mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-19 09:22:05 -05:00
gnu: icecat: Modernize package definition.
* gnu/packages/gnuzilla.scm (icecat)[inputs, native-inputs]: Use new style. [configure-flags, phases]: Use gexps.
This commit is contained in:
parent
a3605b59c6
commit
7aa0e310fa
1 changed files with 367 additions and 381 deletions
|
@ -904,160 +904,156 @@ (define-public icecat
|
||||||
(source icecat-source)
|
(source icecat-source)
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(inputs
|
(inputs
|
||||||
`(("alsa-lib" ,alsa-lib)
|
(list alsa-lib
|
||||||
("bzip2" ,bzip2)
|
bzip2
|
||||||
("cups" ,cups)
|
cups
|
||||||
("dbus-glib" ,dbus-glib)
|
dbus-glib
|
||||||
("gdk-pixbuf" ,gdk-pixbuf)
|
gdk-pixbuf
|
||||||
("glib" ,glib)
|
glib
|
||||||
("gtk+" ,gtk+)
|
gtk+
|
||||||
("gtk+-2" ,gtk+-2)
|
gtk+-2
|
||||||
;; UNBUNDLE-ME! ("graphite2" ,graphite2)
|
;; UNBUNDLE-ME! graphite2
|
||||||
("cairo" ,cairo)
|
cairo
|
||||||
("pango" ,pango)
|
pango
|
||||||
("freetype" ,freetype)
|
freetype
|
||||||
("font-dejavu" ,font-dejavu)
|
font-dejavu
|
||||||
;; UNBUNDLE-ME! ("harfbuzz" ,harfbuzz)
|
;; UNBUNDLE-ME! harfbuzz
|
||||||
("libcanberra" ,libcanberra)
|
libcanberra
|
||||||
("libgnome" ,libgnome)
|
libgnome
|
||||||
("libjpeg-turbo" ,libjpeg-turbo)
|
libjpeg-turbo
|
||||||
("libpng-apng" ,libpng-apng)
|
libpng-apng
|
||||||
;; UNBUNDLE-ME! ("libogg" ,libogg)
|
;; UNBUNDLE-ME! libogg
|
||||||
;; UNBUNDLE-ME! ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
|
;; UNBUNDLE-ME! libtheora ; wants theora-1.2, not yet released
|
||||||
;; UNBUNDLE-ME! ("libvorbis" ,libvorbis)
|
;; UNBUNDLE-ME! libvorbis
|
||||||
("libxft" ,libxft)
|
libxft
|
||||||
("libevent" ,libevent)
|
libevent
|
||||||
("libxinerama" ,libxinerama)
|
libxinerama
|
||||||
("libxscrnsaver" ,libxscrnsaver)
|
libxscrnsaver
|
||||||
("libxcomposite" ,libxcomposite)
|
libxcomposite
|
||||||
("libxt" ,libxt)
|
libxt
|
||||||
("libffi" ,libffi)
|
libffi
|
||||||
("ffmpeg" ,ffmpeg)
|
ffmpeg
|
||||||
("libvpx" ,libvpx)
|
libvpx
|
||||||
("icu4c" ,icu4c)
|
icu4c
|
||||||
("pixman" ,pixman)
|
pixman
|
||||||
("pulseaudio" ,pulseaudio)
|
pulseaudio
|
||||||
("mesa" ,mesa)
|
mesa
|
||||||
("pciutils" ,pciutils)
|
pciutils
|
||||||
("mit-krb5" ,mit-krb5)
|
mit-krb5
|
||||||
("hunspell" ,hunspell)
|
hunspell
|
||||||
("libnotify" ,libnotify)
|
libnotify
|
||||||
;; See <https://bugs.gnu.org/32833>
|
;; See <https://bugs.gnu.org/32833>
|
||||||
;; and related comments in the 'remove-bundled-libraries' phase.
|
;; and related comments in the 'remove-bundled-libraries' phase.
|
||||||
;; UNBUNDLE-ME! ("nspr" ,nspr)
|
;; UNBUNDLE-ME! nspr
|
||||||
;; UNBUNDLE-ME! ("nss" ,nss)
|
;; UNBUNDLE-ME! nss
|
||||||
("shared-mime-info" ,shared-mime-info)
|
shared-mime-info
|
||||||
("sqlite" ,sqlite)
|
sqlite
|
||||||
("eudev" ,eudev)
|
eudev
|
||||||
("unzip" ,unzip)
|
unzip
|
||||||
("zip" ,zip)
|
zip
|
||||||
("zlib" ,zlib)))
|
zlib))
|
||||||
(native-inputs
|
(native-inputs
|
||||||
;; The following patches are specific to the Guix packaging of IceCat,
|
;; The following patches are specific to the Guix packaging of IceCat,
|
||||||
;; and therefore we prefer to leave them out of 'source', which should be
|
;; and therefore we prefer to leave them out of 'source', which should be
|
||||||
;; a tarball suitable for compilation on any system that IceCat supports.
|
;; a tarball suitable for compilation on any system that IceCat supports.
|
||||||
;; (Bug fixes and security fixes, however, should go in 'source').
|
;; (Bug fixes and security fixes, however, should go in 'source').
|
||||||
`(;; XXX TODO: Adapt these patches to IceCat 91.
|
(list
|
||||||
;; ("icecat-avoid-bundled-libraries.patch"
|
;; XXX TODO: Adapt these patches to IceCat 91.
|
||||||
;; ,(search-patch "icecat-avoid-bundled-libraries.patch"))
|
;; ("icecat-avoid-bundled-libraries.patch"
|
||||||
;; ("icecat-use-system-graphite2+harfbuzz.patch"
|
;; ,(search-patch "icecat-avoid-bundled-libraries.patch"))
|
||||||
;; ,(search-patch "icecat-use-system-graphite2+harfbuzz.patch"))
|
;; ("icecat-use-system-graphite2+harfbuzz.patch"
|
||||||
;; ("icecat-use-system-media-libs.patch"
|
;; ,(search-patch "icecat-use-system-graphite2+harfbuzz.patch"))
|
||||||
;; ,(search-patch "icecat-use-system-media-libs.patch"))
|
;; ("icecat-use-system-media-libs.patch"
|
||||||
|
;; ,(search-patch "icecat-use-system-media-libs.patch"))
|
||||||
("patch" ,(canonical-package patch))
|
rust
|
||||||
|
`(,rust "cargo")
|
||||||
("rust" ,rust)
|
rust-cbindgen-0.19
|
||||||
("cargo" ,rust "cargo")
|
llvm-11
|
||||||
("rust-cbindgen" ,rust-cbindgen-0.19)
|
clang-11
|
||||||
("llvm" ,llvm-11)
|
perl
|
||||||
("clang" ,clang-11)
|
node
|
||||||
("perl" ,perl)
|
python-wrapper
|
||||||
("node" ,node)
|
yasm
|
||||||
("python" ,python-wrapper)
|
nasm ; XXX FIXME: only needed on x86_64 and i686
|
||||||
("yasm" ,yasm)
|
pkg-config
|
||||||
("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686
|
m4
|
||||||
("pkg-config" ,pkg-config)
|
which))
|
||||||
("m4" ,m4)
|
|
||||||
("which" ,which)))
|
|
||||||
(arguments
|
(arguments
|
||||||
`(#:tests? #f ;not worth the cost
|
(list
|
||||||
|
#:tests? #f ;not worth the cost
|
||||||
|
|
||||||
;; Some dynamic lib was determined at runtime, so rpath check may fail.
|
;; Some dynamic lib was determined at runtime, so rpath check may fail.
|
||||||
#:validate-runpath? #f
|
#:validate-runpath? #f
|
||||||
|
|
||||||
#:configure-flags `("--enable-application=browser"
|
#:configure-flags
|
||||||
"--with-distribution-id=org.gnu"
|
#~(list
|
||||||
"--enable-geckodriver"
|
"--enable-application=browser"
|
||||||
;; Do not require addons in the global app or
|
"--with-distribution-id=org.gnu"
|
||||||
;; system directories to be signed by Mozilla.
|
"--enable-geckodriver"
|
||||||
"--with-unsigned-addon-scopes=app,system"
|
;; Do not require addons in the global app or system directories to
|
||||||
"--allow-addon-sideload"
|
;; be signed by Mozilla.
|
||||||
|
"--with-unsigned-addon-scopes=app,system"
|
||||||
|
"--allow-addon-sideload"
|
||||||
|
|
||||||
"--enable-pulseaudio"
|
"--enable-pulseaudio"
|
||||||
|
|
||||||
"--disable-tests"
|
"--disable-tests"
|
||||||
"--disable-updater"
|
"--disable-updater"
|
||||||
"--disable-crashreporter"
|
"--disable-crashreporter"
|
||||||
"--disable-eme"
|
"--disable-eme"
|
||||||
|
|
||||||
;; Building with debugging symbols takes ~5GiB, so
|
;; Building with debugging symbols takes ~5GiB, so disable it.
|
||||||
;; disable it.
|
"--disable-debug"
|
||||||
"--disable-debug"
|
"--disable-debug-symbols"
|
||||||
"--disable-debug-symbols"
|
|
||||||
|
|
||||||
"--enable-rust-simd"
|
"--enable-rust-simd"
|
||||||
"--enable-release"
|
"--enable-release"
|
||||||
"--enable-optimize"
|
"--enable-optimize"
|
||||||
"--enable-strip"
|
"--enable-strip"
|
||||||
"--disable-elf-hack"
|
"--disable-elf-hack"
|
||||||
|
|
||||||
;; Clang is needed to build Stylo, Mozilla's new
|
;; Clang is needed to build Stylo, Mozilla's new CSS engine. We must
|
||||||
;; CSS engine. We must specify the clang paths
|
;; specify the clang paths manually, because otherwise the Mozilla
|
||||||
;; manually, because otherwise the Mozilla build
|
;; build system looks in the directories returned by llvm-config
|
||||||
;; system looks in the directories returned by
|
;; --bindir and llvm-config --libdir, which return paths in the llvm
|
||||||
;; llvm-config --bindir and llvm-config --libdir,
|
;; package where clang is not found.
|
||||||
;; which return paths in the llvm package where
|
(string-append "--with-clang-path="
|
||||||
;; clang is not found.
|
(search-input-file %build-inputs "bin/clang"))
|
||||||
,(string-append "--with-clang-path="
|
(string-append "--with-libclang-path="
|
||||||
(assoc-ref %build-inputs "clang")
|
(dirname (search-input-file %build-inputs
|
||||||
"/bin/clang")
|
"lib/libclang.so")))
|
||||||
,(string-append "--with-libclang-path="
|
|
||||||
(assoc-ref %build-inputs "clang")
|
|
||||||
"/lib")
|
|
||||||
|
|
||||||
;; Hack to work around missing
|
;; Hack to work around missing "unofficial" branding in icecat.
|
||||||
;; "unofficial" branding in icecat.
|
"--enable-official-branding"
|
||||||
"--enable-official-branding"
|
|
||||||
|
|
||||||
;; Avoid bundled libraries.
|
;; Avoid bundled libraries.
|
||||||
"--with-system-jpeg" ; must be libjpeg-turbo
|
"--with-system-jpeg" ;must be libjpeg-turbo
|
||||||
"--with-system-png" ; must be libpng-apng
|
"--with-system-png" ;must be libpng-apng
|
||||||
"--with-system-zlib"
|
"--with-system-zlib"
|
||||||
;; UNBUNDLE-ME! "--with-system-bz2"
|
;; UNBUNDLE-ME! "--with-system-bz2"
|
||||||
;; UNBUNDLE-ME! "--with-system-libevent"
|
;; UNBUNDLE-ME! "--with-system-libevent"
|
||||||
;; UNBUNDLE-ME! "--with-system-ogg"
|
;; UNBUNDLE-ME! "--with-system-ogg"
|
||||||
;; UNBUNDLE-ME! "--with-system-vorbis"
|
;; UNBUNDLE-ME! "--with-system-vorbis"
|
||||||
;; UNBUNDLE-ME! "--with-system-theora" ; wants theora-1.2, not yet released
|
;; UNBUNDLE-ME! "--with-system-theora" ; wants theora-1.2, not yet released
|
||||||
;; UNBUNDLE-ME! "--with-system-libvpx"
|
;; UNBUNDLE-ME! "--with-system-libvpx"
|
||||||
"--with-system-icu"
|
"--with-system-icu"
|
||||||
|
|
||||||
;; See <https://bugs.gnu.org/32833>
|
;; See <https://bugs.gnu.org/32833>
|
||||||
;; and related comments in the
|
;; and related comments in the
|
||||||
;; 'remove-bundled-libraries' phase below.
|
;; 'remove-bundled-libraries' phase below.
|
||||||
;; UNBUNDLE-ME! "--with-system-nspr"
|
;; UNBUNDLE-ME! "--with-system-nspr"
|
||||||
;; UNBUNDLE-ME! "--with-system-nss"
|
;; UNBUNDLE-ME! "--with-system-nss"
|
||||||
|
|
||||||
;; UNBUNDLE-ME! "--with-system-harfbuzz"
|
;; UNBUNDLE-ME! "--with-system-harfbuzz"
|
||||||
;; UNBUNDLE-ME! "--with-system-graphite2"
|
;; UNBUNDLE-ME! "--with-system-graphite2"
|
||||||
"--enable-system-pixman"
|
"--enable-system-pixman"
|
||||||
"--enable-system-ffi"
|
"--enable-system-ffi"
|
||||||
;; UNBUNDLE-ME! "--enable-system-sqlite"
|
;; UNBUNDLE-ME! "--enable-system-sqlite"
|
||||||
)
|
)
|
||||||
|
|
||||||
#:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
|
#:imported-modules %cargo-utils-modules ;for `generate-all-checksums'
|
||||||
|
|
||||||
#:modules ((ice-9 ftw)
|
#:modules `((ice-9 ftw)
|
||||||
(ice-9 match)
|
(ice-9 match)
|
||||||
(srfi srfi-1)
|
(srfi srfi-1)
|
||||||
(srfi srfi-26)
|
(srfi srfi-26)
|
||||||
|
@ -1066,257 +1062,247 @@ (define-public icecat
|
||||||
(guix elf)
|
(guix elf)
|
||||||
(guix build gremlin)
|
(guix build gremlin)
|
||||||
,@%gnu-build-system-modules)
|
,@%gnu-build-system-modules)
|
||||||
#:phases
|
#:phases
|
||||||
(modify-phases %standard-phases
|
#~(modify-phases %standard-phases
|
||||||
(add-after 'unpack 'apply-guix-specific-patches
|
(add-after 'unpack 'apply-guix-specific-patches
|
||||||
(lambda* (#:key inputs native-inputs #:allow-other-keys)
|
(lambda* (#:key inputs native-inputs #:allow-other-keys)
|
||||||
(let ((patch (string-append (assoc-ref (or native-inputs inputs)
|
(let ((patch (search-input-file inputs "bin/patch")))
|
||||||
"patch")
|
(for-each (match-lambda
|
||||||
"/bin/patch")))
|
((label . file)
|
||||||
(for-each (match-lambda
|
(when (and (string-prefix? "icecat-" label)
|
||||||
((label . file)
|
(string-suffix? ".patch" label))
|
||||||
(when (and (string-prefix? "icecat-" label)
|
(format #t "applying '~a'...~%" file)
|
||||||
(string-suffix? ".patch" label))
|
(invoke patch "--force" "--no-backup-if-mismatch"
|
||||||
(format #t "applying '~a'...~%" file)
|
"-p1" "--input" file))))
|
||||||
(invoke patch "--force" "--no-backup-if-mismatch"
|
(or native-inputs inputs)))))
|
||||||
"-p1" "--input" file))))
|
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
|
||||||
(or native-inputs inputs)))))
|
(lambda _
|
||||||
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
|
;; Remove bundled libraries that we don't use, since they may
|
||||||
(lambda _
|
;; contain unpatched security flaws, they waste disk space and
|
||||||
;; Remove bundled libraries that we don't use, since they may
|
;; memory, and may cause confusion.
|
||||||
;; contain unpatched security flaws, they waste disk space and
|
(for-each (lambda (file)
|
||||||
;; memory, and may cause confusion.
|
(format #t "deleting '~a'...~%" file)
|
||||||
(for-each (lambda (file)
|
(delete-file-recursively file))
|
||||||
(format #t "deleting '~a'...~%" file)
|
'( ;; FIXME: Removing the bundled icu breaks configure.
|
||||||
(delete-file-recursively file))
|
;; * The bundled icu headers are used in some places.
|
||||||
'(;; FIXME: Removing the bundled icu breaks configure.
|
;; * The version number is taken from the bundled copy.
|
||||||
;; * The bundled icu headers are used in some places.
|
;;"intl/icu"
|
||||||
;; * The version number is taken from the bundled copy.
|
;;
|
||||||
;;"intl/icu"
|
;; FIXME: A script from the bundled nspr is used.
|
||||||
;;
|
;;"nsprpub"
|
||||||
;; FIXME: A script from the bundled nspr is used.
|
;;
|
||||||
;;"nsprpub"
|
;; FIXME: With the update to IceCat 60, using system NSS
|
||||||
;;
|
;; broke certificate validation. See
|
||||||
;; FIXME: With the update to IceCat 60, using system NSS
|
;; <https://bugs.gnu.org/32833>. For now, we use
|
||||||
;; broke certificate validation. See
|
;; the bundled NSPR and NSS. TODO: Investigate,
|
||||||
;; <https://bugs.gnu.org/32833>. For now, we use
|
;; and try to unbundle these libraries again.
|
||||||
;; the bundled NSPR and NSS. TODO: Investigate,
|
;; UNBUNDLE-ME! "security/nss"
|
||||||
;; and try to unbundle these libraries again.
|
;;
|
||||||
;; UNBUNDLE-ME! "security/nss"
|
;; TODO: Use more system media libraries. See:
|
||||||
;;
|
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
|
||||||
;; TODO: Use more system media libraries. See:
|
;; * libtheora: esr60 wants v1.2, not yet released.
|
||||||
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
|
;; * soundtouch: avoiding the bundled library would
|
||||||
;; * libtheora: esr60 wants v1.2, not yet released.
|
;; result in some loss of functionality. There's
|
||||||
;; * soundtouch: avoiding the bundled library would
|
;; also an issue with exception handling
|
||||||
;; result in some loss of functionality. There's
|
;; configuration. It seems that this is needed in
|
||||||
;; also an issue with exception handling
|
;; some moz.build:
|
||||||
;; configuration. It seems that this is needed in
|
;; DEFINES['ST_NO_EXCEPTION_HANDLING'] = 1
|
||||||
;; some moz.build:
|
;; * libopus
|
||||||
;; DEFINES['ST_NO_EXCEPTION_HANDLING'] = 1
|
;; * speex
|
||||||
;; * libopus
|
;;
|
||||||
;; * speex
|
"modules/freetype2"
|
||||||
;;
|
;; "media/libjpeg" ; needed for now, because media/libjpeg/moz.build is referenced from config/external/moz.build
|
||||||
"modules/freetype2"
|
;; UNBUNDLE-ME! "modules/zlib"
|
||||||
;; "media/libjpeg" ; needed for now, because media/libjpeg/moz.build is referenced from config/external/moz.build
|
;; UNBUNDLE-ME! "ipc/chromium/src/third_party/libevent"
|
||||||
;; UNBUNDLE-ME! "modules/zlib"
|
;; UNBUNDLE-ME! "media/libvpx"
|
||||||
;; UNBUNDLE-ME! "ipc/chromium/src/third_party/libevent"
|
;; UNBUNDLE-ME! "media/libogg"
|
||||||
;; UNBUNDLE-ME! "media/libvpx"
|
;; UNBUNDLE-ME! "media/libvorbis"
|
||||||
;; UNBUNDLE-ME! "media/libogg"
|
;; UNBUNDLE-ME! "media/libtheora" ; wants theora-1.2, not yet released
|
||||||
;; UNBUNDLE-ME! "media/libvorbis"
|
;; UNBUNDLE-ME! "media/libtremor"
|
||||||
;; UNBUNDLE-ME! "media/libtheora" ; wants theora-1.2, not yet released
|
;; UNBUNDLE-ME! "gfx/harfbuzz"
|
||||||
;; UNBUNDLE-ME! "media/libtremor"
|
;; UNBUNDLE-ME! "gfx/graphite2"
|
||||||
;; UNBUNDLE-ME! "gfx/harfbuzz"
|
"js/src/ctypes/libffi"
|
||||||
;; UNBUNDLE-ME! "gfx/graphite2"
|
;; UNBUNDLE-ME! "db/sqlite3"
|
||||||
"js/src/ctypes/libffi"
|
))))
|
||||||
;; UNBUNDLE-ME! "db/sqlite3"
|
(add-after 'remove-bundled-libraries 'fix-ffmpeg-runtime-linker
|
||||||
))))
|
(lambda* (#:key inputs #:allow-other-keys)
|
||||||
(add-after 'remove-bundled-libraries 'fix-ffmpeg-runtime-linker
|
;; Arrange to load libavcodec.so by its absolute file name.
|
||||||
(lambda* (#:key inputs #:allow-other-keys)
|
(substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
|
||||||
(let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
|
(("libavcodec\\.so")
|
||||||
(libavcodec (string-append ffmpeg "/lib/libavcodec.so")))
|
(search-input-file inputs "lib/libavcodec.so")))))
|
||||||
;; Arrange to load libavcodec.so by its absolute file name.
|
(add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist
|
||||||
(substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
|
(lambda* (#:key inputs #:allow-other-keys)
|
||||||
(("libavcodec\\.so")
|
(define (runpath-of lib)
|
||||||
libavcodec)))))
|
(call-with-input-file lib
|
||||||
(add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist
|
(compose elf-dynamic-info-runpath
|
||||||
(lambda* (#:key inputs #:allow-other-keys)
|
elf-dynamic-info
|
||||||
(define (runpath-of lib)
|
parse-elf
|
||||||
(call-with-input-file lib
|
get-bytevector-all)))
|
||||||
(compose elf-dynamic-info-runpath
|
(define (runpaths-of-input label)
|
||||||
elf-dynamic-info
|
(let* ((dir (string-append (assoc-ref inputs label) "/lib"))
|
||||||
parse-elf
|
(libs (find-files dir "\\.so$")))
|
||||||
get-bytevector-all)))
|
(append-map runpath-of libs)))
|
||||||
(define (runpaths-of-input label)
|
;; Populate the sandbox read-path whitelist as needed by ffmpeg.
|
||||||
(let* ((dir (string-append (assoc-ref inputs label) "/lib"))
|
(let* ((whitelist
|
||||||
(libs (find-files dir "\\.so$")))
|
(map (cut string-append <> "/")
|
||||||
(append-map runpath-of libs)))
|
(delete-duplicates
|
||||||
;; Populate the sandbox read-path whitelist as needed by ffmpeg.
|
`(,(string-append (assoc-ref inputs "shared-mime-info")
|
||||||
(let* ((whitelist
|
"/share/mime")
|
||||||
(map (cut string-append <> "/")
|
,(string-append (assoc-ref inputs "font-dejavu")
|
||||||
(delete-duplicates
|
"/share/fonts")
|
||||||
`(,(string-append (assoc-ref inputs "shared-mime-info")
|
"/run/current-system/profile/share/fonts"
|
||||||
"/share/mime")
|
,@(append-map runpaths-of-input
|
||||||
,(string-append (assoc-ref inputs "font-dejavu")
|
'("mesa" "ffmpeg"))))))
|
||||||
"/share/fonts")
|
(whitelist-string (string-join whitelist ","))
|
||||||
"/run/current-system/profile/share/fonts"
|
(port (open-file "browser/app/profile/icecat.js" "a")))
|
||||||
,@(append-map runpaths-of-input
|
(format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%"
|
||||||
'("mesa" "ffmpeg"))))))
|
whitelist-string)
|
||||||
(whitelist-string (string-join whitelist ","))
|
(format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%"
|
||||||
(port (open-file "browser/app/profile/icecat.js" "a")))
|
whitelist-string)
|
||||||
(format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%"
|
(close-output-port port))))
|
||||||
whitelist-string)
|
(add-after 'patch-source-shebangs 'patch-cargo-checksums
|
||||||
(format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%"
|
(lambda _
|
||||||
whitelist-string)
|
(use-modules (guix build cargo-utils))
|
||||||
(close-output-port port))))
|
(let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
|
||||||
(add-after 'patch-source-shebangs 'patch-cargo-checksums
|
(for-each (lambda (file)
|
||||||
(lambda _
|
(format #t "patching checksums in ~a~%" file)
|
||||||
(use-modules (guix build cargo-utils))
|
(substitute* file
|
||||||
(let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
|
(("^checksum = \".*\"")
|
||||||
(for-each (lambda (file)
|
(string-append "checksum = \"" null-hash "\""))))
|
||||||
(format #t "patching checksums in ~a~%" file)
|
(find-files "." "Cargo.lock$"))
|
||||||
(substitute* file
|
(for-each generate-all-checksums
|
||||||
(("^checksum = \".*\"")
|
'("services"
|
||||||
(string-append "checksum = \"" null-hash "\""))))
|
"js"
|
||||||
(find-files "." "Cargo.lock$"))
|
"third_party/rust"
|
||||||
(for-each generate-all-checksums
|
"dom/media"
|
||||||
'("services"
|
"dom/webauthn"
|
||||||
"js"
|
"toolkit"
|
||||||
"third_party/rust"
|
"gfx"
|
||||||
"dom/media"
|
"storage"
|
||||||
"dom/webauthn"
|
"modules"
|
||||||
"toolkit"
|
"xpcom/rust"
|
||||||
"gfx"
|
"media"
|
||||||
"storage"
|
"mozglue/static/rust"
|
||||||
"modules"
|
"netwerk"
|
||||||
"xpcom/rust"
|
"remote"
|
||||||
"media"
|
"intl"
|
||||||
"mozglue/static/rust"
|
"servo"
|
||||||
"netwerk"
|
"security/manager/ssl"
|
||||||
"remote"
|
"build")))))
|
||||||
"intl"
|
(delete 'bootstrap)
|
||||||
"servo"
|
(replace 'configure
|
||||||
"security/manager/ssl"
|
;; configure does not work followed by both "SHELL=..." and
|
||||||
"build")))))
|
;; "CONFIG_SHELL=..."; set environment variables instead
|
||||||
(delete 'bootstrap)
|
(lambda* (#:key outputs configure-flags #:allow-other-keys)
|
||||||
(replace 'configure
|
(let* ((bash (which "bash"))
|
||||||
;; configure does not work followed by both "SHELL=..." and
|
(abs-srcdir (getcwd))
|
||||||
;; "CONFIG_SHELL=..."; set environment variables instead
|
(flags `(,(string-append "--prefix=" #$output)
|
||||||
(lambda* (#:key outputs configure-flags #:allow-other-keys)
|
,(string-append "--with-l10n-base="
|
||||||
(let* ((out (assoc-ref outputs "out"))
|
abs-srcdir "/l10n")
|
||||||
(bash (which "bash"))
|
,@configure-flags)))
|
||||||
(abs-srcdir (getcwd))
|
(setenv "SHELL" bash)
|
||||||
(flags `(,(string-append "--prefix=" out)
|
(setenv "CONFIG_SHELL" bash)
|
||||||
,(string-append "--with-l10n-base="
|
|
||||||
abs-srcdir "/l10n")
|
|
||||||
,@configure-flags)))
|
|
||||||
(setenv "SHELL" bash)
|
|
||||||
(setenv "CONFIG_SHELL" bash)
|
|
||||||
|
|
||||||
(setenv "AR" "llvm-ar")
|
(setenv "AR" "llvm-ar")
|
||||||
(setenv "NM" "llvm-nm")
|
(setenv "NM" "llvm-nm")
|
||||||
(setenv "CC" "clang")
|
(setenv "CC" "clang")
|
||||||
(setenv "CXX" "clang++")
|
(setenv "CXX" "clang++")
|
||||||
(setenv "LDFLAGS" (string-append "-Wl,-rpath="
|
(setenv "LDFLAGS" (string-append "-Wl,-rpath="
|
||||||
(assoc-ref outputs "out")
|
#$output "/lib/icecat"))
|
||||||
"/lib/icecat"))
|
|
||||||
|
|
||||||
(setenv "MACH_USE_SYSTEM_PYTHON" "1")
|
(setenv "MACH_USE_SYSTEM_PYTHON" "1")
|
||||||
(setenv "MOZ_NOSPAM" "1")
|
(setenv "MOZ_NOSPAM" "1")
|
||||||
(setenv "MOZ_BUILD_DATE" ,%icecat-build-id) ; avoid timestamp
|
(setenv "MOZ_BUILD_DATE" #$%icecat-build-id) ; avoid timestamp
|
||||||
|
|
||||||
(format #t "build directory: ~s~%" (getcwd))
|
(format #t "build directory: ~s~%" (getcwd))
|
||||||
(format #t "configure flags: ~s~%" flags)
|
(format #t "configure flags: ~s~%" flags)
|
||||||
|
|
||||||
(call-with-output-file "mozconfig"
|
(call-with-output-file "mozconfig"
|
||||||
(lambda (out)
|
(lambda (port)
|
||||||
(for-each (lambda (flag)
|
(for-each (lambda (flag)
|
||||||
(format out "ac_add_options ~a\n" flag))
|
(format port "ac_add_options ~a\n" flag))
|
||||||
flags)))
|
flags)))
|
||||||
|
|
||||||
(invoke "./mach" "configure"))))
|
(invoke "./mach" "configure"))))
|
||||||
(replace 'build
|
(replace 'build
|
||||||
(lambda* (#:key (make-flags '()) (parallel-build? #t)
|
(lambda* (#:key (make-flags '()) (parallel-build? #t)
|
||||||
#:allow-other-keys)
|
#:allow-other-keys)
|
||||||
(apply invoke "./mach" "build"
|
(apply invoke "./mach" "build"
|
||||||
;; mach will use parallel build if possible by default
|
;; mach will use parallel build if possible by default
|
||||||
`(,@(if parallel-build?
|
`(,@(if parallel-build?
|
||||||
'()
|
'()
|
||||||
'("-j1"))
|
'("-j1"))
|
||||||
,@make-flags))))
|
,@make-flags))))
|
||||||
(add-after 'build 'neutralise-store-references
|
(add-after 'build 'neutralise-store-references
|
||||||
(lambda _
|
(lambda _
|
||||||
;; Mangle the store references to compilers & other build tools in
|
;; Mangle the store references to compilers & other build tools in
|
||||||
;; about:buildconfig, reducing IceCat's closure by 1 GiB on x86-64.
|
;; about:buildconfig, reducing IceCat's closure by 1 GiB on x86-64.
|
||||||
(let* ((obj-dir (match (scandir "." (cut string-prefix? "obj-" <>))
|
(let* ((obj-dir (match (scandir "." (cut string-prefix? "obj-" <>))
|
||||||
((dir) dir)))
|
((dir) dir)))
|
||||||
(file (string-append
|
(file (string-append
|
||||||
obj-dir
|
obj-dir
|
||||||
"/dist/bin/chrome/toolkit/content/global/buildconfig.html")))
|
"/dist/bin/chrome/toolkit/content/global/buildconfig.html")))
|
||||||
(substitute* file
|
(substitute* file
|
||||||
(("[0-9a-df-np-sv-z]{32}" hash)
|
(("[0-9a-df-np-sv-z]{32}" hash)
|
||||||
(string-append (string-take hash 8)
|
(string-append (string-take hash 8)
|
||||||
"<!-- Guix: not a runtime dependency -->"
|
"<!-- Guix: not a runtime dependency -->"
|
||||||
(string-drop hash 8)))))))
|
(string-drop hash 8)))))))
|
||||||
(replace 'install
|
(replace 'install
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(lambda* (#:key outputs #:allow-other-keys)
|
||||||
(invoke "./mach" "install")
|
(invoke "./mach" "install")
|
||||||
;; The geckodriver binary is not installed by the above, for some
|
;; The geckodriver binary is not installed by the above, for some
|
||||||
;; reason. Use 'find-files' to avoid having to deal with the
|
;; reason. Use 'find-files' to avoid having to deal with the
|
||||||
;; system/architecture-specific file name.
|
;; system/architecture-specific file name.
|
||||||
(install-file (first (find-files "." "geckodriver"))
|
(install-file (first (find-files "." "geckodriver"))
|
||||||
(string-append (assoc-ref outputs "out") "/bin"))))
|
(string-append #$output "/bin"))))
|
||||||
(add-after 'install 'wrap-program
|
(add-after 'install 'wrap-program
|
||||||
(lambda* (#:key inputs outputs #:allow-other-keys)
|
(lambda* (#:key inputs #:allow-other-keys)
|
||||||
(let* ((out (assoc-ref outputs "out"))
|
(let* ((lib (string-append #$output "/lib"))
|
||||||
(lib (string-append out "/lib"))
|
(gtk #$(this-package-input "gtk+"))
|
||||||
(gtk (assoc-ref inputs "gtk+"))
|
(gtk-share (string-append gtk "/share"))
|
||||||
(gtk-share (string-append gtk "/share"))
|
(ld-libs '#$(map (lambda (label)
|
||||||
(ld-libs (map (lambda (label)
|
(file-append (this-package-input label) "/lib"))
|
||||||
(string-append (assoc-ref inputs label)
|
'("libpng-apng"
|
||||||
"/lib"))
|
"libxscrnsaver"
|
||||||
'("libpng-apng"
|
"mesa"
|
||||||
"libxscrnsaver"
|
"pciutils"
|
||||||
"mesa"
|
"mit-krb5"
|
||||||
"pciutils"
|
"eudev"
|
||||||
"mit-krb5"
|
"pulseaudio"
|
||||||
"eudev"
|
;; For the integration of native notifications
|
||||||
"pulseaudio"
|
"libnotify"))))
|
||||||
;; For the integration of native notifications
|
(wrap-program (car (find-files lib "^icecat$"))
|
||||||
"libnotify"))))
|
`("XDG_DATA_DIRS" prefix (,gtk-share))
|
||||||
(wrap-program (car (find-files lib "^icecat$"))
|
;; The following line is commented out because the icecat
|
||||||
`("XDG_DATA_DIRS" prefix (,gtk-share))
|
;; package on guix has been observed to be unstable when
|
||||||
;; The following line is commented out because the icecat
|
;; using wayland, and the bundled extensions stop working.
|
||||||
;; package on guix has been observed to be unstable when
|
;; `("MOZ_ENABLE_WAYLAND" = ("1"))
|
||||||
;; using wayland, and the bundled extensions stop working.
|
`("LD_LIBRARY_PATH" prefix ,ld-libs)))))
|
||||||
;; `("MOZ_ENABLE_WAYLAND" = ("1"))
|
(add-after 'wrap-program 'install-desktop-entry
|
||||||
`("LD_LIBRARY_PATH" prefix ,ld-libs)))))
|
(lambda _
|
||||||
(add-after 'wrap-program 'install-desktop-entry
|
;; Install the '.desktop' file.
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(let* ((desktop-file "taskcluster/docker/icecat-snap/icecat.desktop")
|
||||||
;; Install the '.desktop' file.
|
(applications (string-append #$output "/share/applications")))
|
||||||
(let* ((desktop-file "taskcluster/docker/icecat-snap/icecat.desktop")
|
(substitute* desktop-file
|
||||||
(out (assoc-ref outputs "out"))
|
(("^Exec=icecat") (string-append "Exec=" #$output "/bin/icecat"))
|
||||||
(applications (string-append out "/share/applications")))
|
(("IceCat") "GNU IceCat")
|
||||||
(substitute* desktop-file
|
(("Icon=.*") "Icon=icecat\n")
|
||||||
(("^Exec=icecat") (string-append "Exec=" out "/bin/icecat"))
|
(("NewWindow") "new-window")
|
||||||
(("IceCat") "GNU IceCat")
|
(("NewPrivateWindow") "new-private-window"))
|
||||||
(("Icon=.*") "Icon=icecat\n")
|
(install-file desktop-file applications))))
|
||||||
(("NewWindow") "new-window")
|
(add-after 'install-desktop-entry 'install-icons
|
||||||
(("NewPrivateWindow") "new-private-window"))
|
(lambda _
|
||||||
(install-file desktop-file applications))))
|
(with-directory-excursion "browser/branding/official"
|
||||||
(add-after 'install-desktop-entry 'install-icons
|
(for-each
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(lambda (file)
|
||||||
(let ((out (assoc-ref outputs "out")))
|
(let* ((size (string-filter char-numeric? file))
|
||||||
(with-directory-excursion "browser/branding/official"
|
(icons (string-append #$output "/share/icons/hicolor/"
|
||||||
(for-each
|
size "x" size "/apps")))
|
||||||
(lambda (file)
|
(mkdir-p icons)
|
||||||
(let* ((size (string-filter char-numeric? file))
|
(copy-file file (string-append icons "/icecat.png"))))
|
||||||
(icons (string-append out "/share/icons/hicolor/"
|
'("default16.png" "default22.png" "default24.png"
|
||||||
size "x" size "/apps")))
|
"default32.png" "default48.png" "content/icon64.png"
|
||||||
(mkdir-p icons)
|
"mozicon128.png" "default256.png"))))))))
|
||||||
(copy-file file (string-append icons "/icecat.png"))))
|
|
||||||
'("default16.png" "default22.png" "default24.png"
|
|
||||||
"default32.png" "default48.png" "content/icon64.png"
|
|
||||||
"mozicon128.png" "default256.png")))))))))
|
|
||||||
(home-page "https://www.gnu.org/software/gnuzilla/")
|
(home-page "https://www.gnu.org/software/gnuzilla/")
|
||||||
(synopsis "Entirely free browser derived from Mozilla Firefox")
|
(synopsis "Entirely free browser derived from Mozilla Firefox")
|
||||||
(description
|
(description
|
||||||
|
|
Loading…
Reference in a new issue