From 4c8a3de137f9e1aa65fd7dba3778cd16003d75f2 Mon Sep 17 00:00:00 2001
From: night <903bdd24-af4f-4d5a-8499-d5008a128f26@potato.io>
Date: Wed, 7 Sep 2022 02:30:52 -0700
Subject: [PATCH] gvisor: 20210518.0 -> 20220905.0

switch gvisor to build with synthetic go branch instead of bazel.
---
 .../virtualization/gvisor/containerd-shim.nix |  35 -----
 .../virtualization/gvisor/default.nix         | 120 +++---------------
 pkgs/top-level/all-packages.nix               |   2 -
 3 files changed, 18 insertions(+), 139 deletions(-)
 delete mode 100644 pkgs/applications/virtualization/gvisor/containerd-shim.nix

diff --git a/pkgs/applications/virtualization/gvisor/containerd-shim.nix b/pkgs/applications/virtualization/gvisor/containerd-shim.nix
deleted file mode 100644
index 612ef0f4b53..00000000000
--- a/pkgs/applications/virtualization/gvisor/containerd-shim.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib, fetchFromGitHub, buildGoModule }:
-
-buildGoModule rec {
-  pname = "gvisor-containerd-shim";
-  version = "unstable-2019-10-09";
-
-  src = fetchFromGitHub {
-    owner  = "google";
-    repo   = "gvisor-containerd-shim";
-    rev    = "f299b553afdd8455a0057862004061ea12e660f5";
-    sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm";
-  };
-
-  vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k";
-
-  buildPhase = ''
-    make
-  '';
-
-  checkPhase = ''
-    make test
-  '';
-
-  installPhase = ''
-    make install DESTDIR="$out"
-  '';
-
-  meta = with lib; {
-    description = "containerd shim for gVisor";
-    homepage    = "https://github.com/google/gvisor-containerd-shim";
-    license     = licenses.asl20;
-    maintainers = with maintainers; [ andrew-d ];
-    platforms   = [ "x86_64-linux" ];
-  };
-}
diff --git a/pkgs/applications/virtualization/gvisor/default.nix b/pkgs/applications/virtualization/gvisor/default.nix
index ca6ca470a5c..2609c3e7bc7 100644
--- a/pkgs/applications/virtualization/gvisor/default.nix
+++ b/pkgs/applications/virtualization/gvisor/default.nix
@@ -1,127 +1,43 @@
 { lib
-, buildBazelPackage
+, buildGoModule
 , fetchFromGitHub
-, callPackage
-, bash
-, cacert
-, git
-, glibcLocales
-, go
 , iproute2
 , iptables
 , makeWrapper
 , procps
-, protobuf
-, python3
 }:
 
-let
-  preBuild = ''
-    patchShebangs .
-
-    substituteInPlace tools/defs.bzl \
-      --replace "#!/bin/bash" "#!${bash}/bin/bash"
-
-    # Tell rules_go to use the Go binary found in the PATH
-    sed -E -i \
-      -e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
-      WORKSPACE
-
-    # The gazelle Go tooling needs CA certs
-    export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
-
-    # If we don't reset our GOPATH, the rules_go stdlib builder tries to
-    # install something into it. Ideally that wouldn't happen, but for now we
-    # can also get around it by unsetting GOPATH entirely, since rules_go
-    # doesn't need it.
-    export GOPATH=
-  '';
-
-  # Patch the protoc alias so that it always builds from source.
-  rulesProto = fetchFromGitHub {
-    owner = "bazelbuild";
-    repo = "rules_proto";
-    rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
-    sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
-    postFetch = ''
-      sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
-      cat <<EOF >>$out/proto/private/BUILD.release
-      alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
-      EOF
-    '';
-  };
-
-in buildBazelPackage rec {
+buildGoModule rec {
   pname = "gvisor";
-  version = "20210518.0";
+  version = "20220905.0";
 
   src = fetchFromGitHub {
     owner = "google";
-    repo  = "gvisor";
-    rev   = "release-${version}";
-    sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
+    repo = "gvisor";
+    rev = "442a3cd44a0858ac2a8e773b6fbba67cf3bd3767";
+    sha256 = "sha256-LKY7AKAHX29eGuXRrkCVCFl/bdHAVOC0QNZfzlpXqwc=";
   };
 
-  nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
-
-  bazelTarget = "//runsc:runsc";
-  bazelFlags = [
-    "--override_repository=rules_proto=${rulesProto}"
-  ];
+  vendorSha256 = "sha256-Fn8A8iwTv0lNI9ZBJkq3SlRelnAGIQY0GInTxaCzSAU=";
 
-  # gvisor uses the Starlark implementation of rules_cc, not the built-in one,
-  # so we shouldn't delete it from our dependencies.
-  removeRulesCC = false;
+  nativeBuildInputs = [ makeWrapper ];
 
-  fetchAttrs = {
-    inherit preBuild;
+  ldflags = [ "-s" "-w" ];
 
-    preInstall = ''
-      # Remove the go_sdk (it's just a copy of the go derivation) and all
-      # references to it from the marker files. Bazel does not need to download
-      # this sdk because we have patched the WORKSPACE file to point to the one
-      # currently present in PATH. Without removing the go_sdk from the marker
-      # file, the hash of it will change anytime the Go derivation changes and
-      # that would lead to impurities in the marker files which would result in
-      # a different sha256 for the fetch phase.
-      rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker}
+  subPackages = [ "runsc" "shim" ];
 
-      # Remove the gazelle tools, they contain go binaries that are built
-      # non-deterministically. As long as the gazelle version matches the tools
-      # should be equivalent.
-      rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
-
-      # Remove the gazelle repository cache
-      chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache
-      rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker}
-
-      # Remove log file(s)
-      rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
-    '';
-
-    sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
-  };
-
-  buildAttrs = {
-    inherit preBuild;
-
-    installPhase = ''
-      install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc
-
-      # Needed for the 'runsc do' subcomand
-      wrapProgram $out/bin/runsc \
-        --prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
-    '';
-  };
+  postInstall = ''
+    # Needed for the 'runsc do' subcomand
+    wrapProgram $out/bin/runsc \
+      --prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
+    mv $out/bin/shim $out/bin/containerd-shim-runsc-v1
+  '';
 
   meta = with lib; {
-    description = "Container Runtime Sandbox";
+    description = "Application Kernel for Containers";
     homepage = "https://github.com/google/gvisor";
     license = licenses.asl20;
-    maintainers = with maintainers; [ andrew-d ];
+    maintainers = with maintainers; [ andrew-d gpl ];
     platforms = [ "x86_64-linux" ];
-    # The version we have right now does not compile with go 1.17
-    # See https://github.com/NixOS/nixpkgs/pull/174003 if you want to upgrade gvisor
-    broken = true;
   };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 915e2305642..6db187b74fd 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -28128,8 +28128,6 @@ with pkgs;
 
   gvisor = callPackage ../applications/virtualization/gvisor { };
 
-  gvisor-containerd-shim = callPackage ../applications/virtualization/gvisor/containerd-shim.nix { };
-
   guvcview = libsForQt5.callPackage ../os-specific/linux/guvcview { };
 
   gwc = callPackage ../applications/audio/gwc { };