From d031843a1eee244172570c64c9e238641563e68e Mon Sep 17 00:00:00 2001 From: Luis-Hebendanz Date: Sun, 22 Aug 2021 22:17:44 +0200 Subject: [PATCH] firefox: Added checks for new addon behaviour since v91 --- doc/builders/packages/firefox.section.md | 7 +++++-- nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 6 ++++++ nixos/doc/manual/release-notes/rl-2111.section.md | 3 +++ pkgs/applications/networking/browsers/firefox/wrapper.nix | 2 ++ pkgs/top-level/all-packages.nix | 4 +++- 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/doc/builders/packages/firefox.section.md b/doc/builders/packages/firefox.section.md index b7c430db232d..d6426981da7d 100644 --- a/doc/builders/packages/firefox.section.md +++ b/doc/builders/packages/firefox.section.md @@ -2,11 +2,12 @@ ## Build wrapped Firefox with extensions and policies {#build-wrapped-firefox-with-extensions-and-policies} -The `wrapFirefox` function allows to pass policies, preferences and extension that are available to firefox. With the help of `fetchFirefoxAddon` this allows build a firefox version that already comes with addons pre-installed: +The `wrapFirefox` function allows to pass policies, preferences and extension that are available to Firefox. With the help of `fetchFirefoxAddon` this allows build a Firefox version that already comes with addons pre-installed: ```nix { - myFirefox = wrapFirefox firefox-unwrapped { + # Nix firefox addons only work with the firefox-esr package. + myFirefox = wrapFirefox firefox-esr-unwrapped { nixExtensions = [ (fetchFirefoxAddon { name = "ublock"; # Has to be unique! @@ -45,5 +46,7 @@ or type into the Firefox url bar: `about:policies#documentation`. Nix installed addons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded addons are checksumed and manual addons can't be installed. Also make sure that the `name` field of fetchFirefoxAddon is unique. If you remove an addon from the nixExtensions array, rebuild and start Firefox the removed addon will be completly removed with all of its settings. ## Troubleshooting {#sec-firefox-troubleshooting} +If addons are marked as broken or the signature is invalid, make sure you have Firefox ESR installed. Normal Firefox does not provide the ability anymore to disable signature verification for addons thus nix addons get disabled by the normal Firefox binary. + If addons do not appear installed although they have been defined in your nix configuration file reset the local addon state of your Firefox profile by clicking `help -> restart with addons disabled -> restart -> refresh firefox`. This can happen if you switch from manual addon mode to nix addon mode and then back to manual mode and then again to nix addon mode. diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index a138d4c8780c..a52c4762ea99 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -286,6 +286,12 @@ Superuser created successfully. from 1.0.4 to 4.1.0 + + + Firefox v91 does not support addons with invalid signature + anymore. Firefox ESR needs to be used for nix addon support. + + The erigon ethereum node has moved to a new diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 35d65dc43cf3..e5196a20afdf 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -60,6 +60,7 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} + - The `paperless` module and package have been removed. All users should migrate to the successor `paperless-ng` instead. The Paperless project [has been archived](https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4) @@ -109,6 +110,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - The `staticjinja` package has been upgraded from 1.0.4 to 4.1.0 +- Firefox v91 does not support addons with invalid signature anymore. Firefox ESR needs to be used for nix addon support. + - The `erigon` ethereum node has moved to a new database format in `2021-05-04`, and requires a full resync - `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable). diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 0ef5233ff6b8..aa6f7da503fb 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -91,6 +91,8 @@ let # and an extid attribute extensions = if nameArray != (lib.unique nameArray) then throw "Firefox addon name needs to be unique" + else if ! (lib.hasSuffix "esr" browser.name) then + throw "Nix addons are only supported in Firefox ESR" else builtins.map (a: if ! (builtins.hasAttr "extid" a) then throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 656d20435711..94f7943ea4c7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24521,10 +24521,12 @@ with pkgs; firefox-esr-91-unwrapped = firefoxPackages.firefox-esr-91; firefox = wrapFirefox firefox-unwrapped { }; firefox-wayland = wrapFirefox firefox-unwrapped { forceWayland = true; }; - firefox-esr-wayland = wrapFirefox firefox-esr-91-unwrapped { forceWayland = true; }; firefox-esr-78 = wrapFirefox firefox-esr-78-unwrapped { }; firefox-esr-91 = wrapFirefox firefox-esr-91-unwrapped { }; + firefox-esr = firefox-esr-78; + firefox-esr-unwrapped = firefoxPackages.firefox-esr-78; + firefox-esr-wayland = wrapFirefox firefox-esr-91-unwrapped { forceWayland = true; }; firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin { channel = "release";