pkgs/tools/admin/bubblewrap/default.nix at release-19.03

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / admin / bubblewrap / default.nix

at release-19.03 28 lines 884 B view raw

wrap content

 1{ stdenv, fetchurl, libxslt, docbook_xsl, libcap, fetchpatch }:
 2
 3stdenv.mkDerivation rec {
 4  name = "bubblewrap-${version}";
 5  version = "0.3.1";
 6
 7  src = fetchurl {
 8    url = "https://github.com/projectatomic/bubblewrap/releases/download/v${version}/${name}.tar.xz";
 9    sha256 = "1y2bdlxnlr84xcbf31lzirc292c5ak9bd2wvcvh4ppsliih6pjny";
10  };
11
12  patches = [
13    (fetchpatch {
14      url = "https://github.com/projectatomic/bubblewrap/commit/efc89e3b939b4bde42c10f065f6b7b02958ed50e.patch";
15      name = "CVE-2019-12439.patch";
16      sha256 = "1p2w0ixrr3aca6i26ckmlq8ini4a6kgq53r9f98f7ghvbdlp4dkg";
17    })
18  ];
19
20  nativeBuildInputs = [ libcap libxslt docbook_xsl ];
21
22  meta = with stdenv.lib; {
23    description = "Unprivileged sandboxing tool";
24    homepage = https://github.com/projectatomic/bubblewrap;
25    license = licenses.lgpl2Plus;
26    maintainers = with maintainers; [ ];
27  };
28}