From be38dc44f38b7bc3ee7caa743564d5233339d569 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Mon, 1 Mar 2021 21:26:27 +0100
Subject: [PATCH 1/4] catatonit: init at 0.1.5

Signed-off-by: Andrey Golovizin <ag@sologoc.com>
---
 .../virtualization/catatonit/default.nix      | 37 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 2 files changed, 39 insertions(+)
 create mode 100644 pkgs/applications/virtualization/catatonit/default.nix

diff --git a/pkgs/applications/virtualization/catatonit/default.nix b/pkgs/applications/virtualization/catatonit/default.nix
new file mode 100644
index 00000000000..8ecc5f56fe6
--- /dev/null
+++ b/pkgs/applications/virtualization/catatonit/default.nix
@@ -0,0 +1,37 @@
+{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, glibc }:
+
+stdenv.mkDerivation rec {
+  pname = "catatonit";
+  version = "0.1.5";
+
+  src = fetchFromGitHub {
+    owner = "openSUSE";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "ciJ1MI7jr5P2PgxIykQ+BiwNUO8lQHGt0+U8CNbc5bI=";
+  };
+
+  patches = [
+    # Fix compilation with musl
+    (fetchpatch {
+      url = "https://github.com/openSUSE/catatonit/commit/75014b1c3099245b7d0f44f24d7f6dc4888a45fd.patch";
+      sha256 = "sha256-9VMNUT1U90ocjvE7EXYfLxuodDwTXXHYg89qqa5Jq0g=";
+    })
+  ];
+
+  nativeBuildInputs = [ autoreconfHook ];
+  buildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ];
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    readelf -d $out/bin/catatonit | grep 'There is no dynamic section in this file.'
+  '';
+
+  meta = with lib; {
+    description = "A container init that is so simple it's effectively brain-dead";
+    homepage = "https://github.com/openSUSE/catatonit";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ erosennin ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index cd33fdf584f..fad5af8867c 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -197,6 +197,8 @@ in
     inherit (python3Packages) sphinx;
   };
 
+  catatonit = callPackage ../applications/virtualization/catatonit { };
+
   cen64 = callPackage ../misc/emulators/cen64 { };
 
   cereal = callPackage ../development/libraries/cereal { };

From 4b11122749d7b0ce41a0a39e19d33eb6406e45dc Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 21 Mar 2021 15:49:52 +1000
Subject: [PATCH 2/4] nixos/containers: add catatonit / init_path

https://github.com/containers/common/blob/master/docs/containers.conf.5.md

- Also drop unneeded true from ociSeccompBpfHook
---
 nixos/modules/virtualisation/containers.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 997edf77ba9..148d0221998 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -118,8 +118,9 @@ in
       [network]
       cni_plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
 
-      ${lib.optionalString (cfg.ociSeccompBpfHook.enable == true) ''
       [engine]
+      init_path = "${pkgs.catatonit}/bin/catatonit"
+      ${lib.optionalString (cfg.ociSeccompBpfHook.enable) ''
       hooks_dir = [
         "${config.boot.kernelPackages.oci-seccomp-bpf-hook}",
       ]

From fd3f1ec19a934d55fa68725db2aaf51146c82dc4 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 21 Mar 2021 21:12:32 +0100
Subject: [PATCH 3/4] nixos/tests/podman: test podman run --init

---
 nixos/tests/podman.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix
index 4985ff60365..6078a936ede 100644
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@@ -96,6 +96,15 @@ import ./make-test-python.nix (
           podman.succeed(su_cmd("podman ps | grep sleeping"))
           podman.succeed(su_cmd("podman stop sleeping"))
           podman.succeed(su_cmd("podman rm sleeping"))
+
+      with subtest("Run container with init"):
+          podman.succeed(
+              "tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - busybox"
+          )
+          pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip()
+          assert pid == "1"
+          pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
+          assert pid == "2"
     '';
   }
 )

From 5a251359a84fe15a09a65ab5ade220de525dd693 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Mon, 22 Mar 2021 15:35:05 +1000
Subject: [PATCH 4/4] catatonit: add `passthru.tests` and `teams.podman`

---
 pkgs/applications/virtualization/catatonit/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/virtualization/catatonit/default.nix b/pkgs/applications/virtualization/catatonit/default.nix
index 8ecc5f56fe6..c44db31f50c 100644
--- a/pkgs/applications/virtualization/catatonit/default.nix
+++ b/pkgs/applications/virtualization/catatonit/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, glibc }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, glibc, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "catatonit";
@@ -27,11 +27,13 @@ stdenv.mkDerivation rec {
     readelf -d $out/bin/catatonit | grep 'There is no dynamic section in this file.'
   '';
 
+  passthru.tests = { inherit (nixosTests) podman; };
+
   meta = with lib; {
     description = "A container init that is so simple it's effectively brain-dead";
     homepage = "https://github.com/openSUSE/catatonit";
     license = licenses.gpl3Plus;
-    maintainers = with maintainers; [ erosennin ];
+    maintainers = with maintainers; [ erosennin ] ++ teams.podman.members;
     platforms = platforms.linux;
   };
 }