2021-03-02 08:57:17 +00:00
|
|
|
{ lib
|
|
|
|
, writeShellScriptBin
|
|
|
|
, buildGoPackage
|
|
|
|
, makeWrapper
|
|
|
|
, fetchFromGitHub
|
2022-12-05 17:55:16 +00:00
|
|
|
, fetchpatch
|
2021-03-02 08:57:17 +00:00
|
|
|
, coreutils
|
|
|
|
, nettools
|
|
|
|
, dmidecode
|
|
|
|
, util-linux
|
|
|
|
, bashInteractive
|
2021-05-08 23:03:38 +00:00
|
|
|
, overrideEtc ? true
|
2021-03-02 08:57:17 +00:00
|
|
|
}:
|
2017-02-13 01:32:37 +00:00
|
|
|
|
2021-03-02 08:57:17 +00:00
|
|
|
let
|
2021-03-02 20:47:42 +00:00
|
|
|
# Tests use lsb_release, so we mock it (the SSM agent used to not
|
|
|
|
# read from our /etc/os-release file, but now it does) because in
|
|
|
|
# reality, it won't (shouldn't) be used when active on a system with
|
|
|
|
# /etc/os-release. If it is, we fake the only two fields it cares about.
|
2021-03-02 08:57:17 +00:00
|
|
|
fake-lsb-release = writeShellScriptBin "lsb_release" ''
|
|
|
|
. /etc/os-release || true
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
-i) echo "''${NAME:-unknown}";;
|
|
|
|
-r) echo "''${VERSION:-unknown}";;
|
|
|
|
esac
|
|
|
|
'';
|
|
|
|
in
|
2017-02-13 01:32:37 +00:00
|
|
|
buildGoPackage rec {
|
2021-03-02 08:57:17 +00:00
|
|
|
pname = "amazon-ssm-agent";
|
|
|
|
version = "3.0.755.0";
|
2017-02-13 01:32:37 +00:00
|
|
|
|
|
|
|
goPackagePath = "github.com/aws/${pname}";
|
2020-06-26 10:15:08 +00:00
|
|
|
|
2021-02-07 09:17:39 +00:00
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
2017-02-13 01:32:37 +00:00
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
2021-03-02 08:57:17 +00:00
|
|
|
rev = version;
|
|
|
|
owner = "aws";
|
|
|
|
repo = "amazon-ssm-agent";
|
|
|
|
hash = "sha256-yVQJL1MJ1JlAndlrXfEbNLQihlbLhSoQXTKzJMRzhao=";
|
2017-02-13 01:32:37 +00:00
|
|
|
};
|
|
|
|
|
2021-03-02 08:57:17 +00:00
|
|
|
patches = [
|
|
|
|
# Some tests use networking, so we skip them.
|
|
|
|
./0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch
|
|
|
|
|
|
|
|
# They used constants from another package that I couldn't figure
|
|
|
|
# out how to resolve, so hardcoded the constants.
|
|
|
|
./0002-version-gen-don-t-use-unnecessary-constants.patch
|
2022-12-05 17:55:16 +00:00
|
|
|
|
|
|
|
(fetchpatch {
|
|
|
|
name = "CVE-2022-29527.patch";
|
|
|
|
url = "https://github.com/aws/amazon-ssm-agent/commit/0fe8ae99b2ff25649c7b86d3bc05fc037400aca7.patch";
|
|
|
|
sha256 = "sha256-5g14CxhsHLIgs1Vkfw8FCKEJ4AebNqZKf3ZzoAN/T9U=";
|
|
|
|
})
|
2021-03-02 08:57:17 +00:00
|
|
|
];
|
|
|
|
|
2021-03-02 20:47:42 +00:00
|
|
|
preConfigure = ''
|
|
|
|
rm -r ./Tools/src/goreportcard
|
2021-03-02 08:57:17 +00:00
|
|
|
printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh
|
|
|
|
|
|
|
|
substituteInPlace agent/platform/platform_unix.go \
|
|
|
|
--replace "/usr/bin/uname" "${coreutils}/bin/uname" \
|
|
|
|
--replace '"/bin", "hostname"' '"${nettools}/bin/hostname"' \
|
|
|
|
--replace '"lsb_release"' '"${fake-lsb-release}/bin/lsb_release"'
|
|
|
|
|
|
|
|
substituteInPlace agent/managedInstances/fingerprint/hardwareInfo_unix.go \
|
|
|
|
--replace /usr/sbin/dmidecode ${dmidecode}/bin/dmidecode
|
|
|
|
|
|
|
|
substituteInPlace agent/session/shell/shell_unix.go \
|
|
|
|
--replace '"script"' '"${util-linux}/bin/script"'
|
2020-06-26 10:15:08 +00:00
|
|
|
|
2021-03-02 20:47:42 +00:00
|
|
|
echo "${version}" > VERSION
|
2021-05-08 23:03:38 +00:00
|
|
|
'' + lib.optionalString overrideEtc ''
|
|
|
|
substituteInPlace agent/appconfig/constants_unix.go \
|
|
|
|
--replace '"/etc/amazon/ssm/"' '"${placeholder "out"}/etc/amazon/ssm/"'
|
2021-03-02 20:47:42 +00:00
|
|
|
'';
|
|
|
|
|
|
|
|
preBuild = ''
|
|
|
|
cp -r go/src/${goPackagePath}/vendor/src go
|
|
|
|
|
|
|
|
pushd go/src/${goPackagePath}
|
|
|
|
|
2021-03-02 08:57:17 +00:00
|
|
|
# Note: if this step fails, please patch the code to fix it! Please only skip
|
|
|
|
# tests if it is not feasible for the test to pass in a sandbox.
|
|
|
|
make quick-integtest
|
2020-06-26 10:15:08 +00:00
|
|
|
|
2021-03-02 08:57:17 +00:00
|
|
|
make pre-release
|
|
|
|
make pre-build
|
2021-03-02 20:47:42 +00:00
|
|
|
|
|
|
|
popd
|
2020-06-26 10:15:08 +00:00
|
|
|
'';
|
|
|
|
|
2021-03-02 20:47:42 +00:00
|
|
|
postBuild = ''
|
|
|
|
pushd go/bin
|
|
|
|
|
|
|
|
rm integration-cli versiongenerator generator
|
|
|
|
|
|
|
|
mv core amazon-ssm-agent
|
|
|
|
mv agent ssm-agent-worker
|
|
|
|
mv cli-main ssm-cli
|
|
|
|
mv worker ssm-document-worker
|
|
|
|
mv logging ssm-session-logger
|
|
|
|
mv sessionworker ssm-session-worker
|
|
|
|
|
|
|
|
popd
|
2020-06-26 10:15:08 +00:00
|
|
|
'';
|
|
|
|
|
2021-05-05 01:13:42 +00:00
|
|
|
# These templates retain their `.template` extensions on installation. The
|
|
|
|
# amazon-ssm-agent.json.template is required as default configuration when an
|
|
|
|
# amazon-ssm-agent.json isn't present. Here, we retain the template to show
|
|
|
|
# we're using the default configuration.
|
|
|
|
|
|
|
|
# seelog.xml isn't actually required to run, but it does ship as a template
|
|
|
|
# with debian packages, so it's here for reference. Future work in the nixos
|
|
|
|
# module could use this template and substitute a different log level.
|
|
|
|
postInstall = ''
|
|
|
|
mkdir -p $out/etc/amazon/ssm
|
|
|
|
cp go/src/${goPackagePath}/amazon-ssm-agent.json.template $out/etc/amazon/ssm/amazon-ssm-agent.json.template
|
|
|
|
cp go/src/${goPackagePath}/seelog_unix.xml $out/etc/amazon/ssm/seelog.xml.template
|
|
|
|
'';
|
|
|
|
|
2021-03-02 20:47:42 +00:00
|
|
|
postFixup = ''
|
2021-03-02 08:57:17 +00:00
|
|
|
wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin
|
2017-02-13 01:32:37 +00:00
|
|
|
'';
|
|
|
|
|
2021-01-11 07:54:33 +00:00
|
|
|
meta = with lib; {
|
2017-02-13 01:32:37 +00:00
|
|
|
description = "Agent to enable remote management of your Amazon EC2 instance configuration";
|
2021-03-02 08:57:17 +00:00
|
|
|
homepage = "https://github.com/aws/amazon-ssm-agent";
|
|
|
|
license = licenses.asl20;
|
|
|
|
platforms = platforms.unix;
|
2020-06-26 10:15:08 +00:00
|
|
|
maintainers = with maintainers; [ copumpkin manveru ];
|
2017-02-13 01:32:37 +00:00
|
|
|
};
|
|
|
|
}
|