Firefox nix addon support #91724
Firefox nix addon support #91724
Conversation
|
I am all in, for being able to customize Firefox even more, but I have a feeling that this is more of a home-manager thing, as it would be lovely to be able to configure pr. profle, instead of globally. Ideally, we should support these things:
I think we should try to achieve all these, with the least amount of hacks, and working WITH Firefox/Mozilla in this case. |
|
To summarize our mumble discussion. I suggest to move the firefox extension code to its builder that allows to override a build phases rather than passing in data. However @luis-hebendanz does not want to implement that, so if someone else wants to pick it up, go for it. |
I strongly disagree to make this a home manager thing. Organizations want to deploy specific configs of Firefox to employees, the current method ensures complete immutability in this regard, home-manager can not guarantee that. Installation of addons can only be done through the policies.json since the newer Firefox versions which means home-manager can't do that. The policies.json are already used 100% for installing the addons in this pull request. |
|
Well, actually because of a patch here - https://bugzilla.mozilla.org/show_bug.cgi?id=1583466, it is actually possible to do pr. user policies.json. But, a thing that might change this whole thin, if we are only going for policies.json here, is to use Also, supporting both would be nice, but I see the pro in both! |
It could be a simple symlink to the package in that case. |
|
@Mic92 I added a builder called fetchfirefoxaddon, I also updated my first comment above with an example how to use it now. |
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Mic92
force-pushed
the
firefox-nix-addon-support
branch
from
d4033c7
to
22f4948
Compare
Mic92
force-pushed
the
firefox-nix-addon-support
branch
from
22f4948
to
7c8994e
Compare
|
Is extensions for Firefox something we want to cover in Nixpkgs? EDIT: as in having nixpkgs.firefoxExtensions.ublock |
|
They're some of the most security critical and most used programs, I think packaging them would be a good idea. |
I am only a bit concerned that they get out of date on stable channels. Also on unstable they would be a automatic update mechanism required. |
|
That is also my main concern, as channels can hang for a while. I know that @rycee has a job on Gitlab that automatically updates the Firefox addons that you can use with home-manager ( https://gitlab.com/rycee/nur-expressions/-/tree/master/pkgs/firefox-addons ) Maybe they could be placed in the community repo? Even though that seems like a hacked solution. PS: Also this might be a separate issue for discussion? |
|
Yeah. Having a firefox-addon repo sounds like a great idea. |
If we updated them automatically anyways, backporting to stable would be trivial. |
|
Created a discussion here - #105783 |
Backporting is still some amount of work that could be avoided if both stable/unstable users could use a repo independent from nixpkgs. |
| }; | ||
|
|
||
| mozillaCfg = builtins.toFile "mozilla.cfg" '' | ||
| // First line must be a comment |
There was a problem hiding this comment.
This looks indented incorrectly.
There was a problem hiding this comment.
Its not because toFile does not strip tabs away and this file format needs a comment without spaces at the beginning
There was a problem hiding this comment.
@luis-hebendanz: toFile only takes strings, the stripping is caused by ''...''. I don't however see any tab characters involved here. Checking this quickly via nix repl results in:
nix-repl> builtins.readFile (builtins.toFile "mozilla.cfg" ''
// First line must be a comment
// Disables addon signature checking
// to be able to install addons that do not have an extid
// Security is maintained because only user whitelisted addons
// with a checksum can be installed
lockPref("xpinstall.signatures.required", false);
...
'')
"// First line must be a comment\n\n// Disables addon signature checking\n// to be able to install addons that do not have an extid\n// Security is maintained because only user whitelisted addons\n// with a checksum can be installed\nlockPref(\"xpinstall.signatures.required\", false);\n...\n"
nix-repl>
|
Should we have an option to disable the policy, and disable the policy by default? If this patch is merged to the stable, existing users will lose their installed add-ons. It is not an ideal experience. |
|
I opened up a fix here #105796 |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
Motivation for this change
This pull request comes with a bunch of things.
First and foremost you can now add addons to firefox which are pinned to a specific version.
If you remove the addon from your nix config it will also be removed from every firefox profile.
If you change the version of the addon in the configuration it also updates the versions in every profile.
This was terribly difficult to get to work!
The second thing that has been added is a global config for Firefox settings that can't be changed by the user in the respective Firefox profile.
This is the overhauled version of: #74297
Example usage:
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)@Lassulus