diff options
author | Infinidoge <infinidoge@inx.moe> | 2023-07-20 19:13:51 -0400 |
---|---|---|
committer | Infinidoge <infinidoge@inx.moe> | 2023-11-14 09:46:13 -0500 |
commit | c4c81ac8a219e8725dae514f49c7c1b960632e67 (patch) | |
tree | a1cf89b14d86d5e17913d8be533bcb0e1f1ea5e1 /pkgs/applications | |
parent | 377f9c29b39d3e5e3588baa2d3fbd800071f55a9 (diff) | |
download | nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar.gz nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar.bz2 nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar.lz nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar.xz nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.tar.zst nixlib-c4c81ac8a219e8725dae514f49c7c1b960632e67.zip |
buildMozillaMach: support disabling extension signing enforcement
Previously, derivations specified the environment variable themselves, which did not actually disable signing enforcement.
Diffstat (limited to 'pkgs/applications')
4 files changed, 11 insertions, 13 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 348c93d0c383..26145c69fd83 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -6,6 +6,7 @@ , application ? "browser" , applicationName ? "Mozilla Firefox" , branding ? null +, requireSigning ? true , src , unpackPhase ? null , extraPatches ? [] @@ -367,6 +368,8 @@ buildStdenv.mkDerivation { configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key") '' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) '' export MOZILLA_OFFICIAL=1 + '' + lib.optionalString (!requireSigning) '' + export MOZ_REQUIRE_SIGNING= '' + lib.optionalString stdenv.hostPlatform.isMusl '' # linking firefox hits the vm.max_map_count kernel limit with the default musl allocator # TODO: Default vm.max_map_count has been increased, retest without this diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 27f3ec022ce3..bd9794b0cde9 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -54,10 +54,11 @@ }; }; - firefox-devedition = (buildMozillaMach rec { + firefox-devedition = buildMozillaMach rec { pname = "firefox-devedition"; version = "116.0b3"; applicationName = "Mozilla Firefox Developer Edition"; + requireSigning = false; branding = "browser/branding/aurora"; src = fetchurl { url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; @@ -81,9 +82,7 @@ versionSuffix = "b[0-9]*"; baseUrl = "https://archive.mozilla.org/pub/devedition/releases/"; }; - }).overrideAttrs (prev: { - env.MOZ_REQUIRE_SIGNING = ""; - }); + }; firefox-esr-102 = buildMozillaMach rec { pname = "firefox-esr-102"; diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 6b08a891ec69..7ff74a971ca6 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -102,15 +102,12 @@ let nameArray = builtins.map(a: a.name) (lib.optionals usesNixExtensions nixExtensions); - requiresSigning = browser ? MOZ_REQUIRE_SIGNING - -> toString browser.MOZ_REQUIRE_SIGNING != ""; - # Check that every extension has a unqiue .name attribute # and an extid attribute extensions = if nameArray != (lib.unique nameArray) then throw "Firefox addon name needs to be unique" - else if requiresSigning && !lib.hasSuffix "esr" browser.name then - throw "Nix addons are only supported without signature enforcement (eg. Firefox ESR)" + else if browser.requireSigning then + throw "Nix addons are only supported with signature enforcement disabled" else builtins.map (a: if ! (builtins.hasAttr "extid" a) then throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" diff --git a/pkgs/applications/networking/browsers/librewolf/default.nix b/pkgs/applications/networking/browsers/librewolf/default.nix index 4dde2d57d7e0..49f48db6858f 100644 --- a/pkgs/applications/networking/browsers/librewolf/default.nix +++ b/pkgs/applications/networking/browsers/librewolf/default.nix @@ -3,12 +3,13 @@ let librewolf-src = callPackage ./librewolf.nix { }; in -((buildMozillaMach rec { +(buildMozillaMach rec { pname = "librewolf"; applicationName = "LibreWolf"; binaryName = "librewolf"; version = librewolf-src.packageVersion; src = librewolf-src.firefox; + requireSigning = false; inherit (librewolf-src) extraConfigureFlags extraPatches extraPostPatch extraPassthru; meta = { @@ -29,6 +30,4 @@ in }).override { crashreporterSupport = false; enableOfficialBranding = false; -}).overrideAttrs (prev: { - MOZ_REQUIRE_SIGNING = ""; -}) +} |