Collabora

[EricTheMagician]

Description of changes

Started adding collabora online.
Built-it, but couldn't get the runtime configuration working.

Currently, lots of things wrong with this PR.
This is a work in progress to resolve #218878 (comment)

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[EricTheMagician]

I think I just need to build a chroot environment with buildFHSEnv but I didn't know about buildFHSEnv at the time. What I'm not sure about is that it may need to build a minimal environment from the cool executables, but I haven't gotten that far.

Also, I don't fully understand what I was doing, so part of it was just getting it to ocmpile.
I don't know if I missed any flags that I was supposed to add, but I followed the instructions as closely as possible.

[drupol]

Maybe @Minion3665 might be interested.

[Minion3665]

Thanks for the ping @drupol, I certainly am!

I've worked on getting Collabora packaged outside buildFHSEnv, but not quite got to the state where it worked enough for me to upstream it.

@EricTheMagician please let me know if I can help in any way, I am employed by Collabora as a developer so have some experience in compiling it, knowledge of the architecture, etc.

[EricTheMagician]

Thanks for the ping @drupol, I certainly am!

I've worked on getting Collabora packaged outside buildFHSEnv, but not quite got to the state where it worked enough for me to upstream it.

@EricTheMagician please let me know if I can help in any way, I am employed by Collabora as a developer so have some experience in compiling it, knowledge of the architecture, etc.

Oh awesome!

Thanks @Minion3665
Compiling it was a bit of a challenge because finding the correct tag was not clear, but I was able to get past that.

Where I was having issue is with the runtime (because I didn't want to just package it without the nixos module).

@Minion3665 The actual issue I came across is that collabora expects to run an each tab/window process in a chroot environment and I couldn't get past that. It's been a while since I've really sunk my teeth in it, but I'll see what I can find. It's probably that I am still learning to do things the nix way and I'll ask more questions in the next few weeks.

[Minion3665]

The actual issue I came across is that collabora expects to run an each tab/window process in a chroot environment and I couldn't get past that

This was a problem I ran up against as well. Unfortunately, I think we shouldn't try to disable this, Collabora Online expects this for security reasons. The approach I was trying before was to make a NixOS module with some security wrappers to give COOL the capabilities it wants. I think I got into some trouble with trying to force COOL to use a wrapped coolmount binary around this point and never got it working, but it was definitely the most promising approach I have seen...

because I didn't want to just package it without the nixos module

...and yes, so I think if you did package it without the module you would end up finding it still very challenging to make it run. The module is definitely a good approach.

[Atemu]

I think I just need to build a chroot environment with buildFHSEnv

Could you elaborate on why? If it's packaged natively, you shouldn't require any such hacks.

The actual issue I came across is that collabora expects to run an each tab/window process in a chroot environment

Could it perhaps be possible to run each as a systemd service instance?

Similar to how systemd-coredumpd creates i.e. [email protected]s.

[drupol]

See #330708