That’s super useful, thank you! My only issue is that I’m stuck at the download of the extension - the sha256 is not correct (they bumped up the version since you wrote that comment), and I’m not sure on how to get that format of the sha256 checksum in CLI. Any suggestions on that?
You could use nix-prefetch-url^1 to get the hash value before build time. Another option is to let Nix try to build the derivation with a wrong hash and it will tell you the current and expected hash in case of a mismatched. Personally I have never used nix nix-prefetch-url but if you have many add-ons it might be tedious to manually fix them one by one with the latter approach.
If you meant the sha256- prefix of the hashes, that means they are in SRI format. You can use nix hash to-sri --type sha256 <hash> to get the SRI representation of a hash. But it is not requirement, fetchurl also accepts normal hashes.
λ nix-prefetch-url "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=92&x=id%3Dcjpalhdlnbpafiamejdnhcphjbkeiagm%26installsource%3Dondemand%26uc"
error: store path 'c3g8blw31a06angllx4749nx3wmbxvzk-crx?response=redirect&acceptformat=crx2,crx3&prodversion=92&x=id%3Dcjpalhdlnbpafiamejdnhcphjbkeiagm%26installsource%3Dondemand%26uc' contains illegal character '&'
doesn’t really work. Also, the sha256 in your config snippet is formatted like sha256-u81DNkZw/LBVyjk5nmrrJEVjdc+GFCay+rQZGpDH3jA= this, while the error spits it out formatted like this:
error: hash mismatch in file downloaded from 'https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=92&x=id%3Dcjpalhdlnbpafiamejdnhcphjbkeiagm%26installsource%3Dondemand%26uc':
specified: sha256:0c6yqy81l6dlzar2c546rxsn6i94xdm9wf9rr9av1z3h8qv47kdv
got: sha256:026l3wq4x7rg9f0dz4xiig25x8b7h0syil1d09hbpfzv0yg5bm4m
Just using 026l3wq4x7rg9f0dz4xiig25x8b7h0syil1d09hbpfzv0yg5bm4m as the hash value should be enough. I also edited my initial post.
As for nix-prefetch-url not working. When a file is fetched with builtins.fetchurl it uses the last component of the url but in this case it is not a valid name for Nix store. I also set the name explicitly to name = "${id}.crx" in my function. nix-prefetch-url work the same, so passing the --name flag should fix it: nix-prefetch-url "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=92&x=id%3Dcjpalhdlnbpafiamejdnhcphjbkeiagm%26installsource%3Dondemand%26uc" --name test
ok, got it working! basically, it’s possible also to write it in the “sha256:…” format, with the output given in the error. So, the final config snippet would be:
extensions =
let
createChromiumExtensionFor = browserVersion: { id, sha256, version }:
{
inherit id;
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=${browserVersion}&x=id%3D${id}%26installsource%3Dondemand%26uc";
name = "${id}.crx";
inherit sha256;
};
inherit version;
};
createChromiumExtension = createChromiumExtensionFor (lib.versions.major pkgs.ungoogled-chromium.version);
in
[
(createChromiumExtension {
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
sha256 = "sha256:026l3wq4x7rg9f0dz4xiig25x8b7h0syil1d09hbpfzv0yg5bm4m";
version = "1.37.2";
})
(createChromiumExtension {
# dark reader
id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
sha256 = "sha256:1xw996dmkzsx2pmilb3ivyfnjckm2g1f2sx10yd4nllqbz5076mm";
version = "4.9.34";
})
];
Ah - and in order to get the nix-prefetch-url working properly I just passed it the --name argument, so that it renames the file afterwards. I think it might be a bug in the code that manages the naming of the downloaded file?
Thank you very much for your help!