diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 933d16c027e..62074441d8c 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -1,6 +1,7 @@ { pname, ffversion, meta, updateScript ? null , src, unpackPhase ? null, patches ? [] , extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] +, isIceCatLike ? false, icversion ? null , isTorBrowserLike ? false, tbversion ? null }: { lib, stdenv, pkgconfig, pango, perl, python2, zip, libIDL @@ -25,7 +26,7 @@ ## privacy-related options -, privacySupport ? isTorBrowserLike +, privacySupport ? isTorBrowserLike || isIceCatLike # WARNING: NEVER set any of the options below to `true` by default. # Set to `privacySupport` or `false`. @@ -75,15 +76,23 @@ let default-toolkit = if stdenv.isDarwin then "cairo-cocoa" else "cairo-gtk${if gtk3Support then "3" else "2"}"; + binaryName = if isIceCatLike then "icecat" else "firefox"; + binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName; + + browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName; + execdir = if stdenv.isDarwin - then "/Applications/${browserName}.app/Contents/MacOS" + then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS" else "/bin"; - browserName = if stdenv.isDarwin then "Firefox" else "firefox"; + + browserVersion = if isIceCatLike then icversion + else if isTorBrowserLike then tbversion + else ffversion; in stdenv.mkDerivation rec { name = "${pname}-unwrapped-${version}"; - version = if !isTorBrowserLike then ffversion else tbversion; + version = browserVersion; inherit src unpackPhase patches meta; @@ -270,22 +279,22 @@ stdenv.mkDerivation rec { installPhase = if stdenv.isDarwin then '' mkdir -p $out/Applications - cp -LR dist/Firefox.app $out/Applications + cp -LR dist/${binaryNameCapitalized}.app $out/Applications '' else null; postInstall = lib.optionalString stdenv.isLinux '' # Remove SDK cruft. FIXME: move to a separate output? - rm -rf $out/share/idl $out/include $out/lib/firefox-devel-* + rm -rf $out/share/idl $out/include $out/lib/${binaryName}-devel-* # Needed to find Mozilla runtime - gappsWrapperArgs+=(--argv0 "$out/bin/.firefox-wrapped") + gappsWrapperArgs+=(--argv0 "$out/bin/.${binaryName}-wrapped") ''; postFixup = lib.optionalString stdenv.isLinux '' # Fix notifications. LibXUL uses dlopen for this, unfortunately; see #18712. patchelf --set-rpath "${lib.getLib libnotify - }/lib:$(patchelf --print-rpath "$out"/lib/firefox*/libxul.so)" \ - "$out"/lib/firefox*/libxul.so + }/lib:$(patchelf --print-rpath "$out"/lib/${binaryName}*/libxul.so)" \ + "$out"/lib/${binaryName}*/libxul.so ''; doInstallCheck = true; @@ -297,6 +306,7 @@ stdenv.mkDerivation rec { passthru = { inherit version updateScript; isFirefox3Like = true; + inherit isIceCatLike; inherit isTorBrowserLike; gtk = gtk2; inherit nspr; diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index e16d28048a8..5d03d9c1db3 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -92,6 +92,80 @@ rec { } // (let + iccommon = args: common (args // { + pname = "icecat"; + isIceCatLike = true; + + meta = (args.meta or {}) // { + description = "The GNU version of the Firefox web browser"; + longDescription = '' + GNUzilla is the GNU version of the Mozilla suite, and GNU + IceCat is the GNU version of the Firefox web browser. + + Notable differences from mainline Firefox: + + - entirely free software, no non-free plugins, addons, + artwork, + - no telemetry, no "studies", + - sane privacy and security defaults (for instance, unlike + Firefox, IceCat does _zero_ network requests on startup by + default, which means that with IceCat you won't need to + unplug your Ethernet cable each time you want to create a + new browser profile without announcing that action to a + bunch of data-hungry corporations), + - all essential privacy and security settings can be + configured directly from the main screen, + - optional first party isolation (like TorBrowser), + - comes with HTTPS Everywhere (like TorBrowser), Tor Browser + Button (like TorBrowser Bundle), LibreJS, and SpyBlock + plugins out of the box. + + This package can be installed together with Firefox and + TorBrowser, it will use distinct binary names and profile + directories. + ''; + homepage = "https://www.gnu.org/software/gnuzilla/"; + platforms = lib.platforms.unix; + license = with lib.licenses; [ mpl20 gpl3Plus ]; + }; + }); + +in rec { + + icecat = iccommon rec { + ffversion = "60.3.0"; + icversion = "${ffversion}-gnu1"; + + src = fetchurl { + url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; + sha256 = "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1"; + }; + + patches = nixpkgsPatches ++ [ + ./no-buildconfig.patch + ]; + }; + + icecat-52 = iccommon rec { + ffversion = "52.6.0"; + icversion = "${ffversion}-gnu1"; + + src = fetchurl { + url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2"; + sha256 = "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a"; + }; + + patches = nixpkgsPatches ++ [ + # this one is actually an omnipresent bug + # https://bugzilla.mozilla.org/show_bug.cgi?id=1444519 + ./fix-pa-context-connect-retval.patch + ]; + + meta.knownVulnerabilities = [ "Support ended in August 2018." ]; + }; + +}) // (let + tbcommon = args: common (args // { pname = "tor-browser"; isTorBrowserLike = true; @@ -109,7 +183,7 @@ rec { patches = nixpkgsPatches; - meta = { + meta = (args.meta or {}) // { description = "A web browser built from TorBrowser source tree"; longDescription = '' This is a version of TorBrowser with bundle-related patches diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dace0f0ceb7..54cca416f08 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17180,11 +17180,13 @@ in firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52; firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60; tor-browser-unwrapped = firefoxPackages.tor-browser; + icecat-unwrapped = firefoxPackages.icecat; firefox = wrapFirefox firefox-unwrapped { }; firefox-esr-52 = wrapFirefox firefox-esr-52-unwrapped { }; firefox-esr-60 = wrapFirefox firefox-esr-60-unwrapped { }; firefox-esr = firefox-esr-60; + icecat = wrapFirefox icecat-unwrapped { }; firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin { channel = "release";