The original browser bundle expects to run from a bundled directory,
typically under user's home. This version creates a firefox distribution
with preloaded extensions and settings that functions more like an
ordinary firefox installation.
The approach used here could be generalized to allow specification of
custom firefox distributions. Eventually, the code will be factored so
that the tbb is just an instance of that more general construct (firefox
base + extensions + prefs).
Currently, we use the latest upstream versions of extensions and so on.
Eventually we want to track the upstream bundle more closely and ideally
use the exact same inputs (firefox source, extension sources).
To avoid mixing up profile data, all runtime state is stored under
$XDG_DATA_HOME/tor-browser.
Major TODO items
- Pluggable transports
- Upstream TBB version parity
- Avoid fetchgit
- Build NoScript from source (no upstream source repo, however, must rely
on third-parties)
- Improved notation for packaging extensions
- Feature parity with the binary bundle (apulse and runtime purity, in
particular)
Add testssl.sh which is a nice utility for testing TLS/SSL
capabilities of servers without having to use any kind of
web-service. It's very useful for testing setups of services before
deployment and such.
* gnome3: only maintain single GNOME 3 package set
GNOME 3 was split into 3.10 and 3.12 in #2694. Unfortunately, we barely have the resources
to update a single version of GNOME. Maintaining multiple versions just does not make sense.
Additionally, it makes viewing history using most Git tools bothersome.
This commit renames `pkgs/desktops/gnome-3/3.24` to `pkgs/desktops/gnome-3`, removes
the config variable for choosing packageset (`environment.gnome3.packageSet`), updates
the hint in maintainer script, and removes the `gnome3_24` derivation from `all-packages.nix`.
Closes: #29329
* maintainers/scripts/gnome: Use fixed GNOME 3 directory
Since we now allow only a single GNOME 3 package set, specifying
the working directory is not necessary.
This commit sets the directory to `pkgs/desktops/gnome-3`.
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
Oracle JDK 9 does not seems to contain jre directory, so oraclejre9
package now uses a dedicated archive file.
There is no 32-bit version nor arm version (yet). If Oracle releases
them, I will update the package.
* openjdk 8: code cleanup
as recommended by 0xABAB in #27194
* openjdk 9: init at ea build 176
this starts with copy of 8.nix and just updates hashes and replaces 8
with 9. it also tweaks the version handling because we aren't dealing
with an update version yet.
* openjdk 9: adapt patches from openjdk 8
fix-java-home: surrounding code changed slightly
swing-use-gtk-jdk9: location of the file being patched changed due to
modularization
read-truststore-from-env: the code that handles the trustStore was
refactored out into a helper class in upstream commit
http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/904861872c0e
adlc_updater: this isn't present anymore
* openjdk 9: make two more warnings-as-errors non-fatal
this requires that we switch to configureFlagsArray to deal with
whitespace
the errors being suppressed are show below:
* For target support_native_java.desktop_libawt_xawt_awt_Robot.o:
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c: In function 'isXCompositeDisplay':
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c:152:50: error: embedded '\0' in format
[-Werror=format-contains-nul]
snprintf(NET_WM_CM_Sn, sizeof(NET_WM_CM_Sn), "_NET_WM_CM_S%d\0", screenNumber);
^
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c:152:50: error: embedded '\0' in format
[-Werror=format-contains-nul]
cc1: all warnings being treated as errors
* For target support_native_jdk.hotspot.agent_libsa_ps_core.o:
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/hotspot/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c: In function 'read_exec_segments':
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/hotspot/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c:834:7: error: ignoring return value of 'pread', declared
with attribute warn_unused_result [-Werror=unused-result]
pread(ph->core->exec_fd, interp_name, exec_php->p_filesz, exec_php->p_offset);
^
cc1: all warnings being treated as errors
* openjdk 9: ea+176 -> ea+180
* openjdk 9: TODO disable infinality patches, at least to start
the code being patched here seems to have changed substantially or
perhaps even disappeared altogether. need to investigate whether
these patches are still relevant.
* openjdk 9: update installPhase for modularization
* separate jdk and jre images are now present under build/*/images
* samples have been removed (JEP 298)
-- TODO that JEP says demos will be gone too, but it seems some are still present?
* bina directory is no longer present
* openjdk 9: TODO handle *.pf files or purge this code completely
* openjdk 9: update minimal jre components
in particular, the name of the config option for headless has changed,
per https://bugs.openjdk.java.net/browse/JDK-8163102
* TODO about echo -n vs printWords, #27427
This also upgrades the hsevm package from v0.6.4 to v0.8.5.
The project `dapp` which depends on hsevm was also updated to use the
new name, so I have also upgraded that package from version v0.5.3 to
v0.5.7.
I also added a `dontCheck` to a Hackage dependency because its test
suite depends on Git and runs a bunch of Git repository manipulations.
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).
My tests with sshfs (version 2 and 3) didn't show any problems.
See #28409 for some additional information.
[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
