diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index d57839b0e4b6..cace1829ccc5 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -15,7 +15,9 @@ , rust-cbindgen, nodejs, nasm, fetchpatch , gnum4 , gtk3, wrapGAppsHook +, pkgsCross , debugBuild ? false +, runCommand ### optionals @@ -121,6 +123,15 @@ let }) else stdenv; + # Compile the wasm32 sysroot to build the RLBox Sandbox + # https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ + # We only link c++ libs here, our compiler wrapper can find wasi libc and crt itself. + wasiSysRoot = runCommand "wasi-sysroot" {} '' + mkdir -p $out/lib/wasm32-wasi + for lib in ${pkgsCross.wasi32.llvmPackages.libcxx}/lib/* ${pkgsCross.wasi32.llvmPackages.libcxxabi}/lib/*; do + ln -s $lib $out/lib/wasm32-wasi + done + ''; in buildStdenv.mkDerivation ({ @@ -213,7 +224,11 @@ buildStdenv.mkDerivation ({ configureScript="$(realpath ./mach) configure" export MOZBUILD_STATE_PATH=$(pwd)/mozbuild - '' + (lib.optionalString googleAPISupport '' + '' + (lib.optionalString (lib.versionAtLeast version "95.0") '' + # RBox WASM Sandboxing + export WASM_CC=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}cc + export WASM_CXX=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}c++ + '') + (lib.optionalString googleAPISupport '' # Google API key used by Chromium and Firefox. # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, # please get your own set of keys. @@ -258,6 +273,7 @@ buildStdenv.mkDerivation ({ ++ lib.optional ltoSupport "--enable-lto=cross" # Cross-language LTO. ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack" ++ lib.optional (ltoSupport && !buildStdenv.isDarwin) "--enable-linker=lld" + ++ lib.optional (lib.versionAtLeast version "95") "--with-wasi-sysroot=${wasiSysRoot}" ++ flag alsaSupport "alsa" ++ flag pulseaudioSupport "pulseaudio" @@ -277,7 +293,6 @@ buildStdenv.mkDerivation ({ ++ lib.optionals enableDebugSymbols [ "--disable-strip" "--disable-install-strip" ] ++ lib.optional enableOfficialBranding "--enable-official-branding" - ++ lib.optional (lib.versionAtLeast version "95") "--without-wasm-sandboxed-libraries" ++ extraConfigureFlags; postConfigure = '' @@ -356,6 +371,7 @@ buildStdenv.mkDerivation ({ inherit applicationName; inherit tests; inherit gtk3; + inherit wasiSysRoot; } // extraPassthru; hardeningDisable = [ "format" ]; # -Werror=format-security diff --git a/pkgs/development/libraries/wasilibc/default.nix b/pkgs/development/libraries/wasilibc/default.nix index 56ed7367b2b2..e8436f9e9565 100644 --- a/pkgs/development/libraries/wasilibc/default.nix +++ b/pkgs/development/libraries/wasilibc/default.nix @@ -1,14 +1,27 @@ -{ stdenv, fetchFromGitHub, lib }: +{ stdenv, buildPackages, fetchFromGitHub, lib }: stdenv.mkDerivation { pname = "wasilibc"; - version = "20190712"; - src = fetchFromGitHub { - owner = "CraneStation"; + version = "unstable-2021-09-23"; + + src = buildPackages.fetchFromGitHub { + owner = "WebAssembly"; repo = "wasi-libc"; - rev = "8df0d4cd6a559b58d4a34b738a5a766b567448cf"; - sha256 = "1n4gvgzacpagar2mx8g9950q0brnhwz7jg2q44sa5mnjmlnkiqhh"; + rev = "ad5133410f66b93a2381db5b542aad5e0964db96"; + hash = "sha256-RiIClVXrb18jF9qCt+5iALHPCZKYcnad7JsILHBV0pA="; + fetchSubmodules = true; }; + + # clang-13: error: argument unused during compilation: '-rtlib=compiler-rt' [-Werror,-Wunused-command-line-argument] + postPatch = '' + substituteInPlace Makefile \ + --replace "-Werror" "" + ''; + + preBuild = '' + export NIX_CFLAGS_COMPILE="-I$(pwd)/sysroot/include $NIX_CFLAGS_COMPILE" + ''; + makeFlags = [ "WASM_CC=${stdenv.cc.targetPrefix}cc" "WASM_NM=${stdenv.cc.targetPrefix}nm" @@ -16,6 +29,8 @@ stdenv.mkDerivation { "INSTALL_DIR=${placeholder "out"}" ]; + enableParallelBuilding = true; + postInstall = '' mv $out/lib/*/* $out/lib ln -s $out/share/wasm32-wasi/undefined-symbols.txt $out/lib/wasi.imports @@ -23,9 +38,9 @@ stdenv.mkDerivation { meta = with lib; { description = "WASI libc implementation for WebAssembly"; - homepage = "https://wasi.dev"; - platforms = platforms.wasi; - maintainers = [ maintainers.matthewbauer ]; + homepage = "https://wasi.dev"; + platforms = platforms.wasi; + maintainers = with maintainers; [ matthewbauer ]; license = with licenses; [ asl20 mit llvm-exception ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 75d176f68c78..ee621a3c85ce 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12908,7 +12908,7 @@ with pkgs; else if platform.isFreeBSD then 7 else if platform.isAndroid then 12 else if platform.isLinux then 11 - else if platform.isWasm then 8 + else if platform.isWasm then 12 else latest_version; # We take the "max of the mins". Why? Since those are lower bounds of the # supported version set, this is like intersecting those sets and then