Merge pull request #93709 from arcz/update-nsjail

nsjail: 2.9 -> 3.0

maintainers/maintainer-list.nix

@@ -673,6 +673,12 @@
     githubId = 3965744;
     name = "Arthur Lee";
   };
+  arturcygan = {
+    email = "arczicygan@gmail.com";
+    github = "arcz";
+    githubId = 4679721;
+    name = "Artur Cygan";
+  };
   artuuge = {
     email = "artuuge@gmail.com";
     github = "artuuge";

pkgs/tools/security/nsjail/default.nix

@@ -4,26 +4,24 @@
 
 stdenv.mkDerivation rec {
   pname = "nsjail";
-  version = "2.9";
+  version = "3.0";
 
   src = fetchFromGitHub {
     owner           = "google";
     repo            = "nsjail";
     rev             = version;
     fetchSubmodules = true;
-    sha256          = "0218n0qjb45fawqqfj3gdxgd0fw5k0vxn9iggi0ciljmr9zywkgh";
+    sha256          = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh";
   };
 
-  postPatch = ''
-    substituteInPlace user.cc \
-      --replace "/usr/bin/newgidmap" "${shadow}/bin/newgidmap" \
-      --replace "/usr/bin/newuidmap" "${shadow}/bin/newuidmap"
-  '';
-
   nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ];
   buildInputs = [ libnl protobuf protobufc ];
   enableParallelBuilding = true;
 
+  preBuild = ''
+    makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
+  '';
+
   installPhase = ''
     mkdir -p $out/bin $out/share/man/man1
     install nsjail $out/bin/
@@ -34,7 +32,7 @@ stdenv.mkDerivation rec {
     description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
     homepage    = "http://nsjail.com/";
     license     = licenses.asl20;
-    maintainers = with maintainers; [ bosu c0bw3b ];
+    maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
     platforms   = platforms.linux;
   };
 }