wrapFirefox
pkgs.wrapFirefox
Functor
Docs pulled from | This Revision | 21 minutes ago
Contribute
Enhance the ecosystem with your expertise! Contribute to fill the gaps in documentation. Your input can make a difference.
Noogle detected
This is a Functor
Learn about functors
Implementation
The following is the current implementation of this function.
browser_:
let
isDarwin = stdenv.hostPlatform.isDarwin;
browser =
# Wrapper breaks codesigning on macOS; though plugins that may require
# original mozilla signature (like 1Password) won't work with signatures
# stripped, at least the wrapped browser will launch.
if isDarwin then
browser_.overrideAttrs (
oldAttrs:
lib.optionalAttrs (oldAttrs.dontFixup or false) {
dontFixup = false;
}
)
else
browser_;
wrapper =
{
applicationName ? browser.binaryName or (lib.getName browser), # Note: this is actually *binary* name and is different from browser.applicationName, which is *app* name!
pname ? applicationName,
version ? lib.getVersion browser,
nameSuffix ? "",
icon ? applicationName,
wmClass ? applicationName,
nativeMessagingHosts ? [ ],
pkcs11Modules ? [ ],
useGlvnd ? (!isDarwin),
cfg ? config.${applicationName} or { },
## Following options are needed for extra prefs & policies
# For more information about anti tracking (german website)
# visit https://wiki.kairaven.de/open/app/firefox
extraPrefs ? "",
extraPrefsFiles ? [ ],
# For more information about policies visit
# https://mozilla.github.io/policy-templates/
extraPolicies ? { },
extraPoliciesFiles ? [ ],
extraAutoConfig ? "",
libName ? browser.libName or applicationName, # Important for tor package or the like
nixExtensions ? null,
hasMozSystemDirPatch ? (lib.hasPrefix "firefox" pname && !lib.hasSuffix "-bin" pname),
}:
let
ffmpegSupport = browser.ffmpegSupport or false;
gssSupport = browser.gssSupport or false;
alsaSupport = browser.alsaSupport or false;
pipewireSupport = browser.pipewireSupport or false;
sndioSupport = browser.sndioSupport or false;
jackSupport = browser.jackSupport or false;
# PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards
smartcardSupport = cfg.smartcardSupport or false;
allNativeMessagingHosts = map lib.getBin (lib.unique nativeMessagingHosts);
libs =
lib.optionals stdenv.hostPlatform.isLinux (
[
udev
libva
libgbm
libnotify
libxscrnsaver
cups
pciutils
vulkan-loader
]
++ lib.optional (cfg.speechSynthesisSupport or true) speechd-minimal
)
++ lib.optional pipewireSupport pipewire
++ lib.optional ffmpegSupport ffmpeg_7
++ lib.optional gssSupport libkrb5
++ lib.optional useGlvnd libglvnd
++ lib.optionals (cfg.enableQuakeLive or false) [
stdenv.cc
libx11
libxxf86dga
libxxf86vm
libxext
libxt
alsa-lib
zlib
]
++ lib.optional (config.pulseaudio or (!isDarwin)) libpulseaudio
++ lib.optional alsaSupport alsa-lib
++ lib.optional sndioSupport sndio
++ lib.optional jackSupport libjack2
++ lib.optional smartcardSupport opensc
++ pkcs11Modules
++ lib.optionals (!isDarwin) gtk_modules;
gtk_modules = lib.optionals (!isDarwin) [ libcanberra-gtk3 ];
# Darwin does not rename bundled binaries
launcherName = "${applicationName}${lib.optionalString (!isDarwin) nameSuffix}";
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
policiesJson = writeText "policies.json" (builtins.toJSON enterprisePolicies);
usesNixExtensions = nixExtensions != null;
nameArray = map (a: a.name) (lib.optionals usesNixExtensions nixExtensions);
# Check that every extension has a unique .name attribute
# and an extid attribute
extensions =
if nameArray != (lib.unique nameArray) then
throw "Firefox addon name needs to be unique"
else if browser.requireSigning || !browser.allowAddonSideload then
throw "Nix addons are only supported with signature enforcement disabled and addon sideloading enabled (eg. LibreWolf)"
else
map (
a:
if !(builtins.hasAttr "extid" a) then
throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchFirefoxAddon"
else
a
) (lib.optionals usesNixExtensions nixExtensions);
enterprisePolicies = {
policies = {
DisableAppUpdate = true;
}
// lib.optionalAttrs usesNixExtensions {
ExtensionSettings = {
"*" = {
blocked_install_message = "You can't have manual extension mixed with nix extensions";
installation_mode = "blocked";
};
}
// lib.foldr (
e: ret:
ret
// {
"${e.extid}" = {
installation_mode = "allowed";
};
}
) { } extensions;
Extensions = {
Install = lib.foldr (e: ret: ret ++ [ "${e.outPath}/${e.extid}.xpi" ]) [ ] extensions;
};
}
// lib.optionalAttrs smartcardSupport {
SecurityDevices = {
"OpenSC PKCS#11 Module" = "opensc-pkcs11.so";
};
}
// extraPolicies;
};
mozillaCfg = ''
// First line must be a comment
// Disables addon signature checking
// to be able to install addons that do not have an extid
// Security is maintained because only user whitelisted addons
// with a checksum can be installed
${lib.optionalString usesNixExtensions ''lockPref("xpinstall.signatures.required", false);''}
'';
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
in
stdenv.mkDerivation (finalAttrs: {
__structuredAttrs = true;
inherit pname version;
desktopItem = makeDesktopItem (
{
name = launcherName;
exec = "${launcherName} --name ${wmClass} %U";
inherit icon;
desktopName = browser.applicationName;
startupNotify = true;
startupWMClass = wmClass;
terminal = false;
}
// (
if libName == "thunderbird" then
{
genericName = "Email Client";
comment = "Read and write e-mails or RSS feeds, or manage tasks on calendars.";
categories = [
"Network"
"Chat"
"Email"
"Feed"
"GTK"
"News"
];
keywords = [
"mail"
"email"
"e-mail"
"messages"
"rss"
"calendar"
"address book"
"addressbook"
"chat"
];
mimeTypes = [
"message/rfc822"
"x-scheme-handler/mailto"
"text/calendar"
"text/x-vcard"
];
actions = {
profile-manager-window = {
name = "Profile Manager";
exec = "${launcherName} --ProfileManager";
};
};
}
else
{
genericName = "Web Browser";
categories = [
"Network"
"WebBrowser"
];
mimeTypes = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
actions = {
new-window = {
name = "New Window";
exec = "${launcherName} --new-window %U";
};
new-private-window = {
name = "New Private Window";
exec = "${launcherName} --private-window %U";
};
profile-manager-window = {
name = "Profile Manager";
exec = "${launcherName} --ProfileManager";
};
};
}
)
);
nativeBuildInputs = [
makeWrapper
lndir
jq
];
buildInputs = lib.optionals (!isDarwin) [ browser.gtk3 ];
makeWrapperArgs = [
"--prefix"
"LD_LIBRARY_PATH"
":"
"${finalAttrs.libs}"
"--suffix"
"PATH"
":"
"${placeholder "out"}/bin"
"--set"
"MOZ_APP_LAUNCHER"
launcherName
"--set"
"MOZ_LEGACY_PROFILES"
"1"
"--set"
"MOZ_ALLOW_DOWNGRADE"
"1"
]
++ lib.optionals (!isDarwin) [
"--suffix"
"GTK_PATH"
":"
"${lib.concatStringsSep ":" finalAttrs.gtk_modules}"
"--suffix"
"XDG_DATA_DIRS"
":"
"${adwaita-icon-theme}/share"
"--set-default"
"MOZ_ENABLE_WAYLAND"
"1"
]
++ lib.optionals (!xdg-utils.meta.broken && !isDarwin) [
# make xdg-open overridable at runtime
"--suffix"
"PATH"
":"
"${lib.makeBinPath [ xdg-utils ]}"
]
++ lib.optionals hasMozSystemDirPatch [
"--set"
"MOZ_SYSTEM_DIR"
"${placeholder "out"}/lib/mozilla"
]
++ lib.optionals (!hasMozSystemDirPatch && allNativeMessagingHosts != [ ]) [
"--run"
"mkdir -p \${MOZ_HOME:-~/.mozilla}/native-messaging-hosts"
]
++ lib.optionals (!hasMozSystemDirPatch) (
lib.concatMap (ext: [
"--run"
"ln -sfLt \${MOZ_HOME:-~/.mozilla}/native-messaging-hosts ${ext}/lib/mozilla/native-messaging-hosts/*"
]) allNativeMessagingHosts
);
buildCommand =
let
appPath = "Applications/${browser.applicationName}.app";
executablePrefix = if isDarwin then "${appPath}/Contents/MacOS" else "bin";
executablePath = "${executablePrefix}/${applicationName}";
finalBinaryPath = "${executablePath}" + lib.optionalString (!isDarwin) "${nameSuffix}";
sourceBinary = "${browser}/${executablePath}";
libDir = if isDarwin then "${appPath}/Contents/Resources" else "lib/${libName}";
prefsDir = if isDarwin then "${libDir}/browser/defaults/preferences" else "${libDir}/defaults/pref";
in
''
if [ ! -x "${sourceBinary}" ]
then
echo "cannot find executable file \`${sourceBinary}'"
exit 1
fi
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# Link the runtime. The executable itself has to be copied,
# because it will resolve paths relative to its true location.
# Any symbolic links have to be replicated as well.
cd "${browser}"
find . -type d -exec mkdir -p "$out"/{} \;
find . -type f \( -not -name "${applicationName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
find . -type f \( -name "${applicationName}" -o -name "${applicationName}-bin" \) -print0 | while read -d $'\0' f; do
cp -P --no-preserve=mode,ownership --remove-destination "${browser}/$f" "$out/$f"
chmod a+rwx "$out/$f"
done
# fix links and absolute references
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l")"
target=''${target/#"${browser}"/"$out"}
ln -sfT "$target" "$out/$l"
done
cd "$out"
''
+ lib.optionalString isDarwin ''
cd "${appPath}"
# The omni.ja files have to be copied and not symlinked, otherwise tabs crash.
# Maybe related to how omni.ja file is mmapped into memory. See:
# https://github.com/mozilla/gecko-dev/blob/b1662b447f306e6554647914090d4b73ac8e1664/modules/libjar/nsZipArchive.cpp#L204
#
# Mach-O shared libraries must be copied, not symlinked, otherwise some
# functionality like the Crypto API and audio decoding is broken.
find . -type l -print0 |
while IFS= read -r -d "" file; do
case "$(basename "$file")" in
omni.ja)
;;
*)
# Copy if the symlink resolves to a Mach-O dylib
otool -l "$file" 2>/dev/null | grep -q 'LC_ID_DYLIB' || continue
;;
esac
rm "$file"
cp "${browser}/${appPath}/''${file#./}" "$file"
done
# Copy any embedded .app directories; plugin-container fails to start otherwise.
for dir in $(find . -type d -name '*.app'); do
rm -r "$dir"
cp -r "${browser}/${appPath}/$dir" "$dir"
done
cd ..
''
+ ''
# create the wrapper
executablePrefix="$out/${executablePrefix}"
executablePath="$out/${executablePath}"
oldWrapperArgs=()
if [[ -L $executablePath ]]; then
# Symbolic link: wrap the link's target.
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
rm "$executablePath"
elif wrapperCmd=$(${buildPackages.makeBinaryWrapper.extractCmd} "$executablePath"); [[ $wrapperCmd ]]; then
# If the executable is a binary wrapper, we need to update its target to
# point to $out, but we can't just edit the binary in-place because of length
# issues. So we extract the command used to create the wrapper and add the
# arguments to our wrapper.
parseMakeCWrapperCall() {
shift # makeCWrapper
oldExe=$1; shift
oldWrapperArgs=("$@")
}
eval "parseMakeCWrapperCall ''${wrapperCmd//"${browser}"/"$out"}"
rm "$executablePath"
else
if read -rn2 shebang < "$executablePath" && [[ $shebang == '#!' ]]; then
# Shell wrapper: patch in place to point to $out.
sed -i "s@${browser}@$out@g" "$executablePath"
fi
# Suffix the executable with -old, because -wrapped might already be used by the old wrapper.
oldExe="$executablePrefix/.${applicationName}"-old
mv "$executablePath" "$oldExe"
fi
''
+ lib.optionalString (!isDarwin) ''
appendToVar makeWrapperArgs --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
''
+ ''
concatTo makeWrapperArgs oldWrapperArgs
makeWrapper "$oldExe" "$out/${finalBinaryPath}" "''${makeWrapperArgs[@]}"
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
''
+ lib.optionalString (!isDarwin) ''
if [ -e "${browser}/share/icons" ]; then
mkdir -p "$out/share"
ln -s "${browser}/share/icons" "$out/share/icons"
else
for res in 16 32 48 64 128; do
mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
icon=$( find "${browser}/lib/" -name "default''${res}.png" )
if [ -e "$icon" ]; then ln -s "$icon" \
"$out/share/icons/hicolor/''${res}x''${res}/apps/${icon}.png"
fi
done
fi
install -m 644 -D -t $out/share/applications $desktopItem/share/applications/*
''
+ lib.optionalString hasMozSystemDirPatch ''
mkdir -p $out/lib/mozilla/native-messaging-hosts
for ext in ${toString allNativeMessagingHosts}; do
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done
''
+ ''
mkdir -p $out/lib/mozilla/pkcs11-modules
for ext in ${toString pkcs11Modules}; do
ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/*
done
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# user customization
libDir="$out/${libDir}"
# creating policies.json
mkdir -p "$libDir/distribution"
POL_PATH="$libDir/distribution/policies.json"
rm -f "$POL_PATH"
cat ${policiesJson} >> "$POL_PATH"
extraPoliciesFiles=(${toString extraPoliciesFiles})
for extraPoliciesFile in "''${extraPoliciesFiles[@]}"; do
jq -s '.[0] * .[1]' $extraPoliciesFile "$POL_PATH" > .tmp.json
mv .tmp.json "$POL_PATH"
done
# preparing for autoconfig
prefsDir="$out/${prefsDir}"
mkdir -p "$prefsDir"
cat > "$prefsDir/autoconfig.js" << EOF
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
${extraAutoConfig}
EOF
cat > "$libDir/mozilla.cfg" << EOF
${mozillaCfg}
EOF
extraPrefsFiles=(${toString extraPrefsFiles})
for extraPrefsFile in "''${extraPrefsFiles[@]}"; do
cat "$extraPrefsFile" >> "$libDir/mozilla.cfg"
done
cat >> "$libDir/mozilla.cfg" << EOF
${extraPrefs}
EOF
mkdir -p "$libDir/distribution/extensions"
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
'';
preferLocalBuild = true;
libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
gtk_modules = map (x: x + x.gtkModule) gtk_modules;
passthru = {
unwrapped = browser;
};
disallowedRequisites = [ stdenv.cc ];
meta = browser.meta // {
inherit (browser.meta) description;
mainProgram = launcherName;
hydraPlatforms = [ ];
priority = (browser.meta.priority or lib.meta.defaultPriority) - 1; # prefer wrapper over the package
};
});
in
lib.makeOverridable wrapper