diff options
Diffstat (limited to 'nonprism/iceweasel-hardened/PKGBUILD')
| -rw-r--r-- | nonprism/iceweasel-hardened/PKGBUILD | 227 |
1 files changed, 9 insertions, 218 deletions
diff --git a/nonprism/iceweasel-hardened/PKGBUILD b/nonprism/iceweasel-hardened/PKGBUILD index 5bca775f7..2ad78d09f 100644 --- a/nonprism/iceweasel-hardened/PKGBUILD +++ b/nonprism/iceweasel-hardened/PKGBUILD @@ -1,227 +1,18 @@ # Maintainer: André Silva <emulatorman@parabola.nu> -# Contributor: Márcio Silva <coadde@parabola.nu> -# Contributor (ConnochaetOS): Henry Jensen <hjensen@connochaetos.org> -# Contributor: Luke Shumaker <lukeshu@sbcglobal.net> -# Contributor: fauno <fauno@kiwwwi.com.ar> -# Contributor: vando <facundo@esdebian.org> -# Contributor (Arch): Jakub Schmidtke <sjakub@gmail.com> -# Contributor: Figue <ffigue at gmail> -# Contributor: taro-k <taro-k@movasense_com> -# Contributor: Michał Masłowski <mtjm@mtjm.eu> # Contributor: Luke R. <g4jc@openmailbox.org> -# Contributor: Isaac David <isacdaavid@isacdaavid.info> -# Thank you very much to the older contributors: -# Contributor: evr <evanroman at gmail> -# Contributor: Muhammad 'MJ' Jassim <UnbreakableMJ@gmail.com> -_pgo=false - -# We're getting this from Debian Sid -_debname=firefox -_brandingver=50.0 -_brandingrel=1 -_debver=50.0 -_debrel=deb2 -_debrepo=http://ftp.debian.org/debian/pool/main/ -_parabolarepo=https://repo.parabola.nu/other/iceweasel -debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; } - -_pkgname=firefox pkgname=iceweasel-hardened -epoch=1 -pkgver=$_debver.$_debrel +pkgver=1.50 pkgrel=2 -pkgdesc="A libre version of Debian Iceweasel, the standalone web browser based on Mozilla Firefox, with several patches that were introduced to strengthen and protect the end user from security threats" -arch=(i686 x86_64 armv7h) -license=(MPL GPL LGPL) -depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell icu=57.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) -makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg-stable libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip) -makedepends_i686=(cargo) -makedepends_x86_64=("${makedepends_i686[@]}") -options=(!emptydirs !makeflags debug) -if $_pgo; then - makedepends+=(xorg-server-xvfb) - options+=(!ccache) -fi -optdepends=('networkmanager: Location detection via available WiFi networks' - 'libnotify: Notification integration' - 'upower: Battery API') +pkgdesc="Sets hardened preferences in IceWeasel that protect from a variety of privacy, security, and fingerprinting attacks." +arch=(any) +license=(MPL) +depends=('iceweasel-noscript') url="https://wiki.parabola.nu/${pkgname%-*}" -replaces=("${pkgname%-*}-libre" "${_pkgname}-hardening" "$_pkgname") -conflicts=("${pkgname%-*}-libre") -provides=("${pkgname%-*}=$epoch.$pkgver") -install=${pkgname%-*}.install -source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz" - "$_debrepo/`debfile $_debname`_$_debver-${_debrel#deb}.debian.tar.xz" - "$_parabolarepo/${pkgname%-*}_$_brandingver-$_brandingrel.branding.tar.xz" - "$_parabolarepo/${pkgname%-*}_$_brandingver-$_brandingrel.branding.tar.xz.sig" - mozconfig - libre.patch - remove-default-and-shell-icons-in-packaging-manifest.patch - gnu_headshadow.png - drm-free.png - ${pkgname%-*}.desktop - ${pkgname%-*}-install-dir.patch - vendor.js - rust-i686.patch - fix-wifi-scanner.diff - enable-object-directory-paths.patch - mozilla-1253216.patch - mozilla-build-arm.patch) -sha256sums=('4be6b691ffc1ac91707c2ced606a0c5fe6620272684f92265f35ef42e19151c5' - 'fd3c2b0aaf83404f66cd435463b649c792d6fc65603980148f71cc8a40a4bbc5' - 'c9a9f1b712598990ae60810d9e002d340bf0c016e284b11bc4169424b833b641' - 'SKIP' - '8212fd5e341a251c97871c0f114f6332c78326f707f9d20eddc8d644e0c5c988' - '013af398e97da9e855a143582816bf819e0d9d8d2b0e323d6b832f3df1157fdd' - '32f1fe3ad4f80d0ae419064db2abe49b97cd7cb18c35d68be1a2befb60172a2a' - '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' - '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' - '016e7f48c0da37a8e336e25d8f64ecc0608a3510f2589d99bfd229c7e00b8924' - '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' - '5ba27dd549ca93dfbcc947ff9989fc29399a4c8cf7ad99b7676cd2a9bd17093c' - 'f61ea706ce6905f568b9bdafd1b044b58f20737426f0aa5019ddb9b64031a269' - '9765bca5d63fb5525bbd0520b7ab1d27cabaed697e2fc7791400abc3fa4f13b8' - 'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484' - 'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65' - '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a') -validpgpkeys=( - 'C92BAA713B8D53D3CAE63FC9E6974752F9704456' # André Silva - '684D54A189305A9CC95446D36B888913DDB59515' # Márcio Silva -) - -prepare() { - cd "$srcdir/$_pkgname-$_debver" - mv "$srcdir/debian" . - mv "$srcdir/${pkgname%-*}-$_brandingver/branding" debian - mv "$srcdir/${pkgname%-*}-$_brandingver/patches/iceweasel-branding" debian/patches - cat "$srcdir/${pkgname%-*}-$_brandingver/patches/series" >> debian/patches/series - - export QUILT_PATCHES=debian/patches - export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index' - export QUILT_DIFF_ARGS='--no-timestamps' - - quilt push -av - - # Put gnu_headshadow.png and drm-free.png in the source code - install -m644 "$srcdir/"{gnu_headshadow,drm-free}.png \ - browser/base/content/abouthome - - # Useless since we are doing it ourselves - patch -Np1 -i "$srcdir/remove-default-and-shell-icons-in-packaging-manifest.patch" - - # Enable object directory paths for Iceweasel rebranding - patch -Np1 -i "$srcdir/enable-object-directory-paths.patch" - - # Install to /usr/lib/iceweasel-hardened - patch -Np1 -i "$srcdir/${pkgname%-*}-install-dir.patch" - - # Modify MOZ_APP_NAME for iceweasel-hardened be installed side by side with iceweasel - sed -i '\|MOZ_APP_NAME| s|iceweasel|iceweasel-hardened| - ' debian/branding/configure.sh - - # Patch and remove anything that's left - patch -Np1 -i "$srcdir/libre.patch" - sed -i 's|Adobe Flash|SWF Player|g; - ' browser/base/content/pageinfo/permissions.js \ - browser/base/content/browser-plugins.js - sed -i '\|["]displayName["][:] ["]Flash["]| s|Flash|SWF Player| - \|["]displayName["][:] ["]Shockwave["]| s|Shockwave|DCR Player| - \|["]displayName["][:] ["]QuickTime["]| s|QuickTime|MOV Player| - \|installLinux| s|true|false| - ' browser/base/content/browser-plugins.js - - # Load our build config, disable SafeSearch - cp "$srcdir/mozconfig" .mozconfig - - # https://bugzilla.mozilla.org/show_bug.cgi?id=1314968 - patch -Np1 -i ../fix-wifi-scanner.diff - - # Build with the rust targets we actually ship - patch -Np1 -i ../rust-i686.patch - - mkdir "$srcdir/path" - ln -s /usr/bin/python2 "$srcdir/path/python" - - # Load our searchplugins - rm -rv browser/locales/en-US/searchplugins - cp -av /usr/lib/mozilla/searchplugins browser/locales/en-US - - # Disable various components at the source level - sed -i 's|[;]1|;0|' toolkit/components/telemetry/TelemetryStartup.manifest || die "failed break telemetry startup" - sed -i 's|[;]1|;0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService" - sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket" - - # ARM-specific changes: - if [[ "$CARCH" == arm* ]]; then - sed -i '/ac_add_options --enable-rust/d' .mozconfig - echo "ac_add_options --disable-ion" >> .mozconfig - echo "ac_add_options --disable-elf-hack" >> .mozconfig - echo "ac_add_options --disable-webrtc" >> .mozconfig - - # Disable gold linker, reduce memory consumption at link time - sed -i '/ac_add_options --enable-gold/d' .mozconfig - LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" - echo "ac_add_options --disable-tests" >> .mozconfig - echo "ac_add_options --disable-debug" >> .mozconfig - - patch -p1 -i ../mozilla-1253216.patch - patch -p1 -i ../mozilla-build-arm.patch - fi -} - -build() { - cd "$srcdir/$_pkgname-$_debver" - - # _FORTIFY_SOURCE causes configure failures - CPPFLAGS+=" -O2" - - # Hardening - LDFLAGS+=" -Wl,-z,now" - - # GCC 6 - CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-schedule-insns2" - - export PATH="$srcdir/path:$PATH" - - if $_pgo; then - # Do PGO - xvfb-run -a -s "-extension GLX -screen 0 1280x1024x24" \ - make -f client.mk build MOZ_PGO=1 - else - make -f client.mk build - fi -} +source=('firefox-branding.js') +sha512sums=('733553fc5fc05ea8b7183b33b046afe30c2004f7a73dd289c8107dba5e2a997827267a9b5f26979e85e7b4eae4e12ce89c205fd81ba5bfd50df08f4dd716208f') +whirlpoolsums=('88be3317fc78e4bbaf79f080c7270d78a90f152f96fa067f2215915285ba8573ee46071856c2578bd3e02a678e783313131f3c2dcf6a02f2f862edd9de0a7820') package() { - cd "$srcdir/$_pkgname-$_debver" - make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install - - install -Dm644 ../vendor.js "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js" - - _brandingdir=debian/branding - brandingdir=moz-objdir/$_brandingdir - icondir="$pkgdir/usr/share/icons/hicolor" - for i in 16 22 24 32 48 64 128 192 256 384; do - rsvg-convert -w $i -h $i "$_brandingdir/${pkgname%-*}_icon.svg" \ - -o "$brandingdir/default$i.png" - install -Dm644 "$brandingdir/default$i.png" \ - "$icondir/${i}x${i}/apps/$pkgname.png" - done - - install -Dm644 "$_brandingdir/${pkgname%-*}_icon.svg" \ - "$icondir/scalable/apps/$pkgname.svg" - - install -d "$pkgdir/usr/share/applications" - install -m644 "$srcdir/${pkgname%-*}.desktop" \ - "$pkgdir/usr/share/applications/$pkgname.desktop" - - # Use system-provided dictionaries - rm -rf "$pkgdir/usr/lib/$pkgname/"{dictionaries,hyphenation} - ln -s /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries" - ln -s /usr/share/hyphen "$pkgdir/usr/lib/$pkgname/hyphenation" - - # Replace duplicate binary with symlink - # https://bugzilla.mozilla.org/show_bug.cgi?id=658850 - ln -sf $pkgname "$pkgdir/usr/lib/$pkgname/$pkgname-bin" + install -Dm644 firefox-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js } |