1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=firefox
pkgver=74.0.1
pkgrel=0
pkgdesc="Firefox web browser"
url="https://www.firefox.com/"
arch="all !s390x !armhf" # limited by rust and cargo, build failure on armhf due to wasm
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
makedepends="
alsa-lib-dev
autoconf2.13
automake
bsd-compat-headers
bzip2-dev
cargo
cbindgen
clang-dev
dbus-glib-dev
ffmpeg-dev
gtk+2.0-dev
gtk+3.0-dev
hunspell-dev
icu-dev>=64.2
libevent-dev
libidl-dev
libjpeg-turbo-dev
libnotify-dev
libogg-dev
libtheora-dev
libtool
libvorbis-dev
libxt-dev
libxcomposite-dev
llvm-dev
mesa-dev
nasm
nodejs
nspr-dev
nss-dev>=3.44.1
nss-static
python2
sqlite-dev
sed
startup-notification-dev
wireless-tools-dev
yasm
zip
pulseaudio-dev
"
source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
stab.h
fix-fortify-system-wrappers.patch
fix-seccomp-bpf.patch
fix-tools.patch
mallinfo.patch
disable-moz-stackwalk.patch
fix-rust-target.patch
fix-webrtc-glibcisms.patch
rust_audio-thread-priority.patch
fd6847c9416f9eebde636e21d794d25d1be8791d.patch
allow-custom-rust-vendor.patch
x86_64-alpine-linux-musl.json
firefox.desktop
firefox-safe.desktop"
_mozappdir=/usr/lib/firefox
# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
# secfixes:
# 74.0.1-r0:
# - CVE-2020-6819
# - CVE-2020-6820
# 74.0-r0:
# - CVE-2020-6805
# - CVE-2020-6806
# - CVE-2020-6807
# - CVE-2020-6808
# - CVE-2020-6809
# - CVE-2020-6810
# - CVE-2020-6811
# - CVE-2019-20503
# - CVE-2020-6812
# - CVE-2020-6813
# - CVE-2020-6814
# - CVE-2020-6815
# 71.0.1-r0:
# - CVE-2019-17016
# - CVE-2019-17017
# - CVE-2019-17020
# - CVE-2019-17022
# - CVE-2019-17023
# - CVE-2019-17024
# - CVE-2019-17025
# - CVE-2019-17026
# 70.0-r0:
# - CVE-2018-6156
# - CVE-2019-15903
# - CVE-2019-11757
# - CVE-2019-11759
# - CVE-2019-11760
# - CVE-2019-11761
# - CVE-2019-11762
# - CVE-2019-11763
# - CVE-2019-11764
# - CVE-2019-11765
# - CVE-2019-17000
# - CVE-2019-17001
# - CVE-2019-17002
# 68.0.2-r0:
# - CVE-2019-11733
# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}
prepare() {
default_prepare
cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
# Firefox needs to know how our custom triplet on x86_64 behaves.
mkdir rust_targets
cp "$srcdir"/x86_64-alpine-linux-musl.json rust_targets/.
_clear_vendor_checksums audio_thread_priority
_clear_vendor_checksums target-lexicon-0.9.0
}
build() {
mkdir -p "$builddir"/objdir
cd "$builddir"/objdir
export SHELL=/bin/sh
export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export USE_SHORT_LIBNAME=1
# Find our triplet JSON
export RUST_TARGET_PATH="$builddir/rust_targets"
# set rpath so linker finds the libs
export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"
case "$CARCH" in
x86)
# disable-elf-hack: exists only on arm, x86, x86_64
_arch_config="--disable-elf-hack"
export RUST_TARGET="i686-unknown-linux-musl"
;;
x86_64)
# disable-elf-hack: exists only on arm, x86, x86_64
_arch_config="--disable-elf-hack"
export RUST_TARGET="$CTARGET"
;;
aarch64)
export RUST_TARGET="aarch64-unknown-linux-musl"
;;
armv7)
# disable-elf-hack: exists only on arm, x86, x86_64
_arch_config="--disable-elf-hack"
export RUST_TARGET="armv7-unknown-linux-musleabihf"
;;
armhf)
# disable-elf-hack: exists only on arm, x86, x86_64
_arch_config="--disable-elf-hack"
export RUST_TARGET="arm-unknown-linux-musleabihf"
;;
ppc64le)
export RUST_TARGET="powerpc64le-unknown-linux-musl"
;;
esac
# FF doesn't have SIMD available on these arches.
case "$CARCH" in
armhf|armv7)
_rust_simd="--disable-rust-simd"
_low_mem_flags="--disable-debug-symbols --disable-debug"
export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
;;
x86)
_low_mem_flags="--disable-debug-symbols --disable-debug"
export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
;;
*) _rust_simd="--enable-rust-simd" ;;
esac
../configure \
--prefix=/usr \
$_arch_config \
--disable-crashreporter \
--disable-gold \
--disable-install-strip \
--disable-jemalloc \
--disable-profiling \
--enable-pulseaudio \
--disable-strip \
--disable-tests \
--disable-updater \
--enable-alsa \
--enable-default-toolkit=cairo-gtk3-wayland \
--enable-official-branding \
--enable-optimize="$CFLAGS -O2" \
--enable-startup-notification \
--enable-system-ffi \
--enable-system-sqlite \
--enable-ffmpeg \
$_rust_simd \
$_low_mem_flags \
--enable-hardening \
--with-system-bz2 \
--with-system-icu \
--with-system-libevent \
--with-system-nspr \
--with-system-nss \
--with-system-pixman \
--with-system-png \
--with-system-zlib \
--with-clang-path=/usr/bin/clang \
--with-libclang-path=/usr/lib
# FIXME: fix build with --with-system-libvpx and libvpx 1.8.0
# https://bugzilla.mozilla.org/show_bug.cgi?id=1525393
make
}
package() {
cd "$builddir"/objdir
make install \
DESTDIR="$pkgdir" \
MOZ_MAKE_FLAGS="$MAKEOPTS"
install -m755 -d "$pkgdir"/usr/share/applications
install -m755 -d "$pkgdir"/usr/share/pixmaps
local _png
for _png in ../browser/branding/official/default*.png; do
local i=${_png%.png}
i=${i##*/default}
install -D -m644 "$_png" "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox.png
done
install -m644 "$builddir"/browser/branding/official/default48.png \
"$pkgdir"/usr/share/pixmaps/firefox.png
install -m644 "$srcdir"/firefox.desktop "$pkgdir"/usr/share/applications/firefox.desktop
install -m644 "$srcdir"/firefox-safe.desktop "$pkgdir"/usr/share/applications/firefox-safe.desktop
# install our vendor prefs
install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences
cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
// Use LANG environment variable to choose locale
pref("intl.locale.requested", "");
// Disable default browser checking.
pref("browser.shell.checkDefaultBrowser", false);
// Don't disable our bundled extensions in the application directory
pref("extensions.autoDisableScopes", 11);
pref("extensions.shownSelectionUI", true);
EOF
}
sha512sums="c437c40740bd035ff374b3fa15abaff49dde3f613906f5e018f42dd3e219d32112e8b2e85efd9c0f7a872475640908adb1cf7cdd677b03a39ff435a57c48e6d5 firefox-74.0.1.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
84b84d2d7dbc16002510bf856796ad345ac38ef6d3254670230189bba7c2d4781714d231236d5a3d70129a4597b430c3171644b01ad0f5a5bb13b55d407337a4 fix-seccomp-bpf.patch
4d55f41d15be7457ad630f8f07e4fc0314c2f75720010b4bbe6a2a7f3228210a1e069949e11795efbe2e784b0762e79fdfe5b8ec38e8a64cb8d9cf3b57dd5af1 fix-tools.patch
a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch
089c97e6011e86a9b9d9e7b0c8ba3af0519d1ce4e2b1e9ab7719762d6968388bfa47dad3bf23a6d41c3d66fdcc6c15e2c926e3ff9500bfd4fbf1b53e6d19dc57 fix-rust-target.patch
d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79 fix-webrtc-glibcisms.patch
18098bae18ce9ead6bca0d93d28e634495fa08a4c0707057f72a9e34205a64a0ce5ab98a4cfc2d492412725b14447eb9553b2976d9620c3d71eba2135c6ba211 rust_audio-thread-priority.patch
60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch
4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch
0dfa633abf3f411c90a030c46ee7f8fdde6fdd9f3a0c493599a58633e09b183d6c04590fc1984256e514c1da4f72f43dde3f5dbceef888b08262952b4f894919 x86_64-alpine-linux-musl.json
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop"
|
