nixpkgs/pkgs/development/tools/misc/linuxkit/default.nix
2023-09-21 19:11:11 +02:00

60 lines
2 KiB
Nix

{ lib, stdenv, buildGoModule, fetchFromGitHub, git, Cocoa, Virtualization, sigtool, testers, linuxkit }:
buildGoModule rec {
pname = "linuxkit";
version = "1.0.1";
src = fetchFromGitHub {
owner = "linuxkit";
repo = "linuxkit";
rev = "v${version}";
sha256 = "sha256-8x9oJaYb/mN2TUaVrGOYi5/6TETD78jif0SwCSc0kyo=";
};
vendorHash = null;
modRoot = "./src/cmd/linuxkit";
patches = [
./darwin-os-version.patch
./support-apple-11-sdk.patch
];
# - On macOS, an executable must be signed with the right entitlement(s) to be
# able to use the Virtualization framework at runtime.
# - sigtool is allows us to validly sign such executables with a dummy
# authority.
nativeBuildInputs = lib.optionals stdenv.isDarwin [ sigtool ];
buildInputs = lib.optionals stdenv.isDarwin [ Cocoa Virtualization ];
ldflags = [
"-s"
"-w"
"-X github.com/linuxkit/linuxkit/src/cmd/linuxkit/version.Version=${version}"
];
nativeCheckInputs = [ git ];
# - Because this package definition doesn't build using the source's Makefile,
# we must manually call the sign target.
# - The binary stripping that nixpkgs does by default in the
# fixup phase removes such signing and entitlements, so we have to sign
# after stripping.
# - Finally, at the start of the fixup phase, the working directory is
# $sourceRoot/src/cmd/linuxkit, so it's simpler to use the sign target from
# the Makefile in that directory rather than $sourceRoot/Makefile.
postFixup = lib.optionalString stdenv.isDarwin ''
make sign LOCAL_TARGET=$out/bin/linuxkit
'';
passthru.tests.version = testers.testVersion {
package = linuxkit;
command = "linuxkit version";
};
meta = with lib; {
description = "A toolkit for building secure, portable and lean operating systems for containers";
license = licenses.asl20;
homepage = "https://github.com/linuxkit/linuxkit";
maintainers = with maintainers; [ nicknovitski ];
};
}