From bab529c9fffabc4abd21181f05a6be057219fc3b Mon Sep 17 00:00:00 2001 From: freezeboy Date: Thu, 26 Nov 2020 13:06:35 +0100 Subject: linuxPackages.akvcam: init at 1.1.1 --- pkgs/os-specific/linux/akvcam/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 pkgs/os-specific/linux/akvcam/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/akvcam/default.nix b/pkgs/os-specific/linux/akvcam/default.nix new file mode 100644 index 000000000000..9e7450775147 --- /dev/null +++ b/pkgs/os-specific/linux/akvcam/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, kernel, qmake }: + +stdenv.mkDerivation rec { + pname = "akvcam"; + version = "1.1.1"; + + src = fetchFromGitHub { + owner = "webcamoid"; + repo = "akvcam"; + rev = version; + sha256 = "ULEhfF+uC/NcVUGAtmP1+BnrcgRgftNS97nLp81avQ8="; + }; + + nativeBuildInputs = [ qmake ]; + + qmakeFlags = [ + "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installPhase = '' + install -m644 -b -D src/akvcam.ko $out/lib/modules/${kernel.modDirVersion}/akvcam.ko + ''; + + meta = with lib; { + description = "Virtual camera driver for Linux"; + homepage = "https://github.com/webcamoid/akvcam"; + maintainers = with maintainers; [ freezeboy ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; +} -- cgit v1.2.3 From 831c700c5d04c791c9384991d38ac146067daa64 Mon Sep 17 00:00:00 2001 From: Roosembert Palacios Date: Fri, 27 Nov 2020 22:42:03 +0100 Subject: firejail: fix -overlay and -build functionality on NixOS - The `-overlay` flag runs the specified binary inside an OverlayFS, since the /nix store may be in a different mount point than the user home, this patch explicitly bind mounts it so it's available inside the overlay. - profile builder: firejail provides facilities to build a new profiles. To do so, it execute the helper binary `fbuilder`, which in turn will execute firejail back with different options. This patch makes it use the binary available in PATH instead of the one produced at compile time. The compiled firejail binary doesn't have the necessary permissions, so the firejail NixOS module wraps it in a SUID wrapper available on PATH at runtime. Signed-off-by: Roosembert Palacios --- pkgs/os-specific/linux/firejail/default.nix | 9 ++++++++ .../firejail/fbuilder-call-firejail-on-path.patch | 11 +++++++++ .../linux/firejail/mount-nix-dir-on-overlay.patch | 27 ++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch create mode 100644 pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index fadf5df7140a..a3be5484a047 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -20,6 +20,15 @@ stdenv.mkDerivation { name = "${s.name}.tar.bz2"; }; + patches = [ + # Adds the /nix directory when using an overlay. + # Required to run any programs under this mode. + ./mount-nix-dir-on-overlay.patch + # By default fbuilder hardcodes the firejail binary to the install path. + # On NixOS the firejail binary is a setuid wrapper available in $PATH. + ./fbuilder-call-firejail-on-path.patch + ]; + prePatch = '' # Allow whitelisting ~/.nix-profile substituteInPlace etc/firejail.config --replace \ diff --git a/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch b/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch new file mode 100644 index 000000000000..6016891655b1 --- /dev/null +++ b/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch @@ -0,0 +1,11 @@ +--- a/src/fbuilder/build_profile.c ++++ b/src/fbuilder/build_profile.c +@@ -67,7 +67,7 @@ + errExit("asprintf"); + + char *cmdlist[] = { +- BINDIR "/firejail", ++ "firejail", + "--quiet", + "--noprofile", + "--caps.drop=all", diff --git a/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch b/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch new file mode 100644 index 000000000000..685314f90758 --- /dev/null +++ b/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch @@ -0,0 +1,27 @@ +--- a/src/firejail/fs.c ++++ b/src/firejail/fs.c +@@ -1143,6 +1143,16 @@ + errExit("mounting /dev"); + fs_logger("whitelist /dev"); + ++ // mount-bind /nix ++ if (arg_debug) ++ printf("Mounting /nix\n"); ++ char *nix; ++ if (asprintf(&nix, "%s/nix", oroot) == -1) ++ errExit("asprintf"); ++ if (mount("/nix", nix, NULL, MS_BIND|MS_REC, NULL) < 0) ++ errExit("mounting /nix"); ++ fs_logger("whitelist /nix"); ++ + // mount-bind run directory + if (arg_debug) + printf("Mounting /run\n"); +@@ -1201,6 +1211,7 @@ + free(odiff); + free(owork); + free(dev); ++ free(nix); + free(run); + free(tmp); + } -- cgit v1.2.3 From 6b882ee0eb78db08ea82f57e91bd17fea2c45da3 Mon Sep 17 00:00:00 2001 From: Sarah Brofeldt Date: Sat, 28 Nov 2020 13:49:38 +0100 Subject: linuxPackages.bpftrace: 0.11.0 -> 0.11.4 --- pkgs/os-specific/linux/bpftrace/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix index fc7c8ecba2da..9fbeda708e05 100644 --- a/pkgs/os-specific/linux/bpftrace/default.nix +++ b/pkgs/os-specific/linux/bpftrace/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "bpftrace"; - version = "0.11.0"; + version = "0.11.4"; src = fetchFromGitHub { owner = "iovisor"; repo = "bpftrace"; rev = "refs/tags/v${version}"; - sha256 = "02f2r731yj3fdc8341id1ksk4dma9rwm2765n2xgx2ldrrz5823y"; + sha256 = "0y4qgm2cpccrsm20rnh92hqplddqsc5q5zhw9nqn2igm3h9i0z7h"; }; enableParallelBuilding = true; -- cgit v1.2.3 From d6d2ff49b4a2b5e86117dc94f54f3e746c1cad29 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 28 Nov 2020 19:37:46 +0000 Subject: mcelog: 169 -> 173 --- pkgs/os-specific/linux/mcelog/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/mcelog/default.nix b/pkgs/os-specific/linux/mcelog/default.nix index f0ef1126154a..2e97f9da1eae 100644 --- a/pkgs/os-specific/linux/mcelog/default.nix +++ b/pkgs/os-specific/linux/mcelog/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mcelog"; - version = "169"; + version = "173"; src = fetchFromGitHub { owner = "andikleen"; repo = "mcelog"; rev = "v${version}"; - sha256 = "0ghkwfaky026qwj6hmcvz2w2hm8qqj3ysbkxxi603vslmwj56chv"; + sha256 = "1ili11kqacn6jkjpk11vhycgygdl92mymgb1sx22lcwq2x0d248m"; }; postPatch = '' -- cgit v1.2.3 From 82a3c6648d2a2fe386e689e27a875a0b437e6ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 18 Nov 2020 09:35:36 +0100 Subject: sysdig: 0.27.0 -> 0.27.1 --- pkgs/os-specific/linux/sysdig/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index bef9231385a0..0433715a5fbc 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "sysdig"; - version = "0.27.0"; + version = "0.27.1"; src = fetchFromGitHub { owner = "draios"; repo = "sysdig"; rev = version; - sha256 = "0lpp271g0749sx7qgpwl6myi0kgfpsxk1kc4yp3r9k1pynv8bq1b"; + sha256 = "sha256-lYjMvxMIReANNwMr62u881Nugrs9piOaN3EmrvGzRns="; }; nativeBuildInputs = [ cmake perl ]; -- cgit v1.2.3