pkgs/tools/security/isolate/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / isolate / default.nix

at netboot-syslinux-multiplatform 847 B view raw

 1{ lib
 2, stdenv
 3, fetchFromGitHub
 4, asciidoc
 5, libcap
 6, installShellFiles
 7}:
 8
 9stdenv.mkDerivation rec {
10  pname = "isolate";
11  version = "1.10";
12
13  src = fetchFromGitHub {
14    owner = "ioi";
15    repo = "isolate";
16    rev = "v${version}";
17    hash = "sha256-fuv9HOw0XkRBRjwAp4b6LpoB5p7a+yo66AcT3B0yQUw=";
18  };
19
20  nativeBuildInputs = [
21    asciidoc
22    installShellFiles
23  ];
24
25  buildInputs = [
26    libcap.dev
27  ];
28
29  buildFlags = [
30    "isolate"
31    "isolate.1"
32  ];
33
34  installPhase = ''
35    runHook preInstall
36
37    install -Dm755 ./isolate $out/bin/isolate
38    installManPage isolate.1
39
40    runHook postInstall
41  '';
42
43  meta = {
44    description = "Sandbox for securely executing untrusted programs";
45    homepage = "https://github.com/ioi/isolate";
46    license = lib.licenses.gpl2Plus;
47    maintainers = with lib.maintainers; [ virchau13 ];
48  };
49}