Package WinApps (and the Launcher) with Nix

[oskardotglobal]

This depends on #232, but this PR makes WinApps and the launcher available to install conveniently using the Nix package manager.

I'll look into getting this into Nixpkgs, the Nix package registry, but this might not be possible since WinApps is technically licensed under ARR.

[LDprg]

Great fan of this, since I use nixos myself.

[AkechiShiro]

Once I do test #232, I can give this a try, thanks a lot for the work @oskardotglobal

[oskardotglobal]

When #15 gets merged, I'll also try to get this into nixpkgs.

[AkechiShiro]

@oskardotglobal can you PR the package upstream on Nixpkgs as a draft PR maybe ? Or if you did test already, PR it for reviews

[oskardotglobal]

Yeah, I will

[oskardotglobal]

It's just currently not building

[oskardotglobal]

Alright, this builds properly again; it would be good if someone were to try this too
I use it on my system but I can't catch all the bugs

[AkechiShiro]

@oskardotglobal Will let you know once I tried, can you tell me a way to try it ? Should I drop it into a nixpkgs folder and build it then use it ?

I need to setup a Windows VM with quickemu before using it right ?

[oskardotglobal]

@AkechiShiro No, you will need either a VM using libvirt, docker or podman. Just follow the normal installation guide in the README. There are also instructions on how to install winapps via the flake in this repository. You can also check my .dotfiles: https://github.com/oskardotglobal/.dotfiles/blob/nix/flake.nix

[AkechiShiro]

Couldn't try the flake as it is not in the repo yet, not sure if I can specify the branch inside the flake syntax here :

nix profile install github:winapps-org/winapps#winapps
error: getting status of '/nix/store/341r1hwprc108jk6cf7c0ryxblwwp7dp-source/flake.nix': No such file or directory

[oskardotglobal]

You have to add /feat-nix-packaging to the end of the flake input definition or add a commit hash from that branch

[AkechiShiro]

Step 3 needs to be done, I think we need more documentation on how to use it, I believe winapps-setup must be run after step 3 is done and then winapps or winapps-launcher can be used.

[AkechiShiro]

My RDP connection seems to fail, not sure why exactly, I setup W11 using Docker and used the USERNAME and PASSWORD set.

[21:33:11:432] [289627:00046b5c] [ERROR][com.freerdp.core.transport] - [transport_read_layer]: BIO_read returned a system error 104: Connection reset by peer
[21:33:11:432] [289627:00046b5c] [ERROR][com.freerdp.core] - [transport_read_layer]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]

I've tried using xfreerdp3 manually as well can't seem to figure out why I'm hitting this error

[AkechiShiro]

Here is the detailed logs using WLOG_LEVEL=DEBUG:

[21:36:46:998] [290759:00046fc8] [DEBUG][com.freerdp.core] - [freerdp_connect_begin]: resetting error state
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives benchmark: only one backend, skipping...
[21:36:46:05] [290759:00046fc8] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives autodetect, using generic
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_set_negotiation_enabled]: Enabling security layer negotiation: TRUE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_set_restricted_admin_mode_required]: Enabling restricted admin mode: FALSE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdp]: Enabling RDP security: TRUE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_tls]: Enabling TLS security: TRUE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_nla]: Enabling NLA security: TRUE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_ext]: Enabling NLA extended security: FALSE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdstls]: Enabling RDSTLS security: FALSE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_enable_aad]: Enabling RDS AAD security: FALSE
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0xfa03c60]: CONNECTION_STATE_INITIAL --> CONNECTION_STATE_NEGO
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer 127.0.0.1
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_NLA
[21:36:46:29] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_attempt_nla]: Attempting NLA security
[21:36:46:30] [290759:00046fc8] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: 3
[21:36:46:223] [290759:00046fc8] [ERROR][com.freerdp.core.transport] - [transport_read_layer]: BIO_read returned a system error 104: Connection reset by peer
[21:36:46:223] [290759:00046fc8] [ERROR][com.freerdp.core] - [transport_read_layer]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[21:36:46:224] [290759:00046fc8] [DEBUG][com.freerdp.core.rdp] - [rdp_finalize_reset_flags][0xfa03c60]: [CONNECTION_STATE_NEGO] reset finalize_sc_pdus
[21:36:46:224] [290759:00046fc8] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0xfa03c60]: CONNECTION_STATE_NEGO --> CONNECTION_STATE_INITIAL

RDP seems to be running on the Windows side and configured :

EDIT: I tried using /sec:rdp or /sec:tls but I have the same error, @oskardotglobal can you try to setup a docker instance or are you already running one ? Or you have a manual VM setup for Winapps ?

Note: I'm also using podman and not docker (podman replaces my docker on NixOS right now).

I can't seem to make any progress for testing winapps, I may try to setup a VM manually and may have more luck with that.

[AkechiShiro]

Seems to maybe be an issue specific to Podman, will try docker right now : dockur/windows#679

Using a pentest tool netexec, I see this :

RDP         127.0.0.1       3389   127.0.0.1        [*] Probably old, doesn't not support HYBRID or HYBRID_EX ({nla})

[AkechiShiro]

Seems RDP works with Docker but there are some issue with the setup (exception on line 151 on the wrapped binary or script ??), I choose to setup :

• current user
• manual
• skip all official application

Running winapps showed the error tooltip on KDE about the missing application.

I did try also the winapps-launcher but because I am on Wayland KDE, I couldn't try further the launcher :

I think the launcher should work using xwayland transparently.

Here is a cmd ran using winapps :

[oskardotglobal]

@AkechiShiro It is very odd that winapps does not output or print anything, might be an actual issue and not just with the Nix version. There is no usage printed for winapps either, it expects a first argument (either manual <executable path>, windows for the full windows session or simply an <app name>)

[AkechiShiro]

So what do we do ? Do you want to merge this and work on the issues later ? Should I open an issue to note down that winapps does not output any usage instructions ?

[AkechiShiro]

Btw @oskardotglobal it would be cool if we could find a way to integrate the use of this https://git.m-labs.hk/M-Labs/wfvm but I'm not sure that the project is actually maintained but it would allow us to declare a Windows VM

Maybe we don't need to integrate with it, but we could write documentation if it works well with Nix and Winapps.

[MichielMag]

Btw @oskardotglobal it would be cool if we could find a way to integrate the use of this https://git.m-labs.hk/M-Labs/wfvm but I'm not sure that the project is actually maintained but it would allow us to declare a Windows VM

Maybe we don't need to integrate with it, but we could write documentation if it works well with Nix and Winapps.

I like this idea, but I don't think that repo would be something to use. For instance, I don't understand the decision to use anything other than WinGet or even Scoop.
Also, the code is quite messy in regards of all his building XML with nix code in between...
I'm actually looking into doing something like this, and was looking at Quickemu, and try to use it with autounattend and a couple of winget scripts.

[oskardotglobal]

I've tested wfvm and didn't find it to be very useful.

[oskardotglobal]

@AkechiShiro

So what do we do ?

I would say we prioritize merging #240 and then I close this PR and look into getting this into Nixpkgs unstable.

[oskardotglobal]

The only problem would be how to version / update it on Nixpkgs, I know there is some sort of update process but I currently don't know how

[oskardotglobal]

We could also keep this as a flake and then have the flake somehow get it's current commit, passing that onto the packages. Then winapps could be updated by the user by simply updating the lock

[AkechiShiro]

@oskardotglobal we may need to tag versions, there is an update mechanism but we can pin commit hash in revision

We can also use unstable in the version, you need to check the convention in contributing on the Nixpkgs repo

[Alper-Celik]

@oskardotglobal we may need to tag versions, there is an update mechanism but we can pin commit hash in revision

We can also use unstable in the version, you need to check the convention in contributing on the Nixpkgs repo

you might want to look at https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#versioning nixpkgs should support packages with no releases yet

btw thanks for packaging to nix. i will try to setup in a few days in my pc

[AkechiShiro]

Also I prefer that we also offer non flakes option as flakes are still not officially stable @oskardotglobal people could pin using npins or other non flakes pinning tools, such as niv

[Alper-Celik]

nixpkgs doesn't accept flakes as they accept package function that uses same version of dependencies of nixpkgs. but if you want to distribute to nix users outside of nixpkgs and having control over your nixpkgs rev you can make your flake usable to non flake users with https://github.com/edolstra/flake-compat for mostly simple packages and https://github.com/ursi/get-flake for exposing whole flake in non flake nviroments

[oskardotglobal]

My biggest problem currently is how do we keep the flake's commit hash (the rev variable) up to date with the latest commit from main?

[Alper-Celik]

My biggest problem currently is how do we keep the flake's commit hash (the rev variable) up to date with the latest commit from main?

İ think it might be possible to create derivation that outputs rev of main from source but nix might not copy .git folder to derivation