{ lib, buildGoModule, fetchFromGitHub, makeWrapper, installShellFiles, buildkit, cni-plugins, writableTmpDirAsHomeHook, versionCheckHook, extraPackages ? [ ], nix-update-script, }: buildGoModule (finalAttrs: { pname = "nerdctl"; version = "2.2.1"; src = fetchFromGitHub { owner = "containerd"; repo = "nerdctl"; tag = "v${finalAttrs.version}"; hash = "sha256-KD7wXU3RSWJWLSOd7ZFEAfETezb/5ijWPyxXMjIeX6E="; }; vendorHash = "sha256-vq4NpKS8JvsOGK25fksjsqdNS6H/B1VPqTYwqYv2blc="; nativeBuildInputs = [ makeWrapper installShellFiles writableTmpDirAsHomeHook ]; ldflags = let t = "github.com/containerd/nerdctl/v${lib.versions.major finalAttrs.version}/pkg/version"; in [ "-s" "-w" "-X ${t}.Version=v${finalAttrs.version}" "-X ${t}.Revision=" ]; # testing framework which we don't need and can't be build as it is an extra go application excludedPackages = [ "mod/tigron" ]; # Many checks require a containerd socket and running nerdctl after it's built doCheck = false; postInstall = '' wrapProgram $out/bin/nerdctl \ --prefix PATH : "${lib.makeBinPath ([ buildkit ] ++ extraPackages)}" \ --prefix CNI_PATH : "${cni-plugins}/bin" installShellCompletion --cmd nerdctl \ --bash <($out/bin/nerdctl completion bash) \ --fish <($out/bin/nerdctl completion fish) \ --zsh <($out/bin/nerdctl completion zsh) ''; doInstallCheck = true; nativeInstallCheckInputs = [ writableTmpDirAsHomeHook versionCheckHook ]; versionCheckKeepEnvironment = [ "HOME" ]; passthru = { updateScript = nix-update-script { extraArgs = [ "--version-regex=^v([0-9.]+)$" ]; }; }; meta = { homepage = "https://github.com/containerd/nerdctl/"; changelog = "https://github.com/containerd/nerdctl/releases/tag/v${finalAttrs.version}"; description = "Docker-compatible CLI for containerd"; mainProgram = "nerdctl"; license = lib.licenses.asl20; maintainers = with lib.maintainers; [ developer-guy jk ]; platforms = lib.platforms.linux; }; })