1 files changed, 32 insertions, 3 deletions

diff --git a/pkgs/applications/virtualization/krunvm/default.nix b/pkgs/applications/virtualization/krunvm/default.nix
index cd2ff0e706f4..8ee3d478497e 100644
--- a/pkgs/applications/virtualization/krunvm/default.nix
+++ b/pkgs/applications/virtualization/krunvm/default.nix
@@ -3,7 +3,12 @@
 , rustPlatform
 , fetchFromGitHub
 , asciidoctor
+, buildah
+, buildah-unwrapped
+, libiconv
 , libkrun
+, makeWrapper
+, sigtool
 }:
 
 stdenv.mkDerivation rec {
@@ -22,17 +27,41 @@ stdenv.mkDerivation rec {
     hash = "sha256-3WiXm90XiQHpCbhlkigg/ZATQeDdUKTstN7hwcsKm4o=";
   };
 
-  nativeBuildInputs = with rustPlatform;[
+  nativeBuildInputs = with rustPlatform; [
     cargoSetupHook
     rust.cargo
     rust.rustc
     asciidoctor
-  ];
+    makeWrapper
+  ] ++ lib.optionals stdenv.isDarwin [ sigtool ];
 
-  buildInputs = [ libkrun ];
+  buildInputs = [ libkrun ] ++ lib.optionals stdenv.isDarwin [
+    libiconv
+  ];
 
   makeFlags = [ "PREFIX=${placeholder "out"}" ];
 
+  postPatch = ''
+    # do not pollute etc
+    substituteInPlace src/utils.rs \
+      --replace "etc/containers" "share/krunvm/containers"
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/krunvm/containers
+    install -D -m755 ${buildah-unwrapped.src}/docs/samples/registries.conf $out/share/krunvm/containers/registries.conf
+    install -D -m755 ${buildah-unwrapped.src}/tests/policy.json $out/share/krunvm/containers/policy.json
+  '';
+
+  # It attaches entitlements with codesign and strip removes those,
+  # voiding the entitlements and making it non-operational.
+  dontStrip = stdenv.isDarwin;
+
+  postFixup = ''
+    wrapProgram $out/bin/krunvm \
+      --prefix PATH : ${lib.makeBinPath [ buildah ]} \
+  '';
+
   meta = with lib; {
     description = "A CLI-based utility for creating microVMs from OCI images";
     homepage = "https://github.com/containers/krunvm";