blob: 6ce8d46eb6ee93221676ffa686342a40788331f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
# Maintainer: André Silva <emulatorman@parabola.nu>
# Contributor: Márcio Silva <coadde@parabola.nu>
# Contributor: Luke R. <g4jc@openmailbox.org>
# Contributor: Isaac David <isacdaavid@isacdaavid.info>
# We're getting this from Debian Sid
_debname=icedove
_debver=45.4.0
_debrel=deb1
_debrepo=http://ftp.debian.org/debian/pool/main/
debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; }
_pkgname=thunderbird
pkgname=icedove-hardening
epoch=1
pkgver=$_debver.$_debrel
pkgrel=1
pkgdesc="A libre version of Debian Icedove, the standalone mail and news reader based on Mozilla Thunderbird, with several patches that were introduced to strengthen and protect the end user from security threats and without support for unsafe and dangerous for privacy protocols"
arch=(i686 x86_64 armv7h)
license=(MPL GPL LGPL)
depends=(alsa-lib dbus-glib gtk2 hunspell icu=57.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font)
makedepends=(autoconf2.13 diffutils gconf imake inetutils libpulse mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip)
options=(!emptydirs !makeflags)
optdepends=('libcanberra: for sound support')
url="https://wiki.parabola.nu/${pkgname%-*}"
replaces=("${pkgname%-*}-libre" "$_pkgname")
conflicts=("${pkgname%-*}-libre" "$_pkgname" "${pkgname%-*}")
provides=("$_pkgname" "${pkgname%-*}")
install=${pkgname%-*}.install
source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz"
"$_debrepo/`debfile $_debname`_$_debver-${_debrel#deb}.debian.tar.xz"
mozconfig
${pkgname%-*}.desktop
changing-the-default-search-engine.patch
firefox-gcc-6.0.patch mozilla-1228540.patch mozilla-1228540-1.patch
vendor.js
fix-missing-files.patch
no-neon.patch
mozilla-1253216.patch)
sha256sums=('00ff0dcd4bddd053b5285c78cd687876cfab9455c2eb1e670746eb4bedaac38f'
'b4d1b193aee7481249ef5e638bf583b69c1785dd530a9ecd098a84f42dfdf09d'
'aaca37bcca176d1b8ebe7c18d3fb0c61e3d21769fbf8e994a189eb3263257d3d'
'0b0d25067c64c6b829c84e5259ffca978e3971f85acc8483f47bdbed5b0b5b6a'
'e1f72c44e31f191271207fc874dcfbf3d504b6b42dc1bb063ba8c7c9ee032130'
'4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf'
'3a3e84c702ee31450a3e84698441aceb11cf44e64c9fedcaddb8cb50db759417'
'd1ccbaf0973615c57f7893355e5cd3a89efb4e91071d0ec376e429b50cf6ed19'
'173c929176262c0ad27984d68d61918d51d27bbc538ccbe9e6d19727d1f9de4d'
'294a2cc7b0477ad285af10ac2a04b767cabec07f03b23da23014bda71caea510'
'59f40d8b2480aa67bf76f4f119826b6828a6a59cc040caf1ab5a6e19eef44c6e'
'1e7ef08acd46aeacc8cd8b2c89012983fb2c8c18648e0f3e9371b0c76caedbde')
prepare() {
cd "$srcdir/$_pkgname-$_debver"
mv "$srcdir/debian" .
export QUILT_PATCHES=debian/patches
export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
export QUILT_DIFF_ARGS='--no-timestamps'
# Prepare branding for the Icedove packages
mkdir -v mail/branding/${pkgname%-*}
# Copy needed icons
cp -va debian/${pkgname%-*}-branding/* mail/branding/${pkgname%-*}
for i in 16 22 24 32 48 256; do
install -Dm644 debian/app-icons/${pkgname%-*}$i.png \
mail/branding/${pkgname%-*}/mailicon$i.png
done
for i in 48 64; do
install -Dm644 debian/app-icons/${pkgname%-*}$i.png \
mail/branding/${pkgname%-*}/content/icon$i.png
done
cp -av debian/preview.png mail/themes/linux/mail/preview.png
# Useless since we are doing it ourselves
rm -rv debian/patches/icedove-l10n || true
rm -rv debian/patches/iceowl-l10n || true
rm -v debian/patches/debian-hacks/changing-the-default-search-engine.patch || true
quilt push -av
# Fix missing files
patch -Np1 -i "$srcdir/fix-missing-files.patch"
# Remove url-classifier from package-manifest.in to build and disable Phishing Protection
sed -i '\|Phishing Protection|d
\|UrlClassifier|d
\|URLClassifier|d
\|url-classifier|d
' mail/installer/package-manifest.in
# Fix branding
sed -i 's|Icedove Mail/News|Icedove|
' mail/branding/icedove/locales/en-US/brand.{dtd,properties}
# Replace common URLs
sed -i '\|extensions[.]getAddons[.]get[.]url| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|https://directory.fsf.org/wiki/Icedove");|g;
\|extensions[.]getAddons[.]search[.]browseURL| s|https://addons[.]mozilla[.]org.\+["][)][;]|https://directory.fsf.org/wiki/Icedove");|g;
\|extensions[.]getAddons[.]search[.]url| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|https://directory.fsf.org/wiki/Icedove");|g;
\|extensions[.]webservice[.]discoverURL| s|https://services[.]addons[.]mozilla[.]org.\+["][)][;]|https://directory.fsf.org/wiki/Icedove");|g;
' mail/app/profile/all-thunderbird.js
# Remove support for unsafe and dangerous for privacy protocols
sed -i '\|facebook|d
\|gtalk|d
\|odnoklassniki|d
\|twitter|d
\|yahoo|d
' chat/moz.build
sed -i '\|facebook[.]js|d
\|facebook[.]manifest|d
\|gtalk[.]js|d
\|gtalk[.]manifest|d
\|twitter[.]js|d
\|twitter[.]manifest|d
\|yahoo[.]js|d
\|yahoo[.]manifest|d
' mail/installer/package-manifest.in
rm -rv chat/protocols/{facebook,gtalk,twitter,yahoo}
# Required for GCC 6
patch -d mozilla -Np1 < ../firefox-gcc-6.0.patch
patch -d mozilla -Np1 < ../mozilla-1228540.patch
patch -d mozilla -Np1 < ../mozilla-1228540-1.patch
cp -v "$srcdir/mozconfig" .mozconfig
mkdir "$srcdir/path"
ln -s /usr/bin/python2 "$srcdir/path/python"
# Change the default search engine using our system-provided searchplugins
patch -Np1 -i "$srcdir/changing-the-default-search-engine.patch"
# Load our searchplugins
rm -rv mail/locales/en-US/searchplugins
cp -av /usr/lib/mozilla/searchplugins mail/locales/en-US
# ARM-specific changes:
if [[ "$CARCH" == arm* ]]; then
patch -Np0 -i ../no-neon.patch
patch -p2 -d mozilla < ../mozilla-1253216.patch
sed -i '/ac_add_options --enable-gold/d' .mozconfig
cat >> .mozconfig <<- EOF
ac_add_options --disable-elf-hack
ac_add_options --disable-neon
ac_add_options --disable-ion
ac_add_options --disable-webrtc
ac_add_options --disable-debug
ac_add_options --disable-debug-symbols
EOF
fi
}
build() {
cd "$srcdir/$_pkgname-$_debver"
# _FORTIFY_SOURCE causes configure failures
CPPFLAGS+=" -O2"
# Hardening
LDFLAGS+=" -Wl,-z,now"
# GCC 6
CFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns2"
export PATH="$srcdir/path:$PATH"
make -f client.mk build
}
package() {
cd "$srcdir/$_pkgname-$_debver"
make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install
install -Dm644 ../vendor.js "$pkgdir/usr/lib/${pkgname%-*}/defaults/preferences/vendor.js"
# Install Icedove menu icon
install -Dm644 debian/${pkgname%-*}.xpm "$pkgdir/usr/share/pixmaps/${pkgname%-*}.xpm"
# Install Icedove icons
brandingdir=debian/app-icons
icondir="$pkgdir/usr/share/icons/hicolor"
for i in 16 22 24 32 48 64 128 256; do
install -Dm644 "$brandingdir/${pkgname%-*}$i.png" \
"$icondir/${i}x${i}/apps/${pkgname%-*}.png"
done
install -Dm644 "$brandingdir/${pkgname}big.svg" \
"$icondir/scalable/apps/${pkgname%-*}.svg"
# Install Icedove desktop
install -d "$pkgdir/usr/share/applications"
install -m644 "$srcdir/${pkgname%-*}.desktop" \
"$pkgdir/usr/share/applications"
# Use system-provided dictionaries
rm -rf "$pkgdir/usr/lib/${pkgname%-*}/"{dictionaries,hyphenation}
ln -s /usr/share/hunspell "$pkgdir/usr/lib/${pkgname%-*}/dictionaries"
ln -s /usr/share/hyphen "$pkgdir/usr/lib/${pkgname%-*}/hyphenation"
# Replace duplicate binary with symlink
# https://bugzilla.mozilla.org/show_bug.cgi?id=658850
ln -sf ${pkgname%-*} "$pkgdir/usr/lib/${pkgname%-*}/${pkgname%-*}-bin"
}
|