summary refs log tree commit diff
path: root/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix')
-rw-r--r--pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix60
1 files changed, 60 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix b/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix
new file mode 100644
index 00000000000..511dd162785
--- /dev/null
+++ b/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix
@@ -0,0 +1,60 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, go-md2man
+, installShellFiles
+, pkg-config
+, bcc
+, libseccomp
+}:
+
+buildGoModule rec {
+  pname = "oci-seccomp-bpf-hook";
+  version = "1.2.3";
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "oci-seccomp-bpf-hook";
+    rev = "v${version}";
+    sha256 = "sha256-EKD6tkdQCPlVlb9ScvRwDxYAtbbv9PIqBHH6SvtPDsE=";
+  };
+  vendorSha256 = null;
+
+  outputs = [ "out" "man" ];
+  nativeBuildInputs = [
+    go-md2man
+    installShellFiles
+    pkg-config
+  ];
+  buildInputs = [
+    bcc
+    libseccomp
+  ];
+
+  checkPhase = ''
+    go test -v ./...
+  '';
+
+  buildPhase = ''
+    make
+  '';
+
+  postBuild = ''
+    substituteInPlace oci-seccomp-bpf-hook.json --replace HOOK_BIN_DIR "$out/bin"
+  '';
+
+  installPhase = ''
+    install -Dm755 bin/* -t $out/bin
+    install -Dm644 oci-seccomp-bpf-hook.json -t $out
+    installManPage docs/*.[1-9]
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/containers/oci-seccomp-bpf-hook";
+    description = ''
+      OCI hook to trace syscalls and generate a seccomp profile
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ saschagrunert ];
+    platforms = platforms.linux;
+  };
+}