path: root/pcr/icedove-hardening/PKGBUILD
diff options
authorAndré Fabian Silva Delgado <>2016-10-25 06:30:50 -0300
committerAndré Fabian Silva Delgado <>2016-10-25 07:28:43 -0300
commitb44ad96bf07b4b849f46a011a85ec6c2a8a245c8 (patch)
treeb0c58940639eee1da9525afa020747c7ad38f051 /pcr/icedove-hardening/PKGBUILD
parent3e3fb2d6801149802cbf2c2a2e6cbdfcc5149add (diff)
ice{dove,weasel}-hardening: add new package to [pcr] ->
Diffstat (limited to 'pcr/icedove-hardening/PKGBUILD')
1 files changed, 206 insertions, 0 deletions
diff --git a/pcr/icedove-hardening/PKGBUILD b/pcr/icedove-hardening/PKGBUILD
new file mode 100644
index 000000000..6ce8d46eb
--- /dev/null
+++ b/pcr/icedove-hardening/PKGBUILD
@@ -0,0 +1,206 @@
+# Maintainer: André Silva <>
+# Contributor: Márcio Silva <>
+# Contributor: Luke R. <>
+# Contributor: Isaac David <>
+# We're getting this from Debian Sid
+debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; }
+pkgdesc="A libre version of Debian Icedove, the standalone mail and news reader based on Mozilla Thunderbird, with several patches that were introduced to strengthen and protect the end user from security threats and without support for unsafe and dangerous for privacy protocols"
+arch=(i686 x86_64 armv7h)
+license=(MPL GPL LGPL)
+depends=(alsa-lib dbus-glib gtk2 hunspell icu=57.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font)
+makedepends=(autoconf2.13 diffutils gconf imake inetutils libpulse mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip)
+options=(!emptydirs !makeflags)
+optdepends=('libcanberra: for sound support')
+replaces=("${pkgname%-*}-libre" "$_pkgname")
+conflicts=("${pkgname%-*}-libre" "$_pkgname" "${pkgname%-*}")
+provides=("$_pkgname" "${pkgname%-*}")
+source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz"
+ "$_debrepo/`debfile $_debname`_$_debver-${_debrel#deb}.debian.tar.xz"
+ mozconfig
+ ${pkgname%-*}.desktop
+ changing-the-default-search-engine.patch
+ firefox-gcc-6.0.patch mozilla-1228540.patch mozilla-1228540-1.patch
+ vendor.js
+ fix-missing-files.patch
+ no-neon.patch
+ mozilla-1253216.patch)
+ 'b4d1b193aee7481249ef5e638bf583b69c1785dd530a9ecd098a84f42dfdf09d'
+ 'aaca37bcca176d1b8ebe7c18d3fb0c61e3d21769fbf8e994a189eb3263257d3d'
+ '0b0d25067c64c6b829c84e5259ffca978e3971f85acc8483f47bdbed5b0b5b6a'
+ 'e1f72c44e31f191271207fc874dcfbf3d504b6b42dc1bb063ba8c7c9ee032130'
+ '4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf'
+ '3a3e84c702ee31450a3e84698441aceb11cf44e64c9fedcaddb8cb50db759417'
+ 'd1ccbaf0973615c57f7893355e5cd3a89efb4e91071d0ec376e429b50cf6ed19'
+ '173c929176262c0ad27984d68d61918d51d27bbc538ccbe9e6d19727d1f9de4d'
+ '294a2cc7b0477ad285af10ac2a04b767cabec07f03b23da23014bda71caea510'
+ '59f40d8b2480aa67bf76f4f119826b6828a6a59cc040caf1ab5a6e19eef44c6e'
+ '1e7ef08acd46aeacc8cd8b2c89012983fb2c8c18648e0f3e9371b0c76caedbde')
+prepare() {
+ cd "$srcdir/$_pkgname-$_debver"
+ mv "$srcdir/debian" .
+ export QUILT_PATCHES=debian/patches
+ export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+ export QUILT_DIFF_ARGS='--no-timestamps'
+ # Prepare branding for the Icedove packages
+ mkdir -v mail/branding/${pkgname%-*}
+ # Copy needed icons
+ cp -va debian/${pkgname%-*}-branding/* mail/branding/${pkgname%-*}
+ for i in 16 22 24 32 48 256; do
+ install -Dm644 debian/app-icons/${pkgname%-*}$i.png \
+ mail/branding/${pkgname%-*}/mailicon$i.png
+ done
+ for i in 48 64; do
+ install -Dm644 debian/app-icons/${pkgname%-*}$i.png \
+ mail/branding/${pkgname%-*}/content/icon$i.png
+ done
+ cp -av debian/preview.png mail/themes/linux/mail/preview.png
+ # Useless since we are doing it ourselves
+ rm -rv debian/patches/icedove-l10n || true
+ rm -rv debian/patches/iceowl-l10n || true
+ rm -v debian/patches/debian-hacks/changing-the-default-search-engine.patch || true
+ quilt push -av
+ # Fix missing files
+ patch -Np1 -i "$srcdir/fix-missing-files.patch"
+ # Remove url-classifier from to build and disable Phishing Protection
+ sed -i '\|Phishing Protection|d
+ \|UrlClassifier|d
+ \|URLClassifier|d
+ \|url-classifier|d
+ ' mail/installer/
+ # Fix branding
+ sed -i 's|Icedove Mail/News|Icedove|
+ ' mail/branding/icedove/locales/en-US/brand.{dtd,properties}
+ # Replace common URLs
+ sed -i '\|extensions[.]getAddons[.]get[.]url| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|");|g;
+ \|extensions[.]getAddons[.]search[.]browseURL| s|https://addons[.]mozilla[.]org.\+["][)][;]|");|g;
+ \|extensions[.]getAddons[.]search[.]url| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|");|g;
+ \|extensions[.]webservice[.]discoverURL| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|");|g;
+ ' mail/app/profile/all-thunderbird.js
+ # Remove support for unsafe and dangerous for privacy protocols
+ sed -i '\|facebook|d
+ \|gtalk|d
+ \|odnoklassniki|d
+ \|twitter|d
+ \|yahoo|d
+ ' chat/
+ sed -i '\|facebook[.]js|d
+ \|facebook[.]manifest|d
+ \|gtalk[.]js|d
+ \|gtalk[.]manifest|d
+ \|twitter[.]js|d
+ \|twitter[.]manifest|d
+ \|yahoo[.]js|d
+ \|yahoo[.]manifest|d
+ ' mail/installer/
+ rm -rv chat/protocols/{facebook,gtalk,twitter,yahoo}
+ # Required for GCC 6
+ patch -d mozilla -Np1 < ../firefox-gcc-6.0.patch
+ patch -d mozilla -Np1 < ../mozilla-1228540.patch
+ patch -d mozilla -Np1 < ../mozilla-1228540-1.patch
+ cp -v "$srcdir/mozconfig" .mozconfig
+ mkdir "$srcdir/path"
+ ln -s /usr/bin/python2 "$srcdir/path/python"
+ # Change the default search engine using our system-provided searchplugins
+ patch -Np1 -i "$srcdir/changing-the-default-search-engine.patch"
+ # Load our searchplugins
+ rm -rv mail/locales/en-US/searchplugins
+ cp -av /usr/lib/mozilla/searchplugins mail/locales/en-US
+ # ARM-specific changes:
+ if [[ "$CARCH" == arm* ]]; then
+ patch -Np0 -i ../no-neon.patch
+ patch -p2 -d mozilla < ../mozilla-1253216.patch
+ sed -i '/ac_add_options --enable-gold/d' .mozconfig
+ cat >> .mozconfig <<- EOF
+ ac_add_options --disable-elf-hack
+ ac_add_options --disable-neon
+ ac_add_options --disable-ion
+ ac_add_options --disable-webrtc
+ ac_add_options --disable-debug
+ ac_add_options --disable-debug-symbols
+ fi
+build() {
+ cd "$srcdir/$_pkgname-$_debver"
+ # _FORTIFY_SOURCE causes configure failures
+ CPPFLAGS+=" -O2"
+ # Hardening
+ LDFLAGS+=" -Wl,-z,now"
+ # GCC 6
+ CFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
+ CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
+ export PATH="$srcdir/path:$PATH"
+ make -f build
+package() {
+ cd "$srcdir/$_pkgname-$_debver"
+ make -f DESTDIR="$pkgdir" INSTALL_SDK= install
+ install -Dm644 ../vendor.js "$pkgdir/usr/lib/${pkgname%-*}/defaults/preferences/vendor.js"
+ # Install Icedove menu icon
+ install -Dm644 debian/${pkgname%-*}.xpm "$pkgdir/usr/share/pixmaps/${pkgname%-*}.xpm"
+ # Install Icedove icons
+ brandingdir=debian/app-icons
+ icondir="$pkgdir/usr/share/icons/hicolor"
+ for i in 16 22 24 32 48 64 128 256; do
+ install -Dm644 "$brandingdir/${pkgname%-*}$i.png" \
+ "$icondir/${i}x${i}/apps/${pkgname%-*}.png"
+ done
+ install -Dm644 "$brandingdir/${pkgname}big.svg" \
+ "$icondir/scalable/apps/${pkgname%-*}.svg"
+ # Install Icedove desktop
+ install -d "$pkgdir/usr/share/applications"
+ install -m644 "$srcdir/${pkgname%-*}.desktop" \
+ "$pkgdir/usr/share/applications"
+ # Use system-provided dictionaries
+ rm -rf "$pkgdir/usr/lib/${pkgname%-*}/"{dictionaries,hyphenation}
+ ln -s /usr/share/hunspell "$pkgdir/usr/lib/${pkgname%-*}/dictionaries"
+ ln -s /usr/share/hyphen "$pkgdir/usr/lib/${pkgname%-*}/hyphenation"
+ # Replace duplicate binary with symlink
+ #
+ ln -sf ${pkgname%-*} "$pkgdir/usr/lib/${pkgname%-*}/${pkgname%-*}-bin"