bpfilter/derivation.nix at main · facebook/bpfilter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
  stdenv,
  lib,
  cmake,
  ninja,
  pkg-config,
  clang,
  bison,
  flex,
  libbpf,
  elfutils,
  openssl,
  testers,
  zlib,
  zstd,
  pcre2,
  xxd,
  version,
}:

let
  fs = lib.fileset;

  # zerocallusedregs is invalid with -target bpf
  hardeningDisable = [ "zerocallusedregs" ];

in
{
  inherit hardeningDisable;

  package = stdenv.mkDerivation (finalAttrs: {
    pname = "bpfilter";
    inherit version;

    src = fs.toSource {
      root = ./.;
      fileset = fs.unions [
        ./src
        ./CMakeLists.txt
        ./tools/cmake
      ];
    };

    inherit hardeningDisable;

    nativeBuildInputs = [
      cmake
      ninja
      pkg-config
      clang # for building codegen BPF progs
      bison
      flex
    ];

    buildInputs = [
      libbpf
      elfutils
      openssl
      zlib
      zstd
      pcre2
      xxd
    ];

    cmakeFlags = [
      "-DNO_DOCS=1"
      "-DNO_TESTS=1"
      "-DNO_CHECKS=1"
      "-DNO_BENCHMARKS=1"
    ];

    # We do not run the unit tests because the nix build sandbox doesn't
    # have access to /sys/kernel/btf/vmlinux.
    doCheck = false;

    meta.pkgConfigModules = [ "bpfilter" ];

    passthru = {
      tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
    };

    preFixup = ''
      # workaround for https://github.com/NixOS/nixpkgs/issues/144170
      substituteInPlace $out/lib/pkgconfig/bpfilter.pc --replace-fail ''${prefix}/ ""
    '';
  });
}