Because the librewolf package is backported only after a long delay, i would like to install it from unstable with the dependencies from 22.05.
If i do the following from the Nixos FAQ:
let unstable = import <nixos-unstable> { };
in {
and later on have
programs.firejail.enable = true;
programs.firejail.wrappedBinaries = {
librewolf = {
executable = "${pkgs.lib.getBin unstable.pkgs.librewolf}/bin/librewolf";
profile = pkgs.writeText "librewolf.local" ''
noblacklist ''${DOWNLOADS}
whitelist ''${DOWNLOADS}
# Add the next line to your librewolf.local to enable native notifications.
dbus-user.talk org.freedesktop.Notifications
# Add the next line to your librewolf.local to allow inhibiting screensavers.
dbus-user.talk org.freedesktop.ScreenSaver
# Add the next lines to your librewolf.local for plasma browser integration.
dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
dbus-user.talk org.kde.JobViewServer
dbus-user.talk org.kde.kuiserver
include librewolf.profile
'';
};
};
then Nixos will install librewolf unstable with the dependencies from unstable. But i don’t want the dependencies from unstable.
In the manual is a description how to use a module from unstable while leaving everthing else in place. I think this may be applicable to my case, however, i don’t know what to put in there instead of "services/databases/postgresql.nix".
Can someone please tell me how to install librewolf from unstable with the dependencies from 22.05?
I don’t think so, sadly, since modules are the things that define your options, they don’t change how a derivation is built.
You could try something like
let librewolf = pkgs.callPackage "${<nixos-unstable>}/pkgs/applications/networking/browsers/librewolf";
and then appropriately wrapFirefox it to make it work.
I’ve never seen this done before, though, and there’s no guarantee that the package will actually work this way. Have you considered actively helping with backports instead?
Sadly, i’m kind of a noob (using Linux only for 2,5 years and Nixos for a few months) and only as a desktop user. I wouldn’t know how to wrap or backport anything.
What i noticed is this:
The pull request for unstable gets the 1.severity: security tag and is merged quickly. The backport pull request however doesn’t get it and kind of falls to the wayside. I think if this was changed, then the backport would be as quick as the merge for unstable (the other browser packages get backported immediately, which is important in my opinion due to the security fixes they bring).
However, i either don’t have the rights to a add a tag or didn’t realize how to do it. Also, i think it would be nice if the package maintainer kept an eye on the backport to have it merged quickly.
Wrapping it is quite easy, you’d do just exactly what is done in all-packages.nix (can’t link on GitHub, the file is too big):
let
librewolf-unwrapped = pkgs.callPackage "${<nixos-unstable>}/pkgs/applications/networking/browsers/librewolf";
librewolf = pkgs.wrapFirefox librewolf-unwrapped {
inherit (librewolf-unwrapped) extraPrefsFiles extraPoliciesFiles;
libName = "librewolf";
};
in ...
I agree, this is the proper fix, and why I suggest looking into helping out with this. I don’t know why it doesn’t work this way currently; opening an issue about the lack of that label upstream and mentioning the maintainer on it will probably give you an answer (maybe there already is an issue!). Maybe it’s just an oversight, maybe they don’t have time to keep an eye on the build. Sadly Squalus doesn’t seem to have a discourse or matrix handle, so it’s either GitHub or email.
Email might be more polite because it doesn’t put them on the spot about it.
I’ll add the security label on the backport PRs if there’s security content. The releases don’t always have security content though, so I can’t always add it. I’ll be more aggressive about CCing committers if the PRs linger.
The manual explains quite well how you do a manual backport: