diff options
author | Andreas Grapentin <andreas@grapentin.org> | 2018-01-25 18:42:39 +0100 |
---|---|---|
committer | Andreas Grapentin <andreas@grapentin.org> | 2018-01-25 19:49:16 +0100 |
commit | 8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad (patch) | |
tree | e6f50ca34633f116d95a63c1c8c0bcb8b0c2f731 /libre/iceweasel/PKGBUILD | |
parent | cd4d7e904b34dece801d4d2df7681f5dce7f4035 (diff) | |
download | abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.gz abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.tar.bz2 abslibre-8f7b183f7fc7c3a71d9d3375f4f2e00be6efb0ad.zip |
libre/iceweasel: updated to 58.0
Diffstat (limited to 'libre/iceweasel/PKGBUILD')
-rw-r--r-- | libre/iceweasel/PKGBUILD | 583 |
1 files changed, 430 insertions, 153 deletions
diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD index c96f61c0c..5dc2010c4 100644 --- a/libre/iceweasel/PKGBUILD +++ b/libre/iceweasel/PKGBUILD @@ -1,3 +1,7 @@ +# $Id$ +# Maintainer (Arch): Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> +# Contributor (Arch): Ionut Biru <ibiru@archlinux.org> +# Contributor (Arch): Jakub Schmidtke <sjakub@gmail.com> # Maintainer: Andreas Grapentin <andreas@grapentin.org> # Contributor: André Silva <emulatorman@hyperbola.info> # Contributor: Márcio Silva <coadde@hyperbola.info> @@ -5,125 +9,126 @@ # Contributor: Luke Shumaker <lukeshu@sbcglobal.net> # Contributor: fauno <fauno@kiwwwi.com.ar> # Contributor: vando <facundo@esdebian.org> -# Contributor (Arch): Jakub Schmidtke <sjakub@gmail.com> # Contributor: Figue <ffigue at gmail> # Contributor: taro-k <taro-k@movasense_com> # Contributor: Michał Masłowski <mtjm@mtjm.eu> # Contributor: Luke R. <g4jc@openmailbox.org> # Contributor: Isaac David <isacdaavid@isacdaavid.info> # Contributor: bill-auger <bill-auger@programmer.net> -# Thank you very much to the older contributors: # Contributor: evr <evanroman at gmail> # Contributor: Muhammad 'MJ' Jassim <UnbreakableMJ@gmail.com> -_oldname=firefox -pkgname=iceweasel +# parabola changes and rationale: +# - rebranded to iceweasel +# - added to makedepends: mozilla-searchplugins, quilt, libxslt, imagemagick +# - removed from makedepends: mercurial +# - using tarball instead of repository +# - added replaces and conflicts for firefox +# - removed google api keys and usage +_pkgname=firefox +pkgname=iceweasel epoch=1 -pkgver=57.0.4 +pkgver=58.0 pkgrel=1 -_brandingver=57.0 -_brandingrel=1 -_parabolarepo=https://repo.parabola.nu/other/iceweasel -arch=(i686 x86_64 armv7h) - -pkgdesc="Iceweasel, the libre web browser based on Mozilla Firefox." -url="https://wiki.parabola.nu/$pkgname" +_bver=58.0 +_brel=1 +pkgdesc="Libre standalon web browser based on Mozilla Firefox" +arch=(x86_64 i686 armv7h) license=(MPL GPL LGPL) - -depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell libvpx libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) +url="https://wiki.parabola.nu/$pkgname" +depends=(gtk3 gtk2 mozilla-common libxt startup-notification mime-types dbus-glib ffmpeg + nss hunspell sqlite ttf-font libpulse libvpx icu) depends_x86_64=("icu>=60" "icu<61") depends_i686=("icu>=60" "icu<61") depends_armv7h=("icu>=60" "icu<61") -makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip) -makedepends_i686=(rust clang llvm) -makedepends_x86_64=("${makedepends_i686[@]}") +makedepends=(unzip zip diffutils python2 yasm mesa imake gconf inetutils xorg-server-xvfb + autoconf2.13 rust clang llvm jack mozilla-searchplugins quilt libxslt imagemagick) optdepends=('networkmanager: Location detection via available WiFi networks' 'libnotify: Notification integration' + 'pulseaudio: Audio support' 'speech-dispatcher: Text-to-Speech') - -replaces=("$_oldname-libre" "$pkgname-libre" "$_oldname") -conflicts=("$_oldname-libre" "$pkgname-libre" "$_oldname") - -options=(!emptydirs !makeflags !strip debug) - -source=("https://ftp.mozilla.org/pub/$_oldname/releases/$pkgver/source/$_oldname-$pkgver.source.tar.xz" - "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz" - "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz.sig" - mozconfig - libre.patch - remove-default-and-shell-icons-in-packaging-manifest.patch - drm-free.png - gnu_headshadow.png - parabola-banner.png - watermark.svg +options=(!emptydirs !makeflags !strip) +replaces=("$_pkgname") +conflicts=("$_pkgname") +_parabolarepo=https://repo.parabola.nu/other/iceweasel +source=(https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz $pkgname.desktop - $pkgname-install-dir.patch - vendor.js - distribution.ini - enable-object-directory-paths.patch - mozilla-1253216.patch - no-crmf.patch - mozilla-build-arm.patch - wifi-disentangle.patch - wifi-fix-interface.patch) -sha256sums=('97cced69abfd5c57d968f0095631f86beff4f7b61883edd5a4f207e7f9c43b33' - 'e93f2363d7b414d207250eb1c63d955681f158c8d5678ef3d2e9232cdb0382c7' - 'SKIP' - '71e20557568330c29553201a6009060feb65921b021fff8053ad9f7cb67670fa' - '7b7d608f738d0f48be923b6b61281918cfb35f372d7b9fc7b1b7133efa2dd17f' - '6e23fe534394bbab0041f5935cd23c2590285f7541b0a10f3042905676b1561e' - '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' - '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' - '3ba321484226e4cbd9b139d584339a51613b1d27c5c290f07a97e2a54facf16f' - '642b214b219e3c7668abed7119c3fadaeee9da80e98aba93a42ea8128eccd73c' - '250f7aaa3c1362f9d2bb2211cd605eab93a5e806e8540f184979d41acf46142a' + $pkgname-install-dir.patch no-crmf.diff + https://repo.parabola.nu/other/iceweasel/${pkgname}_$_bver-$_brel.branding.tar.xz{,.sig} + libre.patch) +sha256sums=('0e0a39caabf94d7467d8bb4008fa9e7340a7be57b8c78ccf0cf98791a3bfaaff' + 'ed350ef2f528b999a621f7080fa80948be6b351e67ce32529fb32bcf47bb21fa' '46e588300797bda599c8f5157437fd79f88b6e1179f2fde49e0405e435e03efa' - 'e2a344b7296d3cd7d30cef083d5a6f1a26bd93711e770671b21ff8d343b83901' - 'd28b14a870aa100273243039d08ab9e64d325c28b6291413441146ebdf5d38ee' - 'ce1765c7812da53dc555103d54998d57890def127aa034b37f21dbfab65dde65' - 'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65' - 'c0ceaaa83a0c79035cdb39b6c130064409dffa546ae2d576fa061b52e4a0392f' - '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a' - 'f068b84ad31556095145d8fefc012dd3d1458948533ed3fff6cbc7250b6e73ed' - 'e98a3453d803cc7ddcb81a7dc83f883230dd8591bdf936fc5a868428979ed1f1') -validpgpkeys=( - 'BFA8008A8265677063B11BF47171986E4B745536' # Andreas Grapentin -) + 'fb85a538044c15471c12cf561d6aa74570f8de7b054a7063ef88ee1bdfc1ccbb' + '482cfe2d92f0b9638061eaf1b457abe0a8c8a0521bd67767e5c5010868612d25' + 'SKIP' + '12170e0539997396f83c511317377cf4cc5af74177c6c1db14275ebf0b932bb9') +validpgpkeys=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin prepare() { - cd "$srcdir/$_oldname-$pkgver" + mkdir path + ln -s /usr/bin/python2 path/python - local brandingdir="$srcdir/$pkgname-$_brandingver" + cd "$srcdir/$_pkgname-$pkgver" + patch -Np1 -i ../$pkgname-install-dir.patch - # Prepare branding for the Iceweasel packages + # https://bugzilla.mozilla.org/show_bug.cgi?id=1371991 + patch -Np1 -i ../no-crmf.diff + + cat >.mozconfig <<END +ac_add_options --enable-application=browser + +ac_add_options --prefix=/usr +ac_add_options --enable-release +ac_add_options --enable-gold +ac_add_options --enable-pie +ac_add_options --enable-optimize="-O2" +ac_add_options --enable-rust-simd + +# Branding +ac_add_options --disable-official-branding +ac_add_options --with-branding=browser/branding/iceweasel +ac_add_options --with-distribution-id=nu.parabola + +# System libraries +ac_add_options --with-system-zlib +ac_add_options --with-system-bz2 +ac_add_options --with-system-icu +ac_add_options --with-system-jpeg +ac_add_options --with-system-libvpx +ac_add_options --with-system-nspr +ac_add_options --with-system-nss +ac_add_options --enable-system-hunspell +ac_add_options --enable-system-sqlite +ac_add_options --enable-system-ffi + +# Features +ac_add_options --enable-alsa +ac_add_options --enable-jack +ac_add_options --enable-startup-notification +ac_add_options --disable-crashreporter +ac_add_options --disable-updater +ac_add_options --disable-stylo +ac_add_options --disable-eme +END + + # perform rebranding + local brandingdir="$srcdir/$pkgname-$_bver" mkdir -v browser/branding/$pkgname - - # copy the branding files cp -va $brandingdir/branding/* browser/branding/$pkgname - # patch export QUILT_PATCHES=$brandingdir/patches export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index' export QUILT_DIFF_ARGS='--no-timestamps' - quilt push -av # Put "Start Page" branding images in the source code - install -m644 "$srcdir/"{drm-free,gnu_headshadow,parabola-banner}.png \ + install -m644 "$brandingdir/branding/"{drm-free,gnu_headshadow,parabola-banner}.png \ browser/base/content/abouthome - install -m644 "$srcdir/watermark.svg" \ + install -m644 "$brandingdir/branding/watermark.svg" \ browser/extensions/onboarding/content/img - # Useless since we are doing it ourselves - patch -Np1 -i "$srcdir/remove-default-and-shell-icons-in-packaging-manifest.patch" - - # Enable object directory paths for Iceweasel rebranding - patch -Np1 -i "$srcdir/enable-object-directory-paths.patch" - - # Install to /usr/lib/iceweasel - patch -Np1 -i "$srcdir/$pkgname-install-dir.patch" - # Patch and remove anything that's left patch -Np1 -i "$srcdir/libre.patch" sed -i 's|Adobe Flash|SWF Player|g; @@ -135,22 +140,9 @@ prepare() { \|installLinux| s|true|false| ' browser/base/content/browser-plugins.js - # Load our build config, disable SafeSearch - cp "$srcdir/mozconfig" .mozconfig - - # override the new newtab obscenity with the abouthome stuff + # replace newtab page with abouthome cat browser/base/content/abouthome/aboutHome.xhtml > browser/base/content/newtab/newTab.xhtml - # https://bugzilla.mozilla.org/show_bug.cgi?id=1314968 - patch -Np1 -i ../wifi-disentangle.patch - patch -Np1 -i ../wifi-fix-interface.patch - - # https://bugzilla.mozilla.org/show_bug.cgi?id=1371991 - patch -Np1 -i "$srcdir/no-crmf.patch" - - mkdir "$srcdir/path" - ln -s /usr/bin/python2 "$srcdir/path/python" - # Load our searchplugins rm -rv browser/locales/searchplugins cp -av /usr/lib/mozilla/searchplugins browser/locales @@ -160,82 +152,367 @@ prepare() { sed -i 's|[;]1|;0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService" sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket" sed -i '/activity-stream/d' browser/extensions/moz.build || die "failed to wipe activity-stream" - - # ARM-specific changes: - if [[ "$CARCH" == arm* ]]; then - sed -i '/ac_add_options --enable-rust/d' .mozconfig - echo "ac_add_options --disable-ion" >> .mozconfig - echo "ac_add_options --disable-elf-hack" >> .mozconfig - echo "ac_add_options --disable-webrtc" >> .mozconfig - - # Disable gold linker, reduce memory consumption at link time - sed -i '/ac_add_options --enable-gold/d' .mozconfig - LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" - echo "ac_add_options --disable-tests" >> .mozconfig - echo "ac_add_options --disable-debug" >> .mozconfig - - patch -p1 -i ../mozilla-1253216.patch - patch -p1 -i ../mozilla-build-arm.patch - fi } build() { - cd "$srcdir/$_oldname-$pkgver" + cd "$srcdir/$_pkgname-$pkgver" # _FORTIFY_SOURCE causes configure failures CPPFLAGS+=" -O2" - # Hardening - LDFLAGS+=" -Wl,-z,now" - - # GCC 6 - CFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2" - CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2" - export PATH="$srcdir/path:$PATH" - export PYTHON="/usr/bin/python2" - make -f client.mk build + # Do PGO + #xvfb-run -a -n 95 -s "-extension GLX -screen 0 1280x1024x24" \ + # MOZ_PGO=1 ./mach build + ./mach build + ./mach buildsymbols } package() { - cd "$srcdir/$_oldname-$pkgver" - - make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install + cd "$srcdir/$_pkgname-$pkgver" + DESTDIR="$pkgdir" ./mach install + find . -name '*crashreporter-symbols-full.zip' -exec cp -fvt "$startdir" {} + + + local _shortver=$(echo $pkgver | cut -d'.' -f1,2) + _vendorjs="$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js" + install -Dm644 /dev/stdin "$_vendorjs" <<END +// Use LANG environment variable to choose locale +pref("intl.locale.matchOS", true); + +// Disable default browser checking. +pref("browser.shell.checkDefaultBrowser", false); + +// Don't disable our bundled extensions in the application directory +pref("extensions.autoDisableScopes", 11); +pref("extensions.shownSelectionUI", true); + +// Opt all of us into e10s, instead of just 50% +pref("browser.tabs.remote.autostart", true); + +// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier +pref("ui.key.menuAccessKeyFocuses", false); + +// Disable the GeoLocation API for content +pref("geo.enabled", false); + +// Make sure that the request URL of the GeoLocation backend is empty +pref("geo.wifi.uri", ""); + +// Disable Freedom Violating DRM Feature +pref("browser.eme.ui.enabled", false); +// EME +pref("media.eme.enabled", false); +pref("media.eme.apiVisible", false); + +// Google Widevine DRM +// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/ +// https://wiki.mozilla.org/QA/Widevine_CDM +// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580 +pref("media.gmp-widevinecdm.visible", false); +pref("media.gmp-widevinecdm.enabled", false); +pref("media.gmp-widevinecdm.autoupdate", false); + +// Default to classic view for about:newtab +pref("browser.newtabpage.enhanced", false); +pref("browser.newtabpage.activity-stream.enabled", false); + +// Poodle attack +pref("security.tls.version.min", 1); + +// Don't call home for blacklisting +pref("extensions.blocklist.enabled", false); + +// Disable plugin installer +pref("plugins.hide_infobar_for_missing_plugin", true); +pref("plugins.hide_infobar_for_outdated_plugin", true); +pref("plugins.notifyMissingFlash", false); + +//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource +//pref("media.mediasource.enabled",true); + +// Speeding it up +pref("network.http.pipelining", true); +pref("network.http.proxy.pipelining", true); +pref("network.http.pipelining.maxrequests", 10); +pref("nglayout.initialpaint.delay", 0); + +// Disable third party cookies +pref("network.cookie.cookieBehavior", 1); + +// Prevent EULA dialog to popup on first run +pref("browser.EULA.override", true); + +// Set useragent to Firefox compatible +//pref("general.useragent.compatMode.firefox", true); +// Spoof the useragent to a generic one +pref("general.useragent.compatMode.firefox", true); +// Spoof the useragent to a generic one +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:$_shortver) Gecko/20100101 Firefox/$_shortver"); +pref("general.appname.override", "Netscape"); +pref("general.appversion.override", "$_shortver"); +pref("general.buildID.override", "Gecko/20100101"); +pref("general.oscpu.override", "Windows NT 6.1"); +pref("general.platform.override", "Win32"); + +// Privacy & Freedom Issues +// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/ +// https://panopticlick.eff.org +// http://ip-check.info +// http://browserspy.dk +// https://wiki.mozilla.org/Fingerprinting +// http://www.browserleaks.com +// http://fingerprint.pet-portal.eu +pref("privacy.donottrackheader.enabled", true); +pref("privacy.donottrackheader.value", 1); +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + +// CIS 2.1.1 Disable Auto Update / Balrog +pref("app.update.auto", false); +pref("app.update.checkInstallTime", false); +pref("app.update.enabled", false); +pref("app.update.staging.enabled", false); +pref("app.update.url", "about:blank"); +pref("media.gmp-manager.certs.1.commonName", ""); +pref("media.gmp-manager.certs.2.commonName", ""); +// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins +pref("media.gmp-manager.url", "http://127.0.0.1/"); +pref("media.gmp-manager.url.override", "data:text/plain,"); +pref("media.gmp-provider.enabled", false); +// Don't install openh264 codec +pref("media.gmp-gmpopenh264.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); +pref("media.peerconnection.video.h264_enabled", false); + +// CIS 2.3.4 Block Reported Web Forgeries +// http://kb.mozillazine.org/Browser.safebrowsing.enabled +// http://kb.mozillazine.org/Safe_browsing +// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work +// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 +pref("browser.safebrowsing.enabled", false); + +// CIS 2.3.5 Block Reported Attack Sites +// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled +pref("browser.safebrowsing.malware.enabled", false); + +// Disable safe browsing remote lookups for downloaded files. +// This leaks information to google. +// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ +// https://wiki.mozilla.org/Security/Application_Reputation +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.appRepURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); +pref("browser.safebrowsing.downloads.remote.block_dangerous", false); +pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.downloads.remote.url", "about:blank"); +pref("browser.safebrowsing.provider.google.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.google.updateURL", "about:blank"); +pref("browser.safebrowsing.provider.google.lists", "about:blank"); + +// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 +pref("browser.safebrowsing.phishing.enabled", false); +pref("browser.safebrowsing.provider.google4.lists", "about:blank"); +pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); + +// Disable Microsoft Family Safety MiTM support +// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 +// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode +// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 +pref("security.family_safety.mode", 0); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 +// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 +pref("security.enterprise_roots.enabled", false); + +//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/"); +pref("social.enabled", false); +pref("social.remote-install.enabled", false); +pref("datareporting.healthreport.uploadEnabled", false); +pref("datareporting.healthreport.about.reportUrl", "127.0.0.1"); +pref("datareporting.healthreport.documentServerURI", "127.0.0.1"); +pref("healthreport.uploadEnabled", false); +pref("social.toast-notifications.enabled", false); +pref("datareporting.policy.dataSubmissionEnabled", false); +pref("datareporting.healthreport.service.enabled", false); +pref("browser.slowStartup.notificationDisabled", true); +pref("network.http.sendRefererHeader", 2); +//pref("network.http.referer.spoofSource", true); +//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/ +//pref("dom.storage.enabled", false); +pref("dom.event.clipboardevents.enabled",false); +pref("network.prefetch-next", false); +pref("network.dns.disablePrefetch", true); +pref("network.http.sendSecureXSiteReferrer", false); +pref("toolkit.telemetry.enabled", false); +pref("toolkit.telemetry.unified", false); +// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html +pref("plugins.enumerable_names", ""); +pref("plugin.state.flash", 0); +// Do not autoupdate search engines +pref("browser.search.update", false); +// Warn when the page tries to redirect or refresh +//pref("accessibility.blockautorefresh", true); +pref("dom.battery.enabled", false); +pref("device.sensors.enabled", false); +pref("camera.control.face_detection.enabled", false); +pref("camera.control.autofocus_moving_callback.enabled", false); +pref("network.http.speculative-parallel-limit", 0); +// No search suggestions +pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); +pref("browser.search.suggest.enabled", false); + +// Crypto hardening +// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 +// General settings +//pref("security.tls.unrestricted_rc4_fallback", false); +//pref("security.tls.insecure_fallback_hosts.use_static_list", false); +//pref("security.tls.version.min", 1); +//pref("security.ssl.require_safe_negotiation", true); +//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +//pref("security.ssl3.rsa_seed_sha", true); +//pref("security.OCSP.enabled", 1); +//pref("security.OCSP.require", true); + + +// WebRTC +pref("media.peerconnection.enabled", false); +pref("media.peerconnection.ice.default_address_only", true); + +pref("font.default.x-western", "sans-serif"); + +// Preferences for the Get Add-ons panel and search engines +pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("browser.search.searchEnginesURL", "https://directory.fsf.org/wiki/GNU_IceCat"); + +// Mobile +pref("privacy.announcements.enabled", false); +pref("browser.snippets.enabled", false); +pref("browser.snippets.syncPromo.enabled", false); +pref("identity.mobilepromo.android", "https://f-droid.org/repository/browse/?fdid=org.gnu.icecat&"); +pref("browser.snippets.geoUrl", "http://127.0.0.1/"); +pref("browser.snippets.updateUrl", "http://127.0.0.1/"); +pref("browser.snippets.statsUrl", "http://127.0.0.1/"); +pref("datareporting.policy.firstRunTime", 0); +pref("datareporting.policy.dataSubmissionPolicyVersion", 2); +pref("browser.webapps.checkForUpdates", 0); +pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/"); +pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ"); + +// PFS url +pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); +pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); + +// Geolocation depends on third party services +pref("geo.enabled", false); +pref("geo.wifi.uri", ""); + +// Disable heartbeat +pref("browser.selfsupport.url", ""); + +// Disable Link to FireFox Marketplace, currently loaded with non-free "apps" +pref("browser.apps.URL", ""); + +// Use old style preferences, that allow javascript to be disabled +pref("browser.preferences.inContent",false); + +// Don't download ads for the newtab page +pref("browser.newtabpage.directory.source", ""); +pref("browser.newtabpage.directory.ping", ""); +pref("browser.newtabpage.introShown", true); + +// Disable home snippets +pref("browser.aboutHomeSnippets.updateUrl", "data:text/html"); + +// Disable hardware acceleration and WebGL +//pref("layers.acceleration.disabled", false); +pref("webgl.disabled", false); + +// Disable SSDP +pref("browser.casting.enabled", false); + +// Disable directory service +pref("social.directories", ""); +pref("social.whitelist", ""); +pref("social.shareDirectory", ""); + +// Disable Pocket integration +pref("browser.pocket.api", "about:blank"); +pref("browser.pocket.enabled", false); +pref("browser.pocket.enabledLocales", "about:blank"); +pref("browser.pocket.oAuthConsumerKey", "about:blank"); +pref("browser.pocket.site", "about:blank"); +pref("browser.pocket.useLocaleList", false); +pref("extensions.pocket.enabled", false); + +// Do not require xpi extensions to be signed by Mozilla +pref("xpinstall.signatures.required", false); + +// Disable File and Directory Entries API (Imported from Edge/Chromium) +// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767 +pref("dom.webkitBlink.filesystem.enabled", false); +// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory +// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489 +// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be +pref("dom.webkitBlink.dirPicker.enabled", false); + +// Directory Upload API, webkitdirectory +// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880 +// https://bugzilla.mozilla.org/show_bug.cgi?id=907707 +// https://wicg.github.io/directory-upload/proposal.html +pref("dom.input.dirpicker", false); +END + + _distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini" + install -Dm644 /dev/stdin "$_distini" <<END +[Global] +id=parabola +version=1.0 +about=Iceweasel for Parabola GNU/Linux-libre + +[Preferences] +app.distributor=parabola +app.distributor.channel=$pkgname +app.partner.parabola=parabola +END - install -Dm644 "$srcdir/vendor.js" "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js" - local shortver=$(echo $pkgver | cut -d'.' -f1,2) - sed -i "s/@PKGVER@/$shortver/g" "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js" - - local brandingdir="$srcdir/$pkgname-$_brandingver" - - # install iceweasel icons - local icondir="$pkgdir/usr/share/icons/hicolor" for i in 16 22 24 32 48 64 128 192 256 384; do - rsvg-convert -w $i -h $i "$brandingdir/branding/${pkgname}_icon.svg" \ - -o "$brandingdir/default$i.png" - install -Dm644 "$brandingdir/default$i.png" \ - "$icondir/${i}x${i}/apps/$pkgname.png" + rsvg-convert -w $i -h $i "$srcdir/$pkgname-$_bver/branding/${pkgname}_icon.svg" \ + -o "$srcdir/$pkgname-$_bver/default$i.png" + install -Dm644 "$srcdir/$pkgname-$_bver/default$i.png" \ + "$pkgdir/usr/share/icons/hicolor/${i}x${i}/apps/$pkgname.png" done - install -Dm644 "$brandingdir/branding/${pkgname}_icon.svg" \ - "$icondir/scalable/apps/$pkgname.svg" + install -Dm644 "$srcdir/$pkgname-$_bver/branding/${pkgname}_icon.svg" \ + "$pkgdir/usr/share/icons/hicolor/scalable/apps/$pkgname.svg" - # Parabola rebranding - install -m644 "$srcdir/distribution.ini" \ - "$pkgdir/usr/lib/$pkgname/distribution" - - # Install Iceweasel desktop - install -d "$pkgdir/usr/share/applications" - install -m644 "$srcdir/$pkgname.desktop" \ - "$pkgdir/usr/share/applications" + install -Dm644 ../$pkgname.desktop \ + "$pkgdir/usr/share/applications/$pkgname.desktop" # Use system-provided dictionaries - rm -rf "$pkgdir/usr/lib/$pkgname/"{dictionaries,hyphenation} - ln -s /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries" - ln -s /usr/share/hyphen "$pkgdir/usr/lib/$pkgname/hyphenation" + rm -r "$pkgdir"/usr/lib/$pkgname/dictionaries + ln -Ts /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries" + ln -Ts /usr/share/hyphen "$pkgdir/usr/lib/$pkgname/hyphenation" + + # Install a wrapper to avoid confusion about binary path + install -Dm755 /dev/stdin "$pkgdir/usr/bin/$pkgname" <<END +#!/bin/sh +exec /usr/lib/$pkgname/$pkgname "\$@" +END - # Replace duplicate binary with symlink + # Replace duplicate binary with wrapper # https://bugzilla.mozilla.org/show_bug.cgi?id=658850 - ln -sf $pkgname "$pkgdir/usr/lib/$pkgname/$pkgname-bin" + ln -srf "$pkgdir/usr/bin/$pkgname" \ + "$pkgdir/usr/lib/$pkgname/$pkgname-bin" } |