From 139a15ea58964e57d08655af2839837e281e85cd Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Fri, 27 Mar 2020 08:46:03 +0000
Subject: minijail: build and install constants.json

This is a syscall table used for compiling Minijail policy files to
BPF.  The compiler is available in the minijail-tools package.  The
file is generated by compiling and running a small program named
dump_constants.

When cross-compiling, we have to get the syscall table for the host
platform.  To do this, dump_constants is run under QEMU user emulation
for the appropriate platform.  Google takes the same approach in their
minijail packages for ChromiumOS[1].

[1]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/729bd4269a47870380f8dde0b162de355ce89dfe/chromeos-base/minijail/minijail-9999.ebuild#49
---
 pkgs/tools/system/minijail/default.nix | 40 ++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 12 deletions(-)

(limited to 'pkgs/tools/system')

diff --git a/pkgs/tools/system/minijail/default.nix b/pkgs/tools/system/minijail/default.nix
index 5c4c45fbca2c..2f5adc3f4c95 100644
--- a/pkgs/tools/system/minijail/default.nix
+++ b/pkgs/tools/system/minijail/default.nix
@@ -1,4 +1,13 @@
-{ stdenv, fetchFromGitiles, libcap }:
+{ stdenv, lib, fetchFromGitiles, glibc, libcap, qemu }:
+
+let
+  dumpConstants =
+    if stdenv.buildPlatform == stdenv.hostPlatform then "./dump_constants"
+    else if stdenv.hostPlatform.isAarch32 then "qemu-arm dump_constants"
+    else if stdenv.hostPlatform.isAarch64 then "qemu-aarch64 dump_constants"
+    else if stdenv.hostPlatform.isx86_64 then "qemu-x86_64 dump_constants"
+    else throw "Unsupported host platform";
+in
 
 stdenv.mkDerivation rec {
   pname = "minijail";
@@ -10,35 +19,42 @@ stdenv.mkDerivation rec {
     sha256 = "00dq854n4zg3ca2b46f90k15n32zn2sgabi76mnq2w985k9v977n";
   };
 
+  nativeBuildInputs =
+    lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) qemu;
   buildInputs = [ libcap ];
 
   makeFlags = [ "LIBDIR=$(out)/lib" ];
-
-  preConfigure = ''
-    substituteInPlace common.mk --replace /bin/echo echo
-  '';
+  dumpConstantsFlags = lib.optional (stdenv.hostPlatform.libc == "glibc")
+    "LDFLAGS=-L${glibc.static}/lib";
 
   postPatch = ''
+    substituteInPlace common.mk --replace /bin/echo echo
     patchShebangs platform2_preinstall.sh
   '';
 
   postBuild = ''
-    ./platform2_preinstall.sh ${version} $out/include/chromeos
+    make $makeFlags $buildFlags $dumpConstantsFlags dump_constants
+    ${dumpConstants} > constants.json
   '';
 
   installPhase = ''
-    mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin
+    ./platform2_preinstall.sh ${version} $out/include/chromeos
+
+    mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \
+        $out/share/minijail
+
     cp -v *.so $out/lib
     cp -v *.pc $out/lib/pkgconfig
     cp -v libminijail.h scoped_minijail.h $out/include/chromeos
     cp -v minijail0 $out/bin
+    cp -v constants.json $out/share/minijail
   '';
 
-  meta = {
-    homepage = https://android.googlesource.com/platform/external/minijail/;
+  meta = with lib; {
+    homepage = "https://android.googlesource.com/platform/external/minijail/";
     description = "Sandboxing library and application using Linux namespaces and capabilities";
-    license = stdenv.lib.licenses.bsd3;
-    maintainers = with stdenv.lib.maintainers; [ pcarrier qyliss ];
-    platforms = stdenv.lib.platforms.linux;
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ pcarrier qyliss ];
+    platforms = platforms.linux;
   };
 }
-- 
cgit 1.4.1