lib.maintainers; [
93      usertam
94      thoughtpolice
95      qjoly
96      techknowlogick
97    ];
98  };
99}