commit c423e3dda75c4256081ffa04ab293f32ce2a7df9

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #244591 from Infinidoge/fix/firefox-signing

buildMozillaMach: add options to disable signing requirement and to enable addon sideloading

authored by

Martin Weinelt and committed by

GitHub 2 years ago c423e3dd c3d775de

+15 -14

4 changed files

expand all

unified split

pkgs

applications

networking

browsers

firefox

common.nix

packages.nix

wrapper.nix

librewolf

default.nix

pkgs/applications/networking/browsers/firefox/common.nix

··· 7 , application ? "browser" 8 , applicationName ? "Mozilla Firefox" 9 , branding ? null 10 , src 11 , unpackPhase ? null 12 , extraPatches ? [] ··· 367 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 368 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 369 export MOZILLA_OFFICIAL=1 370 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 371 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 372 # TODO: Default vm.max_map_count has been increased, retest without this ··· 408 # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204 409 ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack" 410 ++ lib.optional (!drmSupport) "--disable-eme" 411 ++ [ 412 (enableFeature alsaSupport "alsa") 413 (enableFeature crashreporterSupport "crashreporter")

··· 7 , application ? "browser" 8 , applicationName ? "Mozilla Firefox" 9 , branding ? null 10 + , requireSigning ? true 11 + , allowAddonSideload ? false 12 , src 13 , unpackPhase ? null 14 , extraPatches ? [] ··· 369 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 370 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 371 export MOZILLA_OFFICIAL=1 372 + '' + lib.optionalString (!requireSigning) '' 373 + export MOZ_REQUIRE_SIGNING= 374 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 375 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 376 # TODO: Default vm.max_map_count has been increased, retest without this ··· 412 # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204 413 ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack" 414 ++ lib.optional (!drmSupport) "--disable-eme" 415 + ++ lib.optional (allowAddonSideload) "--allow-addon-sideload" 416 ++ [ 417 (enableFeature alsaSupport "alsa") 418 (enableFeature crashreporterSupport "crashreporter")

+3 -4

pkgs/applications/networking/browsers/firefox/packages.nix

··· 56 }; 57 }; 58 59 - firefox-devedition = (buildMozillaMach rec { 60 pname = "firefox-devedition"; 61 version = "120.0b9"; 62 applicationName = "Mozilla Firefox Developer Edition"; 63 branding = "browser/branding/aurora"; 64 src = fetchurl { 65 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 84 versionSuffix = "b[0-9]*"; 85 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 86 }; 87 - }).overrideAttrs (prev: { 88 - env.MOZ_REQUIRE_SIGNING = ""; 89 - }); 90 91 firefox-esr-115 = buildMozillaMach rec { 92 pname = "firefox-esr-115";

··· 56 }; 57 }; 58 59 + firefox-devedition = buildMozillaMach rec { 60 pname = "firefox-devedition"; 61 version = "120.0b9"; 62 applicationName = "Mozilla Firefox Developer Edition"; 63 + requireSigning = false; 64 branding = "browser/branding/aurora"; 65 src = fetchurl { 66 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 85 versionSuffix = "b[0-9]*"; 86 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 87 }; 88 + }; 89 90 firefox-esr-115 = buildMozillaMach rec { 91 pname = "firefox-esr-115";

+3 -6

pkgs/applications/networking/browsers/firefox/wrapper.nix

··· 115 116 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 117 118 - requiresSigning = browser ? MOZ_REQUIRE_SIGNING 119 - -> toString browser.MOZ_REQUIRE_SIGNING != ""; 120 - 121 # Check that every extension has a unqiue .name attribute 122 # and an extid attribute 123 extensions = if nameArray != (lib.unique nameArray) then 124 throw "Firefox addon name needs to be unique" 125 - else if requiresSigning && !lib.hasSuffix "esr" browser.name then 126 - throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)" 127 else builtins.map (a: 128 if ! (builtins.hasAttr "extid" a) then 129 - throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" 130 else 131 a 132 ) (lib.optionals usesNixExtensions nixExtensions);

··· 115 116 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 117 118 # Check that every extension has a unqiue .name attribute 119 # and an extid attribute 120 extensions = if nameArray != (lib.unique nameArray) then 121 throw "Firefox addon name needs to be unique" 122 + else if browser.requireSigning || !browser.allowAddonSideload then 123 + throw "Nix addons are only supported with signature enforcement disabled and addon sideloading enabled (eg. LibreWolf)" 124 else builtins.map (a: 125 if ! (builtins.hasAttr "extid" a) then 126 + throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchFirefoxAddon" 127 else 128 a 129 ) (lib.optionals usesNixExtensions nixExtensions);

+4 -4

pkgs/applications/networking/browsers/librewolf/default.nix

··· 3 let 4 librewolf-src = callPackage ./librewolf.nix { }; 5 in 6 - ((buildMozillaMach rec { 7 pname = "librewolf"; 8 applicationName = "LibreWolf"; 9 binaryName = "librewolf"; 10 version = librewolf-src.packageVersion; 11 src = librewolf-src.firefox; 12 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 13 14 meta = { ··· 30 }).override { 31 crashreporterSupport = false; 32 enableOfficialBranding = false; 33 - }).overrideAttrs (prev: { 34 - MOZ_REQUIRE_SIGNING = ""; 35 - })

··· 3 let 4 librewolf-src = callPackage ./librewolf.nix { }; 5 in 6 + (buildMozillaMach rec { 7 pname = "librewolf"; 8 applicationName = "LibreWolf"; 9 binaryName = "librewolf"; 10 version = librewolf-src.packageVersion; 11 src = librewolf-src.firefox; 12 + requireSigning = false; 13 + allowAddonSideload = true; 14 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 15 16 meta = { ··· 32 }).override { 33 crashreporterSupport = false; 34 enableOfficialBranding = false; 35 + }