nixos/modules/security/wrappers/wrapper.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / wrappers / wrapper.nix

at 25.11-pre 736 B view raw

 1{
 2  stdenv,
 3  unsecvars,
 4  linuxHeaders,
 5  sourceProg,
 6  debug ? false,
 7}:
 8# For testing:
 9# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { sourceProg = "${pkgs.hello}/bin/hello"; debug = true; }'
10stdenv.mkDerivation {
11  name = "security-wrapper-${baseNameOf sourceProg}";
12  buildInputs = [ linuxHeaders ];
13  dontUnpack = true;
14  CFLAGS =
15    [
16      ''-DSOURCE_PROG="${sourceProg}"''
17    ]
18    ++ (
19      if debug then
20        [
21          "-Werror"
22          "-Og"
23          "-g"
24        ]
25      else
26        [
27          "-Wall"
28          "-O2"
29        ]
30    );
31  dontStrip = debug;
32  installPhase = ''
33    mkdir -p $out/bin
34    $CC $CFLAGS ${./wrapper.c} -I${unsecvars} -o $out/bin/security-wrapper
35  '';
36}