pkgs/by-name/or/orjail/package.nix at devShellTools-shell

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixpkgs / pkgs / by-name / or / orjail / package.nix

at devShellTools-shell 57 lines 1.5 kB view raw

wrap content

 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  tor,
 6  firejail,
 7  iptables,
 8  makeWrapper,
 9}:
10
11stdenv.mkDerivation rec {
12  pname = "orjail";
13  version = "1.1";
14
15  src = fetchFromGitHub {
16    owner = "orjail";
17    repo = "orjail";
18    rev = "v${version}";
19    sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z";
20  };
21
22  nativeBuildInputs = [ makeWrapper ];
23
24  postPatch = ''
25    patchShebangs make-helper.bsh
26    mkdir bin
27    mv usr/sbin/orjail bin/orjail
28    rm -r usr
29  '';
30
31  makeFlags = [
32    "DESTDIR=${placeholder "out"}"
33  ];
34
35  postInstall = ''
36    # Specify binary paths: tor, firejail, iptables
37    # mktemp fails with /tmp path prefix, will work without it anyway
38    # https://github.com/orjail/orjail/issues/78
39    # firejail will fail reading /etc/hosts, therefore remove --hostname arg
40    # https://github.com/netblue30/firejail/issues/2758
41    substituteInPlace $out/bin/orjail \
42      --replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \
43      --replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \
44      --replace 'iptables -' '${iptables}/bin/iptables -' \
45      --replace 'mktemp /tmp/' 'mktemp ' \
46      --replace '--hostname=host ' ""
47  '';
48
49  meta = with lib; {
50    description = "Force programs to exclusively use tor network";
51    mainProgram = "orjail";
52    homepage = "https://github.com/orjail/orjail";
53    license = licenses.wtfpl;
54    maintainers = with maintainers; [ onny ];
55    platforms = platforms.linux;
56  };
57}