From c311013c0efab56476334a9e5c067bae49161a97 Mon Sep 17 00:00:00 2001 From: Olivier Date: Fri, 23 Jan 2026 19:43:48 -0400 Subject: [PATCH] Add cloudflare-warp package --- default.nix | 1 + pkgs/cloudflare-warp/default.nix | 123 +++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 pkgs/cloudflare-warp/default.nix diff --git a/default.nix b/default.nix index b4764a4..fd4fd1c 100644 --- a/default.nix +++ b/default.nix @@ -18,6 +18,7 @@ librepods = pkgs.callPackage ./pkgs/librepods { }; flow-browser-bin = pkgs.callPackage ./pkgs/flow-browser-bin { }; looking-glass-client = pkgs.callPackage ./pkgs/looking-glass-client { }; + cloudflare-warp = pkgs.callPackage ./pkgs/cloudflare-warp { }; # some-qt5-package = pkgs.libsForQt5.callPackage ./pkgs/some-qt5-package { }; # ... } diff --git a/pkgs/cloudflare-warp/default.nix b/pkgs/cloudflare-warp/default.nix new file mode 100644 index 0000000..dda77f3 --- /dev/null +++ b/pkgs/cloudflare-warp/default.nix @@ -0,0 +1,123 @@ +{ lib +, stdenv +, fetchurl +, dpkg +, autoPatchelfHook +, runCommand +, dbus +, libpcap +, nss +, zlib +, openssl +, libcap +, glib +, gtk3 +}: + +let + pname = "cloudflare-warp"; + version = "2025.10.186.0"; + + # Upstream wants libpcap.so.0.8, but nixpkgs provides a newer SONAME. + libpcapCompat = runCommand "libpcap-compat-0.8" { } '' + mkdir -p "$out/lib" + if [ -e "${libpcap}/lib/libpcap.so.1" ]; then + ln -s "${libpcap}/lib/libpcap.so.1" "$out/lib/libpcap.so.0.8" + elif [ -e "${libpcap}/lib/libpcap.so" ]; then + ln -s "${libpcap}/lib/libpcap.so" "$out/lib/libpcap.so.0.8" + else + echo "cloudflare-warp: could not find libpcap in ${libpcap}/lib" >&2 + exit 1 + fi + ''; + + src = + if stdenv.hostPlatform.system == "x86_64-linux" then + fetchurl { + url = "https://pkg.cloudflareclient.com/pool/focal/main/c/cloudflare-warp/cloudflare-warp_${version}_amd64.deb"; + hash = "sha256-WZK2ihpfr+FG0TWtDAxfauzGDe25pWydF9tJ+6BJ0YA="; + } + else if stdenv.hostPlatform.system == "aarch64-linux" then + fetchurl { + url = "https://pkg.cloudflareclient.com/pool/focal/main/c/cloudflare-warp/cloudflare-warp_${version}_arm64.deb"; + hash = "sha256-WBs6uREZla1dnwg+XyNtTZA7NQyrbnb+RuQXe+mW8yw="; + } + else + throw "${pname}: unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation { + inherit pname version src; + + nativeBuildInputs = [ + dpkg + autoPatchelfHook + ]; + + buildInputs = [ + dbus + libpcapCompat + nss + zlib + openssl + libcap + glib + gtk3 + stdenv.cc.cc.lib + ]; + + unpackPhase = '' + runHook preUnpack + dpkg-deb -x "$src" . + runHook postUnpack + ''; + + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p "$out" + + for d in bin etc lib usr; do + if [ -e "$d" ]; then + cp -R "$d" "$out/" + fi + done + + # Flatten /usr into the output (Nix-style layout). + if [ -d "$out/usr" ]; then + cp -R "$out/usr/"* "$out/" + rm -rf "$out/usr" + fi + + # Fix .desktop files to use absolute Nix store paths. + for f in "$out/share/applications/"*.desktop "$out/etc/xdg/autostart/"*.desktop; do + [ -e "$f" ] || continue + substituteInPlace "$f" \ + --replace-warn "Exec=systemctl --user start warp-taskbar" "Exec=$out/bin/warp-taskbar" + done + + # Fix systemd service files to use absolute Nix store paths. + if [ -e "$out/lib/systemd/system/warp-svc.service" ]; then + substituteInPlace "$out/lib/systemd/system/warp-svc.service" \ + --replace-warn "/bin/warp-svc" "$out/bin/warp-svc" + fi + + if [ -e "$out/lib/systemd/user/warp-taskbar.service" ]; then + substituteInPlace "$out/lib/systemd/user/warp-taskbar.service" \ + --replace-warn "/bin/warp-taskbar" "$out/bin/warp-taskbar" + fi + + runHook postInstall + ''; + + meta = { + description = "Cloudflare WARP client for Zero Trust / WARP VPN (binary release)"; + homepage = "https://1.1.1.1/"; + license = lib.licenses.unfreeRedistributable; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + mainProgram = "warp-cli"; + }; +} +