bug: Ungoogled Chromium doesn't install extensions through home manager option

[NNBnh]

Is there an existing issue for this?

• [X] I have searched the existing issues

Issue description

First of, thank you for the amazing project!

I'm having a difficult time installing uBlock Origin for Ungoogled Chromium through home manager option programs.chromium.extensions. Here is my home.nix:

{ config, pkgs, ... }:

{
  programs.home-manager.enable = true;

  # ...

  programs.chromium = {
    enable = true;
    package = pkgs.ungoogled-chromium;
    extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" ];
  };
}

But after I run home-manager switch Ungoogled Chromium is install but uBlock Origin is not. The problem seem to be here:

Can I install extensions or themes from the Chrome Webstore?

Yes, but not via the Chrome Webstore interface. Instead, the URL used by the Webstore to download CRX files (Chrome/Chromium extension packages, used by all extensions in the Chrome Webstore) can be used.

On Ungoogled Chromium user have to install extensions manually. The good news is that Home manager have option to install extensions outside of the Chrome Web Store but it's it's require updateUrl and I can't find anything like that on uBlock Origin's repo.

I'm not good at Nix language enough to check the source code of Home manager myself, though I have a theory that it's currently download and install extensions through Chrome webstore. I suggest that we add an ability to download extensions will the method that UG Chromium recommended:

Downloading the CRX file

CRX files are downloaded using the following template CRX URL:

https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=[VERSION]&x=id%3D[EXTENSION_ID]%26installsource%3Dondemand%26uc

Where:

• [EXTENSION_ID] is the extension ID from the Chrome Webstore. This can be retrieved from the Chrome Webstore URL for that extension, which has the form https://chrome.google.com/webstore/detail/[...]/[EXTENSION_ID]
• [VERSION] is the Chromium browser version.

For example, cjpalhdlnbpafiamejdnhcphjbkeiagm is the extension id of uBlock Origin, and 69.0 is for the 69.0.x.x browser versions.

Maintainer CC

chromium.nix doesn't have meta.maintainers ... So I @ the two maintainers who first add support for external extensions:

@SebastienWae @rycee

System information

- system: `"x86_64-linux"`
 - host os: `Linux 5.10.81, NixOS, 21.11 (Porcupine)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.16`
 - channels(nnb): `"home-manager"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

[Congee]

So far I found home-manager only writes a link to:

~/dev$ bat ~/.config/chromium/External\ Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm.json
{"external_update_url":"https://clients2.google.com/service/update2/crx"}

And there's nothing in the browser extensions tab.

Is there any update?

[pimeys]

So, the current situation as far as I know is you cannot install extensions to ungoogled chromium as you can with chromium/chrome. You can though download the extension files if you know the store url and save them to a certain directory for the browser to use them. Here's what I used to do before:

https://github.com/pimeys/nixos/commit/9c4306ceac36b7f69fd2ea5e2345200d7336be20

This works fine until an extension updates. Google only gives you the latest version, meaning whenever there's a version upgrade you need to manually update the hashes. This breaks reproducibility and all that cool stuff of nixos. If you use extensions which you can install outside of the Google's store, you could maybe do similar download logic. E.g. ublock origin can be downloaded from Github, and that then would work much better with a reproducible nixos configuration. I'm installing a bunch of Firefox plugins from NUR. Something similar could be built for Chromium extensions maybe?

[stale[bot]]

Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.

If you are the original author of the issue

• If this is resolved, please consider closing it so that the maintainers know not to focus on this.
• If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
• If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

If you are not the original author of the issue

• If you are also experiencing this issue, please add details of your situation to help with the debugging process.
• If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

Memorandum on closing issues

Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.

[michaeladler]

I'm also managing my extensions for ungoogled-chromium using home-manager, so I figure I can share my 2 cents as well.

There are two cases to consider:

1. The upstream project provides a (signed) crx3 files, e.g. browserpass. In that case, you just have to fetch the crx3 file and add a snippet such as

{
    id = "pjmbgaakjkbhpopmakjoedenlfdmcdgm";
    crxPath = "${chromium-browserpass}/share/chromium-browserpass/chromium-browserpass.crx";
    version = chromium-browserpass.version;
}

In that case, all you have to do is to keep the version up to date - or use my overlay, see https://github.com/michaeladler/nur-packages/tree/master/pkgs/chromium-browserpass

2. The upstream project does not provided a crx3 file. In that case, you have to create a signed crx3 file as well. It's quite easy actually, I'm using go-crx3 for that. However, you have to create a private signing key for every extension you manage. I'm currently doing this locally. It could be done via Github Actions, but you have to be careful not to expose your private key in the nix store (although it wouldn't really matter since you don't publish the extension to the store).