pyrox.dev / nixpkgs
lol
fork atom

buildMozillaMach: support disabling extension signing enforcement

Previously, derivations specified the environment variable themselves,
which did not actually disable signing enforcement.

Infinidoge c4c81ac8 377f9c29

+11 -13
unified split
+3
pkgs/applications/networking/browsers/firefox/common.nix
··· 6 6 , application ? "browser" 7 7 , applicationName ? "Mozilla Firefox" 8 8 , branding ? null 9 + , requireSigning ? true 9 10 , src 10 11 , unpackPhase ? null 11 12 , extraPatches ? [] ··· 367 368 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 368 369 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 369 370 export MOZILLA_OFFICIAL=1 371 + '' + lib.optionalString (!requireSigning) '' 372 + export MOZ_REQUIRE_SIGNING= 370 373 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 371 374 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 372 375 # TODO: Default vm.max_map_count has been increased, retest without this
+3 -4
pkgs/applications/networking/browsers/firefox/packages.nix
··· 54 54 }; 55 55 }; 56 56 57 - firefox-devedition = (buildMozillaMach rec { 57 + firefox-devedition = buildMozillaMach rec { 58 58 pname = "firefox-devedition"; 59 59 version = "116.0b3"; 60 60 applicationName = "Mozilla Firefox Developer Edition"; 61 + requireSigning = false; 61 62 branding = "browser/branding/aurora"; 62 63 src = fetchurl { 63 64 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 81 82 versionSuffix = "b[0-9]*"; 82 83 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 83 84 }; 84 - }).overrideAttrs (prev: { 85 - env.MOZ_REQUIRE_SIGNING = ""; 86 - }); 85 + }; 87 86 88 87 firefox-esr-102 = buildMozillaMach rec { 89 88 pname = "firefox-esr-102";
+2 -5
pkgs/applications/networking/browsers/firefox/wrapper.nix
··· 102 102 103 103 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 104 104 105 - requiresSigning = browser ? MOZ_REQUIRE_SIGNING 106 - -> toString browser.MOZ_REQUIRE_SIGNING != ""; 107 - 108 105 # Check that every extension has a unqiue .name attribute 109 106 # and an extid attribute 110 107 extensions = if nameArray != (lib.unique nameArray) then 111 108 throw "Firefox addon name needs to be unique" 112 - else if requiresSigning && !lib.hasSuffix "esr" browser.name then 113 - throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)" 109 + else if browser.requireSigning then 110 + throw "Nix addons are only supported with signature enforcement disabled" 114 111 else builtins.map (a: 115 112 if ! (builtins.hasAttr "extid" a) then 116 113 throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
+3 -4
pkgs/applications/networking/browsers/librewolf/default.nix
··· 3 3 let 4 4 librewolf-src = callPackage ./librewolf.nix { }; 5 5 in 6 - ((buildMozillaMach rec { 6 + (buildMozillaMach rec { 7 7 pname = "librewolf"; 8 8 applicationName = "LibreWolf"; 9 9 binaryName = "librewolf"; 10 10 version = librewolf-src.packageVersion; 11 11 src = librewolf-src.firefox; 12 + requireSigning = false; 12 13 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 13 14 14 15 meta = { ··· 29 30 }).override { 30 31 crashreporterSupport = false; 31 32 enableOfficialBranding = false; 32 - }).overrideAttrs (prev: { 33 - MOZ_REQUIRE_SIGNING = ""; 34 - }) 33 + }