Merge pull request #105796 from Luis-Hebendanz/fix_firefox_wrapper

Fix firefox wrapper

doc/builders/packages/firefox.section.md

@@ -7,7 +7,7 @@ The `wrapFirefox` function allows to pass policies, preferences and extension th
 ```nix
 {
   myFirefox = wrapFirefox firefox-unwrapped {
-    extraExtensions = [
+    nixExtensions = [
       (fetchFirefoxAddon {
         name = "ublock";
         url = "https://addons.mozilla.org/firefox/downloads/file/3679754/ublock_origin-1.31.0-an+fx.xpi";
@@ -38,3 +38,12 @@ The `wrapFirefox` function allows to pass policies, preferences and extension th
   };
 }
 ```
+
+If `nixExtensions != null` then all manually installed addons will be uninstalled from your browser profile.
+To view available enterprise policies visit [enterprise policies](https://github.com/mozilla/policy-templates#enterprisepoliciesenabled)
+or type into the Firefox url bar: `about:policies#documentation`.
+Nix installed addons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded addons are checksumed and manual addons can't be installed.
+
+# Troubleshooting
+If addons do not appear installed although they have been defined in your nix configuration file reset the local addon state of your Firefox profile by clicking `help -> restart with addons disabled -> restart -> refresh firefox`. This can happen if you switch from manual addon mode to nix addon mode and then back to manual mode and then again to nix addon mode.
+

pkgs/applications/networking/browsers/firefox/wrapper.nix

@@ -41,7 +41,7 @@ let
     # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
     , extraPolicies ? {}
     , firefoxLibName ? "firefox" # Important for tor package or the like
-    , extraExtensions ? [ ]
+    , nixExtensions ? null
     }:
 
     assert forceWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used
@@ -100,19 +100,21 @@ let
       policiesJson = builtins.toFile "policies.json"
         (builtins.toJSON enterprisePolicies);
 
+      usesNixExtensions = nixExtensions != null;
+
       extensions = builtins.map (a:
         if ! (builtins.hasAttr "extid" a) then
-        throw "extraExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
+        throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
         else
         a
-      ) extraExtensions;
+      ) (if usesNixExtensions then nixExtensions else []);
 
       enterprisePolicies =
       {
-        policies = {
+        policies = lib.optionalAttrs usesNixExtensions  {
           DisableAppUpdate = true;
         } //
-        {
+        lib.optionalAttrs usesNixExtensions {
           ExtensionSettings = {
             "*" = {
                 blocked_install_message = "You can't have manual extension mixed with nix extensions";
@@ -137,7 +139,7 @@ let
         // to be able to install addons that do not have an extid
         // Security is maintained because only user whitelisted addons
         // with a checksum can be installed
-        lockPref("xpinstall.signatures.required", false);
+        ${ lib.optionalString usesNixExtensions ''lockPref("xpinstall.signatures.required", false)'' };
         ${extraPrefs}
       '';