uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948 this can do it nicely. Signed-off-by: Anton Arapov <anton@deadbeef.mx>
2021-04-03 12:58:10 +02:00 · 2021-04-03 12:58:10 +02:00 · 56de2bcd43
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
--- a/pkgs/tools/security/tracee/default.nix
+++ b/pkgs/tools/security/tracee/default.nix
@ -0,0 +1,113 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+
+, llvmPackages_13
+, pkg-config
+
+, zlib
+, libelf
+}:
+
+let
+  inherit (llvmPackages_13) clang;
+  clang-with-bpf =
+    (clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: {
+      extraBuildCommands = o.extraBuildCommands + ''
+        # make a separate wrapped clang we can target at bpf
+        cp $out/bin/clang $out/bin/clang-bpf
+        # extra flags to append after the cc-cflags
+        echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf
+        # use sed to attach the cc-cflags-bpf after cc-cflags
+        sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf
+      '';
+    });
+in
+buildGoModule rec {
+  pname = "tracee";
+  version = "0.7.0";
+
+  src = fetchFromGitHub {
+    owner = "aquasecurity";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o=";
+    # Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the
+    # pinned copy in submodules
+    fetchSubmodules = true;
+  };
+  vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ=";
+
+  patches = [
+    # bpf-core can't be compiled with wrapped clang since it forces the target
+    # we need to be able to replace it with another wrapped clang that has
+    # it's target as bpf
+    ./bpf-core-clang-bpf.patch
+    # add -s to ldflags for smaller binaries
+    ./disable-go-symbol-table.patch
+  ];
+
+
+  enableParallelBuilding = true;
+
+  strictDeps = true;
+  nativeBuildInputs = [ pkg-config clang-with-bpf ];
+  buildInputs = [ zlib libelf ];
+
+  makeFlags = [
+    "VERSION=v${version}"
+    "CMD_CLANG_BPF=clang-bpf"
+    # don't actually need git but the Makefile checks for it
+    "CMD_GIT=echo"
+  ];
+
+  buildPhase = ''
+    runHook preBuild
+    make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES}
+    runHook postBuild
+  '';
+
+  doCheck = false;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/{bin,share/tracee}
+
+    cp ./dist/tracee-ebpf $out/bin
+    cp ./dist/tracee-rules $out/bin
+
+    cp -r ./dist/rules $out/share/tracee/
+    cp -r ./cmd/tracee-rules/templates $out/share/tracee/
+
+    runHook postInstall
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+
+    $out/bin/tracee-ebpf --help
+    $out/bin/tracee-ebpf --version | grep "v${version}"
+
+    $out/bin/tracee-rules --help
+
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    homepage = "https://aquasecurity.github.io/tracee/latest/";
+    changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}";
+    description = "Linux Runtime Security and Forensics using eBPF";
+    longDescription = ''
+      Tracee is a Runtime Security and forensics tool for Linux. It is using
+      Linux eBPF technology to trace your system and applications at runtime,
+      and analyze collected events to detect suspicious behavioral patterns. It
+      is delivered as a Docker image that monitors the OS and detects suspicious
+      behavior based on a pre-defined set of behavioral patterns.
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+    platforms = [ "x86_64-linux" ];
+  };
+}