pkgs/by-name/is/isolate/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / by-name / is / isolate / package.nix

at devShellTools-shell 1.2 kB view raw

 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  asciidoc,
 6  libcap,
 7  pkg-config,
 8  systemdLibs,
 9  installShellFiles,
10  nixosTests,
11}:
12
13stdenv.mkDerivation rec {
14  pname = "isolate";
15  version = "2.1";
16
17  src = fetchFromGitHub {
18    owner = "ioi";
19    repo = "isolate";
20    rev = "v${version}";
21    hash = "sha256-mTh2IAh4xtLWlRu7gp3aXsGJdUWXnocvDyi8JZwzz9s=";
22  };
23
24  nativeBuildInputs = [
25    asciidoc
26    installShellFiles
27    pkg-config
28  ];
29
30  buildInputs = [
31    libcap.dev
32    systemdLibs.dev
33  ];
34
35  patches = [
36    ./take-config-file-from-env.patch
37  ];
38
39  installPhase = ''
40    runHook preInstall
41
42    install -Dm755 ./isolate $out/bin/isolate
43    install -Dm755 ./isolate-cg-keeper $out/bin/isolate-cg-keeper
44    install -Dm755 ./isolate-check-environment $out/bin/isolate-check-environment
45    installManPage isolate.1
46
47    runHook postInstall
48  '';
49
50  passthru.tests = {
51    isolate = nixosTests.isolate;
52  };
53
54  meta = {
55    description = "Sandbox for securely executing untrusted programs";
56    mainProgram = "isolate";
57    homepage = "https://github.com/ioi/isolate";
58    license = lib.licenses.gpl2Plus;
59    maintainers = with lib.maintainers; [ virchau13 ];
60  };
61}