commit 6c884c3052510eab98c649f71acf0920e5d34e0f
Author: Michael Roitzsch <reactorcontrol@icloud.com>
Date:   Tue Sep 15 15:22:26 2020 +0200

    flake: add snapUtil
    
    creates APFS snapshots

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d6d288f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,10 @@
+Apple Internals
+===============
+
+This repository provides tools and information to help understand and analyze the internals 
+of Apple’s operating system platforms. Specifically, a [Nix 
+flake](https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md) allows to build the 
+following externally hosted tools:
+
+[**snapUtil**](https://github.com/ahl/apfs)  
+Manages APFS snapshots.
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..18ab4fb
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,52 @@
+{
+	description = "tools to understand the internals of Apple’s operating systems";
+	inputs = {
+		snapshot-header = {
+			url = "https://opensource.apple.com/tarballs/xnu/xnu-6153.141.1.tar.gz";
+			flake = false;
+		};
+		snap-util = {
+			url = github:ahl/apfs;
+			flake = false;
+		};
+	};
+	outputs = { self, nixpkgs, snapshot-header, snap-util }: {
+		snap-util = 
+			with import nixpkgs { system = "x86_64-darwin"; };
+			stdenv.mkDerivation {
+				name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
+				src = snap-util;
+				preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
+				installPhase = ''
+					mkdir -p $out/bin
+					cp snapUtil $out/bin/.snapUtil-wrapped
+					cat > $out/bin/snapUtil <<- EOF
+						#!/bin/sh
+						if csrutil status | grep -Fq disabled && sysctl kern.bootargs | grep -Fq amfi_get_out_of_my_way ; then
+							exec $out/bin/.snapUtil-wrapped "\$@"
+						else
+							echo 'snapUtil requires SIP and AMFI to be disabled:'
+							echo '• boot recovery system'
+							echo '• run ‘csrutil disable’'
+							echo '• run ‘nvram boot-args=amfi_get_out_of_my_way=0x1’'
+							exit 1
+						fi
+					EOF
+					chmod a+x $out/bin/snapUtil
+				'';
+				postFixup = ''
+					cat > snapUtil.entitlements <<- EOF
+						<?xml version="1.0" encoding="UTF-8"?>
+						<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+						<plist version="1.0">
+						<dict>
+							<key>com.apple.developer.vfs.snapshot</key>
+							<true/>
+						</dict>
+						</plist>
+					EOF
+					/usr/bin/codesign -s - --entitlement snapUtil.entitlements $out/bin/.snapUtil-wrapped
+				'';
+			};
+	};
+}