diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization/docker')
9 files changed, 603 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/docker/buildx.nix b/nixpkgs/pkgs/applications/virtualization/docker/buildx.nix new file mode 100644 index 000000000000..000bb6ee4bcd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/buildx.nix @@ -0,0 +1,39 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "docker-buildx"; + version = "0.13.0"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "buildx"; + rev = "v${version}"; + hash = "sha256-R4+MVC8G4wNwjZtBnLFq+TBiesUYACg9c5y2CUcqHHQ="; + }; + + doCheck = false; + + vendorHash = null; + + ldflags = [ + "-w" "-s" + "-X github.com/docker/buildx/version.Package=github.com/docker/buildx" + "-X github.com/docker/buildx/version.Version=v${version}" + ]; + + installPhase = '' + runHook preInstall + install -D $GOPATH/bin/buildx $out/libexec/docker/cli-plugins/docker-buildx + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-buildx $out/bin/docker-buildx + runHook postInstall + ''; + + meta = with lib; { + description = "Docker CLI plugin for extended build capabilities with BuildKit"; + homepage = "https://github.com/docker/buildx"; + license = licenses.asl20; + maintainers = with maintainers; [ ivan-babrou developer-guy ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/compose.nix b/nixpkgs/pkgs/applications/virtualization/docker/compose.nix new file mode 100644 index 000000000000..e3f0ec1b97bd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/compose.nix @@ -0,0 +1,39 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "docker-compose"; + version = "2.24.6"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "compose"; + rev = "v${version}"; + hash = "sha256-CrQM9fTXGI3uGAk2yk/+enBr9LuMhNFLFBYHT78lNWc="; + }; + + postPatch = '' + # entirely separate package that breaks the build + rm -rf e2e/ + ''; + + vendorHash = "sha256-0YZ36fouuVjj12a7d9F8OkJAmtLIHo0bZhcmOYO5Ki4="; + + ldflags = [ "-X github.com/docker/compose/v2/internal.Version=${version}" "-s" "-w" ]; + + doCheck = false; + installPhase = '' + runHook preInstall + install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose + runHook postInstall + ''; + + meta = with lib; { + description = "Docker CLI plugin to define and run multi-container applications with Docker"; + homepage = "https://github.com/docker/compose"; + license = licenses.asl20; + maintainers = with maintainers; [ babariviere ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/compose_1.nix b/nixpkgs/pkgs/applications/virtualization/docker/compose_1.nix new file mode 100644 index 000000000000..54e0d737bf2d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/compose_1.nix @@ -0,0 +1,48 @@ +{ lib, buildPythonApplication, fetchPypi, pythonOlder +, installShellFiles +, mock, pytest, nose +, pyyaml, colorama, docopt +, dockerpty, docker, jsonschema, requests +, six, texttable, websocket-client, cached-property +, enum34, functools32, paramiko, distro, python-dotenv +}: + +buildPythonApplication rec { + version = "1.29.2"; + pname = "docker-compose"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-TIzZ0h0jdBJ5PRi9MxEASe6a+Nqz/iwhO70HM5WbCbc="; + }; + + # lots of networking and other fails + doCheck = false; + nativeBuildInputs = [ installShellFiles ]; + nativeCheckInputs = [ mock pytest nose ]; + propagatedBuildInputs = [ + pyyaml colorama dockerpty docker + jsonschema requests six texttable websocket-client + docopt cached-property paramiko distro python-dotenv + ] + ++ lib.optional (pythonOlder "3.4") enum34 + ++ lib.optional (pythonOlder "3.2") functools32; + + postPatch = '' + # Remove upper bound on requires, see also + # https://github.com/docker/compose/issues/4431 + sed -i "s/, < .*',$/',/" setup.py + ''; + + postInstall = '' + installShellCompletion --bash contrib/completion/bash/docker-compose + installShellCompletion --zsh contrib/completion/zsh/_docker-compose + ''; + + meta = with lib; { + homepage = "https://docs.docker.com/compose/"; + description = "Multi-container orchestration for Docker"; + license = licenses.asl20; + maintainers = with maintainers; [ Frostman ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/default.nix b/nixpkgs/pkgs/applications/virtualization/docker/default.nix new file mode 100644 index 000000000000..9b6bb0a48be3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/default.nix @@ -0,0 +1,323 @@ +{ lib, callPackage, fetchFromGitHub }: + +rec { + dockerGen = { + version + , cliRev, cliHash + , mobyRev, mobyHash + , runcRev, runcHash + , containerdRev, containerdHash + , tiniRev, tiniHash + , buildxSupport ? true, composeSupport ? true, sbomSupport ? false + # package dependencies + , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage + , makeWrapper, installShellFiles, pkg-config, glibc + , go-md2man, go, containerd, runc, docker-proxy, tini, libtool + , sqlite, iproute2, docker-buildx, docker-compose, docker-sbom + , iptables, e2fsprogs, xz, util-linux, xfsprogs, git + , procps, rootlesskit, slirp4netns, fuse-overlayfs, nixosTests + , clientOnly ? !stdenv.isLinux, symlinkJoin + , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd + , withBtrfs ? stdenv.isLinux, btrfs-progs + , withLvm ? stdenv.isLinux, lvm2 + , withSeccomp ? stdenv.isLinux, libseccomp + }: + let + docker-runc = runc.overrideAttrs (oldAttrs: { + pname = "docker-runc"; + inherit version; + + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = runcRev; + hash = runcHash; + }; + + # docker/runc already include these patches / are not applicable + patches = []; + }); + + docker-containerd = containerd.overrideAttrs (oldAttrs: { + pname = "docker-containerd"; + inherit version; + + src = fetchFromGitHub { + owner = "containerd"; + repo = "containerd"; + rev = containerdRev; + hash = containerdHash; + }; + + buildInputs = oldAttrs.buildInputs + ++ lib.optionals withSeccomp [ libseccomp ]; + }); + + docker-tini = tini.overrideAttrs (oldAttrs: { + pname = "docker-init"; + inherit version; + + src = fetchFromGitHub { + owner = "krallin"; + repo = "tini"; + rev = tiniRev; + hash = tiniHash; + }; + + # Do not remove static from make files as we want a static binary + postPatch = ""; + + buildInputs = [ glibc glibc.static ]; + + env.NIX_CFLAGS_COMPILE = "-DMINIMAL=ON"; + }); + + moby-src = fetchFromGitHub { + owner = "moby"; + repo = "moby"; + rev = mobyRev; + hash = mobyHash; + }; + + moby = buildGoPackage (lib.optionalAttrs stdenv.isLinux rec { + pname = "moby"; + inherit version; + + src = moby-src; + + goPackagePath = "github.com/docker/docker"; + + nativeBuildInputs = [ makeWrapper pkg-config go-md2man go libtool installShellFiles ]; + buildInputs = [ sqlite ] + ++ lib.optional withLvm lvm2 + ++ lib.optional withBtrfs btrfs-progs + ++ lib.optional withSystemd systemd + ++ lib.optional withSeccomp libseccomp; + + extraPath = lib.optionals stdenv.isLinux (lib.makeBinPath [ iproute2 iptables e2fsprogs xz xfsprogs procps util-linux git ]); + + extraUserPath = lib.optionals (stdenv.isLinux && !clientOnly) (lib.makeBinPath [ rootlesskit slirp4netns fuse-overlayfs ]); + + patches = lib.optionals (lib.versionOlder version "23") [ + # This patch incorporates code from a PR fixing using buildkit with the ZFS graph driver. + # It could be removed when a version incorporating this patch is released. + (fetchpatch { + name = "buildkit-zfs.patch"; + url = "https://github.com/moby/moby/pull/43136.patch"; + hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8="; + }) + ] ++ lib.optionals (lib.versions.major version == "24") [ + # docker_24 has LimitNOFILE set to "infinity", which causes a wide variety of issues in containers. + # Issues range from higher-than-usual ressource usage, to containers not starting at all. + # This patch (part of the release candidates for docker_25) simply removes this unit option + # making systemd use its default "1024:524288", which is sane. See commit message and/or the PR for + # more details: https://github.com/moby/moby/pull/45534 + (fetchpatch { + name = "LimitNOFILE-systemd-default.patch"; + url = "https://github.com/moby/moby/pull/45534/commits/c8930105bc9fc3c1a8a90886c23535cc6c41e130.patch"; + hash = "sha256-nyGLxFrJaD0TrDqsAwOD6Iph0aHcFH9sABj1Fy74sec="; + }) + ]; + + postPatch = '' + patchShebangs hack/make.sh hack/make/ hack/with-go-mod.sh + ''; + + buildPhase = '' + export GOCACHE="$TMPDIR/go-cache" + # build engine + cd ./go/src/${goPackagePath} + export AUTO_GOPATH=1 + export DOCKER_GITCOMMIT="${cliRev}" + export VERSION="${version}" + ./hack/make.sh dynbinary + cd - + ''; + + installPhase = '' + cd ./go/src/${goPackagePath} + install -Dm755 ./bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd + + makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \ + --prefix PATH : "$out/libexec/docker:$extraPath" + + ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd + ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim + ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc + ln -s ${docker-proxy}/bin/docker-proxy $out/libexec/docker/docker-proxy + ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init + + # systemd + install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service + substituteInPlace $out/etc/systemd/system/docker.service --replace /usr/bin/dockerd $out/bin/dockerd + install -Dm644 ./contrib/init/systemd/docker.socket $out/etc/systemd/system/docker.socket + + # rootless Docker + install -Dm755 ./contrib/dockerd-rootless.sh $out/libexec/docker/dockerd-rootless.sh + makeWrapper $out/libexec/docker/dockerd-rootless.sh $out/bin/dockerd-rootless \ + --prefix PATH : "$out/libexec/docker:$extraPath:$extraUserPath" + ''; + + DOCKER_BUILDTAGS = lib.optional withSystemd "journald" + ++ lib.optional (!withBtrfs) "exclude_graphdriver_btrfs" + ++ lib.optional (!withLvm) "exclude_graphdriver_devicemapper" + ++ lib.optional withSeccomp "seccomp"; + }); + + plugins = lib.optional buildxSupport docker-buildx + ++ lib.optional composeSupport docker-compose + ++ lib.optional sbomSupport docker-sbom; + pluginsRef = symlinkJoin { name = "docker-plugins"; paths = plugins; }; + in + buildGoPackage (lib.optionalAttrs (!clientOnly) { + # allow overrides of docker components + # TODO: move packages out of the let...in into top-level to allow proper overrides + inherit docker-runc docker-containerd docker-proxy docker-tini moby; + } // rec { + pname = "docker"; + inherit version; + + src = fetchFromGitHub { + owner = "docker"; + repo = "cli"; + rev = cliRev; + hash = cliHash; + }; + + goPackagePath = "github.com/docker/cli"; + + nativeBuildInputs = [ + makeWrapper pkg-config go-md2man go libtool installShellFiles + ]; + + buildInputs = plugins ++ lib.optionals (lib.versionAtLeast version "23" && stdenv.isLinux) [ + glibc + glibc.static + ]; + + postPatch = '' + patchShebangs man scripts/build/ + substituteInPlace ./scripts/build/.variables --replace "set -eu" "" + '' + lib.optionalString (plugins != []) '' + substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \ + "${pluginsRef}/libexec/docker/cli-plugins" + ''; + + # Keep eyes on BUILDTIME format - https://github.com/docker/cli/blob/${version}/scripts/build/.variables + buildPhase = '' + export GOCACHE="$TMPDIR/go-cache" + + cd ./go/src/${goPackagePath} + # Mimic AUTO_GOPATH + mkdir -p .gopath/src/github.com/docker/ + ln -sf $PWD .gopath/src/github.com/docker/cli + export GOPATH="$PWD/.gopath:$GOPATH" + export GITCOMMIT="${cliRev}" + export VERSION="${version}" + export BUILDTIME="1970-01-01T00:00:00Z" + source ./scripts/build/.variables + export CGO_ENABLED=1 + go build -tags pkcs11 --ldflags "$GO_LDFLAGS" github.com/docker/cli/cmd/docker + cd - + ''; + + outputs = ["out"] ++ lib.optional (lib.versionOlder version "23") "man"; + + installPhase = '' + cd ./go/src/${goPackagePath} + install -Dm755 ./docker $out/libexec/docker/docker + + makeWrapper $out/libexec/docker/docker $out/bin/docker \ + --prefix PATH : "$out/libexec/docker:$extraPath" + '' + lib.optionalString (!clientOnly) '' + # symlink docker daemon to docker cli derivation + ln -s ${moby}/bin/dockerd $out/bin/dockerd + ln -s ${moby}/bin/dockerd-rootless $out/bin/dockerd-rootless + + # systemd + mkdir -p $out/etc/systemd/system + ln -s ${moby}/etc/systemd/system/docker.service $out/etc/systemd/system/docker.service + ln -s ${moby}/etc/systemd/system/docker.socket $out/etc/systemd/system/docker.socket + '' + '' + # completion (cli) + installShellCompletion --bash ./contrib/completion/bash/docker + installShellCompletion --fish ./contrib/completion/fish/docker.fish + installShellCompletion --zsh ./contrib/completion/zsh/_docker + '' + lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform && lib.versionOlder version "23") '' + # Generate man pages from cobra commands + echo "Generate man pages from cobra" + mkdir -p ./man/man1 + go build -o ./gen-manpages github.com/docker/cli/man + ./gen-manpages --root . --target ./man/man1 + '' + lib.optionalString (lib.versionOlder version "23") '' + # Generate legacy pages from markdown + echo "Generate legacy manpages" + ./man/md2man-all.sh -q + + installManPage man/*/*.[1-9] + ''; + + passthru = { + # Exposed for tarsum build on non-linux systems (build-support/docker/default.nix) + inherit moby-src; + tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; }; + }; + + meta = with lib; { + homepage = "https://www.docker.com/"; + description = "An open source project to pack, ship and run any application as a lightweight container"; + longDescription = '' + Docker is a platform designed to help developers build, share, and run modern applications. + + To enable the docker daemon on NixOS, set the `virtualisation.docker.enable` option to `true`. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ offline vdemeester periklis ]; + mainProgram = "docker"; + }; + }); + + # Get revisions from + # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* + docker_20_10 = callPackage dockerGen rec { + version = "20.10.26"; + cliRev = "v${version}"; + cliHash = "sha256-EPhsng0kLnweVbC8ZnH0NK1/yHlYSA5Sred4rWJX/Gs="; + mobyRev = "v${version}"; + mobyHash = "sha256-IJ7m2mQnsLiom0EuZLpuLY6fYEko7rEy35igJv1AY04="; + runcRev = "v1.1.8"; + runcHash = "sha256-rDJYEc64KW4Qa3Eg2oUjJqIKrg6THb5hxQFFbvb9Zp4="; + containerdRev = "v1.6.22"; + containerdHash = "sha256-In7OkK3xm7Cz3H1jzG9b4tsZbmo44QCq8pNU+PPy8dY="; + tiniRev = "v0.19.0"; + tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI="; + }; + + docker_24 = callPackage dockerGen rec { + version = "24.0.5"; + cliRev = "v${version}"; + cliHash = "sha256-u1quVGTx/p8BDyRn33vYyyuE5BOhWMnGQ5uVX0PZ5mg="; + mobyRev = "v${version}"; + mobyHash = "sha256-JQjRz1fHZlQRkNw/R8WWLV8caN3/U3mrKKQXbZt2crU="; + runcRev = "v1.1.8"; + runcHash = "sha256-rDJYEc64KW4Qa3Eg2oUjJqIKrg6THb5hxQFFbvb9Zp4="; + containerdRev = "v1.7.1"; + containerdHash = "sha256-WwedtcsrDQwMQcKFO5nnPiHyGJpl5hXZlmpbBe1/ftY="; + tiniRev = "v0.19.0"; + tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI="; + }; + + docker_25 = callPackage dockerGen rec { + version = "25.0.3"; + cliRev = "v${version}"; + cliHash = "sha256-Jvb0plV1O/UzrcpzN4zH5OulmTVF+p9UQQQ9xqkiObQ="; + mobyRev = "v${version}"; + mobyHash = "sha256-cDlRVdQNzH/X2SJUYHK1QLUHlKQtSyRYCVbz3wPx1ZM="; + runcRev = "v1.1.12"; + runcHash = "sha256-N77CU5XiGYIdwQNPFyluXjseTeaYuNJ//OsEUS0g/v0="; + containerdRev = "v1.7.13"; + containerdHash = "sha256-y3CYDZbA2QjIn1vyq/p1F1pAVxQHi/0a6hGWZCRWzyk="; + tiniRev = "v0.19.0"; + tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI="; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix new file mode 100644 index 000000000000..8c2fec16186c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix @@ -0,0 +1,23 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "distribution"; + version = "2.8.3"; + rev = "v${version}"; + + goPackagePath = "github.com/docker/distribution"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "distribution"; + inherit rev; + sha256 = "sha256-6/clOTkI1JnDjb+crcHmjbQlaqffP/sntGqUB2ftajU="; + }; + + meta = with lib; { + description = "The Docker toolset to pack, ship, store, and deliver content"; + license = licenses.asl20; + maintainers = []; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/gc.nix b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix new file mode 100644 index 000000000000..0736516ee7d2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, docker, coreutils, procps, gnused, findutils, gnugrep }: + +with lib; + +stdenv.mkDerivation rec { + pname = "docker-gc"; + version = "unstable-2015-10-5"; + + src = fetchFromGitHub { + owner = "spotify"; + repo = "docker-gc"; + rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc"; + sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/bin + cp docker-gc $out/bin + chmod +x $out/bin/docker-gc + wrapProgram $out/bin/docker-gc \ + --prefix PATH : "${lib.makeBinPath [ docker coreutils procps gnused findutils gnugrep ]}" + ''; + + meta = { + description = "Docker garbage collection of containers and images"; + license = licenses.asl20; + homepage = "https://github.com/spotify/docker-gc"; + maintainers = with maintainers; [offline]; + platforms = docker.meta.platforms; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix new file mode 100644 index 000000000000..6038a129e2a1 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix @@ -0,0 +1,27 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "docker-proxy"; + version = "unstable-2020-12-15"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "libnetwork"; + rev = "fa125a3512ee0f6187721c88582bf8c4378bd4d7"; + sha256 = "1r47y0gww3j7fas4kgiqbhrz5fazsx1c6sxnccdfhj8fzik77s9y"; + }; + + goPackagePath = "github.com/docker/libnetwork"; + + installPhase = '' + install -m755 -D ./go/bin/proxy $out/bin/docker-proxy + ''; + + meta = with lib; { + description = "Docker proxy binary to forward traffic between host and containers"; + license = licenses.asl20; + homepage = "https://github.com/docker/libnetwork"; + maintainers = with maintainers; [vdemeester]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/sbom-disable-tests.patch b/nixpkgs/pkgs/applications/virtualization/docker/sbom-disable-tests.patch new file mode 100644 index 000000000000..2bf3116da814 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/sbom-disable-tests.patch @@ -0,0 +1,28 @@ +diff --git a/test/cli/all_formats_expressible_test.go b/test/cli/all_formats_expressible_test.go +index 3f40a46..5ba04e8 100644 +--- a/test/cli/all_formats_expressible_test.go ++++ b/test/cli/all_formats_expressible_test.go +@@ -8,7 +8,8 @@ import ( + "github.com/anchore/syft/syft" + ) + +-func TestAllFormatsExpressible(t *testing.T) { ++// Disabled because it needs a running docker daemon ++func disabledTestAllFormatsExpressible(t *testing.T) { + commonAssertions := []traitAssertion{ + func(tb testing.TB, stdout, _ string, _ int) { + tb.Helper() +diff --git a/test/cli/sbom_cmd_test.go b/test/cli/sbom_cmd_test.go +index 0a0771c..a086c3b 100644 +--- a/test/cli/sbom_cmd_test.go ++++ b/test/cli/sbom_cmd_test.go +@@ -8,7 +8,8 @@ import ( + "github.com/docker/sbom-cli-plugin/internal" + ) + +-func TestSBOMCmdFlags(t *testing.T) { ++// Disabled because it needs a running docker daemon ++func disabledTestSBOMCmdFlags(t *testing.T) { + hiddenPackagesImage := getFixtureImage(t, "image-hidden-packages") + coverageImage := getFixtureImage(t, "image-pkg-coverage") + tmp := t.TempDir() + "/" diff --git a/nixpkgs/pkgs/applications/virtualization/docker/sbom.nix b/nixpkgs/pkgs/applications/virtualization/docker/sbom.nix new file mode 100644 index 000000000000..7314eb2029fd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/sbom.nix @@ -0,0 +1,43 @@ +{ buildGoModule +, fetchFromGitHub +, docker +, lib +}: + +buildGoModule rec { + pname = "docker-sbom"; + version = "0.6.1"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "sbom-cli-plugin"; + rev = "tags/v${version}"; + hash = "sha256-i3gIogHb0oW/VDuZUo6LGBmvqs/XfMXjpvTTYeGCK7Q="; + }; + + patches = [ + # Disable tests that require a docker daemon to be running + # in the sandbox + ./sbom-disable-tests.patch + ]; + + vendorHash = "sha256-XPPVAdY2NaasZ9bkf24VWWk3X5pjnryvsErYIWkeekc="; + + nativeBuildInputs = [ docker ]; + + installPhase = '' + runHook preInstall + install -D $GOPATH/bin/sbom-cli-plugin $out/libexec/docker/cli-plugins/docker-sbom + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-sbom $out/bin/docker-sbom + runHook postInstall + ''; + + meta = with lib; { + description = "Plugin for Docker CLI to support SBOM creation using Syft"; + homepage = "https://github.com/docker/sbom-cli-plugin"; + license = licenses.asl20; + maintainers = with maintainers; [ raboof ]; + }; +} |