4 files changed, 426 insertions, 0 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..4b7ab6b
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,75 @@
+stages:
+  - prepare
+  - build
+
+variables:
+  GIT_SUBMODULE_STRATEGY: recursive
+# variables:
+  # pkgver: $PKGVER
+  # pkgrel: $PKGREL
+  # AARCH64: $AARCH64
+  # X86_64: $X86_64
+  # GLOBAL_MENUBAR: $GLOBAL_MENUBAR
+
+.carch_aarch64: &carch_aarch64
+  variables:
+    CARCH: 'aarch64'
+
+.carch_x86_64: &carch_x86_64
+  variables:
+    CARCH: 'x86_64'
+
+.debian_prepare_config: &debian_prepare_config
+  stage: build
+  script:
+    - ./scripts/prep-librewolf-dpkg.sh
+  artifacts:
+    expire_in: 1d
+    name: "librewolf-debian-prepared"
+    paths:
+      - "prepared/librewolf*.{dsc,xz}"
+
+.debian_build_config: &debian_build_config
+  stage: build
+  script:
+    - ./scripts/build-librewolf-dpkg.conf
+  artifacts:
+    name: "librewolf-${pkgver}-${pkgrel}_${CARCH}"
+    paths:
+      - "out/librewolf-${pkgver}-${pkgrel}*.deb"
+
+build_debian_x86_64:
+  image: debian:sid
+  tags: [docker linux]
+  <<: *carch_x86_64
+  <<: *debian_build_config
+  only:
+    variables:
+      - $X86_64
+
+build_debian_aarch64:
+  image: arm64v8/ubuntu:16.04
+  tags: [aarch64b]
+  <<: *carch_aarch64
+  <<: *debian_build_config
+  only:
+    variables:
+      - $AARCH64
+
+prepare_debian_x86_64:
+  image: debian:sid
+  tags: [docker linux]
+  <<: *carch_x86_64
+  <<: *debian_prepare_config
+  only:
+    variables:
+      - $X86_64
+
+prepare_debian_aarch64:
+  image: arm64v8/ubuntu:16.04
+  tags: [aarch64b]
+  <<: *carch_aarch64
+  <<: *debian_prepare_config
+  only:
+    variables:
+      - $AARCH64
diff --git a/scripts/build-librewolf-dpkg.sh b/scripts/build-librewolf-dpkg.sh
new file mode 100644
index 0000000..5e163e8
--- /dev/null
+++ b/scripts/build-librewolf-dpkg.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# Load settings
+# basically, dot-source the conf file.
+test -z "${librewolf_dpkg_conf}" && export librewolf_dpkg_conf="$( find "$( dirname "${0}" )" -maxdepth 2 -name "$( basename "${0%%.sh}.conf" )" -print 2>/dev/null | head -n1 )"
+test ! -r "${librewolf_dpkg_conf}" && { echo "Unable to load config file, which should be named the same as this script but with a .conf ending. Aborted." 1>&2 ; exit 1 ; }
+. "${librewolf_dpkg_conf}"
+
+# Aborts the script upon any faliure
+set -e;
+
+apt update
+apt install -y  \
+libx11-dev \
+libx11-xcb-dev \
+libxt-dev \
+libgtk-3-dev \
+libgtk2.0-dev \
+libglib2.0-dev \
+libdrm-dev \
+libstartup-notification0-dev \
+libjpeg-dev \
+zlib1g-dev \
+libreadline-dev \
+libnspr4-dev \
+libnss3-dev \
+libvpx-dev \
+libdbus-glib-1-dev \
+libffi-dev \
+libevent-dev \
+libpulse-dev \
+libasound2-dev \
+libjack-dev \
+yasm \
+nasm \
+llvm-dev \
+libclang-dev \
+clang \
+nodejs \
+zip \
+locales \
+xvfb \
+xfonts-base \
+ttf-bitstream-vera \
+fonts-freefont-ttf \
+fonts-dejima-mincho \
+curl
+
+curl https://sh.rustup.rs -o rustup.sh
+bash rustup.sh -y
+source /root/.cargo/env
+cargo install --version 0.16.0 cbindgen
+
+cd ${work_dir}
+dpkg-source -x librewolf_${pkgrel}-${pkgver}.dsc ${output_dir}
+cd ${output_dir}
+dpkg-buildpackage -us -uc -d
diff --git a/scripts/prep-librewolf-dpkg.conf b/scripts/prep-librewolf-dpkg.conf
new file mode 100644
index 0000000..0925db8
--- /dev/null
+++ b/scripts/prep-librewolf-dpkg.conf
@@ -0,0 +1,8 @@
+# Config file for prep-librewolf-dpkg.sh
+# Configure these settings before running that script.
+
+debian_firefox_version=${debian_firefox_version:-'85.0-1'}       # current version of Firefox package in Debian sid
+firefox_version=${pkgver:-'85.0'}                # current version of Firefox
+settings_commit=${settings_commit:-'master'}
+CI_PROJECT_DIR=${CI_PROJECT_DIR:-$(realpath $(dirname $0)/../../)}
+output_dir=${CI_PROJECT_DIR}/out
diff --git a/scripts/prep-librewolf-dpkg.sh b/scripts/prep-librewolf-dpkg.sh
new file mode 100755
index 0000000..ce7d11e
--- /dev/null
+++ b/scripts/prep-librewolf-dpkg.sh
@@ -0,0 +1,286 @@
+#!/bin/bash
+# File: prep-librewolf-dpkg.sh
+# Location: https://gitlab.com/bgstack15/librewolf-linux.git
+# Latest supported version: librewolf-84.0.2-2
+# Author: bgstack15
+# SPDX-License-Identifier: CC-BY-SA-4.0
+# Startdate: 2020-11-29
+# Title: Build Dpkg for LibreWolf
+# Purpose: Prepare initial assets for running "dpkg-buildpackage -b -us -uc" for LibreWolf by adapting Debian Firefox assets
+# History:
+# Usage:
+#    Can send these final assets up to Open Build Service
+# References:
+#    Script numbers from https://gitlab.com/librewolf-community/browser/linux/-/tree/master/binary_tarball/scripts
+# Improve:
+#    Make this idempotent. Right now it is very much not.
+# Dependencies:
+#    wget, git, tar, awk, sed
+
+# Aborts the script upon any faliure
+set -e;
+
+#####################################
+# Load settings
+# basically, dot-source the conf file.
+test -z "${librewolf_dpkg_conf}" && export librewolf_dpkg_conf="$( find "$( dirname "${0}" )" -maxdepth 2 -name "$( basename "${0%%.sh}.conf" )" -print 2>/dev/null | head -n1 )"
+test ! -r "${librewolf_dpkg_conf}" && { echo "Unable to load config file, which should be named the same as this script but with a .conf ending. Aborted." 1>&2 ; exit 1 ; }
+. "${librewolf_dpkg_conf}"
+
+librewolf_common_url=https://gitlab.com/librewolf-community/browser/common.git
+librewolf_settings_url=https://gitlab.com/librewolf-community/settings.git
+librewolf_linux_url=https://gitlab.com/librewolf-community/browser/linux.git
+
+# user configurable
+git_source_dir=${CI_PROJECT_DIR}/git  # where LibreWolf git contents are cached
+debian_dir=${CI_PROJECT_DIR}/${firefox_version}/debian # where the firefox_debian.tar.xz file is extracted
+source_dir=${CI_PROJECT_DIR}/${firefox_version}/librewolf_${firefox_version} # where firefox.orig.tar.xz file is extracted with --strip-components=1
+work_dir=${CI_PROJECT_DIR}/prepared/
+
+#####################################
+# Download initial components
+
+# Download upstream Debian assets, which includes
+#   1. orig tarball, which in Debian is not always the pristine contents from upstream source
+#   2. debian/ directory which defines how to build a package for Debian
+#   3. Debian source package control file
+mkdir -p "${work_dir}" ; cd "${work_dir}"
+test -z "${SKIP_DOWNLOAD}" && {
+   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${firefox_version}".orig.tar.xz # -O librewolf_"${firefox_version}".orig.tar.xz
+   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".debian.tar.xz # -O librewolf_"${debian_firefox_version}".debian.tar.xz
+   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".dsc # -O librewolf_"${debian_firefox_version}".dsc
+}
+
+# extract these contents to where they belong
+mkdir -p "${source_dir}"
+test -z "${SKIP_EXTRACT}" && {
+   echo "Extracting files from orig and debian tarballs. This might take a while." 1>&2
+   tar -C "${source_dir}" -Jx --strip-components=1 -f firefox_"${firefox_version}".orig.tar.xz
+   tar -C "$( dirname "${debian_dir}" )" -Jxf firefox_"${debian_firefox_version}".debian.tar.xz
+   # dsc file is a text file and needs no extraction
+}
+
+# Download git sources
+# test -z "${SKIP_GIT}" && (
+   # yes, use a sub-shell because of this cd. pushd is a bash builtin, but we are using sh and not bash.
+   # cd "${git_source_dir}"
+   git clone "${librewolf_common_url}" ${git_source_dir}/common
+   git clone "${librewolf_settings_url}" ${git_source_dir}/settings
+   git clone "${librewolf_linux_url}" ${git_source_dir}/linux
+
+# )
+
+#####################################
+# Script 1 tasks
+
+# update debian/control file
+# update fields and add libjack-dev
+sed -i -r "${debian_dir}"/control \
+   -e '/^[[:alpha:]]+: firefox/s/firefox/librewolf/' \
+   -e '/^Package:.*-l10/,$d' \
+   -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack <bgstack15@gmail.com>' -e '}' \
+   -e '/^Uploaders:/d' \
+   -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \
+   -e '/^Vcs-/d' \
+   -e '/Breaks:.*xul-ext-torbutton/d' \
+   -e '/Description:/,+8{/Description:/,/^\s*$/d}'
+cat <<'EOF' >> "${debian_dir}"/control
+Description: LibreWolf variant of Mozilla Firefox web browser
+ LibreWolf is a build of Firefox that seeks to protect user privacy,
+ security, and freedom.
+EOF
+
+#####################################
+# Script 2 tasks
+
+# none. Dependencies are handled by the build environment by interpreting the dsc file.
+
+#####################################
+# Script 3 tasks
+
+# overlay the orig tarball contents with LibreWolf contents
+# LibreWolf branding
+cp -pr "${git_source_dir}"/common/source_files/browser/branding "${source_dir}"/browser/
+# update mozconfig with needed info
+sed -i -e '/with-app-name=/d' "${debian_dir}"/browser.mozconfig.in
+cat <<EOF >> "${debian_dir}"/browser.mozconfig.in
+
+# Start of LibreWolf effects
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+
+ac_add_options --prefix=/usr
+ac_add_options --enable-release
+ac_add_options --enable-hardening
+ac_add_options --enable-rust-simd
+
+# Branding ac_add_options --enable-update-channel=release
+ac_add_options --with-app-name=librewolf
+ac_add_options --with-app-basename=LibreWolf
+ac_add_options --with-branding=browser/branding/librewolf
+ac_add_options --with-distribution-id=io.gitlab.librewolf
+ac_add_options --with-unsigned-addon-scopes=app,system
+ac_add_options --allow-addon-sideload
+export MOZ_REQUIRE_SIGNING=0
+
+# Features
+ac_add_options --enable-jack
+ac_add_options --disable-crashreporter
+
+# Disables crash reporting, telemetry and other data gathering tools
+mk_add_options MOZ_CRASHREPORTER=0
+mk_add_options MOZ_DATA_REPORTING=0
+mk_add_options MOZ_SERVICES_HEALTHREPORT=0
+mk_add_options MOZ_TELEMETRY_REPORTING=0
+
+ac_add_options --disable-elf-hack
+
+# LibreWolf binary release uses clang-11 but Debian builds Firefox with gcc so this is irrelevant.
+#export CC='clang-11'
+#export CXX='clang++-11'
+#export AR=llvm-ar-11
+#export NM=llvm-nm-11
+#export RANLIB=llvm-ranlib-11
+
+ac_add_options --enable-optimize
+EOF
+
+# add patches to debian/patches
+mkdir -p "${debian_dir}"/patches/librewolf
+cp -pr "${git_source_dir}"/linux/megabar.patch "${git_source_dir}"/linux/remove_addons.patch \
+   "${git_source_dir}"/linux/deb_patches/*.patch \
+   "${debian_dir}"/patches/librewolf/
+cat <<EOF >> "${debian_dir}"/patches/series
+librewolf/lower-python3-requirement.patch -p1
+librewolf/armhf-reduce-linker-memory-use.patch -p1
+#librewolf/build-with-libstdc++-7.patch -p1
+librewolf/fix-armhf-webrtc-build.patch -p1
+librewolf/webrtc-fix-compiler-flags-for-armhf.patch -p1
+librewolf/python3-remove-variable-annotations.patch -p1
+librewolf/python3-remove-fstrings.patch -p1
+librewolf/python3-remove-pep487.patch -p1
+librewolf/silence-gtk-style-assertions.patch -p1
+librewolf/sandbox-update-arm-syscall-numbers.patch -p1
+librewolf/remove_addons.patch -p1
+librewolf/megabar.patch -p1
+EOF
+# observe that build-with-libstdc++-7 is disabled for this dpkg. Debian builds Firefox with gcc, not clang.
+# fix some fuzz in remove_addons.patch. The space is important!
+sed -i -r -e 's/libs /l10n /;' "${debian_dir}"/patches/librewolf/remove_addons.patch
+
+# additional main LibreWolf activities
+# disable pocket in source
+sed -i "/'pocket'/d" "${source_dir}"/browser/components/moz.build
+sed -i "/SaveToPocket\.init/d" "${source_dir}"/browser/components/BrowserGlue.jsm
+# Remove internal plugin certificates
+sed -i -r -e '/organizationalUnit.{0,5}=.{0,5}Mozilla/{N;N;N;d}' "${source_dir}"/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+# allow SearchEngines option in non-ESR builds
+sed -i -r -e '/enterprise_only/s#true#false#g;' "${source_dir}"/browser/components/enterprisepolicies/schemas/policies-schema.json
+# stop some undesired requests (https://gitlab.com/librewolf-community/browser/common/-/issues/10)
+_settings_services_sed='s#firefox.settings.services.mozilla.com#f.s.s.m.c.qjz9zk#g'
+sed "$_settings_services_sed" -i browser/components/newtab/data/content/activity-stream.bundle.js
+sed "$_settings_services_sed" -i modules/libpref/init/all.js
+sed "$_settings_services_sed" -i services/settings/Utils.jsm
+sed "$_settings_services_sed" -i toolkit/components/search/SearchUtils.jsm
+
+# Remove Internal Plugin Certificates
+_cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
+_cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
+_cert_sed+='[[:blank:]]\+}#'
+_cert_sed+='// NOTE: removed#g'
+sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
+
+#####################################
+# Script 4 tasks
+
+sed -i -r -e '2{
+   iexport DEB_BUILD_HARDENING=1
+   ;iexport DEB_BUILD_HARDENING_STACKPROTECTOR=1
+   ;iexport DEB_BUILD_HARDENING_FORTIFY=1
+   ;iexport DEB_BUILD_HARDENING_FORMAT=1
+   ;iexport DEB_BUILD_HARDENING_PIE=1
+   ;iexport CPP
+}
+/^EXPORTS/{
+   iCPPFLAGS += -D_FORTIFY_SOURCE=2
+   ;iCFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt
+   ;iCXXFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt
+   ;iLDFLAGS += -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now
+}
+2{
+   iexport MOZ_NOSPAM=1
+   iexport MACH_USE_SYSTEM_PYTHON=1
+}
+' "${debian_dir}"/rules
+
+#####################################
+# Additional steps for dpkg implementation
+
+# fix the binary name that gets installed in /usr/bin, and disable crash reporter by changing what variable name it looks for that will enable it
+sed -i -e '/%if browser/,+2s/firefox/librewolf/' \
+   -e '/%if CRASH_REPORTER/s/CRASH_REPORTER/CRASH_REPORTER_ENABLED/' \
+   "${debian_dir}"/browser.install.in
+
+# instruct dpkg to include the librewolf settings
+rm -rf "${debian_dir}"/librewolf_settings
+cp -pr "${git_source_dir}"/settings "${debian_dir}"/librewolf_settings
+rm -rf "${debian_dir}"/librewolf_settings/.git*
+cat <<EOF >> "${debian_dir}"/browser.install.in
+debian/librewolf_settings/librewolf.cfg usr/lib/@browser@
+debian/librewolf_settings/defaults usr/share/@browser@
+debian/librewolf_settings/distribution usr/share/@browser@
+EOF
+
+# add changelog contents for LibreWolf
+new_changelog="$( mktemp )"
+{
+   cat <<EOF
+librewolf (${debian_firefox_version}) unstable; urgency=low
+
+  * Fork to librewolf release
+
+ -- B. Stack <bgstack15@gmail.com>  $( date "+%a, %d %b %+4Y %T %z" )
+
+EOF
+   cat "${debian_dir}"/changelog
+} > "${new_changelog}"
+cat "${new_changelog}" > "${debian_dir}"/changelog
+
+rm -f "${new_changelog:-NOTHINGTODEL}"
+
+#####################################
+# Build new assets
+# dpkg-buildpackage needs the orig tarball, debian tarball, and dsc file.
+
+echo "Building new tarballs. This might take a while." 1>&2
+
+# orig tarball
+cd "${work_dir}"
+tar -Jc -f librewolf_"${firefox_version}".orig.tar.xz -C "$( dirname "${source_dir}" )" librewolf_"${firefox_version}"
+
+# debian tarball
+tar -Jc -f librewolf_"${debian_firefox_version}".debian.tar.xz -C "$( dirname  "${debian_dir}" )" debian
+
+# dsc file, which needs to be modified
+cd "${work_dir}"
+sed -r \
+   -e '/^(Files|Checksums-.{0,8}):/,$d' \
+   -e '1,/^Format:/{/^Format:/!{d}}' \
+   -e 's/^([[:alpha:]]+:).* firefox(-l10n[^\s]*)*/\1 librewolf/' \
+   -e '/firefox-l10n/d' \
+   -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack <bgstack15@gmail.com>' -e '}' \
+   -e '/^Uploaders:/d' \
+   -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \
+   -e '/^Vcs-/d' \
+   -e '/^ firefox/s/firefox/librewolf/g' \
+   firefox_"${debian_firefox_version}".dsc > librewolf_"${debian_firefox_version}".dsc
+{
+   echo "Files:"
+   for word in librewolf*z ;
+   do
+      printf "%s %s\n" "$( stat -c '%s' "${word}" )" "$( md5sum "${word}" )"
+   done | awk '{print " "$2,$1,$3}'
+} >> librewolf_"${debian_firefox_version}".dsc
+
+# And now you have in the ${work_dir} location three files.
+# librewolf_80.3.orig.tar.xz librewolf_80.3-1.debian.tar.xz librewolf_80.3-1.dsc