diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-09-04 14:25:37 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-09-04 14:25:37 -0700 |
| commit | 11facc73037f16dfc48126fd987bb8f30dc77681 (patch) | |
| tree | 4cd65454d98c9d0e0cc822dfbdd1065637f2ca86 | |
| parent | Updated to 69.0 (diff) | |
| download | firefox-11facc73037f16dfc48126fd987bb8f30dc77681.tar.xz | |
Split out mozconfigs and distribution to ease diffing
Enable -fstack-protector-all
Make -O3 global
Disable gimmicky internal hardening
| -rw-r--r-- | PKGBUILD | 105 | ||||
| -rw-r--r-- | distribution.ini | 9 | ||||
| -rw-r--r-- | makepkg.conf.firefox | 147 | ||||
| -rw-r--r-- | mozconfig.common.override | 3 | ||||
| -rw-r--r-- | mozconfig.in | 73 |
5 files changed, 102 insertions, 235 deletions
@@ -37,6 +37,9 @@ optdepends=('networkmanager: Location detection via available WiFi networks' options=(!emptydirs !makeflags) source=("https://archive.mozilla.org/pub/$pkgname/releases/$pkgver/source/$pkgname-$pkgver.source.tar.xz"{,.asc} $pkgname.desktop $pkgname-symbolic.svg + distribution.ini + mozconfig.in + mozconfig.common.override 0001-Use-remoting-name-for-GDK-application-names.patch pgo-1.patch moz.configure.diff @@ -45,6 +48,9 @@ sha256sums=('413c3febdfeb69eade818824eecbdb11eaeda71de229573810afd641ba741ec5' 'SKIP' '54dcf5e1b91db3f586a7e27814552f96578b9d9495b7b10b268e36f64b49d4d1' '9a1a572dc88014882d54ba2d3079a1cf5b28fa03c5976ed2cb763c93dabbd797' + '0ba4d1a619a3a5750a5a48c6bff8c6a69d3aa4be4c303032c5979ab5f68db208' + '1cc0730e0f0285f45f30feeeee6d7757931b25263b35b041abd71c2e0486210d' + 'dcf70d24eedab79d811974a75663f0e84c5efca420da61fc444ebe311d0cada9' 'ab07ab26617ff76fce68e07c66b8aa9b96c2d3e5b5517e51a3c3eac2edd88894' 'a8c15c9d54ef8b360c0932f4ccf5e74954f14e9a9c2a1ae924b6c392075b2b8c' 'ad8a270e1b2affb098440f82517c3952207b28ebf604fef695dad3e29a5ba30e' @@ -61,82 +67,12 @@ prepare() { # Apply pgo patches patch -p0 $srcdir/${pkgname}-${pkgver}/security/sandbox/linux/moz.build $srcdir/pgo-1.patch - cat >$srcdir/${pkgname}-${pkgver}/.mozconfig <<END -ac_add_options --enable-application=browser - -ac_add_options --prefix=/usr -ac_add_options --enable-release -ac_add_options --enable-hardening -ac_add_options --enable-optimize -ac_add_options --enable-rust-simd -ac_add_options --enable-lto -ac_add_options --enable-linker=gold -export MOZ_PGO=1 -export CC=gcc -export CXX=g++ -export AR=gcc-ar -export NM=gcc-nm -export RANLIB=gcc-ranlib - -# Branding -ac_add_options --enable-official-branding -ac_add_options --enable-update-channel=release -ac_add_options --with-distribution-id=org.artixlinux -ac_add_options --with-unsigned-addon-scopes=app,system - -# System libraries -ac_add_options --with-system-bz2 -ac_add_options --with-system-ffi -ac_add_options --with-system-icu -ac_add_options --with-system-jpeg -ac_add_options --with-system-libevent -ac_add_options --with-system-libvpx -ac_add_options --with-system-nspr -ac_add_options --with-system-nss -ac_add_options --enable-system-pixman -ac_add_options --with-system-png -ac_add_options --enable-system-sqlite -ac_add_options --with-system-webp -ac_add_options --with-system-zlib - - -# Features -ac_add_options --enable-alsa -ac_add_options --enable-jack -ac_add_options --enable-startup-notification -ac_add_options --disable-cdp -ac_add_options --disable-crashreporter -ac_add_options --disable-debug -ac_add_options --disable-debug-symbols -ac_add_options --disable-eme -ac_add_options --disable-gconf -# # marionette required for the xorg tests -# ac_add_options --disable-marionette -ac_add_options --disable-necko-wifi -ac_add_options --disable-parental-controls -ac_add_options --disable-synth-speechd -ac_add_options --disable-tests -ac_add_options --disable-updater -ac_add_options --disable-webrtc -# # Disabling webspeech breaks compiling ff67+ -# ac_add_options --disable-webspeech - -ac_add_options --enable-strip - -mk_add_options MOZ_MAKE_FLAGS="$MAKEFLAGS" -export MOZ_APP_REMOTINGNAME=$pkgname -export MOZ_ADDON_SIGNING=0 -export MOZ_REQUIRE_SIGNING=0 - -END - -# MOZ_TELEMETRY_REPORTING only applied correctly when set in this override file - cat >$srcdir/${pkgname}-${pkgver}/build/mozconfig.common.override <<END -export MOZ_TELEMETRY_REPORTING=0 -export MOZ_DATA_REPORTING=0 -export ACCESSIBILITY=0 - -END + # Add the custom mozconfig + cp $srcdir/mozconfig.in $srcdir/${pkgname}-${pkgver}/.mozconfig + + # MOZ_TELEMETRY_REPORTING only applied correctly when set in this override file + cp $srcdir/mozconfig.common.override $srcdir/${pkgname}-${pkgver}/build/mozconfig.common.override + # Disable various components at the source level #sed -i 's|[;]1|;0|' $srcdir/${pkgname}-${pkgver}/toolkit/components/telemetry/TelemetryStartup.manifest @@ -163,6 +99,9 @@ build() { export MOZ_NOSPAM=1 export MOZBUILD_STATE_PATH="$srcdir/mozbuild" + export CFLAGS="$CFLAGS -fstack-protector-all -O3" + export CXXFLAGS="$CXXFLAGS -fstack-protector-all -O3" + export LDFLAGS="$LDFLAGS,-fuse-ld=gold" # LTO needs more open files ulimit -n 4096 msg2 "Building optimized browser..." @@ -177,18 +116,8 @@ package() { DESTDIR="$pkgdir" ./mach install - install -Dm644 /dev/stdin \ - "$pkgdir/usr/lib/$pkgname/distribution/distribution.ini" <<END -[Global] -id=artixlinux -version=1.0 -about=Mozilla Firefox for Artix Linux - -[Preferences] -app.distributor=artixlinux -app.distributor.channel=$pkgname -app.partner.artixlinux=artixlinux -END + install -Dm644 $srcdir/distribution.ini \ + "$pkgdir/usr/lib/$pkgname/distribution/distribution.ini" # don't duplicate the binary, use a symlink instead rm "$pkgdir/usr/bin/firefox" diff --git a/distribution.ini b/distribution.ini new file mode 100644 index 0000000..02c5ef4 --- /dev/null +++ b/distribution.ini @@ -0,0 +1,9 @@ +[Global] +id=artixlinux +version=1.0 +about=Mozilla Firefox for Artix Linux + +[Preferences] +app.distributor=artixlinux +app.distributor.channel=firefox +app.partner.artixlinux=artixlinux diff --git a/makepkg.conf.firefox b/makepkg.conf.firefox deleted file mode 100644 index b109d28..0000000 --- a/makepkg.conf.firefox +++ /dev/null @@ -1,147 +0,0 @@ -#!/hint/bash -# -# /etc/makepkg.conf -# - -######################################################################### -# SOURCE ACQUISITION -######################################################################### -# -#-- The download utilities that makepkg should use to acquire sources -# Format: 'protocol::agent' -DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u' - 'ftp::/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u' - 'http::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' - 'https::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' - 'rsync::/usr/bin/rsync --no-motd -z %u %o' - 'scp::/usr/bin/scp -C %u %o') - -# Other common tools: -# /usr/bin/snarf -# /usr/bin/lftpget -c -# /usr/bin/wget - -#-- The package required by makepkg to download VCS sources -# Format: 'protocol::package' -VCSCLIENTS=('bzr::bzr' - 'git::git' - 'hg::mercurial' - 'svn::subversion') - -######################################################################### -# ARCHITECTURE, COMPILE FLAGS -######################################################################### -# -CARCH="x86_64" -CHOST="x86_64-pc-linux-gnu" - -#-- Compiler and Linker Flags -CPPFLAGS="-D_FORTIFY_SOURCE" - -# # cargo contained in firefox 68 breaks if -flto is set here -CFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fno-plt -fstack-protector-strong -fstack-clash-protection -Wno-error=odr -Wno-error=stringop-overflow -Walloc-size-larger-than=$(getconf ULONG_MAX)" -CXXFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fno-plt -fstack-protector-strong -fstack-clash-protection -Wno-error=odr -Wno-error=stringop-overflow -Walloc-size-larger-than=$(getconf ULONG_MAX)" -LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" -#-- Make Flags: change this for DistCC/SMP systems -MAKEFLAGS="-j4" -#-- Debugging flags -DEBUG_CFLAGS="-g -fvar-tracking-assignments" -DEBUG_CXXFLAGS="-g -fvar-tracking-assignments" - -######################################################################### -# BUILD ENVIRONMENT -######################################################################### -# -# Defaults: BUILDENV=(!distcc !color !ccache check !sign) -# A negated environment option will do the opposite of the comments below. -# -#-- distcc: Use the Distributed C/C++/ObjC compiler -#-- color: Colorize output messages -#-- ccache: Use ccache to cache compilation -#-- check: Run the check() function if present in the PKGBUILD -#-- sign: Generate PGP signature file -# -BUILDENV=(!distcc color !ccache check !sign) -# -#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, -#-- specify a space-delimited list of hosts running in the DistCC cluster. -#DISTCC_HOSTS="" -# -#-- Specify a directory for package building. -#BUILDDIR=/path - -######################################################################### -# GLOBAL PACKAGE OPTIONS -# These are default values for the options=() settings -######################################################################### -# -# Default: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug) -# A negated option will do the opposite of the comments below. -# -#-- strip: Strip symbols from binaries/libraries -#-- docs: Save doc directories specified by DOC_DIRS -#-- libtool: Leave libtool (.la) files in packages -#-- staticlibs: Leave static library (.a) files in packages -#-- emptydirs: Leave empty directories in packages -#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip -#-- purge: Remove files specified by PURGE_TARGETS -#-- debug: Add debugging flags as specified in DEBUG_* variables -# -OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug) - -#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 -INTEGRITY_CHECK=(sha512) -#-- Options to be used when stripping binaries. See `man strip' for details. -STRIP_BINARIES="--strip-all" -#-- Options to be used when stripping shared libraries. See `man strip' for details. -STRIP_SHARED="--strip-unneeded" -#-- Options to be used when stripping static libraries. See `man strip' for details. -STRIP_STATIC="--strip-debug" -#-- Manual (man and info) directories to compress (if zipman is specified) -MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info}) -#-- Doc directories to remove (if !docs is specified) -DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc}) -#-- Files to be removed from all packages (if purge is specified) -PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod) -#-- Directory to store source code in for debug packages -DBGSRCDIR="/usr/src/debug" - -######################################################################### -# PACKAGE OUTPUT -######################################################################### -# -# Default: put built package and cached source in build directory -# -#-- Destination: specify a fixed directory where all packages will be placed -#PKGDEST=/path -#-- Source cache: specify a fixed directory where source files will be cached -#SRCDEST=/path -#-- Source packages: specify a fixed directory where all src packages will be placed -#SRCPKGDEST=/path -#-- Log files: specify a fixed directory where all log files will be placed -#LOGDEST=/path -#-- Packager: name/email of the person or organization building packages -#PACKAGER= -#-- Specify a key to use for package signing -#GPGKEY= - -######################################################################### -# COMPRESSION DEFAULTS -######################################################################### -# -COMPRESSGZ=(gzip -c -f -n) -COMPRESSBZ2=(bzip2 -c -f) -COMPRESSXZ=(xz -c -z - -9e -T 0) -COMPRESSLRZ=(lrzip -q) -COMPRESSLZO=(lzop -q) -COMPRESSZ=(compress -c -f) - -######################################################################### -# EXTENSION DEFAULTS -######################################################################### -# -# WARNING: Do NOT modify these variables unless you know what you are -# doing. -# -PKGEXT='.pkg.tar.xz' -SRCEXT='.src.tar.gz' diff --git a/mozconfig.common.override b/mozconfig.common.override new file mode 100644 index 0000000..6e05ceb --- /dev/null +++ b/mozconfig.common.override @@ -0,0 +1,3 @@ +export MOZ_TELEMETRY_REPORTING=0 +export MOZ_DATA_REPORTING=0 +export ACCESSIBILITY=0 diff --git a/mozconfig.in b/mozconfig.in new file mode 100644 index 0000000..b2e41e7 --- /dev/null +++ b/mozconfig.in @@ -0,0 +1,73 @@ +ac_add_options --enable-application=browser +export MOZ_APP_REMOTINGNAME=firefox + +# Compiler and Linker +ac_add_options --prefix=/usr +ac_add_options --enable-release +ac_add_options --enable-optimize +ac_add_options --disable-hardening +ac_add_options --enable-rust-simd +ac_add_options --enable-lto +#ac_add_options --enable-linker=gold +ac_add_options --disable-elf-hack +#ac_add_options --enable-strip +#ac_add_options --enable-install-strip +export MOZ_PGO=1 +export CC=gcc +export CXX=g++ +export AR=gcc-ar +export NM=gcc-nm +export RANLIB=gcc-ranlib + +# Branding +ac_add_options --enable-official-branding +ac_add_options --enable-update-channel=release +ac_add_options --with-distribution-id=org.artixlinux +ac_add_options --with-unsigned-addon-scopes=app,system + +# System libraries +ac_add_options --with-system-bz2 +ac_add_options --with-system-ffi +ac_add_options --with-system-icu +ac_add_options --with-system-jpeg +ac_add_options --with-system-libevent +ac_add_options --with-system-libvpx +ac_add_options --with-system-nspr +ac_add_options --with-system-nss +ac_add_options --enable-system-pixman +ac_add_options --with-system-png +ac_add_options --enable-system-sqlite +ac_add_options --with-system-webp +ac_add_options --with-system-zlib + +# Features +ac_add_options --enable-alsa +ac_add_options --enable-av1 +ac_add_options --enable-jack +ac_add_options --enable-startup-notification + +# Disables +ac_add_options --disable-accessibility +ac_add_options --disable-cdp +ac_add_options --disable-crashreporter +ac_add_options --disable-debug +ac_add_options --disable-debug-symbols +ac_add_options --disable-eme +ac_add_options --disable-gconf +# # marionette required for the xorg tests +# ac_add_options --disable-marionette +ac_add_options --disable-necko-wifi +ac_add_options --disable-parental-controls +# # precompiled-startupcache must be disabled to optimize for a newer +# # instruction set target +#ac_add_options --disable-precompiled-startupcache +ac_add_options --disable-synth-speechd +ac_add_options --disable-tests +ac_add_options --disable-updater +ac_add_options --disable-webrtc +# # Disabling webspeech breaks compiling ff67+ +# ac_add_options --disable-webspeech +export MOZ_ADDON_SIGNING=0 +export MOZ_REQUIRE_SIGNING=0 + +mk_add_options MOZ_MAKE_FLAGS="-j4" |