diff options
Diffstat (limited to 'nixos/modules/security/wrappers/wrapper.nix')
| -rw-r--r-- | nixos/modules/security/wrappers/wrapper.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/nixos/modules/security/wrappers/wrapper.nix b/nixos/modules/security/wrappers/wrapper.nix new file mode 100644 index 00000000000..e3620fb222d --- /dev/null +++ b/nixos/modules/security/wrappers/wrapper.nix @@ -0,0 +1,21 @@ +{ stdenv, linuxHeaders, parentWrapperDir, debug ? false }: +# For testing: +# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { parentWrapperDir = "/run/wrappers"; debug = true; }' +stdenv.mkDerivation { + name = "security-wrapper"; + buildInputs = [ linuxHeaders ]; + dontUnpack = true; + hardeningEnable = [ "pie" ]; + CFLAGS = [ + ''-DWRAPPER_DIR="${parentWrapperDir}"'' + ] ++ (if debug then [ + "-Werror" "-Og" "-g" + ] else [ + "-Wall" "-O2" + ]); + dontStrip = debug; + installPhase = '' + mkdir -p $out/bin + $CC $CFLAGS ${./wrapper.c} -o $out/bin/security-wrapper + ''; +} |