diff options
-rw-r--r-- | nonprism/iceweasel-hardened/PKGBUILD | 52 | ||||
-rw-r--r-- | nonprism/iceweasel-hardened/iceweasel.install | 14 | ||||
-rw-r--r-- | nonprism/iceweasel-hardened/rust-i686.patch | 16 | ||||
-rw-r--r-- | nonprism/iceweasel-hardened/vendor.js | 3 |
4 files changed, 54 insertions, 31 deletions
diff --git a/nonprism/iceweasel-hardened/PKGBUILD b/nonprism/iceweasel-hardened/PKGBUILD index 2db2adde3..0b9267da0 100644 --- a/nonprism/iceweasel-hardened/PKGBUILD +++ b/nonprism/iceweasel-hardened/PKGBUILD @@ -18,10 +18,10 @@ _pgo=false # We're getting this from Debian Sid _debname=firefox -_brandingver=49.0 +_brandingver=50.0 _brandingrel=1 -_debver=49.0 -_debrel=deb4 +_debver=50.0 +_debrel=deb2 _debrepo=http://ftp.debian.org/debian/pool/main/ _parabolarepo=https://repo.parabola.nu/other/iceweasel debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; } @@ -36,7 +36,7 @@ arch=(i686 x86_64 armv7h) license=(MPL GPL LGPL) depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell icu=57.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg-stable libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip) -makedepends_i686=(rust) +makedepends_i686=(cargo) makedepends_x86_64=("${makedepends_i686[@]}") options=(!emptydirs !makeflags debug) if $_pgo; then @@ -48,8 +48,8 @@ optdepends=('networkmanager: Location detection via available WiFi networks' 'upower: Battery API') url="https://wiki.parabola.nu/${pkgname%-*}" replaces=("${pkgname%-*}-libre" "${_pkgname}-hardening" "$_pkgname") -conflicts=("${pkgname%-*}-libre" "${pkgname%-*}") -provides=("${pkgname%-*}") +conflicts=("${pkgname%-*}-libre") +provides=("${pkgname%-*}=$pkgver") install=${pkgname%-*}.install source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz" "$_debrepo/`debfile $_debname`_$_debver-${_debrel#deb}.debian.tar.xz" @@ -63,12 +63,14 @@ source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz" ${pkgname%-*}.desktop ${pkgname%-*}-install-dir.patch vendor.js + rust-i686.patch + fix-wifi-scanner.diff enable-object-directory-paths.patch mozilla-1253216.patch mozilla-build-arm.patch) -sha256sums=('2f463afd3c74eb9477f58525214f06498357ff90f01b45fb2675fc77c57bcffe' - '8e4051a587e380849226fa0de89a02468c45133a758665dc2a7064a248f138a8' - 'c0fd88e37187298a7658919cf2e4b6d024425b781d6aff5bdba49dc991f379d3' +sha256sums=('4be6b691ffc1ac91707c2ced606a0c5fe6620272684f92265f35ef42e19151c5' + 'fd3c2b0aaf83404f66cd435463b649c792d6fc65603980148f71cc8a40a4bbc5' + 'c9a9f1b712598990ae60810d9e002d340bf0c016e284b11bc4169424b833b641' 'SKIP' '8212fd5e341a251c97871c0f114f6332c78326f707f9d20eddc8d644e0c5c988' '013af398e97da9e855a143582816bf819e0d9d8d2b0e323d6b832f3df1157fdd' @@ -77,7 +79,9 @@ sha256sums=('2f463afd3c74eb9477f58525214f06498357ff90f01b45fb2675fc77c57bcffe' '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' '87034dbb640f70454b27d1695a6f03b6fd1ab81c82eb4d8c771db925ae03d408' '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' - 'aec1e2c3a1f5626c39d5d71000a45033de5b67b5fb9cb437a45f16ee5c5d2dc3' + '0287e33a31c488823d96c4f1943cc7ce8dbc72ed8f8f977bb441e0799891c41c' + 'f61ea706ce6905f568b9bdafd1b044b58f20737426f0aa5019ddb9b64031a269' + '9765bca5d63fb5525bbd0520b7ab1d27cabaed697e2fc7791400abc3fa4f13b8' 'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484' 'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65' '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a') @@ -109,9 +113,13 @@ prepare() { # Enable object directory paths for Iceweasel rebranding patch -Np1 -i "$srcdir/enable-object-directory-paths.patch" - # Install to /usr/lib/${pkgname%-*} + # Install to /usr/lib/iceweasel-hardened patch -Np1 -i "$srcdir/${pkgname%-*}-install-dir.patch" + # Modify MOZ_APP_NAME for iceweasel-hardened be installed side by side with iceweasel + sed -i '\|MOZ_APP_NAME| s|iceweasel|iceweasel-hardened| + ' debian/branding/configure.sh + # Patch and remove anything that's left patch -Np1 -i "$srcdir/libre.patch" sed -i 's|Adobe Flash|SWF Player|g; @@ -126,6 +134,12 @@ prepare() { # Load our build config, disable SafeSearch cp "$srcdir/mozconfig" .mozconfig + # https://bugzilla.mozilla.org/show_bug.cgi?id=1314968 + patch -Np1 -i ../fix-wifi-scanner.diff + + # Build with the rust targets we actually ship + patch -Np1 -i ../rust-i686.patch + mkdir "$srcdir/path" ln -s /usr/bin/python2 "$srcdir/path/python" @@ -183,7 +197,7 @@ package() { cd "$srcdir/$_pkgname-$_debver" make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install - install -Dm644 ../vendor.js "$pkgdir/usr/lib/${pkgname%-*}/browser/defaults/preferences/vendor.js" + install -Dm644 ../vendor.js "$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js" _brandingdir=debian/branding brandingdir=moz-objdir/$_brandingdir @@ -192,22 +206,22 @@ package() { rsvg-convert -w $i -h $i "$_brandingdir/${pkgname%-*}_icon.svg" \ -o "$brandingdir/default$i.png" install -Dm644 "$brandingdir/default$i.png" \ - "$icondir/${i}x${i}/apps/${pkgname%-*}.png" + "$icondir/${i}x${i}/apps/$pkgname.png" done install -Dm644 "$_brandingdir/${pkgname%-*}_icon.svg" \ - "$icondir/scalable/apps/${pkgname%-*}.svg" + "$icondir/scalable/apps/$pkgname.svg" install -d "$pkgdir/usr/share/applications" install -m644 "$srcdir/${pkgname%-*}.desktop" \ - "$pkgdir/usr/share/applications" + "$pkgdir/usr/share/applications/$pkgname.desktop" # Use system-provided dictionaries - rm -rf "$pkgdir/usr/lib/${pkgname%-*}/"{dictionaries,hyphenation} - ln -s /usr/share/hunspell "$pkgdir/usr/lib/${pkgname%-*}/dictionaries" - ln -s /usr/share/hyphen "$pkgdir/usr/lib/${pkgname%-*}/hyphenation" + rm -rf "$pkgdir/usr/lib/$pkgname/"{dictionaries,hyphenation} + ln -s /usr/share/hunspell "$pkgdir/usr/lib/$pkgname/dictionaries" + ln -s /usr/share/hyphen "$pkgdir/usr/lib/$pkgname/hyphenation" # Replace duplicate binary with symlink # https://bugzilla.mozilla.org/show_bug.cgi?id=658850 - ln -sf ${pkgname%-*} "$pkgdir/usr/lib/${pkgname%-*}/${pkgname%-*}-bin" + ln -sf $pkgname "$pkgdir/usr/lib/$pkgname/$pkgname-bin" } diff --git a/nonprism/iceweasel-hardened/iceweasel.install b/nonprism/iceweasel-hardened/iceweasel.install index 574e0d3db..f82e60bef 100644 --- a/nonprism/iceweasel-hardened/iceweasel.install +++ b/nonprism/iceweasel-hardened/iceweasel.install @@ -5,17 +5,9 @@ notice() { This package contains several patches that were introduced to strengthen and protect the end user from security threats. - For users who wish to opt-out of security, you may override options in - about:config using a user.js file in your ~/.mozilla's profile folder. - - Some user.js examples: - user_pref("dom.storage.enabled", true); # Enables DOM tracking - user_pref("network.websocket.max-connections", "5"); # Enables WebSocket IP Leak - - Further reading: - * https://lists.parabola.nu/pipermail/dev/2016-October/004522.html - * http://kb.mozillazine.org/About:config - * http://kb.mozillazine.org/User.js_file + In addition, it was adapted to be installed side by side with + iceweasel. This way you could running 'iceweasel-hardened' + and use just 'iceweasel' where needed. EOM } diff --git a/nonprism/iceweasel-hardened/rust-i686.patch b/nonprism/iceweasel-hardened/rust-i686.patch new file mode 100644 index 000000000..85512e143 --- /dev/null +++ b/nonprism/iceweasel-hardened/rust-i686.patch @@ -0,0 +1,16 @@ + build/moz.configure/rust.configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git c/build/moz.configure/rust.configure i/build/moz.configure/rust.configure +index cd86b24153debb1b..44911715e25d95e3 100644 +--- c/build/moz.configure/rust.configure ++++ i/build/moz.configure/rust.configure +@@ -81,7 +81,7 @@ def rust_target(rust_compiler, rustc, target, cross_compiling): + # OpenBSD + ('x86_64', 'OpenBSD'): 'x86_64-unknown-openbsd', + # Linux +- ('x86', 'Linux'): 'i586-unknown-linux-gnu', ++ ('x86', 'Linux'): 'i686-unknown-linux-gnu', + # Linux + ('x86_64', 'Linux'): 'x86_64-unknown-linux-gnu', + # OS X and iOS diff --git a/nonprism/iceweasel-hardened/vendor.js b/nonprism/iceweasel-hardened/vendor.js index 84489482b..fa254ce58 100644 --- a/nonprism/iceweasel-hardened/vendor.js +++ b/nonprism/iceweasel-hardened/vendor.js @@ -179,7 +179,7 @@ pref("general.oscpu.override", "Windows NT 6.1"); pref("general.platform.override", "Win32"); pref("general.productSub.override", "20100101"); pref("general.useragent.compatMode.firefox", true); -pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:49.0) Gecko/20100101 Firefox/49.0"); +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:50.0) Gecko/20100101 Firefox/50.0"); pref("general.useragent.vendor", ""); pref("general.useragent.vendorSub", ""); pref("general.warnOnAboutConfig", false); @@ -349,3 +349,4 @@ pref("webgl.disabled", true); pref("webgl.min_capability_mode", true); pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons pref("xpinstall.whitelist.add", ""); +pref("browser.tabs.remote.autostart", true); // Opt all of us into e10s, instead of just 50% |