pkgs/tools/system/minijail/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / system / minijail / default.nix

at devShellTools-shell 64 lines 1.6 kB view raw

 1{
 2  stdenv,
 3  lib,
 4  fetchFromGitiles,
 5  libcap,
 6  installShellFiles,
 7}:
 8
 9stdenv.mkDerivation rec {
10  pname = "minijail";
11  version = "2025.07.02";
12
13  src = fetchFromGitiles {
14    url = "https://chromium.googlesource.com/chromiumos/platform/minijail";
15    rev = "linux-v${version}";
16    sha256 = "sha256-GRnr2O6ZpWtRDGJ6Am0XPT426Xh7wxTJsoEqyTUECYY=";
17  };
18
19  buildInputs = [ libcap ];
20
21  nativeBuildInputs = [ installShellFiles ];
22
23  makeFlags = [
24    "ECHO=echo"
25    "LIBDIR=$(out)/lib"
26  ];
27
28  postPatch = ''
29    substituteInPlace Makefile --replace /bin/echo echo
30    patchShebangs platform2_preinstall.sh
31  '';
32
33  # causes redefinition of _FORTIFY_SOURCE
34  hardeningDisable = [ "fortify3" ];
35
36  installPhase = ''
37    ./platform2_preinstall.sh ${version} $out/include/chromeos
38
39    mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \
40        $out/share/minijail
41
42    cp -v *.so $out/lib
43    cp -v *.pc $out/lib/pkgconfig
44    cp -v libminijail.h scoped_minijail.h $out/include/chromeos
45    cp -v minijail0 $out/bin
46
47    installManPage minijail0.1 minijail0.5
48  '';
49
50  enableParallelBuilding = true;
51
52  meta = with lib; {
53    homepage = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/heads/main/README.md";
54    description = "Sandboxing library and application using Linux namespaces and capabilities";
55    changelog = "https://chromium.googlesource.com/chromiumos/platform/minijail/+/refs/tags/linux-v${version}";
56    license = licenses.bsd3;
57    maintainers = with maintainers; [
58      pcarrier
59      qyliss
60    ];
61    platforms = platforms.linux;
62    mainProgram = "minijail0";
63  };
64}