diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-02-22 10:43:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-11 16:17:56 +0000 |
commit | ca1aada113c0ebda1ab8667199f6453f8e01c4fc (patch) | |
tree | 55e402280096f62eb0bc8bcad5ce6050c5a0aec7 /nixpkgs/pkgs/tools/security/orjail/default.nix | |
parent | e4df5a52a6a6531f32626f57205356a773ac2975 (diff) | |
parent | 93883402a445ad467320925a0a5dbe43a949f25b (diff) | |
download | nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.gz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.bz2 nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.lz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.xz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.zst nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.zip |
Merge commit '93883402a445ad467320925a0a5dbe43a949f25b'
Conflicts: nixpkgs/nixos/modules/programs/ssh.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/data/fonts/noto-fonts/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/libraries/mesa/default.nix
Diffstat (limited to 'nixpkgs/pkgs/tools/security/orjail/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/orjail/default.nix | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/orjail/default.nix b/nixpkgs/pkgs/tools/security/orjail/default.nix new file mode 100644 index 000000000000..adcbf5ae4f9f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/orjail/default.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, fetchFromGitHub +, tor +, firejail +, iptables +, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "orjail"; + version = "1.1"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + patchShebangs make-helper.bsh + mkdir bin + mv usr/sbin/orjail bin/orjail + rm -r usr + ''; + + makeFlags = [ + "DESTDIR=${placeholder "out"}" + ]; + + postInstall = '' + # Specify binary paths: tor, firejail, iptables + # mktemp fails with /tmp path prefix, will work without it anyway + # https://github.com/orjail/orjail/issues/78 + # firejail will fail reading /etc/hosts, therefore remove --hostname arg + # https://github.com/netblue30/firejail/issues/2758 + substituteInPlace $out/bin/orjail \ + --replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \ + --replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \ + --replace 'iptables -' '${iptables}/bin/iptables -' \ + --replace 'mktemp /tmp/' 'mktemp ' \ + --replace '--hostname=host ' "" + ''; + + meta = with lib; { + description = "Force programs to exclusively use tor network"; + homepage = "https://github.com/orjail/orjail"; + license = licenses.wtfpl; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} |