2021-01-21 17:00:13 +00:00
|
|
|
{ lib, stdenv, fetchurl, getopt, util-linux, gperf }:
|
2014-04-09 00:37:47 +00:00
|
|
|
|
|
|
|
stdenv.mkDerivation rec {
|
2019-08-15 12:41:18 +00:00
|
|
|
pname = "libseccomp";
|
2020-11-22 02:40:34 +00:00
|
|
|
version = "2.5.1";
|
2014-04-09 00:37:47 +00:00
|
|
|
|
2015-05-22 13:49:27 +00:00
|
|
|
src = fetchurl {
|
|
|
|
url = "https://github.com/seccomp/libseccomp/releases/download/v${version}/libseccomp-${version}.tar.gz";
|
2020-11-22 02:40:34 +00:00
|
|
|
sha256 = "0m8dlg1v7kflcxvajs4p76p275qwsm2abbf5mfapkakp7hw7wc7f";
|
2014-04-09 00:37:47 +00:00
|
|
|
};
|
|
|
|
|
pythonPackages: add new 'seccomp' library
As requested in #99553. Closes #99553.
Libraries that install python modules as part of the build are
problematic, because they either
- only support a single python version, because the input for
pythonPackages gets fixed in all-packages.nix, or
- need to be rebuild the underlying C code for *every* python version
resulting in libfoo-python37, libfoo-python38, and so on
We would prefer to use the second approach because it works correctly
for all versions of python. However, it creates duplicate copies of
libseccomp.so and that can be expensive. Instead we 'deduplicate' the
copies of libseccomp.so by
- attaching a new $pythonsrc output to the libseccomp deriv, and
- exposing a new 'seccomp' package in python-packages.nix using
libseccomp as input, and
- having a custom python.nix derivation that builds the cython
extension using libseccomp to get the python source and the
package version
This means we build 1 copy of the seccomp python package, one for each
version of python, but all of those packages refer to a single instance
of the libseccomp C library, giving us the best of both worlds.
NOTE: because this requires changing the postInstall of libseccomp, it
requires a mass rebuild.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-11-16 04:43:03 +00:00
|
|
|
outputs = [ "out" "lib" "dev" "man" "pythonsrc" ];
|
2018-02-22 14:15:55 +00:00
|
|
|
|
2020-08-31 09:36:59 +00:00
|
|
|
nativeBuildInputs = [ gperf ];
|
|
|
|
buildInputs = [ getopt ];
|
2015-03-27 00:54:08 +00:00
|
|
|
|
2014-04-09 00:37:47 +00:00
|
|
|
patchPhase = ''
|
2015-03-27 00:54:08 +00:00
|
|
|
patchShebangs .
|
2014-04-09 00:37:47 +00:00
|
|
|
'';
|
|
|
|
|
2020-11-24 15:29:28 +00:00
|
|
|
checkInputs = [ util-linux ];
|
2018-08-10 00:27:39 +00:00
|
|
|
doCheck = false; # dependency cycle
|
|
|
|
|
2017-05-04 15:21:52 +00:00
|
|
|
# Hack to ensure that patchelf --shrink-rpath get rids of a $TMPDIR reference.
|
|
|
|
preFixup = "rm -rfv src";
|
2017-02-28 22:55:18 +00:00
|
|
|
|
pythonPackages: add new 'seccomp' library
As requested in #99553. Closes #99553.
Libraries that install python modules as part of the build are
problematic, because they either
- only support a single python version, because the input for
pythonPackages gets fixed in all-packages.nix, or
- need to be rebuild the underlying C code for *every* python version
resulting in libfoo-python37, libfoo-python38, and so on
We would prefer to use the second approach because it works correctly
for all versions of python. However, it creates duplicate copies of
libseccomp.so and that can be expensive. Instead we 'deduplicate' the
copies of libseccomp.so by
- attaching a new $pythonsrc output to the libseccomp deriv, and
- exposing a new 'seccomp' package in python-packages.nix using
libseccomp as input, and
- having a custom python.nix derivation that builds the cython
extension using libseccomp to get the python source and the
package version
This means we build 1 copy of the seccomp python package, one for each
version of python, but all of those packages refer to a single instance
of the libseccomp C library, giving us the best of both worlds.
NOTE: because this requires changing the postInstall of libseccomp, it
requires a mass rebuild.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-11-16 04:43:03 +00:00
|
|
|
# Copy the python module code into a tarball that we can export and use as the
|
|
|
|
# src input for buildPythonPackage calls
|
|
|
|
postInstall = ''
|
|
|
|
cp -R ./src/python/ tmp-pythonsrc/
|
2020-12-11 09:27:24 +00:00
|
|
|
tar -zcf $pythonsrc --mtime="@$SOURCE_DATE_EPOCH" --sort=name --transform s/tmp-pythonsrc/python-foundationdb/ ./tmp-pythonsrc/
|
pythonPackages: add new 'seccomp' library
As requested in #99553. Closes #99553.
Libraries that install python modules as part of the build are
problematic, because they either
- only support a single python version, because the input for
pythonPackages gets fixed in all-packages.nix, or
- need to be rebuild the underlying C code for *every* python version
resulting in libfoo-python37, libfoo-python38, and so on
We would prefer to use the second approach because it works correctly
for all versions of python. However, it creates duplicate copies of
libseccomp.so and that can be expensive. Instead we 'deduplicate' the
copies of libseccomp.so by
- attaching a new $pythonsrc output to the libseccomp deriv, and
- exposing a new 'seccomp' package in python-packages.nix using
libseccomp as input, and
- having a custom python.nix derivation that builds the cython
extension using libseccomp to get the python source and the
package version
This means we build 1 copy of the seccomp python package, one for each
version of python, but all of those packages refer to a single instance
of the libseccomp C library, giving us the best of both worlds.
NOTE: because this requires changing the postInstall of libseccomp, it
requires a mass rebuild.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-11-16 04:43:03 +00:00
|
|
|
'';
|
|
|
|
|
2021-01-21 17:00:13 +00:00
|
|
|
meta = with lib; {
|
2016-06-20 10:53:46 +00:00
|
|
|
description = "High level library for the Linux Kernel seccomp filter";
|
2020-08-24 11:55:02 +00:00
|
|
|
homepage = "https://github.com/seccomp/libseccomp";
|
|
|
|
license = licenses.lgpl21;
|
|
|
|
platforms = platforms.linux;
|
2019-05-03 01:29:12 +00:00
|
|
|
badPlatforms = [
|
|
|
|
"alpha-linux"
|
2020-08-26 06:35:34 +00:00
|
|
|
"riscv32-linux"
|
2020-08-24 11:55:02 +00:00
|
|
|
"sparc-linux"
|
|
|
|
"sparc64-linux"
|
2019-05-03 01:29:12 +00:00
|
|
|
];
|
2019-01-26 10:01:09 +00:00
|
|
|
maintainers = with maintainers; [ thoughtpolice ];
|
2014-04-09 00:37:47 +00:00
|
|
|
};
|
|
|
|
}
|