pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / security / wrappers / wrapper.nix
at 23.11-pre 613 B view raw
1{ stdenv, linuxHeaders, parentWrapperDir, debug ? false }: 2# For testing: 3# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { parentWrapperDir = "/run/wrappers"; debug = true; }' 4stdenv.mkDerivation { 5 name = "security-wrapper"; 6 buildInputs = [ linuxHeaders ]; 7 dontUnpack = true; 8 hardeningEnable = [ "pie" ]; 9 CFLAGS = [ 10 ''-DWRAPPER_DIR="${parentWrapperDir}"'' 11 ] ++ (if debug then [ 12 "-Werror" "-Og" "-g" 13 ] else [ 14 "-Wall" "-O2" 15 ]); 16 dontStrip = debug; 17 installPhase = '' 18 mkdir -p $out/bin 19 $CC $CFLAGS ${./wrapper.c} -o $out/bin/security-wrapper 20 ''; 21}