From aa65d098e10874d5ddb7056e2015c1bc9a6e13e9 Mon Sep 17 00:00:00 2001
From: ohfp <1813007-ohfp@users.noreply.gitlab.com>
Date: Fri, 10 Apr 2020 01:20:14 +0200
Subject: [PATCH 1/4] Remove mozilla plugin certificates, fixes #112

Via `sed` instead of a patch, in the hope that it might be less of a
maintenance burden compared to patch witch changes in the file to patch
with subsequent upstream releases.

Should only be merged once it's ensured there are no unforseen side
effects when built with the Plugin Certificates removed.
---
 PKGBUILD                                          | 7 +++++++
 binary_tarball/scripts/3_Configure_Source_Code.sh | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/PKGBUILD b/PKGBUILD
index 27b91cc..e4b10ac 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -129,6 +129,13 @@ fi
   # this one only to remove an annoying error message:
   sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm
 
+  # Remove Internal Plugin Certificates
+  _cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
+  _cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
+  _cert_sed+='[[:blank:]]\+}#'
+  _cert_sed+='// NOTE: removed#g'
+  sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
+
   # allow SearchEngines option in non-ESR builds
   sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json
 
diff --git a/binary_tarball/scripts/3_Configure_Source_Code.sh b/binary_tarball/scripts/3_Configure_Source_Code.sh
index 2c06643..08d31ed 100755
--- a/binary_tarball/scripts/3_Configure_Source_Code.sh
+++ b/binary_tarball/scripts/3_Configure_Source_Code.sh
@@ -128,5 +128,12 @@ sed -i "s/'pocket'/#'pocket'/g" browser/components/moz.build
 # this one only to remove an annoying error message:
 sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm
 
+# Remove Internal Plugin Certificates
+_cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
+_cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
+_cert_sed+='[[:blank:]]\+}#'
+_cert_sed+='// NOTE: removed#g'
+sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
+
 # allow SearchEngines option in non-ESR builds
 sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json

From 90d4fbb2d9cfafd66603904b1637d57f19348307 Mon Sep 17 00:00:00 2001
From: ohfp <1813007-ohfp@users.noreply.gitlab.com>
Date: Fri, 10 Apr 2020 12:21:41 +0200
Subject: [PATCH 2/4] Remove some pre-installed addons, fixes #59

screenshots@mozilla.org.xpi might be benign; that needs to be looked
into before merging.
---
 PKGBUILD                                             | 6 ++++++
 binary_tarball/scripts/5_Configure_Binary_Tarball.sh | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/PKGBUILD b/PKGBUILD
index e4b10ac..591944b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -276,6 +276,12 @@ END
 exec /usr/lib/$pkgname/librewolf "\$@"
 END
 
+  # Remove some pre-installed addons that might be questionable
+  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/doh-rollout@mozilla.org.xpi"
+  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/screenshots@mozilla.org.xpi"
+  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/webcompat-reporter@mozilla.org.xpi"
+  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/webcompat@mozilla.org.xpi"
+
   # Replace duplicate binary with wrapper
   # https://bugzilla.mozilla.org/show_bug.cgi?id=658850
   ln -srfv "$pkgdir/usr/bin/$pkgname" "$pkgdir/usr/lib/$pkgname/librewolf-bin"
diff --git a/binary_tarball/scripts/5_Configure_Binary_Tarball.sh b/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
index c7517d1..bf2bf2d 100755
--- a/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
+++ b/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
@@ -36,6 +36,13 @@ cp -r $_EXTRACTED_TARBALL_FOLDER/settings/* $_EXTRACTED_TARBALL_FOLDER;
 # Add distribution.ini
 distini="$_EXTRACTED_TARBALL_FOLDER/distribution/distribution.ini"
 
+# Remove some pre-installed addons that might be questionable
+rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/doh-rollout@mozilla.org.xpi"
+rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/screenshots@mozilla.org.xpi"
+rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/webcompat-reporter@mozilla.org.xpi"
+rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/webcompat@mozilla.org.xpi"
+
+
 install -Dvm644 /dev/stdin "$distini" <<END
 [Global]
 id=io.gitlab.LibreWolf

From d366ba3bd4d4b648c85a4062888db24f1fc47146 Mon Sep 17 00:00:00 2001
From: ohfp <1813007-ohfp@users.noreply.gitlab.com>
Date: Fri, 10 Apr 2020 18:12:59 +0200
Subject: [PATCH 3/4] instead of removing addons, just do not build them in the
 first place

---
 CHANGELOG.md                                    | 11 +++++++++++
 PKGBUILD                                        | 17 ++++++++---------
 .../scripts/3_Configure_Source_Code.sh          |  3 +++
 .../scripts/5_Configure_Binary_Tarball.sh       |  7 -------
 remove_addons.patch                             | 16 ++++++++++++++++
 5 files changed, 38 insertions(+), 16 deletions(-)
 create mode 100644 remove_addons.patch

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ee1f9f..4a3873f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 This project follows the official Firefox releases, but also uses
 [Arch Linux Package Versioning](https://wiki.archlinux.org/index.php/Arch_package_guidelines#Package_versioning) to mark individual releases in between versions.
 
+## [75.0-2] - Unreleased
+
+### Added
+
+- DoH disabled by default
+- Remove Internal Plugin Certificates from Mozilla
+
+### Fixed
+
+- Some default addons from Mozilla are now removed (#59)
+
 ## [75.0-1] - 2020-04-08
 
 ### Added
diff --git a/PKGBUILD b/PKGBUILD
index 591944b..31bcf96 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@ pkgname=librewolf
 _pkgname=LibreWolf
 # how to get ci vars instead?
 pkgver=75.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Community-maintained fork of Firefox, focused on privacy, security and freedom."
 arch=(x86_64 aarch64)
 license=(MPL GPL LGPL)
@@ -26,11 +26,13 @@ options=(!emptydirs !makeflags !strip)
 source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
         $pkgname.desktop
         "git+https://gitlab.com/${pkgname}-community/browser/common.git"
-        "git+https://gitlab.com/${pkgname}-community/settings.git")
+        "git+https://gitlab.com/${pkgname}-community/settings.git"
+        "remove_addons.patch")
 sha256sums=('bbb1054d8f2717c634480556d3753a8483986af7360e023bb6232df80b746b0f'
             '0471d32366c6f415f7608b438ddeb10e2f998498c389217cdd6cc52e8249996b'
             'SKIP'
-            'SKIP')
+            'SKIP'
+            '70fab85453130a84fd2a1865f1cea660f848f394d689cd744b141927359a5937')
 
 if [[ $CARCH == 'aarch64' ]]; then
   source+=(arm.patch
@@ -124,6 +126,9 @@ ac_add_options --enable-optimize
 END
 fi
 
+  # Remove some pre-installed addons that might be questionable
+  patch -p1 -i ../remove_addons.patch
+
   # Disabling Pocket
   sed -i "s/'pocket'/#'pocket'/g" browser/components/moz.build
   # this one only to remove an annoying error message:
@@ -276,12 +281,6 @@ END
 exec /usr/lib/$pkgname/librewolf "\$@"
 END
 
-  # Remove some pre-installed addons that might be questionable
-  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/doh-rollout@mozilla.org.xpi"
-  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/screenshots@mozilla.org.xpi"
-  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/webcompat-reporter@mozilla.org.xpi"
-  rm -f "$pkgdir/usr/lib/$pkgname/browser/features/webcompat@mozilla.org.xpi"
-
   # Replace duplicate binary with wrapper
   # https://bugzilla.mozilla.org/show_bug.cgi?id=658850
   ln -srfv "$pkgdir/usr/bin/$pkgname" "$pkgdir/usr/lib/$pkgname/librewolf-bin"
diff --git a/binary_tarball/scripts/3_Configure_Source_Code.sh b/binary_tarball/scripts/3_Configure_Source_Code.sh
index 08d31ed..dc8fea4 100755
--- a/binary_tarball/scripts/3_Configure_Source_Code.sh
+++ b/binary_tarball/scripts/3_Configure_Source_Code.sh
@@ -122,6 +122,9 @@ patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/build-with-libstdc++-7.patch"
 patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/drop-libstdcxx-check.patch"
 patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/add-missing-include-functional.patch"
 
+# Remove some pre-installed addons that might be questionable
+patch -p1 -i ${CI_PROJECT_DIR}/remove_addons.patch
+
 # Disabling Pocket
 printf "\nDisabling Pocket\n";
 sed -i "s/'pocket'/#'pocket'/g" browser/components/moz.build
diff --git a/binary_tarball/scripts/5_Configure_Binary_Tarball.sh b/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
index bf2bf2d..c7517d1 100755
--- a/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
+++ b/binary_tarball/scripts/5_Configure_Binary_Tarball.sh
@@ -36,13 +36,6 @@ cp -r $_EXTRACTED_TARBALL_FOLDER/settings/* $_EXTRACTED_TARBALL_FOLDER;
 # Add distribution.ini
 distini="$_EXTRACTED_TARBALL_FOLDER/distribution/distribution.ini"
 
-# Remove some pre-installed addons that might be questionable
-rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/doh-rollout@mozilla.org.xpi"
-rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/screenshots@mozilla.org.xpi"
-rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/webcompat-reporter@mozilla.org.xpi"
-rm -f "$_EXTRACTED_TARBALL_FOLDER/browser/features/webcompat@mozilla.org.xpi"
-
-
 install -Dvm644 /dev/stdin "$distini" <<END
 [Global]
 id=io.gitlab.LibreWolf
diff --git a/remove_addons.patch b/remove_addons.patch
new file mode 100644
index 0000000..4b158f7
--- /dev/null
+++ b/remove_addons.patch
@@ -0,0 +1,16 @@
+diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
+index 4c9fa78..df8ea65 100644
+--- a/browser/extensions/moz.build
++++ b/browser/extensions/moz.build
+@@ -5,10 +5,6 @@
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ 
+ DIRS += [
+-    'doh-rollout',
+     'formautofill',
+-    'pdfjs',
+-    'screenshots',
+-    'webcompat',
+-    'report-site-issue'
++    'pdfjs'
+ ]

From d7d472c4228b1f6a119bea1f6e54ed948a58ce03 Mon Sep 17 00:00:00 2001
From: ohfp <1813007-ohfp@users.noreply.gitlab.com>
Date: Fri, 10 Apr 2020 20:15:51 +0200
Subject: [PATCH 4/4] keep screenshots extension

---
 PKGBUILD            | 2 +-
 remove_addons.patch | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 31bcf96..510274a 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -32,7 +32,7 @@ sha256sums=('bbb1054d8f2717c634480556d3753a8483986af7360e023bb6232df80b746b0f'
             '0471d32366c6f415f7608b438ddeb10e2f998498c389217cdd6cc52e8249996b'
             'SKIP'
             'SKIP'
-            '70fab85453130a84fd2a1865f1cea660f848f394d689cd744b141927359a5937')
+            '24b75ba55cb4a2c9a088a22279a1f07fd3b8f3ef4f47774c0c12b79f4bfad124')
 
 if [[ $CARCH == 'aarch64' ]]; then
   source+=(arm.patch
diff --git a/remove_addons.patch b/remove_addons.patch
index 4b158f7..15da8ae 100644
--- a/remove_addons.patch
+++ b/remove_addons.patch
@@ -1,16 +1,16 @@
 diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
-index 4c9fa78..df8ea65 100644
+index 4c9fa78..095d199 100644
 --- a/browser/extensions/moz.build
 +++ b/browser/extensions/moz.build
-@@ -5,10 +5,6 @@
+@@ -5,10 +5,7 @@
  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
  
  DIRS += [
 -    'doh-rollout',
      'formautofill',
--    'pdfjs',
+     'pdfjs',
 -    'screenshots',
 -    'webcompat',
 -    'report-site-issue'
-+    'pdfjs'
++    'screenshots'
  ]