2024-02-09 10:27:23 +00:00
|
|
|
{ ... }:
|
|
|
|
{
|
|
|
|
sane.programs.xdg-utils = {
|
2024-02-11 23:29:07 +00:00
|
|
|
# xdg-open may need to open things with elevated perms, like wireshark.
|
|
|
|
# generally, the caller can be trusted to sandbox it.
|
|
|
|
# if the caller is sandboxed, it will typically set NIXOS_XDG_OPEN_USE_PORTAL=1,
|
2024-02-11 23:57:50 +00:00
|
|
|
# and then xdg-open simply forwards the request to dbus `org.freedesktop.portal.OpenURI` (i.e. xdg-desktop-portal).
|
|
|
|
#
|
|
|
|
# N.B.: `xdg-desktop-portal` seems to (inadvertently) only accept requests from applications which *don't* have elevated privileges.
|
|
|
|
# this will be true of nearly all sandboxed applications, but for those which it is not, `sandbox.method = "capshonly"` may be necessary
|
2024-02-11 23:29:07 +00:00
|
|
|
sandbox.enable = false;
|
|
|
|
|
2024-02-11 23:57:50 +00:00
|
|
|
# alternative to letting the sandbox decide for itself: forcibly use the portal
|
|
|
|
# if the mime association list is not visible/in scope.
|
|
|
|
# packageUnwrapped = pkgs.xdg-utils.overrideAttrs (base: {
|
|
|
|
# postInstall = base.postInstall + ''
|
|
|
|
# sed '2i\
|
|
|
|
# if ! [ -e ~/.local/share/applications ]; then\
|
|
|
|
# NIXOS_XDG_OPEN_USE_PORTAL=1\
|
|
|
|
# fi\
|
|
|
|
# ' -i "$out"/bin/*
|
|
|
|
# '';
|
|
|
|
# });
|
|
|
|
};
|
2024-02-09 10:27:23 +00:00
|
|
|
}
|