Hello
I’m packaging an electron desktop app that uses electron-builder and it seems that the build is failling due to the sandbox restriction on network access.
I know that disabling the sandbox is bad and not recommended hence is there any way I can workaround this issue ?
Here is the package.nix :
{
lib,
stdenv,
buildNpmPackage,
fetchFromGitHub,
substituteAll,
jq,
moreutils,
zip,
unzip,
gtk3,
makeWrapper,
copyDesktopItems,
makeDesktopItem,
electron_27,
}:
let
platformInfos = {
"x86_64-linux" = {
zipSuffix = "linux-x64";
buildCmd = "linux";
};
"x86_64-darwin" = {
zipSuffix = "darwin-x64";
buildCmd = "osx";
};
"aarch64-darwin" = {
zipSuffix = "darwin-arm64";
buildCmd = "osxarm";
};
};
platformInfo = platformInfos.${stdenv.system};
## Electron 27 is the latest version that works as of BloodHound 4.3.1
electron = electron_27;
in
buildNpmPackage rec {
pname = "bloodhound";
version = "4.3.2";
src = fetchFromGitHub {
owner = "AkechiShiro";
repo = "BloodHound";
rev = "v${version}";
hash = "sha256-ZXJPeWuajPKmaeTDCDnFniRa1wkGEZbpfDXV4jigoHg=";
};
npmDepsHash = "sha256-I+Bg1YfacjJR8rTAvI02YKgExGdrZejYtC+C9kx+kgc=";
#"sha256-+sU7E4x6G0V/UwkDRpkYNB1WpCqVLefsE2k/WQvquRs=";
patches = [
# Fix info in the "about" page, set electron version, set local-cache as zipdir
(substituteAll {
src = ./mk.patch;
#version = version;
electron_version = electron.version;
})
];
#postPatch = ''
#npm update
#'';
buildInputs = [
gtk3
];
nativeBuildInputs = [
zip
unzip
makeWrapper
copyDesktopItems
];
#rpath = lib.makeLibraryPath [
# alsa-lib
# at-spi2-atk
# at-spi2-core
# atk
# cairo
# cups
# dbus
# expat
# fontconfig
# freetype
# gdk-pixbuf
# glib
# gtk3
# libGL
# libappindicator-gtk3
# libdrm
# libnotify
# libpulseaudio
# libuuid
# libxcb
# libxkbcommon
# mesa
# nspr
# nss
# pango
# systemd
# stdenv.cc.cc.lib
# udev
# xorg.libX11
# xorg.libXScrnSaver
# xorg.libXcomposite
# xorg.libXcursor
# xorg.libXdamage
# xorg.libXext
# xorg.libXfixes
# xorg.libXi
# xorg.libXrandr
# xorg.libXrender
# xorg.libXtst
# xorg.libxkbfile
# xorg.libxshmfence
#];
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
NODE_OPTIONS = "--openssl-legacy-provider";
npmBuildFlags = [platformInfo.buildCmd "--legacy-peer-deps"];
# This package uses electron-packager instead of electron-builder
# Here, we create a local cache of electron zip-files, so electron-packager can copy from it
postConfigure = ''
mkdir local-cache
cp -r --no-preserve=all ${electron}/libexec/electron electron
pushd electron
zip -qr ../local-cache/electron-v${electron.version}-${platformInfo.zipSuffix}.zip *
popd
'';
installPhase = ''
runHook preInstall
install -Dm644 D.png $out/share/icons/hicolor/64x64/apps/bloodhound.png
install -Dm644 D.svg $out/share/icons/hicolor/scalable/apps/bloodhound.svg
pushd _/bloodhound*/*
install -Dm644 ThirdPartyNotices.txt -t $out/share/doc/bloodhound
mkdir -p $out/share/bloodhound
cp -r locales resources{,.pak} $out/share/bloodhound
makeWrapper ${lib.getExe electron} $out/bin/bloodhound \
--add-flags $out/share/bloodhound/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--inherit-argv0
popd
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "bloodhound";
exec = "bloodhound";
icon = "bloodhound";
desktopName = "BloodHound";
categories = [
"IDE"
];
comment = meta.description;
terminal = false;
})
];
meta = {
broken = stdenv.isDarwin;
changelog = "https://github.com/BloodHoundAD/bloodhound/releases/tag/${src.rev}";
description = "Active Directory Reconnaissance and Graph Attack Path management tool";
homepage = "https://github.com/BloodHoundAD/bloodhound";
license = lib.licenses.gpl3Plus;
mainProgram = "BloodHound";
maintainers = with lib.maintainers; [
];
platforms = lib.attrNames platformInfos;
};
}
Build Error output :
[1309] ./node_modules/@emotion/is-prop-valid/dist/is-prop-valid.browser.esm.js + 1 modules 4.41 KiB {0} [optional] [built]
| 2 modules
+ 1401 hidden modules
> bloodhound@4.3.1 package
> electron-packager . BloodHound --overwrite --prune --ignore=./*.zip --ignore=./BloodHound.* --ignore=BloodHoundExampleDB.db --ignore=docs --ignore=Ingestors --ignore=node_modules/\.bin linux
getaddrinfo EAI_AGAIN github.com
ERROR: "package -- linux" exited with 1.
ERROR: `npm build` failed
Here are a few things you can try, depending on the error:
1. Make sure your build script (build) exists
If there is none, set `dontNpmBuild = true`.
2. If the error being thrown is something similar to "error:0308010C:digital envelope routines::unsupported", add `NODE_OPTIONS = "--openssl-legacy-provider"` to your derivation
See https://github.com/webpack/webpack/issues/14532 for more information.
error: builder for '/nix/store/mjh0904f5gx7mbcqkb4k6j21p0mbqhmb-bloodhound-4.3.2.drv' failed with exit code 1;
last 10 log lines:
> ERROR: "package -- linux" exited with 1.
>
> ERROR: `npm build` failed