{ lib, fetchFromGitLab, libseccomp, mandoc, nix-update-script, pkg-config, rustPlatform, scdoc, sydbox, testers, }: rustPlatform.buildRustPackage rec { pname = "sydbox"; version = "3.28.3"; outputs = [ "out" "man" ]; src = fetchFromGitLab { domain = "gitlab.exherbo.org"; owner = "Sydbox"; repo = "sydbox"; rev = "refs/tags/v${version}"; hash = "sha256-9IegNFkOWYt+jdpN0rk4S/qyD/NSPaSqmFnMmCl/3Tk="; }; cargoHash = "sha256-6/D//mkPDRW01SCLmQGWwFCClZ84aJUPhleWGVCJaKM="; nativeBuildInputs = [ mandoc pkg-config scdoc ]; buildInputs = [ libseccomp ]; makeFlags = [ "PREFIX=${placeholder "out"}" ]; checkFlags = [ # rm -rf tmpdir: Os { code: 2, kind: NotFound, message: "No such file or directory" } "--skip=fs::tests::test_relative_symlink_resolution" # Failed to write C source file!: Os { code: 13, kind: PermissionDenied, message: "Permission denied" } "--skip=proc::tests::test_proc_set_at_secure_test_32bit_dynamic" # /bin/false: Os { code: 2, kind: NotFound, message: "No such file or directory" } "--skip=syd_test" # Endlessly stall. Maybe a sandbox issue? "--skip=caps" "--skip=landlock::compat::Compatible::set_compatibility" "--skip=landlock::fs::PathBeneath" "--skip=landlock::fs::PathFd" "--skip=landlock::fs::path_beneath_rules" "--skip=proc::proc_cmdline" "--skip=proc::proc_comm" ]; # TODO: Have these directories be created upstream similar to the vim files postInstall = '' mkdir -p $out/share/man/man{1,2,5,7} make $makeFlags install-{man,vim} ''; passthru = { tests.version = testers.testVersion { package = sydbox; command = "syd -V"; }; updateScript = nix-update-script { }; }; meta = { description = "seccomp-based application sandbox"; homepage = "https://gitlab.exherbo.org/sydbox/sydbox"; changelog = "https://gitlab.exherbo.org/sydbox/sydbox/-/blob/v${version}/ChangeLog.md"; license = lib.licenses.gpl3Plus; maintainers = with lib.maintainers; [ mvs getchoo ]; mainProgram = "syd"; platforms = lib.platforms.linux; }; }