From c173d663fd7c12b9ca668da01a217f3cbaf6f4fe Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 7 Feb 2020 00:03:09 +0100 Subject: [PATCH 1/7] firefoxPackages.*: use config.allowAliases --- pkgs/applications/networking/browsers/firefox/packages.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 833b97ba86f1..1fdf5be90924 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -1,4 +1,4 @@ -{ lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }: +{ config, lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }: let @@ -196,7 +196,9 @@ in { meta.knownVulnerabilities = [ "Support ended in August 2018." ]; }; - +} // lib.optionalAttrs (config.allowAliases or true) { + # ALIASES + # remove after 20.03 branchoff tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; From 83fff69fca0d1f7775fbcd4f8ec8acceb1a5bebb Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 1 Feb 2020 17:30:54 +0100 Subject: [PATCH 2/7] firefoxPackages.firefox-esr-60: remove There's not really a reason to ship an unsupported ESR variant of firefox, and if one really needs it, it's also possible to just checkout an older version of nixpkgs. --- .../networking/browsers/firefox/packages.nix | 33 ++----------------- 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 1fdf5be90924..dab66e065fc8 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -68,36 +68,6 @@ rec { gtk3Support = false; }; - firefox-esr-60 = common rec { - pname = "firefox-esr"; - ffversion = "60.9.0esr"; - - src = fetchurl { - url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf"; - }; - - patches = [ - ./no-buildconfig-ffx65.patch - - # this one is actually an omnipresent bug - # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 - ./fix-pa-context-connect-retval.patch - - missing-documentation-patch - ]; - - meta = firefox.meta // { - description = "A web browser built from Firefox Extended Support Release source tree"; - knownVulnerabilities = [ "Support ended around October 2019." ]; - }; - updateScript = callPackage ./update.nix { - attrPath = "firefox-esr-60-unwrapped"; - versionSuffix = "esr"; - versionKey = "ffversion"; - }; - }; - firefox-esr-68 = common rec { pname = "firefox-esr"; ffversion = "68.4.2esr"; @@ -199,6 +169,9 @@ in { } // lib.optionalAttrs (config.allowAliases or true) { # ALIASES # remove after 20.03 branchoff + + firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues."; + tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; From 9704fbec86cea1673d48486f2d955ff543207810 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 1 Feb 2020 17:37:56 +0100 Subject: [PATCH 3/7] firefoxPackages.icecat[-52]: remove package firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues. --- .../networking/browsers/firefox/packages.nix | 83 +------------------ 1 file changed, 4 insertions(+), 79 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index dab66e065fc8..c696166c95fa 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -89,91 +89,16 @@ rec { versionKey = "ffversion"; }; }; - -} // (let - - iccommon = args: common (args // { - pname = "icecat"; - isIceCatLike = true; - - meta = (args.meta or {}) // { - description = "The GNU version of the Firefox web browser"; - longDescription = '' - GNUzilla is the GNU version of the Mozilla suite, and GNU - IceCat is the GNU version of the Firefox web browser. - - Notable differences from mainline Firefox: - - - entirely free software, no non-free plugins, addons, - artwork, - - no telemetry, no "studies", - - sane privacy and security defaults (for instance, unlike - Firefox, IceCat does _zero_ network requests on startup by - default, which means that with IceCat you won't need to - unplug your Ethernet cable each time you want to create a - new browser profile without announcing that action to a - bunch of data-hungry corporations), - - all essential privacy and security settings can be - configured directly from the main screen, - - optional first party isolation (like TorBrowser), - - comes with HTTPS Everywhere (like TorBrowser), Tor Browser - Button (like TorBrowser Bundle), LibreJS, and SpyBlock - plugins out of the box. - - This package can be installed together with Firefox and - TorBrowser, it will use distinct binary names and profile - directories. - ''; - homepage = "https://www.gnu.org/software/gnuzilla/"; - platforms = lib.platforms.unix; - license = with lib.licenses; [ mpl20 gpl3Plus ]; - }; - }); - -in { - - icecat = iccommon rec { - ffversion = "60.3.0"; - icversion = "${ffversion}-gnu1"; - - src = fetchurl { - url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; - sha256 = "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1"; - }; - - patches = [ - ./no-buildconfig.patch - missing-documentation-patch - ]; - meta.knownVulnerabilities = [ "Support ended around October 2019." ]; - }; - - # Similarly to firefox-esr-52 above. - icecat-52 = iccommon rec { - ffversion = "52.6.0"; - icversion = "${ffversion}-gnu1"; - - src = fetchurl { - url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; - sha256 = "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a"; - }; - - patches = [ - # this one is actually an omnipresent bug - # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 - ./fix-pa-context-connect-retval.patch - ]; - - meta.knownVulnerabilities = [ "Support ended in August 2018." ]; - }; } // lib.optionalAttrs (config.allowAliases or true) { # ALIASES # remove after 20.03 branchoff - firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues."; + icecat = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues."; + icecat-52 = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues."; + tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; -}) +} From e3659c50fc356376fa68d680dd32a3379717a065 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 1 Feb 2020 17:40:32 +0100 Subject: [PATCH 4/7] firefoxPackages.firefox-esr-52: remove package firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with open security issues. If you need it because you need to run some plugins not having been ported to WebExtensions API, import it from an older nixpkgs checkout still containing it. --- .../networking/browsers/firefox/packages.nix | 34 ++++--------------- 1 file changed, 6 insertions(+), 28 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index c696166c95fa..49a9d7620476 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -40,34 +40,6 @@ rec { }; }; - # Do not remove. This is the last version of Firefox that supports - # the old plugins. While this package is unsafe to use for browsing - # the web, there are many old useful plugins targeting offline - # activities (e.g. ebook readers, syncronous translation, etc) that - # will probably never be ported to WebExtensions API. - firefox-esr-52 = (common rec { - pname = "firefox-esr"; - ffversion = "52.9.0esr"; - src = fetchurl { - url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9"; - }; - - patches = [ - # this one is actually an omnipresent bug - # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 - ./fix-pa-context-connect-retval.patch - ]; - - meta = firefox.meta // { - description = "A web browser built from Firefox Extended Support Release source tree"; - knownVulnerabilities = [ "Support ended in August 2018." ]; - }; - }).override { - stdenv = overrideCC gccStdenv gcc6; # gcc7 fails with "undefined reference to `__divmoddi4'" - gtk3Support = false; - }; - firefox-esr-68 = common rec { pname = "firefox-esr"; ffversion = "68.4.2esr"; @@ -92,6 +64,12 @@ rec { } // lib.optionalAttrs (config.allowAliases or true) { # ALIASES # remove after 20.03 branchoff + firefox-esr-52 = throw '' + firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with + open security issues. If you need it because you need to run some plugins + not having been ported to WebExtensions API, import it from an older + nixpkgs checkout still containing it. + ''; firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues."; icecat = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues."; From 94b2596540cd2e7186f4e4fa1f43df0bfb755987 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 1 Feb 2020 18:56:13 +0100 Subject: [PATCH 5/7] firefox: simplify derivation with firefox 64 being the latest version, and the removal of "tor-browser/icecat-like" variants, we can greatly simplify the common firefox derivation. --- .../networking/browsers/firefox/common.nix | 158 ++++++------------ 1 file changed, 48 insertions(+), 110 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 740d05ba0468..8ba899457b3d 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -1,8 +1,6 @@ { pname, ffversion, meta, updateScript ? null , src, unpackPhase ? null, patches ? [] -, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] -, isIceCatLike ? false, icversion ? null -, isTorBrowserLike ? false, tbversion ? null }: +, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] }: { lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg @@ -27,16 +25,14 @@ ## privacy-related options -, privacySupport ? isTorBrowserLike || isIceCatLike +, privacySupport ? false # WARNING: NEVER set any of the options below to `true` by default. # Set to `!privacySupport` or `false`. # webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63. # https://bugzilla.mozilla.org/show_bug.cgi?id=1434589 -, webrtcSupport ? !privacySupport && (!stdenv.isAarch64 || !( - lib.versionAtLeast ffversion "60" && lib.versionOlder ffversion "63" - )) +, webrtcSupport ? !privacySupport , geolocationSupport ? !privacySupport , googleAPISupport ? geolocationSupport , crashreporterSupport ? false @@ -79,7 +75,7 @@ let default-toolkit = if stdenv.isDarwin then "cairo-cocoa" else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}"; - binaryName = if isIceCatLike then "icecat" else "firefox"; + binaryName = "firefox"; binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName; browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName; @@ -87,21 +83,17 @@ let execdir = if stdenv.isDarwin then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS" else "/bin"; +in - browserVersion = if isIceCatLike then icversion - else if isTorBrowserLike then tbversion - else ffversion; +stdenv.mkDerivation ({ + name = "${pname}-unwrapped-${ffversion}"; + version = ffversion; - browserPatches = [ + inherit src unpackPhase meta; + + patches = [ ./env_var_for_system_dir.patch - ] - ++ lib.optional (lib.versionAtLeast ffversion "63" && lib.versionOlder ffversion "68.3.0") - (fetchpatch { # https://bugzilla.mozilla.org/show_bug.cgi?id=1500436#c29 - name = "write_error-parallel_make.diff"; - url = "https://hg.mozilla.org/mozilla-central/raw-diff/562655fe/python/mozbuild/mozbuild/action/node.py"; - sha256 = "11d7rgzinb4mwl7yzhidjkajynmxgmffr4l9isgskfapyax9p88y"; - }) - ++ lib.optionals (stdenv.isAarch64 && lib.versionAtLeast ffversion "66" && lib.versionOlder ffversion "67") [ + ] ++ lib.optionals (stdenv.isAarch64) [ (fetchpatch { url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch"; sha256 = "1vbpih23imhv5r3g21m3m541z08n9n9j1nvmqax76bmyhn7mxp32"; @@ -117,15 +109,6 @@ let }) ++ patches; -in - -stdenv.mkDerivation (rec { - name = "${pname}-unwrapped-${version}"; - version = browserVersion; - - inherit src unpackPhase meta; - - patches = browserPatches; # Ignore trivial whitespace changes in patches, this fixes compatibility of # ./env_var_for_system_dir.patch with Firefox >=65 without having to track @@ -141,16 +124,14 @@ stdenv.mkDerivation (rec { xorg.libXext sqlite unzip makeWrapper libevent libstartup_notification libvpx /* cairo */ icu libpng jemalloc glib + nasm + # >= 66 requires nasm for the AV1 lib dav1d + # yasm can potentially be removed in future versions + # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 + # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ + nspr nss ] - ++ lib.optionals (!isTorBrowserLike) [ nspr nss ] - ++ lib.optional (lib.versionOlder ffversion "53") libXdamage - ++ lib.optional (lib.versionOlder ffversion "61") hunspell - # >= 66 requires nasm for the AV1 lib dav1d - # yasm can potentially be removed in future versions - # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796 - # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ - ++ lib.optional (lib.versionAtLeast ffversion "66") nasm ++ lib.optional alsaSupport alsaLib ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed ++ lib.optional gtk3Support gtk3 @@ -162,27 +143,33 @@ stdenv.mkDerivation (rec { NIX_CFLAGS_COMPILE = toString ([ "-I${glib.dev}/include/gio-unix-2.0" - ] - ++ lib.optionals (!isTorBrowserLike) [ "-I${nss.dev}/include/nss" ] - ++ lib.optional (pname == "firefox-esr" && lib.versionAtLeast ffversion "68" - && lib.versionOlder ffversion "69") + ++ lib.optional (pname == "firefox-esr" && lib.versionOlder ffversion "69") "-Wno-error=format-security"); - postPatch = lib.optionalString (lib.versionAtLeast ffversion "63.0" && !isTorBrowserLike) '' + postPatch = '' substituteInPlace third_party/prio/prio/rand.c --replace 'nspr/prinit.h' 'prinit.h' - '' + lib.optionalString (lib.versionAtLeast ffversion "68") '' rm -rf obj-x86_64-pc-linux-gnu ''; nativeBuildInputs = - [ autoconf213 which gnused pkgconfig perl python2 cargo rustc ] + [ + autoconf213 + cargo + gnused + llvmPackages.llvm # llvm-objdump + nodejs + perl + pkgconfig + python2 + python3 + rust-cbindgen + rustc + which + ] ++ lib.optional gtk3Support wrapGAppsHook ++ lib.optionals stdenv.isDarwin [ xcbuild rsync ] - ++ lib.optional (lib.versionAtLeast ffversion "61.0") python3 - ++ lib.optionals (lib.versionAtLeast ffversion "63.0") [ rust-cbindgen nodejs ] - ++ lib.optionals (lib.versionAtLeast ffversion "67.0") [ llvmPackages.llvm ] # llvm-objdump is required in version >=67.0 ++ extraNativeBuildInputs; preConfigure = '' @@ -190,14 +177,8 @@ stdenv.mkDerivation (rec { rm -f configure rm -f js/src/configure rm -f .mozconfig* - '' + (if lib.versionAtLeast ffversion "58" - # this will run autoconf213 - then '' + # this will run autoconf213 configureScript="$(realpath ./mach) configure" - '' else '' - make -f client.mk configure-files - configureScript="$(realpath ./configure)" - '') + lib.optionalString (lib.versionAtLeast ffversion "53") '' export MOZCONFIG=$(pwd)/mozconfig # Set C flags for Rust's bindgen program. Unlike ordinary C @@ -214,23 +195,16 @@ stdenv.mkDerivation (rec { $NIX_CFLAGS_COMPILE" echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG - '' + lib.optionalString googleAPISupport '' + '' + (lib.optionalString googleAPISupport '' # Google API key used by Chromium and Firefox. # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, # please get your own set of keys. echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga # 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176 - ${if (lib.versionAtLeast ffversion "60.6" && lib.versionOlder ffversion "61") || (lib.versionAtLeast ffversion "66") then '' - configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga") - configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga") - '' else '' - configureFlagsArray+=("--with-google-api-keyfile=$TMPDIR/ga") - ''} - '' + lib.optionalString (lib.versionOlder ffversion "58") '' - cd obj-* - '' - # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286 - + lib.optionalString (lib.versionAtLeast ffversion "64") '' + configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga") + configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga") + '') + '' + # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286 unset AS ''; @@ -255,32 +229,15 @@ stdenv.mkDerivation (rec { "--enable-jemalloc" "--disable-gconf" "--enable-default-toolkit=${default-toolkit}" - ] - ++ lib.optional (lib.versionOlder ffversion "64") "--disable-maintenance-service" - ++ lib.optional (stdenv.isDarwin && lib.versionAtLeast ffversion "61") "--disable-xcode-checks" - ++ lib.optional (lib.versionOlder ffversion "61") "--enable-system-hunspell" - ++ lib.optionals (lib.versionAtLeast ffversion "56") [ "--with-libclang-path=${llvmPackages.libclang}/lib" "--with-clang-path=${llvmPackages.clang}/bin/clang" - ] - ++ lib.optionals (lib.versionAtLeast ffversion "57" && lib.versionOlder ffversion "69") [ - "--enable-webrender=build" - ] - - # TorBrowser patches these - ++ lib.optionals (!isTorBrowserLike) [ "--with-system-nspr" "--with-system-nss" ] - - # and wants these - ++ lib.optionals isTorBrowserLike ([ - "--with-tor-browser-version=${tbversion}" - "--with-distribution-id=org.torproject" - "--enable-signmar" - "--enable-verify-mar" - "--enable-bundled-fonts" - ]) + ++ lib.optional (stdenv.isDarwin) "--disable-xcode-checks" + ++ lib.optionals (lib.versionOlder ffversion "69") [ + "--enable-webrender=build" + ] ++ flag alsaSupport "alsa" ++ flag pulseaudioSupport "pulseaudio" @@ -290,11 +247,6 @@ stdenv.mkDerivation (rec { ++ flag crashreporterSupport "crashreporter" ++ lib.optional drmSupport "--enable-eme=widevine" - ++ lib.optionals (lib.versionOlder ffversion "60") ([] - ++ flag geolocationSupport "mozril-geoloc" - ++ flag safeBrowsingSupport "safe-browsing" - ) - ++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ] else [ "--disable-debug" "--enable-release" "--enable-optimize" @@ -302,29 +254,16 @@ stdenv.mkDerivation (rec { ++ lib.optional enableOfficialBranding "--enable-official-branding" ++ extraConfigureFlags; - # Before 58 we have to run `make -f client.mk configure-files` at - # the top level, and then run `./configure` in the obj-* dir (see - # above), but in 58 we have to instead run `./mach configure` at the - # top level and then run `make` in obj-*. (We can also run the - # `make` at the top level in 58, but then we would have to `cd` to - # `make install` anyway. This is ugly, but simple.) - postConfigure = lib.optionalString (lib.versionAtLeast ffversion "58") '' + postConfigure = '' cd obj-* ''; - preBuild = lib.optionalString isTorBrowserLike '' - buildFlagsArray=("MOZ_APP_DISPLAYNAME=Tor Browser") - ''; - makeFlags = lib.optionals enableOfficialBranding [ "MOZILLA_OFFICIAL=1" "BUILD_OFFICIAL=1" ] ++ extraMakeFlags; - RUSTFLAGS = if (lib.versionAtLeast ffversion "67"/*somewhere betwween ESRs*/) - then null else "--cap-lints warn"; - enableParallelBuilding = true; doCheck = false; # "--disable-tests" above @@ -355,10 +294,9 @@ stdenv.mkDerivation (rec { ''; passthru = { - inherit version updateScript; + inherit updateScript; + version = ffversion; isFirefox3Like = true; - inherit isIceCatLike; - inherit isTorBrowserLike; gtk = gtk2; inherit nspr; inherit ffmpegSupport; @@ -366,12 +304,12 @@ stdenv.mkDerivation (rec { inherit execdir; inherit browserName; } // lib.optionalAttrs gtk3Support { inherit gtk3; }; - } // # the build system verifies checksums of the bundled rust sources # ./third_party/rust is be patched by our libtool fixup code in stdenv # unfortunately we can't just set this to `false` when we do not want it. # See https://github.com/NixOS/nixpkgs/issues/77289 for more details + lib.optionalAttrs (lib.versionAtLeast ffversion "72") { # Ideally we would figure out how to tell the build system to not # care about changed hashes as we are already doing that when we From 84af9839e0295e313ebf2a9f3fb2989775c7a0df Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 4 Feb 2020 23:08:51 +0100 Subject: [PATCH 6/7] firefoxPackages.*, firefox-esr*, icecat: add aliases --- pkgs/applications/networking/browsers/firefox/packages.nix | 5 +++-- pkgs/top-level/aliases.nix | 7 +++++++ pkgs/top-level/all-packages.nix | 7 ------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 49a9d7620476..c61483c67721 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -62,8 +62,9 @@ rec { }; }; } // lib.optionalAttrs (config.allowAliases or true) { - # ALIASES - # remove after 20.03 branchoff + #### ALIASES + #### remove after 20.03 branchoff + firefox-esr-52 = throw '' firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with open security issues. If you need it because you need to run some plugins diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 4ee74a0f58e0..f5ee54de2149 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -117,6 +117,13 @@ mapAliases ({ firefox-esr-wrapper = firefox-esr; # 2016-01 firefox-wrapper = firefox; # 2016-01 firefoxWrapper = firefox; # 2015-09 + firefox-esr-52 = firefoxPackages.firefox-esr-52; # 2020-02, remove after 20.03 branchoff + firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52; # 2020-02, remove after 20.03 branchoff + firefox-esr-60 = firefoxPackages.firefox-esr-60; # 2020-02, remove after 20.03 branchoff + firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; # 2020-02, remove after 20.03 branchoff + icecat = firefoxPackages.icecat; # 2020-02, remove after 20.03 branchoff + icecat-unwrapped = firefoxPackages.icecat; # 2020-02, remove after 20.03 branchoff + firestr = throw "firestr has been removed."; # added 2019-12-08 flameGraph = flamegraph; # added 2018-04-25 font-awesome-ttf = font-awesome; # 2018-02-25 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 361b30a187f7..817f80a7dfd2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19123,18 +19123,11 @@ in }); firefox-unwrapped = firefoxPackages.firefox; - firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52; - firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; firefox-esr-68-unwrapped = firefoxPackages.firefox-esr-68; - icecat-unwrapped = firefoxPackages.icecat; - firefox = wrapFirefox firefox-unwrapped { }; firefox-wayland = wrapFirefox firefox-unwrapped { gdkWayland = true; }; - firefox-esr-52 = wrapFirefox firefox-esr-52-unwrapped { }; - firefox-esr-60 = wrapFirefox firefox-esr-60-unwrapped { }; firefox-esr-68 = wrapFirefox firefox-esr-68-unwrapped { }; firefox-esr = firefox-esr-68; - icecat = wrapFirefox icecat-unwrapped { }; firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin { channel = "release"; From 9bf7d5104710b9d6dfc967c476ded449d56b1e57 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 9 Feb 2020 22:32:43 +0100 Subject: [PATCH 7/7] conkeror: remove package Conkeror doesn't work with any secure firefox release. Please move to some of the alternatives suggested at http://conkeror.org/Alternatives. --- .../networking/browsers/conkeror/default.nix | 39 ------------------- pkgs/top-level/aliases.nix | 5 +++ pkgs/top-level/all-packages.nix | 3 -- 3 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/conkeror/default.nix diff --git a/pkgs/applications/networking/browsers/conkeror/default.nix b/pkgs/applications/networking/browsers/conkeror/default.nix deleted file mode 100644 index ffc6bde79a16..000000000000 --- a/pkgs/applications/networking/browsers/conkeror/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ stdenv, fetchgit, unzip, firefox-esr-52, makeWrapper }: - -stdenv.mkDerivation rec { - pkgname = "conkeror"; - version = "1.0.4"; - name = "${pkgname}-${version}"; - - src = fetchgit { - url = git://repo.or.cz/conkeror.git; - rev = "refs/tags/${version}"; - sha256 = "10c57wqybp9kcjpkb01wxq0h3vafcdb1g5kb4k8sb2zajg59afv8"; - }; - - buildInputs = [ unzip makeWrapper ]; - - installPhase = '' - mkdir -p $out/libexec/conkeror - cp -r * $out/libexec/conkeror - - makeWrapper ${firefox-esr-52}/bin/firefox $out/bin/conkeror \ - --add-flags "-app $out/libexec/conkeror/application.ini" - ''; - - meta = with stdenv.lib; { - description = "A keyboard-oriented, customizable, extensible web browser"; - longDescription = '' - Conkeror is a keyboard-oriented, highly-customizable, highly-extensible - web browser based on Mozilla XULRunner, written mainly in JavaScript, - and inspired by exceptional software such as Emacs and vi. Conkeror - features a sophisticated keyboard system, allowing users to run commands - and interact with content in powerful and novel ways. It is - self-documenting, featuring a powerful interactive help system. - ''; - homepage = http://conkeror.org/; - license = with licenses; [ mpl11 gpl2 lgpl21 ]; - maintainers = with maintainers; [ astsmtl ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index f5ee54de2149..bd30b69bfccc 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -123,6 +123,11 @@ mapAliases ({ firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; # 2020-02, remove after 20.03 branchoff icecat = firefoxPackages.icecat; # 2020-02, remove after 20.03 branchoff icecat-unwrapped = firefoxPackages.icecat; # 2020-02, remove after 20.03 branchoff + conkeror-unwrapped = conkeror; # 2020-02, remove after 20.03 branchoff + conkeror = throw '' + Conkeror doesn't work with any secure firefox release. + Please move to some of the alternatives at http://conkeror.org/Alternatives + ''; # 2020-02, remove after 20.03 branchoff firestr = throw "firestr has been removed."; # added 2019-12-08 flameGraph = flamegraph; # added 2018-04-25 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 817f80a7dfd2..0b8eccb15c36 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18503,9 +18503,6 @@ in comical = callPackage ../applications/graphics/comical { }; - conkeror-unwrapped = callPackage ../applications/networking/browsers/conkeror { }; - conkeror = wrapFirefox conkeror-unwrapped { }; - containerd = callPackage ../applications/virtualization/containerd { }; convchain = callPackage ../tools/graphics/convchain {};