I had a bit of free time tonight and decided to write a short blog post detailing my solution for installing Firefox Nightly on NixOS, since this was the only solution I came across that actually...
I had a bit of free time tonight and decided to write a short blog post detailing my solution for installing Firefox Nightly on NixOS, since this was the only solution I came across that actually worked and was not ridiculously complicated.
I wrote this in about an hour and I was (and am) quite tired, so please forgive (but still point out) any mistakes or possible improvements. Hopefully my solution ends up being useful for you.
Finally, to spare everyone from having to look at my "blog", here is the text of the post copied onto Tildes:
Like some other Linux distributions, NixOS supports the use of overlays.
I am actually not very familiar with how overlays work on NixOS. So, for the sake of simplicity, we will just think of them as being similar to PPAs on Ubuntu. Except, instead of being a custom repository of downloadable packages, NixOS overlays are more like scripts that instruct the package manager on how to download and build additional packages (or just about anything, really).
You might be wondering why you cannot just download the official Firefox Nightly release straight from Mozilla, extract it, and use that.
Indeed, that is how I have always installed Firefox Nightly on other Linux distributions (it even automatically updates itself!), but I was unable to get it working on NixOS, hence the overlay. (You might have better luck though.)
Thankfully for us, the overlay we are going to use is actually maintained by Mozilla:
Located in this repository is a
firefox-overlay.nixfile, which is what we will use to fetch our Firefox Nightly binary. Go ahead and clone this repository onto your computer.
Once you have cloned the repository, you will need to make a couple of edits to your
First, you will need to add the line
nixpkgs.config.allowUnfree = true;if you want to use the binary Firefox packages and avoid having to compile them yourself (which I do not recommend doing, unless you have beefy hardware and a lot of free time).
(The binary packages are considered "unfree" because of the Firefox trademark.)
Second, you will need to add another line to your
configuration.nixfile that declares the
firefox-overlay.nixfile, from the repository you cloned, as an overlay. That can be accomplished with this line:
nixpkgs.overlays = [ (import /path/to/firefox-overlay.nix) ];
Finally, assuming you have done everything correctly, the last thing you will need to do is add a line declaring a Firefox package to install. Since this blog post is about installing Firefox Nightly, we'll add this line to our
systemPackageslist, alongside the rest of our system packages:
In the end, your
configuration.nixfile should end up with three new lines:
nixpkgs.overlays = [ (import /etc/nixos/firefox-overlay.nix) ]; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ latest.firefox-nightly-bin ];
(I symlink my
/etc/nixos/, but you can put it just about wherever you want. )
And that should be it! Just run a
nixos-rebuildcommand to bring your system in-sync with your
configuration.nixfile and Firefox Nightly should then be installed and usable.
Shout out to the anonymous, deleted GitHub user who posted a comment on one of the overlay repository's issues. This was a very simple, very elegant solution. Unfortunately, it took me a long time to find this solution and I ran into quite a few people who were doing the same thing, but with vastly more complex configurations.9 votes
Basically, any trouble that I've had prior to this has been negligible and easily resolved. I don't recall, exactly, when these two issues began. Possibly months after upgrading to Catalina. I'm...
Basically, any trouble that I've had prior to this has been negligible and easily resolved.
I don't recall, exactly, when these two issues began. Possibly months after upgrading to Catalina. I'm combining the two issues because I believe that they be related.
The first issue that I noticed was with Firefox (probably 70.0.1 and slightly earlier). I would have two or three tabs open, and go back to one of the other tabs, to find a completely white screen with a grayish colored pinwheel. I'd then go back to one of the other tabs to find the same thing (that was previously not happening. Then, I'd close all the tabs to open a new one in order to try starting fresh. No dice...same shit.
Following this I'd select > Firefox > Quit Firefox. Minutes later it's still not quitting indicated by the black dot under the icon of the launch bar. So, I'd go to the apple icon > Force Quit > to execute that. Finally, it would quit. Minutes later I'd try to reopen Firefox and the icon would just keep jumping up and down from the launch bar and nothing would happen.
I guess I'll just have to restart the computer then, right? Apple icon > Restart > several minutes later nothing would happen except for another grayed out pinwheel. So, I just performed a hard reset by holding in the power button on the back left of the screen. Waited several minutes, started it up again by quickly pressing the same button.
After logging into my account, I'd get the usual text box saying that 'Your computer was restarted because of a problem...blah...blah...blah'. All of the aforementioned took many minutes.
Now, when I try to shutdown my iMac it just goes black and then returns to the login screen with a brief black screen, in several languages (Chinese being one of them), that 'You have restarted your computer.....'
And Firefox keeps fucking up as described above. Going to about:crashes registers jack shit.
It's a never-ending loop of Mac/Firefox bullshit that's driving me fucking nuts.10 votes
@jonathansampson: What happens when you launch a fresh install of Firefox? I was curious, so I did so with version 68.0.2, and monitored my network activity. Here's what I learned...23 votes
I currently have Quantum. Would there be additional benefits for me to switch to a different version?9 votes
And currently it's a SyntaxError to boot. So nothing runs, even it doesn't run into an import call.4 votes
I mainly use my keyboard to navigate around in Firefox so decided to edit UserChrome.css to create a custom, ultra-minimalist "one line" UI for myself and also maximize my screen real-estate by...
I mainly use my keyboard to navigate around in Firefox so decided to edit UserChrome.css to create a custom, ultra-minimalist "one line" UI for myself and also maximize my screen real-estate by removing the window Titlebar and Tab Bar (using Tree Tabs sidebar extension instead). I also dislike how cluttered the Firefox interface is with unneeded options scattered everywhere, and how much redundancy there is with many options showing up in multiple places for no good reason, so I removed most of that as well. Here is the results:
Main UI (Navigation and "Hamburger" toolbar buttons removed)
Tree Tabs sidebar & More Tools both open
"Find in page" moved to the top, with Menu bar also toggled on
New Tab Page (my Bookmark Toolbar auto-unhides itself only on this page)
My Home Page, set to the FF Library "popout" page (chrome://browser/content/places/places.xul)
Context Menus (with lots of redundant and unused options removed):
Address bar dropdown
Page context menu
Image context menu
Link context menu
If anyone is interested in trying it out themselves, here is the UserChrome.css (which needs to go in the
/chromedirectory of your Firefox profile).
And if enough people are interested in learning Firefox UserChrome.css customization using the Browser Toolbox with remote debugging, I can always write up a tutorial at some point. There are some decent resources already available over at userchrome.org and reddit.com/r/FirefoxCSS/ too.26 votes
Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62. DoH and TRR are intended to help mitigate these potential privacy and...
Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62.
DoH and TRR are intended to help mitigate these potential privacy and security concerns:
- Untrustworthy DNS resolvers tracking your requests, or tampering with responses from DNS servers.
- On-path routers tracking or tampering in the same way.
- DNS servers tracking your DNS requests.
DNS over HTTPs (DoH) encrypts DNS requests and responses, protecting against on-path eavesdropping, tracking, and response tampering.
Trusted Recursive Resolver (TRR) allows Firefox to use a DNS resolver that's different from your machines network settings. You can use any recursive resolver that is compatible with DoH, but it should be a trusted resolver (one that won't sell users’ data or trick users with spoofed DNS). Mozilla is partnering with Cloudflare (but not using the 126.96.36.199 address) as the initial default TRR, however it's possible to use another 3rd party TRR or run your own.
Additionally, Cloudflare will be doing QNAME minimization where the DNS resolver no longer sends the full original QNAME (foo.bar.baz.example.com) to the upstream name server. Instead it will only include the label for the zone it's trying to resolve.
For example, let's assume the DNS resolver is trying to find foo.bar.baz.example.com, and already knows that ns1.nic.example.com is authoritative for .example.com, but does not know a more specific authoritative name server.
- It will send the query for just baz.example.com to ns1.nic.example.com which returns the authoritative name server for baz.example.com.
- The resolver then sends a query for bar.baz.example.com to the nameserver for baz.example.com, and gets a response with the authoritative nameserver for bar.baz.example.com
- Finally the resolver sends the query for foo.bar.baz.example.com to bar.baz.example.com's nameserver.
In doing this the full queried name (foo.bar.baz.example.com) is not exposed to intermediate name servers (bar.baz.example.com, baz.example.com, example.com, or even the .com root nameservers)
Collectively DNS over HTTPs (DoH), Trusted Recursive Resolver (TRR), and QNAME Minimization are a step in the right direction, this does not fix DNS related data leaks entirely:
After you do the DNS lookup to find the IP address, you still need to connect to the web server at that address. To do this, you send an initial request. This request includes a server name indication, which says which site on the server you want to connect to. And this request is unencrypted.
That means that your ISP can still figure out which sites you’re visiting, because it’s right there in the server name indication. Plus, the routers that pass that initial request from your browser to the web server can see that info too.
So How do I enable it?
DoH and TRR can be enabled in Firefox 62 or newer by going to about:config:
- Set network.trr.mode to 2
- Here's the possible network.trr.mode settings:
- 0 - Off (default): Use standard native resolving only (don't use TRR at all)
- 1 - Race: Native vs. TRR. Do them both in parallel and go with the one that returns a result first.
- 2 - First: Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
- 3 - Only: Only use TRR. Never use the native (after the initial setup).
- 4 - Shadow: Runs the TRR resolves in parallel with the native for timing and measurements but uses only the native resolver results.
- 5 - Off by choice: This is the same as 0 but marks it as done by choice and not done by default.
- Here's the possible network.trr.mode settings:
- Set network.trr.uri to your DoH Server:
- Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query
(but you can use any DoH compliant endpoint)
- Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query
- The DNS Tab on about:networking will show which names were resolved using TRR via DoH.
A cartoon intro to DNS over HTTPS
Improving DNS Privacy in Firefox
DNS Query Name Minimization to Improve Privacy
I'm not affiliated with Mozilla or Firefox, I just thought ~ would find this interesting.13 votes