aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-05-12 16:13:10 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-05-31 14:54:02 -0400
commit7aa0e310fa01e5a11624bd5cc8418f6e0fe32a67 (patch)
tree3fdf101addadef191acf2f1a0d85714e326da8bc /gnu
parenta3605b59c6b0cb4595f5f05e9167518ba2a6923c (diff)
downloadguix-7aa0e310fa01e5a11624bd5cc8418f6e0fe32a67.tar.gz
guix-7aa0e310fa01e5a11624bd5cc8418f6e0fe32a67.zip
gnu: icecat: Modernize package definition.
* gnu/packages/gnuzilla.scm (icecat)[inputs, native-inputs]: Use new style. [configure-flags, phases]: Use gexps.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/gnuzilla.scm778
1 files changed, 382 insertions, 396 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 006191c9bd..8f1e8fe647 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -904,160 +904,156 @@ in C/C++.")
(source icecat-source)
(build-system gnu-build-system)
(inputs
- `(("alsa-lib" ,alsa-lib)
- ("bzip2" ,bzip2)
- ("cups" ,cups)
- ("dbus-glib" ,dbus-glib)
- ("gdk-pixbuf" ,gdk-pixbuf)
- ("glib" ,glib)
- ("gtk+" ,gtk+)
- ("gtk+-2" ,gtk+-2)
- ;; UNBUNDLE-ME! ("graphite2" ,graphite2)
- ("cairo" ,cairo)
- ("pango" ,pango)
- ("freetype" ,freetype)
- ("font-dejavu" ,font-dejavu)
- ;; UNBUNDLE-ME! ("harfbuzz" ,harfbuzz)
- ("libcanberra" ,libcanberra)
- ("libgnome" ,libgnome)
- ("libjpeg-turbo" ,libjpeg-turbo)
- ("libpng-apng" ,libpng-apng)
- ;; UNBUNDLE-ME! ("libogg" ,libogg)
- ;; UNBUNDLE-ME! ("libtheora" ,libtheora) ; wants theora-1.2, not yet released
- ;; UNBUNDLE-ME! ("libvorbis" ,libvorbis)
- ("libxft" ,libxft)
- ("libevent" ,libevent)
- ("libxinerama" ,libxinerama)
- ("libxscrnsaver" ,libxscrnsaver)
- ("libxcomposite" ,libxcomposite)
- ("libxt" ,libxt)
- ("libffi" ,libffi)
- ("ffmpeg" ,ffmpeg)
- ("libvpx" ,libvpx)
- ("icu4c" ,icu4c)
- ("pixman" ,pixman)
- ("pulseaudio" ,pulseaudio)
- ("mesa" ,mesa)
- ("pciutils" ,pciutils)
- ("mit-krb5" ,mit-krb5)
- ("hunspell" ,hunspell)
- ("libnotify" ,libnotify)
- ;; See <https://bugs.gnu.org/32833>
- ;; and related comments in the 'remove-bundled-libraries' phase.
- ;; UNBUNDLE-ME! ("nspr" ,nspr)
- ;; UNBUNDLE-ME! ("nss" ,nss)
- ("shared-mime-info" ,shared-mime-info)
- ("sqlite" ,sqlite)
- ("eudev" ,eudev)
- ("unzip" ,unzip)
- ("zip" ,zip)
- ("zlib" ,zlib)))
+ (list alsa-lib
+ bzip2
+ cups
+ dbus-glib
+ gdk-pixbuf
+ glib
+ gtk+
+ gtk+-2
+ ;; UNBUNDLE-ME! graphite2
+ cairo
+ pango
+ freetype
+ font-dejavu
+ ;; UNBUNDLE-ME! harfbuzz
+ libcanberra
+ libgnome
+ libjpeg-turbo
+ libpng-apng
+ ;; UNBUNDLE-ME! libogg
+ ;; UNBUNDLE-ME! libtheora ; wants theora-1.2, not yet released
+ ;; UNBUNDLE-ME! libvorbis
+ libxft
+ libevent
+ libxinerama
+ libxscrnsaver
+ libxcomposite
+ libxt
+ libffi
+ ffmpeg
+ libvpx
+ icu4c
+ pixman
+ pulseaudio
+ mesa
+ pciutils
+ mit-krb5
+ hunspell
+ libnotify
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the 'remove-bundled-libraries' phase.
+ ;; UNBUNDLE-ME! nspr
+ ;; UNBUNDLE-ME! nss
+ shared-mime-info
+ sqlite
+ eudev
+ unzip
+ zip
+ zlib))
(native-inputs
;; The following patches are specific to the Guix packaging of IceCat,
;; and therefore we prefer to leave them out of 'source', which should be
;; a tarball suitable for compilation on any system that IceCat supports.
;; (Bug fixes and security fixes, however, should go in 'source').
- `(;; XXX TODO: Adapt these patches to IceCat 91.
- ;; ("icecat-avoid-bundled-libraries.patch"
- ;; ,(search-patch "icecat-avoid-bundled-libraries.patch"))
- ;; ("icecat-use-system-graphite2+harfbuzz.patch"
- ;; ,(search-patch "icecat-use-system-graphite2+harfbuzz.patch"))
- ;; ("icecat-use-system-media-libs.patch"
- ;; ,(search-patch "icecat-use-system-media-libs.patch"))
+ (list
+ ;; XXX TODO: Adapt these patches to IceCat 91.
+ ;; ("icecat-avoid-bundled-libraries.patch"
+ ;; ,(search-patch "icecat-avoid-bundled-libraries.patch"))
+ ;; ("icecat-use-system-graphite2+harfbuzz.patch"
+ ;; ,(search-patch "icecat-use-system-graphite2+harfbuzz.patch"))
+ ;; ("icecat-use-system-media-libs.patch"
+ ;; ,(search-patch "icecat-use-system-media-libs.patch"))
+ rust
+ `(,rust "cargo")
+ rust-cbindgen-0.19
+ llvm-11
+ clang-11
+ perl
+ node
+ python-wrapper
+ yasm
+ nasm ; XXX FIXME: only needed on x86_64 and i686
+ pkg-config
+ m4
+ which))
+ (arguments
+ (list
+ #:tests? #f ;not worth the cost
+
+ ;; Some dynamic lib was determined at runtime, so rpath check may fail.
+ #:validate-runpath? #f
+
+ #:configure-flags
+ #~(list
+ "--enable-application=browser"
+ "--with-distribution-id=org.gnu"
+ "--enable-geckodriver"
+ ;; Do not require addons in the global app or system directories to
+ ;; be signed by Mozilla.
+ "--with-unsigned-addon-scopes=app,system"
+ "--allow-addon-sideload"
+
+ "--enable-pulseaudio"
+
+ "--disable-tests"
+ "--disable-updater"
+ "--disable-crashreporter"
+ "--disable-eme"
+
+ ;; Building with debugging symbols takes ~5GiB, so disable it.
+ "--disable-debug"
+ "--disable-debug-symbols"
+
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--disable-elf-hack"
+
+ ;; Clang is needed to build Stylo, Mozilla's new CSS engine. We must
+ ;; specify the clang paths manually, because otherwise the Mozilla
+ ;; build system looks in the directories returned by llvm-config
+ ;; --bindir and llvm-config --libdir, which return paths in the llvm
+ ;; package where clang is not found.
+ (string-append "--with-clang-path="
+ (search-input-file %build-inputs "bin/clang"))
+ (string-append "--with-libclang-path="
+ (dirname (search-input-file %build-inputs
+ "lib/libclang.so")))
+
+ ;; Hack to work around missing "unofficial" branding in icecat.
+ "--enable-official-branding"
+
+ ;; Avoid bundled libraries.
+ "--with-system-jpeg" ;must be libjpeg-turbo
+ "--with-system-png" ;must be libpng-apng
+ "--with-system-zlib"
+ ;; UNBUNDLE-ME! "--with-system-bz2"
+ ;; UNBUNDLE-ME! "--with-system-libevent"
+ ;; UNBUNDLE-ME! "--with-system-ogg"
+ ;; UNBUNDLE-ME! "--with-system-vorbis"
+ ;; UNBUNDLE-ME! "--with-system-theora" ; wants theora-1.2, not yet released
+ ;; UNBUNDLE-ME! "--with-system-libvpx"
+ "--with-system-icu"
- ("patch" ,(canonical-package patch))
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the
+ ;; 'remove-bundled-libraries' phase below.
+ ;; UNBUNDLE-ME! "--with-system-nspr"
+ ;; UNBUNDLE-ME! "--with-system-nss"
- ("rust" ,rust)
- ("cargo" ,rust "cargo")
- ("rust-cbindgen" ,rust-cbindgen-0.19)
- ("llvm" ,llvm-11)
- ("clang" ,clang-11)
- ("perl" ,perl)
- ("node" ,node)
- ("python" ,python-wrapper)
- ("yasm" ,yasm)
- ("nasm" ,nasm) ; XXX FIXME: only needed on x86_64 and i686
- ("pkg-config" ,pkg-config)
- ("m4" ,m4)
- ("which" ,which)))
- (arguments
- `(#:tests? #f ;not worth the cost
-
- ;; Some dynamic lib was determined at runtime, so rpath check may fail.
- #:validate-runpath? #f
-
- #:configure-flags `("--enable-application=browser"
- "--with-distribution-id=org.gnu"
- "--enable-geckodriver"
- ;; Do not require addons in the global app or
- ;; system directories to be signed by Mozilla.
- "--with-unsigned-addon-scopes=app,system"
- "--allow-addon-sideload"
-
- "--enable-pulseaudio"
-
- "--disable-tests"
- "--disable-updater"
- "--disable-crashreporter"
- "--disable-eme"
-
- ;; Building with debugging symbols takes ~5GiB, so
- ;; disable it.
- "--disable-debug"
- "--disable-debug-symbols"
-
- "--enable-rust-simd"
- "--enable-release"
- "--enable-optimize"
- "--enable-strip"
- "--disable-elf-hack"
-
- ;; Clang is needed to build Stylo, Mozilla's new
- ;; CSS engine. We must specify the clang paths
- ;; manually, because otherwise the Mozilla build
- ;; system looks in the directories returned by
- ;; llvm-config --bindir and llvm-config --libdir,
- ;; which return paths in the llvm package where
- ;; clang is not found.
- ,(string-append "--with-clang-path="
- (assoc-ref %build-inputs "clang")
- "/bin/clang")
- ,(string-append "--with-libclang-path="
- (assoc-ref %build-inputs "clang")
- "/lib")
-
- ;; Hack to work around missing
- ;; "unofficial" branding in icecat.
- "--enable-official-branding"
-
- ;; Avoid bundled libraries.
- "--with-system-jpeg" ; must be libjpeg-turbo
- "--with-system-png" ; must be libpng-apng
- "--with-system-zlib"
- ;; UNBUNDLE-ME! "--with-system-bz2"
- ;; UNBUNDLE-ME! "--with-system-libevent"
- ;; UNBUNDLE-ME! "--with-system-ogg"
- ;; UNBUNDLE-ME! "--with-system-vorbis"
- ;; UNBUNDLE-ME! "--with-system-theora" ; wants theora-1.2, not yet released
- ;; UNBUNDLE-ME! "--with-system-libvpx"
- "--with-system-icu"
-
- ;; See <https://bugs.gnu.org/32833>
- ;; and related comments in the
- ;; 'remove-bundled-libraries' phase below.
- ;; UNBUNDLE-ME! "--with-system-nspr"
- ;; UNBUNDLE-ME! "--with-system-nss"
-
- ;; UNBUNDLE-ME! "--with-system-harfbuzz"
- ;; UNBUNDLE-ME! "--with-system-graphite2"
- "--enable-system-pixman"
- "--enable-system-ffi"
- ;; UNBUNDLE-ME! "--enable-system-sqlite"
- )
+ ;; UNBUNDLE-ME! "--with-system-harfbuzz"
+ ;; UNBUNDLE-ME! "--with-system-graphite2"
+ "--enable-system-pixman"
+ "--enable-system-ffi"
+ ;; UNBUNDLE-ME! "--enable-system-sqlite"
+ )
- #:imported-modules ,%cargo-utils-modules ;for `generate-all-checksums'
+ #:imported-modules %cargo-utils-modules ;for `generate-all-checksums'
- #:modules ((ice-9 ftw)
+ #:modules `((ice-9 ftw)
(ice-9 match)
(srfi srfi-1)
(srfi srfi-26)
@@ -1066,257 +1062,247 @@ in C/C++.")
(guix elf)
(guix build gremlin)
,@%gnu-build-system-modules)
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'apply-guix-specific-patches
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- (let ((patch (string-append (assoc-ref (or native-inputs inputs)
- "patch")
- "/bin/patch")))
- (for-each (match-lambda
- ((label . file)
- (when (and (string-prefix? "icecat-" label)
- (string-suffix? ".patch" label))
- (format #t "applying '~a'...~%" file)
- (invoke patch "--force" "--no-backup-if-mismatch"
- "-p1" "--input" file))))
- (or native-inputs inputs)))))
- (add-after 'apply-guix-specific-patches 'remove-bundled-libraries
- (lambda _
- ;; Remove bundled libraries that we don't use, since they may
- ;; contain unpatched security flaws, they waste disk space and
- ;; memory, and may cause confusion.
- (for-each (lambda (file)
- (format #t "deleting '~a'...~%" file)
- (delete-file-recursively file))
- '(;; FIXME: Removing the bundled icu breaks configure.
- ;; * The bundled icu headers are used in some places.
- ;; * The version number is taken from the bundled copy.
- ;;"intl/icu"
- ;;
- ;; FIXME: A script from the bundled nspr is used.
- ;;"nsprpub"
- ;;
- ;; FIXME: With the update to IceCat 60, using system NSS
- ;; broke certificate validation. See
- ;; <https://bugs.gnu.org/32833>. For now, we use
- ;; the bundled NSPR and NSS. TODO: Investigate,
- ;; and try to unbundle these libraries again.
- ;; UNBUNDLE-ME! "security/nss"
- ;;
- ;; TODO: Use more system media libraries. See:
- ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
- ;; * libtheora: esr60 wants v1.2, not yet released.
- ;; * soundtouch: avoiding the bundled library would
- ;; result in some loss of functionality. There's
- ;; also an issue with exception handling
- ;; configuration. It seems that this is needed in
- ;; some moz.build:
- ;; DEFINES['ST_NO_EXCEPTION_HANDLING'] = 1
- ;; * libopus
- ;; * speex
- ;;
- "modules/freetype2"
- ;; "media/libjpeg" ; needed for now, because media/libjpeg/moz.build is referenced from config/external/moz.build
- ;; UNBUNDLE-ME! "modules/zlib"
- ;; UNBUNDLE-ME! "ipc/chromium/src/third_party/libevent"
- ;; UNBUNDLE-ME! "media/libvpx"
- ;; UNBUNDLE-ME! "media/libogg"
- ;; UNBUNDLE-ME! "media/libvorbis"
- ;; UNBUNDLE-ME! "media/libtheora" ; wants theora-1.2, not yet released
- ;; UNBUNDLE-ME! "media/libtremor"
- ;; UNBUNDLE-ME! "gfx/harfbuzz"
- ;; UNBUNDLE-ME! "gfx/graphite2"
- "js/src/ctypes/libffi"
- ;; UNBUNDLE-ME! "db/sqlite3"
- ))))
- (add-after 'remove-bundled-libraries 'fix-ffmpeg-runtime-linker
- (lambda* (#:key inputs #:allow-other-keys)
- (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
- (libavcodec (string-append ffmpeg "/lib/libavcodec.so")))
- ;; Arrange to load libavcodec.so by its absolute file name.
- (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
- (("libavcodec\\.so")
- libavcodec)))))
- (add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist
- (lambda* (#:key inputs #:allow-other-keys)
- (define (runpath-of lib)
- (call-with-input-file lib
- (compose elf-dynamic-info-runpath
- elf-dynamic-info
- parse-elf
- get-bytevector-all)))
- (define (runpaths-of-input label)
- (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
- (libs (find-files dir "\\.so$")))
- (append-map runpath-of libs)))
- ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
- (let* ((whitelist
- (map (cut string-append <> "/")
- (delete-duplicates
- `(,(string-append (assoc-ref inputs "shared-mime-info")
- "/share/mime")
- ,(string-append (assoc-ref inputs "font-dejavu")
- "/share/fonts")
- "/run/current-system/profile/share/fonts"
- ,@(append-map runpaths-of-input
- '("mesa" "ffmpeg"))))))
- (whitelist-string (string-join whitelist ","))
- (port (open-file "browser/app/profile/icecat.js" "a")))
- (format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%"
- whitelist-string)
- (format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%"
- whitelist-string)
- (close-output-port port))))
- (add-after 'patch-source-shebangs 'patch-cargo-checksums
- (lambda _
- (use-modules (guix build cargo-utils))
- (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
- (for-each (lambda (file)
- (format #t "patching checksums in ~a~%" file)
- (substitute* file
- (("^checksum = \".*\"")
- (string-append "checksum = \"" null-hash "\""))))
- (find-files "." "Cargo.lock$"))
- (for-each generate-all-checksums
- '("services"
- "js"
- "third_party/rust"
- "dom/media"
- "dom/webauthn"
- "toolkit"
- "gfx"
- "storage"
- "modules"
- "xpcom/rust"
- "media"
- "mozglue/static/rust"
- "netwerk"
- "remote"
- "intl"
- "servo"
- "security/manager/ssl"
- "build")))))
- (delete 'bootstrap)
- (replace 'configure
- ;; configure does not work followed by both "SHELL=..." and
- ;; "CONFIG_SHELL=..."; set environment variables instead
- (lambda* (#:key outputs configure-flags #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bash (which "bash"))
- (abs-srcdir (getcwd))
- (flags `(,(string-append "--prefix=" out)
- ,(string-append "--with-l10n-base="
- abs-srcdir "/l10n")
- ,@configure-flags)))
- (setenv "SHELL" bash)
- (setenv "CONFIG_SHELL" bash)
-
- (setenv "AR" "llvm-ar")
- (setenv "NM" "llvm-nm")
- (setenv "CC" "clang")
- (setenv "CXX" "clang++")
- (setenv "LDFLAGS" (string-append "-Wl,-rpath="
- (assoc-ref outputs "out")
- "/lib/icecat"))
-
- (setenv "MACH_USE_SYSTEM_PYTHON" "1")
- (setenv "MOZ_NOSPAM" "1")
- (setenv "MOZ_BUILD_DATE" ,%icecat-build-id) ; avoid timestamp
-
- (format #t "build directory: ~s~%" (getcwd))
- (format #t "configure flags: ~s~%" flags)
-
- (call-with-output-file "mozconfig"
- (lambda (out)
- (for-each (lambda (flag)
- (format out "ac_add_options ~a\n" flag))
- flags)))
-
- (invoke "./mach" "configure"))))
- (replace 'build
- (lambda* (#:key (make-flags '()) (parallel-build? #t)
- #:allow-other-keys)
- (apply invoke "./mach" "build"
- ;; mach will use parallel build if possible by default
- `(,@(if parallel-build?
- '()
- '("-j1"))
- ,@make-flags))))
- (add-after 'build 'neutralise-store-references
- (lambda _
- ;; Mangle the store references to compilers & other build tools in
- ;; about:buildconfig, reducing IceCat's closure by 1 GiB on x86-64.
- (let* ((obj-dir (match (scandir "." (cut string-prefix? "obj-" <>))
- ((dir) dir)))
- (file (string-append
- obj-dir
- "/dist/bin/chrome/toolkit/content/global/buildconfig.html")))
- (substitute* file
- (("[0-9a-df-np-sv-z]{32}" hash)
- (string-append (string-take hash 8)
- "<!-- Guix: not a runtime dependency -->"
- (string-drop hash 8)))))))
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (invoke "./mach" "install")
- ;; The geckodriver binary is not installed by the above, for some
- ;; reason. Use 'find-files' to avoid having to deal with the
- ;; system/architecture-specific file name.
- (install-file (first (find-files "." "geckodriver"))
- (string-append (assoc-ref outputs "out") "/bin"))))
- (add-after 'install 'wrap-program
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (lib (string-append out "/lib"))
- (gtk (assoc-ref inputs "gtk+"))
- (gtk-share (string-append gtk "/share"))
- (ld-libs (map (lambda (label)
- (string-append (assoc-ref inputs label)
- "/lib"))
- '("libpng-apng"
- "libxscrnsaver"
- "mesa"
- "pciutils"
- "mit-krb5"
- "eudev"
- "pulseaudio"
- ;; For the integration of native notifications
- "libnotify"))))
- (wrap-program (car (find-files lib "^icecat$"))
- `("XDG_DATA_DIRS" prefix (,gtk-share))
- ;; The following line is commented out because the icecat
- ;; package on guix has been observed to be unstable when
- ;; using wayland, and the bundled extensions stop working.
- ;; `("MOZ_ENABLE_WAYLAND" = ("1"))
- `("LD_LIBRARY_PATH" prefix ,ld-libs)))))
- (add-after 'wrap-program 'install-desktop-entry
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Install the '.desktop' file.
- (let* ((desktop-file "taskcluster/docker/icecat-snap/icecat.desktop")
- (out (assoc-ref outputs "out"))
- (applications (string-append out "/share/applications")))
- (substitute* desktop-file
- (("^Exec=icecat") (string-append "Exec=" out "/bin/icecat"))
- (("IceCat") "GNU IceCat")
- (("Icon=.*") "Icon=icecat\n")
- (("NewWindow") "new-window")
- (("NewPrivateWindow") "new-private-window"))
- (install-file desktop-file applications))))
- (add-after 'install-desktop-entry 'install-icons
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (with-directory-excursion "browser/branding/official"
- (for-each
- (lambda (file)
- (let* ((size (string-filter char-numeric? file))
- (icons (string-append out "/share/icons/hicolor/"
- size "x" size "/apps")))
- (mkdir-p icons)
- (copy-file file (string-append icons "/icecat.png"))))
- '("default16.png" "default22.png" "default24.png"
- "default32.png" "default48.png" "content/icon64.png"
- "mozicon128.png" "default256.png")))))))))
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'apply-guix-specific-patches
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((patch (search-input-file inputs "bin/patch")))
+ (for-each (match-lambda
+ ((label . file)
+ (when (and (string-prefix? "icecat-" label)
+ (string-suffix? ".patch" label))
+ (format #t "applying '~a'...~%" file)
+ (invoke patch "--force" "--no-backup-if-mismatch"
+ "-p1" "--input" file))))
+ (or native-inputs inputs)))))
+ (add-after 'apply-guix-specific-patches 'remove-bundled-libraries
+ (lambda _
+ ;; Remove bundled libraries that we don't use, since they may
+ ;; contain unpatched security flaws, they waste disk space and
+ ;; memory, and may cause confusion.
+ (for-each (lambda (file)
+ (format #t "deleting '~a'...~%" file)
+ (delete-file-recursively file))
+ '( ;; FIXME: Removing the bundled icu breaks configure.
+ ;; * The bundled icu headers are used in some places.
+ ;; * The version number is taken from the bundled copy.
+ ;;"intl/icu"
+ ;;
+ ;; FIXME: A script from the bundled nspr is used.
+ ;;"nsprpub"
+ ;;
+ ;; FIXME: With the update to IceCat 60, using system NSS
+ ;; broke certificate validation. See
+ ;; <https://bugs.gnu.org/32833>. For now, we use
+ ;; the bundled NSPR and NSS. TODO: Investigate,
+ ;; and try to unbundle these libraries again.
+ ;; UNBUNDLE-ME! "security/nss"
+ ;;
+ ;; TODO: Use more system media libraries. See:
+ ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
+ ;; * libtheora: esr60 wants v1.2, not yet released.
+ ;; * soundtouch: avoiding the bundled library would
+ ;; result in some loss of functionality. There's
+ ;; also an issue with exception handling
+ ;; configuration. It seems that this is needed in
+ ;; some moz.build:
+ ;; DEFINES['ST_NO_EXCEPTION_HANDLING'] = 1
+ ;; * libopus
+ ;; * speex
+ ;;
+ "modules/freetype2"
+ ;; "media/libjpeg" ; needed for now, because media/libjpeg/moz.build is referenced from config/external/moz.build
+ ;; UNBUNDLE-ME! "modules/zlib"
+ ;; UNBUNDLE-ME! "ipc/chromium/src/third_party/libevent"
+ ;; UNBUNDLE-ME! "media/libvpx"
+ ;; UNBUNDLE-ME! "media/libogg"
+ ;; UNBUNDLE-ME! "media/libvorbis"
+ ;; UNBUNDLE-ME! "media/libtheora" ; wants theora-1.2, not yet released
+ ;; UNBUNDLE-ME! "media/libtremor"
+ ;; UNBUNDLE-ME! "gfx/harfbuzz"
+ ;; UNBUNDLE-ME! "gfx/graphite2"
+ "js/src/ctypes/libffi"
+ ;; UNBUNDLE-ME! "db/sqlite3"
+ ))))
+ (add-after 'remove-bundled-libraries 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ (search-input-file inputs "lib/libavcodec.so")))))
+ (add-after 'fix-ffmpeg-runtime-linker 'build-sandbox-whitelist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (runpath-of lib)
+ (call-with-input-file lib
+ (compose elf-dynamic-info-runpath
+ elf-dynamic-info
+ parse-elf
+ get-bytevector-all)))
+ (define (runpaths-of-input label)
+ (let* ((dir (string-append (assoc-ref inputs label) "/lib"))
+ (libs (find-files dir "\\.so$")))
+ (append-map runpath-of libs)))
+ ;; Populate the sandbox read-path whitelist as needed by ffmpeg.
+ (let* ((whitelist
+ (map (cut string-append <> "/")
+ (delete-duplicates
+ `(,(string-append (assoc-ref inputs "shared-mime-info")
+ "/share/mime")
+ ,(string-append (assoc-ref inputs "font-dejavu")
+ "/share/fonts")
+ "/run/current-system/profile/share/fonts"
+ ,@(append-map runpaths-of-input
+ '("mesa" "ffmpeg"))))))
+ (whitelist-string (string-join whitelist ","))
+ (port (open-file "browser/app/profile/icecat.js" "a")))
+ (format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%"
+ whitelist-string)
+ (format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%"
+ whitelist-string)
+ (close-output-port port))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+ (for-each (lambda (file)
+ (format #t "patching checksums in ~a~%" file)
+ (substitute* file
+ (("^checksum = \".*\"")
+ (string-append "checksum = \"" null-hash "\""))))
+ (find-files "." "Cargo.lock$"))
+ (for-each generate-all-checksums
+ '("services"
+ "js"
+ "third_party/rust"
+ "dom/media"
+ "dom/webauthn"
+ "toolkit"
+ "gfx"
+ "storage"
+ "modules"
+ "xpcom/rust"
+ "media"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "intl"
+ "servo"
+ "security/manager/ssl"
+ "build")))))
+ (delete 'bootstrap)
+ (replace 'configure
+ ;; configure does not work followed by both "SHELL=..." and
+ ;; "CONFIG_SHELL=..."; set environment variables instead
+ (lambda* (#:key outputs configure-flags #:allow-other-keys)
+ (let* ((bash (which "bash"))
+ (abs-srcdir (getcwd))
+ (flags `(,(string-append "--prefix=" #$output)
+ ,(string-append "--with-l10n-base="
+ abs-srcdir "/l10n")
+ ,@configure-flags)))
+ (setenv "SHELL" bash)
+ (setenv "CONFIG_SHELL" bash)
+
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "LDFLAGS" (string-append "-Wl,-rpath="
+ #$output "/lib/icecat"))
+
+ (setenv "MACH_USE_SYSTEM_PYTHON" "1")
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_BUILD_DATE" #$%icecat-build-id) ; avoid timestamp
+
+ (format #t "build directory: ~s~%" (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (call-with-output-file "mozconfig"
+ (lambda (port)
+ (for-each (lambda (flag)
+ (format port "ac_add_options ~a\n" flag))
+ flags)))
+
+ (invoke "./mach" "configure"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '()) (parallel-build? #t)
+ #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1"))
+ ,@make-flags))))
+ (add-after 'build 'neutralise-store-references
+ (lambda _
+ ;; Mangle the store references to compilers & other build tools in
+ ;; about:buildconfig, reducing IceCat's closure by 1 GiB on x86-64.
+ (let* ((obj-dir (match (scandir "." (cut string-prefix? "obj-" <>))
+ ((dir) dir)))
+ (file (string-append
+ obj-dir
+ "/dist/bin/chrome/toolkit/content/global/buildconfig.html")))
+ (substitute* file
+ (("[0-9a-df-np-sv-z]{32}" hash)
+ (string-append (string-take hash 8)
+ "<!-- Guix: not a runtime dependency -->"
+ (string-drop hash 8)))))))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "./mach" "install")
+ ;; The geckodriver binary is not installed by the above, for some
+ ;; reason. Use 'find-files' to avoid having to deal with the
+ ;; system/architecture-specific file name.
+ (install-file (first (find-files "." "geckodriver"))
+ (string-append #$output "/bin"))))
+ (add-after 'install 'wrap-program
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((lib (string-append #$output "/lib"))
+ (gtk #$(this-package-input "gtk+"))
+ (gtk-share (string-append gtk "/share"))
+ (ld-libs '#$(map (lambda (label)
+ (file-append (this-package-input label) "/lib"))
+ '("libpng-apng"
+ "libxscrnsaver"
+ "mesa"
+ "pciutils"
+ "mit-krb5"
+ "eudev"
+ "pulseaudio"
+ ;; For the integration of native notifications
+ "libnotify"))))
+ (wrap-program (car (find-files lib "^icecat$"))
+ `("XDG_DATA_DIRS" prefix (,gtk-share))
+ ;; The following line is commented out because the icecat
+ ;; package on guix has been observed to be unstable when
+ ;; using wayland, and the bundled extensions stop working.
+ ;; `("MOZ_ENABLE_WAYLAND" = ("1"))
+ `("LD_LIBRARY_PATH" prefix ,ld-libs)))))
+ (add-after 'wrap-program 'install-desktop-entry
+ (lambda _
+ ;; Install the '.desktop' file.
+ (let* ((desktop-file "taskcluster/docker/icecat-snap/icecat.desktop")
+ (applications (string-append #$output "/share/applications")))
+ (substitute* desktop-file
+ (("^Exec=icecat") (string-append "Exec=" #$output "/bin/icecat"))
+ (("IceCat") "GNU IceCat")
+ (("Icon=.*") "Icon=icecat\n")
+ (("NewWindow") "new-window")
+ (("NewPrivateWindow") "new-private-window"))
+ (install-file desktop-file applications))))
+ (add-after 'install-desktop-entry 'install-icons
+ (lambda _
+ (with-directory-excursion "browser/branding/official"
+ (for-each
+ (lambda (file)
+ (let* ((size (string-filter char-numeric? file))
+ (icons (string-append #$output "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p icons)
+ (copy-file file (string-append icons "/icecat.png"))))
+ '("default16.png" "default22.png" "default24.png"
+ "default32.png" "default48.png" "content/icon64.png"
+ "mozicon128.png" "default256.png"))))))))
(home-page "https://www.gnu.org/software/gnuzilla/")
(synopsis "Entirely free browser derived from Mozilla Firefox")
(description