summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Weinelt <mweinelt@users.noreply.github.com>2023-11-19 21:13:16 +0100
committerGitHub <noreply@github.com>2023-11-19 21:13:16 +0100
commitc423e3dda75c4256081ffa04ab293f32ce2a7df9 (patch)
tree64113939426535ae2f4d283cb93429fe8c58399f
parentc3d775de19d1f76849da54551529e479cc29cbfc (diff)
parentdb262d35698b91db20582d92cd8cac8995978df9 (diff)
Merge pull request #244591 from Infinidoge/fix/firefox-signing
buildMozillaMach: add options to disable signing requirement and to enable addon sideloading
Diffstat
-rw-r--r--pkgs/applications/networking/browsers/firefox/common.nix5
-rw-r--r--pkgs/applications/networking/browsers/firefox/packages.nix7
-rw-r--r--pkgs/applications/networking/browsers/firefox/wrapper.nix9
-rw-r--r--pkgs/applications/networking/browsers/librewolf/default.nix8
4 files changed, 15 insertions, 14 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index c77411b6c264..5542ca62b93a 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -7,6 +7,8 @@
, application ? "browser"
, applicationName ? "Mozilla Firefox"
, branding ? null
+, requireSigning ? true
+, allowAddonSideload ? false
, src
, unpackPhase ? null
, extraPatches ? []
@@ -367,6 +369,8 @@ buildStdenv.mkDerivation {
configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key")
'' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) ''
export MOZILLA_OFFICIAL=1
+ '' + lib.optionalString (!requireSigning) ''
+ export MOZ_REQUIRE_SIGNING=
'' + lib.optionalString stdenv.hostPlatform.isMusl ''
# linking firefox hits the vm.max_map_count kernel limit with the default musl allocator
# TODO: Default vm.max_map_count has been increased, retest without this
@@ -408,6 +412,7 @@ buildStdenv.mkDerivation {
# https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack"
++ lib.optional (!drmSupport) "--disable-eme"
+ ++ lib.optional (allowAddonSideload) "--allow-addon-sideload"
++ [
(enableFeature alsaSupport "alsa")
(enableFeature crashreporterSupport "crashreporter")
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index c4d59bc2c149..37777f92005d 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -56,10 +56,11 @@
};
};
- firefox-devedition = (buildMozillaMach rec {
+ firefox-devedition = buildMozillaMach rec {
pname = "firefox-devedition";
version = "120.0b9";
applicationName = "Mozilla Firefox Developer Edition";
+ requireSigning = false;
branding = "browser/branding/aurora";
src = fetchurl {
url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz";
@@ -84,9 +85,7 @@
versionSuffix = "b[0-9]*";
baseUrl = "https://archive.mozilla.org/pub/devedition/releases/";
};
- }).overrideAttrs (prev: {
- env.MOZ_REQUIRE_SIGNING = "";
- });
+ };
firefox-esr-115 = buildMozillaMach rec {
pname = "firefox-esr-115";
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index 68f547d1f95a..25c7ac5bb659 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -115,18 +115,15 @@ let
nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions);
- requiresSigning = browser ? MOZ_REQUIRE_SIGNING
- -> toString browser.MOZ_REQUIRE_SIGNING != "";
-
# Check that every extension has a unqiue .name attribute
# and an extid attribute
extensions = if nameArray != (lib.unique nameArray) then
throw "Firefox addon name needs to be unique"
- else if requiresSigning && !lib.hasSuffix "esr" browser.name then
- throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)"
+ else if browser.requireSigning || !browser.allowAddonSideload then
+ throw "Nix addons are only supported with signature enforcement disabled and addon sideloading enabled (eg. LibreWolf)"
else builtins.map (a:
if ! (builtins.hasAttr "extid" a) then
- throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
+ throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchFirefoxAddon"
else
a
) (lib.optionals usesNixExtensions nixExtensions);
diff --git a/pkgs/applications/networking/browsers/librewolf/default.nix b/pkgs/applications/networking/browsers/librewolf/default.nix
index ec00983663b4..004746c2166f 100644
--- a/pkgs/applications/networking/browsers/librewolf/default.nix
+++ b/pkgs/applications/networking/browsers/librewolf/default.nix
@@ -3,12 +3,14 @@
let
librewolf-src = callPackage ./librewolf.nix { };
in
-((buildMozillaMach rec {
+(buildMozillaMach rec {
pname = "librewolf";
applicationName = "LibreWolf";
binaryName = "librewolf";
version = librewolf-src.packageVersion;
src = librewolf-src.firefox;
+ requireSigning = false;
+ allowAddonSideload = true;
inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru;
meta = {
@@ -30,6 +32,4 @@ in
}).override {
crashreporterSupport = false;
enableOfficialBranding = false;
-}).overrideAttrs (prev: {
- MOZ_REQUIRE_SIGNING = "";
-})
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 23:25:24 +0000