aws-workspaces: 4.7.0.4312 -> 2024.8.5191 (#396863)

- `tauon` 7.9.0+ when launched for the first time, migrates its database to a new schema that is not backwards compatible. Older versions will refuse to start at all with that database afterwards. If you need to still use older tauon versions, make sure to back up `~/.local/share/TauonMusicBox`.

- `aws-workspaces` has dropped support for PCoiP networking.

- The `earlyoom` service is now using upstream systemd service, which enables

  hardening and filesystem isolation by default. If you need filesystem write

  access or want to access home directory via `killHook`, hardening setting can

{

  stdenv,

  lib,

  makeWrapper,

  dpkg,

  fetchurl,

  autoPatchelfHook,

  curl,

  libkrb5,

  lttng-ust,

  libpulseaudio,

  callPackage,

  writeShellApplication,

  buildFHSEnv,

  webkitgtk_4_1,

  gtk3,

  openssl_1_1,

  icu70,

  webkitgtk_4_0,

  librsvg,

  pango,

  atk,

  cairo,

  gdk-pixbuf,

  libsoup_2_4,

  glib-networking,

  graphicsmagick_q16,

  libva,

  libusb1,

  hiredis,

  xcbutil,

  protobufc,

  cyrus_sasl,

}:

stdenv.mkDerivation (finalAttrs: {

  pname = "aws-workspaces";

  version = "4.7.0.4312";

let

  workspacesclient = callPackage ./workspacesclient.nix { };

  src = fetchurl {

    # Check new version at https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu/dists/focal/main/binary-amd64/Packages

    urls = [

      "https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu/dists/focal/main/binary-amd64/workspacesclient_${finalAttrs.version}_amd64.deb"

      "https://archive.org/download/workspacesclient_${finalAttrs.version}_amd64/workspacesclient_${finalAttrs.version}_amd64.deb"

    ];

    hash = "sha256-G0o5uFnEkiUWmkTMUHlVcidw+2x8e/KmMfVBE7oLXV8=";

  };

  # Source: https://github.com/jthomaschewski/pkgbuilds/pull/3

  # Credits to https://github.com/rwolfson

  custom_lsb_release = writeShellApplication {

    name = "lsb_release";

  nativeBuildInputs = [

    autoPatchelfHook

    makeWrapper

  ];

    text = ''

      # "Fake" lsb_release script

      # This only exists so that "lsb_release -r" will return the below string

      # when placed in the $PATH

  # Crashes at startup when stripping:

  # "Failed to create CoreCLR, HRESULT: 0x80004005"

  dontStrip = true;

      if [ "$#" -ne 1 ] || [ "$1" != "-r" ] ; then

          echo "Expected only '-r' argument"

          exit 1

      fi

  buildInputs = [

    (lib.getLib stdenv.cc.cc)

    libkrb5

    curl

    lttng-ust

    libpulseaudio

    gtk3

    openssl_1_1.out

    icu70

    webkitgtk_4_0

    librsvg

    gdk-pixbuf

    libsoup_2_4

    glib-networking

    graphicsmagick_q16

    hiredis

    libusb1

    libva

    xcbutil

  ];

  unpackPhase = ''

    ${dpkg}/bin/dpkg -x $src $out

      echo "Release: 22.04"

    '';

  };

  pname = "aws-workspaces";

  preFixup = ''

    patchelf --replace-needed liblttng-ust.so.0 liblttng-ust.so $out/lib/libcoreclrtraceptprovider.so

    patchelf --replace-needed libGraphicsMagick++-Q16.so.12 libGraphicsMagick++.so.12 $out/usr/lib/x86_64-linux-gnu/pcoip-client/vchan_plugins/libvchan-plugin-clipboard.so

    patchelf --replace-needed libhiredis.so.0.14 libhiredis.so $out/lib/libpcoip_core.so

  '';

in

buildFHSEnv {

  inherit pname;

  inherit (workspacesclient) version;

  installPhase = ''

    runHook preInstall

  runScript = "${workspacesclient}/bin/workspacesclient";

    mkdir -p $out/bin $out/lib

    mv $out/opt/workspacesclient/* $out/lib

    rm -rf $out/opt

  includeClosures = true;

    wrapProgram $out/lib/workspacesclient \

      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath finalAttrs.buildInputs}" \

      --set GDK_PIXBUF_MODULE_FILE "${librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \

      --set GIO_EXTRA_MODULES "${glib-networking.out}/lib/gio/modules"

  targetPkgs =

    pkgs: with pkgs; [

      workspacesclient

      custom_lsb_release

      webkitgtk_4_1

      gtk3

      pango

      atk

      cairo

      gdk-pixbuf

      protobufc

      cyrus_sasl

    ];

    mv $out/lib/workspacesclient $out/bin

  extraBwrapArgs = [

    # provide certificates where Debian-style OpenSSL can find them

    "--symlink /etc/ssl/certs/ca-certificates.crt /etc/ssl/cert.pem"

  ];

    runHook postInstall

  # expected executable doesn't match the name of this package

  extraInstallCommands = ''

    mv $out/bin/${pname} $out/bin/workspacesclient

  '';

  meta = with lib; {

    description = "Client for Amazon WorkSpaces, a managed, secure Desktop-as-a-Service (DaaS) solution";

    homepage = "https://clients.amazonworkspaces.com";

    license = licenses.unfree;

    mainProgram = "workspacesclient";

    maintainers = with maintainers; [

      mausch

      dylanmtaylor

    ];

    platforms = [ "x86_64-linux" ]; # TODO Mac support

    sourceProvenance = with sourceTypes; [ binaryNativeCode ];

  };

})

  meta = workspacesclient.meta;

}

{

  stdenv,

  lib,

  fetchurl,

  dpkg,

  makeWrapper,

  glib-networking,

}:

let

  dcv-path = "lib/x86_64-linux-gnu/workspacesclient/dcv";

in

stdenv.mkDerivation (finalAttrs: {

  pname = "workspacesclient";

  version = "2024.8.5191";

  src = fetchurl {

    urls = [

      # Check new version at https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu/dists/jammy/main/binary-amd64/Packages

      "https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu/dists/jammy/main/binary-amd64/workspacesclient_${finalAttrs.version}_amd64.deb"

      "https://d3nt0h4h6pmmc4.cloudfront.net/new_workspacesclient_jammy_amd64.deb"

    ];

    hash = "sha256-BDxMycVgWciJZe8CtElXaWVnqYDQO5NmawK10GvP2+k=";

  };

  nativeBuildInputs = [

    dpkg

    makeWrapper

  ];

  installPhase = ''

    runHook preInstall

    mkdir -p $out

    cp -R usr/* $out/

    # We introduce a dependency on the source file so that it need not be redownloaded everytime

    echo $src >> "$out/share/workspace_dependencies.pin"

    runHook postInstall

  '';

  postFixup = ''

    # provide network support

    wrapProgram "$out/bin/workspacesclient" \

      --set GIO_EXTRA_MODULES ${glib-networking}/lib/gio/modules \

    # dcvclient does not setup the environment correctly.

    # Instead wrap the binary directly the correct environment paths

    mv $out/${dcv-path}/dcvclientbin $out/${dcv-path}/dcvclient

    wrapProgram $out/${dcv-path}/dcvclient \

      --suffix LD_LIBRARY_PATH : $out/${dcv-path} \

      --suffix GIO_EXTRA_MODULES : ${dcv-path}/gio/modules \

      --set DCV_SASL_PLUGIN_DIR $out/${dcv-path}/sasl2 \

    # shrink the install by removing all vendored libraries which will be provided by Nixpkgs

    find $out/${dcv-path} -name lib\* ! -name libdcv\* ! -name libgioopenssl\* | xargs rm

  '';

  meta = {

    description = "Client for Amazon WorkSpaces, a managed, secure Desktop-as-a-Service (DaaS) solution";

    homepage = "https://clients.amazonworkspaces.com";

    license = lib.licenses.unfree;

    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];

    mainProgram = "workspacesclient";

    maintainers = with lib.maintainers; [

      mausch

      dylanmtaylor

    ];

    platforms = [ "x86_64-linux" ]; # TODO Mac support

  };

})