diff --git a/pkgs/by-name/li/librewolf-bin-unwrapped/package.nix b/pkgs/by-name/li/librewolf-bin-unwrapped/package.nix new file mode 100644 index 000000000000..1c5f9ea3a98a --- /dev/null +++ b/pkgs/by-name/li/librewolf-bin-unwrapped/package.nix @@ -0,0 +1,117 @@ +{ + lib, + stdenv, + fetchurl, + config, + wrapGAppsHook3, + autoPatchelfHook, + alsa-lib, + curl, + dbus-glib, + gtk3, + libXtst, + libva, + pciutils, + pipewire, + adwaita-icon-theme, + writeText, + patchelfUnstable, # have to use patchelfUnstable to support --no-clobber-old-sections +}: + +let + binaryName = "librewolf"; + + mozillaPlatforms = { + i686-linux = "linux-i686"; + x86_64-linux = "linux-x86_64"; + aarch64-linux = "linux-arm64"; + }; + + throwSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}"; + + arch = mozillaPlatforms.${stdenv.hostPlatform.system} or throwSystem; + + policies = config.librewolf.policies or { }; + + policiesJson = writeText "librewolf-policies.json" (builtins.toJSON { inherit policies; }); + + pname = "librewolf-bin-unwrapped"; + + version = "136.0-2"; +in + +stdenv.mkDerivation { + inherit pname version; + + src = fetchurl { + url = "https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/${version}/librewolf-${version}-${arch}-package.tar.xz"; + hash = + { + i686-linux = "sha256-VRY6OY3nBTfwrdoRF8zBjSfwrxCM9SnmjUvAXhLbGSY="; + x86_64-linux = "sha256-KjOES7AjoObZ0EPjTFAVafm++8MsxtEs1FgViLsR/hc="; + aarch64-linux = "sha256-vUW+eEabJ3Gp0ov/9ms/KyLzwHOCKozpR/CdZGaxA0I="; + } + .${stdenv.hostPlatform.system} or throwSystem; + }; + + nativeBuildInputs = [ + wrapGAppsHook3 + autoPatchelfHook + patchelfUnstable + ]; + + buildInputs = [ + gtk3 + adwaita-icon-theme + alsa-lib + dbus-glib + libXtst + ]; + + runtimeDependencies = [ + curl + libva.out + pciutils + ]; + + appendRunpaths = [ "${pipewire}/lib" ]; + + # Firefox uses "relrhack" to manually process relocations from a fixed offset + patchelfFlags = [ "--no-clobber-old-sections" ]; + + installPhase = '' + runHook preInstall + + mkdir -p $prefix/lib $out/bin + cp -r . $prefix/lib/librewolf-bin-${version} + ln -s $prefix/lib/librewolf-bin-${version}/librewolf $out/bin/${binaryName} + # See: https://github.com/mozilla/policy-templates/blob/master/README.md + mv $out/lib/librewolf-bin-${version}/distribution/policies.json $out/lib/librewolf-bin-${version}/distribution/extra-policies.json + ${lib.optionalString (config.librewolf.policies or false) '' + ln -s ${policiesJson} $out/lib/librewolf-bin-${version}/distribution/policies.json + ''} + + runHook postInstall + ''; + + passthru = { + inherit binaryName; + applicationName = "LibreWolf"; + libName = "librewolf-bin-${version}"; + ffmpegSupport = true; + gssSupport = true; + gtk3 = gtk3; + updateScript = ./update.sh; + }; + + meta = { + description = "Fork of Firefox, focused on privacy, security and freedom (upstream binary release)"; + homepage = "https://librewolf.net"; + license = lib.licenses.mpl20; + maintainers = with lib.maintainers; [ dwrege ]; + platforms = builtins.attrNames mozillaPlatforms; + mainProgram = "librewolf"; + hydraPlatforms = [ ]; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + }; +} diff --git a/pkgs/by-name/li/librewolf-bin-unwrapped/update.sh b/pkgs/by-name/li/librewolf-bin-unwrapped/update.sh new file mode 100755 index 000000000000..93f8e0fe14b9 --- /dev/null +++ b/pkgs/by-name/li/librewolf-bin-unwrapped/update.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p bash nix curl coreutils jq common-updater-scripts + +set -eou pipefail + +latestVersion=$(curl ${PRIVATE-TOKEN:+-u ":$PRIVATE-TOKEN"} -sL https://gitlab.com/api/v4/projects/44042130/releases | jq -r '.[0].tag_name') +currentVersion=$(nix-instantiate --eval -E "with import ./. {}; librewolf-bin-unwrapped.version or (lib.getVersion librewolf-bin-unwrapped)" | tr -d '"') + +echo "latest version: $latestVersion" +echo "current version: $currentVersion" + +if [[ "$latestVersion" == "$currentVersion" ]]; then + echo "package is up-to-date" + exit 0 +fi + +for i in \ + "i686-linux linux-i686" \ + "x86_64-linux linux-x86_64" \ + "aarch64-linux linux-arm64"; do + set -- $i + hash=$(nix hash convert --to sri --hash-algo sha256 $(curl ${PRIVATE-TOKEN:+-u ":$PRIVATE-TOKEN"} -sL https://gitlab.com/api/v4/projects/44042130/packages/generic/librewolf/$latestVersion/librewolf-$latestVersion-$2-package.tar.xz.sha256sum)) + update-source-version librewolf-bin-unwrapped $latestVersion $hash --system=$1 --ignore-same-version +done diff --git a/pkgs/by-name/li/librewolf-bin/package.nix b/pkgs/by-name/li/librewolf-bin/package.nix deleted file mode 100644 index 7d3a23cd489b..000000000000 --- a/pkgs/by-name/li/librewolf-bin/package.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - appimageTools, - fetchurl, -}: - -let - pname = "librewolf-bin"; - upstreamVersion = "135.0-1"; - version = lib.replaceStrings [ "-" ] [ "." ] upstreamVersion; - src = fetchurl { - url = "https://gitlab.com/api/v4/projects/24386000/packages/generic/librewolf/${upstreamVersion}/LibreWolf.x86_64.AppImage"; - hash = "sha256-Qg4hc3bpJh3NFMUlq65K1fVtp6Slgtk2OjvcELp4aH8="; - }; - appimageContents = appimageTools.extract { inherit pname version src; }; -in -appimageTools.wrapType2 { - inherit pname version src; - - extraInstallCommands = '' - mv $out/bin/{${pname},librewolf} - install -Dm444 ${appimageContents}/io.gitlab.LibreWolf.desktop -t $out/share/applications - install -Dm444 ${appimageContents}/librewolf.png -t $out/share/pixmaps - ''; - - meta = { - description = "Fork of Firefox, focused on privacy, security and freedom (upstream AppImage release)"; - homepage = "https://librewolf.net"; - license = lib.licenses.mpl20; - maintainers = with lib.maintainers; [ dwrege ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "librewolf"; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d4747cf24f7b..96916342197c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13423,6 +13423,16 @@ with pkgs; libName = "librewolf"; }; + librewolf-bin = wrapFirefox librewolf-bin-unwrapped { + pname = "librewolf-bin"; + extraPrefsFiles = [ + "${librewolf-bin-unwrapped}/lib/librewolf-bin-${librewolf-bin-unwrapped.version}/librewolf.cfg" + ]; + extraPoliciesFiles = [ + "${librewolf-bin-unwrapped}/lib/librewolf-bin-${librewolf-bin-unwrapped.version}/distribution/extra-policies.json" + ]; + }; + firefox_decrypt = python3Packages.callPackage ../tools/security/firefox_decrypt { }; floorp-unwrapped = import ../applications/networking/browsers/floorp {