diff options
author | Mikael Voss <mvs@nyantec.com> | 2021-09-22 17:35:02 +0200 |
---|---|---|
committer | Yuka <yuka@yuka.dev> | 2021-09-27 08:15:44 +0200 |
commit | d08244d50ea6696a9fdf297fa2d81a30072ca039 (patch) | |
tree | 63395b8ccaecb3d01d8f243661e6815e33cdad81 | |
parent | 5655e71eeeb7c47908ac92b3ff2f6c5073a30d76 (diff) | |
download | nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar.gz nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar.bz2 nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar.lz nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar.xz nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.tar.zst nixpkgs-d08244d50ea6696a9fdf297fa2d81a30072ca039.zip |
sydbox: init at 2.2.0
-rw-r--r-- | pkgs/os-specific/linux/sydbox/default.nix | 77 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
2 files changed, 79 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/sydbox/default.nix b/pkgs/os-specific/linux/sydbox/default.nix new file mode 100644 index 00000000000..bdaf77147f2 --- /dev/null +++ b/pkgs/os-specific/linux/sydbox/default.nix @@ -0,0 +1,77 @@ +{ lib +, stdenv +, fetchurl +, pkg-config +, autoreconfHook +, python3 +, perl +, libxslt +, docbook_xsl +, docbook_xml_dtd_42 +, libseccomp +, installTests ? true, gnumake, which +, debugBuild ? false, libunwind +}: + +stdenv.mkDerivation rec { + pname = "sydbox-1"; + version = "2.2.0"; + + outputs = [ "out" "dev" "man" "doc" ] + ++ lib.optional installTests "installedTests"; + + src = fetchurl { + url = "https://git.exherbo.org/${pname}.git/snapshot/${pname}-${version}.tar.xz"; + sha256 = "0664myrrzbvsw73q5b7cqwgv4hl9a7vkm642s1r96gaxm16jk0z7"; + }; + + nativeBuildInputs = [ + pkg-config + autoreconfHook + python3 + perl + libxslt.bin + docbook_xsl + docbook_xml_dtd_42 + ]; + + buildInputs = [ + libseccomp + ] ++ lib.optional debugBuild libunwind + ++ lib.optionals installTests [ + gnumake + python3 + perl + which + ]; + + enableParallelBuilding = true; + + configureFlags = [ ] + ++ lib.optionals installTests [ "--enable-installed-tests" + "--libexecdir=${placeholder "installedTests"}/libexec" ] + ++ lib.optional debugBuild "--enable-debug"; + + makeFlags = [ "SYD_INCLUDEDIR=${stdenv.cc.libc.dev}/include" ]; + + doCheck = true; + checkPhase = '' + # Many of the regular test cases in t/ do not work inside the build sandbox + make -C syd check + ''; + + postInstall = if installTests then '' + moveToOutput bin/syd-test $installedTests + '' else '' + # Tests are installed despite --disable-installed-tests + rm -r $out/bin/syd-test $out/libexec + ''; + + meta = with lib; { + homepage = "https://sydbox.exherbo.org/"; + description = "seccomp-based application sandbox"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ mvs ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4a7e1eb4c6b..07d3333cd23 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3417,6 +3417,8 @@ with pkgs; swego = callPackage ../servers/swego { }; + sydbox = callPackage ../os-specific/linux/sydbox { }; + syscall_limiter = callPackage ../os-specific/linux/syscall_limiter {}; syslogng = callPackage ../tools/system/syslog-ng { }; |