libre/iceweasel: updated to 58.0

author: Andreas Grapentin <andreas@grapentin.org> 2018-01-25 18:42:39 +0100
committer: Andreas Grapentin <andreas@grapentin.org> 2018-01-25 19:49:16 +0100
commit: 8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad (patch)
tree: e6f50ca34633f116d95a63c1c8c0bcb8b0c2f731 /libre/iceweasel/PKGBUILD
parent: cd4d7e904b34dece801d4d2df7681f5dce7f4035 (diff)
download: abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.gz
abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.bz2
abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.zip
1 files changed, 430 insertions, 153 deletions
diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD
index c96f61c0c..5dc2010c4 100644
--- a/libre/iceweasel/PKGBUILD
+++ b/libre/iceweasel/PKGBUILD
@@ -1,3 +1,7 @@
+# $Id$
+# Maintainer (Arch): Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
+# Contributor (Arch): Ionut Biru <ibiru@archlinux.org>
+# Contributor (Arch): Jakub Schmidtke <sjakub@gmail.com>
 # Maintainer: Andreas Grapentin <andreas@grapentin.org>
 # Contributor: André Silva <emulatorman@hyperbola.info>
 # Contributor: Márcio Silva <coadde@hyperbola.info>
@@ -5,125 +9,126 @@
 # Contributor: Luke Shumaker <lukeshu@sbcglobal.net>
 # Contributor: fauno <fauno@kiwwwi.com.ar>
 # Contributor: vando <facundo@esdebian.org>
-# Contributor (Arch): Jakub Schmidtke <sjakub@gmail.com>
 # Contributor: Figue <ffigue at gmail>
 # Contributor: taro-k <taro-k@movasense_com>
 # Contributor: Michał Masłowski <mtjm@mtjm.eu>
 # Contributor: Luke R. <g4jc@openmailbox.org>
 # Contributor: Isaac David <isacdaavid@isacdaavid.info>
 # Contributor: bill-auger <bill-auger@programmer.net>
-# Thank you very much to the older contributors:
 # Contributor: evr <evanroman at gmail>
 # Contributor: Muhammad 'MJ' Jassim <UnbreakableMJ@gmail.com>
 
-_oldname=firefox
-pkgname=iceweasel
+# parabola changes and rationale:
+#  - rebranded to iceweasel
+#  - added to makedepends: mozilla-searchplugins, quilt, libxslt, imagemagick
+#  - removed from makedepends: mercurial
+#  - using tarball instead of repository
+#  - added replaces and conflicts for firefox
+#  - removed google api keys and usage
 
+_pkgname=firefox
+pkgname=iceweasel
 epoch=1
-pkgver=57.0.4
+pkgver=58.0
 pkgrel=1
-_brandingver=57.0
-_brandingrel=1
-_parabolarepo=https://repo.parabola.nu/other/iceweasel
-arch=(i686 x86_64 armv7h)
-
-pkgdesc="Iceweasel, the libre web browser based on Mozilla Firefox."
-url="https://wiki.parabola.nu/$pkgname"
+_bver=58.0
+_brel=1
+pkgdesc="Libre standalon web browser based on Mozilla Firefox"
+arch=(x86_64 i686 armv7h)
 license=(MPL GPL LGPL)
-
-depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell libvpx libxt mime-types mozilla-common nss sqlite startup-notification ttf-font)
+url="https://wiki.parabola.nu/$pkgname"
+depends=(gtk3 gtk2 mozilla-common libxt startup-notification mime-types dbus-glib ffmpeg
+         nss hunspell sqlite ttf-font libpulse libvpx icu)
 depends_x86_64=("icu>=60" "icu<61")
 depends_i686=("icu>=60" "icu<61")
 depends_armv7h=("icu>=60" "icu<61")
-makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip)
-makedepends_i686=(rust clang llvm)
-makedepends_x86_64=("${makedepends_i686[@]}")
+makedepends=(unzip zip diffutils python2 yasm mesa imake gconf inetutils xorg-server-xvfb
+             autoconf2.13 rust clang llvm jack mozilla-searchplugins quilt libxslt imagemagick)
 optdepends=('networkmanager: Location detection via available WiFi networks'
             'libnotify: Notification integration'
+            'pulseaudio: Audio support'
             'speech-dispatcher: Text-to-Speech')
-
-replaces=("$_oldname-libre" "$pkgname-libre" "$_oldname")
-conflicts=("$_oldname-libre" "$pkgname-libre" "$_oldname")
-
-options=(!emptydirs !makeflags !strip debug)
-
-source=("https://ftp.mozilla.org/pub/$_oldname/releases/$pkgver/source/$_oldname-$pkgver.source.tar.xz"
-        "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz"
-        "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz.sig"
-        mozconfig
-        libre.patch
-        remove-default-and-shell-icons-in-packaging-manifest.patch
-        drm-free.png
-        gnu_headshadow.png
-        parabola-banner.png
-        watermark.svg
+options=(!emptydirs !makeflags !strip)
+replaces=("$_pkgname")
+conflicts=("$_pkgname")
+_parabolarepo=https://repo.parabola.nu/other/iceweasel
+source=(https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
         $pkgname.desktop
-        $pkgname-install-dir.patch
-        vendor.js
-        distribution.ini
-        enable-object-directory-paths.patch
-        mozilla-1253216.patch
-        no-crmf.patch
-        mozilla-build-arm.patch
-        wifi-disentangle.patch
-        wifi-fix-interface.patch)
-sha256sums=('97cced69abfd5c57d968f0095631f86beff4f7b61883edd5a4f207e7f9c43b33'
-            'e93f2363d7b414d207250eb1c63d955681f158c8d5678ef3d2e9232cdb0382c7'
-            'SKIP'
-            '71e20557568330c29553201a6009060feb65921b021fff8053ad9f7cb67670fa'
-            '7b7d608f738d0f48be923b6b61281918cfb35f372d7b9fc7b1b7133efa2dd17f'
-            '6e23fe534394bbab0041f5935cd23c2590285f7541b0a10f3042905676b1561e'
-            '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6'
-            '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd'
-            '3ba321484226e4cbd9b139d584339a51613b1d27c5c290f07a97e2a54facf16f'
-            '642b214b219e3c7668abed7119c3fadaeee9da80e98aba93a42ea8128eccd73c'
-            '250f7aaa3c1362f9d2bb2211cd605eab93a5e806e8540f184979d41acf46142a'
+        $pkgname-install-dir.patch no-crmf.diff
+        https://repo.parabola.nu/other/iceweasel/${pkgname}_$_bver-$_brel.branding.tar.xz{,.sig}
+        libre.patch)
+sha256sums=('0e0a39caabf94d7467d8bb4008fa9e7340a7be57b8c78ccf0cf98791a3bfaaff'
+            'ed350ef2f528b999a621f7080fa80948be6b351e67ce32529fb32bcf47bb21fa'
             '46e588300797bda599c8f5157437fd79f88b6e1179f2fde49e0405e435e03efa'
-            'e2a344b7296d3cd7d30cef083d5a6f1a26bd93711e770671b21ff8d343b83901'
-            'd28b14a870aa100273243039d08ab9e64d325c28b6291413441146ebdf5d38ee'
-            'ce1765c7812da53dc555103d54998d57890def127aa034b37f21dbfab65dde65'
-            'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65'
-            'c0ceaaa83a0c79035cdb39b6c130064409dffa546ae2d576fa061b52e4a0392f'
-            '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a'
-            'f068b84ad31556095145d8fefc012dd3d1458948533ed3fff6cbc7250b6e73ed'
-            'e98a3453d803cc7ddcb81a7dc83f883230dd8591bdf936fc5a868428979ed1f1')
-validpgpkeys=(
-              'BFA8008A8265677063B11BF47171986E4B745536' # Andreas Grapentin
-)
+            'fb85a538044c15471c12cf561d6aa74570f8de7b054a7063ef88ee1bdfc1ccbb'
+            '482cfe2d92f0b9638061eaf1b457abe0a8c8a0521bd67767e5c5010868612d25'
+            'SKIP'
+            '12170e0539997396f83c511317377cf4cc5af74177c6c1db14275ebf0b932bb9')
+validpgpkeys=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin
 
 prepare() {
-  cd "$srcdir/$_oldname-$pkgver"
+  mkdir path
+  ln -s /usr/bin/python2 path/python
 
-  local brandingdir="$srcdir/$pkgname-$_brandingver"
+  cd "$srcdir/$_pkgname-$pkgver"
+  patch -Np1 -i ../$pkgname-install-dir.patch
 
-  # Prepare branding for the Iceweasel packages
+  # https://bugzilla.mozilla.org/show_bug.cgi?id=1371991
+  patch -Np1 -i ../no-crmf.diff
+
+  cat >.mozconfig <<END
+ac_add_options --enable-application=browser
+
+ac_add_options --prefix=/usr
+ac_add_options --enable-release
+ac_add_options --enable-gold
+ac_add_options --enable-pie
+ac_add_options --enable-optimize="-O2"
+ac_add_options --enable-rust-simd
+
+# Branding
+ac_add_options --disable-official-branding
+ac_add_options --with-branding=browser/branding/iceweasel
+ac_add_options --with-distribution-id=nu.parabola
+
+# System libraries
+ac_add_options --with-system-zlib
+ac_add_options --with-system-bz2
+ac_add_options --with-system-icu
+ac_add_options --with-system-jpeg
+ac_add_options --with-system-libvpx
+ac_add_options --with-system-nspr
+ac_add_options --with-system-nss
+ac_add_options --enable-system-hunspell
+ac_add_options --enable-system-sqlite
+ac_add_options --enable-system-ffi
+
+# Features
+ac_add_options --enable-alsa
+ac_add_options --enable-jack
+ac_add_options --enable-startup-notification
+ac_add_options --disable-crashreporter
+ac_add_options --disable-updater
+ac_add_options --disable-stylo
+ac_add_options --disable-eme
+END
+
+  # perform rebranding
+  local brandingdir="$srcdir/$pkgname-$_bver"
   mkdir -v browser/branding/$pkgname
-
-  # copy the branding files
   cp -va $brandingdir/branding/* browser/branding/$pkgname
 
-  # patch
   export QUILT_PATCHES=$brandingdir/patches
   export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
   export QUILT_DIFF_ARGS='--no-timestamps'
-
   quilt push -av
 
   # Put "Start Page" branding images in the source code
-  install -m644 "$srcdir/"{drm-free,gnu_headshadow,parabola-banner}.png \
+  install -m644 "$brandingdir/branding/"{drm-free,gnu_headshadow,parabola-banner}.png \
     browser/base/content/abouthome
-  install -m644 "$srcdir/watermark.svg"       \
+  install -m644 "$brandingdir/branding/watermark.svg"       \
     browser/extensions/onboarding/content/img
 
-  # Useless since we are doing it ourselves
-  patch -Np1 -i "$srcdir/remove-default-and-shell-icons-in-packaging-manifest.patch"
-
-  # Enable object directory paths for Iceweasel rebranding
-  patch -Np1 -i "$srcdir/enable-object-directory-paths.patch"
-
-  # Install to /usr/lib/iceweasel
-  patch -Np1 -i "$srcdir/$pkgname-install-dir.patch"
-
   # Patch and remove anything that's left
   patch -Np1 -i "$srcdir/libre.patch"
   sed -i 's|Adobe Flash|SWF Player|g;
@@ -135,22 +140,9 @@ prepare() {
           \|installLinux| s|true|false|
          ' browser/base/content/browser-plugins.js
 
-  # Load our build config, disable SafeSearch
-  cp "$srcdir/mozconfig" .mozconfig
-
-  # override the new newtab obscenity with the abouthome stuff
+  # replace newtab page with abouthome
   cat browser/base/content/abouthome/aboutHome.xhtml > browser/base/content/newtab/newTab.xhtml
 
-  # https://bugzilla.mozilla.org/show_bug.cgi?id=1314968
-  patch -Np1 -i ../wifi-disentangle.patch
-  patch -Np1 -i ../wifi-fix-interface.patch
-
-  # https://bugzilla.mozilla.org/show_bug.cgi?id=1371991
-  patch -Np1 -i "$srcdir/no-crmf.patch"
-
-  mkdir "$srcdir/path"
-  ln -s /usr/bin/python2 "$srcdir/path/python"
-
   # Load our searchplugins
   rm -rv browser/locales/searchplugins
   cp -av /usr/lib/mozilla/searchplugins browser/locales
@@ -160,82 +152,367 @@ prepare() {
   sed -i 's|[;]1|;0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService"
   sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket"
   sed -i '/activity-stream/d' browser/extensions/moz.build || die "failed to wipe activity-stream"
-
-  # ARM-specific changes:
-  if [[ "$CARCH" == arm* ]]; then
-      sed -i '/ac_add_options --enable-rust/d' .mozconfig
-      echo "ac_add_options --disable-ion" >> .mozconfig
-      echo "ac_add_options --disable-elf-hack" >> .mozconfig
-      echo "ac_add_options --disable-webrtc" >> .mozconfig
-
-      # Disable gold linker, reduce memory consumption at link time
-      sed -i '/ac_add_options --enable-gold/d' .mozconfig
-      LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
-      echo "ac_add_options --disable-tests" >> .mozconfig
-      echo "ac_add_options --disable-debug" >> .mozconfig
-
-      patch -p1 -i ../mozilla-1253216.patch
-      patch -p1 -i ../mozilla-build-arm.patch
-  fi
 }
 
 build() {
-  cd "$srcdir/$_oldname-$pkgver"
+  cd "$srcdir/$_pkgname-$pkgver"
 
   # _FORTIFY_SOURCE causes configure failures
   CPPFLAGS+=" -O2"
 
-  # Hardening
-  LDFLAGS+=" -Wl,-z,now"
-
-  # GCC 6
-  CFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
-  CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
-
   export PATH="$srcdir/path:$PATH"
-  export PYTHON="/usr/bin/python2"
 
-  make -f client.mk build
+  # Do PGO
+  #xvfb-run -a -n 95 -s "-extension GLX -screen 0 1280x1024x24" \
+  #  MOZ_PGO=1 ./mach build
+  ./mach build
+  ./mach buildsymbols
 }
 
 package() {
-  cd "$srcdir/$_oldname-$pkgver"
-
-  make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install
+  cd "$srcdir/$_pkgname-$pkgver"
+  DESTDIR="$pkgdir" ./mach install
+  find . -name '*crashreporter-symbols-full.zip' -exec cp -fvt "$startdir" {} +
+
+  local _shortver=$(echo $pkgver | cut -d'.' -f1,2)
+  _vendorjs="$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js"
+  install -Dm644 /dev/stdin "$_vendorjs" <<END
+// Use LANG environment variable to choose locale
+pref("intl.locale.matchOS", true);
+
+// Disable default browser checking.
+pref("browser.shell.checkDefaultBrowser", false);
+
+// Don't disable our bundled extensions in the application directory
+pref("extensions.autoDisableScopes", 11);
+pref("extensions.shownSelectionUI", true);
+
+// Opt all of us into e10s, instead of just 50%
+pref("browser.tabs.remote.autostart", true);
+
+// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
+pref("ui.key.menuAccessKeyFocuses", false);
+
+// Disable the GeoLocation API for content
+pref("geo.enabled", false);
+
+// Make sure that the request URL of the GeoLocation backend is empty
+pref("geo.wifi.uri", "");
+
+// Disable Freedom Violating DRM Feature
+pref("browser.eme.ui.enabled", false);
+// EME
+pref("media.eme.enabled", false);
+pref("media.eme.apiVisible", false);
+
+// Google Widevine DRM
+// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/
+// https://wiki.mozilla.org/QA/Widevine_CDM
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580
+pref("media.gmp-widevinecdm.visible", false);
+pref("media.gmp-widevinecdm.enabled", false);
+pref("media.gmp-widevinecdm.autoupdate", false);
+
+// Default to classic view for about:newtab
+pref("browser.newtabpage.enhanced", false);
+pref("browser.newtabpage.activity-stream.enabled", false);
+
+// Poodle attack
+pref("security.tls.version.min", 1);
+
+// Don't call home for blacklisting
+pref("extensions.blocklist.enabled", false);
+
+// Disable plugin installer
+pref("plugins.hide_infobar_for_missing_plugin", true);
+pref("plugins.hide_infobar_for_outdated_plugin", true);
+pref("plugins.notifyMissingFlash", false);
+
+//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource
+//pref("media.mediasource.enabled",true);
+
+// Speeding it up
+pref("network.http.pipelining", true);
+pref("network.http.proxy.pipelining", true);
+pref("network.http.pipelining.maxrequests", 10);
+pref("nglayout.initialpaint.delay", 0);
+
+// Disable third party cookies
+pref("network.cookie.cookieBehavior", 1);
+
+// Prevent EULA dialog to popup on first run
+pref("browser.EULA.override", true);
+
+// Set useragent to Firefox compatible
+//pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:$_shortver) Gecko/20100101 Firefox/$_shortver");
+pref("general.appname.override", "Netscape");
+pref("general.appversion.override", "$_shortver");
+pref("general.buildID.override", "Gecko/20100101");
+pref("general.oscpu.override", "Windows NT 6.1");
+pref("general.platform.override", "Win32");
+
+// Privacy & Freedom Issues
+// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/
+// https://panopticlick.eff.org
+// http://ip-check.info
+// http://browserspy.dk
+// https://wiki.mozilla.org/Fingerprinting
+// http://www.browserleaks.com
+// http://fingerprint.pet-portal.eu
+pref("privacy.donottrackheader.enabled", true);
+pref("privacy.donottrackheader.value", 1);
+pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+
+// CIS 2.1.1 Disable Auto Update / Balrog
+pref("app.update.auto", false);
+pref("app.update.checkInstallTime", false);
+pref("app.update.enabled", false);
+pref("app.update.staging.enabled", false);
+pref("app.update.url", "about:blank");
+pref("media.gmp-manager.certs.1.commonName", "");
+pref("media.gmp-manager.certs.2.commonName", "");
+// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
+pref("media.gmp-manager.url", "http://127.0.0.1/");
+pref("media.gmp-manager.url.override", "data:text/plain,");
+pref("media.gmp-provider.enabled", false);
+// Don't install openh264 codec
+pref("media.gmp-gmpopenh264.enabled", false);
+pref("media.gmp-eme-adobe.enabled", false);
+pref("media.peerconnection.video.h264_enabled", false);
+
+// CIS 2.3.4 Block Reported Web Forgeries
+// http://kb.mozillazine.org/Browser.safebrowsing.enabled
+// http://kb.mozillazine.org/Safe_browsing
+// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
+// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
+pref("browser.safebrowsing.enabled", false);
+
+// CIS 2.3.5 Block Reported Attack Sites
+// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
+pref("browser.safebrowsing.malware.enabled", false);
+
+// Disable safe browsing remote lookups for downloaded files.
+// This leaks information to google.
+// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
+// https://wiki.mozilla.org/Security/Application_Reputation
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.appRepURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
+pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.url", "about:blank");
+pref("browser.safebrowsing.provider.google.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google.lists", "about:blank");
+
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
+pref("browser.safebrowsing.phishing.enabled", false);
+pref("browser.safebrowsing.provider.google4.lists", "about:blank");
+pref("browser.safebrowsing.provider.google4.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.reportURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.lists", "about:blank");
+
+// Disable Microsoft Family Safety MiTM support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
+// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
+// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
+pref("security.family_safety.mode", 0);
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113
+// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883
+pref("security.enterprise_roots.enabled", false);
+
+//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
+pref("social.enabled", false);
+pref("social.remote-install.enabled", false);
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
+pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
+pref("healthreport.uploadEnabled", false);
+pref("social.toast-notifications.enabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+pref("datareporting.healthreport.service.enabled", false);
+pref("browser.slowStartup.notificationDisabled", true);
+pref("network.http.sendRefererHeader", 2);
+//pref("network.http.referer.spoofSource", true);
+//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
+//pref("dom.storage.enabled", false);
+pref("dom.event.clipboardevents.enabled",false);
+pref("network.prefetch-next", false);
+pref("network.dns.disablePrefetch", true);
+pref("network.http.sendSecureXSiteReferrer", false);
+pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.unified", false);
+// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
+pref("plugins.enumerable_names", "");
+pref("plugin.state.flash", 0);
+// Do not autoupdate search engines
+pref("browser.search.update", false);
+// Warn when the page tries to redirect or refresh
+//pref("accessibility.blockautorefresh", true);
+pref("dom.battery.enabled", false);
+pref("device.sensors.enabled", false);
+pref("camera.control.face_detection.enabled", false);
+pref("camera.control.autofocus_moving_callback.enabled", false);
+pref("network.http.speculative-parallel-limit", 0);
+// No search suggestions
+pref("browser.urlbar.userMadeSearchSuggestionsChoice", true);
+pref("browser.search.suggest.enabled", false);
+
+// Crypto hardening
+// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
+// General settings
+//pref("security.tls.unrestricted_rc4_fallback", false);
+//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+//pref("security.tls.version.min", 1);
+//pref("security.ssl.require_safe_negotiation", true);
+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+//pref("security.ssl3.rsa_seed_sha", true);
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
+
+
+// WebRTC
+pref("media.peerconnection.enabled", false);
+pref("media.peerconnection.ice.default_address_only", true);
+
+pref("font.default.x-western", "sans-serif");
+
+// Preferences for the Get Add-ons panel and search engines
+pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("browser.search.searchEnginesURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+
+// Mobile
+pref("privacy.announcements.enabled", false);
+pref("browser.snippets.enabled", false);
+pref("browser.snippets.syncPromo.enabled", false);
+pref("identity.mobilepromo.android", "https://f-droid.org/repository/browse/?fdid=org.gnu.icecat&");
+pref("browser.snippets.geoUrl", "http://127.0.0.1/");
+pref("browser.snippets.updateUrl", "http://127.0.0.1/");
+pref("browser.snippets.statsUrl", "http://127.0.0.1/");
+pref("datareporting.policy.firstRunTime", 0);
+pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
+pref("browser.webapps.checkForUpdates", 0);
+pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/");
+pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
+
+// PFS url
+pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+
+// Geolocation depends on third party services
+pref("geo.enabled", false);
+pref("geo.wifi.uri", "");
+
+// Disable heartbeat
+pref("browser.selfsupport.url", "");
+
+// Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
+pref("browser.apps.URL", "");
+
+// Use old style preferences, that allow javascript to be disabled
+pref("browser.preferences.inContent",false);
+
+// Don't download ads for the newtab page
+pref("browser.newtabpage.directory.source", "");
+pref("browser.newtabpage.directory.ping", "");
+pref("browser.newtabpage.introShown", true);
+
+// Disable home snippets
+pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
+
+// Disable hardware acceleration and WebGL
+//pref("layers.acceleration.disabled", false);
+pref("webgl.disabled", false);
+
+// Disable SSDP
+pref("browser.casting.enabled", false);
+
+// Disable directory service
+pref("social.directories", "");
+pref("social.whitelist", "");
+pref("social.shareDirectory", "");
+
+// Disable Pocket integration
+pref("browser.pocket.api", "about:blank");
+pref("browser.pocket.enabled", false);
+pref("browser.pocket.enabledLocales", "about:blank");
+pref("browser.pocket.oAuthConsumerKey", "about:blank");
+pref("browser.pocket.site", "about:blank");
+pref("browser.pocket.useLocaleList", false);
+pref("extensions.pocket.enabled", false);
+
+// Do not require xpi extensions to be signed by Mozilla
+pref("xpinstall.signatures.required", false);
+
+// Disable File and Directory Entries API (Imported from Edge/Chromium)
+// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767
+pref("dom.webkitBlink.filesystem.enabled", false);
+// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
+// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
+pref("dom.webkitBlink.dirPicker.enabled", false);
+
+// Directory Upload API, webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
+// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
+// https://wicg.github.io/directory-upload/proposal.html
+pref("dom.input.dirpicker", false);
+END
+
+  _distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini"
+  install -Dm644 /dev/stdin "$_distini" <<END
+[Global]
+id=parabola
+version=1.0
+about=Iceweasel for Parabola GNU/Linux-libre
+
+[Preferences]
+app.distributor=parabola
+app.distributor.channel=$pkgname
+app.partner.parabola=parabola
+END
 
-  install -Dm644 "$srcdir/vendor.js" "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js"
-  local shortver=$(echo $pkgver | cut -d'.' -f1,2)
-  sed -i "s/@PKGVER@/$shortver/g" "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js"
-
-  local brandingdir="$srcdir/$pkgname-$_brandingver"
-
-  # install iceweasel icons
-  local icondir="$pkgdir/usr/share/icons/hicolor"
   for i in 16 22 24 32 48 64 128 192 256 384; do
-    rsvg-convert -w $i -h $i "$brandingdir/branding/${pkgname}_icon.svg" \
-      -o "$brandingdir/default$i.png"
-    install -Dm644 "$brandingdir/default$i.png" \
-      "$icondir/${i}x${i}/apps/$pkgname.png"
+    rsvg-convert -w $i -h $i "$srcdir/$pkgname-$_bver/branding/${pkgname}_icon.svg" \
+      -o "$srcdir/$pkgname-$_bver/default$i.png"
+    install -Dm644 "$srcdir/$pkgname-$_bver/default$i.png" \
+      "$pkgdir/usr/share/icons/hicolor/${i}x${i}/apps/$pkgname.png"
   done
 
-  install -Dm644 "$brandingdir/branding/${pkgname}_icon.svg" \
-    "$icondir/scalable/apps/$pkgname.svg"
+  install -Dm644 "$srcdir/$pkgname-$_bver/branding/${pkgname}_icon.svg" \
+    "$pkgdir/usr/share/icons/hicolor/scalable/apps/$pkgname.svg"
 
-  # Parabola rebranding
-  install -m644 "$srcdir/distribution.ini" \
-    "$pkgdir/usr/lib/$pkgname/distribution"
-
-  # Install Iceweasel desktop
-  install -d "$pkgdir/usr/share/applications"
-  install -m644 "$srcdir/$pkgname.desktop" \
-    "$pkgdir/usr/share/applications"
+  install -Dm644 ../$pkgname.desktop \
+    "$pkgdir/usr/share/applications/$pkgname.desktop"
 
   # Use system-provided dictionaries
-  rm -rf "$pkgdir/usr/lib/$pkgname/"{dictionaries,hyphenation}
-  ln -s /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries"
-  ln -s /usr/share/hyphen   "$pkgdir/usr/lib/$pkgname/hyphenation"
+  rm -r "$pkgdir"/usr/lib/$pkgname/dictionaries
+  ln -Ts /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries"
+  ln -Ts /usr/share/hyphen "$pkgdir/usr/lib/$pkgname/hyphenation"
+
+  # Install a wrapper to avoid confusion about binary path
+  install -Dm755 /dev/stdin "$pkgdir/usr/bin/$pkgname" <<END
+#!/bin/sh
+exec /usr/lib/$pkgname/$pkgname "\$@"
+END
 
-  # Replace duplicate binary with symlink
+  # Replace duplicate binary with wrapper
   # https://bugzilla.mozilla.org/show_bug.cgi?id=658850
-  ln -sf $pkgname "$pkgdir/usr/lib/$pkgname/$pkgname-bin"
+  ln -srf "$pkgdir/usr/bin/$pkgname" \
+    "$pkgdir/usr/lib/$pkgname/$pkgname-bin"
 }
author	Andreas Grapentin <andreas@grapentin.org>	2018-01-25 18:42:39 +0100
committer	Andreas Grapentin <andreas@grapentin.org>	2018-01-25 19:49:16 +0100
commit	8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad (patch)
tree	e6f50ca34633f116d95a63c1c8c0bcb8b0c2f731 /libre/iceweasel/PKGBUILD
parent	cd4d7e904b34dece801d4d2df7681f5dce7f4035 (diff)
download	abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.gz abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.bz2 abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.zip