fortify/package.nix
Ophestra Umiker 08ce7f4a1f
All checks were successful
test / test (push) Successful in 21s
cmd/fuserdb: systemd userdb drop-in entries generator
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 02:03:18 +09:00

61 lines
1.1 KiB
Nix

{
lib,
buildGoModule,
makeBinaryWrapper,
xdg-dbus-proxy,
bubblewrap,
acl,
xorg,
}:
buildGoModule rec {
pname = "fortify";
version = "0.1.0";
src = ./.;
vendorHash = null;
ldflags =
lib.attrsets.foldlAttrs
(
ldflags: name: value:
ldflags
++ [
"-X"
"git.ophivana.moe/security/fortify/internal.${name}=${value}"
]
)
[
"-s"
"-w"
"-X"
"main.Fmain=${placeholder "out"}/bin/.fortify-wrapped"
"-X"
"main.Fshim=${placeholder "out"}/libexec/fshim"
]
{
Version = "v${version}";
Fsu = "/run/wrappers/bin/fsu";
Finit = "${placeholder "out"}/libexec/finit";
};
buildInputs = [
acl
xorg.libxcb
];
nativeBuildInputs = [ makeBinaryWrapper ];
postInstall = ''
wrapProgram $out/bin/${pname} --prefix PATH : ${
lib.makeBinPath [
bubblewrap
xdg-dbus-proxy
]
}
mkdir $out/libexec
(cd $out/bin && mv fsu fshim finit fuserdb ../libexec/)
'';
}