librewolf: init at 97.0-2

7 files changed, 178 insertions, 4 deletions

diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index 3816689f84ec0..ca8e227664ed1 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -1,7 +1,8 @@
 { pname, version, meta, updateScript ? null
 , binaryName ? "firefox", application ? "browser"
 , src, unpackPhase ? null, patches ? []
-, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? [] }:
+, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? []
+, extraPostPatch ? "", extraPassthru ? {} }:
 
 { lib, stdenv, pkg-config, pango, perl, python3, zip
 , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
@@ -177,7 +178,7 @@ buildStdenv.mkDerivation ({
       --replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
 
     patchShebangs mach
- '';
+  '' + extraPostPatch;
 
   nativeBuildInputs =
     [
@@ -374,7 +375,7 @@ buildStdenv.mkDerivation ({
     inherit applicationName;
     inherit tests;
     inherit gtk3;
-  };
+  } // extraPassthru;
 
   hardeningDisable = [ "format" ]; # -Werror=format-security
 
diff --git a/pkgs/applications/networking/browsers/firefox/librewolf/default.nix b/pkgs/applications/networking/browsers/firefox/librewolf/default.nix
new file mode 100644
index 0000000000000..4d8fe708e75a0
--- /dev/null
+++ b/pkgs/applications/networking/browsers/firefox/librewolf/default.nix
@@ -0,0 +1,41 @@
+{ callPackage, git }:
+let
+  src = callPackage ./src.nix { };
+in
+rec {
+
+  inherit (src) packageVersion firefox source;
+
+  patches = [ ./verify-telemetry-macros.patch ];
+
+  extraConfigureFlags = [
+    "--with-app-name=librewolf"
+    "--with-app-basename=LibreWolf"
+    "--with-branding=browser/branding/librewolf"
+    "--with-distribution-id=io.gitlab.librewolf-community"
+    "--with-unsigned-addon-scopes=app,system"
+    "--allow-addon-sideload"
+  ];
+
+  extraPostPatch = ''
+    while read patch_name; do
+      echo "applying LibreWolf patch: $patch_name"
+      patch -p1 < ${source}/$patch_name
+    done <${source}/assets/patches.txt
+
+    cp -r ${source}/themes/browser .
+    cp ${source}/assets/search-config.json services/settings/dumps/main/search-config.json
+    sed -i '/MOZ_SERVICES_HEALTHREPORT/ s/True/False/' browser/moz.configure
+    sed -i '/MOZ_NORMANDY/ s/True/False/' browser/moz.configure
+  '';
+
+  extraPrefsFiles = [ "${source}/submodules/settings/librewolf.cfg" ];
+
+  extraPoliciesFiles = [ "${source}/submodules/settings/distribution/policies.json" ];
+
+  extraPassthru = {
+    librewolf = { inherit src patches; };
+    inherit extraPrefsFiles extraPoliciesFiles;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/firefox/librewolf/src.json b/pkgs/applications/networking/browsers/firefox/librewolf/src.json
new file mode 100644
index 0000000000000..c1cb916762ee0
--- /dev/null
+++ b/pkgs/applications/networking/browsers/firefox/librewolf/src.json
@@ -0,0 +1,11 @@
+{
+  "packageVersion": "97.0-2",
+  "source": {
+    "rev": "97.0-2",
+    "sha256": "00fb7xr6hrcyh3s7g52fs6f7a1iggpibj0xafblnl7118fh73g25"
+  },
+  "firefox": {
+    "version": "97.0",
+    "sha512": "a913695a42cb06ee9bda2a20e65cc573e40ca93e9f75b7ee0a43ebd1935b371e7e80d5fc8d5f126ad0712ab848635a8624bbeed43807e5c179537aa32c884186"
+  }
+}
diff --git a/pkgs/applications/networking/browsers/firefox/librewolf/src.nix b/pkgs/applications/networking/browsers/firefox/librewolf/src.nix
new file mode 100644
index 0000000000000..38c5dc6b593d1
--- /dev/null
+++ b/pkgs/applications/networking/browsers/firefox/librewolf/src.nix
@@ -0,0 +1,18 @@
+{ fetchurl, fetchFromGitLab }:
+let src = builtins.fromJSON (builtins.readFile ./src.json);
+in
+{
+  inherit (src) packageVersion;
+  source = fetchFromGitLab {
+    owner = "librewolf-community";
+    repo = "browser/source";
+    fetchSubmodules = true;
+    inherit (src.source) rev sha256;
+  };
+  firefox = fetchurl {
+    url =
+      "mirror://mozilla/firefox/releases/${src.firefox.version}/source/firefox-${src.firefox.version}.source.tar.xz";
+    inherit (src.firefox) sha512;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/firefox/librewolf/update.nix b/pkgs/applications/networking/browsers/firefox/librewolf/update.nix
new file mode 100644
index 0000000000000..5cb5c6168f730
--- /dev/null
+++ b/pkgs/applications/networking/browsers/firefox/librewolf/update.nix
@@ -0,0 +1,65 @@
+{ writeScript
+, lib
+, coreutils
+, gnused
+, gnugrep
+, curl
+, gnupg
+, jq
+, nix-prefetch-git
+, moreutils
+, runtimeShell
+, ...
+}:
+
+writeScript "update-librewolf" ''
+  #!${runtimeShell}
+  PATH=${lib.makeBinPath [ coreutils curl gnugrep gnupg gnused jq moreutils nix-prefetch-git ]}
+  set -euo pipefail
+
+  latestTag=$(curl https://gitlab.com/api/v4/projects/librewolf-community%2Fbrowser%2Fsource/repository/tags?per_page=1 | jq -r .[0].name)
+  echo "latestTag=$latestTag"
+
+  srcJson=pkgs/applications/networking/browsers/firefox/librewolf/src.json
+  localRev=$(jq -r .source.rev < $srcJson)
+  echo "localRev=$localRev"
+
+  if [ "$localRev" == "$latestTag" ]; then
+    exit 0
+  fi
+
+  prefetchOut=$(mktemp)
+  repoUrl=https://gitlab.com/librewolf-community/browser/source.git/
+  nix-prefetch-git $repoUrl --quiet --rev $latestTag --fetch-submodules > $prefetchOut
+  srcDir=$(jq -r .path < $prefetchOut)
+  srcHash=$(jq -r .sha256 < $prefetchOut)
+
+  ffVersion=$(<$srcDir/version)
+  lwRelease=$(<$srcDir/release)
+  lwVersion="$ffVersion-$lwRelease"
+  echo "lwVersion=$lwVersion"
+  echo "ffVersion=$ffVersion"
+  if [ "$lwVersion" != "$latestTag" ]; then
+    echo "error: Tag name does not match the computed LibreWolf version"
+    exit 1
+  fi
+
+  HOME=$(mktemp -d)
+  export GNUPGHOME=$(mktemp -d)
+  gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
+
+  mozillaUrl=https://archive.mozilla.org/pub/firefox/releases/
+
+  curl --silent --show-error -o "$HOME"/shasums "$mozillaUrl$ffVersion/SHA512SUMS"
+  curl --silent --show-error -o "$HOME"/shasums.asc "$mozillaUrl$ffVersion/SHA512SUMS.asc"
+  gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums
+
+  ffHash=$(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o)
+  echo "ffHash=$ffHash"
+
+  jq ".source.rev = \"$latestTag\"" $srcJson | sponge $srcJson
+  jq ".source.sha256 = \"$srcHash\"" $srcJson | sponge $srcJson
+  jq ".firefox.version = \"$ffVersion\"" $srcJson | sponge $srcJson
+  jq ".firefox.sha512 = \"$ffHash\"" $srcJson | sponge $srcJson
+  jq ".packageVersion = \"$lwVersion\"" $srcJson | sponge $srcJson
+''
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 0ae962f2551e4..e3f3e15d7c37f 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -54,4 +54,29 @@ rec {
       versionSuffix = "esr";
     };
   };
+
+  librewolf =
+  let
+    librewolf-src = callPackage ./librewolf { };
+  in
+  (common rec {
+    pname = "librewolf";
+    binaryName = "librewolf";
+    version = librewolf-src.packageVersion;
+    src = librewolf-src.firefox;
+    inherit (librewolf-src) extraConfigureFlags extraPostPatch extraPassthru;
+
+    meta = {
+      description = "A fork of Firefox, focused on privacy, security and freedom";
+      homepage = "https://librewolf.net/";
+      maintainers = with lib.maintainers; [ squalus ];
+      inherit (firefox.meta) platforms badPlatforms broken maxSilent license;
+    };
+    updateScript = callPackage ./librewolf/update.nix {
+      attrPath = "librewolf-unwrapped";
+    };
+  }).override {
+    crashreporterSupport = false;
+    enableOfficialBranding = false;
+  };
 }
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index 0b64bc7de968c..5e88de35655ab 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -37,9 +37,11 @@ let
     # For more information about anti tracking (german website)
     # visit https://wiki.kairaven.de/open/app/firefox
     , extraPrefs ? ""
+    , extraPrefsFiles ? []
     # For more information about policies visit
     # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
     , extraPolicies ? {}
+    , extraPoliciesFiles ? []
     , libName ? "firefox" # Important for tor package or the like
     , nixExtensions ? null
     }:
@@ -189,7 +191,7 @@ let
         ];
       };
 
-      nativeBuildInputs = [ makeWrapper lndir replace ];
+      nativeBuildInputs = [ makeWrapper lndir replace jq ];
       buildInputs = [ browser.gtk3 ];
 
 
@@ -325,6 +327,12 @@ let
         rm -f "$POL_PATH"
         cat ${policiesJson} >> "$POL_PATH"
 
+        extraPoliciesFiles=(${builtins.toString extraPoliciesFiles})
+        for extraPoliciesFile in "''${extraPoliciesFiles[@]}"; do
+          jq -s '.[0] + .[1]' "$POL_PATH" $extraPoliciesFile > .tmp.json
+          mv .tmp.json "$POL_PATH"
+        done
+
         # preparing for autoconfig
         mkdir -p "$out/lib/${libName}/defaults/pref"
 
@@ -333,6 +341,11 @@ let
 
         cat > "$out/lib/${libName}/mozilla.cfg" < ${mozillaCfg}
 
+        extraPrefsFiles=(${builtins.toString extraPrefsFiles})
+        for extraPrefsFile in "''${extraPrefsFiles[@]}"; do
+          cat "$extraPrefsFile" >> "$out/lib/${libName}/mozilla.cfg"
+        done
+
         mkdir -p $out/lib/${libName}/distribution/extensions
 
         #############################