switch gvisor to build with synthetic go branch instead of bazel.main
parent
9071fb55f6
commit
4c8a3de137
@ -1,35 +0,0 @@ |
||||
{ lib, fetchFromGitHub, buildGoModule }: |
||||
|
||||
buildGoModule rec { |
||||
pname = "gvisor-containerd-shim"; |
||||
version = "unstable-2019-10-09"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "google"; |
||||
repo = "gvisor-containerd-shim"; |
||||
rev = "f299b553afdd8455a0057862004061ea12e660f5"; |
||||
sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm"; |
||||
}; |
||||
|
||||
vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k"; |
||||
|
||||
buildPhase = '' |
||||
make |
||||
''; |
||||
|
||||
checkPhase = '' |
||||
make test |
||||
''; |
||||
|
||||
installPhase = '' |
||||
make install DESTDIR="$out" |
||||
''; |
||||
|
||||
meta = with lib; { |
||||
description = "containerd shim for gVisor"; |
||||
homepage = "https://github.com/google/gvisor-containerd-shim"; |
||||
license = licenses.asl20; |
||||
maintainers = with maintainers; [ andrew-d ]; |
||||
platforms = [ "x86_64-linux" ]; |
||||
}; |
||||
} |
@ -1,127 +1,43 @@ |
||||
{ lib |
||||
, buildBazelPackage |
||||
, buildGoModule |
||||
, fetchFromGitHub |
||||
, callPackage |
||||
, bash |
||||
, cacert |
||||
, git |
||||
, glibcLocales |
||||
, go |
||||
, iproute2 |
||||
, iptables |
||||
, makeWrapper |
||||
, procps |
||||
, protobuf |
||||
, python3 |
||||
}: |
||||
|
||||
let |
||||
preBuild = '' |
||||
patchShebangs . |
||||
|
||||
substituteInPlace tools/defs.bzl \ |
||||
--replace "#!/bin/bash" "#!${bash}/bin/bash" |
||||
|
||||
# Tell rules_go to use the Go binary found in the PATH |
||||
sed -E -i \ |
||||
-e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \ |
||||
WORKSPACE |
||||
|
||||
# The gazelle Go tooling needs CA certs |
||||
export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" |
||||
|
||||
# If we don't reset our GOPATH, the rules_go stdlib builder tries to |
||||
# install something into it. Ideally that wouldn't happen, but for now we |
||||
# can also get around it by unsetting GOPATH entirely, since rules_go |
||||
# doesn't need it. |
||||
export GOPATH= |
||||
''; |
||||
|
||||
# Patch the protoc alias so that it always builds from source. |
||||
rulesProto = fetchFromGitHub { |
||||
owner = "bazelbuild"; |
||||
repo = "rules_proto"; |
||||
rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf"; |
||||
sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8"; |
||||
postFetch = '' |
||||
sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release |
||||
cat <<EOF >>$out/proto/private/BUILD.release |
||||
alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"]) |
||||
EOF |
||||
''; |
||||
}; |
||||
|
||||
in buildBazelPackage rec { |
||||
buildGoModule rec { |
||||
pname = "gvisor"; |
||||
version = "20210518.0"; |
||||
version = "20220905.0"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "google"; |
||||
repo = "gvisor"; |
||||
rev = "release-${version}"; |
||||
sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn"; |
||||
repo = "gvisor"; |
||||
rev = "442a3cd44a0858ac2a8e773b6fbba67cf3bd3767"; |
||||
sha256 = "sha256-LKY7AKAHX29eGuXRrkCVCFl/bdHAVOC0QNZfzlpXqwc="; |
||||
}; |
||||
|
||||
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ]; |
||||
|
||||
bazelTarget = "//runsc:runsc"; |
||||
bazelFlags = [ |
||||
"--override_repository=rules_proto=${rulesProto}" |
||||
]; |
||||
vendorSha256 = "sha256-Fn8A8iwTv0lNI9ZBJkq3SlRelnAGIQY0GInTxaCzSAU="; |
||||
|
||||
# gvisor uses the Starlark implementation of rules_cc, not the built-in one, |
||||
# so we shouldn't delete it from our dependencies. |
||||
removeRulesCC = false; |
||||
nativeBuildInputs = [ makeWrapper ]; |
||||
|
||||
fetchAttrs = { |
||||
inherit preBuild; |
||||
ldflags = [ "-s" "-w" ]; |
||||
|
||||
preInstall = '' |
||||
# Remove the go_sdk (it's just a copy of the go derivation) and all |
||||
# references to it from the marker files. Bazel does not need to download |
||||
# this sdk because we have patched the WORKSPACE file to point to the one |
||||
# currently present in PATH. Without removing the go_sdk from the marker |
||||
# file, the hash of it will change anytime the Go derivation changes and |
||||
# that would lead to impurities in the marker files which would result in |
||||
# a different sha256 for the fetch phase. |
||||
rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker} |
||||
subPackages = [ "runsc" "shim" ]; |
||||
|
||||
# Remove the gazelle tools, they contain go binaries that are built |
||||
# non-deterministically. As long as the gazelle version matches the tools |
||||
# should be equivalent. |
||||
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker} |
||||
|
||||
# Remove the gazelle repository cache |
||||
chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache |
||||
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker} |
||||
|
||||
# Remove log file(s) |
||||
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.* |
||||
''; |
||||
|
||||
sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb"; |
||||
}; |
||||
|
||||
buildAttrs = { |
||||
inherit preBuild; |
||||
|
||||
installPhase = '' |
||||
install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc |
||||
|
||||
# Needed for the 'runsc do' subcomand |
||||
wrapProgram $out/bin/runsc \ |
||||
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]} |
||||
''; |
||||
}; |
||||
postInstall = '' |
||||
# Needed for the 'runsc do' subcomand |
||||
wrapProgram $out/bin/runsc \ |
||||
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]} |
||||
mv $out/bin/shim $out/bin/containerd-shim-runsc-v1 |
||||
''; |
||||
|
||||
meta = with lib; { |
||||
description = "Container Runtime Sandbox"; |
||||
description = "Application Kernel for Containers"; |
||||
homepage = "https://github.com/google/gvisor"; |
||||
license = licenses.asl20; |
||||
maintainers = with maintainers; [ andrew-d ]; |
||||
maintainers = with maintainers; [ andrew-d gpl ]; |
||||
platforms = [ "x86_64-linux" ]; |
||||
# The version we have right now does not compile with go 1.17 |
||||
# See https://github.com/NixOS/nixpkgs/pull/174003 if you want to upgrade gvisor |
||||
broken = true; |
||||
}; |
||||
} |
||||
|
Loading…
Reference in new issue