commit c423e3dda75c4256081ffa04ab293f32ce2a7df9

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #244591 from Infinidoge/fix/firefox-signing

buildMozillaMach: add options to disable signing requirement and to enable addon sideloading

authored by

Martin Weinelt and committed by

GitHub 2 years ago c423e3dd c3d775de

+15 -14

4 changed files

expand all

unified split

pkgs

applications

networking

browsers

firefox

common.nix

packages.nix

wrapper.nix

librewolf

default.nix

pkgs/applications/networking/browsers/firefox/common.nix

··· 7 7 , application ? "browser" 8 8 , applicationName ? "Mozilla Firefox" 9 9 , branding ? null 10 + , requireSigning ? true 11 + , allowAddonSideload ? false 10 12 , src 11 13 , unpackPhase ? null 12 14 , extraPatches ? [] ··· 367 369 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 368 370 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 369 371 export MOZILLA_OFFICIAL=1 372 + '' + lib.optionalString (!requireSigning) '' 373 + export MOZ_REQUIRE_SIGNING= 370 374 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 371 375 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 372 376 # TODO: Default vm.max_map_count has been increased, retest without this ··· 408 412 # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204 409 413 ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack" 410 414 ++ lib.optional (!drmSupport) "--disable-eme" 415 + ++ lib.optional (allowAddonSideload) "--allow-addon-sideload" 411 416 ++ [ 412 417 (enableFeature alsaSupport "alsa") 413 418 (enableFeature crashreporterSupport "crashreporter")

+3 -4

pkgs/applications/networking/browsers/firefox/packages.nix

··· 56 56 }; 57 57 }; 58 58 59 - firefox-devedition = (buildMozillaMach rec { 59 + firefox-devedition = buildMozillaMach rec { 60 60 pname = "firefox-devedition"; 61 61 version = "120.0b9"; 62 62 applicationName = "Mozilla Firefox Developer Edition"; 63 + requireSigning = false; 63 64 branding = "browser/branding/aurora"; 64 65 src = fetchurl { 65 66 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 84 85 versionSuffix = "b[0-9]*"; 85 86 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 86 87 }; 87 - }).overrideAttrs (prev: { 88 - env.MOZ_REQUIRE_SIGNING = ""; 89 - }); 88 + }; 90 89 91 90 firefox-esr-115 = buildMozillaMach rec { 92 91 pname = "firefox-esr-115";

+3 -6

pkgs/applications/networking/browsers/firefox/wrapper.nix

··· 115 115 116 116 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 117 117 118 - requiresSigning = browser ? MOZ_REQUIRE_SIGNING 119 - -> toString browser.MOZ_REQUIRE_SIGNING != ""; 120 - 121 118 # Check that every extension has a unqiue .name attribute 122 119 # and an extid attribute 123 120 extensions = if nameArray != (lib.unique nameArray) then 124 121 throw "Firefox addon name needs to be unique" 125 - else if requiresSigning && !lib.hasSuffix "esr" browser.name then 126 - throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)" 122 + else if browser.requireSigning || !browser.allowAddonSideload then 123 + throw "Nix addons are only supported with signature enforcement disabled and addon sideloading enabled (eg. LibreWolf)" 127 124 else builtins.map (a: 128 125 if ! (builtins.hasAttr "extid" a) then 129 - throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" 126 + throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchFirefoxAddon" 130 127 else 131 128 a 132 129 ) (lib.optionals usesNixExtensions nixExtensions);

+4 -4

pkgs/applications/networking/browsers/librewolf/default.nix

··· 3 3 let 4 4 librewolf-src = callPackage ./librewolf.nix { }; 5 5 in 6 - ((buildMozillaMach rec { 6 + (buildMozillaMach rec { 7 7 pname = "librewolf"; 8 8 applicationName = "LibreWolf"; 9 9 binaryName = "librewolf"; 10 10 version = librewolf-src.packageVersion; 11 11 src = librewolf-src.firefox; 12 + requireSigning = false; 13 + allowAddonSideload = true; 12 14 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 13 15 14 16 meta = { ··· 30 32 }).override { 31 33 crashreporterSupport = false; 32 34 enableOfficialBranding = false; 33 - }).overrideAttrs (prev: { 34 - MOZ_REQUIRE_SIGNING = ""; 35 - }) 35 + }