diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix')
-rw-r--r-- | nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix | 314 |
1 files changed, 314 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix new file mode 100644 index 000000000000..e979f300ab10 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix @@ -0,0 +1,314 @@ +{ pname, ffversion, meta, updateScript ? null +, src, unpackPhase ? null, patches ? [] +, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] }: + +{ lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL +, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg +, freetype, fontconfig, file, nspr, nss, libnotify +, yasm, libGLU, libGL, sqlite, unzip, makeWrapper +, hunspell, libXdamage, libevent, libstartup_notification +, libvpx, libvpx_1_8 +, icu, libpng, jemalloc, glib +, autoconf213, which, gnused, cargo, rustc, llvmPackages +, rust-cbindgen, nodejs, nasm, fetchpatch +, debugBuild ? false + +### optionals + +## optional libraries + +, alsaSupport ? stdenv.isLinux, alsaLib +, pulseaudioSupport ? stdenv.isLinux, libpulseaudio +, ffmpegSupport ? true +, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook +, gssSupport ? true, kerberos +, waylandSupport ? gtk3Support, libxkbcommon + +## privacy-related options + +, privacySupport ? false + +# WARNING: NEVER set any of the options below to `true` by default. +# Set to `!privacySupport` or `false`. + +# webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63. +# https://bugzilla.mozilla.org/show_bug.cgi?id=1434589 +, webrtcSupport ? !privacySupport +, geolocationSupport ? !privacySupport +, googleAPISupport ? geolocationSupport +, crashreporterSupport ? false + +, safeBrowsingSupport ? false +, drmSupport ? false + +# macOS dependencies +, xcbuild, CoreMedia, ExceptionHandling, Kerberos, AVFoundation, MediaToolbox +, CoreLocation, Foundation, AddressBook, libobjc, cups, rsync + +## other + +# As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at +# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we +# have permission to use the official firefox branding. +# +# Fur purposes of documentation the statement of @sylvestre: +# > As the person who did part of the work described in the LWN article +# > and release manager working for Mozilla, I can confirm the statement +# > that I made in +# > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006 +# > +# > @garbas shared with me the list of patches applied for the Nix package. +# > As they are just for portability and tiny modifications, they don't +# > alter the experience of the product. In parallel, Rok also shared the +# > build options. They seem good (even if I cannot judge the quality of the +# > packaging of the underlying dependencies like sqlite, png, etc). +# > Therefor, as long as you keep the patch queue sane and you don't alter +# > the experience of Firefox users, you won't have any issues using the +# > official branding. +, enableOfficialBranding ? true +}: + +assert stdenv.cc.libc or null != null; + +let + flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")]; + + default-toolkit = if stdenv.isDarwin then "cairo-cocoa" + else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}"; + + binaryName = "firefox"; + binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName; + + browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName; + + execdir = if stdenv.isDarwin + then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS" + else "/bin"; +in + +stdenv.mkDerivation ({ + name = "${pname}-unwrapped-${ffversion}"; + version = ffversion; + + inherit src unpackPhase meta; + + patches = [ + ./env_var_for_system_dir.patch + ] + ++ patches; + + + # Ignore trivial whitespace changes in patches, this fixes compatibility of + # ./env_var_for_system_dir.patch with Firefox >=65 without having to track + # two patches. + patchFlags = [ "-p1" "-l" ]; + + buildInputs = [ + gtk2 perl zip libIDL libjpeg zlib bzip2 + dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor + xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file + libnotify xorg.pixman yasm libGLU libGL + xorg.libXScrnSaver xorg.xorgproto + xorg.libXext unzip makeWrapper + libevent libstartup_notification /* cairo */ + icu libpng jemalloc glib + nasm + # >= 66 requires nasm for the AV1 lib dav1d + # yasm can potentially be removed in future versions + # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 + # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ + nspr nss + ] + ++ lib.optionals (lib.versionOlder ffversion "75") [ libvpx sqlite ] + ++ lib.optional (lib.versionAtLeast ffversion "75.0") libvpx_1_8 + ++ lib.optional alsaSupport alsaLib + ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed + ++ lib.optional gtk3Support gtk3 + ++ lib.optional waylandSupport libxkbcommon + ++ lib.optional gssSupport kerberos + ++ lib.optional waylandSupport libxkbcommon + ++ lib.optionals stdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos + AVFoundation MediaToolbox CoreLocation + Foundation libobjc AddressBook cups ]; + + NIX_CFLAGS_COMPILE = toString ([ + "-I${glib.dev}/include/gio-unix-2.0" + "-I${nss.dev}/include/nss" + ] + ++ lib.optional (pname == "firefox-esr" && lib.versionOlder ffversion "69") + "-Wno-error=format-security"); + + postPatch = '' + rm -rf obj-x86_64-pc-linux-gnu + ''; + + nativeBuildInputs = + [ + autoconf213 + cargo + gnused + llvmPackages.llvm # llvm-objdump + nodejs + perl + pkgconfig + python2 + python3 + rust-cbindgen + rustc + which + ] + ++ lib.optional gtk3Support wrapGAppsHook + ++ lib.optionals stdenv.isDarwin [ xcbuild rsync ] + ++ extraNativeBuildInputs; + + preConfigure = '' + # remove distributed configuration files + rm -f configure + rm -f js/src/configure + rm -f .mozconfig* + # this will run autoconf213 + configureScript="$(realpath ./mach) configure" + export MOZCONFIG=$(pwd)/mozconfig + + # Set C flags for Rust's bindgen program. Unlike ordinary C + # compilation, bindgen does not invoke $CC directly. Instead it + # uses LLVM's libclang. To make sure all necessary flags are + # included we need to look in a few places. + # TODO: generalize this process for other use-cases. + + BINDGEN_CFLAGS="$(< ${stdenv.cc}/nix-support/libc-cflags) \ + $(< ${stdenv.cc}/nix-support/cc-cflags) \ + ${stdenv.cc.default_cxx_stdlib_compile} \ + ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ + ${lib.optionalString stdenv.cc.isGNU "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ + $NIX_CFLAGS_COMPILE" + + echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG + '' + (lib.optionalString googleAPISupport '' + # Google API key used by Chromium and Firefox. + # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, + # please get your own set of keys. + echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga + # 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176 + configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga") + configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga") + '') + '' + # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286 + unset AS + ''; + + configureFlags = [ + "--enable-application=browser" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-bz2" + "--with-system-libevent" + "--with-system-libvpx" + "--with-system-png" # needs APNG support + "--with-system-icu" + "--enable-system-ffi" + "--enable-system-pixman" + #"--enable-system-cairo" + "--enable-startup-notification" + #"--enable-content-sandbox" # TODO: probably enable after 54 + "--disable-tests" + "--disable-necko-wifi" # maybe we want to enable this at some point + "--disable-updater" + "--enable-jemalloc" + "--disable-gconf" + "--enable-default-toolkit=${default-toolkit}" + "--with-libclang-path=${llvmPackages.libclang}/lib" + "--with-clang-path=${llvmPackages.clang}/bin/clang" + "--with-system-nspr" + "--with-system-nss" + ] + ++ lib.optional (lib.versionOlder ffversion "75") "--enable-system-sqlite" + ++ lib.optional (stdenv.isDarwin) "--disable-xcode-checks" + ++ lib.optionals (lib.versionOlder ffversion "69") [ + "--enable-webrender=build" + ] + + ++ flag alsaSupport "alsa" + ++ flag pulseaudioSupport "pulseaudio" + ++ flag ffmpegSupport "ffmpeg" + ++ flag gssSupport "negotiateauth" + ++ flag webrtcSupport "webrtc" + ++ flag crashreporterSupport "crashreporter" + ++ lib.optional (!drmSupport) "--disable-eme" + + ++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ] + else [ "--disable-debug" "--enable-release" + "--enable-optimize" + "--enable-strip" ]) + ++ lib.optional enableOfficialBranding "--enable-official-branding" + ++ extraConfigureFlags; + + postConfigure = '' + cd obj-* + ''; + + makeFlags = lib.optionals enableOfficialBranding [ + "MOZILLA_OFFICIAL=1" + "BUILD_OFFICIAL=1" + ] + ++ extraMakeFlags; + + enableParallelBuilding = true; + doCheck = false; # "--disable-tests" above + + installPhase = if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp -LR dist/${binaryNameCapitalized}.app $out/Applications + '' else null; + + postInstall = lib.optionalString stdenv.isLinux '' + # Remove SDK cruft. FIXME: move to a separate output? + rm -rf $out/share/idl $out/include $out/lib/${binaryName}-devel-* + + # Needed to find Mozilla runtime + gappsWrapperArgs+=(--argv0 "$out/bin/.${binaryName}-wrapped") + ''; + + postFixup = lib.optionalString stdenv.isLinux '' + # Fix notifications. LibXUL uses dlopen for this, unfortunately; see #18712. + patchelf --set-rpath "${lib.getLib libnotify + }/lib:$(patchelf --print-rpath "$out"/lib/${binaryName}*/libxul.so)" \ + "$out"/lib/${binaryName}*/libxul.so + ''; + + doInstallCheck = true; + installCheckPhase = '' + # Some basic testing + "$out${execdir}/${browserName}" --version + ''; + + passthru = { + inherit updateScript; + version = ffversion; + isFirefox3Like = true; + gtk = gtk2; + inherit nspr; + inherit ffmpegSupport; + inherit gssSupport; + inherit execdir; + inherit browserName; + } // lib.optionalAttrs gtk3Support { inherit gtk3; }; +} // +lib.optionalAttrs (lib.versionAtLeast ffversion "74") { + hardeningDisable = [ "format" ]; # -Werror=format-security +} // +# the build system verifies checksums of the bundled rust sources +# ./third_party/rust is be patched by our libtool fixup code in stdenv +# unfortunately we can't just set this to `false` when we do not want it. +# See https://github.com/NixOS/nixpkgs/issues/77289 for more details + +lib.optionalAttrs (lib.versionAtLeast ffversion "72") { + # Ideally we would figure out how to tell the build system to not + # care about changed hashes as we are already doing that when we + # fetch the sources. Any further modifications of the source tree + # is on purpose by some of our tool (or by accident and a bug?). + dontFixLibtool = true; + + # on aarch64 this is also required + dontUpdateAutotoolsGnuConfigScripts = true; +}) |