diff options
| -rw-r--r-- | pkgs/development/tools/misc/linuxkit/default.nix | 23 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 1 |
2 files changed, 22 insertions, 2 deletions
diff --git a/pkgs/development/tools/misc/linuxkit/default.nix b/pkgs/development/tools/misc/linuxkit/default.nix index fa48239b5a08..68a908483d13 100644 --- a/pkgs/development/tools/misc/linuxkit/default.nix +++ b/pkgs/development/tools/misc/linuxkit/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, buildGoModule, fetchFromGitHub, git, Cocoa, Virtualization, testers, linuxkit }: +{ lib, stdenv, buildGoModule, fetchFromGitHub, git, Cocoa, Virtualization, sigtool, testers, linuxkit }: buildGoModule rec { pname = "linuxkit"; @@ -15,8 +15,16 @@ buildGoModule rec { modRoot = "./src/cmd/linuxkit"; - patches = [ ./darwin-os-version.patch ./support-apple-11-sdk.patch ]; + patches = [ + ./darwin-os-version.patch + ./support-apple-11-sdk.patch + ]; + # - On macOS, an executable must be signed with the right entitlement(s) to be + # able to use the Virtualization framework at runtime. + # - sigtool is allows us to validly sign such executables with a dummy + # authority. + nativeBuildInputs = lib.optionals stdenv.isDarwin [ sigtool ]; buildInputs = lib.optionals stdenv.isDarwin [ Cocoa Virtualization ]; ldflags = [ @@ -27,6 +35,17 @@ buildGoModule rec { nativeCheckInputs = [ git ]; + # - Because this package definition doesn't build using the source's Makefile, + # we must manually call the sign target. + # - The binary stripping that nixpkgs does by default in the + # fixup phase removes such signing and entitlements, so we have to sign + # after stripping. + # - Finally, at the start of the fixup phase, the working directory is + # $sourceRoot/src/cmd/linuxkit, so it's simpler to use the sign target from + # the Makefile in that directory rather than $sourceRoot/Makefile. + postFixup = lib.optionalString stdenv.isDarwin '' + make sign LOCAL_TARGET=$out/bin/linuxkit + ''; passthru.tests.version = testers.testVersion { package = linuxkit; command = "linuxkit version"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3894c3e398e9..c36e16a78da4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18097,6 +18097,7 @@ with pkgs; linuxkit = callPackage ../development/tools/misc/linuxkit { inherit (darwin.apple_sdk_11_0.frameworks) Cocoa Virtualization; + inherit (darwin) sigtool; }; listenbrainz-mpd = callPackage ../applications/audio/listenbrainz-mpd { |