HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: icecat: Fix CVE-2018-{5146,5147}, etc.
[jackhill/guix/guix.git] / gnu / packages / gnuzilla.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
3 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
4 ;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
5 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
6 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
7 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
8 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
10 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
11 ;;;
12 ;;; This file is part of GNU Guix.
13 ;;;
14 ;;; GNU Guix is free software; you can redistribute it and/or modify it
15 ;;; under the terms of the GNU General Public License as published by
16 ;;; the Free Software Foundation; either version 3 of the License, or (at
17 ;;; your option) any later version.
18 ;;;
19 ;;; GNU Guix is distributed in the hope that it will be useful, but
20 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 ;;; GNU General Public License for more details.
23 ;;;
24 ;;; You should have received a copy of the GNU General Public License
25 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26
27 (define-module (gnu packages gnuzilla)
28 #:use-module ((srfi srfi-1) #:hide (zip))
29 #:use-module (ice-9 match)
30 #:use-module (gnu packages)
31 #:use-module ((guix licenses) #:prefix license:)
32 #:use-module (guix packages)
33 #:use-module (guix download)
34 #:use-module (guix utils)
35 #:use-module (guix build-system gnu)
36 #:use-module (gnu packages autotools)
37 #:use-module (gnu packages base)
38 #:use-module (gnu packages databases)
39 #:use-module (gnu packages glib)
40 #:use-module (gnu packages gtk)
41 #:use-module (gnu packages gnome)
42 #:use-module (gnu packages libcanberra)
43 #:use-module (gnu packages cups)
44 #:use-module (gnu packages kerberos)
45 #:use-module (gnu packages linux)
46 #:use-module (gnu packages perl)
47 #:use-module (gnu packages pkg-config)
48 #:use-module (gnu packages compression)
49 #:use-module (gnu packages fontutils)
50 #:use-module (gnu packages libevent)
51 #:use-module (gnu packages libreoffice) ;for hunspell
52 #:use-module (gnu packages image)
53 #:use-module (gnu packages libffi)
54 #:use-module (gnu packages pulseaudio)
55 #:use-module (gnu packages python)
56 #:use-module (gnu packages xorg)
57 #:use-module (gnu packages gl)
58 #:use-module (gnu packages assembly)
59 #:use-module (gnu packages icu4c)
60 #:use-module (gnu packages video)
61 #:use-module (gnu packages xdisorg)
62 #:use-module (gnu packages readline))
63
64 (define-public mozjs
65 (package
66 (name "mozjs")
67 (version "17.0.0")
68 (source (origin
69 (method url-fetch)
70 (uri (string-append
71 "https://ftp.mozilla.org/pub/mozilla.org/js/"
72 name version ".tar.gz"))
73 (sha256
74 (base32
75 "1fig2wf4f10v43mqx67y68z6h77sy900d1w0pz9qarrqx57rc7ij"))
76 (patches (search-patches "mozjs17-aarch64-support.patch"))
77 (modules '((guix build utils)))
78 (snippet
79 ;; Fix incompatibility with Perl 5.22+.
80 '(substitute* '("js/src/config/milestone.pl")
81 (("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
82 (build-system gnu-build-system)
83 (native-inputs
84 `(("perl" ,perl)
85 ("pkg-config" ,pkg-config)
86 ("python" ,python-2)))
87 (propagated-inputs
88 `(("nspr" ,nspr))) ; in the Requires.private field of mozjs-17.0.pc
89 (inputs
90 `(("zlib" ,zlib)))
91 (arguments
92 `(;; XXX: parallel build fails, lacking:
93 ;; mkdir -p "system_wrapper_js/"
94 #:parallel-build? #f
95 #:phases
96 (modify-phases %standard-phases
97 (add-after 'unpack 'delete-timedout-test
98 ;; This test times out on slower hardware.
99 (lambda _ (delete-file "js/src/jit-test/tests/basic/bug698584.js")))
100 (add-before 'configure 'chdir
101 (lambda _
102 (chdir "js/src")
103 #t))
104 (replace 'configure
105 ;; configure fails if it is followed by SHELL and CONFIG_SHELL
106 (lambda* (#:key outputs #:allow-other-keys)
107 (let ((out (assoc-ref outputs "out")))
108 (setenv "SHELL" (which "sh"))
109 (setenv "CONFIG_SHELL" (which "sh"))
110 (zero? (system*
111 "./configure" (string-append "--prefix=" out)
112 ,@(if (string=? "aarch64-linux"
113 (%current-system))
114 '("--host=aarch64-unknown-linux-gnu")
115 '())))))))))
116 (home-page
117 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey")
118 (synopsis "Mozilla javascript engine")
119 (description "SpiderMonkey is Mozilla's JavaScript engine written
120 in C/C++.")
121 (license license:mpl2.0))) ; and others for some files
122
123 (define-public mozjs-24
124 (package (inherit mozjs)
125 (name "mozjs")
126 (version "24.2.0")
127 (source (origin
128 (method url-fetch)
129 (uri (string-append
130 "https://ftp.mozilla.org/pub/mozilla.org/js/"
131 name "-" version ".tar.bz2"))
132 (sha256
133 (base32
134 "1n1phk8r3l8icqrrap4czplnylawa0ddc2cc4cgdz46x3lrkybz6"))
135 (modules '((guix build utils)))
136 (patches (search-patches "mozjs24-aarch64-support.patch"))
137 (snippet
138 ;; Fix incompatibility with Perl 5.22+.
139 '(substitute* '("js/src/config/milestone.pl")
140 (("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
141 (arguments
142 (substitute-keyword-arguments (package-arguments mozjs)
143 ((#:phases phases)
144 `(modify-phases ,phases
145 (replace 'configure
146 (lambda* (#:key outputs #:allow-other-keys)
147 (let ((out (assoc-ref outputs "out")))
148 ;; configure fails if it is followed by SHELL and CONFIG_SHELL
149 (setenv "SHELL" (which "sh"))
150 (setenv "CONFIG_SHELL" (which "sh"))
151 (zero? (system* "./configure"
152 (string-append "--prefix=" out)
153 "--with-system-nspr"
154 "--enable-system-ffi"
155 "--enable-threadsafe"
156 ,@(if (string=? "aarch64-linux"
157 (%current-system))
158 '("--host=aarch64-unknown-linux-gnu")
159 '()))))))))))
160 (inputs
161 `(("libffi" ,libffi)
162 ("zlib" ,zlib)))))
163
164 (define-public mozjs-38
165 (package
166 (inherit mozjs)
167 (name "mozjs")
168 (version "38.2.1.rc0")
169 (source (origin
170 (method url-fetch)
171 (uri (string-append
172 "https://people.mozilla.org/~sstangl/"
173 name "-" version ".tar.bz2"))
174 (sha256
175 (base32
176 "0p4bmbpgkfsj54xschcny0a118jdrdgg0q29rwxigg3lh5slr681"))
177 (patches
178 (search-patches
179 ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1269317 for
180 ;; GCC 6 compatibility.
181
182 "mozjs38-version-detection.patch" ; for 0ad
183 "mozjs38-tracelogger.patch"
184
185 ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1339931.
186 "mozjs38-pkg-config-version.patch"
187 "mozjs38-shell-version.patch"))
188 (modules '((guix build utils)))
189 (snippet
190 '(begin
191 ;; Fix incompatibility with sed 4.4.
192 (substitute* "js/src/configure"
193 (("\\^\\[:space:\\]") "^[[:space:]]"))
194
195 ;; The headers are symlinks to files that are in /tmp, so they
196 ;; end up broken. Copy them instead.
197 (substitute*
198 "python/mozbuild/mozbuild/backend/recursivemake.py"
199 (("\\['dist_include'\\].add_symlink")
200 "['dist_include'].add_copy"))
201
202 ;; Remove bundled libraries.
203 (for-each delete-file-recursively
204 '("intl"
205 "js/src/ctypes/libffi"
206 "js/src/ctypes/libffi-patches"
207 "modules/zlib"))
208 #t))))
209 (arguments
210 `(;; XXX: parallel build fails, lacking:
211 ;; mkdir -p "system_wrapper_js/"
212 #:parallel-build? #f
213 ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1008470.
214 #:tests? #f
215 #:phases
216 (modify-phases %standard-phases
217 (replace 'configure
218 (lambda* (#:key outputs #:allow-other-keys)
219 (let ((out (assoc-ref outputs "out")))
220 (chdir "js/src")
221 (setenv "SHELL" (which "sh"))
222 (setenv "CONFIG_SHELL" (which "sh"))
223 (zero? (system* "./configure"
224 (string-append "--prefix=" out)
225 "--enable-ctypes"
226 "--enable-gcgenerational"
227 "--enable-optimize"
228 "--enable-pie"
229 "--enable-readline"
230 "--enable-shared-js"
231 "--enable-system-ffi"
232 "--enable-threadsafe"
233 "--enable-xterm-updates"
234 "--with-system-icu"
235 "--with-system-nspr"
236 "--with-system-zlib"
237
238 ;; Intl API requires bundled ICU.
239 "--without-intl-api"))))))))
240 (native-inputs
241 `(("perl" ,perl)
242 ("pkg-config" ,pkg-config)
243 ("python-2" ,python-2)))
244 (inputs
245 `(("libffi" ,libffi)
246 ("readline" ,readline)
247 ("icu4c" ,icu4c)
248 ("zlib" ,zlib)))))
249
250 (define-public nspr
251 (package
252 (name "nspr")
253 (version "4.17")
254 (source (origin
255 (method url-fetch)
256 (uri (string-append
257 "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v"
258 version "/src/nspr-" version ".tar.gz"))
259 (sha256
260 (base32
261 "158hdn285dsb5rys8wl1wi32dd1axwhqq0r8fwny4aj157m0l2jr"))))
262 (build-system gnu-build-system)
263 (native-inputs
264 `(("perl" ,perl)))
265 (arguments
266 `(#:tests? #f ; no check target
267 #:configure-flags (list "--enable-64bit"
268 (string-append "LDFLAGS=-Wl,-rpath="
269 (assoc-ref %outputs "out")
270 "/lib"))
271 #:phases (modify-phases %standard-phases
272 (add-before 'configure 'chdir
273 (lambda _ (chdir "nspr") #t)))))
274 (home-page
275 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR")
276 (synopsis "Netscape API for system level and libc-like functions")
277 (description "Netscape Portable Runtime (@dfn{NSPR}) provides a
278 platform-neutral API for system level and libc-like functions. It is used
279 in the Mozilla clients.")
280 (license license:mpl2.0)))
281
282 (define-public nss
283 (package
284 (name "nss")
285 (version "3.34.1")
286 (source (origin
287 (method url-fetch)
288 (uri (let ((version-with-underscores
289 (string-join (string-split version #\.) "_")))
290 (string-append
291 "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
292 "releases/NSS_" version-with-underscores "_RTM/src/"
293 "nss-" version ".tar.gz")))
294 (sha256
295 (base32
296 "186x33wsk4mzjz7dzbn8p0py9a0nzkgzpfkdv4rlyy5gghv5vhd3"))
297 ;; Create nss.pc and nss-config.
298 (patches (search-patches "nss-pkgconfig.patch"
299 "nss-increase-test-timeout.patch"))))
300 (build-system gnu-build-system)
301 (outputs '("out" "bin"))
302 (arguments
303 `(#:parallel-build? #f ; not supported
304 #:make-flags
305 (let* ((out (assoc-ref %outputs "out"))
306 (nspr (string-append (assoc-ref %build-inputs "nspr")))
307 (rpath (string-append "-Wl,-rpath=" out "/lib/nss")))
308 (list "-C" "nss" (string-append "PREFIX=" out)
309 "NSDISTMODE=copy"
310 "NSS_USE_SYSTEM_SQLITE=1"
311 (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
312 ;; Add $out/lib/nss to RPATH.
313 (string-append "RPATH=" rpath)
314 (string-append "LDFLAGS=" rpath)))
315 #:modules ((guix build gnu-build-system)
316 (guix build utils)
317 (ice-9 ftw)
318 (ice-9 match)
319 (srfi srfi-26))
320 #:phases
321 (modify-phases %standard-phases
322 (replace 'configure
323 (lambda _
324 (setenv "CC" "gcc")
325 ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
326 ,@(match (%current-system)
327 ((or "x86_64-linux" "aarch64-linux")
328 `((setenv "USE_64" "1")))
329 (_
330 '()))
331 #t))
332 (replace 'check
333 (lambda _
334 ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
335 ;; The later requires a working DNS or /etc/hosts.
336 (setenv "DOMSUF" "(none)")
337 (setenv "USE_IP" "TRUE")
338 (setenv "IP_ADDRESS" "127.0.0.1")
339 (zero? (system* "./nss/tests/all.sh"))))
340 (replace 'install
341 (lambda* (#:key outputs #:allow-other-keys)
342 (let* ((out (assoc-ref outputs "out"))
343 (bin (string-append (assoc-ref outputs "bin") "/bin"))
344 (inc (string-append out "/include/nss"))
345 (lib (string-append out "/lib/nss"))
346 (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
347 ((obj) (string-append "dist/" obj)))))
348 ;; Install nss-config to $out/bin.
349 (install-file (string-append obj "/bin/nss-config")
350 (string-append out "/bin"))
351 (delete-file (string-append obj "/bin/nss-config"))
352 ;; Install nss.pc to $out/lib/pkgconfig.
353 (install-file (string-append obj "/lib/pkgconfig/nss.pc")
354 (string-append out "/lib/pkgconfig"))
355 (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
356 (rmdir (string-append obj "/lib/pkgconfig"))
357 ;; Install other files.
358 (copy-recursively "dist/public/nss" inc)
359 (copy-recursively (string-append obj "/bin") bin)
360 (copy-recursively (string-append obj "/lib") lib)
361
362 ;; FIXME: libgtest1.so is installed in the above step, and it's
363 ;; (unnecessarily) linked with several NSS libraries, but
364 ;; without the needed rpaths, causing the 'validate-runpath'
365 ;; phase to fail. Here we simply delete libgtest1.so, since it
366 ;; seems to be used only during the tests.
367 (delete-file (string-append lib "/libgtest1.so"))
368 (delete-file (string-append lib "/libgtestutil.so"))
369
370 #t))))))
371 (inputs
372 `(("sqlite" ,sqlite)
373 ("zlib" ,zlib)))
374 (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
375 (native-inputs `(("perl" ,perl)))
376
377 ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
378 ;; another build is happening concurrently on the same machine.
379 (properties '((timeout . 216000))) ; 60 hours
380
381 (home-page
382 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
383 (synopsis "Network Security Services")
384 (description
385 "Network Security Services (@dfn{NSS}) is a set of libraries designed to
386 support cross-platform development of security-enabled client and server
387 applications. Applications built with NSS can support SSL v2 and v3, TLS,
388 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
389 security standards.")
390 (license license:mpl2.0)))
391
392 (define (mozilla-patch file-name changeset hash)
393 "Return an origin for CHANGESET from the mozilla-esr52 repository."
394 (origin
395 (method url-fetch)
396 (uri (string-append "https://hg.mozilla.org/releases/mozilla-esr52/raw-rev/"
397 changeset))
398 (sha256 (base32 hash))
399 (file-name file-name)))
400
401 (define-public icecat
402 (package
403 (name "icecat")
404 (version "52.6.0-gnu1")
405 (source
406 (origin
407 (method url-fetch)
408 (uri (string-append "mirror://gnu/gnuzilla/"
409 (first (string-split version #\-))
410 "/" name "-" version ".tar.bz2"))
411 (sha256
412 (base32
413 "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a"))
414 (patches
415 (list
416 (search-patch "icecat-avoid-bundled-libraries.patch")
417 (search-patch "icecat-use-system-harfbuzz.patch")
418 (search-patch "icecat-use-system-graphite2.patch")
419 (mozilla-patch "icecat-bug-546387.patch" "d13e3fefb76e" "1b760r0bg2ydbl585wlmajljh1nlisrwxvjws5b28a3sgjy01i6k")
420 (mozilla-patch "icecat-bug-1350152.patch" "f822bda79c28" "1wf56169ca874shr6r7qx40s17h2gwj7ngmpyylrpmd1c6hipvsj")
421 (mozilla-patch "icecat-bug-1411708.patch" "34c968767eb7" "0l2jy201ikj3m3h66mvlsj4y0ki7cpm7x7nnfygbwnfxg42s1sip")
422 (mozilla-patch "icecat-bug-1375217.patch" "00fc630c9a46" "17pcprp452nslk6sac6sili0p74zh8w3g0v1wsdn0ikm9xmnphhv")
423 (mozilla-patch "icecat-CVE-2018-5145.patch" "f0ec180993d2" "0jiazxcwki83wr00fyh2g518ynsd33p7nk65zk4d1682gn22lc8v")
424 (mozilla-patch "icecat-CVE-2018-5130.patch" "a6a9e26688c1" "0cvizvilb4k422j2gzqcbakznvsffmk6n6xn1ayj5rgxfaizkkqk")
425 (mozilla-patch "icecat-CVE-2018-5125-pt1.patch" "198ad052621e" "1721zx8hifdlflrhvw6hmkdgjbvsmxl9n84iji5qywhlp2krdk9r")
426 (mozilla-patch "icecat-bug-1426087.patch" "391ea77ebfdb" "1fhkvd0z6mvdkj7m0d3jlj42rsdw5r4x122c1wb1i428228ifw6n")
427 (mozilla-patch "icecat-bug-1416307.patch" "54f2f7f93b30" "1ncjir16mqya37wgf6fy2rqki3vl433c4grjr3fypmlig6xfgg1l")
428 (mozilla-patch "icecat-CVE-2018-5127.patch" "2c4d7a59041b" "178c6gid89cvw52yqs43i6x6s5w0hslj0rfa2r8b4762ij3civ92")
429 (mozilla-patch "icecat-CVE-2018-5125-pt2.patch" "f87ef3774d5e" "0payf3az2w93nzl5qknqx290jbxk8v39rwhdgq7wyd5f245dywxk")
430 (mozilla-patch "icecat-CVE-2018-5125-pt3.patch" "ac743923f81d" "0msyr45xr1j5q4x6ah4r907pwjngyi0k6pp9y8ixk21cnwbzrdwx")
431 (mozilla-patch "icecat-CVE-2018-5129.patch" "456913d7e8b5" "0fx0s06kxxj7g4hllinaskgh41z3k48zml6yqqzxx485qk3hdh9x")
432 (mozilla-patch "icecat-bug-1334465-pt1.patch" "f95c5b881442" "0iaddhf65jd9cycj4bw0b207n2jiqkr4q84jifzyqn4ygs75wdqd")
433 (mozilla-patch "icecat-bug-1334465-pt2.patch" "8a4265c8fb41" "1d9zfdbrlw9wzr84b7pj7lxgy487lsx0kfd89287hjk0al8m6vrw")
434 (mozilla-patch "icecat-bug-1398021.patch" "28855df568d8" "1kmq836gniplxpjnvq8lhbcc1aqi56al628r1mzdy94b5yb0lis3")
435 (mozilla-patch "icecat-bug-1388020.patch" "e8ab2736499b" "0n28vcd65rxsyq3z22rfcfksryfndhm1i3g6ah3akg11jnagqf5v")
436 (mozilla-patch "icecat-CVE-2018-5125-pt4.patch" "014877bf17ea" "0hk90pnf7h7kvidji6ydvva1zpyraipn03pjhvprdqr7k2fqzmsz")
437 (mozilla-patch "icecat-CVE-2018-5125-pt5.patch" "5b3a5de48912" "1ifya05rcd34ryp9zawdacihhkkf2m0xn2q8m8c6v78bvxj0mgig")
438 (mozilla-patch "icecat-CVE-2018-5144.patch" "1df9b4404acd" "1sd59vsarfsbh3vlrzrqv6n1ni7vxdzm83j6s6g0fygl1h8kwijg")
439 (mozilla-patch "icecat-bug-1430173-pt1.patch" "9124c3972e2b" "13ns5yy39yzfx7lrkv4rgwdz6s6q0z4i09wkbxdvnkfsz17cd17i")
440 (mozilla-patch "icecat-bug-1430173-pt2.patch" "9f6dc031be51" "0bv2p98z5ahp3x9wxnhwxn87g21djvzzp7jy55ik90hqixsbhwdl")
441 (mozilla-patch "icecat-CVE-2018-5131.patch" "3102fbb97b32" "0kg0183v92gxjb9255xjwhxyd6gl77l9c0civx3040k975fybwlp")
442 (mozilla-patch "icecat-CVE-2018-5125-pt6.patch" "4904c0f4a645" "0lsq62ynksy1fbw0m87f1d741fyvrrp1vrznx5hx0l2p4g4frhv3")
443 (mozilla-patch "icecat-CVE-2018-5125-pt7.patch" "16b8073d5c30" "1dv94qqah1wjd3bxjvrkmjbb2f95d3d11zpm8mggdk52il575bwl")
444 (mozilla-patch "icecat-bug-1442127-pt1.patch" "f931f85b09da" "02s380w8a73g4w2wm810lbigh4z4rrlfy10ywwhv4lpkbk8xg7pr")
445 (mozilla-patch "icecat-bug-1442127-pt2.patch" "da5792b70f30" "116k9qja5ir9b3laazasp43f5jx59qq72nknmq5bn5v1ixya9r4l")
446 (mozilla-patch "icecat-CVE-2018-5125-pt8.patch" "62b831df8269" "109pn0hqn7s27580glv4z7qv1pmjzii9szvf3wkn97k5wybrzgkx")
447 (mozilla-patch "icecat-bug-1442504.patch" "8954ce68a364" "0bl65zw82bwqg0mmcri94pxqq6ibff7y5rclkzapb081p6yvf73q")
448 (mozilla-patch "icecat-CVE-2018-5125-pt9.patch" "8a16f439117c" "108iarql6z7h1r4rlzac6n6lrzs78x7kcdbfa0b5dbr5xc66jmgb")
449 (mozilla-patch "icecat-bug-1426603.patch" "ca0b92ecedee" "0dc3mdl4a3hrq4j384zjavf3splj6blv4masign710hk7svlgbhq")
450 (mozilla-patch "icecat-CVE-2018-5146.patch" "494e5d5278ba" "1yb4lxjw499ppwhk31vz0vzl0cfqvj9d4jwqag7ayj53ybwsqgjr")
451 (mozilla-patch "icecat-CVE-2018-5147.patch" "5cd5586a2f48" "10s774pwvj6xfk3kk6ivnhp2acc8x9sqq6na8z47nkhgwl2712i5")))
452 (modules '((guix build utils)))
453 (snippet
454 '(begin
455 (use-modules (ice-9 ftw))
456 ;; Remove bundled libraries that we don't use, since they may
457 ;; contain unpatched security flaws, they waste disk space and
458 ;; network bandwidth, and may cause confusion.
459 (for-each delete-file-recursively
460 '(;; FIXME: Removing the bundled icu breaks configure.
461 ;; * The bundled icu headers are used in some places.
462 ;; * The version number is taken from the bundled copy.
463 ;;"intl/icu"
464 ;;
465 ;; FIXME: A script from the bundled nspr is used.
466 ;;"nsprpub"
467 ;;
468 ;; TODO: Use system media libraries. Waiting for:
469 ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
470 ;; * libogg
471 ;; * libtheora
472 ;; * libvorbis
473 ;; * libtremor (not yet in guix)
474 ;; * libopus
475 ;; * speex
476 ;; * soundtouch (not yet in guix)
477 ;;
478 "modules/freetype2"
479 "modules/zlib"
480 "modules/libbz2"
481 "ipc/chromium/src/third_party/libevent"
482 "media/libjpeg"
483 "media/libvpx"
484 "security/nss"
485 "gfx/cairo"
486 "gfx/harfbuzz"
487 "gfx/graphite2"
488 "js/src/ctypes/libffi"
489 "db/sqlite3"))
490 ;; Delete .pyc files, typically present in icecat source tarballs
491 (for-each delete-file (find-files "." "\\.pyc$"))
492 ;; Delete obj-* directories, sometimes present in icecat tarballs
493 (for-each delete-file-recursively
494 (scandir "." (lambda (name)
495 (string-prefix? "obj-" name))))
496 #t))))
497 (build-system gnu-build-system)
498 (inputs
499 `(("alsa-lib" ,alsa-lib)
500 ("bzip2" ,bzip2)
501 ("cairo" ,cairo)
502 ("cups" ,cups)
503 ("dbus-glib" ,dbus-glib)
504 ("gdk-pixbuf" ,gdk-pixbuf)
505 ("glib" ,glib)
506 ("gtk+" ,gtk+)
507 ("gtk+-2" ,gtk+-2)
508 ("graphite2" ,graphite2)
509 ("pango" ,pango)
510 ("freetype" ,freetype)
511 ("harfbuzz" ,harfbuzz)
512 ("hunspell" ,hunspell)
513 ("libcanberra" ,libcanberra)
514 ("libgnome" ,libgnome)
515 ("libjpeg-turbo" ,libjpeg-turbo)
516 ("libxft" ,libxft)
517 ("libevent" ,libevent-2.0)
518 ("libxinerama" ,libxinerama)
519 ("libxscrnsaver" ,libxscrnsaver)
520 ("libxcomposite" ,libxcomposite)
521 ("libxt" ,libxt)
522 ("libffi" ,libffi)
523 ("ffmpeg" ,ffmpeg)
524 ("libvpx" ,libvpx)
525 ("icu4c" ,icu4c)
526 ("pixman" ,pixman)
527 ("pulseaudio" ,pulseaudio)
528 ("mesa" ,mesa)
529 ("mit-krb5" ,mit-krb5)
530 ("nspr" ,nspr)
531 ("nss" ,nss)
532 ("sqlite" ,sqlite)
533 ("startup-notification" ,startup-notification)
534 ("unzip" ,unzip)
535 ("zip" ,zip)
536 ("zlib" ,zlib)))
537 (native-inputs
538 `(("perl" ,perl)
539 ("python" ,python-2) ; Python 3 not supported
540 ("python2-pysqlite" ,python2-pysqlite)
541 ("yasm" ,yasm)
542 ("pkg-config" ,pkg-config)
543 ("autoconf" ,autoconf-2.13)
544 ("which" ,which)))
545 (arguments
546 `(#:tests? #f ; no check target
547 #:out-of-source? #t ; must be built outside of the source directory
548
549 ;; XXX: There are RUNPATH issues such as
550 ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
551 ;; which is not in its RUNPATH, but they appear to be harmless in
552 ;; practice somehow. See <http://hydra.gnu.org/build/378133>.
553 #:validate-runpath? #f
554
555 #:configure-flags '("--enable-default-toolkit=cairo-gtk3"
556 "--enable-gio"
557 "--enable-startup-notification"
558 "--enable-pulseaudio"
559
560 "--disable-gconf"
561 "--disable-gnomeui"
562
563 ;; Building with debugging symbols takes ~5GiB, so
564 ;; disable it.
565 "--disable-debug"
566 "--disable-debug-symbols"
567
568 ;; Hack to work around missing
569 ;; "unofficial" branding in icecat.
570 "--enable-official-branding"
571
572 ;; Avoid bundled libraries.
573 "--with-system-zlib"
574 "--with-system-bz2"
575 "--with-system-jpeg" ; must be libjpeg-turbo
576 "--with-system-libevent"
577 "--with-system-libvpx"
578 "--with-system-icu"
579 "--with-system-nspr"
580 "--with-system-nss"
581 "--with-system-harfbuzz"
582 "--with-system-graphite2"
583 "--enable-system-pixman"
584 "--enable-system-cairo"
585 "--enable-system-ffi"
586 "--enable-system-hunspell"
587 "--enable-system-sqlite"
588
589 ;; Fails with "--with-system-png won't work because
590 ;; the system's libpng doesn't have APNG support".
591 ;; According to
592 ;; http://sourceforge.net/projects/libpng-apng/ ,
593 ;; "the Animated Portable Network Graphics (APNG)
594 ;; is an unofficial extension of the Portable
595 ;; Network Graphics (PNG) format";
596 ;; we probably do not wish to support it.
597 ;; "--with-system-png"
598 )
599
600 #:modules ((ice-9 ftw)
601 (ice-9 rdelim)
602 (ice-9 match)
603 ,@%gnu-build-system-modules)
604 #:phases
605 (modify-phases %standard-phases
606 (add-after
607 'unpack 'ensure-no-mtimes-pre-1980
608 (lambda _
609 ;; Without this, the 'source/test/addons/packed.xpi' and
610 ;; 'source/test/addons/simple-prefs.xpi' targets fail while trying
611 ;; to create zip archives.
612 (let ((early-1980 315619200)) ; 1980-01-02 UTC
613 (ftw "." (lambda (file stat flag)
614 (unless (<= early-1980 (stat:mtime stat))
615 (utime file early-1980 early-1980))
616 #t))
617 #t)))
618 (add-after
619 'unpack 'use-skia-by-default
620 (lambda _
621 ;; Use the bundled Skia library by default, since IceCat appears
622 ;; to be far more stable when using it than when using our system
623 ;; Cairo.
624 (let ((out (open "browser/app/profile/icecat.js"
625 (logior O_WRONLY O_APPEND))))
626 (format out "~%// Use Skia by default~%")
627 (format out "pref(~s, ~s);~%" "gfx.canvas.azure.backends" "skia")
628 (format out "pref(~s, ~s);~%" "gfx.content.azure.backends" "skia")
629 (close-port out))
630 #t))
631 (add-after
632 'unpack 'arrange-to-link-libxul-with-libraries-it-might-dlopen
633 (lambda _
634 ;; libxul.so dynamically opens libraries, so here we explicitly
635 ;; link them into libxul.so instead.
636 ;;
637 ;; TODO: It might be preferable to patch in absolute file names in
638 ;; calls to dlopen or PR_LoadLibrary, but that didn't seem to
639 ;; work. More investigation is needed.
640 (substitute* "toolkit/library/moz.build"
641 (("^# This library needs to be last" all)
642 (string-append "OS_LIBS += [
643 'GL', 'gnome-2', 'canberra', 'Xss', 'cups', 'gssapi_krb5',
644 'avcodec', 'avutil', 'pulse' ]\n\n"
645 all)))
646 #t))
647 (replace
648 'configure
649 ;; configure does not work followed by both "SHELL=..." and
650 ;; "CONFIG_SHELL=..."; set environment variables instead
651 (lambda* (#:key outputs configure-flags #:allow-other-keys)
652 (let* ((out (assoc-ref outputs "out"))
653 (bash (which "bash"))
654 (abs-srcdir (getcwd))
655 (srcdir (string-append "../" (basename abs-srcdir)))
656 (flags `(,(string-append "--prefix=" out)
657 ,(string-append "--with-l10n-base="
658 abs-srcdir "/l10n")
659 ,@configure-flags)))
660 (setenv "SHELL" bash)
661 (setenv "CONFIG_SHELL" bash)
662 (setenv "AUTOCONF" (which "autoconf")) ; must be autoconf-2.13
663 (mkdir "../build")
664 (chdir "../build")
665 (format #t "build directory: ~s~%" (getcwd))
666 (format #t "configure flags: ~s~%" flags)
667 (zero? (apply system* bash
668 (string-append srcdir "/configure")
669 flags)))))
670 (add-before 'configure 'install-desktop-entry
671 (lambda* (#:key outputs #:allow-other-keys)
672 ;; Install the '.desktop' file.
673 (define (swallow-%%-directives input output)
674 ;; Interpret '%%ifdef' directives found in the '.desktop' file.
675 (let loop ((state 'top))
676 (match (read-line input 'concat)
677 ((? eof-object?)
678 #t)
679 ((? string? line)
680 (cond ((string-prefix? "%%ifdef" line)
681 (loop 'ifdef))
682 ((string-prefix? "%%else" line)
683 (loop 'else))
684 ((string-prefix? "%%endif" line)
685 (loop 'top))
686 (else
687 (case state
688 ((top else)
689 (display line output)
690 (loop state))
691 (else
692 (loop state)))))))))
693
694 (let* ((out (assoc-ref outputs "out"))
695 (applications (string-append out "/share/applications")))
696 (call-with-input-file "debian/icecat.desktop.in"
697 (lambda (input)
698 (call-with-output-file "debian/icecat.desktop"
699 (lambda (output)
700 (swallow-%%-directives input output)))))
701
702 (substitute* "debian/icecat.desktop"
703 (("@MOZ_DISPLAY_NAME@")
704 "GNU IceCat")
705 (("^Exec=@MOZ_APP_NAME@")
706 (string-append "Exec=" out "/bin/icecat"))
707 (("@MOZ_APP_NAME@")
708 "icecat"))
709 (install-file "debian/icecat.desktop" applications)
710 #t)))
711 (add-after 'install-desktop-entry 'install-icons
712 (lambda* (#:key outputs #:allow-other-keys)
713 (let ((out (assoc-ref outputs "out")))
714 (with-directory-excursion "browser/branding/official"
715 (for-each
716 (lambda (file)
717 (let* ((size (string-filter char-numeric? file))
718 (icons (string-append out "/share/icons/hicolor/"
719 size "x" size "/apps")))
720 (mkdir-p icons)
721 (copy-file file (string-append icons "/icecat.png"))))
722 '("default16.png" "default22.png" "default24.png"
723 "default32.png" "default48.png" "content/icon64.png"
724 "mozicon128.png" "default256.png"))))))
725 ;; This fixes the file chooser crash that happens with GTK 3.
726 (add-after 'install 'wrap-program
727 (lambda* (#:key inputs outputs #:allow-other-keys)
728 (let* ((out (assoc-ref outputs "out"))
729 (lib (string-append out "/lib"))
730 (gtk (assoc-ref inputs "gtk+"))
731 (gtk-share (string-append gtk "/share")))
732 (wrap-program (car (find-files lib "^icecat$"))
733 `("XDG_DATA_DIRS" ":" prefix (,gtk-share)))))))))
734 (home-page "https://www.gnu.org/software/gnuzilla/")
735 (synopsis "Entirely free browser derived from Mozilla Firefox")
736 (description
737 "IceCat is the GNU version of the Firefox browser. It is entirely free
738 software, which does not recommend non-free plugins and addons. It also
739 features built-in privacy-protecting features.")
740 (license license:mpl2.0) ;and others, see toolkit/content/license.html
741 (properties
742 `((ftp-directory . "/gnu/gnuzilla")
743 (cpe-name . "firefox_esr")
744 (cpe-version . ,(first (string-split version #\-)))))))
jackhill's copy of GNU Guix: https://guix.gnu.org/