citrix_receiver: document installation pitfalls and extraCerts (#44635)

Since #44522 it's possible to specify custom certificates for the Citrix receiver. As it took me some time to create a proper setup Citrix can behave fairly unexpected. I mostly covered two aspects: * Don't install Citrix with `nix run`: when `citrix.desktop` is linked to $XDG_CONFIG_DIRS, it's possible to start a session directly from the browser when loading `.ica` files which makes the usage *way* easier. * It's possible to add custom certificates using the Citrix wrapper. A new store path with the original derivation and the certificates will be created and therefore no rebuild of the package is needed when adding new certs.
2018-08-07 23:48:02 +02:00 · 2018-08-07 23:48:02 +02:00 · eb0207f132
commit eb0207f132
parent 4150a65b17
1 changed files with 48 additions and 0 deletions
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@ -705,4 +705,52 @@ overrides = super: self: rec {
 </programlisting>
  </para>
 </section>
+ <section xml:id="sec-citrix">
+  <title>Citrix Receiver</title>
+
+  <para>
+   The <link xlink:href="https://www.citrix.com/products/receiver/">Citrix Receiver</link> is a remote
+   desktop viewer which provides access to
+   <link xlink:href="https://www.citrix.com/products/xenapp-xendesktop/">XenDesktop</link> installations.
+  </para>
+
+  <section xml:id="sec-citrix-base">
+   <title>Basic usage</title>
+   <para>
+    The tarball archive needs to be downloaded manually as the licenses agreements of the vendor
+    need to be accepted first. This is available at the
+    <link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">download page at citrix.com</link>.
+    Then run <literal>nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz</literal>.
+    With the archive available in the store the package can be built and installed with Nix.
+   </para>
+
+   <para>
+    <emphasis>Note: it's recommended to install <literal>Citrix Receiver</literal> using
+    <literal>nix-env -i</literal> or globally to ensure that the <literal>.desktop</literal> files
+    are installed properly into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't
+    be possible to open <literal>.ica</literal> files
+    automatically from the browser to start a Citrix connection.</emphasis>
+   </para>
+  </section>
+  <section xml:id="sec-citrix-custom-certs">
+   <title>Custom certificates</title>
+   <para>
+    The <literal>Citrix Receiver</literal> in <literal>nixpkgs</literal> trusts several certificates
+    <link xlink:href="https://curl.haxx.se/docs/caextract.html">from the Mozilla database</link> by default.
+    However several companies using Citrix might require their own corporate certificate. On distros with imperative
+    packaging these certs can be stored easily in
+    <link xlink:href="https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/"><literal>$ICAROOT</literal></link>,
+    however this directory is a store path in <literal>nixpkgs</literal>. In order to work around this issue the package provides a simple
+    mechanism to add custom certificates without rebuilding the entire package using <literal>symlinkJoin</literal>:
+
+<programlisting>
+<![CDATA[with import <nixpkgs> { config.allowUnfree = true; };
+let extraCerts = [ ./custom-cert-1.pem ./custom-cert-2.pem /* ... */ ]; in
+citrix_receiver.override {
+  inherit extraCerts;
+}]]>
+</programlisting>
+   </para>
+  </section>
+ </section>
 </chapter>