* The 'arm.patch' patch doesn't apply anymore.
* The 'build-arm-libopus.patch' patch isn't required anymore.
* See the mozilla phabricator link for the added patch.
Additionally, we are now *always* undconditionally applying all patches
to all architectures. That is, unless they have undesirable
side-effects, but those might not be fit for inclusion.
By applying all patches all the time, they'll be removed or replaced
when they stop applying.
with firefox 64 being the latest version, and the removal of
"tor-browser/icecat-like" variants, we can greatly simplify the common
firefox derivation.
firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR
with open security issues. If you need it because you need to run some
plugins not having been ported to WebExtensions API, import it from an
older nixpkgs checkout still containing it.
There's not really a reason to ship an unsupported ESR variant of
firefox, and if one really needs it, it's also possible to just checkout
an older version of nixpkgs.
These are all based on firefox versions with known vulnerabilities
exploited in the wild.
We seriously shouldn't ship this in nixpkgs, especially not for
sensitive applications as the Tor Browser.
`tor-browser-bundle` is just a wrapper around
`firefoxPackages.tor-browser`, so let's remove it too.
`tor-browser-bundle-bin` is the much safer bet, which is individually
downloaded from `dist.torproject.org` and just `patchelf`-ed locally to
work on NixOS.
Co-Authored-By: Alyssa Ross <hi@alyssa.is>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
Co-Authored-By: Graham Christensen <graham@grahamc.com>
While Firefox 68 started messing with our profiles and required new
profiles on binary location changes Firefox 69 now verifies that we
aren't downgrading to an older Firefox even of the same version. If you
switch between two channel versions and/or between nixpkgs releases
Firefox will refuse to start and demand a fresh profile. Disabling the
downgrade protection works around that issue.
This is a follow up of https://github.com/NixOS/nixpkgs/pull/66422
- rename icedtea_web to adoptopenjdk-icedtea-web to reflect the new governance
- add icedtea_web and icedtea8_web to aliases.nix for backwards compatibility
- update the attribute name where icedtea_web is used
By moving the `cfg` variable into the wrapper arguments we are able to
override it for an already wrapped package. For example, with this
change one can have
pkgs.firefox-devedition-bin.override {
cfg.enableBrowserpass = true;
}
which would otherwise be difficult to accomplish for packages having a
complicated wrapped definition in `all-packages.nix`.
Firefox running in wayland mode is unable to find and load
libEGL.so (and says so on stdout). This puts it in "basic"
mode (unaccelerated graphics) and disables WebGL. Fix this by adding
libglvnd to the LD_LIBRARY_PATH.
With a recent change to firefox (that landed in 67) a new profile is
created whenever the install location changes. Since our install
location (the binary path) always changes when we do a new build it is
rather annoying.
Setting the environment variable `SNAP_NAME` to `firefox` is supposed to
workaround the issue.
related to #58923
Woarkound taken from 1ff8b6c3d8
cc @rail
Firefox now requires `llvm-objdump` during the build phase. The aarch64
patches do no longer apply. So far I am guessing that they have been
merged. We should verify that.
You can now optionally invoke update-source-versions with:
* --system flag changing the host platform, to be passed dirrectly to Nix commands.
This is useful for binary packages which have different sources for each platform.
* --file flag allowing to change the file to be modified. This is useful for packages
that offer multiple variants, listed in a different file than the derivation itself;
e.g. packages.nix of Sublime Text 3.
* --version-key, which is now a keyword flag instead of a positional argument.
Whenever we create scripts that are installed to $out, we must use runtimeShell
in order to get the shell that can be executed on the machine we create the
package for. This is relevant for cross-compiling. The only use case for
stdenv.shell are scripts that are executed as part of the build system.
Usages in checkPhase are borderline however to decrease the likelyhood
of people copying the wrong examples, I decided to use runtimeShell as well.
The firefox wrapper now supports setting the GDK_BACKEND to wayland
which is useful in cases where firefox would be started from within an
X-Application inside of wayland. GTK/GDK would otherwise default to the
X11 backend in those situations.
The intention is that people that are using wayland primarily pull in
the new `firefox-wayland` top-level attribute into their environments
instead of just `firefox`. Firefox will then always be started with the
correct rendering backend.
This adds support for building firefox with the gtk wayland backend. It
should work on all the flavors that use >=gtk3. Using the wayland
still allows using the X11 backend.
It works, but this state is far from ideal: GNU guys update generated source
tarballs very infrequently. Ideally, src needs to be generated by running
makeicecat over firefox src. Will do later.
There have been some more changes to the source tree which broke the
buildconfig patch. This commit adds another patch that can be used for
the future versions. Once all the flavors are based off a new(ish)
firefox release we can remove the old patch.
Firefox >=65 will depend on icu >=63. All the older firefox versions
(and derived packages) seem to work fine with this change.
Also the system path environment patch will fail to apply since there
was a trivial whitespace change in the source file. By adding `-l` to
patch we can avoid having to track two patches that do basically the
same. Having patchFlags per file without resorting to pre-/postPatch
would be nicer but there doesn't seem to be a facility for that right
now.
