tjh.dev
1{ lib
2, stdenv
3, fetchurl
4, pkg-config
5, autoreconfHook
6, python3
7, perl
8, libxslt
9, docbook_xsl
10, docbook_xml_dtd_42
11, libseccomp
12, installTests ? true, gnumake, which
13, debugBuild ? false, libunwind
14}:
15
16stdenv.mkDerivation rec {
17 pname = "sydbox-1";
18 version = "2.2.0";
19
20 outputs = [ "out" "dev" "man" "doc" ]
21 ++ lib.optional installTests "installedTests";
22
23 src = fetchurl {
24 url = "https://git.exherbo.org/${pname}.git/snapshot/${pname}-${version}.tar.xz";
25 sha256 = "0664myrrzbvsw73q5b7cqwgv4hl9a7vkm642s1r96gaxm16jk0z7";
26 };
27
28 nativeBuildInputs = [
29 pkg-config
30 autoreconfHook
31 python3
32 perl
33 libxslt.bin
34 docbook_xsl
35 docbook_xml_dtd_42
36 ];
37
38 buildInputs = [
39 libseccomp
40 ] ++ lib.optional debugBuild libunwind
41 ++ lib.optionals installTests [
42 gnumake
43 python3
44 perl
45 which
46 ];
47
48 enableParallelBuilding = true;
49
50 configureFlags = [ ]
51 ++ lib.optionals installTests [ "--enable-installed-tests"
52 "--libexecdir=${placeholder "installedTests"}/libexec" ]
53 ++ lib.optional debugBuild "--enable-debug";
54
55 makeFlags = [ "SYD_INCLUDEDIR=${stdenv.cc.libc.dev}/include" ];
56
57 doCheck = true;
58 checkPhase = ''
59 # Many of the regular test cases in t/ do not work inside the build sandbox
60 make -C syd check
61 '';
62
63 postInstall = if installTests then ''
64 moveToOutput bin/syd-test $installedTests
65 '' else ''
66 # Tests are installed despite --disable-installed-tests
67 rm -r $out/bin/syd-test $out/libexec
68 '';
69
70 meta = with lib; {
71 homepage = "https://sydbox.exherbo.org/";
72 description = "seccomp-based application sandbox";
73 license = licenses.gpl2;
74 platforms = platforms.linux;
75 maintainers = with maintainers; [ mvs ];
76 };
77}