diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/firefox')
5 files changed, 65 insertions, 101 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix index 817d17e8fad..78ee2134908 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix @@ -2,13 +2,13 @@ , src, unpackPhase ? null, patches ? [] , extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] }: -{ lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL +{ lib, stdenv, pkgconfig, pango, perl, python2, python3, zip , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg , freetype, fontconfig, file, nspr, nss, libnotify , yasm, libGLU, libGL, sqlite, unzip, makeWrapper , hunspell, libXdamage, libevent, libstartup_notification -, libvpx, libvpx_1_8 -, icu, libpng, jemalloc, glib +, libvpx_1_8 +, icu67, libpng, jemalloc, glib , autoconf213, which, gnused, cargo, rustc, llvmPackages , rust-cbindgen, nodejs, nasm, fetchpatch , debugBuild ? false @@ -51,7 +51,7 @@ # https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we # have permission to use the official firefox branding. # -# Fur purposes of documentation the statement of @sylvestre: +# For purposes of documentation the statement of @sylvestre: # > As the person who did part of the work described in the LWN article # > and release manager working for Mozilla, I can confirm the statement # > that I made in @@ -94,11 +94,6 @@ stdenv.mkDerivation ({ patches = [ ./env_var_for_system_dir.patch - # Fix for NSS 3.52 (add missing CK_GCM_PARMS field) - (fetchpatch { - url = "https://hg.mozilla.org/mozilla-central/raw-rev/463069687b3d"; - sha256 = "00yhz67flnkww3rbry0kqn6z6bm7vxfb2sgf7qikgbjcm3ysvpsm"; - }) ] ++ patches; @@ -109,23 +104,21 @@ stdenv.mkDerivation ({ patchFlags = [ "-p1" "-l" ]; buildInputs = [ - gtk2 perl zip libIDL libjpeg zlib bzip2 + gtk2 perl zip libjpeg zlib bzip2 dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file libnotify xorg.pixman yasm libGLU libGL - xorg.libXScrnSaver xorg.xorgproto + xorg.xorgproto xorg.libXext unzip makeWrapper libevent libstartup_notification /* cairo */ - icu libpng jemalloc glib - nasm + libpng jemalloc glib + nasm icu67 libvpx_1_8 # >= 66 requires nasm for the AV1 lib dav1d # yasm can potentially be removed in future versions # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ nspr nss ] - ++ lib.optionals (lib.versionOlder ffversion "75") [ libvpx sqlite ] - ++ lib.optional (lib.versionAtLeast ffversion "75.0") libvpx_1_8 ++ lib.optional alsaSupport alsaLib ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed ++ lib.optional gtk3Support gtk3 @@ -135,16 +128,21 @@ stdenv.mkDerivation ({ AVFoundation MediaToolbox CoreLocation Foundation libobjc AddressBook cups ]; - NIX_CFLAGS_COMPILE = toString ([ + NIX_CFLAGS_COMPILE = toString [ "-I${glib.dev}/include/gio-unix-2.0" "-I${nss.dev}/include/nss" - ] - ++ lib.optional (pname == "firefox-esr" && lib.versionOlder ffversion "69") - "-Wno-error=format-security"); + ]; postPatch = '' - substituteInPlace third_party/prio/prio/rand.c --replace 'nspr/prinit.h' 'prinit.h' rm -rf obj-x86_64-pc-linux-gnu + '' + lib.optionalString (lib.versionAtLeast ffversion "80") '' + substituteInPlace dom/system/IOUtils.h \ + --replace '#include "nspr/prio.h"' '#include "prio.h"' + + substituteInPlace dom/system/IOUtils.cpp \ + --replace '#include "nspr/prio.h"' '#include "prio.h"' \ + --replace '#include "nspr/private/pprio.h"' '#include "private/pprio.h"' \ + --replace '#include "nspr/prtypes.h"' '#include "prtypes.h"' ''; nativeBuildInputs = @@ -181,9 +179,10 @@ stdenv.mkDerivation ({ # included we need to look in a few places. # TODO: generalize this process for other use-cases. - BINDGEN_CFLAGS="$(< ${stdenv.cc}/nix-support/libc-cflags) \ + BINDGEN_CFLAGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ + $(< ${stdenv.cc}/nix-support/libc-cflags) \ $(< ${stdenv.cc}/nix-support/cc-cflags) \ - ${stdenv.cc.default_cxx_stdlib_compile} \ + $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ ${lib.optionalString stdenv.cc.isGNU "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ $NIX_CFLAGS_COMPILE" @@ -206,7 +205,6 @@ stdenv.mkDerivation ({ "--enable-application=browser" "--with-system-jpeg" "--with-system-zlib" - "--with-system-bz2" "--with-system-libevent" "--with-system-libvpx" "--with-system-png" # needs APNG support @@ -214,24 +212,17 @@ stdenv.mkDerivation ({ "--enable-system-ffi" "--enable-system-pixman" #"--enable-system-cairo" - "--enable-startup-notification" - #"--enable-content-sandbox" # TODO: probably enable after 54 "--disable-tests" "--disable-necko-wifi" # maybe we want to enable this at some point "--disable-updater" "--enable-jemalloc" - "--disable-gconf" "--enable-default-toolkit=${default-toolkit}" "--with-libclang-path=${llvmPackages.libclang}/lib" "--with-clang-path=${llvmPackages.clang}/bin/clang" "--with-system-nspr" "--with-system-nss" ] - ++ lib.optional (lib.versionOlder ffversion "75") "--enable-system-sqlite" ++ lib.optional (stdenv.isDarwin) "--disable-xcode-checks" - ++ lib.optionals (lib.versionOlder ffversion "69") [ - "--enable-webrender=build" - ] ++ flag alsaSupport "alsa" ++ flag pulseaudioSupport "pulseaudio" @@ -279,6 +270,7 @@ stdenv.mkDerivation ({ patchelf --set-rpath "${lib.getLib libnotify }/lib:$(patchelf --print-rpath "$out"/lib/${binaryName}*/libxul.so)" \ "$out"/lib/${binaryName}*/libxul.so + patchelf --add-needed ${xorg.libXScrnSaver.out}/lib/libXss.so $out/lib/${binaryName}/${binaryName} ''; doInstallCheck = true; @@ -298,16 +290,13 @@ stdenv.mkDerivation ({ inherit execdir; inherit browserName; } // lib.optionalAttrs gtk3Support { inherit gtk3; }; -} // -lib.optionalAttrs (lib.versionAtLeast ffversion "74") { + hardeningDisable = [ "format" ]; # -Werror=format-security -} // -# the build system verifies checksums of the bundled rust sources -# ./third_party/rust is be patched by our libtool fixup code in stdenv -# unfortunately we can't just set this to `false` when we do not want it. -# See https://github.com/NixOS/nixpkgs/issues/77289 for more details -lib.optionalAttrs (lib.versionAtLeast ffversion "72") { + # the build system verifies checksums of the bundled rust sources + # ./third_party/rust is be patched by our libtool fixup code in stdenv + # unfortunately we can't just set this to `false` when we do not want it. + # See https://github.com/NixOS/nixpkgs/issues/77289 for more details # Ideally we would figure out how to tell the build system to not # care about changed hashes as we are already doing that when we # fetch the sources. Any further modifications of the source tree diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch deleted file mode 100644 index 7d129dc78f9..00000000000 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -ur firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp firefox-65.0/docshell/base/nsAboutRedirector.cpp ---- firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp 2019-01-23 00:48:28.988747428 +0100 -+++ firefox-65.0/docshell/base/nsAboutRedirector.cpp 2019-01-23 00:51:13.378188397 +0100 -@@ -67,8 +67,6 @@ - {"about", "chrome://global/content/aboutAbout.xhtml", 0}, - {"addons", "chrome://mozapps/content/extensions/extensions.xul", - nsIAboutModule::ALLOW_SCRIPT}, -- {"buildconfig", "chrome://global/content/buildconfig.html", -- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT}, - {"checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", - nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::ALLOW_SCRIPT}, -diff -ur firefox-65.0-orig/toolkit/content/jar.mn firefox-65.0/toolkit/content/jar.mn ---- firefox-65.0-orig/toolkit/content/jar.mn 2019-01-23 00:48:35.033372506 +0100 -+++ firefox-65.0/toolkit/content/jar.mn 2019-01-23 00:50:45.126565924 +0100 -@@ -36,7 +36,6 @@ - content/global/plugins.css - content/global/browser-child.js - content/global/browser-content.js --* content/global/buildconfig.html - content/global/buildconfig.css - content/global/contentAreaUtils.js - content/global/datepicker.xhtml diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx76.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx76.patch index 2fe30980a35..3530954ea5c 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx76.patch +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx76.patch @@ -1,3 +1,4 @@ +Remove about:buildconfig. If used as-is, it would add unnecessary runtime dependencies. diff -ur firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp firefox-65.0/docshell/base/nsAboutRedirector.cpp --- firefox-76.0.orig/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:01:29.926544735 +0200 +++ firefox-76.0/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:12:00.845035570 +0200 diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix index 092f4342e15..a024fc359d8 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix @@ -1,4 +1,4 @@ -{ config, stdenv, lib, callPackage, fetchurl }: +{ config, stdenv, lib, callPackage, fetchurl, nss_3_44 }: let common = opts: callPackage (import ./common.nix opts) {}; @@ -7,10 +7,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "76.0.1"; + ffversion = "80.0.1"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "0gnhfcgrz6022xf3vqia3s3639xa5pjp13h343d3c09mn8r919cmm6s38vzj1v3734fm25zb68acyarsp72xqq8z1420rh02b2pv38q"; + sha512 = "081sf41r7ickjij3kfrdq29a0d6wz7qv8950kx116kakh8qxgjy8ahk2mfwlcp6digrl4mimi8rl7ns1wjngsmrjh4lvqzh1xglx9cp"; }; patches = [ @@ -26,6 +26,7 @@ rec { broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory". # not in `badPlatforms` because cross-compilation on 64-bit machine might work. license = lib.licenses.mpl20; + timeout = 28800; # eight hours }; updateScript = callPackage ./update.nix { attrPath = "firefox-unwrapped"; @@ -33,44 +34,31 @@ rec { }; }; - firefox-esr-68 = common rec { + firefox-esr-78 = common rec { pname = "firefox-esr"; - ffversion = "68.8.0esr"; + ffversion = "78.2.0esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "2rl5irkamxi8caa8krj0wng93lb82kk9mf09mgci87mj9hy6fxzcrlmiiffp14s03rv0raagrn4w54pbx1336mylq6saxmfhpf676hk"; + sha512 = "1dnvr9nyvnv5dkpnjnadff38lf9r7g37gk401c1i22d661ib5xj0gm2rnz1rjyrkvzrnr6p9f7liy3i41varja00g0x1racccj1my9q"; }; patches = [ - ./no-buildconfig-ffx65.patch + ./no-buildconfig-ffx76.patch ]; - meta = firefox.meta // { + meta = { description = "A web browser built from Firefox Extended Support Release source tree"; + homepage = "http://www.mozilla.com/en-US/firefox/"; + maintainers = with lib.maintainers; [ eelco andir ]; + platforms = lib.platforms.unix; + badPlatforms = lib.platforms.darwin; + broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory". + # not in `badPlatforms` because cross-compilation on 64-bit machine might work. + license = lib.licenses.mpl20; }; updateScript = callPackage ./update.nix { - attrPath = "firefox-esr-68-unwrapped"; - versionSuffix = "esr"; + attrPath = "firefox-esr-78-unwrapped"; versionKey = "ffversion"; }; }; -} // lib.optionalAttrs (config.allowAliases or true) { - #### ALIASES - #### remove after 20.03 branchoff - - firefox-esr-52 = throw '' - firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with - open security issues. If you need it because you need to run some plugins - not having been ported to WebExtensions API, import it from an older - nixpkgs checkout still containing it. - ''; - firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues."; - - icecat = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues."; - icecat-52 = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues."; - - tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; - tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; - tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; - } diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix index 52773bf291a..424c45d305e 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -2,7 +2,7 @@ ## various stuff that can be plugged in , flashplayer, hal-flash -, ffmpeg_4, xorg, libpulseaudio, libcanberra-gtk2, libglvnd +, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2, libglvnd , gnome3/*.gnome-shell*/ , browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow , tridactyl-native @@ -10,6 +10,7 @@ , udev , kerberos , libva +, mesa # firefox wants gbm for drm+dmabuf }: ## configurability of the wrapper itself @@ -26,11 +27,13 @@ let , nameSuffix ? "" , icon ? browserName , extraNativeMessagingHosts ? [] - , gdkWayland ? false + , pkcs11Modules ? [] + , forceWayland ? false + , useGlvnd ? true , cfg ? config.${browserName} or {} }: - assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used + assert forceWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used let enableAdobeFlash = cfg.enableAdobeFlash or false; @@ -65,14 +68,15 @@ let ++ lib.optional (cfg.enableFXCastBridge or false) fx_cast_bridge ++ extraNativeMessagingHosts ); - libs = lib.optionals stdenv.isLinux [ udev libva ] - ++ lib.optional ffmpegSupport ffmpeg_4 + libs = lib.optionals stdenv.isLinux [ udev libva mesa ] + ++ lib.optional ffmpegSupport ffmpeg ++ lib.optional gssSupport kerberos - ++ lib.optional gdkWayland libglvnd + ++ lib.optional useGlvnd libglvnd ++ lib.optionals (cfg.enableQuakeLive or false) (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ]) ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash - ++ lib.optional (config.pulseaudio or true) libpulseaudio; + ++ lib.optional (config.pulseaudio or true) libpulseaudio + ++ pkcs11Modules; gtk_modules = [ libcanberra-gtk2 ]; in stdenv.mkDerivation { @@ -83,9 +87,9 @@ let exec = "${browserName}${nameSuffix} %U"; inherit icon; comment = ""; - desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}"; + desktopName = "${desktopName}${nameSuffix}${lib.optionalString forceWayland " (Wayland)"}"; genericName = "Web Browser"; - categories = "Application;Network;WebBrowser;"; + categories = "Network;WebBrowser;"; mimeType = stdenv.lib.concatStringsSep ";" [ "text/html" "text/xml" @@ -124,8 +128,8 @@ let --set SNAP_NAME "firefox" \ --set MOZ_LEGACY_PROFILES 1 \ --set MOZ_ALLOW_DOWNGRADE 1 \ - ${lib.optionalString gdkWayland '' - --set GDK_BACKEND "wayland" \ + ${lib.optionalString forceWayland '' + --set MOZ_ENABLE_WAYLAND "1" \ ''}${lib.optionalString (browser ? gtk3) ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' @@ -152,6 +156,11 @@ let ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/* done + mkdir -p $out/lib/mozilla/pkcs11-modules + for ext in ${toString pkcs11Modules}; do + ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/* + done + # For manpages, in case the program supplies them mkdir -p $out/nix-support echo ${browser} > $out/nix-support/propagated-user-env-packages |