JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #151439 from squalus/librewolf

Browse Source
This commit is contained in:
Martin Weinelt 2022-02-12 21:50:18 +01:00 committed by GitHub
commit 71c8bbe7ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 189 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -1,7 +1,8 @@
{ pname, version, meta, updateScript ? null { pname, version, meta, updateScript ? null
, binaryName ? "firefox", application ? "browser" , binaryName ? "firefox", application ? "browser"
, src, unpackPhase ? null, patches ? [] , src, unpackPhase ? null, patches ? []
, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? [] }: , extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? []
, extraPostPatch ? "", extraPassthru ? {} }:
{ lib, stdenv, pkg-config, pango, perl, python3, zip { lib, stdenv, pkg-config, pango, perl, python3, zip
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
@ -177,7 +178,7 @@ buildStdenv.mkDerivation ({
--replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so' --replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
patchShebangs mach patchShebangs mach
''; '' + extraPostPatch;
nativeBuildInputs = nativeBuildInputs =
[ [
@ -374,7 +375,7 @@ buildStdenv.mkDerivation ({
inherit applicationName; inherit applicationName;
inherit tests; inherit tests;
inherit gtk3; inherit gtk3;
}; } // extraPassthru;
hardeningDisable = [ "format" ]; # -Werror=format-security hardeningDisable = [ "format" ]; # -Werror=format-security

41
pkgs/applications/networking/browsers/firefox/librewolf/default.nix Normal file
View File

@ -0,0 +1,41 @@
{ callPackage, git }:
let
src = callPackage ./src.nix { };
in
rec {
inherit (src) packageVersion firefox source;
patches = [ ./verify-telemetry-macros.patch ];
extraConfigureFlags = [
"--with-app-name=librewolf"
"--with-app-basename=LibreWolf"
"--with-branding=browser/branding/librewolf"
"--with-distribution-id=io.gitlab.librewolf-community"
"--with-unsigned-addon-scopes=app,system"
"--allow-addon-sideload"
];
extraPostPatch = ''
while read patch_name; do
echo "applying LibreWolf patch: $patch_name"
patch -p1 < ${source}/$patch_name
done <${source}/assets/patches.txt
cp -r ${source}/themes/browser .
cp ${source}/assets/search-config.json services/settings/dumps/main/search-config.json
sed -i '/MOZ_SERVICES_HEALTHREPORT/ s/True/False/' browser/moz.configure
sed -i '/MOZ_NORMANDY/ s/True/False/' browser/moz.configure
'';
extraPrefsFiles = [ "${source}/submodules/settings/librewolf.cfg" ];
extraPoliciesFiles = [ "${source}/submodules/settings/distribution/policies.json" ];
extraPassthru = {
librewolf = { inherit src patches; };
inherit extraPrefsFiles extraPoliciesFiles;
};
}

11
pkgs/applications/networking/browsers/firefox/librewolf/src.json Normal file
View File

@ -0,0 +1,11 @@
{
"packageVersion": "97.0-2",
"source": {
"rev": "97.0-2",
"sha256": "00fb7xr6hrcyh3s7g52fs6f7a1iggpibj0xafblnl7118fh73g25"
},
"firefox": {
"version": "97.0",
"sha512": "a913695a42cb06ee9bda2a20e65cc573e40ca93e9f75b7ee0a43ebd1935b371e7e80d5fc8d5f126ad0712ab848635a8624bbeed43807e5c179537aa32c884186"
}
}

18
pkgs/applications/networking/browsers/firefox/librewolf/src.nix Normal file
View File

@ -0,0 +1,18 @@
{ fetchurl, fetchFromGitLab }:
let src = builtins.fromJSON (builtins.readFile ./src.json);
in
{
inherit (src) packageVersion;
source = fetchFromGitLab {
owner = "librewolf-community";
repo = "browser/source";
fetchSubmodules = true;
inherit (src.source) rev sha256;
};
firefox = fetchurl {
url =
"mirror://mozilla/firefox/releases/${src.firefox.version}/source/firefox-${src.firefox.version}.source.tar.xz";
inherit (src.firefox) sha512;
};
}

65
pkgs/applications/networking/browsers/firefox/librewolf/update.nix Normal file
View File

@ -0,0 +1,65 @@
{ writeScript
, lib
, coreutils
, gnused
, gnugrep
, curl
, gnupg
, jq
, nix-prefetch-git
, moreutils
, runtimeShell
, ...
}:
writeScript "update-librewolf" ''
#!${runtimeShell}
PATH=${lib.makeBinPath [ coreutils curl gnugrep gnupg gnused jq moreutils nix-prefetch-git ]}
set -euo pipefail
latestTag=$(curl https://gitlab.com/api/v4/projects/librewolf-community%2Fbrowser%2Fsource/repository/tags?per_page=1 | jq -r .[0].name)
echo "latestTag=$latestTag"
srcJson=pkgs/applications/networking/browsers/firefox/librewolf/src.json
localRev=$(jq -r .source.rev < $srcJson)
echo "localRev=$localRev"
if [ "$localRev" == "$latestTag" ]; then
exit 0
fi
prefetchOut=$(mktemp)
repoUrl=https://gitlab.com/librewolf-community/browser/source.git/
nix-prefetch-git $repoUrl --quiet --rev $latestTag --fetch-submodules > $prefetchOut
srcDir=$(jq -r .path < $prefetchOut)
srcHash=$(jq -r .sha256 < $prefetchOut)
ffVersion=$(<$srcDir/version)
lwRelease=$(<$srcDir/release)
lwVersion="$ffVersion-$lwRelease"
echo "lwVersion=$lwVersion"
echo "ffVersion=$ffVersion"
if [ "$lwVersion" != "$latestTag" ]; then
echo "error: Tag name does not match the computed LibreWolf version"
exit 1
fi
HOME=$(mktemp -d)
export GNUPGHOME=$(mktemp -d)
gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
mozillaUrl=https://archive.mozilla.org/pub/firefox/releases/
curl --silent --show-error -o "$HOME"/shasums "$mozillaUrl$ffVersion/SHA512SUMS"
curl --silent --show-error -o "$HOME"/shasums.asc "$mozillaUrl$ffVersion/SHA512SUMS.asc"
gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums
ffHash=$(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o)
echo "ffHash=$ffHash"
jq ".source.rev = \"$latestTag\"" $srcJson | sponge $srcJson
jq ".source.sha256 = \"$srcHash\"" $srcJson | sponge $srcJson
jq ".firefox.version = \"$ffVersion\"" $srcJson | sponge $srcJson
jq ".firefox.sha512 = \"$ffHash\"" $srcJson | sponge $srcJson
jq ".packageVersion = \"$lwVersion\"" $srcJson | sponge $srcJson
''

25
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -54,4 +54,29 @@ rec {
versionSuffix = "esr"; versionSuffix = "esr";
}; };
}; };
librewolf =
let
librewolf-src = callPackage ./librewolf { };
in
(common rec {
pname = "librewolf";
binaryName = "librewolf";
version = librewolf-src.packageVersion;
src = librewolf-src.firefox;
inherit (librewolf-src) extraConfigureFlags extraPostPatch extraPassthru;
meta = {
description = "A fork of Firefox, focused on privacy, security and freedom";
homepage = "https://librewolf.net/";
maintainers = with lib.maintainers; [ squalus ];
inherit (firefox.meta) platforms badPlatforms broken maxSilent license;
};
updateScript = callPackage ./librewolf/update.nix {
attrPath = "librewolf-unwrapped";
};
}).override {
crashreporterSupport = false;
enableOfficialBranding = false;
};
} }

15
pkgs/applications/networking/browsers/firefox/wrapper.nix
View File

@ -37,9 +37,11 @@ let
# For more information about anti tracking (german website) # For more information about anti tracking (german website)
# visit https://wiki.kairaven.de/open/app/firefox # visit https://wiki.kairaven.de/open/app/firefox
, extraPrefs ? "" , extraPrefs ? ""
, extraPrefsFiles ? []
# For more information about policies visit # For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
, extraPolicies ? {} , extraPolicies ? {}
, extraPoliciesFiles ? []
, libName ? "firefox" # Important for tor package or the like , libName ? "firefox" # Important for tor package or the like
, nixExtensions ? null , nixExtensions ? null
}: }:
@ -189,7 +191,7 @@ let
]; ];
}; };
nativeBuildInputs = [ makeWrapper lndir replace ]; nativeBuildInputs = [ makeWrapper lndir replace jq ];
buildInputs = [ browser.gtk3 ]; buildInputs = [ browser.gtk3 ];
@ -325,6 +327,12 @@ let
rm -f "$POL_PATH" rm -f "$POL_PATH"
cat ${policiesJson} >> "$POL_PATH" cat ${policiesJson} >> "$POL_PATH"
extraPoliciesFiles=(${builtins.toString extraPoliciesFiles})
for extraPoliciesFile in "''${extraPoliciesFiles[@]}"; do
jq -s '.[0] + .[1]' "$POL_PATH" $extraPoliciesFile > .tmp.json
mv .tmp.json "$POL_PATH"
done
# preparing for autoconfig # preparing for autoconfig
mkdir -p "$out/lib/${libName}/defaults/pref" mkdir -p "$out/lib/${libName}/defaults/pref"
@ -333,6 +341,11 @@ let
cat > "$out/lib/${libName}/mozilla.cfg" < ${mozillaCfg} cat > "$out/lib/${libName}/mozilla.cfg" < ${mozillaCfg}
extraPrefsFiles=(${builtins.toString extraPrefsFiles})
for extraPrefsFile in "''${extraPrefsFiles[@]}"; do
cat "$extraPrefsFile" >> "$out/lib/${libName}/mozilla.cfg"
done
mkdir -p $out/lib/${libName}/distribution/extensions mkdir -p $out/lib/${libName}/distribution/extensions
############################# #############################

11
pkgs/top-level/all-packages.nix
View File

@ -25721,6 +25721,17 @@ with pkgs;
desktopName = "Firefox DevEdition"; desktopName = "Firefox DevEdition";
}; };
librewolf-unwrapped = firefoxPackages.librewolf;
librewolf = wrapFirefox librewolf-unwrapped {
inherit (librewolf-unwrapped) extraPrefsFiles extraPoliciesFiles;
libName = "librewolf";
};
librewolf-wayland = librewolf.override {
forceWayland = true;
};
firefox_decrypt = python3Packages.callPackage ../tools/security/firefox_decrypt { }; firefox_decrypt = python3Packages.callPackage ../tools/security/firefox_decrypt { };
flac = callPackage ../applications/audio/flac { }; flac = callPackage ../applications/audio/flac { };