colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

firefox-extensions.ublock: restrict to signed releases ONLY

Browse Source
This commit is contained in:
Colin
2025-03-20 02:33:37 +00:00
parent d868f4fa15
commit 9b9d0760b4
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/by-name/firefox-extensions/package.nix
View File

@@ -167,9 +167,12 @@ let
ublock-origin = fetchVersionedAddon rec { ublock-origin = fetchVersionedAddon rec {
extid = "uBlock0@raymondhill.net"; extid = "uBlock0@raymondhill.net";
pname = "ublock-origin"; pname = "ublock-origin";
# N.B.: a handful of versions are released unsigned # N.B.: the release process seems to be to first release an unsigned .xpi,
url = "https://github.com/gorhill/uBlock/releases/download/${version}/uBlock0_${version}.firefox.xpi"; # then sign it a few days later,
# url = "https://github.com/gorhill/uBlock/releases/download/${version}/uBlock0_${version}.firefox.signed.xpi"; # and then REMOVE THE UNSIGNED RELEASE.
# therefore, only grab signed releases, to avoid having the artifact disappear out from under us :(
# url = "https://github.com/gorhill/uBlock/releases/download/${version}/uBlock0_${version}.firefox.xpi";
url = "https://github.com/gorhill/uBlock/releases/download/${version}/uBlock0_${version}.firefox.signed.xpi";
version = "1.63.0"; version = "1.63.0";
hash = "sha256-RqleAoNzRCRTwH/MMSi0wuo+/G875yc3csyXNcqJO+Q="; hash = "sha256-RqleAoNzRCRTwH/MMSi0wuo+/G875yc3csyXNcqJO+Q=";
}; };