[PATCH 0/5] Add LibreWolf

  • Done
  • quality assurance status badge
Details
9 participants
  • Andrew Tropin
  • Clément Lassieur
  • Herman Rimm
  • Ian Eure
  • Liliana Marie Prikler
  • Ludovic Courtès
  • Mark H Weaver
  • Romain Garbage
  • Sharlatan Hellseher
Owner
unassigned
Submitted by
Ian Eure
Severity
normal
I
I
Ian Eure wrote on 28 Nov 2023 21:09
(address . guix-patches@gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1701186634.git.ian@retrospec.tv
I mentioned in #guix that I was working on a package for LibreWolf, and it was requested that I send in patches, so I am. These changes are based on the firefox-esr package in nonguix; I've retained the copyright / authorship notices from there.

LibreWolf (https://librewolf.net/)is a fork of Firefox which removes the telemetry and advertising, and bundles uBlock Origin. It doesn't have the redistribution issues that Firefox does, its name/logo are under MPL 2.0 and aren't trademarked.

I'm new to Guix, and not remotely a browser development expert, so I don't expect these are ready to be accepted yet, but I believe they're in good enough shape to have a discussion about. They're working acceptably well for me, though I'm not currently daily driving Guix, so there may be issues I haven't encountered yet.

Guide to changes in this patchset
=================================

icu4c has been updated to 73.1, and the previous version kept as icu4c-71. I encountered consistent failures of the node@10.24.1 test suite with icu4c 73.1, so I kept that on 71.1. icu4c is needed by many packages, so this change is the highest-impact in the patchset.

The (gnu packages wasm) module is unchanged from nonguix, except for the file header and module declaration.

The (gnu packages librewolf) module is a simplified/adapted version of (nongnu packages firefox). The Firefox Nightly packages have been removed, as there's no LibreWolf equivalent. I also didn't bring over the wayland variant, but I could, if that's desired. I'm not sure why there are specific x11/wayland variants, as the packages for other distros don't seem to need this split.

The librewolf package has some functions duplicated from (gnu packages gnuzilla), which probably ought to get factored out and put somewhere, but I'm not sure if they should be in (gnu packages mozilla) or a different module. Guidance would be appreciated here.

Ian Eure (5):
gnu: icu4c: Update to 73.1.
gnu: Add icu4c-71.
gnu: node: Switch to icu4c-71.
gnu: Add wasm packages.
gnu: Add librewolf.

gnu/packages/icu4c.scm | 21 +-
gnu/packages/librewolf.scm | 560 +++++++++++++++++++++++++++++++++++++
gnu/packages/node.scm | 4 +-
gnu/packages/wasm.scm | 273 ++++++++++++++++++
4 files changed, 854 insertions(+), 4 deletions(-)
create mode 100644 gnu/packages/librewolf.scm
create mode 100644 gnu/packages/wasm.scm


base-commit: 2410a30f6c06d56b5589e0ad685bcdf09bb144bf
--
2.41.0
I
I
Ian Eure wrote on 28 Nov 2023 21:13
[PATCH 1/5] gnu: icu4c: Update to 73.1.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
5ebb1528778467e817b168d3c7bdad3829d1451c.1701186634.git.ian@retrospec.tv
* gnu/packages/icu4c.scm (icu4c): Update to 73.1.

Change-Id: I77b8186898494e5b677c2e0c4fb0a234747dbd29
---
gnu/packages/icu4c.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 5aaf3a8361..64ae109952 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -45,7 +45,7 @@ (define-module (gnu packages icu4c)
(define-public icu4c
(package
(name "icu4c")
- (version "71.1")
+ (version "73.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -55,7 +55,8 @@ (define-public icu4c
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "1gqywaqj9jmdwrng9lm6inyqmi5j2cz36db9dcqg3yk13zjyd9v7"))))
+ (base32
+ "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))))
(build-system gnu-build-system)
(native-inputs
(append (list python-minimal)
--
2.41.0
I
I
Ian Eure wrote on 28 Nov 2023 21:13
[PATCH 2/5] gnu: Add icu4c-71.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
d75b895ec112693dc5c5d907b99407216597bced.1701186634.git.ian@retrospec.tv
* gnu/packages/icu4c.scm (icu4c-71): New variable.

Change-Id: Iaff0df4d6aaa968cdc43f847bd2ced08d0f3a12e
---
gnu/packages/icu4c.scm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)

Toggle diff (29 lines)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 64ae109952..376cbac5c6 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -110,6 +110,22 @@ (define-public icu4c
(license x11)
(home-page "http://site.icu-project.org/")))
+(define-public icu4c-71
+ (package
+ (inherit icu4c)
+ (name "icu4c")
+ (version "71.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/unicode-org/icu/releases/download/release-"
+ (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
+ "/icu4c-"
+ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+ "-src.tgz"))
+ (sha256
+ (base32 "1gqywaqj9jmdwrng9lm6inyqmi5j2cz36db9dcqg3yk13zjyd9v7"))))))
+
(define-public icu4c-70
(package
(inherit icu4c)
--
2.41.0
I
I
Ian Eure wrote on 28 Nov 2023 21:13
[PATCH 3/5] gnu: node: Switch to icu4c-71.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
962283668728cbee1d762202f07c4923394a6115.1701186634.git.ian@retrospec.tv
* gnu/packages/node.scm (node): Switch to icu4c-71.

I encountered consistent test failures with icu4c 73.1.

Change-Id: Iaad9a4f274f9e3b8736486b58f262a82304b0b5d
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6e30ad486a..668847405d 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -290,7 +290,7 @@ (define-public node
;; Runtime dependencies for binaries used as a bootstrap.
(list c-ares
http-parser
- icu4c
+ icu4c-71
libuv-for-node
`(,nghttp2-for-node "lib")
openssl-1.1
@@ -310,7 +310,7 @@ (define-public node
coreutils
c-ares
http-parser
- icu4c
+ icu4c-71
libuv-for-node
`(,nghttp2-for-node "lib")
openssl
--
2.41.0
I
I
Ian Eure wrote on 28 Nov 2023 21:13
[PATCH 5/5] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
d4eb9ea6777357aa04a373ed396974a541e4a9d3.1701186634.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: Iea4dcf45bfaff118d1d9d6e871c4a4ff3e68a3b3
---
gnu/packages/librewolf.scm | 560 +++++++++++++++++++++++++++++++++++++
1 file changed, 560 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (375 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..b1e890e518
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,560 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages wasm)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build firefox, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every firefox update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+(define %librewolf-build-id "20231120132923")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "120.0-2")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append
+ "https://gitlab.com/api/v4/projects/32320088/packages/generic/librewolf-source/"
+ version "/librewolf-" version ".source.tar.gz"))
+ (sha256
+ (base32 "17yiw4pql9pf2qgk5a6xjqjjbgplla7fflrw1ldgd07rzsjlvj4n"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))
+ (wasi-sysroot #$(this-package-native-input
+ "wasm32-wasi-clang-toolchain")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ ;; "--with-system-png" ;require libpng-apng >= 1.6.35
+ "--with-system-icu"
+ "--enable-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ ;; "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+ ,(string-append "--with-wasi-sysroot="
+ wasi-sysroot "/wasm32-wasi")
+
+ ;; Distribution
+ "--with-distribution-id=org.nonguix"
+ "--disable-official-branding"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow Firefox sandbox to read the store directory,
+ ;; because Firefox sandbox have access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",")
+ ""))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file
+ "dom/media/webspeech/synth/speechd/SpeechDispatcherService.cpp")
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute file
+ `((,(format #f "~s" lib) unquote
+ (λ (line _)
+ (string-replace-substring line lib
+ (string-append #$speech-dispatcher
+ "/lib/"
+ lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Firefox will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does firefox build on
+ ;; non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "WASM_CC"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang"))
+ (setenv "WASM_CXX"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang++"))
+
+ (setenv "MOZ_NOSPAM" "1")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting user's data, including saved passwords and
+ ;; web form data, without users consent. Mozilla was also found shipping updates
+ ;; to systems without the user's knowledge or permission.
+ ;; As a result of this, use the following command to permanently disable
+ ;; telemetry reporting in Firefox.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store-references
+ (lambda _
+ ;; Mangle the store references to compilers & other build tools in
+ ;; about:buildconfig, reducing Firefox's closure by 1 GiB on x86-64.
+ (let* ((build-dir (car (scandir "."
+ (cut string-prefix?
+ "obj-" <>))))
+ (file (string-append build-dir
+ "/dist/bin/chrome/toolkit/content/global/buildconfig.html")))
+ (substitute* file
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory)))
+ _ store hash)
+ (string-append store
+ (string-take hash 8)
+ "<!-- Guix: not a runtime dependency -->"
+ (
This message was truncated. Download the full message here.
I
I
Ian Eure wrote on 28 Nov 2023 21:13
[PATCH 4/5] gnu: Add wasm packages.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
ef85847127588d4cbe687e8d237a8c3e98693848.1701186634.git.ian@retrospec.tv
* gnu/packages/wasm.scm (wasi-libc): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New variable.

Change-Id: I546cb6b7450b760379fb8c3043e48ffc5e714c68
---
gnu/packages/wasm.scm | 273 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 273 insertions(+)
create mode 100644 gnu/packages/wasm.scm

Toggle diff (281 lines)
diff --git a/gnu/packages/wasm.scm b/gnu/packages/wasm.scm
new file mode 100644
index 0000000000..05d247f333
--- /dev/null
+++ b/gnu/packages/wasm.scm
@@ -0,0 +1,273 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022-2023 Pierre Langlois <pierre.langlois@gmx.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages wasm)
+ #:use-module (guix base32)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix utils)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system trivial)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages python))
+
+(define-public wasi-libc
+ (package
+ (name "wasi-libc")
+ (version "sdk-19")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/WebAssembly/wasi-libc")
+ (commit (string-append "wasi-" version))
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0bnpz8wk9wiic938296gxp4vz820bvpi1w41jksjzz5552hql169"))))
+ (build-system gnu-build-system)
+ (native-inputs (list clang-15))
+ (arguments
+ (list
+ #:tests? #f ;No test suite
+ ;; Firefox uses wasm2c to compile WebAssembly to C code, and it
+ ;; does not support the memory.copy opcode.
+ ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1773200#c4
+ #:make-flags ''("BULK_MEMORY_SOURCES=")
+ #:phases #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'set-sysroot-include
+ (lambda _
+ (setenv "C_INCLUDE_PATH"
+ (string-append (getcwd) "/sysroot/include"))))
+ (add-before 'install 'set-install-dir
+ (lambda _
+ (setenv "INSTALL_DIR"
+ (string-append #$output "/wasm32-wasi")))))))
+ (home-page "https://wasi.dev")
+ (synopsis "WASI libc implementation for WebAssembly")
+ (description
+ "WASI Libc is a libc for WebAssembly programs built on top of WASI
+system calls. It provides a wide array of POSIX-compatible C APIs, including
+support for standard I/O, file I/O, filesystem manipulation, memory
+management, time, string, environment variables, program startup, and many
+other APIs.")
+ (license (list
+ ;; For wasi-libc, with LLVM exceptions
+ license:asl2.0
+ ;; For malloc.c.
+ license:cc0
+ ;; For cloudlibc.
+ license:bsd-2
+ ;; For wasi-libc and musl-libc.
+ license:expat))))
+
+(define-public wasm32-wasi-clang-runtime
+ (package (inherit clang-runtime-15)
+ (native-inputs
+ (list clang-15
+ wasi-libc))
+ (inputs (list llvm-15))
+ (arguments
+ (list
+ #:build-type "Release"
+ #:tests? #f
+ ;; Stripping binaries breaks wasm linking, resulting in the following
+ ;; error: "archive has no index; run ranlib to add one".
+ #:strip-binaries? #f
+ #:configure-flags
+ #~(list "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ (string-append
+ "-DCMAKE_SYSROOT=" #$wasi-libc "/wasm32-wasi")
+ (string-append
+ "-DCMAKE_C_FLAGS=-I " #$wasi-libc "/wasm32-wasi/include")
+
+ "-DCOMPILER_RT_OS_DIR=wasi"
+
+ "-DCOMPILER_RT_BAREMETAL_BUILD=On"
+ "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=On"
+
+ ;; WASM only needs libclang_rt.builtins-wasm32.a from
+ ;; compiler-rt.
+ "../source/compiler-rt/lib/builtins")))))
+
+;; FIXME: Ideally we wouldn't need to build a separate compiler because clang
+;; can support multiple targets at runtime. However Guix patches the default
+;; clang with a specific clang-runtime package. It would be good to improve
+;; upstream Guix's support for cross-compiling with clang.
+
+(define clang-from-llvm (@@ (gnu packages llvm) clang-from-llvm))
+(define llvm-monorepo (@@ (gnu packages llvm) llvm-monorepo))
+
+(define-public wasm32-wasi-clang
+ (let ((base (clang-from-llvm llvm-15 wasm32-wasi-clang-runtime)))
+ (package
+ (inherit base)
+ (name "wasm32-wasi-clang")
+ (inputs (modify-inputs (package-inputs base)
+ (prepend wasi-libc)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments base)
+ ((#:configure-flags flags)
+ #~(list "-DCLANG_INCLUDE_TESTS=True"
+ ;; Use a sane default include directory.
+ (string-append "-DC_INCLUDE_DIRS="
+ #$wasi-libc "/wasm32-wasi/include")))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'symlink-cfi_ignorelist))))))))
+
+(define-public wasm32-wasi-libcxx
+ (package
+ (name "wasm32-wasi-libcxx")
+ (version (package-version llvm-15))
+ (source
+ (llvm-monorepo version))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(list (string-append "-S ../source/runtimes")
+
+ "-DLLVM_ENABLE_RUNTIMES=libcxx;libcxxabi"
+
+ (string-append "-DCMAKE_SYSROOT="
+ #$wasi-libc "/wasm32-wasi")
+
+ (string-append "-DCMAKE_INCLUDE_PATH="
+ #$wasi-libc
+ "/wasm32-wasi/include")
+
+ (string-append "-DCMAKE_STAGING_PREFIX="
+ #$output "/wasm32-wasi")
+
+ "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_WORKS=ON"
+ "-DCMAKE_CXX_COMPILER=clang++"
+ "-DCMAKE_CXX_COMPILER_WORKS=ON"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ "-DCMAKE_CXX_COMPILER_TARGET=wasm32-wasi"
+
+ "-DLIBCXX_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXX_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXX_ENABLE_SHARED=OFF"
+ "-DLIBCXX_ENABLE_THREADS=OFF"
+ "-DLIBCXX_ENABLE_FILESYSTEM=OFF"
+
+ "-DLIBCXXABI_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXXABI_ENABLE_SHARED=OFF"
+ "-DLIBCXXABI_ENABLE_THREADS=OFF"
+ "-DLIBCXXABI_ENABLE_FILESYSTEM=OFF")
+ #:tests? #f
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'set-paths 'adjust-CPLUS_INCLUDE_PATH
+ (lambda _
+ (setenv "CPLUS_INCLUDE_PATH"
+ (string-append #$wasi-libc
+ "/wasm32-wasi/include:"
+ (getenv "CPLUS_INCLUDE_PATH"))))))))
+ (native-inputs (list lld python wasm32-wasi-clang))
+ (inputs (list wasi-libc))
+ (home-page "https://libcxx.llvm.org")
+ (synopsis "C++ standard library for WebAssembly")
+ (description
+ "This package provides an implementation of the C++ standard library for
+use with Clang, targeting C++11, C++14 and above. This package targets
+WebAssembly with WASI.")
+ (license license:expat)))
+
+(define-public wasm32-wasi-clang-toolchain
+ (package
+ (name "wasm32-wasi-clang-toolchain")
+ (version (package-version wasm32-wasi-clang))
+ (source
+ #f)
+ (build-system trivial-build-system)
+ (arguments
+ (list
+ #:builder (with-imported-modules '((guix build union)
+ (guix build utils))
+ #~(begin
+ (use-modules (guix build union)
+ (guix build utils))
+ (union-build #$output
+ (list #$wasm32-wasi-clang-runtime
+ #$wasi-libc
+ #$wasm32-wasi-libcxx))
+ (mkdir-p (string-append #$output
+ "/bin"))
+
+ ;; We provide clang and clang++ via a wrapped program that sets
+ ;; include paths correctly so that it does not include paths from
+ ;; the host.
+
+ ;; FIXME: Review how we can provide better support for
+ ;; cross-compiling with clang in Guix, maybe adding support for
+ ;; the CROSS_C_INCLUDE_PATH and CROSS_CPLUS_INCLUDE_PATH
+ ;; environment variables like GCC.
+
+ (for-each (lambda (bin)
+ (symlink (string-append #$wasm32-wasi-clang
+ bin)
+ (string-append #$output
+ bin))
+ (wrap-program (string-append #$output
+ bin)
+ #:sh (string-append #$bash-minimal
+ "/bin/bash")
+ `("C_INCLUDE_PATH"
+ ":" =
+ (,(string-append #$output
+ "/wasm32-wasi/include")))
+ `("CPLUS_INCLUDE_PATH"
+ ":" =
+ ;; Make sure inclure/c++/v1 comes first for #include_next
+ ;; to work.
+ (,(string-append #$output
+ "/wasm32-wasi/include/c++/v1") ,
+ (string-append #$output
+ "/wasm32-wasi/include")))))
+ '("/bin/clang"
+ "/bin/clang++"))
+
+ (symlink (string-append #$lld
+ "/bin/wasm-ld")
+ (string-append #$output
+ "/bin/wasm-ld"))))))
+ (inputs (list bash-minimal
+ lld
+ wasi-libc
+ wasm32-wasi-clang
+ wasm32-wasi-clang-runtime
+ wasm32-wasi-libcxx))
+ (license (cons (package-license wasm32-wasi-clang)
+ (package-license wasi-libc)))
+ (home-page "https://clang.llvm.org")
+ (synopsis
+ "Complete Clang toolchain for C/C++ development, for WebAssembly.")
+ (description
+ "This package provides a complete Clang toolchain for C/C++
+development targeting WebAssembly with WASI. This includes Clang, as well as
+libc, libc++ and wasm-ld.")))
--
2.41.0
L
L
Ludovic Courtès wrote on 10 Dec 2023 22:57
Re: [bug#67512] [PATCH 0/5] Add LibreWolf
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
878r613em1.fsf@gnu.org
Hi!

Ian Eure <ian@retrospec.tv> skribis:

Toggle quote (6 lines)
> I mentioned in #guix that I was working on a package for LibreWolf, and it was requested that I send in patches, so I am. These changes are based on the firefox-esr package in nonguix; I've retained the copyright / authorship notices from there.
>
> LibreWolf (https://librewolf.net/) is a fork of Firefox which removes the telemetry and advertising, and bundles uBlock Origin. It doesn't have the redistribution issues that Firefox does, its name/logo are under MPL 2.0 and aren't trademarked.
>
> I'm new to Guix, and not remotely a browser development expert, so I don't expect these are ready to be accepted yet, but I believe they're in good enough shape to have a discussion about. They're working acceptably well for me, though I'm not currently daily driving Guix, so there may be issues I haven't encountered yet.

This is much appreciated! People often complain that IceCat is based on
too old a version of Firefox, so if we can have LibreWolf (or even
Firefox without its problematic bits), that’s great.

Toggle quote (2 lines)
> The librewolf package has some functions duplicated from (gnu packages gnuzilla), which probably ought to get factored out and put somewhere, but I'm not sure if they should be in (gnu packages mozilla) or a different module. Guidance would be appreciated here.

To me that’s the main issue here: these packages are complex, and I
wouldn’t want us to end up with two (or more!) copies of these beasts.

As the person who made the changes, it would be great if you could
pinpoint things that had to be changed compared to ‘icecat’. What
phases or flags differ? What phases can be factorized?

Thanks for your hard work!

Ludo’.
I
I
Ian Eure wrote on 10 Dec 2023 23:28
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 67512@debbugs.gnu.org)
87h6kpk7db.fsf@retrospec.tv
Hi, thank you very much for your comments.

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (34 lines)
> Hi!
>
> Ian Eure <ian@retrospec.tv> skribis:
>
>> I mentioned in #guix that I was working on a package for
>> LibreWolf,
>> and it was requested that I send in patches, so I am. These
>> changes
>> are based on the firefox-esr package in nonguix; I've retained
>> the
>> copyright / authorship notices from there.
>>
>> LibreWolf (https://librewolf.net/) is a fork of Firefox which
>> removes the telemetry and advertising, and bundles uBlock
>> Origin.
>> It doesn't have the redistribution issues that Firefox does,
>> its
>> name/logo are under MPL 2.0 and aren't trademarked.
>>
>> I'm new to Guix, and not remotely a browser development expert,
>> so I
>> don't expect these are ready to be accepted yet, but I believe
>> they're in good enough shape to have a discussion about.
>> They're
>> working acceptably well for me, though I'm not currently daily
>> driving Guix, so there may be issues I haven't encountered yet.
>
> This is much appreciated! People often complain that IceCat is
> based on
> too old a version of Firefox, so if we can have LibreWolf (or
> even
> Firefox without its problematic bits), that’s great.
>

IMO, LibreWolf pretty much is Firefox without the problematic
bits.
It’s been my default browser for several years, and I’m very
satisfied
with it.

Toggle quote (18 lines)
>> The librewolf package has some functions duplicated from (gnu
>> packages gnuzilla), which probably ought to get factored out
>> and put
>> somewhere, but I'm not sure if they should be in (gnu packages
>> mozilla) or a different module. Guidance would be appreciated
>> here.
>
> To me that’s the main issue here: these packages are complex,
> and I
> wouldn’t want us to end up with two (or more!) copies of these
> beasts.
>
> As the person who made the changes, it would be great if you
> could
> pinpoint things that had to be changed compared to ‘icecat’.
> What
> phases or flags differ? What phases can be factorized?
>
This work isn’t based on the icecat package, but on the
firefox-esr
package from nonguix. The duplication I refer to is two small
helper
functions, `runpath-of' and `runpaths-of-input', totaling nine
lines
of code; they’re flagged with a comment in the patch. As
mentioned in
the cover letter, I’m happy to extract these, I just don’t know
where
they ought to be placed. They’re defined inside a lambda in a
gexp,
which sounds like it may be challenging to put somewhere
accessible to
both packages.

Skimming the icecat package, not many of the build steps are
shared
with librewolf, and factoring the commonalities out would IMO
result
in overly complex, brittle, hard to maintain code that’s worse
than
the slight duplication between the two packages. If there’s a
strong
feeling that they must be accounted for, I’ll give it a try, but I
don’t believe that it’s the best option.

Thanks,

— Ian
L
L
Ludovic Courtès wrote on 14 Dec 2023 19:39
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
87sf44tyqb.fsf@gnu.org
Hi Ian,

Ian Eure <ian@retrospec.tv> skribis:

Toggle quote (2 lines)
> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (10 lines)
>> This is much appreciated! People often complain that IceCat is
>> based on
>> too old a version of Firefox, so if we can have LibreWolf (or even
>> Firefox without its problematic bits), that’s great.
>>
>
> IMO, LibreWolf pretty much is Firefox without the problematic bits.
> It’s been my default browser for several years, and I’m very satisfied
> with it.

Perfect, then.

Toggle quote (20 lines)
>> As the person who made the changes, it would be great if you could
>> pinpoint things that had to be changed compared to ‘icecat’. What
>> phases or flags differ? What phases can be factorized?
>>
> This work isn’t based on the icecat package, but on the firefox-esr
> package from nonguix. The duplication I refer to is two small helper
> functions, `runpath-of' and `runpaths-of-input', totaling nine lines
> of code; they’re flagged with a comment in the patch. As mentioned in
> the cover letter, I’m happy to extract these, I just don’t know where
> they ought to be placed. They’re defined inside a lambda in a gexp,
> which sounds like it may be challenging to put somewhere accessible to
> both packages.
>
> Skimming the icecat package, not many of the build steps are shared
> with librewolf, and factoring the commonalities out would IMO result
> in overly complex, brittle, hard to maintain code that’s worse than
> the slight duplication between the two packages. If there’s a strong
> feeling that they must be accounted for, I’ll give it a try, but I
> don’t believe that it’s the best option.

Yeah, you’re right that factorizing can be a bad idea when misplaced, so
let’s keep it that way.

I’ll take a closer look at the patches if nobody beats me at it!

Thanks,
Ludo’.
H
H
Herman Rimm wrote on 13 Jan 18:53 +0100
[bug#67512] [PATCH 5/5] gnu: Add librewolf.
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
mt4aodvwlggrmgr5y6gym5z2sqhf4kkzo2azc6r2wknb6jb4q2@dondfdar7aq3
Hi Ian,

You can enable --with-system-png flag since libpng-apng >= 1.6.35. These
two icecat flags may be required for addons from gnuzilla.gnu.org:

;; Do not require addons in the global app or system directories to
;; be signed by Mozilla.
"--with-unsigned-addon-scopes=app,system"
"--allow-addon-sideload"

This icecat-minimal flag disables DRM:

;; The --disable-eme option is not available on aarch64.
#$(if (target-aarch64?) "" "--disable-eme")

Librewolf should not link to addons.mozilla.org, using this build phase
from torbrowser:

(add-before 'build 'fix-addons-placeholder
(lambda _
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))

Cheers,
Herman
C
C
Clément Lassieur wrote on 17 Jan 16:43 +0100
Re: [bug#67512] [PATCH 0/5] Add LibreWolf
(address . 67512@debbugs.gnu.org)
87a5p49d98.fsf@lassieur.org
Hi Ian and Pierre,

Thank you for this! I hope to do a review soon. Meanwhile I have one
question for Pierre: is there any reason why your Wasm work was
contributed to Nonguix instead of Guix? It looks like it could be used
by Icecat. Would you say it is ready to be added to the Guix repo?

Thank you,
Clément

On Tue, Nov 28 2023, Ian Eure wrote:

Toggle quote (34 lines)
> I mentioned in #guix that I was working on a package for LibreWolf, and it was requested that I send in patches, so I am. These changes are based on the firefox-esr package in nonguix; I've retained the copyright / authorship notices from there.
>
> LibreWolf (https://librewolf.net/) is a fork of Firefox which removes the telemetry and advertising, and bundles uBlock Origin. It doesn't have the redistribution issues that Firefox does, its name/logo are under MPL 2.0 and aren't trademarked.
>
> I'm new to Guix, and not remotely a browser development expert, so I don't expect these are ready to be accepted yet, but I believe they're in good enough shape to have a discussion about. They're working acceptably well for me, though I'm not currently daily driving Guix, so there may be issues I haven't encountered yet.
>
> Guide to changes in this patchset
> =================================
>
> icu4c has been updated to 73.1, and the previous version kept as icu4c-71. I encountered consistent failures of the node@10.24.1 test suite with icu4c 73.1, so I kept that on 71.1. icu4c is needed by many packages, so this change is the highest-impact in the patchset.
>
> The (gnu packages wasm) module is unchanged from nonguix, except for the file header and module declaration.
>
> The (gnu packages librewolf) module is a simplified/adapted version of (nongnu packages firefox). The Firefox Nightly packages have been removed, as there's no LibreWolf equivalent. I also didn't bring over the wayland variant, but I could, if that's desired. I'm not sure why there are specific x11/wayland variants, as the packages for other distros don't seem to need this split.
>
> The librewolf package has some functions duplicated from (gnu packages gnuzilla), which probably ought to get factored out and put somewhere, but I'm not sure if they should be in (gnu packages mozilla) or a different module. Guidance would be appreciated here.
>
> Ian Eure (5):
> gnu: icu4c: Update to 73.1.
> gnu: Add icu4c-71.
> gnu: node: Switch to icu4c-71.
> gnu: Add wasm packages.
> gnu: Add librewolf.
>
> gnu/packages/icu4c.scm | 21 +-
> gnu/packages/librewolf.scm | 560 +++++++++++++++++++++++++++++++++++++
> gnu/packages/node.scm | 4 +-
> gnu/packages/wasm.scm | 273 ++++++++++++++++++
> 4 files changed, 854 insertions(+), 4 deletions(-)
> create mode 100644 gnu/packages/librewolf.scm
> create mode 100644 gnu/packages/wasm.scm
>
>
> base-commit: 2410a30f6c06d56b5589e0ad685bcdf09bb144bf
I
I
Ian Eure wrote on 28 Jan 22:23 +0100
Re: [bug#67512] [PATCH 5/5] gnu: Add librewolf.
(name . Herman Rimm)(address . herman@rimm.ee)(address . 67512@debbugs.gnu.org)
87y1c92kfx.fsf@meson
Herman Rimm <herman@rimm.ee> writes:

Toggle quote (8 lines)
> Hi Ian,
>
> You can enable --with-system-png flag since libpng-apng >=
> 1.6.35. These
> two icecat flags may be required for addons from
> gnuzilla.gnu.org:
>

Thanks, I’ve made this change, along with a few other fixes I
found over the last couple weeks. I’ll send an updated patch
series, but would like to resolve the issues you raise first, to
avoid repeatedly sending the patch series.


Toggle quote (6 lines)
> This icecat-minimal flag disables DRM:
>
> ;; The --disable-eme option is not available on aarch64.
> #$(if (target-aarch64?) "" "--disable-eme")
>

LibreWolf disables DRM by default[1], so I don’t believe this flag
is necessary. I can confirm that it’s disabled in the browser
built from the package definition without this flag.


Toggle quote (5 lines)
> Librewolf should not link to addons.mozilla.org, using this
> build phase
> from torbrowser:
>

What’s the rationale for not using addons.mozilla.org?

gnuzilla.gnu.org appears to be broken, it’s serving an Apache
default page, as if the vhost isn’t configured. Does the browser
request some path within that domain, which does work? I’m not
familiar with the mechanism used for this.

— Ian

I
I
Ian Eure wrote on 28 Jan 23:51 +0100
(name . Herman Rimm)(address . herman@rimm.ee)(address . 67512@debbugs.gnu.org)
87ttmx2hoc.fsf@meson
Ian Eure <ian@retrospec.tv> writes:

Toggle quote (13 lines)
>> This icecat-minimal flag disables DRM:
>>
>> ;; The --disable-eme option is not available on aarch64.
>> #$(if (target-aarch64?) "" "--disable-eme")
>>
>
> LibreWolf disables DRM by default[1], so I don’t believe this
> flag is
> necessary. I can confirm that it’s disabled in the browser
> built from
> the package definition without this flag.
>

I looked a bit deeper into this. There are actually no
EME-related configuration options in Librewolf at all, either to
enable or disable it. It’s always disabled.

— Ian
H
H
Herman Rimm wrote on 2 Feb 19:44 +0100
[bug#67512] [PATCH 5/5] gnu: Add librewolf.
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
w4s2lkqmwhnc5q4lalefo7gjuntimchux3za444qdbdr7vpmlh@3s4f5jrxfb77
On Sun, Jan 28, 2024 at 01:23:40PM -0800, Ian Eure wrote:
Toggle quote (14 lines)
>
> Herman Rimm <herman@rimm.ee> writes:
>
> > Librewolf should not link to addons.mozilla.org, using this build phase
> > from torbrowser:
> >
>
> What’s the rationale for not using addons.mozilla.org?
>
> gnuzilla.gnu.org appears to be broken, it’s serving an Apache default page,
> as if the vhost isn’t configured. Does the browser request some path within
> that domain, which does work? I’m not familiar with the mechanism used for
> this.

Apologies, the URL is: https://gnuzilla.gnu.org/mozzarella/.It is used
because addons.mozilla.org contains nonfree extensions, from [1]:

A free system distribution must not steer users towards obtaining any
nonfree information for practical use, or encourage them to do so. The
system should have no repositories for nonfree software and no
specific recipes for installation of particular nonfree programs. Nor
should the distribution refer to third-party repositories that are not
committed to only including free software; even if they only have free
software today, that may not be true tomorrow. Programs in the system
should not suggest installing nonfree plugins, documentation, and so
on.

For instance, a free system distribution must not contain browsers
that implement EME, the browser functionality designed to load DRM
modules.

Toggle quote (9 lines)
>> LibreWolf disables DRM by default[1], so I don’t believe this flag is
>> necessary. I can confirm that it’s disabled in the browser built from
>> the package definition without this flag.
>>
>
>I looked a bit deeper into this. There are actually no EME-related
>configuration options in Librewolf at all, either to enable or disable it.
>It’s always disabled.

Interesting, I applied the patch series onto 551d013, built librewolf,
removed ~/.librewolf and ~/.mozilla, started librewolf and went to
about:config, where 'browser.eme.ui.enabled' has the default value
'true', so I can see and toggle the checkbox for 'play DRM-controlled
content' in about:preferences. I don't know why 'browser.eme.ui.enabled'
is 'true' by default for me, but I think adding --disable-eme will set
the default to 'false', like it is in the icecat-minimal about:config.

Looking at the firefox source [2], 'browser.eme.ui.enabled' is set to
true if MOZ_WIDEVINE_EME is defined, false otherwise. MOZ_WIDEVINE_EME
gets defined by being in MOZ_EME_MODULES, which is set to eme_modules in
toolkit/moz.configure where a comment reads:

# Widevine is enabled by default in desktop browser builds.

When running grep in a Librewolf repo [3] for the aformentioned terms,
only the --disable-jxl configure flag is modified in toolkit/
moz.configure, so I don't think the Librewolf developers disable EME. I
am not sure though, I don't want to rebuild librewolf with the
--disable-eme flag to look for the difference.

Cheers,
Herman

I
I
Ian Eure wrote on 7 Feb 00:29 +0100
(address . 67512@debbugs.gnu.org)
874jekzzyl.fsf@retrospec.tv
Herman Rimm <herman@rimm.ee> writes:

Toggle quote (25 lines)
> On Sun, Jan 28, 2024 at 01:23:40PM -0800, Ian Eure wrote:
>>
>> Herman Rimm <herman@rimm.ee> writes:
>>
>> > Librewolf should not link to addons.mozilla.org, using this
>> > build phase
>> > from torbrowser:
>> >
>>
>> What’s the rationale for not using addons.mozilla.org?
>>
>> gnuzilla.gnu.org appears to be broken, it’s serving an Apache
>> default page,
>> as if the vhost isn’t configured. Does the browser request
>> some path within
>> that domain, which does work? I’m not familiar with the
>> mechanism used for
>> this.
>
> Apologies, the URL is: https://gnuzilla.gnu.org/mozzarella/. It
> is used
> because addons.mozilla.org contains nonfree extensions, from
> [1]:
>

I’ll look into this and see what it takes to adjust.


Toggle quote (29 lines)
>>> LibreWolf disables DRM by default[1], so I don’t believe this
>>> flag is
>>> necessary. I can confirm that it’s disabled in the browser
>>> built from
>>> the package definition without this flag.
>>>
>>
>>I looked a bit deeper into this. There are actually no
>>EME-related
>>configuration options in Librewolf at all, either to enable or
>>disable it.
>>It’s always disabled.
>
> Interesting, I applied the patch series onto 551d013, built
> librewolf,
> removed ~/.librewolf and ~/.mozilla, started librewolf and went
> to
> about:config, where 'browser.eme.ui.enabled' has the default
> value
> 'true', so I can see and toggle the checkbox for 'play
> DRM-controlled
> content' in about:preferences. I don't know why
> 'browser.eme.ui.enabled'
> is 'true' by default for me, but I think adding --disable-eme
> will set
> the default to 'false', like it is in the icecat-minimal
> about:config.
>

I completely misunderstood the various settings and systems at
play here, which I believe led us to talk past each other. The
summary of the situation, best as I can tell, is this:

- EME support: a build setting controlling whether the browser
supports *any kind* of encrypted media playback.
- Widevine support: one kind of DRM, implemented as an EME plugin.
- `browser.eme.ui.enabled' browser preference: controls whether
the UI for DRM is visible. Controls visibility *only*. A
browser build without EME will still show this if
`browser.eme.ui.enabled' is `true' (but the control does
nothing). A browser build *with* EME (and one or more DRM
plugins) can have this set to `false' and still play DRM’d
content.
- The checkbox within the EME UI: On browsers built with EME and
DRM plugin(s), controls whether that is allowed to be used. On
browsers without EME+Widevine, does nothing.

The default configuration of a clean install of a stock LibreWolf
build is:

- The browser is built with EME and Widevine support
- The UI to enable DRM is visible.
- Within that UI, the checkbox is unchecked (meaning DRM is not
enabled).

I have rebuilt with --disable-eme and confirmed that even with
browser.eme.ui.enabled=true and the "Play DRM-controlled content"
box checked, the resulting build cannot play DRM’d streams. This
was actually somewhat difficult, since I don’t use or have access
to any commercial streaming service, but I found a website which
lets you test DRM playback, and used that to compare behavior of a
LibreWolf binary obtained from the project with my build. Should
anyone else want to verify, or need to do this kind of testing,


Toggle quote (9 lines)
> When running grep in a Librewolf repo [3] for the aformentioned
> terms,
> only the --disable-jxl configure flag is modified in toolkit/
> moz.configure, so I don't think the Librewolf developers disable
> EME.I
> am not sure though, I don't want to rebuild librewolf with the
> --disable-eme flag to look for the difference.
>

The "source" repo contains patches and orchestration to produce
the LibreWolf source tarball. The setting which disables DRM by
default is in their settings repo[1], which is a submodule. The
likely scenario is that you cloned the repo with the eminently
reasonable assumption that this would produce a full copy of its
contents, and grepped them. Unfortunately, Git submodules are
deeply unreasonable, and do not work this way -- you must perform
manual actions to populate or update them, which is very easy to
forget, especially if one doesn’t work with them regularly.

LibreWolf’s specific wording is "We disable DRM by default," which
I believe is accurate, but fails to capture the fullness of the
situation, i.e. that DRM support is included, but dormant. So
you’re also correct that they don’t disable EME -- the disabling
happens above that layer. This was not clear to me in the earlier
discussions.

I’ve removed EME from the build, and will work on replacing
Mozilla’s addons with Mozarella, then send an updated patch
series. Separately, I’ve also managed to unbundle libpng,
libwebp, and nss; fixed the glxinfo utility program; and
eliminated a redundant copy of the main binary.

Thanks,

— Ian

[1]:
C
C
Clément Lassieur wrote on 7 Feb 11:06 +0100
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
87fry4k2q9.fsf@lassieur.org
On Tue, Feb 06 2024, Ian Eure wrote:

Toggle quote (3 lines)
> I’ve removed EME from the build, and will work on replacing Mozilla’s addons
> with Mozarella, then send an updated patch series.

For this you can just copy what's done in the Tor Browser package, which
is a copy of what's done in upstream Icecat.

Cheers
I
I
Ian Eure wrote on 11 Feb 20:20 +0100
[PATCH v2 4/4] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211192031.32284-5-ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 653 +++++++++++++++++++++++++++++++++++++
1 file changed, 653 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (380 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..32d51eabaf
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,653 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages wasm)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build firefox, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every firefox update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+(define %librewolf-build-id "20240130195200")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "122.0-2")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "0ggysgbazx5dl0l9dyvrpjgzbvivgddm9qyiyvjjfk9im9sljkxh"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))
+ (wasi-sysroot #$(this-package-native-input
+ "wasm32-wasi-clang-toolchain")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+ ,(string-append "--with-wasi-sysroot="
+ wasi-sysroot "/wasm32-wasi")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow Firefox sandbox to read the store directory,
+ ;; because Firefox sandbox have access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",")
+ ""))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute file
+ `((,(format #f "~s" lib) unquote
+ (λ (line _)
+ (string-replace-substring line lib
+ (string-append #$speech-dispatcher
+ "/lib/"
+ lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Firefox will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does firefox build on
+ ;; non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "WASM_CC"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang"))
+ (setenv "WASM_CXX"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang++"))
+
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting in Firefox.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build '1fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store
This message was truncated. Download the full message here.
I
I
Ian Eure wrote on 11 Feb 20:20 +0100
[PATCH v2 0/4] Add Librewolf
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211192031.32284-1-ian@retrospec.tv
Updated patch series.

* Updates LibreWolf to 122.0-2.
* Moved the icu4c-73-future package definition in (gnu packages gnuzilla) to (gnu packages icu4c).
* Updating icu4c to 73.1 would cause a world rebuild, so this is added as `icu4c-73' to avoid that.
* Disabled EME.
* Uses GNU Mozzarella instead of Firefox for addons.
* Updates NSS package.
* Unbundles libpng-apng, libwebp, nss, libevent, and libvpx.

I believe this addresses all the items I received feedback on.

Ian Eure (4):
gnu: Move icu4c-73 from gnuzilla to icu4c.
gnu: nss: Update to 3.97.
gnu: Add wasm packages.
gnu: Add librewolf.

gnu/packages/certs.scm | 4 +-
gnu/packages/gnuzilla.scm | 27 +-
gnu/packages/icu4c.scm | 22 ++
gnu/packages/librewolf.scm | 653 +++++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 6 +-
gnu/packages/wasm.scm | 273 ++++++++++++++++
6 files changed, 954 insertions(+), 31 deletions(-)
create mode 100644 gnu/packages/librewolf.scm
create mode 100644 gnu/packages/wasm.scm

--
2.39.2
I
I
Ian Eure wrote on 11 Feb 20:20 +0100
[PATCH v2 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211192031.32284-2-ian@retrospec.tv
* gnu/packages/icu4c.scm (icu4c-73): New variable.
* gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.

Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab
---
gnu/packages/gnuzilla.scm | 27 +--------------------------
gnu/packages/icu4c.scm | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+), 26 deletions(-)

Toggle diff (80 lines)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 5f77512427..094ff348e9 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -375,31 +375,6 @@ (define-public mozjs-78
(list icu4c-69 readline zlib))))
-;;
-;; Needed for IceCat 115.
-;;
-(define icu4c-73-promise
- (delay
- (package
- (inherit icu4c)
- (version "73.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/unicode-org/icu/releases/download/release-"
- (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
- "/icu4c-"
- (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
- "-src.tgz"))
- (sha256
- (base32
- "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
- (patches
- (cons
- (search-patch
- "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
- (origin-patches (package-source icu4c)))))))))
-
;;;
;;; Localization helper procedures.
;;;
@@ -757,7 +732,7 @@ (define-public icecat-minimal
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374).
ffmpeg-5
libvpx
- (force icu4c-73-promise)
+ icu4c-73
pixman
pulseaudio
mesa
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 5aaf3a8361..0dfe63b20a 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -109,6 +109,28 @@ (define-public icu4c
(license x11)
(home-page "http://site.icu-project.org/")))
+(define-public icu4c-73
+ (package
+ (inherit icu4c)
+ (name "icu4c")
+ (version "73.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/unicode-org/icu/releases/download/release-"
+ (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
+ "/icu4c-"
+ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+ "-src.tgz"))
+ (sha256
+ (base32
+ "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
+ (patches
+ (cons
+ (search-patch
+ "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
+ (origin-patches (package-source icu4c))))))))
+
(define-public icu4c-70
(package
(inherit icu4c)
--
2.39.2
I
I
Ian Eure wrote on 11 Feb 20:20 +0100
[PATCH v2 3/4] gnu: Add wasm packages.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211192031.32284-4-ian@retrospec.tv
* gnu/packages/wasm.scm (wasi-libc): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New variable.
---
gnu/packages/wasm.scm | 273 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 273 insertions(+)
create mode 100644 gnu/packages/wasm.scm

Toggle diff (281 lines)
diff --git a/gnu/packages/wasm.scm b/gnu/packages/wasm.scm
new file mode 100644
index 0000000000..05d247f333
--- /dev/null
+++ b/gnu/packages/wasm.scm
@@ -0,0 +1,273 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022-2023 Pierre Langlois <pierre.langlois@gmx.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages wasm)
+ #:use-module (guix base32)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix utils)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system trivial)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages python))
+
+(define-public wasi-libc
+ (package
+ (name "wasi-libc")
+ (version "sdk-19")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/WebAssembly/wasi-libc")
+ (commit (string-append "wasi-" version))
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0bnpz8wk9wiic938296gxp4vz820bvpi1w41jksjzz5552hql169"))))
+ (build-system gnu-build-system)
+ (native-inputs (list clang-15))
+ (arguments
+ (list
+ #:tests? #f ;No test suite
+ ;; Firefox uses wasm2c to compile WebAssembly to C code, and it
+ ;; does not support the memory.copy opcode.
+ ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1773200#c4
+ #:make-flags ''("BULK_MEMORY_SOURCES=")
+ #:phases #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'set-sysroot-include
+ (lambda _
+ (setenv "C_INCLUDE_PATH"
+ (string-append (getcwd) "/sysroot/include"))))
+ (add-before 'install 'set-install-dir
+ (lambda _
+ (setenv "INSTALL_DIR"
+ (string-append #$output "/wasm32-wasi")))))))
+ (home-page "https://wasi.dev")
+ (synopsis "WASI libc implementation for WebAssembly")
+ (description
+ "WASI Libc is a libc for WebAssembly programs built on top of WASI
+system calls. It provides a wide array of POSIX-compatible C APIs, including
+support for standard I/O, file I/O, filesystem manipulation, memory
+management, time, string, environment variables, program startup, and many
+other APIs.")
+ (license (list
+ ;; For wasi-libc, with LLVM exceptions
+ license:asl2.0
+ ;; For malloc.c.
+ license:cc0
+ ;; For cloudlibc.
+ license:bsd-2
+ ;; For wasi-libc and musl-libc.
+ license:expat))))
+
+(define-public wasm32-wasi-clang-runtime
+ (package (inherit clang-runtime-15)
+ (native-inputs
+ (list clang-15
+ wasi-libc))
+ (inputs (list llvm-15))
+ (arguments
+ (list
+ #:build-type "Release"
+ #:tests? #f
+ ;; Stripping binaries breaks wasm linking, resulting in the following
+ ;; error: "archive has no index; run ranlib to add one".
+ #:strip-binaries? #f
+ #:configure-flags
+ #~(list "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ (string-append
+ "-DCMAKE_SYSROOT=" #$wasi-libc "/wasm32-wasi")
+ (string-append
+ "-DCMAKE_C_FLAGS=-I " #$wasi-libc "/wasm32-wasi/include")
+
+ "-DCOMPILER_RT_OS_DIR=wasi"
+
+ "-DCOMPILER_RT_BAREMETAL_BUILD=On"
+ "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=On"
+
+ ;; WASM only needs libclang_rt.builtins-wasm32.a from
+ ;; compiler-rt.
+ "../source/compiler-rt/lib/builtins")))))
+
+;; FIXME: Ideally we wouldn't need to build a separate compiler because clang
+;; can support multiple targets at runtime. However Guix patches the default
+;; clang with a specific clang-runtime package. It would be good to improve
+;; upstream Guix's support for cross-compiling with clang.
+
+(define clang-from-llvm (@@ (gnu packages llvm) clang-from-llvm))
+(define llvm-monorepo (@@ (gnu packages llvm) llvm-monorepo))
+
+(define-public wasm32-wasi-clang
+ (let ((base (clang-from-llvm llvm-15 wasm32-wasi-clang-runtime)))
+ (package
+ (inherit base)
+ (name "wasm32-wasi-clang")
+ (inputs (modify-inputs (package-inputs base)
+ (prepend wasi-libc)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments base)
+ ((#:configure-flags flags)
+ #~(list "-DCLANG_INCLUDE_TESTS=True"
+ ;; Use a sane default include directory.
+ (string-append "-DC_INCLUDE_DIRS="
+ #$wasi-libc "/wasm32-wasi/include")))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'symlink-cfi_ignorelist))))))))
+
+(define-public wasm32-wasi-libcxx
+ (package
+ (name "wasm32-wasi-libcxx")
+ (version (package-version llvm-15))
+ (source
+ (llvm-monorepo version))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(list (string-append "-S ../source/runtimes")
+
+ "-DLLVM_ENABLE_RUNTIMES=libcxx;libcxxabi"
+
+ (string-append "-DCMAKE_SYSROOT="
+ #$wasi-libc "/wasm32-wasi")
+
+ (string-append "-DCMAKE_INCLUDE_PATH="
+ #$wasi-libc
+ "/wasm32-wasi/include")
+
+ (string-append "-DCMAKE_STAGING_PREFIX="
+ #$output "/wasm32-wasi")
+
+ "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_WORKS=ON"
+ "-DCMAKE_CXX_COMPILER=clang++"
+ "-DCMAKE_CXX_COMPILER_WORKS=ON"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ "-DCMAKE_CXX_COMPILER_TARGET=wasm32-wasi"
+
+ "-DLIBCXX_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXX_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXX_ENABLE_SHARED=OFF"
+ "-DLIBCXX_ENABLE_THREADS=OFF"
+ "-DLIBCXX_ENABLE_FILESYSTEM=OFF"
+
+ "-DLIBCXXABI_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXXABI_ENABLE_SHARED=OFF"
+ "-DLIBCXXABI_ENABLE_THREADS=OFF"
+ "-DLIBCXXABI_ENABLE_FILESYSTEM=OFF")
+ #:tests? #f
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'set-paths 'adjust-CPLUS_INCLUDE_PATH
+ (lambda _
+ (setenv "CPLUS_INCLUDE_PATH"
+ (string-append #$wasi-libc
+ "/wasm32-wasi/include:"
+ (getenv "CPLUS_INCLUDE_PATH"))))))))
+ (native-inputs (list lld python wasm32-wasi-clang))
+ (inputs (list wasi-libc))
+ (home-page "https://libcxx.llvm.org")
+ (synopsis "C++ standard library for WebAssembly")
+ (description
+ "This package provides an implementation of the C++ standard library for
+use with Clang, targeting C++11, C++14 and above. This package targets
+WebAssembly with WASI.")
+ (license license:expat)))
+
+(define-public wasm32-wasi-clang-toolchain
+ (package
+ (name "wasm32-wasi-clang-toolchain")
+ (version (package-version wasm32-wasi-clang))
+ (source
+ #f)
+ (build-system trivial-build-system)
+ (arguments
+ (list
+ #:builder (with-imported-modules '((guix build union)
+ (guix build utils))
+ #~(begin
+ (use-modules (guix build union)
+ (guix build utils))
+ (union-build #$output
+ (list #$wasm32-wasi-clang-runtime
+ #$wasi-libc
+ #$wasm32-wasi-libcxx))
+ (mkdir-p (string-append #$output
+ "/bin"))
+
+ ;; We provide clang and clang++ via a wrapped program that sets
+ ;; include paths correctly so that it does not include paths from
+ ;; the host.
+
+ ;; FIXME: Review how we can provide better support for
+ ;; cross-compiling with clang in Guix, maybe adding support for
+ ;; the CROSS_C_INCLUDE_PATH and CROSS_CPLUS_INCLUDE_PATH
+ ;; environment variables like GCC.
+
+ (for-each (lambda (bin)
+ (symlink (string-append #$wasm32-wasi-clang
+ bin)
+ (string-append #$output
+ bin))
+ (wrap-program (string-append #$output
+ bin)
+ #:sh (string-append #$bash-minimal
+ "/bin/bash")
+ `("C_INCLUDE_PATH"
+ ":" =
+ (,(string-append #$output
+ "/wasm32-wasi/include")))
+ `("CPLUS_INCLUDE_PATH"
+ ":" =
+ ;; Make sure inclure/c++/v1 comes first for #include_next
+ ;; to work.
+ (,(string-append #$output
+ "/wasm32-wasi/include/c++/v1") ,
+ (string-append #$output
+ "/wasm32-wasi/include")))))
+ '("/bin/clang"
+ "/bin/clang++"))
+
+ (symlink (string-append #$lld
+ "/bin/wasm-ld")
+ (string-append #$output
+ "/bin/wasm-ld"))))))
+ (inputs (list bash-minimal
+ lld
+ wasi-libc
+ wasm32-wasi-clang
+ wasm32-wasi-clang-runtime
+ wasm32-wasi-libcxx))
+ (license (cons (package-license wasm32-wasi-clang)
+ (package-license wasi-libc)))
+ (home-page "https://clang.llvm.org")
+ (synopsis
+ "Complete Clang toolchain for C/C++ development, for WebAssembly.")
+ (description
+ "This package provides a complete Clang toolchain for C/C++
+development targeting WebAssembly with WASI. This includes Clang, as well as
+libc, libc++ and wasm-ld.")))
--
2.39.2
I
I
Ian Eure wrote on 11 Feb 20:20 +0100
[PATCH v2 2/4] gnu: nss: Update to 3.97.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211192031.32284-3-ian@retrospec.tv
* gnu/packages/nss.scm (nss): Update to 3.97.
* gnu/packages/certs.scm (nss-certs): Update to 3.97.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)

Toggle diff (55 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..2a6106df78 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..268ddaa24f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -106,7 +106,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -117,7 +117,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -200,7 +200,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.39.2
C
C
Clément Lassieur wrote on 11 Feb 21:22 +0100
Re: [bug#67512] [PATCH v2 0/4] Add Librewolf
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
87eddihhte.fsf@lassieur.org
On Sun, Feb 11 2024, Ian Eure wrote:

Toggle quote (10 lines)
> Updated patch series.
>
> * Updates LibreWolf to 122.0-2.
> * Moved the icu4c-73-future package definition in (gnu packages gnuzilla) to (gnu packages icu4c).
> * Updating icu4c to 73.1 would cause a world rebuild, so this is added as `icu4c-73' to avoid that.
> * Disabled EME.
> * Uses GNU Mozzarella instead of Firefox for addons.
> * Updates NSS package.
> * Unbundles libpng-apng, libwebp, nss, libevent, and libvpx.

Well we still have no news from the Wasm person?
M
M
Mark H Weaver wrote on 11 Feb 22:40 +0100
Re: [bug#67512] [PATCH v2 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
87a5o665n1.fsf@netris.org
Ian Eure <ian@retrospec.tv> writes:

Toggle quote (3 lines)
> * gnu/packages/icu4c.scm (icu4c-73): New variable.
> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.

Looks good to me.

Thanks,
Mark
C
C
Clément Lassieur wrote on 11 Feb 23:14 +0100
(name . Ian Eure)(address . ian@retrospec.tv)
87jzna4pjq.fsf@lassieur.org
On Sun, Feb 11 2024, Ian Eure wrote:

Toggle quote (5 lines)
> * gnu/packages/icu4c.scm (icu4c-73): New variable.
> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.
>
> Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab

I'm sorry, but with this patch neither mullvadbrowser or torbrowser
builds.

I get:

Toggle snippet (3 lines)
error: icu4c-73-promise: unbound variable

Clément
I
I
Ian Eure wrote on 12 Feb 00:23 +0100
Re: [bug#67512] [PATCH v2 0/4] Add Librewolf
(address . 67512@debbugs.gnu.org)
87zfw6y49b.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (17 lines)
> On Sun, Feb 11 2024, Ian Eure wrote:
>
>> Updated patch series.
>>
>> * Updates LibreWolf to 122.0-2.
>> * Moved the icu4c-73-future package definition in (gnu packages
>> gnuzilla) to (gnu packages icu4c).
>> * Updating icu4c to 73.1 would cause a world rebuild, so this
>> is added as `icu4c-73' to avoid that.
>> * Disabled EME.
>> * Uses GNU Mozzarella instead of Firefox for addons.
>> * Updates NSS package.
>> * Unbundles libpng-apng, libwebp, nss, libevent, and libvpx.
>
> Well we still have no news from the Wasm person?
>

Seems like no.
I
I
Ian Eure wrote on 12 Feb 00:23 +0100
Re: [bug#67512] [PATCH v2 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(address . 67512@debbugs.gnu.org)
87v86uy3xu.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (17 lines)
> On Sun, Feb 11 2024, Ian Eure wrote:
>
>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete
>> variable.
>>
>> Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab
>
> I'm sorry, but with this patch neither mullvadbrowser or
> torbrowser
> builds.
>
> I get:
>
> error: icu4c-73-promise: unbound variable
>

It’s a oneliner fix, I’ll have an updated patch momentarily.

The root of the issue is that `make-torbrowser' is very naughty
and uses the unexported icu4c-73-promise symbol from (gnu packages
gnuzilla), so it broke when I moved it to the proper (gnu packages
icu4c) module.

— Ian
C
C
Clément Lassieur wrote on 12 Feb 00:32 +0100
Re: [bug#67512] [PATCH v2 0/4] Add Librewolf
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
87bk8m4lxk.fsf@lassieur.org
On Sun, Feb 11 2024, Ian Eure wrote:

Toggle quote (21 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Sun, Feb 11 2024, Ian Eure wrote:
>>
>>> Updated patch series.
>>>
>>> * Updates LibreWolf to 122.0-2.
>>> * Moved the icu4c-73-future package definition in (gnu packages gnuzilla)
>>> to (gnu packages icu4c).
>>> * Updating icu4c to 73.1 would cause a world rebuild, so this is added as
>>> `icu4c-73' to avoid that.
>>> * Disabled EME.
>>> * Uses GNU Mozzarella instead of Firefox for addons.
>>> * Updates NSS package.
>>> * Unbundles libpng-apng, libwebp, nss, libevent, and libvpx.
>>
>> Well we still have no news from the Wasm person?
>>
>
> Seems like no.

Unrelated, but please do "reply to all", it helps.
C
C
Clément Lassieur wrote on 12 Feb 00:34 +0100
Re: [bug#67512] [PATCH v2 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Ian Eure)(address . ian@retrospec.tv)(address . 67512@debbugs.gnu.org)
87jznaa83k.fsf@lassieur.org
On Sun, Feb 11 2024, Ian Eure wrote:

Toggle quote (23 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Sun, Feb 11 2024, Ian Eure wrote:
>>
>>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.
>>>
>>> Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab
>>
>> I'm sorry, but with this patch neither mullvadbrowser or torbrowser
>> builds.
>>
>> I get:
>>
>> error: icu4c-73-promise: unbound variable
>>
>
> It’s a oneliner fix, I’ll have an updated patch momentarily.
>
> The root of the issue is that `make-torbrowser' is very naughty and uses the
> unexported icu4c-73-promise symbol from (gnu packages gnuzilla), so it broke
> when I moved it to the proper (gnu packages icu4c) module.

Well thanks for making it less naughty then ;)
I
I
Ian Eure wrote on 12 Feb 00:49 +0100
[PATCH v3 2/4] gnu: nss: Update to 3.97.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211234948.7568-2-ian@retrospec.tv
* gnu/packages/nss.scm (nss): Update to 3.97.
* gnu/packages/certs.scm (nss-certs): Update to 3.97.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)

Toggle diff (55 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..2a6106df78 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..268ddaa24f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -106,7 +106,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -117,7 +117,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -200,7 +200,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.39.2
I
I
Ian Eure wrote on 12 Feb 00:49 +0100
[PATCH v3 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211234948.7568-1-ian@retrospec.tv
* gnu/packages/icu4c.scm (icu4c-73): New variable.
* gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.

Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab
---
gnu/packages/gnuzilla.scm | 27 +--------------------------
gnu/packages/icu4c.scm | 22 ++++++++++++++++++++++
gnu/packages/tor-browsers.scm | 3 ++-
3 files changed, 25 insertions(+), 27 deletions(-)

Toggle diff (101 lines)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 5f77512427..094ff348e9 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -375,31 +375,6 @@ (define-public mozjs-78
(list icu4c-69 readline zlib))))
-;;
-;; Needed for IceCat 115.
-;;
-(define icu4c-73-promise
- (delay
- (package
- (inherit icu4c)
- (version "73.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/unicode-org/icu/releases/download/release-"
- (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
- "/icu4c-"
- (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
- "-src.tgz"))
- (sha256
- (base32
- "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
- (patches
- (cons
- (search-patch
- "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
- (origin-patches (package-source icu4c)))))))))
-
;;;
;;; Localization helper procedures.
;;;
@@ -757,7 +732,7 @@ (define-public icecat-minimal
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374).
ffmpeg-5
libvpx
- (force icu4c-73-promise)
+ icu4c-73
pixman
pulseaudio
mesa
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 5aaf3a8361..0dfe63b20a 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -109,6 +109,28 @@ (define-public icu4c
(license x11)
(home-page "http://site.icu-project.org/")))
+(define-public icu4c-73
+ (package
+ (inherit icu4c)
+ (name "icu4c")
+ (version "73.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/unicode-org/icu/releases/download/release-"
+ (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
+ "/icu4c-"
+ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+ "-src.tgz"))
+ (sha256
+ (base32
+ "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
+ (patches
+ (cons
+ (search-patch
+ "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
+ (origin-patches (package-source icu4c))))))))
+
(define-public icu4c-70
(package
(inherit icu4c)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index c4ce997b99..ee5e072102 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -52,6 +52,7 @@ (define-module (gnu packages tor-browsers)
#:use-module (gnu packages golang)
#:use-module (gnu packages gtk)
#:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
#:use-module (gnu packages image)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages libcanberra)
@@ -270,7 +271,7 @@ (define* (make-torbrowser #:key
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374).
ffmpeg-5
libvpx
- (force (@@ (gnu packages gnuzilla) icu4c-73-promise))
+ icu4c-73
pixman
pulseaudio
mesa
--
2.39.2
I
I
Ian Eure wrote on 12 Feb 00:49 +0100
[PATCH v3 4/4] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211234948.7568-4-ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 653 +++++++++++++++++++++++++++++++++++++
1 file changed, 653 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (380 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..32d51eabaf
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,653 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages wasm)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build firefox, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every firefox update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+(define %librewolf-build-id "20240130195200")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "122.0-2")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "0ggysgbazx5dl0l9dyvrpjgzbvivgddm9qyiyvjjfk9im9sljkxh"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))
+ (wasi-sysroot #$(this-package-native-input
+ "wasm32-wasi-clang-toolchain")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+ ,(string-append "--with-wasi-sysroot="
+ wasi-sysroot "/wasm32-wasi")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow Firefox sandbox to read the store directory,
+ ;; because Firefox sandbox have access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",")
+ ""))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute file
+ `((,(format #f "~s" lib) unquote
+ (λ (line _)
+ (string-replace-substring line lib
+ (string-append #$speech-dispatcher
+ "/lib/"
+ lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Firefox will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does firefox build on
+ ;; non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "WASM_CC"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang"))
+ (setenv "WASM_CXX"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang++"))
+
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting in Firefox.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build '1fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store
This message was truncated. Download the full message here.
I
I
Ian Eure wrote on 12 Feb 00:49 +0100
[PATCH v3 3/4] gnu: Add wasm packages.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
20240211234948.7568-3-ian@retrospec.tv
* gnu/packages/wasm.scm (wasi-libc): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New variable.
---
gnu/packages/wasm.scm | 273 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 273 insertions(+)
create mode 100644 gnu/packages/wasm.scm

Toggle diff (281 lines)
diff --git a/gnu/packages/wasm.scm b/gnu/packages/wasm.scm
new file mode 100644
index 0000000000..05d247f333
--- /dev/null
+++ b/gnu/packages/wasm.scm
@@ -0,0 +1,273 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022-2023 Pierre Langlois <pierre.langlois@gmx.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages wasm)
+ #:use-module (guix base32)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix utils)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system trivial)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages python))
+
+(define-public wasi-libc
+ (package
+ (name "wasi-libc")
+ (version "sdk-19")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/WebAssembly/wasi-libc")
+ (commit (string-append "wasi-" version))
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0bnpz8wk9wiic938296gxp4vz820bvpi1w41jksjzz5552hql169"))))
+ (build-system gnu-build-system)
+ (native-inputs (list clang-15))
+ (arguments
+ (list
+ #:tests? #f ;No test suite
+ ;; Firefox uses wasm2c to compile WebAssembly to C code, and it
+ ;; does not support the memory.copy opcode.
+ ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1773200#c4
+ #:make-flags ''("BULK_MEMORY_SOURCES=")
+ #:phases #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'set-sysroot-include
+ (lambda _
+ (setenv "C_INCLUDE_PATH"
+ (string-append (getcwd) "/sysroot/include"))))
+ (add-before 'install 'set-install-dir
+ (lambda _
+ (setenv "INSTALL_DIR"
+ (string-append #$output "/wasm32-wasi")))))))
+ (home-page "https://wasi.dev")
+ (synopsis "WASI libc implementation for WebAssembly")
+ (description
+ "WASI Libc is a libc for WebAssembly programs built on top of WASI
+system calls. It provides a wide array of POSIX-compatible C APIs, including
+support for standard I/O, file I/O, filesystem manipulation, memory
+management, time, string, environment variables, program startup, and many
+other APIs.")
+ (license (list
+ ;; For wasi-libc, with LLVM exceptions
+ license:asl2.0
+ ;; For malloc.c.
+ license:cc0
+ ;; For cloudlibc.
+ license:bsd-2
+ ;; For wasi-libc and musl-libc.
+ license:expat))))
+
+(define-public wasm32-wasi-clang-runtime
+ (package (inherit clang-runtime-15)
+ (native-inputs
+ (list clang-15
+ wasi-libc))
+ (inputs (list llvm-15))
+ (arguments
+ (list
+ #:build-type "Release"
+ #:tests? #f
+ ;; Stripping binaries breaks wasm linking, resulting in the following
+ ;; error: "archive has no index; run ranlib to add one".
+ #:strip-binaries? #f
+ #:configure-flags
+ #~(list "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ (string-append
+ "-DCMAKE_SYSROOT=" #$wasi-libc "/wasm32-wasi")
+ (string-append
+ "-DCMAKE_C_FLAGS=-I " #$wasi-libc "/wasm32-wasi/include")
+
+ "-DCOMPILER_RT_OS_DIR=wasi"
+
+ "-DCOMPILER_RT_BAREMETAL_BUILD=On"
+ "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=On"
+
+ ;; WASM only needs libclang_rt.builtins-wasm32.a from
+ ;; compiler-rt.
+ "../source/compiler-rt/lib/builtins")))))
+
+;; FIXME: Ideally we wouldn't need to build a separate compiler because clang
+;; can support multiple targets at runtime. However Guix patches the default
+;; clang with a specific clang-runtime package. It would be good to improve
+;; upstream Guix's support for cross-compiling with clang.
+
+(define clang-from-llvm (@@ (gnu packages llvm) clang-from-llvm))
+(define llvm-monorepo (@@ (gnu packages llvm) llvm-monorepo))
+
+(define-public wasm32-wasi-clang
+ (let ((base (clang-from-llvm llvm-15 wasm32-wasi-clang-runtime)))
+ (package
+ (inherit base)
+ (name "wasm32-wasi-clang")
+ (inputs (modify-inputs (package-inputs base)
+ (prepend wasi-libc)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments base)
+ ((#:configure-flags flags)
+ #~(list "-DCLANG_INCLUDE_TESTS=True"
+ ;; Use a sane default include directory.
+ (string-append "-DC_INCLUDE_DIRS="
+ #$wasi-libc "/wasm32-wasi/include")))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'symlink-cfi_ignorelist))))))))
+
+(define-public wasm32-wasi-libcxx
+ (package
+ (name "wasm32-wasi-libcxx")
+ (version (package-version llvm-15))
+ (source
+ (llvm-monorepo version))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(list (string-append "-S ../source/runtimes")
+
+ "-DLLVM_ENABLE_RUNTIMES=libcxx;libcxxabi"
+
+ (string-append "-DCMAKE_SYSROOT="
+ #$wasi-libc "/wasm32-wasi")
+
+ (string-append "-DCMAKE_INCLUDE_PATH="
+ #$wasi-libc
+ "/wasm32-wasi/include")
+
+ (string-append "-DCMAKE_STAGING_PREFIX="
+ #$output "/wasm32-wasi")
+
+ "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_WORKS=ON"
+ "-DCMAKE_CXX_COMPILER=clang++"
+ "-DCMAKE_CXX_COMPILER_WORKS=ON"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ "-DCMAKE_CXX_COMPILER_TARGET=wasm32-wasi"
+
+ "-DLIBCXX_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXX_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXX_ENABLE_SHARED=OFF"
+ "-DLIBCXX_ENABLE_THREADS=OFF"
+ "-DLIBCXX_ENABLE_FILESYSTEM=OFF"
+
+ "-DLIBCXXABI_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXXABI_ENABLE_SHARED=OFF"
+ "-DLIBCXXABI_ENABLE_THREADS=OFF"
+ "-DLIBCXXABI_ENABLE_FILESYSTEM=OFF")
+ #:tests? #f
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'set-paths 'adjust-CPLUS_INCLUDE_PATH
+ (lambda _
+ (setenv "CPLUS_INCLUDE_PATH"
+ (string-append #$wasi-libc
+ "/wasm32-wasi/include:"
+ (getenv "CPLUS_INCLUDE_PATH"))))))))
+ (native-inputs (list lld python wasm32-wasi-clang))
+ (inputs (list wasi-libc))
+ (home-page "https://libcxx.llvm.org")
+ (synopsis "C++ standard library for WebAssembly")
+ (description
+ "This package provides an implementation of the C++ standard library for
+use with Clang, targeting C++11, C++14 and above. This package targets
+WebAssembly with WASI.")
+ (license license:expat)))
+
+(define-public wasm32-wasi-clang-toolchain
+ (package
+ (name "wasm32-wasi-clang-toolchain")
+ (version (package-version wasm32-wasi-clang))
+ (source
+ #f)
+ (build-system trivial-build-system)
+ (arguments
+ (list
+ #:builder (with-imported-modules '((guix build union)
+ (guix build utils))
+ #~(begin
+ (use-modules (guix build union)
+ (guix build utils))
+ (union-build #$output
+ (list #$wasm32-wasi-clang-runtime
+ #$wasi-libc
+ #$wasm32-wasi-libcxx))
+ (mkdir-p (string-append #$output
+ "/bin"))
+
+ ;; We provide clang and clang++ via a wrapped program that sets
+ ;; include paths correctly so that it does not include paths from
+ ;; the host.
+
+ ;; FIXME: Review how we can provide better support for
+ ;; cross-compiling with clang in Guix, maybe adding support for
+ ;; the CROSS_C_INCLUDE_PATH and CROSS_CPLUS_INCLUDE_PATH
+ ;; environment variables like GCC.
+
+ (for-each (lambda (bin)
+ (symlink (string-append #$wasm32-wasi-clang
+ bin)
+ (string-append #$output
+ bin))
+ (wrap-program (string-append #$output
+ bin)
+ #:sh (string-append #$bash-minimal
+ "/bin/bash")
+ `("C_INCLUDE_PATH"
+ ":" =
+ (,(string-append #$output
+ "/wasm32-wasi/include")))
+ `("CPLUS_INCLUDE_PATH"
+ ":" =
+ ;; Make sure inclure/c++/v1 comes first for #include_next
+ ;; to work.
+ (,(string-append #$output
+ "/wasm32-wasi/include/c++/v1") ,
+ (string-append #$output
+ "/wasm32-wasi/include")))))
+ '("/bin/clang"
+ "/bin/clang++"))
+
+ (symlink (string-append #$lld
+ "/bin/wasm-ld")
+ (string-append #$output
+ "/bin/wasm-ld"))))))
+ (inputs (list bash-minimal
+ lld
+ wasi-libc
+ wasm32-wasi-clang
+ wasm32-wasi-clang-runtime
+ wasm32-wasi-libcxx))
+ (license (cons (package-license wasm32-wasi-clang)
+ (package-license wasi-libc)))
+ (home-page "https://clang.llvm.org")
+ (synopsis
+ "Complete Clang toolchain for C/C++ development, for WebAssembly.")
+ (description
+ "This package provides a complete Clang toolchain for C/C++
+development targeting WebAssembly with WASI. This includes Clang, as well as
+libc, libc++ and wasm-ld.")))
--
2.39.2
I
I
Ian Eure wrote on 13 Feb 21:34 +0100
[PATCH v4 0/4] Add LibreWolf
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1707855137.git.ian@retrospec.tv
During testing, I found some problems with v3 of the patch.

* The vendor-provided browser config was getting clobbered during 'autoconfig. Reworked this to append to librewolf.cfg instead of obliterating it or using autoconfig.js.
* Extension search from about:addons was broken, because extensions.getAddons.search.browseURL was missing the %TERMS% placeholder. Added.
* extensions.getAddons settings were defined with pref() instead of defaultPref(). pref() is for user settings, and causes them to show up as modified in about:config, with a revert button to restore the value from defaultPref (which is Mozilla's addons repo). Switched to defaultPref().

Both the extension search and pref/defaultPref issues are present in torbrowser and mullvad, and *if* those upstreams ship autoconfig.js files, their contents won't make it into the Guix packages. Someone might want to look into those issues.

Ian Eure (4):
gnu: Move icu4c-73 from gnuzilla to icu4c.
gnu: nss: Update to 3.97.
gnu: Add wasm packages.
gnu: Add librewolf.

gnu/packages/certs.scm | 4 +-
gnu/packages/gnuzilla.scm | 27 +-
gnu/packages/icu4c.scm | 22 ++
gnu/packages/librewolf.scm | 642 ++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 6 +-
gnu/packages/tor-browsers.scm | 3 +-
gnu/packages/wasm.scm | 273 +++++++++++++++
7 files changed, 945 insertions(+), 32 deletions(-)
create mode 100644 gnu/packages/librewolf.scm
create mode 100644 gnu/packages/wasm.scm


base-commit: b6439fc5f800b5d22d48192bc347be794f050329
--
2.41.0
I
I
Ian Eure wrote on 13 Feb 21:34 +0100
[PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
f526f09fb955d8b51aa470dcaa261d746a417ced.1707855137.git.ian@retrospec.tv
* gnu/packages/icu4c.scm (icu4c-73): New variable.
* gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.

Change-Id: I017e1416b70ecb94313aeb71aa4a0cafdfe0e9ab
---
gnu/packages/gnuzilla.scm | 27 +--------------------------
gnu/packages/icu4c.scm | 22 ++++++++++++++++++++++
gnu/packages/tor-browsers.scm | 3 ++-
3 files changed, 25 insertions(+), 27 deletions(-)

Toggle diff (101 lines)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 5f77512427..094ff348e9 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -375,31 +375,6 @@ (define-public mozjs-78
(list icu4c-69 readline zlib))))
-;;
-;; Needed for IceCat 115.
-;;
-(define icu4c-73-promise
- (delay
- (package
- (inherit icu4c)
- (version "73.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/unicode-org/icu/releases/download/release-"
- (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
- "/icu4c-"
- (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
- "-src.tgz"))
- (sha256
- (base32
- "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
- (patches
- (cons
- (search-patch
- "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
- (origin-patches (package-source icu4c)))))))))
-
;;;
;;; Localization helper procedures.
;;;
@@ -757,7 +732,7 @@ (define-public icecat-minimal
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374).
ffmpeg-5
libvpx
- (force icu4c-73-promise)
+ icu4c-73
pixman
pulseaudio
mesa
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 5aaf3a8361..0dfe63b20a 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -109,6 +109,28 @@ (define-public icu4c
(license x11)
(home-page "http://site.icu-project.org/")))
+(define-public icu4c-73
+ (package
+ (inherit icu4c)
+ (name "icu4c")
+ (version "73.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/unicode-org/icu/releases/download/release-"
+ (string-map (lambda (x) (if (char=? x #\.) #\- x)) version)
+ "/icu4c-"
+ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+ "-src.tgz"))
+ (sha256
+ (base32
+ "0iccpdvc0kvpww5a31k9gjkqigyz016i7v80r9zamd34w4fl6mx4"))
+ (patches
+ (cons
+ (search-patch
+ "icu4c-fix-TestHebrewCalendarInTemporalLeapYear.patch")
+ (origin-patches (package-source icu4c))))))))
+
(define-public icu4c-70
(package
(inherit icu4c)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index c4ce997b99..ee5e072102 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -52,6 +52,7 @@ (define-module (gnu packages tor-browsers)
#:use-module (gnu packages golang)
#:use-module (gnu packages gtk)
#:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
#:use-module (gnu packages image)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages libcanberra)
@@ -270,7 +271,7 @@ (define* (make-torbrowser #:key
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1819374).
ffmpeg-5
libvpx
- (force (@@ (gnu packages gnuzilla) icu4c-73-promise))
+ icu4c-73
pixman
pulseaudio
mesa
--
2.41.0
I
I
Ian Eure wrote on 13 Feb 21:34 +0100
[PATCH v4 2/4] gnu: nss: Update to 3.97.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
134355782c0831601fad01d54581d4bf05742b0b.1707855137.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss): Update to 3.97.
* gnu/packages/certs.scm (nss-certs): Update to 3.97.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)

Toggle diff (55 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..2a6106df78 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..268ddaa24f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -106,7 +106,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -117,7 +117,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -200,7 +200,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.41.0
I
I
Ian Eure wrote on 13 Feb 21:34 +0100
[PATCH v4 3/4] gnu: Add wasm packages.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
39662eaab8ebb73981be67f42a0277c2013be76b.1707855137.git.ian@retrospec.tv
* gnu/packages/wasm.scm (wasi-libc): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
* gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New variable.
---
gnu/packages/wasm.scm | 273 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 273 insertions(+)
create mode 100644 gnu/packages/wasm.scm

Toggle diff (281 lines)
diff --git a/gnu/packages/wasm.scm b/gnu/packages/wasm.scm
new file mode 100644
index 0000000000..05d247f333
--- /dev/null
+++ b/gnu/packages/wasm.scm
@@ -0,0 +1,273 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022-2023 Pierre Langlois <pierre.langlois@gmx.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages wasm)
+ #:use-module (guix base32)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix utils)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system trivial)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages python))
+
+(define-public wasi-libc
+ (package
+ (name "wasi-libc")
+ (version "sdk-19")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/WebAssembly/wasi-libc")
+ (commit (string-append "wasi-" version))
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0bnpz8wk9wiic938296gxp4vz820bvpi1w41jksjzz5552hql169"))))
+ (build-system gnu-build-system)
+ (native-inputs (list clang-15))
+ (arguments
+ (list
+ #:tests? #f ;No test suite
+ ;; Firefox uses wasm2c to compile WebAssembly to C code, and it
+ ;; does not support the memory.copy opcode.
+ ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1773200#c4
+ #:make-flags ''("BULK_MEMORY_SOURCES=")
+ #:phases #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'set-sysroot-include
+ (lambda _
+ (setenv "C_INCLUDE_PATH"
+ (string-append (getcwd) "/sysroot/include"))))
+ (add-before 'install 'set-install-dir
+ (lambda _
+ (setenv "INSTALL_DIR"
+ (string-append #$output "/wasm32-wasi")))))))
+ (home-page "https://wasi.dev")
+ (synopsis "WASI libc implementation for WebAssembly")
+ (description
+ "WASI Libc is a libc for WebAssembly programs built on top of WASI
+system calls. It provides a wide array of POSIX-compatible C APIs, including
+support for standard I/O, file I/O, filesystem manipulation, memory
+management, time, string, environment variables, program startup, and many
+other APIs.")
+ (license (list
+ ;; For wasi-libc, with LLVM exceptions
+ license:asl2.0
+ ;; For malloc.c.
+ license:cc0
+ ;; For cloudlibc.
+ license:bsd-2
+ ;; For wasi-libc and musl-libc.
+ license:expat))))
+
+(define-public wasm32-wasi-clang-runtime
+ (package (inherit clang-runtime-15)
+ (native-inputs
+ (list clang-15
+ wasi-libc))
+ (inputs (list llvm-15))
+ (arguments
+ (list
+ #:build-type "Release"
+ #:tests? #f
+ ;; Stripping binaries breaks wasm linking, resulting in the following
+ ;; error: "archive has no index; run ranlib to add one".
+ #:strip-binaries? #f
+ #:configure-flags
+ #~(list "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ (string-append
+ "-DCMAKE_SYSROOT=" #$wasi-libc "/wasm32-wasi")
+ (string-append
+ "-DCMAKE_C_FLAGS=-I " #$wasi-libc "/wasm32-wasi/include")
+
+ "-DCOMPILER_RT_OS_DIR=wasi"
+
+ "-DCOMPILER_RT_BAREMETAL_BUILD=On"
+ "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=On"
+
+ ;; WASM only needs libclang_rt.builtins-wasm32.a from
+ ;; compiler-rt.
+ "../source/compiler-rt/lib/builtins")))))
+
+;; FIXME: Ideally we wouldn't need to build a separate compiler because clang
+;; can support multiple targets at runtime. However Guix patches the default
+;; clang with a specific clang-runtime package. It would be good to improve
+;; upstream Guix's support for cross-compiling with clang.
+
+(define clang-from-llvm (@@ (gnu packages llvm) clang-from-llvm))
+(define llvm-monorepo (@@ (gnu packages llvm) llvm-monorepo))
+
+(define-public wasm32-wasi-clang
+ (let ((base (clang-from-llvm llvm-15 wasm32-wasi-clang-runtime)))
+ (package
+ (inherit base)
+ (name "wasm32-wasi-clang")
+ (inputs (modify-inputs (package-inputs base)
+ (prepend wasi-libc)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments base)
+ ((#:configure-flags flags)
+ #~(list "-DCLANG_INCLUDE_TESTS=True"
+ ;; Use a sane default include directory.
+ (string-append "-DC_INCLUDE_DIRS="
+ #$wasi-libc "/wasm32-wasi/include")))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'symlink-cfi_ignorelist))))))))
+
+(define-public wasm32-wasi-libcxx
+ (package
+ (name "wasm32-wasi-libcxx")
+ (version (package-version llvm-15))
+ (source
+ (llvm-monorepo version))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(list (string-append "-S ../source/runtimes")
+
+ "-DLLVM_ENABLE_RUNTIMES=libcxx;libcxxabi"
+
+ (string-append "-DCMAKE_SYSROOT="
+ #$wasi-libc "/wasm32-wasi")
+
+ (string-append "-DCMAKE_INCLUDE_PATH="
+ #$wasi-libc
+ "/wasm32-wasi/include")
+
+ (string-append "-DCMAKE_STAGING_PREFIX="
+ #$output "/wasm32-wasi")
+
+ "-DCMAKE_C_COMPILER=clang"
+ "-DCMAKE_C_COMPILER_WORKS=ON"
+ "-DCMAKE_CXX_COMPILER=clang++"
+ "-DCMAKE_CXX_COMPILER_WORKS=ON"
+ "-DCMAKE_C_COMPILER_TARGET=wasm32-wasi"
+ "-DCMAKE_CXX_COMPILER_TARGET=wasm32-wasi"
+
+ "-DLIBCXX_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXX_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXX_ENABLE_SHARED=OFF"
+ "-DLIBCXX_ENABLE_THREADS=OFF"
+ "-DLIBCXX_ENABLE_FILESYSTEM=OFF"
+
+ "-DLIBCXXABI_LIBDIR_SUFFIX=/wasm32-wasi"
+
+ "-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF"
+ "-DLIBCXXABI_ENABLE_SHARED=OFF"
+ "-DLIBCXXABI_ENABLE_THREADS=OFF"
+ "-DLIBCXXABI_ENABLE_FILESYSTEM=OFF")
+ #:tests? #f
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'set-paths 'adjust-CPLUS_INCLUDE_PATH
+ (lambda _
+ (setenv "CPLUS_INCLUDE_PATH"
+ (string-append #$wasi-libc
+ "/wasm32-wasi/include:"
+ (getenv "CPLUS_INCLUDE_PATH"))))))))
+ (native-inputs (list lld python wasm32-wasi-clang))
+ (inputs (list wasi-libc))
+ (home-page "https://libcxx.llvm.org")
+ (synopsis "C++ standard library for WebAssembly")
+ (description
+ "This package provides an implementation of the C++ standard library for
+use with Clang, targeting C++11, C++14 and above. This package targets
+WebAssembly with WASI.")
+ (license license:expat)))
+
+(define-public wasm32-wasi-clang-toolchain
+ (package
+ (name "wasm32-wasi-clang-toolchain")
+ (version (package-version wasm32-wasi-clang))
+ (source
+ #f)
+ (build-system trivial-build-system)
+ (arguments
+ (list
+ #:builder (with-imported-modules '((guix build union)
+ (guix build utils))
+ #~(begin
+ (use-modules (guix build union)
+ (guix build utils))
+ (union-build #$output
+ (list #$wasm32-wasi-clang-runtime
+ #$wasi-libc
+ #$wasm32-wasi-libcxx))
+ (mkdir-p (string-append #$output
+ "/bin"))
+
+ ;; We provide clang and clang++ via a wrapped program that sets
+ ;; include paths correctly so that it does not include paths from
+ ;; the host.
+
+ ;; FIXME: Review how we can provide better support for
+ ;; cross-compiling with clang in Guix, maybe adding support for
+ ;; the CROSS_C_INCLUDE_PATH and CROSS_CPLUS_INCLUDE_PATH
+ ;; environment variables like GCC.
+
+ (for-each (lambda (bin)
+ (symlink (string-append #$wasm32-wasi-clang
+ bin)
+ (string-append #$output
+ bin))
+ (wrap-program (string-append #$output
+ bin)
+ #:sh (string-append #$bash-minimal
+ "/bin/bash")
+ `("C_INCLUDE_PATH"
+ ":" =
+ (,(string-append #$output
+ "/wasm32-wasi/include")))
+ `("CPLUS_INCLUDE_PATH"
+ ":" =
+ ;; Make sure inclure/c++/v1 comes first for #include_next
+ ;; to work.
+ (,(string-append #$output
+ "/wasm32-wasi/include/c++/v1") ,
+ (string-append #$output
+ "/wasm32-wasi/include")))))
+ '("/bin/clang"
+ "/bin/clang++"))
+
+ (symlink (string-append #$lld
+ "/bin/wasm-ld")
+ (string-append #$output
+ "/bin/wasm-ld"))))))
+ (inputs (list bash-minimal
+ lld
+ wasi-libc
+ wasm32-wasi-clang
+ wasm32-wasi-clang-runtime
+ wasm32-wasi-libcxx))
+ (license (cons (package-license wasm32-wasi-clang)
+ (package-license wasi-libc)))
+ (home-page "https://clang.llvm.org")
+ (synopsis
+ "Complete Clang toolchain for C/C++ development, for WebAssembly.")
+ (description
+ "This package provides a complete Clang toolchain for C/C++
+development targeting WebAssembly with WASI. This includes Clang, as well as
+libc, libc++ and wasm-ld.")))
--
2.41.0
I
I
Ian Eure wrote on 13 Feb 21:34 +0100
[PATCH v4 4/4] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
96c848a2d5ce1f456187ea47a3151a21079b333a.1707855137.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 642 +++++++++++++++++++++++++++++++++++++
1 file changed, 642 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (380 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..6aa84ee372
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,642 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages wasm)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build firefox, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every firefox update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+(define %librewolf-build-id "20240130195200")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "122.0-2")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "0ggysgbazx5dl0l9dyvrpjgzbvivgddm9qyiyvjjfk9im9sljkxh"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang"))
+ (wasi-sysroot #$(this-package-native-input
+ "wasm32-wasi-clang-toolchain")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+ ,(string-append "--with-wasi-sysroot="
+ wasi-sysroot "/wasm32-wasi")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow Firefox sandbox to read the store directory,
+ ;; because Firefox sandbox have access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",")
+ ""))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute file
+ `((,(format #f "~s" lib) unquote
+ (λ (line _)
+ (string-replace-substring line lib
+ (string-append #$speech-dispatcher
+ "/lib/"
+ lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Firefox will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does firefox build on
+ ;; non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "WASM_CC"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang"))
+ (setenv "WASM_CXX"
+ (string-append (assoc-ref inputs
+ "wasm32-wasi-clang-toolchain")
+ "/bin/clang++"))
+
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting in Firefox.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build '1fix-addons-placeholder
+ (lambda _
+ (substitute*
+ "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org") "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store
This message was truncated. Download the full message here.
L
L
Liliana Marie Prikler wrote on 13 Feb 23:41 +0100
Re: [PATCH v4 3/4] gnu: Add wasm packages.
1808da259ee4755731fade4507812fb3f9ba619e.camel@gmail.com
Am Dienstag, dem 13.02.2024 um 12:34 -0800 schrieb Ian Eure:
Toggle quote (6 lines)
> * gnu/packages/wasm.scm (wasi-libc): New variable.
> * gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New variable.
> * gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
> * gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
> * gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New variable.
> ---
Not sure what the result from v1-v3 is, but generally we do one package
per patch. Also, if there is a reason to create a new file, what do we
do with the already packaged webassembly stuff in web.scm?

Cheers
I
I
Ian Eure wrote on 14 Feb 00:22 +0100
(name . Liliana Marie Prikler)(address . liliana.prikler@gmail.com)(address . 67512@debbugs.gnu.org)
87eddgx6y7.fsf@retrospec.tv
Liliana Marie Prikler <liliana.prikler@gmail.com> writes:

Toggle quote (14 lines)
> Am Dienstag, dem 13.02.2024 um 12:34 -0800 schrieb Ian Eure:
>> * gnu/packages/wasm.scm (wasi-libc): New variable.
>> * gnu/packages/wasm.scm (wasm32-wasi-clang-runtime): New
>> variable.
>> * gnu/packages/wasm.scm (wasm32-wasi-clang): New variable.
>> * gnu/packages/wasm.scm (wasm32-wasi-libcxx): New variable.
>> * gnu/packages/wasm.scm (wasm32-wasi-clang-toolchain): New
>> variable.
>> ---
> Not sure what the result from v1-v3 is, but generally we do one
> package
> per patch.
>

I have no problem splitting it up.


Toggle quote (4 lines)
> Also, if there is a reason to create a new file what do we do
> with the already packaged webassembly stuff in web.scm?
>

It was like that in nonguix, where I got it from. It’s not a
*good* reason, but that’s the reason.

I have absolutely zero preference, so please let me know where
things should go and I’ll do it. If it helps to have some
options, I think these are reasonable ones, ordered by
my-hot-take-descending:

A. Move the two wasm packages from (gnu packages web) to (gnu
packages wasm). Will require updates to anything which uses wabt,
wasm3, or wasm-micro-runtime as inputs.

B. Leave as-is.

C. Fold the new (gnu packages wasm) into (gnu packages web). I’m
not certain this is a sensible place. This has things more
traditionally webby, like HTTP servers Perl cooke modules, HTML
formatters, etc. The wasm packages I’m bringing over are a wasm
complier and libc usable by the wasm code built with that
compiler.

D. Fold the new (gnu packages wasm) into (gnu packages librewolf).
This is the only place they’re used, but it sounds like there’s
desire to port some of the other firefoxen to this stuff, so
probably not a good long-term option.


In the interest of avoiding more back-and-forth, are there other
structural things I should be addressing at the same time as
these? This patch series has been open for three months and I’d
like to get things wrapped up.

— Ian
M
M
Mark H Weaver wrote on 14 Feb 19:05 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
87ttma53au.fsf@netris.org
Ian Eure <ian@retrospec.tv> writes:
Toggle quote (3 lines)
> * gnu/packages/icu4c.scm (icu4c-73): New variable.
> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.

The commit log should mention the changes to 'icecat-minimal' and
'make-torbrowser'. Otherwise, looks good to me.

Thanks,
Mark
C
C
Clément Lassieur wrote on 16 Feb 15:02 +0100
(name . Mark H Weaver)(address . mhw@netris.org)
87cyswfqxy.fsf@lassieur.org
On Wed, Feb 14 2024, Mark H Weaver wrote:

Toggle quote (7 lines)
> Ian Eure <ian@retrospec.tv> writes:
>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.
>
> The commit log should mention the changes to 'icecat-minimal' and
> 'make-torbrowser'. Otherwise, looks good to me.

I pushed this one (with small commit message updates), so we can have a
feeling that things are advancing :)

Thanks
Clément
C
C
Clément Lassieur wrote on 16 Feb 15:29 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Ian Eure)(address . ian@retrospec.tv)
877cj4fpo6.fsf@lassieur.org
On Tue, Feb 13 2024, Ian Eure wrote:

Toggle quote (4 lines)
> D. Fold the new (gnu packages wasm) into (gnu packages librewolf). This is the
> only place they’re used, but it sounds like there’s desire to port some of the
> other firefoxen to this stuff, so probably not a good long-term option.

Does Librewolf depend on the Wasm packages more than the other Firefox
based browsers? My point is that if your Librewolf package is
independent from the Wasm packages, they can be split and reviewed
independently.

That would make the Librewolf review shorter and easier, and the Wasm
review more consistent and easy to test. Also, adding Wasm to our
Firefox based browsers would be a one-shot. (Of course it doesn't have
to be included in Icecat, but I think it would be great to have it in
‘make-torbrowser’.)

It makes even more sense when considering that the author of the Wasm
patches is not you (and doesn't reply).

Toggle quote (4 lines)
> In the interest of avoiding more back-and-forth, are there other structural
> things I should be addressing at the same time as these? This patch series
> has been open for three months and I’d like to get things wrapped up.

Sorry, reviewing is hard. I've pushed the icu4c-73 one, and I wish to
get the Wasm patch independent so that we can focus on reviewing
Librewolf.
M
M
Mark H Weaver wrote on 16 Feb 22:48 +0100
87mss03wrh.fsf@netris.org
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (17 lines)
> On Tue, Feb 13 2024, Ian Eure wrote:
>
>> D. Fold the new (gnu packages wasm) into (gnu packages librewolf). This is the
>> only place they’re used, but it sounds like there’s desire to port some of the
>> other firefoxen to this stuff, so probably not a good long-term option.
>
> Does Librewolf depend on the Wasm packages more than the other Firefox
> based browsers? My point is that if your Librewolf package is
> independent from the Wasm packages, they can be split and reviewed
> independently.
>
> That would make the Librewolf review shorter and easier, and the Wasm
> review more consistent and easy to test. Also, adding Wasm to our
> Firefox based browsers would be a one-shot. (Of course it doesn't have
> to be included in Icecat, but I think it would be great to have it in
> ‘make-torbrowser’.)

I'd like to have support for Wasm sandboxed libraries in IceCat as well.

Thanks,
Mark
I
I
Ian Eure wrote on 17 Feb 17:06 +0100
Re: [bug#67512] [PATCH 0/5] Add LibreWolf
(name . Clément Lassieur)(address . clement@lassieur.org)
87cysvdqgm.fsf@retrospec.tv
Hi Pierre,

Pinging on this to see if you saw it / have an answer.

Thanks,

— Ian

Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (78 lines)
> Hi Ian and Pierre,
>
> Thank you for this! I hope to do a review soon. Meanwhile I
> have one
> question for Pierre: is there any reason why your Wasm work was
> contributed to Nonguix instead of Guix? It looks like it could
> be used
> by Icecat. Would you say it is ready to be added to the Guix
> repo?
>
> Thank you,
> Clément
>
> On Tue, Nov 28 2023, Ian Eure wrote:
>
>> I mentioned in #guix that I was working on a package for
>> LibreWolf, and it was requested that I send in patches, so I
>> am. These changes are based on the firefox-esr package in
>> nonguix; I've retained the copyright / authorship notices from
>> there.
>>
>> LibreWolf (https://librewolf.net/) is a fork of Firefox which
>> removes the telemetry and advertising, and bundles uBlock
>> Origin. It doesn't have the redistribution issues that Firefox
>> does, its name/logo are under MPL 2.0 and aren't trademarked.
>>
>> I'm new to Guix, and not remotely a browser development expert,
>> so I don't expect these are ready to be accepted yet, but I
>> believe they're in good enough shape to have a discussion
>> about. They're working acceptably well for me, though I'm not
>> currently daily driving Guix, so there may be issues I haven't
>> encountered yet.
>>
>> Guide to changes in this patchset
>> =================================
>>
>> icu4c has been updated to 73.1, and the previous version kept
>> as icu4c-71. I encountered consistent failures of the
>> node@10.24.1 test suite with icu4c 73.1, so I kept that on
>> 71.1. icu4c is needed by many packages, so this change is the
>> highest-impact in the patchset.
>>
>> The (gnu packages wasm) module is unchanged from nonguix,
>> except for the file header and module declaration.
>>
>> The (gnu packages librewolf) module is a simplified/adapted
>> version of (nongnu packages firefox). The Firefox Nightly
>> packages have been removed, as there's no LibreWolf equivalent.
>> I also didn't bring over the wayland variant, but I could, if
>> that's desired. I'm not sure why there are specific
>> x11/wayland variants, as the packages for other distros don't
>> seem to need this split.
>>
>> The librewolf package has some functions duplicated from (gnu
>> packages gnuzilla), which probably ought to get factored out
>> and put somewhere, but I'm not sure if they should be in (gnu
>> packages mozilla) or a different module. Guidance would be
>> appreciated here.
>>
>> Ian Eure (5):
>> gnu: icu4c: Update to 73.1.
>> gnu: Add icu4c-71.
>> gnu: node: Switch to icu4c-71.
>> gnu: Add wasm packages.
>> gnu: Add librewolf.
>>
>> gnu/packages/icu4c.scm | 21 +-
>> gnu/packages/librewolf.scm | 560
>> +++++++++++++++++++++++++++++++++++++
>> gnu/packages/node.scm | 4 +-
>> gnu/packages/wasm.scm | 273 ++++++++++++++++++
>> 4 files changed, 854 insertions(+), 4 deletions(-)
>> create mode 100644 gnu/packages/librewolf.scm
>> create mode 100644 gnu/packages/wasm.scm
>>
>>
>> base-commit: 2410a30f6c06d56b5589e0ad685bcdf09bb144bf
>
I
I
Ian Eure wrote on 17 Feb 17:07 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Clément Lassieur)(address . clement@lassieur.org)
878r3jdqe4.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (16 lines)
> On Wed, Feb 14 2024, Mark H Weaver wrote:
>
>> Ian Eure <ian@retrospec.tv> writes:
>>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete
>>> variable.
>>
>> The commit log should mention the changes to 'icecat-minimal'
>> and
>> 'make-torbrowser'. Otherwise, looks good to me.
>
> I pushed this one (with small commit message updates), so we can
> have a
> feeling that things are advancing :)
>

Thank you. Do you think the nss patch is also mergeable?

Thanks,

— Ian
I
I
Ian Eure wrote on 17 Feb 17:09 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Clément Lassieur)(address . clement@lassieur.org)
871q9bdpn3.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (13 lines)
> On Tue, Feb 13 2024, Ian Eure wrote:
>
>> D. Fold the new (gnu packages wasm) into (gnu packages
>> librewolf). This is the
>> only place they’re used, but it sounds like there’s desire to
>> port some of the
>> other firefoxen to this stuff, so probably not a good long-term
>> option.
>
> Does Librewolf depend on the Wasm packages more than the other
> Firefox
> based browsers?

Upstream Librewolf doesn’t depend on the WASM packages more than
any other Firefoxen. I believe that WASM sandboxing is an
optional feature for recent Firefox and FF-derived browsers.


In case anyone reading this isn’t familiar: Firefox has taken some
libraries that handle untrusted data (which are implemented in
C/C++) and complied those WASM, which it runs in isolated
sandboxes. The idea being that if there’s a vulnerability in one
of those libraries, the impact will be diminished becasue the
exploit runs in an environment with very limited privileges[1].


Toggle quote (3 lines)
> My point is that if your Librewolf package is independent from
> the Wasm packages, they can be split and reviewed independently.

The Librewolf package I’m submitting depends on these WASM
packages; other Firefox-derived browsers currently in Guix don’t
(because they can’t, because the toolchain isn’t in Guix).


Toggle quote (11 lines)
> That would make the Librewolf review shorter and easier, and the
> Wasm
> review more consistent and easy to test. Also, adding Wasm to
> our
> Firefox based browsers would be a one-shot. (Of course it
> doesn't have
> to be included in Icecat, but I think it would be great to have
> it in
> ‘make-torbrowser’.)
>

I’m not sure what you mean by "adding Wasm to our Firefox based
browsers would be a one-shot." Are you saying you want a process
like:

1a. Get wasm toolchain stuff merged.
1b. Get Librewolf merged without WASM sandboxing.
2. Update icecat, torbrowser, mullvad, and librewolf to use WASM
sandboxing.

Thanks,

— Ian

[1]: See
and
for more on this.
C
C
Clément Lassieur wrote on 21 Feb 03:00 +0100
(name . Ian Eure)(address . ian@retrospec.tv)
87ttm2wp84.fsf@lassieur.org
On Sat, Feb 17 2024, Ian Eure wrote:

Toggle quote (47 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Tue, Feb 13 2024, Ian Eure wrote:
>>
>>> D. Fold the new (gnu packages wasm) into (gnu packages librewolf). This is
>>> the
>>> only place they’re used, but it sounds like there’s desire to port some of
>>> the
>>> other firefoxen to this stuff, so probably not a good long-term option.
>>
>> Does Librewolf depend on the Wasm packages more than the other Firefox
>> based browsers?
>
> Upstream Librewolf doesn’t depend on the WASM packages more than any other
> Firefoxen. I believe that WASM sandboxing is an optional feature for recent
> Firefox and FF-derived browsers.
>
>
> In case anyone reading this isn’t familiar: Firefox has taken some libraries
> that handle untrusted data (which are implemented in C/C++) and complied those
> WASM, which it runs in isolated sandboxes. The idea being that if there’s a
> vulnerability in one of those libraries, the impact will be diminished becasue
> the exploit runs in an environment with very limited privileges[1].
>
>
>> My point is that if your Librewolf package is independent from the Wasm
>> packages, they can be split and reviewed independently.
>
> The Librewolf package I’m submitting depends on these WASM packages; other
> Firefox-derived browsers currently in Guix don’t (because they can’t, because
> the toolchain isn’t in Guix).
>
>
>> That would make the Librewolf review shorter and easier, and the Wasm
>> review more consistent and easy to test. Also, adding Wasm to our
>> Firefox based browsers would be a one-shot. (Of course it doesn't have
>> to be included in Icecat, but I think it would be great to have it in
>> ‘make-torbrowser’.)
>>
>
> I’m not sure what you mean by "adding Wasm to our Firefox based browsers would
> be a one-shot." Are you saying you want a process like:
>
> 1a. Get wasm toolchain stuff merged.
> 1b. Get Librewolf merged without WASM sandboxing.
> 2. Update icecat, torbrowser, mullvad, and librewolf to use WASM sandboxing.

Excatly. 1b can be done after 1a, or before 1a.

And if you can explain why is Mullvad Browser not "great for daily use"

Clément
I
I
Ian Eure wrote on 21 Feb 03:18 +0100
(name . Clément Lassieur)(address . clement@lassieur.org)
87le7e4k3b.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (10 lines)
>> Are you saying you want a process like:
>>
>> 1a. Get wasm toolchain stuff merged.
>> 1b. Get Librewolf merged without WASM sandboxing.
>> 2. Update icecat, torbrowser, mullvad, and librewolf to use
>> WASM sandboxing.
>
> Excatly. 1b can be done after 1a, or before 1a.
>

Is there a technical reason why landing WASM sandboxing support
for all browsers in the same patch is desirable? I can intuit
none, and as I’m disinclined to either roll back portions of my
existing patchset, or work on other browsers, the proposal is
disagreeable.

I’m fine with splitting off the WASM toolchain stuff into a
separate patch, and then merging LibreWolf afterwards. If others
would like to add WASM sandboxing to their Firefox-derived
browsers afterwards, they are, of course, welcome to.

Is there further guidance on where the WASM toolchain packages
should be placed? It seemed there was objection to having them in
(gnu packages wasm), but nobody has proposed an alternate location
or engaged with the options I presented.

Thanks,

— Ian
L
L
Liliana Marie Prikler wrote on 21 Feb 06:20 +0100
7c457d6001344a781bd51e2716a295235d6ea755.camel@gmail.com
Am Dienstag, dem 20.02.2024 um 18:18 -0800 schrieb Ian Eure:
Toggle quote (17 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
> > > Are you saying you want a process like:
> > >
> > > 1a. Get wasm toolchain stuff merged.
> > > 1b. Get Librewolf merged without WASM sandboxing.
> > > 2. Update icecat, torbrowser, mullvad, and librewolf to use
> > > WASM sandboxing.
> >
> > Excatly.  1b can be done after 1a, or before 1a.
> >
>
> Is there a technical reason why landing WASM sandboxing support
> for all browsers in the same patch is desirable?  I can intuit
> none, and as I’m disinclined to either roll back portions of my
> existing patchset, or work on other browsers, the proposal is
> disagreeable.
I think this ordering is w.r.t. *patch sets*, not patches. I wouldn't
suggest dropping four packages into one patch.

Toggle quote (9 lines)
> I’m fine with splitting off the WASM toolchain stuff into a
> separate patch, and then merging LibreWolf afterwards.  If others
> would like to add WASM sandboxing to their Firefox-derived
> browsers afterwards, they are, of course, welcome to.
>
> Is there further guidance on where the WASM toolchain packages
> should be placed?  It seemed there was objection to having them in
> (gnu packages wasm), but nobody has proposed an alternate location
> or engaged with the options I presented.
Unless there's a strong reason not to, I'd place them among the
existing ones in (gnu packages web).

WDYT?
C
C
Clément Lassieur wrote on 21 Feb 12:45 +0100
(name . Liliana Marie Prikler)(address . liliana.prikler@gmail.com)
87frxmqbvv.fsf@lassieur.org
On Wed, Feb 21 2024, Liliana Marie Prikler wrote:
Toggle quote (21 lines)
> Am Dienstag, dem 20.02.2024 um 18:18 -0800 schrieb Ian Eure:
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>> > > Are you saying you want a process like:
>> > >
>> > > 1a. Get wasm toolchain stuff merged.
>> > > 1b. Get Librewolf merged without WASM sandboxing.
>> > > 2. Update icecat, torbrowser, mullvad, and librewolf to use
>> > > WASM sandboxing.
>> >
>> > Excatly.  1b can be done after 1a, or before 1a.
>> >
>>
>> Is there a technical reason why landing WASM sandboxing support
>> for all browsers in the same patch is desirable?  I can intuit
>> none, and as I’m disinclined to either roll back portions of my
>> existing patchset, or work on other browsers, the proposal is
>> disagreeable.
> I think this ordering is w.r.t. *patch sets*, not patches. I wouldn't
> suggest dropping four packages into one patch.

Indeed I've never said it should be done in one patch. I said one-shot
as in ‘symmetrical’: the work required to add Wasm to our browsers
should be more or less the same for all browsers, and code duplication
should be avoided.

Toggle quote (5 lines)
>> I’m fine with splitting off the WASM toolchain stuff into a
>> separate patch, and then merging LibreWolf afterwards.  If others
>> would like to add WASM sandboxing to their Firefox-derived
>> browsers afterwards, they are, of course, welcome to.

My point is that we need to understand the diff between a browser
without wasm, and a browser with wasm.

If you add librewolf with wasm already included, we don't have that diff
info. And it's harder for us reviewers to understand what in your patch
is wasm specific. And it's harder for us to include wasm to our firefox
based browsers.

I acknowledge it's more work for you, but it's a work that would have to
be done otherwise by the reviewer, at least to test the wasm stuff.

Toggle quote (9 lines)
>> Is there further guidance on where the WASM toolchain packages
>> should be placed?  It seemed there was objection to having them in
>> (gnu packages wasm), but nobody has proposed an alternate location
>> or engaged with the options I presented.
> Unless there's a strong reason not to, I'd place them among the
> existing ones in (gnu packages web).
>
> WDYT?

Agreed.
C
C
Clément Lassieur wrote on 21 Feb 12:49 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Ian Eure)(address . ian@retrospec.tv)
87bk8aqbp0.fsf@lassieur.org
On Sat, Feb 17 2024, Ian Eure wrote:

Toggle quote (17 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Wed, Feb 14 2024, Mark H Weaver wrote:
>>
>>> Ian Eure <ian@retrospec.tv> writes:
>>>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>>>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.
>>>
>>> The commit log should mention the changes to 'icecat-minimal' and
>>> 'make-torbrowser'. Otherwise, looks good to me.
>>
>> I pushed this one (with small commit message updates), so we can have a
>> feeling that things are advancing :)
>>
>
> Thank you. Do you think the nss patch is also mergeable?

Do we know why this patch is necessary for librewolf and not for other
ESR based browsers?
M
M
Mark H Weaver wrote on 21 Feb 15:32 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Ian Eure)(address . ian@retrospec.tv)
87a5nt51lr.fsf@netris.org
Hi Ian,

Clément Lassieur <clement@lassieur.org> asked Ian Eure:
Toggle quote (3 lines)
> And if you can explain why is Mullvad Browser not "great for daily use"
> that would be great. https://logs.guix.gnu.org/guix/2024-02-20.log

I see that you also wrote about GNU IceCat in the cited IRC log:

ieure (apparently Ian Eure) wrote on the #guix IRC channel:
Toggle quote (3 lines)
> [...] IceCat, which is weirdware Firefox that won't run non-GPL'd
> JavaScript out of the box [...]

For the record, this statement is incorrect. IceCat _will_ run
"non-GPL'd JavaScript" out of the box. IceCat will, by default, run
trivial JavaScript regardless of license, and it will also run
nontrivial JavaScript that's marked as having a known free software
license. There is no requirement that the JavaScript be covered by the
GNU GPL. It's also easy to add sites to the whitelist, or to disable
LibreJS entirely.

I have no idea what you meant by "weirdware". Can you please explain
what you meant by that?

Thanks,
Mark
I
I
Ian Eure wrote on 22 Feb 02:07 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Clément Lassieur)(address . clement@lassieur.org)
87cysp47x5.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (27 lines)
> On Sat, Feb 17 2024, Ian Eure wrote:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> On Wed, Feb 14 2024, Mark H Weaver wrote:
>>>
>>>> Ian Eure <ian@retrospec.tv> writes:
>>>>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>>>>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete
>>>>> variable.
>>>>
>>>> The commit log should mention the changes to 'icecat-minimal'
>>>> and
>>>> 'make-torbrowser'. Otherwise, looks good to me.
>>>
>>> I pushed this one (with small commit message updates), so we
>>> can have a
>>> feeling that things are advancing :)
>>>
>>
>> Thank you. Do you think the nss patch is also mergeable?
>
> Do we know why this patch is necessary for librewolf and not for
> other
> ESR based browsers?
>

LibreWolf is based on standard Firefox releases, not ESR; that may
account for it, but I don’t know for sure.

Thanks,

— Ian
I
I
Ian Eure wrote on 22 Feb 01:07 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Clément Lassieur)(address . clement@lassieur.org)
878r3d47bw.fsf@retrospec.tv
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (35 lines)
> On Wed, Feb 21 2024, Liliana Marie Prikler wrote:
>> Am Dienstag, dem 20.02.2024 um 18:18 -0800 schrieb Ian Eure:
>>> Clément Lassieur <clement@lassieur.org> writes:
>>>
>>> > > Are you saying you want a process like:
>>> > >
>>> > > 1a. Get wasm toolchain stuff merged.
>>> > > 1b. Get Librewolf merged without WASM sandboxing.
>>> > > 2. Update icecat, torbrowser, mullvad, and librewolf to
>>> > > use
>>> > > WASM sandboxing.
>>> >
>>> > Excatly.  1b can be done after 1a, or before 1a.
>>> >
>>>
>>> Is there a technical reason why landing WASM sandboxing
>>> support
>>> for all browsers in the same patch is desirable?  I can intuit
>>> none, and as I’m disinclined to either roll back portions of
>>> my
>>> existing patchset, or work on other browsers, the proposal is
>>> disagreeable.
>> I think this ordering is w.r.t. *patch sets*, not patches. I
>> wouldn't
>> suggest dropping four packages into one patch.
>
> Indeed I've never said it should be done in one patch. I said
> one-shot
> as in ‘symmetrical’: the work required to add Wasm to our
> browsers
> should be more or less the same for all browsers, and code
> duplication
> should be avoided.
>

Forgive me for my imprecision, and thank you for the explanation.
Unfortunately, the distinction makes little difference to me, as
it still would require me to do work I’m unwilling to do. My
unwillingness has less to do with the amount of work than its
scope: My goal is to get LibreWolf into Guix, and I simply have no
desire or motivation to work on other browsers.

I think the best course of action is to reduce scope by removing
the WASM component of this patch series entirely. I’d send a new
patch series without the WASM toolchain packages, and with WASM
sandboxing disabled in the LibreWolf package. The official
LibreWolf binaries don’t appear to have this enabled, so no
hardening would be sacrified vs. LibreWolf installed any other
way. And since I’m not the original author of the WASM packages,
and not well-positioned to address problems with them, omitting
them seems likely to circumvent difficulties in the review process
and support of those.

What do you think?

Thanks,

— Ian
C
C
Clément Lassieur wrote on 22 Feb 11:21 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Ian Eure)(address . ian@retrospec.tv)
87y1bcvlxg.fsf@lassieur.org
On Wed, Feb 21 2024, Ian Eure wrote:

Toggle quote (28 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Sat, Feb 17 2024, Ian Eure wrote:
>>
>>> Clément Lassieur <clement@lassieur.org> writes:
>>>
>>>> On Wed, Feb 14 2024, Mark H Weaver wrote:
>>>>
>>>>> Ian Eure <ian@retrospec.tv> writes:
>>>>>> * gnu/packages/icu4c.scm (icu4c-73): New variable.
>>>>>> * gnu/packages/gnuzilla.scm (icu4c-73-promise): Delete variable.
>>>>>
>>>>> The commit log should mention the changes to 'icecat-minimal' and
>>>>> 'make-torbrowser'. Otherwise, looks good to me.
>>>>
>>>> I pushed this one (with small commit message updates), so we can have a
>>>> feeling that things are advancing :)
>>>>
>>>
>>> Thank you. Do you think the nss patch is also mergeable?
>>
>> Do we know why this patch is necessary for librewolf and not for other
>> ESR based browsers?
>>
>
> LibreWolf is based on standard Firefox releases, not ESR; that may account for
> it, but I don’t know for sure.

I'm just confused by the description:

Toggle quote (5 lines)
> + (description
> + "Full-featured browser client built from Firefox source tree, without
> +the official icon and the name \"firefox\". This is the Extended Support
> +Release (ESR) version.")

Clément
C
C
Clément Lassieur wrote on 22 Feb 11:19 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Ian Eure)(address . ian@retrospec.tv)
8734tkx0mg.fsf@lassieur.org
On Wed, Feb 21 2024, Ian Eure wrote:

Toggle quote (31 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Wed, Feb 21 2024, Liliana Marie Prikler wrote:
>>> Am Dienstag, dem 20.02.2024 um 18:18 -0800 schrieb Ian Eure:
>>>> Clément Lassieur <clement@lassieur.org> writes:
>>>> > > Are you saying you want a process like:
>>>> > > > > 1a. Get wasm toolchain stuff merged.
>>>> > > 1b. Get Librewolf merged without WASM sandboxing.
>>>> > > 2. Update icecat, torbrowser, mullvad, and librewolf to > > use > >
>>>> WASM sandboxing.
>>>> > > Excatly.  1b can be done after 1a, or before 1a.
>>>> > Is there a technical reason why landing WASM sandboxing support for all
>>>> browsers in the same patch is desirable?  I can intuit none, and as I’m
>>>> disinclined to either roll back portions of my existing patchset, or work
>>>> on other browsers, the proposal is disagreeable.
>>> I think this ordering is w.r.t. *patch sets*, not patches. I wouldn't
>>> suggest dropping four packages into one patch.
>>
>> Indeed I've never said it should be done in one patch. I said one-shot
>> as in ‘symmetrical’: the work required to add Wasm to our browsers
>> should be more or less the same for all browsers, and code duplication
>> should be avoided.
>>
>
> Forgive me for my imprecision, and thank you for the
> explanation. Unfortunately, the distinction makes little difference to me, as
> it still would require me to do work I’m unwilling to do. My unwillingness
> has less to do with the amount of work than its scope: My goal is to get
> LibreWolf into Guix, and I simply have no desire or motivation to work on
> other browsers.

Firefox based browsers are closely related. Sounds impossible to me to
really do good work on one of them without touching the other ones.

Toggle quote (11 lines)
> I think the best course of action is to reduce scope by removing the WASM
> component of this patch series entirely. I’d send a new patch series without
> the WASM toolchain packages, and with WASM sandboxing disabled in the
> LibreWolf package. The official LibreWolf binaries don’t appear to have this
> enabled, so no hardening would be sacrified vs. LibreWolf installed any other
> way. And since I’m not the original author of the WASM packages, and not
> well-positioned to address problems with them, omitting them seems likely to
> circumvent difficulties in the review process and support of those.
>
> What do you think?

Sounds good. And we can add WASM later.
M
M
Mark H Weaver wrote on 22 Feb 15:34 +0100
Re: [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c.
(name . Ian Eure)(address . ian@retrospec.tv)
8734tk4lf5.fsf@netris.org
Hi Ian,

Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (7 lines)
> I'm just confused by the description:
>
>> + (description
>> + "Full-featured browser client built from Firefox source tree, without
>> +the official icon and the name \"firefox\". This is the Extended Support
>> +Release (ESR) version.")

The description above, apparently written by you, states that this
browser is "Full-featured", and the only differences mentioned between
Firefox and Librewolf are that it lacks the "official icon and the name
'firefox'".

Note that Firefox does not comply with the GNU FSDG. For example,
Firefox supports EME, and that it also steers users towards nonfree
software, notably nonfree addons. Therefore Firefox is not included in
Guix.

Can you tell me more about the differences between Firefox and
Librewolf?

Thanks,
Mark
I
I
Ian Eure wrote on 23 Feb 01:56 +0100
(name . Mark H Weaver)(address . mhw@netris.org)
871q94t26y.fsf@retrospec.tv
Hi Mark,

Mark H Weaver <mhw@netris.org> writes:

Toggle quote (22 lines)
> Hi Ian,
>
> Clément Lassieur <clement@lassieur.org> writes:
>
>> I'm just confused by the description:
>>
>>> + (description
>>> + "Full-featured browser client built from Firefox source
>>> tree, without
>>> +the official icon and the name \"firefox\". This is the
>>> Extended Support
>>> +Release (ESR) version.")
>
> The description above, apparently written by you, states that
> this
> browser is "Full-featured", and the only differences mentioned
> between
> Firefox and Librewolf are that it lacks the "official icon and
> the name
> 'firefox'".
>

Thank you for bringing this to my attention. This is an artifact
of the Firefox package definition I based this on, and isn’t an
accurate description of LibreWolf. I’ll correct this in the next
version.


Toggle quote (12 lines)
> Note that Firefox does not comply with the GNU FSDG. For
> example,
> Firefox supports EME, and that it also steers users towards
> nonfree
> software, notably nonfree addons. Therefore Firefox is not
> included in
> Guix.
>
> Can you tell me more about the differences between Firefox and
> Librewolf?
>

I can’t enumerate every difference; if you have a question about
specific feature(s), I’d be happy to answer that. In general:

- LibreWolf permits use of their name and logo.
- Telemetry is disabled.
- User-hostile things like ads for Mozilla VPN are removed.
- DRM is disabled by default (but can be enabled by the user).
- Default settings have been adjusted for more security and/or
privacy.

This feature list covers most of the changes:

Additionally, the patch I submitted builds LibreWolf without EME
support (which is what the other Firefox forks in Guix do); and
uses GNU Mozzarella for extensions.

Thanks,

— Ian
I
I
Ian Eure wrote on 25 Feb 01:53 +0100
[PATCH v5 0/2] Add LibreWolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1708822278.git.ian@retrospec.tv
Vs. the previous patch series, this:

- Corrects package home-page, synopsis, and description.
- Removes "firefox" language in comments.
- Updates to LibreWolf 123.0-1 and update %librewolf-build-id.
- Removes WASM sandboxing, wasi-libc, etc.
- Corrects most linter issues. I don't know how to correct the remaining items, or how big a deal they are. Guidance would be appreciated here.

Ian Eure (2):
gnu: nss: Update to 3.97.
gnu: Add librewolf.

gnu/packages/certs.scm | 4 +-
gnu/packages/librewolf.scm | 638 +++++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 6 +-
3 files changed, 643 insertions(+), 5 deletions(-)
create mode 100644 gnu/packages/librewolf.scm


base-commit: 05bbe9993f687da1fd684a31474c621f2a1c37b2
--
2.41.0
I
I
Ian Eure wrote on 25 Feb 01:53 +0100
[PATCH v5 2/2] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
7affbd74977d48b8962bebf7a1d76fd05f93a6b0.1708822278.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 638 +++++++++++++++++++++++++++++++++++++
1 file changed, 638 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (385 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..a1f0e984d6
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,638 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build librewolf, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+(define %librewolf-build-id "20240224100924")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "123.0-1")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "050kg717jy70fvjfh91aydmq25mqaz6cbf9cqsdsgh6hvpxrw873"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--without-wasm-sandboxed-libraries"
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow the sandbox to read the store directory,
+ ;; because the sandbox has access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",")
+ ""))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute
+ file
+ `((,(format #f "~s" lib) unquote
+ (lambda (line _)
+ (string-replace-substring
+ line lib
+ (string-append #$speech-dispatcher
+ "/lib/" lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Build will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does it
+ ;; build on non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build '1fix-addons-placeholder
+ (lambda _
+ (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org")
+ "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store-references
+ (lambda _
+ ;; Mangle the store references to compilers &
+ ;; other build tools in about:buildconfig,
+ ;; reducing the package's closure by 1 GiB on
+ ;; x86-64.
+ (let* ((build-dir (car (scandir "."
+ (cut string-prefix?
+ "obj-" <>))))
+ (file (string-append build-dir
+ "/dist/bin/chrome/toolkit/"
+ "content/global/buildconfig.html")))
+ (substitute* file
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory)))
+ _ store hash)
+ (string-append store
+ (strin
This message was truncated. Download the full message here.
I
I
Ian Eure wrote on 25 Feb 01:53 +0100
[PATCH v5 1/2] gnu: nss: Update to 3.97.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
6d50ace280feb881bcfb5af5bbc4e661b545c75b.1708822278.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss): Update to 3.97.
* gnu/packages/certs.scm (nss-certs): Update to 3.97.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)

Toggle diff (55 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..2a6106df78 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..268ddaa24f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -106,7 +106,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.97")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -117,7 +117,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "02pscmkp7flawmgwqzr807nsn6kzzw7r7xjbzfql0bpkjf1zp3h7"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -200,7 +200,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.41.0
I
I
Ian Eure wrote on 9 Mar 22:20 +0100
Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
(name . Clément Lassieur)(address . clement@lassieur.org)
87zfv7w16c.fsf@meson
Hello,

Just pinging on this. v5 of the patch reduces scope, as we
discussed; it’s now just a nss update + addition of LibreWolf.

Thanks,

— Ian

Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (70 lines)
> On Wed, Feb 21 2024, Ian Eure wrote:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> On Wed, Feb 21 2024, Liliana Marie Prikler wrote:
>>>> Am Dienstag, dem 20.02.2024 um 18:18 -0800 schrieb Ian Eure:
>>>>> Clément Lassieur <clement@lassieur.org> writes:
>>>>> > > Are you saying you want a process like:
>>>>> > > > > 1a. Get wasm toolchain stuff merged.
>>>>> > > 1b. Get Librewolf merged without WASM sandboxing.
>>>>> > > 2. Update icecat, torbrowser, mullvad, and librewolf to
>>>>> > > > > use > >
>>>>> WASM sandboxing.
>>>>> > > Excatly.  1b can be done after 1a, or before 1a.
>>>>> > Is there a technical reason why landing WASM sandboxing
>>>>> > support for all
>>>>> browsers in the same patch is desirable?  I can intuit none,
>>>>> and as I’m
>>>>> disinclined to either roll back portions of my existing
>>>>> patchset, or work
>>>>> on other browsers, the proposal is disagreeable.
>>>> I think this ordering is w.r.t. *patch sets*, not patches. I
>>>> wouldn't
>>>> suggest dropping four packages into one patch.
>>>
>>> Indeed I've never said it should be done in one patch. I said
>>> one-shot
>>> as in ‘symmetrical’: the work required to add Wasm to our
>>> browsers
>>> should be more or less the same for all browsers, and code
>>> duplication
>>> should be avoided.
>>>
>>
>> Forgive me for my imprecision, and thank you for the
>> explanation. Unfortunately, the distinction makes little
>> difference to me, as
>> it still would require me to do work I’m unwilling to do. My
>> unwillingness
>> has less to do with the amount of work than its scope: My goal
>> is to get
>> LibreWolf into Guix, and I simply have no desire or motivation
>> to work on
>> other browsers.
>
> Firefox based browsers are closely related. Sounds impossible
> to me to
> really do good work on one of them without touching the other
> ones.
>
>> I think the best course of action is to reduce scope by
>> removing the WASM
>> component of this patch series entirely. I’d send a new patch
>> series without
>> the WASM toolchain packages, and with WASM sandboxing disabled
>> in the
>> LibreWolf package. The official LibreWolf binaries don’t
>> appear to have this
>> enabled, so no hardening would be sacrified vs. LibreWolf
>> installed any other
>> way. And since I’m not the original author of the WASM
>> packages, and not
>> well-positioned to address problems with them, omitting them
>> seems likely to
>> circumvent difficulties in the review process and support of
>> those.
>>
>> What do you think?
>
> Sounds good. And we can add WASM later.
R
R
Romain Garbage wrote on 13 Mar 10:07 +0100
Feedback for Librewolf package
(address . 67512@debbugs.gnu.org)(address . ian@retrospec.tv)
1236779570.226874.1710320849955.JavaMail.zimbra@inria.fr
Hello,

I tested the v5 of the patch series, applied on guix master 0547fe862c.

Both patches apply and compile cleanly.

I then launched Librewolf through `./pre-inst-env guix shell librewolf -- librewolf`.

I got an error window with the following error message: "Configuration Error: Failed to read the configuration file. Please contact your system administrator."

and the following error messages in console:

```
JavaScript error: librewolf.cfg, line 545: SyntaxError: missing ) in parenthetical
JavaScript warning: resource://services-settings/Utils.sys.mjs, line 57: unreachable code after return statement
console.error: "formatURLPref: Couldn't get pref: " "startup.homepage_welcome_url.additional"
console.error: "Ignoring protocol handler for mailto without a uriTemplate!"
console.error: ({})
JavaScript error: resource://activity-stream/lib/TelemetryFeed.jsm, line 1066: Error: Failed to load chrome://pocket/content/pktApi.sys.mjs
JavaScript error: resource://gre/modules/PromiseWorker.sys.mjs, line 96: Error: Could not get children of file(/home/romain/.librewolf/rhx67hr4.default/thumbnails) because it does not exist
console.error: "about:home startup cache construction failed:" (new TypeError("sectionOrder is undefined", "resource://activity-stream/data/content/activity-stream.bundle.js", 7802))
console.error: "update.locale" " file doesn't exist in either the application or GRE directories"
console.error: services.settings:
main/search-config Signature failed InvalidSignatureError: Invalid content signature (main/search-config) using 'remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain'
console.error: services.settings:
main/search-config local data was corrupted
console.warn: services.settings: main/search-config Signature verified failed. Retry from scratch
```

After closing the error window, the browser launched properly and could be used to browse the web.

I closed it and launched it again and got the same error window, then the browser started again (same behaviour).

I tried to install an add-on from `about:addons`, I got redirected to https://addons.mozilla.orgeventhough gnuzilla.gnu.org is mentioned in the search bar.
The Firefox addons website doesn't recognise Librewolf as a Firefox compatible browser and suggests to install Firefox instead of the addon installation.

I don't know if these issues are related to the guix package, although I have been using Librewolf in NixOS during one year as a daily driver and never ran into these issues.

If you need more testing or details, feel free to ask :)

Have a nice day,
Romain
I
I
Ian Eure wrote on 15 Mar 15:05 +0100
(name . Romain Garbage)(address . romain.garbage@inria.fr)(address . 67512@debbugs.gnu.org)
87sf0r1t7y.fsf@retrospec.tv
Hi Romain,

This is indeed a bug, I was missing parens around a string-append
call, which broke the preferences file. I saw the error you
mention, but thought my user preferences were broken in some way
by the many short-lived local builds I’ve run.

I’ll have a fixed patch soon. Thank you very much for taking the
time to try things out and letting me know about this problem.

— Ian

Romain Garbage <romain.garbage@inria.fr> writes:

Toggle quote (83 lines)
> Hello,
>
> I tested the v5 of the patch series, applied on guix master
> 0547fe862c.
>
> Both patches apply and compile cleanly.
>
> I then launched Librewolf through `./pre-inst-env guix shell
> librewolf -- librewolf`.
>
> I got an error window with the following error message:
> "Configuration
> Error: Failed to read the configuration file. Please contact
> your
> system administrator."
>
> and the following error messages in console:
>
> ```
> JavaScript error: librewolf.cfg, line 545: SyntaxError: missing
> ) in parenthetical
> JavaScript warning: resource://services-settings/Utils.sys.mjs,
> line 57: unreachable code after return statement
> console.error: "formatURLPref: Couldn't get pref: "
> "startup.homepage_welcome_url.additional"
> console.error: "Ignoring protocol handler for mailto without a
> uriTemplate!"
> console.error: ({})
> JavaScript error:
> resource://activity-stream/lib/TelemetryFeed.jsm, line 1066:
> Error: Failed to load chrome://pocket/content/pktApi.sys.mjs
> JavaScript error: resource://gre/modules/PromiseWorker.sys.mjs,
> line
> 96: Error: Could not get children of
> file(/home/romain/.librewolf/rhx67hr4.default/thumbnails)
> because it
> does not exist
> console.error: "about:home startup cache construction failed:"
> (new
> TypeError("sectionOrder is undefined",
> "resource://activity-stream/data/content/activity-stream.bundle.js",
> 7802))
> console.error: "update.locale" " file doesn't exist in either
> the application or GRE directories"
> console.error: services.settings:
> main/search-config Signature failed InvalidSignatureError:
> Invalid
> content signature (main/search-config) using
> 'remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain'
> console.error: services.settings:
> main/search-config local data was corrupted
> console.warn: services.settings: main/search-config Signature
> verified failed. Retry from scratch
> ```
>
> After closing the error window, the browser launched properly
> and could be used to browse the web.
>
> I closed it and launched it again and got the same error window,
> then the browser started again (same behaviour).
>
> I tried to install an add-on from `about:addons`, I got
> redirected to
> https://addons.mozilla.org eventhough gnuzilla.gnu.org is
> mentioned in
> the search bar.
> The Firefox addons website doesn't recognise Librewolf as a
> Firefox
> compatible browser and suggests to install Firefox instead of
> the
> addon installation.
>
> I don't know if these issues are related to the guix package,
> although
> I have been using Librewolf in NixOS during one year as a daily
> driver
> and never ran into these issues.
>
> If you need more testing or details, feel free to ask :)
>
> Have a nice day,
> Romain
>
I
I
Ian Eure wrote on 29 Mar 23:34 +0100
[PATCH v6 0/2] Add LibreWolf
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1711751402.git.ian@retrospec.tv
- Updates LibreWolf to 124.0.1-1, which fixes numerous important security issues from upstream Firefox 123.x and 124.0.
- Updates nss to 3.98, required by LW 124.0.1-1.
- Corrects wrong string-append which broke the preferences file.
- Correct typo’d phase name '1fix-addons-placeholder to 'fix-addons-placeholder.
- Turn code flagged with "TODO turn me back into a loop" back into a loop.

Ian Eure (2):
gnu: nss: Update to 3.98.
gnu: Add librewolf.

gnu/packages/certs.scm | 4 +-
gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 6 +-
3 files changed, 626 insertions(+), 5 deletions(-)
create mode 100644 gnu/packages/librewolf.scm


base-commit: 423ca234cbd7b4902fd2a3fbc089a6fd57ed5583
--
2.41.0
I
I
Ian Eure wrote on 29 Mar 23:34 +0100
[PATCH v6 1/2] gnu: nss: Update to 3.98.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
c01a1b57aff0e9e0ea999d82f95991a71a8c1bdb.1711751402.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss): Update to 3.98.
* gnu/packages/certs.scm (nss-certs): Update to 3.98.

Change-Id: I443ffb49cffa0985d9c3aa3e9990575ba11edf8a
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)

Toggle diff (55 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..b8d849f49d 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.88.1")
+ (version "3.98")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..fafc377b0b 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -106,7 +106,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.98")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -117,7 +117,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -200,7 +200,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.41.0
I
I
Ian Eure wrote on 29 Mar 23:34 +0100
[PATCH v6 2/2] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
3d9dfa681c4b4acfdccaf46fb34d345013f1f5bc.1711751402.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
1 file changed, 621 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (385 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..2b20b90655
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,621 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build librewolf, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+;; ex: date '+%Y%m%d%H%M%S'
+(define %librewolf-build-id "20240326080003")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "124.0.1-1")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "1sks49nywzhvq5mik4ipm3vyyxv49s9hq6bfyk5d9r6f0nlydllf"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--without-wasm-sandboxed-libraries"
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow the sandbox to read the store directory,
+ ;; because the sandbox has access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute
+ file
+ `((,(format #f "~s" lib) unquote
+ (lambda (line _)
+ (string-replace-substring
+ line lib
+ (string-append #$speech-dispatcher
+ "/lib/" lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Build will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does it
+ ;; build on non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org")
+ "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store-references
+ (lambda _
+ ;; Mangle the store references to compilers &
+ ;; other build tools in about:buildconfig,
+ ;; reducing the package's closure by 1 GiB on
+ ;; x86-64.
+ (let* ((build-dir (car (scandir "."
+ (cut string-prefix?
+ "obj-" <>))))
+ (file (string-append build-dir
+ "/dist/bin/chrome/toolkit/"
+ "content/global/buildconfig.html")))
+ (substitute* file
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory)))
+ _ store hash)
+ (string-append store
+
This message was truncated. Download the full message here.
I
I
Ian Eure wrote on 6 Apr 17:04 +0200
[PATCH v7 0/3] Add LibreWolf
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1712415593.git.ian@retrospec.tv
Moves nss update to nss-3.98 / nss-certs-3.98 to avoid rebuilding thousands of packages.

Rebases.

Ian Eure (3):
gnu: Add nss-3.98.
gnu: Add nss-certs-3.98.
gnu: Add librewolf.

gnu/packages/certs.scm | 16 +
gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 45 +++
3 files changed, 682 insertions(+)
create mode 100644 gnu/packages/librewolf.scm


base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
--
2.41.0
I
I
Ian Eure wrote on 6 Apr 17:04 +0200
[PATCH v7 2/3] gnu: Add nss-certs-3.98.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
fdd0f110e5bf7177e5fad5d93eb4df767599d928.1712415593.git.ian@retrospec.tv
* gnu/packages/certs.scm (nss-certs-3.98): New variable.

Change-Id: I95b54781c7b85f1d6b54158c6b906116791e009c
---
gnu/packages/certs.scm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)

Toggle diff (29 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 58b4d50ec8..7078c7c8d1 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -188,6 +188,22 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
+(define-public nss-certs-3.98
+ (package
+ (inherit nss-certs)
+ (version "3.98")
+ (source (origin
+ (method url-fetch)
+ (uri (let ((version-with-underscores
+ (string-join (string-split version #\.) "_")))
+ (string-append
+ "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
+ "releases/NSS_" version-with-underscores "_RTM/src/"
+ "nss-" version ".tar.gz")))
+ (sha256
+ (base32
+ "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+
(define-public le-certs
(package
(name "le-certs")
--
2.41.0
I
I
Ian Eure wrote on 6 Apr 17:04 +0200
[PATCH v7 1/3] gnu: Add nss-3.98.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
3db6c1dd76de00bee42833d2286cf916444cd49e.1712415593.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss-3.98): New variable.

Change-Id: If54ba20d296da2f4edd444c7cfa223a2d5a9ecb8
---
gnu/packages/nss.scm | 45 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)

Toggle diff (55 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 54b9e5041a..14612d7ce9 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -241,3 +241,48 @@ (define-public nss
security standards.")
(license license:mpl2.0)))
+(define-public nss-3.98
+ (package
+ (inherit nss)
+ (version "3.98")
+ (source (origin
+ (method url-fetch)
+ (uri (let ((version-with-underscores
+ (string-join (string-split version #\.) "_")))
+ (string-append
+ "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
+ "releases/NSS_" version-with-underscores "_RTM/src/"
+ "nss-" version ".tar.gz")))
+ (sha256
+ (base32
+ "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))
+ ;; Create nss.pc and nss-config.
+ (patches (search-patches "nss-3.56-pkgconfig.patch"
+ "nss-getcwd-nonnull.patch"
+ "nss-increase-test-timeout.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Delete the bundled copy of these libraries.
+ (delete-file-recursively "nss/lib/zlib")
+ (delete-file-recursively "nss/lib/sqlite")))))
+ (arguments
+ (substitute-keyword-arguments (package-arguments nss)
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (if tests?
+ (begin
+ ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for
+ ;; testing. The latter requires a working DNS or /etc/hosts.
+ (setenv "DOMSUF" "localdomain")
+ (setenv "USE_IP" "TRUE")
+ (setenv "IP_ADDRESS" "127.0.0.1")
+
+ ;; The "PayPalEE.cert" certificate expires every six months,
+ ;; leading to test failures:
+ ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
+ ;; work around that, set the time to roughly the release date.
+ (invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
+ (format #t "test suite not run~%"))))))))))
--
2.41.0
I
I
Ian Eure wrote on 6 Apr 17:04 +0200
[PATCH v7 3/3] gnu: Add librewolf.
(address . 67512@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
2be94f3d5ea0a72bd6acfeb3698264a56d774d9b.1712415593.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): New variable.

Change-Id: I98b6410582b856ede83b79637a58e66d6e5832e6
---
gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
1 file changed, 621 insertions(+)
create mode 100644 gnu/packages/librewolf.scm

Toggle diff (385 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
new file mode 100644
index 0000000000..4804a872ce
--- /dev/null
+++ b/gnu/packages/librewolf.scm
@@ -0,0 +1,621 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2015, 2024 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Nikita <nikita@n0.is>
+;;; Copyright © 2017, 2018 ng0 <gillmann@infotropique.org>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Jakub K?dzio?ka <kuba@kadziolka.net>
+;;; Copyright © 2019, 2020 Adrian Malacoda <malacoda@monarch-pass.net>
+;;; Copyright © 2020-2023 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2020 Zhu Zihao <all_but_last@163.com>
+;;; Copyright © 2021 pineapples <guixuser6392@protonmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
+;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu packages librewolf)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix build-system cargo)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module ((guix build utils) #:select (alist-replace))
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages crates-io)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages hunspell)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages libcanberra)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
+ #:use-module (gnu packages m4)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages nss)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages rust)
+ #:use-module (gnu packages rust-apps)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages sqlite)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+;; Define the versions of rust needed to build librewolf, trying to match
+;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
+;; https://searchfox.org under the particular firefox release, like
+;; mozilla-esr102.
+(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+
+;; Update this id with every update to its release date.
+;; It's used for cache validation and therefore can lead to strange bugs.
+;; ex: date '+%Y%m%d%H%M%S'
+(define %librewolf-build-id "20240326080003")
+
+(define-public librewolf
+ (package
+ (name "librewolf")
+ (version "124.0.1-1")
+ (source
+ (origin
+ (method url-fetch)
+
+ (uri (string-append "https://gitlab.com/api/v4/projects/32320088/"
+ "packages/generic/librewolf-source/"
+ version
+ "/librewolf-"
+ version
+ ".source.tar.gz"))
+ (sha256
+ (base32 "1sks49nywzhvq5mik4ipm3vyyxv49s9hq6bfyk5d9r6f0nlydllf"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list
+ #:configure-flags #~(let ((clang #$(this-package-native-input "clang")))
+ `("--enable-application=browser"
+
+ ;; Configuration
+ "--without-wasm-sandboxed-libraries"
+ "--with-system-jpeg"
+ "--with-system-zlib"
+ "--with-system-png"
+ "--with-system-webp"
+ "--with-system-icu"
+ "--with-system-libvpx"
+ "--with-system-libevent"
+ "--with-system-ffi"
+ "--enable-system-pixman"
+ "--enable-jemalloc"
+
+ ;; see https://bugs.gnu.org/32833
+ "--with-system-nspr"
+ "--with-system-nss"
+
+ ,(string-append "--with-clang-path=" clang
+ "/bin/clang")
+ ,(string-append "--with-libclang-path=" clang
+ "/lib")
+
+ ;; Distribution
+ "--with-distribution-id=org.guix"
+ "--with-app-name=librewolf"
+ "--with-app-basename=LibreWolf"
+ "--with-branding=browser/branding/librewolf"
+
+ ;; Features
+ "--disable-tests"
+ "--disable-updater"
+ "--enable-pulseaudio"
+ "--disable-crashreporter"
+ "--allow-addon-sideload"
+ "--with-unsigned-addon-scopes=app,system"
+ "--disable-eme"
+
+ ;; Build details
+ "--disable-debug"
+ "--enable-rust-simd"
+ "--enable-release"
+ "--enable-optimize"
+ "--enable-strip"
+ "--enable-hardening"
+ "--disable-elf-hack"))
+ #:imported-modules %cargo-utils-modules
+ #:modules `((ice-9 regex)
+ (ice-9 string-fun)
+ (ice-9 ftw)
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (rnrs bytevectors)
+ (rnrs io ports)
+ (guix elf)
+ (guix build gremlin)
+ ,@%gnu-build-system-modules)
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-preferences
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((port (open-file "browser/app/profile/firefox.js"
+ "a")))
+ (define (write-setting key value)
+ (format port "~%pref(\"~a\", ~a);~%" key value)
+ (format #t
+ "fix-preferences: setting value of ~a to ~a~%" key
+ value))
+
+ ;; We should allow the sandbox to read the store directory,
+ ;; because the sandbox has access to /usr on FHS distros.
+ (write-setting
+ "security.sandbox.content.read_path_whitelist"
+ (string-append "\""
+ (%store-directory) "/\""))
+
+ ;; XDG settings should be managed by Guix.
+ (write-setting "browser.shell.checkDefaultBrowser"
+ "false")
+ (close-port port))))
+ (add-after 'fix-preferences 'fix-ffmpeg-runtime-linker
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((ffmpeg (assoc-ref inputs "ffmpeg"))
+ (libavcodec (string-append ffmpeg
+ "/lib/libavcodec.so")))
+ ;; Arrange to load libavcodec.so by its absolute file name.
+ (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
+ (("libavcodec\\.so")
+ libavcodec)))))
+ (add-after 'patch-source-shebangs 'patch-cargo-checksums
+ (lambda _
+ (use-modules (guix build cargo-utils))
+ (let ((null-hash
+ ;; This is the SHA256 output of an empty string.
+ (string-append
+ "e3b0c44298fc1c149afbf4c8996fb924"
+ "27ae41e4649b934ca495991b7852b855")))
+ (for-each (lambda (file)
+ (format #t
+ "patch-cargo-checksums: patching checksums in ~a~%"
+ file)
+ (substitute* file
+ (("(checksum = )\".*\"" all name)
+ (string-append name "\"" null-hash
+ "\""))))
+ (find-files "." "Cargo\\.lock$"))
+ (for-each generate-all-checksums
+ '("build" "dom/media"
+ "dom/webauthn"
+ "gfx"
+ "intl"
+ "js"
+ "media"
+ "modules"
+ "mozglue/static/rust"
+ "netwerk"
+ "remote"
+ "security/manager/ssl"
+ "servo"
+ "storage"
+ "third_party/rust"
+ "toolkit"
+ "xpcom/rust"
+ "services")))))
+ (add-after 'patch-cargo-checksums 'remove-cargo-frozen-flag
+ (lambda _
+ ;; Remove --frozen flag from cargo invokation, otherwise it'll
+ ;; complain that it's not able to change Cargo.lock.
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
+ (substitute* "build/RunCbindgen.py"
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
+ (delete 'bootstrap)
+ (add-before 'configure 'patch-SpeechDispatcherService.cpp
+ (lambda _
+ (let* ((lib "libspeechd.so.2")
+ (file (string-append
+ "dom/media/webspeech/synth/"
+ "speechd/SpeechDispatcherService.cpp"))
+ (old-content (call-with-input-file file
+ get-string-all)))
+ (substitute
+ file
+ `((,(format #f "~s" lib) unquote
+ (lambda (line _)
+ (string-replace-substring
+ line lib
+ (string-append #$speech-dispatcher
+ "/lib/" lib))))))
+ (if (string=? old-content
+ (call-with-input-file file
+ get-string-all))
+ (error
+ "substitute did nothing, phase requires an update")))))
+ (add-before 'configure 'set-build-id
+ ;; Build will write the timestamp to output, which is harmful
+ ;; for reproducibility, so change it to a fixed date. Use a
+ ;; separate phase for easier modification with inherit.
+ (lambda _
+ (setenv "MOZ_BUILD_DATE"
+ #$%librewolf-build-id)))
+ (replace 'configure
+ (lambda* (#:key inputs outputs configure-flags
+ #:allow-other-keys)
+ (setenv "AUTOCONF"
+ (string-append (assoc-ref inputs "autoconf")
+ "/bin/autoconf"))
+ (setenv "SHELL"
+ (which "bash"))
+ (setenv "CONFIG_SHELL"
+ (which "bash"))
+ (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE"
+ "system")
+ ;; This should use the host info probably (does it
+ ;; build on non-x86_64 though?)
+ (setenv "GUIX_PYTHONPATH"
+ (string-append (getcwd)
+ "/obj-x86_64-pc-linux-gnu/_virtualenvs/build"))
+
+ ;; Use Clang, Clang is 2x faster than GCC
+ (setenv "AR" "llvm-ar")
+ (setenv "NM" "llvm-nm")
+ (setenv "CC" "clang")
+ (setenv "CXX" "clang++")
+ (setenv "MOZ_NOSPAM" "1")
+ (setenv "MOZ_APP_NAME" "librewolf")
+
+ (setenv "MOZBUILD_STATE_PATH"
+ (getcwd))
+
+ (let* ((mozconfig (string-append (getcwd) "/mozconfig"))
+ (out (assoc-ref outputs "out"))
+ (flags (cons (string-append "--prefix=" out)
+ configure-flags)))
+ (format #t "build directory: ~s~%"
+ (getcwd))
+ (format #t "configure flags: ~s~%" flags)
+
+ (define write-flags
+ (lambda flags
+ (display (string-join (map (cut string-append
+ "ac_add_options " <>)
+ flags) "\n"))
+ (display "\n")))
+ (with-output-to-file mozconfig
+ (lambda ()
+ (apply write-flags flags)
+ ;; The following option unsets Telemetry
+ ;; Reporting. With the Addons Fiasco,
+ ;; Mozilla was found to be collecting
+ ;; user's data, including saved passwords
+ ;; and web form data, without users
+ ;; consent. Mozilla was also found
+ ;; shipping updates to systems without
+ ;; the user's knowledge or permission.
+ ;; As a result of this, use the following
+ ;; command to permanently disable
+ ;; telemetry reporting.
+ (display "unset MOZ_TELEMETRY_REPORTING\n")
+ (display "mk_add_options MOZ_CRASHREPORTER=0\n")
+ (display "mk_add_options MOZ_DATA_REPORTING=0\n")
+ (display
+ "mk_add_options MOZ_SERVICES_HEALTHREPORT=0")
+ (display
+ "mk_add_options MOZ_TELEMETRY_REPORTING=0")))
+ (setenv "MOZCONFIG" mozconfig))
+ (invoke "./mach" "configure")))
+ (add-before 'build 'fix-addons-placeholder
+ (lambda _
+ (substitute* "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
+ (("addons.mozilla.org")
+ "gnuzilla.gnu.org"))))
+ (replace 'build
+ (lambda* (#:key (make-flags '())
+ (parallel-build? #t) #:allow-other-keys)
+ (apply invoke "./mach" "build"
+ ;; mach will use parallel build if possible by default
+ `(,@(if parallel-build?
+ '()
+ '("-j1")) ,@make-flags))))
+ (add-after 'build 'neutralise-store-references
+ (lambda _
+ ;; Mangle the store references to compilers &
+ ;; other build tools in about:buildconfig,
+ ;; reducing the package's closure by 1 GiB on
+ ;; x86-64.
+ (let* ((build-dir (car (scandir "."
+ (cut string-prefix?
+ "obj-" <>))))
+ (file (string-append build-dir
+ "/dist/bin/chrome/toolkit/"
+ "content/global/buildconfig.html")))
+ (substitute* file
+ (((format #f "(~a/)([0-9a-df-np-sv-z]{32})"
+ (regexp-quote (%store-directory)))
+ _ store hash)
+ (string-append store
+
This message was truncated. Download the full message here.
S
S
Sharlatan Hellseher wrote on 12 Apr 13:32 +0200
[PATCH 0/5] Add LibreWolf
(address . 67512@debbugs.gnu.org)
87jzl27r4q.fsf@gmail.com
Hi Guix team!

It would be great to have one more modern and libre web browser in the
Guix's belt!

I've managed to build and run it successfully by applying patch directly
from QA, thanks Andrew Tropin <andrew@trop.in> for the snippet.

Toggle snippet (6 lines)
guix time-machine \
--url='https://git.guix-patches.cbaines.net/git/guix-patches' \
--branch=issue-67512 \
--disable-authentication -- shell librewolf -- librewolf

--
Oleg
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmEeB3micIcJkGAhndtcnv/Ys0rUFAmYZG+UACgkQdtcnv/Ys
0rXyYA/+L8+9hQjzdZDff2uCQ0nP9n1HZc8T2CZnBt070fzpzg28+rtVW2pE/XKK
ztYqMGTJF0EkiiUPFnTxrfbzyRFSGBjmrxHh8NC8zsEE/xfsjapWcp5PvceCmYti
unOV7nSuoyDcpNqcVJgguZJu2kqKT3lWJKn3sp/hNgEtgwpMeFJy/ZU5h51SAbwJ
6+4lUrfe6KCccn0mUl16liSSBp0xIm5LGylxQVpwLsfS617bz5wp/A2m8qAIZRBa
0AZ+6vCTi+UHCB5LdJy7ES8tSP2umDFjL+FmUzB7LRbJulnjz0bGt9k3cjf+zYs+
/+n8rKoq6mVQMdjtqTfuezCFxYgZ9+ACnP9J9eGrXy0xG98D2hD6fFfx52Qk2DTQ
bpWJoXwkrYT/tEpQYbMRnEX4lFgoujK55SwFvuFK2rsMK972qASq5Y7NfTtIUxNv
mXrOxM6OK/MBb1IyxKwYybdla/WIDc6IsdpFPzmh0ozXFdzPCi4nnuu1TThQxut6
I0bQSHrykgu6UzNvmWHr5/HrDHBYGq+JTmSbQy7zIBh3XwZvRXT6RZZ/PAAsVY5R
z9Ko5uClA7ZWvLjXyY3pPsXLfE1JvlO6/UDigeeA/gv0YIPyJVjZwvSfN8OZKWaM
E5wg325LiphxhdMtOlnGgIE5/HYKXRYpB/uvMPOsWMOFLTtozBY=
=klIG
-----END PGP SIGNATURE-----

A
A
Andrew Tropin wrote on 12 Apr 15:11 +0200
Re: [bug#67512] [PATCH v7 0/3] Add LibreWolf
87jzl27ml2.fsf@trop.in
On 2024-04-06 08:04, Ian Eure wrote:

Toggle quote (18 lines)
> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid rebuilding thousands of packages.
>
> Rebases.
>
> Ian Eure (3):
> gnu: Add nss-3.98.
> gnu: Add nss-certs-3.98.
> gnu: Add librewolf.
>
> gnu/packages/certs.scm | 16 +
> gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
> gnu/packages/nss.scm | 45 +++
> 3 files changed, 682 insertions(+)
> create mode 100644 gnu/packages/librewolf.scm
>
>
> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e

Hi Ian,

tested those patches, didn't notice any issues.

Added pipewire to LD_LIBRARY_PATH to make screensharing on wayland to
work.

Added librewolf.scm to gnu/local.mk.

Pushed as

Thank you very much for you work!

--
Best regards,
Andrew Tropin
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmYZMuoACgkQIgjSCVjB
3rDjeQ//f6Cesd7j687LdkMtqw5wTFi6XCRFXB0CZOz2fvyjKTkG8hBHSKE7hrHb
mPxr2zUZTfBhPQDwzjc+B/Zm0zH8EiH4MtcZ5cgL/0zKbZz1qnIXHYe/+If+u3QA
Qw5uQpdWaz+4oQAY2pWvhsW/x49yJlq7tTaCTapBN6rIl1Kpzle/156ZhIdlqOlZ
MP1KxmtKrifXw+hZqb3WjA3PrORpz/V+odWLlXpgUoXlhhp9Qw9kU4kBl/ZhE/vu
833dZxVqkhi7DR4nhD35M0y6QGSgzhK9ifgOj/Zje7y8i2Wz8ScX/HEpW2gfR9lR
0lKFY3wfsnsrwStCFCEd9B4aelR5nqnWzycyJXNfFY96pJUmsnrCFEz1c1mvabBU
hWCFZWMQEw8CA823GVC2j/IKz7/GZtVqIes0OjV07ezeBwkdhLihuoVNKlipN0uP
0gixLL08RJhbynVp9j2pUx8VerzpltCNX4sVaCGwQJCtOjG077tLi1+Cyx6gnzYj
uLR/ghCC91af40VQ3hxwfBoOMTf6PibPYWxLJ8l8dWxR4btV28v5672j+tOSOxpc
qYrFAK9ErPpGj3YmOI7SjQ0dBregJjeJXj3pIUFwmep7sUPC+2yUZ6wvA/K8k2+8
HbZDdWqq74CsPcM8JstOJCum+o1tgmgfqAPzexj/UjVnI6oipxI=
=1Fr0
-----END PGP SIGNATURE-----

Closed
C
C
Clément Lassieur wrote 2 days ago
Re: bug#67512: [PATCH v7 0/3] Add LibreWolf
(address . 67512@debbugs.gnu.org)
87il03gk24.fsf@lassieur.org
On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:

Toggle quote (34 lines)
> On 2024-04-06 08:04, Ian Eure wrote:
>
>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid rebuilding thousands of packages.
>>
>> Rebases.
>>
>> Ian Eure (3):
>> gnu: Add nss-3.98.
>> gnu: Add nss-certs-3.98.
>> gnu: Add librewolf.
>>
>> gnu/packages/certs.scm | 16 +
>> gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
>> gnu/packages/nss.scm | 45 +++
>> 3 files changed, 682 insertions(+)
>> create mode 100644 gnu/packages/librewolf.scm
>>
>>
>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>
> Hi Ian,
>
> tested those patches, didn't notice any issues.
>
> Added pipewire to LD_LIBRARY_PATH to make screensharing on wayland to
> work.
>
> Added librewolf.scm to gnu/local.mk.
>
> Pushed as
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>
> Thank you very much for you work!

Thank you Andrew for reviewing.

Now that this is pushed, is there anyone maintaining this "librewolf"
package? This is serious work, with security updates quite often.

Right now the package is subject to

CVE-2024-3852 (high)
CVE-2024-3853 (high)
CVE-2024-3854 (high)
CVE-2024-3855 (high)
CVE-2024-3856 (high)
CVE-2024-3857 (high)
CVE-2024-3858 (high)
CVE-2024-3859 (moderate)
CVE-2024-3860 (moderate)
CVE-2024-3861 (moderate)
CVE-2024-3862 (moderate)
CVE-2024-3302 (low)
CVE-2024-3864 (high)
CVE-2024-3865 (high)

Thanks,
Clément
I
I
Ian Eure wrote 46 hours ago
(name . Clément Lassieur)(address . clement@lassieur.org)
87r0eqww7t.fsf@meson
Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (47 lines)
> On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:
>
>> On 2024-04-06 08:04, Ian Eure wrote:
>>
>>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid
>>> rebuilding thousands of packages.
>>>
>>> Rebases.
>>>
>>> Ian Eure (3):
>>> gnu: Add nss-3.98.
>>> gnu: Add nss-certs-3.98.
>>> gnu: Add librewolf.
>>>
>>> gnu/packages/certs.scm | 16 +
>>> gnu/packages/librewolf.scm | 621
>>> +++++++++++++++++++++++++++++++++++++
>>> gnu/packages/nss.scm | 45 +++
>>> 3 files changed, 682 insertions(+)
>>> create mode 100644 gnu/packages/librewolf.scm
>>>
>>>
>>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>>
>> Hi Ian,
>>
>> tested those patches, didn't notice any issues.
>>
>> Added pipewire to LD_LIBRARY_PATH to make screensharing on
>> wayland to
>> work.
>>
>> Added librewolf.scm to gnu/local.mk.
>>
>> Pushed as
>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>>
>> Thank you very much for you work!
>
> Thank you Andrew for reviewing.
>
> Now that this is pushed, is there anyone maintaining this
> "librewolf"
> package? This is serious work, with security updates quite
> often.
>

Hi Clement,

I’m planning to continue sending patches for updates and the like.
Getting a working updater is close to the top of my list.


Toggle quote (18 lines)
> Right now the package is subject to
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>

The version in Guix is the latest available. I’ll send in a patch
when the next release happens; I’m waiting on upstream for that.

Thanks,

— Ian
I
I
Ian Eure wrote 45 hours ago
(name . Clément Lassieur)(address . clement@lassieur.org)
87r0eqekf7.fsf@retrospec.tv
Ian Eure <ian@retrospec.tv> writes:

Toggle quote (80 lines)
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:
>>
>>> On 2024-04-06 08:04, Ian Eure wrote:
>>>
>>>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid
>>>> rebuilding
>>>> thousands of packages.
>>>>
>>>> Rebases.
>>>>
>>>> Ian Eure (3):
>>>> gnu: Add nss-3.98.
>>>> gnu: Add nss-certs-3.98.
>>>> gnu: Add librewolf.
>>>>
>>>> gnu/packages/certs.scm | 16 +
>>>> gnu/packages/librewolf.scm | 621
>>>> +++++++++++++++++++++++++++++++++++++
>>>> gnu/packages/nss.scm | 45 +++
>>>> 3 files changed, 682 insertions(+)
>>>> create mode 100644 gnu/packages/librewolf.scm
>>>>
>>>>
>>>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>>>
>>> Hi Ian,
>>>
>>> tested those patches, didn't notice any issues.
>>>
>>> Added pipewire to LD_LIBRARY_PATH to make screensharing on
>>> wayland
>>> to
>>> work.
>>>
>>> Added librewolf.scm to gnu/local.mk.
>>>
>>> Pushed as
>>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>>>
>>> Thank you very much for you work!
>>
>> Thank you Andrew for reviewing.
>>
>> Now that this is pushed, is there anyone maintaining this
>> "librewolf"
>> package? This is serious work, with security updates quite
>> often.
>>
>
> Hi Clement,
>
> I’m planning to continue sending patches for updates and the
> like. Getting a working updater is close to the top of my list.
>
>
>> Right now the package is subject to
>>
>> CVE-2024-3852 (high)
>> CVE-2024-3853 (high)
>> CVE-2024-3854 (high)
>> CVE-2024-3855 (high)
>> CVE-2024-3856 (high)
>> CVE-2024-3857 (high)
>> CVE-2024-3858 (high)
>> CVE-2024-3859 (moderate)
>> CVE-2024-3860 (moderate)
>> CVE-2024-3861 (moderate)
>> CVE-2024-3862 (moderate)
>> CVE-2024-3302 (low)
>> CVE-2024-3864 (high)
>> CVE-2024-3865 (high)
>>
>
> The version in Guix is the latest available. I’ll send in a
> patch
> when the next release happens; I’m waiting on upstream for that.
>

Okay, I see that I’m incorrect about this -- LibreWolf is moving
onto Codeberg, but I was looking at their GitLab project, which
doesn’t have the recent releases. I’ll get this updated.

Thanks,

— Ian
C
C
Clément Lassieur wrote 30 hours ago
Re: [bug#67512] [PATCH v7 0/3] Add LibreWolf
(name . Ian Eure)(address . ian@retrospec.tv)
87sez5n9py.fsf@lassieur.org
On Sat, Apr 27 2024, Ian Eure wrote:

Toggle quote (8 lines)
>> The version in Guix is the latest available. I’ll send in a patch
>> when the next release happens; I’m waiting on upstream for that.
>>
>
> Okay, I see that I’m incorrect about this -- LibreWolf is moving onto
> Codeberg, but I was looking at their GitLab project, which doesn’t have the
> recent releases. I’ll get this updated.

Great, thank you Ian!
?