1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
|
{ pname, ffversion, meta, updateScript ? null
, src, unpackPhase ? null, patches ? []
, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? [] }:
{ lib, stdenv, pkg-config, pango, perl, python3, zip
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, nss_3_53
, yasm, libGLU, libGL, sqlite, unzip, makeWrapper
, hunspell, libXdamage, libevent, libstartup_notification
, libvpx_1_8
, icu67, libpng, jemalloc, glib, pciutils
, autoconf213, which, gnused, rustPackages, rustPackages_1_45
, rust-cbindgen, nodejs, nasm, fetchpatch
, gnum4
, debugBuild ? false
### optionals
## optional libraries
, alsaSupport ? stdenv.isLinux, alsaLib
, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
, ffmpegSupport ? true
, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook
, waylandSupport ? true, libxkbcommon
, ltoSupport ? (stdenv.isLinux && stdenv.is64bit), overrideCC, buildPackages
, gssSupport ? true, kerberos
, pipewireSupport ? waylandSupport && webrtcSupport, pipewire
## privacy-related options
, privacySupport ? false
# WARNING: NEVER set any of the options below to `true` by default.
# Set to `!privacySupport` or `false`.
# webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1434589
, webrtcSupport ? !privacySupport
, geolocationSupport ? !privacySupport
, googleAPISupport ? geolocationSupport
, crashreporterSupport ? false
, safeBrowsingSupport ? false
, drmSupport ? false
# macOS dependencies
, xcbuild, CoreMedia, ExceptionHandling, Kerberos, AVFoundation, MediaToolbox
, CoreLocation, Foundation, AddressBook, libobjc, cups, rsync
## other
# As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at
# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
# have permission to use the official firefox branding.
#
# For purposes of documentation the statement of @sylvestre:
# > As the person who did part of the work described in the LWN article
# > and release manager working for Mozilla, I can confirm the statement
# > that I made in
# > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006
# >
# > @garbas shared with me the list of patches applied for the Nix package.
# > As they are just for portability and tiny modifications, they don't
# > alter the experience of the product. In parallel, Rok also shared the
# > build options. They seem good (even if I cannot judge the quality of the
# > packaging of the underlying dependencies like sqlite, png, etc).
# > Therefor, as long as you keep the patch queue sane and you don't alter
# > the experience of Firefox users, you won't have any issues using the
# > official branding.
, enableOfficialBranding ? true
}:
assert stdenv.cc.libc or null != null;
assert pipewireSupport -> !waylandSupport || !webrtcSupport -> throw "pipewireSupport requires both wayland and webrtc support.";
assert ltoSupport -> stdenv.isDarwin -> throw "LTO is broken on Darwin (see PR#19312).";
let
flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
default-toolkit = if stdenv.isDarwin then "cairo-cocoa"
else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}";
binaryName = "firefox";
binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName;
browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName;
execdir = if stdenv.isDarwin
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
else "/bin";
# 78 ESR won't build with rustc 1.47
inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45)
rustc cargo;
# Darwin's stdenv provides the default llvmPackages version, match that since
# clang LTO on Darwin is broken so the stdenv is not being changed.
# Target the LLVM version that rustc -Vv reports it is built with for LTO.
# rustPackages_1_45 -> LLVM 10, rustPackages -> LLVM 11
llvmPackages = if stdenv.isDarwin
then buildPackages.llvmPackages
else if lib.versionAtLeast rustc.llvm.version "11"
then buildPackages.llvmPackages_11
else buildPackages.llvmPackages_10;
# When LTO for Darwin is fixed, the following will need updating as lld
# doesn't work on it. For now it is fine since ltoSupport implies no Darwin.
buildStdenv = if ltoSupport
then overrideCC stdenv llvmPackages.lldClang
else stdenv;
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss;
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking
# We also disable adding "-g" for easier linking
releaseFlags = if stdenv.is32bit
then [ "--disable-release" "--disable-debug-symbols" ]
else [ "--enable-release" ];
in
buildStdenv.mkDerivation ({
name = "${pname}-unwrapped-${ffversion}";
version = ffversion;
inherit src unpackPhase meta;
patches = [
] ++
lib.optional (lib.versionOlder ffversion "86") ./env_var_for_system_dir-ff85.patch ++
lib.optional (lib.versionAtLeast ffversion "86") ./env_var_for_system_dir-ff86.patch ++
lib.optional (lib.versionOlder ffversion "83") ./no-buildconfig-ffx76.patch ++
lib.optional (lib.versionAtLeast ffversion "84") ./no-buildconfig-ffx84.patch ++
lib.optional (ltoSupport && lib.versionOlder ffversion "84") ./lto-dependentlibs-generation-ffx83.patch ++
lib.optional (ltoSupport && lib.versionAtLeast ffversion "84" && lib.versionOlder ffversion "86")
(fetchpatch {
url = "https://hg.mozilla.org/mozilla-central/raw-rev/fdff20c37be3";
sha256 = "135n9brliqy42lj3nqgb9d9if7x6x9nvvn0z4anbyf89bikixw48";
})
# This patch adds pipewire support for the ESR release
++ lib.optional (pipewireSupport && lib.versionOlder ffversion "83")
(fetchpatch {
# https://src.fedoraproject.org/rpms/firefox/blob/master/f/firefox-pipewire-0-3.patch
url = "https://src.fedoraproject.org/rpms/firefox/raw/e99b683a352cf5b2c9ff198756859bae408b5d9d/f/firefox-pipewire-0-3.patch";
sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab";
})
++ patches;
# Ignore trivial whitespace changes in patches, this fixes compatibility of
# ./env_var_for_system_dir.patch with Firefox >=65 without having to track
# two patches.
patchFlags = [ "-p1" "-l" ];
buildInputs = [
gtk2 perl zip libjpeg zlib bzip2
dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
xorg.pixman yasm libGLU libGL
xorg.xorgproto
xorg.libXext makeWrapper
libevent libstartup_notification /* cairo */
libpng jemalloc glib
nasm icu67 libvpx_1_8
# >= 66 requires nasm for the AV1 lib dav1d
# yasm can potentially be removed in future versions
# https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
# https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
nspr nss_pkg
]
++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optional gtk3Support gtk3
++ lib.optional gssSupport kerberos
++ lib.optional waylandSupport libxkbcommon
++ lib.optional pipewireSupport pipewire
++ lib.optional (lib.versionAtLeast ffversion "82") gnum4
++ lib.optionals buildStdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
AVFoundation MediaToolbox CoreLocation
Foundation libobjc AddressBook cups ];
NIX_LDFLAGS = lib.optionalString ltoSupport ''
-rpath ${llvmPackages.libunwind.out}/lib
'';
MACH_USE_SYSTEM_PYTHON = "1";
postPatch = ''
rm -rf obj-x86_64-pc-linux-gnu
substituteInPlace toolkit/xre/glxtest.cpp \
--replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
'' + lib.optionalString (pipewireSupport && lib.versionOlder ffversion "83") ''
# substitute the /usr/include/ lines for the libraries that pipewire provides.
# The patch we pick from fedora only contains the generated moz.build files
# which hardcode the dependency paths instead of running pkg_config.
substituteInPlace \
media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build \
--replace /usr/include ${pipewire.dev}/include
'' + lib.optionalString (lib.versionAtLeast ffversion "80" && lib.versionOlder ffversion "81") ''
substituteInPlace dom/system/IOUtils.h \
--replace '#include "nspr/prio.h"' '#include "prio.h"'
substituteInPlace dom/system/IOUtils.cpp \
--replace '#include "nspr/prio.h"' '#include "prio.h"' \
--replace '#include "nspr/private/pprio.h"' '#include "private/pprio.h"' \
--replace '#include "nspr/prtypes.h"' '#include "prtypes.h"'
'';
nativeBuildInputs =
[
autoconf213
cargo
gnused
llvmPackages.llvm # llvm-objdump
nodejs
perl
pkg-config
python3
rust-cbindgen
rustc
which
unzip
]
++ lib.optional gtk3Support wrapGAppsHook
++ lib.optionals buildStdenv.isDarwin [ xcbuild rsync ]
++ extraNativeBuildInputs;
preConfigure = ''
# remove distributed configuration files
rm -f configure
rm -f js/src/configure
rm -f .mozconfig*
# this will run autoconf213
configureScript="$(realpath ./mach) configure"
export MOZCONFIG=$(pwd)/mozconfig
# Set C flags for Rust's bindgen program. Unlike ordinary C
# compilation, bindgen does not invoke $CC directly. Instead it
# uses LLVM's libclang. To make sure all necessary flags are
# included we need to look in a few places.
# TODO: generalize this process for other use-cases.
BINDGEN_CFLAGS="$(< ${buildStdenv.cc}/nix-support/libc-crt1-cflags) \
$(< ${buildStdenv.cc}/nix-support/libc-cflags) \
$(< ${buildStdenv.cc}/nix-support/cc-cflags) \
$(< ${buildStdenv.cc}/nix-support/libcxx-cxxflags) \
${lib.optionalString buildStdenv.cc.isClang "-idirafter ${buildStdenv.cc.cc}/lib/clang/${lib.getVersion buildStdenv.cc.cc}/include"} \
${lib.optionalString buildStdenv.cc.isGNU "-isystem ${buildStdenv.cc.cc}/include/c++/${lib.getVersion buildStdenv.cc.cc} -isystem ${buildStdenv.cc.cc}/include/c++/${lib.getVersion buildStdenv.cc.cc}/${buildStdenv.hostPlatform.config}"} \
$NIX_CFLAGS_COMPILE"
echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG
'' + (lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga
# 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
'') + ''
# AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
unset AS
'';
configureFlags = [
"--enable-application=browser"
"--with-system-jpeg"
"--with-system-zlib"
"--with-system-libevent"
"--with-system-libvpx"
"--with-system-png" # needs APNG support
"--with-system-icu"
"--enable-system-ffi"
"--enable-system-pixman"
#"--enable-system-cairo"
"--disable-tests"
"--disable-necko-wifi" # maybe we want to enable this at some point
"--disable-updater"
"--enable-jemalloc"
"--enable-default-toolkit=${default-toolkit}"
"--with-libclang-path=${llvmPackages.libclang}/lib"
"--with-system-nspr"
"--with-system-nss"
]
++ lib.optional (buildStdenv.isDarwin) "--disable-xcode-checks"
++ lib.optional (!ltoSupport) "--with-clang-path=${llvmPackages.clang}/bin/clang"
# LTO is done using clang and lld on Linux.
# Darwin needs to use the default linker as lld is not supported (yet?):
# https://bugzilla.mozilla.org/show_bug.cgi?id=1538724
# elf-hack is broken when using clang+lld:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
++ lib.optional ltoSupport "--enable-lto"
++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack"
++ lib.optional (ltoSupport && !buildStdenv.isDarwin) "--enable-linker=lld"
++ flag alsaSupport "alsa"
++ flag pulseaudioSupport "pulseaudio"
++ flag ffmpegSupport "ffmpeg"
++ flag gssSupport "negotiateauth"
++ flag webrtcSupport "webrtc"
++ flag crashreporterSupport "crashreporter"
++ lib.optional drmSupport "--enable-eme=widevine"
++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
else ([ "--disable-debug"
"--enable-optimize"
"--enable-strip" ] ++ releaseFlags))
++ lib.optional enableOfficialBranding "--enable-official-branding"
++ extraConfigureFlags;
postConfigure = ''
cd obj-*
'';
makeFlags = lib.optionals enableOfficialBranding [
"MOZILLA_OFFICIAL=1"
"BUILD_OFFICIAL=1"
]
++ lib.optionals ltoSupport [
"AR=${llvmPackages.bintools}/bin/llvm-ar"
"LLVM_OBJDUMP=${llvmPackages.bintools}/bin/llvm-objdump"
"NM=${llvmPackages.bintools}/bin/llvm-nm"
"RANLIB=${llvmPackages.bintools}/bin/llvm-ranlib"
"STRIP=${llvmPackages.bintools}/bin/llvm-strip"
]
++ extraMakeFlags;
enableParallelBuilding = true;
doCheck = false; # "--disable-tests" above
installPhase = if buildStdenv.isDarwin then ''
mkdir -p $out/Applications
cp -LR dist/${binaryNameCapitalized}.app $out/Applications
'' else null;
postInstall = lib.optionalString buildStdenv.isLinux ''
# Remove SDK cruft. FIXME: move to a separate output?
rm -rf $out/share/idl $out/include $out/lib/${binaryName}-devel-*
# Needed to find Mozilla runtime
gappsWrapperArgs+=(--argv0 "$out/bin/.${binaryName}-wrapped")
'';
doInstallCheck = true;
installCheckPhase = ''
# Some basic testing
"$out${execdir}/${browserName}" --version
'';
passthru = {
inherit updateScript;
version = ffversion;
isFirefox3Like = true;
gtk = gtk2;
inherit alsaSupport;
inherit pipewireSupport;
inherit nspr;
inherit ffmpegSupport;
inherit gssSupport;
inherit execdir;
inherit browserName;
inherit tests;
} // lib.optionalAttrs gtk3Support { inherit gtk3; };
hardeningDisable = [ "format" ]; # -Werror=format-security
# the build system verifies checksums of the bundled rust sources
# ./third_party/rust is be patched by our libtool fixup code in stdenv
# unfortunately we can't just set this to `false` when we do not want it.
# See https://github.com/NixOS/nixpkgs/issues/77289 for more details
# Ideally we would figure out how to tell the build system to not
# care about changed hashes as we are already doing that when we
# fetch the sources. Any further modifications of the source tree
# is on purpose by some of our tool (or by accident and a bug?).
dontFixLibtool = true;
# on aarch64 this is also required
dontUpdateAutotoolsGnuConfigScripts = true;
requiredSystemFeatures = [ "big-parallel" ];
})
|