nixos/modules/security/wrappers/wrapper.nix at 04f09a5ef73ca78dbf4fd6d161e4e91040e7abdd · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / wrappers / wrapper.nix

at 04f09a5ef73ca78dbf4fd6d161e4e91040e7abdd 702 B view raw

 1{
 2  stdenv,
 3  unsecvars,
 4  linuxHeaders,
 5  sourceProg,
 6  debug ? false,
 7}:
 8# For testing:
 9# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { sourceProg = "${pkgs.hello}/bin/hello"; debug = true; }'
10stdenv.mkDerivation {
11  name = "security-wrapper-${baseNameOf sourceProg}";
12  buildInputs = [ linuxHeaders ];
13  dontUnpack = true;
14  CFLAGS = [
15    ''-DSOURCE_PROG="${sourceProg}"''
16  ]
17  ++ (
18    if debug then
19      [
20        "-Werror"
21        "-Og"
22        "-g"
23      ]
24    else
25      [
26        "-Wall"
27        "-O2"
28      ]
29  );
30  dontStrip = debug;
31  installPhase = ''
32    mkdir -p $out/bin
33    $CC $CFLAGS ${./wrapper.c} -I${unsecvars} -o $out/bin/security-wrapper
34  '';
35}