www-client/firefox: rev bump for new patch set

- Unbreak building against rust-1.47.0 - Multiple fixes for Wayland users - bmo#1656727 - bmo#1669495 - bmo#1634404 - bmo#1668771 - bmo#1661192 - bmo#1640567 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
author: Thomas Deutschmann <whissi@gentoo.org> 2020-10-10 17:44:42 +0200
committer: Thomas Deutschmann <whissi@gentoo.org> 2020-10-10 19:40:13 +0200
commit: c2cb1b1809dfdcc237f0bffb3330db785ca697c7 (patch)
tree: 10c6e7a1d4bda60368e627fdc3f0e667a64c0d9c /www-client/firefox
parent: mail-client/thunderbird: security cleanup (diff)
download: gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.tar.gz
gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.tar.bz2
gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.zip
2 files changed, 1067 insertions, 0 deletions
diff --git a/www-client/firefox/Manifest b/www-client/firefox/Manifest
index bada6f692bfe..ecb6b8a8bcd5 100644
--- a/www-client/firefox/Manifest
+++ b/www-client/firefox/Manifest
@@ -374,6 +374,7 @@ DIST firefox-80.0.1-zh-TW.xpi 611178 BLAKE2B e84b0defc7990b6c775a9ee9a5ba7dd54a6
 DIST firefox-80.0.1.source.tar.xz 334690792 BLAKE2B 47c8cdb2c8c0088b5dc8abbdfba8be685dfdd4d079b155aebb1431a5f8b448b94d90e188d08426053be961f228d3b4e7852626f502397099e99e4a897e7dadfa SHA512 97a54e5f0ff0e34d0994b9ea67250fda1e9a51acb1129a5f6ce632ca5d15132ae4e5eb18c1a9a609a14f5012daf87c6e1a5049e096dd1c32cac9e2c981381d10
 DIST firefox-80.0.source.tar.xz 335316448 BLAKE2B 3099426b27cd3c89b63be7d796c8c5a87d0ee9bd8252e5bde23ed3a61f71d611e7427ffee506224e81a88ef109eefe944f2cf3367bd636a6ed46b7351d0a4b1b SHA512 6cfba55615d032e77f973ffdb1d4bb27c3c00d1ef642521284afa3e01a1bd29c6db963181e9ebefb0a44e49b96c3f93e57ce49541eae7e5a54d3360ffa81c1f3
 DIST firefox-81-patches-01.tar.xz 27212 BLAKE2B ef544bf38ae2dcb3a385d68f6ecea016a4d0677af895fad8be2ab07a2dab313d953b764fd0390844444f743ae1a2f67fa6f3b67795b72823d9eb47f4ae10cc33 SHA512 88d0ca8f29574ac45afce3be4a59a9816b3761eb5e1741770927c26c4d4afae669ba8632bbef78479cb7ec892e581ef06e2a5da7c2e106a676dce886d2a14ebc
+DIST firefox-81-patches-02.tar.xz 167760 BLAKE2B b6b3e55057b8533614597f2284d0caf88dede2a3580dc3f4ed375449ff3d776248dc37256678d416d605f69498468a63ef662e500f11523def67ff8c7f71ad1b SHA512 2229553934163ba4d017a3da23526f4577383e6c4c434e73a17c4eeec5aa4bd612f3523e0de567369a94dc23ac273fa5f77a4cbbb2ff43af3ba4f960a48bcc47
 DIST firefox-81.0.1-ach.xpi 458702 BLAKE2B bc2bbb8174556aa91d8fe9149b5e7debedfbd8682207c62c8c1ca3ad86355bd522a2c08915094871ccb46c3c9b7a0a6dde4cc1a8dd296890176003a7eb349274 SHA512 04a2e8146fce327dfbe19a583c2d1ac45289a14dff7f29af17246d6bf8ae0c61363151cbea50da2a0ca06257c9b1ab4ef1b4d26086cea48b2121f059ca97d977
 DIST firefox-81.0.1-af.xpi 429009 BLAKE2B 529a751d6b4ff4e9e1c693cd3c409d199ba5db53f499200718f1dd17c726b4d45b9c4e9a2d4b0fa418afacfc4c2917dfec09f55e5b12db39353e0759b68a4101 SHA512 c704334d07496c5cb0fb7a9755bd53ecc9fcd447772f8d40ab1d601c5a8e7d9ef99a366f3dda287b4a0e11795b5b4b3e06e0da9cc5e09bdedab3ccb3979c32b4
 DIST firefox-81.0.1-an.xpi 506886 BLAKE2B 72b0b6d8aeabd3c0db9bdd3bd2e7015bc7245250c450a4844807c320228b3c3fd8423a0677c3b93f913e3acd2cc2d8752ab22a2fb78a5b8a62d4dc03e3e8edef SHA512 3da113ccdb5c219e1fa07b678056460687a2de57f783c5056e1572cbad0b2238fe1fbd5d36d463bebb1ec0ad2842bfd440a2995185e862ab51cb23ed5b1a8d3f
diff --git a/www-client/firefox/firefox-81.0.1-r1.ebuild b/www-client/firefox/firefox-81.0.1-r1.ebuild
new file mode 100644
index 000000000000..c70401238583
--- /dev/null
+++ b/www-client/firefox/firefox-81.0.1-r1.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+FIREFOX_PATCHSET="firefox-81-patches-02.tar.xz"
+
+LLVM_MAX_SLOT=11
+
+PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_REQ_USE="ncurses,sqlite,ssl"
+
+WANT_AUTOCONF="2.1"
+
+VIRTUALX_REQUIRED="pgo"
+
+MOZ_ESR=
+
+# Convert the ebuild version to the upstream mozilla version, used by mozlinguas
+MOZ_PV="${PV/_alpha/a}"    # Handle alpha for SRC_URI
+MOZ_PV="${MOZ_PV/_beta/b}" # Handle beta for SRC_URI
+MOZ_PV="${MOZ_PV%%_rc*}"   # Handle rc for SRC_URI
+
+if [[ -n ${MOZ_ESR} ]] ; then
+	# ESR releases have slightly different version numbers
+	MOZ_PV="${MOZ_PV}esr"
+fi
+
+MOZ_PN="${PN%-bin}"
+MOZ_P="${MOZ_PN}-${MOZ_PV}"
+
+inherit autotools check-reqs desktop flag-o-matic gnome2-utils llvm \
+	multiprocessing pax-utils python-any-r1 toolchain-funcs \
+	virtualx xdg
+
+MOZ_SRC_BASE_URI="https://archive.mozilla.org/pub/${MOZ_PN}/releases/${MOZ_PV}"
+
+if [[ ${PV} == *_rc* ]] ; then
+	MOZ_SRC_BASE_URI="https://archive.mozilla.org/pub/${MOZ_PN}/candidates/${MOZ_PV}-candidates/build${PV##*_rc}"
+fi
+
+PATCH_URIS=(
+	https://dev.gentoo.org/~{axs,polynomial-c,whissi}/mozilla/patchsets/${FIREFOX_PATCHSET}
+)
+
+SRC_URI="${MOZ_SRC_BASE_URI}/source/${MOZ_P}.source.tar.xz
+	${PATCH_URIS[@]}"
+
+DESCRIPTION="Firefox Web Browser"
+HOMEPAGE="https://www.mozilla.com/firefox"
+
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+
+SLOT="0/$(ver_cut 1)"
+LICENSE="MPL-2.0 GPL-2 LGPL-2.1"
+IUSE="clang cpu_flags_arm_neon dbus debug eme-free geckodriver +gmp-autoupdate
+	hardened hwaccel jack lto +openh264 pgo pulseaudio screencast selinux
+	+system-av1 +system-harfbuzz +system-icu +system-jpeg +system-libevent
+	+system-libvpx +system-webp wayland wifi"
+
+REQUIRED_USE="screencast? ( wayland )"
+
+BDEPEND="${PYTHON_DEPS}
+	app-arch/unzip
+	app-arch/zip
+	>=dev-util/cbindgen-0.14.3
+	>=net-libs/nodejs-10.19.0
+	virtual/pkgconfig
+	>=virtual/rust-1.43.0
+	|| (
+		(
+			sys-devel/clang:11
+			sys-devel/llvm:11
+			clang? (
+				=sys-devel/lld-11*
+				pgo? ( =sys-libs/compiler-rt-sanitizers-11*[profile] )
+			)
+		)
+		(
+			sys-devel/clang:10
+			sys-devel/llvm:10
+			clang? (
+				=sys-devel/lld-10*
+				pgo? ( =sys-libs/compiler-rt-sanitizers-10*[profile] )
+			)
+		)
+		(
+			sys-devel/clang:9
+			sys-devel/llvm:9
+			clang? (
+				=sys-devel/lld-9*
+				pgo? ( =sys-libs/compiler-rt-sanitizers-9*[profile] )
+			)
+		)
+	)
+	lto? (
+		!clang? ( sys-devel/binutils[gold] )
+	)
+	amd64? ( >=dev-lang/yasm-1.1 )
+	x86? ( >=dev-lang/yasm-1.1 )
+	!system-av1? (
+		amd64? ( >=dev-lang/nasm-2.13 )
+		x86? ( >=dev-lang/nasm-2.13 )
+	)"
+
+CDEPEND="
+	>=dev-libs/nss-3.56
+	>=dev-libs/nspr-4.28
+	dev-libs/atk
+	dev-libs/expat
+	>=x11-libs/cairo-1.10[X]
+	>=x11-libs/gtk+-2.18:2
+	>=x11-libs/gtk+-3.4.0:3[X]
+	x11-libs/gdk-pixbuf
+	>=x11-libs/pango-1.22.0
+	>=media-libs/libpng-1.6.35:0=[apng]
+	>=media-libs/mesa-10.2:*
+	media-libs/fontconfig
+	>=media-libs/freetype-2.4.10
+	kernel_linux? ( !pulseaudio? ( media-libs/alsa-lib ) )
+	virtual/freedesktop-icon-theme
+	>=x11-libs/pixman-0.19.2
+	>=dev-libs/glib-2.26:2
+	>=sys-libs/zlib-1.2.3
+	>=dev-libs/libffi-3.0.10:=
+	media-video/ffmpeg
+	x11-libs/libX11
+	x11-libs/libXcomposite
+	x11-libs/libXdamage
+	x11-libs/libXext
+	x11-libs/libXfixes
+	x11-libs/libXrender
+	x11-libs/libXt
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib
+	)
+	screencast? ( media-video/pipewire:0/0.3 )
+	system-av1? (
+		>=media-libs/dav1d-0.3.0:=
+		>=media-libs/libaom-1.0.0:=
+	)
+	system-harfbuzz? (
+		>=media-libs/harfbuzz-2.6.8:0=
+		>=media-gfx/graphite2-1.3.13
+	)
+	system-icu? ( >=dev-libs/icu-67.1:= )
+	system-jpeg? ( >=media-libs/libjpeg-turbo-1.2.1 )
+	system-libevent? ( >=dev-libs/libevent-2.0:0=[threads] )
+	system-libvpx? ( >=media-libs/libvpx-1.8.2:0=[postproc] )
+	system-webp? ( >=media-libs/libwebp-1.1.0:0= )
+	wifi? (
+		kernel_linux? (
+			sys-apps/dbus
+			dev-libs/dbus-glib
+			net-misc/networkmanager
+		)
+	)
+	jack? ( virtual/jack )
+	selinux? ( sec-policy/selinux-mozilla )"
+
+RDEPEND="${CDEPEND}
+	jack? ( virtual/jack )
+	openh264? ( media-libs/openh264:*[plugin] )
+	pulseaudio? (
+		|| (
+			media-sound/pulseaudio
+			>=media-sound/apulse-0.1.12-r4
+		)
+	)
+	selinux? ( sec-policy/selinux-mozilla )"
+
+DEPEND="${CDEPEND}
+	pulseaudio? (
+		|| (
+			media-sound/pulseaudio
+			>=media-sound/apulse-0.1.12-r4[sdk]
+		)
+	)
+	wayland? ( >=x11-libs/gtk+-3.11:3[wayland] )
+	amd64? ( virtual/opengl )
+	x86? ( virtual/opengl )"
+
+S="${WORKDIR}/${PN}-${PV%_*}"
+
+# Allow MOZ_GMP_PLUGIN_LIST to be set in an eclass or
+# overridden in the enviromnent (advanced hackers only)
+if [[ -z "${MOZ_GMP_PLUGIN_LIST+set}" ]] ; then
+	MOZ_GMP_PLUGIN_LIST=( gmp-gmpopenh264 gmp-widevinecdm )
+fi
+
+llvm_check_deps() {
+	if ! has_version -b "sys-devel/clang:${LLVM_SLOT}" ; then
+		ewarn "sys-devel/clang:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2
+		return 1
+	fi
+
+	if use clang ; then
+		if ! has_version -b "=sys-devel/lld-${LLVM_SLOT}*" ; then
+			ewarn "=sys-devel/lld-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2
+			return 1
+		fi
+
+		if use pgo ; then
+			if ! has_version -b "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}*" ; then
+				ewarn "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2
+				return 1
+			fi
+		fi
+	fi
+
+	einfo "Will use LLVM slot ${LLVM_SLOT}!" >&2
+}
+
+MOZ_LANGS=(
+	ach af an ar ast az be bg bn br bs ca-valencia ca cak cs cy
+	da de dsb el en-CA en-GB en-US eo es-AR es-CL es-ES es-MX et eu
+	fa ff fi fr fy-NL ga-IE gd gl gn gu-IN he hi-IN hr hsb hu hy-AM
+	ia id is it ja ka kab kk km kn ko lij lt lv mk mr ms my
+	nb-NO ne-NP nl nn-NO oc pa-IN pl pt-BR pt-PT rm ro ru
+	si sk sl son sq sr sv-SE ta te th tl tr trs uk ur uz vi
+	xh zh-CN zh-TW
+)
+
+mozilla_set_globals() {
+	# https://bugs.gentoo.org/587334
+	local MOZ_TOO_REGIONALIZED_FOR_L10N=(
+		fy-NL ga-IE gu-IN hi-IN hy-AM nb-NO ne-NP nn-NO pa-IN sv-SE
+	)
+
+	local lang xflag
+	for lang in "${MOZ_LANGS[@]}" ; do
+		# en and en_US are handled internally
+		if [[ ${lang} == en ]] || [[ ${lang} == en-US ]] ; then
+			continue
+		fi
+
+		# strip region subtag if $lang is in the list
+		if has ${lang} "${MOZ_TOO_REGIONALIZED_FOR_L10N[@]}" ; then
+			xflag=${lang%%-*}
+		else
+			xflag=${lang}
+		fi
+
+		SRC_URI+=" l10n_${xflag/[_@]/-}? ("
+		SRC_URI+=" ${MOZ_SRC_BASE_URI}/linux-x86_64/xpi/${lang}.xpi -> ${MOZ_P}-${lang}.xpi"
+		SRC_URI+=" )"
+		IUSE+=" l10n_${xflag/[_@]/-}"
+	done
+}
+mozilla_set_globals
+
+moz_clear_vendor_checksums() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -ne 1 ]] ; then
+		die "${FUNCNAME} requires exact one argument"
+	fi
+
+	einfo "Clearing cargo checksums for ${1} ..."
+
+	sed -i \
+		-e 's/\("files":{\)[^}]*/\1/' \
+		"${S}"/third_party/rust/${1}/.cargo-checksum.json \
+		|| die
+}
+
+moz_install_xpi() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -lt 2 ]] ; then
+		die "${FUNCNAME} requires at least two arguments"
+	fi
+
+	local DESTDIR=${1}
+	shift
+
+	insinto "${DESTDIR}"
+
+	local emid xpi_file xpi_tmp_dir
+	for xpi_file in "${@}" ; do
+		emid=
+		xpi_tmp_dir=$(mktemp -d --tmpdir="${T}")
+
+		# Unpack XPI
+		unzip -qq "${xpi_file}" -d "${xpi_tmp_dir}" || die
+
+		# Determine extension ID
+		if [[ -f "${xpi_tmp_dir}/install.rdf" ]] ; then
+			emid=$(sed -n -e '/install-manifest/,$ { /em:id/!d; s/.*[\">]\([^\"<>]*\)[\"<].*/\1/; p; q }' "${xpi_tmp_dir}/install.rdf")
+			[[ -z "${emid}" ]] && die "failed to determine extension id from install.rdf"
+		elif [[ -f "${xpi_tmp_dir}/manifest.json" ]] ; then
+			emid=$(sed -n -e 's/.*"id": "\([^"]*\)".*/\1/p' "${xpi_tmp_dir}/manifest.json")
+			[[ -z "${emid}" ]] && die "failed to determine extension id from manifest.json"
+		else
+			die "failed to determine extension id"
+		fi
+
+		einfo "Installing ${emid}.xpi into ${ED}${DESTDIR} ..."
+		newins "${xpi_file}" "${emid}.xpi"
+	done
+}
+
+mozconfig_add_options_ac() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -lt 2 ]] ; then
+		die "${FUNCNAME} requires at least two arguments"
+	fi
+
+	local reason=${1}
+	shift
+
+	local option
+	for option in ${@} ; do
+		echo "ac_add_options ${option} # ${reason}" >>${MOZCONFIG}
+	done
+}
+
+mozconfig_add_options_mk() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -lt 2 ]] ; then
+		die "${FUNCNAME} requires at least two arguments"
+	fi
+
+	local reason=${1}
+	shift
+
+	local option
+	for option in ${@} ; do
+		echo "mk_add_options ${option} # ${reason}" >>${MOZCONFIG}
+	done
+}
+
+mozconfig_use_enable() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -lt 1 ]] ; then
+		die "${FUNCNAME} requires at least one arguments"
+	fi
+
+	local flag=$(use_enable "${@}")
+	mozconfig_add_options_ac "$(use ${1} && echo +${1} || echo -${1})" "${flag}"
+}
+
+mozconfig_use_with() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	if [[ ${#} -lt 1 ]] ; then
+		die "${FUNCNAME} requires at least one arguments"
+	fi
+
+	local flag=$(use_with "${@}")
+	mozconfig_add_options_ac "$(use ${1} && echo +${1} || echo -${1})" "${flag}"
+}
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != binary ]] ; then
+		if use pgo ; then
+			if ! has usersandbox $FEATURES ; then
+				die "You must enable usersandbox as X server can not run as root!"
+			fi
+		fi
+
+		# Ensure we have enough disk space to compile
+		if use pgo || use lto || use debug ; then
+			CHECKREQS_DISK_BUILD="13G"
+		else
+			CHECKREQS_DISK_BUILD="5G"
+		fi
+
+		check-reqs_pkg_pretend
+	fi
+}
+
+pkg_setup() {
+	if [[ ${MERGE_TYPE} != binary ]] ; then
+		if use pgo ; then
+			if ! has userpriv ${FEATURES} ; then
+				eerror "Building ${PN} with USE=pgo and FEATURES=-userpriv is not supported!"
+			fi
+		fi
+
+		# Ensure we have enough disk space to compile
+		if use pgo || use lto || use debug ; then
+			CHECKREQS_DISK_BUILD="13G"
+		else
+			CHECKREQS_DISK_BUILD="5G"
+		fi
+
+		check-reqs_pkg_setup
+
+		llvm_pkg_setup
+
+		python-any-r1_pkg_setup
+
+		# Avoid PGO profiling problems due to enviroment leakage
+		# These should *always* be cleaned up anyway
+		unset \
+			DBUS_SESSION_BUS_ADDRESS \
+			DISPLAY \
+			ORBIT_SOCKETDIR \
+			SESSION_MANAGER \
+			XAUTHORITY \
+			XDG_CACHE_HOME \
+			XDG_SESSION_COOKIE
+
+		# Build system is using /proc/self/oom_score_adj, bug #604394
+		addpredict /proc/self/oom_score_adj
+
+		if ! mountpoint -q /dev/shm ; then
+			# If /dev/shm is not available, configure is known to fail with
+			# a traceback report referencing /usr/lib/pythonN.N/multiprocessing/synchronize.py
+			ewarn "/dev/shm is not mounted -- expect build failures!"
+		fi
+
+		# Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)
+		# Note: These are for Gentoo Linux use ONLY. For your own distribution, please
+		# get your own set of keys.
+		if [[ -z "${MOZ_API_KEY_GOOGLE+set}" ]] ; then
+			MOZ_API_KEY_GOOGLE="AIzaSyDEAOvatFogGaPi0eTgsV_ZlEzx0ObmepsMzfAc"
+		fi
+
+		# Ensure we use C locale when building, bug #746215
+		export LC_ALL=C
+	fi
+}
+
+src_unpack() {
+	local _lp_dir="${WORKDIR}/language_packs"
+	local _src_file
+
+	if [[ ! -d "${_lp_dir}" ]] ; then
+		mkdir "${_lp_dir}" || die
+	fi
+
+	for _src_file in ${A} ; do
+		if [[ ${_src_file} == *.xpi ]]; then
+			cp "${DISTDIR}/${_src_file}" "${_lp_dir}" || die "Failed to copy '${_src_file}' to '${_lp_dir}'!"
+		else
+			unpack ${_src_file}
+		fi
+	done
+}
+
+src_prepare() {
+	use lto && rm -v "${WORKDIR}"/firefox-patches/*-LTO-Only-enable-LTO-*.patch
+	eapply "${WORKDIR}/firefox-patches"
+
+	# Allow user to apply any additional patches without modifing ebuild
+	eapply_user
+
+	# Make LTO respect MAKEOPTS
+	sed -i \
+		-e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \
+		"${S}"/build/moz.configure/lto-pgo.configure \
+		|| die "sed failed to set num_cores"
+
+	# Make ICU respect MAKEOPTS
+	sed -i \
+		-e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \
+		"${S}"/intl/icu_sources_data.py \
+		|| die "sed failed to set num_cores"
+
+	# sed-in toolchain prefix
+	sed -i \
+		-e "s/objdump/${CHOST}-objdump/" \
+		"${S}"/python/mozbuild/mozbuild/configure/check_debug_ranges.py \
+		|| die "sed failed to set toolchain prefix"
+
+	sed -i \
+		-e 's/ccache_stats = None/return None/' \
+		"${S}"/python/mozbuild/mozbuild/controller/building.py \
+		|| die "sed failed to disable ccache stats call"
+
+	einfo "Removing pre-built binaries ..."
+	find "${S}"/third_party -type f \( -name '*.so' -o -name '*.o' \) -print -delete || die
+
+	# Clearing checksums where we have applied patches
+	moz_clear_vendor_checksums target-lexicon-0.9.0
+
+	# Create build dir
+	BUILD_DIR="${WORKDIR}/${PN}_build"
+	mkdir -p "${BUILD_DIR}" || die
+
+	# Write API keys to disk
+	echo -n "${MOZ_API_KEY_GOOGLE//gGaPi/}" > "${S}"/api-google.key || die
+
+	xdg_src_prepare
+}
+
+src_configure() {
+	local have_switched_compiler=
+	if use clang && ! tc-is-clang ; then
+		# Force clang
+		einfo "Enforcing the use of clang due to USE=clang ..."
+		have_switched_compiler=yes
+		CC=${CHOST}-clang
+		CXX=${CHOST}-clang++
+	elif ! use clang && ! tc-is-gcc ; then
+		# Force gcc
+		have_switched_compiler=yes
+		einfo "Enforcing the use of gcc due to USE=-clang ..."
+		CC=${CHOST}-gcc
+		CXX=${CHOST}-g++
+	fi
+
+	if [[ -n "${have_switched_compiler}" ]] ; then
+		# Because we switched active compiler we have to ensure
+		# that no unsupported flags are set
+		strip-unsupported-flags
+	fi
+
+	# Ensure we use correct toolchain
+	export HOST_CC="$(tc-getBUILD_CC)"
+	export HOST_CXX="$(tc-getBUILD_CXX)"
+	tc-export CC CXX LD AR NM OBJDUMP RANLIB PKG_CONFIG
+
+	# Set MOZILLA_FIVE_HOME
+	export MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}"
+
+	# python/mach/mach/mixin/process.py fails to detect SHELL
+	export SHELL="${EPREFIX}/bin/bash"
+
+	# Set MOZCONFIG
+	export MOZCONFIG="${S}/.mozconfig"
+
+	# Initialize MOZCONFIG
+	mozconfig_add_options_ac '' --enable-application=browser
+
+	if use lto ; then
+		if use clang ; then
+			# Upstream only supports lld when using clang
+			mozconfig_add_options_ac "forcing ld=lld due to USE=clang and USE=lto" --enable-linker=lld
+
+			mozconfig_add_options_ac '+lto' --enable-lto=cross
+		else
+			# Linking only works when using ld.gold when LTO is enabled
+			mozconfig_add_options_ac "forcing ld=gold due to USE=lto" --enable-linker=gold
+
+			# ThinLTO is currently broken, see bmo#1644409
+			mozconfig_add_options_ac '+lto' --enable-lto=full
+		fi
+
+		if use pgo ; then
+			mozconfig_add_options_ac '+pgo' MOZ_PGO=1
+		fi
+	else
+		# Avoid auto-magic on linker
+		if use clang ; then
+			# This is upstream's default
+			mozconfig_add_options_ac "forcing ld=lld due to USE=clang" --enable-linker=lld
+		elif tc-ld-is-gold ; then
+			mozconfig_add_options_ac "linker is set to gold" --enable-linker=gold
+		else
+			mozconfig_add_options_ac "linker is set to bfd" --enable-linker=bfd
+		fi
+	fi
+
+	# LTO flag was handled via configure
+	filter-flags '-flto*'
+
+	mozconfig_use_enable debug
+	if use debug ; then
+		mozconfig_add_options_ac '+debug' --disable-optimize
+	else
+		if is-flag '-g*' ; then
+			if use clang ; then
+				mozconfig_add_options_ac 'from CFLAGS' --enable-debug-symbols=$(get-flag '-g*')
+			else
+				mozconfig_add_options_ac 'from CFLAGS' --enable-debug-symbols
+			fi
+		else
+			mozconfig_add_options_ac 'Gentoo default' --disable-debug-symbols
+		fi
+
+		if is-flag '-O0' ; then
+			mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O0
+		elif is-flag '-O4' ; then
+			mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O4
+		elif is-flag '-O3' ; then
+			mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O3
+		elif is-flag '-O1' ; then
+			mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-O1
+		elif is-flag '-Os' ; then
+			mozconfig_add_options_ac "from CFLAGS" --enable-optimize=-Os
+		else
+			mozconfig_add_options_ac "Gentoo default" --enable-optimize=-O2
+		fi
+	fi
+
+	# Debug flag was handled via configure
+	filter-flags '-g*'
+
+	# Optimization flag was handled via configure
+	filter-flags '-O*'
+
+	mozconfig_add_options_ac 'Gentoo default' \
+		--allow-addon-sideload \
+		--disable-cargo-incremental \
+		--disable-crashreporter \
+		--disable-install-strip \
+		--disable-strip \
+		--disable-updater \
+		--enable-official-branding \
+		--enable-release \
+		--enable-system-ffi \
+		--enable-system-pixman \
+		--host="${CBUILD:-${CHOST}}" \
+		--libdir="${EPREFIX}/usr/$(get_libdir)" \
+		--prefix="${EPREFIX}/usr" \
+		--target="${CHOST}" \
+		--without-ccache \
+		--with-intl-api \
+		--with-libclang-path="$(llvm-config --libdir)" \
+		--with-system-nspr \
+		--with-system-nss \
+		--with-system-png \
+		--with-system-zlib \
+		--with-toolchain-prefix="${CHOST}-" \
+		--with-unsigned-addon-scopes=app,system \
+		--x-includes="${SYSROOT}${EPREFIX}/usr/include" \
+		--x-libraries="${SYSROOT}${EPREFIX}/usr/$(get_libdir)"
+
+	# Set update channel
+	local update_channel=release
+	[[ -n ${MOZ_ESR} ]] && update_channel=esr
+	mozconfig_add_options_ac '' --update-channel=${update_channel}
+
+	if ! use x86 && [[ ${CHOST} != armv*h* ]] ; then
+		mozconfig_add_options_ac '' --enable-rust-simd
+	fi
+
+	if [[ -s "${S}/api-google.key" ]] ; then
+		local key_origin="Gentoo default"
+		if [[ $(cat "${S}/api-google.key" | md5sum | awk '{ print $1 }') != 709560c02f94b41f9ad2c49207be6c54 ]] ; then
+			key_origin="User value"
+		fi
+
+		mozconfig_add_options_ac "${key_origin}" \
+			--with-google-location-service-api-keyfile="${S}/api-google.key" \
+			--with-google-safebrowsing-api-keyfile="${S}/api-google.key"
+	else
+		einfo "Building without Google API key ..."
+	fi
+
+	mozconfig_use_with system-av1
+	mozconfig_use_with system-harfbuzz
+	mozconfig_use_with system-harfbuzz system-graphite2
+	mozconfig_use_with system-icu
+	mozconfig_use_with system-jpeg
+	mozconfig_use_with system-libevent system-libevent "${SYSROOT}${EPREFIX}/usr"
+	mozconfig_use_with system-libvpx
+	mozconfig_use_with system-webp
+
+	mozconfig_use_enable dbus
+
+	use eme-free && mozconfig_add_options_ac '+eme-free' --disable-eme
+
+	mozconfig_use_enable geckodriver
+
+	if use hardened ; then
+		mozconfig_add_options_ac "+hardened" --enable-hardening
+		append-ldflags "-Wl,-z,relro -Wl,-z,now"
+	fi
+
+	mozconfig_use_enable jack
+
+	mozconfig_use_enable pulseaudio
+	# force the deprecated alsa sound code if pulseaudio is disabled
+	if use kernel_linux && ! use pulseaudio ; then
+		mozconfig_add_options_ac '-pulseaudio' --enable-alsa
+	fi
+
+	mozconfig_use_enable screencast pipewire
+
+	mozconfig_use_enable wifi necko-wifi
+
+	if use wayland ; then
+		mozconfig_add_options_ac '+wayland' --enable-default-toolkit=cairo-gtk3-wayland
+	else
+		mozconfig_add_options_ac '' --enable-default-toolkit=cairo-gtk3
+	fi
+
+	# Modifications to better support ARM, bug #553364
+	if use cpu_flags_arm_neon ; then
+		mozconfig_add_options_ac '+cpu_flags_arm_neon' --with-fpu=neon
+
+		if ! tc-is-clang ; then
+			# thumb options aren't supported when using clang, bug 666966
+			mozconfig_add_options_ac '+cpu_flags_arm_neon' \
+				--with-thumb=yes \
+				--with-thumb-interwork=no
+		fi
+	fi
+
+	if [[ ${CHOST} == armv*h* ]] ; then
+		mozconfig_add_options_ac 'CHOST=armv*h*' --with-float-abi=hard
+
+		if ! use system-libvpx ; then
+			sed -i \
+				-e "s|softfp|hard|" \
+				"${S}"/media/libvpx/moz.build \
+				|| die
+		fi
+	fi
+
+	if use clang ; then
+		# https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
+		# https://bugzilla.mozilla.org/show_bug.cgi?id=1483822
+		# toolkit/moz.configure Elfhack section: target.cpu in ('arm', 'x86', 'x86_64')
+		local disable_elf_hack=
+		if use amd64 ; then
+			disable_elf_hack=yes
+		elif use x86 ; then
+			disable_elf_hack=yes
+		elif use arm ; then
+			disable_elf_hack=yes
+		fi
+
+		if [[ -n ${disable_elf_hack} ]] ; then
+			mozconfig_add_options_ac 'elf-hack is broken when using Clang' --disable-elf-hack
+		fi
+	fi
+
+	# Additional ARCH support
+	case "${ARCH}" in
+		arm | ppc64)
+			# Reduce the memory requirements for linking
+			if use clang ; then
+				# Nothing to do
+				:;
+			elif tc-ld-is-gold ; then
+				append-ldflags -Wl,--no-keep-memory
+			else
+				append-ldflags -Wl,--no-keep-memory -Wl,--reduce-memory-overheads
+			fi
+			;;
+	esac
+
+	if ! use elibc_glibc ; then
+		mozconfig_add_options_ac '!elibc_glibc' --disable-jemalloc
+	fi
+
+	# Allow elfhack to work in combination with unstripped binaries
+	# when they would normally be larger than 2GiB.
+	append-ldflags "-Wl,--compress-debug-sections=zlib"
+
+	# Pass $MAKEOPTS to build system
+	export MOZ_MAKE_FLAGS="${MAKEOPTS}"
+
+	# Use system's Python environment
+	export MACH_USE_SYSTEM_PYTHON=1
+
+	# Disable notification when build system has finished
+	export MOZ_NOSPAM=1
+
+	# Build system requires xargs but is unable to find it
+	mozconfig_add_options_mk 'Gentoo default' "XARGS=${EPREFIX}/usr/bin/xargs"
+
+	# Set build dir
+	mozconfig_add_options_mk 'Gentoo default' "MOZ_OBJDIR=${BUILD_DIR}"
+
+	# Handle EXTRA_CONF and show summary
+	local ac opt hash reason
+
+	# Apply EXTRA_ECONF entries to $MOZCONFIG
+	if [[ -n ${EXTRA_ECONF} ]] ; then
+		IFS=\! read -a ac <<<${EXTRA_ECONF// --/\!}
+		for opt in "${ac[@]}"; do
+			mozconfig_add_options_ac "EXTRA_ECONF" --${opt#--}
+		done
+	fi
+
+	echo
+	echo "=========================================================="
+	echo "Building ${PF} with the following configuration"
+	grep ^ac_add_options "${MOZCONFIG}" | while read ac opt hash reason; do
+		[[ -z ${hash} || ${hash} == \# ]] \
+			|| die "error reading mozconfig: ${ac} ${opt} ${hash} ${reason}"
+		printf "    %-30s  %s\n" "${opt}" "${reason:-mozilla.org default}"
+	done
+	echo "=========================================================="
+	echo
+
+	./mach configure || die
+}
+
+src_compile() {
+	local virtx_cmd=
+
+	if use pgo ; then
+		virtx_cmd=virtx
+
+		# Reset and cleanup environment variables used by GNOME/XDG
+		gnome2_environment_reset
+
+		addpredict /root
+	fi
+
+	local -x GDK_BACKEND=x11
+
+	${virtx_cmd} ./mach build --verbose \
+		|| die
+}
+
+src_install() {
+	# xpcshell is getting called during install
+	pax-mark m \
+		"${BUILD_DIR}"/dist/bin/xpcshell \
+		"${BUILD_DIR}"/dist/bin/firefox \
+		"${BUILD_DIR}"/dist/bin/plugin-container
+
+	DESTDIR="${D}" ./mach install || die
+
+	# Upstream cannot ship symlink but we can (bmo#658850)
+	rm "${ED}${MOZILLA_FIVE_HOME}/${PN}-bin" || die
+	dosym ${PN} ${MOZILLA_FIVE_HOME}/${PN}-bin
+
+	# Don't install llvm-symbolizer from sys-devel/llvm package
+	if [[ -f "${ED}${MOZILLA_FIVE_HOME}/llvm-symbolizer" ]] ; then
+		rm -v "${ED}${MOZILLA_FIVE_HOME}/llvm-symbolizer" || die
+	fi
+
+	# Install policy (currently only used to disable application updates)
+	insinto "${MOZILLA_FIVE_HOME}/distribution"
+	newins "${FILESDIR}"/disable-auto-update.policy.json policies.json
+
+	# Install system-wide preferences
+	local PREFS_DIR="${MOZILLA_FIVE_HOME}/browser/defaults/preferences"
+	insinto "${PREFS_DIR}"
+	newins "${FILESDIR}"/gentoo-default-prefs.js all-gentoo.js
+
+	local GENTOO_PREFS="${ED}${PREFS_DIR}/all-gentoo.js"
+
+	# Set dictionary path to use system hunspell
+	cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to set spellchecker.dictionary_path pref"
+	pref("spellchecker.dictionary_path",       "${EPREFIX}/usr/share/myspell");
+	EOF
+
+	# Force hwaccel prefs if USE=hwaccel is enabled
+	if use hwaccel ; then
+		cat "${FILESDIR}"/gentoo-hwaccel-prefs.js-1 \
+		>>"${GENTOO_PREFS}" \
+		|| die "failed to add prefs to force hardware-accelerated rendering to all-gentoo.js"
+	fi
+
+	if ! use gmp-autoupdate ; then
+		local plugin
+		for plugin in "${MOZ_GMP_PLUGIN_LIST[@]}" ; do
+			einfo "Disabling auto-update for ${plugin} plugin ..."
+			cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to disable autoupdate for ${plugin} media plugin"
+			pref("media.${plugin}.autoupdate",   false);
+			EOF
+		done
+	fi
+
+	# Force the graphite pref if USE=system-harfbuzz is enabled, since the pref cannot disable it
+	if use system-harfbuzz ; then
+		cat >>"${GENTOO_PREFS}" <<-EOF || die "failed to set gfx.font_rendering.graphite.enabled pref"
+		sticky_pref("gfx.font_rendering.graphite.enabled", true);
+		EOF
+	fi
+
+	# Install language packs
+	local langpacks=( $(find "${WORKDIR}/language_packs" -type f -name '*.xpi') )
+	if [[ -n "${langpacks}" ]] ; then
+		moz_install_xpi "${MOZILLA_FIVE_HOME}/distribution/extensions" "${langpacks[@]}"
+	fi
+
+	# Install geckodriver
+	if use geckodriver ; then
+		einfo "Installing geckodriver into ${ED}${MOZILLA_FIVE_HOME} ..."
+		pax-mark m "${BUILD_DIR}"/dist/bin/geckodriver
+		exeinto "${MOZILLA_FIVE_HOME}"
+		doexe "${BUILD_DIR}"/dist/bin/geckodriver
+
+		dosym ${MOZILLA_FIVE_HOME}/geckodriver /usr/bin/geckodriver
+	fi
+
+	# Install icons
+	local icon_srcdir="${S}/browser/branding/official"
+	local icon_symbolic_file="${FILESDIR}/icon/firefox-symbolic.svg"
+
+	insinto /usr/share/icons/hicolor/symbolic/apps
+	newins "${icon_symbolic_file}" ${PN}-symbolic.svg
+
+	local icon size
+	for icon in "${icon_srcdir}"/default*.png ; do
+		size=${icon%.png}
+		size=${size##*/default}
+
+		if [[ ${size} -eq 48 ]] ; then
+			newicon "${icon}" ${PN}.png
+		fi
+
+		newicon -s ${size} "${icon}" ${PN}.png
+	done
+
+	# Install menus
+	local wrapper_wayland="${PN}-wayland.sh"
+	local wrapper_x11="${PN}-x11.sh"
+	local desktop_file="${FILESDIR}/icon/${PN}-r2.desktop"
+	local display_protocols="auto X11"
+	local icon="${PN}"
+	local name="Mozilla ${MOZ_PN^}"
+	local use_wayland="false"
+
+	if use wayland ; then
+		display_protocols+=" Wayland"
+		use_wayland="true"
+	fi
+
+	local app_name desktop_filename display_protocol exec_command
+	for display_protocol in ${display_protocols} ; do
+		app_name="${name} on ${display_protocol}"
+		desktop_filename="${PN}-${display_protocol,,}.desktop"
+
+		case ${display_protocol} in
+			Wayland)
+				exec_command="${PN}-wayland --name ${PN}-wayland"
+				newbin "${FILESDIR}/${wrapper_wayland}" ${PN}-wayland
+				;;
+			X11)
+				if ! use wayland ; then
+					# Exit loop here because there's no choice so
+					# we don't need wrapper/.desktop file for X11.
+					continue
+				fi
+
+				exec_command="${PN}-x11 --name ${PN}-x11"
+				newbin "${FILESDIR}/${wrapper_x11}" ${PN}-x11
+				;;
+			*)
+				app_name="${name}"
+				desktop_filename="${PN}.desktop"
+				exec_command="${PN}"
+				;;
+		esac
+
+		cp "${desktop_file}" "${WORKDIR}/${PN}.desktop-template" || die
+
+		sed -i \
+			-e "s:@NAME@:${app_name}:" \
+			-e "s:@EXEC@:${exec_command}:" \
+			-e "s:@ICON@:${icon}:" \
+			"${WORKDIR}/${PN}.desktop-template" \
+			|| die
+
+		newmenu "${WORKDIR}/${PN}.desktop-template" "${desktop_filename}"
+
+		rm "${WORKDIR}/${PN}.desktop-template" || die
+	done
+
+	# Install generic wrapper script
+	[[ -f "${ED}/usr/bin/${PN}" ]] && rm "${ED}/usr/bin/${PN}"
+	newbin "${FILESDIR}/${PN}.sh" ${PN}
+
+	# Update wrapper
+	local wrapper
+	for wrapper in \
+		"${ED}/usr/bin/${PN}" \
+		"${ED}/usr/bin/${PN}-x11" \
+		"${ED}/usr/bin/${PN}-wayland" \
+	; do
+		[[ ! -f "${wrapper}" ]] && continue
+
+		sed -i \
+			-e "s:@PREFIX@:${EPREFIX}/usr:" \
+			-e "s:@MOZ_FIVE_HOME@:${MOZILLA_FIVE_HOME}:" \
+			-e "s:@APULSELIB_DIR@:${apulselib}:" \
+			-e "s:@DEFAULT_WAYLAND@:${use_wayland}:" \
+			"${wrapper}" \
+			|| die
+	done
+}
+
+pkg_preinst() {
+	xdg_pkg_preinst
+
+	# If the apulse libs are available in MOZILLA_FIVE_HOME then apulse
+	# does not need to be forced into the LD_LIBRARY_PATH
+	if use pulseaudio && has_version ">=media-sound/apulse-0.1.12-r4" ; then
+		einfo "APULSE found; Generating library symlinks for sound support ..."
+		local lib
+		pushd "${ED}${MOZILLA_FIVE_HOME}" &>/dev/null || die
+		for lib in ../apulse/libpulse{.so{,.0},-simple.so{,.0}} ; do
+			# A quickpkg rolled by hand will grab symlinks as part of the package,
+			# so we need to avoid creating them if they already exist.
+			if [[ ! -L ${lib##*/} ]] ; then
+				ln -s "${lib}" ${lib##*/} || die
+			fi
+		done
+		popd &>/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+
+	if ! use gmp-autoupdate ; then
+		elog "USE='-gmp-autoupdate' has disabled the following plugins from updating or"
+		elog "installing into new profiles:"
+		local plugin
+		for plugin in "${MOZ_GMP_PLUGIN_LIST[@]}" ; do
+			elog "\t ${plugin}"
+		done
+		elog
+	fi
+
+	if use pulseaudio && has_version ">=media-sound/apulse-0.1.12-r4" ; then
+		elog "Apulse was detected at merge time on this system and so it will always be"
+		elog "used for sound.  If you wish to use pulseaudio instead please unmerge"
+		elog "media-sound/apulse."
+		elog
+	fi
+
+	local show_doh_information show_normandy_information
+
+	if [[ -z "${REPLACING_VERSIONS}" ]] ; then
+		# New install; Tell user that DoH is disabled by default
+		show_doh_information=yes
+		show_normandy_information=yes
+	else
+		local replacing_version
+		for replacing_version in ${REPLACING_VERSIONS} ; do
+			if ver_test "${replacing_version}" -lt 70 ; then
+				# Tell user only once about our DoH default
+				show_doh_information=yes
+			fi
+
+			if ver_test "${replacing_version}" -lt 74.0-r2 ; then
+				# Tell user only once about our Normandy default
+				show_normandy_information=yes
+			fi
+		done
+	fi
+
+	if [[ -n "${show_doh_information}" ]] ; then
+		elog
+		elog "Note regarding Trusted Recursive Resolver aka DNS-over-HTTPS (DoH):"
+		elog "Due to privacy concerns (encrypting DNS might be a good thing, sending all"
+		elog "DNS traffic to Cloudflare by default is not a good idea and applications"
+		elog "should respect OS configured settings), \"network.trr.mode\" was set to 5"
+		elog "(\"Off by choice\") by default."
+		elog "You can enable DNS-over-HTTPS in ${PN^}'s preferences."
+	fi
+
+	# bug 713782
+	if [[ -n "${show_normandy_information}" ]] ; then
+		elog
+		elog "Upstream operates a service named Normandy which allows Mozilla to"
+		elog "push changes for default settings or even install new add-ons remotely."
+		elog "While this can be useful to address problems like 'Armagadd-on 2.0' or"
+		elog "revert previous decisions to disable TLS 1.0/1.1, privacy and security"
+		elog "concerns prevail, which is why we have switched off the use of this"
+		elog "service by default."
+		elog
+		elog "To re-enable this service set"
+		elog
+		elog "    app.normandy.enabled=true"
+		elog
+		elog "in about:config."
+	fi
+}
author	Thomas Deutschmann <whissi@gentoo.org>	2020-10-10 17:44:42 +0200
committer	Thomas Deutschmann <whissi@gentoo.org>	2020-10-10 19:40:13 +0200
commit	c2cb1b1809dfdcc237f0bffb3330db785ca697c7 (patch)
tree	10c6e7a1d4bda60368e627fdc3f0e667a64c0d9c /www-client/firefox
parent	mail-client/thunderbird: security cleanup (diff)
download	gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.tar.gz gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.tar.bz2 gentoo-c2cb1b1809dfdcc237f0bffb3330db785ca697c7.zip