nixpkgs/pkgs/applications/networking/browsers/firefox/wrapper.nix

361 lines
14 KiB
Nix

{ stdenv, lib, makeDesktopItem, makeWrapper, lndir, config
, replace, fetchurl, zip, unzip, jq, xdg-utils, writeText
## various stuff that can be plugged in
, ffmpeg, xorg, alsa-lib, libpulseaudio, libcanberra-gtk3, libglvnd, libnotify, opensc
, gnome/*.gnome-shell*/
, browserpass, chrome-gnome-shell, uget-integrator, plasma5Packages, bukubrow, pipewire
, tridactyl-native
, fx_cast_bridge
, udev
, libkrb5
, libva
, mesa # firefox wants gbm for drm+dmabuf
, cups
}:
## configurability of the wrapper itself
browser:
let
wrapper =
{ applicationName ? browser.applicationName or (lib.getName browser)
, pname ? applicationName
, version ? lib.getVersion browser
, desktopName ? # applicationName with first letter capitalized
(lib.toUpper (lib.substring 0 1 applicationName) + lib.substring 1 (-1) applicationName)
, nameSuffix ? ""
, icon ? applicationName
, extraNativeMessagingHosts ? []
, pkcs11Modules ? []
, forceWayland ? false
, useGlvnd ? true
, cfg ? config.${applicationName} or {}
## Following options are needed for extra prefs & policies
# For more information about anti tracking (german website)
# visit https://wiki.kairaven.de/open/app/firefox
, extraPrefs ? ""
# For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
, extraPolicies ? {}
, libName ? "firefox" # Important for tor package or the like
, nixExtensions ? null
}:
let
ffmpegSupport = browser.ffmpegSupport or false;
gssSupport = browser.gssSupport or false;
alsaSupport = browser.alsaSupport or false;
pipewireSupport = browser.pipewireSupport or false;
# PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards
smartcardSupport = cfg.smartcardSupport or false;
nativeMessagingHosts =
([ ]
++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
++ lib.optional (cfg.enableBukubrow or false) bukubrow
++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native
++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration
++ lib.optional (cfg.enableFXCastBridge or false) fx_cast_bridge
++ extraNativeMessagingHosts
);
libs = lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups ]
++ lib.optional (pipewireSupport && lib.versionAtLeast version "83") pipewire
++ lib.optional ffmpegSupport ffmpeg
++ lib.optional gssSupport libkrb5
++ lib.optional useGlvnd libglvnd
++ lib.optionals (cfg.enableQuakeLive or false)
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsa-lib zlib ])
++ lib.optional (config.pulseaudio or true) libpulseaudio
++ lib.optional alsaSupport alsa-lib
++ lib.optional smartcardSupport opensc
++ pkcs11Modules;
gtk_modules = [ libcanberra-gtk3 ];
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
policiesJson = writeText "policies.json" (builtins.toJSON enterprisePolicies);
usesNixExtensions = nixExtensions != null;
nameArray = builtins.map(a: a.name) (if usesNixExtensions then nixExtensions else []);
# Check that every extension has a unqiue .name attribute
# and an extid attribute
extensions = if nameArray != (lib.unique nameArray) then
throw "Firefox addon name needs to be unique"
else if ! (lib.hasSuffix "esr" browser.name) then
throw "Nix addons are only supported in Firefox ESR"
else builtins.map (a:
if ! (builtins.hasAttr "extid" a) then
throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
else
a
) (if usesNixExtensions then nixExtensions else []);
enterprisePolicies =
{
policies = lib.optionalAttrs usesNixExtensions {
DisableAppUpdate = true;
} //
lib.optionalAttrs usesNixExtensions {
ExtensionSettings = {
"*" = {
blocked_install_message = "You can't have manual extension mixed with nix extensions";
installation_mode = "blocked";
};
} // lib.foldr (e: ret:
ret // {
"${e.extid}" = {
installation_mode = "allowed";
};
}
) {} extensions;
} // lib.optionalAttrs usesNixExtensions {
Extensions = {
Install = lib.foldr (e: ret:
ret ++ [ "${e.outPath}/${e.extid}.xpi" ]
) [] extensions;
};
} // lib.optionalAttrs smartcardSupport {
SecurityDevices = {
"OpenSC PKCS#11 Module" = "onepin-opensc-pkcs11.so";
};
}
// extraPolicies;
};
mozillaCfg = writeText "mozilla.cfg" ''
// First line must be a comment
// Disables addon signature checking
// to be able to install addons that do not have an extid
// Security is maintained because only user whitelisted addons
// with a checksum can be installed
${ lib.optionalString usesNixExtensions ''lockPref("xpinstall.signatures.required", false)'' };
${extraPrefs}
'';
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
# TODO: remove this after the next release (21.03)
configPlugins = lib.filter (a: builtins.hasAttr a cfg) [
"enableAdobeFlash"
"enableAdobeReader"
"enableBluejeans"
"enableDjvu"
"enableFriBIDPlugin"
"enableGoogleTalkPlugin"
"enableMPlayer"
"enableVLC"
"icedtea"
"jre"
];
pluginsError =
"Your configuration mentions ${lib.concatMapStringsSep ", " (p: applicationName + "." + p) configPlugins}. All plugin related options have been removed, since Firefox from version 52 onwards no longer supports npapi plugins (see https://support.mozilla.org/en-US/kb/npapi-plugins).";
in if configPlugins != [] then throw pluginsError else
(stdenv.mkDerivation {
inherit pname version;
desktopItem = makeDesktopItem {
name = applicationName;
exec = "${applicationName}${nameSuffix} %U";
inherit icon;
comment = "";
desktopName = "${desktopName}${nameSuffix}${lib.optionalString forceWayland " (Wayland)"}";
genericName = "Web Browser";
categories = "Network;WebBrowser;";
mimeType = lib.concatStringsSep ";" [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/ftp"
];
};
nativeBuildInputs = [ makeWrapper lndir ];
buildInputs = [ browser.gtk3 ];
buildCommand = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
cp -R --no-preserve=mode,ownership ${browser}/Applications/${applicationName}.app $out/Applications
rm -f $out${browser.execdir or "/bin"}/${applicationName}
'' + ''
if [ ! -x "${browser}${browser.execdir or "/bin"}/${applicationName}" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
exit 1
fi
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# Link the runtime. The executable itself has to be copied,
# because it will resolve paths relative to its true location.
# Any symbolic links have to be replicated as well.
cd "${browser}"
find . -type d -exec mkdir -p "$out"/{} \;
find . -type f \( -not -name "${applicationName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
find . -type f -name "${applicationName}" -print0 | while read -d $'\0' f; do
cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f"
chmod a+rwx "$out/$f"
done
# fix links and absolute references
cd "${browser}"
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
ln -sfT "$target" "$out/$l"
done
# This will not patch binaries, only "text" files.
# Its there for the wrapper mostly.
cd "$out"
${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
# create the wrapper
executablePrefix="$out${browser.execdir or "/bin"}"
executablePath="$executablePrefix/${applicationName}"
if [ ! -x "$executablePath" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
exit 1
fi
if [ ! -L "$executablePath" ]
then
# Careful here, the file at executablePath may already be
# a wrapper. That is why we postfix it with -old instead
# of -wrapped.
oldExe="$executablePrefix"/".${applicationName}"-old
mv "$executablePath" "$oldExe"
else
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
fi
if [ ! -x "${browser}${browser.execdir or "/bin"}/${applicationName}" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
exit 1
fi
makeWrapper "$oldExe" \
"$out${browser.execdir or "/bin"}/${applicationName}${nameSuffix}" \
--prefix LD_LIBRARY_PATH ':' "$libs" \
--suffix-each GTK_PATH ':' "$gtk_modules" \
--prefix PATH ':' "${xdg-utils}/bin" \
--suffix PATH ':' "$out${browser.execdir or "/bin"}" \
--set MOZ_APP_LAUNCHER "${applicationName}${nameSuffix}" \
--set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
--set MOZ_LEGACY_PROFILES 1 \
--set MOZ_ALLOW_DOWNGRADE 1 \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome.adwaita-icon-theme}/share' \
${lib.optionalString forceWayland ''
--set MOZ_ENABLE_WAYLAND "1" \
''}
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
if [ -e "${browser}/share/icons" ]; then
mkdir -p "$out/share"
ln -s "${browser}/share/icons" "$out/share/icons"
else
for res in 16 32 48 64 128; do
mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" )
if [ -e "$icon" ]; then ln -s "$icon" \
"$out/share/icons/hicolor/''${res}x''${res}/apps/${applicationName}.png"
fi
done
fi
install -D -t $out/share/applications $desktopItem/share/applications/*
mkdir -p $out/lib/mozilla/native-messaging-hosts
for ext in ${toString nativeMessagingHosts}; do
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done
mkdir -p $out/lib/mozilla/pkcs11-modules
for ext in ${toString pkcs11Modules}; do
ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/*
done
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# user customization
mkdir -p $out/lib/${libName}
# creating policies.json
mkdir -p "$out/lib/${libName}/distribution"
POL_PATH="$out/lib/${libName}/distribution/policies.json"
rm -f "$POL_PATH"
cat ${policiesJson} >> "$POL_PATH"
# preparing for autoconfig
mkdir -p "$out/lib/${libName}/defaults/pref"
echo 'pref("general.config.filename", "mozilla.cfg");' > "$out/lib/${libName}/defaults/pref/autoconfig.js"
echo 'pref("general.config.obscure_value", 0);' >> "$out/lib/${libName}/defaults/pref/autoconfig.js"
cat > "$out/lib/${libName}/mozilla.cfg" < ${mozillaCfg}
mkdir -p $out/lib/${libName}/distribution/extensions
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
'';
preferLocalBuild = true;
libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
gtk_modules = map (x: x + x.gtkModule) gtk_modules;
passthru = { unwrapped = browser; };
disallowedRequisites = [ stdenv.cc ];
meta = browser.meta // {
description = browser.meta.description;
hydraPlatforms = [];
priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
};
});
in lib.makeOverridable wrapper