about summary refs log tree commit diff
path: root/pkgs/applications/networking/browsers/librewolf
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/networking/browsers/librewolf')
-rw-r--r--pkgs/applications/networking/browsers/librewolf/default.nix31
-rw-r--r--pkgs/applications/networking/browsers/librewolf/librewolf.nix41
-rw-r--r--pkgs/applications/networking/browsers/librewolf/src.json11
-rw-r--r--pkgs/applications/networking/browsers/librewolf/src.nix18
-rw-r--r--pkgs/applications/networking/browsers/librewolf/update.nix65
5 files changed, 166 insertions, 0 deletions
diff --git a/pkgs/applications/networking/browsers/librewolf/default.nix b/pkgs/applications/networking/browsers/librewolf/default.nix
new file mode 100644
index 0000000000000..8f3100de970d4
--- /dev/null
+++ b/pkgs/applications/networking/browsers/librewolf/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, lib, callPackage, buildMozillaMach }:
+
+let
+  librewolf-src = callPackage ./librewolf.nix { };
+in
+(buildMozillaMach rec {
+  pname = "librewolf";
+  binaryName = "librewolf";
+  version = librewolf-src.packageVersion;
+  src = librewolf-src.firefox;
+  inherit (librewolf-src) extraConfigureFlags extraPostPatch extraPassthru;
+
+  meta = {
+    description = "A fork of Firefox, focused on privacy, security and freedom";
+    homepage = "https://librewolf.net/";
+    maintainers = with lib.maintainers; [ squalus ];
+    platforms = lib.platforms.unix;
+    badPlatforms = lib.platforms.darwin;
+    broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
+                                           # not in `badPlatforms` because cross-compilation on 64-bit machine might work.
+    maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
+    license = lib.licenses.mpl20;
+  };
+  updateScript = callPackage ./update.nix {
+    attrPath = "librewolf-unwrapped";
+  };
+}).override {
+  crashreporterSupport = false;
+  enableOfficialBranding = false;
+  pgoSupport = false; # Profiling gets stuck and doesn't terminate.
+}
diff --git a/pkgs/applications/networking/browsers/librewolf/librewolf.nix b/pkgs/applications/networking/browsers/librewolf/librewolf.nix
new file mode 100644
index 0000000000000..68ed776e91c9b
--- /dev/null
+++ b/pkgs/applications/networking/browsers/librewolf/librewolf.nix
@@ -0,0 +1,41 @@
+{ callPackage }:
+let
+  src = callPackage ./src.nix { };
+in
+rec {
+
+  inherit (src) packageVersion firefox source;
+
+  extraPatches = [ ./verify-telemetry-macros.patch ];
+
+  extraConfigureFlags = [
+    "--with-app-name=librewolf"
+    "--with-app-basename=LibreWolf"
+    "--with-branding=browser/branding/librewolf"
+    "--with-distribution-id=io.gitlab.librewolf-community"
+    "--with-unsigned-addon-scopes=app,system"
+    "--allow-addon-sideload"
+  ];
+
+  extraPostPatch = ''
+    while read patch_name; do
+      echo "applying LibreWolf patch: $patch_name"
+      patch -p1 < ${source}/$patch_name
+    done <${source}/assets/patches.txt
+
+    cp -r ${source}/themes/browser .
+    cp ${source}/assets/search-config.json services/settings/dumps/main/search-config.json
+    sed -i '/MOZ_SERVICES_HEALTHREPORT/ s/True/False/' browser/moz.configure
+    sed -i '/MOZ_NORMANDY/ s/True/False/' browser/moz.configure
+  '';
+
+  extraPrefsFiles = [ "${source}/submodules/settings/librewolf.cfg" ];
+
+  extraPoliciesFiles = [ "${source}/submodules/settings/distribution/policies.json" ];
+
+  extraPassthru = {
+    librewolf = { inherit src extraPatches; };
+    inherit extraPrefsFiles extraPoliciesFiles;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/librewolf/src.json b/pkgs/applications/networking/browsers/librewolf/src.json
new file mode 100644
index 0000000000000..5bad3f1ed7fb1
--- /dev/null
+++ b/pkgs/applications/networking/browsers/librewolf/src.json
@@ -0,0 +1,11 @@
+{
+  "packageVersion": "100.0-3",
+  "source": {
+    "rev": "100.0-3",
+    "sha256": "1n99amk6ngxa7wipc402gffqjv4qmgbaahpz3xydfarxw8gk37pl"
+  },
+  "firefox": {
+    "version": "100.0",
+    "sha512": "29c56391c980209ff94c02a9aba18fe27bea188bdcbcf7fe0c0f27f61e823f4507a3ec343b27cb5285cf3901843e9cc4aca8e568beb623c4b69b7282e662b2aa"
+  }
+}
diff --git a/pkgs/applications/networking/browsers/librewolf/src.nix b/pkgs/applications/networking/browsers/librewolf/src.nix
new file mode 100644
index 0000000000000..38c5dc6b593d1
--- /dev/null
+++ b/pkgs/applications/networking/browsers/librewolf/src.nix
@@ -0,0 +1,18 @@
+{ fetchurl, fetchFromGitLab }:
+let src = builtins.fromJSON (builtins.readFile ./src.json);
+in
+{
+  inherit (src) packageVersion;
+  source = fetchFromGitLab {
+    owner = "librewolf-community";
+    repo = "browser/source";
+    fetchSubmodules = true;
+    inherit (src.source) rev sha256;
+  };
+  firefox = fetchurl {
+    url =
+      "mirror://mozilla/firefox/releases/${src.firefox.version}/source/firefox-${src.firefox.version}.source.tar.xz";
+    inherit (src.firefox) sha512;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/librewolf/update.nix b/pkgs/applications/networking/browsers/librewolf/update.nix
new file mode 100644
index 0000000000000..b8bc64afafe07
--- /dev/null
+++ b/pkgs/applications/networking/browsers/librewolf/update.nix
@@ -0,0 +1,65 @@
+{ writeScript
+, lib
+, coreutils
+, gnused
+, gnugrep
+, curl
+, gnupg
+, jq
+, nix-prefetch-git
+, moreutils
+, runtimeShell
+, ...
+}:
+
+writeScript "update-librewolf" ''
+  #!${runtimeShell}
+  PATH=${lib.makeBinPath [ coreutils curl gnugrep gnupg gnused jq moreutils nix-prefetch-git ]}
+  set -euo pipefail
+
+  latestTag=$(curl https://gitlab.com/api/v4/projects/librewolf-community%2Fbrowser%2Fsource/repository/tags?per_page=1 | jq -r .[0].name)
+  echo "latestTag=$latestTag"
+
+  srcJson=pkgs/applications/networking/browsers/librewolf/src.json
+  localRev=$(jq -r .source.rev < $srcJson)
+  echo "localRev=$localRev"
+
+  if [ "$localRev" == "$latestTag" ]; then
+    exit 0
+  fi
+
+  prefetchOut=$(mktemp)
+  repoUrl=https://gitlab.com/librewolf-community/browser/source.git/
+  nix-prefetch-git $repoUrl --quiet --rev $latestTag --fetch-submodules > $prefetchOut
+  srcDir=$(jq -r .path < $prefetchOut)
+  srcHash=$(jq -r .sha256 < $prefetchOut)
+
+  ffVersion=$(<$srcDir/version)
+  lwRelease=$(<$srcDir/release)
+  lwVersion="$ffVersion-$lwRelease"
+  echo "lwVersion=$lwVersion"
+  echo "ffVersion=$ffVersion"
+  if [ "$lwVersion" != "$latestTag" ]; then
+    echo "error: Tag name does not match the computed LibreWolf version"
+    exit 1
+  fi
+
+  HOME=$(mktemp -d)
+  export GNUPGHOME=$(mktemp -d)
+  gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
+
+  mozillaUrl=https://archive.mozilla.org/pub/firefox/releases/
+
+  curl --silent --show-error -o "$HOME"/shasums "$mozillaUrl$ffVersion/SHA512SUMS"
+  curl --silent --show-error -o "$HOME"/shasums.asc "$mozillaUrl$ffVersion/SHA512SUMS.asc"
+  gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums
+
+  ffHash=$(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o)
+  echo "ffHash=$ffHash"
+
+  jq ".source.rev = \"$latestTag\"" $srcJson | sponge $srcJson
+  jq ".source.sha256 = \"$srcHash\"" $srcJson | sponge $srcJson
+  jq ".firefox.version = \"$ffVersion\"" $srcJson | sponge $srcJson
+  jq ".firefox.sha512 = \"$ffHash\"" $srcJson | sponge $srcJson
+  jq ".packageVersion = \"$lwVersion\"" $srcJson | sponge $srcJson
+''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-24 23:55:05 +0000