diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-03-27 08:46:03 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-04-01 13:44:28 +0000 |
| commit | 139a15ea58964e57d08655af2839837e281e85cd (patch) | |
| tree | 797f70dae91e38a5f092b76568975fe8a9b5f11f /pkgs/tools/system | |
| parent | 2ed758481c1b9fdc06fb9fb41c4993c75cadd702 (diff) | |
| download | nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar.gz nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar.bz2 nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar.lz nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar.xz nixlib-139a15ea58964e57d08655af2839837e281e85cd.tar.zst nixlib-139a15ea58964e57d08655af2839837e281e85cd.zip | |
minijail: build and install constants.json
This is a syscall table used for compiling Minijail policy files to BPF. The compiler is available in the minijail-tools package. The file is generated by compiling and running a small program named dump_constants. When cross-compiling, we have to get the syscall table for the host platform. To do this, dump_constants is run under QEMU user emulation for the appropriate platform. Google takes the same approach in their minijail packages for ChromiumOS[1]. [1]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/729bd4269a47870380f8dde0b162de355ce89dfe/chromeos-base/minijail/minijail-9999.ebuild#49
Diffstat (limited to 'pkgs/tools/system')
| -rw-r--r-- | pkgs/tools/system/minijail/default.nix | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/pkgs/tools/system/minijail/default.nix b/pkgs/tools/system/minijail/default.nix index 5c4c45fbca2c..2f5adc3f4c95 100644 --- a/pkgs/tools/system/minijail/default.nix +++ b/pkgs/tools/system/minijail/default.nix @@ -1,4 +1,13 @@ -{ stdenv, fetchFromGitiles, libcap }: +{ stdenv, lib, fetchFromGitiles, glibc, libcap, qemu }: + +let + dumpConstants = + if stdenv.buildPlatform == stdenv.hostPlatform then "./dump_constants" + else if stdenv.hostPlatform.isAarch32 then "qemu-arm dump_constants" + else if stdenv.hostPlatform.isAarch64 then "qemu-aarch64 dump_constants" + else if stdenv.hostPlatform.isx86_64 then "qemu-x86_64 dump_constants" + else throw "Unsupported host platform"; +in stdenv.mkDerivation rec { pname = "minijail"; @@ -10,35 +19,42 @@ stdenv.mkDerivation rec { sha256 = "00dq854n4zg3ca2b46f90k15n32zn2sgabi76mnq2w985k9v977n"; }; + nativeBuildInputs = + lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) qemu; buildInputs = [ libcap ]; makeFlags = [ "LIBDIR=$(out)/lib" ]; - - preConfigure = '' - substituteInPlace common.mk --replace /bin/echo echo - ''; + dumpConstantsFlags = lib.optional (stdenv.hostPlatform.libc == "glibc") + "LDFLAGS=-L${glibc.static}/lib"; postPatch = '' + substituteInPlace common.mk --replace /bin/echo echo patchShebangs platform2_preinstall.sh ''; postBuild = '' - ./platform2_preinstall.sh ${version} $out/include/chromeos + make $makeFlags $buildFlags $dumpConstantsFlags dump_constants + ${dumpConstants} > constants.json ''; installPhase = '' - mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin + ./platform2_preinstall.sh ${version} $out/include/chromeos + + mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \ + $out/share/minijail + cp -v *.so $out/lib cp -v *.pc $out/lib/pkgconfig cp -v libminijail.h scoped_minijail.h $out/include/chromeos cp -v minijail0 $out/bin + cp -v constants.json $out/share/minijail ''; - meta = { - homepage = https://android.googlesource.com/platform/external/minijail/; + meta = with lib; { + homepage = "https://android.googlesource.com/platform/external/minijail/"; description = "Sandboxing library and application using Linux namespaces and capabilities"; - license = stdenv.lib.licenses.bsd3; - maintainers = with stdenv.lib.maintainers; [ pcarrier qyliss ]; - platforms = stdenv.lib.platforms.linux; + license = licenses.bsd3; + maintainers = with maintainers; [ pcarrier qyliss ]; + platforms = platforms.linux; }; } |