ayaports/user/firefox-esr/APKBUILD

663 lines
18 KiB
Text

# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=102.10.0
# Date of release, YY-MM-DD for metainfo file (see package())
_releasedate=2023-04-11
pkgrel=2
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
# s390x and riscv64: blocked by rust and cargo
# armhf: build failure on armhf due to wasm
arch="x86_64 armv7 aarch64 x86 ppc64le"
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
install="$pkgname.post-upgrade"
depends="
ffmpeg5-libavcodec
"
makedepends="
alsa-lib-dev
automake
bsd-compat-headers
cargo
cbindgen
clang15-dev
dbus-glib-dev
gettext
gtk+3.0-dev
hunspell-dev
icu-dev>=69.1
libevent-dev
libffi-dev
libjpeg-turbo-dev
libnotify-dev
libogg-dev
libtheora-dev
libtool
libvorbis-dev
libvpx-dev
libwebp-dev
libxcomposite-dev
libxt-dev
lld
llvm-dev
m4
mesa-dev
nasm
nodejs
nspr-dev
nss-dev
pipewire-dev
pulseaudio-dev
py3-psutil
py3-zstandard
python3
sed
wasi-sdk
wireless-tools-dev
zip
"
source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
allow-custom-rust-vendor.patch
avoid-redefinition.patch
disable-moz-stackwalk.patch
esr-metainfo.patch
fix-neon-aom.patch
fix-fortify-system-wrappers.patch
fix-rust-target.patch
fix-webrtc-glibcisms.patch
mallinfo.patch
python-deps.patch
sandbox-fork.patch
sandbox-largefile.patch
sandbox-sched_setscheduler.patch
zstandard.patch
stab.h
firefox.desktop
mozilla-location.keys
vendor-prefs.js
"
builddir="$srcdir/firefox-$pkgver"
_mozappdir=/usr/lib/firefox-esr
# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
# secfixes:
# 102.1.0-r0:
# - CVE-2022-2505
# - CVE-2022-36314
# - CVE-2022-36318
# - CVE-2022-36319
# 91.11.0-r0:
# - CVE-2022-2200
# - CVE-2022-31744
# - CVE-2022-34468
# - CVE-2022-34470
# - CVE-2022-34472
# - CVE-2022-34478
# - CVE-2022-34479
# - CVE-2022-34481
# - CVE-2022-34484
# 91.10.0-r0:
# - CVE-2022-31736
# - CVE-2022-31737
# - CVE-2022-31738
# - CVE-2022-31739
# - CVE-2022-31740
# - CVE-2022-31741
# - CVE-2022-31742
# - CVE-2022-31747
# 91.9.1-r0:
# - CVE-2022-1529
# - CVE-2022-1802
# 91.9.0-r0:
# - CVE-2022-29909
# - CVE-2022-29911
# - CVE-2022-29912
# - CVE-2022-29914
# - CVE-2022-29916
# - CVE-2022-29917
# 91.8.0-r0:
# - CVE-2022-1097
# - CVE-2022-1196
# - CVE-2022-24713
# - CVE-2022-28281
# - CVE-2022-28282
# - CVE-2022-28285
# - CVE-2022-28286
# - CVE-2022-28289
# 91.7.0-r0:
# - CVE-2022-26381
# - CVE-2022-26383
# - CVE-2022-26384
# - CVE-2022-26386
# - CVE-2022-26387
# 91.6.1-r0:
# - CVE-2022-26485
# - CVE-2022-26486
# 91.6.0-r0:
# - CVE-2022-22754
# - CVE-2022-22756
# - CVE-2022-22759
# - CVE-2022-22760
# - CVE-2022-22761
# - CVE-2022-22763
# - CVE-2022-22764
# 91.5.0-r0:
# - CVE-2021-4140
# - CVE-2022-22737
# - CVE-2022-22738
# - CVE-2022-22739
# - CVE-2022-22740
# - CVE-2022-22741
# - CVE-2022-22742
# - CVE-2022-22743
# - CVE-2022-22744
# - CVE-2022-22745
# - CVE-2022-22746
# - CVE-2022-22747
# - CVE-2022-22748
# - CVE-2022-22751
# 91.4.0-r0:
# - CVE-2021-43536
# - CVE-2021-43537
# - CVE-2021-43538
# - CVE-2021-43539
# - CVE-2021-43541
# - CVE-2021-43542
# - CVE-2021-43543
# - CVE-2021-43545
# - CVE-2021-43546
# 91.3.0-r0:
# - CVE-2021-38503
# - CVE-2021-38504
# - CVE-2021-38505
# - CVE-2021-38506
# - CVE-2021-38507
# - CVE-2021-38508
# - CVE-2021-38509
# - CVE-2021-38510
# 91.2.0-r0:
# - CVE-2021-32810
# - CVE-2021-38492
# - CVE-2021-38493
# - CVE-2021-38495
# - CVE-2021-38496
# - CVE-2021-38497
# - CVE-2021-38498
# - CVE-2021-38500
# - CVE-2021-38501
# 78.13.0-r0:
# - CVE-2021-29980
# - CVE-2021-29984
# - CVE-2021-29985
# - CVE-2021-29986
# - CVE-2021-29988
# - CVE-2021-29989
# 78.12.0-r0:
# - CVE-2021-29970
# - CVE-2021-29976
# - CVE-2021-30547
# 78.11.0-r0:
# - CVE-2021-29967
# 78.10.0-r0:
# - CVE-2021-23961
# - CVE-2021-23994
# - CVE-2021-23995
# - CVE-2021-23998
# - CVE-2021-23999
# - CVE-2021-24002
# - CVE-2021-29945
# - CVE-2021-29946
# 78.9.0-r0:
# - CVE-2021-23981
# - CVE-2021-23982
# - CVE-2021-23984
# - CVE-2021-23987
# 78.8.0-r0:
# - CVE-2021-23968
# - CVE-2021-23969
# - CVE-2021-23973
# - CVE-2021-23978
# 78.7.0-r0:
# - CVE-2020-26976
# - CVE-2021-23953
# - CVE-2021-23954
# - CVE-2021-23960
# - CVE-2021-23964
# 78.6.1-r0:
# - CVE-2020-16044
# 78.6.0-r0:
# - CVE-2020-16042
# - CVE-2020-26971
# - CVE-2020-26973
# - CVE-2020-26974
# - CVE-2020-26978
# - CVE-2020-35111
# - CVE-2020-35112
# - CVE-2020-35113
# 78.5.0-r0:
# - CVE-2020-15683
# - CVE-2020-15969
# - CVE-2020-15999
# - CVE-2020-16012
# - CVE-2020-26950
# - CVE-2020-26951
# - CVE-2020-26953
# - CVE-2020-26956
# - CVE-2020-26958
# - CVE-2020-26959
# - CVE-2020-26960
# - CVE-2020-26961
# - CVE-2020-26965
# - CVE-2020-26966
# - CVE-2020-26968
# 78.3.0-r0:
# - CVE-2020-15673
# - CVE-2020-15676
# - CVE-2020-15677
# - CVE-2020-15678
# 78.2.0-r0:
# - CVE-2020-15663
# - CVE-2020-15664
# - CVE-2020-15670
# 78.1.0-r0:
# - CVE-2020-15652
# - CVE-2020-15653
# - CVE-2020-15654
# - CVE-2020-15655
# - CVE-2020-15656
# - CVE-2020-15657
# - CVE-2020-15658
# - CVE-2020-15659
# - CVE-2020-6463
# - CVE-2020-6514
# 68.10.0-r0:
# - CVE-2020-12417
# - CVE-2020-12418
# - CVE-2020-12419
# - CVE-2020-12420
# - CVE-2020-12421
# 68.9.0-r0:
# - CVE-2020-12399
# - CVE-2020-12405
# - CVE-2020-12406
# - CVE-2020-12410
# 68.8.0-r0:
# - CVE-2020-12387
# - CVE-2020-12388
# - CVE-2020-12389
# - CVE-2020-12392
# - CVE-2020-12393
# - CVE-2020-12395
# - CVE-2020-6831
# 68.7.0-r0:
# - CVE-2020-6821
# - CVE-2020-6822
# - CVE-2020-6825
# 68.6.1-r0:
# - CVE-2020-6819
# - CVE-2020-6820
# 68.6.0-r0:
# - CVE-2019-20503
# - CVE-2020-6805
# - CVE-2020-6806
# - CVE-2020-6807
# - CVE-2020-6811
# - CVE-2020-6812
# - CVE-2020-6814
# 68.5.0-r0:
# - CVE-2020-6796
# - CVE-2020-6797
# - CVE-2020-6798
# - CVE-2020-6799
# - CVE-2020-6800
# 68.4.1-r0:
# - CVE-2019-17016
# - CVE-2019-17022
# - CVE-2019-17024
# - CVE-2019-17026
# 68.3.0-r0:
# - CVE-2019-17005
# - CVE-2019-17008
# - CVE-2019-17009
# - CVE-2019-17010
# - CVE-2019-17011
# - CVE-2019-17012
# 68.2.0-r0:
# - CVE-2019-11757
# - CVE-2019-11758
# - CVE-2019-11759
# - CVE-2019-11760
# - CVE-2019-11761
# - CVE-2019-11762
# - CVE-2019-11763
# - CVE-2019-11764
# - CVE-2019-15903
# 68.1.0-r0:
# - CVE-2019-9812
# - CVE-2019-11740
# - CVE-2019-11742
# - CVE-2019-11743
# - CVE-2019-11744
# - CVE-2019-11746
# - CVE-2019-11752
# 68.0.2-r0:
# - CVE-2019-11733
# 68.0-r0:
# - CVE-2019-11709
# - CVE-2019-11711
# - CVE-2019-11712
# - CVE-2019-11713
# - CVE-2019-11715
# - CVE-2019-11717
# - CVE-2019-11719
# - CVE-2019-11729
# - CVE-2019-11730
# - CVE-2019-9811
# 60.7.2-r0:
# - CVE-2019-11708
# 60.7.1-r0:
# - CVE-2019-11707
# 60.7.0-r0:
# - CVE-2019-9815
# - CVE-2019-9816
# - CVE-2019-9817
# - CVE-2019-9818
# - CVE-2019-9819
# - CVE-2019-9820
# - CVE-2019-11691
# - CVE-2019-11692
# - CVE-2019-11693
# - CVE-2019-7317
# - CVE-2019-9797
# - CVE-2018-18511
# - CVE-2019-11694
# - CVE-2019-11698
# - CVE-2019-5798
# - CVE-2019-9800
# 60.6.1-r0:
# - CVE-2019-9810
# - CVE-2019-9813
# - CVE-2019-9790
# - CVE-2019-9791
# - CVE-2019-9792
# - CVE-2019-9793
# - CVE-2019-9794
# - CVE-2019-9795
# - CVE-2019-9796
# - CVE-2019-9801
# - CVE-2018-18506
# - CVE-2019-9788
# 60.5.2-r0:
# - CVE-2019-5785
# - CVE-2018-18335
# - CVE-2018-18356
# 60.5.0-r0:
# - CVE-2018-18500
# - CVE-2018-18505
# - CVE-2018-18501
# 52.6.0-r0:
# - CVE-2018-5089
# - CVE-2018-5091
# - CVE-2018-5095
# - CVE-2018-5096
# - CVE-2018-5097
# - CVE-2018-5098
# - CVE-2018-5099
# - CVE-2018-5102
# - CVE-2018-5103
# - CVE-2018-5104
# - CVE-2018-5117
# 52.5.2-r0:
# - CVE-2017-7843
# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}
export SHELL=/bin/sh
export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export USE_SHORT_LIBNAME=1
export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
export MOZ_APP_PROFILE="mozilla/firefox"
export MOZ_APP_REMOTINGNAME=firefox-esr
export MOZBUILD_STATE_PATH="$srcdir"/mozbuild
# disable desktop notifications
export MOZ_NOSPAM=1
# Find our triplet JSON
export RUST_TARGET="$CTARGET"
# Build with Clang, takes less RAM
export CC="clang-15"
export CXX="clang++-15"
# set rpath so linker finds the libs
export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"
# let firefox do this itself.
unset CARGO_PROFILE_RELEASE_OPT_LEVEL
unset CARGO_PROFILE_RELEASE_LTO
export CFLAGS="$CFLAGS -O2"
export CXXFLAGS="$CXXFLAGS -O2"
export CARGO_REGISTRIES_CRATES_IO_PROTOCOL="sparse"
prepare() {
default_prepare
cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
base64 -d "$srcdir"/mozilla-location.keys > "$builddir"/mozilla-api-key
_clear_vendor_checksums audio_thread_priority
_clear_vendor_checksums target-lexicon-0.9.0
_clear_vendor_checksums packed_simd_2
# webrtc does not build on these
case "$CARCH" in
ppc64le)
local webrtc_config="ac_add_options --disable-webrtc"
;;
esac
case "$CARCH" in
armv7)
# broken here
local rust_simd="ac_add_options --disable-rust-simd"
;;
*)
local rust_simd="ac_add_options --enable-rust-simd"
;;
esac
case "$CARCH" in
aarch64|arm*|x86*)
# disable-elf-hack: exists only on aarch64, arm*, x86, x86_64
local arch_config="ac_add_options --disable-elf-hack"
;;
esac
# sandbox only supported here
case "$CARCH" in
x86*|armv7|aarch64)
local sandbox="ac_add_options --enable-sandbox"
;;
*)
local sandbox="ac_add_options --disable-sandbox"
;;
esac
cat > base-mozconfig <<-EOF
# disable unwanted things
ac_add_options --disable-bootstrap
ac_add_options --disable-cargo-incremental
ac_add_options --disable-crashreporter
ac_add_options --disable-debug
ac_add_options --disable-debug-symbols
ac_add_options --disable-install-strip
ac_add_options --disable-jemalloc
ac_add_options --disable-strip
ac_add_options --disable-tests
ac_add_options --disable-updater
# features
ac_add_options --enable-alsa
ac_add_options --enable-dbus
ac_add_options --enable-default-toolkit=cairo-gtk3-wayland
ac_add_options --enable-ffmpeg
ac_add_options --enable-hardening
ac_add_options --enable-linker=lld
ac_add_options --enable-necko-wifi
ac_add_options --enable-official-branding
ac_add_options --enable-optimize="$CFLAGS"
ac_add_options --enable-pulseaudio
ac_add_options --enable-release
ac_add_options --enable-update-channel=release
# system libs
ac_add_options --enable-system-pixman
ac_add_options --with-system-ffi
ac_add_options --with-system-icu
ac_add_options --with-system-jpeg
ac_add_options --with-system-libevent
ac_add_options --with-system-libvpx
ac_add_options --with-system-nspr
ac_add_options --with-system-nss
ac_add_options --with-system-png
ac_add_options --with-system-webp
ac_add_options --with-system-zlib
# misc
ac_add_options --allow-addon-sideload
ac_add_options --prefix=/usr
ac_add_options --with-app-name=firefox-esr
ac_add_options --with-distribution-id=org.alpinelinux
ac_add_options --with-libclang-path=/usr/lib
ac_add_options --with-unsigned-addon-scopes=app,system
#ac_add_options --with-wasi-sysroot=/usr/share/wasi-sysroot
ac_add_options --without-wasm-sandboxed-libraries
ac_add_options --host=$CHOST
ac_add_options --target=$CTARGET
# objdir
mk_add_options MOZ_OBJDIR="$builddir/obj"
mk_add_options RUSTFLAGS="$RUSTFLAGS"
# keys
# these are for alpine linux use only
ac_add_options --with-mozilla-api-keyfile="$builddir/mozilla-api-key"
$arch_config
$rust_simd
$sandbox
$webrtc_config
EOF
}
build() {
cat > .mozconfig base-mozconfig
export MOZ_BUILD_DATE=$(date ${SOURCE_DATE_EPOCH:+ -d@${SOURCE_DATE_EPOCH}} "+%Y%m%d%H%M%S")
# for lto
ulimit -n 4096
# can't be set here and fail
unset RUSTFLAGS
local thinlto_jobs=${JOBS:-1}
case "$CARCH" in
# on this platforms, lld seems to not utilise >1 threads for thinlto for some reason.
# at the same time, having more than 8 also crashes lld for firefox buildsystems (why?).
aarch64)
if [ $thinlto_jobs -gt 8 ]; then
thinlto_jobs=8
fi
;;
esac
export LDFLAGS="$LDFLAGS -Wl,--thinlto-jobs=$thinlto_jobs"
case "$CARCH" in
# lto for 64-bit systems only
aarch64|x86_64|ppc64le)
cat > .mozconfig base-mozconfig <<-EOF
ac_add_options --enable-lto=cross
EOF
esac
./mach build
}
package() {
DESTDIR="$pkgdir" ./mach install
local _png
for _png in ./browser/branding/official/default*.png; do
local i=${_png%.png}
i=${i##*/default}
install -Dm644 "$_png" \
"$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox-esr.png
done
install -Dm644 browser/branding/official/content/about-logo.png \
"$pkgdir"/usr/share/icons/hicolor/192x192/apps/firefox-esr.png
install -Dm644 browser/branding/official/content/about-logo@2x.png \
"$pkgdir"/usr/share/icons/hicolor/384x384/apps/firefox-esr.png
install -Dm644 browser/branding/official/content/about-logo.svg \
"$pkgdir"/usr/share/icons/hicolor/scalable/apps/firefox-esr.svg
install -Dm644 "$srcdir"/firefox.desktop \
"$pkgdir"/usr/share/applications/firefox-esr.desktop
# install our vendor prefs
install -Dm644 "$srcdir"/vendor-prefs.js \
"$pkgdir"/$_mozappdir/browser/defaults/preferences/vendor.js
# Generate appdata file
mkdir -p "$pkgdir"/usr/share/metainfo/
export VERSION="$pkgver"
export DATE="$_releasedate"
envsubst < "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox-esr.appdata.xml
# Replace duplicate binary with wrapper
# https://bugzilla.mozilla.org/show_bug.cgi?id=658850
install -Dm755 /dev/stdin "$pkgdir"/usr/bin/firefox-esr <<- EOF
#!/bin/sh
exec $_mozappdir/firefox-esr "\$@"
EOF
rm "$pkgdir"/$_mozappdir/firefox-esr-bin
ln -sfv /usr/bin/firefox-esr "$pkgdir"/$_mozappdir/firefox-esr-bin
}
sha512sums="
f2b53c35bdd22a3de6f32699b832babcbf499667197c02dd50cf0b6cd956e0f4471f420938c2ab72f0a0686ed99fe74e3184afe9b5f7169130879b8f8fd99f0b firefox-102.10.0esr.source.tar.xz
4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch
b1cb2db3122634f66d2bae7066e76f2dcd455c464e021db4de3b0a08314df95cb667846081682db549dd2af8a00831cabe44a2420c66cdfb5e3b5fa7e6bd21d3 avoid-redefinition.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch
f7b3b45ba04d05d17439d009bf0c9f27881e126f424e2257552338a0c1e3771ee1289c044babcb0920f62af62873a268c0cf524e1d35711e6dc8b808ca5e9f26 esr-metainfo.patch
d3a54897089eda9fdfe4b25ade1cb2c01c4b31fa9bf0e0ddbb0bbe674072ec5d36a6e52f791a8cbc8d3908e912ac2d7edec69b34d87ecca0acca876d45974c8d fix-neon-aom.patch
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556 fix-rust-target.patch
305c874fdea3096e9c4c6aa6520ac64bb1c347c4b59db8360096646593fe684c3b5377874d91cecd33d56d1410b4714fbdea2b514923723ecbeff79d51265d9b fix-webrtc-glibcisms.patch
a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch
f3d419880cc7f043b6eb547894d486457d407640be2bd8b402eb3a534ccea39568f6d506fc44a3b29c94eb0dc6fc2bec6600d161786fd233d26b1dc8970f5ab4 python-deps.patch
2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609 sandbox-fork.patch
b7d0a6126bdf6c0569f80aabf5b37ed2c7a35712eb8a0404a2d85381552f5555d4f97d213ea26cec6a45dc2785f22439376ed5f8e78b4fd664ef0223307b333e sandbox-largefile.patch
94433c5ffdbe579c456d95c5f053f61fcbab2f652fa90bc69dcc27d9a1507a8e5c677adeadae9a7a75cc9a55184c1040737f4dfd10b279c088ef016561e6f135 sandbox-sched_setscheduler.patch
12fbe50d94624931a581314b8e6e228a1f8a4550704a6ee4f8904184ac4727efd90982e87a8fdd318e15515f9430dfc6cf7455b301e903003027b3f0afa79795 zstandard.patch
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
d354f48a29bfc16719f3b230b1395063239d4420f9e47522de4662392d9697b15f931ca3bf6055d100fa33d61a9a1a13477687d5eac99e50ae7dbef9882a5808 firefox.desktop
382510375b1a2fa79be0ab79e3391a021ae2c022429ffbaa7e7a69166f99bb56d01e59a1b10688592a29238f21c9d6977672bd77f9fae439b66bdfe0c55ddb15 mozilla-location.keys
fc45bc3ffb9404e5338ea26a9f04807b40f6f516324972cddd48bedb91b8bd7c6b8d4e03a0209020f5e67b703bc4ff89389985791b9bd544a0fc3951e2dc338e vendor-prefs.js
"