summaryrefslogtreecommitdiff
path: root/libre/iceweasel/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'libre/iceweasel/PKGBUILD')
-rw-r--r--libre/iceweasel/PKGBUILD333
1 files changed, 11 insertions, 322 deletions
diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD
index c3ff85b28..61c4fd39a 100644
--- a/libre/iceweasel/PKGBUILD
+++ b/libre/iceweasel/PKGBUILD
@@ -69,18 +69,18 @@ source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-
0001-Use-remoting-name-for-GDK-application-names.patch
$pkgname.desktop)
source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}-${_brandingrel}.branding.tar.xz{,.sig}
- firefox-70.0-add-distro.patch
libre.patch
- libre-searchengines.patch)
+ libre-searchengines.patch
+ vendor.js.in)
sha256sums=('1fa59aedc8469c3e6ffb12449ab7de2f93776f7679eedebfb74aa309b694956f'
'SKIP'
'5f7ac724a5c5afd9322b1e59006f4170ea5354ca1e0e60dab08b7784c2d8463c'
'f573d00835afe066ef1887bfea35099933ee07aeadc4c0d603972127e600cfc4'
'e90956067d8549f02864d612369ed8714d7173f0ee07bbfb4374a7323b4a733e'
'SKIP'
- '41ab298519dfdf86e1599990cd2a2e4d939a2a1d77de829caa0593d0d2e8f0e8'
- '497b0b7d15364acec4b8706ab41ce4aefd4fd1d7f1baa7980a46d14cca8aedd8'
- 'dfed11d97f1d4198a3dc608be159b6b53a11054f376cdb73bb0fe9a487ae9418')
+ '1169ccda88642881e0ba024f0c82fce9ac3064d3587517f9960e88cae479ce3e'
+ 'dfed11d97f1d4198a3dc608be159b6b53a11054f376cdb73bb0fe9a487ae9418'
+ '4979e733215492372c196cdb93ec61eac1fbbd44f44e637dbd420040c8d9affe')
validpgpkeys=('14F26682D0916CDD81E37B6D61B7B526D98F0353') # Mozilla Software Releases <release@mozilla.com>
validpgpkeys+=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin
@@ -92,10 +92,6 @@ prepare() {
msg "applying 0001-Use-remoting-name-for-GDK-application-names.patch"
patch -Np1 -i ../0001-Use-remoting-name-for-GDK-application-names.patch
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1212502
- msg "applying firefox-70.0-add-distro.patch"
- patch -Np1 -i ../firefox-70.0-add-distro.patch
-
cat >../mozconfig <<END
ac_add_options --enable-application=browser
@@ -239,6 +235,10 @@ build() {
CFLAGS="${CFLAGS/-fno-plt/}"
CXXFLAGS="${CXXFLAGS/-fno-plt/}"
+ # DEBUG: clang-9: error: unknown argument: '-fvar-tracking-assignments'
+ CFLAGS="${CFLAGS/-fvar-tracking-assignments/}"
+ CXXFLAGS="${CXXFLAGS/-fvar-tracking-assignments/}"
+
# Do 3-tier PGO
msg2 "Building instrumented browser..."
cat >.mozconfig ../mozconfig - <<END
@@ -304,320 +304,9 @@ pref("extensions.shownSelectionUI", true);
END
# Parabola additions to vendor.js
- #
- # TODO: Go through this and figure out what's nescessary, remove
- # most of it. This is mostly cargo-cult BS. For example, disabling
- # all the EME stuff... that's already off because of `--disable-eme`
- # in `.mozconfig`. Some of these settings no longer exist. Some of
- # these settings don't do anything on GNU/Linux.
- #
- # However, they don't seem to be causing any of the critical issues.
local _shortver=$(cut -d. -f1,2 <<<"$pkgver")
- cat >> "$vendorjs" <<END
-// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
-pref("ui.key.menuAccessKeyFocuses", false);
-
-// Disable the GeoLocation API for content
-pref("geo.enabled", false);
-
-// Make sure that the request URL of the GeoLocation backend is empty
-pref("geo.wifi.uri", "");
-
-// Google Widevine DRM
-// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/
-// https://wiki.mozilla.org/QA/Widevine_CDM
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580
-pref("media.gmp-widevinecdm.visible", false);
-pref("media.gmp-widevinecdm.enabled", false);
-pref("media.gmp-widevinecdm.autoupdate", false);
-
-// Default sites for about:newtab
-pref("browser.newtabpage.activity-stream.default.sites", "https://wiki.parabola.nu/,https://labs.parabola.nu/,https://www.gnu.org/,https://libreplanet.org/,https://www.wikipedia.org/");
-
-// Poodle attack
-pref("security.tls.version.min", 1);
-
-// Don't call home for blacklisting
-pref("extensions.blocklist.enabled", false);
-
-// Disable plugin installer
-pref("plugins.hide_infobar_for_missing_plugin", true);
-pref("plugins.hide_infobar_for_outdated_plugin", true);
-pref("plugins.notifyMissingFlash", false);
-
-//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource
-//pref("media.mediasource.enabled",true);
-
-// Speeding it up
-pref("network.http.pipelining", true);
-pref("network.http.proxy.pipelining", true);
-pref("network.http.pipelining.maxrequests", 10);
-pref("nglayout.initialpaint.delay", 0);
-
-// Disable third party cookies
-pref("network.cookie.cookieBehavior", 1);
-
-// Prevent EULA dialog to popup on first run
-pref("browser.EULA.override", true);
-
-// Set useragent to Firefox compatible
-//pref("general.useragent.compatMode.firefox", true);
-// Spoof the useragent to a generic one
-pref("general.useragent.compatMode.firefox", true);
-// Spoof the useragent to a generic one
-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:$_shortver) Gecko/20100101 Firefox/$_shortver");
-pref("general.appname.override", "Netscape");
-pref("general.appversion.override", "$_shortver");
-pref("general.buildID.override", "Gecko/20100101");
-pref("general.oscpu.override", "Windows NT 6.1");
-pref("general.platform.override", "Win32");
-
-// Privacy & Freedom Issues
-// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/
-// https://panopticlick.eff.org
-// http://ip-check.info
-// http://browserspy.dk
-// https://wiki.mozilla.org/Fingerprinting
-// http://www.browserleaks.com
-// http://fingerprint.pet-portal.eu
-pref("privacy.donottrackheader.enabled", true);
-pref("privacy.donottrackheader.value", 1);
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-
-// CIS 2.1.1 Disable Auto Update / Balrog
-pref("app.update.auto", false);
-pref("app.update.checkInstallTime", false);
-pref("app.update.enabled", false);
-pref("app.update.staging.enabled", false);
-pref("app.update.url", "about:blank");
-pref("media.gmp-manager.certs.1.commonName", "");
-pref("media.gmp-manager.certs.2.commonName", "");
-// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url", "http://127.0.0.1/");
-pref("media.gmp-manager.url.override", "data:text/plain,");
-pref("media.gmp-provider.enabled", false);
-// Don't install openh264 codec
-pref("media.gmp-gmpopenh264.enabled", false);
-pref("media.gmp-eme-adobe.enabled", false);
-pref("media.peerconnection.video.h264_enabled", false);
-
-// CIS 2.3.4 Block Reported Web Forgeries
-// http://kb.mozillazine.org/Browser.safebrowsing.enabled
-// http://kb.mozillazine.org/Safe_browsing
-// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
-// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
-pref("browser.safebrowsing.enabled", false);
-
-// CIS 2.3.5 Block Reported Attack Sites
-// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
-pref("browser.safebrowsing.malware.enabled", false);
-
-// Disable safe browsing remote lookups for downloaded files.
-// This leaks information to google.
-// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
-// https://wiki.mozilla.org/Security/Application_Reputation
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.appRepURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
-pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
-pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
-pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.downloads.remote.url", "about:blank");
-pref("browser.safebrowsing.provider.google.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.google.updateURL", "about:blank");
-pref("browser.safebrowsing.provider.google.lists", "about:blank");
-
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
-pref("browser.safebrowsing.phishing.enabled", false);
-pref("browser.safebrowsing.provider.google4.lists", "about:blank");
-pref("browser.safebrowsing.provider.google4.updateURL", "about:blank");
-pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.google4.reportURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.lists", "about:blank");
-
-// Disable Microsoft Family Safety MiTM support
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
-// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
-// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
-pref("security.family_safety.mode", 0);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113
-// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883
-pref("security.enterprise_roots.enabled", false);
-
-//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
-pref("social.enabled", false);
-pref("social.remote-install.enabled", false);
-pref("datareporting.healthreport.uploadEnabled", false);
-pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
-pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
-pref("healthreport.uploadEnabled", false);
-pref("social.toast-notifications.enabled", false);
-pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.healthreport.service.enabled", false);
-pref("browser.slowStartup.notificationDisabled", true);
-pref("network.http.sendRefererHeader", 2);
-//pref("network.http.referer.spoofSource", true);
-//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
-//pref("dom.storage.enabled", false);
-pref("dom.event.clipboardevents.enabled",false);
-pref("network.prefetch-next", false);
-pref("network.dns.disablePrefetch", true);
-pref("network.http.sendSecureXSiteReferrer", false);
-pref("toolkit.telemetry.archive.enabled", false);
-pref("toolkit.telemetry.bhrPing.enabled", false);
-pref("toolkit.telemetry.enabled", false);
-pref("toolkit.telemetry.unified", false);
-pref("toolkit.telemetry.newProfilePing.enabled", false);
-pref("toolkit.telemetry.firstShutdownPing.enabled", false);
-pref("toolkit.telemetry.server", "127.0.0.1");
-pref("app.shield.optoutstudies.enabled", false);
-pref("experiments.enabled", false);
-pref("experiments.manifest.uri", "127.0.0.1");
-pref("extensions.pocket.enabled", false);
-pref("extensions.pocket.api", "127.0.0.1");
-// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
-pref("plugins.enumerable_names", "");
-pref("plugin.state.flash", 0);
-// Do not autoupdate search engines
-pref("browser.search.update", false);
-// Warn when the page tries to redirect or refresh
-//pref("accessibility.blockautorefresh", true);
-pref("dom.battery.enabled", false);
-pref("device.sensors.enabled", false);
-pref("camera.control.face_detection.enabled", false);
-pref("camera.control.autofocus_moving_callback.enabled", false);
-pref("network.http.speculative-parallel-limit", 0);
-// No search suggestions
-pref("browser.urlbar.userMadeSearchSuggestionsChoice", true);
-pref("browser.search.suggest.enabled", false);
-
-// Crypto hardening
-// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
-// General settings
-//pref("security.tls.unrestricted_rc4_fallback", false);
-//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-//pref("security.tls.version.min", 1);
-//pref("security.ssl.require_safe_negotiation", true);
-//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-//pref("security.ssl3.rsa_seed_sha", true);
-//pref("security.OCSP.enabled", 1);
-//pref("security.OCSP.require", true);
-
-
-// WebRTC
-pref("media.peerconnection.enabled", false);
-pref("media.peerconnection.ice.default_address_only", true);
-
-pref("font.default.x-western", "sans-serif");
-
-// Preferences for the Get Add-ons panel and search engines
-pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref("browser.search.searchEnginesURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-
-// Mobile
-pref("privacy.announcements.enabled", false);
-pref("browser.snippets.enabled", false);
-pref("browser.snippets.syncPromo.enabled", false);
-pref("identity.mobilepromo.android", "https://f-droid.org/repository/browse/?fdid=org.gnu.icecat&");
-pref("browser.snippets.geoUrl", "http://127.0.0.1/");
-pref("browser.snippets.updateUrl", "http://127.0.0.1/");
-pref("browser.snippets.statsUrl", "http://127.0.0.1/");
-pref("datareporting.policy.firstRunTime", 0);
-pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
-pref("browser.webapps.checkForUpdates", 0);
-pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/");
-pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
-
-// PFS url
-pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
-pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
-
-// Geolocation depends on third party services
-pref("geo.enabled", false);
-pref("geo.wifi.uri", "");
-
-// Disable heartbeat
-pref("browser.selfsupport.url", "");
-
-// Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
-pref("browser.apps.URL", "");
-
-// Use old style preferences, that allow javascript to be disabled
-pref("browser.preferences.inContent",false);
-
-// Don't download ads for the newtab page
-pref("browser.newtabpage.directory.source", "");
-pref("browser.newtabpage.directory.ping", "");
-pref("browser.newtabpage.introShown", true);
-
-// Disable home snippets
-pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
-
-// Disable hardware acceleration and WebGL
-//pref("layers.acceleration.disabled", false);
-pref("webgl.disabled", false);
-
-// Disable SSDP
-pref("browser.casting.enabled", false);
-
-// Disable directory service
-pref("social.directories", "");
-pref("social.whitelist", "");
-pref("social.shareDirectory", "");
-
-// Disable Pocket integration
-pref("browser.pocket.api", "about:blank");
-pref("browser.pocket.enabled", false);
-pref("browser.pocket.enabledLocales", "about:blank");
-pref("browser.pocket.oAuthConsumerKey", "about:blank");
-pref("browser.pocket.site", "about:blank");
-pref("browser.pocket.useLocaleList", false);
-pref("extensions.pocket.enabled", false);
-
-// Do not require xpi extensions to be signed by Mozilla
-pref("xpinstall.signatures.required", false);
-
-// Disable File and Directory Entries API (Imported from Edge/Chromium)
-// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
-// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
-// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction
-// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767
-pref("dom.webkitBlink.filesystem.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
-// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
-pref("dom.webkitBlink.dirPicker.enabled", false);
-
-// Directory Upload API, webkitdirectory
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
-// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
-// https://wicg.github.io/directory-upload/proposal.html
-pref("dom.input.dirpicker", false);
-
-// fix alsa sound sandbox issue for iceweasel-58
-// https://labs.parabola.nu/issues/1628
-pref("security.sandbox.content.syscall_whitelist", "16");
-
-// Disable recommendations of extensions and themes on about:addons page
-// https://labs.parabola.nu/issues/2409
-pref("extensions.htmlaboutaddons.discover.enabled", false);
-pref("extensions.htmlaboutaddons.recommendations.enabled", false);
-
-// Disable "Recommend extensions as you browse" in about:preferences#general
-pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
-
-// URL for 'Find more extensions / themes' in about:addons page
-pref("extensions.getAddons.search.browseURL", "https://www.parabola.nu/packages/?q=%TERMS%");
-
-// Make extensions work on Mozilla domains
-pref("extensions.webextensions.restrictedDomains", "");
-END
+ cat "${srcdir}"/vendor.js.in >> "$vendorjs"
+ sed -i "s|@_SHORTVER_@|$_shortver|g" "$vendorjs"
local distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini"
install -Dvm644 /dev/stdin "$distini" <<END