# Maintainer (arch): Jan Alexander Steffens (heftig) # Contributor: Ionut Biru # Contributor: Jakub Schmidtke # Contributor: Henry Jensen # Maintainer (archarm): Kevin Mihelich # Maintainer (arch32): Andreas Baumann # Contributor: Erich Eckner # Contributor: Andreas Grapentin # Contributor: Luke Shumaker # Contributor: André Silva # Contributor: Márcio Silva # Contributor: fauno # Contributor: vando # Contributor: Figue # Contributor: evr # Contributor: Muhammad 'MJ' Jassim # Contributor: taro-k # Contributor: Michał Masłowski # Contributor: Luke R. # Contributor: Isaac David # Contributor: bill-auger # Contributor: grizzlyuser # parabola changes and rationale # FSDG: # - Modify the addons pages to use GNU IceCat plugins sources, rather # than addons.mozilla.org, which hosts non-free addons # - Disable EME, which is implemented via the non-free libWideVine CDM # - Disable Normandy that let Mozilla push messages with recommendations # of nonfree software # - Make Remote Settings work completely offline using local data # - Rebrand to Iceweasel, per the mozilla trademark policy, # due to these FSDG changes # # technical: # - build i686 with GCC instead of clang # - disable rust-SIMD, LTO, PGO, and skip profiling build for armv7h and i686 # - allow skipping profiling build for x86_64 (_x86_64_skip_pgo) # - prefer as many system libs as possible, over their vendored couterparts # # privacy: # - Remove Google API keys and usage # - Disable Mozilla telemetry and crash reporting (good manners # because of all of the other patching we're doing) pkgname=iceweasel epoch=1 pkgver=97.0 pkgrel=1 pkgrel+=.parabola1 _brandingver=95.0-1 pkgdesc="Standalone web browser derived from Mozilla Firefox" arch=(x86_64) arch+=(armv7h i686) license=(MPL GPL LGPL) url="https://wiki.parabola.nu/Iceweasel" depends=(gtk3 libxt mime-types dbus-glib ffmpeg nss ttf-font libpulse) makedepends=(unzip zip diffutils yasm mesa imake inetutils xorg-server-xvfb autoconf2.13 rust clang llvm jack nodejs cbindgen nasm python-setuptools python-psutil python-zstandard lld dump_syms wasi-compiler-rt wasi-libc wasi-libc++ wasi-libc++abi) makedepends+=(quilt libxslt imagemagick git jq python-jsonschema) makedepends_i686=(gcc10) [[ "${CARCH}" == i686 ]] && makedepends=( ${makedepends[*]/jack/jack2} ) makedepends_i686+=(wasi-compiler-rt=12.0.1 wasi-libc++=12.0.1 wasi-libc++abi=12.0.1) # wasi-libc=???) optdepends=('networkmanager: Location detection via available WiFi networks' 'libnotify: Notification integration' 'pulseaudio: Audio support' 'speech-dispatcher: Text-to-Speech' 'hunspell-en_US: Spell checking, American English' 'xdg-desktop-portal: Screensharing with Wayland') replaces=('firefox') options=(!emptydirs !makeflags !strip !lto !debug) source=(https://archive.mozilla.org/pub/firefox/releases/${pkgver}/source/firefox-${pkgver}.source.tar.xz{,.asc} 0001-Use-remoting-name-for-GDK-application-names.patch $pkgname.desktop) source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}.branding.tar.xz{,.sig} 9001-FSDG-always-sync-remote-settings-with-local-dump.patch 9002-FSDG-preference-defaults.patch 9003-FSDG-misc.patch process-json-files.py vendor.js.in) source_armv7h=(build-arm-libopus.patch) source_i686=('avoid-libxul-OOM-python-check.patch' 'rust-static-disable-network-test-on-static-libraries.patch' 'firefox-93.0_x86_math_private_20211110.patch') sha256sums=('6c8a7dcb47122d033383fd62a1bcaefff0290a6c23d057898e8ff9c72749df28' 'SKIP' '8de6c0ecc70d2763936be6df4b91a3d2e806765bf510f987d6f2ffa2377c3f01' '9cdc2602661717712092d28bb494e5b48e518cb930898aca85eaf21f91f7ef58') sha256sums+=('d1b9d98cea5356df97fc5c221830de1ced8f826cb39fac9427c407e3eae54c02' 'SKIP' 'a4e3c3869085cb282cb5a0fcb64e816c0415f25d4792a62c4f1d599d3111b23c' '7ca04f212120fcf6eab8ebad79e92666eb3ad59790b202232005aaeb48a01ea2' '39e3a5e1ad137e21f842a44d7e3bd24050292d2b41fe59b4e7c7dfed52a195dd' '9386f1c50506cd20ab6d212335d5e4417faeb2aea371dd46f2d107d171e80b83' 'c93ce98e1cb64033079343ff1f3037fab6a3bc6d3eb5bc14c5edb70e2d45965d') sha256sums_armv7h=('2d4d91f7e35d0860225084e37ec320ca6cae669f6c9c8fe7735cdbd542e3a7c9') sha256sums_i686=('2f0c81a38c4578f68f5456b618fe84a78974072821488173eb55e0e72287e353' '10c5276eab2e87f400a6ec15d7ffbef3b0407ee888dea36f1128927ca55b9041' '84836b905d23a6cfdd955b9312bbb794e5329af36963c81572195039c68291fc') validpgpkeys=('14F26682D0916CDD81E37B6D61B7B526D98F0353') # Mozilla Software Releases validpgpkeys+=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin validpgpkeys+=('3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40') # bill-auger # PGO requires networking _should_skip_pgo_armv7h=1 # disable for armv7h - always _should_skip_pgo_i686=1 # disable for i686 - always _should_skip_pgo_x86_64=0 # disable for x86_64 - libremakepkg eval "_should_skip_pgo=\$_should_skip_pgo_${CARCH}" _check_build_config() { pushd "$srcdir/firefox-${pkgver%_*}" > /dev/null echo "Checking build configuration..." # Configure produces mozinfo.json that reflects current configuration. # See build/docs/mozinfo.rst ./mach configure # In this test, jq collects values of the following keys of mozinfo.json into array, # and checks if any of them are not equal to false, in which case it returns "true". # E.g. if the value of any key is true or null (in case the key is missing from mozinfo.json), # that means the build configuration has to be reworked. local obj_directory=$(./mach environment | sed -En '/object directory:/{n;s/^\s+//;p;}') local antifeature_keys=(.crashreporter .datareporting .healthreport .normandy .telemetry .updater) local antifeatures=() echo "obj_directory is: ${obj_directory}" for key in ${antifeature_keys[@]} do jq -e "${key} != false" "${obj_directory}"/mozinfo.json && antifeatures+=(${key}) done if (( ${#antifeatures[@]} )) then echo "Some anti-features are not disabled in build configuration files, aborting:" for key in ${antifeatures[@]} ; do echo " - ${key} is enabled" ; done ; return 1 fi popd > /dev/null } prepare() { mkdir mozbuild cd firefox-$pkgver # https://bugzilla.mozilla.org/show_bug.cgi?id=1530052 patch -Np1 -i ../0001-Use-remoting-name-for-GDK-application-names.patch cat >../mozconfig <>../mozconfig <>../mozconfig < manifest.json.tmp ! diff manifest.json.tmp ddg/manifest.json > /dev/null mv manifest.json.tmp ddg/manifest.json # Delete unused search engine configs find -mindepth 1 -maxdepth 1 \ -not -name ddg \ -not -name wikipedia \ -exec rm -frv {} \; popd ## libre patching ## # Upstream tarball can contain some ignored cruft, # including binaries (for example, python3). echo 'Removing files specified in .gitignore...' git init && git clean -dfX \ -e '!ipc/chromium/src/third_party/libevent/evconfig-private.h' \ -e '!toolkit/crashreporter/google-breakpad/src/third_party/lss/' \ -e '!third_party/python/**/*.egg-info/' rm -rf .git # Remove test-related networking dumps, because they contain code from # some Amazon webpage with no clear licensing, thus nonfree. # Also they interfere with checking of Remote Settings patching done later, # because communication with RS server has been captured in them too. rm python/mozperftest/mozperftest/system/example.zip rm testing/mozbase/mozproxy/tests/files/mitm5-linux-firefox-amazon.zip # Disable/neutralize Remote Settings (as best we can) echo "applying 9001-FSDG-always-sync-remote-settings-with-local-dump.patch" patch -Np1 --no-backup-if-mismatch -i ../9001-FSDG-always-sync-remote-settings-with-local-dump.patch # Verify Remote Settings patching local settings_server='firefox.settings.services.mozilla.com' ! grep -qr $settings_server || { echo 'Remote Settings patching needs rework'; return 1; } # Disable various components at the source level sed -i 's/;1/;0/' toolkit/components/telemetry/components.conf sed -Ei 's/((MOZ_SERVICES_HEALTHREPORT|MOZ_NORMANDY).+)True/\1False/' browser/moz.configure #sed -i 's/;1/;0/' browser/experiments/Experiments.manifest #sed -i '/pocket/d' browser/extensions/moz.build #sed -i '/activity-stream/d' browser/extensions/moz.build python ../process-json-files.py "${srcdir}"/firefox-${pkgver} "${brandingsrcdir}" echo "applying 9002-FSDG-preference-defaults.patch" patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9002-FSDG-preference-defaults.patch # Remove remaining non-free bits echo "applying 9003-FSDG-misc.patch" patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9003-FSDG-misc.patch } build() { cd firefox-$pkgver ## build env ## export MOZ_NOSPAM=1 export MOZBUILD_STATE_PATH="$srcdir/mozbuild" export MACH_USE_SYSTEM_PYTHON=1 # LTO needs more open files ulimit -n 4096 # clang-{9,10,11} -> error: unknown argument: '-fvar-tracking-assignments' CFLAGS="${CFLAGS/-fvar-tracking-assignments/}" CXXFLAGS="${CXXFLAGS/-fvar-tracking-assignments/}" ## [ARCH-SPECIFIC BUILD ENV] ## case ${CARCH} in armv7h) export MOZ_DEBUG_FLAGS=" " export CFLAGS+=" -g0" export CXXFLAGS+=" -g0" export LDFLAGS+=" -Wl,--no-keep-memory" export RUSTFLAGS="-Cdebuginfo=0" ;; i686) # -fno-plt with cross-LTO -> LLVM ERROR: Function Import: link error CFLAGS="${CFLAGS/-fno-plt/}" CXXFLAGS="${CXXFLAGS/-fno-plt/}" # disable LTO (clang has issues on IA32) export RUSTFLAGS+=" -Cdebuginfo=0 -Clto=off" export LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" # libvpx has some hard-coded compiler flags for MMX, SSE, SSE2, use the correct one # per CARCH (75.0 uses an intrisic _mm_empty now, which required the corresponding # architecture flag to be preset - before it was merely embedding some assembly # code with EMMS export CFLAGS+=" -mmmx" export CXXFLAGS+=" -mmmx" ;; x86_64) ;; *) echo "no [ARCH-SPECIFIC BUILD ENV] for arch: ${CARCH}" ; return 1 ; ;; esac export CFLAGS export CXXFLAGS ## [ARCH-SPECIFIC BUILD CONFIG] ## case ${CARCH} in armv7h) ;; i686) # avoid excessive debug symbols in rust leading to out-of-memory situations sed -i "s/debug_info = '\''2'\''/debug_info = '\''0'\''/" build/moz.configure/toolchain.configure ;; x86_64) ;; *) echo "no [ARCH-SPECIFIC BUILD CONFIG] for arch: ${CARCH}" ; return 1 ; ;; esac ## PGO build ## if (( $_should_skip_pgo )) then # skipping "3-tier PGO" "instrumented browser", to avoid OOM problems; # so we have the final .mozconfig now cp ../mozconfig .mozconfig else # Do 3-tier PGO echo "Building instrumented browser..." cat >.mozconfig ../mozconfig - <.mozconfig ../mozconfig - <> "${vendorjs}" local distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini" install -Dvm644 /dev/stdin "$distini" < "${pkgdir}"/etc/ld.so.conf.d/${pkgname}.conf ;; x86_64) ;; *) echo "no [ARCH-SPECIFIC INSTALL] for arch: ${CARCH}" ; return 1 ; ;; esac # Replace duplicate binary with wrapper # https://bugzilla.mozilla.org/show_bug.cgi?id=658850 ln -srfv "$pkgdir/usr/bin/$pkgname" "$pkgdir/usr/lib/$pkgname/$pkgname-bin" # Use system certificates local nssckbi="$pkgdir/usr/lib/$pkgname/libnssckbi.so" if [[ -e $nssckbi ]]; then ln -srfv "$pkgdir/usr/lib/libnssckbi.so" "$nssckbi" fi }