Merge pull request #79115 from flokli/simplify-firefox

firefoxPackages.*: remove unsupported packages, clean up derivation
2024-11-22 13:41:26 +00:00 · 2020-02-09 17:57:55 -05:00 · 2020-02-09 17:57:55 -05:00 · 1b2b9dac5c
parent 2fc3322f32 9bf7d51047
commit 1b2b9dac5c
5 changed files with 74 additions and 294 deletions
--- a/pkgs/applications/networking/browsers/conkeror/default.nix
+++ b/pkgs/applications/networking/browsers/conkeror/default.nix
@ -1,39 +0,0 @@
-{ stdenv, fetchgit, unzip, firefox-esr-52, makeWrapper }:
-
-stdenv.mkDerivation rec {
-  pkgname = "conkeror";
-  version = "1.0.4";
-  name = "${pkgname}-${version}";
-
-  src = fetchgit {
-    url = git://repo.or.cz/conkeror.git;
-    rev = "refs/tags/${version}";
-    sha256 = "10c57wqybp9kcjpkb01wxq0h3vafcdb1g5kb4k8sb2zajg59afv8";
-  };
-
-  buildInputs = [ unzip makeWrapper ];
-
-  installPhase = ''
-    mkdir -p $out/libexec/conkeror
-    cp -r * $out/libexec/conkeror
-
-    makeWrapper ${firefox-esr-52}/bin/firefox $out/bin/conkeror \
-      --add-flags "-app $out/libexec/conkeror/application.ini"
-  '';
-
-  meta = with stdenv.lib; {
-    description = "A keyboard-oriented, customizable, extensible web browser";
-    longDescription = ''
-      Conkeror is a keyboard-oriented, highly-customizable, highly-extensible
-      web browser based on Mozilla XULRunner, written mainly in JavaScript,
-      and inspired by exceptional software such as Emacs and vi. Conkeror
-      features a sophisticated keyboard system, allowing users to run commands
-      and interact with content in powerful and novel ways. It is
-      self-documenting, featuring a powerful interactive help system.
-    '';
-    homepage = http://conkeror.org/;
-    license = with licenses; [ mpl11 gpl2 lgpl21 ];
-    maintainers = with maintainers; [ astsmtl ];
-    platforms = platforms.linux;
-  };
-}
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@ -1,8 +1,6 @@
 { pname, ffversion, meta, updateScript ? null
 , src, unpackPhase ? null, patches ? []
-, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? []
-, isIceCatLike ? false, icversion ? null
-, isTorBrowserLike ? false, tbversion ? null }:
+, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] }:

 { lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL
 , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
@ -27,16 +25,14 @@

 ## privacy-related options

-, privacySupport ? isTorBrowserLike || isIceCatLike
+, privacySupport ? false

 # WARNING: NEVER set any of the options below to `true` by default.
 # Set to `!privacySupport` or `false`.

 # webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63.
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1434589
-, webrtcSupport ? !privacySupport && (!stdenv.isAarch64 || !(
-    lib.versionAtLeast ffversion "60" && lib.versionOlder ffversion "63"
-  ))
+, webrtcSupport ? !privacySupport
 , geolocationSupport ? !privacySupport
 , googleAPISupport ? geolocationSupport
 , crashreporterSupport ? false
@ -79,7 +75,7 @@ let
  default-toolkit = if stdenv.isDarwin then "cairo-cocoa"
                    else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}";

-  binaryName = if isIceCatLike then "icecat" else "firefox";
+  binaryName = "firefox";
  binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName;

  browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName;
@ -87,21 +83,17 @@ let
  execdir = if stdenv.isDarwin
            then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
            else "/bin";
+in

-  browserVersion = if isIceCatLike then icversion
-                   else if isTorBrowserLike then tbversion
-                   else ffversion;
+stdenv.mkDerivation ({
+  name = "${pname}-unwrapped-${ffversion}";
+  version = ffversion;

-  browserPatches = [
+  inherit src unpackPhase meta;
+
+  patches = [
    ./env_var_for_system_dir.patch
-  ]
-  ++ lib.optional (lib.versionAtLeast ffversion "63" && lib.versionOlder ffversion "68.3.0")
-    (fetchpatch { # https://bugzilla.mozilla.org/show_bug.cgi?id=1500436#c29
-      name = "write_error-parallel_make.diff";
-      url = "https://hg.mozilla.org/mozilla-central/raw-diff/562655fe/python/mozbuild/mozbuild/action/node.py";
-      sha256 = "11d7rgzinb4mwl7yzhidjkajynmxgmffr4l9isgskfapyax9p88y";
-    })
-  ++ lib.optionals (stdenv.isAarch64 && lib.versionAtLeast ffversion "66" && lib.versionOlder ffversion "67") [
+  ] ++ lib.optionals (stdenv.isAarch64) [
    (fetchpatch {
      url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch";
      sha256 = "1vbpih23imhv5r3g21m3m541z08n9n9j1nvmqax76bmyhn7mxp32";
@ -117,15 +109,6 @@ let
  })
  ++ patches;

-in
-
-stdenv.mkDerivation (rec {
-  name = "${pname}-unwrapped-${version}";
-  version = browserVersion;
-
-  inherit src unpackPhase meta;
-
-  patches = browserPatches;

  # Ignore trivial whitespace changes in patches, this fixes compatibility of
  # ./env_var_for_system_dir.patch with Firefox >=65 without having to track
@ -141,16 +124,14 @@ stdenv.mkDerivation (rec {
    xorg.libXext sqlite unzip makeWrapper
    libevent libstartup_notification libvpx /* cairo */
    icu libpng jemalloc glib
+    nasm
+    # >= 66 requires nasm for the AV1 lib dav1d
+    # yasm can potentially be removed in future versions
+    # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
+    # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
+    nspr nss
  ]
-  ++ lib.optionals (!isTorBrowserLike) [ nspr nss ]
-  ++ lib.optional (lib.versionOlder ffversion "53") libXdamage
-  ++ lib.optional (lib.versionOlder ffversion "61") hunspell

-  # >= 66 requires nasm for the AV1 lib dav1d
-  # yasm can potentially be removed in future versions
-  # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
-  # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
-  ++ lib.optional (lib.versionAtLeast ffversion "66") nasm
  ++ lib.optional  alsaSupport alsaLib
  ++ lib.optional  pulseaudioSupport libpulseaudio # only headers are needed
  ++ lib.optional  gtk3Support gtk3
@ -162,27 +143,33 @@ stdenv.mkDerivation (rec {

  NIX_CFLAGS_COMPILE = toString ([
    "-I${glib.dev}/include/gio-unix-2.0"
-  ]
-  ++ lib.optionals (!isTorBrowserLike) [
    "-I${nss.dev}/include/nss"
  ]
-  ++ lib.optional (pname == "firefox-esr" && lib.versionAtLeast ffversion "68"
-                                          && lib.versionOlder ffversion "69")
+  ++ lib.optional (pname == "firefox-esr" && lib.versionOlder ffversion "69")
    "-Wno-error=format-security");

-  postPatch = lib.optionalString (lib.versionAtLeast ffversion "63.0" && !isTorBrowserLike) ''
+  postPatch = ''
    substituteInPlace third_party/prio/prio/rand.c --replace 'nspr/prinit.h' 'prinit.h'
-  '' + lib.optionalString (lib.versionAtLeast ffversion "68") ''
    rm -rf obj-x86_64-pc-linux-gnu
  '';

  nativeBuildInputs =
-    [ autoconf213 which gnused pkgconfig perl python2 cargo rustc ]
+    [
+      autoconf213
+      cargo
+      gnused
+      llvmPackages.llvm # llvm-objdump
+      nodejs
+      perl
+      pkgconfig
+      python2
+      python3
+      rust-cbindgen
+      rustc
+      which
+    ]
    ++ lib.optional gtk3Support wrapGAppsHook
    ++ lib.optionals stdenv.isDarwin [ xcbuild rsync ]
-    ++ lib.optional  (lib.versionAtLeast ffversion "61.0") python3
-    ++ lib.optionals (lib.versionAtLeast ffversion "63.0") [ rust-cbindgen nodejs ]
-    ++ lib.optionals (lib.versionAtLeast ffversion "67.0") [ llvmPackages.llvm ] # llvm-objdump is required in version >=67.0
    ++ extraNativeBuildInputs;

  preConfigure = ''
@ -190,14 +177,8 @@ stdenv.mkDerivation (rec {
    rm -f configure
    rm -f js/src/configure
    rm -f .mozconfig*
-  '' + (if lib.versionAtLeast ffversion "58"
-  # this will run autoconf213
-  then ''
+    # this will run autoconf213
    configureScript="$(realpath ./mach) configure"
-  '' else ''
-    make -f client.mk configure-files
-    configureScript="$(realpath ./configure)"
-  '') + lib.optionalString (lib.versionAtLeast ffversion "53") ''
    export MOZCONFIG=$(pwd)/mozconfig

    # Set C flags for Rust's bindgen program. Unlike ordinary C
@ -214,23 +195,16 @@ stdenv.mkDerivation (rec {
      $NIX_CFLAGS_COMPILE"

    echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG
-  '' + lib.optionalString googleAPISupport ''
+  '' + (lib.optionalString googleAPISupport ''
    # Google API key used by Chromium and Firefox.
    # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
    # please get your own set of keys.
    echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga
    # 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
-    ${if (lib.versionAtLeast ffversion "60.6" && lib.versionOlder ffversion "61") || (lib.versionAtLeast ffversion "66") then ''
-      configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
-      configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
-    '' else ''
-      configureFlagsArray+=("--with-google-api-keyfile=$TMPDIR/ga")
-    ''}
-  '' + lib.optionalString (lib.versionOlder ffversion "58") ''
-    cd obj-*
-  ''
-  # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
-  + lib.optionalString (lib.versionAtLeast ffversion "64") ''
+    configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
+    configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
+  '') + ''
+    # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
    unset AS
  '';

@ -255,32 +229,15 @@ stdenv.mkDerivation (rec {
    "--enable-jemalloc"
    "--disable-gconf"
    "--enable-default-toolkit=${default-toolkit}"
-  ]
-  ++ lib.optional (lib.versionOlder ffversion "64") "--disable-maintenance-service"
-  ++ lib.optional (stdenv.isDarwin && lib.versionAtLeast ffversion "61") "--disable-xcode-checks"
-  ++ lib.optional (lib.versionOlder ffversion "61") "--enable-system-hunspell"
-  ++ lib.optionals (lib.versionAtLeast ffversion "56") [
    "--with-libclang-path=${llvmPackages.libclang}/lib"
    "--with-clang-path=${llvmPackages.clang}/bin/clang"
-  ]
-  ++ lib.optionals (lib.versionAtLeast ffversion "57" && lib.versionOlder ffversion "69") [
-    "--enable-webrender=build"
-  ]
-
-  # TorBrowser patches these
-  ++ lib.optionals (!isTorBrowserLike) [
    "--with-system-nspr"
    "--with-system-nss"
  ]
-
-  # and wants these
-  ++ lib.optionals isTorBrowserLike ([
-    "--with-tor-browser-version=${tbversion}"
-    "--with-distribution-id=org.torproject"
-    "--enable-signmar"
-    "--enable-verify-mar"
-    "--enable-bundled-fonts"
-  ])
+  ++ lib.optional (stdenv.isDarwin) "--disable-xcode-checks"
+  ++ lib.optionals (lib.versionOlder ffversion "69") [
+    "--enable-webrender=build"
+  ]

  ++ flag alsaSupport "alsa"
  ++ flag pulseaudioSupport "pulseaudio"
@ -290,11 +247,6 @@ stdenv.mkDerivation (rec {
  ++ flag crashreporterSupport "crashreporter"
  ++ lib.optional drmSupport "--enable-eme=widevine"

-  ++ lib.optionals (lib.versionOlder ffversion "60") ([]
-    ++ flag geolocationSupport "mozril-geoloc"
-    ++ flag safeBrowsingSupport "safe-browsing"
-  )
-
  ++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
                    else [ "--disable-debug" "--enable-release"
                           "--enable-optimize"
@ -302,29 +254,16 @@ stdenv.mkDerivation (rec {
  ++ lib.optional enableOfficialBranding "--enable-official-branding"
  ++ extraConfigureFlags;

-  # Before 58 we have to run `make -f client.mk configure-files` at
-  # the top level, and then run `./configure` in the obj-* dir (see
-  # above), but in 58 we have to instead run `./mach configure` at the
-  # top level and then run `make` in obj-*. (We can also run the
-  # `make` at the top level in 58, but then we would have to `cd` to
-  # `make install` anyway. This is ugly, but simple.)
-  postConfigure = lib.optionalString (lib.versionAtLeast ffversion "58") ''
+  postConfigure = ''
    cd obj-*
  '';

-  preBuild = lib.optionalString isTorBrowserLike ''
-    buildFlagsArray=("MOZ_APP_DISPLAYNAME=Tor Browser")
-  '';
-
  makeFlags = lib.optionals enableOfficialBranding [
    "MOZILLA_OFFICIAL=1"
    "BUILD_OFFICIAL=1"
  ]
  ++ extraMakeFlags;

-  RUSTFLAGS = if (lib.versionAtLeast ffversion "67"/*somewhere betwween ESRs*/)
-    then null else "--cap-lints warn";
-
  enableParallelBuilding = true;
  doCheck = false; # "--disable-tests" above

@ -355,10 +294,9 @@ stdenv.mkDerivation (rec {
  '';

  passthru = {
-    inherit version updateScript;
+    inherit updateScript;
+    version = ffversion;
    isFirefox3Like = true;
-    inherit isIceCatLike;
-    inherit isTorBrowserLike;
    gtk = gtk2;
    inherit nspr;
    inherit ffmpegSupport;
@ -366,12 +304,12 @@ stdenv.mkDerivation (rec {
    inherit execdir;
    inherit browserName;
  } // lib.optionalAttrs gtk3Support { inherit gtk3; };
-
 } //
 # the build system verifies checksums of the bundled rust sources
 # ./third_party/rust is be patched by our libtool fixup code in stdenv
 # unfortunately we can't just set this to `false` when we do not want it.
 # See https://github.com/NixOS/nixpkgs/issues/77289 for more details
+
 lib.optionalAttrs (lib.versionAtLeast ffversion "72") {
  # Ideally we would figure out how to tell the build system to not
  # care about changed hashes as we are already doing that when we
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@ -1,4 +1,4 @@
-{ lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }:
+{ config, lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }:

 let

@ -40,64 +40,6 @@ rec {
    };
  };

-  # Do not remove. This is the last version of Firefox that supports
-  # the old plugins. While this package is unsafe to use for browsing
-  # the web, there are many old useful plugins targeting offline
-  # activities (e.g. ebook readers, syncronous translation, etc) that
-  # will probably never be ported to WebExtensions API.
-  firefox-esr-52 = (common rec {
-    pname = "firefox-esr";
-    ffversion = "52.9.0esr";
-    src = fetchurl {
-      url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
-      sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9";
-    };
-
-    patches = [
-      # this one is actually an omnipresent bug
-      # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
-      ./fix-pa-context-connect-retval.patch
-    ];
-
-    meta = firefox.meta // {
-      description = "A web browser built from Firefox Extended Support Release source tree";
-      knownVulnerabilities = [ "Support ended in August 2018." ];
-    };
-  }).override {
-    stdenv = overrideCC gccStdenv gcc6; # gcc7 fails with "undefined reference to `__divmoddi4'"
-    gtk3Support = false;
-  };
-
-  firefox-esr-60 = common rec {
-    pname = "firefox-esr";
-    ffversion = "60.9.0esr";
-
-    src = fetchurl {
-      url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
-      sha512 = "4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf";
-    };
-
-    patches = [
-      ./no-buildconfig-ffx65.patch
-
-      # this one is actually an omnipresent bug
-      # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
-      ./fix-pa-context-connect-retval.patch
-
-      missing-documentation-patch
-    ];
-
-    meta = firefox.meta // {
-      description = "A web browser built from Firefox Extended Support Release source tree";
-      knownVulnerabilities = [ "Support ended around October 2019." ];
-    };
-    updateScript = callPackage ./update.nix {
-      attrPath = "firefox-esr-60-unwrapped";
-      versionSuffix = "esr";
-      versionKey = "ffversion";
-    };
-  };
-
  firefox-esr-68 = common rec {
    pname = "firefox-esr";
    ffversion = "68.4.2esr";
@ -119,86 +61,23 @@ rec {
      versionKey = "ffversion";
    };
  };
+} // lib.optionalAttrs (config.allowAliases or true) {
+  #### ALIASES
+  #### remove after 20.03 branchoff

-} // (let
+  firefox-esr-52 = throw ''
+    firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with
+    open security issues. If you need it because you need to run some plugins
+    not having been ported to WebExtensions API, import it from an older
+    nixpkgs checkout still containing it.
+  '';
+  firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues.";

-  iccommon = args: common (args // {
-    pname = "icecat";
-    isIceCatLike = true;
-
-    meta = (args.meta or {}) // {
-      description = "The GNU version of the Firefox web browser";
-      longDescription = ''
-        GNUzilla is the GNU version of the Mozilla suite, and GNU
-        IceCat is the GNU version of the Firefox web browser.
-
-        Notable differences from mainline Firefox:
-
-        - entirely free software, no non-free plugins, addons,
-          artwork,
-        - no telemetry, no "studies",
-        - sane privacy and security defaults (for instance, unlike
-          Firefox, IceCat does _zero_ network requests on startup by
-          default, which means that with IceCat you won't need to
-          unplug your Ethernet cable each time you want to create a
-          new browser profile without announcing that action to a
-          bunch of data-hungry corporations),
-        - all essential privacy and security settings can be
-          configured directly from the main screen,
-        - optional first party isolation (like TorBrowser),
-        - comes with HTTPS Everywhere (like TorBrowser), Tor Browser
-          Button (like TorBrowser Bundle), LibreJS, and SpyBlock
-          plugins out of the box.
-
-        This package can be installed together with Firefox and
-        TorBrowser, it will use distinct binary names and profile
-        directories.
-      '';
-      homepage = "https://www.gnu.org/software/gnuzilla/";
-      platforms = lib.platforms.unix;
-      license = with lib.licenses; [ mpl20 gpl3Plus ];
-    };
-  });
-
-in {
-
-  icecat = iccommon rec {
-    ffversion = "60.3.0";
-    icversion = "${ffversion}-gnu1";
-
-    src = fetchurl {
-      url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2";
-      sha256 = "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1";
-    };
-
-    patches = [
-      ./no-buildconfig.patch
-      missing-documentation-patch
-    ];
-    meta.knownVulnerabilities = [ "Support ended around October 2019." ];
-  };
-
-  # Similarly to firefox-esr-52 above.
-  icecat-52 = iccommon rec {
-    ffversion = "52.6.0";
-    icversion = "${ffversion}-gnu1";
-
-    src = fetchurl {
-      url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2";
-      sha256 = "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a";
-    };
-
-    patches = [
-      # this one is actually an omnipresent bug
-      # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
-      ./fix-pa-context-connect-retval.patch
-    ];
-
-    meta.knownVulnerabilities = [ "Support ended in August 2018." ];
-  };
+  icecat = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues.";
+  icecat-52 = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues.";

  tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";
  tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";
  tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";

-})
+}
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@ -117,6 +117,18 @@ mapAliases ({
  firefox-esr-wrapper = firefox-esr;  # 2016-01
  firefox-wrapper = firefox;          # 2016-01
  firefoxWrapper = firefox;           # 2015-09
+  firefox-esr-52           = firefoxPackages.firefox-esr-52; # 2020-02, remove after 20.03 branchoff
+  firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52; # 2020-02, remove after 20.03 branchoff
+  firefox-esr-60           = firefoxPackages.firefox-esr-60; # 2020-02, remove after 20.03 branchoff
+  firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; # 2020-02, remove after 20.03 branchoff
+  icecat                   = firefoxPackages.icecat;         # 2020-02, remove after 20.03 branchoff
+  icecat-unwrapped         = firefoxPackages.icecat;         # 2020-02, remove after 20.03 branchoff
+  conkeror-unwrapped       = conkeror; # 2020-02, remove after 20.03 branchoff
+  conkeror                 = throw ''
+    Conkeror doesn't work with any secure firefox release.
+    Please move to some of the alternatives at http://conkeror.org/Alternatives
+  ''; # 2020-02, remove after 20.03 branchoff
+
  firestr = throw "firestr has been removed."; # added 2019-12-08
  flameGraph = flamegraph; # added 2018-04-25
  font-awesome-ttf = font-awesome; # 2018-02-25
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -18493,9 +18493,6 @@ in

  comical = callPackage ../applications/graphics/comical { };

-  conkeror-unwrapped = callPackage ../applications/networking/browsers/conkeror { };
-  conkeror = wrapFirefox conkeror-unwrapped { };
-
  containerd = callPackage ../applications/virtualization/containerd { };

  convchain = callPackage ../tools/graphics/convchain {};
@ -19113,18 +19110,11 @@ in
  });

  firefox-unwrapped = firefoxPackages.firefox;
-  firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52;
-  firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60;
  firefox-esr-68-unwrapped = firefoxPackages.firefox-esr-68;
-  icecat-unwrapped = firefoxPackages.icecat;
-
  firefox = wrapFirefox firefox-unwrapped { };
  firefox-wayland = wrapFirefox firefox-unwrapped { gdkWayland = true; };
-  firefox-esr-52 = wrapFirefox firefox-esr-52-unwrapped { };
-  firefox-esr-60 = wrapFirefox firefox-esr-60-unwrapped { };
  firefox-esr-68 = wrapFirefox firefox-esr-68-unwrapped { };
  firefox-esr = firefox-esr-68;
-  icecat = wrapFirefox icecat-unwrapped { };

  firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin {
    channel = "release";