tailscale: apply basic systemd hardening (#306241)

https://github.com/tailscale/tailscale/issues/77
This commit is contained in:
Guanran928 2024-05-02 21:18:58 +08:00 committed by GitHub
parent f9388726e7
commit b247c414c4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -9,6 +9,7 @@
, shadow , shadow
, procps , procps
, nixosTests , nixosTests
, fetchpatch
}: }:
let let
@ -26,6 +27,15 @@ buildGoModule {
}; };
vendorHash = "sha256-pYeHqYd2cCOVQlD1r2lh//KC+732H0lj1fPDBr+W8qA="; vendorHash = "sha256-pYeHqYd2cCOVQlD1r2lh//KC+732H0lj1fPDBr+W8qA=";
patches = [
# Reverts "cmd/tailscaled/tailscaled.service: revert recent hardening"
(fetchpatch {
url = "https://github.com/tailscale/tailscale/commit/2889fabaefc50040507ead652d6d2b212f476c2b.patch";
hash = "sha256-DPBrv7kjSVXhmptUGGzOkaP4iXi/Bym3lvqy4otL9HE=";
revert = true;
})
];
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ]; nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ];
CGO_ENABLED = 0; CGO_ENABLED = 0;