diff options
Diffstat (limited to 'www-client/torbrowser/torbrowser-10.0.6.ebuild')
| -rw-r--r-- | www-client/torbrowser/torbrowser-10.0.6.ebuild | 815 |
1 files changed, 815 insertions, 0 deletions
diff --git a/www-client/torbrowser/torbrowser-10.0.6.ebuild b/www-client/torbrowser/torbrowser-10.0.6.ebuild new file mode 100644 index 000000000000..cc78ccde8e57 --- /dev/null +++ b/www-client/torbrowser/torbrowser-10.0.6.ebuild @@ -0,0 +1,815 @@ +# Copyright 2020 Liguros Authors +# Distributed under the terms of the GNU General Public License v2 +EAPI="6" +VIRTUALX_REQUIRED="pgo" +WANT_AUTOCONF="2.1" + +PYTHON_COMPAT=( python3_{6,7,8,9,10} ) +PYTHON_REQ_USE='ncurses,sqlite,ssl,threads(+)' + +# Patch version +PATCH="firefox-esr-78-patches-07" + +LLVM_MAX_SLOT=11 + +inherit autotools check-reqs desktop eapi7-ver eutils flag-o-matic gnome2-utils llvm \ + mozcoreconf-v6 multiprocessing pax-utils python-any-r1 toolchain-funcs xdg + +DESCRIPTION="The Tor Browser" +HOMEPAGE="https://www.torproject.org" +KEYWORDS="~amd64 ~x86" +SLOT="0" +LICENSE="MPL-2.0 GPL-2 LGPL-2.1 BSD CC-BY-3.0" +IUSE="bindist clang cpu_flags_x86_avx2 dbus debug eme-free geckodriver + +gmp-autoupdate hardened hwaccel jack lto cpu_flags_arm_neon + +openh264 pgo pulseaudio screencast +screenshot selinux +system-av1 + +system-harfbuzz +system-icu +system-jpeg +system-libevent + +system-libvpx +system-webp test wayland wifi" + +REQUIRED_USE="pgo? ( lto )" + +RESTRICT="!bindist? ( bindist ) + !test? ( test ) + primaryuri" + +MY_P="firefox-tor-browser-78.5.0esr-10.0-1-build1" +MY_EFF="https-everywhere-2020.11.17-eff.xpi" +MY_NOS="noscript-11.1.5.xpi" +TORLAUNCHER_VERSION="0.2.26" +PATCH_URIS=( https://dev.gentoo.org/~{anarchy,axs,polynomial-c,whissi}/mozilla/patchsets/${PATCH}.tar.xz ) +TOR_SRC_BASE_URI="https://dist.torproject.org/torbrowser/${PV}" +TOR_SRC_ARCHIVE_URI="https://archive.torproject.org/tor-package-archive/torbrowser/${PV}" +SRC_URI=" + ${TOR_SRC_BASE_URI}/src-${MY_P}.tar.xz + ${TOR_SRC_BASE_URI}/src-tor-launcher-${TORLAUNCHER_VERSION}.tar.xz + ${TOR_SRC_BASE_URI}/tor-browser-linux64-${PV}_en-US.tar.xz + ${TOR_SRC_ARCHIVE_URI}/src-${MY_P}.tar.xz + ${TOR_SRC_ARCHIVE_URI}/src-tor-launcher-0.2.26.tar.xz + ${TOR_SRC_ARCHIVE_URI}/tor-browser-linux64-${PV}_en-US.tar.xz + https://www.eff.org/files/${MY_EFF} + https://secure.informaction.com/download/releases/${MY_NOS} + ${PATCH_URIS[@]} +" + +CDEPEND=" + >=dev-libs/nss-3.53.1 + >=dev-libs/nspr-4.25 + dev-libs/atk + dev-libs/expat + >=x11-libs/cairo-1.10[X] + >=x11-libs/gtk+-2.18:2 + >=x11-libs/gtk+-3.4.0:3[X] + x11-libs/gdk-pixbuf + >=x11-libs/pango-1.22.0 + >=media-libs/libpng-1.6.35:0=[apng] + >=media-libs/mesa-10.2:* + media-libs/fontconfig + >=media-libs/freetype-2.4.10 + kernel_linux? ( !pulseaudio? ( media-libs/alsa-lib ) ) + virtual/freedesktop-icon-theme + >=x11-libs/pixman-0.19.2 + >=dev-libs/glib-2.26:2 + >=sys-libs/zlib-1.2.3 + >=dev-libs/libffi-3.0.10:= + media-video/ffmpeg + x11-libs/libX11 + x11-libs/libXcomposite + x11-libs/libXdamage + x11-libs/libXext + x11-libs/libXfixes + x11-libs/libXrender + x11-libs/libXt + screencast? ( media-video/pipewire:0/0.3 ) + dbus? ( + sys-apps/dbus + dev-libs/dbus-glib + ) + system-av1? ( + >=media-libs/dav1d-0.3.0:= + >=media-libs/libaom-1.0.0:= + ) + system-harfbuzz? ( + >=media-libs/harfbuzz-2.6.8:0= + >=media-gfx/graphite2-1.3.13 + ) + system-icu? ( >=dev-libs/icu-67.1:= ) + system-jpeg? ( >=media-libs/libjpeg-turbo-1.2.1 ) + system-libevent? ( >=dev-libs/libevent-2.0:0=[threads] ) + system-libvpx? ( >=media-libs/libvpx-1.8.2:0=[postproc] ) + system-webp? ( >=media-libs/libwebp-1.1.0:0= ) + wifi? ( + kernel_linux? ( + net-misc/networkmanager + ) + ) + jack? ( virtual/jack ) + selinux? ( sec-policy/selinux-mozilla )" + +RDEPEND="${CDEPEND} + jack? ( virtual/jack ) + openh264? ( media-libs/openh264:*[plugin] ) + selinux? ( sec-policy/selinux-mozilla )" + +DEPEND="${CDEPEND} + app-arch/zip + app-arch/unzip + >=dev-util/cbindgen-0.14.3 + >=net-libs/nodejs-10.19.0 + >=sys-devel/binutils-2.30 + sys-apps/findutils + virtual/pkgconfig + >=virtual/rust-1.41.0 + || ( + ( + sys-devel/clang:11 + !clang? ( sys-devel/llvm:11 ) + clang? ( + =sys-devel/lld-11* + sys-devel/llvm:11[gold] + pgo? ( =sys-libs/compiler-rt-sanitizers-11*[profile] ) + ) + ) + ( + sys-devel/clang:10 + !clang? ( sys-devel/llvm:10 ) + clang? ( + =sys-devel/lld-10* + sys-devel/llvm:10[gold] + pgo? ( =sys-libs/compiler-rt-sanitizers-10*[profile] ) + ) + ) + ( + sys-devel/clang:9 + !clang? ( sys-devel/llvm:9 ) + clang? ( + =sys-devel/lld-9* + sys-devel/llvm:9[gold] + pgo? ( =sys-libs/compiler-rt-sanitizers-9*[profile] ) + ) + ) + ) + pulseaudio? ( + || ( + media-sound/pulseaudio + >=media-sound/apulse-0.1.12-r4[sdk] + ) + ) + wayland? ( >=x11-libs/gtk+-3.11:3[wayland] ) + amd64? ( >=dev-lang/yasm-1.1 virtual/opengl ) + x86? ( >=dev-lang/yasm-1.1 virtual/opengl ) + !system-av1? ( + amd64? ( >=dev-lang/nasm-2.13 ) + x86? ( >=dev-lang/nasm-2.13 ) + )" +RDEPEND=" + ${RDEPEND} + net-vpn/tor +" + +S="${WORKDIR}/${MY_P}" +BUILD_OBJ_DIR="${WORKDIR}/tb" + +llvm_check_deps() { + if ! has_version --host-root "sys-devel/clang:${LLVM_SLOT}" ; then + ewarn "sys-devel/clang:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 + return 1 + fi + + if use clang ; then + if ! has_version --host-root "=sys-devel/lld-${LLVM_SLOT}*" ; then + ewarn "=sys-devel/lld-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 + return 1 + fi + + if use pgo ; then + if ! has_version --host-root "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}*" ; then + ewarn "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 + return 1 + fi + fi + fi + + einfo "Will use LLVM slot ${LLVM_SLOT}!" >&2 +} + +pkg_pretend() { + if use pgo ; then + if ! has usersandbox $FEATURES ; then + die "You must enable usersandbox as X server can not run as root!" + fi + fi + + # Ensure we have enough disk space to compile + if use pgo || use lto || use debug || use test ; then + CHECKREQS_DISK_BUILD="10G" + else + CHECKREQS_DISK_BUILD="5G" + fi + + check-reqs_pkg_pretend +} + +pkg_setup() { + moz_pkgsetup + llvm_pkg_setup + python-any-r1_pkg_setup + + # These should *always* be cleaned up anyway + unset DBUS_SESSION_BUS_ADDRESS \ + DISPLAY \ + ORBIT_SOCKETDIR \ + SESSION_MANAGER \ + XDG_CACHE_HOME \ + XDG_SESSION_COOKIE \ + XAUTHORITY + + if ! use bindist ; then + einfo + elog "You are enabling official branding. You may not redistribute this build" + elog "to any users on your network or the internet. Doing so puts yourself into" + elog "a legal problem with Mozilla Foundation." + elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag." + fi + + addpredict /proc/self/oom_score_adj + + if ! mountpoint -q /dev/shm ; then + # If /dev/shm is not available, configure is known to fail with + # a traceback report referencing /usr/lib/pythonN.N/multiprocessing/synchronize.py + ewarn "/dev/shm is not mounted -- expect build failures!" + fi + + # Ensure we use C locale when building, bug #746215 + export LC_ALL=C + append-cppflags "-DTOR_BROWSER_DATA_IN_HOME_DIR" +} + +src_unpack() { + for a in ${A} ; do + case "${a}" in + "src-${MY_P}.tar.xz") + unpack "${a}" + ;; + + "src-tor-launcher-${TORLAUNCHER_VERSION}.tar.xz") + local destdir="${S}"/browser/extensions/tor-launcher + echo ">>> Unpacking ${a} to ${destdir}" + mkdir "${destdir}" || die + tar -C "${destdir}" -x -o --strip-components 1 \ + -f "${DISTDIR}/${a}" || die + ;; + + # see https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/build?h=maint-10.0#n81 + "${MY_EFF}") + local destdir="${WORKDIR}"/https-everywhere/chrome/torbutton/content/extensions/https-everywhere/ + echo ">>> Unpacking ${a} to ${destdir}" + mkdir -p "${destdir}" || die + unzip -qo "${DISTDIR}/${a}" -d "${destdir}" || die + ;; + + "${MY_NOS}") + local destdir="${WORKDIR}" + echo ">>> Copying ${a} to ${destdir}" + cp "${DISTDIR}/${a}" "${destdir}" || die + ;; + + # see https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/build?h=maint-10.0#n35 + "tor-browser-linux64-${PV}_en-US.tar.xz") + local destdir="${WORKDIR}"/profile + echo ">>> Unpacking ${a} to ${destdir}" + mkdir "${destdir}" || die + tar -C "${destdir}" -x -o --strip-components 1 \ + -f "${DISTDIR}/${a}" \ + tor-browser_en-US/Browser/TorBrowser/Docs \ + tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default || die + ;; + + *) + unpack "${a}" + ;; + esac + done +} + +src_prepare() { + rm -f "${WORKDIR}"/firefox/00{29,31,32}-*.patch + eapply "${WORKDIR}/firefox-patches" + eapply "${FILESDIR}"/${PN}-profiledir.patch + sed -e '/if (gTorPane.enabled/,/^ }$/d' \ + -i browser/components/preferences/preferences.js + sed -e '/\<torpreferences\>/d' \ + -i browser/components/preferences/preferences.xhtml + + # Make LTO respect MAKEOPTS + sed -i \ + -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ + "${S}"/build/moz.configure/lto-pgo.configure \ + || die "sed failed to set num_cores" + + # Make ICU respect MAKEOPTS + sed -i \ + -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ + "${S}"/intl/icu_sources_data.py \ + || die "sed failed to set num_cores" + + # sed-in toolchain prefix + sed -i \ + -e "s/objdump/${CHOST}-objdump/" \ + "${S}"/python/mozbuild/mozbuild/configure/check_debug_ranges.py \ + || die "sed failed to set toolchain prefix" + + sed -i \ + -e 's/ccache_stats = None/return None/' \ + "${S}"/python/mozbuild/mozbuild/controller/building.py \ + || die "sed failed to disable ccache stats call" + + # Allow user to apply any additional patches without modifing ebuild + eapply_user + + einfo "Removing pre-built binaries ..." + find "${S}"/third_party -type f \( -name '*.so' -o -name '*.o' \) -print -delete || die + + # Enable gnomebreakpad + if use debug ; then + sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \ + "${S}"/build/unix/run-mozilla.sh || die "sed failed!" + fi + + # Fix sandbox violations during make clean, bug 372817 + sed -e "s:\(/no-such-file\):${T}\1:g" \ + -i "${S}"/config/rules.mk \ + -i "${S}"/nsprpub/configure{.in,} \ + || die + + # Don't exit with error when some libs are missing which we have in + # system. + sed '/^MOZ_PKG_FATAL_WARNINGS/s@= 1@= 0@' \ + -i "${S}"/browser/installer/Makefile.in || die + + # Don't error out when there's no files to be removed: + sed 's@\(xargs rm\)$@\1 -f@' \ + -i "${S}"/toolkit/mozapps/installer/packager.mk || die + + # Keep codebase the same even if not using official branding + sed '/^MOZ_DEV_EDITION=1/d' \ + -i "${S}"/browser/branding/aurora/configure.sh || die + + # rustfmt, a tool to format Rust code, is optional and not required to build Firefox. + # However, when available, an unsupported version can cause problems, bug #669548 + sed -i -e "s@check_prog('RUSTFMT', add_rustup_path('rustfmt')@check_prog('RUSTFMT', add_rustup_path('rustfmt_do_not_use')@" \ + "${S}"/build/moz.configure/rust.configure || die + + # Autotools configure is now called old-configure.in + # This works because there is still a configure.in that happens to be for the + # shell wrapper configure script + eautoreconf old-configure.in + + # Must run autoconf in js/src + cd "${S}"/js/src || die + eautoconf old-configure.in + + # Clear checksums that present a problem + sed -i 's/\("files":{\)[^}]*/\1/' "${S}"/third_party/rust/target-lexicon-0.9.0/.cargo-checksum.json || die + + xdg_src_prepare +} + +src_configure() { + # Show flags set at the beginning + einfo "Current CFLAGS: ${CFLAGS}" + einfo "Current LDFLAGS: ${LDFLAGS}" + einfo "Current RUSTFLAGS: ${RUSTFLAGS}" + MEXTENSIONS="default" + + # Add information about TERM to output (build.log) to aid debugging + # blessings problems + if [[ -n "${TERM}" ]] ; then + einfo "TERM is set to: \"${TERM}\"" + else + einfo "TERM is unset." + fi + + if use clang && ! tc-is-clang ; then + # Force clang + einfo "Enforcing the use of clang due to USE=clang ..." + CC=${CHOST}-clang + CXX=${CHOST}-clang++ + strip-unsupported-flags + elif ! use clang && ! tc-is-gcc ; then + # Force gcc + einfo "Enforcing the use of gcc due to USE=-clang ..." + CC=${CHOST}-gcc + CXX=${CHOST}-g++ + strip-unsupported-flags + fi + + #################################### + # + # mozconfig, CFLAGS and CXXFLAGS setup + # + #################################### + + mozconfig_init + mozconfig_annotate "" --enable-application=browser + # common config components + mozconfig_annotate 'system_libs' --with-system-zlib + + # Must pass release in order to properly select linker + mozconfig_annotate 'Enable by Liguros' --enable-release + + # libclang.so is not properly detected work around issue + mozconfig_annotate '' --with-libclang-path="$(llvm-config --libdir)" + + if use pgo ; then + if ! has userpriv $FEATURES ; then + eerror "Building firefox with USE=pgo and FEATURES=-userpriv is not supported!" + fi + fi + + # Don't let user's LTO flags clash with upstream's flags + filter-flags -flto* + + if use lto ; then + local show_old_compiler_warning= + + if use clang ; then + # At this stage CC is adjusted and the following check will + # will work + if [[ $(clang-major-version) -lt 7 ]] ; then + show_old_compiler_warning=1 + fi + + # Upstream only supports lld when using clang + mozconfig_annotate "forcing ld=lld due to USE=clang and USE=lto" --enable-linker=lld + else + if [[ $(gcc-major-version) -lt 8 ]] ; then + show_old_compiler_warning=1 + fi + + if ! use cpu_flags_x86_avx2 ; then + local _gcc_version_with_ipa_cdtor_fix="8.3" + local _current_gcc_version="$(gcc-major-version).$(gcc-minor-version)" + + if ver_test "${_current_gcc_version}" -lt "${_gcc_version_with_ipa_cdtor_fix}" ; then + # due to a GCC bug, GCC will produce AVX2 instructions + # even if the CPU doesn't support AVX2, https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01142.html + einfo "Disable IPA cdtor due to bug in GCC and missing AVX2 support -- triggered by USE=lto" + append-ldflags -fdisable-ipa-cdtor + else + einfo "No GCC workaround required, GCC version is already patched!" + fi + else + einfo "No GCC workaround required, system supports AVX2" + fi + + # Linking only works when using ld.gold when LTO is enabled + mozconfig_annotate "forcing ld=gold due to USE=lto" --enable-linker=gold + fi + + if [[ -n "${show_old_compiler_warning}" ]] ; then + # Checking compiler's major version uses CC variable. Because we allow + # user to control used compiler via USE=clang flag, we cannot use + # initial value. So this is the earliest stage where we can do this check + # because pkg_pretend is not called in the main phase function sequence + # environment saving is not guaranteed so we don't know if we will have + # correct compiler until now. + ewarn "" + ewarn "USE=lto requires up-to-date compiler (>=gcc-8 or >=clang-7)." + ewarn "You are on your own -- expect build failures. Don't file bugs using that unsupported configuration!" + ewarn "" + sleep 5 + fi + + mozconfig_annotate '+lto' --enable-lto=thin + + if use pgo ; then + mozconfig_annotate '+pgo' MOZ_PGO=1 + fi + else + # Avoid auto-magic on linker + if use clang ; then + # This is upstream's default + mozconfig_annotate "forcing ld=lld due to USE=clang" --enable-linker=lld + elif tc-ld-is-gold ; then + mozconfig_annotate "linker is set to gold" --enable-linker=gold + else + mozconfig_annotate "linker is set to bfd" --enable-linker=bfd + fi + fi + + # Add full relro support for hardened + use hardened && append-ldflags "-Wl,-z,now" + + mozconfig_use_enable !bindist official-branding + mozconfig_use_enable debug + mozconfig_use_enable debug tests + + if ! use debug ; then + mozconfig_annotate 'disabled by Liguros' --disable-debug-symbols + else + mozconfig_annotate 'enabled by Liguros' --enable-debug-symbols + fi + # These are enabled by default in all mozilla applications + mozconfig_annotate '' --with-system-nspr + mozconfig_annotate '' --with-system-nss + mozconfig_annotate '' --x-includes="${SYSROOT}${EPREFIX}"/usr/include \ + --x-libraries="${SYSROOT}${EPREFIX}"/usr/$(get_libdir) + mozconfig_annotate '' --prefix="${EPREFIX}"/usr + mozconfig_annotate '' --libdir="${EPREFIX}"/usr/$(get_libdir) + mozconfig_annotate '' --allow-addon-sideload + mozconfig_annotate '' --disable-cargo-incremental + mozconfig_annotate '' --disable-crashreporter + mozconfig_annotate '' --disable-install-strip + mozconfig_annotate '' --disable-strip + mozconfig_annotate '' --disable-updater + mozconfig_annotate 'Gentoo default' --with-system-png + mozconfig_annotate '' --enable-system-ffi + mozconfig_annotate '' --with-intl-api + mozconfig_annotate '' --enable-system-pixman + mozconfig_annotate '' --with-intl-api + # Instead of the standard --build= and --host=, mozilla uses --host instead + # of --build, and --target intstead of --host. + # Note, mozilla also has --build but it does not do what you think it does. + # Set both --target and --host as mozilla uses python to guess values otherwise + mozconfig_annotate '' --target="${CHOST}" + mozconfig_annotate '' --host="${CBUILD:-${CHOST}}" + mozconfig_annotate '' --with-toolchain-prefix="${CHOST}-" + mozconfig_annotate '' --with-unsigned-addon-scopes=app,system + + if use system-libevent ; then + mozconfig_annotate '' --with-system-libevent="${SYSROOT}${EPREFIX}"/usr + fi + + if ! use x86 && [[ ${CHOST} != armv*h* ]] ; then + mozconfig_annotate '' --enable-rust-simd + fi + + mozconfig_annotate '' --enable-optimize + + # use the gtk3 toolkit (the only one supported at this point) + # TODO: Will this result in automagic dependency on x11-libs/gtk+[wayland]? + if use wayland ; then + mozconfig_annotate '' --enable-default-toolkit=cairo-gtk3-wayland + else + mozconfig_annotate '' --enable-default-toolkit=cairo-gtk3 + fi + + mozconfig_use_with system-av1 + mozconfig_use_with system-harfbuzz + mozconfig_use_with system-harfbuzz system-graphite2 + mozconfig_use_with system-icu + mozconfig_use_with system-jpeg + mozconfig_use_with system-libvpx + mozconfig_use_with system-webp + mozconfig_use_enable pulseaudio + + # force the deprecated alsa sound code if pulseaudio is disabled + if use kernel_linux && ! use pulseaudio ; then + mozconfig_annotate '-pulseaudio' --enable-alsa + fi + + # Disable built-in ccache support to avoid sandbox violation, #665420 + # Use FEATURES=ccache instead! + mozconfig_annotate '' --without-ccache + sed -i -e 's/ccache_stats = None/return None/' \ + python/mozbuild/mozbuild/controller/building.py || \ + die "Failed to disable ccache stats call" + + mozconfig_use_enable dbus + mozconfig_use_enable wifi necko-wifi + mozconfig_use_enable geckodriver + mozconfig_use_enable jack + mozconfig_use_enable screencast pipewire + + # Enable/Disable eme support + use eme-free && mozconfig_annotate '+eme-free' --disable-eme + + mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}" + + # allow elfhack to work in combination with unstripped binaries + # when they would normally be larger than 2GiB. + append-ldflags "-Wl,--compress-debug-sections=zlib" + + if use clang ; then + # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204 + # https://bugzilla.mozilla.org/show_bug.cgi?id=1483822 + mozconfig_annotate 'elf-hack is broken when using Clang' --disable-elf-hack + fi + + echo "mk_add_options MOZ_OBJDIR=${BUILD_OBJ_DIR}" >> "${S}"/.mozconfig + echo "mk_add_options XARGS=/usr/bin/xargs" >> "${S}"/.mozconfig + export MOZILLA_OFFICIAL=1 + + # Rename the install directory and the executable + mozconfig_annotate 'torbrowser' --with-app-name=${PN} + mozconfig_annotate 'torbrowser' --with-app-basename=${PN} + mozconfig_annotate 'torbrowser' --disable-tor-browser-update + mozconfig_annotate 'torbrowser' --enable-tor-launcher + mozconfig_annotate 'torbrowser' --with-tor-browser-version=${PV} + mozconfig_annotate 'torbrowser' --disable-tor-browser-data-outside-app-dir + mozconfig_annotate 'torbrowser' --with-branding=browser/branding/official + mozconfig_annotate 'torbrowser' --disable-webrtc + mozconfig_annotate 'torbrowser' --disable-parental-controls + mozconfig_annotate 'torbrowser' --enable-proxy-bypass-protection + mozconfig_annotate 'torbrowser' --enable-update-channel=release + mozconfig_annotate 'torbrowser' --enable-bundled-fonts + + # Finalize and report settings + mozconfig_final + + mkdir -p "${S}"/third_party/rust/libloading/.deps + + # Use system's Python environment + export MACH_USE_SYSTEM_PYTHON=1 + + # workaround for funky/broken upstream configure... + SHELL="${SHELL:-${EPREFIX}/bin/bash}" MOZ_NOSPAM=1 \ + ./mach configure || die +} + +src_compile() { + local _virtx= + if use pgo ; then + _virtx=virtx + + # Reset and cleanup environment variables used by GNOME/XDG + gnome2_environment_reset + + addpredict /root + fi + + GDK_BACKEND=x11 \ + MOZ_MAKE_FLAGS="${MAKEOPTS} -O" \ + SHELL="${SHELL:-${EPREFIX}/bin/bash}" \ + MOZ_NOSPAM=1 \ + ${_virtx} \ + ./mach build --verbose || die +} + +pkg_preinst() { + xdg_pkg_preinst + + # If the apulse libs are available in MOZILLA_FIVE_HOME then apulse + # does not need to be forced into the LD_LIBRARY_PATH + if use pulseaudio && has_version ">=media-sound/apulse-0.1.12-r4" ; then + einfo "APULSE found; Generating library symlinks for sound support ..." + local lib + pushd "${ED}${MOZILLA_FIVE_HOME}" &>/dev/null || die + for lib in ../apulse/libpulse{.so{,.0},-simple.so{,.0}} ; do + # A quickpkg rolled by hand will grab symlinks as part of the package, + # so we need to avoid creating them if they already exist. + if [[ ! -L ${lib##*/} ]] ; then + ln -s "${lib}" ${lib##*/} || die + fi + done + popd &>/dev/null || die + fi +} + +src_install() { + # Set MOZILLA_FIVE_HOME + #export MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}" + cat "${WORKDIR}/profile/Browser/TorBrowser/Data/Browser/profile.default/bookmarks.html" > \ + "${WORKDIR}"/tb/dist/bin/browser/chrome/en-US/locale/browser/bookmarks.html || die + cd "${BUILD_OBJ_DIR}" || die + + # mimic official release + insinto ${MOZILLA_FIVE_HOME}/browser/extensions + newins "${DISTDIR}"/${MY_NOS} {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi + + # Pax mark xpcshell for hardened support, only used for startupcache creation. + pax-mark m "${BUILD_OBJ_DIR}"/dist/bin/xpcshell \ + "${BUILD_OBJ_DIR}"/dist/bin/torbrowser \ + "${BUILD_OBJ_DIR}"/dist/bin/plugin-container + + touch "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die + + # set dictionary path, to use system hunspell + echo "pref(\"spellchecker.dictionary_path\", \"${EPREFIX}/usr/share/myspell\");" \ + >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die + + # force the graphite pref if system-harfbuzz is enabled, since the pref cant disable it + if use system-harfbuzz ; then + echo "sticky_pref(\"gfx.font_rendering.graphite.enabled\",true);" \ + >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die + fi + + # Augment this with hwaccel prefs + if use hwaccel ; then + printf 'pref("%s", true);\npref("%s", true);\n' \ + layers.acceleration.force-enabled webgl.force-enabled >> \ + "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ + || die + fi + + if ! use screenshot ; then + echo "pref(\"extensions.screenshots.disabled\", true);" >> \ + "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ + || die + fi + + sed -e '/extensions\.autoDisableScopes/s:\<0\>:3:' \ + -i "${BUILD_OBJ_DIR}"/dist/bin/browser/defaults/preferences/000-tor-browser.js \ + || die + + cd "${S}" + MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL:-${EPREFIX}/bin/bash}" MOZ_NOSPAM=1 \ + DESTDIR="${D}" ./mach install || die + + # Install icons and .desktop for menu entry + local size icon_path + icon_path="${S}/browser/branding/official" + for size in 16 22 24 32 48 64 128 256 512; do + newicon -s ${size} "${icon_path}/default${size}.png" ${PN}.png + done + newicon -s scalable "${icon_path}/firefox.svg" ${PN}.svg + make_desktop_entry ${PN} "Tor Browser" ${PN} "Network;WebBrowser" "StartupWMClass=Torbrowser" + + # Don't install llvm-symbolizer from sys-devel/llvm package + [[ -f "${ED%/}${MOZILLA_FIVE_HOME}/llvm-symbolizer" ]] && \ + rm "${ED%/}${MOZILLA_FIVE_HOME}/llvm-symbolizer" + + # torbrowser and torbrowser-bin are identical + rm "${ED%/}"${MOZILLA_FIVE_HOME}/${PN}-bin || die + dosym ${PN} ${MOZILLA_FIVE_HOME}/${PN}-bin + + # see https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/build?h=maint-10.0#n84 + pushd "${WORKDIR}"/https-everywhere || die + find chrome/ | zip -q -X -@ "${ED}${MOZILLA_FIVE_HOME}/omni.ja" + popd || die + + local PREFS_DIR="${MOZILLA_FIVE_HOME}/browser/defaults/preferences" + insinto "${PREFS_DIR}" + + # see: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/build#n134 + # see https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/build#n170 + newins - 000-tor-browser.js <<-EOF + pref("extensions.torlauncher.prompt_for_locale", "false"); + pref("intl.locale.requested", "en-US"); + EOF + + # Set dictionary path to use system hunspell + newins - all-gentoo.js <<-EOF + pref("spellchecker.dictionary_path", "${EPREFIX}/usr/share/myspell"); + EOF + + local GENTOO_PREFS="${ED}${PREFS_DIR}/all-gentoo.js" + + # Force the graphite pref if USE=system-harfbuzz is enabled, since the pref cannot disable it + if use system-harfbuzz ; then + cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to set gfx.font_rendering.graphite.enabled pref" + sticky_pref("gfx.font_rendering.graphite.enabled", true); + EOF + fi + + # Install wrapper + # see: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/RelativeLink/start-tor-browser + # see: https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/lib/anon-ws-disable-stacked-tor/torbrowser.sh + rm "${ED%/}"/usr/bin/torbrowser || die # symlink to /usr/lib64/torbrowser/torbrowser + + newbin - torbrowser <<-EOF + #!/bin/sh + + unset SESSION_MANAGER + export GSETTINGS_BACKEND=memory + + export TOR_HIDE_UPDATE_CHECK_UI=1 + export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 + export TOR_SKIP_CONTROLPORTTEST=1 + export TOR_SKIP_LAUNCH=1 + + exec /usr/$(get_libdir)/torbrowser/torbrowser --class "Tor Browser" "\${@}" + EOF + + # Required in order to use plugins and even run torbrowser on hardened. + pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/{${PN},plugin-container} + + dodoc "${FILESDIR}/99torbrowser.example" + dodoc "${WORKDIR}/profile/Browser/TorBrowser/Docs/ChangeLog.txt" +} + +pkg_postinst() { + xdg_pkg_postinst + + if use pulseaudio && has_version ">=media-sound/apulse-0.1.12-r4" ; then + elog "Apulse was detected at merge time on this system and so it will always be" + elog "used for sound. If you wish to use pulseaudio instead please unmerge" + elog "media-sound/apulse." + elog + fi + + if [[ -z ${REPLACING_VERSIONS} ]]; then + ewarn "This patched firefox build is _NOT_ recommended by Tor upstream but uses" + ewarn "the exact same sources. Use this only if you know what you are doing!" + elog "Torbrowser uses port 9150 to connect to Tor. You can change the port" + elog "in /etc/env.d/99torbrowser to match your setup." + elog "An example file is available at /usr/share/doc/${P}/99torbrowser.example.bz2" + elog "" + elog "To get the advanced functionality (network information," + elog "new identity), Torbrowser needs to access a control port." + elog "Set the Variables in /etc/env.d/99torbrowser accordingly." + fi + + xdg_icon_cache_update + xdg_desktop_database_update +} |