JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9104b29c39
nixpkgs/pkgs/applications/virtualization/gvisor/default.nix

128 lines
4.0 KiB
Nix
Raw Blame History

{ lib
, buildBazelPackage
, fetchFromGitHub
, callPackage
, bash
, cacert
, git
, glibcLocales
, go
, iproute2
, iptables
, makeWrapper
, procps
, protobuf
, python3
}:
let
preBuild = ''
patchShebangs .
substituteInPlace tools/defs.bzl \
--replace "#!/bin/bash" "#!${bash}/bin/bash"
# Tell rules_go to use the Go binary found in the PATH
sed -E -i \
-e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
WORKSPACE
# The gazelle Go tooling needs CA certs
export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
# If we don't reset our GOPATH, the rules_go stdlib builder tries to
# install something into it. Ideally that wouldn't happen, but for now we
# can also get around it by unsetting GOPATH entirely, since rules_go
# doesn't need it.
export GOPATH=
'';
# Patch the protoc alias so that it always builds from source.
rulesProto = fetchFromGitHub {
owner = "bazelbuild";
repo = "rules_proto";
rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
postFetch = ''
sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
cat <<EOF >>$out/proto/private/BUILD.release
alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
EOF
'';
};
in buildBazelPackage rec {
pname = "gvisor";
version = "20210518.0";
src = fetchFromGitHub {
owner = "google";
repo = "gvisor";
rev = "release-${version}";
sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
};
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
bazelTarget = "//runsc:runsc";
bazelFlags = [
"--override_repository=rules_proto=${rulesProto}"
];
# gvisor uses the Starlark implementation of rules_cc, not the built-in one,
# so we shouldn't delete it from our dependencies.
removeRulesCC = false;
fetchAttrs = {
inherit preBuild;
preInstall = ''
# Remove the go_sdk (it's just a copy of the go derivation) and all
# references to it from the marker files. Bazel does not need to download
# this sdk because we have patched the WORKSPACE file to point to the one
# currently present in PATH. Without removing the go_sdk from the marker
# file, the hash of it will change anytime the Go derivation changes and
# that would lead to impurities in the marker files which would result in
# a different sha256 for the fetch phase.
rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker}
# Remove the gazelle tools, they contain go binaries that are built
# non-deterministically. As long as the gazelle version matches the tools
# should be equivalent.
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
# Remove the gazelle repository cache
chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker}
# Remove log file(s)
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
'';
sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
};
buildAttrs = {
inherit preBuild;
installPhase = ''
install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc
# Needed for the 'runsc do' subcomand
wrapProgram $out/bin/runsc \
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
'';
};
meta = with lib; {
description = "Container Runtime Sandbox";
homepage = "https://github.com/google/gvisor";
license = licenses.asl20;
maintainers = with maintainers; [ andrew-d ];
platforms = [ "x86_64-linux" ];
# The version we have right now does not compile with go 1.17
# See https://github.com/NixOS/nixpkgs/pull/174003 if you want to upgrade gvisor
broken = true;
};
}
Reference in New Issue View Git Blame Copy Permalink