/nixpkgs-mozilla

Mozilla overlay for Nixpkgs.

Primary LanguageNixMIT LicenseMIT

nixpkgs-mozilla

Gathering nix efforts in one repository.

Current packages

firefox-bin variants

Nixpkgs already has definitions for firefox, which is built from source, as well as firefox-bin, which is the binary Firefox version built by Mozilla.

The firefox-overlay.nix in this repository adds definitions for some other firefox-bin variants that Mozilla ships: firefox-nightly-bin, firefox-beta-bin, and firefox-esr-bin. All are exposed under a latest attribute, e.g. latest.firefox-nightly-bin.

Unfortunately, these variants do not auto-update, and you may see some annoying pop-ups complaining about this.

Note that all the -bin packages are "unfree" (because of the Firefox trademark, held by Mozilla), so you will need to set nixpkgs.config.allowUnfree in order to use them. More info here.

Rust overlay

NOTE: Nix overlays only works on up-to-date versions of NixOS/nixpkgs, starting from 17.03.

A nixpkgs overlay is provided to contain all of the latest rust releases.

To use the rust overlay run the ./rust-overlay-install.sh command. It will link the current ./rust-overlay.nix into your ~/.config/nixpkgs/overlays folder.

Once this is done, use nix-env -iA nixpkgs.latest.rustChannels.nightly.rust for example. Replace the nixpkgs. prefix with nixos. on NixOS.

Using in nix expressions

Example of using in `shell.nix`:

let
  moz_overlay = import (builtins.fetchTarball https://github.com/mozilla/nixpkgs-mozilla/archive/master.tar.gz);
  nixpkgs = import <nixpkgs> { overlays = [ moz_overlay ]; };
in
  with nixpkgs;
  stdenv.mkDerivation {
    name = "moz_overlay_shell";
    buildInputs = [
      # to use the latest nightly:
      nixpkgs.latest.rustChannels.nightly.rust
      # to use a specific nighly:
      (nixpkgs.rustChannelOf { date = "2018-04-11"; channel = "nightly"; }).rust
      # to use the project's rust-toolchain file:
      (nixpkgs.rustChannelOf { rustToolchain = ./rust-toolchain; }).rust
    ];
  }

Flake usage

This repository contains a minimal flake interface for the various overlays in this repository. To use it in your own flake, add it as an input to your flake.nix:

The available overlays are nixpkgs-mozilla.overlay for the default overlay containing everything, and nixpkgs-mozilla.overlays.{lib, rust, rr, firefox, git-cinnabar} respectively. Depending on your use case, you might need to set the --impure flag when invoking the nix command. This is because this repository fetches resources from non-pinned URLs non-reproducibly.

Firefox Development Environment

This repository provides several tools to facilitate development on Firefox. Firefox is built on an engine called Gecko, which lends its name to some of the files and derivations in this repo.

Checking out Firefox

To build Firefox from source, it is best to have a local checkout of mozilla-central. mozilla-central is hosted in Mercurial, but some people prefer to access it using git and git-cinnabar. The tools in this repo support either using mercurial or git.

This repository provides a git-cinnabar-overlay.nix which defines a git-cinnabar derivation. This overlay can be used to install git-cinnabar, either using nix-env or as part of a system-wide configuration.nix.

Building Firefox

The firefox-overlay.nix provides an environment to build Firefox from its sources, once you have finished the checkout of mozilla-central. You can use nix-shell to enter this environment to launch mach commands to build Firefox and test your build.

Some debugging tools are available in this environment as well, but other development tools (such as those used to submit changes for review) are outside the scope of this environment.

The nix-shell environment is available in the gecko.<arch>.<cc> attribute of the release.nix file provided in this repository.

The <arch> attribute is either x86_64-linux or i686-linux. The first one would create a native toolchain for compiling on x64, while the second one would give a native toolchain for compiling on x86. Note that due to the size of the compilation units on x86, the compilation might not be able to complete, but some sub part of Gecko, such as SpiderMonkey would compile fine.

The <cc> attribute is either gcc or clang, or any specific version of the compiler available in the compiler-overlay.nix file which is repeated in release.nix. This compiler would only be used for compiling Gecko, and the rest of the toolchain is compiled against the default stdenv of the architecture.

When first entering the nix-shell, the toolchain will pull and build all the dependencies necessary to build Gecko, this includes might take some time. This work will not be necessary the second time, unless you use a different toolchain or architecture.

~/$ cd mozilla-central
~/mozilla-central$ nix-shell ../nixpkgs-mozilla/release.nix -A gecko.x86_64-linux.gcc --pure
  ... pull the rust compiler
  ... compile the toolchain
# First time only - initialize virtualenv
[~/mozilla-central] python ./mach create-mach-environment
   ... create .mozbuild/_virtualenvs/mach
[~/mozilla-central] python ./mach build
  ... build firefox desktop
[~/mozilla-central] python ./mach run
  ... run firefox

When entering the nix-shell, the MOZCONFIG environment variable is set to a local file, named .mozconfig.nix-shell, created each time you enter the nix-shell. You can create your own .mozconfig file which extends the default one, with your own options.

~/mozilla-central$ nix-shell ../nixpkgs-mozilla/release.nix -A gecko.x86_64-linux.gcc --pure
[~/mozilla-central] cat .mozconfig
# Import current nix-shell config.
. .mozconfig.nix-shell

ac_add_options --enable-js-shell
ac_add_options --disable-tests
[~/mozilla-central] export MOZCONFIG="$(pwd)/.mozconfig"
[~/mozilla-central] python ./mach build

To avoid repeating yourself, you can also rely on the NIX_SHELL_HOOK environment variable, to reset the MOZCONFIG environment variable for you.

~/mozilla-central$ export NIX_SHELL_HOOK="export MOZCONFIG=$(pwd)/.mozconfig;"
~/mozilla-central$ nix-shell ../nixpkgs-mozilla/release.nix -A gecko.x86_64-linux.gcc --pure
[~/mozilla-central] python ./mach build

Submitting Firefox patches

Firefox development happens in Mozilla Phabricator. Mozilla Phabricator docs are here.

To get your commits into Phabricator, some options include:

  • Arcanist, the upstream tool for interacting with Phabricator. Arcanist is packaged in nixpkgs already; you can find it in nixos.arcanist. Unfortunately, as of this writing, upstream Arcanist does not support git-cinnabar (according to the "Setting up Arcanist" documentation). Mozilla maintains a fork of Arcanist but it isn't yet packaged. (PRs welcome.)
  • moz-phab, an in-house CLI for Phabricator. It's available in nix packages (unstable channel).
  • phlay, a small Python script that speaks to the Phabricator API directly. This repository ships a phlay-overlay.nix that you can use to make phlay available in a nix-shell or nix-env.

Note: although the nix-shell from the previous section may have all the tools you would normally use to do Firefox development, it isn't recommended that you use that shell for anything besides tasks that involve running mach. Other development tasks such as committing code and submitting patches to code review are best handled in a separate nix-shell.

TODO

  • setup hydra to have binary channels
  • make sure pinned revisions get updated automatically (if build passes we should update revisions in default.nix)
  • pin to specific (working) nixpkgs revision (as we do for other sources)
  • can we make this work on darwin as well?
  • assign maintainers for our packages that will montior that it "always" builds
  • hook it with vulnix report to monitor CVEs (once vulnix is ready, it must be ready soon :P)