Add two new options to customize how extension permissions are checked:
- `extensions.exhaustivePermissions`
Ensures that the permissions requested by all extensions managed by
home-manager are authorized
- `extensions.exactPermissions`
When enabled, the user must authorize only the permissions that the
extensions requests, not more nor less.
Adds extension permissions as suggested in
https://github.com/nix-community/home-manager/issues/7001.
Adds the 'profiles.<name>.extensions.settings.<name>.permissions' to Firefox
derivatives. If set, this option adds an assertion that fails if an extension
package requests permissions that weren't added to the permissions option. In
order to not require 'profiles.<name>.extensions.force' to be set when only
permissions, but no extension settings were defined, the relevant assertions
were changed. They now check whether any 'extensions.settings.<name>.settings'
was set instead of checking whether 'extensions.settings' was set.
---------
Co-authored-by: Robert Helgesson <robert@rycee.net>
Co-authored-by: awwpotato <awwpotato@voidq.com>
The legacy attrset option type for `firefox.profiles.<name>.bookmarks`
was accidentally removed in 9d55428. This adds back support for this
type by refactoring the bookmarks submodule. This also adds a new test
ensuring this won't happen again.
Native messaging hosts module assumed all hosts are packages, and we
were passing null before.
The patch also adds a test case for a null firefox package to avoid
regressions in the future for this common (on Darwin at least) scenario.
Note: Thunderbird doesn't need a similar change because it doesn't allow
a null package.
Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
Add `preConfig`, which acts like `extraConfig`, but placed before
`settings`. This will allow to overwrite settings in `preConfig`,
using `settings` option.
When `cfg.package` is already wrapped, and wrapped without the
`ExtensionSettings` key set, this would always add that key, even if its
value was blank. This would result in `cfg.finalPackage` being a
functionally-identical, but differently-input-addressed package. This is
generally undesirable as it may result in multiple derivations being
built, and also if the value of `cfg.package` is expected to be
unchanged by the user (e.g. because they want it to be consistent
between NixOS and HM configuration).
Add a test to ensure this does not regress in the default case. Only
test on newish stateVersion since the logic for `isWrapped` differs on
older versions.
