From 2c9c981a05bce293b2e7757333b8a756aa828a37 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 30 Nov 2020 14:52:28 -0500 Subject: [PATCH 1/5] add prep-librewolf-dpkg --- prep-librewolf-dpkg.conf | 15 +++ prep-librewolf-dpkg.sh | 250 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 265 insertions(+) create mode 100644 prep-librewolf-dpkg.conf create mode 100755 prep-librewolf-dpkg.sh diff --git a/prep-librewolf-dpkg.conf b/prep-librewolf-dpkg.conf new file mode 100644 index 0000000..5ffe9a7 --- /dev/null +++ b/prep-librewolf-dpkg.conf @@ -0,0 +1,15 @@ +# Config file for prep-librewolf-dpkg.sh +# Configure these settings before running that script. + +debian_firefox_version=83.0-1 # current version of Firefox package in Debian sid +firefox_version=83.0 # current version of Firefox + +librewolf_common_url=https://gitlab.com/librewolf-community/browser/common.git +librewolf_settings_url=https://gitlab.com/librewolf-community/settings.git +librewolf_linux_url=https://gitlab.com/librewolf-community/browser/linux.git + +# user configurable +git_source_dir=/usr/src/librewolf # where LibreWolf git contents are cached +debian_dir=/home/librewolf/debian # where the firefox_debian.tar.xz file is extracted +source_dir=/home/librewolf/librewolf_${firefox_version} # where firefox.orig.tar.xz file is extracted with --strip-components=1 +work_dir=/home/librewolf diff --git a/prep-librewolf-dpkg.sh b/prep-librewolf-dpkg.sh new file mode 100755 index 0000000..04d2c6a --- /dev/null +++ b/prep-librewolf-dpkg.sh @@ -0,0 +1,250 @@ +#!/bin/sh +# File: prep-librewolf-dpkg.sh +# Location: https://gitlab.com/bgstack15/librewolf-linux.git +# Latest supported version: librewolf-83.0-1 +# Author: bgstack15 +# SPDX-License-Identifier: CC-BY-SA-4.0 +# Startdate: 2020-11-29 +# Title: Build Dpkg for LibreWolf +# Purpose: Prepare initial assets for running "dpkg-buildpackage -b -us -uc" for LibreWolf by adapting Debian Firefox assets +# History: +# Usage: +# Can send these final assets up to Open Build Service +# References: +# Script numbers from https://gitlab.com/librewolf-community/browser/linux/-/tree/master/binary_tarball/scripts +# Improve: +# Make this idempotent. Right now it is very much not. +# Dependencies: +# wget, git, tar, awk, sed + +##################################### +# Load settings + +# basically, dot-source the conf file. +test -z "${librewolf_dpkg_conf}" && export librewolf_dpkg_conf="$( find "$( dirname "${0}" )" -maxdepth 2 -name "$( basename "${0%%.sh}.conf" )" -print 2>/dev/null | head -n1 )" +test ! -r "${librewolf_dpkg_conf}" && { echo "Unable to load config file, which should be named the same as this script but with a .conf ending. Aborted." 1>&2 ; exit 1 ; } +. "${librewolf_dpkg_conf}" + +##################################### +# Download initial components + +# Download upstream Debian assets, which includes +# 1. orig tarball, which in Debian is not always the pristine contents from upstream source +# 2. debian/ directory which defines how to build a package for Debian +# 3. Debian source package control file +cd "${work_dir}" +test -z "${SKIP_DOWNLOAD}" && { + wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${firefox_version}".orig.tar.xz # -O librewolf_"${firefox_version}".orig.tar.xz + wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".debian.tar.xz # -O librewolf_"${debian_firefox_version}".debian.tar.xz + wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".dsc # -O librewolf_"${debian_firefox_version}".dsc +} + +# extract these contents to where they belong +mkdir -p "${source_dir}" +test -z "${SKIP_EXTRACT}" && { + echo "Extracting files from orig and debian tarballs. This might take a while." 1>&2 + tar -C "${source_dir}" -Jx --strip-components=1 -f firefox_"${firefox_version}".orig.tar.xz + tar -C "$( dirname "${debian_dir}" )" -Jxf firefox_"${debian_firefox_version}".debian.tar.xz + # dsc file is a text file and needs no extraction +} + +# Download git sources +test -z "${SKIP_GIT}" && ( + # yes, use a sub-shell because of this cd. pushd is a bash builtin, but we are using sh and not bash. + cd "${git_source_dir}" + git clone "${librewolf_common_url}" common + git clone "${librewolf_settings_url}" settings + git clone "${librewolf_linux_url}" linux +) + +##################################### +# Script 1 tasks + +# update debian/control file +# update fields and add libjack-dev +sed -i -r "${debian_dir}"/control \ + -e '/^[[:alpha:]]+: firefox/s/firefox/librewolf/' \ + -e '/^Package:.*-l10/,$d' \ + -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack ' -e '}' \ + -e '/^Uploaders:/d' \ + -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \ + -e '/^Vcs-/d' \ + -e '/Breaks:.*xul-ext-torbutton/d' \ + -e '/Description:/,+8{/Description:/,/^\s*$/d}' +cat <<'EOF' >> "${debian_dir}"/control +Description: LibreWolf variant of Mozilla Firefox web browser + LibreWolf is a build of Firefox that seeks to protect user privacy, + security, and freedom. +EOF + +##################################### +# Script 2 tasks + +# none. Dependencies are handled by the build environment by interpreting the dsc file. + +##################################### +# Script 3 tasks + +# overlay the orig tarball contents with LibreWolf contents +# LibreWolf branding +cp -pr "${git_source_dir}"/common/source_files/browser/branding "${source_dir}"/browser/ +# update mozconfig with needed info +sed -i -e '/with-app-name=/d' "${debian_dir}"/browser.mozconfig.in +cat <> "${debian_dir}"/browser.mozconfig.in + +# Start of LibreWolf effects +ac_add_options --disable-tests +ac_add_options --disable-debug + +ac_add_options --prefix=/usr +ac_add_options --enable-release +ac_add_options --enable-hardening +ac_add_options --enable-rust-simd + +# Branding ac_add_options --enable-update-channel=release +ac_add_options --with-app-name=librewolf +ac_add_options --with-app-basename=LibreWolf +ac_add_options --with-branding=browser/branding/librewolf +ac_add_options --with-distribution-id=io.gitlab.librewolf +ac_add_options --with-unsigned-addon-scopes=app,system +ac_add_options --allow-addon-sideload +export MOZ_REQUIRE_SIGNING=0 + +# Features +ac_add_options --enable-jack +ac_add_options --disable-crashreporter + +# Disables crash reporting, telemetry and other data gathering tools +mk_add_options MOZ_CRASHREPORTER=0 +mk_add_options MOZ_DATA_REPORTING=0 +mk_add_options MOZ_SERVICES_HEALTHREPORT=0 +mk_add_options MOZ_TELEMETRY_REPORTING=0 + +ac_add_options --disable-elf-hack + +# LibreWolf binary release uses clang-11 but Debian builds Firefox with gcc so this is irrelevant. +#export CC='clang-11' +#export CXX='clang++-11' +#export AR=llvm-ar-11 +#export NM=llvm-nm-11 +#export RANLIB=llvm-ranlib-11 + +ac_add_options --enable-optimize +EOF + +# add patches to debian/patches +mkdir -p "${debian_dir}"/patches/librewolf +cp -pr "${git_source_dir}"/linux/megabar.patch "${git_source_dir}"/linux/remove_addons.patch \ + "${git_source_dir}"/linux/deb_patches/*.patch \ + "${debian_dir}"/patches/librewolf/ +cat <> "${debian_dir}"/patches/series +librewolf/lower-python3-requirement.patch -p1 +librewolf/armhf-reduce-linker-memory-use.patch -p1 +#librewolf/build-with-libstdc++-7.patch -p1 +librewolf/fix-armhf-webrtc-build.patch -p1 +librewolf/webrtc-fix-compiler-flags-for-armhf.patch -p1 +librewolf/python3-remove-variable-annotations.patch -p1 +librewolf/python3-remove-fstrings.patch -p1 +librewolf/python3-remove-pep487.patch -p1 +librewolf/silence-gtk-style-assertions.patch -p1 +librewolf/sandbox-update-arm-syscall-numbers.patch -p1 +librewolf/remove_addons.patch -p1 +librewolf/megabar.patch -p1 +EOF +# observe that build-with-libstdc++-7 is disabled for this dpkg. Debian builds Firefox with gcc, not clang. +# fix some fuzz in remove_addons.patch. The space is important! +sed -i -r -e 's/libs /l10n /;' "${debian_dir}"/patches/librewolf/remove_addons.patch + +# additional main LibreWolf activities +# disable pocket in source +sed -i "/'pocket'/d" "${source_dir}"/browser/components/moz.build +sed -i "/SaveToPocket\.init/d" "${source_dir}"/browser/components/BrowserGlue.jsm +# Remove internal plugin certificates +sed -i -r -e '/organizationalUnit.{0,5}=.{0,5}Mozilla/{N;N;N;d}' "${source_dir}"/toolkit/mozapps/extensions/internal/XPIInstall.jsm +# allow SearchEngines option in non-ESR builds +sed -i -r -e '/enterprise_only/s#true#false#g;' "${source_dir}"/browser/components/enterprisepolicies/schemas/policies-schema.json + +##################################### +# Script 4 tasks + +sed -i -r -e '2{ + iexport DEB_BUILD_HARDENING=1 + ;iexport DEB_BUILD_HARDENING_STACKPROTECTOR=1 + ;iexport DEB_BUILD_HARDENING_FORTIFY=1 + ;iexport DEB_BUILD_HARDENING_FORMAT=1 + ;iexport DEB_BUILD_HARDENING_PIE=1 + ;iexport CPP +} +/^EXPORTS/{ + iCPPFLAGS += -D_FORTIFY_SOURCE=2 + ;iCFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt + ;iCXXFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt + ;iLDFLAGS += -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now +} +2{ + iexport MOZ_NOSPAM=1 + iexport MACH_USE_SYSTEM_PYTHON=1 +} +' "${debian_dir}"/rules + +##################################### +# Additional steps for dpkg implementation + +# fix the binary name that gets installed in /usr/bin, and disable crash reporter by changing what variable name it looks for that will enable it +sed -i -e '/%if browser/,+2s/firefox/librewolf/' \ + -e '/%if CRASH_REPORTER/s/CRASH_REPORTER/CRASH_REPORTER_ENABLED/' \ + "${debian_dir}"/browser.install.in + +# add changelog contents for LibreWolf +new_changelog="$( mktemp )" +{ + cat < $( date "+%a, %d %b %+4Y %T %z" ) + +EOF + cat "${debian_dir}"/changelog +} > "${new_changelog}" +cat "${new_changelog}" > "${debian_dir}"/changelog + +rm -f "${new_changelog:-NOTHINGTODEL}" + +##################################### +# Build new assets +# dpkg-buildpackage needs the orig tarball, debian tarball, and dsc file. + +echo "Building new tarballs. This might take a while." 1>&2 + +# orig tarball +cd "${work_dir}" +tar -Jc -f librewolf_"${firefox_version}".orig.tar.xz -C "$( dirname "${source_dir}" )" librewolf_"${firefox_version}" + +# debian tarball +tar -Jc -f librewolf_"${debian_firefox_version}".debian.tar.xz -C "$( dirname "${debian_dir}" )" debian + +# dsc file, which needs to be modified +cd "${work_dir}" +sed -r \ + -e '/^(Files|Checksums-.{0,8}):/,$d' \ + -e '1,/^Format:/{/^Format:/!{d}}' \ + -e 's/^([[:alpha:]]+:).* firefox(-l10n[^\s]*)*/\1 librewolf/' \ + -e '/firefox-l10n/d' \ + -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack ' -e '}' \ + -e '/^Uploaders:/d' \ + -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \ + -e '/^Vcs-/d' \ + -e '/^ firefox/s/firefox/librewolf/g' \ + firefox_"${debian_firefox_version}".dsc > librewolf_"${debian_firefox_version}".dsc +{ + echo "Files:" + for word in librewolf*z ; + do + printf "%s %s\n" "$( stat -c '%s' "${word}" )" "$( md5sum "${word}" )" + done | awk '{print " "$2,$1,$3}' +} >> librewolf_"${debian_firefox_version}".dsc + +# And now you have in the ${work_dir} location three files. +# librewolf_80.3.orig.tar.xz librewolf_80.3-1.debian.tar.xz librewolf_80.3-1.dsc From 231e125b60cae4b5a4f3f7d98a054180aa2ef157 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 28 Dec 2020 19:38:33 -0500 Subject: [PATCH 2/5] update prep-librewolf-dpkg for 84.0-3 --- prep-librewolf-dpkg.conf | 12 ++++++------ prep-librewolf-dpkg.sh | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/prep-librewolf-dpkg.conf b/prep-librewolf-dpkg.conf index 5ffe9a7..ac5c93e 100644 --- a/prep-librewolf-dpkg.conf +++ b/prep-librewolf-dpkg.conf @@ -1,15 +1,15 @@ # Config file for prep-librewolf-dpkg.sh # Configure these settings before running that script. -debian_firefox_version=83.0-1 # current version of Firefox package in Debian sid -firefox_version=83.0 # current version of Firefox +debian_firefox_version=84.0-3 # current version of Firefox package in Debian sid +firefox_version=84.0 # current version of Firefox librewolf_common_url=https://gitlab.com/librewolf-community/browser/common.git librewolf_settings_url=https://gitlab.com/librewolf-community/settings.git librewolf_linux_url=https://gitlab.com/librewolf-community/browser/linux.git # user configurable -git_source_dir=/usr/src/librewolf # where LibreWolf git contents are cached -debian_dir=/home/librewolf/debian # where the firefox_debian.tar.xz file is extracted -source_dir=/home/librewolf/librewolf_${firefox_version} # where firefox.orig.tar.xz file is extracted with --strip-components=1 -work_dir=/home/librewolf +git_source_dir=/home/librewolf/git # where LibreWolf git contents are cached +debian_dir=/home/librewolf/${firefox_version}/debian # where the firefox_debian.tar.xz file is extracted +source_dir=/home/librewolf/${firefox_version}/librewolf_${firefox_version} # where firefox.orig.tar.xz file is extracted with --strip-components=1 +work_dir=/home/librewolf/${firefox_version}/ diff --git a/prep-librewolf-dpkg.sh b/prep-librewolf-dpkg.sh index 04d2c6a..3130c66 100755 --- a/prep-librewolf-dpkg.sh +++ b/prep-librewolf-dpkg.sh @@ -1,7 +1,7 @@ #!/bin/sh # File: prep-librewolf-dpkg.sh # Location: https://gitlab.com/bgstack15/librewolf-linux.git -# Latest supported version: librewolf-83.0-1 +# Latest supported version: librewolf-84.0-3 # Author: bgstack15 # SPDX-License-Identifier: CC-BY-SA-4.0 # Startdate: 2020-11-29 @@ -199,7 +199,7 @@ sed -i -e '/%if browser/,+2s/firefox/librewolf/' \ new_changelog="$( mktemp )" { cat < Date: Sun, 10 Jan 2021 11:53:09 -0500 Subject: [PATCH 3/5] update prep-librewolf-dpkg for 84.0.2 --- prep-librewolf-dpkg.conf | 4 ++-- prep-librewolf-dpkg.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/prep-librewolf-dpkg.conf b/prep-librewolf-dpkg.conf index ac5c93e..a607c75 100644 --- a/prep-librewolf-dpkg.conf +++ b/prep-librewolf-dpkg.conf @@ -1,8 +1,8 @@ # Config file for prep-librewolf-dpkg.sh # Configure these settings before running that script. -debian_firefox_version=84.0-3 # current version of Firefox package in Debian sid -firefox_version=84.0 # current version of Firefox +debian_firefox_version=84.0.2-1 # current version of Firefox package in Debian sid +firefox_version=84.0.2 # current version of Firefox librewolf_common_url=https://gitlab.com/librewolf-community/browser/common.git librewolf_settings_url=https://gitlab.com/librewolf-community/settings.git diff --git a/prep-librewolf-dpkg.sh b/prep-librewolf-dpkg.sh index 3130c66..584c67e 100755 --- a/prep-librewolf-dpkg.sh +++ b/prep-librewolf-dpkg.sh @@ -32,7 +32,7 @@ test ! -r "${librewolf_dpkg_conf}" && { echo "Unable to load config file, which # 1. orig tarball, which in Debian is not always the pristine contents from upstream source # 2. debian/ directory which defines how to build a package for Debian # 3. Debian source package control file -cd "${work_dir}" +mkdir -p "${work_dir}" ; cd "${work_dir}" test -z "${SKIP_DOWNLOAD}" && { wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${firefox_version}".orig.tar.xz # -O librewolf_"${firefox_version}".orig.tar.xz wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".debian.tar.xz # -O librewolf_"${debian_firefox_version}".debian.tar.xz From 17808dd8c6b92700a4b031e5b54e1c45cbd1f591 Mon Sep 17 00:00:00 2001 From: B Stack Date: Fri, 29 Jan 2021 08:13:08 -0500 Subject: [PATCH 4/5] add notes from !12 ohfp provided improvements at [!12#note_495484399](https://gitlab.com/librewolf-community/browser/linux/-/merge_requests/12#note_495484399) --- prep-librewolf-dpkg.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/prep-librewolf-dpkg.sh b/prep-librewolf-dpkg.sh index 584c67e..4715447 100755 --- a/prep-librewolf-dpkg.sh +++ b/prep-librewolf-dpkg.sh @@ -1,7 +1,7 @@ #!/bin/sh # File: prep-librewolf-dpkg.sh # Location: https://gitlab.com/bgstack15/librewolf-linux.git -# Latest supported version: librewolf-84.0-3 +# Latest supported version: librewolf-84.0.2-2 # Author: bgstack15 # SPDX-License-Identifier: CC-BY-SA-4.0 # Startdate: 2020-11-29 @@ -195,6 +195,16 @@ sed -i -e '/%if browser/,+2s/firefox/librewolf/' \ -e '/%if CRASH_REPORTER/s/CRASH_REPORTER/CRASH_REPORTER_ENABLED/' \ "${debian_dir}"/browser.install.in +# instruct dpkg to include the librewolf settings +rm -rf "${debian_dir}"/librewolf_settings +cp -pr "${git_source_dir}"/settings "${debian_dir}"/librewolf_settings +rm -rf "${debian_dir}"/librewolf_settings/.git* +cat <> "${debian_dir}"/browser.install.in +librewolf_settings/librewolf.cfg usr/lib/@browser@ +librewolf_settings/defaults usr/lib/@browser@ +librewolf_settings/distribution usr/lib/@browser@ +EOF + # add changelog contents for LibreWolf new_changelog="$( mktemp )" { From 77543c38c5946afdbbd730b351fefd1e52b67134 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 1 Feb 2021 09:38:02 -0500 Subject: [PATCH 5/5] fix where browser.install.in lists files --- prep-librewolf-dpkg.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prep-librewolf-dpkg.sh b/prep-librewolf-dpkg.sh index 4715447..023ddfb 100755 --- a/prep-librewolf-dpkg.sh +++ b/prep-librewolf-dpkg.sh @@ -200,9 +200,9 @@ rm -rf "${debian_dir}"/librewolf_settings cp -pr "${git_source_dir}"/settings "${debian_dir}"/librewolf_settings rm -rf "${debian_dir}"/librewolf_settings/.git* cat <> "${debian_dir}"/browser.install.in -librewolf_settings/librewolf.cfg usr/lib/@browser@ -librewolf_settings/defaults usr/lib/@browser@ -librewolf_settings/distribution usr/lib/@browser@ +debian/librewolf_settings/librewolf.cfg usr/lib/@browser@ +debian/librewolf_settings/defaults usr/lib/@browser@ +debian/librewolf_settings/distribution usr/lib/@browser@ EOF # add changelog contents for LibreWolf