diff options
Diffstat (limited to 'pkgs/os-specific/linux/firejail/default.nix')
| -rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index 47fce3df53326..c3dc819b5bcff 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -1,17 +1,37 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, which, xdg-dbus-proxy, nixosTests }: +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, pkg-config +, libapparmor +, which +, xdg-dbus-proxy +, nixosTests +}: stdenv.mkDerivation rec { pname = "firejail"; - version = "0.9.66"; + version = "0.9.68"; src = fetchFromGitHub { owner = "netblue30"; repo = "firejail"; rev = version; - sha256 = "sha256-oKstTiGt0r4wePaZ9u1o78GZ1XWJ27aS0BdLxmfYk9Q="; + sha256 = "18yy1mykx7h78yj7sz729i3dlsrgi25m17m5x9gbrvsx7f87rw7j"; }; - buildInputs = [ which ]; + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libapparmor + which + ]; + + configureFlags = [ + "--enable-apparmor" + ]; patches = [ # Adds the /nix directory when using an overlay. @@ -20,17 +40,9 @@ stdenv.mkDerivation rec { # By default fbuilder hardcodes the firejail binary to the install path. # On NixOS the firejail binary is a setuid wrapper available in $PATH. ./fbuilder-call-firejail-on-path.patch - # Disable symlink check on /etc/hosts, see - # https://github.com/netblue30/firejail/issues/2758#issuecomment-805174951 - ./remove-link-check.patch ]; prePatch = '' - # Allow whitelisting ~/.nix-profile - substituteInPlace etc/firejail.config --replace \ - '# follow-symlink-as-user yes' \ - 'follow-symlink-as-user no' - # Fix the path to 'xdg-dbus-proxy' hardcoded in the 'common.h' file substituteInPlace src/include/common.h \ --replace '/usr/bin/xdg-dbus-proxy' '${xdg-dbus-proxy}/bin/xdg-dbus-proxy' @@ -62,7 +74,7 @@ stdenv.mkDerivation rec { # See https://github.com/netblue30/firejail/blob/e4cb6b42743ad18bd11d07fd32b51e8576239318/src/firejail/profile.c#L68-L83 # for the profile file lookup implementation. postInstall = '' - for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*.profile | awk '{print $2}' | sort | uniq) + for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*{.inc,.profile} | awk '{print $2}' | sort | uniq) do echo "include /etc/firejail/$local" >$out/etc/firejail/$local done |