Packaging for this is a bit weird, since it’s just a few patches and then policy/preferences on top of vanilla Firefox. It’d be more accurate to call it a distribution than a fork.
This means that most of the packaging effort ends up being in the wrapper - which supports modifying the policies and configuration set by nixpkgs, however requires those to be set as an attrset/string respectively.
Long story short, this means I’d like to do something like this:
fetchFromGitLab the policy/configuration repository
readFile/importJSON the files in the resulting derivation
Assign them to the appropriate inputs for the wrapper
Ofborg seems to not be able to build something like this though:
My guess is that for nixpkgs, it is impossible to read strings from the nix store at evaluation time; presumably for some cloud-build or purity reason.
Is my suspicion correct? If so, what is the alternative? Change the Firefox wrapper to allow packages to set default contents like I currently do?
Yes, your suspicion is correct. The feature that normally allows this is called import-from-derivation (or IFD for short) and is enabled by default. It can be disabled by setting the nix option allow-import-from-derivation or the hydra option allow_import_from_derivation to false (which is done on hydra.nixos.org).
I couldn’t find a source for this, but I assume the reason why it is disabled for nixpkgs is to make it possible for hydra to completely evaluate the jobset without having to build a derivation before delegating the actual builds to multiple builders.
In this case I think it should be possible to extend the firefox wrapper to make it possible to supply a file that will be prepended to the mozilla.cfg generated by the wrapper. That option could then be used to pass "${librewolf.extraLib}/librewolf.cfg", which would eliminate the need to read the file into nix.
I think I have found a nixpkgs alternative for builtins.readFile that is not an IFD: lib.concatText Wait, sorry, this only produces a text file derivation, one still has to read from it…