Adding google chrome program to ghaf

Signed-off-by: Enes Öztürk <[email protected]>
gngram · Nov 15, 2024 · 942a9ef · 942a9ef
1 parent 7b58d8a
commit 942a9ef
Show file tree

Hide file tree

Showing 17 changed files with 210 additions and 46 deletions.
diff --git a/modules/common/networking/hosts.nix b/modules/common/networking/hosts.nix
@@ -63,7 +63,7 @@ let
     }
     {
       ip = 100;
-      name = "chromium-vm";
+      name = "chrome-vm";
     }
     {
       ip = 101;

diff --git a/modules/common/services/desktop.nix b/modules/common/services/desktop.nix
@@ -52,24 +52,34 @@ in
             '';
           in
           [
-            {
-              # The SPKI fingerprint is calculated like this:
-              # $ openssl x509 -noout -in mitmproxy-ca-cert.pem -pubkey | openssl asn1parse -noout -inform pem -out public.key
-              # $ openssl dgst -sha256 -binary public.key | openssl enc -base64
-              name = "Chromium";
-              description = "Isolated General Browsing";
-              vm = "Chromium";
-              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start chromium";
-              icon = "${pkgs.icon-pack}/chromium.svg";
-            }
+            # {
+            #   # The SPKI fingerprint is calculated like this:
+            #   # $ openssl x509 -noout -in mitmproxy-ca-cert.pem -pubkey | openssl asn1parse -noout -inform pem -out public.key
+            #   # $ openssl dgst -sha256 -binary public.key | openssl enc -base64
+            #   name = "Chromium";
+            #   description = "Isolated General Browsing";
+            #   vm = "Chromium";
+            #   path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start chromium";
+            #   icon = "${pkgs.icon-pack}/chromium.svg";
+            # }
 
             {
               name = "Trusted Browser";
               description = "Isolated Trusted Browsing";
               vm = "Business";
-              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm chromium";
+              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm google-chrome";
               icon = "${pkgs.icon-pack}/thorium-browser.svg";
             }
+            {
+              # The SPKI fingerprint is calculated like this:
+              # $ openssl x509 -noout -in mitmproxy-ca-cert.pem -pubkey | openssl asn1parse -noout -inform pem -out public.key
+              # $ openssl dgst -sha256 -binary public.key | openssl enc -base64
+              name = "Google Chrome";
+              description = "Isolated General Browsing";
+              vm = "Chrome";
+              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm chrome-vm google-chrome";
+              icon = "${pkgs.icon-pack}/google-chrome.svg";
+            }
 
             {
               name = "VPN";
@@ -127,7 +137,7 @@ in
               name = "PDF Viewer";
               description = "Isolated PDF Viewer";
               vm = "Zathura";
-              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start zathura";
+              path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm zathura-vm zathura";
               icon = "${pkgs.icon-pack}/document-viewer.svg";
             }
 

diff --git a/modules/desktop/graphics/demo-apps.nix b/modules/desktop/graphics/demo-apps.nix
@@ -25,6 +25,7 @@ in
 {
   options.ghaf.graphics.demo-apps = {
     chromium = mkProgramOption "Chromium browser" false;
+    google-chrome = mkProgramOption "Google Chrome browser" false;
     firefox = mkProgramOption "Firefox browser" config.ghaf.graphics.enableDemoApplications;
     gala-app = mkProgramOption "Gala App" false;
     element-desktop = mkProgramOption "Element desktop" config.ghaf.graphics.enableDemoApplications;
@@ -33,7 +34,13 @@ in
 
   config = lib.mkIf config.ghaf.profiles.graphics.enable {
     ghaf.graphics.launchers =
-      lib.optional cfg.chromium {
+      lib.optional cfg.google-chrome {
+        name = "Google Chrome";
+        description = "Web Browser";
+        path = "${pkgs.google-chrome}/bin/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland";
+        icon = "${pkgs.icon-pack}/google-chrome.svg";
+      }
+      ++ lib.optional cfg.chromium {
         name = "Chromium";
         description = "Web Browser";
         path = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland";

diff --git a/modules/givc/common.nix b/modules/givc/common.nix
@@ -12,7 +12,7 @@ let
   mitmEnabled =
     config.ghaf.virtualization.microvm.idsvm.enable
     && config.ghaf.virtualization.microvm.idsvm.mitmproxy.enable;
-  mitmExtraArgs = lib.optionalString mitmEnabled "--user-data-dir=/home/${config.ghaf.users.accounts.user}/.config/chromium/Default --test-type --ignore-certificate-errors-spki-list=Bq49YmAq1CG6FuBzp8nsyRXumW7Dmkp7QQ/F82azxGU=";
+  mitmExtraArgs = lib.optionalString mitmEnabled "--user-data-dir=/home/${config.ghaf.users.accounts.user}/.config/google-chrome/Default --test-type --ignore-certificate-errors-spki-list=Bq49YmAq1CG6FuBzp8nsyRXumW7Dmkp7QQ/F82azxGU=";
 in
 {
   options.ghaf.givc = {

diff --git a/modules/hardware/common/usb/vhotplug.nix b/modules/hardware/common/usb/vhotplug.nix
@@ -68,9 +68,10 @@ let
         }
       ];
     }
+
     {
-      name = "ChromiumVM";
-      qmpSocket = "/var/lib/microvms/chromium-vm/chromium-vm.sock";
+      name = "ChromeVM";
+      qmpSocket = "/var/lib/microvms/chrome-vm/chrome-vm.sock";
       usbPassthrough = [
         {
           class = 14;

diff --git a/modules/reference/appvms/business.nix b/modules/reference/appvms/business.nix
@@ -30,12 +30,13 @@ in
   name = "${name}";
   packages =
     [
-      pkgs.chromium
+      pkgs.google-chrome
       pkgs.globalprotect-openconnect
       pkgs.losslesscut-bin
       pkgs.openconnect
       gnomeTextEditor
       pkgs.xarchiver
+
     ]
     ++ lib.optionals config.ghaf.profiles.debug.enable [ pkgs.tcpdump ]
     ++ lib.optionals config.ghaf.givc.enable [ pkgs.open-normal-extension ];
@@ -49,7 +50,8 @@ in
       { pkgs, ... }:
       {
         imports = [
-          ../programs/chromium.nix
+          #    ../programs/chromium.nix
+          ../programs/google-chrome.nix
           ../services/globalprotect-vpn/default.nix
         ];
         time.timeZone = config.time.timeZone;
@@ -68,21 +70,21 @@ in
             name = lib.mkForce "business-vm";
             applications = [
               {
-                name = "chromium";
-                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
+                name = "google-chrome";
+                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
                 args = [ "url" ];
               }
               {
                 name = "outlook";
-                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://outlook.office.com/mail/ ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
+                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://outlook.office.com/mail/ ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
               }
               {
                 name = "office";
-                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://microsoft365.com ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
+                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://microsoft365.com ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
               }
               {
                 name = "teams";
-                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://teams.microsoft.com ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
+                command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://teams.microsoft.com ${config.ghaf.givc.idsExtraArgs} --load-extension=${pkgs.open-normal-extension}";
               }
               {
                 name = "gpclient";
@@ -104,7 +106,7 @@ in
           };
 
           reference = {
-            programs.chromium.enable = true;
+            programs.google-chrome.enable = true;
 
             services.globalprotect = {
               enable = true;
@@ -114,12 +116,17 @@ in
 
           services.xdghandlers.enable = true;
         };
-
-        environment.etc."chromium/native-messaging-hosts/fi.ssrc.open_normal.json" =
+        environment.etc."opt/chrome/native-messaging-hosts/fi.ssrc.open_normal.json" =
           mkIf config.ghaf.givc.enable
             {
               source = "${pkgs.open-normal-extension}/fi.ssrc.open_normal.json";
             };
+
+        #   environment.etc."chromium/native-messaging-hosts/fi.ssrc.open_normal.json" =
+        #     mkIf config.ghaf.givc.enable
+        #       {
+        #         source = "${pkgs.open-normal-extension}/fi.ssrc.open_normal.json";
+        #       };
         environment.etc."open-normal-extension.cfg" = mkIf config.ghaf.givc.enable {
           text =
             let

diff --git a/modules/reference/appvms/comms.nix b/modules/reference/appvms/comms.nix
@@ -21,7 +21,7 @@ in
   name = "${name}";
 
   packages = [
-    pkgs.chromium
+    pkgs.google-chrome
     pkgs.element-desktop
     pkgs.element-gps
     pkgs.gpsd
@@ -32,7 +32,11 @@ in
   cores = 4;
   extraModules = [
     {
-      imports = [ ../programs/chromium.nix ];
+      imports = [
+        # ../programs/chromium.nix
+        ../programs/google-chrome.nix
+
+      ];
 
       systemd = {
         services = {
@@ -93,15 +97,15 @@ in
           }
           {
             name = "slack";
-            command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://app.slack.com/client ${config.ghaf.givc.idsExtraArgs}";
+            command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://app.slack.com/client ${config.ghaf.givc.idsExtraArgs}";
           }
           {
             name = "zoom";
-            command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/chromium --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://app.zoom.us/wc/home ${config.ghaf.givc.idsExtraArgs}";
+            command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland --app=https://app.zoom.us/wc/home ${config.ghaf.givc.idsExtraArgs}";
           }
         ];
       };
-      ghaf.reference.programs.chromium.enable = true;
+      ghaf.reference.programs.google-chrome.enable = true;
       ghaf.services.xdghandlers.enable = true;
     }
   ];

diff --git a/modules/reference/appvms/default.nix b/modules/reference/appvms/default.nix
@@ -15,6 +15,7 @@ in
   options.ghaf.reference.appvms = {
     enable = lib.mkEnableOption "Enable the Ghaf reference appvms module";
     chromium-vm = lib.mkEnableOption "Enable the Chromium appvm";
+    chrome-vm = lib.mkEnableOption "Enable the Google Chrome appvm";
     gala-vm = lib.mkEnableOption "Enable the Gala appvm";
     zathura-vm = lib.mkEnableOption "Enable the Zathura appvm";
     comms-vm = lib.mkEnableOption ''
@@ -37,6 +38,7 @@ in
     ghaf.reference.appvms = {
       enabled-app-vms =
         (lib.optionals cfg.chromium-vm [ (import ./chromium.nix { inherit pkgs lib config; }) ])
+        ++ (lib.optionals cfg.chrome-vm [ (import ./google-chrome.nix { inherit pkgs lib config; }) ])
         ++ (lib.optionals cfg.gala-vm [ (import ./gala.nix { inherit pkgs lib config; }) ])
         ++ (lib.optionals cfg.zathura-vm [ (import ./zathura.nix { inherit pkgs lib config; }) ])
         ++ (lib.optionals cfg.comms-vm [ (import ./comms.nix { inherit pkgs lib config; }) ])

diff --git a/modules/reference/appvms/google-chrome.nix b/modules/reference/appvms/google-chrome.nix
@@ -0,0 +1,56 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  name = "chrome";
+in
+{
+  name = "${name}";
+  packages = [
+    pkgs.google-chrome
+  ] ++ lib.optional config.ghaf.development.debug.tools.enable pkgs.alsa-utils;
+  # TODO create a repository of mac addresses to avoid conflicts
+  macAddress = "02:00:00:03:11:01";
+  ramMb = 6144;
+  cores = 4;
+  extraModules = [
+    {
+      imports = [ ../programs/google-chrome.nix ];
+
+      time.timeZone = config.time.timeZone;
+
+      # Disable camera for now, because, due to the bug, the camera is not accessable in BusinessVM
+      # microvm.qemu.extraArgs = optionals (
+      #   config.ghaf.hardware.usb.internal.enable
+      #   && (hasAttr "cam0" config.ghaf.hardware.usb.internal.qemuExtraArgs)
+      # ) config.ghaf.hardware.usb.internal.qemuExtraArgs.cam0;
+      microvm.devices = [ ];
+
+      ghaf.givc.appvm = {
+        enable = true;
+        name = lib.mkForce "chrome-vm";
+        applications = [
+          {
+            name = "google-chrome";
+            command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/google-chrome-stable --enable-features=UseOzonePlatform --ozone-platform=wayland ${config.ghaf.givc.idsExtraArgs}";
+            args = [
+              "url"
+              "flag"
+            ];
+          }
+        ];
+      };
+      ghaf.reference.programs.google-chrome.enable = true;
+      ghaf.services.xdghandlers.enable = true;
+    }
+  ];
+  borderColor = "#630505";
+  ghafAudio.enable = true;
+  vtpm.enable = true;
+}
diff --git a/modules/reference/profiles/laptop-x86.nix b/modules/reference/profiles/laptop-x86.nix
@@ -69,8 +69,8 @@ in
             enable = true;
             vms = [
               "business-vm"
-              "chromium-vm"
               "comms-vm"
+              "chrome-vm"
             ];
           };
         };

diff --git a/modules/reference/profiles/mvp-user-trial.nix b/modules/reference/profiles/mvp-user-trial.nix
@@ -32,11 +32,12 @@ in
       reference = {
         appvms = {
           enable = true;
-          chromium-vm = true;
+          chrome-vm = true;
           gala-vm = true;
           zathura-vm = true;
           comms-vm = true;
           business-vm = true;
+
         };
 
         services = {

diff --git a/modules/reference/programs/default.nix b/modules/reference/programs/default.nix
@@ -3,7 +3,8 @@
 {
   imports = [
     ./zathura.nix
-    ./chromium.nix
+    # ./chromium.nix
+    ./google-chrome.nix
     ./windows-launcher.nix
   ];
 }