undmg-hdiutil: init

[Prince213]

undmg doesn't support extracting .dmg files using APFS, so we need hdiutil to extract.

Upstream issue: matthewbauer/undmg#4

Implementation is adapted from

nixpkgs/pkgs/by-name/in/insomnia/package.nix

Lines 52 to 68 in 5d77675

	unpackCmd = ''
	echo "Creating temp directory"
	mnt=$(TMPDIR=/tmp mktemp -d -t nix-XXXXXXXXXX)
	function finish {
	echo "Ejecting temp directory"
	/usr/bin/hdiutil detach $mnt -force
	rm -rf $mnt
	}
	# Detach volume when receiving SIG "0"
	trap finish EXIT
	# Mount DMG file
	echo "Mounting DMG file into \"$mnt\""
	/usr/bin/hdiutil attach -nobrowse -mountpoint $mnt $curSrc
	# Copy content to local dir for later use
	echo 'Copying extracted content into "sourceRoot"'
	cp -a $mnt/Insomnia.app $PWD/
	'';

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
• NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other contributing documentation in corresponding paths.

---

Add a 👍 reaction to pull requests you find important.

[wegank]

I guess I'm not endorsing this, as calling /usr/bin/hdiutil during the build seems much worse than using 7zz ...

[Prince213]

@wegank We should probably avoid 7zz because of this. Also we can't cross compile to darwin anyway so this shouldn't make things worse.

[reckenrode]

Cross-compiling to Darwin is a stretch goal for 25.11 (see #405893). What is the issue with xattrs?

[wegank]

I think @Prince213 meant #372738 (comment), although that doesn't really justify switching to hdiutil in airbuddy, aldente, or wechat in #416709.

[wegank]

Wait a sec, it seems that lmstudio does work with _7zz on my machine?

[Prince213]

I think @Prince213 meant #372738 (comment), although that doesn't really justify switching to hdiutil in airbuddy, aldente, or wechat in #416709.

Yes I'm worried about the xattrs issue.

I think it may be better if we have this in fetchzip as nativeBuildInputs.
If we allow networking for FODs it should also be okay to allow relaxed sandbox.

What do you think @reckenrode and @wegank?

[wegank]

But with fetchurl I would probably call /usr/bin/hdiutil in a normal derivation, I guess?

[Prince213]

Doesn't feel right. It's not really part of the build process, just part of the unpackPhase.

[emilazy]

The Nix store does not support xattrs so I don't think workarounds to keep them are a good idea. They will fundamentally break in cached NARs etc. That would need fixing on the Nix end.

[reckenrode]

What do you think @reckenrode and @wegank?

As @emilazy notes, the store doesn’t support xattrs. While a local build may be able to preserve them, a cached download from Hydra won’t have them.

The problem here is upstream apparently signed everything in their app bundle, including non-binaries. macOS supports that; the signatures are stored in xattrs. Unfortunately, the store doesn’t support xattrs. 🫤

[reckenrode]

NixOS/nix#185