commit c4c81ac8a219e8725dae514f49c7c1b960632e67

pyrox.dev / nixpkgs

lol

buildMozillaMach: support disabling extension signing enforcement

Previously, derivations specified the environment variable themselves,
which did not actually disable signing enforcement.

Infinidoge 2 years ago c4c81ac8 377f9c29

+11 -13

4 changed files

expand all

unified split

pkgs

applications

networking

browsers

firefox

common.nix

packages.nix

wrapper.nix

librewolf

default.nix

pkgs/applications/networking/browsers/firefox/common.nix

··· 6 , application ? "browser" 7 , applicationName ? "Mozilla Firefox" 8 , branding ? null 9 , src 10 , unpackPhase ? null 11 , extraPatches ? [] ··· 367 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 368 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 369 export MOZILLA_OFFICIAL=1 370 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 371 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 372 # TODO: Default vm.max_map_count has been increased, retest without this

··· 6 , application ? "browser" 7 , applicationName ? "Mozilla Firefox" 8 , branding ? null 9 + , requireSigning ? true 10 , src 11 , unpackPhase ? null 12 , extraPatches ? [] ··· 368 configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") 369 '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' 370 export MOZILLA_OFFICIAL=1 371 + '' + lib.optionalString (!requireSigning) '' 372 + export MOZ_REQUIRE_SIGNING= 373 '' + lib.optionalString stdenv.hostPlatform.isMusl '' 374 # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator 375 # TODO: Default vm.max_map_count has been increased, retest without this

+3 -4

pkgs/applications/networking/browsers/firefox/packages.nix

··· 54 }; 55 }; 56 57 - firefox-devedition = (buildMozillaMach rec { 58 pname = "firefox-devedition"; 59 version = "116.0b3"; 60 applicationName = "Mozilla Firefox Developer Edition"; 61 branding = "browser/branding/aurora"; 62 src = fetchurl { 63 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 81 versionSuffix = "b[0-9]*"; 82 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 83 }; 84 - }).overrideAttrs (prev: { 85 - env.MOZ_REQUIRE_SIGNING = ""; 86 - }); 87 88 firefox-esr-102 = buildMozillaMach rec { 89 pname = "firefox-esr-102";

··· 54 }; 55 }; 56 57 + firefox-devedition = buildMozillaMach rec { 58 pname = "firefox-devedition"; 59 version = "116.0b3"; 60 applicationName = "Mozilla Firefox Developer Edition"; 61 + requireSigning = false; 62 branding = "browser/branding/aurora"; 63 src = fetchurl { 64 url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; ··· 82 versionSuffix = "b[0-9]*"; 83 baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; 84 }; 85 + }; 86 87 firefox-esr-102 = buildMozillaMach rec { 88 pname = "firefox-esr-102";

+2 -5

pkgs/applications/networking/browsers/firefox/wrapper.nix

··· 102 103 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 104 105 - requiresSigning = browser ? MOZ_REQUIRE_SIGNING 106 - -> toString browser.MOZ_REQUIRE_SIGNING != ""; 107 - 108 # Check that every extension has a unqiue .name attribute 109 # and an extid attribute 110 extensions = if nameArray != (lib.unique nameArray) then 111 throw "Firefox addon name needs to be unique" 112 - else if requiresSigning && !lib.hasSuffix "esr" browser.name then 113 - throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)" 114 else builtins.map (a: 115 if ! (builtins.hasAttr "extid" a) then 116 throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"

··· 102 103 nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); 104 105 # Check that every extension has a unqiue .name attribute 106 # and an extid attribute 107 extensions = if nameArray != (lib.unique nameArray) then 108 throw "Firefox addon name needs to be unique" 109 + else if browser.requireSigning then 110 + throw "Nix addons are only supported with signature enforcement disabled" 111 else builtins.map (a: 112 if ! (builtins.hasAttr "extid" a) then 113 throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"

+3 -4

pkgs/applications/networking/browsers/librewolf/default.nix

··· 3 let 4 librewolf-src = callPackage ./librewolf.nix { }; 5 in 6 - ((buildMozillaMach rec { 7 pname = "librewolf"; 8 applicationName = "LibreWolf"; 9 binaryName = "librewolf"; 10 version = librewolf-src.packageVersion; 11 src = librewolf-src.firefox; 12 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 13 14 meta = { ··· 29 }).override { 30 crashreporterSupport = false; 31 enableOfficialBranding = false; 32 - }).overrideAttrs (prev: { 33 - MOZ_REQUIRE_SIGNING = ""; 34 - })

··· 3 let 4 librewolf-src = callPackage ./librewolf.nix { }; 5 in 6 + (buildMozillaMach rec { 7 pname = "librewolf"; 8 applicationName = "LibreWolf"; 9 binaryName = "librewolf"; 10 version = librewolf-src.packageVersion; 11 src = librewolf-src.firefox; 12 + requireSigning = false; 13 inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; 14 15 meta = { ··· 30 }).override { 31 crashreporterSupport = false; 32 enableOfficialBranding = false; 33 + }