diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2020-12-03 12:18:45 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-03 12:18:45 +0000 |
commit | 5b73e3087ae63d404f94a76781b281e73a33922b (patch) | |
tree | b102caf1088da9353710b3252e45ab3e61bdb453 /pkgs/applications/networking/browsers | |
parent | 594ee544b61ff8a026d3d98af90b46d60e67769c (diff) | |
parent | 84f417d29beab8e5045a4471a3a288ca3c10c0b9 (diff) | |
download | nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar.gz nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar.bz2 nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar.lz nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar.xz nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.tar.zst nixlib-5b73e3087ae63d404f94a76781b281e73a33922b.zip |
Merge master into staging-next
Diffstat (limited to 'pkgs/applications/networking/browsers')
-rw-r--r-- | pkgs/applications/networking/browsers/firefox/wrapper.nix | 170 |
1 files changed, 169 insertions, 1 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index cc6cc72e27be..f9b7f2bb8a2e 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -1,4 +1,5 @@ { stdenv, lib, makeDesktopItem, makeWrapper, lndir, config +, replace, fetchurl, zip, unzip, jq ## various stuff that can be plugged in , flashplayer, hal-flash @@ -31,6 +32,16 @@ let , forceWayland ? false , useGlvnd ? true , cfg ? config.${browserName} or {} + + ## Following options are needed for extra prefs & policies + # For more information about anti tracking (german website) + # visit https://wiki.kairaven.de/open/app/firefox + , extraPrefs ? "" + # For more information about policies visit + # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled + , extraPolicies ? {} + , firefoxLibName ? "firefox" # Important for tor package or the like + , extraExtensions ? [ ] }: assert forceWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used @@ -81,6 +92,61 @@ let ++ pkcs11Modules; gtk_modules = [ libcanberra-gtk2 ]; + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + policiesJson = builtins.toFile "policies.json" + (builtins.toJSON enterprisePolicies); + + extensions = builtins.map (a: + if ! (builtins.hasAttr "extid" a) then + throw "extraExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" + else + a + ) extraExtensions; + + enterprisePolicies = + { + policies = { + DisableAppUpdate = true; + } // + { + ExtensionSettings = { + "*" = { + blocked_install_message = "You can't have manual extension mixed with nix extensions"; + installation_mode = "blocked"; + }; + + } // lib.foldr (e: ret: + ret // { + "${e.extid}" = { + installation_mode = "allowed"; + }; + } + ) {} extensions; + } + // extraPolicies; + }; + + mozillaCfg = builtins.toFile "mozilla.cfg" '' +// First line must be a comment + + // Disables addon signature checking + // to be able to install addons that do not have an extid + // Security is maintained because only user whitelisted addons + // with a checksum can be installed + lockPref("xpinstall.signatures.required", false); + ${extraPrefs} + ''; + + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# + in stdenv.mkDerivation { inherit pname version; @@ -106,6 +172,7 @@ let nativeBuildInputs = [ makeWrapper lndir ]; buildInputs = lib.optional (browser ? gtk3) browser.gtk3; + buildCommand = lib.optionalString stdenv.isDarwin '' mkdir -p $out/Applications cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications @@ -117,7 +184,66 @@ let exit 1 fi - makeWrapper "$(readlink -v --canonicalize-existing "${browser}${browser.execdir or "/bin"}/${browserName}")" \ + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + # Link the runtime. The executable itself has to be copied, + # because it will resolve paths relative to its true location. + # Any symbolic links have to be replicated as well. + cd "${browser}" + find . -type d -exec mkdir -p "$out"/{} \; + + find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \; + + find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do + cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f" + chmod a+rwx "$out/$f" + done + + # fix links and absolute references + cd "${browser}" + + find . -type l -print0 | while read -d $'\0' l; do + target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")" + ln -sfT "$target" "$out/$l" + done + + # This will not patch binaries, only "text" files. + # Its there for the wrapper mostly. + cd "$out" + ${replace}/bin/replace-literal -esfR -- "${browser}" "$out" + + # create the wrapper + + executablePrefix="$out${browser.execdir or "/bin"}" + executablePath="$executablePrefix/${browserName}" + + if [ ! -x "$executablePath" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + if [ ! -L "$executablePath" ] + then + # Careful here, the file at executablePath may already be + # a wrapper. That is why we postfix it with -old instead + # of -wrapped. + oldExe="$executablePrefix"/".${browserName}"-old + mv "$executablePath" "$oldExe" + else + oldExe="$(readlink -v --canonicalize-existing "$executablePath")" + fi + + if [ ! -x "${browser}${browser.execdir or "/bin"}/${browserName}" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + makeWrapper "$oldExe" \ "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ --suffix LD_LIBRARY_PATH ':' "$libs" \ @@ -137,6 +263,11 @@ let --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' '' } + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# if [ -e "${browser}/share/icons" ]; then mkdir -p "$out/share" @@ -166,6 +297,43 @@ let # For manpages, in case the program supplies them mkdir -p $out/nix-support echo ${browser} > $out/nix-support/propagated-user-env-packages + + + ######################### + # # + # EXTRA PREF CHANGES # + # # + ######################### + # user customization + mkdir -p $out/lib/${firefoxLibName} + + # creating policies.json + mkdir -p "$out/lib/${firefoxLibName}/distribution" + + POL_PATH="$out/lib/${firefoxLibName}/distribution/policies.json" + rm -f "$POL_PATH" + cat ${policiesJson} >> "$POL_PATH" + + # preparing for autoconfig + mkdir -p "$out/lib/${firefoxLibName}/defaults/pref" + + cat > "$out/lib/${firefoxLibName}/defaults/pref/autoconfig.js" <<EOF + pref("general.config.filename", "mozilla.cfg"); + pref("general.config.obscure_value", 0); + EOF + + cat > "$out/lib/${firefoxLibName}/mozilla.cfg" < ${mozillaCfg} + + mkdir -p $out/lib/${firefoxLibName}/distribution/extensions + + for i in ${toString extensions}; do + ln -s -t $out/lib/${firefoxLibName}/distribution/extensions $i/* + done + ############################# + # # + # END EXTRA PREF CHANGES # + # # + ############################# ''; preferLocalBuild = true; |