nixpkgs/pkgs/tools/security/nsjail/default.nix
Profpatsch 4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00

38 lines
1.2 KiB
Nix

{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which
, libnl, protobuf, protobufc, shadow
}:
stdenv.mkDerivation rec {
pname = "nsjail";
version = "3.0";
src = fetchFromGitHub {
owner = "google";
repo = "nsjail";
rev = version;
fetchSubmodules = true;
sha256 = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh";
};
nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ];
buildInputs = [ libnl protobuf protobufc ];
enableParallelBuilding = true;
preBuild = ''
makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
'';
installPhase = ''
mkdir -p $out/bin $out/share/man/man1
install nsjail $out/bin/
install nsjail.1 $out/share/man/man1/
'';
meta = with lib; {
description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
homepage = "http://nsjail.com/";
license = licenses.asl20;
maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
platforms = platforms.linux;
};
}