Merge commit 'd96bd3394b734487d1c3bfbac0e8f17465e03afe'

1 files changed, 50 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix b/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix
new file mode 100644
index 00000000000..6b4db2d5f0c
--- /dev/null
+++ b/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix
@@ -0,0 +1,50 @@
+{ stdenv
+, buildGoPackage
+, fetchFromGitHub
+, makeWrapper
+}:
+
+buildGoPackage rec {
+  pname = "docker-slim";
+  version = "1.28.1";
+
+  goPackagePath = "github.com/docker-slim/docker-slim";
+
+  src = fetchFromGitHub {
+    owner = "docker-slim";
+    repo = "docker-slim";
+    rev = version;
+    sha256 = "13lws9vgzq3chlqxc8aggz3i5kmir3vld2af0fx15kvcb9kpd79a";
+  };
+
+  subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ];
+
+  nativeBuildInputs = [
+    makeWrapper
+  ];
+
+  buildFlagsArray = [
+    ''-ldflags=
+        -s -w -X ${goPackagePath}/pkg/version.appVersionTag=${version}
+              -X ${goPackagePath}/pkg/version.appVersionRev=${src.rev}
+    ''
+  ];
+
+  # docker-slim tries to create its state dir next to the binary (inside the nix
+  # store), so we set it to use the working directory at the time of invocation
+  postInstall = ''
+    wrapProgram "$bin/bin/docker-slim" --add-flags '--state-path "$(pwd)"'
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Minify and secure Docker containers";
+    homepage = "https://dockersl.im/";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ filalex77 marsam mbrgm ];
+    # internal/app/sensor/monitors/ptrace/monitor.go:151:16: undefined:
+    #     system.CallNumber
+    # internal/app/sensor/monitors/ptrace/monitor.go:161:15: undefined:
+    #     system.CallReturnValue
+    badPlatforms = [ "aarch64-linux" ];
+  };
+}