diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/firefox')
9 files changed, 1025 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix new file mode 100644 index 000000000000..cfa5aabb2d2b --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix @@ -0,0 +1,385 @@ +{ pname, ffversion, meta, updateScript ? null +, src, unpackPhase ? null, patches ? [] +, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] +, isIceCatLike ? false, icversion ? null +, isTorBrowserLike ? false, tbversion ? null }: + +{ lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL +, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg +, freetype, fontconfig, file, nspr, nss, libnotify +, yasm, libGLU, libGL, sqlite, unzip, makeWrapper +, hunspell, libXdamage, libevent, libstartup_notification, libvpx +, icu, libpng, jemalloc, glib +, autoconf213, which, gnused, cargo, rustc, llvmPackages +, rust-cbindgen, nodejs, nasm, fetchpatch +, debugBuild ? false + +### optionals + +## optional libraries + +, alsaSupport ? stdenv.isLinux, alsaLib +, pulseaudioSupport ? stdenv.isLinux, libpulseaudio +, ffmpegSupport ? true +, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook +, gssSupport ? true, kerberos +, waylandSupport ? gtk3Support, libxkbcommon + +## privacy-related options + +, privacySupport ? isTorBrowserLike || isIceCatLike + +# WARNING: NEVER set any of the options below to `true` by default. +# Set to `!privacySupport` or `false`. + +# webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63. +# https://bugzilla.mozilla.org/show_bug.cgi?id=1434589 +, webrtcSupport ? !privacySupport && (!stdenv.isAarch64 || !( + lib.versionAtLeast ffversion "60" && lib.versionOlder ffversion "63" + )) +, geolocationSupport ? !privacySupport +, googleAPISupport ? geolocationSupport +, crashreporterSupport ? false + +, safeBrowsingSupport ? false +, drmSupport ? false + +# macOS dependencies +, xcbuild, CoreMedia, ExceptionHandling, Kerberos, AVFoundation, MediaToolbox +, CoreLocation, Foundation, AddressBook, libobjc, cups, rsync + +## other + +# As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at +# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we +# have permission to use the official firefox branding. +# +# Fur purposes of documentation the statement of @sylvestre: +# > As the person who did part of the work described in the LWN article +# > and release manager working for Mozilla, I can confirm the statement +# > that I made in +# > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006 +# > +# > @garbas shared with me the list of patches applied for the Nix package. +# > As they are just for portability and tiny modifications, they don't +# > alter the experience of the product. In parallel, Rok also shared the +# > build options. They seem good (even if I cannot judge the quality of the +# > packaging of the underlying dependencies like sqlite, png, etc). +# > Therefor, as long as you keep the patch queue sane and you don't alter +# > the experience of Firefox users, you won't have any issues using the +# > official branding. +, enableOfficialBranding ? true +}: + +assert stdenv.cc.libc or null != null; + +let + flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")]; + + default-toolkit = if stdenv.isDarwin then "cairo-cocoa" + else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}"; + + binaryName = if isIceCatLike then "icecat" else "firefox"; + binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName; + + browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName; + + execdir = if stdenv.isDarwin + then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS" + else "/bin"; + + browserVersion = if isIceCatLike then icversion + else if isTorBrowserLike then tbversion + else ffversion; + + browserPatches = [ + ./env_var_for_system_dir.patch + ] + ++ lib.optional (lib.versionAtLeast ffversion "63" && lib.versionOlder ffversion "68.3.0") + (fetchpatch { # https://bugzilla.mozilla.org/show_bug.cgi?id=1500436#c29 + name = "write_error-parallel_make.diff"; + url = "https://hg.mozilla.org/mozilla-central/raw-diff/562655fe/python/mozbuild/mozbuild/action/node.py"; + sha256 = "11d7rgzinb4mwl7yzhidjkajynmxgmffr4l9isgskfapyax9p88y"; + }) + ++ lib.optionals (stdenv.isAarch64 && lib.versionAtLeast ffversion "66" && lib.versionOlder ffversion "67") [ + (fetchpatch { + url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch"; + sha256 = "1vbpih23imhv5r3g21m3m541z08n9n9j1nvmqax76bmyhn7mxp32"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/build-arm-libopus.patch"; + sha256 = "1zg56v3lc346fkzcjjx21vjip2s9hb2xw4pvza1dsfdnhsnzppfp"; + }) + ] + ++ lib.optional (lib.versionAtLeast ffversion "71") (fetchpatch { + url = "https://phabricator.services.mozilla.com/D56873?download=true"; + sha256 = "183949phd2n27nhiq85a04j4fjn0jxmldic6wcjrczsd8g2rrr5k"; + }) + ++ patches; + +in + +stdenv.mkDerivation (rec { + name = "${pname}-unwrapped-${version}"; + version = browserVersion; + + inherit src unpackPhase meta; + + patches = browserPatches; + + # Ignore trivial whitespace changes in patches, this fixes compatibility of + # ./env_var_for_system_dir.patch with Firefox >=65 without having to track + # two patches. + patchFlags = [ "-p1" "-l" ]; + + buildInputs = [ + gtk2 perl zip libIDL libjpeg zlib bzip2 + dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor + xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file + libnotify xorg.pixman yasm libGLU libGL + xorg.libXScrnSaver xorg.xorgproto + xorg.libXext sqlite unzip makeWrapper + libevent libstartup_notification libvpx /* cairo */ + icu libpng jemalloc glib + ] + ++ lib.optionals (!isTorBrowserLike) [ nspr nss ] + ++ lib.optional (lib.versionOlder ffversion "53") libXdamage + ++ lib.optional (lib.versionOlder ffversion "61") hunspell + + # >= 66 requires nasm for the AV1 lib dav1d + # yasm can potentially be removed in future versions + # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 + # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ + ++ lib.optional (lib.versionAtLeast ffversion "66") nasm + ++ lib.optional alsaSupport alsaLib + ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed + ++ lib.optional gtk3Support gtk3 + ++ lib.optional waylandSupport libxkbcommon + ++ lib.optional gssSupport kerberos + ++ lib.optional waylandSupport libxkbcommon + ++ lib.optionals stdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos + AVFoundation MediaToolbox CoreLocation + Foundation libobjc AddressBook cups ]; + + NIX_CFLAGS_COMPILE = toString ([ + "-I${glib.dev}/include/gio-unix-2.0" + ] + ++ lib.optionals (!isTorBrowserLike) [ + "-I${nss.dev}/include/nss" + ] + ++ lib.optional (pname == "firefox-esr" && lib.versionAtLeast ffversion "68" + && lib.versionOlder ffversion "69") + "-Wno-error=format-security"); + + postPatch = lib.optionalString (lib.versionAtLeast ffversion "63.0" && !isTorBrowserLike) '' + substituteInPlace third_party/prio/prio/rand.c --replace 'nspr/prinit.h' 'prinit.h' + '' + lib.optionalString (lib.versionAtLeast ffversion "68") '' + rm -rf obj-x86_64-pc-linux-gnu + ''; + + nativeBuildInputs = + [ autoconf213 which gnused pkgconfig perl python2 cargo rustc ] + ++ lib.optional gtk3Support wrapGAppsHook + ++ lib.optionals stdenv.isDarwin [ xcbuild rsync ] + ++ lib.optional (lib.versionAtLeast ffversion "61.0") python3 + ++ lib.optionals (lib.versionAtLeast ffversion "63.0") [ rust-cbindgen nodejs ] + ++ lib.optionals (lib.versionAtLeast ffversion "67.0") [ llvmPackages.llvm ] # llvm-objdump is required in version >=67.0 + ++ extraNativeBuildInputs; + + preConfigure = '' + # remove distributed configuration files + rm -f configure + rm -f js/src/configure + rm -f .mozconfig* + '' + (if lib.versionAtLeast ffversion "58" + # this will run autoconf213 + then '' + configureScript="$(realpath ./mach) configure" + '' else '' + make -f client.mk configure-files + configureScript="$(realpath ./configure)" + '') + lib.optionalString (lib.versionAtLeast ffversion "53") '' + export MOZCONFIG=$(pwd)/mozconfig + + # Set C flags for Rust's bindgen program. Unlike ordinary C + # compilation, bindgen does not invoke $CC directly. Instead it + # uses LLVM's libclang. To make sure all necessary flags are + # included we need to look in a few places. + # TODO: generalize this process for other use-cases. + + BINDGEN_CFLAGS="$(< ${stdenv.cc}/nix-support/libc-cflags) \ + $(< ${stdenv.cc}/nix-support/cc-cflags) \ + ${stdenv.cc.default_cxx_stdlib_compile} \ + ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ + ${lib.optionalString stdenv.cc.isGNU "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/$(cc -dumpmachine)"} \ + $NIX_CFLAGS_COMPILE" + + echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG + '' + lib.optionalString googleAPISupport '' + # Google API key used by Chromium and Firefox. + # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, + # please get your own set of keys. + echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga + # 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176 + ${if (lib.versionAtLeast ffversion "60.6" && lib.versionOlder ffversion "61") || (lib.versionAtLeast ffversion "66") then '' + configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga") + configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga") + '' else '' + configureFlagsArray+=("--with-google-api-keyfile=$TMPDIR/ga") + ''} + '' + lib.optionalString (lib.versionOlder ffversion "58") '' + cd obj-* + '' + # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286 + + lib.optionalString (lib.versionAtLeast ffversion "64") '' + unset AS + ''; + + configureFlags = [ + "--enable-application=browser" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-bz2" + "--with-system-libevent" + "--with-system-libvpx" + "--with-system-png" # needs APNG support + "--with-system-icu" + "--enable-system-ffi" + "--enable-system-pixman" + "--enable-system-sqlite" + #"--enable-system-cairo" + "--enable-startup-notification" + #"--enable-content-sandbox" # TODO: probably enable after 54 + "--disable-tests" + "--disable-necko-wifi" # maybe we want to enable this at some point + "--disable-updater" + "--enable-jemalloc" + "--disable-gconf" + "--enable-default-toolkit=${default-toolkit}" + ] + ++ lib.optional (lib.versionOlder ffversion "64") "--disable-maintenance-service" + ++ lib.optional (stdenv.isDarwin && lib.versionAtLeast ffversion "61") "--disable-xcode-checks" + ++ lib.optional (lib.versionOlder ffversion "61") "--enable-system-hunspell" + ++ lib.optionals (lib.versionAtLeast ffversion "56") [ + "--with-libclang-path=${llvmPackages.libclang}/lib" + "--with-clang-path=${llvmPackages.clang}/bin/clang" + ] + ++ lib.optionals (lib.versionAtLeast ffversion "57" && lib.versionOlder ffversion "69") [ + "--enable-webrender=build" + ] + + # TorBrowser patches these + ++ lib.optionals (!isTorBrowserLike) [ + "--with-system-nspr" + "--with-system-nss" + ] + + # and wants these + ++ lib.optionals isTorBrowserLike ([ + "--with-tor-browser-version=${tbversion}" + "--with-distribution-id=org.torproject" + "--enable-signmar" + "--enable-verify-mar" + "--enable-bundled-fonts" + ]) + + ++ flag alsaSupport "alsa" + ++ flag pulseaudioSupport "pulseaudio" + ++ flag ffmpegSupport "ffmpeg" + ++ flag gssSupport "negotiateauth" + ++ flag webrtcSupport "webrtc" + ++ flag crashreporterSupport "crashreporter" + ++ lib.optional (!drmSupport) "--disable-eme" + + ++ lib.optionals (lib.versionOlder ffversion "60") ([] + ++ flag geolocationSupport "mozril-geoloc" + ++ flag safeBrowsingSupport "safe-browsing" + ) + + ++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ] + else [ "--disable-debug" "--enable-release" + "--enable-optimize" + "--enable-strip" ]) + ++ lib.optional enableOfficialBranding "--enable-official-branding" + ++ extraConfigureFlags; + + # Before 58 we have to run `make -f client.mk configure-files` at + # the top level, and then run `./configure` in the obj-* dir (see + # above), but in 58 we have to instead run `./mach configure` at the + # top level and then run `make` in obj-*. (We can also run the + # `make` at the top level in 58, but then we would have to `cd` to + # `make install` anyway. This is ugly, but simple.) + postConfigure = lib.optionalString (lib.versionAtLeast ffversion "58") '' + cd obj-* + ''; + + preBuild = lib.optionalString isTorBrowserLike '' + buildFlagsArray=("MOZ_APP_DISPLAYNAME=Tor Browser") + ''; + + makeFlags = lib.optionals enableOfficialBranding [ + "MOZILLA_OFFICIAL=1" + "BUILD_OFFICIAL=1" + ] + ++ extraMakeFlags; + + RUSTFLAGS = if (lib.versionAtLeast ffversion "67"/*somewhere betwween ESRs*/) + then null else "--cap-lints warn"; + + enableParallelBuilding = true; + doCheck = false; # "--disable-tests" above + + installPhase = if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp -LR dist/${binaryNameCapitalized}.app $out/Applications + '' else null; + + postInstall = lib.optionalString stdenv.isLinux '' + # Remove SDK cruft. FIXME: move to a separate output? + rm -rf $out/share/idl $out/include $out/lib/${binaryName}-devel-* + + # Needed to find Mozilla runtime + gappsWrapperArgs+=(--argv0 "$out/bin/.${binaryName}-wrapped") + ''; + + postFixup = lib.optionalString stdenv.isLinux '' + # Fix notifications. LibXUL uses dlopen for this, unfortunately; see #18712. + patchelf --set-rpath "${lib.getLib libnotify + }/lib:$(patchelf --print-rpath "$out"/lib/${binaryName}*/libxul.so)" \ + "$out"/lib/${binaryName}*/libxul.so + ''; + + doInstallCheck = true; + installCheckPhase = '' + # Some basic testing + "$out${execdir}/${browserName}" --version + ''; + + passthru = { + inherit version updateScript; + isFirefox3Like = true; + inherit isIceCatLike; + inherit isTorBrowserLike; + gtk = gtk2; + inherit nspr; + inherit ffmpegSupport; + inherit gssSupport; + inherit execdir; + inherit browserName; + } // lib.optionalAttrs gtk3Support { inherit gtk3; }; + +} // +# the build system verifies checksums of the bundled rust sources +# ./third_party/rust is be patched by our libtool fixup code in stdenv +# unfortunately we can't just set this to `false` when we do not want it. +# See https://github.com/NixOS/nixpkgs/issues/77289 for more details +lib.optionalAttrs (lib.versionAtLeast ffversion "72") { + # Ideally we would figure out how to tell the build system to not + # care about changed hashes as we are already doing that when we + # fetch the sources. Any further modifications of the source tree + # is on purpose by some of our tool (or by accident and a bug?). + dontFixLibtool = true; + + # on aarch64 this is also required + dontUpdateAutotoolsGnuConfigScripts = true; +}) diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/env_var_for_system_dir.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/env_var_for_system_dir.patch new file mode 100644 index 000000000000..18d31356989a --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/env_var_for_system_dir.patch @@ -0,0 +1,6 @@ +--- a/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:00:14.157543388 +0100 ++++ b/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:01:28.731128320 +0100 +@@ -302 +302,2 @@ +- rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir)); ++ const char* pathVar = PR_GetEnv("MOZ_SYSTEM_DIR"); ++ rv = NS_NewNativeLocalFile((pathVar && *pathVar) ? nsDependentCString(pathVar) : reinterpret_cast<const nsCString&>(dirname), false, getter_AddRefs(localDir)); diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/fix-pa-context-connect-retval.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/fix-pa-context-connect-retval.patch new file mode 100644 index 000000000000..1c3c32948944 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/fix-pa-context-connect-retval.patch @@ -0,0 +1,26 @@ +Yep, it's a "return code was ignored" bug. +diff --git a/media/libcubeb/src/cubeb_pulse.c b/media/libcubeb/src/cubeb_pulse.c +index aaaaaaaaaaa..bbbbbbbbbbb 100644 +--- a/media/libcubeb/src/cubeb_pulse.c ++++ b/media/libcubeb/src/cubeb_pulse.c +@@ -473,6 +473,8 @@ + static int + pulse_context_init(cubeb * ctx) + { ++ int r; ++ + if (ctx->context) { + assert(ctx->error == 1); + pulse_context_destroy(ctx); +@@ -486,9 +488,9 @@ + WRAP(pa_context_set_state_callback)(ctx->context, context_state_callback, ctx); + + WRAP(pa_threaded_mainloop_lock)(ctx->mainloop); +- WRAP(pa_context_connect)(ctx->context, NULL, 0, NULL); ++ r = WRAP(pa_context_connect)(ctx->context, NULL, 0, NULL); + +- if (wait_until_context_ready(ctx) != 0) { ++ if (r < 0 || wait_until_context_ready(ctx) != 0) { + WRAP(pa_threaded_mainloop_unlock)(ctx->mainloop); + pulse_context_destroy(ctx); + ctx->context = NULL; diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch new file mode 100644 index 000000000000..7d129dc78f98 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx65.patch @@ -0,0 +1,23 @@ +diff -ur firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp firefox-65.0/docshell/base/nsAboutRedirector.cpp +--- firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp 2019-01-23 00:48:28.988747428 +0100 ++++ firefox-65.0/docshell/base/nsAboutRedirector.cpp 2019-01-23 00:51:13.378188397 +0100 +@@ -67,8 +67,6 @@ + {"about", "chrome://global/content/aboutAbout.xhtml", 0}, + {"addons", "chrome://mozapps/content/extensions/extensions.xul", + nsIAboutModule::ALLOW_SCRIPT}, +- {"buildconfig", "chrome://global/content/buildconfig.html", +- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT}, + {"checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT}, +diff -ur firefox-65.0-orig/toolkit/content/jar.mn firefox-65.0/toolkit/content/jar.mn +--- firefox-65.0-orig/toolkit/content/jar.mn 2019-01-23 00:48:35.033372506 +0100 ++++ firefox-65.0/toolkit/content/jar.mn 2019-01-23 00:50:45.126565924 +0100 +@@ -36,7 +36,6 @@ + content/global/plugins.css + content/global/browser-child.js + content/global/browser-content.js +-* content/global/buildconfig.html + content/global/buildconfig.css + content/global/contentAreaUtils.js + content/global/datepicker.xhtml diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-max-64.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-max-64.patch new file mode 100644 index 000000000000..de278152f978 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-max-64.patch @@ -0,0 +1,25 @@ +diff -ru -x '*~' firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp firefox-55.0.3/docshell/base/nsAboutRedirector.cpp +--- firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp 2017-07-31 18:20:51.000000000 +0200 ++++ firefox-55.0.3/docshell/base/nsAboutRedirector.cpp 2017-09-26 22:02:00.814151731 +0200 +@@ -36,10 +36,6 @@ + nsIAboutModule::ALLOW_SCRIPT + }, + { +- "buildconfig", "chrome://global/content/buildconfig.html", +- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT +- }, +- { + "checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT +diff -ru -x '*~' firefox-55.0.3-orig/toolkit/content/jar.mn firefox-55.0.3/toolkit/content/jar.mn +--- firefox-55.0.3-orig/toolkit/content/jar.mn 2017-07-31 18:20:52.000000000 +0200 ++++ firefox-55.0.3/toolkit/content/jar.mn 2017-09-26 22:01:42.383350314 +0200 +@@ -40,7 +40,6 @@ + content/global/plugins.css + content/global/browser-child.js + content/global/browser-content.js +-* content/global/buildconfig.html + content/global/buildconfig.css + content/global/contentAreaUtils.js + content/global/datepicker.xhtml diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-min-65.patch b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-min-65.patch new file mode 100644 index 000000000000..708004781efc --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/no-buildconfig-min-65.patch @@ -0,0 +1,25 @@ +diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp +index fe0a5af..3df1e0e 100644 +--- a/docshell/base/nsAboutRedirector.cpp ++++ b/docshell/base/nsAboutRedirector.cpp +@@ -67,8 +67,6 @@ static const RedirEntry kRedirMap[] = { + {"about", "chrome://global/content/aboutAbout.xhtml", 0}, + {"addons", "chrome://mozapps/content/extensions/extensions.xul", + nsIAboutModule::ALLOW_SCRIPT}, +- {"buildconfig", "chrome://global/content/buildconfig.html", +- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT}, + {"checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT}, +diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn +index 2ec137d..579ef4d 100644 +--- a/toolkit/content/jar.mn ++++ b/toolkit/content/jar.mn +@@ -36,7 +36,6 @@ toolkit.jar: + content/global/plugins.css + content/global/browser-child.js + content/global/browser-content.js +-* content/global/buildconfig.html + content/global/buildconfig.css + content/global/contentAreaUtils.js + content/global/datepicker.xhtml diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix new file mode 100644 index 000000000000..805072aafdc8 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix @@ -0,0 +1,309 @@ +{ lib, callPackage, fetchurl, fetchFromGitHub, firefoxCommon +, overrideCC, gccStdenv, gcc6 +}: + +let + + # Needed on older branches since rustc: 1.32.0 -> 1.33.0 + missing-documentation-patch = fetchurl { + name = "missing-documentation.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/deny_missing_docs.patch" + + "?h=firefox-esr&id=03bdd01f9cf"; + sha256 = "1i33n3fgwc8d0v7j4qn7lbdax0an6swar12gay3q2nwrhg3ic4fb"; + }; +in + +rec { + firefox = firefoxCommon rec { + pname = "firefox"; + ffversion = "72.0.1"; + src = fetchurl { + url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; + sha512 = "37ryimi6yfpcha4c9mcv8gjk38kia1lr5xrj2lglwsr1jai7qxrcd8ljcry8bg87qfwwb9fa13prmn78f5pzpxr7jf8gnsbvr6adxld"; + }; + + patches = [ + ./no-buildconfig-ffx65.patch + ]; + + meta = { + description = "A web browser built from Firefox source tree"; + homepage = http://www.mozilla.com/en-US/firefox/; + maintainers = with lib.maintainers; [ eelco andir ]; + platforms = lib.platforms.unix; + badPlatforms = lib.platforms.darwin; + license = lib.licenses.mpl20; + }; + updateScript = callPackage ./update.nix { + attrPath = "firefox-unwrapped"; + versionKey = "ffversion"; + }; + }; + + # Do not remove. This is the last version of Firefox that supports + # the old plugins. While this package is unsafe to use for browsing + # the web, there are many old useful plugins targeting offline + # activities (e.g. ebook readers, syncronous translation, etc) that + # will probably never be ported to WebExtensions API. + firefox-esr-52 = (firefoxCommon rec { + pname = "firefox-esr"; + ffversion = "52.9.0esr"; + src = fetchurl { + url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; + sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9"; + }; + + patches = [ + # this one is actually an omnipresent bug + # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 + ./fix-pa-context-connect-retval.patch + ]; + + meta = firefox.meta // { + description = "A web browser built from Firefox Extended Support Release source tree"; + knownVulnerabilities = [ "Support ended in August 2018." ]; + }; + }).override { + stdenv = overrideCC gccStdenv gcc6; # gcc7 fails with "undefined reference to `__divmoddi4'" + gtk3Support = false; + }; + + firefox-esr-60 = firefoxCommon rec { + pname = "firefox-esr"; + ffversion = "60.9.0esr"; + + src = fetchurl { + url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; + sha512 = "4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf"; + }; + + patches = [ + ./no-buildconfig-ffx65.patch + + # this one is actually an omnipresent bug + # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 + ./fix-pa-context-connect-retval.patch + + missing-documentation-patch + ]; + + meta = firefox.meta // { + description = "A web browser built from Firefox Extended Support Release source tree"; + }; + updateScript = callPackage ./update.nix { + attrPath = "firefox-esr-60-unwrapped"; + versionSuffix = "esr"; + versionKey = "ffversion"; + }; + }; + + firefox-esr-68 = firefoxCommon rec { + pname = "firefox-esr"; + ffversion = "68.4.1esr"; + src = fetchurl { + url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; + sha512 = "3nqchvyr95c9xvz23z0kcqqyx8lskw0lxa3rahiagc7b71pnrk8l40c7327q1wd4y5g16lix0fg04xiy6lqjfycjsrjlfr2y6b51n4d"; + }; + + patches = [ + ./no-buildconfig-ffx65.patch + ]; + + meta = firefox.meta // { + description = "A web browser built from Firefox Extended Support Release source tree"; + }; + updateScript = callPackage ./update.nix { + attrPath = "firefox-esr-68-unwrapped"; + versionSuffix = "esr"; + versionKey = "ffversion"; + }; + }; + + firefox-beta = firefoxCommon rec { + pname = "firefox"; + ffversion = "66.0b5"; + src = fetchurl { + url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; + sha512 = "2cnv8pnl220dxqfpcdnwibwidc8b9zg3bj9wkzc83r4cdsfcjy3hqyw01gpc30a4qwbbabsgask3hl3dg7d3d8qqw4c588b00z67mvs"; + }; + + patches = [ + ./no-buildconfig-ffx65.patch + ]; + + meta = firefox.meta // { + description = "A web browser built from Firefox Beta source tree"; + }; + updateScript = callPackage ./update.nix { + attrPath = "firefox-beta"; + versionKey = "ffversion"; + }; + }; + +} // (let + + iccommon = args: firefoxCommon (args // { + pname = "icecat"; + isIceCatLike = true; + + meta = (args.meta or {}) // { + description = "The GNU version of the Firefox web browser"; + longDescription = '' + GNUzilla is the GNU version of the Mozilla suite, and GNU + IceCat is the GNU version of the Firefox web browser. + + Notable differences from mainline Firefox: + + - entirely free software, no non-free plugins, addons, + artwork, + - no telemetry, no "studies", + - sane privacy and security defaults (for instance, unlike + Firefox, IceCat does _zero_ network requests on startup by + default, which means that with IceCat you won't need to + unplug your Ethernet cable each time you want to create a + new browser profile without announcing that action to a + bunch of data-hungry corporations), + - all essential privacy and security settings can be + configured directly from the main screen, + - optional first party isolation (like TorBrowser), + - comes with HTTPS Everywhere (like TorBrowser), Tor Browser + Button (like TorBrowser Bundle), LibreJS, and SpyBlock + plugins out of the box. + + This package can be installed together with Firefox and + TorBrowser, it will use distinct binary names and profile + directories. + ''; + homepage = "https://www.gnu.org/software/gnuzilla/"; + platforms = lib.platforms.unix; + license = with lib.licenses; [ mpl20 gpl3Plus ]; + }; + }); + +in { + + icecat = iccommon rec { + ffversion = "60.3.0"; + icversion = "${ffversion}-gnu1"; + + src = fetchurl { + url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; + sha256 = "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1"; + }; + + patches = [ + ./no-buildconfig.patch + missing-documentation-patch + ]; + }; + + # Similarly to firefox-esr-52 above. + icecat-52 = iccommon rec { + ffversion = "52.6.0"; + icversion = "${ffversion}-gnu1"; + + src = fetchurl { + url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; + sha256 = "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a"; + }; + + patches = [ + # this one is actually an omnipresent bug + # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 + ./fix-pa-context-connect-retval.patch + ]; + + meta.knownVulnerabilities = [ "Support ended in August 2018." ]; + }; + +}) // (let + + tbcommon = args: firefoxCommon (args // { + pname = "tor-browser"; + isTorBrowserLike = true; + + unpackPhase = '' + # fetchFromGitHub produces ro sources, root dir gets a name that + # is too long for shebangs. fixing + cp -a $src tor-browser + chmod -R +w tor-browser + cd tor-browser + + # set times for xpi archives + find . -exec touch -d'2010-01-01 00:00' {} \; + ''; + + meta = (args.meta or {}) // { + description = "A web browser built from TorBrowser source tree"; + longDescription = '' + This is a version of TorBrowser with bundle-related patches + reverted. + + I.e. it's a variant of Firefox with less fingerprinting and + some isolation features you can't get with any extensions. + + Or, alternatively, a variant of TorBrowser that works like any + other UNIX program and doesn't expect you to run it from a + bundle. + + It will use your default Firefox profile if you're not careful + even! Be careful! + + It will clash with firefox binary if you install both. But it + should not be a problem because you should run browsers in + separate users/VMs anyway. + + Create new profile by starting it as + + $ firefox -ProfileManager + + and then configure it to use your tor instance. + + Or just use `tor-browser-bundle` package that packs this + `tor-browser` back into a sanely-built bundle. + ''; + homepage = "https://www.torproject.org/projects/torbrowser.html"; + platforms = lib.platforms.unix; + license = with lib.licenses; [ mpl20 bsd3 ]; + }; + }); + +in rec { + + tor-browser-7-5 = (tbcommon { + ffversion = "52.9.0esr"; + tbversion = "7.5.6"; + + # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb + src = fetchFromGitHub { + owner = "SLNOS"; + repo = "tor-browser"; + # branch "tor-browser-52.9.0esr-7.5-2-slnos" + rev = "95bb92d552876a1f4260edf68fda5faa3eb36ad8"; + sha256 = "1ykn3yg4s36g2cpzxbz7s995c33ij8kgyvghx38z4i8siaqxdddy"; + }; + }).override { + gtk3Support = false; + }; + + tor-browser-8-5 = tbcommon rec { + ffversion = "60.9.0esr"; + tbversion = "8.5.6"; + + # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb + src = fetchFromGitHub { + owner = "SLNOS"; + repo = "tor-browser"; + # branch "tor-browser-60.9.0esr-8.5-2-slnos" + rev = "0489ae3158cd8c0e16c2e78b94083d8cbf0209dc"; + sha256 = "0y5s7d8pg8ak990dp8d801j9823igaibfhv9hsa79nib5yllifzs"; + }; + + patches = [ + missing-documentation-patch + ]; + }; + + tor-browser = tor-browser-8-5; + +}) diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/update.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/update.nix new file mode 100644 index 000000000000..e12b552535d2 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/update.nix @@ -0,0 +1,35 @@ +{ writeScript +, lib +, xidel +, common-updater-scripts +, coreutils +, gnused +, gnugrep +, curl +, attrPath +, runtimeShell +, baseUrl ? "http://archive.mozilla.org/pub/firefox/releases/" +, versionSuffix ? "" +, versionKey ? "version" +}: + +writeScript "update-${attrPath}" '' + #!${runtimeShell} + PATH=${lib.makeBinPath [ common-updater-scripts coreutils curl gnugrep gnused xidel ]} + + url=${baseUrl} + + # retriving latest released version + # - extracts all links from the $url + # - extracts lines only with number and dots followed by a slash + # - removes trailing slash + # - sorts everything with semver in mind + # - picks up latest release + version=`xidel -s $url --extract "//a" | \ + grep "^[0-9.]*${versionSuffix}/$" | \ + sed s/[/]$// | \ + sort --version-sort | \ + tail -n 1` + + update-source-version ${attrPath} "$version" "" "" --version-key=${versionKey} +'' diff --git a/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix b/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix new file mode 100644 index 000000000000..4901d694f49f --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -0,0 +1,191 @@ +{ stdenv, lib, makeDesktopItem, makeWrapper, lndir, config + +## various stuff that can be plugged in +, flashplayer, hal-flash +, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2, libglvnd +, jrePlugin, adoptopenjdk-icedtea-web +, bluejeans, djview4, adobe-reader +, google_talk_plugin, fribid, gnome3/*.gnome-shell*/ +, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow +, tridactyl-native +, udev +, kerberos +}: + +## configurability of the wrapper itself + +browser: + +let + wrapper = + { browserName ? browser.browserName or (lib.getName browser) + , pname ? browserName + , version ? lib.getVersion browser + , desktopName ? # browserName with first letter capitalized + (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName) + , nameSuffix ? "" + , icon ? browserName + , extraPlugins ? [] + , extraNativeMessagingHosts ? [] + , gdkWayland ? false + , cfg ? config.${browserName} or {} + }: + + assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used + + let + enableAdobeFlash = cfg.enableAdobeFlash or false; + ffmpegSupport = browser.ffmpegSupport or false; + gssSupport = browser.gssSupport or false; + jre = cfg.jre or false; + icedtea = cfg.icedtea or false; + supportsJDK = + stdenv.hostPlatform.system == "i686-linux" || + stdenv.hostPlatform.system == "x86_64-linux" || + stdenv.hostPlatform.system == "armv7l-linux" || + stdenv.hostPlatform.system == "aarch64-linux"; + + plugins = + assert !(jre && icedtea); + if builtins.hasAttr "enableVLC" cfg + then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins" + else + ([ ] + ++ lib.optional enableAdobeFlash flashplayer + ++ lib.optional (cfg.enableDjvu or false) (djview4) + ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser) + ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin + ++ lib.optional icedtea adoptopenjdk-icedtea-web + ++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin + ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid + ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell + ++ lib.optional (cfg.enableBluejeans or false) bluejeans + ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader + ++ extraPlugins + ); + nativeMessagingHosts = + ([ ] + ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) + ++ lib.optional (cfg.enableBukubrow or false) bukubrow + ++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native + ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell + ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator + ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration + ++ extraNativeMessagingHosts + ); + libs = lib.optional stdenv.isLinux udev + ++ lib.optional ffmpegSupport ffmpeg + ++ lib.optional gssSupport kerberos + ++ lib.optional gdkWayland libglvnd + ++ lib.optionals (cfg.enableQuakeLive or false) + (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ]) + ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash + ++ lib.optional (config.pulseaudio or true) libpulseaudio; + gtk_modules = [ libcanberra-gtk2 ]; + + in stdenv.mkDerivation { + inherit pname version; + + desktopItem = makeDesktopItem { + name = browserName; + exec = "${browserName}${nameSuffix} %U"; + inherit icon; + comment = ""; + desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}"; + genericName = "Web Browser"; + categories = "Application;Network;WebBrowser;"; + mimeType = stdenv.lib.concatStringsSep ";" [ + "text/html" + "text/xml" + "application/xhtml+xml" + "application/vnd.mozilla.xul+xml" + "x-scheme-handler/http" + "x-scheme-handler/https" + "x-scheme-handler/ftp" + ]; + }; + + nativeBuildInputs = [ makeWrapper lndir ]; + buildInputs = lib.optional (browser ? gtk3) browser.gtk3; + + buildCommand = lib.optionalString stdenv.isDarwin '' + mkdir -p $out/Applications + cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications + rm -f $out${browser.execdir or "/bin"}/${browserName} + '' + '' + if [ ! -x "${browser}${browser.execdir or "/bin"}/${browserName}" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + makeWrapper "$(readlink -v --canonicalize-existing "${browser}${browser.execdir or "/bin"}/${browserName}")" \ + "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ + --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ + --suffix LD_LIBRARY_PATH ':' "$libs" \ + --suffix-each GTK_PATH ':' "$gtk_modules" \ + --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \ + --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \ + --suffix PATH ':' "$out${browser.execdir or "/bin"}" \ + --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \ + --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \ + --set SNAP_NAME "firefox" \ + --set MOZ_LEGACY_PROFILES 1 \ + --set MOZ_ALLOW_DOWNGRADE 1 \ + ${lib.optionalString gdkWayland '' + --set GDK_BACKEND "wayland" \ + ''}${lib.optionalString (browser ? gtk3) + ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ + --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' + '' + } + + if [ -e "${browser}/share/icons" ]; then + mkdir -p "$out/share" + ln -s "${browser}/share/icons" "$out/share/icons" + else + for res in 16 32 48 64 128; do + mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps" + icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" ) + if [ -e "$icon" ]; then ln -s "$icon" \ + "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png" + fi + done + fi + + install -D -t $out/share/applications $desktopItem/share/applications/* + + mkdir -p $out/lib/mozilla + for ext in ${toString nativeMessagingHosts}; do + lndir -silent $ext/lib/mozilla $out/lib/mozilla + done + + # For manpages, in case the program supplies them + mkdir -p $out/nix-support + echo ${browser} > $out/nix-support/propagated-user-env-packages + ''; + + preferLocalBuild = true; + + # Let each plugin tell us (through its `mozillaPlugin') attribute + # where to find the plugin in its tree. + plugins = map (x: x + x.mozillaPlugin) plugins; + libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs; + gtk_modules = map (x: x + x.gtkModule) gtk_modules; + + passthru = { unwrapped = browser; }; + + disallowedRequisites = [ stdenv.cc ]; + + meta = browser.meta // { + description = + browser.meta.description + + " (with plugins: " + + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins)) + + ")"; + hydraPlatforms = []; + priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package + }; + }; +in + lib.makeOverridable wrapper |