1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
{ lib, stdenv
, fetchurl
, acl
, cyrus_sasl
, docbook_xsl
, libepoxy
, gettext
, gobject-introspection
, gst_all_1
, gtk-doc
, gtk3
, hwdata
, json-glib
, libcacard
, libcap_ng
, libdrm
, libjpeg_turbo
, libopus
, libsoup
, libusb1
, lz4
, meson
, ninja
, openssl
, perl
, phodav
, pixman
, pkg-config
, polkit
, python3
, spice-protocol
, usbredir
, vala
, wayland-protocols
, zlib
, withPolkit ? true
}:
# If this package is built with polkit support (withPolkit=true),
# usb redirection reqires spice-client-glib-usb-acl-helper to run setuid root.
# The helper confirms via polkit that the user has an active session,
# then adds a device acl entry for that user.
# Example NixOS config to create a setuid wrapper for the helper:
# security.wrappers.spice-client-glib-usb-acl-helper.source =
# "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
# On non-NixOS installations, make a setuid copy of the helper
# outside the store and adjust PATH to find the setuid version.
# If this package is built without polkit support (withPolkit=false),
# usb redirection requires read-write access to usb devices.
# This can be granted by adding users to a custom group like "usb"
# and using a udev rule to put all usb devices in that group.
# Example NixOS config:
# users.groups.usb = {};
# users.users.dummy.extraGroups = [ "usb" ];
# services.udev.extraRules = ''
# KERNEL=="*", SUBSYSTEMS=="usb", MODE="0664", GROUP="usb"
# '';
stdenv.mkDerivation rec {
pname = "spice-gtk";
version = "0.40";
outputs = [ "out" "dev" "devdoc" "man" ];
src = fetchurl {
url = "https://www.spice-space.org/download/gtk/${pname}-${version}.tar.xz";
sha256 = "sha256-I/X/f6gLdWR85zzaXq+LMi80Mtu7f286g5Y0YYrbztM=";
};
postPatch = ''
# get rid of absolute path to helper in store so we can use a setuid wrapper
substituteInPlace src/usb-acl-helper.c \
--replace 'ACL_HELPER_PATH"/' '"'
# don't try to setcap/suid in a nix builder
substituteInPlace src/meson.build \
--replace "meson.add_install_script('../build-aux/setcap-or-suid'," \
"# meson.add_install_script('../build-aux/setcap-or-suid',"
'';
nativeBuildInputs = [
docbook_xsl
gettext
gobject-introspection
gtk-doc
libsoup
meson
ninja
perl
pkg-config
python3
python3.pkgs.pyparsing
python3.pkgs.six
vala
];
propagatedBuildInputs = [
gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good
];
buildInputs = [
cyrus_sasl
libepoxy
gtk3
json-glib
libcacard
libcap_ng
libdrm
libjpeg_turbo
libopus
libusb1
lz4
openssl
phodav
pixman
spice-protocol
usbredir
wayland-protocols
zlib
] ++ lib.optionals withPolkit [ polkit acl ] ;
PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
mesonFlags = [
"-Dusb-acl-helper-dir=${placeholder "out"}/bin"
"-Dusb-ids-path=${hwdata}/share/hwdata/usb.ids"
];
meta = with lib; {
description = "GTK 3 SPICE widget";
longDescription = ''
spice-gtk is a GTK 3 SPICE widget. It features glib-based
objects for SPICE protocol parsing and a gtk widget for embedding
the SPICE display into other applications such as virt-manager.
Python bindings are available too.
'';
homepage = "https://www.spice-space.org/";
license = licenses.lgpl21;
maintainers = [ maintainers.xeji ];
platforms = platforms.linux;
};
}
|