Merge pull request #165161 from mweinelt/firefox-cleanup

firefox: spring cleaning 🦊

pkgs/applications/networking/browsers/firefox-bin/default.nix

@@ -188,7 +188,7 @@ stdenv.mkDerivation {
       ln -s ${policiesJson} "$out/lib/firefox-bin-${version}/distribution/policies.json";
     '';
 
-  passthru.applicationName = "firefox";
+  passthru.binaryName = "firefox";
   passthru.libName = "firefox-bin-${version}";
   passthru.execdir = "/bin";
   passthru.ffmpegSupport = true;

pkgs/applications/networking/browsers/firefox/common.nix

@@ -1,37 +1,91 @@
-{ pname, version, meta, updateScript ? null
-, binaryName ? "firefox", application ? "browser"
-, src, unpackPhase ? null, patches ? []
-, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [], tests ? []
-, extraPostPatch ? "", extraPassthru ? {} }:
+{ pname
+, version
+, meta
+, updateScript ? null
+, binaryName ? "firefox"
+, application ? "browser"
+, src
+, unpackPhase ? null
+, extraPatches ? []
+, extraPostPatch ? ""
+, extraNativeBuildInputs ? []
+, extraConfigureFlags ? []
+, extraBuildInputs ? []
+, extraMakeFlags ? []
+, extraPassthru ? {}
+, tests ? []
+}:
 
-{ lib, stdenv, pkg-config, pango, perl, python3, zip
-, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
-, freetype, fontconfig, file, nspr, nss
-, yasm, libGLU, libGL, sqlite, unzip, makeWrapper
-, hunspell, libevent, libstartup_notification
-, libvpx
-, icu70, libpng, glib, pciutils
-, autoconf213, which, gnused, rustPackages, rustPlatform
-, rust-cbindgen, nodejs, nasm, fetchpatch
-, gnum4
-, gtk3, wrapGAppsHook
-, pkgsCross
-, debugBuild ? false
+
+{ lib
+, stdenv
+, fetchpatch
+
+# build time
+, autoconf
+, cargo
+, gnused
+, makeWrapper
+, nodejs
+, perl
+, pkg-config
+, pkgsCross # wasm32 rlbox
+, python3
 , runCommand
+, rustc
+, rust-cbindgen
+, rustPlatform
+, unzip
+, which
+, wrapGAppsHook
 
-### optionals
+# runtime
+, bzip2
+, dbus
+, dbus-glib
+, file
+, fontconfig
+, freetype
+, glib
+, gnum4
+, gtk3
+, icu
+, libGL
+, libGLU
+, libevent
+, libffi
+, libjpeg
+, libpng
+, libstartup_notification
+, libvpx
+, libwebp
+, nasm
+, nspr
+, nss
+, pango
+, xorg
+, zip
+, zlib
+
+# optionals
+
+## debugging
+
+, debugBuild ? false
+
+# On 32bit platforms, we disable adding "-g" for easier linking.
+, enableDebugSymbols ? !stdenv.is32bit
 
 ## optional libraries
 
 , alsaSupport ? stdenv.isLinux, alsa-lib
-, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
 , ffmpegSupport ? true
-, waylandSupport ? true, libxkbcommon, libdrm
-, ltoSupport ? (stdenv.isLinux && stdenv.is64bit), overrideCC, buildPackages
 , gssSupport ? true, libkrb5
-, pipewireSupport ? waylandSupport && webrtcSupport, pipewire
-# Jemalloc could reduce memory consumption.
 , jemallocSupport ? true, jemalloc
+, ltoSupport ? (stdenv.isLinux && stdenv.is64bit), overrideCC, buildPackages
+, pipewireSupport ? waylandSupport && webrtcSupport
+, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
+, waylandSupport ? true, libxkbcommon, libdrm
 
 ## privacy-related options
 
@@ -40,22 +94,16 @@
 # WARNING: NEVER set any of the options below to `true` by default.
 # Set to `!privacySupport` or `false`.
 
-# webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63.
-# https://bugzilla.mozilla.org/show_bug.cgi?id=1434589
-, webrtcSupport ? !privacySupport
 , geolocationSupport ? !privacySupport
 , googleAPISupport ? geolocationSupport
-, crashreporterSupport ? false
-
-, safeBrowsingSupport ? false
-, drmSupport ? false
-
-# macOS dependencies
-, xcbuild, CoreMedia, ExceptionHandling, Kerberos, AVFoundation, MediaToolbox
-, CoreLocation, Foundation, AddressBook, libobjc, cups, rsync
+, webrtcSupport ? !privacySupport
 
 ## other
 
+, crashreporterSupport ? false
+, drmSupport ? false
+, safeBrowsingSupport ? false
+
 # As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at
 # https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
 # have permission to use the official firefox branding.
@@ -75,38 +123,16 @@
 # > the experience of Firefox users, you won't have any issues using the
 # > official branding.
 , enableOfficialBranding ? true
-
-# On 32bit platforms, we disable adding "-g" for easier linking.
-, enableDebugSymbols ? !stdenv.is32bit
 }:
 
 assert stdenv.cc.libc or null != null;
 assert pipewireSupport -> !waylandSupport || !webrtcSupport -> throw "pipewireSupport requires both wayland and webrtc support.";
-assert ltoSupport -> stdenv.isDarwin -> throw "LTO is broken on Darwin (see PR#19312).";
 
 let
   flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
 
-  default-toolkit = if stdenv.isDarwin then "cairo-cocoa"
-                    else "cairo-gtk3${lib.optionalString waylandSupport "-wayland"}";
-
-  binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName;
-
-  applicationName = if stdenv.isDarwin then binaryNameCapitalized else binaryName;
-
-  execdir = if stdenv.isDarwin
-            then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
-            else "/bin";
-
-  inherit (rustPackages) rustc cargo;
-
-  # Darwin's stdenv provides the default llvmPackages version, match that since
-  # clang LTO on Darwin is broken so the stdenv is not being changed.
-  # Target the LLVM version that rustc -Vv reports it is built with for LTO.
-  llvmPackages0 =
-    if stdenv.isDarwin
-      then buildPackages.llvmPackages
-    else rustc.llvmPackages;
+  # Target the LLVM version that rustc is built with for LTO.
+  llvmPackages0 = rustc.llvmPackages;
 
   # Force the use of lld and other llvm tools for LTO
   llvmPackages = llvmPackages0.override {
@@ -114,14 +140,12 @@ let
     bootBintools = null;
   };
 
-  # When LTO for Darwin is fixed, the following will need updating as lld
-  # doesn't work on it. For now it is fine since ltoSupport implies no Darwin.
   buildStdenv = if ltoSupport
-                # LTO requires LLVM bintools including ld.lld and llvm-ar.
-                then overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override {
-                  inherit (llvmPackages) bintools;
-                })
-                else stdenv;
+    # LTO requires LLVM bintools including ld.lld and llvm-ar.
+    then overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override {
+      inherit (llvmPackages) bintools;
+    })
+    else stdenv;
 
   # Compile the wasm32 sysroot to build the RLBox Sandbox
   # https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/
@@ -141,97 +165,70 @@ buildStdenv.mkDerivation ({
   inherit src unpackPhase meta;
 
   patches = [
-  ] ++
-  lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch ++
-  lib.optional (lib.versionAtLeast version "90" && lib.versionOlder version "95") ./no-buildconfig-ffx90.patch ++
-  lib.optional (lib.versionAtLeast version "96") ./no-buildconfig-ffx96.patch ++
+  ]
+  ++ lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch
+  ++ lib.optional (lib.versionAtLeast version "90" && lib.versionOlder version "95") ./no-buildconfig-ffx90.patch
+  ++ lib.optional (lib.versionAtLeast version "96") ./no-buildconfig-ffx96.patch
+  ++ extraPatches;
 
-  patches;
+  postPatch = ''
+    rm -rf obj-x86_64-pc-linux-gnu
+    patchShebangs mach
+  ''
+  + extraPostPatch;
 
   # Ignore trivial whitespace changes in patches, this fixes compatibility of
   # ./env_var_for_system_dir.patch with Firefox >=65 without having to track
   # two patches.
   patchFlags = [ "-p1" "-l" ];
 
-  buildInputs = [
-    gnum4 gtk3 perl zip libjpeg zlib bzip2
-    dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor
-    xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
-    xorg.pixman yasm libGLU libGL
-    xorg.xorgproto
-    xorg.libXdamage
-    xorg.libXext
-    xorg.libXtst
-    libevent libstartup_notification /* cairo */
-    libpng glib
-    nasm icu70 libvpx
-    # >= 66 requires nasm for the AV1 lib dav1d
-    # yasm can potentially be removed in future versions
-    # https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
-    # https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
-    nspr nss
+  nativeBuildInputs = [
+    autoconf
+    cargo
+    gnused
+    llvmPackages.llvm # llvm-objdump
+    makeWrapper
+    nodejs
+    perl
+    pkg-config
+    python3
+    rust-cbindgen
+    rustPlatform.bindgenHook
+    rustc
+    unzip
+    which
+    wrapGAppsHook
   ]
-  ++ lib.optional  alsaSupport alsa-lib
-  ++ lib.optional  pulseaudioSupport libpulseaudio # only headers are needed
-  ++ lib.optional  gssSupport libkrb5
-  ++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
-  ++ lib.optional  pipewireSupport pipewire
-  ++ lib.optional  jemallocSupport jemalloc
-  ++ lib.optionals buildStdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
-                                          AVFoundation MediaToolbox CoreLocation
-                                          Foundation libobjc AddressBook cups ];
+  ++ extraNativeBuildInputs;
 
-  MACH_USE_SYSTEM_PYTHON = "1";
-
-  postPatch = ''
-    rm -rf obj-x86_64-pc-linux-gnu
-    substituteInPlace toolkit/xre/glxtest.cpp \
-      --replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
-
-    patchShebangs mach
-  '' + extraPostPatch;
-
-  nativeBuildInputs =
-    [
-      autoconf213
-      cargo
-      gnused
-      llvmPackages.llvm # llvm-objdump
-      makeWrapper
-      nodejs
-      perl
-      pkg-config
-      python3
-      rust-cbindgen
-      rustc
-      which
-      unzip
-      wrapGAppsHook
-      rustPlatform.bindgenHook
-    ]
-    ++ lib.optionals buildStdenv.isDarwin [ xcbuild rsync ]
-    ++ extraNativeBuildInputs;
-
-  separateDebugInfo = enableDebugSymbols;
   setOutputFlags = false; # `./mach configure` doesn't understand `--*dir=` flags.
 
   preConfigure = ''
     # remove distributed configuration files
-    rm -f configure
-    rm -f js/src/configure
-    rm -f .mozconfig*
-    # this will run autoconf213
+    rm -f configure js/src/configure .mozconfig*
+
+    # Runs autoconf through ./mach configure in configurePhase
     configureScript="$(realpath ./mach) configure"
+
+    # Set predictable directories for build and state
+    export MOZ_OBJDIR=$(pwd)/mozobj
     export MOZBUILD_STATE_PATH=$(pwd)/mozbuild
 
     # Set consistent remoting name to ensure wmclass matches with desktop file
     export MOZ_APP_REMOTINGNAME="${binaryName}"
 
-  '' + (lib.optionalString (lib.versionAtLeast version "95.0") ''
+    # Use our own python
+    export MACH_USE_SYSTEM_PYTHON=1
+
+    # AS=as in the environment causes build failure
+    # https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
+    unset AS
+
+  '' + lib.optionalString (lib.versionAtLeast version "95.0") ''
     # RBox WASM Sandboxing
     export WASM_CC=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}cc
     export WASM_CXX=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}c++
-  '') + (lib.optionalString googleAPISupport ''
+  '' + lib.optionalString googleAPISupport ''
     # Google API key used by Chromium and Firefox.
     # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
     # please get your own set of keys.
@@ -239,49 +236,44 @@ buildStdenv.mkDerivation ({
     # 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
     configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
     configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
-  '') + ''
-    # AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
-    unset AS
-  '' + (lib.optionalString enableOfficialBranding ''
+  '' + lib.optionalString enableOfficialBranding ''
     export MOZILLA_OFFICIAL=1
-    export BUILD_OFFICIAL=1
-  '');
+  '';
 
   configureFlags = [
+    "--disable-tests"
+    "--disable-updater"
     "--enable-application=${application}"
+    "--enable-default-toolkit=cairo-gtk3${lib.optionalString waylandSupport "-wayland"}"
+    "--enable-system-pixman"
+    "--with-libclang-path=${llvmPackages.libclang.lib}/lib"
+    "--with-system-ffi"
+    "--with-system-icu"
     "--with-system-jpeg"
-    "--with-system-zlib"
     "--with-system-libevent"
     "--with-system-libvpx"
-    "--with-system-png" # needs APNG support
-    "--with-system-icu"
-    "--enable-system-ffi"
-    "--enable-system-pixman"
-    #"--enable-system-cairo"
-    "--disable-tests"
-    "--disable-necko-wifi" # maybe we want to enable this at some point
-    "--disable-updater"
-    "--enable-default-toolkit=${default-toolkit}"
-    "--with-libclang-path=${llvmPackages.libclang.lib}/lib"
     "--with-system-nspr"
     "--with-system-nss"
+    "--with-system-png" # needs APNG support
+    "--with-system-webp"
+    "--with-system-zlib"
   ]
-  ++ lib.optional (buildStdenv.isDarwin) "--disable-xcode-checks"
   ++ lib.optional (!ltoSupport) "--with-clang-path=${llvmPackages.clang}/bin/clang"
   # LTO is done using clang and lld on Linux.
-  # Darwin needs to use the default linker as lld is not supported (yet?):
-  #   https://bugzilla.mozilla.org/show_bug.cgi?id=1538724
+  ++ lib.optionals ltoSupport [
+     "--enable-lto=cross" # Cross-Language LTO
+     "--enable-linker=lld"
+  ]
   # elf-hack is broken when using clang+lld:
-  #   https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
-  ++ lib.optional ltoSupport "--enable-lto=cross" # Cross-language LTO.
+  # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
   ++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack"
-  ++ lib.optional (ltoSupport && !buildStdenv.isDarwin) "--enable-linker=lld"
   ++ lib.optional (lib.versionAtLeast version "95") "--with-wasi-sysroot=${wasiSysRoot}"
 
   ++ flag alsaSupport "alsa"
   ++ flag pulseaudioSupport "pulseaudio"
   ++ flag ffmpegSupport "ffmpeg"
   ++ flag jemallocSupport "jemalloc"
+  ++ flag geolocationSupport "necko-wifi"
   ++ flag gssSupport "negotiateauth"
   ++ flag webrtcSupport "webrtc"
   ++ flag crashreporterSupport "crashreporter"
@@ -298,19 +290,62 @@ buildStdenv.mkDerivation ({
   ++ lib.optional enableOfficialBranding "--enable-official-branding"
   ++ extraConfigureFlags;
 
-  postConfigure = ''
-    cd obj-*
+  buildInputs = [
+    bzip2
+    dbus
+    dbus-glib
+    file
+    fontconfig
+    freetype
+    glib
+    gnum4
+    gtk3
+    icu
+    libffi
+    libGL
+    libGLU
+    libevent
+    libjpeg
+    libpng
+    libstartup_notification
+    libvpx
+    libwebp
+    nasm
+    nspr
+    nss
+    pango
+    perl
+    xorg.libX11
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXft
+    xorg.libXi
+    xorg.libXrender
+    xorg.libXt
+    xorg.libXtst
+    xorg.pixman
+    xorg.xorgproto
+    zip
+    zlib
+  ]
+  ++ lib.optional  alsaSupport alsa-lib
+  ++ lib.optional  pulseaudioSupport libpulseaudio # only headers are needed
+  ++ lib.optional  gssSupport libkrb5
+  ++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
+  ++ lib.optional  jemallocSupport jemalloc
+  ++ extraBuildInputs;
+
+  preBuild = ''
+    cd mozobj
   '';
 
   makeFlags = extraMakeFlags;
-
+  separateDebugInfo = enableDebugSymbols;
   enableParallelBuilding = true;
-  doCheck = false; # "--disable-tests" above
 
-  installPhase = if buildStdenv.isDarwin then ''
-    mkdir -p $out/Applications
-    cp -LR dist/${binaryNameCapitalized}.app $out/Applications
-  '' else null;
+  # tests were disabled in configureFlags
+  doCheck = false;
 
   postInstall = lib.optionalString buildStdenv.isLinux ''
     # Remove SDK cruft. FIXME: move to a separate output?
@@ -322,7 +357,7 @@ buildStdenv.mkDerivation ({
 
   # Workaround: The separateDebugInfo hook skips artifacts whose build ID's length is not 40.
   # But we got 16-length build ID here. The function body is mainly copied from pkgs/build-support/setup-hooks/separate-debug-info.sh
-  # Remove it when PR #146275 is merged.
+  # Remove it when https://github.com/NixOS/nixpkgs/pull/146275 is merged.
   preFixup = lib.optionalString enableDebugSymbols ''
     _separateDebugInfo() {
         [ -e "$prefix" ] || return 0
@@ -359,19 +394,18 @@ buildStdenv.mkDerivation ({
   doInstallCheck = true;
   installCheckPhase = ''
     # Some basic testing
-    "$out${execdir}/${applicationName}" --version
+    "$out/bin/${binaryName}" --version
   '';
 
   passthru = {
     inherit updateScript;
     inherit version;
     inherit alsaSupport;
+    inherit binaryName;
     inherit pipewireSupport;
     inherit nspr;
     inherit ffmpegSupport;
     inherit gssSupport;
-    inherit execdir;
-    inherit applicationName;
     inherit tests;
     inherit gtk3;
     inherit wasiSysRoot;

pkgs/applications/networking/browsers/firefox/librewolf/default.nix

@@ -6,7 +6,7 @@ rec {
 
   inherit (src) packageVersion firefox source;
 
-  patches = [ ./verify-telemetry-macros.patch ];
+  extraPatches = [ ./verify-telemetry-macros.patch ];
 
   extraConfigureFlags = [
     "--with-app-name=librewolf"
@@ -34,7 +34,7 @@ rec {
   extraPoliciesFiles = [ "${source}/submodules/settings/distribution/policies.json" ];
 
   extraPassthru = {
-    librewolf = { inherit src patches; };
+    librewolf = { inherit src extraPatches; };
     inherit extraPrefsFiles extraPoliciesFiles;
   };
 }

pkgs/applications/networking/browsers/firefox/wrapper.nix

@@ -12,6 +12,7 @@
 , libva
 , mesa # firefox wants gbm for drm+dmabuf
 , cups
+, pciutils
 }:
 
 ## configurability of the wrapper itself
@@ -20,7 +21,7 @@ browser:
 
 let
   wrapper =
-    { applicationName ? browser.applicationName or (lib.getName browser)
+    { applicationName ? browser.binaryName or (lib.getName browser)
     , pname ? applicationName
     , version ? lib.getVersion browser
     , desktopName ? # applicationName with first letter capitalized
@@ -66,8 +67,8 @@ let
           ++ lib.optional (cfg.enableFXCastBridge or false) fx_cast_bridge
           ++ extraNativeMessagingHosts
         );
-      libs =   lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups ]
-            ++ lib.optional (pipewireSupport && lib.versionAtLeast version "83") pipewire
+      libs =   lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups pciutils ]
+            ++ lib.optional pipewireSupport pipewire
             ++ lib.optional ffmpegSupport ffmpeg
             ++ lib.optional gssSupport libkrb5
             ++ lib.optional useGlvnd libglvnd
@@ -179,14 +180,10 @@ let
       buildInputs = [ browser.gtk3 ];
 
 
-      buildCommand = lib.optionalString stdenv.isDarwin ''
-        mkdir -p $out/Applications
-        cp -R --no-preserve=mode,ownership ${browser}/Applications/${applicationName}.app $out/Applications
-        rm -f $out${browser.execdir or "/bin"}/${applicationName}
-      '' + ''
-        if [ ! -x "${browser}${browser.execdir or "/bin"}/${applicationName}" ]
+      buildCommand = ''
+        if [ ! -x "${browser}/bin/${applicationName}" ]
         then
-            echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
+            echo "cannot find executable file \`${browser}/bin/${applicationName}'"
             exit 1
         fi
 
@@ -223,12 +220,12 @@ let
 
         # create the wrapper
 
-        executablePrefix="$out${browser.execdir or "/bin"}"
+        executablePrefix="$out/bin"
         executablePath="$executablePrefix/${applicationName}"
 
         if [ ! -x "$executablePath" ]
         then
-            echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
+            echo "cannot find executable file \`${browser}/bin/${applicationName}'"
             exit 1
         fi
 
@@ -243,18 +240,18 @@ let
           oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
         fi
 
-        if [ ! -x "${browser}${browser.execdir or "/bin"}/${applicationName}" ]
+        if [ ! -x "${browser}/bin/${applicationName}" ]
         then
-            echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${applicationName}'"
+            echo "cannot find executable file \`${browser}/bin/${applicationName}'"
             exit 1
         fi
 
         makeWrapper "$oldExe" \
-          "$out${browser.execdir or "/bin"}/${applicationName}${nameSuffix}" \
+          "$out/bin/${applicationName}${nameSuffix}" \
             --prefix LD_LIBRARY_PATH ':' "$libs" \
             --suffix-each GTK_PATH ':' "$gtk_modules" \
             --prefix PATH ':' "${xdg-utils}/bin" \
-            --suffix PATH ':' "$out${browser.execdir or "/bin"}" \
+            --suffix PATH ':' "$out/bin" \
             --set MOZ_APP_LAUNCHER "${applicationName}${nameSuffix}" \
             --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
             --set MOZ_LEGACY_PROFILES 1 \
@@ -278,7 +275,7 @@ let
             mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
             icon=$( find "${browser}/lib/" -name "default''${res}.png" )
               if [ -e "$icon" ]; then ln -s "$icon" \
-                "$out/share/icons/hicolor/''${res}x''${res}/apps/${applicationName}.png"
+                "$out/share/icons/hicolor/''${res}x''${res}/apps/${icon}.png"
               fi
             done
         fi

pkgs/applications/networking/mailreaders/thunderbird/packages.nix

@@ -17,7 +17,7 @@ rec {
       url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz";
       sha512 = "2afaee16f155edcb0bdb46ebe282a733cf041ec6f562aebd06f8b675e46917f6f500fcc532fc54d74f3f4b0b489a88934a2c6c304f849873de4bc2690b9056a0";
     };
-    patches = [
+    extraPatches = [
       # The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`.
       ./no-buildconfig.patch
     ];

pkgs/top-level/all-packages.nix

@@ -25973,11 +25973,6 @@ with pkgs;
   firefoxPackages = recurseIntoAttrs (callPackage ../applications/networking/browsers/firefox/packages.nix {
     callPackage = newScope {
       inherit (rustPackages) cargo rustc;
-      gnused = gnused_422;
-      inherit (darwin.apple_sdk.frameworks) CoreMedia ExceptionHandling
-                                            Kerberos AVFoundation MediaToolbox
-                                            CoreLocation Foundation AddressBook;
-      inherit (darwin) libobjc;
     };
   });
 
@@ -29462,11 +29457,6 @@ with pkgs;
   thunderbirdPackages = recurseIntoAttrs (callPackage ../applications/networking/mailreaders/thunderbird/packages.nix {
     callPackage = newScope {
       inherit (rustPackages) cargo rustc;
-      gnused = gnused_422;
-      inherit (darwin.apple_sdk.frameworks) CoreMedia ExceptionHandling
-                                            Kerberos AVFoundation MediaToolbox
-                                            CoreLocation Foundation AddressBook;
-      inherit (darwin) libobjc;
     };
   });