Open balsoft opened 6 years ago
Would adding the following to your configuration work?
programs.chromium = {
enable = true;
extensions = [ "gbchcmhmhahfdphkhkmpfmihenigjmpp" ];
};
See chromium module.
@jtojnar , thanks for the reply. The chromium extension installs fine, but it requires host app installed. I've already tried to package that, but it doesn't work. Failed attempt When I try to setup chromium extension, it tells me to "download and install the chrome remote desktop host" (or close to that; I'm trying to translate from russian to english), and doesn't allow me to continue. By the way, this is only my second attempt on writing nix expressions, so if it is terrible please correct me.
Right. This one be a pickle to package – the package relies on quite a few imperative changes.
I can see several issues with that expression:
src
URL ins not version specific, it will break in the future. Maybe the source code could be used https://chromium.googlesource.com/chromium/chromium/+/trunk/remotingfetchgit
is missing rev
and sha256
attributes.$out/usr/
should be just $out/
.patchShebangs
should not be necessary, it is run automatically in fixupOutputHooks
.patchelf
can only work on one file at a time. You need to loop over the files to fix the issue you are having.Thanks for helping.
1) I believe that would actually require fetching all of chromium sources (around 2.1 GB)
2) Ok, will fix
3)
4) How exactly do I edit my nixos modules? Is it safe? Can I roll back if something goes wrong?
5) There's only docs in $out/usr
, should I just move the share
folder to the $out
?
6) Ok, I was just messing around with it, will fix
7) Thanks, will do
I updated the gist
nixos/modules
and then add the path to module-list.nix
. Modules are just a way to extend your configuration – you could just as well paste their contents to your configuration.nix
and then rebuild, so it can be rolled back just like any other configuration change. If you want to just try without rebuilding your system, you can save the configuration to a file and then run nixos-rebuild build-vm -I nixpkgs=path-to-your-nixpkgs -I nixos-config=test-crd.nix
.For example, I use something like the following for testing NixOS modules:
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gdb
binutils # readelf
rr
file
htop
less
dbus
dfeet
# Packages I want to test
firefox
];
nixpkgs.config.firefox.enableGnomeExtensions = true;
services.gnome3.chrome-gnome-shell.enable = true;
services.openssh.enable = true;
services.xserver = {
enable = true;
layout = "cz";
xkbVariant = "qwerty";
desktopManager.gnome3 = {
enable = true;
};
};
hardware.opengl.enable = true;
users.extraUsers.u = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "networkmanager" ];
password = "";
openssh.authorizedKeys.keys = ["mysshkey"];
};
systemd.coredump.enable = true;
virtualisation.memorySize = 1024;
}
$out/usr/lib
, which should definitely be $out/lib
.5) Ok, just removed systemd service - no point of it being there, it should probably go in the module.
Well, I believe that there is a problem: user-session
wants to have suid, and nix-build
user isn't allowed to set that. What do I do?
@balsoft maybe see NixOS option: security.wrappers
?
@sifmelcara Thanks.
Ok, I found a hacky way to write stuff to homedirs.
system.activationScripts.crd-setup = {
text = ''
if [[ -z $(cat ${cfg.user.home}/.chrome-remote-desktop-session) ]]; then
# Create the file
echo "export $(dbus-launch)" > ${cfg.user.home}/.chrome-remote-desktop-session
echo "${cfg.session}" >> ${cfg.user.home}/.chrome-remote-desktop-session
fi
if [[ -z $(cat ${cfg.user.home}/.config/chrome-remote-desktop/Size) ]]; then
echo "${cfg.screenSize}" > ${cfg.user.home}/.config/chrome-remote-desktop/Size
fi
'';
};
Is this ok?
The size seems to be only used as the nixos module so you probably do not need to store it to a file. As for the rest, I do not seem a better way with a program like this one.
@jtojnar wait, as I see it the cfg.size
is the option the user would set with services.chrome-remote-desktop.size
and it is the screen resolution of remote desktop (check out the script from aur for details). Does this conflict with some internal part of nix? I'll change it to screenSize
then.
Yes, but it only seems to be used by the script itself (e.g. chrome-remote-desktop --size="$crd_size"
) so you can use cfg.size
right in your service definition.
Oh, ok. I didn't notice that. Thanks
It doesn't seem to build though.
$ nixos-rebuild build-vm -I nixpkgs=./nixpkgs -I nixos-config=./test.nix
building Nix...
building the system configuration...
error: value is a function while a set was expected, at /home/balsoft/Документы/nixpkgs/lib/modules.nix:450:12
(use ‘--show-trace’ to show detailed location information)
test.nix:
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
binutils
];
services.xserver = {
enable = true;
desktopManager.xfce = {
enable = true;
};
};
users.extraUsers.u = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "networkmanager" ];
password = "";
};
}
Ok, --show-trace
helped to pin down the errors.
This is now what I'm stuck at. The python script chrome-remote-desktop
tries to launch user-session
from its own script dir:
USER_SESSION_PATH = os.path.join(SCRIPT_DIR, "user-session")
Of course there is no good functional way to overwrite the file with suid. How to solve the problem? One solution I see is to write the location of a wrapped user-session
to /etc/chrome-remote-desktop-user-session
and then substituteInPlace
.
I think that we should move the conversation to the fork? BTW, I've solved the issues @jtojnar have pointed out.
@balsoft Anything new to this issue? I'd also like to have chrome-remote-desktop installed :-)
@klassm Currently, I don't know how to solve the problem of needing SUID file in nix store, which is not allowed. If somebody would help me, that would be great as I don't know Nix ecosystem to this extent.
@balsoft In a NixOS module, you can use security.wrappers
and then refer to /run/wrappers/bin/crd
in the package.
Thanks @jtojnar . Can you please elaborate on that? Using security.wrappers
still doesn't allow arbitrary file in a derivation to have SUID bit on. What's the proper way to solve this?
Sorry, did not finish the comment. The module cannot update Nix store since it is immutable and it probably would not be very safe. Instead the SUID file is placed to /run/wrappers/bin
so you need to use this path in the derivation instead of $out/bin
.
@jtojnar Thanks a lot! I'll try to do that.
Currently I'm working on it, but right now I can't test it as I run Wayland on my laptop (and it doesn' seem to support it), and I don't have enough RAM to test it in VM w\ Xorg.
On Sun, 15 Apr 2018 at 12:38 Jan Tojnar notifications@github.com wrote:
Sorry, did not finish the comment. The module cannot update Nix store since it is immutable and it probably would not be very safe. Instead the SUID file is placed to /run/wrappers/bin so you need to use this path in the derivation instead of $out/bin.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/34084#issuecomment-381393138, or mute the thread https://github.com/notifications/unsubscribe-auth/ARnLUzNOdMAH4DXFmQ97OkOV6T-n-t0Pks5toxUxgaJpZM4RlgyW .
-- С уважением, ученик МБОУ "Гимназия №2 "Квантор" Бантьев Александр balsoft@yandex.ru balsoft75@gmail.com
Best regards, Alexander Bantyev aka balsoft balsoft@yandex.ru balsoft75@gmail.com
Well how can I test it? :-)
@balsoft hey, is this code available anywhere?
@balsoft hey, is this code available anywhere?
I think it's here, @mlen?
Hello, I'm a bot and I thank you in the name of the community for opening this issue.
To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.
The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.
If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them.
Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel.
I found myself in want of this package today.
I may take a stab at trying to get this to work, we'll see.
@maxdeviant, @balsoft any news on the issue?
I would also be interested at ruining chrome-remote-desktop
on NixOS
.
@cgallay I never did get around to working on this, sorry 😕
I got it working, but it is very bespoke (involves running sed
over a binary). I'll try to clean it up and post in a gist.
Another pain point is that the hash of the latest .deb changes from time to time and requires updates.
Here's the gist https://gist.github.com/mlen/b82b8f53d4084686d0f004664a095edb.
I'm using a custom package overlay, where I pull the default.nix
file in. After everything is configured you still need to run chrome-remote-desktop --start
. I think I used the headless setup to get it running.
I marked this as stale due to inactivity. → More info
@mlen I'm almost done. From your gist, on default.nix
I added mesa,libdrm,libxkbcommon,waylad
packages to the libPath
under preFixup
and now the button on the chromium allows me to set pin numbers. However, when i press confirm after putting in my pin numbers, an error occurs.
[0107/070729.942682:ERROR:daemon_controller_delegate_linux.cc(98)] Failed to enable unit: Unit file chrome-remote-desktop@sepiabrown.service does not exist. [0107/070729.942888:ERROR:daemon_controller_delegate_linux.cc(204)] Failed to start host.
How did you fix the problem?
@sepiabrown Maybe the NixOS module also needs systemd.packages = [ pkgs.chrome-remote-desktop ];
@jtojnar Wow it somehow made an effect. The error message changed to
[0107/111426.778860:ERROR:daemon_controller_delegate_linux.cc(98)] Failed to enable unit: File /etc/systemd/system/multi-user.target.wants/chrome-remote-desktop@sepiabrown.service: Read-only file system [0107/111426.778976:ERROR:daemon_controller_delegate_linux.cc(204)] Failed to start host.
So I had added the code below in my NixOS module(configuration.nix
). I copied the basic form from ${pkgs.chrome-remote-desktop}/lib/systemd/system/chrome-remote-desktop@.service
systemd.services.chrome-remote-desktop = {
enable = true;
unitConfig = {
Description = "Chrome Remote Desktop instance for ${cfg.user}";
After = [ "network.target" ];
};
serviceConfig = {
Type = "simple";
User = cfg.user;
Environment = "XDG_SESSION_CLASS=user XDG_SESSION_TYPE=x11";
# Environment = {
# XDG_SESSION_CLASS = "user";
# XDG_SESSION_TYPE = "x11";
# };
PAMName = "chrome-remote-desktop";
TTYPath = "/dev/chrome-remote-desktop";
ExecStart = "${pkgs.chrome-remote-desktop}/opt/google/chrome-remote-desktop/chrome-remote-desktop --start --new-session";
ExecReload = "${pkgs.chrome-remote-desktop}/opt/google/chrome-remote-desktop/chrome-remote-desktop --reload";
ExecStop = "${pkgs.chrome-remote-desktop}/opt/google/chrome-remote-desktop/chrome-remote-desktop --stop";
# Log output to the journal
StandardOutput = "journal";
# Use same fd as stdout
StandardError = "inherit";
# Must be kept in sync with RELAUNCH_EXIT_CODE in linux_me2me_host.py
RestartForceExitStatus = "41";
};
wantedBy = [ "multi-user.target" ];
};
But the error message doesn't change.
It feels like I'm just a step away!
P.S. How did you diagnosed my error such that it may be related to systemd
? If you searched, what was the keyword? Or is it from your abundunt experience related to the nix packaging errors?
How did you diagnosed my error such that it may be related to
systemd
? If you searched, what was the keyword? Or is it from your abundunt experience related to the nix packing errors?
I got it from “Unit file chrome-remote-desktop@sepiabrown.service does not exist”.
Unit file is systemd terminology for services and other similar objects. The @
in the name means it is a template instance. The reason services typically do not exist are because systemd is not aware of a package and systemd.packages
option is a method to link package’s units into systemd directory tree.
The error message changed to
[0107/111426.778860:ERROR:daemon_controller_delegate_linux.cc(98)] Failed to enable unit: File /etc/systemd/system/multi-user.target.wants/chrome-remote-desktop@sepiabrown.service: Read-only file system [0107/111426.778976:ERROR:daemon_controller_delegate_linux.cc(204)] Failed to start host.
I guess that means the program is trying to run systemctl enable chrome-remote-desktop@sepiabrown.service
or something like that, which will obviously fail. You can see the full imperative process in https://ibug.io/blog/2019/07/systemd-service-template/ but I am not completely sure how to translate it to declarative config. Maybe something like https://github.com/NixOS/nixpkgs/issues/80933#issuecomment-821226075.
I assume the program or systemd will not try to enable (and thus try to create the symlink) for already enabled service. But if it does, we would need to patch the program.
I've finally succeeded in making chrome-remote-desktop work. Here is the gist. https://gist.github.com/sepiabrown/0dbca7da5610055991ad04bbeb461fed
Help from @jtojnar was crucial. I really appreciate your help! i cannot thank you enough :)
I have a few question though.
default.nix
, I have added the following 6 lines in patchPhase
which allow me to access into the existing local X-session.
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "FIRST_X_DISPLAY_NUMBER = 20" "FIRST_X_DISPLAY_NUMBER = 0"
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "while os.path.exists(X_LOCK_FILE_TEMPLATE % display):" "# while os.path.exists(X_LOCK_FILE_TEMPLATE % display):"
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "display += 1" "# display += 1"
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "self._launch_x_server(x_args)" "display = self.get_unused_display_number()"
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "if not self._launch_pre_session():" "self.child_env[\"DISPLAY\"] = \":%d\" % display"
substituteInPlace $out/$replacePrefix/chrome-remote-desktop --replace "self.launch_x_session()" "# self.launch_x_session()"
So when I remotely access my laptop through iPad, what I see and control in iPad is identical to labtop and vice-versa.
Without the above 6 lines, if I remotely access my laptop through iPad, I can't see any applications already opened in laptop. Controlling the new session through iPad has no effect on laptop.
Obviously, the original version of the program should be respected. So when going through patchPhase
, it should be possible to switch between the version with and without the above 6 lines. I have tried declaring new boolean option newSession
in chrome-remote-desktop.nix
and use lib.optionalString (!config.services.xserver.chrome-remote-desktop.newSession)
but it failed. What is the standard way to implement this?
Based on my gist, Is it enough to add the package to Nixpkgs or do I need to improve the code?
If it is enough, then where would you recommend to put them?
For default.nix
, maybe https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/applications/networking/browsers/chromium here?
For chrome-remote-desktop.nix
, maybe https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/programs here?
I've never added any package so I don't want to ruin the consistency of where the packages and module goes.
Obviously, the original version of the program should be respected. So I want to be able to switch between the version with and without the above 6 lines. I have tried declaring new boolean option
newSession
inchrome-remote-desktop.nix
and uselib.optionalString (!config.services.xserver.chrome-remote-desktop.newSession)
but it failed. What is the standard way to implement this?
You would have default.nix
accept enableNewSession ? false
argument and then have the NixOS module use pkgs.chrome-romete-desktop.override { enableNewSession = cfg.newSession; }
.
2. Based on my gist, Is it enough to add the package to Nixpkgs or do I need to improve the code?
I still see many issues with the code but those are best hashed out in PR review.
3. If it is enough, then where would you recommend to put them?
I would use pkgs/applications/networking/remote
for the package and maybe nixos/modules/services/networking
for the module. But nixos/modules/programs
would probably also work. Categorization is hard.
Thank you for your detailed answer!
I have two additional questions.
Without those 6 lines (substituteInPlace ~~
), you need to configure ~/.chrome-remote-desktop-session
to make it work.
Configuring ~/.chrome-remote-desktop-session
was already done by @mlen here https://gist.github.com/mlen/b82b8f53d4084686d0f004664a095edb#file-chrome-remote-desktop-session. But the code depends heavily on awk
which made the code not applicable to plasma setting. Both lightdm
and sddm
have the necessary code parts for ~/.chrome-remote-desktop-session
in nixos/modules/services/x11/display-managers/default.nix
at
Exec=${script}
which is elaborated in xsession = dm: wm: pkgs.writeScript "xsession" ''
Is there any method to refer to the xsession
script file generated in the /nix/store
?
The best way that I can think of is by finding (builtins.elemAt nixosConfigurations.MyFlakeName.config.services.xserver.displayManager.sessionPackages 0).outPath
in nix repl
and from there, you cd
into the path and vim share/xsessions/plasma5.desktop
and find Exec =
part.. which is not an easy solution.
This question is not directly related to the issue.
In the code apply = val: {
in nixos/modules/services/x11/display-managers/default.nix
, why are variables wrapper
, desktops
, sessionNames
, autologinSession
under apply
? Since val
is used nowhere, I don't understand why apply
should be used. There seems to be lack of documentation for apply
. Can you explain or direct me to the documentation on how apply
works and the reason why apply
is used here?
2. In the code
apply = val: {
innixos/modules/services/x11/display-managers/default.nix
, why are variableswrapper
,desktops
,sessionNames
,autologinSession
underapply
? Sinceval
is used nowhere, I don't understand whyapply
should be used. There seems to be lack of documentation forapply
. Can you explain or direct me to the documentation on howapply
works and the reason whyapply
is used here?
apply
is simply a method to transform the merged value of an option definitions:
Since val
is ignored, it will always return the same value, no matter what we pass the option. It is basically a hack for storing data in the module system like you would with a let
binding.
@jtojnar Hi! I have few more questions!
chrome-remote-desktop
requires the system to have ~/.config/chrome-remote-desktop
. In what phase should the mkdir -p ~/.config/chrome-remote-desktop
command be put in default.nix?
Is it ok to put mkdir -p ~/.config/chrome-remote-desktop
in default.nix? I have a feeling that it is wrong because it is interacting with my home directory. Any suggestion or standard way to proceed?
The code works well with nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"
and nixos-21.11
in my flake.nix
but not with nixos-unstable
. With nixos-unstable
, symptoms are as follows.
The chrome-remote-desktop
service runs well on my laptop since the setting of device name and password works well as the below picture.
Even other devices (iPad, Android phone) recognize that the service in the laptop is running. When I change the name of the laptop ( sepiabrown-nnix
in the picture), other devices recognize the change of the name. But the problem is when I enter the correct pin when accessing with other devices, access fails with the error that "The access code is invalid. Please try again.".
In this situation, how do I debug? Do I have to make overlays with different releases (nixos-21.11
and nixos-unstable
) of preFixup
packages and test each packages? For example, try a overlay with glib
of release nixos-unstable
where other packages are fixed to nixos-21.11
. If it works, then go onto the next package pam
of release nixos-unstable
where other packages are fixed to nixos-21.11
, so on and so forth. (BTW, I have changed gnome3.gtk
gnome3.dconf
to gtk3
and dconf
according to your commit. nixos-21.05
, nixos-21.11
worked but nixos-unstable
didn't work)
Thank you for your kind help in advance!
chrome-remote-desktop
requires the system to have~/.config/chrome-remote-desktop
. In what phase should themkdir -p ~/.config/chrome-remote-desktop
command be put in default.nix?- Is it ok to put
mkdir -p ~/.config/chrome-remote-desktop
in default.nix? I have a feeling that it is wrong because it is interacting with my home directory. Any suggestion or standard way to proceed?
Applications are typically responsible for creating their user configuration directories. Nix builds are run in sandbox so they cannot really write to user’s directory. It would be completely against the goals of Nix since it would no longer be reproducible.
- The code works well with
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"
andnixos-21.11
in myflake.nix
but not withnixos-unstable
. Withnixos-unstable
, symptoms are as follows. Thechrome-remote-desktop
service runs well on my laptop since the setting of device name and password works well as the below picture.
You would typically start by trying to enable the application’s debugging facilities.
I would not really recommend mixing libraries from different versions of Nixpkgs. While it may work in most cases, there can be subtle rough edges (e.g. caused by desktop platform libraries using dynamically loaded modules with different ABI), which are not worth the hassle when you can trivially avoid them by using the same versions of libraries as on your system.
chrome-remote-desktop
requires the system to have~/.config/chrome-remote-desktop
. In what phase should themkdir -p ~/.config/chrome-remote-desktop
command be put in default.nix?- Is it ok to put
mkdir -p ~/.config/chrome-remote-desktop
in default.nix? I have a feeling that it is wrong because it is interacting with my home directory. Any suggestion or standard way to proceed?
Fixed by disabling program from checking ~/.config/chrome-remote-desktop
. Not neccessary for the programe to work.
- The code works well with
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"
andnixos-21.11
in myflake.nix
but not withnixos-unstable
.
It was due to recent change in linux-pam
(#153104). Many other applications were affected by the change. I've checked that chrome-remote-desktop
works normally with the fix #156974.
@sepiabrown it seems like you were driving most of this work a year and a half ago. Curious, have you been using chrome-remote-desktop
on NixOS since then? Curious how much work you think might be remaining.
I've gotten xrdp
working pretty well. But I think chrome-remote-desktop
might be the better experience by a little. For instance, I couldn't get MacOS/Linux clipboard redirection working with xrdp
. But that seemed to work well with chrome-remote-desktop
when I tried it against an Ubuntu machine.
I might be in over my head, but I thought I'd ask how I might help.
Curious, have you been using
chrome-remote-desktop
on NixOS since then?
I was using it 6 months ago at my graduate school lab machine. But after graduation, I had no time to package
chrome-remote-desktop
because I was adapting to my first job.
Curious how much work you think might be remaining.
The remaining problem is that https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb
is a moving target which means 1) its sha256
changes often and 2) one needs a bit of knowledge to fix the nix code to adapt to the changes in the deb file. I heard that there are packages with similar problems but I had no time to invest further.
Issue description
There is no google remote desktop host package in nixpkgs. It seems like it would be possible to add it: AUR. I could try although I have very little experience with writing nix package expressions.