What did you try? You need to put pkgs.
in front of the attributes that come from the nixpkgs set of packages.
I tried
(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath
and
(appimageTools.extract { inherit (${pkgs.tutanota-desktop}) pname version src; }).outPath
and I don’t remember what else.
I don’t know the syntax, could you tell me exactly what to write? These hints are too difficult for me
appimageTools
also comes from pkgs
. That wasn’t a hint, I believe rhendric explicitly said that before.
It doesn’t work, I think because there is no such package.
So usually I would enter
"${pkgs.tutanota-desktop}/tutanota-desktop"
What do I write instead?
What doesn’t work, and what is the error? If you actually want help debugging, you need to provide that every time you try something new. And ideally the code should be shown in context.
The output is
"data": "(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath/tutanota-desktop"
so I’m asked to add a rule on the fly, which outputs
"data": "/nix/store/zkyclgj54igrrns6dsicck3kbx727yvi-tutanota-desktop-250.241025.0-extracted/tutanota-desktop"
but entering
(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath
in nix repl
actually outputs
"/nix/store/zkyclgj54igrrns6dsicck3kbx727yvi-tutanota-desktop-250.241025.0-extracted"
So I don’t understand why it doesn’t work. With session-desktop
instead I get a wrong path, with both session-desktop
and session-desktop-appimage
, which are the only two possibilities.
What doesn’t work? Those paths are the same, except the first path has /tutanota-desktop
at the end. So you can put that at the end of the second path?
No, that’s the rule generated by opensnitch
from my configuration, this
"data": "(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath/tutanota-desktop"
so it doesn’t work and the software asks me for a rule on the fly, that actually is
"data": "/nix/store/zkyclgj54igrrns6dsicck3kbx727yvi-tutanota-desktop-250.241025.0-extracted/tutanota-desktop"
so that expression is not converted in an actual path by opensnitch
Does that mean you are configuring using the GUI? That won’t work because it does not know how to interpret the Nix code.
If you use configuration.nix
maybe it would help posting it here.
I’m using configuration.nix
here are the entries
tutanota = {
name = "Tutanota";
enabled = true;
action = "allow";
duration = "always";
operator = {
type ="list";
sensitive = false;
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath/tutanota-desktop";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(|.*\\.)tuta\\.com";
}
];
};
};
and
session-desktop = {
name = "session-desktop";
enabled = true;
action = "allow";
duration = "always";
operator = {
type ="simple";
sensitive = false;
operand = "process.path";
data = "(appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; }).outPath/session-desktop-bin";
};
};
If you want to write nix code in a string, you need to interpolate the nix code with ${}
.
"${(appimageTools.extract { inherit (pkgs.tutanota-desktop) pname version src; }).outPath}/tutanota-desktop"
I get this error
error: undefined variable 'appimageTools'
Now you need to prepend pkgs.
in front of it because it is in that scope.
I see. It works for tutanota-desktop
but it doesn’t for session desktop
with both
"${(pkgs.appimageTools.extract { inherit (pkgs.session-desktop) pname version src; }).outPath}
and
"${(pkgs.appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; }).outPath}
I get this
error: builder for '/nix/store/a77ilkjx0jc2h9m7v3v5i2aj5wa4mfyn-session-desktop-1.13.2-extracted.drv' failed to produce output path for output 'out' at '/nix/store/a77ilkjx0jc2h9m7v3v5i2aj5wa4mfyn-session-desktop-1.13.2-extracted.drv.chroot/root/nix/store/fm0lypy87r17q3wir4qr9vrashninpka-session-desktop-1.13.2-extracted'
error: 1 dependencies of derivation '/nix/store/5kgqvb7dnmyg5m61jb5psf0jfzbrnf6r-rule.drv' failed to build
error: 1 dependencies of derivation '/nix/store/z0g40lmnrpm70b30lszvcsq2gjwxp9yk-unit-script-opensnitchd-pre-start.drv' failed to build
error: 1 dependencies of derivation '/nix/store/p29s3jalc0j245b12gx767lq5966yfa1-unit-opensnitchd.service.drv' failed to build
error: 1 dependencies of derivation '/nix/store/ki4gzy41nyhz386jg6a0frx759a1n147-system-units.drv' failed to build
error: 1 dependencies of derivation '/nix/store/rws878zjw66qbf37frhizj4m1ycipd0n-etc.drv' failed to build
error: 1 dependencies of derivation '/nix/store/zr7mbck6ls34ynfwq2jwa95b12qzilby-nixos-system-nixos-24.11.712512.3f0a8ac25fb6.drv' failed to build
I’m not using OpenSnitch and also learned something new today (thanks @rhendric for the repl introduction) but when I run this in the repl I don’t get any errors so I think that should work fine in your config as well.
"${(pkgs.appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; }).outPath}"
One thing I noticed is that you use .outPath/session-desktop-bin
which from my understanding will not work because the binary is located in the subfolder /bin
.
Something I like to do (and I would still consider myself a beginner in Nix/NixOS so please anyone correct me if this is not advised) is to use lib.getExe
to get the actual binary. To that function you would need to pass the unwrapped derivation itself.
So if you run this in the repl you should get the correct path:
pkgs.lib.getExe (pkgs.appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; })
nix-repl> pkgs.lib.getExe (pkgs.appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; })
evaluation warning: getExe: Package "session-desktop-1.13.2-extracted" does not have the meta.mainProgram attribute. We'll assume that the main program has the same name for now, but this behavior is deprecated, because it leads to surprising errors when the assumption does not hold. If the package has a main program, please set `meta.mainProgram` in its definition to make this warning go away. Otherwise, if the package does not have a main program, or if you don't control its definition, use getExe' to specify the name to the program, such as lib.getExe' foo "bar".
"/nix/store/fm0lypy87r17q3wir4qr9vrashninpka-session-desktop-1.13.2-extracted/bin/session-desktop"
No, the output path is not correct, same result with session-desktop-appimage
and session-desktop
, it’s the same path as the other command
nix-repl> "${(pkgs.appimageTools.extract { inherit (pkgs.session-desktop-appimage) pname version src; }).outPath}"
"/nix/store/fm0lypy87r17q3wir4qr9vrashninpka-session-desktop-1.13.2-extracted"
The correct path generated by opensnitch
is
"data": "/nix/store/s8bx7i3zi5vkklyhgmdrf4r372hfgwsb-session-desktop-1.13.2-extracted/session-desktop-bin"
Ok, now I get your point: you don‘t find the correct derivation to use in your configuration. Sadly this it not something I can help you with.
Yeah, sorry, I’m a noob and don’t know how to describe things properly. Derivation it is.
I tried this with another package built from an extracted Appimage and it works just by changing the package name, but I can’t find the correct derivation for session-desktop
as described here, could you help with that?
As said I’m a still new to many things related to nix as well.
I stumbled upon this thread searching for something else but I have no idea if that would help.