From unknown Tue Jun 17 20:00:58 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#71121 <71121@debbugs.gnu.org> To: bug#71121 <71121@debbugs.gnu.org> Subject: Status: [PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes] Reply-To: bug#71121 <71121@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:00:58 +0000 retitle 71121 [PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes] reassign 71121 guix-patches submitter 71121 Ian Eure severity 71121 normal tag 71121 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed May 22 10:53:58 2024 Received: (at submit) by debbugs.gnu.org; 22 May 2024 14:53:58 +0000 Received: from localhost ([127.0.0.1]:56408 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nLp-0003su-M0 for submit@debbugs.gnu.org; Wed, 22 May 2024 10:53:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:59892) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nLm-0003so-27 for submit@debbugs.gnu.org; Wed, 22 May 2024 10:53:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s9nLf-0004vN-MU for guix-patches@gnu.org; Wed, 22 May 2024 10:53:47 -0400 Received: from wfhigh7-smtp.messagingengine.com ([64.147.123.158]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s9nLd-0007RE-TX for guix-patches@gnu.org; Wed, 22 May 2024 10:53:47 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfhigh.west.internal (Postfix) with ESMTP id 640C2180011A; Wed, 22 May 2024 10:53:41 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 22 May 2024 10:53:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm3; t=1716389621; x=1716476021; bh=Q+ OWWG5+dD6gH//q0BMJomnsBBCRYu7CNc18eoJUK40=; b=S5ZYCIYHq6nT7anREY hQ0c0t7vIMh4y19ft45rq7+lSU+rqipYmz93NzSPvvVZCtJL1pgHviAwS9jXCgzC XDF++hDNGQ9g800kxDfQB+zcm2lgzw4Ai5RcNbJrbO/fnRWxVeqvnYAjwiBRmkdJ whQ02kvy0X2AmJdlumE0xvmC2hU9reppLCWKo6PtOwWTZOA1r/DOzT96kmoG373A J7y2704Da5YMRzFtsD5ddH+xiP0kpsHrj83tMi1fdVwXwxxDTrxrjl7jdbC2hwWm zeCybTqEZHVq5kDemI6jHeErAMbTNUtmXxjCySciRaWyrHWFRNaHkfPRFZ5bw750 pBPQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1716389621; x=1716476021; bh=Q+OWWG5+dD6gH //q0BMJomnsBBCRYu7CNc18eoJUK40=; b=F2fYDRpXMNN2Rhf9etRfEtOC+3tqJ 6GjdzoxDuPjNTSBvNn8IIT6CWKqerlRn12nW7y0z/IlyOqL261eW/lEnUV/88RRU gHxRC6VqPvTVywaVd+WzcYbL1ypNe4kZcjLMbv6nAe0GfaBowFzn50jyvEnxkpS5 btTXpq5pTCAe0wf5ME34HA04FxCvSUhvtisQD2ZHfZ0i9f17Py/hEBDU3OjSC0tU EydY5k2JVcX4Jq4RtYlro9sT7yzZhfnezCs7S53bg469dMtqMHi8qCi1+O+hPImF RM95uDmkXJaD24B6YbsSb7YOwkTzndz7Ituuqg6w3hSVxhwL3vlqxOxmg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeigedgvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffogggtgfesthekre dtredtjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgueekffejudfgvdevteelteeitdeuuddufffhue fhiefhjeetuefhgfettedvteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 May 2024 10:53:40 -0400 (EDT) From: Ian Eure To: guix-patches@gnu.org Subject: [PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes] Date: Wed, 22 May 2024 07:53:00 -0700 Message-ID: <20240522145300.31060-1-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=64.147.123.158; envelope-from=ian@retrospec.tv; helo=wfhigh7-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) This patch series changes how LibreWolf is built, and updates it to 126.0-1, which contains fixes for: CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778. Previously, LibreWolf has built from the upstream source release tarballs, which are generated with an automated process: a script downloads the Firefox source, patches it, and repacks it into the LibreWolf source tarball. This process is now automated into the Guix package builds, so things are built directly from the LibreWolf source repo and Firefox upstream release tarball. This is how IceCat builds, and means we don't have to trust the results of an external build process. This necessitated making all-mozilla-locales public in (gnu packages gnuzilla), and adding the Santali locale to it. LibreWolf 126.0-1 backports a fix for the encoding_rs library, needed to make it build on newer versions of Rust. Unfortunately, this also fails to build on Rust 1.75, which is what's currently in Guix. It was necessary to back this out to get things building, and it'll likely need to be reapplied once the rust-team branch merges. Ian Eure (3): gnu: all-mozilla-locales: Add Santali locale; make public. gnu: librewolf: Rebuild source tarball gnu: librewolf: Update to 126.0-1. gnu/packages/gnuzilla.scm | 3 +- gnu/packages/librewolf.scm | 127 +++++++++++++++++++++++++++++++++---- 2 files changed, 116 insertions(+), 14 deletions(-) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed May 22 11:00:28 2024 Received: (at 71121) by debbugs.gnu.org; 22 May 2024 15:00:28 +0000 Received: from localhost ([127.0.0.1]:56479 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nS8-00040p-2W for submit@debbugs.gnu.org; Wed, 22 May 2024 11:00:28 -0400 Received: from wfout4-smtp.messagingengine.com ([64.147.123.147]:47033) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nS1-00040b-9n for 71121@debbugs.gnu.org; Wed, 22 May 2024 11:00:27 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.west.internal (Postfix) with ESMTP id 6DB9E1C0017F; Wed, 22 May 2024 11:00:08 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 22 May 2024 11:00:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm3; t=1716390008; x=1716476408; bh=vIsrGtGT1hiCXBH0myuGc LRvPfkzQIgu1NH9xBCjKJw=; b=R1GarumCuYDgzmKOFS9iN5D0vS6+Ph8fBvnaU vYXyUshNBHXmowA9SGlGd0REGqMnp3Wl1u8rB15L46+eZh7YAdPx6SJMDGkKa0ZV qiiMlFsfYeaOugaqem/KZydEIq/mKKgWawEF2NvgruMBKBMVXAaKKAakxyf42l/x RrYIIN4aN62p5Y13CinuCK22dDH3PtO1owD4jCLgnPD3XbYskREHDPbEQ1StUQVy Jl9JVl5NpAiRue8w6y3XwruMPWkwSvIUUnbY+Eve+iUvQS6Kkps64I3T7aJPND/m r1wU0gI86kfILjtnB9ef+a83Qf2T4gBeJDyQ1WosqrTePdLfg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1716390008; x=1716476408; bh=vIsrGtGT1hiCXBH0myuGcLRvPfkz QIgu1NH9xBCjKJw=; b=nXFHx/AufmUfmvv1jIQ5cUfQkL1k94LjxERvGxUuoTA3 HejWO57kptxO5yJ6AEP8Ou+z4qA8VWb3nZgOELyIMTX7AIV4jJR6elH4AdWsGrF+ m3tWLKnRkYybreUpbJnAuksmGbQPruNuFuO8JKnN+jtq5LWpdPY/qc6x4M8dPT/+ o5XMqnZRY4dy7uEdhdz3SR12lxaqeltbSc6EYfK1tsORofNgxVoXkb23GxWltjHz t2v4bO3njwVNH/h2Dot7ZgZeA/iVIXeboS0hhiZjTpq2ecCSzdn+uJb+NHimHFcB Q9ygsmVlhdtNJl1YhYaY5nFTwTcblMFmck2NSWMpfA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeigedgvdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertd ertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhephfeiveeliedukeffhefhleeijedtveelleetgefggf ehkeeljeehtdeguddvvefgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 May 2024 11:00:07 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH 1/3] gnu: all-mozilla-locales: Add Santali locale; make public. Date: Wed, 22 May 2024 07:59:54 -0700 Message-ID: <20240522145956.31218-1-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/gnuzilla.scm (all-mozilla-locales): Adds the Santali locale, and makes all-mozilla-locales public, so it can be used with LibreWolf. Change-Id: Ice49c9b37f8896b8fa963146a754ab28b8571b68 --- gnu/packages/gnuzilla.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 814b610bba..2188179128 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -414,7 +414,7 @@ (define (update-mozilla-locales changesets.json) (format #t "~{~s~%~}" data) data)))) -(define all-mozilla-locales +(define-public all-mozilla-locales (mozilla-locales ;; sha256 changeset locale ;;--------------------------------------------------------------------------- @@ -495,6 +495,7 @@ (define all-mozilla-locales ("0c8dl12n5fjdd3bjaf8idyaxsf8ppbma132vdw8bk2wqnh4cv69a" "92110fd6e211" "rm") ("0mxxy56kj0k5jhjxjv8v4zz57pha819mz7j803lcilax7w52wgca" "5eeba1f64743" "ro") ("0jrd95n108r4sxdwgy39zjynm5nlzzmiijsfpxxfwj7886wl4faz" "47131134e349" "ru") + ("1lwm5jv3hvjp84a70186x2083nhr3mfcl7kpmw5in9amaflfi41b" "a5cd6d3d67ee" "sat") ("1q6pn3iixzcas9blf61bhvwgppbsh0am0wdz6a6p9f9978894d73" "880b7986692a" "sc") ("0xndsph4v725q3xcpmxxjb9vxv19sssqnng82m9215cdsv9klgpb" "bf5f6e362f6f" "sco") ("0l70n8817mbmbc09fsnn2aqjj9k9dhad2gmzgphmiilf9mqm2dpf" "1f705c926a99" "si") -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed May 22 11:00:32 2024 Received: (at 71121) by debbugs.gnu.org; 22 May 2024 15:00:32 +0000 Received: from localhost ([127.0.0.1]:56481 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nSB-000411-MJ for submit@debbugs.gnu.org; Wed, 22 May 2024 11:00:32 -0400 Received: from wfout4-smtp.messagingengine.com ([64.147.123.147]:33121) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nS3-00040d-Fx for 71121@debbugs.gnu.org; Wed, 22 May 2024 11:00:27 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfout.west.internal (Postfix) with ESMTP id 0A6951C0017B; Wed, 22 May 2024 11:00:11 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Wed, 22 May 2024 11:00:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1716390011; x= 1716476411; bh=d0xNAtT2R4yHgsZ/1mB8QdmyPiyrnG6JS/ctJvY/etM=; b=E vHjPBjx63J+O47B+gx0VpmqkEeLNcNEMtatx08gni0+aNDt8G/Pqj0CcaWrPodoZ bwxKCwZJcYAENBtprwUZsPD9i+AOLJnvxHs0/H1BNbcxTjv+COAltW6jnpCRgaiO j/SPb+UWweU2E4nghQwl+lgy8LZCXihpWr6LQ4mnV5kqd+YE+ROIIyhEy+XwvwXT eA46we91xKpmfb75VoLktJMFWKZAY1iDR95pCyIqmcUOBzI8gUQrBd9gFnge1hVb CIXUXOXtIQQPgshlHcS+roH0F7bggFOfNGEdTF7fhHYe8vnw2ExO732LQIBImOgS ysgOfw6AOUn/sxbcCSuWw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1716390011; x= 1716476411; bh=d0xNAtT2R4yHgsZ/1mB8QdmyPiyrnG6JS/ctJvY/etM=; b=V 2pTIm60OB2zU3P1T8V8lei+W6vFcF1B001hTib4e2ZChcbMFODyo5eyVAd8vz91Z tS1NtuRvuSmrrG+Rfz9qyhU0t6yAq3NKWsGKY+SGkg+ylH32FSrMvlvh4suK/kRu mqSToRFz0Qht5hK0ZwXHY157Q3xWIX7bwppMJUuTbNG/ZFlGUSsxgEYe7d36ryr4 8ZKEGtEqYHip7hplAOMAMqJvvW5NoNKjgFE/DpipsqVn21CUB4NelMVPsQBZgf4P BwUOzAiHA/Jhd9tqOQXkyK6xe34YbZdYb8OU1M6E+1ZnQx81iAC1VPQ5Sn672ing V5CIZAzgFkXigNP4WM/vQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeigedgvdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtke ertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepveevjeffuddvteeiueetgfeukedvfeeiuedvve elfeeghfduleeftedvgfefgeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 May 2024 11:00:10 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH 3/3] gnu: librewolf: Update to 126.0-1. Date: Wed, 22 May 2024 07:59:56 -0700 Message-ID: <20240522145956.31218-3-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240522145956.31218-1-ian@retrospec.tv> References: <20240522145956.31218-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/librewolf.scm (librewolf): Update to 126.0-1. Fixes CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778. Change-Id: Iec010e516651588da389f747074cbd10f8c14377 --- gnu/packages/librewolf.scm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index bb8bc8a283..c1fed6eef1 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -115,9 +115,9 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) (define librewolf-source - (let* ((ff-src (firefox-source-origin "125.0.2" "16gpd6n52lshvkkha41z7xicggj64dw0qhr5gd07bcxsc4rmdl39")) - (version "125.0.2-1") - (lw-src (librewolf-source-origin version "17i36s2ny1pv3cz44w0gz48fy4vjfw6vp9jk21j62f5d3dl726x8"))) + (let* ((ff-src (firefox-source-origin "126.0" "09l5hsyrkimmkd7wbhnamy5mwmwwxjfa742hpkjjkhlyk6hq43li")) + (version "126.0-1") + (lw-src (librewolf-source-origin version "1q8fjki6rgzrir84y7j2anra2w213bm0g74nw205gja9qsxlassc"))) (origin (method computed-origin-method) @@ -161,6 +161,11 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) + ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. + (substitute* '("assets/patches.txt") + (("patches/encoding_rs.patch\\\n$") + "")) + ;; Stage locales (begin (format #t "Staging locales...~%") @@ -210,7 +215,7 @@ (define %librewolf-build-id "20240427150329") (define-public librewolf (package (name "librewolf") - (version "125.0.2-1") + (version "126.0-1") (source librewolf-source) (build-system gnu-build-system) (arguments -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed May 22 11:00:32 2024 Received: (at 71121) by debbugs.gnu.org; 22 May 2024 15:00:33 +0000 Received: from localhost ([127.0.0.1]:56483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nSC-000413-52 for submit@debbugs.gnu.org; Wed, 22 May 2024 11:00:32 -0400 Received: from wfhigh7-smtp.messagingengine.com ([64.147.123.158]:45445) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9nS1-00040c-PT for 71121@debbugs.gnu.org; Wed, 22 May 2024 11:00:29 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.west.internal (Postfix) with ESMTP id 3FC191800129; Wed, 22 May 2024 11:00:10 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 22 May 2024 11:00:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1716390009; x=1716476409; bh=PBLgPJ788Wl9N0ql10tN4mlQ/5XQnBCKHLQBtKeHVK0=; b= PZ+jjR+UKFGixL6Y2HzMFYnAFcdXURJ7VKyUTzReWbheWZDZJ9NoiL0jgMCBOqeq r7c1EU9tZxQfcvA6oQVBVLXhUqsV80/hBIunlZ4EASwrM+zwxs1CD0ydt8xhm1MN 1N+6pFr+fho3/gLxys9fM0Hh7u6P1uHNRo0ZoC4RMNHatcbmtyRnSsDiuk6hIT4p +JL6mRZP3HMPsZmB3fFH1bp0DyXKRS3b9h/R2mRrYv/MYw1ua9XDvsFH0UDTgSJY LB8x+c1OxDjUx+7SZwPeyd+P/hB3MT1Gn/X1qOKgNCWzUjBIR9J+EYzZg8HZpSJv PGDmGmgZAf2tlibmpFXWNA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1716390009; x= 1716476409; bh=PBLgPJ788Wl9N0ql10tN4mlQ/5XQnBCKHLQBtKeHVK0=; b=p ujFnISlDmEWMJu1pxrbzcmleni3YK3r7qDoG5X0NLf++rVxrlBIc5ra1OcIoeaWZ 33GpFBT8UJZ/TMIklvbkW10pMnHWRKJ5vAWi/bw3hFbyFQ/q/i/zUlFv55dPlT7S 82Y4BfKwLNRI3ovF6hb62GdrFKsWOpN/ayMKPiG0cwcPoF1zGJX6B+hMkAeNKWOM AcvMwH9BCnhjS/Zh9GHGSOFVfkhYrqFLj7r3vKtGcqHOj8dl12U+uB0Lup1GiIWd h86UbLVMDn+TYZMRKyAvA9ZUu7WEljOQUTLLB4w3OHMk3W+suE5k4lVHuI0DLTPX 9Pm1WcyEFpRmA0uYM0sfg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeigedgvdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfgggtgfesth ekredtredtjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgv tgdrthhvqeenucggtffrrghtthgvrhhnpedvieetveekkeeliefhtefftedvtefgvdegle efvdeigfettdejtddvffdvgfejudenucffohhmrghinhepmhhoiihilhhlrgdrohhrghdp tghouggvsggvrhhgrdhorhhgpdhsvggrrhgthhhfohigrdhorhhgpdhgihhtlhgrsgdrtg homhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehi rghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 May 2024 11:00:08 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH 2/3] gnu: librewolf: Rebuild source tarball Date: Wed, 22 May 2024 07:59:55 -0700 Message-ID: <20240522145956.31218-2-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240522145956.31218-1-ian@retrospec.tv> References: <20240522145956.31218-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/librewolf.scm (librewolf): This patch removes an intermediate step in the build chain. The upstream source tarball is created with an automated build process, where Firefox sources are fetched, patched, and repacked. Rather than download the output of that process, as the package has been, it’s now replicated within the build process, similar to how IceCat works. Change-Id: I0f1c2a10252cbbff9b3b3140f6ea3a594df0c97b --- gnu/packages/librewolf.scm | 120 +++++++++++++++++++++++++++++++++---- 1 file changed, 108 insertions(+), 12 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index fa83857c96..bb8bc8a283 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -40,10 +40,12 @@ (define-module (gnu packages librewolf) + #:use-module ((srfi srfi-1) #:hide (zip)) #:use-module (guix build-system gnu) #:use-module (guix build-system cargo) #:use-module (guix build-system trivial) #:use-module (guix download) + #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix gexp) #:use-module (guix packages) @@ -62,6 +64,7 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages gl) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) + #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gtk) #:use-module (gnu packages hunspell) #:use-module (gnu packages icu4c) @@ -81,6 +84,7 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages pkg-config) #:use-module (gnu packages pulseaudio) #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) #:use-module (gnu packages rust) #:use-module (gnu packages rust-apps) #:use-module (gnu packages speech) @@ -89,6 +93,109 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +(define (firefox-source-origin version hash) + (origin + (method url-fetch) + (uri (string-append + "https://ftp.mozilla.org/pub/firefox/releases/" + version "/source/" "firefox-" version + ".source.tar.xz")) + (sha256 (base32 hash)))) + +(define (librewolf-source-origin version hash) + (origin + (method git-fetch) + (uri (git-reference + (url "https://codeberg.org/librewolf/source.git") + (commit version) + (recursive? #t))) + (file-name (git-file-name "librewolf-source" version)) + (sha256 (base32 hash)))) + +(define computed-origin-method (@@ (guix packages) computed-origin-method)) + +(define librewolf-source + (let* ((ff-src (firefox-source-origin "125.0.2" "16gpd6n52lshvkkha41z7xicggj64dw0qhr5gd07bcxsc4rmdl39")) + (version "125.0.2-1") + (lw-src (librewolf-source-origin version "17i36s2ny1pv3cz44w0gz48fy4vjfw6vp9jk21j62f5d3dl726x8"))) + + (origin + (method computed-origin-method) + (file-name (string-append "librewolf-" version ".source.tar.gz")) + (sha256 #f) + (uri + (delay + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (set-path-environment-variable + "PATH" '("bin") + (list #+python + #+(canonical-package bash) + #+(canonical-package gnu-make) + #+(canonical-package coreutils) + #+(canonical-package findutils) + #+(canonical-package patch) + #+(canonical-package xz) + #+(canonical-package sed) + #+(canonical-package grep) + #+(canonical-package gzip) + #+(canonical-package tar))) + (set-path-environment-variable + "PYTHONPATH" + (list #+(format #f "lib/python~a/site-packages" + (version-major+minor + (package-version python)))) + '#+(cons python-jsonschema + (map second + (package-transitive-propagated-inputs + python-jsonschema)))) + + ;; Copy LibreWolf source into the build directory and make + ;; everything writable. + (copy-recursively #+lw-src ".") + (for-each make-file-writable (find-files ".")) + + ;; Patch Makefile to use the upstream source instead of downloading. + (substitute* '("Makefile") + (("^ff_source_tarball:=.*") + (string-append "ff_source_tarball:=" #+ff-src))) + + ;; Stage locales + (begin + (format #t "Staging locales...~%") + (force-output) + (mkdir "l10n-staging") + (with-directory-excursion "l10n-staging" + (for-each + (lambda (locale-dir) + (let ((locale + (string-drop (basename locale-dir) + (+ 32 ; length of hash + (string-length "-mozilla-locale-"))))) + (format #t " ~a~%" locale) + (force-output) + (copy-recursively locale-dir locale + #:log (%make-void-port "w")) + (for-each make-file-writable (find-files locale)) + (with-directory-excursion locale + (when (file-exists? ".hgtags") + (delete-file ".hgtags"))))) + '#+all-mozilla-locales))) + + ;; Patch build script to use staged locales. + (begin + (substitute* '("scripts/generate-locales.sh") + (("wget") "# wget") + (("unzip") "# unzip") + (("mv browser/locales/l10n/\\$1-\\*/") + "mv ../l10n-staging/$1/"))) + + ;; Run the build script + (invoke "make" "all") + (copy-file (string-append "librewolf-" #$version ".source.tar.gz") + #$output)))))))) + ;; Define the versions of rust needed to build librewolf, trying to match ;; upstream. See the file taskcluster/ci/toolchain/rust.yml at ;; https://searchfox.org under the particular firefox release, like @@ -104,18 +211,7 @@ (define-public librewolf (package (name "librewolf") (version "125.0.2-1") - (source - (origin - (method url-fetch) - - (uri (string-append "https://gitlab.com/api/v4/projects/32320088/" - "packages/generic/librewolf-source/" - version - "/librewolf-" - version - ".source.tar.gz")) - (sha256 - (base32 "09qzdaq9l01in9h4q14vyinjvvffycha2iyjqj5p4dd5jh6q5zma")))) + (source librewolf-source) (build-system gnu-build-system) (arguments (list -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed May 29 21:31:28 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 01:31:28 +0000 Received: from localhost ([127.0.0.1]:37793 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCUdc-0008Es-0z for submit@debbugs.gnu.org; Wed, 29 May 2024 21:31:28 -0400 Received: from mail-qk1-f169.google.com ([209.85.222.169]:59537) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCUdZ-0008Ec-OM for 71121@debbugs.gnu.org; Wed, 29 May 2024 21:31:26 -0400 Received: by mail-qk1-f169.google.com with SMTP id af79cd13be357-794ab0ae817so28136785a.2 for <71121@debbugs.gnu.org>; Wed, 29 May 2024 18:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717032609; x=1717637409; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=klpZyt0q6egFXZRteT/C6WslmETCkKprANVFyqcGy8E=; b=EoL6qDpdsdK/aSXTCfqym7RIK8r3n6dN6q+7nAeoMrJZszPrnXPQlmnHC0hrRwtGU6 sNQEgaUieyxL6YIm/jLXE2G1qemxRaYZuzOaoqrPFbU0Tgcg12MIvkPPodbUOcgVTM+v eEvLefCKlwM7IoFcDt89FUxzHfok9o/TtqaMOYWEDQvuNWpjTqaVhechRNOhvo3cnTwB fcP98obflrHpI/aD1AwHiw0sWaLxCIM0TAv6Jcxr9dIrSI6aonIoQ2viSxozKs8OczMq vpz+VbyYQXOK5cE8pOPPJ3jbJHI7hgmzGrYQhH2t2zEcVGAoJLgvrkhw5x8qR6jgGvfq cFFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717032609; x=1717637409; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=klpZyt0q6egFXZRteT/C6WslmETCkKprANVFyqcGy8E=; b=Zm5Id541S/7ib4BAtSnxlWSjDk0NrXb5medU4cUDxgISEAhaMdZcI96vEWWyhCg7lC j3Uy7MPD/aTzutzz0lFxOl78tfZam9OkkLN/GqKTY2QZ6MOeVH4S2zBrnb4+Wbh4/h4i r8jP4CaGEByH9vIxhTGUrRn0g02UtBGHFUjC17Zjq+ZflLxeYqXpjTP//UiqlacwgnTD UgVtWH0qt5eQ+NgKYrIR6H8sJgcGhnCFIkZStqiuy+BgxAa2vLDJB+1o6VJjzCEBjA3q Cl04PCMnSGiJvEtxKV84GaHwGrrdAv0KqmnMCBw1JbOo+JMp9VVRxoq8i459nYUAkxiO I1og== X-Gm-Message-State: AOJu0YzGB/N8Gd59KaHAds5Y+sU+UaCOOqn+Q5x0tE55A+xtJM7KzATa Wtvc6xlBOrDf+VXtVu/8/YX9hlrWxzrtMCybAI9yOAh9UujyViLkA4VH7iks X-Google-Smtp-Source: AGHT+IFIJQTJYI6wCk0X7o7hOkrc5BEfqz8ldUyWxeizxjyg8YCJWJFY2KtOjrdDjgL/08O+Mi/zyw== X-Received: by 2002:a05:620a:4002:b0:793:82c:69a7 with SMTP id af79cd13be357-794e9dbf08emr109583985a.42.1717032608715; Wed, 29 May 2024 18:30:08 -0700 (PDT) Received: from hurd (dsl-10-133-96.b2b2c.ca. [72.10.133.96]) by smtp.gmail.com with ESMTPSA id af79cd13be357-794abca6428sm518230385a.3.2024.05.29.18.30.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 18:30:08 -0700 (PDT) From: Maxim Cournoyer To: Ian Eure Subject: Re: [bug#71121] [PATCH 2/3] gnu: librewolf: Rebuild source tarball In-Reply-To: <20240522145956.31218-2-ian@retrospec.tv> (Ian Eure's message of "Wed, 22 May 2024 07:59:55 -0700") References: <20240522145956.31218-1-ian@retrospec.tv> <20240522145956.31218-2-ian@retrospec.tv> Date: Wed, 29 May 2024 21:30:07 -0400 Message-ID: <87jzjcf5nk.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71121 Cc: 71121@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ian, Ian Eure writes: > * gnu/packages/librewolf.scm (librewolf): This patch removes an intermedi= ate > step in the build chain. The upstream source tarball is created with an > automated build process, where Firefox sources are fetched, patched, and > repacked. Rather than download the output of that process, as the packag= e has > been, it=E2=80=99s now replicated within the build process, similar to ho= w IceCat > works. I think I'd rather keep using a human-prepared and vetted tarball, to avoid anything going stale in our local recipe of how it's meant to be prepared. It's also simpler and less maintenance, and arguably shields the users better against non-free source code (although I don't think there's anything non-free in the Firefox tree, so that point is more moot than say, for linux) to use a tarball. What do you or others think? --=20 Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Wed May 29 23:10:42 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 03:10:43 +0000 Received: from localhost ([127.0.0.1]:41456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCWBe-0003bd-Ad for submit@debbugs.gnu.org; Wed, 29 May 2024 23:10:42 -0400 Received: from wfhigh7-smtp.messagingengine.com ([64.147.123.158]:58371) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCWBb-0003bO-AV for 71121@debbugs.gnu.org; Wed, 29 May 2024 23:10:40 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfhigh.west.internal (Postfix) with ESMTP id 02E72180014B; Wed, 29 May 2024 23:10:22 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Wed, 29 May 2024 23:10:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1717038622; x=1717125022; bh=ruUCMejktWNNP5a45VTHhU2tqSEo6HqKUNSF9nw6JLU=; b= GsM1e+kO8xgObC+K0KdaNhhwf/jTTTmaLfb2ho0Qjh2VVKrjZ21veCwmSX5+gU9B t26l/b6iLpOmK4LtL4kAWzUprfOPXZptl5DaYH/bo8faLWfS1gq4GMFpvh+JJ8lb TZL6GVRdeOiwbrR0/klijFUEV9/o1WPXhanounTZpcIc/mEzTHaEgDHL2NO7LZjj ddvT88GAJIFdcvTcKjjrdIxtRaRLpNTkDgyJBFymaBprN7kcuLeNU2b2Ilhzzz28 EDByX2w4rjDSPEIpidMdYmTmpKL1uQEdqyxTpgs8vaH77NnyQPe2y6V2p4dl0hKG BiTkH+PzBjEMmAUSvEZR0g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717038622; x= 1717125022; bh=ruUCMejktWNNP5a45VTHhU2tqSEo6HqKUNSF9nw6JLU=; b=X CmJ9IwEpowIWJzY6Xim56GE1B6udo1P/M32yLYjcMIxVvENAUprLawtyAQEmOQTR M9l01I2cz1UkmjjYCrSzKvSq+mi+pbeRq0X562nmMPtz8Lyx/E3/qUJ0PjnfzZ39 o1gSwYFpbv+rWVGYFJIX2LxSBSMy7L6wY3OfsQMPgLH3Ryhrg+d5U0Lb+Ri0K2iX sMKC1G7ZnI7DQttUYu9LS6WJeW4GBYG+5JmMV9EtjoyTOeC1DuqD5O3XRpRYgRjJ tOtg0vRtrROzBA1Q7JVEBx7HMlhAq0Bcp44hDMWC6xVQkOYQa8GmNUGJFPBfakaz UnNReta+7vKtNDGJnIYyg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekfedgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfhgfhffvvefuffgjkfggtgfgsehtqhertddtreejnecuhfhrohhmpefkrghn ucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnh epueeltdeuvedvtdekffefvdeikeeuvdetudevgeeukeeufefgkeethfeuveelhffhnecu ffhomhgrihhnpegtohguvggsvghrghdrohhrghdpghhnuhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhp vggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 29 May 2024 23:10:21 -0400 (EDT) References: <20240522145956.31218-1-ian@retrospec.tv> <20240522145956.31218-2-ian@retrospec.tv> <87jzjcf5nk.fsf@gmail.com> User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure To: Maxim Cournoyer Subject: Re: [bug#71121] [PATCH 2/3] gnu: librewolf: Rebuild source tarball Date: Wed, 29 May 2024 18:48:11 -0700 In-reply-to: <87jzjcf5nk.fsf@gmail.com> Message-ID: <87a5k8uh9f.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71121 Cc: 71121@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Maxim, Maxim Cournoyer writes: > Hi Ian, > > Ian Eure writes: > >> * gnu/packages/librewolf.scm (librewolf): This patch removes an=20 >> intermediate >> step in the build chain. The upstream source tarball is=20 >> created with an >> automated build process, where Firefox sources are fetched,=20 >> patched, and >> repacked. Rather than download the output of that process, as=20 >> the package has >> been, it=E2=80=99s now replicated within the build process, similar to=20 >> how IceCat >> works. > > I think I'd rather keep using a human-prepared and vetted=20 > tarball, to > avoid anything going stale in our local recipe of how it's meant=20 > to be > prepared. > The upstream tarball is built by scripts run under a CI system=20 which triggers when changes are pushed[1], and aren=E2=80=99t=20 human-prepared or vetted in the same way that many release=20 tarballs have tradionally been. This patchset uses the same=20 script as upstream, with modifications to make it reproduceable,=20 as the upstream process isn=E2=80=99t. As noted in the commit messages, IceCat also builds this way[2],=20 including patching the upstream build script[3][4], so this seems=20 like a reasonable & accepted way to build. Though perhaps there=E2=80=99s= =20 dissatisfaction with the IceCat build which I wasn=E2=80=99t aware of,=20 being a fairly new contributor. > It's also simpler and less maintenance, and arguably shields > the users better against non-free source code (although I don't=20 > think > there's anything non-free in the Firefox tree, so that point is=20 > more > moot than say, for linux) to use a tarball. > > What do you or others think? > It=E2=80=99s definitely simpler to use the upstream tarball in most cases,= =20 which is why I went that direction when I initially packaged=20 LibreWolf. But, since IceCat builds this way, and the xz backdoor=20 was discovered hiding in the non-reproduceable build process, I=E2=80=99ve= =20 been intending to update the package to control the full build,=20 rather than trusting an unreproducable external process. I=20 understand that if the build scripts are backdoored, it doesn=E2=80=99t=20 matter whether upstream runs them or Guix does, but I believe that=20 aligning with IceCat and having a reproduceable build directly=20 from the upstream source repo are worthwhile. In the specific case of the 126.0-1 release, owning the whole=20 build process made things easier. Upstream backported a very=20 large Firefox change[5] which updates a bundled dependency to a=20 new version; that dependency doesn=E2=80=99t work with Rust 1.75, which is= =20 what=E2=80=99s in Guix. With the Guix build process controlling what=20 patches get applied, I was able to solve the problem by removing=20 one line from the manifest of patches to apply to the Firefox=20 source. If the package builds from the 126.0-1 tarball, it=E2=80=99ll=20 need to ship a 22,000-line patch(!) to back out that change. That=20 may still be necessary, depending on the timing of the rust-team=20 branch merging and the next Firefox release, but at least for now,=20 things are simpler. Ideally, this wolud be solved by unbundling=20 that (and the other) vendored Rust libraries (and that=E2=80=99s something= =20 I intend to look into), but I didn=E2=80=99t want to block security fixes=20 on work with unknown-but-probably-large scope -- there will almost=20 definitely be Rust libraries currently not packaged in Guix which=20 need to be addressed. As far as maintenance burden or things getting stale, the risk is=20 that upstream alters their scripts, which requires updates to the=20 Guix patches for them. This doesn=E2=80=99t seem like a major drawback to= =20 me, and I=E2=80=99m the one doing the maintenance. :) Overall, I think=20 it=E2=80=99s a reasonable tradeoff for the reproducability we gain. If=20 this approach to building LibreWolf in this patchset is acepted,=20 I=E2=80=99d like to work with upstream to make their build process more=20 flexible, ideally running it unmodified in the Guix build, which=20 would eliminate the risk. Lastly: I noticed that I neglected to update %librewolf-build-id=20 when I sent this patchset in. If my arguments are compelling=20 enough for you, I think it=E2=80=99d make sense to update that when the=20 changes are pushed (it=E2=80=99s a one-line change & the command to print=20 an ID are in the comment above the variable). But, if you=E2=80=99d like=20 a v2 patchset, either just to update that, or to back out the=20 build process change and replace it with a 22kloc patch, I=E2=80=99d be=20 happy to handle it instead. Thank you very much for your thoughts and the time you took to=20 respond. =E2=80=94 Ian [1]: https://codeberg.org/librewolf/source/actions/runs/168/jobs/0 [2]:=20 https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnuzilla.scm?i= d=3D898b5f30f3d485d48275c920da172863da9524c6#n530 [3]:=20 https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnuzilla.scm?i= d=3D898b5f30f3d485d48275c920da172863da9524c6#n571 [4]:=20 https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/icecat= -makeicecat.patch [5]:=20 https://codeberg.org/librewolf/source/commit/d292bdd2213a22e5b364339dfee68a= 27670f1b72 From debbugs-submit-bounces@debbugs.gnu.org Thu May 30 08:56:11 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 12:56:11 +0000 Received: from localhost ([127.0.0.1]:34214 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCfKE-0007rR-8z for submit@debbugs.gnu.org; Thu, 30 May 2024 08:56:11 -0400 Received: from mail-qk1-f170.google.com ([209.85.222.170]:53611) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCfKB-0007r1-FD for 71121@debbugs.gnu.org; Thu, 30 May 2024 08:56:08 -0400 Received: by mail-qk1-f170.google.com with SMTP id af79cd13be357-7930504b2e2so43277385a.3 for <71121@debbugs.gnu.org>; Thu, 30 May 2024 05:55:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717073690; x=1717678490; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gT7qA/kFBTS7vBXgv0XsSVZkxfRk78wjBkruN2+rY2g=; b=i+LFvEX8ZpXIVvXgRM1H+P+U+eAoe87JNGzqRQZM/JJHwo+z3FduFXst9Rz4uHXiRZ PtqPt9dgJcCLnf/rYptoqhSCrSIp7tg2AZsux6+SwFoe9Ezk9Vb8qB+B/eH7vw2mN6+K 2QFJ+5EVHoC0YoCDTLAw3OY5WvkFkIx747WH93NWcgUduO42OMdwKb15tvy8Vv3Q8hsA tfeIeC84aNI6/ff01mqsf+iMPtP+2IwUnka6ss4xiVfV+iFcUdsKJL4e4S88/vb9YbQj 3eDvZ6T+uYWgSn6akOV9Adu5lbmPHK5zRjCHEOR9UWnCyJaRjPZXiK83HBzC/hUua2Gq SMmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717073690; x=1717678490; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gT7qA/kFBTS7vBXgv0XsSVZkxfRk78wjBkruN2+rY2g=; b=kiIz3UOauE2V+R9E+ZdhQSELzJVmTcHSvi36XPzSxgCt5JOaYU/qzCnTcMqPYdrbCA 5GyJlO3A9nBgvESvM/VZqLNrE6CxgYTZcpCU8yv+X+Jz0WfYabZ0G0VgmcUC2OUNyIV8 P33qMlROmXszq+Rn9rAkG9pspKiWNn646Yso1ISOzXhWOUA3q8cNZBb/YRLxX2y7dqt/ qaHaLZW0gx3isJ4eKBJ6Jt0lC19CBDsEzhdIND3Z+w5KkMk4nGaYLY11Ck9A0zi1X09B SmaO63hACMSAC0mxQv44wtiSuSbLPcLICQbWS/j2JLAazJP4e4/3EX0gedMaNORj5IBB etWQ== X-Gm-Message-State: AOJu0Yxh/xHI78iPT2wd9HcPDUhYI44iFUmkcyWZt+xIkBc1T5EnzAT9 bkUyiDCzR6u4M4k3KBIrIoMXG8SIWWKBttMovwyrvxcaSbjm+lU/6a+hmQ== X-Google-Smtp-Source: AGHT+IE+PEMtDRIVgmWyolutL9jqar7h/BMrLMwPtDpTvB0UVjEJ6ivSjHhXn7Fd6pVqNAk5t5/h/w== X-Received: by 2002:a05:620a:25d4:b0:794:70cb:8 with SMTP id af79cd13be357-794e9dc039amr252026685a.40.1717073689984; Thu, 30 May 2024 05:54:49 -0700 (PDT) Received: from hurd (dsl-205-233-124-92.b2b2c.ca. [205.233.124.92]) by smtp.gmail.com with ESMTPSA id af79cd13be357-794abd063f1sm553013585a.72.2024.05.30.05.54.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 05:54:49 -0700 (PDT) From: Maxim Cournoyer To: Ian Eure Subject: Re: [bug#71121] [PATCH 2/3] gnu: librewolf: Rebuild source tarball In-Reply-To: <87a5k8uh9f.fsf@meson> (Ian Eure's message of "Wed, 29 May 2024 18:48:11 -0700") References: <20240522145956.31218-1-ian@retrospec.tv> <20240522145956.31218-2-ian@retrospec.tv> <87jzjcf5nk.fsf@gmail.com> <87a5k8uh9f.fsf@meson> Date: Thu, 30 May 2024 08:54:48 -0400 Message-ID: <87plt3e9yf.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71121 Cc: 71121@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ian, Ian Eure writes: > Hi Maxim, > > Maxim Cournoyer writes: > >> Hi Ian, >> >> Ian Eure writes: >> >>> * gnu/packages/librewolf.scm (librewolf): This patch removes an >>> intermediate >>> step in the build chain. The upstream source tarball is created >>> with an >>> automated build process, where Firefox sources are fetched, >>> patched, and >>> repacked. Rather than download the output of that process, as the >>> package has >>> been, it=E2=80=99s now replicated within the build process, similar to = how >>> IceCat >>> works. >> >> I think I'd rather keep using a human-prepared and vetted tarball, >> to >> avoid anything going stale in our local recipe of how it's meant to >> be >> prepared. >> > > The upstream tarball is built by scripts run under a CI system which > triggers when changes are pushed[1], and aren=E2=80=99t human-prepared or > vetted in the same way that many release tarballs have tradionally > been. This patchset uses the same script as upstream, with > modifications to make it reproduceable, as the upstream process isn=E2=80= =99t. Perhaps the modifications to make it reproducible could be shared to upstream? We'd benefit all thee users of librewolf this way, not only Guix ones. > As noted in the commit messages, IceCat also builds this way[2], > including patching the upstream build script[3][4], so this seems like > a reasonable & accepted way to build. Though perhaps there=E2=80=99s > dissatisfaction with the IceCat build which I wasn=E2=80=99t aware of, be= ing a > fairly new contributor. The "dissatisfaction", if we can call it that, was about Linux-libre, and voiced by some a few years ago, including the project maintainers, if I recall correctly. The idea of linux-libre is to shield users from blobs. In this sense it is valuable that they don't even have to touch the pristine blobbed (there are a few array-defined firmwares in the tree still, at least one old Apple one IIRC) Linux source, which is considered problematic for some from a GNU FSDG perspective. >> It's also simpler and less maintenance, and arguably shields >> the users better against non-free source code (although I don't >> think >> there's anything non-free in the Firefox tree, so that point is more >> moot than say, for linux) to use a tarball. >> >> What do you or others think? >> > > It=E2=80=99s definitely simpler to use the upstream tarball in most cases, > which is why I went that direction when I initially packaged > LibreWolf. But, since IceCat builds this way, and the xz backdoor was > discovered hiding in the non-reproduceable build process, I=E2=80=99ve be= en > intending to update the package to control the full build, rather than > trusting an unreproducable external process. I understand that if the > build scripts are backdoored, it doesn=E2=80=99t matter whether upstream = runs > them or Guix does, but I believe that aligning with IceCat and having > a reproduceable build directly from the upstream source repo are > worthwhile. Right. > In the specific case of the 126.0-1 release, owning the whole build > process made things easier. Upstream backported a very large Firefox > change[5] which updates a bundled dependency to a new version; that > dependency doesn=E2=80=99t work with Rust 1.75, which is what=E2=80=99s i= n Guix. With > the Guix build process controlling what patches get applied, I was > able to solve the problem by removing one line from the manifest of > patches to apply to the Firefox source. If the package builds from > the 126.0-1 tarball, it=E2=80=99ll need to ship a 22,000-line patch(!) to= back > out that change. That may still be necessary, depending on the timing > of the rust-team branch merging and the next Firefox release, but at > least for now, things are simpler. Ideally, this wolud be solved by > unbundling that (and the other) vendored Rust libraries (and that=E2=80= =99s > something I intend to look into), but I didn=E2=80=99t want to block secu= rity > fixes on work with unknown-but-probably-large scope -- there will > almost definitely be Rust libraries currently not packaged in Guix > which need to be addressed. OK, this flexibility seems indeed useful here. > As far as maintenance burden or things getting stale, the risk is that > upstream alters their scripts, which requires updates to the Guix > patches for them. This doesn=E2=80=99t seem like a major drawback to me,= and > I=E2=80=99m the one doing the maintenance. :) Overall, I think it=E2=80= =99s a > reasonable tradeoff for the reproducability we gain. If this approach > to building LibreWolf in this patchset is acepted, I=E2=80=99d like to wo= rk > with upstream to make their build process more flexible, ideally > running it unmodified in the Guix build, which would eliminate the > risk. Yes, you are the one doing it (thank you!) until you won't :-) (life...). Then someone else would have to pick it up and understand it. The simpler the better. > Lastly: I noticed that I neglected to update %librewolf-build-id when > I sent this patchset in. If my arguments are compelling enough for > you, I think it=E2=80=99d make sense to update that when the changes are > pushed (it=E2=80=99s a one-line change & the command to print an ID are i= n the > comment above the variable). But, if you=E2=80=99d like a v2 patchset, e= ither > just to update that, or to back out the build process change and > replace it with a 22kloc patch, I=E2=80=99d be happy to handle it instead. The 22kloc patch doesn't sound too good... I guess we can stick with the self-made tarball for now. > Thank you very much for your thoughts and the time you took to > respond. Sorry for the delay handling this security-sensitive issue (still better than our ungoogled-chromium package which appears untouched for a full year, though! We should probably open a security issue about that). If you could send v2 with the build id thing, I'll try to apply it quickly. --=20 Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Thu May 30 18:40:28 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 22:40:28 +0000 Received: from localhost ([127.0.0.1]:52759 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRg-0003Gh-1V for submit@debbugs.gnu.org; Thu, 30 May 2024 18:40:28 -0400 Received: from wfout1-smtp.messagingengine.com ([64.147.123.144]:41661) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRe-0003FU-IP for 71121@debbugs.gnu.org; Thu, 30 May 2024 18:40:26 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.west.internal (Postfix) with ESMTP id 37AAA1C00137; Thu, 30 May 2024 18:40:10 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Thu, 30 May 2024 18:40:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1717108809; x= 1717195209; bh=nqB31ALEi1/A0c4hn3b54/ZFbCHXm9t1Dr2EnwEeOdk=; b=n MuWi5y/G+PhBD7zV64m8XD4SNd2+h7XirKoY41kmN7wluQ2kJtJ6eXAT2LAEYFeb 9r3dE9yfFXhRUo1nX//7Gdopt2hu8ay1VDJ5Otq6M015iS1SlNmsSBHYCTKWPO9n rd6VgDXNSeWGOdmQYk3cvyU9rIcs9YMQZ4YGgyqJ4ZqRxj7PXlBizHXtT6lSrJXD 6RmZxogqnmh0oPv/JlU1aAHABp2j9hn22SdR1jRI0jznPPbV+XWfunziN1ygkJbA YEgTwlU/dXVBSkHQnNYrGZtEJk9qkavnXjUyomZod6BLMcEZIDv4Bm7cdhb55+8K Wveax/LL8BdyBr2AstSmg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717108809; x= 1717195209; bh=nqB31ALEi1/A0c4hn3b54/ZFbCHXm9t1Dr2EnwEeOdk=; b=A GDvRiEktuYyODZaYdC4UTPcRwD4XhSywE6WwR7jGTdGA+N+ahw1qCVaVHLLwBoQa NpbBqFNgQOWDow7Tm/vtpi/mQo6D+zsRIdcCikWrunzqcbVKAYMWB4xrt5dwiCe7 pSrc+bb505Kahjm4Kgg8GihYazBXTjjAmOJ1YunyGJNwJuoQciu0RXYiw1wpA5V8 cEXCVJYWPG14tPvo5nlVO5rpE5qF00EnJBS2zJrWcrTOof5MSAvB69RpPI49OOOL 5D/UVwzmXqmpao1iEULf9CKsyD7LpoqZVbQz2S+8hoPJdNENHiEXRp+Zd4Jrs9RS WAYLl1YjlBs99CTyi/NeQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekhedgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtke ertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepveevjeffuddvteeiueetgfeukedvfeeiuedvve elfeeghfduleeftedvgfefgeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 30 May 2024 18:40:09 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH v2 3/3] gnu: librewolf: Update to 126.0-1. Date: Thu, 30 May 2024 15:39:51 -0700 Message-ID: <20240530223951.13474-3-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240530223951.13474-1-ian@retrospec.tv> References: <20240530223951.13474-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 126.0-1. Fixes CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778. Change-Id: Iec010e516651588da389f747074cbd10f8c14377 --- gnu/packages/librewolf.scm | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index bb8bc8a283..80b942ec12 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -115,9 +115,9 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) (define librewolf-source - (let* ((ff-src (firefox-source-origin "125.0.2" "16gpd6n52lshvkkha41z7xicggj64dw0qhr5gd07bcxsc4rmdl39")) - (version "125.0.2-1") - (lw-src (librewolf-source-origin version "17i36s2ny1pv3cz44w0gz48fy4vjfw6vp9jk21j62f5d3dl726x8"))) + (let* ((ff-src (firefox-source-origin "126.0" "09l5hsyrkimmkd7wbhnamy5mwmwwxjfa742hpkjjkhlyk6hq43li")) + (version "126.0-1") + (lw-src (librewolf-source-origin version "1q8fjki6rgzrir84y7j2anra2w213bm0g74nw205gja9qsxlassc"))) (origin (method computed-origin-method) @@ -161,6 +161,11 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) + ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. + (substitute* '("assets/patches.txt") + (("patches/encoding_rs.patch\\\n$") + "")) + ;; Stage locales (begin (format #t "Staging locales...~%") @@ -205,12 +210,12 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240427150329") +(define %librewolf-build-id "20240530072108") (define-public librewolf (package (name "librewolf") - (version "125.0.2-1") + (version "126.0-1") (source librewolf-source) (build-system gnu-build-system) (arguments -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu May 30 18:40:28 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 22:40:29 +0000 Received: from localhost ([127.0.0.1]:52761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRg-0003Gp-FW for submit@debbugs.gnu.org; Thu, 30 May 2024 18:40:28 -0400 Received: from wfout1-smtp.messagingengine.com ([64.147.123.144]:43191) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRc-0003Ew-GU for 71121@debbugs.gnu.org; Thu, 30 May 2024 18:40:27 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.west.internal (Postfix) with ESMTP id F143F1C00147; Thu, 30 May 2024 18:40:06 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Thu, 30 May 2024 18:40:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm3; t=1717108806; x=1717195206; bh=dJ/HrGs6Ne/C36s3mbhwA q/rEVGEChj0BqZGncTZX7g=; b=BSaiMzc6FGKcWqaSiJqFeUKlY+6w2H0MMIvtj 95mubuKE2kKWV4p3BjDasl7JWAOoj/NQocvshhZ8Y8OnxeRSxzgchbMWvlUpmwWc Xh1iU0lixEO/7zPmxbdhgbqqHceLcOYWaUMSDTM1T1/4dzd2YJU6HIL2xMcln73c X/Fsee+76yOpKKwbKiJSmkLvsN4KbbHkFyr2MIYolfhRvmASEozJHnUmDL2pPR5Q ZzCMa7D+5frZAlpt5ebrlyJ11kOn2onkOpZrFzuwueNONC2+VRQr2HTS9j7bFVZS OSaq0RLyJNuSrHwApKr9OXhtrTd8DmzG8UHMrnkmfaNWkOA9g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1717108806; x=1717195206; bh=dJ/HrGs6Ne/C36s3mbhwAq/rEVGE Chj0BqZGncTZX7g=; b=U1f6oCTaRzcmnWRI0CJ1vdb48AxweNvMy6CgBVWwlYqj AeQCwwKrRWHwKwWIg+JHcPAleFdGnK3SMwVj+ujxE3Q8pjZTFVo18bRJWcnIO66B uXHvWSZO/txZ6OOjeYuwxTguPwDG/5vfBUDJ9AqsAo1r79oJrjlasj+nKMI4YJam 6cOhzi45vuXhAxJpO3aSwWO8qcyAZRhKEnT3gx048pBonsLs1Q48qicwzVUJMSW+ 6bahVKbkMGGR8IwF8V8Zpb7J/IsOeVH7RgL5UOLzlVs8SFAyetEMlWEm5AI+wieg QJNrKZmK4l+yPiVumq07g6HTzQDQtNRzsVxwENzbCQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekhedgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertd ertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhephfeiveeliedukeffhefhleeijedtveelleetgefggf ehkeeljeehtdeguddvvefgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 30 May 2024 18:40:05 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH v2 1/3] gnu: all-mozilla-locales: Add Santali locale; make public. Date: Thu, 30 May 2024 15:39:49 -0700 Message-ID: <20240530223951.13474-1-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/gnuzilla.scm (all-mozilla-locales): Adds the Santali locale, and makes all-mozilla-locales public, so it can be used with LibreWolf. Change-Id: Ice49c9b37f8896b8fa963146a754ab28b8571b68 --- gnu/packages/gnuzilla.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 510cf1baab..abde3fb819 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -422,7 +422,7 @@ (define (update-mozilla-locales changesets.json) (format #t "~{~s~%~}" data) data)))) -(define all-mozilla-locales +(define-public all-mozilla-locales (mozilla-locales ;; sha256 changeset locale ;;--------------------------------------------------------------------------- @@ -503,6 +503,7 @@ (define all-mozilla-locales ("0c8dl12n5fjdd3bjaf8idyaxsf8ppbma132vdw8bk2wqnh4cv69a" "92110fd6e211" "rm") ("0mxxy56kj0k5jhjxjv8v4zz57pha819mz7j803lcilax7w52wgca" "5eeba1f64743" "ro") ("0jrd95n108r4sxdwgy39zjynm5nlzzmiijsfpxxfwj7886wl4faz" "47131134e349" "ru") + ("1lwm5jv3hvjp84a70186x2083nhr3mfcl7kpmw5in9amaflfi41b" "a5cd6d3d67ee" "sat") ("1q6pn3iixzcas9blf61bhvwgppbsh0am0wdz6a6p9f9978894d73" "880b7986692a" "sc") ("0xndsph4v725q3xcpmxxjb9vxv19sssqnng82m9215cdsv9klgpb" "bf5f6e362f6f" "sco") ("0l70n8817mbmbc09fsnn2aqjj9k9dhad2gmzgphmiilf9mqm2dpf" "1f705c926a99" "si") -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu May 30 18:40:37 2024 Received: (at 71121) by debbugs.gnu.org; 30 May 2024 22:40:37 +0000 Received: from localhost ([127.0.0.1]:52763 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRo-0003IR-UM for submit@debbugs.gnu.org; Thu, 30 May 2024 18:40:37 -0400 Received: from wfout1-smtp.messagingengine.com ([64.147.123.144]:51887) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCoRc-0003FE-V4 for 71121@debbugs.gnu.org; Thu, 30 May 2024 18:40:31 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.west.internal (Postfix) with ESMTP id 976671C00157; Thu, 30 May 2024 18:40:08 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Thu, 30 May 2024 18:40:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1717108808; x=1717195208; bh=PBLgPJ788Wl9N0ql10tN4mlQ/5XQnBCKHLQBtKeHVK0=; b= THnz0fzagdATsbVojW6Gzf2UzkeugEQwbS2t+BM7/q0NbaB/jl7hUJd822kPwnyE w5epfnkKh5Jy5LV9KeGgIUg+atPsZPuw/hbUEzmkU9EKXe1CzCVXOu0bCqeLtYgE dYu5C4G9GaZ10aBpj2noK4D3tXQ1CHWk4jGs9khn6xyJP730X+q7ccbcQM/uitSR gnI6lrUC9CiHaPmxUwwGkaP5OHiYYkM3Ky0FGDepZkVPNVn6Gvdt1/5ZAUEa4wqp ZVv94ngC9aGt4GUzMRPbYQ1vJBOUzvCvb1NgUuvgFxZBy2gyluGwd5eqNgoGBjEb UuMeflMND5lAx2mKRufejw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717108808; x= 1717195208; bh=PBLgPJ788Wl9N0ql10tN4mlQ/5XQnBCKHLQBtKeHVK0=; b=W 8m53Q13R5K/Fh5DwLT7lQsDfyU3VS0JtZC/xqxg5mW7wJ2ifbyh63wp/SS0xafBE ing+V8iu4VDznryo3w8cQxw/jEcTgTD1rbe9pxnyVy0ZZ3LfZNvrCZPUDsRyyDjz zz3pOtr3S7T63eYy8ejMowhvjP/KPG066AmA9pZR+lE1M6H5Gkg35PJlsQajz7gY cioS0D6V1eHZjf5y83fWG43hrLEPcX2abi0lsf3qy1SN3ODZNJsG8QuFF5wY0CN8 pg+XGdine0rDg6r93XTUGwS74UqtI95ABQ2Zo0C2phZ1Vvu4PWqRYnnvGjK/+/gf Fy0K8pexulhrZ4gfqxiiw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekhedguddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfgggtgfesth ekredtredtjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgv tgdrthhvqeenucggtffrrghtthgvrhhnpedvieetveekkeeliefhtefftedvtefgvdegle efvdeigfettdejtddvffdvgfejudenucffohhmrghinhepmhhoiihilhhlrgdrohhrghdp tghouggvsggvrhhgrdhorhhgpdhsvggrrhgthhhfohigrdhorhhgpdhgihhtlhgrsgdrtg homhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehi rghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 30 May 2024 18:40:07 -0400 (EDT) From: Ian Eure To: 71121@debbugs.gnu.org Subject: [PATCH v2 2/3] gnu: librewolf: Rebuild source tarball Date: Thu, 30 May 2024 15:39:50 -0700 Message-ID: <20240530223951.13474-2-ian@retrospec.tv> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240530223951.13474-1-ian@retrospec.tv> References: <20240530223951.13474-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71121 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): This patch removes an intermediate step in the build chain. The upstream source tarball is created with an automated build process, where Firefox sources are fetched, patched, and repacked. Rather than download the output of that process, as the package has been, it’s now replicated within the build process, similar to how IceCat works. Change-Id: I0f1c2a10252cbbff9b3b3140f6ea3a594df0c97b --- gnu/packages/librewolf.scm | 120 +++++++++++++++++++++++++++++++++---- 1 file changed, 108 insertions(+), 12 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index fa83857c96..bb8bc8a283 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -40,10 +40,12 @@ (define-module (gnu packages librewolf) + #:use-module ((srfi srfi-1) #:hide (zip)) #:use-module (guix build-system gnu) #:use-module (guix build-system cargo) #:use-module (guix build-system trivial) #:use-module (guix download) + #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix gexp) #:use-module (guix packages) @@ -62,6 +64,7 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages gl) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) + #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gtk) #:use-module (gnu packages hunspell) #:use-module (gnu packages icu4c) @@ -81,6 +84,7 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages pkg-config) #:use-module (gnu packages pulseaudio) #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) #:use-module (gnu packages rust) #:use-module (gnu packages rust-apps) #:use-module (gnu packages speech) @@ -89,6 +93,109 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +(define (firefox-source-origin version hash) + (origin + (method url-fetch) + (uri (string-append + "https://ftp.mozilla.org/pub/firefox/releases/" + version "/source/" "firefox-" version + ".source.tar.xz")) + (sha256 (base32 hash)))) + +(define (librewolf-source-origin version hash) + (origin + (method git-fetch) + (uri (git-reference + (url "https://codeberg.org/librewolf/source.git") + (commit version) + (recursive? #t))) + (file-name (git-file-name "librewolf-source" version)) + (sha256 (base32 hash)))) + +(define computed-origin-method (@@ (guix packages) computed-origin-method)) + +(define librewolf-source + (let* ((ff-src (firefox-source-origin "125.0.2" "16gpd6n52lshvkkha41z7xicggj64dw0qhr5gd07bcxsc4rmdl39")) + (version "125.0.2-1") + (lw-src (librewolf-source-origin version "17i36s2ny1pv3cz44w0gz48fy4vjfw6vp9jk21j62f5d3dl726x8"))) + + (origin + (method computed-origin-method) + (file-name (string-append "librewolf-" version ".source.tar.gz")) + (sha256 #f) + (uri + (delay + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (set-path-environment-variable + "PATH" '("bin") + (list #+python + #+(canonical-package bash) + #+(canonical-package gnu-make) + #+(canonical-package coreutils) + #+(canonical-package findutils) + #+(canonical-package patch) + #+(canonical-package xz) + #+(canonical-package sed) + #+(canonical-package grep) + #+(canonical-package gzip) + #+(canonical-package tar))) + (set-path-environment-variable + "PYTHONPATH" + (list #+(format #f "lib/python~a/site-packages" + (version-major+minor + (package-version python)))) + '#+(cons python-jsonschema + (map second + (package-transitive-propagated-inputs + python-jsonschema)))) + + ;; Copy LibreWolf source into the build directory and make + ;; everything writable. + (copy-recursively #+lw-src ".") + (for-each make-file-writable (find-files ".")) + + ;; Patch Makefile to use the upstream source instead of downloading. + (substitute* '("Makefile") + (("^ff_source_tarball:=.*") + (string-append "ff_source_tarball:=" #+ff-src))) + + ;; Stage locales + (begin + (format #t "Staging locales...~%") + (force-output) + (mkdir "l10n-staging") + (with-directory-excursion "l10n-staging" + (for-each + (lambda (locale-dir) + (let ((locale + (string-drop (basename locale-dir) + (+ 32 ; length of hash + (string-length "-mozilla-locale-"))))) + (format #t " ~a~%" locale) + (force-output) + (copy-recursively locale-dir locale + #:log (%make-void-port "w")) + (for-each make-file-writable (find-files locale)) + (with-directory-excursion locale + (when (file-exists? ".hgtags") + (delete-file ".hgtags"))))) + '#+all-mozilla-locales))) + + ;; Patch build script to use staged locales. + (begin + (substitute* '("scripts/generate-locales.sh") + (("wget") "# wget") + (("unzip") "# unzip") + (("mv browser/locales/l10n/\\$1-\\*/") + "mv ../l10n-staging/$1/"))) + + ;; Run the build script + (invoke "make" "all") + (copy-file (string-append "librewolf-" #$version ".source.tar.gz") + #$output)))))))) + ;; Define the versions of rust needed to build librewolf, trying to match ;; upstream. See the file taskcluster/ci/toolchain/rust.yml at ;; https://searchfox.org under the particular firefox release, like @@ -104,18 +211,7 @@ (define-public librewolf (package (name "librewolf") (version "125.0.2-1") - (source - (origin - (method url-fetch) - - (uri (string-append "https://gitlab.com/api/v4/projects/32320088/" - "packages/generic/librewolf-source/" - version - "/librewolf-" - version - ".source.tar.gz")) - (sha256 - (base32 "09qzdaq9l01in9h4q14vyinjvvffycha2iyjqj5p4dd5jh6q5zma")))) + (source librewolf-source) (build-system gnu-build-system) (arguments (list -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 01 07:34:55 2024 Received: (at 71121-done) by debbugs.gnu.org; 1 Jun 2024 11:34:55 +0000 Received: from localhost ([127.0.0.1]:55815 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sDN0h-0002mR-4z for submit@debbugs.gnu.org; Sat, 01 Jun 2024 07:34:55 -0400 Received: from mail-qv1-f43.google.com ([209.85.219.43]:51662) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sDN0Z-0002m9-SF for 71121-done@debbugs.gnu.org; Sat, 01 Jun 2024 07:34:53 -0400 Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-6ad8243dba8so14595876d6.3 for <71121-done@debbugs.gnu.org>; Sat, 01 Jun 2024 04:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717241609; x=1717846409; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=BmT/pF+fsEL/TW387vdr2gaSoNsPh9HAGp+KJ5G1u3M=; b=i3RiNu+AlRISDN1ZBvVI6k/hK9YSiMlL5SEyMgLskodWgBlmPYoK8JlTyv//e7fxmG SgKbPuZroo3gqH3TMfUjoNYbn8MEffzH8uAgRWklRp7QIrDTR20tZVPV8v7pLvT/7oLA ECvLMEc07FZtC5IGKiEMR21KxaqFis+37OSTL3f6cfUSjZIZgY6g9EUA/CRKLFPbd6Gt 6D7w4MX94j4GPTVNS9ZurEzl9z2+ie/kuCHDVkdmSgUazJ5bbW/y62zLwCZnAAqm7vy8 drZ5iqs0Ccz96ifwNXnTH4JX3y8Gli4rcycdfotTDzXLJi0xjUXJ/02Z6PcqiOtwycIf DPeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717241609; x=1717846409; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BmT/pF+fsEL/TW387vdr2gaSoNsPh9HAGp+KJ5G1u3M=; b=M1iGmlUN271S97pGJD87B/RRq4gLnxYaq7VaCLP5aCyLnAjTcLFrtU1OKOg7llv8f+ 9Wh1iLs0ruc0mIVubGj20xsQ5cogKWf+s4UT2mFbXzZPK0qvS1A6Ngq9o3hfvYrUCXnw JZIT0uhPEPCnkLzVm8xFsir3nQfUSHC+tBum4h9qElnZLp69s4OJHSU7jUNcPhkWHCwB ryTfE+Ct8zSQ1omtMylXmDyRFeWiGOm+HZFJ3HwQ76BX0vWCsajK4ZRzfjAF551h5r86 IK98W64AbY8qPrWFM5BCeFpXtzctN55zXR1alUw0f5FcdXYDzYpCzpBJ4sHQhARGXodF qdrQ== X-Gm-Message-State: AOJu0Yx5qCT2PCiqaCl3ZV2NwxF7+uJ1UqZ+P1aWdOk8ubxQ3grclNyI NugM+uKJWNjYS8exsR7jSM8CWHcQkRI0wvGv5peGEnMwQ8wZmKe3cEHMGQ== X-Google-Smtp-Source: AGHT+IFkzYED0WejzHWH711JlNWoHRIxME9lVFBtwiY9bSDUoNFPTIXj5YAPlTJFsP1qkmgs3xJxyQ== X-Received: by 2002:a05:6214:3d05:b0:6ad:60d8:183c with SMTP id 6a1803df08f44-6aecd5a30b5mr47685426d6.20.1717241609148; Sat, 01 Jun 2024 04:33:29 -0700 (PDT) Received: from hurd (dsl-10-130-93.b2b2c.ca. [72.10.130.93]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6ae4e0c3b8csm13703306d6.112.2024.06.01.04.33.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Jun 2024 04:33:28 -0700 (PDT) From: Maxim Cournoyer To: Ian Eure Subject: Re: [bug#71121] [PATCH v2 3/3] gnu: librewolf: Update to 126.0-1. In-Reply-To: <20240530223951.13474-3-ian@retrospec.tv> (Ian Eure's message of "Thu, 30 May 2024 15:39:51 -0700") References: <20240530223951.13474-1-ian@retrospec.tv> <20240530223951.13474-3-ian@retrospec.tv> Date: Sat, 01 Jun 2024 07:33:27 -0400 Message-ID: <87mso4c2yg.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71121-done Cc: 71121-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ian, Ian Eure writes: > * gnu/packages/librewolf.scm (librewolf): Update to 126.0-1. Fixes > CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767, > CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772, > CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, > CVE-2024-4778. > > Change-Id: Iec010e516651588da389f747074cbd10f8c14377 I've moved some of the commit message explanations to match the following template: --8<---------------cut here---------------start------------->8--- $summary $rationale/explanations $gnu-changelog --8<---------------cut here---------------end--------------->8--- along with some trivial adjustments, tested it could build reproducibly* and pushed. Thank you for your work on this fine browser! * as mentioned on IRC I did notice the build failing non-deterministically when using a monstrous number of cores such as 180; that seems to be a shortcoming of cargo and/or the firefox build system. -- Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 01 12:34:58 2024 Received: (at 71121) by debbugs.gnu.org; 1 Jun 2024 16:34:58 +0000 Received: from localhost ([127.0.0.1]:57296 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sDRh4-0007ss-6J for submit@debbugs.gnu.org; Sat, 01 Jun 2024 12:34:58 -0400 Received: from wfout3-smtp.messagingengine.com ([64.147.123.146]:54377) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sDRh1-0007se-45 for 71121@debbugs.gnu.org; Sat, 01 Jun 2024 12:34:56 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.west.internal (Postfix) with ESMTP id 2BBE31C0008D; Sat, 1 Jun 2024 12:34:37 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Sat, 01 Jun 2024 12:34:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1717259676; x=1717346076; bh=e6wSDtgzHJB4NXYdL+JKEErEkFL/OzkmB2VZCzbPyt0=; b= ozqqRXEI+ONI6jFK89uOdvW5yvMVMG2cU3IT8VYO4733BTZ0mqe/HyXETF5rD8JV VnLEMhP0G6zIxtASYcVpoutuTkqMb8u0SkcO4PBCJcbBcExYT1bBAkiANmqWKvJK Jz08Ebnv8xVpS9MMlKv4kLzZR36bXWxwt2nDQumizR34fMaYPklBpKUG94PyFzsM wcVHU2qvRLv5G7sFkzIvrZJS1nSW7utuCI6UM3uzzNMN1boQG5hHjgg52P33LRxx AMc/FDRAwFRGfDhrJziUOah7GOIYANYXAd7zTbAo0MjQYp6hD/KhowSQnePlQ31Y vvMBp+w9bELoNe/y9Z3pIQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717259676; x= 1717346076; bh=e6wSDtgzHJB4NXYdL+JKEErEkFL/OzkmB2VZCzbPyt0=; b=h 7iF7SnIOeyiwVsFprn5HrQDxxni94xd05UUbFshDCMtvXRAMQWPCEaO8dbKGoQew AkJ/KF3Wgu/6mBsjEAwHkvGAWpHehlKt7ZWkIG+GLnnwAeDliwsd2ciALMSELkMC KUJDqfBC4oLzkKYdKm/dWmC/WWGiiYSlmzkWQSdyEpvWtpNGkeL+1VmnVeHKQvcv /M9PXdzqfDwt0fjFZECX1BMcNzFga7Y3gH/iGm/AcpzvoUTTk+U/B5Lc0lIS/MN6 ghMbUNqahpgROcevJ6x7ObDqVmSbmrg2BgBybAqux3q/0XLt7GtBpmwyqmUy6Kky JSOEzHb4ON3CIiQAGAPpA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekkedguddtvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpehffgfhvfevufffjgfkgggtgfesthhqredttderjeenucfhrhhomhepkfgr nhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrh hnpefhleevtdeifeffgfegiedvueekudettdevjeffhfelieelfeehgefgudfgieeuhfen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnse hrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 1 Jun 2024 12:34:35 -0400 (EDT) References: <20240522145956.31218-1-ian@retrospec.tv> <20240522145956.31218-2-ian@retrospec.tv> <87jzjcf5nk.fsf@gmail.com> <87a5k8uh9f.fsf@meson> <87plt3e9yf.fsf@gmail.com> User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure To: Maxim Cournoyer Subject: Re: [bug#71121] [PATCH 2/3] gnu: librewolf: Rebuild source tarball Date: Sat, 01 Jun 2024 09:30:23 -0700 In-reply-to: <87plt3e9yf.fsf@gmail.com> Message-ID: <871q5gvcys.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71121 Cc: 71121@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Maxim Cournoyer writes: > Hi Ian, > > Ian Eure writes: > >> Hi Maxim, >> >> Maxim Cournoyer writes: >> >>> Hi Ian, >>> >>> Ian Eure writes: >>> >>>> * gnu/packages/librewolf.scm (librewolf): This patch removes=20 >>>> an >>>> intermediate >>>> step in the build chain. The upstream source tarball is=20 >>>> created >>>> with an >>>> automated build process, where Firefox sources are fetched, >>>> patched, and >>>> repacked. Rather than download the output of that process,=20 >>>> as the >>>> package has >>>> been, it=E2=80=99s now replicated within the build process, similar=20 >>>> to how >>>> IceCat >>>> works. >>> >>> I think I'd rather keep using a human-prepared and vetted=20 >>> tarball, >>> to >>> avoid anything going stale in our local recipe of how it's=20 >>> meant to >>> be >>> prepared. >>> >> >> The upstream tarball is built by scripts run under a CI system=20 >> which >> triggers when changes are pushed[1], and aren=E2=80=99t human-prepared=20 >> or >> vetted in the same way that many release tarballs have=20 >> tradionally >> been. This patchset uses the same script as upstream, with >> modifications to make it reproduceable, as the upstream process=20 >> isn=E2=80=99t. > > Perhaps the modifications to make it reproducible could be=20 > shared to > upstream? We'd benefit all thee users of librewolf this way,=20 > not only > Guix ones. > Yes, I plan to work with upstream on this. The current=20 modifications are Guix-specific, but I believe a mechanism which=20 allows for both better upstream reproducability and less hacky=20 Guix packaging is possible. >> As noted in the commit messages, IceCat also builds this=20 >> way[2], >> including patching the upstream build script[3][4], so this=20 >> seems like >> a reasonable & accepted way to build. Though perhaps there=E2=80=99s >> dissatisfaction with the IceCat build which I wasn=E2=80=99t aware of,=20 >> being a >> fairly new contributor. > > The "dissatisfaction", if we can call it that, was about=20 > Linux-libre, > and voiced by some a few years ago, including the project=20 > maintainers, > if I recall correctly. The idea of linux-libre is to shield=20 > users from > blobs. In this sense it is valuable that they don't even have=20 > to touch > the pristine blobbed (there are a few array-defined firmwares in=20 > the > tree still, at least one old Apple one IIRC) Linux source, which=20 > is > considered problematic for some from a GNU FSDG perspective. > Gotcha. I agree that these are unlikely to apply here. Thank you for pushing this, and I=E2=80=99ll try to get commit messages=20 closer to the convention in the future. =E2=80=94 Ian From unknown Tue Jun 17 20:00:58 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 30 Jun 2024 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator