forked from mirrors/nixpkgs
56 lines
1.4 KiB
Nix
56 lines
1.4 KiB
Nix
{ lib
|
|
, stdenv
|
|
, fetchFromGitHub
|
|
, tor
|
|
, firejail
|
|
, iptables
|
|
, makeWrapper
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "orjail";
|
|
version = "1.1";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = pname;
|
|
repo = pname;
|
|
rev = "v${version}";
|
|
sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z";
|
|
};
|
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
|
|
|
postPatch = ''
|
|
patchShebangs make-helper.bsh
|
|
mkdir bin
|
|
mv usr/sbin/orjail bin/orjail
|
|
rm -r usr
|
|
'';
|
|
|
|
makeFlags = [
|
|
"DESTDIR=${placeholder "out"}"
|
|
];
|
|
|
|
postInstall = ''
|
|
# Specify binary paths: tor, firejail, iptables
|
|
# mktemp fails with /tmp path prefix, will work without it anyway
|
|
# https://github.com/orjail/orjail/issues/78
|
|
# firejail will fail reading /etc/hosts, therefore remove --hostname arg
|
|
# https://github.com/netblue30/firejail/issues/2758
|
|
substituteInPlace $out/bin/orjail \
|
|
--replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \
|
|
--replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \
|
|
--replace 'iptables -' '${iptables}/bin/iptables -' \
|
|
--replace 'mktemp /tmp/' 'mktemp ' \
|
|
--replace '--hostname=host ' ""
|
|
'';
|
|
|
|
meta = with lib; {
|
|
description = "Force programs to exclusively use tor network";
|
|
homepage = "https://github.com/orjail/orjail";
|
|
license = licenses.wtfpl;
|
|
maintainers = with maintainers; [ onny ];
|
|
platforms = platforms.linux;
|
|
};
|
|
}
|