gvisor: 2019-11-14 -> 20210518.0

This also now seems to depend on protoc, but we substitute out the version of protoc so that we don't download the binary artifacts, and instead compile protoc from support. TBD: using the Nixpkgs built version of protoc instead of building from source.
3 years ago · 5b30dd9b1c
parent cfd38a4006
commit 5b30dd9b1c
2 changed files with 30 additions and 7 deletions
--- a/pkgs/applications/virtualization/gvisor/default.nix
+++ b/pkgs/applications/virtualization/gvisor/default.nix
@ -1,6 +1,8 @@
 { lib
 , buildBazelPackage
 , fetchFromGitHub
+, callPackage
+, bash
 , cacert
 , git
 , glibcLocales
@ -9,6 +11,7 @@
 , iptables
 , makeWrapper
 , procps
+, protobuf
 , python3
 }:

@ -16,9 +19,12 @@ let
  preBuild = ''
    patchShebangs .

+    substituteInPlace tools/defs.bzl \
+      --replace "#!/bin/bash" "#!${bash}/bin/bash"
+
    # Tell rules_go to use the Go binary found in the PATH
    sed -E -i \
-      -e 's|go_version\s*=\s*"[^"]+",|go_version = "host",|g' \
+      -e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
      WORKSPACE

    # The gazelle Go tooling needs CA certs
@ -31,20 +37,37 @@ let
    export GOPATH=
  '';

+  # Patch the protoc alias so that it always builds from source.
+  rulesProto = fetchFromGitHub {
+    owner = "bazelbuild";
+    repo = "rules_proto";
+    rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
+    sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
+    extraPostFetch = ''
+      sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
+      cat <<EOF >>$out/proto/private/BUILD.release
+      alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
+      EOF
+    '';
+  };
+
 in buildBazelPackage rec {
  name = "gvisor-${version}";
-  version = "2019-11-14";
+  version = "20210518.0";

  src = fetchFromGitHub {
    owner = "google";
    repo  = "gvisor";
-    rev   = "release-20191114.0";
-    sha256 = "0kyixjjlws9iz2r2srgpdd4rrq94vpxkmh2rmmzxd9mcqy2i9bg1";
+    rev   = "release-${version}";
+    sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
  };

  nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];

  bazelTarget = "//runsc:runsc";
+  bazelFlags = [
+    "--override_repository=rules_proto=${rulesProto}"
+  ];

  # gvisor uses the Starlark implementation of rules_cc, not the built-in one,
  # so we shouldn't delete it from our dependencies.
@ -76,14 +99,14 @@ in buildBazelPackage rec {
      rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
    '';

-    sha256 = "0fhmlq0d2317gwhma2mz1anb69j4chybk90j71j88wpgw1hxbk34";
+    sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
  };

  buildAttrs = {
    inherit preBuild;

    installPhase = ''
-      install -Dm755 bazel-bin/runsc/*_pure_stripped/runsc $out/bin/runsc
+      install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc

      # Needed for the 'runsc do' subcomand
      wrapProgram $out/bin/runsc \
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -24160,7 +24160,7 @@ in
  gv = callPackage ../applications/misc/gv { };

  gvisor = callPackage ../applications/virtualization/gvisor {
-    go = go_1_14;
+    go = go_1_16;
  };

  gvisor-containerd-shim = callPackage ../applications/virtualization/gvisor/containerd-shim.nix { };