public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #130186 from mweinelt/21.05/firefox

Browse Source
This commit is contained in:
Martin Weinelt 2021-07-14 23:39:07 +02:00 committed by GitHub
commit 1f4e50f03c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 206 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -4,7 +4,7 @@
{ lib, stdenv, pkg-config, pango, perl, python3, zip
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, nss_3_53
, freetype, fontconfig, file, nspr, nss_3_53
, yasm, libGLU, libGL, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification
, libvpx_1_8
@ -12,12 +12,14 @@
, autoconf213, which, gnused, rustPackages, rustPackages_1_45
, rust-cbindgen, nodejs, nasm, fetchpatch
, gnum4
, gtk2, gtk3, wrapGAppsHook
, debugBuild ? false
### optionals
## backported libraries
, nss_latest
, rust-cbindgen_latest
## optional libraries
@ -25,7 +27,6 @@
, alsaSupport ? stdenv.isLinux, alsaLib
, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
, ffmpegSupport ? true
, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook
, waylandSupport ? true, libxkbcommon, libdrm
, ltoSupport ? (stdenv.isLinux && stdenv.is64bit), overrideCC, buildPackages
, gssSupport ? true, libkrb5
@ -83,7 +84,7 @@ let
flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
default-toolkit = if stdenv.isDarwin then "cairo-cocoa"
else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}";
else "cairo-gtk3${lib.optionalString waylandSupport "-wayland"}";
binaryName = "firefox";
binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName;
@ -124,7 +125,7 @@ let
# Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY
# https://github.com/NixOS/nixpkgs/issues/126065
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; };
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss_latest.override { useP11kit = false; };
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking
@ -145,7 +146,7 @@ buildStdenv.mkDerivation ({
lib.optional (lib.versionOlder ffversion "86") ./env_var_for_system_dir-ff85.patch ++
lib.optional (lib.versionAtLeast ffversion "86") ./env_var_for_system_dir-ff86.patch ++
lib.optional (lib.versionOlder ffversion "83") ./no-buildconfig-ffx76.patch ++
lib.optional (lib.versionAtLeast ffversion "84") ./no-buildconfig-ffx84.patch ++
lib.optional (lib.versionAtLeast ffversion "90") ./no-buildconfig-ffx90.patch ++
lib.optional (ltoSupport && lib.versionOlder ffversion "84") ./lto-dependentlibs-generation-ffx83.patch ++
lib.optional (ltoSupport && lib.versionAtLeast ffversion "84" && lib.versionOlder ffversion "86")
(fetchpatch {
@ -170,7 +171,7 @@ buildStdenv.mkDerivation ({
patchFlags = [ "-p1" "-l" ];
buildInputs = [
gtk2 perl zip libjpeg zlib bzip2
gtk3 perl zip libjpeg zlib bzip2
dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
xorg.pixman yasm libGLU libGL
@ -188,14 +189,14 @@ buildStdenv.mkDerivation ({
]
++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optional gtk3Support gtk3
++ lib.optional gssSupport libkrb5
++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
++ lib.optional pipewireSupport pipewire
++ lib.optional (lib.versionAtLeast ffversion "82") gnum4
++ lib.optionals buildStdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
AVFoundation MediaToolbox CoreLocation
Foundation libobjc AddressBook cups ];
Foundation libobjc AddressBook cups ]
++ lib.optional (lib.versionOlder ffversion "90") gtk2;
NIX_LDFLAGS = lib.optionalString ltoSupport ''
-rpath ${llvmPackages.libunwind.out}/lib
@ -238,8 +239,8 @@ buildStdenv.mkDerivation ({
rustc
which
unzip
wrapGAppsHook
]
++ lib.optional gtk3Support wrapGAppsHook
++ lib.optionals buildStdenv.isDarwin [ xcbuild rsync ]
++ extraNativeBuildInputs;
@ -368,8 +369,6 @@ buildStdenv.mkDerivation ({
passthru = {
inherit updateScript;
version = ffversion;
isFirefox3Like = true;
gtk = gtk2;
inherit alsaSupport;
inherit pipewireSupport;
inherit nspr;
@ -378,7 +377,8 @@ buildStdenv.mkDerivation ({
inherit execdir;
inherit browserName;
inherit tests;
} // lib.optionalAttrs gtk3Support { inherit gtk3; };
inherit gtk3;
};
hardeningDisable = [ "format" ]; # -Werror=format-security

15
pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx84.patch → pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx90.patch
View File

@ -1,25 +1,22 @@
diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp
index 10ac77b..0125d9b 100644
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@@ -63,8 +63,6 @@ static const RedirEntry kRedirMap[] = {
@@ -66,8 +66,6 @@ static const RedirEntry kRedirMap[] = {
{"about", "chrome://global/content/aboutAbout.html", 0},
{"addons", "chrome://mozapps/content/extensions/extensions.xhtml",
{"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
nsIAboutModule::ALLOW_SCRIPT},
- {"buildconfig", "chrome://global/content/buildconfig.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
{"checkerboard", "chrome://global/content/aboutCheckerboard.html",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::ALLOW_SCRIPT},
diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn
index c83b3e2..d543140 100644
--- a/toolkit/content/jar.mn
+++ b/toolkit/content/jar.mn
@@ -40,7 +40,6 @@ toolkit.jar:
@@ -39,8 +39,6 @@ toolkit.jar:
content/global/plugins.html
content/global/plugins.css
content/global/plugins.js
content/global/browser-child.js
-* content/global/buildconfig.html
content/global/buildconfig.css
- content/global/buildconfig.css
content/global/contentAreaUtils.js
content/global/datepicker.xhtml
#ifndef MOZ_FENNEC

4
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
ffversion = "89.0.2";
ffversion = "90.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "ffd98ab0887611c5b4aba68346c49a7a31a58150fd8bbae610a4d941c4cff0acef0daaebfbb577787a759b4c1ef3c1199f02681148612f4f5b709983e07e0ccb";
sha512 = "233ad59e4ab2f08d2253b49235b51b26fa32fb7c285928110573ccbe67c79965d9401a6c58a3af2ad22b8a58ca5d9b3154e3e8c9d29b153acd16152d9b75442c";
};
meta = {

183
pkgs/development/libraries/nss/latest.nix Normal file
View File

@ -0,0 +1,183 @@
{ lib, stdenv, fetchurl, nspr, perl, zlib
, sqlite, ninja
, darwin, fixDarwinDylibNames, buildPackages
, useP11kit ? true, p11-kit
, # allow FIPS mode. Note that this makes the output non-reproducible.
# https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
enableFIPS ? false
}:
let
nssPEM = fetchurl {
url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
};
# NOTE: Whenever you updated this version check if the `cacert` package also
# needs an update. You can run the regular updater script for cacerts.
# It will rebuild itself using the version of this package (NSS) and if
# an update is required do the required changes to the expression.
# Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert
version = "3.67";
underscoreVersion = builtins.replaceStrings ["."] ["_"] version;
in stdenv.mkDerivation rec {
pname = "nss";
inherit version;
src = fetchurl {
url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz";
sha256 = "0zyfi27lbdz1bmk9dmsivcya4phx25rzlxqcnjab69yd928rlm7n";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ perl ninja (buildPackages.python3.withPackages (ps: with ps; [ gyp ])) ]
++ lib.optionals stdenv.hostPlatform.isDarwin [ darwin.cctools fixDarwinDylibNames ];
buildInputs = [ zlib sqlite ];
propagatedBuildInputs = [ nspr ];
prePatch = ''
# strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_
xz -d < ${nssPEM} | sed \
-e 's/-DIRS = builtins $/-DIRS = . builtins/g' \
-e 's/CKO_NETSCAPE_/CKO_NSS_/g' \
-e 's/CKT_NETSCAPE_/CKT_NSS_/g' \
| patch -p1
patchShebangs nss
for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do
substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env"
done
substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep"
'';
patches =
[
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
./85_security_load.patch
./ckpem.patch
./fix-cross-compilation.patch
];
patchFlags = [ "-p0" ];
postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
'';
outputs = [ "out" "dev" "tools" ];
preConfigure = "cd nss";
buildPhase = let
getArch = platform: if platform.isx86_64 then "x64"
else if platform.isx86_32 then "ia32"
else if platform.isAarch32 then "arm"
else if platform.isAarch64 then "arm64"
else if platform.isPower && platform.is64bit then (
if platform.isLittleEndian then "ppc64le" else "ppc64"
)
else platform.parsed.cpu.name;
# yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
target = getArch stdenv.hostPlatform;
host = getArch stdenv.buildPlatform;
in ''
runHook preBuild
sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
./build.sh -v --opt \
--with-nspr=${nspr.dev}/include:${nspr.out}/lib \
--system-sqlite \
--enable-legacy-db \
--target ${target} \
-Dhost_arch=${host} \
-Duse_system_zlib=1 \
--enable-libpkix \
${lib.optionalString enableFIPS "--enable-fips"} \
${lib.optionalString stdenv.isDarwin "--clang"} \
${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
runHook postBuild
'';
NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\" " + lib.optionalString stdenv.hostPlatform.is64bit "-DNSS_USE_64=1";
installPhase = ''
runHook preInstall
rm -rf $out/private
find $out -name "*.TOC" -delete
mv $out/public $out/include
ln -s lib $out/lib64
# Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
# https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a
NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}'`
NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h | awk '{print $3}'`
NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h | awk '{print $3}'`
PREFIX="$out"
mkdir -p $out/lib/pkgconfig
sed -e "s,%prefix%,$PREFIX," \
-e "s,%exec_prefix%,$PREFIX," \
-e "s,%libdir%,$PREFIX/lib64," \
-e "s,%includedir%,$dev/include/nss," \
-e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \
-e "s,%NSPR_VERSION%,4.16,g" \
pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc
chmod 0644 $out/lib/pkgconfig/nss.pc
sed -e "s,@prefix@,$PREFIX," \
-e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \
-e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \
-e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \
pkg/pkg-config/nss-config.in > $out/bin/nss-config
chmod 0755 $out/bin/nss-config
'';
postInstall = lib.optionalString useP11kit ''
# Replace built-in trust with p11-kit connection
ln -sf ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi.so
'';
postFixup = let
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
nss = if isCross then buildPackages.nss.tools else "$out";
in
(lib.optionalString enableFIPS (''
for libname in freebl3 nssdbm3 softokn3
do '' +
(if stdenv.isDarwin
then ''
libfile="$out/lib/lib$libname.dylib"
DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
'' else ''
libfile="$out/lib/lib$libname.so"
LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
'') + ''
${nss}/bin/shlibsign -v -i "$libfile"
done
'')) +
''
moveToOutput bin "$tools"
moveToOutput bin/nss-config "$dev"
moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
rm -f "$out"/lib/*.a
runHook postInstall
'';
meta = with lib; {
homepage = "https://developer.mozilla.org/en-US/docs/NSS";
description = "A set of libraries for development of security-enabled client and server applications";
license = licenses.mpl20;
platforms = platforms.all;
};
}

3
pkgs/top-level/all-packages.nix
View File

@ -17157,6 +17157,9 @@ in
# required for stable thunderbird and firefox-esr-78
nss_3_53 = lowPrio (callPackage ../development/libraries/nss/3.53.nix { });
# required for the latest firefox version
nss_latest = lowPrio (callPackage ../development/libraries/nss/latest.nix { });
nss_wrapper = callPackage ../development/libraries/nss_wrapper { };
nsss = skawarePackages.nsss;