From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 28 23:57:27 2024 Received: (at submit) by debbugs.gnu.org; 29 Jun 2024 03:57:28 +0000 Received: from localhost ([127.0.0.1]:36602 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPDL-0000ce-MU for submit@debbugs.gnu.org; Fri, 28 Jun 2024 23:57:27 -0400 Received: from lists.gnu.org ([209.51.188.17]:49360) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPDJ-0000cU-If for submit@debbugs.gnu.org; Fri, 28 Jun 2024 23:57:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sNPDJ-0003we-OC for guix-patches@gnu.org; Fri, 28 Jun 2024 23:57:25 -0400 Received: from fout7-smtp.messagingengine.com ([103.168.172.150]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sNPDH-0002Nu-Fm for guix-patches@gnu.org; Fri, 28 Jun 2024 23:57:25 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.nyi.internal (Postfix) with ESMTP id B45A11380476; Fri, 28 Jun 2024 23:57:20 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Fri, 28 Jun 2024 23:57:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1719633440; x=1719719840; bh=ge 768emLCP8D3D/TY3QQMi2R2w7nud9EVT81un0rCGc=; b=Z6Eh33Uj7KzCzlM8W7 ltlqcgdnjsITiTpXk8gBky34Btd+SqShO8fnFTUqdXxYzsakuryx18+wXQKzvIPv leGWCOvVnNp6P0BOlMHlAuDnA7Y21YnCuTty1RfyzAG8NRnV8S/LlcHnZfG9C1+U BM+IvLtNk6GbZnD9lIHUGmHgMweRzSWmeLA+sRzEacr6pYcrM7dqv3DpRdTD44+a htzZ5f+UwwwJ2nqZqk5GNEknpq4OUsYevIzCXImlOdKMTBqFMExrFOFkM7Gw14rp /OmA5P0IF5uq0sPa7342retT284SG5Cc7dw/dcrVQUeUMDFmEEH8bESrXUbCQTNL MHPw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1719633440; x=1719719840; bh=ge768emLCP8D3 D/TY3QQMi2R2w7nud9EVT81un0rCGc=; b=YoBUuiNp+KsCgR76pN0LH9av/9aaY 4NcF4G76hghe0Wxk2osuWcJlNTYsDjNYf/38FHnTQ7jtkKCjk3OQ9Nypc7UsTihr 6xprxc1d0XfRhbf4DR9WxZmZXUf581Ld3KJMaEVLgw2x0H4dhAZN+d581kRw/2RT KuxXVFBQbcdziJu5OkB9OvazxJTtIm0SmY96eOUciBltZsz5Qwe4JkX49jLdZK2/ MNMvzsDV0uQDlnAUgfR+Emi4wG861fePrfp2yErDWCCj8RzT/HvkQhU875HVR5Kr EAWnLp7Q1HmyepNQWp96EXCRL8ZTFRuqTFs22rBlGLmWuozSGUl6Zz4hQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdekgdejjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhepjeeugfehgffffeethedvtdduudethfdvtdefudfhud fgvddvueelgfefhfehhfehnecuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsph gvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 28 Jun 2024 23:57:19 -0400 (EDT) From: Ian Eure To: guix-patches@gnu.org Subject: [PATCH 0/2] Add nss-latest; updte Librewolf to 127.0.2-2. Date: Fri, 28 Jun 2024 20:57:16 -0700 Message-ID: <20240629035716.21504-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=103.168.172.150; envelope-from=ian@retrospec.tv; helo=fout7-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) This patch series begins implementing my proposal for nss[1], by adding nss-latest (at version 3.101). When the next ESR is out, I’ll update and ungraft the other nss, as proposed. It also updates Librewolf to 127.0.2-2, the latest version. Librewolf 127.x requires nss >= 3.100, so both patches are combined in this series. LW also builds with Rust 1.77 now, since that’s the new minimum version (and the default version used by upstream Firefox builds). [1]: https://lists.gnu.org/archive/html/guix-devel/2024-06/msg00318.html Ian Eure (2): gnu: Add nss-latest. gnu: librewolf: Update to 127.0.2-1. gnu/packages/librewolf.scm | 1039 ++++++++++++++++++------------------ gnu/packages/nss.scm | 67 ++- 2 files changed, 587 insertions(+), 519 deletions(-) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 29 00:00:15 2024 Received: (at 71832) by debbugs.gnu.org; 29 Jun 2024 04:00:15 +0000 Received: from localhost ([127.0.0.1]:36609 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPG3-0000k8-6s for submit@debbugs.gnu.org; Sat, 29 Jun 2024 00:00:15 -0400 Received: from fout7-smtp.messagingengine.com ([103.168.172.150]:34159) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPG0-0000ik-OO for 71832@debbugs.gnu.org; Sat, 29 Jun 2024 00:00:13 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.nyi.internal (Postfix) with ESMTP id 4C0941380481; Sat, 29 Jun 2024 00:00:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sat, 29 Jun 2024 00:00:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm1; t=1719633607; x=1719720007; bh=xJ5vDGQmMCogEZ9Ltpxs2 99XYYgKmWbiY6+ONSDlUOw=; b=hyb9VahKAVIztY15ghg4y0LeeQe89qXMvIKG5 CII5hfHXKI2R4qClXv8uBjLw1Uxr51q2HvpuYGeNgN/DM+2fNbPKiV3auhnLug/w G4U78dV+Rbd63aYkgomfwsHISQcOTAUqJxlPW6TESP++qsvMkfEicAzAa7Frde/W HjxM096V7LxlPNwhspVWMxeTA5H7mcZwJDUpvcWr6xaujFKT2vgo5Hq2AuAMSFvd 3mXKYT45EeXh/sKuFGdiM987APRDybIgRSBs1TAIt2NcgXHyqMtTP30KOkAbVNFd os8tWb2+qVCmBxeNsoZyVCv2XpZ2tDdKsKhPqER/ZisEB+htw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1719633607; x=1719720007; bh=xJ5vDGQmMCogEZ9Ltpxs299XYYgK mWbiY6+ONSDlUOw=; b=UlWZRYfdSEF3o71ljKrIcOhAuaU3NkA3yjy2BVY58/ex dTCtEwthUZwKmDzvo6onL4f6pO0lnbrLfpmhV19IyRBXDBeNw4kE9+xgoKTYK7Qc JPBItbltPq7PyvNtUbwSQO6vvqxgu5bL/s+Jj0FaYmJQPNy29e5Uey4VJ0yluZFb 5Nrc6MRs2tPpQHDgcHjU/wHYmrpWIKRHx7hLu2mVDofvQCZaGqrsK9pXkqcjNgLe gAbtnNjwW66P/wYC+cymwDzEMoITMPDMNv9FTvJtpIEmCuaKfe0k0/MyHI/vUe5Z 7vMdkFj38qi+KyxfBHf56JNShEW2bj1r8ovBUbQdWg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdekgdejjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgggfestdekredtre dttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdrthhv qeenucggtffrrghtthgvrhhnpefgvdejhfelhfeftdeileelfedvhfefffetfeeuteelgf dvleffleevgfefueekjeenucffohhmrghinhepmhhoiihilhhlrgdrohhrghenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrh hoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Jun 2024 00:00:06 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH 1/2] gnu: Add nss-latest. Date: Fri, 28 Jun 2024 20:59:56 -0700 Message-ID: <20240629035957.21688-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-latest): New variable. Change-Id: Ifdc215090a20dee1bde83013852ef21b6cfd9979 --- gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index d558079f44..6b45e59ea8 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,58 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-latest tracks the latest released version. + +(define-public nss-latest + (package + (inherit nss) + (name "nss-latest") + (version "3.101") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "1rw5xpclsy174znvxcb4d4zgjwadxy45mbh0wvkm3fxpnkq4i5w5")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))))) + (define-public nsncd (package (name "nsncd") -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 29 00:00:22 2024 Received: (at 71832) by debbugs.gnu.org; 29 Jun 2024 04:00:23 +0000 Received: from localhost ([127.0.0.1]:36614 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPG8-0000kU-OY for submit@debbugs.gnu.org; Sat, 29 Jun 2024 00:00:22 -0400 Received: from fout7-smtp.messagingengine.com ([103.168.172.150]:41073) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNPG5-0000jz-Fl for 71832@debbugs.gnu.org; Sat, 29 Jun 2024 00:00:19 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id D32141380476; Sat, 29 Jun 2024 00:00:12 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sat, 29 Jun 2024 00:00:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1719633612; x=1719720012; bh=ACdljprjJzTgh+JuteHGtpKancSTIq3wX+VrH0j/gvc=; b= aT7H9niME6XIkUogd2xso3dm7m+YSttQNLNN952ODVu9yV4U2CF09N9SgqE9MWwG Ah2x1J3jvkQtD0mmOhL0Ai+nDaKoqTm9KKze/uIjNsPKprsM4i80cmlm2DljII6P p/yT/GOmomYHKDQiOEbh9S6wSszSb0QjVx0gKE5q8qBaqqNUbAUnVeQ2Tz8FaAzn asCmaq5ROdpENZ+v/HFxw9vnCJHdNvFMuOubP8NGIgSknrVF1DAw0IAWKRLbAABs /gnOP8GihZFkeTCWvcML+39K32RC0h7GFmw7Y5ldQAobOj7aI/v7QmcS8rm6eMAA J6lkonD4DDDJC2myXm8GIQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1719633612; x= 1719720012; bh=ACdljprjJzTgh+JuteHGtpKancSTIq3wX+VrH0j/gvc=; b=P uHuEGPEtnfJ3dzQOZedkdk5OlIfOx8/vjxOMbdHrJmdINclQ8ZHinMCoH33c/YxI UWMI1YsCQmv2Mas6hSYESI8afEYMw6/C2z+q+n3B/Znu1ze17XJhY336lFVL8RQ4 QjBCXYKq5G3FB9XqTtcs0ql6Ohxmj6sSsQADVVr0isjxwpnOfy3UFYLlhPciL/GM ZQqhQT50JsGFJ2EpOa+4m19aSyn/RjCOrPrmnQVxINRBhSN0f7ipnyy/d7YJCeL/ ucBZkckNLYY5MRZXAwcc3cZXyEUu93g2epj+X9EJ9LOo+8odnKiWktraFCPl2c+w D8nLZnIeTaGNbChwfUmug== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdekgdejkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepiefhvefggedtueekjefgieefgfduleeggeetff dvveeuueffudevhfeivddukeeinecuffhomhgrihhnpehsvggrrhgthhhfohigrdhorhhg pdhgnhhurdhorhhgpdgtohhnthgvnhhtrdhrvggrugdpmhhoiihilhhlrgdrohhrghdpgh gvthgrugguohhnshdrshgvrghrtghhpdhgvghtrgguughonhhsrdhlihhnkhdpghhithhh uhgsrdgtohhmpdhlihgsrhgvfiholhhfrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Jun 2024 00:00:11 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH 2/2] gnu: librewolf: Update to 127.0.2-1. Date: Fri, 28 Jun 2024 20:59:57 -0700 Message-ID: <20240629035957.21688-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240629035957.21688-1-ian@retrospec.tv> References: <20240629035957.21688-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 127.0.2-1. Reorganize module to improve usability and reduce duplication. The Rust package and build ID are now at the top of the file. The librewolf-source variable has been replaced with the make-librewolf-source procedure, centralizing versions & hashes in the librewolf package definition. Dedent some of the package’s arguments to improve readability. Change-Id: I15f8a2aa1fae07e0497ab5511d10af0c1f70cc2e --- gnu/packages/librewolf.scm | 1039 ++++++++++++++++++------------------ 1 file changed, 526 insertions(+), 513 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index c84bcaf3ce..7f8579e8dd 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -93,6 +93,18 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +;; Define the versions of rust needed to build librewolf, trying to match +;; upstream. See the file taskcluster/kinds/toolchain/rust.yml at +;; https://searchfox.org under the particular firefox release, like +;; mozilla-esr102. +;; 1.75 is the default in Guix, 1.77 is the minimum for Librewolf. +(define rust-librewolf rust-1.77) + +;; Update this id with every update to its release date. +;; It's used for cache validation and therefore can lead to strange bugs. +;; ex: date '+%Y%m%d%H%M%S' +(define %librewolf-build-id "20240626133423") + (define (firefox-source-origin version hash) (origin (method url-fetch) @@ -114,11 +126,14 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) - +(define* (make-librewolf-source version #:key firefox-hash librewolf-hash) + (let* ((ff-src (firefox-source-origin + (car (string-split version #\-)) + firefox-hash)) + (version version) + (lw-src (librewolf-source-origin + version + librewolf-hash))) (origin (method computed-origin-method) (file-name (string-append "librewolf-" version ".source.tar.gz")) @@ -204,523 +219,521 @@ (define librewolf-source ".source.tar.gz") #$output)))))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. - -;; Update this id with every update to its release date. -;; It's used for cache validation and therefore can lead to strange bugs. -;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") - (define-public librewolf - (package - (name "librewolf") - (version "126.0.1-1") - (source librewolf-source) - (build-system gnu-build-system) - (arguments - (list - #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))) - `("--enable-application=browser" - - ;; Configuration - "--without-wasm-sandboxed-libraries" - "--with-system-jpeg" - "--with-system-zlib" - "--with-system-png" - "--with-system-webp" - "--with-system-icu" - "--with-system-libvpx" - "--with-system-libevent" - "--with-system-ffi" - "--enable-system-pixman" - "--enable-jemalloc" - - ;; see https://bugs.gnu.org/32833 - "--with-system-nspr" - "--with-system-nss" - - ,(string-append "--with-clang-path=" clang - "/bin/clang") - ,(string-append "--with-libclang-path=" clang - "/lib") - - ;; Distribution - "--with-distribution-id=org.guix" - "--with-app-name=librewolf" - "--with-app-basename=LibreWolf" - "--with-branding=browser/branding/librewolf" - - ;; Features - "--disable-tests" - "--disable-updater" - "--enable-pulseaudio" - "--disable-crashreporter" - "--allow-addon-sideload" - "--with-unsigned-addon-scopes=app,system" - "--disable-eme" - - ;; Build details - "--disable-debug" - "--enable-rust-simd" - "--enable-release" - "--enable-optimize" - "--enable-strip" - "--enable-hardening" - "--disable-elf-hack")) - #:imported-modules %cargo-utils-modules - #:modules `((ice-9 regex) - (ice-9 string-fun) - (ice-9 ftw) - (srfi srfi-1) - (srfi srfi-26) - (rnrs bytevectors) - (rnrs io ports) - (guix elf) - (guix build gremlin) - ,@%gnu-build-system-modules) - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'fix-preferences - (lambda* (#:key inputs #:allow-other-keys) - (let ((port (open-file "browser/app/profile/firefox.js" - "a"))) - (define (write-setting key value) - (format port "~%pref(\"~a\", ~a);~%" key value) - (format #t + (let ((version "127.0.2-2")) + (package + (name "librewolf") + (version version) + (source (make-librewolf-source + version + #:firefox-hash + "1s73fdp7k60058ylyvlixq13k5hfbmj6k1y42fmzqlpg7n62lyqb" + #:librewolf-hash + "1f4xz496x1nf7lmvk50hakj9p6q0kzxl5f9s2k0b6kczvyc8gw5n")) + + (build-system gnu-build-system) + (arguments + (list + #:configure-flags + #~(let ((clang #$(this-package-native-input "clang"))) + `("--enable-application=browser" + + ;; Configuration + "--without-wasm-sandboxed-libraries" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-png" + "--with-system-webp" + "--with-system-icu" + "--with-system-libvpx" + "--with-system-libevent" + "--with-system-ffi" + "--enable-system-pixman" + "--enable-jemalloc" + + ;; see https://bugs.gnu.org/32833 + "--with-system-nspr" + "--with-system-nss" + + ,(string-append "--with-clang-path=" clang + "/bin/clang") + ,(string-append "--with-libclang-path=" clang + "/lib") + + ;; Distribution + "--with-distribution-id=org.guix" + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + + ;; Features + "--disable-tests" + "--disable-updater" + "--enable-pulseaudio" + "--disable-crashreporter" + "--allow-addon-sideload" + "--with-unsigned-addon-scopes=app,system" + "--disable-eme" + + ;; Build details + "--disable-debug" + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--enable-hardening" + "--disable-elf-hack")) + #:imported-modules %cargo-utils-modules + #:modules `((ice-9 regex) + (ice-9 string-fun) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-preferences + (lambda* (#:key inputs #:allow-other-keys) + (let ((port (open-file "browser/app/profile/firefox.js" + "a"))) + (define (write-setting key value) + (format port "~%pref(\"~a\", ~a);~%" key value) + (format #t "fix-preferences: setting value of ~a to ~a~%" key value)) - ;; We should allow the sandbox to read the store directory, - ;; because the sandbox has access to /usr on FHS distros. - (write-setting - "security.sandbox.content.read_path_whitelist" - (string-append "\"" - (%store-directory) "/\"")) - - ;; XDG settings should be managed by Guix. - (write-setting "browser.shell.checkDefaultBrowser" - "false") - (close-port port)))) - (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker - (lambda* (#:key inputs #:allow-other-keys) - (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) - (libavcodec (string-append ffmpeg - "/lib/libavcodec.so"))) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - libavcodec))))) - (add-after 'patch-source-shebangs 'patch-cargo-checksums - (lambda _ - (use-modules (guix build cargo-utils)) - (let ((null-hash - ;; This is the SHA256 output of an empty string. - (string-append - "e3b0c44298fc1c149afbf4c8996fb924" - "27ae41e4649b934ca495991b7852b855"))) - (for-each (lambda (file) - (format #t + ;; We should allow the sandbox to read the store directory, + ;; because the sandbox has access to /usr on FHS distros. + (write-setting + "security.sandbox.content.read_path_whitelist" + (string-append "\"" + (%store-directory) "/\"")) + + ;; XDG settings should be managed by Guix. + (write-setting "browser.shell.checkDefaultBrowser" + "false") + (close-port port)))) + (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg + "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + ;; This is the SHA256 output of an empty string. + (string-append + "e3b0c44298fc1c149afbf4c8996fb924" + "27ae41e4649b934ca495991b7852b855"))) + (for-each (lambda (file) + (format #t "patch-cargo-checksums: patching checksums in ~a~%" file) - (substitute* file - (("(checksum = )\".*\"" all name) - (string-append name "\"" null-hash - "\"")))) - (find-files "." "Cargo\\.lock$")) - (for-each generate-all-checksums - '("build" - "dom/media" - "dom/webauthn" - "gfx" - "intl" - "js" - "media" - "modules" - "mozglue/static/rust" - "netwerk" - "remote" - "security/manager/ssl" - "servo" - "storage" - "third_party/rust" - "toolkit" - "xpcom/rust" - "services"))))) - (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag - (lambda _ - ;; Remove --frozen flag from cargo invokation, otherwise it'll - ;; complain that it's not able to change Cargo.lock. - ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 - (substitute* "build/RunCbindgen.py" - (("args.append\\(\"--frozen\"\\)") "pass")))) - (delete 'bootstrap) - (add-before 'configure 'patch-SpeechDispatcherService.cpp - (lambda _ - (let* ((lib "libspeechd.so.2") - (file (string-append - "dom/media/webspeech/synth/" - "speechd/SpeechDispatcherService.cpp")) - (old-content (call-with-input-file file - get-string-all))) - (substitute - file - `((,(format #f "~s" lib) unquote - (lambda (line _) - (string-replace-substring - line lib - (string-append #$speech-dispatcher - "/lib/" lib)))))) - (if (string=? old-content - (call-with-input-file file - get-string-all)) - (error - "substitute did nothing, phase requires an update"))))) - (add-before 'configure 'set-build-id - ;; Build will write the timestamp to output, which is harmful - ;; for reproducibility, so change it to a fixed date. Use a - ;; separate phase for easier modification with inherit. - (lambda _ - (setenv "MOZ_BUILD_DATE" - #$%librewolf-build-id))) - (replace 'configure - (lambda* (#:key inputs outputs configure-flags - #:allow-other-keys) - (setenv "AUTOCONF" - (string-append (assoc-ref inputs "autoconf") - "/bin/autoconf")) - (setenv "SHELL" - (which "bash")) - (setenv "CONFIG_SHELL" - (which "bash")) - (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" - "system") - ;; This should use the host info probably (does it - ;; build on non-x86_64 though?) - (setenv "GUIX_PYTHONPATH" - (string-append (getcwd) - "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) - - ;; Use Clang, Clang is 2x faster than GCC - (setenv "AR" "llvm-ar") - (setenv "NM" "llvm-nm") - (setenv "CC" "clang") - (setenv "CXX" "clang++") - (setenv "MOZ_NOSPAM" "1") - (setenv "MOZ_APP_NAME" "librewolf") - - (setenv "MOZBUILD_STATE_PATH" - (getcwd)) - - (let* ((mozconfig (string-append (getcwd) "/mozconfig")) - (out (assoc-ref outputs "out")) - (flags (cons (string-append "--prefix=" out) - configure-flags))) - (format #t "build directory: ~s~%" - (getcwd)) - (format #t "configure flags: ~s~%" flags) - - (define write-flags - (lambda flags - (display (string-join (map (cut string-append - "ac_add_options " <>) - flags) "\n")) - (display "\n"))) - (with-output-to-file mozconfig - (lambda () - (apply write-flags flags) - ;; The following option unsets Telemetry - ;; Reporting. With the Addons Fiasco, - ;; Mozilla was found to be collecting - ;; user's data, including saved passwords - ;; and web form data, without users - ;; consent. Mozilla was also found - ;; shipping updates to systems without - ;; the user's knowledge or permission. - ;; As a result of this, use the following - ;; command to permanently disable - ;; telemetry reporting. - (display "unset MOZ_TELEMETRY_REPORTING\n") - (display "mk_add_options MOZ_CRASHREPORTER=0\n") - (display "mk_add_options MOZ_DATA_REPORTING=0\n") - (display - "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") - (display - "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) - (setenv "MOZCONFIG" mozconfig)) - (invoke "./mach" "configure"))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") - "gnuzilla.gnu.org")))) - (replace 'build - (lambda* (#:key (make-flags '()) - (parallel-build? #t) #:allow-other-keys) - (apply invoke "./mach" "build" - ;; mach will use parallel build if possible by default - `(,@(if parallel-build? - '() - '("-j1")) ,@make-flags)))) - (add-after 'build 'neutralise-store-references - (lambda _ - ;; Mangle the store references to compilers & - ;; other build tools in about:buildconfig, - ;; reducing the package's closure by 1 GiB on - ;; x86-64. - (let* ((build-dir (car (scandir "." - (cut string-prefix? - "obj-" <>)))) - (file (string-append build-dir - "/dist/bin/chrome/toolkit/" - "content/global/buildconfig.html"))) - (substitute* file - (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" - (regexp-quote (%store-directory))) - _ store hash) - (string-append store - (string-take hash 8) - "" - (string-drop hash 8))))))) - (replace 'install - (lambda _ - (invoke "./mach" "install"))) - (add-after 'install 'remove-duplicate-bin - (lambda* (#:key outputs #:allow-other-keys) - (delete-file (string-append #$output - "/lib/librewolf/librewolf-bin")))) - (add-after 'install 'wrap-glxtest - ;; glxtest uses dlopen() to load mesa and pci - ;; libs, wrap it to set LD_LIBRARY_PATH. - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "pciutils")))) - (wrap-program (car (find-files lib "^glxtest$")) - `("LD_LIBRARY_PATH" prefix ,libs))))) - (add-after 'install 'patch-config - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (string-append #$output "/lib/librewolf")) - (config-file "librewolf.cfg")) - - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (substitute* (in-vicinity lib config-file) - (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") - "defaultPref(\"extensions.enabledScopes\", 13)")) - ;; Use Mozzarella addons repo. - (call-with-port - (open-file - (in-vicinity lib config-file) - "a") - (lambda (port) - ;; Add-ons panel (see settings.js in Icecat source). - (for-each - (lambda (pref) - (format port - "defaultPref(~s, ~s);~%" - (car pref) - (cdr pref))) - `(("extensions.getAddons.search.browseURL" - ,(string-append - "https://gnuzilla.gnu.org/mozzarella/" - "search.php?q=%TERMS%")) - ("extensions.getAddons.get.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.link.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.discovery.api_url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.langpacks.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("lightweightThemes.getMoreURL" . - "https://gnuzilla.gnu.org/mozzarella")))))))) - (add-after 'install 'wrap-program - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; The following two functions are from Guix's icecat package in - ;; (gnu packages gnuzilla). See commit - ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath elf-dynamic-info - parse-elf get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) - "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "libpng-apng" "libnotify" "libva" - "pulseaudio" "gtk+" "pipewire" - ;; For U2F and WebAuthn - "eudev"))) - - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox - ;; and must be explicitly given access to files it needs. - ;; Rather than adding the whole store (as Nix had - ;; upstream do, see - ;; and - ;; linked upstream patches), we can just follow the - ;; runpaths of the needed libraries to add everything to - ;; LD_LIBRARY_PATH. These will then be accessible in the - ;; RDD sandbox. - (rdd-whitelist (map (cut string-append <> "/") - (delete-duplicates (append-map - runpaths-of-input - '("mesa" - "ffmpeg"))))) - (gtk-share (string-append (assoc-ref inputs - "gtk+") - "/share"))) - (wrap-program (car (find-files lib "^librewolf$")) - `("LD_LIBRARY_PATH" prefix - (,@libs ,@rdd-whitelist)) - `("XDG_DATA_DIRS" prefix - (,gtk-share)) - `("MOZ_LEGACY_PROFILES" = - ("1")) - `("MOZ_ALLOW_DOWNGRADE" = - ("1")))))) - (add-after 'wrap-program 'install-desktop-entry - (lambda* (#:key outputs #:allow-other-keys) - (let* ((desktop-file - "taskcluster/docker/firefox-snap/firefox.desktop") - (applications (string-append #$output - "/share/applications"))) - (substitute* desktop-file - (("^Exec=firefox") - (string-append "Exec=" - #$output "/bin/librewolf")) - ;; "Firefox" -> "LibreWolf" everywhere - (("Firefox") - "LibreWolf") - ;; Remove non-Latin translations. - (("^Name\\[(ar|bn)\\].*$") - "") - (("^Icon=.*") - (string-append "Icon=" - #$output - "/share/icons/hicolor/128x128/apps/librewolf.png + (substitute* file + (("(checksum = )\".*\"" all name) + (string-append name "\"" null-hash + "\"")))) + (find-files "." "Cargo\\.lock$")) + (for-each generate-all-checksums + '("build" + "dom/media" + "dom/webauthn" + "gfx" + "intl" + "js" + "media" + "modules" + "mozglue/static/rust" + "netwerk" + "remote" + "security/manager/ssl" + "servo" + "storage" + "third_party/rust" + "toolkit" + "xpcom/rust" + "services"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("args.append\\(\"--frozen\"\\)") "pass")))) + (delete 'bootstrap) + (add-before 'configure 'patch-SpeechDispatcherService.cpp + (lambda _ + (let* ((lib "libspeechd.so.2") + (file (string-append + "dom/media/webspeech/synth/" + "speechd/SpeechDispatcherService.cpp")) + (old-content (call-with-input-file file + get-string-all))) + (substitute + file + `((,(format #f "~s" lib) unquote + (lambda (line _) + (string-replace-substring + line lib + (string-append #$speech-dispatcher + "/lib/" lib)))))) + (if (string=? old-content + (call-with-input-file file + get-string-all)) + (error + "substitute did nothing, phase requires an update"))))) + (add-before 'configure 'set-build-id + ;; Build will write the timestamp to output, which is harmful + ;; for reproducibility, so change it to a fixed date. Use a + ;; separate phase for easier modification with inherit. + (lambda _ + (setenv "MOZ_BUILD_DATE" + #$%librewolf-build-id))) + (replace 'configure + (lambda* (#:key inputs outputs configure-flags + #:allow-other-keys) + (setenv "AUTOCONF" + (string-append (assoc-ref inputs "autoconf") + "/bin/autoconf")) + (setenv "SHELL" + (which "bash")) + (setenv "CONFIG_SHELL" + (which "bash")) + (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" + "system") + ;; This should use the host info probably (does it + ;; build on non-x86_64 though?) + (setenv "GUIX_PYTHONPATH" + (string-append (getcwd) + "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) + + ;; Use Clang, Clang is 2x faster than GCC + (setenv "AR" "llvm-ar") + (setenv "NM" "llvm-nm") + (setenv "CC" "clang") + (setenv "CXX" "clang++") + (setenv "MOZ_NOSPAM" "1") + (setenv "MOZ_APP_NAME" "librewolf") + + (setenv "MOZBUILD_STATE_PATH" + (getcwd)) + + (let* ((mozconfig (string-append (getcwd) "/mozconfig")) + (out (assoc-ref outputs "out")) + (flags (cons (string-append "--prefix=" out) + configure-flags))) + (format #t "build directory: ~s~%" + (getcwd)) + (format #t "configure flags: ~s~%" flags) + + (define write-flags + (lambda flags + (display (string-join (map (cut string-append + "ac_add_options " <>) + flags) "\n")) + (display "\n"))) + (with-output-to-file mozconfig + (lambda () + (apply write-flags flags) + ;; The following option unsets Telemetry + ;; Reporting. With the Addons Fiasco, + ;; Mozilla was found to be collecting + ;; user's data, including saved passwords + ;; and web form data, without users + ;; consent. Mozilla was also found + ;; shipping updates to systems without + ;; the user's knowledge or permission. + ;; As a result of this, use the following + ;; command to permanently disable + ;; telemetry reporting. + (display "unset MOZ_TELEMETRY_REPORTING\n") + (display "mk_add_options MOZ_CRASHREPORTER=0\n") + (display "mk_add_options MOZ_DATA_REPORTING=0\n") + (display + "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") + (display + "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) + (setenv "MOZCONFIG" mozconfig)) + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") + "gnuzilla.gnu.org")))) + (replace 'build + (lambda* (#:key (make-flags '()) + (parallel-build? #t) #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use parallel build if possible by default + `(,@(if parallel-build? + '() + '("-j1")) ,@make-flags)))) + (add-after 'build 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & + ;; other build tools in about:buildconfig, + ;; reducing the package's closure by 1 GiB on + ;; x86-64. + (let* ((build-dir (car (scandir "." + (cut string-prefix? + "obj-" <>)))) + (file (string-append build-dir + "/dist/bin/chrome/toolkit/" + "content/global/buildconfig.html"))) + (substitute* file + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) + _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda _ + (invoke "./mach" "install"))) + (add-after 'install 'remove-duplicate-bin + (lambda* (#:key outputs #:allow-other-keys) + (delete-file (string-append #$output + "/lib/librewolf/librewolf-bin")))) + (add-after 'install 'wrap-glxtest + ;; glxtest uses dlopen() to load mesa and pci + ;; libs, wrap it to set LD_LIBRARY_PATH. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "pciutils")))) + (wrap-program (car (find-files lib "^glxtest$")) + `("LD_LIBRARY_PATH" prefix ,libs))))) + (add-after 'install 'patch-config + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/librewolf")) + (config-file "librewolf.cfg")) + + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (substitute* (in-vicinity lib config-file) + (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") + "defaultPref(\"extensions.enabledScopes\", 13)")) + ;; Use Mozzarella addons repo. + (call-with-port + (open-file + (in-vicinity lib config-file) + "a") + (lambda (port) + ;; Add-ons panel (see settings.js in Icecat source). + (for-each + (lambda (pref) + (format port + "defaultPref(~s, ~s);~%" + (car pref) + (cdr pref))) + `(("extensions.getAddons.search.browseURL" + ,(string-append + "https://gnuzilla.gnu.org/mozzarella/" + "search.php?q=%TERMS%")) + ("extensions.getAddons.get.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.link.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.discovery.api_url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.langpacks.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("lightweightThemes.getMoreURL" . + "https://gnuzilla.gnu.org/mozzarella")))))))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; The following two functions are from Guix's icecat package in + ;; (gnu packages gnuzilla). See commit + ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath elf-dynamic-info + parse-elf get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) + "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "libpng-apng" "libnotify" "libva" + "pulseaudio" "gtk+" "pipewire" + ;; For U2F and WebAuthn + "eudev"))) + + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) + (gtk-share (string-append (assoc-ref inputs + "gtk+") + "/share"))) + (wrap-program (car (find-files lib "^librewolf$")) + `("LD_LIBRARY_PATH" prefix + (,@libs ,@rdd-whitelist)) + `("XDG_DATA_DIRS" prefix + (,gtk-share)) + `("MOZ_LEGACY_PROFILES" = + ("1")) + `("MOZ_ALLOW_DOWNGRADE" = + ("1")))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda* (#:key outputs #:allow-other-keys) + (let* ((desktop-file + "taskcluster/docker/firefox-snap/firefox.desktop") + (applications (string-append #$output + "/share/applications"))) + (substitute* desktop-file + (("^Exec=firefox") + (string-append "Exec=" + #$output "/bin/librewolf")) + ;; "Firefox" -> "LibreWolf" everywhere + (("Firefox") + "LibreWolf") + ;; Remove non-Latin translations. + (("^Name\\[(ar|bn)\\].*$") + "") + (("^Icon=.*") + (string-append "Icon=" + #$output + "/share/icons/hicolor/128x128/apps/librewolf.png ")) - ;; These commands were changed. - (("-NewWindow") - "-new-window") - (("-NewPrivateWindow") - "-new-private-window") - (("StartupNotify=true") - "StartupNotify=true + ;; These commands were changed. + (("-NewWindow") + "-new-window") + (("-NewPrivateWindow") + "-new-private-window") + (("StartupNotify=true") + "StartupNotify=true StartupWMClass=Navigator")) - (copy-file desktop-file "librewolf.desktop") - (install-file "librewolf.desktop" applications)))) - (add-after 'install-desktop-entry 'install-icons - (lambda* (#:key outputs #:allow-other-keys) - (let ((icon-source-dir (string-append #$output - "/lib/librewolf/browser/" - "chrome/icons/default"))) - (for-each (lambda (size) - (let ((dest (string-append #$output - "/share/icons/hicolor/" - size - "x" - size - "/apps"))) - (mkdir-p dest) - (symlink (string-append icon-source-dir - "/default" size ".png") - (string-append dest - "/librewolf.png")))) - '("16" "32" "48" "64" "128")))))) - - ;; Test will significantly increase build time but with little rewards. - #:tests? #f - - ;; WARNING: Parallel build will consume lots of memory! - ;; If you have encountered OOM issue in build phase, try disable it. - #:parallel-build? #t - - ;; Some dynamic lib was determined at runtime, so rpath check may fail. - #:validate-runpath? #f)) - (inputs (list bash-minimal - bzip2 - cairo - cups - dbus-glib - freetype - ffmpeg - gdk-pixbuf - glib - gtk+ - gtk+-2 - hunspell - icu4c-73 - jemalloc - libcanberra - libevent - libffi - libgnome - libjpeg-turbo - libnotify - libpng-apng - libva - libvpx - libwebp - libxcomposite - libxft - libxinerama - libxscrnsaver - libxt - mesa - mit-krb5 - nspr - nss/fixed - pango - pciutils - pipewire - pixman - pulseaudio - speech-dispatcher - sqlite - startup-notification - eudev - unzip - zip - zlib)) - (native-inputs (list alsa-lib - autoconf-2.13 - `(,rust-librewolf "cargo") - clang-18 - llvm-18 - m4 - nasm - node-lts - perl - pkg-config - python - rust-librewolf - rust-cbindgen-0.26 - which - yasm)) - (home-page "https://librewolf.net/") - (synopsis - "Custom version of Firefox, focused on privacy, security and freedom") - (description - "LibreWolf is designed to increase protection against tracking and + (copy-file desktop-file "librewolf.desktop") + (install-file "librewolf.desktop" applications)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let ((icon-source-dir (string-append #$output + "/lib/librewolf/browser/" + "chrome/icons/default"))) + (for-each (lambda (size) + (let ((dest (string-append #$output + "/share/icons/hicolor/" + size + "x" + size + "/apps"))) + (mkdir-p dest) + (symlink (string-append icon-source-dir + "/default" size ".png") + (string-append dest + "/librewolf.png")))) + '("16" "32" "48" "64" "128")))))) + + ;; Test will significantly increase build time but with little rewards. + #:tests? #f + + ;; WARNING: Parallel build will consume lots of memory! + ;; If you have encountered OOM issue in build phase, try disable it. + #:parallel-build? #t + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f)) + (inputs (list bash-minimal + bzip2 + cairo + cups + dbus-glib + freetype + ffmpeg + gdk-pixbuf + glib + gtk+ + gtk+-2 + hunspell + icu4c-73 + jemalloc + libcanberra + libevent + libffi + libgnome + libjpeg-turbo + libnotify + libpng-apng + libva + libvpx + libwebp + libxcomposite + libxft + libxinerama + libxscrnsaver + libxt + mesa + mit-krb5 + nspr + nss-latest + pango + pciutils + pipewire + pixman + pulseaudio + speech-dispatcher + sqlite + startup-notification + eudev + unzip + zip + zlib)) + (native-inputs (list alsa-lib + autoconf-2.13 + `(,rust-librewolf "cargo") + clang-18 + llvm-18 + m4 + nasm + node-lts + perl + pkg-config + python + rust-librewolf + rust-cbindgen-0.26 + which + yasm)) + (home-page "https://librewolf.net/") + (synopsis + "Custom version of Firefox, focused on privacy, security and freedom") + (description + "LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.") - (license license:mpl2.0))) + (license license:mpl2.0)))) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 29 16:51:15 2024 Received: (at 71832) by debbugs.gnu.org; 29 Jun 2024 20:51:15 +0000 Received: from localhost ([127.0.0.1]:53706 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNf2P-0000NL-2y for submit@debbugs.gnu.org; Sat, 29 Jun 2024 16:51:15 -0400 Received: from wfhigh6-smtp.messagingengine.com ([64.147.123.157]:56825) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNf2I-0000Me-HH for 71832@debbugs.gnu.org; Sat, 29 Jun 2024 16:51:10 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.west.internal (Postfix) with ESMTP id F230118000D3; Sat, 29 Jun 2024 13:22:18 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Sat, 29 Jun 2024 13:22:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1719681738; x=1719768138; bh=HGx6+r3u8Pfo1WG5zuxQ70ICaN8Yur/1iQ4wEZ3GFXk=; b= oOoYIOJUH/jGrfNwVeOiKNKUfkpTGY5OLCaCHF8k6Vart3YnnipDUpyQFlGjf76I w2R35B5rOY8YWeFnELlLHyFKtNPetHSXPY0zAqDGA57sqUhvIQlw3OsGfcv1x3fD DAn8PS/ZJI1R+3oqAJNTby/OGe6qAJ9cNbDaAnre9dCKG7QOlZGn2jE/Kz97XTq3 oq7cY7OGHssHB5TIPWsQSCNV1e5kLyspMHC44Q2b+5PSkZKWNqOFzwA3M91aMMnn Jpl2kFADRtvAfkvn5jlYUE+JeAuNg9QZBvFSKgtQphMIeYXasahKvbpdYqRNXLPg GynpxYHrXRvtr1nsVopy8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1719681738; x= 1719768138; bh=HGx6+r3u8Pfo1WG5zuxQ70ICaN8Yur/1iQ4wEZ3GFXk=; b=L Wd/NA6rwrxBu74kAnrO2a0z9z7xkHoDKLNqYrD09r97G1rBqVxLc11ZP7M8bezE7 e3/jRUm6Fj+8Jt1ZCf6hKZoTlSfokxP2QHuCTYWCCbJSd289gEqawOp0wXvk7Npm d70VViXE4uVNdEGdwCCPsfQYSZaH3MwyUsaAkh4Dz1HYhGbVXVJu9PGV85sIq14J ueCX3lZJM979OOJ+VgKm2VgRe34UHr2vJZR0DoJOQkv1YHYLY+oGSf/Eb5TbnEgv mx0HxK1Y7GK21wHM9gZ+squ58+rvOJ9yFFU0dFQRoH3+xwN5oQzXsVxMXl2mKX34 0VPX+6xizl39OqSe/n3RQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdelgdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfgggtgfesth ekredtredtjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgv tgdrthhvqeenucggtffrrghtthgvrhhnpeeihfevgfegtdeukeejgfeifefgudelgeegte ffvdevueeuffduvefhiedvudekieenucffohhmrghinhepshgvrghrtghhfhhogidrohhr ghdpghhnuhdrohhrghdptghonhhtvghnthdrrhgvrggupdhmohiiihhllhgrrdhorhhgpd hgvghtrgguughonhhsrdhsvggrrhgthhdpghgvthgrugguohhnshdrlhhinhhkpdhgihht hhhusgdrtghomhdplhhisghrvgifohhlfhdrnhgvthenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Jun 2024 13:22:17 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v2 2/2] gnu: librewolf: Update to 127.0.2-1. Date: Sat, 29 Jun 2024 10:22:09 -0700 Message-ID: <20240629172209.26420-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240629172209.26420-1-ian@retrospec.tv> References: <20240629172209.26420-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 127.0.2-1. Reorganize module to improve usability and reduce duplication. The Rust package and build ID are now at the top of the file. The librewolf-source variable has been replaced with the make-librewolf-source procedure, centralizing versions & hashes in the librewolf package definition. Dedent some of the package’s arguments to improve readability. Change-Id: I15f8a2aa1fae07e0497ab5511d10af0c1f70cc2e --- gnu/packages/librewolf.scm | 1044 ++++++++++++++++++------------------ 1 file changed, 526 insertions(+), 518 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index c84bcaf3ce..a400080dcb 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -93,6 +93,18 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +;; Define the versions of rust needed to build librewolf, trying to match +;; upstream. See the file taskcluster/kinds/toolchain/rust.yml at +;; https://searchfox.org under the particular firefox release, like +;; mozilla-esr102. +;; 1.75 is the default in Guix, 1.77 is the minimum for Librewolf. +(define rust-librewolf rust-1.77) + +;; Update this id with every update to its release date. +;; It's used for cache validation and therefore can lead to strange bugs. +;; ex: date '+%Y%m%d%H%M%S' +(define %librewolf-build-id "20240626133423") + (define (firefox-source-origin version hash) (origin (method url-fetch) @@ -114,11 +126,14 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) - +(define* (make-librewolf-source version #:key firefox-hash librewolf-hash) + (let* ((ff-src (firefox-source-origin + (car (string-split version #\-)) + firefox-hash)) + (version version) + (lw-src (librewolf-source-origin + version + librewolf-hash))) (origin (method computed-origin-method) (file-name (string-append "librewolf-" version ".source.tar.gz")) @@ -162,11 +177,6 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) - ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. - (substitute* '("assets/patches.txt") - (("patches/encoding_rs.patch\\\n$") - "")) - ;; Stage locales. (begin (format #t "Staging locales...~%") @@ -204,523 +214,521 @@ (define librewolf-source ".source.tar.gz") #$output)))))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. - -;; Update this id with every update to its release date. -;; It's used for cache validation and therefore can lead to strange bugs. -;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") - (define-public librewolf - (package - (name "librewolf") - (version "126.0.1-1") - (source librewolf-source) - (build-system gnu-build-system) - (arguments - (list - #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))) - `("--enable-application=browser" - - ;; Configuration - "--without-wasm-sandboxed-libraries" - "--with-system-jpeg" - "--with-system-zlib" - "--with-system-png" - "--with-system-webp" - "--with-system-icu" - "--with-system-libvpx" - "--with-system-libevent" - "--with-system-ffi" - "--enable-system-pixman" - "--enable-jemalloc" - - ;; see https://bugs.gnu.org/32833 - "--with-system-nspr" - "--with-system-nss" - - ,(string-append "--with-clang-path=" clang - "/bin/clang") - ,(string-append "--with-libclang-path=" clang - "/lib") - - ;; Distribution - "--with-distribution-id=org.guix" - "--with-app-name=librewolf" - "--with-app-basename=LibreWolf" - "--with-branding=browser/branding/librewolf" - - ;; Features - "--disable-tests" - "--disable-updater" - "--enable-pulseaudio" - "--disable-crashreporter" - "--allow-addon-sideload" - "--with-unsigned-addon-scopes=app,system" - "--disable-eme" - - ;; Build details - "--disable-debug" - "--enable-rust-simd" - "--enable-release" - "--enable-optimize" - "--enable-strip" - "--enable-hardening" - "--disable-elf-hack")) - #:imported-modules %cargo-utils-modules - #:modules `((ice-9 regex) - (ice-9 string-fun) - (ice-9 ftw) - (srfi srfi-1) - (srfi srfi-26) - (rnrs bytevectors) - (rnrs io ports) - (guix elf) - (guix build gremlin) - ,@%gnu-build-system-modules) - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'fix-preferences - (lambda* (#:key inputs #:allow-other-keys) - (let ((port (open-file "browser/app/profile/firefox.js" - "a"))) - (define (write-setting key value) - (format port "~%pref(\"~a\", ~a);~%" key value) - (format #t + (let ((version "127.0.2-2")) + (package + (name "librewolf") + (version version) + (source (make-librewolf-source + version + #:firefox-hash + "1s73fdp7k60058ylyvlixq13k5hfbmj6k1y42fmzqlpg7n62lyqb" + #:librewolf-hash + "1f4xz496x1nf7lmvk50hakj9p6q0kzxl5f9s2k0b6kczvyc8gw5n")) + + (build-system gnu-build-system) + (arguments + (list + #:configure-flags + #~(let ((clang #$(this-package-native-input "clang"))) + `("--enable-application=browser" + + ;; Configuration + "--without-wasm-sandboxed-libraries" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-png" + "--with-system-webp" + "--with-system-icu" + "--with-system-libvpx" + "--with-system-libevent" + "--with-system-ffi" + "--enable-system-pixman" + "--enable-jemalloc" + + ;; see https://bugs.gnu.org/32833 + "--with-system-nspr" + "--with-system-nss" + + ,(string-append "--with-clang-path=" clang + "/bin/clang") + ,(string-append "--with-libclang-path=" clang + "/lib") + + ;; Distribution + "--with-distribution-id=org.guix" + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + + ;; Features + "--disable-tests" + "--disable-updater" + "--enable-pulseaudio" + "--disable-crashreporter" + "--allow-addon-sideload" + "--with-unsigned-addon-scopes=app,system" + "--disable-eme" + + ;; Build details + "--disable-debug" + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--enable-hardening" + "--disable-elf-hack")) + #:imported-modules %cargo-utils-modules + #:modules `((ice-9 regex) + (ice-9 string-fun) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-preferences + (lambda* (#:key inputs #:allow-other-keys) + (let ((port (open-file "browser/app/profile/firefox.js" + "a"))) + (define (write-setting key value) + (format port "~%pref(\"~a\", ~a);~%" key value) + (format #t "fix-preferences: setting value of ~a to ~a~%" key value)) - ;; We should allow the sandbox to read the store directory, - ;; because the sandbox has access to /usr on FHS distros. - (write-setting - "security.sandbox.content.read_path_whitelist" - (string-append "\"" - (%store-directory) "/\"")) - - ;; XDG settings should be managed by Guix. - (write-setting "browser.shell.checkDefaultBrowser" - "false") - (close-port port)))) - (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker - (lambda* (#:key inputs #:allow-other-keys) - (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) - (libavcodec (string-append ffmpeg - "/lib/libavcodec.so"))) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - libavcodec))))) - (add-after 'patch-source-shebangs 'patch-cargo-checksums - (lambda _ - (use-modules (guix build cargo-utils)) - (let ((null-hash - ;; This is the SHA256 output of an empty string. - (string-append - "e3b0c44298fc1c149afbf4c8996fb924" - "27ae41e4649b934ca495991b7852b855"))) - (for-each (lambda (file) - (format #t + ;; We should allow the sandbox to read the store directory, + ;; because the sandbox has access to /usr on FHS distros. + (write-setting + "security.sandbox.content.read_path_whitelist" + (string-append "\"" + (%store-directory) "/\"")) + + ;; XDG settings should be managed by Guix. + (write-setting "browser.shell.checkDefaultBrowser" + "false") + (close-port port)))) + (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg + "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + ;; This is the SHA256 output of an empty string. + (string-append + "e3b0c44298fc1c149afbf4c8996fb924" + "27ae41e4649b934ca495991b7852b855"))) + (for-each (lambda (file) + (format #t "patch-cargo-checksums: patching checksums in ~a~%" file) - (substitute* file - (("(checksum = )\".*\"" all name) - (string-append name "\"" null-hash - "\"")))) - (find-files "." "Cargo\\.lock$")) - (for-each generate-all-checksums - '("build" - "dom/media" - "dom/webauthn" - "gfx" - "intl" - "js" - "media" - "modules" - "mozglue/static/rust" - "netwerk" - "remote" - "security/manager/ssl" - "servo" - "storage" - "third_party/rust" - "toolkit" - "xpcom/rust" - "services"))))) - (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag - (lambda _ - ;; Remove --frozen flag from cargo invokation, otherwise it'll - ;; complain that it's not able to change Cargo.lock. - ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 - (substitute* "build/RunCbindgen.py" - (("args.append\\(\"--frozen\"\\)") "pass")))) - (delete 'bootstrap) - (add-before 'configure 'patch-SpeechDispatcherService.cpp - (lambda _ - (let* ((lib "libspeechd.so.2") - (file (string-append - "dom/media/webspeech/synth/" - "speechd/SpeechDispatcherService.cpp")) - (old-content (call-with-input-file file - get-string-all))) - (substitute - file - `((,(format #f "~s" lib) unquote - (lambda (line _) - (string-replace-substring - line lib - (string-append #$speech-dispatcher - "/lib/" lib)))))) - (if (string=? old-content - (call-with-input-file file - get-string-all)) - (error - "substitute did nothing, phase requires an update"))))) - (add-before 'configure 'set-build-id - ;; Build will write the timestamp to output, which is harmful - ;; for reproducibility, so change it to a fixed date. Use a - ;; separate phase for easier modification with inherit. - (lambda _ - (setenv "MOZ_BUILD_DATE" - #$%librewolf-build-id))) - (replace 'configure - (lambda* (#:key inputs outputs configure-flags - #:allow-other-keys) - (setenv "AUTOCONF" - (string-append (assoc-ref inputs "autoconf") - "/bin/autoconf")) - (setenv "SHELL" - (which "bash")) - (setenv "CONFIG_SHELL" - (which "bash")) - (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" - "system") - ;; This should use the host info probably (does it - ;; build on non-x86_64 though?) - (setenv "GUIX_PYTHONPATH" - (string-append (getcwd) - "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) - - ;; Use Clang, Clang is 2x faster than GCC - (setenv "AR" "llvm-ar") - (setenv "NM" "llvm-nm") - (setenv "CC" "clang") - (setenv "CXX" "clang++") - (setenv "MOZ_NOSPAM" "1") - (setenv "MOZ_APP_NAME" "librewolf") - - (setenv "MOZBUILD_STATE_PATH" - (getcwd)) - - (let* ((mozconfig (string-append (getcwd) "/mozconfig")) - (out (assoc-ref outputs "out")) - (flags (cons (string-append "--prefix=" out) - configure-flags))) - (format #t "build directory: ~s~%" - (getcwd)) - (format #t "configure flags: ~s~%" flags) - - (define write-flags - (lambda flags - (display (string-join (map (cut string-append - "ac_add_options " <>) - flags) "\n")) - (display "\n"))) - (with-output-to-file mozconfig - (lambda () - (apply write-flags flags) - ;; The following option unsets Telemetry - ;; Reporting. With the Addons Fiasco, - ;; Mozilla was found to be collecting - ;; user's data, including saved passwords - ;; and web form data, without users - ;; consent. Mozilla was also found - ;; shipping updates to systems without - ;; the user's knowledge or permission. - ;; As a result of this, use the following - ;; command to permanently disable - ;; telemetry reporting. - (display "unset MOZ_TELEMETRY_REPORTING\n") - (display "mk_add_options MOZ_CRASHREPORTER=0\n") - (display "mk_add_options MOZ_DATA_REPORTING=0\n") - (display - "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") - (display - "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) - (setenv "MOZCONFIG" mozconfig)) - (invoke "./mach" "configure"))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") - "gnuzilla.gnu.org")))) - (replace 'build - (lambda* (#:key (make-flags '()) - (parallel-build? #t) #:allow-other-keys) - (apply invoke "./mach" "build" - ;; mach will use parallel build if possible by default - `(,@(if parallel-build? - '() - '("-j1")) ,@make-flags)))) - (add-after 'build 'neutralise-store-references - (lambda _ - ;; Mangle the store references to compilers & - ;; other build tools in about:buildconfig, - ;; reducing the package's closure by 1 GiB on - ;; x86-64. - (let* ((build-dir (car (scandir "." - (cut string-prefix? - "obj-" <>)))) - (file (string-append build-dir - "/dist/bin/chrome/toolkit/" - "content/global/buildconfig.html"))) - (substitute* file - (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" - (regexp-quote (%store-directory))) - _ store hash) - (string-append store - (string-take hash 8) - "" - (string-drop hash 8))))))) - (replace 'install - (lambda _ - (invoke "./mach" "install"))) - (add-after 'install 'remove-duplicate-bin - (lambda* (#:key outputs #:allow-other-keys) - (delete-file (string-append #$output - "/lib/librewolf/librewolf-bin")))) - (add-after 'install 'wrap-glxtest - ;; glxtest uses dlopen() to load mesa and pci - ;; libs, wrap it to set LD_LIBRARY_PATH. - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "pciutils")))) - (wrap-program (car (find-files lib "^glxtest$")) - `("LD_LIBRARY_PATH" prefix ,libs))))) - (add-after 'install 'patch-config - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (string-append #$output "/lib/librewolf")) - (config-file "librewolf.cfg")) - - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (substitute* (in-vicinity lib config-file) - (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") - "defaultPref(\"extensions.enabledScopes\", 13)")) - ;; Use Mozzarella addons repo. - (call-with-port - (open-file - (in-vicinity lib config-file) - "a") - (lambda (port) - ;; Add-ons panel (see settings.js in Icecat source). - (for-each - (lambda (pref) - (format port - "defaultPref(~s, ~s);~%" - (car pref) - (cdr pref))) - `(("extensions.getAddons.search.browseURL" - ,(string-append - "https://gnuzilla.gnu.org/mozzarella/" - "search.php?q=%TERMS%")) - ("extensions.getAddons.get.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.link.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.discovery.api_url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.langpacks.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("lightweightThemes.getMoreURL" . - "https://gnuzilla.gnu.org/mozzarella")))))))) - (add-after 'install 'wrap-program - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; The following two functions are from Guix's icecat package in - ;; (gnu packages gnuzilla). See commit - ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath elf-dynamic-info - parse-elf get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) - "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "libpng-apng" "libnotify" "libva" - "pulseaudio" "gtk+" "pipewire" - ;; For U2F and WebAuthn - "eudev"))) - - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox - ;; and must be explicitly given access to files it needs. - ;; Rather than adding the whole store (as Nix had - ;; upstream do, see - ;; and - ;; linked upstream patches), we can just follow the - ;; runpaths of the needed libraries to add everything to - ;; LD_LIBRARY_PATH. These will then be accessible in the - ;; RDD sandbox. - (rdd-whitelist (map (cut string-append <> "/") - (delete-duplicates (append-map - runpaths-of-input - '("mesa" - "ffmpeg"))))) - (gtk-share (string-append (assoc-ref inputs - "gtk+") - "/share"))) - (wrap-program (car (find-files lib "^librewolf$")) - `("LD_LIBRARY_PATH" prefix - (,@libs ,@rdd-whitelist)) - `("XDG_DATA_DIRS" prefix - (,gtk-share)) - `("MOZ_LEGACY_PROFILES" = - ("1")) - `("MOZ_ALLOW_DOWNGRADE" = - ("1")))))) - (add-after 'wrap-program 'install-desktop-entry - (lambda* (#:key outputs #:allow-other-keys) - (let* ((desktop-file - "taskcluster/docker/firefox-snap/firefox.desktop") - (applications (string-append #$output - "/share/applications"))) - (substitute* desktop-file - (("^Exec=firefox") - (string-append "Exec=" - #$output "/bin/librewolf")) - ;; "Firefox" -> "LibreWolf" everywhere - (("Firefox") - "LibreWolf") - ;; Remove non-Latin translations. - (("^Name\\[(ar|bn)\\].*$") - "") - (("^Icon=.*") - (string-append "Icon=" - #$output - "/share/icons/hicolor/128x128/apps/librewolf.png + (substitute* file + (("(checksum = )\".*\"" all name) + (string-append name "\"" null-hash + "\"")))) + (find-files "." "Cargo\\.lock$")) + (for-each generate-all-checksums + '("build" + "dom/media" + "dom/webauthn" + "gfx" + "intl" + "js" + "media" + "modules" + "mozglue/static/rust" + "netwerk" + "remote" + "security/manager/ssl" + "servo" + "storage" + "third_party/rust" + "toolkit" + "xpcom/rust" + "services"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("args.append\\(\"--frozen\"\\)") "pass")))) + (delete 'bootstrap) + (add-before 'configure 'patch-SpeechDispatcherService.cpp + (lambda _ + (let* ((lib "libspeechd.so.2") + (file (string-append + "dom/media/webspeech/synth/" + "speechd/SpeechDispatcherService.cpp")) + (old-content (call-with-input-file file + get-string-all))) + (substitute + file + `((,(format #f "~s" lib) unquote + (lambda (line _) + (string-replace-substring + line lib + (string-append #$speech-dispatcher + "/lib/" lib)))))) + (if (string=? old-content + (call-with-input-file file + get-string-all)) + (error + "substitute did nothing, phase requires an update"))))) + (add-before 'configure 'set-build-id + ;; Build will write the timestamp to output, which is harmful + ;; for reproducibility, so change it to a fixed date. Use a + ;; separate phase for easier modification with inherit. + (lambda _ + (setenv "MOZ_BUILD_DATE" + #$%librewolf-build-id))) + (replace 'configure + (lambda* (#:key inputs outputs configure-flags + #:allow-other-keys) + (setenv "AUTOCONF" + (string-append (assoc-ref inputs "autoconf") + "/bin/autoconf")) + (setenv "SHELL" + (which "bash")) + (setenv "CONFIG_SHELL" + (which "bash")) + (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" + "system") + ;; This should use the host info probably (does it + ;; build on non-x86_64 though?) + (setenv "GUIX_PYTHONPATH" + (string-append (getcwd) + "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) + + ;; Use Clang, Clang is 2x faster than GCC + (setenv "AR" "llvm-ar") + (setenv "NM" "llvm-nm") + (setenv "CC" "clang") + (setenv "CXX" "clang++") + (setenv "MOZ_NOSPAM" "1") + (setenv "MOZ_APP_NAME" "librewolf") + + (setenv "MOZBUILD_STATE_PATH" + (getcwd)) + + (let* ((mozconfig (string-append (getcwd) "/mozconfig")) + (out (assoc-ref outputs "out")) + (flags (cons (string-append "--prefix=" out) + configure-flags))) + (format #t "build directory: ~s~%" + (getcwd)) + (format #t "configure flags: ~s~%" flags) + + (define write-flags + (lambda flags + (display (string-join (map (cut string-append + "ac_add_options " <>) + flags) "\n")) + (display "\n"))) + (with-output-to-file mozconfig + (lambda () + (apply write-flags flags) + ;; The following option unsets Telemetry + ;; Reporting. With the Addons Fiasco, + ;; Mozilla was found to be collecting + ;; user's data, including saved passwords + ;; and web form data, without users + ;; consent. Mozilla was also found + ;; shipping updates to systems without + ;; the user's knowledge or permission. + ;; As a result of this, use the following + ;; command to permanently disable + ;; telemetry reporting. + (display "unset MOZ_TELEMETRY_REPORTING\n") + (display "mk_add_options MOZ_CRASHREPORTER=0\n") + (display "mk_add_options MOZ_DATA_REPORTING=0\n") + (display + "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") + (display + "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) + (setenv "MOZCONFIG" mozconfig)) + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") + "gnuzilla.gnu.org")))) + (replace 'build + (lambda* (#:key (make-flags '()) + (parallel-build? #t) #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use parallel build if possible by default + `(,@(if parallel-build? + '() + '("-j1")) ,@make-flags)))) + (add-after 'build 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & + ;; other build tools in about:buildconfig, + ;; reducing the package's closure by 1 GiB on + ;; x86-64. + (let* ((build-dir (car (scandir "." + (cut string-prefix? + "obj-" <>)))) + (file (string-append build-dir + "/dist/bin/chrome/toolkit/" + "content/global/buildconfig.html"))) + (substitute* file + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) + _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda _ + (invoke "./mach" "install"))) + (add-after 'install 'remove-duplicate-bin + (lambda* (#:key outputs #:allow-other-keys) + (delete-file (string-append #$output + "/lib/librewolf/librewolf-bin")))) + (add-after 'install 'wrap-glxtest + ;; glxtest uses dlopen() to load mesa and pci + ;; libs, wrap it to set LD_LIBRARY_PATH. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "pciutils")))) + (wrap-program (car (find-files lib "^glxtest$")) + `("LD_LIBRARY_PATH" prefix ,libs))))) + (add-after 'install 'patch-config + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/librewolf")) + (config-file "librewolf.cfg")) + + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (substitute* (in-vicinity lib config-file) + (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") + "defaultPref(\"extensions.enabledScopes\", 13)")) + ;; Use Mozzarella addons repo. + (call-with-port + (open-file + (in-vicinity lib config-file) + "a") + (lambda (port) + ;; Add-ons panel (see settings.js in Icecat source). + (for-each + (lambda (pref) + (format port + "defaultPref(~s, ~s);~%" + (car pref) + (cdr pref))) + `(("extensions.getAddons.search.browseURL" + ,(string-append + "https://gnuzilla.gnu.org/mozzarella/" + "search.php?q=%TERMS%")) + ("extensions.getAddons.get.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.link.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.discovery.api_url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.langpacks.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("lightweightThemes.getMoreURL" . + "https://gnuzilla.gnu.org/mozzarella")))))))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; The following two functions are from Guix's icecat package in + ;; (gnu packages gnuzilla). See commit + ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath elf-dynamic-info + parse-elf get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) + "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "libpng-apng" "libnotify" "libva" + "pulseaudio" "gtk+" "pipewire" + ;; For U2F and WebAuthn + "eudev"))) + + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) + (gtk-share (string-append (assoc-ref inputs + "gtk+") + "/share"))) + (wrap-program (car (find-files lib "^librewolf$")) + `("LD_LIBRARY_PATH" prefix + (,@libs ,@rdd-whitelist)) + `("XDG_DATA_DIRS" prefix + (,gtk-share)) + `("MOZ_LEGACY_PROFILES" = + ("1")) + `("MOZ_ALLOW_DOWNGRADE" = + ("1")))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda* (#:key outputs #:allow-other-keys) + (let* ((desktop-file + "taskcluster/docker/firefox-snap/firefox.desktop") + (applications (string-append #$output + "/share/applications"))) + (substitute* desktop-file + (("^Exec=firefox") + (string-append "Exec=" + #$output "/bin/librewolf")) + ;; "Firefox" -> "LibreWolf" everywhere + (("Firefox") + "LibreWolf") + ;; Remove non-Latin translations. + (("^Name\\[(ar|bn)\\].*$") + "") + (("^Icon=.*") + (string-append "Icon=" + #$output + "/share/icons/hicolor/128x128/apps/librewolf.png ")) - ;; These commands were changed. - (("-NewWindow") - "-new-window") - (("-NewPrivateWindow") - "-new-private-window") - (("StartupNotify=true") - "StartupNotify=true + ;; These commands were changed. + (("-NewWindow") + "-new-window") + (("-NewPrivateWindow") + "-new-private-window") + (("StartupNotify=true") + "StartupNotify=true StartupWMClass=Navigator")) - (copy-file desktop-file "librewolf.desktop") - (install-file "librewolf.desktop" applications)))) - (add-after 'install-desktop-entry 'install-icons - (lambda* (#:key outputs #:allow-other-keys) - (let ((icon-source-dir (string-append #$output - "/lib/librewolf/browser/" - "chrome/icons/default"))) - (for-each (lambda (size) - (let ((dest (string-append #$output - "/share/icons/hicolor/" - size - "x" - size - "/apps"))) - (mkdir-p dest) - (symlink (string-append icon-source-dir - "/default" size ".png") - (string-append dest - "/librewolf.png")))) - '("16" "32" "48" "64" "128")))))) - - ;; Test will significantly increase build time but with little rewards. - #:tests? #f - - ;; WARNING: Parallel build will consume lots of memory! - ;; If you have encountered OOM issue in build phase, try disable it. - #:parallel-build? #t - - ;; Some dynamic lib was determined at runtime, so rpath check may fail. - #:validate-runpath? #f)) - (inputs (list bash-minimal - bzip2 - cairo - cups - dbus-glib - freetype - ffmpeg - gdk-pixbuf - glib - gtk+ - gtk+-2 - hunspell - icu4c-73 - jemalloc - libcanberra - libevent - libffi - libgnome - libjpeg-turbo - libnotify - libpng-apng - libva - libvpx - libwebp - libxcomposite - libxft - libxinerama - libxscrnsaver - libxt - mesa - mit-krb5 - nspr - nss/fixed - pango - pciutils - pipewire - pixman - pulseaudio - speech-dispatcher - sqlite - startup-notification - eudev - unzip - zip - zlib)) - (native-inputs (list alsa-lib - autoconf-2.13 - `(,rust-librewolf "cargo") - clang-18 - llvm-18 - m4 - nasm - node-lts - perl - pkg-config - python - rust-librewolf - rust-cbindgen-0.26 - which - yasm)) - (home-page "https://librewolf.net/") - (synopsis - "Custom version of Firefox, focused on privacy, security and freedom") - (description - "LibreWolf is designed to increase protection against tracking and + (copy-file desktop-file "librewolf.desktop") + (install-file "librewolf.desktop" applications)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let ((icon-source-dir (string-append #$output + "/lib/librewolf/browser/" + "chrome/icons/default"))) + (for-each (lambda (size) + (let ((dest (string-append #$output + "/share/icons/hicolor/" + size + "x" + size + "/apps"))) + (mkdir-p dest) + (symlink (string-append icon-source-dir + "/default" size ".png") + (string-append dest + "/librewolf.png")))) + '("16" "32" "48" "64" "128")))))) + + ;; Test will significantly increase build time but with little rewards. + #:tests? #f + + ;; WARNING: Parallel build will consume lots of memory! + ;; If you have encountered OOM issue in build phase, try disable it. + #:parallel-build? #t + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f)) + (inputs (list bash-minimal + bzip2 + cairo + cups + dbus-glib + freetype + ffmpeg + gdk-pixbuf + glib + gtk+ + gtk+-2 + hunspell + icu4c-73 + jemalloc + libcanberra + libevent + libffi + libgnome + libjpeg-turbo + libnotify + libpng-apng + libva + libvpx + libwebp + libxcomposite + libxft + libxinerama + libxscrnsaver + libxt + mesa + mit-krb5 + nspr + nss-latest + pango + pciutils + pipewire + pixman + pulseaudio + speech-dispatcher + sqlite + startup-notification + eudev + unzip + zip + zlib)) + (native-inputs (list alsa-lib + autoconf-2.13 + `(,rust-librewolf "cargo") + clang-18 + llvm-18 + m4 + nasm + node-lts + perl + pkg-config + python + rust-librewolf + rust-cbindgen-0.26 + which + yasm)) + (home-page "https://librewolf.net/") + (synopsis + "Custom version of Firefox, focused on privacy, security and freedom") + (description + "LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.") - (license license:mpl2.0))) + (license license:mpl2.0)))) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 29 16:51:16 2024 Received: (at 71832) by debbugs.gnu.org; 29 Jun 2024 20:51:16 +0000 Received: from localhost ([127.0.0.1]:53708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNf2R-0000NQ-JY for submit@debbugs.gnu.org; Sat, 29 Jun 2024 16:51:16 -0400 Received: from wfhigh6-smtp.messagingengine.com ([64.147.123.157]:46685) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNf2I-0000Mf-HG for 71832@debbugs.gnu.org; Sat, 29 Jun 2024 16:51:10 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.west.internal (Postfix) with ESMTP id 48C9618000CC; Sat, 29 Jun 2024 13:22:17 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sat, 29 Jun 2024 13:22:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1719681736; x= 1719768136; bh=xJ5vDGQmMCogEZ9Ltpxs299XYYgKmWbiY6+ONSDlUOw=; b=r nvmCYjCIKcnGfMHw2sMqFbXpTlY8RTgF888dnDgHr9oa3pjdbkY/kohbZPx/xpOS 9UWRCaATk5ElXUkWhgpDV+wktofJE7vzUMlGx6mYpNeUDD05Inrfok1OrUXEotJT IDcaNip//QmIYn6Op6PEMRftQITIWSRjegzojUmy6z2qllIiB5W5Di+8Q/rA7NTX LXI7tGeUZ9KHAlJgY4f/DzzNAqPecDzI6hUnq2W0kC9oBVe9Mf6s8lz/zQ5yKsDc b3aDpiAvtczfigcHlNwIYVkM6BKIK6fcUaumDH4Tv1EyRpGlOc4GLo4DU8H0ShXw 9rQTkFFMD6UhFVRcdQ8Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1719681736; x= 1719768136; bh=xJ5vDGQmMCogEZ9Ltpxs299XYYgKmWbiY6+ONSDlUOw=; b=s rE9dmer4tMjLFGglpJiGhlNXnNysnJbtdbpmbxGV7PpQiatXSs/LH7Ls/ygASDk3 vmm9iIcQU0B5JScyH+zECH/3eBca53XetMr9jfdSFHNXCOYOTJx3feSjDjrgW+bh LFXyJfCedSpyHD/NU7JHxNaOKpjSQeZDbRITwuL7kNkJuMIsw/bcCy93UNftSYFn NhIG1Uw69rltjXE4Ff4D7WtFKbboHm6Zupbs5GpcjAfb51ODbkOZozxZwLlnIpf8 PQsELO3g8JCQrYj3HfQsrvGUSXhW/T4eTmME8rxnMzHG+nFeJ6MhL9O9VT56hB4A vddsGSSP+KCVEX3fZgSjQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdelgdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtke ertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepgfetieffvdeljeelieeiveeggeelgeeiveejke efveeludfgheettefgueffvefhnecuffhomhgrihhnpehmohiiihhllhgrrdhorhhgnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrh gvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Jun 2024 13:22:15 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v2 1/2] gnu: Add nss-latest. Date: Sat, 29 Jun 2024 10:22:08 -0700 Message-ID: <20240629172209.26420-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240629172209.26420-1-ian@retrospec.tv> References: <20240629172209.26420-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-latest): New variable. Change-Id: Ifdc215090a20dee1bde83013852ef21b6cfd9979 --- gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index d558079f44..6b45e59ea8 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,58 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-latest tracks the latest released version. + +(define-public nss-latest + (package + (inherit nss) + (name "nss-latest") + (version "3.101") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "1rw5xpclsy174znvxcb4d4zgjwadxy45mbh0wvkm3fxpnkq4i5w5")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))))) + (define-public nsncd (package (name "nsncd") -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 29 17:01:11 2024 Received: (at 71832) by debbugs.gnu.org; 29 Jun 2024 21:01:11 +0000 Received: from localhost ([127.0.0.1]:53735 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNfC3-0000ez-9h for submit@debbugs.gnu.org; Sat, 29 Jun 2024 17:01:11 -0400 Received: from wfout6-smtp.messagingengine.com ([64.147.123.149]:34723) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sNfC0-0000ej-EQ for 71832@debbugs.gnu.org; Sat, 29 Jun 2024 17:01:09 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfout.west.internal (Postfix) with ESMTP id 6AD361C0009A; Sat, 29 Jun 2024 13:22:15 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sat, 29 Jun 2024 13:22:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1719681735; x=1719768135; bh=ua BIijiVOvk+gq2zfJc1w1Ne0bSGgQgSdg2pGo+L2IE=; b=gHVMOl2kdJ/1UGe16C uMm4NFDbTW0TaykqNYTmlIbMDLmxbST0V5O62/zpHPCV2HfkTg6s1tCDnOkHxZij 6FQJ3RycO2ukS1R3GxEEleWrAHSygIrw1PlTMDfVyTJYcK+HZMoekURDaW5G8hTY jlfyKRXTunUXR3/6nfWiNf8CsrLeSNDE2xMXHGiDoIC83JQ3DtVcCuhWW8am97yy +tDhxdKoH7DU5D4L7oJjfnXvbkNrQ2xkBAGPGf4PGH/wI8VWobH6XiS8z1olhLGa 3muPAeaVTN5+hK859ZDnIc+fKP5WI28OxUXzXp32+weSDJ8wuc3RBcNkyFmNP4My qr8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1719681735; x=1719768135; bh=uaBIijiVOvk+g q2zfJc1w1Ne0bSGgQgSdg2pGo+L2IE=; b=Qlu0K3XWjkXgKHCAMNpMIbOW6bnev ro5WFDMqNNzA2tnGT8QYJc7AH0VJpjCpiaFBZ4zCgrw/oTOYK8Wn7WyFUxyeVxev 6q7gOmREzjAQwr3he/jsTs4C+/i/G4N+iJE68JSTxX24VM9hpd6jvA38qUwsXUue boXLwym0pTG9AL9x/d74TDxhBwk56Uoe0Md/6KziKRz/yScgyFIUpiE9zLaM5Luj arDSM2W/xQbzzrYYtroGCZ7iSdOOvLmwHuumwWPCHvJpuUAmGD/Y+i6b9OUK7AwD lAH5CkNc1uO9EtgF+L5ySI8dyIelY8y7Q6C1PzuhE/nYchrAteljkEnAQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrtdelgdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffogggtgfesthekre dtredtjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgueekffejudfgvdevteelteeitdeuuddufffhue fhiefhjeetuefhgfettedvteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Jun 2024 13:22:14 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v2 0/2] Add nss-latest; update Librewolf to 127.0.2-2 Date: Sat, 29 Jun 2024 10:22:07 -0700 Message-ID: <20240629172209.26420-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Realized that I didn't remove the backout of the encoding_rs patch which was added for 126.x. The browser built and worked, but that change isn’t needed anymore; remove it. Ian Eure (2): gnu: Add nss-latest. gnu: librewolf: Update to 127.0.2-1. gnu/packages/librewolf.scm | 1044 ++++++++++++++++++------------------ gnu/packages/nss.scm | 67 ++- 2 files changed, 587 insertions(+), 524 deletions(-) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 01 20:21:23 2024 Received: (at 71832) by debbugs.gnu.org; 2 Jul 2024 00:21:23 +0000 Received: from localhost ([127.0.0.1]:35169 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGt-0005C5-A5 for submit@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:23 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:38311) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGq-0005Bi-07 for 71832@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:22 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfhigh.nyi.internal (Postfix) with ESMTP id C4C3A1140116; Mon, 1 Jul 2024 20:21:13 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 01 Jul 2024 20:21:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1719879673; x=1719966073; bh=Mv AcYnKJu33ywpj0I6+EBlk2cw8vi+SnMa5HkfQrWzg=; b=RqpC2H9fLugVhLbtXm lsGchdRpiVQ8CyXqX1Bcu1u7LGTbT3wMnhJA1w7sMPpPyA2Vqf4c3Hh+6T83juK6 L9LOGkidJ8i3F16rh4MsIxqytFAnw/qQSH2+VYqe+S7TxAw3hlmM/Nqb4rajmLya HiHOwvUwGDTJv1seZvTA7ae0ASmZyqRKCswkRo2yZzfnOjvGS8srT9ss6j3WyWhd 36gdOb9pK0/MCP48q7dtSYnadrOihDXOOgjv7PdY5Q9f6dGiZKchKj+A/dE91YUk 2Guhy8Agc4QPm7s247SHB0/JsL78vFOPXUnUSsIRyjoiAD4emeBdqZUcZx/xxmtu 2B6A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1719879673; x=1719966073; bh=MvAcYnKJu33yw pj0I6+EBlk2cw8vi+SnMa5HkfQrWzg=; b=hXB2fJXIXuWGTmhyw7cVz/SIa3PR/ FutaDBZW9hM4/1cLlHUhEJm0a7eiet1nrTl0ImTlV65EES7qTrhPLkfU2jii6Zti GLw97+3GjXBNRxnzqicb7YLSIw14JcLOXhK8IGWR1OSnF/eE134m0ZMET9ubGgZa o67psES1U5g3YvWFqm+hQx9uTxdgrOd7pRRLoyBv/5eze9aHIL3K83SIXgeLZTAf sXb0AGbNMxx7IRzQ3q+TIbzwedfAi4cHj65mOhpUHLpj6NE5VtDxZ837F/E+e4vR YO7oSVcd2Bbb/x2fV39sKJOlfM06MEEuwAr7F1Ho+rDoxU4EOtr9f6Dlg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeggdefvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhepgfeukeffjedugfdvveetleetiedtueduudffhfeuhf eihfejteeuhffgteetvdetnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 1 Jul 2024 20:21:11 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v3 0/2] Add nss-rapid; updte Librewolf to 127.0.2-2. Date: Mon, 1 Jul 2024 17:21:01 -0700 Message-ID: <20240702002103.9015-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Updated with discussion from guix-devel: - nss rapid release package is now named `nss-rapid'. - Synposis and description clarify what this means. - Comments added above nss-rapid with packager guidance. Ian Eure (2): gnu: Add nss-rapid. gnu: librewolf: Update to 127.0.2-1. gnu/packages/librewolf.scm | 1044 ++++++++++++++++++------------------ gnu/packages/nss.scm | 80 ++- 2 files changed, 600 insertions(+), 524 deletions(-) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 01 20:21:24 2024 Received: (at 71832) by debbugs.gnu.org; 2 Jul 2024 00:21:24 +0000 Received: from localhost ([127.0.0.1]:35171 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGt-0005C7-Ji for submit@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:24 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:40065) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGq-0005Bk-JV for 71832@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:22 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 9FF64114018E; Mon, 1 Jul 2024 20:21:14 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Mon, 01 Jul 2024 20:21:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1719879674; x= 1719966074; bh=LmCjBBGxTnzhSaAdOd/Kr2DAWUyzcvU2yaZlIkzLcEk=; b=i TRAUEgfqRmhIDYbV5ZY4vnxk/gTBvx4w4T4QFKp1+3aJtVelpVT9PybUq7uFKQvE dFHjkVgau7ObAJTrGrwnUn9yL0EHjlNYvhEGUeKYxWNnr6L39pk7jZ6xoUSTh8BZ KKEJ02V2woKP4NCdjzaktGYruR26gw60s/3q3i2s76ZfIWjHyj0mUM6IHt5+S5Ih xdXIFFhdOVNoz8u/wwkXI2AKbqYu2MpGZ2HIl/0dA0cyXmGx7CMvHEKnGcXVUwjq 8FDI855m+jwi9x60kuW8UTfmNU/yu+jLzIHZoaq9v2VNgGVcStmrfjYXC8ot6fEs 6+qa552EEomAHPqmLgDvw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1719879674; x= 1719966074; bh=LmCjBBGxTnzhSaAdOd/Kr2DAWUyzcvU2yaZlIkzLcEk=; b=E 4FiYukmJ1OBo9j5+ilBfSmolmnfO9b87GBF/SERuCHdyvvJKatcxeqtTTSsdRpjn bGADOQobhptb0iTiyOy9u6nIX/77Y5ryboHklq1LSQIbX+6ggLQlua4DUDaAFFgZ UrbXNB/ojE3vVLjM/0lVIbss06eR6SiWVeDbncJZ4LPN1tBrZKed0TurhSuQoBMt vctc9n8lLN5X/YWx8PIsPrNwMpGqfglR8v7rCG+xD4ZXf8st3pe4PRQAnAru0G8v RMYDJQWhmyG6IZuDjiPovaTQbu96x+OH2RMKaIk3NfWGcHv/hsuc+LOcue4G19PK sbUGfcGbU7lJKzsh1JcWQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeggdeffecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejleeiieevgeegleegieevjeekfe evledugfehteetgfeuffevhfenucffohhmrghinhepmhhoiihilhhlrgdrohhrghenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvg htrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 1 Jul 2024 20:21:13 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v3 1/2] gnu: Add nss-rapid. Date: Mon, 1 Jul 2024 17:21:02 -0700 Message-ID: <20240702002103.9015-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240702002103.9015-1-ian@retrospec.tv> References: <20240702002103.9015-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 80 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index d558079f44..4e892ce649 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.101") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "1rw5xpclsy174znvxcb4d4zgjwadxy45mbh0wvkm3fxpnkq4i5w5")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd") -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 01 20:21:28 2024 Received: (at 71832) by debbugs.gnu.org; 2 Jul 2024 00:21:28 +0000 Received: from localhost ([127.0.0.1]:35173 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGw-0005CR-9K for submit@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:28 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:50651) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sORGr-0005Bm-JP for 71832@debbugs.gnu.org; Mon, 01 Jul 2024 20:21:24 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 9F91211401AF; Mon, 1 Jul 2024 20:21:15 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Mon, 01 Jul 2024 20:21:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1719879675; x=1719966075; bh=HGx6+r3u8Pfo1WG5zuxQ70ICaN8Yur/1iQ4wEZ3GFXk=; b= AuADucbTWnh0DSQJTLqwiQWR36VUirErzvHkdMI1Rq5+BABmabdjoNvOTinkzQYz ZNQ5xUPAlpRTno9yXrhSLMc6dXFv5vBt6c/gOv35RcF45ahDUxHM+fuuusPpjzYB eX9cP9rlwKS7hfZ6JKR73jBrAk+FC1duy9a5XB9GwoIjNT02aiONWz5CgP1juicn Pu1EVAjSAh3tDkuRkjTvKdh+UfpJCeKJHUN4OIKGkn8C1kyfPUuDkqxWO0jUULac x4RnI8MFAxxjJC9IryXCTjku7IMtMJfrgIx6G3vdrIPOo0BAAmoBnb/RyBqb2m7m VTH/zm2FOnN8zXCu16cd7g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1719879675; x= 1719966075; bh=HGx6+r3u8Pfo1WG5zuxQ70ICaN8Yur/1iQ4wEZ3GFXk=; b=b eoTHdBFuaV/SKA4PBh8nc8pUkxlBc2rzPNs+36TVb2N6qegqbJihHO2BuUF+Vjoa SSeHLOPjv3MrJiD1mktyfts9AAXFao2MXcL4iba5+E45JIsMH7R9AxsJhZk8JHnd jbS/An2wn8MgBYp/NaOOeoFhhax1S5KZ/PghslKi+65FCY1JibR5A3C8nXZqOM64 O8yxqyqg2oLFXdQZzBTL9ExG4zyvfc5HQ5CWhu6a/ARuArQPxdpKKa8wMHkqqpEW CKcdWYZHkC+zXwIcQxHSrvjycj/pPYMhEeoTLZJbmC56OeGyraMiAyMnjnaI5lIA gXCU0BwhzhFbijggTHswg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeggdefvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepiefhvefggedtueekjefgieefgfduleeggeetff dvveeuueffudevhfeivddukeeinecuffhomhgrihhnpehsvggrrhgthhhfohigrdhorhhg pdhgnhhurdhorhhgpdgtohhnthgvnhhtrdhrvggrugdpmhhoiihilhhlrgdrohhrghdpgh gvthgrugguohhnshdrshgvrghrtghhpdhgvghtrgguughonhhsrdhlihhnkhdpghhithhh uhgsrdgtohhmpdhlihgsrhgvfiholhhfrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 1 Jul 2024 20:21:14 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v3 2/2] gnu: librewolf: Update to 127.0.2-1. Date: Mon, 1 Jul 2024 17:21:03 -0700 Message-ID: <20240702002103.9015-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240702002103.9015-1-ian@retrospec.tv> References: <20240702002103.9015-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 127.0.2-1. Reorganize module to improve usability and reduce duplication. The Rust package and build ID are now at the top of the file. The librewolf-source variable has been replaced with the make-librewolf-source procedure, centralizing versions & hashes in the librewolf package definition. Dedent some of the package’s arguments to improve readability. Change-Id: I15f8a2aa1fae07e0497ab5511d10af0c1f70cc2e --- gnu/packages/librewolf.scm | 1044 ++++++++++++++++++------------------ 1 file changed, 526 insertions(+), 518 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index c84bcaf3ce..a400080dcb 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -93,6 +93,18 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +;; Define the versions of rust needed to build librewolf, trying to match +;; upstream. See the file taskcluster/kinds/toolchain/rust.yml at +;; https://searchfox.org under the particular firefox release, like +;; mozilla-esr102. +;; 1.75 is the default in Guix, 1.77 is the minimum for Librewolf. +(define rust-librewolf rust-1.77) + +;; Update this id with every update to its release date. +;; It's used for cache validation and therefore can lead to strange bugs. +;; ex: date '+%Y%m%d%H%M%S' +(define %librewolf-build-id "20240626133423") + (define (firefox-source-origin version hash) (origin (method url-fetch) @@ -114,11 +126,14 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) - +(define* (make-librewolf-source version #:key firefox-hash librewolf-hash) + (let* ((ff-src (firefox-source-origin + (car (string-split version #\-)) + firefox-hash)) + (version version) + (lw-src (librewolf-source-origin + version + librewolf-hash))) (origin (method computed-origin-method) (file-name (string-append "librewolf-" version ".source.tar.gz")) @@ -162,11 +177,6 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) - ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. - (substitute* '("assets/patches.txt") - (("patches/encoding_rs.patch\\\n$") - "")) - ;; Stage locales. (begin (format #t "Staging locales...~%") @@ -204,523 +214,521 @@ (define librewolf-source ".source.tar.gz") #$output)))))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. - -;; Update this id with every update to its release date. -;; It's used for cache validation and therefore can lead to strange bugs. -;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") - (define-public librewolf - (package - (name "librewolf") - (version "126.0.1-1") - (source librewolf-source) - (build-system gnu-build-system) - (arguments - (list - #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))) - `("--enable-application=browser" - - ;; Configuration - "--without-wasm-sandboxed-libraries" - "--with-system-jpeg" - "--with-system-zlib" - "--with-system-png" - "--with-system-webp" - "--with-system-icu" - "--with-system-libvpx" - "--with-system-libevent" - "--with-system-ffi" - "--enable-system-pixman" - "--enable-jemalloc" - - ;; see https://bugs.gnu.org/32833 - "--with-system-nspr" - "--with-system-nss" - - ,(string-append "--with-clang-path=" clang - "/bin/clang") - ,(string-append "--with-libclang-path=" clang - "/lib") - - ;; Distribution - "--with-distribution-id=org.guix" - "--with-app-name=librewolf" - "--with-app-basename=LibreWolf" - "--with-branding=browser/branding/librewolf" - - ;; Features - "--disable-tests" - "--disable-updater" - "--enable-pulseaudio" - "--disable-crashreporter" - "--allow-addon-sideload" - "--with-unsigned-addon-scopes=app,system" - "--disable-eme" - - ;; Build details - "--disable-debug" - "--enable-rust-simd" - "--enable-release" - "--enable-optimize" - "--enable-strip" - "--enable-hardening" - "--disable-elf-hack")) - #:imported-modules %cargo-utils-modules - #:modules `((ice-9 regex) - (ice-9 string-fun) - (ice-9 ftw) - (srfi srfi-1) - (srfi srfi-26) - (rnrs bytevectors) - (rnrs io ports) - (guix elf) - (guix build gremlin) - ,@%gnu-build-system-modules) - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'fix-preferences - (lambda* (#:key inputs #:allow-other-keys) - (let ((port (open-file "browser/app/profile/firefox.js" - "a"))) - (define (write-setting key value) - (format port "~%pref(\"~a\", ~a);~%" key value) - (format #t + (let ((version "127.0.2-2")) + (package + (name "librewolf") + (version version) + (source (make-librewolf-source + version + #:firefox-hash + "1s73fdp7k60058ylyvlixq13k5hfbmj6k1y42fmzqlpg7n62lyqb" + #:librewolf-hash + "1f4xz496x1nf7lmvk50hakj9p6q0kzxl5f9s2k0b6kczvyc8gw5n")) + + (build-system gnu-build-system) + (arguments + (list + #:configure-flags + #~(let ((clang #$(this-package-native-input "clang"))) + `("--enable-application=browser" + + ;; Configuration + "--without-wasm-sandboxed-libraries" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-png" + "--with-system-webp" + "--with-system-icu" + "--with-system-libvpx" + "--with-system-libevent" + "--with-system-ffi" + "--enable-system-pixman" + "--enable-jemalloc" + + ;; see https://bugs.gnu.org/32833 + "--with-system-nspr" + "--with-system-nss" + + ,(string-append "--with-clang-path=" clang + "/bin/clang") + ,(string-append "--with-libclang-path=" clang + "/lib") + + ;; Distribution + "--with-distribution-id=org.guix" + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + + ;; Features + "--disable-tests" + "--disable-updater" + "--enable-pulseaudio" + "--disable-crashreporter" + "--allow-addon-sideload" + "--with-unsigned-addon-scopes=app,system" + "--disable-eme" + + ;; Build details + "--disable-debug" + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--enable-hardening" + "--disable-elf-hack")) + #:imported-modules %cargo-utils-modules + #:modules `((ice-9 regex) + (ice-9 string-fun) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-preferences + (lambda* (#:key inputs #:allow-other-keys) + (let ((port (open-file "browser/app/profile/firefox.js" + "a"))) + (define (write-setting key value) + (format port "~%pref(\"~a\", ~a);~%" key value) + (format #t "fix-preferences: setting value of ~a to ~a~%" key value)) - ;; We should allow the sandbox to read the store directory, - ;; because the sandbox has access to /usr on FHS distros. - (write-setting - "security.sandbox.content.read_path_whitelist" - (string-append "\"" - (%store-directory) "/\"")) - - ;; XDG settings should be managed by Guix. - (write-setting "browser.shell.checkDefaultBrowser" - "false") - (close-port port)))) - (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker - (lambda* (#:key inputs #:allow-other-keys) - (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) - (libavcodec (string-append ffmpeg - "/lib/libavcodec.so"))) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - libavcodec))))) - (add-after 'patch-source-shebangs 'patch-cargo-checksums - (lambda _ - (use-modules (guix build cargo-utils)) - (let ((null-hash - ;; This is the SHA256 output of an empty string. - (string-append - "e3b0c44298fc1c149afbf4c8996fb924" - "27ae41e4649b934ca495991b7852b855"))) - (for-each (lambda (file) - (format #t + ;; We should allow the sandbox to read the store directory, + ;; because the sandbox has access to /usr on FHS distros. + (write-setting + "security.sandbox.content.read_path_whitelist" + (string-append "\"" + (%store-directory) "/\"")) + + ;; XDG settings should be managed by Guix. + (write-setting "browser.shell.checkDefaultBrowser" + "false") + (close-port port)))) + (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg + "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + ;; This is the SHA256 output of an empty string. + (string-append + "e3b0c44298fc1c149afbf4c8996fb924" + "27ae41e4649b934ca495991b7852b855"))) + (for-each (lambda (file) + (format #t "patch-cargo-checksums: patching checksums in ~a~%" file) - (substitute* file - (("(checksum = )\".*\"" all name) - (string-append name "\"" null-hash - "\"")))) - (find-files "." "Cargo\\.lock$")) - (for-each generate-all-checksums - '("build" - "dom/media" - "dom/webauthn" - "gfx" - "intl" - "js" - "media" - "modules" - "mozglue/static/rust" - "netwerk" - "remote" - "security/manager/ssl" - "servo" - "storage" - "third_party/rust" - "toolkit" - "xpcom/rust" - "services"))))) - (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag - (lambda _ - ;; Remove --frozen flag from cargo invokation, otherwise it'll - ;; complain that it's not able to change Cargo.lock. - ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 - (substitute* "build/RunCbindgen.py" - (("args.append\\(\"--frozen\"\\)") "pass")))) - (delete 'bootstrap) - (add-before 'configure 'patch-SpeechDispatcherService.cpp - (lambda _ - (let* ((lib "libspeechd.so.2") - (file (string-append - "dom/media/webspeech/synth/" - "speechd/SpeechDispatcherService.cpp")) - (old-content (call-with-input-file file - get-string-all))) - (substitute - file - `((,(format #f "~s" lib) unquote - (lambda (line _) - (string-replace-substring - line lib - (string-append #$speech-dispatcher - "/lib/" lib)))))) - (if (string=? old-content - (call-with-input-file file - get-string-all)) - (error - "substitute did nothing, phase requires an update"))))) - (add-before 'configure 'set-build-id - ;; Build will write the timestamp to output, which is harmful - ;; for reproducibility, so change it to a fixed date. Use a - ;; separate phase for easier modification with inherit. - (lambda _ - (setenv "MOZ_BUILD_DATE" - #$%librewolf-build-id))) - (replace 'configure - (lambda* (#:key inputs outputs configure-flags - #:allow-other-keys) - (setenv "AUTOCONF" - (string-append (assoc-ref inputs "autoconf") - "/bin/autoconf")) - (setenv "SHELL" - (which "bash")) - (setenv "CONFIG_SHELL" - (which "bash")) - (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" - "system") - ;; This should use the host info probably (does it - ;; build on non-x86_64 though?) - (setenv "GUIX_PYTHONPATH" - (string-append (getcwd) - "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) - - ;; Use Clang, Clang is 2x faster than GCC - (setenv "AR" "llvm-ar") - (setenv "NM" "llvm-nm") - (setenv "CC" "clang") - (setenv "CXX" "clang++") - (setenv "MOZ_NOSPAM" "1") - (setenv "MOZ_APP_NAME" "librewolf") - - (setenv "MOZBUILD_STATE_PATH" - (getcwd)) - - (let* ((mozconfig (string-append (getcwd) "/mozconfig")) - (out (assoc-ref outputs "out")) - (flags (cons (string-append "--prefix=" out) - configure-flags))) - (format #t "build directory: ~s~%" - (getcwd)) - (format #t "configure flags: ~s~%" flags) - - (define write-flags - (lambda flags - (display (string-join (map (cut string-append - "ac_add_options " <>) - flags) "\n")) - (display "\n"))) - (with-output-to-file mozconfig - (lambda () - (apply write-flags flags) - ;; The following option unsets Telemetry - ;; Reporting. With the Addons Fiasco, - ;; Mozilla was found to be collecting - ;; user's data, including saved passwords - ;; and web form data, without users - ;; consent. Mozilla was also found - ;; shipping updates to systems without - ;; the user's knowledge or permission. - ;; As a result of this, use the following - ;; command to permanently disable - ;; telemetry reporting. - (display "unset MOZ_TELEMETRY_REPORTING\n") - (display "mk_add_options MOZ_CRASHREPORTER=0\n") - (display "mk_add_options MOZ_DATA_REPORTING=0\n") - (display - "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") - (display - "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) - (setenv "MOZCONFIG" mozconfig)) - (invoke "./mach" "configure"))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") - "gnuzilla.gnu.org")))) - (replace 'build - (lambda* (#:key (make-flags '()) - (parallel-build? #t) #:allow-other-keys) - (apply invoke "./mach" "build" - ;; mach will use parallel build if possible by default - `(,@(if parallel-build? - '() - '("-j1")) ,@make-flags)))) - (add-after 'build 'neutralise-store-references - (lambda _ - ;; Mangle the store references to compilers & - ;; other build tools in about:buildconfig, - ;; reducing the package's closure by 1 GiB on - ;; x86-64. - (let* ((build-dir (car (scandir "." - (cut string-prefix? - "obj-" <>)))) - (file (string-append build-dir - "/dist/bin/chrome/toolkit/" - "content/global/buildconfig.html"))) - (substitute* file - (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" - (regexp-quote (%store-directory))) - _ store hash) - (string-append store - (string-take hash 8) - "" - (string-drop hash 8))))))) - (replace 'install - (lambda _ - (invoke "./mach" "install"))) - (add-after 'install 'remove-duplicate-bin - (lambda* (#:key outputs #:allow-other-keys) - (delete-file (string-append #$output - "/lib/librewolf/librewolf-bin")))) - (add-after 'install 'wrap-glxtest - ;; glxtest uses dlopen() to load mesa and pci - ;; libs, wrap it to set LD_LIBRARY_PATH. - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "pciutils")))) - (wrap-program (car (find-files lib "^glxtest$")) - `("LD_LIBRARY_PATH" prefix ,libs))))) - (add-after 'install 'patch-config - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (string-append #$output "/lib/librewolf")) - (config-file "librewolf.cfg")) - - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (substitute* (in-vicinity lib config-file) - (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") - "defaultPref(\"extensions.enabledScopes\", 13)")) - ;; Use Mozzarella addons repo. - (call-with-port - (open-file - (in-vicinity lib config-file) - "a") - (lambda (port) - ;; Add-ons panel (see settings.js in Icecat source). - (for-each - (lambda (pref) - (format port - "defaultPref(~s, ~s);~%" - (car pref) - (cdr pref))) - `(("extensions.getAddons.search.browseURL" - ,(string-append - "https://gnuzilla.gnu.org/mozzarella/" - "search.php?q=%TERMS%")) - ("extensions.getAddons.get.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.link.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.discovery.api_url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.langpacks.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("lightweightThemes.getMoreURL" . - "https://gnuzilla.gnu.org/mozzarella")))))))) - (add-after 'install 'wrap-program - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; The following two functions are from Guix's icecat package in - ;; (gnu packages gnuzilla). See commit - ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath elf-dynamic-info - parse-elf get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) - "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "libpng-apng" "libnotify" "libva" - "pulseaudio" "gtk+" "pipewire" - ;; For U2F and WebAuthn - "eudev"))) - - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox - ;; and must be explicitly given access to files it needs. - ;; Rather than adding the whole store (as Nix had - ;; upstream do, see - ;; and - ;; linked upstream patches), we can just follow the - ;; runpaths of the needed libraries to add everything to - ;; LD_LIBRARY_PATH. These will then be accessible in the - ;; RDD sandbox. - (rdd-whitelist (map (cut string-append <> "/") - (delete-duplicates (append-map - runpaths-of-input - '("mesa" - "ffmpeg"))))) - (gtk-share (string-append (assoc-ref inputs - "gtk+") - "/share"))) - (wrap-program (car (find-files lib "^librewolf$")) - `("LD_LIBRARY_PATH" prefix - (,@libs ,@rdd-whitelist)) - `("XDG_DATA_DIRS" prefix - (,gtk-share)) - `("MOZ_LEGACY_PROFILES" = - ("1")) - `("MOZ_ALLOW_DOWNGRADE" = - ("1")))))) - (add-after 'wrap-program 'install-desktop-entry - (lambda* (#:key outputs #:allow-other-keys) - (let* ((desktop-file - "taskcluster/docker/firefox-snap/firefox.desktop") - (applications (string-append #$output - "/share/applications"))) - (substitute* desktop-file - (("^Exec=firefox") - (string-append "Exec=" - #$output "/bin/librewolf")) - ;; "Firefox" -> "LibreWolf" everywhere - (("Firefox") - "LibreWolf") - ;; Remove non-Latin translations. - (("^Name\\[(ar|bn)\\].*$") - "") - (("^Icon=.*") - (string-append "Icon=" - #$output - "/share/icons/hicolor/128x128/apps/librewolf.png + (substitute* file + (("(checksum = )\".*\"" all name) + (string-append name "\"" null-hash + "\"")))) + (find-files "." "Cargo\\.lock$")) + (for-each generate-all-checksums + '("build" + "dom/media" + "dom/webauthn" + "gfx" + "intl" + "js" + "media" + "modules" + "mozglue/static/rust" + "netwerk" + "remote" + "security/manager/ssl" + "servo" + "storage" + "third_party/rust" + "toolkit" + "xpcom/rust" + "services"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("args.append\\(\"--frozen\"\\)") "pass")))) + (delete 'bootstrap) + (add-before 'configure 'patch-SpeechDispatcherService.cpp + (lambda _ + (let* ((lib "libspeechd.so.2") + (file (string-append + "dom/media/webspeech/synth/" + "speechd/SpeechDispatcherService.cpp")) + (old-content (call-with-input-file file + get-string-all))) + (substitute + file + `((,(format #f "~s" lib) unquote + (lambda (line _) + (string-replace-substring + line lib + (string-append #$speech-dispatcher + "/lib/" lib)))))) + (if (string=? old-content + (call-with-input-file file + get-string-all)) + (error + "substitute did nothing, phase requires an update"))))) + (add-before 'configure 'set-build-id + ;; Build will write the timestamp to output, which is harmful + ;; for reproducibility, so change it to a fixed date. Use a + ;; separate phase for easier modification with inherit. + (lambda _ + (setenv "MOZ_BUILD_DATE" + #$%librewolf-build-id))) + (replace 'configure + (lambda* (#:key inputs outputs configure-flags + #:allow-other-keys) + (setenv "AUTOCONF" + (string-append (assoc-ref inputs "autoconf") + "/bin/autoconf")) + (setenv "SHELL" + (which "bash")) + (setenv "CONFIG_SHELL" + (which "bash")) + (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" + "system") + ;; This should use the host info probably (does it + ;; build on non-x86_64 though?) + (setenv "GUIX_PYTHONPATH" + (string-append (getcwd) + "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) + + ;; Use Clang, Clang is 2x faster than GCC + (setenv "AR" "llvm-ar") + (setenv "NM" "llvm-nm") + (setenv "CC" "clang") + (setenv "CXX" "clang++") + (setenv "MOZ_NOSPAM" "1") + (setenv "MOZ_APP_NAME" "librewolf") + + (setenv "MOZBUILD_STATE_PATH" + (getcwd)) + + (let* ((mozconfig (string-append (getcwd) "/mozconfig")) + (out (assoc-ref outputs "out")) + (flags (cons (string-append "--prefix=" out) + configure-flags))) + (format #t "build directory: ~s~%" + (getcwd)) + (format #t "configure flags: ~s~%" flags) + + (define write-flags + (lambda flags + (display (string-join (map (cut string-append + "ac_add_options " <>) + flags) "\n")) + (display "\n"))) + (with-output-to-file mozconfig + (lambda () + (apply write-flags flags) + ;; The following option unsets Telemetry + ;; Reporting. With the Addons Fiasco, + ;; Mozilla was found to be collecting + ;; user's data, including saved passwords + ;; and web form data, without users + ;; consent. Mozilla was also found + ;; shipping updates to systems without + ;; the user's knowledge or permission. + ;; As a result of this, use the following + ;; command to permanently disable + ;; telemetry reporting. + (display "unset MOZ_TELEMETRY_REPORTING\n") + (display "mk_add_options MOZ_CRASHREPORTER=0\n") + (display "mk_add_options MOZ_DATA_REPORTING=0\n") + (display + "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") + (display + "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) + (setenv "MOZCONFIG" mozconfig)) + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") + "gnuzilla.gnu.org")))) + (replace 'build + (lambda* (#:key (make-flags '()) + (parallel-build? #t) #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use parallel build if possible by default + `(,@(if parallel-build? + '() + '("-j1")) ,@make-flags)))) + (add-after 'build 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & + ;; other build tools in about:buildconfig, + ;; reducing the package's closure by 1 GiB on + ;; x86-64. + (let* ((build-dir (car (scandir "." + (cut string-prefix? + "obj-" <>)))) + (file (string-append build-dir + "/dist/bin/chrome/toolkit/" + "content/global/buildconfig.html"))) + (substitute* file + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) + _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda _ + (invoke "./mach" "install"))) + (add-after 'install 'remove-duplicate-bin + (lambda* (#:key outputs #:allow-other-keys) + (delete-file (string-append #$output + "/lib/librewolf/librewolf-bin")))) + (add-after 'install 'wrap-glxtest + ;; glxtest uses dlopen() to load mesa and pci + ;; libs, wrap it to set LD_LIBRARY_PATH. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "pciutils")))) + (wrap-program (car (find-files lib "^glxtest$")) + `("LD_LIBRARY_PATH" prefix ,libs))))) + (add-after 'install 'patch-config + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/librewolf")) + (config-file "librewolf.cfg")) + + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (substitute* (in-vicinity lib config-file) + (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") + "defaultPref(\"extensions.enabledScopes\", 13)")) + ;; Use Mozzarella addons repo. + (call-with-port + (open-file + (in-vicinity lib config-file) + "a") + (lambda (port) + ;; Add-ons panel (see settings.js in Icecat source). + (for-each + (lambda (pref) + (format port + "defaultPref(~s, ~s);~%" + (car pref) + (cdr pref))) + `(("extensions.getAddons.search.browseURL" + ,(string-append + "https://gnuzilla.gnu.org/mozzarella/" + "search.php?q=%TERMS%")) + ("extensions.getAddons.get.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.link.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.discovery.api_url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.langpacks.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("lightweightThemes.getMoreURL" . + "https://gnuzilla.gnu.org/mozzarella")))))))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; The following two functions are from Guix's icecat package in + ;; (gnu packages gnuzilla). See commit + ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath elf-dynamic-info + parse-elf get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) + "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "libpng-apng" "libnotify" "libva" + "pulseaudio" "gtk+" "pipewire" + ;; For U2F and WebAuthn + "eudev"))) + + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) + (gtk-share (string-append (assoc-ref inputs + "gtk+") + "/share"))) + (wrap-program (car (find-files lib "^librewolf$")) + `("LD_LIBRARY_PATH" prefix + (,@libs ,@rdd-whitelist)) + `("XDG_DATA_DIRS" prefix + (,gtk-share)) + `("MOZ_LEGACY_PROFILES" = + ("1")) + `("MOZ_ALLOW_DOWNGRADE" = + ("1")))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda* (#:key outputs #:allow-other-keys) + (let* ((desktop-file + "taskcluster/docker/firefox-snap/firefox.desktop") + (applications (string-append #$output + "/share/applications"))) + (substitute* desktop-file + (("^Exec=firefox") + (string-append "Exec=" + #$output "/bin/librewolf")) + ;; "Firefox" -> "LibreWolf" everywhere + (("Firefox") + "LibreWolf") + ;; Remove non-Latin translations. + (("^Name\\[(ar|bn)\\].*$") + "") + (("^Icon=.*") + (string-append "Icon=" + #$output + "/share/icons/hicolor/128x128/apps/librewolf.png ")) - ;; These commands were changed. - (("-NewWindow") - "-new-window") - (("-NewPrivateWindow") - "-new-private-window") - (("StartupNotify=true") - "StartupNotify=true + ;; These commands were changed. + (("-NewWindow") + "-new-window") + (("-NewPrivateWindow") + "-new-private-window") + (("StartupNotify=true") + "StartupNotify=true StartupWMClass=Navigator")) - (copy-file desktop-file "librewolf.desktop") - (install-file "librewolf.desktop" applications)))) - (add-after 'install-desktop-entry 'install-icons - (lambda* (#:key outputs #:allow-other-keys) - (let ((icon-source-dir (string-append #$output - "/lib/librewolf/browser/" - "chrome/icons/default"))) - (for-each (lambda (size) - (let ((dest (string-append #$output - "/share/icons/hicolor/" - size - "x" - size - "/apps"))) - (mkdir-p dest) - (symlink (string-append icon-source-dir - "/default" size ".png") - (string-append dest - "/librewolf.png")))) - '("16" "32" "48" "64" "128")))))) - - ;; Test will significantly increase build time but with little rewards. - #:tests? #f - - ;; WARNING: Parallel build will consume lots of memory! - ;; If you have encountered OOM issue in build phase, try disable it. - #:parallel-build? #t - - ;; Some dynamic lib was determined at runtime, so rpath check may fail. - #:validate-runpath? #f)) - (inputs (list bash-minimal - bzip2 - cairo - cups - dbus-glib - freetype - ffmpeg - gdk-pixbuf - glib - gtk+ - gtk+-2 - hunspell - icu4c-73 - jemalloc - libcanberra - libevent - libffi - libgnome - libjpeg-turbo - libnotify - libpng-apng - libva - libvpx - libwebp - libxcomposite - libxft - libxinerama - libxscrnsaver - libxt - mesa - mit-krb5 - nspr - nss/fixed - pango - pciutils - pipewire - pixman - pulseaudio - speech-dispatcher - sqlite - startup-notification - eudev - unzip - zip - zlib)) - (native-inputs (list alsa-lib - autoconf-2.13 - `(,rust-librewolf "cargo") - clang-18 - llvm-18 - m4 - nasm - node-lts - perl - pkg-config - python - rust-librewolf - rust-cbindgen-0.26 - which - yasm)) - (home-page "https://librewolf.net/") - (synopsis - "Custom version of Firefox, focused on privacy, security and freedom") - (description - "LibreWolf is designed to increase protection against tracking and + (copy-file desktop-file "librewolf.desktop") + (install-file "librewolf.desktop" applications)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let ((icon-source-dir (string-append #$output + "/lib/librewolf/browser/" + "chrome/icons/default"))) + (for-each (lambda (size) + (let ((dest (string-append #$output + "/share/icons/hicolor/" + size + "x" + size + "/apps"))) + (mkdir-p dest) + (symlink (string-append icon-source-dir + "/default" size ".png") + (string-append dest + "/librewolf.png")))) + '("16" "32" "48" "64" "128")))))) + + ;; Test will significantly increase build time but with little rewards. + #:tests? #f + + ;; WARNING: Parallel build will consume lots of memory! + ;; If you have encountered OOM issue in build phase, try disable it. + #:parallel-build? #t + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f)) + (inputs (list bash-minimal + bzip2 + cairo + cups + dbus-glib + freetype + ffmpeg + gdk-pixbuf + glib + gtk+ + gtk+-2 + hunspell + icu4c-73 + jemalloc + libcanberra + libevent + libffi + libgnome + libjpeg-turbo + libnotify + libpng-apng + libva + libvpx + libwebp + libxcomposite + libxft + libxinerama + libxscrnsaver + libxt + mesa + mit-krb5 + nspr + nss-latest + pango + pciutils + pipewire + pixman + pulseaudio + speech-dispatcher + sqlite + startup-notification + eudev + unzip + zip + zlib)) + (native-inputs (list alsa-lib + autoconf-2.13 + `(,rust-librewolf "cargo") + clang-18 + llvm-18 + m4 + nasm + node-lts + perl + pkg-config + python + rust-librewolf + rust-cbindgen-0.26 + which + yasm)) + (home-page "https://librewolf.net/") + (synopsis + "Custom version of Firefox, focused on privacy, security and freedom") + (description + "LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.") - (license license:mpl2.0))) + (license license:mpl2.0)))) -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 08 04:56:19 2024 Received: (at 71832) by debbugs.gnu.org; 8 Jul 2024 08:56:19 +0000 Received: from localhost ([127.0.0.1]:49642 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sQkAV-0007qa-3e for submit@debbugs.gnu.org; Mon, 08 Jul 2024 04:56:19 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:59350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sQkAS-0007qI-AG; Mon, 08 Jul 2024 04:56:17 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 3826B80F; Mon, 8 Jul 2024 10:55:35 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAkPFncnelyi; Mon, 8 Jul 2024 10:55:34 +0200 (CEST) Received: from jurong (unknown [IPv6:2001:861:c4:f2f0::c64]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 9818926F; Mon, 8 Jul 2024 10:55:34 +0200 (CEST) Date: Mon, 8 Jul 2024 10:55:33 +0200 From: Andreas Enge To: 71882-done@debbugs.gnu.org, 71832@debbugs.gnu.org Subject: Closing one bug Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 71832 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, I have pushed the patch of #71882 to fix the build on non-x86 architectures. I could still build on x86_64, but could still not build on aarch64; but the latter failure is probably due to a lack of memory (the configure phase passes now, but the build fails later on with a SIGKILL). As this means that the librewolf update of #71832 needs to be rebased, I am cc-ing this bug. Andreas From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 16 23:06:45 2024 Received: (at 71832) by debbugs.gnu.org; 17 Jul 2024 03:06:45 +0000 Received: from localhost ([127.0.0.1]:34776 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv09-0007pZ-5r for submit@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:45 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:60083) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv05-0007p5-8B for 71832@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:43 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.nyi.internal (Postfix) with ESMTP id AB7E81148082; Tue, 16 Jul 2024 23:06:32 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 16 Jul 2024 23:06:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1721185592; x=1721271992; bh=NW FPVFUQECYBzkyyQdSl5goY+4mLE64LsrHx/7mzFHU=; b=xdnLzYMC8p1/K7BBT/ u21GUeLTYhBfc32AFAULUeKZUjLvpWNhdq97YIrALYOrVs50Xp0UyNc/H3K63WW4 0sJpLmh+skqNz3w+NyFu0+qqmqVtKS7+2SQ/z9lfGPE/p5+Dq0ug73VqtdX+5aHU elz2DCaFcGRUDiM4URB3q4/2YU8Xyk1PLZmC9C/QiInun3GQAWild2NSdvVHZlxU vee2ZhPWgvQuKPZ2CR7/tHDG7u2Sp4lgddlehZ1VglKsjT01Y+j5lapLT54htX5j 0y0VbANnD2iTL2YZcS7NdHGTP3QvbuKgt3UWdtohA6h9+J0m+tUgrOcUiJ8T4Pl1 t7Aw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1721185592; x=1721271992; bh=NWFPVFUQECYBz kyyQdSl5goY+4mLE64LsrHx/7mzFHU=; b=sXc3kMkjEaWX6qNy8SgzK2YQa/Fiy d5XTMIFptTAffvfOfWR0E+qlZBWiUZQmt3wZFFyB+qVv84OguSDLLwGk8ogCXyzc hKuPKlPWzQJgYeUM1/cr9qtSQ/2aOtZhF0aKHmeGf2eD7MbaWVlFJ5xq48SA3Hzi 2EjbGNh/N7G9wBIDd+vrVF1qylz4uI7ihrJo9aaMbCNwBW+boJ+o9j3kLjLUvxtX 6ybN7yLXWnQh5uCRzeswKx3RZgcJLby5Tpw0gkCM7OV3JljEYMonE5AA7CB0BrMN dEXsEbDvMHmk7TqFf4HJQDhelRhy5cJztAScjcY1zWZ2hEjNWiWLY6H1A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeehgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhepgfeukeffjedugfdvveetleetiedtueduudffhfeuhf eihfejteeuhffgteetvdetnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 16 Jul 2024 23:06:30 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v4 0/3] Add nss-rapid; update Librewolf to 128.0-2 Date: Tue, 16 Jul 2024 20:06:16 -0700 Message-ID: <20240717030619.26631-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) # vs. v3 of these patches, this series: - Rebases to integrate #71832. - Update Librewolf to 128.0-2, the current version. - Update nss-rapid to 3.102, the current rapid release version. - Add the skr locale, needed by Firefox 128.x, which is Librewolf’s upstream. Ian Eure (3): gnu: Add nss-rapid. gnu: gnuzilla: Add skr to all-mozilla-locales. gnu: librewolf: Update to 128.0-2 gnu/packages/gnuzilla.scm | 1 + gnu/packages/librewolf.scm | 1049 ++++++++++++++++++------------------ gnu/packages/nss.scm | 80 ++- 3 files changed, 603 insertions(+), 527 deletions(-) -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 16 23:06:46 2024 Received: (at 71832) by debbugs.gnu.org; 17 Jul 2024 03:06:46 +0000 Received: from localhost ([127.0.0.1]:34778 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv09-0007pc-GK for submit@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:46 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:49427) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv06-0007p8-Ou for 71832@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:44 -0400 Received: from compute8.internal (compute8.nyi.internal [10.202.2.227]) by mailfout.nyi.internal (Postfix) with ESMTP id 9E7471388BF2; Tue, 16 Jul 2024 23:06:34 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute8.internal (MEProxy); Tue, 16 Jul 2024 23:06:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1721185594; x= 1721271994; bh=32gTw2qpZBuTpDtOIJBcpq9GV+yisc2O5jgrLr3Dqmk=; b=o vdWwIdS4RKdxfxYTyzblxfpd+z73WJtUeRnPBwX9MeWFObhtq+li6a0wf3vsCl47 UH373sA9KlrdALJQb8E6XrLL1xzuO9xq/xTQMhCmfqzOWJQWBLcH7rh672ASXu+A jEFCXk3yxPVTapIdNmG95MXhTrGoHowxAKljotwJR3yOfw3wwn0nl+6GdS1E0gqF fHzYnnfWnvJDe2Yq6Ine8BJv2zWbzRpvPbRWWTL/kUKrGidhfiju9vBam+TbWK7x vs6+yZ87yn7lpj6sz562xnEKbjELyJscymrBru2BrqDhG5IbTbwBjvQntTEA2WLS RDQUjAAei+aewlGfUliyw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1721185594; x= 1721271994; bh=32gTw2qpZBuTpDtOIJBcpq9GV+yisc2O5jgrLr3Dqmk=; b=K BiYPNzWC6xdYNjknor+TTdMu2QpwqLsD9jtewzDqnAHv9X8MT4usl0i2TwjS2DjQ cgnC6GwBQnB00yyFb5neYXaLHRGZvIiCHVIrXuGxSO/UhtkUOPdvOuAsu7ReV4b1 p8p95wSjKf0CSParaobHb9VUKS1EC4LaMIb4FaGk/Lg+8CvhfaODtHJ7sq7aWdP9 Dd+kwN5cZt+P/DxjwHkH7bev0HCjJYz8Fqmw0uZ/ByHg1Y+XKq/Tlww4/ex79Xi/ 6vI5WnW17DJcG1KzElcu6br4HDBv09srMrdA23ksfYxwjsISjS3YLqsBBBY7SddA JqpJ+RTc/gQYx27GwRUxw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeehgdeikecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejleeiieevgeegleegieevjeekfe evledugfehteetgfeuffevhfenucffohhmrghinhepmhhoiihilhhlrgdrohhrghenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvg htrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 16 Jul 2024 23:06:32 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v4 1/3] gnu: Add nss-rapid. Date: Tue, 16 Jul 2024 20:06:17 -0700 Message-ID: <20240717030619.26631-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717030619.26631-1-ian@retrospec.tv> References: <20240717030619.26631-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 80 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index d558079f44..33ebabc829 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.102") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "0yrhrgk6050ilnmhpxpknlkpqh56rizp7pmw9yiiinsn93r076y2")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 16 23:06:49 2024 Received: (at 71832) by debbugs.gnu.org; 17 Jul 2024 03:06:50 +0000 Received: from localhost ([127.0.0.1]:34783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv0D-0007pw-D3 for submit@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:49 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:33735) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv08-0007pA-Fz for 71832@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:44 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id 6AE2C1388BBF; Tue, 16 Jul 2024 23:06:36 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 16 Jul 2024 23:06:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1721185596; x= 1721271996; bh=3tkduaXMWRdzQeeeeXA7Wtyw1cnF40lifR2tCrRdizE=; b=N chP0HVFa8KtUpn7FehygAYjIpLlVpoYjqsy0YY8qmdoCqK4RqtI4irhEFH58YkFr vReCX8U7rtDXumQcqba2wyJQkspioqjDz6v+Mc/9wSnrHGbhlP8K2zIGbRJiFaaQ w+N3TnSWAkG90HXcI2+qdIEGFuBVAge5Wms+6ACwyEx1sxft1hJhnMLbXP6mF5ss BjZvmVt8wQeMODJYJK/iCbwXb4U9Blde/Lp3HryEKKh2f+4+v7gCQJ5f+U/W1GdV 8mcExAELAZg4Dtpa1NY7iaCzo3Zr11IyvbIYxg2ngLzd8m2F5AjtiMJXVaOkqDYY IXZPIfsBgTQreY5RTwU7w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1721185596; x= 1721271996; bh=3tkduaXMWRdzQeeeeXA7Wtyw1cnF40lifR2tCrRdizE=; b=t J9c8tmTX38+6t1IqWZ5S4KDDtXPt3opD26hz1hsOMu1Nj1I8fc7h3cm1FB6NXeAM iolOh+uKIwTejRpjl/PjEzDDjpXqp37OuIadG9FYV6NCFxThEh2rksBoZKWcE0jc YvpcYxpIBKAFnjq5LKvm5jUM75GfF1g2nVfF9BWWUIi1JolHlSLg7Fx9Mkd3pQw7 KHecCR9UV3snaalAr9A8EoouDHSDx9vkbCXpiMcBsp/E1fijE8gjqc67UoFeL9ZB 0T7EqY/efv/AxS8D+L/j+WyDYtfjkchi016Fgn05wKI7jGjDXSCMllA+LAoKfidg tRvzwmpLDXFUnDZdjy6xQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeehgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpeevveejffduvdetieeutefgueekvdefieeuvdevle efgefhudelfeetvdfgfeegjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 16 Jul 2024 23:06:34 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v4 2/3] gnu: gnuzilla: Add skr to all-mozilla-locales. Date: Tue, 16 Jul 2024 20:06:18 -0700 Message-ID: <20240717030619.26631-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717030619.26631-1-ian@retrospec.tv> References: <20240717030619.26631-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * (gnuzilla): Add skr to all-mozilla-locales. Change-Id: If996048792a53dffb55b7e16e69370dd72fc78e3 --- gnu/packages/gnuzilla.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 3e7818ba43..98dd67a5dd 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -508,6 +508,7 @@ (define-public all-mozilla-locales ("0xndsph4v725q3xcpmxxjb9vxv19sssqnng82m9215cdsv9klgpb" "bf5f6e362f6f" "sco") ("0l70n8817mbmbc09fsnn2aqjj9k9dhad2gmzgphmiilf9mqm2dpf" "1f705c926a99" "si") ("19bqjazazww08chd1qc08dsnr2521088jq5jd4j3185yb1ypm3nr" "c1bd10d70325" "sk") + ("12q1nv6z4bk8yaw3vhl9xs41i7kpx1415mwg635v76fx8h94ycl3" "00eaf8d9e83b" "skr") ("11nmjmy2j249588ahg4mh9lxdqr476jbh28a07qxxibfa76j9vk3" "44be3cbf69b6" "sl") ("1ww35141nixg2s03kfmmq9fk6m3qiz2vg7p5a85shjp7i89pyj1d" "800576ff8ef9" "son") ("1q7nfybwc8mxdwi9fpvfhayq18mykzygkpakr5ngfz2316k8lf5r" "4de8638ac27f" "sq") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 16 23:06:54 2024 Received: (at 71832) by debbugs.gnu.org; 17 Jul 2024 03:06:55 +0000 Received: from localhost ([127.0.0.1]:34785 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv0H-0007qB-06 for submit@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:54 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:42601) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sTv09-0007pC-Ug for 71832@debbugs.gnu.org; Tue, 16 Jul 2024 23:06:49 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.nyi.internal (Postfix) with ESMTP id D98FC1388BE8; Tue, 16 Jul 2024 23:06:37 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 16 Jul 2024 23:06:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1721185597; x=1721271997; bh=bDdTnFZzAmUfWuQ+SYr4i3NpVQwy16mP46UVccJ35BA=; b= LpUJsA7dX6l4dGWLkWckchodFs1T0b6M+o0PevcapiMuLDdtzzCqw2e05kqkTHLr WnvvHTGZITtv3w68FyfFJX7vIMqCnznlEqnz5hj+jj6VSMNFkYIGKo3H9mdieB0t J0AQZC/nE+lqh97TQmjtQa6VTdW5OOVkbi6jB//9vrj1Vbd6krYhSrWdz1QzUakR WdiugcEoyK6ia4gob3sBRykIuboiFmVHA5TUBdLewI3B6LJ8BAUf2iM61BTsBopT VydVzTcyh4CnudVJlXVaBC4+RbwKHxjl9V2gaGwPzONto1Y+XEgqwJ8pP3Q48tEi qNGTdZcRtyOe0jPBtEy4tA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1721185597; x= 1721271997; bh=bDdTnFZzAmUfWuQ+SYr4i3NpVQwy16mP46UVccJ35BA=; b=L BgtGQIorrntwoWb5kIc/Nb4DGUFuqCG5NytnIoCRMcRHaaQUN5DKv2dVaQ3Fhp8d yCCGj+fJifzT3/MSk6vYahk1DQIB8zXm07NPI1k+fsDbdexe1c4pJ/BjoRWwrHZ6 IifUdAdLiGDKmT+RnFRcxFNAl0sdoZ4tih7ydxsKpmFaUmdkoRuWgpjMDwiTSfu1 ooz5dUluZ/e5tRMnTSUdZUaSBePEkv1EZm6hCGRQP59/JWlgMJ5ysoU/GLt21yl8 A5kxRzrKDn9T/TgMyPbtZhwuxpznCMpOtO1y76yds2V4Ep+vnVaErlED3sXQXEL7 /g1eGcDM6L1gRzXYRyR5A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeehgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepiefhvefggedtueekjefgieefgfduleeggeetff dvveeuueffudevhfeivddukeeinecuffhomhgrihhnpehsvggrrhgthhhfohigrdhorhhg pdhgnhhurdhorhhgpdgtohhnthgvnhhtrdhrvggrugdpmhhoiihilhhlrgdrohhrghdpgh gvthgrugguohhnshdrshgvrghrtghhpdhgvghtrgguughonhhsrdhlihhnkhdpghhithhh uhgsrdgtohhmpdhlihgsrhgvfiholhhfrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 16 Jul 2024 23:06:36 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v4 3/3] gnu: librewolf: Update to 128.0-2 Date: Tue, 16 Jul 2024 20:06:19 -0700 Message-ID: <20240717030619.26631-4-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717030619.26631-1-ian@retrospec.tv> References: <20240717030619.26631-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 128.0-2. Reorganize module to improve usability and reduce duplication. The Rust package and build ID are now at the top of the file. The librewolf-source variable has been replaced with the make-librewolf-source procedure, centralizing versions & hashes in the librewolf package definition. Dedent some of the package’s arguments to improve readability. Change-Id: I15f8a2aa1fae07e0497ab5511d10af0c1f70cc2e Change-Id: I6282c62937d7f59c0d0e5521c8d35f35df58982b --- gnu/packages/librewolf.scm | 1049 ++++++++++++++++++------------------ 1 file changed, 528 insertions(+), 521 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 3e46477724..5e5988860a 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -94,6 +94,18 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +;; Define the versions of rust needed to build librewolf, trying to match +;; upstream. See the file taskcluster/kinds/toolchain/rust.yml at +;; https://searchfox.org under the particular firefox release, like +;; mozilla-esr102. +;; 1.75 is the default in Guix, 1.77 is the minimum for Librewolf. +(define rust-librewolf rust-1.77) + +;; Update this id with every update to its release date. +;; It's used for cache validation and therefore can lead to strange bugs. +;; ex: date '+%Y%m%d%H%M%S' +(define %librewolf-build-id "20240626133423") + (define (firefox-source-origin version hash) (origin (method url-fetch) @@ -115,11 +127,14 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) - +(define* (make-librewolf-source version #:key firefox-hash librewolf-hash) + (let* ((ff-src (firefox-source-origin + (car (string-split version #\-)) + firefox-hash)) + (version version) + (lw-src (librewolf-source-origin + version + librewolf-hash))) (origin (method computed-origin-method) (file-name (string-append "librewolf-" version ".source.tar.gz")) @@ -163,11 +178,6 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) - ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. - (substitute* '("assets/patches.txt") - (("patches/encoding_rs.patch\\\n$") - "")) - ;; Stage locales. (begin (format #t "Staging locales...~%") @@ -205,526 +215,523 @@ (define librewolf-source ".source.tar.gz") #$output)))))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. - -;; Update this id with every update to its release date. -;; It's used for cache validation and therefore can lead to strange bugs. -;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") - (define-public librewolf - (package - (name "librewolf") - (version "126.0.1-1") - (source librewolf-source) - (build-system gnu-build-system) - (arguments - (list - #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))) - `("--enable-application=browser" - - ;; Configuration - "--without-wasm-sandboxed-libraries" - "--with-system-jpeg" - "--with-system-zlib" - "--with-system-png" - "--with-system-webp" - "--with-system-icu" - "--with-system-libvpx" - "--with-system-libevent" - "--with-system-ffi" - "--enable-system-pixman" - "--enable-jemalloc" - - ;; see https://bugs.gnu.org/32833 - "--with-system-nspr" - "--with-system-nss" - - ,(string-append "--with-clang-path=" clang - "/bin/clang") - ,(string-append "--with-libclang-path=" clang - "/lib") - - ;; Distribution - "--with-distribution-id=org.guix" - "--with-app-name=librewolf" - "--with-app-basename=LibreWolf" - "--with-branding=browser/branding/librewolf" - - ;; Features - "--disable-tests" - "--disable-updater" - "--enable-pulseaudio" - "--disable-crashreporter" - "--allow-addon-sideload" - "--with-unsigned-addon-scopes=app,system" - - ;; switch only available on x86, whereas EME - ;; is not supported on other targets - ,@(if #$(target-x86?) '("--disable-eme") '()) - - ;; Build details - "--disable-debug" - "--enable-rust-simd" - "--enable-release" - "--enable-optimize" - "--enable-strip" - "--enable-hardening" - "--disable-elf-hack")) - #:imported-modules %cargo-utils-modules - #:modules `((ice-9 regex) - (ice-9 string-fun) - (ice-9 ftw) - (srfi srfi-1) - (srfi srfi-26) - (rnrs bytevectors) - (rnrs io ports) - (guix elf) - (guix build gremlin) - ,@%gnu-build-system-modules) - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'fix-preferences - (lambda* (#:key inputs #:allow-other-keys) - (let ((port (open-file "browser/app/profile/firefox.js" - "a"))) - (define (write-setting key value) - (format port "~%pref(\"~a\", ~a);~%" key value) - (format #t + (let ((version "128.0-2")) + (package + (name "librewolf") + (version version) + (source (make-librewolf-source + version + #:firefox-hash + "0wjiz7pahsqj7ibkyq9gggigq1hg983z50d0cbhs2pi3zgz1y9v5" + #:librewolf-hash + "0239m5r5nfn291slpxh1qhj3g3q2pskyp967ahvn7nbsqlvjyhag")) + + (build-system gnu-build-system) + (arguments + (list + #:configure-flags + #~(let ((clang #$(this-package-native-input "clang"))) + `("--enable-application=browser" + + ;; Configuration + "--without-wasm-sandboxed-libraries" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-png" + "--with-system-webp" + "--with-system-icu" + "--with-system-libvpx" + "--with-system-libevent" + "--with-system-ffi" + "--enable-system-pixman" + "--enable-jemalloc" + + ;; see https://bugs.gnu.org/32833 + "--with-system-nspr" + "--with-system-nss" + + ,(string-append "--with-clang-path=" clang + "/bin/clang") + ,(string-append "--with-libclang-path=" clang + "/lib") + + ;; Distribution + "--with-distribution-id=org.guix" + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + + ;; Features + "--disable-tests" + "--disable-updater" + "--enable-pulseaudio" + "--disable-crashreporter" + "--allow-addon-sideload" + "--with-unsigned-addon-scopes=app,system" + ;; switch only available on x86, whereas EME + ;; is not supported on other targets + ,@(if #$(target-x86?) '("--disable-eme") '()) + + ;; Build details + "--disable-debug" + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--enable-hardening" + "--disable-elf-hack")) + #:imported-modules %cargo-utils-modules + #:modules `((ice-9 regex) + (ice-9 string-fun) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-preferences + (lambda* (#:key inputs #:allow-other-keys) + (let ((port (open-file "browser/app/profile/firefox.js" + "a"))) + (define (write-setting key value) + (format port "~%pref(\"~a\", ~a);~%" key value) + (format #t "fix-preferences: setting value of ~a to ~a~%" key value)) - ;; We should allow the sandbox to read the store directory, - ;; because the sandbox has access to /usr on FHS distros. - (write-setting - "security.sandbox.content.read_path_whitelist" - (string-append "\"" - (%store-directory) "/\"")) - - ;; XDG settings should be managed by Guix. - (write-setting "browser.shell.checkDefaultBrowser" - "false") - (close-port port)))) - (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker - (lambda* (#:key inputs #:allow-other-keys) - (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) - (libavcodec (string-append ffmpeg - "/lib/libavcodec.so"))) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - libavcodec))))) - (add-after 'patch-source-shebangs 'patch-cargo-checksums - (lambda _ - (use-modules (guix build cargo-utils)) - (let ((null-hash - ;; This is the SHA256 output of an empty string. - (string-append - "e3b0c44298fc1c149afbf4c8996fb924" - "27ae41e4649b934ca495991b7852b855"))) - (for-each (lambda (file) - (format #t + ;; We should allow the sandbox to read the store directory, + ;; because the sandbox has access to /usr on FHS distros. + (write-setting + "security.sandbox.content.read_path_whitelist" + (string-append "\"" + (%store-directory) "/\"")) + + ;; XDG settings should be managed by Guix. + (write-setting "browser.shell.checkDefaultBrowser" + "false") + (close-port port)))) + (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg + "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + ;; This is the SHA256 output of an empty string. + (string-append + "e3b0c44298fc1c149afbf4c8996fb924" + "27ae41e4649b934ca495991b7852b855"))) + (for-each (lambda (file) + (format #t "patch-cargo-checksums: patching checksums in ~a~%" file) - (substitute* file - (("(checksum = )\".*\"" all name) - (string-append name "\"" null-hash - "\"")))) - (find-files "." "Cargo\\.lock$")) - (for-each generate-all-checksums - '("build" - "dom/media" - "dom/webauthn" - "gfx" - "intl" - "js" - "media" - "modules" - "mozglue/static/rust" - "netwerk" - "remote" - "security/manager/ssl" - "servo" - "storage" - "third_party/rust" - "toolkit" - "xpcom/rust" - "services"))))) - (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag - (lambda _ - ;; Remove --frozen flag from cargo invokation, otherwise it'll - ;; complain that it's not able to change Cargo.lock. - ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 - (substitute* "build/RunCbindgen.py" - (("args.append\\(\"--frozen\"\\)") "pass")))) - (delete 'bootstrap) - (add-before 'configure 'patch-SpeechDispatcherService.cpp - (lambda _ - (let* ((lib "libspeechd.so.2") - (file (string-append - "dom/media/webspeech/synth/" - "speechd/SpeechDispatcherService.cpp")) - (old-content (call-with-input-file file - get-string-all))) - (substitute - file - `((,(format #f "~s" lib) unquote - (lambda (line _) - (string-replace-substring - line lib - (string-append #$speech-dispatcher - "/lib/" lib)))))) - (if (string=? old-content - (call-with-input-file file - get-string-all)) - (error - "substitute did nothing, phase requires an update"))))) - (add-before 'configure 'set-build-id - ;; Build will write the timestamp to output, which is harmful - ;; for reproducibility, so change it to a fixed date. Use a - ;; separate phase for easier modification with inherit. - (lambda _ - (setenv "MOZ_BUILD_DATE" - #$%librewolf-build-id))) - (replace 'configure - (lambda* (#:key inputs outputs configure-flags - #:allow-other-keys) - (setenv "AUTOCONF" - (string-append (assoc-ref inputs "autoconf") - "/bin/autoconf")) - (setenv "SHELL" - (which "bash")) - (setenv "CONFIG_SHELL" - (which "bash")) - (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" - "system") - ;; This should use the host info probably (does it - ;; build on non-x86_64 though?) - (setenv "GUIX_PYTHONPATH" - (string-append (getcwd) - "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) - - ;; Use Clang, Clang is 2x faster than GCC - (setenv "AR" "llvm-ar") - (setenv "NM" "llvm-nm") - (setenv "CC" "clang") - (setenv "CXX" "clang++") - (setenv "MOZ_NOSPAM" "1") - (setenv "MOZ_APP_NAME" "librewolf") - - (setenv "MOZBUILD_STATE_PATH" - (getcwd)) - - (let* ((mozconfig (string-append (getcwd) "/mozconfig")) - (out (assoc-ref outputs "out")) - (flags (cons (string-append "--prefix=" out) - configure-flags))) - (format #t "build directory: ~s~%" - (getcwd)) - (format #t "configure flags: ~s~%" flags) - - (define write-flags - (lambda flags - (display (string-join (map (cut string-append - "ac_add_options " <>) - flags) "\n")) - (display "\n"))) - (with-output-to-file mozconfig - (lambda () - (apply write-flags flags) - ;; The following option unsets Telemetry - ;; Reporting. With the Addons Fiasco, - ;; Mozilla was found to be collecting - ;; user's data, including saved passwords - ;; and web form data, without users - ;; consent. Mozilla was also found - ;; shipping updates to systems without - ;; the user's knowledge or permission. - ;; As a result of this, use the following - ;; command to permanently disable - ;; telemetry reporting. - (display "unset MOZ_TELEMETRY_REPORTING\n") - (display "mk_add_options MOZ_CRASHREPORTER=0\n") - (display "mk_add_options MOZ_DATA_REPORTING=0\n") - (display - "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") - (display - "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) - (setenv "MOZCONFIG" mozconfig)) - (invoke "./mach" "configure"))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") - "gnuzilla.gnu.org")))) - (replace 'build - (lambda* (#:key (make-flags '()) - (parallel-build? #t) #:allow-other-keys) - (apply invoke "./mach" "build" - ;; mach will use parallel build if possible by default - `(,@(if parallel-build? - '() - '("-j1")) ,@make-flags)))) - (add-after 'build 'neutralise-store-references - (lambda _ - ;; Mangle the store references to compilers & - ;; other build tools in about:buildconfig, - ;; reducing the package's closure by 1 GiB on - ;; x86-64. - (let* ((build-dir (car (scandir "." - (cut string-prefix? - "obj-" <>)))) - (file (string-append build-dir - "/dist/bin/chrome/toolkit/" - "content/global/buildconfig.html"))) - (substitute* file - (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" - (regexp-quote (%store-directory))) - _ store hash) - (string-append store - (string-take hash 8) - "" - (string-drop hash 8))))))) - (replace 'install - (lambda _ - (invoke "./mach" "install"))) - (add-after 'install 'remove-duplicate-bin - (lambda* (#:key outputs #:allow-other-keys) - (delete-file (string-append #$output - "/lib/librewolf/librewolf-bin")))) - (add-after 'install 'wrap-glxtest - ;; glxtest uses dlopen() to load mesa and pci - ;; libs, wrap it to set LD_LIBRARY_PATH. - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "pciutils")))) - (wrap-program (car (find-files lib "^glxtest$")) - `("LD_LIBRARY_PATH" prefix ,libs))))) - (add-after 'install 'patch-config - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (string-append #$output "/lib/librewolf")) - (config-file "librewolf.cfg")) - - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (substitute* (in-vicinity lib config-file) - (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") - "defaultPref(\"extensions.enabledScopes\", 13)")) - ;; Use Mozzarella addons repo. - (call-with-port - (open-file - (in-vicinity lib config-file) - "a") - (lambda (port) - ;; Add-ons panel (see settings.js in Icecat source). - (for-each - (lambda (pref) - (format port - "defaultPref(~s, ~s);~%" - (car pref) - (cdr pref))) - `(("extensions.getAddons.search.browseURL" - ,(string-append - "https://gnuzilla.gnu.org/mozzarella/" - "search.php?q=%TERMS%")) - ("extensions.getAddons.get.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.link.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.discovery.api_url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.langpacks.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("lightweightThemes.getMoreURL" . - "https://gnuzilla.gnu.org/mozzarella")))))))) - (add-after 'install 'wrap-program - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; The following two functions are from Guix's icecat package in - ;; (gnu packages gnuzilla). See commit - ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath elf-dynamic-info - parse-elf get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) - "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "libpng-apng" "libnotify" "libva" - "pulseaudio" "gtk+" "pipewire" - ;; For U2F and WebAuthn - "eudev"))) - - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox - ;; and must be explicitly given access to files it needs. - ;; Rather than adding the whole store (as Nix had - ;; upstream do, see - ;; and - ;; linked upstream patches), we can just follow the - ;; runpaths of the needed libraries to add everything to - ;; LD_LIBRARY_PATH. These will then be accessible in the - ;; RDD sandbox. - (rdd-whitelist (map (cut string-append <> "/") - (delete-duplicates (append-map - runpaths-of-input - '("mesa" - "ffmpeg"))))) - (gtk-share (string-append (assoc-ref inputs - "gtk+") - "/share"))) - (wrap-program (car (find-files lib "^librewolf$")) - `("LD_LIBRARY_PATH" prefix - (,@libs ,@rdd-whitelist)) - `("XDG_DATA_DIRS" prefix - (,gtk-share)) - `("MOZ_LEGACY_PROFILES" = - ("1")) - `("MOZ_ALLOW_DOWNGRADE" = - ("1")))))) - (add-after 'wrap-program 'install-desktop-entry - (lambda* (#:key outputs #:allow-other-keys) - (let* ((desktop-file - "taskcluster/docker/firefox-snap/firefox.desktop") - (applications (string-append #$output - "/share/applications"))) - (substitute* desktop-file - (("^Exec=firefox") - (string-append "Exec=" - #$output "/bin/librewolf")) - ;; "Firefox" -> "LibreWolf" everywhere - (("Firefox") - "LibreWolf") - ;; Remove non-Latin translations. - (("^Name\\[(ar|bn)\\].*$") - "") - (("^Icon=.*") - (string-append "Icon=" - #$output - "/share/icons/hicolor/128x128/apps/librewolf.png + (substitute* file + (("(checksum = )\".*\"" all name) + (string-append name "\"" null-hash + "\"")))) + (find-files "." "Cargo\\.lock$")) + (for-each generate-all-checksums + '("build" + "dom/media" + "dom/webauthn" + "gfx" + "intl" + "js" + "media" + "modules" + "mozglue/static/rust" + "netwerk" + "remote" + "security/manager/ssl" + "servo" + "storage" + "third_party/rust" + "toolkit" + "xpcom/rust" + "services"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("args.append\\(\"--frozen\"\\)") "pass")))) + (delete 'bootstrap) + (add-before 'configure 'patch-SpeechDispatcherService.cpp + (lambda _ + (let* ((lib "libspeechd.so.2") + (file (string-append + "dom/media/webspeech/synth/" + "speechd/SpeechDispatcherService.cpp")) + (old-content (call-with-input-file file + get-string-all))) + (substitute + file + `((,(format #f "~s" lib) unquote + (lambda (line _) + (string-replace-substring + line lib + (string-append #$speech-dispatcher + "/lib/" lib)))))) + (if (string=? old-content + (call-with-input-file file + get-string-all)) + (error + "substitute did nothing, phase requires an update"))))) + (add-before 'configure 'set-build-id + ;; Build will write the timestamp to output, which is harmful + ;; for reproducibility, so change it to a fixed date. Use a + ;; separate phase for easier modification with inherit. + (lambda _ + (setenv "MOZ_BUILD_DATE" + #$%librewolf-build-id))) + (replace 'configure + (lambda* (#:key inputs outputs configure-flags + #:allow-other-keys) + (setenv "AUTOCONF" + (string-append (assoc-ref inputs "autoconf") + "/bin/autoconf")) + (setenv "SHELL" + (which "bash")) + (setenv "CONFIG_SHELL" + (which "bash")) + (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" + "system") + ;; This should use the host info probably (does it + ;; build on non-x86_64 though?) + (setenv "GUIX_PYTHONPATH" + (string-append (getcwd) + "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) + + ;; Use Clang, Clang is 2x faster than GCC + (setenv "AR" "llvm-ar") + (setenv "NM" "llvm-nm") + (setenv "CC" "clang") + (setenv "CXX" "clang++") + (setenv "MOZ_NOSPAM" "1") + (setenv "MOZ_APP_NAME" "librewolf") + + (setenv "MOZBUILD_STATE_PATH" + (getcwd)) + + (let* ((mozconfig (string-append (getcwd) "/mozconfig")) + (out (assoc-ref outputs "out")) + (flags (cons (string-append "--prefix=" out) + configure-flags))) + (format #t "build directory: ~s~%" + (getcwd)) + (format #t "configure flags: ~s~%" flags) + + (define write-flags + (lambda flags + (display (string-join (map (cut string-append + "ac_add_options " <>) + flags) "\n")) + (display "\n"))) + (with-output-to-file mozconfig + (lambda () + (apply write-flags flags) + ;; The following option unsets Telemetry + ;; Reporting. With the Addons Fiasco, + ;; Mozilla was found to be collecting + ;; user's data, including saved passwords + ;; and web form data, without users + ;; consent. Mozilla was also found + ;; shipping updates to systems without + ;; the user's knowledge or permission. + ;; As a result of this, use the following + ;; command to permanently disable + ;; telemetry reporting. + (display "unset MOZ_TELEMETRY_REPORTING\n") + (display "mk_add_options MOZ_CRASHREPORTER=0\n") + (display "mk_add_options MOZ_DATA_REPORTING=0\n") + (display + "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") + (display + "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) + (setenv "MOZCONFIG" mozconfig)) + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") + "gnuzilla.gnu.org")))) + (replace 'build + (lambda* (#:key (make-flags '()) + (parallel-build? #t) #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use parallel build if possible by default + `(,@(if parallel-build? + '() + '("-j1")) ,@make-flags)))) + (add-after 'build 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & + ;; other build tools in about:buildconfig, + ;; reducing the package's closure by 1 GiB on + ;; x86-64. + (let* ((build-dir (car (scandir "." + (cut string-prefix? + "obj-" <>)))) + (file (string-append build-dir + "/dist/bin/chrome/toolkit/" + "content/global/buildconfig.html"))) + (substitute* file + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) + _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda _ + (invoke "./mach" "install"))) + (add-after 'install 'remove-duplicate-bin + (lambda* (#:key outputs #:allow-other-keys) + (delete-file (string-append #$output + "/lib/librewolf/librewolf-bin")))) + (add-after 'install 'wrap-glxtest + ;; glxtest uses dlopen() to load mesa and pci + ;; libs, wrap it to set LD_LIBRARY_PATH. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "pciutils")))) + (wrap-program (car (find-files lib "^glxtest$")) + `("LD_LIBRARY_PATH" prefix ,libs))))) + (add-after 'install 'patch-config + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/librewolf")) + (config-file "librewolf.cfg")) + + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (substitute* (in-vicinity lib config-file) + (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") + "defaultPref(\"extensions.enabledScopes\", 13)")) + ;; Use Mozzarella addons repo. + (call-with-port + (open-file + (in-vicinity lib config-file) + "a") + (lambda (port) + ;; Add-ons panel (see settings.js in Icecat source). + (for-each + (lambda (pref) + (format port + "defaultPref(~s, ~s);~%" + (car pref) + (cdr pref))) + `(("extensions.getAddons.search.browseURL" + ,(string-append + "https://gnuzilla.gnu.org/mozzarella/" + "search.php?q=%TERMS%")) + ("extensions.getAddons.get.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.link.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.discovery.api_url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.langpacks.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("lightweightThemes.getMoreURL" . + "https://gnuzilla.gnu.org/mozzarella")))))))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; The following two functions are from Guix's icecat package in + ;; (gnu packages gnuzilla). See commit + ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath elf-dynamic-info + parse-elf get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) + "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "libpng-apng" "libnotify" "libva" + "pulseaudio" "gtk+" "pipewire" + ;; For U2F and WebAuthn + "eudev"))) + + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) + (gtk-share (string-append (assoc-ref inputs + "gtk+") + "/share"))) + (wrap-program (car (find-files lib "^librewolf$")) + `("LD_LIBRARY_PATH" prefix + (,@libs ,@rdd-whitelist)) + `("XDG_DATA_DIRS" prefix + (,gtk-share)) + `("MOZ_LEGACY_PROFILES" = + ("1")) + `("MOZ_ALLOW_DOWNGRADE" = + ("1")))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda* (#:key outputs #:allow-other-keys) + (let* ((desktop-file + "taskcluster/docker/firefox-snap/firefox.desktop") + (applications (string-append #$output + "/share/applications"))) + (substitute* desktop-file + (("^Exec=firefox") + (string-append "Exec=" + #$output "/bin/librewolf")) + ;; "Firefox" -> "LibreWolf" everywhere + (("Firefox") + "LibreWolf") + ;; Remove non-Latin translations. + (("^Name\\[(ar|bn)\\].*$") + "") + (("^Icon=.*") + (string-append "Icon=" + #$output + "/share/icons/hicolor/128x128/apps/librewolf.png ")) - ;; These commands were changed. - (("-NewWindow") - "-new-window") - (("-NewPrivateWindow") - "-new-private-window") - (("StartupNotify=true") - "StartupNotify=true + ;; These commands were changed. + (("-NewWindow") + "-new-window") + (("-NewPrivateWindow") + "-new-private-window") + (("StartupNotify=true") + "StartupNotify=true StartupWMClass=Navigator")) - (copy-file desktop-file "librewolf.desktop") - (install-file "librewolf.desktop" applications)))) - (add-after 'install-desktop-entry 'install-icons - (lambda* (#:key outputs #:allow-other-keys) - (let ((icon-source-dir (string-append #$output - "/lib/librewolf/browser/" - "chrome/icons/default"))) - (for-each (lambda (size) - (let ((dest (string-append #$output - "/share/icons/hicolor/" - size - "x" - size - "/apps"))) - (mkdir-p dest) - (symlink (string-append icon-source-dir - "/default" size ".png") - (string-append dest - "/librewolf.png")))) - '("16" "32" "48" "64" "128")))))) - - ;; Test will significantly increase build time but with little rewards. - #:tests? #f - - ;; WARNING: Parallel build will consume lots of memory! - ;; If you have encountered OOM issue in build phase, try disable it. - #:parallel-build? #t - - ;; Some dynamic lib was determined at runtime, so rpath check may fail. - #:validate-runpath? #f)) - (inputs (list bash-minimal - bzip2 - cairo - cups - dbus-glib - freetype - ffmpeg - gdk-pixbuf - glib - gtk+ - gtk+-2 - hunspell - icu4c-73 - jemalloc - libcanberra - libevent - libffi - libgnome - libjpeg-turbo - libnotify - libpng-apng - libva - libvpx - libwebp - libxcomposite - libxft - libxinerama - libxscrnsaver - libxt - mesa - mit-krb5 - nspr - nss/fixed - pango - pciutils - pipewire - pixman - pulseaudio - speech-dispatcher - sqlite - startup-notification - eudev - unzip - zip - zlib)) - (native-inputs (list alsa-lib - autoconf-2.13 - `(,rust-librewolf "cargo") - clang-18 - llvm-18 - m4 - nasm - node-lts - perl - pkg-config - python - rust-librewolf - rust-cbindgen-0.26 - which - yasm)) - (home-page "https://librewolf.net/") - (synopsis - "Custom version of Firefox, focused on privacy, security and freedom") - (description - "LibreWolf is designed to increase protection against tracking and + (copy-file desktop-file "librewolf.desktop") + (install-file "librewolf.desktop" applications)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let ((icon-source-dir (string-append #$output + "/lib/librewolf/browser/" + "chrome/icons/default"))) + (for-each (lambda (size) + (let ((dest (string-append #$output + "/share/icons/hicolor/" + size + "x" + size + "/apps"))) + (mkdir-p dest) + (symlink (string-append icon-source-dir + "/default" size ".png") + (string-append dest + "/librewolf.png")))) + '("16" "32" "48" "64" "128")))))) + + ;; Test will significantly increase build time but with little rewards. + #:tests? #f + + ;; WARNING: Parallel build will consume lots of memory! + ;; If you have encountered OOM issue in build phase, try disable it. + #:parallel-build? #t + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f)) + (inputs (list bash-minimal + bzip2 + cairo + cups + dbus-glib + freetype + ffmpeg + gdk-pixbuf + glib + gtk+ + gtk+-2 + hunspell + icu4c-73 + jemalloc + libcanberra + libevent + libffi + libgnome + libjpeg-turbo + libnotify + libpng-apng + libva + libvpx + libwebp + libxcomposite + libxft + libxinerama + libxscrnsaver + libxt + mesa + mit-krb5 + nspr + nss-rapid + pango + pciutils + pipewire + pixman + pulseaudio + speech-dispatcher + sqlite + startup-notification + eudev + unzip + zip + zlib)) + (native-inputs (list alsa-lib + autoconf-2.13 + `(,rust-librewolf "cargo") + clang-18 + llvm-18 + m4 + nasm + node-lts + perl + pkg-config + python + rust-librewolf + rust-cbindgen-0.26 + which + yasm)) + (home-page "https://librewolf.net/") + (synopsis + "Custom version of Firefox, focused on privacy, security and freedom") + (description + "LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.") - (license license:mpl2.0))) + (license license:mpl2.0)))) -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 21 12:19:53 2024 Received: (at 71832) by debbugs.gnu.org; 21 Jul 2024 16:19:53 +0000 Received: from localhost ([127.0.0.1]:55887 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sVZHs-0001bs-PH for submit@debbugs.gnu.org; Sun, 21 Jul 2024 12:19:52 -0400 Received: from fhigh1-smtp.messagingengine.com ([103.168.172.152]:43687) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sVZHq-0001bY-0s; Sun, 21 Jul 2024 12:19:50 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfhigh.nyi.internal (Postfix) with ESMTP id E37451140111; Sun, 21 Jul 2024 12:19:42 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Sun, 21 Jul 2024 12:19:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm2; t=1721578782; x=1721665182; bh=ue /YEHpopjy7N9HpUGq7KkPRTpcGAPHYdTG7yXliI+8=; b=PiZpb0GjzTrk1TAKbj FnWMBDbpxDXX/UHN08Wb3bYLN+1a27oSnPuYROP7ukeusQTxNx8UzDHxg7k47qro RAeAPizhZcfx1F1eDzx8kEKVFkN0oHMoEaQTIE/6/mgfugPqAnVFzaL1u4mSyh4U f1W7mcJ2fmtF1mkLq4OM27vEo90xD54Q50Y1HFtdeEnOhcywfXgVr8xdDHfeoHEd kfltgT083eGHHgH9AWVTc6JWqNtFKRJ4tU4gFj4mqKkY4sCmpM5Nuc1T0A2mH2fd 5tZn6SeCMgWjk+oDBSwjvISTZjEpavN7EMKT38DwA86K1OWoev4enkKJKWzohzdk ZWyQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1721578782; x=1721665182; bh=ue/YEHpopjy7N 9HpUGq7KkPRTpcGAPHYdTG7yXliI+8=; b=gh9CY0o2NXIjwj8GU49YRLlp3cp8L 3nWodB6Ba85z7ue4LpCwF57lV0MHUikLh7hoGLW6WNcl6jI6+KPt2UZam+ZVB35R mZWUUjeKdHhc3+4IQW3ejlPrxKAhvVYdGE12x+JLF7yDglo1BMKdktvtf7rg7B8e yUSPC56XvAtIimU7ZIMp0cZGxRyWgmWGSCupuWYlFeigjcuf4eGyism4H+ZVruxG JEjkeAuokTWgrDCIs5OTLuY2La7G+lJ40TQKpEwBbZB3XDnSPQxaBTVrZPW1XWW9 uvX4juScTzgXeplW9IC4Pq0fwHmJpvFsBIJBupFKtd8jvUUw6Lhuh+2cQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrheehgddutdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegfhffvvefufffkgggtgfesthhqre dttderjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpeeiveevledvveevteekfeekgefgfedttddvveeugf eufedtfeeghfeiudehueevieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 21 Jul 2024 12:19:42 -0400 (EDT) User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure To: control@debbugs.gnu.org Subject: Re: [PATCH 0/2] Add nss-latest; updte Librewolf to 127.0.2-2. Date: Sun, 21 Jul 2024 09:17:46 -0700 Message-ID: <87le1uu38i.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: 71832@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) retitle 71832 [PATCH v4 0/3] Add nss-rapid; update Librewolf to=20 128.0-2 thanks > Hello, > > I have pushed the patch of #71882 to fix the build on non-x86=20 > architectures. > I could still build on x86_64, but could still not build on=20 > aarch64; but > the latter failure is probably due to a lack of memory (the=20 > configure phase > passes now, but the build fails later on with a SIGKILL). > > As this means that the librewolf update of #71832 needs to be=20 > rebased, > I am cc-ing this bug. > > Andreas Thank you, I=E2=80=99ve rebased and updated. Thanks, =E2=80=94 Ian From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 30 23:55:31 2024 Received: (at 71832) by debbugs.gnu.org; 31 Jul 2024 03:55:31 +0000 Received: from localhost ([127.0.0.1]:48821 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0R1-0001y0-6f for submit@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:31 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:51533) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0Qx-0001xS-Hb for 71832@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:29 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id 2FB6D1382188; Tue, 30 Jul 2024 23:55:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 30 Jul 2024 23:55:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1722398107; x= 1722484507; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=G /THzIkxG9isWVy7ADG3YMjbSOc2Xls83K63rzZNXmXQqtDmhZar0dHnu1qUQzGdq BV6ym117KOWzUJjvj8UOna+TNjeAJx0reLBcLdBgFuFAxgfNM19UP+jIqsOSKAjS 0wJqa/2MKK/bBhV4HSeTuYGJ/0MEbXrSSHQcGS8Ku00Shwoh4fBXg5ucczH+47Cn b3/QYZTyHtPZEQf7hTJZHZ+rfSBK/SBWyX7lBjtveYXEnrBcs673YJd97oGO/aaE DyxxhRkkGFKK+a8tYD/jmiQW+36mWUIL/1rN2E9O1+YIu3N7gicurvkclH5z4wP/ kzgN3gMBTCQez4BJNneUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722398107; x= 1722484507; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=I MV0gVUtrtKvc8/uqymVRIliBHmzK3bBw4UjTYlUUPhLtR22YlN8YsYlhQKz5HoYn mHcGZOYYHTVdDfe+OITlNCjTY6FA63pfrGBGm4cLZ3hX9UMdc0FmukyuyFEg20lW U2MfoN4WBRUOEUkzMHGorMrXL1np5o9ueJ01fy0cEFakuMj73yn0paeIdXm4BoRs Cq8PYDv4CpGn1LB+S7ptXmngz3BaD2jl04Tk9SQreVNk84fMKAnm88xBnQ6vki8x xReiZXPaOeUfsaA5ilQx46x8OgmtuTPQxmT+cVyXAW76GhMxLKynr3mLAyXOSVyl du7ALHEz7x5CZYpgK4QkQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdejkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejleeiieevgeegleegieevjeekfe evledugfehteetgfeuffevhfenucffohhmrghinhepmhhoiihilhhlrgdrohhrghenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvg htrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtoheptd X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 23:55:06 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v5 1/3] gnu: Add nss-rapid. Date: Tue, 30 Jul 2024 20:54:59 -0700 Message-ID: <20240731035501.27512-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240731035501.27512-1-ian@retrospec.tv> References: <20240731035501.27512-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 80 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 9224a8ed5a..17f05a65b0 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.102.1") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "1k1pjxz0ab4lg8xqggbb8pw77c1q8h4bldi09z4pj5g4hwsjv62l")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 30 23:55:32 2024 Received: (at 71832) by debbugs.gnu.org; 31 Jul 2024 03:55:32 +0000 Received: from localhost ([127.0.0.1]:48823 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0R1-0001y2-Om for submit@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:32 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:53903) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0Qx-0001xQ-9z; Tue, 30 Jul 2024 23:55:29 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 7B8A51146E5F; Tue, 30 Jul 2024 23:55:06 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 30 Jul 2024 23:55:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm2; t=1722398106; x=1722484506; bh=s1 z/A92GXCmstlUnvBCd6EJappFRbHFWw8GRe6u02XU=; b=TvuU1T4LYO5xPSwwiH hNH3hxZmtUJjCFW+jMOni2HpgUgi4krd4pecKu+K1lcTs5qxqMpV4HfDs6vvQr4r MXE9ym1PfkNh4g8aW4AlcJq5ccBRc3PgW6s8zTVSc4Z5Lzdfe2De2/+e/s6w9tuM vvv7lqL1akH7EGmZ9mVgMgLE/q3I4v3bLqkVvEodRJKh7SQhSl6Pes+byuydpF6/ n+Uf1wMT0tDnuoMcyZqWr4JUoym4l1rMaQdKhqgOFW851mR8Qtm6pHvuJlKrXfbL xQC3ewxZe2if8QE9MhhRKw/AIDxK8FLW/6Bv0ErTpjHQxZ5jQGOpmxmlqcJCxZ5f nLZQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1722398106; x=1722484506; bh=s1z/A92GXCmst lUnvBCd6EJappFRbHFWw8GRe6u02XU=; b=DefXtfXvtLoxfNkOiERpv0D9eu2ex 0YD3loBWPJG0NbB0ose8TodF5mEiPmVD6Q/Wphe+Q25ntg3Acq4zomdwpSJr944c YdF68aCHtPotiukkiSH1EQR+BIuvytBZwMHf87BIh9lP/P2gHS1zOtwQrcyoLs7a 9FLSL72HalYCc0r9k6jPK/Mkkm0Ml3YzEXsTiqjnUd17FrjADlAenaLYVBUb5zBl lgeuB7ttNkWTlAQhWy/mIYotl1Nft66hVZIHC+MFy5pJxJC7U7cc1PatdpcjdrQO 2lIM6TA4X6dpLds8RuhsgHSzFbG0zCAYn9usKZXhoaigQzuwK7wsccNKw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdejkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdht vheqnecuggftrfgrthhtvghrnhepgfeukeffjedugfdvveetleetiedtueduudffhfeuhf eihfejteeuhffgteetvdetnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphhtthhope dt X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 23:55:05 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v5 0/3] [SECURITY] Add nss-rapid; update Librewolf to 128.0.3-1 Date: Tue, 30 Jul 2024 20:54:58 -0700 Message-ID: <20240731035501.27512-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: control@debbugs.gnu.org, Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) retitle 71832 [PATCH v5 0/3] [SECURITY] Add nss-rapid; update Librewolf to 128.0.3-1 thanks New upstream versions of nss-rapid and LibreWolf. This contains security fixes for: CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking debugger eval code CVE-2024-6606: Out-of-bounds read in clipboard component debugger eval code CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented debugger eval code CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock. debugger eval code CVE-2024-6609: Memory corruption in NSS debugger eval code CVE-2024-6610: Form validation popups could block exiting full-screen mode debugger eval code CVE-2024-6600: Memory corruption in WebGL API debugger eval code CVE-2024-6601: Race condition in permission assignment debugger eval code CVE-2024-6602: Memory corruption in NSS debugger eval code CVE-2024-6603: Memory corruption in thread creation debugger eval code CVE-2024-6611: Incorrect handling of SameSite cookies debugger eval code CVE-2024-6612: CSP violation leakage when using devtools debugger eval code CVE-2024-6613: Incorrect listing of stack frames debugger eval code CVE-2024-6614: Incorrect listing of stack frames debugger eval code CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13 debugger eval code CVE-2024-6615: Memory safety bugs fixed in Firefox 128 and Thunderbird 128 This also includes a fix for the application icon not showing up in DEs. Ian Eure (3): gnu: Add nss-rapid. gnu: gnuzilla: Add skr to all-mozilla-locales. gnu: librewolf: Update to 128.0.3-1 gnu/packages/gnuzilla.scm | 1 + gnu/packages/librewolf.scm | 1054 ++++++++++++++++++------------------ gnu/packages/nss.scm | 80 ++- 3 files changed, 606 insertions(+), 529 deletions(-) -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 30 23:55:33 2024 Received: (at 71832) by debbugs.gnu.org; 31 Jul 2024 03:55:33 +0000 Received: from localhost ([127.0.0.1]:48827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0R2-0001yM-Sz for submit@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:33 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:58513) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0Qy-0001xU-JQ for 71832@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:30 -0400 Received: from compute8.internal (compute8.nyi.internal [10.202.2.227]) by mailfout.nyi.internal (Postfix) with ESMTP id 2FC421382192; Tue, 30 Jul 2024 23:55:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute8.internal (MEProxy); Tue, 30 Jul 2024 23:55:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1722398108; x= 1722484508; bh=3tkduaXMWRdzQeeeeXA7Wtyw1cnF40lifR2tCrRdizE=; b=Y JNBktTE/TWJ0abOxQM7UBm6i0dpUt5u+LBJ2f3Lu4ss/X3vAUXoY+GXqYghU2q4X 1IXDOG5r0WBvtaMD9WqyzxWtEAAs1LfH2EsL78DTthHWCL3m7V8IsiMOsIaIJrIl 4PLhBfvVJmjei3FkydFBlU/fTAt+DwBnNJFG6v4M+PmMh7TcBAApWH2u4V+8QgC5 /0N4pYlvp2ZRO4sEX6LNSmcm6RzwnAI87xfh1RlzUHBavuyjcwwCrONWY3xl/GdW kcFdd9inUwSA+eLzepvTCfS/J2yZOZYEjymBYZQR4IBnNVQf6L79MDy0O+3H4z35 HsG9pi8GDmS0WFnY/NOkw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722398108; x= 1722484508; bh=3tkduaXMWRdzQeeeeXA7Wtyw1cnF40lifR2tCrRdizE=; b=I Zvy+ZxNiTrG4pd8XBCdHwtZMTx5ANBdGLFTap9+s1RP2eo9eyrG4v+lxZacYMXrx hvOOQeLVKpDXGs/bXCkX2opw1og76QG2qUncoPKhYL3cIyumW8b6jiLvZLkZgbHb Jh3+YFNgeQL3F+Kx3NULID5PeYwEGmLNqTyGpQZzrgX1FQHY4gz36BoSi9CVnVy/ gZl+q5EtgfU4alFE10WeD4B+LIjVCsWWqENjHXxhlmEti4P05d+++SYKWjtwpCR/ iuRdINVBra75B9lrxKC3FlUj85I0lTGusAAhsZto8jZei/yr0sSyBmjV3IkF/1Pu f4SEoAPMh9Czr5nIC64cA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdejjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpeevveejffduvdetieeutefgueekvdefieeuvdevle efgefhudelfeetvdfgfeegjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtoh eptd X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 23:55:07 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v5 2/3] gnu: gnuzilla: Add skr to all-mozilla-locales. Date: Tue, 30 Jul 2024 20:55:00 -0700 Message-ID: <20240731035501.27512-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240731035501.27512-1-ian@retrospec.tv> References: <20240731035501.27512-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * (gnuzilla): Add skr to all-mozilla-locales. Change-Id: If996048792a53dffb55b7e16e69370dd72fc78e3 --- gnu/packages/gnuzilla.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 3e7818ba43..98dd67a5dd 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -508,6 +508,7 @@ (define-public all-mozilla-locales ("0xndsph4v725q3xcpmxxjb9vxv19sssqnng82m9215cdsv9klgpb" "bf5f6e362f6f" "sco") ("0l70n8817mbmbc09fsnn2aqjj9k9dhad2gmzgphmiilf9mqm2dpf" "1f705c926a99" "si") ("19bqjazazww08chd1qc08dsnr2521088jq5jd4j3185yb1ypm3nr" "c1bd10d70325" "sk") + ("12q1nv6z4bk8yaw3vhl9xs41i7kpx1415mwg635v76fx8h94ycl3" "00eaf8d9e83b" "skr") ("11nmjmy2j249588ahg4mh9lxdqr476jbh28a07qxxibfa76j9vk3" "44be3cbf69b6" "sl") ("1ww35141nixg2s03kfmmq9fk6m3qiz2vg7p5a85shjp7i89pyj1d" "800576ff8ef9" "son") ("1q7nfybwc8mxdwi9fpvfhayq18mykzygkpakr5ngfz2316k8lf5r" "4de8638ac27f" "sq") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 30 23:55:37 2024 Received: (at 71832) by debbugs.gnu.org; 31 Jul 2024 03:55:37 +0000 Received: from localhost ([127.0.0.1]:48829 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0R5-0001ya-8W for submit@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:37 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:36291) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0Qz-0001xW-9k for 71832@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:32 -0400 Received: from compute8.internal (compute8.nyi.internal [10.202.2.227]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 25BEA1146E65; Tue, 30 Jul 2024 23:55:09 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute8.internal (MEProxy); Tue, 30 Jul 2024 23:55:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1722398109; x=1722484509; bh=UF5SSmzEy4fSRNIGVDOvP9Bpz8xDaiFpCgIfJ6LELsI=; b= kJJz67DLy/WUVwmmYvj+Xa2tjgKE7O6YFZgiMLvplC2LnA3Fcj127J00yWJGf6cr EUr9fSLoyNyrRUab4PTI6UyTnbONGW9e+meM6TQgWg1FavvQvdbqJi4bjBnZY3RK UKU0Pjal4hTpr37U/7lIAoYfD34BhFBC2MN87+6vzq1/4cCD8mbC0kq+7Wd3BLlW HrjFcvKceOfpRk+Oae9bN6+H3VKyne3HyxskF/Ss43b/lXQ2fWycYQKZXeNadBDK RqGowjWYIpzWRsJyKu8TGXYYq/nqs71YoQsqDBVgwv3wYASZq/BHsknxFP9x1nl9 59TSPboQQ+BJFOIbMvXa7g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722398109; x= 1722484509; bh=UF5SSmzEy4fSRNIGVDOvP9Bpz8xDaiFpCgIfJ6LELsI=; b=C Ze87KdLVxrg0LgUMs5CJNYKVJZJB/zHxKRNrWEadY5nLoxyiLWehA+SszOQn9olZ zlN65Ap2XOiXx/GEAKYOvtVZAlZuX44IziHUItI9QyT5Tmy9iFTtN/Idb0sIrPUP el44OrFdPiQjlX6zNz1cMRin7aduuL9e30ACNPz5lsi2q8RlJ5Odf4ywR5KU8mHj DELMp+YOlg9x7SfbONwI2H+v4aHq8xwh0PEWdC3t+GURSW5p44yCYmFWkeZMz1Y0 J2DF9VlRv0hi7qbaQnDwLM+1hGeN8kF9kfhPSYHYvF6wTst2O9ufiRpQQ5U+v6dK SZ9p6uXBB/HaEcD7v5JQA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdejjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggt rdhtvheqnecuggftrfgrthhtvghrnhepudffhfeiteejkeehlefgueejffeiveefueekke elhfeltdejteeiieekjeejudelnecuffhomhgrihhnpehsvggrrhgthhhfohigrdhorhhg pdhmohiiihhllhgrrdhorhhgpdhgnhhurdhorhhgpdgtohhnthgvnhhtrdhrvggrugdpgh gvthgrugguohhnshdrshgvrghrtghhpdhgvghtrgguughonhhsrdhlihhnkhdpghhithhh uhgsrdgtohhmpdhlihgsrhgvfiholhhfrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhn sggprhgtphhtthhopedt X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 23:55:08 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v5 3/3] gnu: librewolf: Update to 128.0.3-1 Date: Tue, 30 Jul 2024 20:55:01 -0700 Message-ID: <20240731035501.27512-4-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240731035501.27512-1-ian@retrospec.tv> References: <20240731035501.27512-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 128.0.3-1. Reorganize module to improve usability and reduce duplication. The Rust package and build ID are now at the top of the file. The librewolf-source variable has been replaced with the make-librewolf-source procedure, centralizing versions & hashes in the librewolf package definition. Dedent some of the package’s arguments to improve readability. Change-Id: I15f8a2aa1fae07e0497ab5511d10af0c1f70cc2e --- gnu/packages/librewolf.scm | 1054 ++++++++++++++++++------------------ 1 file changed, 531 insertions(+), 523 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 3e46477724..def21997fc 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -94,12 +94,24 @@ (define-module (gnu packages librewolf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xorg)) +;; Define the versions of rust needed to build librewolf, trying to match +;; upstream. See the file taskcluster/kinds/toolchain/rust.yml at +;; https://searchfox.org under the particular firefox release, like +;; mozilla-esr102. +;; 1.75 is the default in Guix, 1.77 is the minimum for Librewolf. +(define rust-librewolf rust-1.77) + +;; Update this id with every update to its release date. +;; It's used for cache validation and therefore can lead to strange bugs. +;; ex: date '+%Y%m%d%H%M%S' +(define %librewolf-build-id "20240730155826") + (define (firefox-source-origin version hash) (origin (method url-fetch) (uri (string-append "https://ftp.mozilla.org/pub/firefox/releases/" - version "/source/" "firefox-" version + version "/source/firefox-" version ".source.tar.xz")) (sha256 (base32 hash)))) @@ -115,11 +127,14 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) - +(define* (make-librewolf-source version #:key firefox-hash librewolf-hash) + (let* ((ff-src (firefox-source-origin + (car (string-split version #\-)) + firefox-hash)) + (version version) + (lw-src (librewolf-source-origin + version + librewolf-hash))) (origin (method computed-origin-method) (file-name (string-append "librewolf-" version ".source.tar.gz")) @@ -163,11 +178,6 @@ (define librewolf-source (("^ff_source_tarball:=.*") (string-append "ff_source_tarball:=" #+ff-src))) - ;; Remove encoding_rs patch, it doesn't build with Rust 1.75. - (substitute* '("assets/patches.txt") - (("patches/encoding_rs.patch\\\n$") - "")) - ;; Stage locales. (begin (format #t "Staging locales...~%") @@ -205,526 +215,524 @@ (define librewolf-source ".source.tar.gz") #$output)))))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. - -;; Update this id with every update to its release date. -;; It's used for cache validation and therefore can lead to strange bugs. -;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") - (define-public librewolf - (package - (name "librewolf") - (version "126.0.1-1") - (source librewolf-source) - (build-system gnu-build-system) - (arguments - (list - #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))) - `("--enable-application=browser" - - ;; Configuration - "--without-wasm-sandboxed-libraries" - "--with-system-jpeg" - "--with-system-zlib" - "--with-system-png" - "--with-system-webp" - "--with-system-icu" - "--with-system-libvpx" - "--with-system-libevent" - "--with-system-ffi" - "--enable-system-pixman" - "--enable-jemalloc" - - ;; see https://bugs.gnu.org/32833 - "--with-system-nspr" - "--with-system-nss" - - ,(string-append "--with-clang-path=" clang - "/bin/clang") - ,(string-append "--with-libclang-path=" clang - "/lib") - - ;; Distribution - "--with-distribution-id=org.guix" - "--with-app-name=librewolf" - "--with-app-basename=LibreWolf" - "--with-branding=browser/branding/librewolf" - - ;; Features - "--disable-tests" - "--disable-updater" - "--enable-pulseaudio" - "--disable-crashreporter" - "--allow-addon-sideload" - "--with-unsigned-addon-scopes=app,system" - - ;; switch only available on x86, whereas EME - ;; is not supported on other targets - ,@(if #$(target-x86?) '("--disable-eme") '()) - - ;; Build details - "--disable-debug" - "--enable-rust-simd" - "--enable-release" - "--enable-optimize" - "--enable-strip" - "--enable-hardening" - "--disable-elf-hack")) - #:imported-modules %cargo-utils-modules - #:modules `((ice-9 regex) - (ice-9 string-fun) - (ice-9 ftw) - (srfi srfi-1) - (srfi srfi-26) - (rnrs bytevectors) - (rnrs io ports) - (guix elf) - (guix build gremlin) - ,@%gnu-build-system-modules) - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'fix-preferences - (lambda* (#:key inputs #:allow-other-keys) - (let ((port (open-file "browser/app/profile/firefox.js" - "a"))) - (define (write-setting key value) - (format port "~%pref(\"~a\", ~a);~%" key value) - (format #t + (let ((version "128.0.3-1")) + (package + (name "librewolf") + (version version) + (source (make-librewolf-source + version + #:firefox-hash + "1p6ymqzp23xfd4h3lc6aihjbq1ljspli9m17bm6rgklkbk6m8r1j" + #:librewolf-hash + "0pp36q4rcsiyv9b09jfgfrl1k3vqp5bh08c9iq0r2v8is5rbcdz5")) + + (build-system gnu-build-system) + (arguments + (list + #:configure-flags + #~(let ((clang #$(this-package-native-input "clang"))) + `("--enable-application=browser" + + ;; Configuration + "--without-wasm-sandboxed-libraries" + "--with-system-jpeg" + "--with-system-zlib" + "--with-system-png" + "--with-system-webp" + "--with-system-icu" + "--with-system-libvpx" + "--with-system-libevent" + "--with-system-ffi" + "--enable-system-pixman" + "--enable-jemalloc" + + ;; see https://bugs.gnu.org/32833 + "--with-system-nspr" + "--with-system-nss" + + ,(string-append "--with-clang-path=" clang + "/bin/clang") + ,(string-append "--with-libclang-path=" clang + "/lib") + + ;; Distribution + "--with-distribution-id=org.guix" + "--with-app-name=librewolf" + "--with-app-basename=LibreWolf" + "--with-branding=browser/branding/librewolf" + + ;; Features + "--disable-tests" + "--disable-updater" + "--enable-pulseaudio" + "--disable-crashreporter" + "--allow-addon-sideload" + "--with-unsigned-addon-scopes=app,system" + ;; switch only available on x86, whereas EME + ;; is not supported on other targets + ,@(if #$(target-x86?) '("--disable-eme") '()) + + ;; Build details + "--disable-debug" + "--enable-rust-simd" + "--enable-release" + "--enable-optimize" + "--enable-strip" + "--enable-hardening" + "--disable-elf-hack")) + #:imported-modules %cargo-utils-modules + #:modules `((ice-9 regex) + (ice-9 string-fun) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) + ,@%gnu-build-system-modules) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-preferences + (lambda* (#:key inputs #:allow-other-keys) + (let ((port (open-file "browser/app/profile/firefox.js" + "a"))) + (define (write-setting key value) + (format port "~%pref(\"~a\", ~a);~%" key value) + (format #t "fix-preferences: setting value of ~a to ~a~%" key value)) - ;; We should allow the sandbox to read the store directory, - ;; because the sandbox has access to /usr on FHS distros. - (write-setting - "security.sandbox.content.read_path_whitelist" - (string-append "\"" - (%store-directory) "/\"")) - - ;; XDG settings should be managed by Guix. - (write-setting "browser.shell.checkDefaultBrowser" - "false") - (close-port port)))) - (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker - (lambda* (#:key inputs #:allow-other-keys) - (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) - (libavcodec (string-append ffmpeg - "/lib/libavcodec.so"))) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - libavcodec))))) - (add-after 'patch-source-shebangs 'patch-cargo-checksums - (lambda _ - (use-modules (guix build cargo-utils)) - (let ((null-hash - ;; This is the SHA256 output of an empty string. - (string-append - "e3b0c44298fc1c149afbf4c8996fb924" - "27ae41e4649b934ca495991b7852b855"))) - (for-each (lambda (file) - (format #t + ;; We should allow the sandbox to read the store directory, + ;; because the sandbox has access to /usr on FHS distros. + (write-setting + "security.sandbox.content.read_path_whitelist" + (string-append "\"" + (%store-directory) "/\"")) + + ;; XDG settings should be managed by Guix. + (write-setting "browser.shell.checkDefaultBrowser" + "false") + (close-port port)))) + (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker + (lambda* (#:key inputs #:allow-other-keys) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg + "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec))))) + (add-after 'patch-source-shebangs 'patch-cargo-checksums + (lambda _ + (use-modules (guix build cargo-utils)) + (let ((null-hash + ;; This is the SHA256 output of an empty string. + (string-append + "e3b0c44298fc1c149afbf4c8996fb924" + "27ae41e4649b934ca495991b7852b855"))) + (for-each (lambda (file) + (format #t "patch-cargo-checksums: patching checksums in ~a~%" file) - (substitute* file - (("(checksum = )\".*\"" all name) - (string-append name "\"" null-hash - "\"")))) - (find-files "." "Cargo\\.lock$")) - (for-each generate-all-checksums - '("build" - "dom/media" - "dom/webauthn" - "gfx" - "intl" - "js" - "media" - "modules" - "mozglue/static/rust" - "netwerk" - "remote" - "security/manager/ssl" - "servo" - "storage" - "third_party/rust" - "toolkit" - "xpcom/rust" - "services"))))) - (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag - (lambda _ - ;; Remove --frozen flag from cargo invokation, otherwise it'll - ;; complain that it's not able to change Cargo.lock. - ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 - (substitute* "build/RunCbindgen.py" - (("args.append\\(\"--frozen\"\\)") "pass")))) - (delete 'bootstrap) - (add-before 'configure 'patch-SpeechDispatcherService.cpp - (lambda _ - (let* ((lib "libspeechd.so.2") - (file (string-append - "dom/media/webspeech/synth/" - "speechd/SpeechDispatcherService.cpp")) - (old-content (call-with-input-file file - get-string-all))) - (substitute - file - `((,(format #f "~s" lib) unquote - (lambda (line _) - (string-replace-substring - line lib - (string-append #$speech-dispatcher - "/lib/" lib)))))) - (if (string=? old-content - (call-with-input-file file - get-string-all)) - (error - "substitute did nothing, phase requires an update"))))) - (add-before 'configure 'set-build-id - ;; Build will write the timestamp to output, which is harmful - ;; for reproducibility, so change it to a fixed date. Use a - ;; separate phase for easier modification with inherit. - (lambda _ - (setenv "MOZ_BUILD_DATE" - #$%librewolf-build-id))) - (replace 'configure - (lambda* (#:key inputs outputs configure-flags - #:allow-other-keys) - (setenv "AUTOCONF" - (string-append (assoc-ref inputs "autoconf") - "/bin/autoconf")) - (setenv "SHELL" - (which "bash")) - (setenv "CONFIG_SHELL" - (which "bash")) - (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" - "system") - ;; This should use the host info probably (does it - ;; build on non-x86_64 though?) - (setenv "GUIX_PYTHONPATH" - (string-append (getcwd) - "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) - - ;; Use Clang, Clang is 2x faster than GCC - (setenv "AR" "llvm-ar") - (setenv "NM" "llvm-nm") - (setenv "CC" "clang") - (setenv "CXX" "clang++") - (setenv "MOZ_NOSPAM" "1") - (setenv "MOZ_APP_NAME" "librewolf") - - (setenv "MOZBUILD_STATE_PATH" - (getcwd)) - - (let* ((mozconfig (string-append (getcwd) "/mozconfig")) - (out (assoc-ref outputs "out")) - (flags (cons (string-append "--prefix=" out) - configure-flags))) - (format #t "build directory: ~s~%" - (getcwd)) - (format #t "configure flags: ~s~%" flags) - - (define write-flags - (lambda flags - (display (string-join (map (cut string-append - "ac_add_options " <>) - flags) "\n")) - (display "\n"))) - (with-output-to-file mozconfig - (lambda () - (apply write-flags flags) - ;; The following option unsets Telemetry - ;; Reporting. With the Addons Fiasco, - ;; Mozilla was found to be collecting - ;; user's data, including saved passwords - ;; and web form data, without users - ;; consent. Mozilla was also found - ;; shipping updates to systems without - ;; the user's knowledge or permission. - ;; As a result of this, use the following - ;; command to permanently disable - ;; telemetry reporting. - (display "unset MOZ_TELEMETRY_REPORTING\n") - (display "mk_add_options MOZ_CRASHREPORTER=0\n") - (display "mk_add_options MOZ_DATA_REPORTING=0\n") - (display - "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") - (display - "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) - (setenv "MOZCONFIG" mozconfig)) - (invoke "./mach" "configure"))) - (add-before 'build 'fix-addons-placeholder - (lambda _ - (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" - (("addons.mozilla.org") - "gnuzilla.gnu.org")))) - (replace 'build - (lambda* (#:key (make-flags '()) - (parallel-build? #t) #:allow-other-keys) - (apply invoke "./mach" "build" - ;; mach will use parallel build if possible by default - `(,@(if parallel-build? - '() - '("-j1")) ,@make-flags)))) - (add-after 'build 'neutralise-store-references - (lambda _ - ;; Mangle the store references to compilers & - ;; other build tools in about:buildconfig, - ;; reducing the package's closure by 1 GiB on - ;; x86-64. - (let* ((build-dir (car (scandir "." - (cut string-prefix? - "obj-" <>)))) - (file (string-append build-dir - "/dist/bin/chrome/toolkit/" - "content/global/buildconfig.html"))) - (substitute* file - (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" - (regexp-quote (%store-directory))) - _ store hash) - (string-append store - (string-take hash 8) - "" - (string-drop hash 8))))))) - (replace 'install - (lambda _ - (invoke "./mach" "install"))) - (add-after 'install 'remove-duplicate-bin - (lambda* (#:key outputs #:allow-other-keys) - (delete-file (string-append #$output - "/lib/librewolf/librewolf-bin")))) - (add-after 'install 'wrap-glxtest - ;; glxtest uses dlopen() to load mesa and pci - ;; libs, wrap it to set LD_LIBRARY_PATH. - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "pciutils")))) - (wrap-program (car (find-files lib "^glxtest$")) - `("LD_LIBRARY_PATH" prefix ,libs))))) - (add-after 'install 'patch-config - (lambda* (#:key inputs #:allow-other-keys) - (let ((lib (string-append #$output "/lib/librewolf")) - (config-file "librewolf.cfg")) - - ;; Required for Guix packaged extensions - ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 - ;; Default is 5. - (substitute* (in-vicinity lib config-file) - (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") - "defaultPref(\"extensions.enabledScopes\", 13)")) - ;; Use Mozzarella addons repo. - (call-with-port - (open-file - (in-vicinity lib config-file) - "a") - (lambda (port) - ;; Add-ons panel (see settings.js in Icecat source). - (for-each - (lambda (pref) - (format port - "defaultPref(~s, ~s);~%" - (car pref) - (cdr pref))) - `(("extensions.getAddons.search.browseURL" - ,(string-append - "https://gnuzilla.gnu.org/mozzarella/" - "search.php?q=%TERMS%")) - ("extensions.getAddons.get.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.link.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.discovery.api_url" . - "https://gnuzilla.gnu.org/mozzarella") - ("extensions.getAddons.langpacks.url" . - "https://gnuzilla.gnu.org/mozzarella") - ("lightweightThemes.getMoreURL" . - "https://gnuzilla.gnu.org/mozzarella")))))))) - (add-after 'install 'wrap-program - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; The following two functions are from Guix's icecat package in - ;; (gnu packages gnuzilla). See commit - ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. - (define (runpath-of lib) - (call-with-input-file lib - (compose elf-dynamic-info-runpath elf-dynamic-info - parse-elf get-bytevector-all))) - (define (runpaths-of-input label) - (let* ((dir (string-append (assoc-ref inputs label) - "/lib")) - (libs (find-files dir "\\.so$"))) - (append-map runpath-of libs))) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (libs (map - (lambda (lib-name) - (string-append (assoc-ref inputs - lib-name) - "/lib")) - '("mesa" "libpng-apng" "libnotify" "libva" - "pulseaudio" "gtk+" "pipewire" - ;; For U2F and WebAuthn - "eudev"))) - - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox - ;; and must be explicitly given access to files it needs. - ;; Rather than adding the whole store (as Nix had - ;; upstream do, see - ;; and - ;; linked upstream patches), we can just follow the - ;; runpaths of the needed libraries to add everything to - ;; LD_LIBRARY_PATH. These will then be accessible in the - ;; RDD sandbox. - (rdd-whitelist (map (cut string-append <> "/") - (delete-duplicates (append-map - runpaths-of-input - '("mesa" - "ffmpeg"))))) - (gtk-share (string-append (assoc-ref inputs - "gtk+") - "/share"))) - (wrap-program (car (find-files lib "^librewolf$")) - `("LD_LIBRARY_PATH" prefix - (,@libs ,@rdd-whitelist)) - `("XDG_DATA_DIRS" prefix - (,gtk-share)) - `("MOZ_LEGACY_PROFILES" = - ("1")) - `("MOZ_ALLOW_DOWNGRADE" = - ("1")))))) - (add-after 'wrap-program 'install-desktop-entry - (lambda* (#:key outputs #:allow-other-keys) - (let* ((desktop-file - "taskcluster/docker/firefox-snap/firefox.desktop") - (applications (string-append #$output - "/share/applications"))) - (substitute* desktop-file - (("^Exec=firefox") - (string-append "Exec=" - #$output "/bin/librewolf")) - ;; "Firefox" -> "LibreWolf" everywhere - (("Firefox") - "LibreWolf") - ;; Remove non-Latin translations. - (("^Name\\[(ar|bn)\\].*$") - "") - (("^Icon=.*") - (string-append "Icon=" - #$output - "/share/icons/hicolor/128x128/apps/librewolf.png + (substitute* file + (("(checksum = )\".*\"" all name) + (string-append name "\"" null-hash + "\"")))) + (find-files "." "Cargo\\.lock$")) + (for-each generate-all-checksums + '("build" + "dom/media" + "dom/webauthn" + "gfx" + "intl" + "js" + "media" + "modules" + "mozglue/static/rust" + "netwerk" + "remote" + "security/manager/ssl" + "servo" + "storage" + "third_party/rust" + "toolkit" + "xpcom/rust" + "services"))))) + (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag + (lambda _ + ;; Remove --frozen flag from cargo invokation, otherwise it'll + ;; complain that it's not able to change Cargo.lock. + ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 + (substitute* "build/RunCbindgen.py" + (("args.append\\(\"--frozen\"\\)") "pass")))) + (delete 'bootstrap) + (add-before 'configure 'patch-SpeechDispatcherService.cpp + (lambda _ + (let* ((lib "libspeechd.so.2") + (file (string-append + "dom/media/webspeech/synth/" + "speechd/SpeechDispatcherService.cpp")) + (old-content (call-with-input-file file + get-string-all))) + (substitute + file + `((,(format #f "~s" lib) unquote + (lambda (line _) + (string-replace-substring + line lib + (string-append #$speech-dispatcher + "/lib/" lib)))))) + (if (string=? old-content + (call-with-input-file file + get-string-all)) + (error + "substitute did nothing, phase requires an update"))))) + (add-before 'configure 'set-build-id + ;; Build will write the timestamp to output, which is harmful + ;; for reproducibility, so change it to a fixed date. Use a + ;; separate phase for easier modification with inherit. + (lambda _ + (setenv "MOZ_BUILD_DATE" + #$%librewolf-build-id))) + (replace 'configure + (lambda* (#:key inputs outputs configure-flags + #:allow-other-keys) + (setenv "AUTOCONF" + (string-append (assoc-ref inputs "autoconf") + "/bin/autoconf")) + (setenv "SHELL" + (which "bash")) + (setenv "CONFIG_SHELL" + (which "bash")) + (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" + "system") + ;; This should use the host info probably (does it + ;; build on non-x86_64 though?) + (setenv "GUIX_PYTHONPATH" + (string-append (getcwd) + "/obj-x86_64-pc-linux-gnu/_virtualenvs/build")) + + ;; Use Clang, Clang is 2x faster than GCC + (setenv "AR" "llvm-ar") + (setenv "NM" "llvm-nm") + (setenv "CC" "clang") + (setenv "CXX" "clang++") + (setenv "MOZ_NOSPAM" "1") + (setenv "MOZ_APP_NAME" "librewolf") + (setenv "MOZ_APP_REMOTINGNAME" "LibreWolf") + + (setenv "MOZBUILD_STATE_PATH" + (getcwd)) + + (let* ((mozconfig (string-append (getcwd) "/mozconfig")) + (out (assoc-ref outputs "out")) + (flags (cons (string-append "--prefix=" out) + configure-flags))) + (format #t "build directory: ~s~%" + (getcwd)) + (format #t "configure flags: ~s~%" flags) + + (define write-flags + (lambda flags + (display (string-join (map (cut string-append + "ac_add_options " <>) + flags) "\n")) + (display "\n"))) + (with-output-to-file mozconfig + (lambda () + (apply write-flags flags) + ;; The following option unsets Telemetry + ;; Reporting. With the Addons Fiasco, + ;; Mozilla was found to be collecting + ;; user's data, including saved passwords + ;; and web form data, without users + ;; consent. Mozilla was also found + ;; shipping updates to systems without + ;; the user's knowledge or permission. + ;; As a result of this, use the following + ;; command to permanently disable + ;; telemetry reporting. + (display "unset MOZ_TELEMETRY_REPORTING\n") + (display "mk_add_options MOZ_CRASHREPORTER=0\n") + (display "mk_add_options MOZ_DATA_REPORTING=0\n") + (display + "mk_add_options MOZ_SERVICES_HEALTHREPORT=0") + (display + "mk_add_options MOZ_TELEMETRY_REPORTING=0"))) + (setenv "MOZCONFIG" mozconfig)) + (invoke "./mach" "configure"))) + (add-before 'build 'fix-addons-placeholder + (lambda _ + (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl" + (("addons.mozilla.org") + "gnuzilla.gnu.org")))) + (replace 'build + (lambda* (#:key (make-flags '()) + (parallel-build? #t) #:allow-other-keys) + (apply invoke "./mach" "build" + ;; mach will use parallel build if possible by default + `(,@(if parallel-build? + '() + '("-j1")) ,@make-flags)))) + (add-after 'build 'neutralise-store-references + (lambda _ + ;; Mangle the store references to compilers & + ;; other build tools in about:buildconfig, + ;; reducing the package's closure by 1 GiB on + ;; x86-64. + (let* ((build-dir (car (scandir "." + (cut string-prefix? + "obj-" <>)))) + (file (string-append build-dir + "/dist/bin/chrome/toolkit/" + "content/global/buildconfig.html"))) + (substitute* file + (((format #f "(~a/)([0-9a-df-np-sv-z]{32})" + (regexp-quote (%store-directory))) + _ store hash) + (string-append store + (string-take hash 8) + "" + (string-drop hash 8))))))) + (replace 'install + (lambda _ + (invoke "./mach" "install"))) + (add-after 'install 'remove-duplicate-bin + (lambda* (#:key outputs #:allow-other-keys) + (delete-file (string-append #$output + "/lib/librewolf/librewolf-bin")))) + (add-after 'install 'wrap-glxtest + ;; glxtest uses dlopen() to load mesa and pci + ;; libs, wrap it to set LD_LIBRARY_PATH. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "pciutils")))) + (wrap-program (car (find-files lib "^glxtest$")) + `("LD_LIBRARY_PATH" prefix ,libs))))) + (add-after 'install 'patch-config + (lambda* (#:key inputs #:allow-other-keys) + (let ((lib (string-append #$output "/lib/librewolf")) + (config-file "librewolf.cfg")) + + ;; Required for Guix packaged extensions + ;; SCOPE_PROFILE=1, SCOPE_APPLICATION=4, SCOPE_SYSTEM=8 + ;; Default is 5. + (substitute* (in-vicinity lib config-file) + (("defaultPref\\(\"extensions.enabledScopes\", 5\\)") + "defaultPref(\"extensions.enabledScopes\", 13)")) + ;; Use Mozzarella addons repo. + (call-with-port + (open-file + (in-vicinity lib config-file) + "a") + (lambda (port) + ;; Add-ons panel (see settings.js in Icecat source). + (for-each + (lambda (pref) + (format port + "defaultPref(~s, ~s);~%" + (car pref) + (cdr pref))) + `(("extensions.getAddons.search.browseURL" + ,(string-append + "https://gnuzilla.gnu.org/mozzarella/" + "search.php?q=%TERMS%")) + ("extensions.getAddons.get.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.link.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.discovery.api_url" . + "https://gnuzilla.gnu.org/mozzarella") + ("extensions.getAddons.langpacks.url" . + "https://gnuzilla.gnu.org/mozzarella") + ("lightweightThemes.getMoreURL" . + "https://gnuzilla.gnu.org/mozzarella")))))))) + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; The following two functions are from Guix's icecat package in + ;; (gnu packages gnuzilla). See commit + ;; b7a0935420ee630a29b7e5ac73a32ba1eb24f00b. + (define (runpath-of lib) + (call-with-input-file lib + (compose elf-dynamic-info-runpath elf-dynamic-info + parse-elf get-bytevector-all))) + (define (runpaths-of-input label) + (let* ((dir (string-append (assoc-ref inputs label) + "/lib")) + (libs (find-files dir "\\.so$"))) + (append-map runpath-of libs))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (libs (map + (lambda (lib-name) + (string-append (assoc-ref inputs + lib-name) + "/lib")) + '("mesa" "libpng-apng" "libnotify" "libva" + "pulseaudio" "gtk+" "pipewire" + ;; For U2F and WebAuthn + "eudev"))) + + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) + (gtk-share (string-append (assoc-ref inputs + "gtk+") + "/share"))) + (wrap-program (car (find-files lib "^librewolf$")) + `("LD_LIBRARY_PATH" prefix + (,@libs ,@rdd-whitelist)) + `("XDG_DATA_DIRS" prefix + (,gtk-share)) + `("MOZ_LEGACY_PROFILES" = + ("1")) + `("MOZ_ALLOW_DOWNGRADE" = + ("1")))))) + (add-after 'wrap-program 'install-desktop-entry + (lambda* (#:key outputs #:allow-other-keys) + (let* ((desktop-file + "taskcluster/docker/firefox-snap/firefox.desktop") + (applications (string-append #$output + "/share/applications"))) + (substitute* desktop-file + (("^Exec=firefox") + (string-append "Exec=" + #$output "/bin/librewolf")) + ;; "Firefox" -> "LibreWolf" everywhere + (("Firefox") + "LibreWolf") + ;; Remove non-Latin translations. + (("^Name\\[(ar|bn)\\].*$") + "") + (("^Icon=.*") + (string-append "Icon=" + #$output + "/share/icons/hicolor/128x128/apps/librewolf.png ")) - ;; These commands were changed. - (("-NewWindow") - "-new-window") - (("-NewPrivateWindow") - "-new-private-window") - (("StartupNotify=true") - "StartupNotify=true -StartupWMClass=Navigator")) - (copy-file desktop-file "librewolf.desktop") - (install-file "librewolf.desktop" applications)))) - (add-after 'install-desktop-entry 'install-icons - (lambda* (#:key outputs #:allow-other-keys) - (let ((icon-source-dir (string-append #$output - "/lib/librewolf/browser/" - "chrome/icons/default"))) - (for-each (lambda (size) - (let ((dest (string-append #$output - "/share/icons/hicolor/" - size - "x" - size - "/apps"))) - (mkdir-p dest) - (symlink (string-append icon-source-dir - "/default" size ".png") - (string-append dest - "/librewolf.png")))) - '("16" "32" "48" "64" "128")))))) - - ;; Test will significantly increase build time but with little rewards. - #:tests? #f - - ;; WARNING: Parallel build will consume lots of memory! - ;; If you have encountered OOM issue in build phase, try disable it. - #:parallel-build? #t - - ;; Some dynamic lib was determined at runtime, so rpath check may fail. - #:validate-runpath? #f)) - (inputs (list bash-minimal - bzip2 - cairo - cups - dbus-glib - freetype - ffmpeg - gdk-pixbuf - glib - gtk+ - gtk+-2 - hunspell - icu4c-73 - jemalloc - libcanberra - libevent - libffi - libgnome - libjpeg-turbo - libnotify - libpng-apng - libva - libvpx - libwebp - libxcomposite - libxft - libxinerama - libxscrnsaver - libxt - mesa - mit-krb5 - nspr - nss/fixed - pango - pciutils - pipewire - pixman - pulseaudio - speech-dispatcher - sqlite - startup-notification - eudev - unzip - zip - zlib)) - (native-inputs (list alsa-lib - autoconf-2.13 - `(,rust-librewolf "cargo") - clang-18 - llvm-18 - m4 - nasm - node-lts - perl - pkg-config - python - rust-librewolf - rust-cbindgen-0.26 - which - yasm)) - (home-page "https://librewolf.net/") - (synopsis - "Custom version of Firefox, focused on privacy, security and freedom") - (description - "LibreWolf is designed to increase protection against tracking and + ;; These commands were changed. + (("-NewWindow") + "-new-window") + (("-NewPrivateWindow") + "-new-private-window") + (("StartupNotify=true") + "StartupNotify=true +StartupWMClass=LibreWolf")) + (copy-file desktop-file "librewolf.desktop") + (install-file "librewolf.desktop" applications)))) + (add-after 'install-desktop-entry 'install-icons + (lambda* (#:key outputs #:allow-other-keys) + (let ((icon-source-dir (string-append #$output + "/lib/librewolf/browser/" + "chrome/icons/default"))) + (for-each (lambda (size) + (let ((dest (string-append #$output + "/share/icons/hicolor/" + size + "x" + size + "/apps"))) + (mkdir-p dest) + (symlink (string-append icon-source-dir + "/default" size ".png") + (string-append dest + "/librewolf.png")))) + '("16" "32" "48" "64" "128")))))) + + ;; Test will significantly increase build time but with little rewards. + #:tests? #f + + ;; WARNING: Parallel build will consume lots of memory! + ;; If you have encountered OOM issue in build phase, try disable it. + #:parallel-build? #t + + ;; Some dynamic lib was determined at runtime, so rpath check may fail. + #:validate-runpath? #f)) + (inputs (list bash-minimal + bzip2 + cairo + cups + dbus-glib + freetype + ffmpeg + gdk-pixbuf + glib + gtk+ + gtk+-2 + hunspell + icu4c-73 + jemalloc + libcanberra + libevent + libffi + libgnome + libjpeg-turbo + libnotify + libpng-apng + libva + libvpx + libwebp + libxcomposite + libxft + libxinerama + libxscrnsaver + libxt + mesa + mit-krb5 + nspr + nss-rapid + pango + pciutils + pipewire + pixman + pulseaudio + speech-dispatcher + sqlite + startup-notification + eudev + unzip + zip + zlib)) + (native-inputs (list alsa-lib + autoconf-2.13 + `(,rust-librewolf "cargo") + clang-18 + llvm-18 + m4 + nasm + node-lts + perl + pkg-config + python + rust-librewolf + rust-cbindgen-0.26 + which + yasm)) + (home-page "https://librewolf.net/") + (synopsis + "Custom version of Firefox, focused on privacy, security and freedom") + (description + "LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.") - (license license:mpl2.0))) + (license license:mpl2.0)))) -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 15:33:56 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 19:33:56 +0000 Received: from localhost ([127.0.0.1]:54999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBU-0002Pl-1Q for submit@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:56 -0400 Received: from fout4-smtp.messagingengine.com ([103.168.172.147]:37059) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBR-0002PJ-PC for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:54 -0400 Received: from phl-compute-06.internal (phl-compute-06.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id 2056913872A4; Sat, 17 Aug 2024 15:33:09 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Sat, 17 Aug 2024 15:33:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1723923189; x= 1724009589; bh=Ga19gMKbMbNBuLVQSBS5QqbXomv33uPTC1RaZNU+Hfg=; b=m kOIOKtSm4MwPHjQt6amSG4gYENJJnfOj21Q12W+azi9t8hhbcAQWkitMfIxsySSQ dm2vhwGG9/wmOAmr8lBfwN6tuOHniIUt37mX5ossiTb5li39hkOa5L2462YeF1n0 kNZWjLZvHlpddcb5B9PAB7wuyJ01m2QyVXUdNNoWCuJLiepqZ7DGll5EFbmIka/X t2vMiK811u5tHbePD7k5RtNWNA4MH2ORvunJIhh/5zr3fIgyud4Urw3WeNjmrjlq Y+wJlrqAHnLY5c6p2fbDf4upzECC7bzBVV8eqhFogmJlabN7pUPegP3uENwgR4w7 bo1NFy2ELJG4MGlTvSOFg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723923189; x= 1724009589; bh=Ga19gMKbMbNBuLVQSBS5QqbXomv33uPTC1RaZNU+Hfg=; b=E SQ8ODmcQrM+oqXZSi+fcTxCMhfMqC07zWzrzCpPnDgJ9F3OjetbHpqsqAsl5B2nW uO96K6FXIGU1MGqVdAfbmE6y8HAPkZAxKPUJepDpsv0585D+s97vpC4sx5FW1Z+p zkZJfvwJeeLXSUfHk8chTPoUBRHrHvnhHD/AkWnLXc89DakPerCBCBgr7iqPrGTd 9b7G+th79iyxanjnxhtKwm91CO/+0erEZmIUe5PEoBdaIDvXFWs9mljHXiMTMIWw 9iytKn5NG/d3z99pG1CrDEz9Gojy3t227m4wJrXfosUn4y6qoO1bRbOWjJaPB46b NNurSR4sTR6/g4jndsgAQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddutddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgjfhgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpeevveejffduvdetie eutefgueekvdefieeuvdevleefgefhudelfeetvdfgfeegjeenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrd htvhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep jedukeefvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehguhhigidqsh gvtghurhhithihsehgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhrohhsphgv tgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 15:33:08 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v6 1/3] gnu: gnuzilla: Add skr to all-mozilla-locales. Date: Sat, 17 Aug 2024 12:32:38 -0700 Message-ID: <20240817193240.27089-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240817193240.27089-1-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure , guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * (gnuzilla): Add skr to all-mozilla-locales. Change-Id: If996048792a53dffb55b7e16e69370dd72fc78e3 --- gnu/packages/gnuzilla.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 039b6de71c..df48976419 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -508,6 +508,7 @@ (define-public all-mozilla-locales ("0xndsph4v725q3xcpmxxjb9vxv19sssqnng82m9215cdsv9klgpb" "bf5f6e362f6f" "sco") ("0l70n8817mbmbc09fsnn2aqjj9k9dhad2gmzgphmiilf9mqm2dpf" "1f705c926a99" "si") ("19bqjazazww08chd1qc08dsnr2521088jq5jd4j3185yb1ypm3nr" "c1bd10d70325" "sk") + ("12q1nv6z4bk8yaw3vhl9xs41i7kpx1415mwg635v76fx8h94ycl3" "00eaf8d9e83b" "skr") ("11nmjmy2j249588ahg4mh9lxdqr476jbh28a07qxxibfa76j9vk3" "44be3cbf69b6" "sl") ("1ww35141nixg2s03kfmmq9fk6m3qiz2vg7p5a85shjp7i89pyj1d" "800576ff8ef9" "son") ("1q7nfybwc8mxdwi9fpvfhayq18mykzygkpakr5ngfz2316k8lf5r" "4de8638ac27f" "sq") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 15:33:56 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 19:33:57 +0000 Received: from localhost ([127.0.0.1]:55001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBU-0002Po-Bb for submit@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:56 -0400 Received: from fhigh7-smtp.messagingengine.com ([103.168.172.158]:50577) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBS-0002PK-Hh for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:54 -0400 Received: from phl-compute-01.internal (phl-compute-01.nyi.internal [10.202.2.41]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 144411147077; Sat, 17 Aug 2024 15:33:10 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Sat, 17 Aug 2024 15:33:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1723923190; x= 1724009590; bh=4KBGFw1Omm7sjz9NttDCfjCKj50udd1X81qVEhRN6MM=; b=j s5B5UrBSw/BjKXPtaRN/57J+tXEnCfJbTxrZhNIFwVpYnlP6cy0tM3eOHtJWy71o Du0M0QCUYfZmQxCHM+FL8fHNszQ0s/0v4w45ig9clKHjZui2lq16Ty2bbyYmyNTV QYVLc68qgAIq8AaY8o3aJdYUTnzFId5P3/KQpyJxajgQmeKOj4A8xl+IDXNZMbVn akcOBXZqATPDXpL8mcYXwiUuEinAv79Q4nm/reg2FBb3TIJJ6Yvh/1htuHlSuuKe 6i5vE+mHNhY2EZptkKssf+GLEgqoce9rcKW2APul4ouErp2JsfUnRKxccWxPgkKw ANHiHc0wtNI9KgMisuAVQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723923190; x= 1724009590; bh=4KBGFw1Omm7sjz9NttDCfjCKj50udd1X81qVEhRN6MM=; b=F ATh6aZWCxn4ihaN+iC3seyg7ToFeGIxuup/Kf4JhZR49VSpbR1j8gz9iTydGQZUi 9g0EpdmxDu9c304zyt6mSIJb8Or6wwn1mk/pkgpGkNlxA+fo0n9g9SAAy9SzmPCT w/yJXXt73gMdmNBDyMSGQgX2FsDPIcCd8wulGTHib7T9R61OrhSFWnb/cQ4KRscF vT8oAzChy5uCPfw6i45P6urM12Z1+fEhsrECwWZiweHOZoh4au0O3e5NyWBcwrdv yJM6N42s0iL9IGkmzal8H9hppn4RpFk1nC1huUPnfcOOpzjF3TsuXqQP6V5gqqCx +yCJO7vtS9ERz38X8A1gg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddutddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgjfhgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejle eiieevgeegleegieevjeekfeevledugfehteetgfeuffevhfenucffohhmrghinhepmhho iihilhhlrgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtohepfedp mhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepjedukeefvdesuggvsggsuhhgshdrgh hnuhdrohhrghdprhgtphhtthhopehguhhigidqshgvtghurhhithihsehgnhhurdhorhhg pdhrtghpthhtohepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 15:33:09 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v6 2/3] gnu: Add nss-rapid. Date: Sat, 17 Aug 2024 12:32:39 -0700 Message-ID: <20240817193240.27089-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240817193240.27089-1-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure , guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 9224a8ed5a..1a684e6146 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,8 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. 3.102.1 is the current ESR. + (define-public nss (package (name "nss") @@ -303,6 +305,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.103") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "0qp9rs226rr6gh51b42cdbydr4mj80cli3bfqhh7bp3jyxbvcjkv")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-08-17" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd") -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 15:34:02 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 19:34:02 +0000 Received: from localhost ([127.0.0.1]:55003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBX-0002QA-Vd for submit@debbugs.gnu.org; Sat, 17 Aug 2024 15:34:02 -0400 Received: from fout4-smtp.messagingengine.com ([103.168.172.147]:51257) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBT-0002PM-2F for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:55 -0400 Received: from phl-compute-06.internal (phl-compute-06.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id 4338E13868EA; Sat, 17 Aug 2024 15:33:08 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Sat, 17 Aug 2024 15:33:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm2; t=1723923188; x=1724009588; bh=NPdASBYEXFoJqLzZUxXdb k1e/bzGlhXPVCO+s3OkwwA=; b=PsoUHTz1Y8AC+f/UM9QLOppNKxVYx8xuR0Mop jgRH8P5Ana6DY4xOLBhxxo9rOoCU20BrGl7N+U4Gj87yC1zJZE47NuJ0J1WRpBY9 EA/Aab5FN2OOuU1J10rFCl8ONycaJLW/BRTZYw5BSPb7LkrwbMvtZXRQBF2W8neN Nq8Hs5XG2eaYKuSIzwhuolVjvMIQSJ2KLbOw7id2DgsLPf9/qCB52F0ZEkUwVNOB NtFN0hvDHNwZJk7WkEnVDDqchZUUZen95cbWjdEA/lV51YQp66Zn+nzXBQin2yVZ ihkT9ALeFVBkQuSPbCCPQ9vRMOQ7WdNN0QCJK/K7hC2qgQ8cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1723923188; x=1724009588; bh=NPdASBYEXFoJqLzZUxXdbk1e/bzG lhXPVCO+s3OkwwA=; b=vlITosW6GcSuUkSaEZuwUX1r78NQSQJmM0+3sOM6IEfW XOmkDzmmHXF+afOshSsF6kKdWw1f7cFU75GBoMMi10kb9kP6eFTS2vUMv4K3SQQd FMDJBgL3DkWVjDNdX8vuwDxqnROz2GRCIPvNpA4PU5Iw9ju79MuM8hDnWcNBQhGA bWzYBEGq+AV0bc+w9LcHkeu75ocJQINOkUChq6riM7ToG1dzyh+BJPLSSmDzJypa tB2XrJCp/wtGWYWsnmZUYUGG6NzEaamuDmDl3k7a5cTnGjTCQoTEiKFsWB6DX9hO lScuIvAe1CFknvVpl6ijwSdCVSsInsoCNctDtiUKTw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddutddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhes rhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpefgvdejhfelhfeftdeile elfedvhfefffetfeeuteelgfdvleffleevgfefueekjeenucffohhmrghinhepmhhoiihi lhhlrgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtohepfedpmhho uggvpehsmhhtphhouhhtpdhrtghpthhtohepjedukeefvdesuggvsggsuhhgshdrghhnuh drohhrghdprhgtphhtthhopehguhhigidqshgvtghurhhithihsehgnhhurdhorhhgpdhr tghpthhtohepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 15:33:07 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid Date: Sat, 17 Aug 2024 12:32:37 -0700 Message-ID: <20240817193240.27089-1-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure , guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) vs. the previous versions of this patch series, v6: - Updates LibreWolf to 129.0.1-1, the latest upstream. - Updates nss-rapid, to version 3.103, the latest upstream. - Adds the skr locale to all-mozilla-locales. - Backs out improvements not directly related to updating the browser version, to make review easier. In addition to the CVEs fixed in 128.0, this includes fixes for[1]: CVE-2024-7518: Fullscreen notification dialog can be obscured by document content CVE-2024-7519: Out of bounds memory access in graphics shared memory handling CVE-2024-7520: Type confusion in WebAssembly CVE-2024-7521: Incomplete WebAssembly exception handing CVE-2024-7522: Out of bounds read in editor component CVE-2024-7523: Document content could partially obscure security prompts CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims CVE-2024-7525: Missing permission check when creating a StreamFilter CVE-2024-7526: Uninitialized memory used by WebGL CVE-2024-7527: Use-after-free in JavaScript garbage collection CVE-2024-7528: Use-after-free in IndexedDB CVE-2024-7529: Document content could partially obscure security prompts CVE-2024-7530: Use-after-free in JavaScript code coverage collection CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge [1]: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/ Ian Eure (3): gnu: gnuzilla: Add skr to all-mozilla-locales. gnu: Add nss-rapid. gnu: librewolf: Update to 129.0.1-1. gnu/packages/gnuzilla.scm | 1 + gnu/packages/librewolf.scm | 12 +++---- gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 6 deletions(-) -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 15:34:02 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 19:34:02 +0000 Received: from localhost ([127.0.0.1]:55006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBa-0002QS-9z for submit@debbugs.gnu.org; Sat, 17 Aug 2024 15:34:02 -0400 Received: from fhigh7-smtp.messagingengine.com ([103.168.172.158]:39303) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBT-0002PN-Aj for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:57 -0400 Received: from phl-compute-03.internal (phl-compute-03.nyi.internal [10.202.2.43]) by mailfhigh.nyi.internal (Postfix) with ESMTP id DB86811482FE; Sat, 17 Aug 2024 15:33:10 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Sat, 17 Aug 2024 15:33:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1723923190; x= 1724009590; bh=nyRKu/krrDgagpx0+5ex0b1MBUcATTxJKDs+hwTOY4I=; b=U OtoUoZw8/m/G5QhkkBQWZ8QLv5R5t4zBP4KYsqjZQ08dt5IvfpHfjCg8mtC8OhbK xZfe+nfR3RduT49eBNqYxKFjytTbVeS4oqgEewx/+EeRO76Ns1jJcT4NLtfVAhVr Dy4kBUpUQerSAC/TJBKeOX7foVw25AvcTl38ykyGWGwy+qv1o9SCOVFXbXYzgv+D r1xerEUI4V5rjuypaXFhDzm9ytfNBeRZv9qqmTQXm+fXuqrJdrCQSqhNW1fw5wFc xfn4AeheTs4LCk+qO3d7U9y1vaD9mSUEUg6Uz3WGEAqO5/nZU8W0m9h39LltAnqt QfjulgBRfwZuNr8cn+mmw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723923190; x= 1724009590; bh=nyRKu/krrDgagpx0+5ex0b1MBUcATTxJKDs+hwTOY4I=; b=A lLT2+za0xNLUBk0EkxHG50KzPYG5XOTK2s/xhX2BJglR2JOUrlJyfP7Gg6yba9ez 7/VzunTyB4jV74VjK5KdtJuZtdaSMKmtxfFOAnWX51KX/U7AwDK9xXPBvc4ELI8J L1UgOuoShOjhqBg5t6YBqhBI6Da5zRbapAeOuaRpw22/eF0bfFT09u3yGBAUnlu1 kO1YEjOHEaK3RQ4sxUXOCzSfEudTUTIkdg1gG6E+VMZprpWVql4O15O7RND8K7DM 9KP8lY05Cv7RYGw+fDc9kHip3T9rQ9IMMhBjMD7zfGYRNARJvvIRd7UZ9wVsa1vg hpkiekde655FrkqADGkUw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddutddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgjfhgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpeevveejffduvdetie eutefgueekvdefieeuvdevleefgefhudelfeetvdfgfeegjeenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrd htvhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep jedukeefvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehguhhigidqsh gvtghurhhithihsehgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhrohhsphgv tgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 15:33:10 -0400 (EDT) From: Ian Eure To: 71832@debbugs.gnu.org Subject: [PATCH v6 3/3] gnu: librewolf: Update to 129.0.1-1. Date: Sat, 17 Aug 2024 12:32:40 -0700 Message-ID: <20240817193240.27089-4-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240817193240.27089-1-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: Ian Eure , guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/librewolf.scm (librewolf): Update to 129.0.1-1. Change-Id: Iefeff2ea7016e8d55313b55dd97179f80bcead1b --- gnu/packages/librewolf.scm | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 45fbb84e4f..c7487b1259 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -117,9 +117,9 @@ (define (librewolf-source-origin version hash) (define computed-origin-method (@@ (guix packages) computed-origin-method)) (define librewolf-source - (let* ((ff-src (firefox-source-origin "126.0.1" "0fr679rcwshwpfxidc55b2xsn4pmrr7p9ix4rr2mv2k7kwsjcc7n")) - (version "126.0.1-1") - (lw-src (librewolf-source-origin version "0cac80073vkzd85ai9rbnwixs1h9bpy4dj2ri6jxdlqsy5d663km"))) + (let* ((ff-src (firefox-source-origin "129.0.1" "0wy0fn0pavlhlkdybr59hhbn5ng0zn56mxa7gsknf8f2whiyipwx")) + (version "129.0.1-1") + (lw-src (librewolf-source-origin version "0pvv3v23q31hdjvqi1f3cqfyjrb8dbrrbfwxj2wacak1g0mzbxf4"))) (origin (method computed-origin-method) @@ -215,12 +215,12 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20240607212143") +(define %librewolf-build-id "20240817075827") (define-public librewolf (package (name "librewolf") - (version "126.0.1-1") + (version "129.0.1-1") (source librewolf-source) (build-system gnu-build-system) (arguments @@ -691,7 +691,7 @@ (define (runpaths-of-input label) mesa mit-krb5 nspr - nss/fixed + nss-rapid pango pciutils pipewire -- 2.45.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 18:47:30 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 22:47:31 +0000 Received: from localhost ([127.0.0.1]:55062 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfSCo-0007Q3-KR for submit@debbugs.gnu.org; Sat, 17 Aug 2024 18:47:30 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:59902) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfSCn-0007Pr-B2 for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 18:47:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1723934803; bh=0BaX5hc2xViTG5WL3Ccz4WOxLrWjXiak9uRBW67HwEg=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Ys7xjU18tWa0budT8VFncnKrnmNVS2TA+5WO1iAWcZTdkZzehgnkOJTHZIHIGiSm/ a2oq20iIyWSnVjPYftEH0j1sETZP7Z7Fh37okEkRoRPNUtqkjqHuG4x9KNbmB+nlUa bWfpKzHAarj72jBkCzkiiCD7DGumVF6npizf0Z9aaZalBpqZkqV2WkiOLU+bzP6XAf wO9tK7T3IYy7rRJiSasJTkYWpLACJ2AKzdliatJuB+mzYHRRFTqDe/DbZh7aasgX9P rWI2nqJk9d0E0jakZv01VLSVJIMLplMcRPk+RGaOgpJcdUXSoSi1/2qMBUGrE8N1J0 dstSSNDkJ5Fvg== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id C133C6FC; Sat, 17 Aug 2024 15:46:43 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure , 71832@debbugs.gnu.org Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. In-Reply-To: <20240817193240.27089-3-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> Date: Sat, 17 Aug 2024 15:46:38 -0700 Message-ID: <87sev2lqcx.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832 Cc: guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Ian Eure wrote: > * gnu/packages/nss.scm (nss-rapid): New variable. > > Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 > --- > gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 67 insertions(+) Unfortunately, this failed to build: error: in phase 'check': uncaught exception: %exception #<&invoke-error program: "faketime" arguments: ("2024-08-17" "./nss/tests/all.sh") exit-status: 1 term-signal: #f stop-signal: #f> phase `check' failed after 1983.7 seconds command "faketime" "2024-08-17" "./nss/tests/all.sh" failed with status 1 builder for `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv' failed with exit code 1 build of /gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv failed View build log at '/var/log/guix/drvs/nh/zx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv.gz'. guix build: error: build of `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv' failed live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsEoTgAKCRDcUY/If5cW qkxCAP9CUBXtG4Fuw3rJPeOcrDQnEcvzmS2KBDmm/WNcL8UPzgEA1P8aul7PUrXR HCd5CD4W8aWlhAk+Br32KJc+fOX+zAk= =iODr -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 19:34:36 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 23:34:36 +0000 Received: from localhost ([127.0.0.1]:55077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfSwO-00008v-En for submit@debbugs.gnu.org; Sat, 17 Aug 2024 19:34:36 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:49898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfSwM-00008d-CE for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 19:34:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1723937598; bh=9rmeFb7iIOIgD1LuKHoVFPrQb6d93geMQlxeq/LpjV8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=XVUp6xle4WjEyDsPpgdXC0aaK7cXi9rekEND5Ot8XYUrgJNkS9cx1OWznmX+lGpLX H8tzVOcqp2XmtuOrBaIBJIDi7Y8XYQ5r88gc/gJgdKEvv16RaWHcSwHN7E4ljsDoiE kp43X9ohpF/lONjRor8PkbqjjP4SVKs/dwjo1G4emUu2w9SUW5Ahh08rOoOroVSxEE glXTpG1jeLRL5aLStTUZmJPXuiRi5PoOon1t2JzBs+6hfTmKCS0oQdqW3G3xsCZIT8 Gd2QjuBtpq/NBR19PaaKoQWmA8tQwVC6QlHUgKDOlfyOqZQn1Tl2HZ1r9G5egZSU88 dwasqYOowvVHQ== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id A18F96FC; Sat, 17 Aug 2024 16:33:18 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure , 71832@debbugs.gnu.org Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. In-Reply-To: <87sev2lqcx.fsf@wireframe> References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> <87sev2lqcx.fsf@wireframe> Date: Sat, 17 Aug 2024 16:33:14 -0700 Message-ID: <87plq6lo79.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832 Cc: guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Vagrant Cascadian wrote: > On 2024-08-17, Ian Eure wrote: >> * gnu/packages/nss.scm (nss-rapid): New variable. >> >> Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 >> --- >> gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 67 insertions(+) > > Unfortunately, this failed to build: > > error: in phase 'check': uncaught exception: > %exception #<&invoke-error program: "faketime" arguments: ("2024-08-17" "./nss/tests/all.sh") exit-status: 1 term-signal: #f stop-signal: #f> > phase `check' failed after 1983.7 seconds > command "faketime" "2024-08-17" "./nss/tests/all.sh" failed with status 1 > builder for `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv' failed with exit code 1 > build of /gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv failed > View build log at '/var/log/guix/drvs/nh/zx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv.gz'. > guix build: error: build of `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3.103.drv' failed Hrm. The build log was truncated and I could not find the actual errors. There were two test suite failures... :/ I tried to build it again and it worked this time... hrm. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsEzOgAKCRDcUY/If5cW qsubAQDFUqGl5lPTFGFlSkZm/2N4jDPB+8NQK1sa9esdaNQGgAD+IJ53qO9K7BJJ BaHIx66N2Id/nl/mD98nDWkzttw90w0= =w0Tl -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 19:52:01 2024 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 23:52:01 +0000 Received: from localhost ([127.0.0.1]:55083 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfTDF-0000ZA-6Z for submit@debbugs.gnu.org; Sat, 17 Aug 2024 19:52:01 -0400 Received: from fout7-smtp.messagingengine.com ([103.168.172.150]:49789) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfTDC-0000Yv-Vo for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 19:51:59 -0400 Received: from phl-compute-08.internal (phl-compute-08.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 48FBA1381F91; Sat, 17 Aug 2024 19:51:14 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Sat, 17 Aug 2024 19:51:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1723938674; x=1724025074; bh=xNETxtKBgWHo2yRkJuv9A0/OxY46UgzvPowchfnqKBI=; b= QGV232y/Z9pJThXFkdteGO2U4rOiR0h9mqbVfZBgecjDtzWV3AjtwZw86tKG378Z hhljvuakgG4UJqQ7G4E1sWNw5kMy3EebPeevSQsph9jelqsRm3QgdrYfoLXhA0ve sp6y0Eke6bjFCrLp+dnvgoJ6fpNhHtmVJ9LFepbsFuJO7p7L90nIqGJdRFQkw33Z heu29fDn5cr3X789lByhjBxZyHOQSC2DSKdDk3niFLC3NykGo0Ig1lJ5G9WaVP+S 9ttnOiPYUEMejfJi+cOpGe7Ma9b3cr+Hl1+YmYZfMEScjWHGl9QIv9jywdo5rswR 1uqYHX5ONwPCMJXAlRYgEw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723938674; x= 1724025074; bh=xNETxtKBgWHo2yRkJuv9A0/OxY46UgzvPowchfnqKBI=; b=S ZKeQ6pA3qHx4ETe9rQgVeCPrauQR+2CasCgz1JFP5vkEFPRhOIUaKIl07KM7usZZ 5y8O4Dn7av3r90yOR71xwwrdwjKrA/euhxvH05YIAo4RikG1f5/kC+3r3a4oSIs5 df745thAKNEQtMGxn6aTtS4UMqHqFt5NKivPgONM/dNcD2Hf9rXi6OK6vJdoY+S3 ytfZFEl1VLj1k7dZp6O0DfmbP48Mzy2UQpalqY+qbmOWHT+f1mHX5B+NNsSBrO19 1gnQ+L/BB6d8Evoi4TNvfyWTmifF+KHlNStuYsE8H1uER43paurznABAmFYF2HXs WlP8ETWlPaxB7uLKh01Kw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudduuddgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfffhvfevufgfjghfkfggtgfgsegrjehmredtreej necuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqne cuggftrfgrthhtvghrnhepjeelieeftefhhfduieejhfffueethfeigffhkefhvedtheeh fffhgfelvefgffeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphhtthhopeefpdhm ohguvgepshhmthhpohhuthdprhgtphhtthhopehvrghgrhgrnhhtseguvggsihgrnhdroh hrghdprhgtphhtthhopeejudekfedvseguvggssghughhsrdhgnhhurdhorhhgpdhrtghp thhtohepghhuihigqdhsvggtuhhrihhthiesghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 19:51:13 -0400 (EDT) Date: Sat, 17 Aug 2024 16:51:12 -0700 From: Ian Eure To: Vagrant Cascadian , 71832@debbugs.gnu.org Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. User-Agent: K-9 Mail for Android In-Reply-To: <87plq6lo79.fsf@wireframe> References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> <87sev2lqcx.fsf@wireframe> <87plq6lo79.fsf@wireframe> Message-ID: <9AB57E33-2043-4D96-B6BD-DB0E25111319@retrospec.tv> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----PTJEX6JGHL0VEG0UKP7MR66HNGGGGY Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) ------PTJEX6JGHL0VEG0UKP7MR66HNGGGGY Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thank you for taking a look=2E It seems like the build process crashed whe= n running the extensive test suite=2E Both these packages are resource-int= ensive to build=2E A machine with 16gb RAM and no swap will OOM, but a 24g= b machine can complete them=2E Perhaps there's a clue in dmesg? I built both nss-rapid and librewolf locally and made sure they seemed to = work prior to sending the patch series=2E On August 17, 2024 4:33:14 PM PDT, Vagrant Cascadian wrote: >On 2024-08-17, Vagrant Cascadian wrote: >> On 2024-08-17, Ian Eure wrote: >>> * gnu/packages/nss=2Escm (nss-rapid): New variable=2E >>> >>> Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 >>> --- >>> gnu/packages/nss=2Escm | 67 +++++++++++++++++++++++++++++++++++++++++= +++ >>> 1 file changed, 67 insertions(+) >> >> Unfortunately, this failed to build: >> >> error: in phase 'check': uncaught exception: >> %exception #<&invoke-error program: "faketime" arguments: ("2024-08-17"= "=2E/nss/tests/all=2Esh") exit-status: 1 term-signal: #f stop-signal: #f> >> phase `check' failed after 1983=2E7 seconds >> command "faketime" "2024-08-17" "=2E/nss/tests/all=2Esh" failed with st= atus 1 >> builder for `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3=2E= 103=2Edrv' failed with exit code 1 >> build of /gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3=2E103= =2Edrv failed >> View build log at '/var/log/guix/drvs/nh/zx27ndgbhsbl0kjnv49xsy3xdy0a66= -nss-rapid-3=2E103=2Edrv=2Egz'=2E >> guix build: error: build of `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3xdy0a6= 6-nss-rapid-3=2E103=2Edrv' failed > >Hrm=2E The build log was truncated and I could not find the actual >errors=2E There were two test suite failures=2E=2E=2E :/ > >I tried to build it again and it worked this time=2E=2E=2E hrm=2E > >live well, > vagrant ------PTJEX6JGHL0VEG0UKP7MR66HNGGGGY Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Thank you for taking a look=2E= =C2=A0 It seems like the build process crashed when running the extensive t= est suite=2E=C2=A0 Both these packages are resource-intensive to build=2E= =C2=A0 A machine with 16gb RAM and no swap will OOM, but a 24gb machine can= complete them=2E=C2=A0 Perhaps there's a clue in dmesg?

I built bot= h nss-rapid and librewolf locally and made sure they seemed to work prior t= o sending the patch series=2E


On August 17, 2024 4:33:14 PM PDT, Vagrant Cascadian <vagra= nt@debian=2Eorg> wrote:
On 2024-08-17, Vagrant Cascadian w=
rote:
On 2024-08-17, Ian Eure wrote:
 * gnu/packages/nss=2Escm (nss-rapid=
): New variable=2E

 Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b822=
8cd7
  gnu/packages/nss=2Escm | 67 +++++++++++++++++++++++++++++++++++++=
+++++++
  1 file changed, 67 insertions(+)

 Unfortunately, this failed to build:

 error: in phas=
e 'check': uncaught exception:
 %exception #<&invoke-error progra=
m: "faketime" arguments: ("2024-08-17" "=2E/nss/tests/all=2Esh") exit-statu=
s: 1 term-signal: #f stop-signal: #f>
 phase `check' failed after 198=
3=2E7 seconds
 command "faketime" "2024-08-17" "=2E/nss/tests/all=2Esh" =
failed with status 1
 builder for `/gnu/store/nhzx27ndgbhsbl0kjnv49xsy3x=
dy0a66-nss-rapid-3=2E103=2Edrv' failed with exit code 1
 build of /gnu/s=
tore/nhzx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3=2E103=2Edrv failed
 Vi=
ew build log at '/var/log/guix/drvs/nh/zx27ndgbhsbl0kjnv49xsy3xdy0a66-nss-r=
apid-3=2E103=2Edrv=2Egz'=2E
 guix build: error: build of `/gnu/store/nhz=
x27ndgbhsbl0kjnv49xsy3xdy0a66-nss-rapid-3=2E103=2Edrv' failed

Hrm=2E The build log was truncated and I cou=
ld not find the actual
errors=2E There were two test suite failures=2E=
=2E=2E :/

I tried to build it again and it worked this time=2E=2E=2E=
 hrm=2E

live well,
  vagrant
------PTJEX6JGHL0VEG0UKP7MR66HNGGGGY-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 22:02:44 2024 Received: (at 71832) by debbugs.gnu.org; 18 Aug 2024 02:02:44 +0000 Received: from localhost ([127.0.0.1]:55143 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfVFj-00040u-Om for submit@debbugs.gnu.org; Sat, 17 Aug 2024 22:02:43 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:36322) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfVFh-00040d-MC for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 22:02:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1723946485; bh=Zg+Dda+UCdjpNY79cfpicNLlCRRVDxPV4DGYXiiHwgE=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Ao2YCN66Q6YkK3pZnXuaWT6grx8IwUgIOfVuKJMF1OFtXgnrFgrYjD8ryKZZBqYUk Hk66/L7WKbrywAZsPXXfFQObsni73fCRhOwjnmShbmTLhAdNiLP+DyBYxuH2YZ00w/ LcnnGbqZjt5FWVy3qG0KhqgLnZut1c7sEdE8eVhqBlCOdmKzdb70UEB5Hcuh+6I/e0 CfZyYdJwQwXdc7P2C/ilM1vV94SM0Jk0bOqiBm0Kh83XRuPDTIOnxusyplHbVaRpvd oQRFluQ80PeYmW0jB+PlORgm0Nca5mbmOhNTrNI9t4qNWAW489BMag/Kjlunaxsqj3 CickZ8W/ta43g== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 9511A6FC; Sat, 17 Aug 2024 19:01:25 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure , 71832@debbugs.gnu.org Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. In-Reply-To: <9AB57E33-2043-4D96-B6BD-DB0E25111319@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> <87sev2lqcx.fsf@wireframe> <87plq6lo79.fsf@wireframe> <9AB57E33-2043-4D96-B6BD-DB0E25111319@retrospec.tv> Date: Sat, 17 Aug 2024 19:00:58 -0700 Message-ID: <87le0ulhd1.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832 Cc: guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Ian Eure wrote: > Thank you for taking a look. It seems like the build process crashed > when running the extensive test suite. Both these packages are > resource-intensive to build. A machine with 16gb RAM and no swap will > OOM, but a 24gb machine can complete them. Perhaps there's a clue in > dmesg? I got a successful build of both nss-rapid and librewolf even only with 16gb of ram and 2.5gb of swap (maybe newer versions ... actually use less resources?!) ... it just took two tries to build nss-rapid! :) Have not actually run it yet... because foolishly I built it on a headless system and need to transfer it over somewhere else to actually test it... but so far looks promising. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsFV2gAKCRDcUY/If5cW qhsiAQCIAfJqTt7XDzq3T/OncbUNLXr4rlymPByaAFfvd23GIQEA56tV8tvVc91Y /LHP5bYwhdEUj+3oVMjvLhQsOcI8PAE= =tgNZ -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 23:39:34 2024 Received: (at 71832) by debbugs.gnu.org; 18 Aug 2024 03:39:34 +0000 Received: from localhost ([127.0.0.1]:55183 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfWlS-0006wC-3e for submit@debbugs.gnu.org; Sat, 17 Aug 2024 23:39:34 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:49272) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfWlQ-0006vx-Mf for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 23:39:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1723952296; bh=WOK5fXCvBEBWwLDLHOEeM8foTgY6NSGMudeEFSv1eSw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=AInX2OQZaoxdNIwvAytMMp+XjZjHqITsD+SWCJhhJQRU9xIGJqS4liyLLaJt5Fr1j yR2/YDXsaDfVRczrHB++yNKl1hxRdp77tooeZvUl8edrTaDjhPsMi00+NyTAGaaAX2 g/fqB6qpyWX7Gtf0Fg5Vo9eaCtZbsbC0B919f2PE8/Mo8OumYCZmZhHj0422EtLT1c L7Ucr4F1hY/YaBN6o+O8jjbNzN+eTHNjU/qg0lfp3/nxl6K1PTGFKdwMqRLZiuwWEd 3qllNjwyBiwNlKONZkVK8xq3bk6ss77FfF9H/ihlHHA2inQzBP227UuZuK6goQOWlo xf4qucxeHS25Q== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id C70B56FC; Sat, 17 Aug 2024 20:38:16 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. In-Reply-To: <20240817193240.27089-3-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> Date: Sat, 17 Aug 2024 20:38:09 -0700 Message-ID: <87ed6mlcv2.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832 Cc: 71832@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Ian Eure wrote: > diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm > index 9224a8ed5a..1a684e6146 100644 > --- a/gnu/packages/nss.scm > +++ b/gnu/packages/nss.scm ... > +;; nss should track ESRs, but currently doesn't. 3.102.1 is the current ESR. > + > (define-public nss > (package > (name "nss") Though I largely agree with the logic (e.g. nss *should* probably be packaging ESR versions in general)... it seems a little weird to include a comment about what the packaging for nss *should* do, even though it is not (yet) doing it... similar with embedding a specific "current" version, which will obviously become inaccurate before too long... Alternately, maybe moving the comment to where the nss version is actually defined; to give someone pause when considering updating the version? Or maybe this belongs in a separate discussion on guix-devel and/or bug? > +;; nss-rapid tracks the rapid release channel. Unless your package requires a > +;; newer version, you should prefer the `nss' package, which tracks the ESR > +;; channel. > +;; > +;; See https://wiki.mozilla.org/NSS:Release_Versions > +;; and https://wiki.mozilla.org/Rapid_Release_Model > + > +(define-public nss-rapid Mixed feelings on rapid vs. latest ... latest is a bit more consistent with other guix packages, though "rapid" is the terminology that upstream uses here. Both those points are, in my opinion, quite minor; I would not want to block on those points alone! live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsFsoQAKCRDcUY/If5cW qhjWAQDZiN0mzvD0V9s3uJoiHW/tnonzAhUgrCOF9ZTQnr1EzwD/SYiv+KlZ82v5 dTYuNt8EvCAUpU9Er+q36DT+1n16awk= =1/TI -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 17 23:47:47 2024 Received: (at 71832) by debbugs.gnu.org; 18 Aug 2024 03:47:47 +0000 Received: from localhost ([127.0.0.1]:55187 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfWtP-000797-5T for submit@debbugs.gnu.org; Sat, 17 Aug 2024 23:47:47 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:52966) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfWtK-00078o-Mc for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 23:47:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1723952787; bh=87EF8+fip9PwW5w5hsNdJSMUrpQeUiQ6ziTR+iH+xCk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=c79xUipbKNgBMQfYsElBZNm6usI/V3v4f2UIc9Y2zgjYiww4Gqm/0rlphWcVnNxGX Sq4jeWvFn9flxCw8bAVYq/lmVu33dn+CejaBpcrnoaV29BALHbSIsTjacvbDzu/B6M aL5oFAmM7qCP0QmfPzAMK5iXYiHfy1Ee7dpFyifbkQJ7TGDk6jjtu5OzvWS0L6iup1 v62aIdGyVmLGRWk8bVyZFaWWOtzm4d1DAiVq/inUxdb6jgbfdTqqAXGBc9YvcmODbL w4gc6I19ev6u4iPYC7lVSF4zBs0mJsAZtydk2ajb7uJmCs4mGX4B7sxYABaslXdOLy P0koGtnWWKCkw== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 6A52C6FC; Sat, 17 Aug 2024 20:46:27 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure Subject: Re: [bug#71832] [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid In-Reply-To: <20240817193240.27089-1-ian@retrospec.tv> References: <20240629035716.21504-1-ian@retrospec.tv> <20240817193240.27089-1-ian@retrospec.tv> Date: Sat, 17 Aug 2024 20:46:22 -0700 Message-ID: <87bk1qlchd.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832 Cc: 71832@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Ian Eure wrote: > - Updates LibreWolf to 129.0.1-1, the latest upstream. > - Updates nss-rapid, to version 3.103, the latest upstream. > - Adds the skr locale to all-mozilla-locales. > - Backs out improvements not directly related to updating the browser version, to make review easier. It builds and runs fine for me, so overall I think this should be merged sooner than later (despite some of my minor comments on the nss-rapid patch)... given the previous iterations of patches over several months and the growing list of CVE fixes... If there are no strong objections and nobody beats me to it, I will merge these patches in the next couple days. Thanks for working on librewolf! Sorry the update process has been lagging! live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsFujgAKCRDcUY/If5cW qoOPAQDPdpPphCnvz+2vsRtV5Vj0CO0zVxQx5ZIFz366QkAHnAD9HUCdtWWz3M/K deB+PyoLNjegbstK6kz4FC1DJiK1bwk= =dYtq -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 18 00:06:15 2024 Received: (at 71832) by debbugs.gnu.org; 18 Aug 2024 04:06:15 +0000 Received: from localhost ([127.0.0.1]:55205 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfXBG-0007dU-R7 for submit@debbugs.gnu.org; Sun, 18 Aug 2024 00:06:15 -0400 Received: from fhigh4-smtp.messagingengine.com ([103.168.172.155]:40153) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfXBF-0007dF-Ne for 71832@debbugs.gnu.org; Sun, 18 Aug 2024 00:06:14 -0400 Received: from phl-compute-08.internal (phl-compute-08.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 7BFAF1151B04; Sun, 18 Aug 2024 00:05:28 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Sun, 18 Aug 2024 00:05:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1723953928; x=1724040328; bh=tN8JA9Hy55uCLKL1Q06Ha8d/sYKh9E0YkTd3fgd5NwA=; b= lr8UvROVhkARSAhya1tV6El7lQbzSgiJ6cPrvoWkDJ/eieOSmObkIp9Z07H7DexY 0AiHT5OvVvtCTljLmezYWBB4m4NTpyiKojwKUWtRHoOtpeqNpg7qQ11WP6mowMBb s1wzxX4T6Mu49DBJ7LyY3byF0s8BGPc8AsLzxAi7iAYvJh+uzK7RZE+vASLfDEfL 5ejcqemRtX3y4+Qu5K9BCR+8Wiq5n7KKyd3Y2BS9XUEVBx7CF+nVmF3pcbQsw7DS s43G7xpiKzTB/fkA9dHjvkaoO3V0KtDQIii7XT92PH6BMXckCOrGBVIjVvbBlGES diNMo61mddHpiorjtR2asw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723953928; x= 1724040328; bh=tN8JA9Hy55uCLKL1Q06Ha8d/sYKh9E0YkTd3fgd5NwA=; b=G 9iu7WUe2JWTzl9SJX5z52qbHSrvHYkBUavJvUH0kbAlDlA0XzYdHUQbtYz/IJrdA 85PMeEvcapeL155oy0aQW5SL+itizSnzjT6xfb3kiMesHAmvAzoS8MOduWWNjBT+ 4SUwXsNXIVPl3c0e3VwX2Ln2Xi9K8uocz7wY7iFujgJ23bVWuqzddL+Fo6K6r4K4 iwKX8XM8Q91cDhx+6BpRGRrplfozeTiGLBwOJT/QzYWtXSe5uF1xRezCTwSACxWe r9W4U+xknzKXnIW+AD63+HEWH0JKOli18i+S6GDemMjIJIUXERqjwE7vihOszjeJ YZm6sm2yzbsGUz0NoWGHQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudduuddgkedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfhgfhffvvefuffgjkfggtgfgsehtqhertddtreej necuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqne cuggftrfgrthhtvghrnheptdevgfevvdeghfetgeetueegvddviedtjeekgeekiefggeev fefhheekkeelledtnecuffhomhgrihhnpehmohiiihhllhgrrdhorhhgpdhgnhhurdhorh hgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepihgr nhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphhtthhopeefpdhmohguvgepshhmth hpohhuthdprhgtphhtthhopehguhhigidqshgvtghurhhithihsehgnhhurdhorhhgpdhr tghpthhtohepjedukeefvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhope hvrghgrhgrnhhtseguvggsihgrnhdrohhrgh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 18 Aug 2024 00:05:26 -0400 (EDT) References: <20240817193240.27089-1-ian@retrospec.tv> <20240817193240.27089-3-ian@retrospec.tv> <87ed6mlcv2.fsf@wireframe> User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure To: Vagrant Cascadian Subject: Re: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. Date: Sat, 17 Aug 2024 20:48:25 -0700 In-reply-to: <87ed6mlcv2.fsf@wireframe> Message-ID: <87zfpa4gsb.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71832 Cc: 71832@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Vagrant Cascadian writes: > [[PGP Signed Part:Undecided]] > On 2024-08-17, Ian Eure wrote: >> diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm >> index 9224a8ed5a..1a684e6146 100644 >> --- a/gnu/packages/nss.scm >> +++ b/gnu/packages/nss.scm > ... >> +;; nss should track ESRs, but currently doesn't. 3.102.1 is=20 >> the current ESR. >> + >> (define-public nss >> (package >> (name "nss") > > Though I largely agree with the logic (e.g. nss *should*=20 > probably be > packaging ESR versions in general)... it seems a little weird to=20 > include > a comment about what the packaging for nss *should* do, even=20 > though it > is not (yet) doing it... similar with embedding a specific=20 > "current" > version, which will obviously become inaccurate before too=20 > long... > > Alternately, maybe moving the comment to where the nss version=20 > is > actually defined; to give someone pause when considering=20 > updating the > version? > > Or maybe this belongs in a separate discussion on guix-devel=20 > and/or bug? > I started a discussion about nss earlier this year[1], and some of=20 the changes in this patch set are a result of that. The long and=20 short of it is that nss should track ESRs only, and it could do=20 that now, but the process to update it is murky to me due to it=20 causing a lot of rebuilds. I asked for some advice on that a=20 couple days ago[2]. The comment is left in the hopes that a=20 well-meaning contributor doesn=E2=80=99t update it to a non-ESR version=20 before the ESR updates can be worked out, which would set the=20 timeline for that change back by a year. If you have guidance on how to update a package low in the graph,=20 I=E2=80=99d appreciate hearing! > >> +;; nss-rapid tracks the rapid release channel. Unless your=20 >> package requires a >> +;; newer version, you should prefer the `nss' package, which=20 >> tracks the ESR >> +;; channel. >> +;; >> +;; See https://wiki.mozilla.org/NSS:Release_Versions >> +;; and https://wiki.mozilla.org/Rapid_Release_Model >> + >> +(define-public nss-rapid > > Mixed feelings on rapid vs. latest ... latest is a bit more=20 > consistent > with other guix packages, though "rapid" is the terminology that > upstream uses here. > Yes, agreed that the terminology situation isn=E2=80=99t ideal. I don=E2= =80=99t=20 have a strong preference, but neither is there concensus around=20 "latest." In the absence of strong concensus, and to avoid=20 bikeshedding, I opted for reusing upstream terminology, but=20 clarifying that in the package description and synopsis. I=20 frankly do not care which is adopted, and it can be updated any=20 time, since this is high in the package graph. I do think that if=20 the package is named "nss-rapid", the synopsis/description should=20 indicate that this is upstreams Rapid Release channel. It=20 currently does, but would need some trivial editing should the=20 package name change. > Both those points are, in my opinion, quite minor; I would not=20 > want to > block on those points alone! > I agree, and I appreciate your pragmatic approach here. Thanks, =E2=80=94 Ian [1]:=20 https://lists.gnu.org/archive/html/guix-devel/2024-06/msg00318.html [2]:=20 https://lists.gnu.org/archive/html/guix-devel/2024-08/msg00074.html From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 20 01:47:36 2024 Received: (at 71832-done) by debbugs.gnu.org; 20 Aug 2024 05:47:36 +0000 Received: from localhost ([127.0.0.1]:59656 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sgHiS-0006MY-8b for submit@debbugs.gnu.org; Tue, 20 Aug 2024 01:47:36 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:56458) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sgHiQ-0006MK-0Z for 71832-done@debbugs.gnu.org; Tue, 20 Aug 2024 01:47:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1724132775; bh=MJDU7rhdnY/d0X7mdNQxPwagPYfshRsbsuxV7vAZ52Q=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=RvlRRP+OODE4IsqH5nQxOc1qQMhoVFLZkbjegoxnctrQtk5llwekCFezgbjZCliZL tx676+CGjs+9Z3vxPb3w06REgGkfs1eRXiSFipknRl5YbROUWkIUcgOcxk9I/dbwjS fu7oZmZP/s4iRb8YgIuks9+Ir8Wc4t7ynqeUZt1tqEAPGkMk9HYWqEMDaffD2yIIbi trcYmWQJ184OQB0otfe6/cnohhxSs9nB+IyFueD9KggX+aE+/Yw2lvpOfDXNFue3pn WJtSvE7/G24/M7tmAwwgTwURRZ5DOIySlnEM1cvixFW/hl22tK+WfrwUTBbzixQ0M+ +muBumfyReg/Q== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 890C6168A; Mon, 19 Aug 2024 22:46:15 -0700 (PDT) From: Vagrant Cascadian To: Ian Eure Subject: Re: [bug#71832] [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid In-Reply-To: <87bk1qlchd.fsf@wireframe> References: <20240629035716.21504-1-ian@retrospec.tv> <20240817193240.27089-1-ian@retrospec.tv> <87bk1qlchd.fsf@wireframe> Date: Mon, 19 Aug 2024 22:46:11 -0700 Message-ID: <87y14rkaqk.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71832-done Cc: 71832-done@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2024-08-17, Vagrant Cascadian wrote: > On 2024-08-17, Ian Eure wrote: >> - Updates LibreWolf to 129.0.1-1, the latest upstream. >> - Updates nss-rapid, to version 3.103, the latest upstream. >> - Adds the skr locale to all-mozilla-locales. >> - Backs out improvements not directly related to updating the browser version, to make review easier. > > It builds and runs fine for me, so overall I think this should be merged > sooner than later (despite some of my minor comments on the nss-rapid > patch)... given the previous iterations of patches over several months > and the growing list of CVE fixes... > > If there are no strong objections and nobody beats me to it, I will > merge these patches in the next couple days. Pushed as 58faaf4eaadafa09a97ab31103eb54bd2076a699. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZsQtowAKCRDcUY/If5cW quHKAP43JK+bNz72+QNsUd14TBc8dZIld7fOBNMkzYKkxu7ZfQEA/JSEqxFE0xXl iesuTNHcqR4EeH9JKrwhHO9R1yIRJQ0= =oznB -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 10:29:00 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 17 Sep 2024 11:24:09 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator