push sheeet

pkgs/applications/networking/browsers/librewolf/default.nix

@@ -0,0 +1,54 @@
+{
+  stdenv,
+  lib,
+  callPackage,
+  buildMozillaMach,
+  nixosTests,
+}:
+
+let
+  librewolf-src = callPackage ./librewolf.nix { };
+in
+(buildMozillaMach {
+  pname = "librewolf";
+  applicationName = "LibreWolf";
+  binaryName = "librewolf";
+  version = librewolf-src.packageVersion;
+  src = librewolf-src.firefox;
+  requireSigning = false;
+  allowAddonSideload = true;
+  branding = "browser/branding/librewolf";
+  inherit (librewolf-src)
+    extraConfigureFlags
+    extraPatches
+    extraPostPatch
+    extraPassthru
+    ;
+
+  meta = {
+    description = "Fork of Firefox, focused on privacy, security and freedom";
+    homepage = "https://librewolf.net/";
+    maintainers = with lib.maintainers; [
+      # Also update ci/OWNERS entry when changing maintainers
+      squalus
+      dwrege
+      fpletz
+      grimmauld
+    ];
+    platforms = lib.platforms.unix;
+    broken = stdenv.buildPlatform.is32bit;
+    # since Firefox 60, build on 32-bit platforms fails with "out of memory".
+    # not in `badPlatforms` because cross-compilation on 64-bit machine might work.
+    maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
+    license = lib.licenses.mpl20;
+    mainProgram = "librewolf";
+  };
+  tests = { inherit (nixosTests) librewolf; };
+  updateScript = callPackage ./update.nix {
+    attrPath = "librewolf-unwrapped";
+  };
+}).override
+  {
+    crashreporterSupport = false;
+    enableOfficialBranding = false;
+  }

pkgs/applications/networking/browsers/librewolf/librewolf.nix

@@ -0,0 +1,55 @@
+{ callPackage }:
+let
+  src = callPackage ./src.nix { };
+in
+rec {
+
+  inherit (src) packageVersion firefox source;
+
+  extraPatches = [ "${source}/patches/pref-pane/pref-pane-small.patch" ];
+
+  extraConfigureFlags = [
+    "--with-unsigned-addon-scopes=app,system"
+    "--disable-default-browser-agent"
+  ];
+
+  extraPostPatch = ''
+    while read patch_name; do
+      echo "applying LibreWolf patch: $patch_name"
+      patch -p1 < ${source}/$patch_name
+    done <${source}/assets/patches.txt
+
+    cp -r ${source}/themes/browser .
+    cp ${source}/assets/search-config.json services/settings/dumps/main/search-config.json
+    sed -i '/MOZ_SERVICES_HEALTHREPORT/ s/True/False/' browser/moz.configure
+
+    cp ${source}/patches/pref-pane/category-librewolf.svg browser/themes/shared/preferences
+    cp ${source}/patches/pref-pane/librewolf.css browser/themes/shared/preferences
+    cp ${source}/patches/pref-pane/librewolf.inc.xhtml browser/components/preferences
+    cp ${source}/patches/pref-pane/librewolf.js browser/components/preferences
+
+    # override firefox version
+    for fn in browser/config/version.txt browser/config/version_display.txt; do
+      echo "${packageVersion}" > "$fn"
+    done
+
+    echo "patching appstrings.properties"
+    find . -path '*/appstrings.properties' -exec sed -i s/Firefox/LibreWolf/ {} \;
+
+    for fn in $(find "${source}/l10n/en-US/browser" -type f -name '*.inc.ftl'); do
+      target_fn=$(echo "$fn" | sed "s,${source}/l10n,browser/locales," | sed "s,\.inc\.ftl$,.ftl,")
+      cat "$fn" >> "$target_fn"
+    done
+  '';
+
+  extraPrefsFiles = [ "${source}/settings/librewolf.cfg" ];
+
+  extraPoliciesFiles = [ "${source}/settings/distribution/policies.json" ];
+
+  extraPassthru = {
+    librewolf = {
+      inherit src extraPatches;
+    };
+    inherit extraPrefsFiles extraPoliciesFiles;
+  };
+}

pkgs/applications/networking/browsers/librewolf/src.json

@@ -0,0 +1,11 @@
+{
+  "packageVersion": "143.0.4-1",
+  "source": {
+    "rev": "143.0.4-1",
+    "hash": "sha256-RyLz5se2AqXAmsa/MckiUgcBfRxZVVsrNg2L757qOuo="
+  },
+  "firefox": {
+    "version": "143.0.4",
+    "hash": "sha512-K8veTnLqQenMyYg2kBY1NQtdx7UMYY4Zq2EDonrcDwF8o/p1VTeMivbuHzoU0Ck1KJ/isNNdhA1hD1rAeojktg=="
+  }
+}

pkgs/applications/networking/browsers/librewolf/src.nix

@@ -0,0 +1,26 @@
+{
+  lib,
+  fetchurl,
+  fetchFromGitea,
+}:
+let
+  src = lib.importJSON ./src.json;
+in
+{
+  inherit (src) packageVersion;
+  source = fetchFromGitea (
+    src.source
+    // {
+      domain = "codeberg.org";
+      owner = "librewolf";
+      repo = "source";
+      fetchSubmodules = true;
+    }
+  );
+  firefox = fetchurl (
+    src.firefox
+    // {
+      url = "mirror://mozilla/firefox/releases/${src.firefox.version}/source/firefox-${src.firefox.version}.source.tar.xz";
+    }
+  );
+}

pkgs/applications/networking/browsers/librewolf/update.nix

@@ -0,0 +1,81 @@
+# how to use
+# nix-update -u librewolf-unwrapped
+{
+  writeScript,
+  lib,
+  coreutils,
+  gnused,
+  gnugrep,
+  curl,
+  gnupg,
+  jq,
+  nix-prefetch-git,
+  moreutils,
+  runtimeShell,
+  nix,
+  ...
+}:
+
+writeScript "update-librewolf" ''
+  #!${runtimeShell}
+  PATH=${
+    lib.makeBinPath [
+      coreutils
+      curl
+      gnugrep
+      gnupg
+      gnused
+      jq
+      moreutils
+      nix-prefetch-git
+      nix
+    ]
+  }
+  set -euo pipefail
+
+  latestTag=$(curl "https://codeberg.org/api/v1/repos/librewolf/source/tags?page=1&limit=1" | jq -r .[0].name)
+  echo "latestTag=$latestTag"
+
+  srcJson=pkgs/applications/networking/browsers/librewolf/src.json
+  localRev=$(jq -r .source.rev < $srcJson)
+  echo "localRev=$localRev"
+
+  if [ "$localRev" == "$latestTag" ]; then
+    exit 0
+  fi
+
+  prefetchOut=$(mktemp)
+  repoUrl=https://codeberg.org/librewolf/source.git
+  nix-prefetch-git $repoUrl --quiet --rev $latestTag --fetch-submodules > $prefetchOut
+  srcDir=$(jq -r .path < $prefetchOut)
+  srcHash=$(nix --extra-experimental-features nix-command hash convert --to sri --hash-algo sha256 $(jq -r .sha256 < $prefetchOut))
+
+  ffVersion=$(<$srcDir/version)
+  lwRelease=$(<$srcDir/release)
+  lwVersion="$ffVersion-$lwRelease"
+  echo "lwVersion=$lwVersion"
+  echo "ffVersion=$ffVersion"
+  if [ "$lwVersion" != "$latestTag" ]; then
+    echo "error: Tag name does not match the computed LibreWolf version"
+    exit 1
+  fi
+
+  HOME=$(mktemp -d)
+  export GNUPGHOME=$(mktemp -d)
+  gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
+
+  mozillaUrl=https://archive.mozilla.org/pub/firefox/releases/
+
+  curl --silent --show-error -o "$HOME"/shasums "$mozillaUrl$ffVersion/SHA512SUMS"
+  curl --silent --show-error -o "$HOME"/shasums.asc "$mozillaUrl$ffVersion/SHA512SUMS.asc"
+  gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums
+
+  ffHash=$(nix --extra-experimental-features nix-command hash convert --to sri --hash-algo sha512 $(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o))
+  echo "ffHash=$ffHash"
+
+  jq ".source.rev = \"$latestTag\"" $srcJson | sponge $srcJson
+  jq ".source.hash = \"$srcHash\"" $srcJson | sponge $srcJson
+  jq ".firefox.version = \"$ffVersion\"" $srcJson | sponge $srcJson
+  jq ".firefox.hash = \"$ffHash\"" $srcJson | sponge $srcJson
+  jq ".packageVersion = \"$lwVersion\"" $srcJson | sponge $srcJson
+''