Initial commit

.gitignore

@@ -0,0 +1,4 @@
+result
+result-bin
+*~
+\#*\#

default.nix

@@ -0,0 +1 @@
+import <nixpkgs> { overlays = [ (import ./overlay.nix) ]; }

hyperkit/default.nix

@@ -0,0 +1,41 @@
+{ stdenv, lib, fetchFromGitHub, Hypervisor, vmnet, xpc, libobjc }:
+
+let
+  rev = "6f6edf716b893544c9e0ef3032459180560f0333";
+in
+stdenv.mkDerivation rec {
+  name    = "hyperkit-${version}";
+  # HyperKit release binary uses 6 characters in the version
+  version = lib.strings.substring 0 6 rev;
+
+  src = fetchFromGitHub {
+    owner = "moby";
+    repo = "hyperkit";
+    inherit rev;
+    sha256 = "1vpha4dmal3alw76xfvwj7k0qf5gsb5rz821z5j5a3silqjhihcy";
+  };
+
+  buildInputs = [ Hypervisor vmnet xpc libobjc ];
+
+  # Don't use git to determine version
+  prePatch = ''
+    substituteInPlace Makefile \
+      --replace 'shell git describe --abbrev=6 --dirty --always --tags' "$version" \
+      --replace 'shell git rev-parse HEAD' "${rev}" \
+      --replace 'PHONY: clean' 'PHONY:'
+    cp ${./dtrace.h} src/include/xhyve/dtrace.h
+  '';
+
+  makeFlags = [ "CFLAGS+=-Wno-shift-sign-overflow" ''CFLAGS+=-DVERSION=\"${version}\"'' ''CFLAGS+=-DVERSION_SHA1=\"${rev}\"'' ];
+  installPhase = ''
+    mkdir -p $out/bin
+    cp build/hyperkit $out/bin
+  '';
+
+  meta = {
+    description = "A toolkit for embedding hypervisor capabilities in your application";
+    homepage = "https://github.com/moby/hyperkit";
+    maintainers = [ lib.maintainers.puffnfresh ];
+    platforms = lib.platforms.darwin;
+  };
+}

hyperkit/dtrace.h

@@ -0,0 +1,209 @@
+/*
+ * Generated by dtrace(1M).
+ */
+
+#ifndef	_DTRACE_H
+#define	_DTRACE_H
+
+#include <unistd.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+#define HYPERKIT_STABILITY "___dtrace_stability$hyperkit$v1$1_1_0_1_1_0_1_1_0_1_1_0_1_1_0"
+
+#define HYPERKIT_TYPEDEFS "___dtrace_typedefs$hyperkit$v2$6f66665f74"
+
+#if !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED
+
+#define	HYPERKIT_BLOCK_DELETE(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__delete$v1$6f66665f74$6f66665f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_DELETE_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__delete$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_BLOCK_DELETE_DONE(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__delete__done$v1$6f66665f74$6f66665f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_DELETE_DONE_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__delete__done$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_BLOCK_PREADV(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__preadv$v1$6f66665f74$73697a655f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_PREADV_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__preadv$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_BLOCK_PREADV_DONE(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__preadv__done$v1$6f66665f74$7373697a655f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_PREADV_DONE_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__preadv__done$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_BLOCK_PWRITEV(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__pwritev$v1$6f66665f74$73697a655f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_PWRITEV_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__pwritev$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_BLOCK_PWRITEV_DONE(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$block__pwritev__done$v1$6f66665f74$7373697a655f74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_BLOCK_PWRITEV_DONE_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$block__pwritev__done$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_VMX_EPT_FAULT(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$vmx__ept__fault$v1$696e74$756e7369676e6564206c6f6e67$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_VMX_EPT_FAULT_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$vmx__ept__fault$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_VMX_EXIT(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$vmx__exit$v1$696e74$756e7369676e656420696e74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_VMX_EXIT_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$vmx__exit$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_VMX_INJECT_VIRQ(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$vmx__inject__virq$v1$696e74$696e74(arg0, arg1); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_VMX_INJECT_VIRQ_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$vmx__inject__virq$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_VMX_READ_MSR(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$vmx__read__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_VMX_READ_MSR_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$vmx__read__msr$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	HYPERKIT_VMX_WRITE_MSR(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
+	__dtrace_probe$hyperkit$vmx__write__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " HYPERKIT_STABILITY); \
+} while (0)
+#define	HYPERKIT_VMX_WRITE_MSR_ENABLED() \
+	({ int _r = __dtrace_isenabled$hyperkit$vmx__write__msr$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+
+
+extern void __dtrace_probe$hyperkit$block__delete$v1$6f66665f74$6f66665f74(off_t, off_t);
+extern int __dtrace_isenabled$hyperkit$block__delete$v1(void);
+extern void __dtrace_probe$hyperkit$block__delete__done$v1$6f66665f74$6f66665f74(off_t, off_t);
+extern int __dtrace_isenabled$hyperkit$block__delete__done$v1(void);
+extern void __dtrace_probe$hyperkit$block__preadv$v1$6f66665f74$73697a655f74(off_t, size_t);
+extern int __dtrace_isenabled$hyperkit$block__preadv$v1(void);
+extern void __dtrace_probe$hyperkit$block__preadv__done$v1$6f66665f74$7373697a655f74(off_t, ssize_t);
+extern int __dtrace_isenabled$hyperkit$block__preadv__done$v1(void);
+extern void __dtrace_probe$hyperkit$block__pwritev$v1$6f66665f74$73697a655f74(off_t, size_t);
+extern int __dtrace_isenabled$hyperkit$block__pwritev$v1(void);
+extern void __dtrace_probe$hyperkit$block__pwritev__done$v1$6f66665f74$7373697a655f74(off_t, ssize_t);
+extern int __dtrace_isenabled$hyperkit$block__pwritev__done$v1(void);
+extern void __dtrace_probe$hyperkit$vmx__ept__fault$v1$696e74$756e7369676e6564206c6f6e67$756e7369676e6564206c6f6e67(int, unsigned long, unsigned long);
+extern int __dtrace_isenabled$hyperkit$vmx__ept__fault$v1(void);
+extern void __dtrace_probe$hyperkit$vmx__exit$v1$696e74$756e7369676e656420696e74(int, unsigned int);
+extern int __dtrace_isenabled$hyperkit$vmx__exit$v1(void);
+extern void __dtrace_probe$hyperkit$vmx__inject__virq$v1$696e74$696e74(int, int);
+extern int __dtrace_isenabled$hyperkit$vmx__inject__virq$v1(void);
+extern void __dtrace_probe$hyperkit$vmx__read__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(int, unsigned int, unsigned long);
+extern int __dtrace_isenabled$hyperkit$vmx__read__msr$v1(void);
+extern void __dtrace_probe$hyperkit$vmx__write__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(int, unsigned int, unsigned long);
+extern int __dtrace_isenabled$hyperkit$vmx__write__msr$v1(void);
+
+#else
+
+#define	HYPERKIT_BLOCK_DELETE(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_DELETE_ENABLED() (0)
+#define	HYPERKIT_BLOCK_DELETE_DONE(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_DELETE_DONE_ENABLED() (0)
+#define	HYPERKIT_BLOCK_PREADV(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_PREADV_ENABLED() (0)
+#define	HYPERKIT_BLOCK_PREADV_DONE(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_PREADV_DONE_ENABLED() (0)
+#define	HYPERKIT_BLOCK_PWRITEV(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_PWRITEV_ENABLED() (0)
+#define	HYPERKIT_BLOCK_PWRITEV_DONE(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_BLOCK_PWRITEV_DONE_ENABLED() (0)
+#define	HYPERKIT_VMX_EPT_FAULT(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	HYPERKIT_VMX_EPT_FAULT_ENABLED() (0)
+#define	HYPERKIT_VMX_EXIT(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_VMX_EXIT_ENABLED() (0)
+#define	HYPERKIT_VMX_INJECT_VIRQ(arg0, arg1) \
+do { \
+	} while (0)
+#define	HYPERKIT_VMX_INJECT_VIRQ_ENABLED() (0)
+#define	HYPERKIT_VMX_READ_MSR(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	HYPERKIT_VMX_READ_MSR_ENABLED() (0)
+#define	HYPERKIT_VMX_WRITE_MSR(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	HYPERKIT_VMX_WRITE_MSR_ENABLED() (0)
+
+#endif /* !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED */
+
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* _DTRACE_H */

linuxkit-builder/default.nix

@@ -0,0 +1,196 @@
+# TODO: Sadly this file has lots of duplication with vmTools.
+
+{ system
+, stdenv
+, perl
+, xz
+, bash
+, pathsFromGraph
+, hyperkit
+, linuxkit
+, vpnkit
+, socat
+, writeScript
+, writeScriptBin
+, writeText
+, forceSystem
+, vmTools
+, makeInitrd
+
+, linuxkitKernel ? (forceSystem "x86_64-linux" "x86_64").callPackage ./kernel.nix { }
+, storeDir ? builtins.storeDir
+}:
+
+let
+  pkgsLinux = forceSystem "x86_64-linux" "x86_64";
+  vmToolsLinux = vmTools.override { kernel = linuxkitKernel; pkgs = pkgsLinux; };
+  containerIp = "192.168.65.2";
+
+  hd = "sda";
+  systemTarball = import <nixpkgs/nixos/lib/make-system-tarball.nix> {
+    inherit stdenv perl xz pathsFromGraph;
+    contents = [];
+    storeContents = [
+      {
+        object = stage2Init;
+        symlink = "none";
+      }
+    ];
+  };
+  stage1Init = writeScript "vm-run-stage1" ''
+    #! ${vmToolsLinux.initrdUtils}/bin/ash -e
+
+    export PATH=${vmToolsLinux.initrdUtils}/bin
+
+    mkdir /etc
+    echo -n > /etc/fstab
+
+    mount -t proc none /proc
+    mount -t sysfs none /sys
+
+    echo 2 > /proc/sys/vm/panic_on_oom
+
+    # echo "loading kernel modules..."
+    # for i in $(cat ${vmToolsLinux.modulesClosure}/insmod-list); do
+    #   insmod $i
+    # done
+
+    mount -t devtmpfs devtmpfs /dev
+
+    ifconfig lo up
+
+    mkdir /fs
+
+    mount -t ext4 /dev/${hd} /fs 2>/dev/null || {
+      ${pkgsLinux.e2fsprogs}/bin/mkfs.ext4 -q /dev/${hd}
+      mount -t ext4 /dev/${hd} /fs
+    } || true
+
+    mkdir -p /fs/dev
+    mount -o bind /dev /fs/dev
+
+    mkdir -p /fs/dev/shm /fs/dev/pts
+    mount -t tmpfs -o "mode=1777" none /fs/dev/shm
+    mount -t devpts none /fs/dev/pts
+
+    echo "extracting Nix store..."
+    EXTRACT_UNSAFE_SYMLINKS=1 tar -C /fs -xf ${systemTarball}/tarball/nixos-system-${system}.tar.xz nix nix-path-registration
+
+    mkdir -p /fs/tmp /fs/run /fs/var
+    mount -t tmpfs -o "mode=755" none /fs/run
+    ln -sfn /run /fs/var/run
+
+    mkdir -p /fs/proc
+    mount -t proc none /fs/proc
+
+    mkdir -p /fs/sys
+    mount -t sysfs none /fs/sys
+
+    mkdir -p /fs/etc
+    ln -sf /proc/mounts /fs/etc/mtab
+    echo "127.0.0.1 localhost" > /fs/etc/hosts
+
+    echo "starting stage 2 ($command)"
+    exec switch_root /fs $command
+  '';
+
+  sshdConfig = writeText "linuxkit-sshd-config" ''
+    PermitRootLogin yes
+    PasswordAuthentication no
+    ChallengeResponseAuthentication no
+  '';
+  stage2Init = writeScript "vm-run-stage2" ''
+    #! ${pkgsLinux.bash}/bin/bash
+
+    export NIX_STORE=${storeDir}
+    export NIX_BUILD_TOP=/tmp
+    export TMPDIR=/tmp
+    cd "$NIX_BUILD_TOP"
+
+    ${pkgsLinux.coreutils}/bin/mkdir -p /bin
+    ${pkgsLinux.coreutils}/bin/ln -fs ${pkgsLinux.bash}/bin/sh /bin/sh
+
+    # # Set up automatic kernel module loading.
+    export MODULE_DIR=${pkgsLinux.linux}/lib/modules/
+    ${pkgsLinux.coreutils}/bin/cat <<EOF > /run/modprobe
+    #! /bin/sh
+    export MODULE_DIR=$MODULE_DIR
+    exec ${pkgsLinux.kmod}/bin/modprobe "\$@"
+    EOF
+    ${pkgsLinux.coreutils}/bin/chmod 755 /run/modprobe
+    echo /run/modprobe > /proc/sys/kernel/modprobe
+
+    ln -sfn /proc/self/fd /dev/fd
+
+    echo "root:x:0:0:System administrator:/root:${pkgsLinux.bash}/bin/bash" >> /etc/passwd
+    echo "sshd:x:1:65534:SSH privilege separation user:/var/empty:${pkgsLinux.shadow}/bin/nologin" >> /etc/passwd
+    echo "nixbld1:x:30001:30000:Nix build user 1:/var/empty:${pkgsLinux.shadow}/bin/nologin" >> /etc/passwd
+    echo "nixbld:x:30000:nixbld1" >> /etc/group
+
+    export PATH="${vmToolsLinux.initrdUtils}/bin:${pkgsLinux.nix}/bin"
+
+    if [ -f /nix-path-registration ]; then
+      cat /nix-path-registration | nix-store --load-db
+      rm /nix-path-registration
+    fi
+
+    mkdir -p /etc/ssh /root/.ssh /var/db /var/empty
+
+    ifconfig eth0 ${containerIp}
+    route add default gw 192.168.65.1 eth0
+    echo 'nameserver 192.168.65.1' > /etc/resolv.conf
+
+    export NIX_SSL_CERT_FILE="${pkgsLinux.cacert}/etc/ssl/certs/ca-bundle.crt"
+    mkdir -p /run/nix-daemon
+    ${pkgsLinux.virtsock}/bin/vsudd -inport 2374:unix:/run/nix-daemon/daemon.sock &
+    exec ${pkgsLinux.socat}/bin/socat UNIX-LISTEN:/run/nix-daemon/daemon.sock EXEC:"nix-daemon --stdio"
+  '';
+
+  img = "bzImage";
+  initrd = makeInitrd {
+    contents = [
+      { object = stage1Init;
+        symlink = "/init";
+      }
+    ];
+  };
+  dir = "$HOME/.nixpkgs/linuxkit-builder";
+  linuxkit-nix-daemon = writeScriptBin "linuxkit-nix-daemon" ''
+    #!${bash}/bin/bash
+
+    SIZE="1G"
+    CPUS=1
+    MEM=1024
+
+    mkdir -p "${dir}"
+    ln -fs ${linuxkitKernel}/${img} "${dir}/nix-kernel"
+    ln -fs ${initrd}/initrd "${dir}/nix-initrd.img"
+    echo -n "console=ttyS0 panic=1 command=${stage2Init} loglevel=7 debug" > "${dir}/nix-cmdline"
+    exec ${linuxkit}/bin/linuxkit run \
+      hyperkit \
+      -hyperkit ${hyperkit}/bin/hyperkit \
+      -vpnkit ${vpnkit}/bin/vpnkit \
+      -disk "${dir}/nix-disk,size=$SIZE" \
+      -cpus $CPUS \
+      -mem $MEM \
+      -networking vpnkit \
+      -ip ${containerIp} \
+      -vsock-ports 2374 \
+      -console-file \
+      "${dir}/nix"
+  '';
+  linuxkit-builder = writeScriptBin "linuxkit-builder" ''
+    #!${bash}/bin/bash
+
+    ${linuxkit-nix-daemon}/bin/linuxkit-nix-daemon >/dev/null &
+
+    while ! grep -q "Listening on port 2374" "${dir}/nix-state/console-ring"; do
+      echo "Waiting for LinuxKit VM to boot..." >&2
+      sleep 2
+    done
+    sleep 1
+
+    exec ${socat}/bin/socat UNIX-CONNECT:"${dir}/nix-state/00000003.00000946" -
+  '';
+in
+linuxkit-builder

linuxkit-builder/kernel.nix

@@ -0,0 +1,12 @@
+{ stdenv, fetchurl, linux_4_9, linuxManualConfig, hostPlatform }:
+
+linuxManualConfig {
+  inherit stdenv hostPlatform;
+  inherit (linux_4_9) src;
+  version = "${linux_4_9.version}-linuxkit";
+  configfile = fetchurl {
+    url = https://raw.githubusercontent.com/linuxkit/linuxkit/cb1c74977297b326638daeb824983f0a2e13fdf2/kernel/kernel_config-4.9.x-x86_64;
+    sha256 = "1lpz2q5mhvq7g5ys2s2zynibbxczqzscxbwxfbhb4mkkpps8dv08";
+  };
+  allowImportFromDerivation = true;
+}

linuxkit/default.nix

@@ -0,0 +1,28 @@
+{ lib, buildGoPackage, go, fetchFromGitHub }:
+
+buildGoPackage rec {
+  name = "linuxkit-${version}";
+  version = "0.2";
+
+  goPackagePath = "github.com/linuxkit/linuxkit";
+
+  src = fetchFromGitHub {
+    owner = "linuxkit";
+    repo = "linuxkit";
+    rev = "v${version}";
+    sha256 = "1y7pjmzimnm52v218fznqg8gjiwzxg38ywxiqig8iiljpc6hiyha";
+  };
+
+  subPackages = [ "src/cmd/linuxkit" ];
+
+  preBuild = ''
+    buildFlagsArray+=("-ldflags" "-X main.GitCommit=1c552f7 -X main.Version=0.2.0")
+  '';
+
+  meta = {
+    description = "A toolkit for building secure, portable and lean operating systems for containers";
+    license = lib.licenses.asl20;
+    homepage = https://github.com/linuxkit/linuxkit;
+    platforms = lib.platforms.unix;
+  };
+}

overlay.nix

@@ -0,0 +1,11 @@
+self: super: {
+  hyperkit = self.callPackage ./hyperkit {
+    inherit (self.darwin.apple_sdk.frameworks) Hypervisor vmnet;
+    inherit (self.darwin.apple_sdk.libs) xpc;
+    inherit (self.darwin) libobjc;
+  };
+  virtsock = self.callPackage ./virtsock { };
+  vpnkit = self.callPackage ./vpnkit { };
+  linuxkit = self.callPackage ./linuxkit { };
+  linuxkit-builder = self.callPackage ./linuxkit-builder { };
+}

virtsock/default.nix

@@ -0,0 +1,20 @@
+{ stdenv, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+  name = "virtsock-unstable-${version}";
+  version = "2017-09-14";
+  rev = "cce5df4cc3fbd5966290ae44f43b407205d4a2e4";
+
+  goPackagePath = "github.com/linuxkit/virtsock";
+
+  src = fetchFromGitHub {
+    owner = "linuxkit";
+    repo = "virtsock";
+    inherit rev;
+    sha256 = "1qc3v9xrpzvk2xw9hgqvimwcahl9nva5jghadqzlpqw51a39didh";
+  };
+
+  # TODO: add metadata https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes
+  meta = {
+  };
+}

vpnkit/default.nix

@@ -0,0 +1,27 @@
+{ stdenv, lib, fetchurl }:
+
+let
+  rev = "75434cdd2c2c7c3be257f07f3b7c1a91eca27225";
+in
+stdenv.mkDerivation rec {
+  name = "vpnkit-${version}";
+  version = lib.strings.substring 0 7 rev;
+
+  src = fetchurl {
+    url = https://1013-58395340-gh.circle-artifacts.com/0/Users/distiller/vpnkit/vpnkit.tgz;
+    sha256 = "1jcgx1cg70kdlxc7xrggk1fkb96aqn1h5sklqavpnxn08myla8bj";
+  };
+
+  sourceRoot = ".";
+
+  installPhase = ''
+    cp -r Contents/Resources $out
+  '';
+
+  meta = {
+    description = "VPN-friendly networking devices for HyperKit";
+    homepage = "https://github.com/moby/vpnkit";
+    maintainers = [ lib.maintainers.puffnfresh ];
+    platforms = lib.platforms.darwin;
+  };
+}