diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix
index 0f720f1f7e3..de0d7fc54de 100644
--- a/pkgs/development/tools/skopeo/default.nix
+++ b/pkgs/development/tools/skopeo/default.nix
@@ -1,39 +1,38 @@
-{ stdenv, lib, buildGoPackage, fetchFromGitHub, gpgme, libgpgerror, devicemapper, btrfs-progs, pkgconfig, ostree }:
+{ stdenv, lib, buildGoPackage, fetchFromGitHub, runCommand
+, gpgme, libgpgerror, devicemapper, btrfs-progs, pkgconfig, ostree, libselinux }:
 
 with stdenv.lib;
 
+let
+  version = "0.1.28";
+
+  src = fetchFromGitHub {
+    rev = "v${version}";
+    owner = "projectatomic";
+    repo = "skopeo";
+    sha256 = "068nwrr3nr27alravcq1sxyhdd5jjr24213vdgn1dqva3885gbi0";
+  };
+
+  defaultPolicyFile = runCommand "skopeo-default-policy.json" {} "cp ${src}/default-policy.json $out";
+
+in
 buildGoPackage rec {
   name = "skopeo-${version}";
-  version = "0.1.27";
-  rev = "v${version}";
+  inherit src;
 
   goPackagePath = "github.com/projectatomic/skopeo";
   excludedPackages = "integration";
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ gpgme libgpgerror devicemapper btrfs-progs ostree ];
+  buildInputs = [ gpgme libgpgerror devicemapper btrfs-progs ostree libselinux ];
 
-  src = fetchFromGitHub {
-    inherit rev;
-    owner = "projectatomic";
-    repo = "skopeo";
-    sha256 = "1xwwzxjczz8qdk1rf0h78qd3vk9mxxb8yi6f8kfqvcdcsvkajd5g";
-  };
-
-  patches = [
-    ./path.patch
-  ];
+  buildFlagsArray = "-ldflags= -X github.com/projectatomic/skopeo/vendor/github.com/containers/image/signature.systemDefaultPolicyPath=${defaultPolicyFile}";
 
   preBuild = ''
     export CGO_CFLAGS="-I${getDev gpgme}/include -I${getDev libgpgerror}/include -I${getDev devicemapper}/include -I${getDev btrfs-progs}/include"
     export CGO_LDFLAGS="-L${getLib gpgme}/lib -L${getLib libgpgerror}/lib -L${getLib devicemapper}/lib"
   '';
 
-  postInstall = ''
-    mkdir $bin/etc
-    cp -v ./go/src/github.com/projectatomic/skopeo/default-policy.json $bin/etc/default-policy.json
-  '';
-
   meta = {
     description = "A command line utility for various operations on container images and image repositories";
     homepage = https://github.com/projectatomic/skopeo;
diff --git a/pkgs/development/tools/skopeo/path.patch b/pkgs/development/tools/skopeo/path.patch
deleted file mode 100644
index fe456b58e54..00000000000
--- a/pkgs/development/tools/skopeo/path.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/cmd/skopeo/main.go b/cmd/skopeo/main.go
-index 50e29b2..7108df5 100644
---- a/cmd/skopeo/main.go
-+++ b/cmd/skopeo/main.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"path/filepath"
- 
- 	"github.com/Sirupsen/logrus"
- 	"github.com/containers/image/signature"
-@@ -88,6 +89,11 @@ func getPolicyContext(c *cli.Context) (*signature.PolicyContext, error) {
- 	policyPath := c.GlobalString("policy")
- 	var policy *signature.Policy // This could be cached across calls, if we had an application context.
- 	var err error
-+	var dir string
-+	if policyPath == "" {
-+		dir, err = filepath.Abs(filepath.Dir(os.Args[0]))
-+		policyPath = dir + "/../etc/default-policy.json"
-+	}
- 	if c.GlobalBool("insecure-policy") {
- 		policy = &signature.Policy{Default: []signature.PolicyRequirement{signature.NewPRInsecureAcceptAnything()}}
- 	} else if policyPath == "" {
-