ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
pkgs/applications/networking/browsers/firefox-bin/default.nix Normal file
View File

@@ -0,0 +1,191 @@
{
lib,
stdenv,
fetchurl,
config,
wrapGAppsHook3,
autoPatchelfHook,
alsa-lib,
curl,
dbus-glib,
gtk3,
libXtst,
libva,
pciutils,
pipewire,
adwaita-icon-theme,
generated,
writeScript,
writeText,
xidel,
coreutils,
gnused,
gnugrep,
gnupg,
runtimeShell,
systemLocale ? config.i18n.defaultLocale or "en_US",
patchelfUnstable, # have to use patchelfUnstable to support --no-clobber-old-sections
applicationName ? "Firefox",
undmg,
}:
let
inherit (generated) version sources;
binaryName = "firefox";
mozillaPlatforms = {
i686-linux = "linux-i686";
x86_64-linux = "linux-x86_64";
aarch64-linux = "linux-aarch64";
# bundles are universal and can be re-used for both darwin architectures
aarch64-darwin = "mac";
x86_64-darwin = "mac";
};
arch = mozillaPlatforms.${stdenv.hostPlatform.system};
isPrefixOf = prefix: string: builtins.substring 0 (builtins.stringLength prefix) string == prefix;
sourceMatches = locale: source: (isPrefixOf source.locale locale) && source.arch == arch;
policies = {
DisableAppUpdate = true;
}
// config.firefox.policies or { };
policiesJson = writeText "firefox-policies.json" (builtins.toJSON { inherit policies; });
defaultSource = lib.findFirst (sourceMatches "en-US") { } sources;
mozLocale =
if systemLocale == "ca_ES@valencia" then
"ca-valencia"
else
lib.replaceStrings [ "_" ] [ "-" ] systemLocale;
source = lib.findFirst (sourceMatches mozLocale) defaultSource sources;
pname = "firefox-bin-unwrapped";
in
stdenv.mkDerivation {
inherit pname version;
src = fetchurl { inherit (source) url sha256; };
sourceRoot = lib.optional stdenv.hostPlatform.isDarwin ".";
nativeBuildInputs = [
wrapGAppsHook3
]
++ lib.optionals (!stdenv.hostPlatform.isDarwin) [
autoPatchelfHook
patchelfUnstable
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
undmg
];
buildInputs = lib.optionals (!stdenv.hostPlatform.isDarwin) [
gtk3
adwaita-icon-theme
alsa-lib
dbus-glib
libXtst
];
runtimeDependencies = [
curl
pciutils
]
++ lib.optionals (!stdenv.hostPlatform.isDarwin) [
libva.out
];
appendRunpaths = lib.optionals (!stdenv.hostPlatform.isDarwin) [
"${pipewire}/lib"
];
# Firefox uses "relrhack" to manually process relocations from a fixed offset
patchelfFlags = [ "--no-clobber-old-sections" ];
# don't break code signing
dontFixup = stdenv.hostPlatform.isDarwin;
installPhase =
if stdenv.hostPlatform.isDarwin then
''
mkdir -p $out/Applications
mv Firefox*.app "$out/Applications/${applicationName}.app"
''
else
''
mkdir -p "$prefix/lib/firefox-bin-${version}"
cp -r * "$prefix/lib/firefox-bin-${version}"
mkdir -p "$out/bin"
ln -s "$prefix/lib/firefox-bin-${version}/firefox" "$out/bin/${binaryName}"
# See: https://github.com/mozilla/policy-templates/blob/master/README.md
mkdir -p "$out/lib/firefox-bin-${version}/distribution";
ln -s ${policiesJson} "$out/lib/firefox-bin-${version}/distribution/policies.json";
'';
passthru = {
inherit applicationName binaryName;
libName = "firefox-bin-${version}";
ffmpegSupport = true;
gssSupport = true;
gtk3 = gtk3;
# update with:
# $ nix-shell maintainers/scripts/update.nix --argstr package firefox-bin-unwrapped
updateScript = import ./update.nix {
inherit
pname
writeScript
xidel
coreutils
gnused
gnugrep
gnupg
curl
runtimeShell
;
baseUrl = "https://archive.mozilla.org/pub/firefox/releases/";
};
};
meta = {
changelog = "https://www.mozilla.org/en-US/firefox/${version}/releasenotes/";
description = "Mozilla Firefox, free web browser (binary package)";
homepage = "https://www.mozilla.org/firefox/";
license = {
shortName = "firefox";
fullName = "Firefox Terms of Use";
url = "https://www.mozilla.org/about/legal/terms/firefox/";
# "You Are Responsible for the Consequences of Your Use of Firefox"
# (despite the heading, not an indemnity clause) states the following:
#
# > You agree that you will not use Firefox to infringe anyones rights
# > or violate any applicable laws or regulations.
# >
# > You will not do anything that interferes with or disrupts Mozillas
# > services or products (or the servers and networks which are connected
# > to Mozillas services).
#
# This conflicts with FSF freedom 0: "The freedom to run the program as
# you wish, for any purpose". (Why should Mozilla be involved in
# instances where you break your local laws just because you happen to
# use Firefox whilst doing it?)
free = false;
redistributable = true; # since MPL-2.0 still applies
};
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
platforms = builtins.attrNames mozillaPlatforms;
hydraPlatforms = [ ];
maintainers = with lib.maintainers; [
taku0
lovesegfault
];
mainProgram = binaryName;
};
}

2477
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix Normal file
View File

File diff suppressed because it is too large Load Diff

92
pkgs/applications/networking/browsers/firefox-bin/update.nix Normal file
View File

@@ -0,0 +1,92 @@
{
pname,
writeScript,
xidel,
coreutils,
gnused,
gnugrep,
curl,
gnupg,
runtimeShell,
baseName ? "firefox",
basePath ? "pkgs/applications/networking/browsers/firefox-bin",
baseUrl,
versionSuffix ? "",
}:
writeScript "update-${pname}" ''
#!${runtimeShell}
PATH=${coreutils}/bin:${gnused}/bin:${gnugrep}/bin:${xidel}/bin:${curl}/bin:${gnupg}/bin
set -eux
pushd ${basePath}
HOME=`mktemp -d`
export GNUPGHOME=`mktemp -d`
curl https://keys.openpgp.org/vks/v1/by-fingerprint/09BEED63F3462A2DFFAB3B875ECB6497C1A20256 | gpg --import -
tmpfile=`mktemp`
url=${baseUrl}
# retriving latest released version
# - extracts all links from the $url
# - removes . and ..
# - this line remove everything not starting with a number
# - this line sorts everything with semver in mind
# - we remove lines that are mentioning funnelcake
# - this line removes beta version if we are looking for final release
# versions or removes release versions if we are looking for beta
# versions
# - this line pick up latest release
version=`xidel -s $url --extract "//a" | \
sed s"/.$//" | \
grep "^[0-9]" | \
sort --version-sort | \
grep -v "funnelcake" | \
grep -e "\([[:digit:]]\|[[:digit:]][[:digit:]]\)${versionSuffix}$" | grep -v "b" | \
tail -1`
curl --silent -o $HOME/shasums "$url$version/SHA256SUMS"
curl --silent -o $HOME/shasums.asc "$url$version/SHA256SUMS.asc"
gpgv --keyring=$GNUPGHOME/pubring.kbx $HOME/shasums.asc $HOME/shasums
# this is a list of sha256 and tarballs for both arches
# Upstream files contains python repr strings like b'somehash', hence the sed dance
shasums=`cat $HOME/shasums | sed -E s/"b'([a-f0-9]{64})'?(.*)"/'\1\2'/ | grep '\.\(tar\.[a-z0-9]\+\|dmg\)$' | grep -v mac-EME-free`
cat > $tmpfile <<EOF
{
version = "$version";
sources = [
EOF
for arch in linux-x86_64 linux-i686 linux-aarch64 mac; do
# retriving a list of all tarballs for each arch
# - only select tarballs for current arch
# - only select tarballs for current version
# - rename space with colon so that for loop doesnt
# - inteprets sha and path as 2 lines
IFS=$'\n'
for line in `echo "$shasums" | \
grep $arch | \
grep -i "${baseName}.$version"'\.\(tar\.[a-z0-9]\+\|dmg\)$' | \
sed "s/ /:/ ; s/ /:/"`; do
# create an entry for every locale
cat >> $tmpfile <<EOF
{
url = "$url$version/`echo $line | cut -d":" -f3 | sed "s/ /%20/"`";
locale = "`echo $line | cut -d":" -f3 | sed "s/$arch\///" | sed "s/\/.*//"`";
arch = "$arch";
sha256 = "`echo $line | cut -d":" -f1`";
}
EOF
done
done
cat >> $tmpfile <<EOF
];
}
EOF
mv $tmpfile release${if versionSuffix == "" then "" else "_${versionSuffix}"}_sources.nix
popd
''