Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e69e48a1e410
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 139a15ea5896
Choose a head ref
  • 4 commits
  • 3 files changed
  • 1 contributor

Commits on Apr 1, 2020

  1. minijail: add myself as a maintainer

    @alyssais
    alyssais committed Apr 1, 2020
    Copy the full SHA
    75922aa View commit details

  2. minijail: android-10.0.0_r9 -> 14 

    Switched from the android-* tags to the linux-* ones, because Upstream
says "Releases are tagged as `linux-vXX`".
    @alyssais
    alyssais committed Apr 1, 2020
    Copy the full SHA
    9225d95 View commit details

  3. minijail-tools: init at 14 

    This is built from the same source as minijail, but is for all intents
and purposes a seperate package.  It builds different things, with no
overlap, and is under a different license.
    @alyssais
    alyssais committed Apr 1, 2020
    Copy the full SHA
    2ed7584 View commit details

  4. minijail: build and install constants.json 

    This is a syscall table used for compiling Minijail policy files to
BPF.  The compiler is available in the minijail-tools package.  The
file is generated by compiling and running a small program named
dump_constants.

When cross-compiling, we have to get the syscall table for the host
platform.  To do this, dump_constants is run under QEMU user emulation
for the appropriate platform.  Google takes the same approach in their
minijail packages for ChromiumOS[1].

[1]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/729bd4269a47870380f8dde0b162de355ce89dfe/chromeos-base/minijail/minijail-9999.ebuild#49
    @alyssais
    alyssais committed Apr 1, 2020
    Copy the full SHA
    139a15e View commit details
Showing with 46 additions and 16 deletions.
  1. +31 −16 pkgs/tools/system/minijail/default.nix
  2. +13 −0 pkgs/tools/system/minijail/tools.nix
  3. +2 −0 pkgs/top-level/all-packages.nix
47 changes: 31 additions & 16 deletions pkgs/tools/system/minijail/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,60 @@
{ stdenv, fetchFromGitiles, libcap }:
{ stdenv, lib, fetchFromGitiles, glibc, libcap, qemu }:

let
dumpConstants =
if stdenv.buildPlatform == stdenv.hostPlatform then "./dump_constants"
else if stdenv.hostPlatform.isAarch32 then "qemu-arm dump_constants"
else if stdenv.hostPlatform.isAarch64 then "qemu-aarch64 dump_constants"
else if stdenv.hostPlatform.isx86_64 then "qemu-x86_64 dump_constants"
else throw "Unsupported host platform";
in

stdenv.mkDerivation rec {
pname = "minijail";
version = "android-10.0.0_r9";
version = "14";

src = fetchFromGitiles {
url = "https://android.googlesource.com/platform/external/minijail";
rev = version;
sha256 = "0gcfsyim1krrddcklydqfxl8mamaxgail2xl5qp9yclq60km8f22";
rev = "linux-v${version}";
sha256 = "00dq854n4zg3ca2b46f90k15n32zn2sgabi76mnq2w985k9v977n";
};

nativeBuildInputs =
lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) qemu;
buildInputs = [ libcap ];

makeFlags = [ "LIBDIR=$(out)/lib" ];

preConfigure = ''
substituteInPlace common.mk --replace /bin/echo echo
sed -i '/#include <asm\/siginfo.h>/ d' signal_handler.c
'';
dumpConstantsFlags = lib.optional (stdenv.hostPlatform.libc == "glibc")
"LDFLAGS=-L${glibc.static}/lib";

postPatch = ''
substituteInPlace common.mk --replace /bin/echo echo
patchShebangs platform2_preinstall.sh
'';

postBuild = ''
./platform2_preinstall.sh ${version} $out/include/chromeos
make $makeFlags $buildFlags $dumpConstantsFlags dump_constants
${dumpConstants} > constants.json
'';

installPhase = ''
mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin
./platform2_preinstall.sh ${version} $out/include/chromeos
mkdir -p $out/lib/pkgconfig $out/include/chromeos $out/bin \
$out/share/minijail
cp -v *.so $out/lib
cp -v *.pc $out/lib/pkgconfig
cp -v libminijail.h scoped_minijail.h $out/include/chromeos
cp -v minijail0 $out/bin
cp -v constants.json $out/share/minijail
'';

meta = {
homepage = https://android.googlesource.com/platform/external/minijail/;
meta = with lib; {
homepage = "https://android.googlesource.com/platform/external/minijail/";
description = "Sandboxing library and application using Linux namespaces and capabilities";
license = stdenv.lib.licenses.bsd3;
maintainers = with stdenv.lib.maintainers; [pcarrier];
platforms = stdenv.lib.platforms.linux;
license = licenses.bsd3;
maintainers = with maintainers; [ pcarrier qyliss ];
platforms = platforms.linux;
};
}
13 changes: 13 additions & 0 deletions pkgs/tools/system/minijail/tools.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{ buildPythonApplication, lib, minijail }:

buildPythonApplication {
pname = "minijail-tools";
inherit (minijail) version src;

meta = with lib; {
homepage = "https://android.googlesource.com/platform/external/minijail/+/refs/heads/master/tools/";
description = "A set of tools for minijail";
license = licenses.asl20;
inherit (minijail.meta) maintainers platforms;
};
}
2 changes: 2 additions & 0 deletions pkgs/top-level/all-packages.nix
View file
Original file line number Diff line number Diff line change
@@ -5142,6 +5142,8 @@ in

minijail = callPackage ../tools/system/minijail { };

minijail-tools = python3.pkgs.callPackage ../tools/system/minijail/tools.nix { };

minixml = callPackage ../development/libraries/minixml { };

mir-qualia = callPackage ../tools/text/mir-qualia {