firefox: allow either librewolf OR firefox to load unsigned addons

2024-12-02 02:52:11 +00:00
parent b5581b57f3
commit 6f04f3d558
1 changed files with 56 additions and 20 deletions
--- a/hosts/common/programs/firefox/default.nix
+++ b/hosts/common/programs/firefox/default.nix
@@ -46,7 +46,14 @@ let
  addonSuggestedPrograms = lib.map (n: config.sane.programs."${n}") addonSuggestedProgramNames;
  addonHomePaths = lib.concatMap (p: p.sandbox.extraHomePaths) (addonSuggestedPrograms ++ nativeMessagingPrograms);

-  packageUnwrapped = (pkgs.wrapFirefox cfg.browser.browser {
+  packageUnwrapped = let
+    unwrapped = cfg.browser.browser // {
+      # i configure these post wrapping (below), but the wrapper errors if it thinks the browser was built
+      # with a different config
+      allowAddonSideload = true;
+      requireSigning = false;
+    };
+  in (pkgs.wrapFirefox unwrapped {
    # inherit the default librewolf.cfg
    # it can be further customized via ~/.librewolf/librewolf.overrides.cfg
    inherit (cfg.browser) extraPrefsFiles libName;
@@ -56,6 +63,9 @@ let
  }).overrideAttrs (base: {
    nativeBuildInputs = (base.nativeBuildInputs or []) ++ [
      pkgs.copyDesktopItems
+      pkgs.gnused
+      pkgs.unzip
+      pkgs.zip
    ];
    desktopItems = (base.desktopItems or []) ++ [
      (pkgs.makeDesktopItem {
@@ -84,31 +94,57 @@ let

    # TODO: could use `zip -f` to only update the one changed file, instead of rezipping everything.
    buildCommand = (base.buildCommand or "") + ''
-      mkdir omni
+      patchOmni() {
+        local name="$1"
+        local ja="$2"

-      echo "omni.ja BEFORE:"
-      ls -l $(readlink $out/lib/${cfg.browser.libName}/browser/omni.ja)
+        mkdir $name
+        echo "$ja: BEFORE:"
+        ls -l $(readlink $out/lib/${cfg.browser.libName}/$ja)

-      echo "unzipping omni.ja"
-      # N.B. `zip` exits non-zero even on successful extraction, if the file didn't 100% obey spec
-      ${lib.getExe pkgs.buildPackages.unzip} $out/lib/${cfg.browser.libName}/browser/omni.ja -d omni || true
+        echo "unzipping $ja"
+        # N.B. `zip` exits non-zero even on successful extraction, if the file didn't 100% obey spec
+        unzip $out/lib/${cfg.browser.libName}/$ja -d $name || true

-      echo "removing old omni.ja"
-      rm $out/lib/${cfg.browser.libName}/browser/omni.ja
+        echo "removing old $ja"
+        rm $out/lib/${cfg.browser.libName}/$ja

-      echo "patching omni.ja"
-      # de-associate `ctrl+shift+c` from activating the devtools.
-      # see: <https://stackoverflow.com/a/54260938>
-      ${lib.getExe pkgs.buildPackages.gnused} -i s'/devtools-commandkey-inspector = C/devtools-commandkey-inspector = VK_F12/' omni/localization/en-US/devtools/startup/key-shortcuts.ftl
-      # remap Close Tab shortcut from Ctrl+W to Ctrl+Shift+W
-      # see: <https://www.math.cmu.edu/~gautam/sj/blog/20220329-firefox-disable-ctrl-w.html>
-      ${lib.getExe pkgs.buildPackages.gnused} -i s'/command="cmd_close" modifiers="accel"/command="cmd_close" modifiers="accel,shift"/' omni/chrome/browser/content/browser/browser.xhtml
+        (
+          pushd $name
+          echo "patching $ja"
+          patch_''${name}_hook

-      echo "re-zipping omni.ja"
-      pushd omni; ${lib.getExe pkgs.buildPackages.zip} $out/lib/${cfg.browser.libName}/browser/omni.ja -r ./*; popd
+          echo "re-zipping $ja"
+          zip $out/lib/${cfg.browser.libName}/$ja -r ./*
+          popd
+        )

-      echo "omni.ja AFTER:"
-      ls -l $out/lib/${cfg.browser.libName}/browser/omni.ja
+        echo "$ja: AFTER:"
+        ls -l $out/lib/${cfg.browser.libName}/$ja
+      }
+
+      patch_browser_omni_hook() {
+        # de-associate `ctrl+shift+c` from activating the devtools.
+        # see: <https://stackoverflow.com/a/54260938>
+        sed -i s'/devtools-commandkey-inspector = C/devtools-commandkey-inspector = VK_F12/' localization/en-US/devtools/startup/key-shortcuts.ftl
+
+        # remap Close Tab shortcut from Ctrl+W to Ctrl+Shift+W
+        # see: <https://www.math.cmu.edu/~gautam/sj/blog/20220329-firefox-disable-ctrl-w.html>
+        sed -i s'/command="cmd_close" modifiers="accel"/command="cmd_close" modifiers="accel,shift"/' chrome/browser/content/browser/browser.xhtml
+      }
+
+      patch_toplevel_omni_hook() {
+        # allow loading "unsigned" addons (i.e. the ones i fucking build FROM SOURCE).
+        # required for Mozilla firefox; not for Librewolf
+        # alternative implementations require a rebuild:
+        # - nixpkgs `allowAddonSideload = true;`
+        # - configure flag `--allow-addond-sideload`
+        sed -i s'/MOZ_ALLOW_ADDON_SIDELOAD:/MOZ_ALLOW_ADDON_SIDELOAD: true, _OLD_MOZ_ALLOW_ADDON_SIDELOAD:/' modules/AppConstants.sys.mjs
+        sed -i s'/MOZ_REQUIRE_SIGNING:/MOZ_REQUIRE_SIGNING: false, _OLD_MOZ_REQUIRE_SIGNING:/' modules/AppConstants.sys.mjs
+      }
+
+      patchOmni "browser_omni" "browser/omni.ja"
+      patchOmni "toplevel_omni" "omni.ja"

      runHook postBuild
      runHook postInstall