diff options
Diffstat (limited to 'pkgs/applications/networking/browsers/firefox')
3 files changed, 222 insertions, 20 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index a98891df4d13..1fbfdc2a7da6 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -4,7 +4,7 @@ { lib, stdenv, pkgconfig, pango, perl, python2, python3, zip , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg -, freetype, fontconfig, file, nspr, nss, libnotify +, freetype, fontconfig, file, nspr, nss, nss_3_53, libnotify , yasm, libGLU, libGL, sqlite, unzip, makeWrapper , hunspell, libXdamage, libevent, libstartup_notification , libvpx_1_8 @@ -23,7 +23,7 @@ , ffmpegSupport ? true , gtk3Support ? true, gtk2, gtk3, wrapGAppsHook , waylandSupport ? true, libxkbcommon -# LTO is disabled since it caused segfaults on wayland see https://github.com/NixOS/nixpkgs/issues/10142 +# LTO is disabled since it caused segfaults on wayland see https://github.com/NixOS/nixpkgs/issues/101429 , ltoSupport ? false, overrideCC, buildPackages , gssSupport ? true, kerberos , pipewireSupport ? waylandSupport && webrtcSupport, pipewire @@ -106,6 +106,8 @@ let # 78 ESR won't build with rustc 1.47 inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45) rustc cargo; + + nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss; in buildStdenv.mkDerivation ({ @@ -116,12 +118,38 @@ buildStdenv.mkDerivation ({ patches = [ ./env_var_for_system_dir.patch - ] ++ lib.optional pipewireSupport + ./no-buildconfig-ffx76.patch + ] ++ + + # there are two flavors of pipewire support + # The patches for the ESR release and the patches for the current stable + # release. + # Until firefox upstream stabilizes pipewire support we will have to continue + # tracking multiple versions here. + lib.optional (pipewireSupport && lib.versionOlder ffversion "83") (fetchpatch { # https://src.fedoraproject.org/rpms/firefox/blob/master/f/firefox-pipewire-0-3.patch url = "https://src.fedoraproject.org/rpms/firefox/raw/e99b683a352cf5b2c9ff198756859bae408b5d9d/f/firefox-pipewire-0-3.patch"; sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab"; }) + ++ + # This picks pipewire patches from fedora that are part of https://bugzilla.mozilla.org/show_bug.cgi?id=1672944 + lib.optionals (pipewireSupport && lib.versionAtLeast ffversion "83") (let + fedora_revision = "d6756537dd8cf4d9816dc63ada66ea026e0fd128"; + mkPWPatch = spec: fetchpatch { + inherit (spec) name sha256; + url = "https://src.fedoraproject.org/rpms/firefox/raw/${fedora_revision}/f/${spec.name}"; + }; + in map mkPWPatch [ + { name = "pw1.patch"; sha256 = "1a7zvngn3k7dg886zmi38kmrsdzh2rrr46aw59bhr1gfmq8wlwn0"; } + { name = "pw2.patch"; sha256 = "17irg3yb2mchcy0z0nr4k65mwvkps467cvvczr10fnm06lhkhw1l"; } + { name = "pw3.patch"; sha256 = "12p6ql5ff2lfzlni6xkpz63h2xr6n2a9zf8hhjl99fj56rif6706"; } + { name = "pw4.patch"; sha256 = "0rvysc92rdm98s47w5lvbnrklrf7d299k3918qnldniyb4b9p4mg"; } + { name = "pw5.patch"; sha256 = "0kk2yxq4qkfwc4px6m08jrn18a7a7dhrngfiaw84r9ga6sgn0z00"; } + { name = "pw6.patch"; sha256 = "12lhx9wjpw0ahbfmw07wsx76bb223mr453q9cg8cq951vyskch3s"; } + { name = "pw7.patch"; sha256 = "0afw7cfd48vn62zb9y5kd2l26fg44s3aq1kyg3gm4q3rj34xidf6"; } + ]) + ++ patches; @@ -144,7 +172,7 @@ buildStdenv.mkDerivation ({ # yasm can potentially be removed in future versions # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ - nspr nss + nspr nss_pkg ] ++ lib.optional alsaSupport alsaLib ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed @@ -165,14 +193,14 @@ buildStdenv.mkDerivation ({ NIX_CFLAGS_COMPILE = toString [ "-I${glib.dev}/include/gio-unix-2.0" - "-I${nss.dev}/include/nss" + "-I${nss_pkg.dev}/include/nss" ]; MACH_USE_SYSTEM_PYTHON = "1"; postPatch = '' rm -rf obj-x86_64-pc-linux-gnu - '' + lib.optionalString pipewireSupport '' + '' + lib.optionalString (pipewireSupport && lib.versionOlder ffversion "83") '' # substitute the /usr/include/ lines for the libraries that pipewire provides. # The patch we pick from fedora only contains the generated moz.build files # which hardcode the dependency paths instead of running pkg_config. @@ -359,4 +387,6 @@ buildStdenv.mkDerivation ({ # on aarch64 this is also required dontUpdateAutotoolsGnuConfigScripts = true; + + requiredSystemFeatures = [ "big-parallel" ]; }) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index e7dd034a8ac4..7f1d9763e424 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -1,4 +1,4 @@ -{ config, stdenv, lib, callPackage, fetchurl, nss_3_44 }: +{ stdenv, lib, callPackage, fetchurl, fetchpatch }: let common = opts: callPackage (import ./common.nix opts) {}; @@ -7,26 +7,32 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "82.0.2"; + ffversion = "83.0"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "25wkgsqnafmq30m1kd1axkm454dhl2bmz6100i3ccqnn31vw3nyy6k3k1apsn62siqswpm55iclzcb10y4dfyyqcszvflim47c8i37k"; + sha512 = "3va5a9471677jfzkhqp8xkba45n0bcpphbabhqbcbnps6p85m3y98pl5jy9q7cpq3a6gxc4ax7bp90yz2nfvfq7i64iz397xpprri2a"; }; patches = [ - ./no-buildconfig-ffx76.patch + # Fix compilation on aarch64 with newer rust version + # See https://bugzilla.mozilla.org/show_bug.cgi?id=1677690 + # and https://bugzilla.redhat.com/show_bug.cgi?id=1897675 + (fetchpatch { + name = "aarch64-simd-bgz-1677690.patch"; + url = "https://github.com/mozilla/gecko-dev/commit/71597faac0fde4f608a60dd610d0cefac4972cc3.patch"; + sha256 = "1f61nsgbv2c2ylgjs7wdahxrrlgc19gjy5nzs870zr1g832ybwin"; + }) ]; meta = { description = "A web browser built from Firefox source tree"; homepage = "http://www.mozilla.com/en-US/firefox/"; - maintainers = with lib.maintainers; [ eelco andir ]; + maintainers = with lib.maintainers; [ eelco ]; platforms = lib.platforms.unix; badPlatforms = lib.platforms.darwin; broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory". # not in `badPlatforms` because cross-compilation on 64-bit machine might work. license = lib.licenses.mpl20; - timeout = 28800; # eight hours }; updateScript = callPackage ./update.nix { attrPath = "firefox-unwrapped"; @@ -36,20 +42,16 @@ rec { firefox-esr-78 = common rec { pname = "firefox-esr"; - ffversion = "78.4.0esr"; + ffversion = "78.5.0esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "13640ssp1nq9dsfv8jqfw2paqk3wzwc4r47mvbhb4l9h990gzzb2chhlcjq066b7r3q9s0nq3iyk847vzi7z1yvhrhsnzfgk9g9gpnr"; + sha512 = "20h53cn7p4dds1yfm166iwbjdmw4fkv5pfk4z0pni6x8ddjvg19imzs6ggmpnfhaji8mnlknm7xp5j7x9vi24awvdxdds5n88rh25hd"; }; - patches = [ - ./no-buildconfig-ffx76.patch - ]; - meta = { description = "A web browser built from Firefox Extended Support Release source tree"; homepage = "http://www.mozilla.com/en-US/firefox/"; - maintainers = with lib.maintainers; [ eelco andir ]; + maintainers = with lib.maintainers; [ eelco ]; platforms = lib.platforms.unix; badPlatforms = lib.platforms.darwin; broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory". diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index cc6cc72e27be..7f0b826f905e 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -1,4 +1,5 @@ { stdenv, lib, makeDesktopItem, makeWrapper, lndir, config +, replace, fetchurl, zip, unzip, jq ## various stuff that can be plugged in , flashplayer, hal-flash @@ -31,6 +32,16 @@ let , forceWayland ? false , useGlvnd ? true , cfg ? config.${browserName} or {} + + ## Following options are needed for extra prefs & policies + # For more information about anti tracking (german website) + # visit https://wiki.kairaven.de/open/app/firefox + , extraPrefs ? "" + # For more information about policies visit + # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled + , extraPolicies ? {} + , firefoxLibName ? "firefox" # Important for tor package or the like + , nixExtensions ? null }: assert forceWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used @@ -81,6 +92,63 @@ let ++ pkcs11Modules; gtk_modules = [ libcanberra-gtk2 ]; + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + policiesJson = builtins.toFile "policies.json" + (builtins.toJSON enterprisePolicies); + + usesNixExtensions = nixExtensions != null; + + extensions = builtins.map (a: + if ! (builtins.hasAttr "extid" a) then + throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" + else + a + ) (if usesNixExtensions then nixExtensions else []); + + enterprisePolicies = + { + policies = lib.optionalAttrs usesNixExtensions { + DisableAppUpdate = true; + } // + lib.optionalAttrs usesNixExtensions { + ExtensionSettings = { + "*" = { + blocked_install_message = "You can't have manual extension mixed with nix extensions"; + installation_mode = "blocked"; + }; + + } // lib.foldr (e: ret: + ret // { + "${e.extid}" = { + installation_mode = "allowed"; + }; + } + ) {} extensions; + } + // extraPolicies; + }; + + mozillaCfg = builtins.toFile "mozilla.cfg" '' +// First line must be a comment + + // Disables addon signature checking + // to be able to install addons that do not have an extid + // Security is maintained because only user whitelisted addons + // with a checksum can be installed + ${ lib.optionalString usesNixExtensions ''lockPref("xpinstall.signatures.required", false)'' }; + ${extraPrefs} + ''; + + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# + in stdenv.mkDerivation { inherit pname version; @@ -106,6 +174,7 @@ let nativeBuildInputs = [ makeWrapper lndir ]; buildInputs = lib.optional (browser ? gtk3) browser.gtk3; + buildCommand = lib.optionalString stdenv.isDarwin '' mkdir -p $out/Applications cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications @@ -117,7 +186,66 @@ let exit 1 fi - makeWrapper "$(readlink -v --canonicalize-existing "${browser}${browser.execdir or "/bin"}/${browserName}")" \ + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + # Link the runtime. The executable itself has to be copied, + # because it will resolve paths relative to its true location. + # Any symbolic links have to be replicated as well. + cd "${browser}" + find . -type d -exec mkdir -p "$out"/{} \; + + find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \; + + find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do + cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f" + chmod a+rwx "$out/$f" + done + + # fix links and absolute references + cd "${browser}" + + find . -type l -print0 | while read -d $'\0' l; do + target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")" + ln -sfT "$target" "$out/$l" + done + + # This will not patch binaries, only "text" files. + # Its there for the wrapper mostly. + cd "$out" + ${replace}/bin/replace-literal -esfR -- "${browser}" "$out" + + # create the wrapper + + executablePrefix="$out${browser.execdir or "/bin"}" + executablePath="$executablePrefix/${browserName}" + + if [ ! -x "$executablePath" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + if [ ! -L "$executablePath" ] + then + # Careful here, the file at executablePath may already be + # a wrapper. That is why we postfix it with -old instead + # of -wrapped. + oldExe="$executablePrefix"/".${browserName}"-old + mv "$executablePath" "$oldExe" + else + oldExe="$(readlink -v --canonicalize-existing "$executablePath")" + fi + + if [ ! -x "${browser}${browser.execdir or "/bin"}/${browserName}" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + makeWrapper "$oldExe" \ "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ --suffix LD_LIBRARY_PATH ':' "$libs" \ @@ -137,6 +265,11 @@ let --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' '' } + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# if [ -e "${browser}/share/icons" ]; then mkdir -p "$out/share" @@ -166,6 +299,43 @@ let # For manpages, in case the program supplies them mkdir -p $out/nix-support echo ${browser} > $out/nix-support/propagated-user-env-packages + + + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + # user customization + mkdir -p $out/lib/${firefoxLibName} + + # creating policies.json + mkdir -p "$out/lib/${firefoxLibName}/distribution" + + POL_PATH="$out/lib/${firefoxLibName}/distribution/policies.json" + rm -f "$POL_PATH" + cat ${policiesJson} >> "$POL_PATH" + + # preparing for autoconfig + mkdir -p "$out/lib/${firefoxLibName}/defaults/pref" + + cat > "$out/lib/${firefoxLibName}/defaults/pref/autoconfig.js" <<EOF + pref("general.config.filename", "mozilla.cfg"); + pref("general.config.obscure_value", 0); + EOF + + cat > "$out/lib/${firefoxLibName}/mozilla.cfg" < ${mozillaCfg} + + mkdir -p $out/lib/${firefoxLibName}/distribution/extensions + + for i in ${toString extensions}; do + ln -s -t $out/lib/${firefoxLibName}/distribution/extensions $i/* + done + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# ''; preferLocalBuild = true; |