push sheeet

pkgs/development/tools/buildah/default.nix

@@ -0,0 +1,86 @@
+{
+  lib,
+  stdenv,
+  buildGoModule,
+  fetchFromGitHub,
+  go-md2man,
+  installShellFiles,
+  pkg-config,
+  gpgme,
+  lvm2,
+  btrfs-progs,
+  libapparmor,
+  libselinux,
+  libseccomp,
+  versionCheckHook,
+}:
+
+buildGoModule (finalAttrs: {
+  pname = "buildah";
+  version = "1.41.5";
+
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "buildah";
+    tag = "v${finalAttrs.version}";
+    hash = "sha256-NQ5nCU1uiw3SzPMo2rH4+GnAIbIzM9O0bJaXJg/rfZM=";
+  };
+
+  outputs = [
+    "out"
+    "man"
+  ];
+
+  vendorHash = null;
+
+  doCheck = false;
+
+  # /nix/store/.../bin/ld: internal/mkcw/embed/entrypoint_amd64.o: relocation R_X86_64_32S against `.rodata.1' can not be used when making a PIE object; recompile with -fPIE
+  hardeningDisable = [ "pie" ];
+
+  nativeBuildInputs = [
+    go-md2man
+    installShellFiles
+    pkg-config
+  ];
+
+  buildInputs = [
+    gpgme
+  ]
+  ++ lib.optionals stdenv.hostPlatform.isLinux [
+    btrfs-progs
+    libapparmor
+    libseccomp
+    libselinux
+    lvm2
+  ];
+
+  buildPhase = ''
+    runHook preBuild
+    patchShebangs .
+    make bin/buildah
+    make -C docs GOMD2MAN="go-md2man"
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    install -Dm755 bin/buildah $out/bin/buildah
+    installShellCompletion --bash contrib/completions/bash/buildah
+    make -C docs install PREFIX="$man"
+    runHook postInstall
+  '';
+
+  doInstallCheck = true;
+  nativeInstallCheckInputs = [ versionCheckHook ];
+  versionCheckProgramArg = "--version";
+
+  meta = {
+    description = "Tool which facilitates building OCI images";
+    mainProgram = "buildah";
+    homepage = "https://buildah.io/";
+    changelog = "https://github.com/containers/buildah/releases/tag/v${finalAttrs.version}";
+    license = lib.licenses.asl20;
+    teams = [ lib.teams.podman ];
+  };
+})

pkgs/development/tools/buildah/wrapper.nix

@@ -0,0 +1,78 @@
+{
+  buildah-unwrapped,
+  runCommand,
+  makeBinaryWrapper,
+  symlinkJoin,
+  lib,
+  stdenv,
+  extraPackages ? [ ],
+  runc, # Default container runtime
+  crun, # Container runtime (default with cgroups v2 for podman/buildah)
+  conmon, # Container runtime monitor
+  slirp4netns, # User-mode networking for unprivileged namespaces
+  fuse-overlayfs, # CoW for images, much faster than default vfs
+  util-linuxMinimal, # nsenter
+  iptables,
+  aardvark-dns,
+  netavark,
+  passt,
+}:
+
+let
+  binPath = lib.makeBinPath (
+    [
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
+      runc
+      crun
+      conmon
+      slirp4netns
+      fuse-overlayfs
+      util-linuxMinimal
+      iptables
+    ]
+    ++ extraPackages
+  );
+
+  helpersBin = symlinkJoin {
+    name = "${buildah-unwrapped.pname}-helper-binary-wrapper-${buildah-unwrapped.version}";
+
+    # this only works for some binaries, others may need to be added to `binPath` or in the modules
+    paths = [
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
+      aardvark-dns
+      netavark
+      passt
+    ];
+  };
+
+in
+runCommand buildah-unwrapped.name
+  {
+    name = "${buildah-unwrapped.pname}-wrapper-${buildah-unwrapped.version}";
+    inherit (buildah-unwrapped) pname version passthru;
+
+    preferLocalBuild = true;
+
+    meta = removeAttrs buildah-unwrapped.meta [ "outputsToInstall" ];
+
+    outputs = [
+      "out"
+      "man"
+    ];
+
+    nativeBuildInputs = [
+      makeBinaryWrapper
+    ];
+
+  }
+  ''
+    ln -s ${buildah-unwrapped.man} $man
+
+    mkdir -p $out
+    ln -s ${buildah-unwrapped}/share $out/share
+    makeWrapper ${buildah-unwrapped}/bin/buildah $out/bin/buildah \
+      --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
+      --prefix PATH : ${binPath}
+  ''