tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{ buildah-unwrapped
2, runCommand
3, makeWrapper
4, symlinkJoin
5, lib
6, stdenv
7, extraPackages ? []
8, runc # Default container runtime
9, crun # Container runtime (default with cgroups v2 for podman/buildah)
10, conmon # Container runtime monitor
11, slirp4netns # User-mode networking for unprivileged namespaces
12, fuse-overlayfs # CoW for images, much faster than default vfs
13, util-linux # nsenter
14, iptables
15, aardvark-dns
16, netavark
17}:
18
19let
20 binPath = lib.makeBinPath ([
21 ] ++ lib.optionals stdenv.isLinux [
22 runc
23 crun
24 conmon
25 slirp4netns
26 fuse-overlayfs
27 util-linux
28 iptables
29 ] ++ extraPackages);
30
31 helpersBin = symlinkJoin {
32 name = "${buildah-unwrapped.pname}-helper-binary-wrapper-${buildah-unwrapped.version}";
33
34 # this only works for some binaries, others may need to be be added to `binPath` or in the modules
35 paths = [
36 ] ++ lib.optionals stdenv.isLinux [
37 aardvark-dns
38 netavark
39 ];
40 };
41
42in runCommand buildah-unwrapped.name {
43 name = "${buildah-unwrapped.pname}-wrapper-${buildah-unwrapped.version}";
44 inherit (buildah-unwrapped) pname version passthru;
45
46 preferLocalBuild = true;
47
48 meta = builtins.removeAttrs buildah-unwrapped.meta [ "outputsToInstall" ];
49
50 outputs = [
51 "out"
52 "man"
53 ];
54
55 nativeBuildInputs = [
56 makeWrapper
57 ];
58
59} ''
60 ln -s ${buildah-unwrapped.man} $man
61
62 mkdir -p $out/bin
63 ln -s ${buildah-unwrapped}/share $out/share
64 makeWrapper ${buildah-unwrapped}/bin/buildah $out/bin/buildah \
65 --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
66 --prefix PATH : ${binPath}
67''