The GYP build is now deprecated [0].
This results in a large number of changes and many custom Nix patches
aren't required anymore (and probably haven't been required for quite
some time now, the derivation got a bit outdated...).
A lot of the changes in this commit are based on the changes of the
Arch package [1][2] (which our package is based upon).
Rough overview of the changes:
- gcc9 -> ninja (optional but let's follow Arch here)
- Dropped GYP, only CMake now
- But: Python is still required
- fetchFromGitHub -> fetchurl (optional?)
- Apply all Arch patches and remove old patches
- Requires one new patch for range-v3
- New dependencies: enchant2, lz4, xxHash
- TODO: Plus a few new dependencies that shouldn't be required
- Cleanup: Irrelevant flags (e.g. GYP_DEFINES) and patches (e.g. sed)
- Simplifies quite a few things :)
- Some additional documentation and TODOs
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
[0]: https://github.com/telegramdesktop/tdesktop/issues/7001
[1]: https://git.archlinux.org/svntogit/community.git/commit/?id=23eff2b1ef7435441e93120618ca899f0b0e7e61
[2]: https://git.archlinux.org/svntogit/community.git/commit/?id=6a19e949724b2e2bfcdcf2081111ecd46108e449
Most prominently we don't use `phases` because of https://github.com/NixOS/nixpkgs/issues/28910.
This is also problematic when using wrapGAppsHook.
In order to use wrapGAppsHook's automatic wrapping
(this was done manually before because there was no fixupPhase)
we need to install signal at lib/Signal instead of just into libexec.
That's because it would try to wrap .so files.
Also fix 'ld: cannot find -lsecret-1 error' on build and crash with 'This application failed to start because no Qt platform plugin could be initialized' error on startup.
These are all based on firefox versions with known vulnerabilities
exploited in the wild.
We seriously shouldn't ship this in nixpkgs, especially not for
sensitive applications as the Tor Browser.
`tor-browser-bundle` is just a wrapper around
`firefoxPackages.tor-browser`, so let's remove it too.
`tor-browser-bundle-bin` is the much safer bet, which is individually
downloaded from `dist.torproject.org` and just `patchelf`-ed locally to
work on NixOS.
Co-Authored-By: Alyssa Ross <hi@alyssa.is>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
Co-Authored-By: Graham Christensen <graham@grahamc.com>
