gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bdd343ece720a653b61ba0efeb8435d802cb3de1
nixpkgs/pkgs/development/tools/misc/linuxkit/default.nix
T
Boey Maun Suang 137b97e2f6 linuxkit: Sign binary with entitlements on Darwin 
In order to use the Virtualization framework at runtime, a macOS binary
must be signed with the appropriate entitlement(s).  The default targets
in the linuxkit Makefiles would do this for us, but the current package
definition does not use those Makefiles, so we must call the right
target directly.
2023-05-22 10:37:16 +03:00

62 lines
2.0 KiB
Nix
Raw Blame History

{ lib, stdenv, buildGoModule, fetchFromGitHub, git, Cocoa, Virtualization, sigtool, testers, linuxkit }:
buildGoModule rec {
pname = "linuxkit";
version = "1.0.1";
src = fetchFromGitHub {
owner = "linuxkit";
repo = "linuxkit";
rev = "v${version}";
sha256 = "sha256-8x9oJaYb/mN2TUaVrGOYi5/6TETD78jif0SwCSc0kyo=";
};
vendorSha256 = null;
modRoot = "./src/cmd/linuxkit";
patches = [
./darwin-os-version.patch
./support-apple-11-sdk.patch
];
# - On macOS, an executable must be signed with the right entitlement(s) to be
# able to use the Virtualization framework at runtime.
# - sigtool is allows us to validly sign such executables with a dummy
# authority.
nativeBuildInputs = lib.optionals stdenv.isDarwin [ sigtool ];
buildInputs = lib.optionals stdenv.isDarwin [ Cocoa Virtualization ];
ldflags = [
"-s"
"-w"
"-X github.com/linuxkit/linuxkit/src/cmd/linuxkit/version.Version=${version}"
];
nativeCheckInputs = [ git ];
# - Because this package definition doesn't build using the source's Makefile,
# we must manually call the sign target.
# - The binary stripping that nixpkgs does by default in the
# fixup phase removes such signing and entitlements, so we have to sign
# after stripping.
# - Finally, at the start of the fixup phase, the working directory is
# $sourceRoot/src/cmd/linuxkit, so it's simpler to use the sign target from
# the Makefile in that directory rather than $sourceRoot/Makefile.
postFixup = lib.optionalString stdenv.isDarwin ''
make sign LOCAL_TARGET=$out/bin/linuxkit
'';
passthru.tests.version = testers.testVersion {
package = linuxkit;
command = "linuxkit version";
};
meta = with lib; {
description = "A toolkit for building secure, portable and lean operating systems for containers";
license = licenses.asl20;
homepage = "https://github.com/linuxkit/linuxkit";
maintainers = with maintainers; [ nicknovitski ];
platforms = platforms.unix;
};
}
Reference in New Issue View Git Blame Copy Permalink