Add two new options to customize how extension permissions are checked:
- `extensions.exhaustivePermissions`
Ensures that the permissions requested by all extensions managed by
home-manager are authorized
- `extensions.exactPermissions`
When enabled, the user must authorize only the permissions that the
extensions requests, not more nor less.
Adds extension permissions as suggested in
https://github.com/nix-community/home-manager/issues/7001.
Adds the 'profiles.<name>.extensions.settings.<name>.permissions' to Firefox
derivatives. If set, this option adds an assertion that fails if an extension
package requests permissions that weren't added to the permissions option. In
order to not require 'profiles.<name>.extensions.force' to be set when only
permissions, but no extension settings were defined, the relevant assertions
were changed. They now check whether any 'extensions.settings.<name>.settings'
was set instead of checking whether 'extensions.settings' was set.
---------
Co-authored-by: Robert Helgesson <robert@rycee.net>
Co-authored-by: awwpotato <awwpotato@voidq.com>
* nixos: remove with lib
* nix-darwin: remove with lib
* home-manager: remove with lib
* modules/accounts: remove with lib
* modules/config: remove with lib
* modules/i18n: remove with lib
* modules/misc: remove with lib
* modules: remove with lib
* modules/targets: remove with lib
* tests/modules/firefox: remove with lib
* tests/modules/services: remove with lib
This commit refactors programs.firefox.profiles.<name>.extensions in
order to support both installation of extensions (addons) and their
configuration. It does this by setting the
`extensions.webextensions.ExtensionStorageIDB.enabled` user_pref to
false.
When this preference is set to false, support for storing extension
settings in sqlite databases, also known as IndexedDB or IDB, is
reverted back to the JSON format present in firefox versions prior to
version 63, as seen here:
https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/
IndexedDB was made the default due to performance improvements, but had
the consequence of removing any possibility of declarative extension
configuration without the assistance of firefox's policy system. The
policy system is supported by a small amount of extensions, such as
uBlock Origin, but has to be explicitly supported. Even when supported,
it provides significantly less granular control when compared to the
JSON storage format.
