diff options
Diffstat (limited to 'pkgs/applications/networking/browsers/librewolf')
5 files changed, 166 insertions, 0 deletions
diff --git a/pkgs/applications/networking/browsers/librewolf/default.nix b/pkgs/applications/networking/browsers/librewolf/default.nix new file mode 100644 index 0000000000000..8f3100de970d4 --- /dev/null +++ b/pkgs/applications/networking/browsers/librewolf/default.nix @@ -0,0 +1,31 @@ +{ stdenv, lib, callPackage, buildMozillaMach }: + +let + librewolf-src = callPackage ./librewolf.nix { }; +in +(buildMozillaMach rec { + pname = "librewolf"; + binaryName = "librewolf"; + version = librewolf-src.packageVersion; + src = librewolf-src.firefox; + inherit (librewolf-src) extraConfigureFlags extraPostPatch extraPassthru; + + meta = { + description = "A fork of Firefox, focused on privacy, security and freedom"; + homepage = "https://librewolf.net/"; + maintainers = with lib.maintainers; [ squalus ]; + platforms = lib.platforms.unix; + badPlatforms = lib.platforms.darwin; + broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory". + # not in `badPlatforms` because cross-compilation on 64-bit machine might work. + maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115) + license = lib.licenses.mpl20; + }; + updateScript = callPackage ./update.nix { + attrPath = "librewolf-unwrapped"; + }; +}).override { + crashreporterSupport = false; + enableOfficialBranding = false; + pgoSupport = false; # Profiling gets stuck and doesn't terminate. +} diff --git a/pkgs/applications/networking/browsers/librewolf/librewolf.nix b/pkgs/applications/networking/browsers/librewolf/librewolf.nix new file mode 100644 index 0000000000000..68ed776e91c9b --- /dev/null +++ b/pkgs/applications/networking/browsers/librewolf/librewolf.nix @@ -0,0 +1,41 @@ +{ callPackage }: +let + src = callPackage ./src.nix { }; +in +rec { + + inherit (src) packageVersion firefox source; + + extraPatches = [ ./verify-telemetry-macros.patch ]; + + extraConfigureFlags = [ + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + "--with-distribution-id=io.gitlab.librewolf-community" + "--with-unsigned-addon-scopes=app,system" + "--allow-addon-sideload" + ]; + + extraPostPatch = '' + while read patch_name; do + echo "applying LibreWolf patch: $patch_name" + patch -p1 < ${source}/$patch_name + done <${source}/assets/patches.txt + + cp -r ${source}/themes/browser . + cp ${source}/assets/search-config.json services/settings/dumps/main/search-config.json + sed -i '/MOZ_SERVICES_HEALTHREPORT/ s/True/False/' browser/moz.configure + sed -i '/MOZ_NORMANDY/ s/True/False/' browser/moz.configure + ''; + + extraPrefsFiles = [ "${source}/submodules/settings/librewolf.cfg" ]; + + extraPoliciesFiles = [ "${source}/submodules/settings/distribution/policies.json" ]; + + extraPassthru = { + librewolf = { inherit src extraPatches; }; + inherit extraPrefsFiles extraPoliciesFiles; + }; +} + diff --git a/pkgs/applications/networking/browsers/librewolf/src.json b/pkgs/applications/networking/browsers/librewolf/src.json new file mode 100644 index 0000000000000..5bad3f1ed7fb1 --- /dev/null +++ b/pkgs/applications/networking/browsers/librewolf/src.json @@ -0,0 +1,11 @@ +{ + "packageVersion": "100.0-3", + "source": { + "rev": "100.0-3", + "sha256": "1n99amk6ngxa7wipc402gffqjv4qmgbaahpz3xydfarxw8gk37pl" + }, + "firefox": { + "version": "100.0", + "sha512": "29c56391c980209ff94c02a9aba18fe27bea188bdcbcf7fe0c0f27f61e823f4507a3ec343b27cb5285cf3901843e9cc4aca8e568beb623c4b69b7282e662b2aa" + } +} diff --git a/pkgs/applications/networking/browsers/librewolf/src.nix b/pkgs/applications/networking/browsers/librewolf/src.nix new file mode 100644 index 0000000000000..38c5dc6b593d1 --- /dev/null +++ b/pkgs/applications/networking/browsers/librewolf/src.nix @@ -0,0 +1,18 @@ +{ fetchurl, fetchFromGitLab }: +let src = builtins.fromJSON (builtins.readFile ./src.json); +in +{ + inherit (src) packageVersion; + source = fetchFromGitLab { + owner = "librewolf-community"; + repo = "browser/source"; + fetchSubmodules = true; + inherit (src.source) rev sha256; + }; + firefox = fetchurl { + url = + "mirror://mozilla/firefox/releases/${src.firefox.version}/source/firefox-${src.firefox.version}.source.tar.xz"; + inherit (src.firefox) sha512; + }; +} + diff --git a/pkgs/applications/networking/browsers/librewolf/update.nix b/pkgs/applications/networking/browsers/librewolf/update.nix new file mode 100644 index 0000000000000..b8bc64afafe07 --- /dev/null +++ b/pkgs/applications/networking/browsers/librewolf/update.nix @@ -0,0 +1,65 @@ +{ writeScript +, lib +, coreutils +, gnused +, gnugrep +, curl +, gnupg +, jq +, nix-prefetch-git +, moreutils +, runtimeShell +, ... +}: + +writeScript "update-librewolf" '' + #!${runtimeShell} + PATH=${lib.makeBinPath [ coreutils curl gnugrep gnupg gnused jq moreutils nix-prefetch-git ]} + set -euo pipefail + + latestTag=$(curl https://gitlab.com/api/v4/projects/librewolf-community%2Fbrowser%2Fsource/repository/tags?per_page=1 | jq -r .[0].name) + echo "latestTag=$latestTag" + + srcJson=pkgs/applications/networking/browsers/librewolf/src.json + localRev=$(jq -r .source.rev < $srcJson) + echo "localRev=$localRev" + + if [ "$localRev" == "$latestTag" ]; then + exit 0 + fi + + prefetchOut=$(mktemp) + repoUrl=https://gitlab.com/librewolf-community/browser/source.git/ + nix-prefetch-git $repoUrl --quiet --rev $latestTag --fetch-submodules > $prefetchOut + srcDir=$(jq -r .path < $prefetchOut) + srcHash=$(jq -r .sha256 < $prefetchOut) + + ffVersion=$(<$srcDir/version) + lwRelease=$(<$srcDir/release) + lwVersion="$ffVersion-$lwRelease" + echo "lwVersion=$lwVersion" + echo "ffVersion=$ffVersion" + if [ "$lwVersion" != "$latestTag" ]; then + echo "error: Tag name does not match the computed LibreWolf version" + exit 1 + fi + + HOME=$(mktemp -d) + export GNUPGHOME=$(mktemp -d) + gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353 + + mozillaUrl=https://archive.mozilla.org/pub/firefox/releases/ + + curl --silent --show-error -o "$HOME"/shasums "$mozillaUrl$ffVersion/SHA512SUMS" + curl --silent --show-error -o "$HOME"/shasums.asc "$mozillaUrl$ffVersion/SHA512SUMS.asc" + gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums + + ffHash=$(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o) + echo "ffHash=$ffHash" + + jq ".source.rev = \"$latestTag\"" $srcJson | sponge $srcJson + jq ".source.sha256 = \"$srcHash\"" $srcJson | sponge $srcJson + jq ".firefox.version = \"$ffVersion\"" $srcJson | sponge $srcJson + jq ".firefox.sha512 = \"$ffHash\"" $srcJson | sponge $srcJson + jq ".packageVersion = \"$lwVersion\"" $srcJson | sponge $srcJson +'' |