diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-03-15 10:36:38 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-03-16 11:37:19 +0000 |
| commit | d435710923ac6e6f9fc155534800745004f2ce93 (patch) | |
| tree | 386f9401476f96bdc6ec25173a090198942b5d5b /nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix | |
| parent | c725f0011e91ae49d351b981690eb66b862b6104 (diff) | |
| parent | 3239fd2b8f728106491154b44625662e10259af2 (diff) | |
| download | nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.gz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.bz2 nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.lz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.xz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.zst nixlib-d435710923ac6e6f9fc155534800745004f2ce93.zip | |
Merge commit '3239fd2b8f728106491154b44625662e10259af2'
Conflicts: nixpkgs/pkgs/applications/window-managers/sway/default.nix
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix')
| -rw-r--r-- | nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix | 43 |
1 files changed, 20 insertions, 23 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix index 498bdd3e9067..481783bc024b 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix @@ -11,11 +11,13 @@ , hunspell, libevent, libstartup_notification , libvpx , icu70, libpng, glib, pciutils -, autoconf213, which, gnused, rustPackages +, autoconf213, which, gnused, rustPackages, rustPlatform , rust-cbindgen, nodejs, nasm, fetchpatch , gnum4 , gtk3, wrapGAppsHook +, pkgsCross , debugBuild ? false +, runCommand ### optionals @@ -121,6 +123,15 @@ let }) else stdenv; + # Compile the wasm32 sysroot to build the RLBox Sandbox + # https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ + # We only link c++ libs here, our compiler wrapper can find wasi libc and crt itself. + wasiSysRoot = runCommand "wasi-sysroot" {} '' + mkdir -p $out/lib/wasm32-wasi + for lib in ${pkgsCross.wasi32.llvmPackages.libcxx}/lib/* ${pkgsCross.wasi32.llvmPackages.libcxxabi}/lib/*; do + ln -s $lib $out/lib/wasm32-wasi + done + ''; in buildStdenv.mkDerivation ({ @@ -196,6 +207,7 @@ buildStdenv.mkDerivation ({ which unzip wrapGAppsHook + rustPlatform.bindgenHook ] ++ lib.optionals buildStdenv.isDarwin [ xcbuild rsync ] ++ extraNativeBuildInputs; @@ -210,29 +222,13 @@ buildStdenv.mkDerivation ({ rm -f .mozconfig* # this will run autoconf213 configureScript="$(realpath ./mach) configure" - export MOZCONFIG=$(pwd)/mozconfig export MOZBUILD_STATE_PATH=$(pwd)/mozbuild - # Set C flags for Rust's bindgen program. Unlike ordinary C - # compilation, bindgen does not invoke $CC directly. Instead it - # uses LLVM's libclang. To make sure all necessary flags are - # included we need to look in a few places. - # TODO: generalize this process for other use-cases. - - BINDGEN_CFLAGS="$(< ${buildStdenv.cc}/nix-support/libc-crt1-cflags) \ - $(< ${buildStdenv.cc}/nix-support/libc-cflags) \ - $(< ${buildStdenv.cc}/nix-support/cc-cflags) \ - $(< ${buildStdenv.cc}/nix-support/libcxx-cxxflags) \ - ${lib.optionalString buildStdenv.cc.isClang "-idirafter ${buildStdenv.cc.cc.lib}/lib/clang/${lib.getVersion buildStdenv.cc.cc}/include"} \ - ${lib.optionalString buildStdenv.cc.isGNU "-isystem ${lib.getDev buildStdenv.cc.cc}/include/c++/${lib.getVersion buildStdenv.cc.cc} -isystem ${buildStdenv.cc.cc}/include/c++/${lib.getVersion buildStdenv.cc.cc}/${buildStdenv.hostPlatform.config}"} \ - $NIX_CFLAGS_COMPILE" - ${ - # Bindgen doesn't like the flag added by `separateDebugInfo`. - lib.optionalString enableDebugSymbols '' - BINDGEN_CFLAGS="''${BINDGEN_CFLAGS/ -Wa,--compress-debug-sections/}" - ''} - echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG - '' + (lib.optionalString googleAPISupport '' + '' + (lib.optionalString (lib.versionAtLeast version "95.0") '' + # RBox WASM Sandboxing + export WASM_CC=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}cc + export WASM_CXX=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}c++ + '') + (lib.optionalString googleAPISupport '' # Google API key used by Chromium and Firefox. # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, # please get your own set of keys. @@ -277,6 +273,7 @@ buildStdenv.mkDerivation ({ ++ lib.optional ltoSupport "--enable-lto=cross" # Cross-language LTO. ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack" ++ lib.optional (ltoSupport && !buildStdenv.isDarwin) "--enable-linker=lld" + ++ lib.optional (lib.versionAtLeast version "95") "--with-wasi-sysroot=${wasiSysRoot}" ++ flag alsaSupport "alsa" ++ flag pulseaudioSupport "pulseaudio" @@ -296,7 +293,6 @@ buildStdenv.mkDerivation ({ ++ lib.optionals enableDebugSymbols [ "--disable-strip" "--disable-install-strip" ] ++ lib.optional enableOfficialBranding "--enable-official-branding" - ++ lib.optional (lib.versionAtLeast version "95") "--without-wasm-sandboxed-libraries" ++ extraConfigureFlags; postConfigure = '' @@ -375,6 +371,7 @@ buildStdenv.mkDerivation ({ inherit applicationName; inherit tests; inherit gtk3; + inherit wasiSysRoot; } // extraPassthru; hardeningDisable = [ "format" ]; # -Werror=format-security |