Package request: surfshark-vpn-gui

[RMED24]

Project description

Surfshark is a VPN provided with a cli and GUI on linux. By default, they only provide deb packages. **Metadata** * homepage URL: https://surfshark.com/ * source URL: https://ocean.surfshark.com/debian/pool/main/s/surfshark/surfshark_1.4.3-1762_amd64.deb (https://downloads.surfshark.com/linux/debian-install.sh **The install script is the second url. The first URL can only be accessed with curl**) * license: proprietary * platforms: Debian/Ubuntu Linux

[dtb11288]

I'm new to nix, I'm trying to work on the same page but hasn't work yet. this is the current flake script:

{
  description = "A flake for building Surfshark VPN";

  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";

  outputs = { self, nixpkgs }:
  let
    version = "1.4.3-1762";
  in
  {
    defaultPackage.x86_64-linux =
      # Notice the reference to nixpkgs here.
      with import nixpkgs { system = "x86_64-linux"; };
      stdenv.mkDerivation rec {
        minorversion = 1;
        name = "surfshark-${version}";
        src = pkgs.fetchurl {
          url = "https://ocean.surfshark.com/debian/pool/main/s/surfshark/surfshark_${version}_amd64.deb";
          sha256 = "sha256-3Jdg2qAXyDwOgPKNC2jGHpdteKDUbNGf17es1HpdfeU=";
        };

        nativeBuildInputs = [
          autoPatchelfHook
          dpkg
        ];

        # Required at running time
        buildInputs = with pkgs; [
          alsa-lib
          gtk3
          nss
          mesa
        ];

        libPath = lib.makeLibraryPath buildInputs;

        unpackPhase = ''
          dpkg -x $src unpacked
        '';

        # Extract and copy executable in $out/bin
        installPhase = ''
          mkdir -p $out/bin
          cp -R unpacked/* $out/
          mv $out/usr/* $out/
          mv $out/opt/Surfshark/* $out/bin/
          # TODO do a sed command here for systemd script
          rm -rf $out/usr
          rm -rf $out/etc # Don't need init.d files
        '';

        dontConfigure = true;
        dontBuild = true;

        meta = with lib; {
          description = "Surfshar VPN CLI";
          homepage = "https://surfshark.com";
          license = licenses.unfree;
          maintainers = [ "binh" ];
          platforms = [ "x86_64-linux" ];
        };
      };

  };
}

And a weird result:

/bin/sh: line 1: id: command not found
/bin/sh: line 1: ps: command not found
/bin/sh: line 1: tr: command not found
/bin/sh: line 1: which: command not found
[8942:0625/152655.879165:ERROR:gpu_init.cc(521)] Passthrough is not supported, GL is disabled, ANGLE is
[0625/152655.886899:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0625/152655.887183:ERROR:process_memory_range.cc(75)] read out of range
[0625/152655.931670:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0625/152655.931947:ERROR:process_memory_range.cc(75)] read out of range
zsh: trace trap (core dumped)  ./result/bin/surfshark

[dtb11288]

update: so I think the problem is the libffmpeg.so under same directory with surfshark binary is used and the autoPatchElfHook somehow mess it up with the system's module ffmpeg I don't know how to deal with it yet, maybe move the lib files into another nix package and let the hook point to that package ?

[RMED24]

I would love to assist with this further, but as I just made a request I don't actually understand how the nix packaging format works besides the basic details heh.

However maybe there's a dependency for electron? As I believe the desktop client is an electron app. Maybe also OpenVPN and WireGuard?

[dtb11288]

@RMED24 thanks, but I don't think (or know) that the point. I finally understand a little bit more and made it able to find all the linked libraries

{
  description = "A flake for building Surfshark VPN";

  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";

  outputs = { self, nixpkgs }:
  let
    version = "1.4.3-1762";
  in
  {
    defaultPackage.x86_64-linux =
      # Notice the reference to nixpkgs here.
      with import nixpkgs { system = "x86_64-linux"; };
      stdenv.mkDerivation {
        name = "surfshark-${version}";
        src = pkgs.fetchurl {
          url = "https://ocean.surfshark.com/debian/pool/main/s/surfshark/surfshark_${version}_amd64.deb";
          sha256 = "sha256-3Jdg2qAXyDwOgPKNC2jGHpdteKDUbNGf17es1HpdfeU=";
        };

        dontConfigure = true;
        dontBuild = true;

        nativeBuildInputs = [
          dpkg
        ];

        preFixup = let
          libPath = lib.makeLibraryPath [
            alsa-lib
            gtk3
            nss
            mesa
            nspr
            glib
            atk
            cups
            dbus
            xorg.xrandr
            xorg.libX11
            xorg.libXrandr
            xorg.libXfixes
            xorg.libXdamage
            xorg.libxcb
            xorg.libXext
            xorg.libXcomposite
            libxkbcommon
            at-spi2-core
            libdrm
            cairo
            pango
            expat
          ];
        in
          ''
            patchelf \
              --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
              --set-rpath "$out/bin:${libPath}" \
              $out/bin/surfshark
          '';

        unpackPhase = ''
          dpkg -x $src unpacked
        '';

        # Extract and copy executable in $out/bin
        installPhase = ''
          mkdir -p $out/bin
          cp -r unpacked/* $out/
          mv $out/usr/* $out/
          mv $out/opt/Surfshark/* $out/bin/
          # TODO do a sed command here for systemd script
          rm -rf $out/usr
          rm -rf $out/opt
          rm -rf $out/etc # Don't need init.d files
        '';

        dontStrip = true;

        meta = with lib; {
          description = "Surfshar VPN CLI";
          homepage = "https://surfshark.com";
          license = licenses.unfree;
          maintainers = [ "binh" ];
          platforms = [ "x86_64-linux" ];
        };
      };

  };
}

But when running it throws another issue, I guess something related to some moved resources

[67280:0626/101402.433738:FATAL:spawn_subprocess.cc(221)] posix_spawn: No such file or directory (2)
zsh: trace trap (core dumped)  nix run --impure

[RMED24]

You're getting somewhere with this at least, and if you get stuck near the finish line I might try to work out this packing format myself to get the rest of the way there. However, thanks for putting in the effort so far!

[dtb11288]

No worry, I'm trying to install Surfshark as I'm using it for now, this prevents me moving all my devices to NixOS. Sadly I'm stuck, and try to build FHS environment but not understand what to do yet. So please investigate if you can make it works, it's the best for everyone. Maybe I could switch back to NordVPN after license expired, lol

[dtb11288]

Using buildFHSUserEnv, I can pass through those missing commands, but still unable to run it.

{
  description = "A flake for building Surfshark VPN";
  outputs = { self, nixpkgs }:
  {
    defaultPackage.x86_64-linux =
      # Notice the reference to nixpkgs here.
      with import nixpkgs { system = "x86_64-linux"; };
      let
        pname = "surfshark";
        version = "1.4.3-1762";

        surfsharkBase = stdenv.mkDerivation {
          inherit pname version;
          src = pkgs.fetchurl {
            url = "https://ocean.surfshark.com/debian/pool/main/s/surfshark/surfshark_${version}_amd64.deb";
            sha256 = "sha256-3Jdg2qAXyDwOgPKNC2jGHpdteKDUbNGf17es1HpdfeU=";
          };

          dontConfigure = true;
          dontBuild = true;

          nativeBuildInputs = [
            autoPatchelfHook
            dpkg
          ];

          buildInputs = with pkgs; [
            glibc
            alsa-lib
            gtk3
            nss
            mesa
            nspr
          ];

          unpackPhase = ''
            dpkg -x $src unpacked
          '';

          # Extract and copy executable in $out/bin
          installPhase = ''
            mkdir -p $out
            cp -r unpacked/* $out/
            mv $out/usr/* $out/
            mv $out/opt/Surfshark $out/bin
            # TODO do a sed command here for systemd script
            rm -rf $out/usr
            rm -rf $out/opt
            rm -rf $out/etc # Don't need init.d files
          '';
        };
      in
      buildFHSUserEnv {
        name = "surfshark";
        targetPkgs = pkgs:
          with pkgs; [
            surfsharkBase
            coreutils
            procps
            zsh
            which
            iputils
          ];

        runScript = "${surfsharkBase}/bin/surfshark";

        meta = with lib; {
          description = "Surfshar VPN CLI";
          homepage = "https://surfshark.com";
          license = licenses.unfree;
          maintainers = [ "binh" ];
          platforms = [ "x86_64-linux" ];
        };
      };
  };
}

[51:0703/131327.600162:ERROR:gpu_init.cc(521)] Passthrough is not supported, GL is disabled, ANGLE is
[0703/131327.600613:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0703/131327.600669:ERROR:process_memory_range.cc(75)] read out of range
[0703/131327.606847:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0703/131327.606876:ERROR:process_memory_range.cc(75)] read out of range
Trace/breakpoint trap (core dumped)

I give up for now.

[Melechtna]

I've gone ahead and cleaned up everything, but the problem still remains that electron seems to be the thing tripping up.

{ lib
, stdenv
, fetchurl
, coreutils
, procps
, zsh
, which
, iputils
, autoPatchelfHook
, dpkg
, glibc
, alsa-lib
, gtk3
, nss
, mesa
, nspr
}:

stdenv.mkDerivation rec {
  pname = "surfshark";
  version = "1.5.2-1921";

  src = fetchurl {
    url = "https://ocean.surfshark.com/debian/pool/main/s/surfshark/surfshark_${version}_amd64.deb";
    sha256 = "sha256-vNX7/nKKrbAPkiHs91dMTORzwSWxKLJRg/we9MSYr7o=";
  };

# This bit is the systemd script, but it doesn't work here and needs its own service nix
#  systemd.services.surfsharkd2 = {
#    enable = true;
#    descriptions = "Surfshark Daemon2";
#    serviceConfig = {
#    ExecStart = "/opt/Surfshark/resources/dist/resources/surfsharkd2.js";
#    Restart="on-failure";
#    RestartSec=5;
#    IPAddressDeny="any";
#    RestrictRealtime=true;
#    ProtectKernelTunables=true;
#    ProtectSystem="full";
#    RestrictSUIDSGID=true;
#    };
#    wantedBy = [ "default.target" ];
#  };

  dontConfigure = true;
  dontBuild = true;

  nativeBuildInputs = [ autoPatchelfHook dpkg ];

  unpackPhase = ''
    mkdir $out
    dpkg-deb -R $src $out
  '';

  buildInputs = [ glibc alsa-lib gtk3 nss mesa nspr coreutils ];

  meta = with lib; {
    description = "Surfshar VPN CLI";
    homepage = "https://surfshark.com";
    license = licenses.unfree;
    maintainers = [ "binh" ];
    platforms = [ "x86_64-linux" ];
  };
}

I haven't gone through and removed the unnecessary files, however, between the previous attempts and this one, if one could apply the systemd service and get coreutils working properly, it SHOULD work, but I'm unsure what else to try. I get the same id, which, ps can't be found issue.

[Melechtna]

For what it's worth, I got most of what was needed from here https://aur.archlinux.org/packages/surfshark-gui-bin

[muratcabuk]

I tried the same things as you, but I still couldn't get it to work. Did you find any solution @Melechtna @dtb11288?

/bin/sh: line 1: id: command not found
/bin/sh: line 1: ps: command not found
/bin/sh: line 1: which: command not found
[0517/103603.182390:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0517/103603.182607:ERROR:process_memory_range.cc(75)] read out of range
[0517/103603.209523:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[0517/103603.209694:ERROR:process_memory_range.cc(75)] read out of range
[1]    60900 trace trap (core dumped)  surfshark

[caniko]

Maybe take a look at the AUR package, it runs fine

It is so simple...