Remove mozilla plugin certificates, fixes #112

Via `sed` instead of a patch, in the hope that it might be less of a maintenance burden compared to patch witch changes in the file to patch with subsequent upstream releases. Should only be merged once it's ensured there are no unforseen side effects when built with the Plugin Certificates removed.
2020-04-10 18:22:10 +00:00 · 2020-04-10 18:22:10 +00:00 · b044585b88
parent b210ebd8cf
commit b044585b88
4 changed files with 52 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 This project follows the official Firefox releases, but also uses
 [Arch Linux Package Versioning](https://wiki.archlinux.org/index.php/Arch_package_guidelines#Package_versioning) to mark individual releases in between versions.

+## [75.0-2] - Unreleased
+
+### Added
+
+- DoH disabled by default
+- Remove Internal Plugin Certificates from Mozilla
+
+### Fixed
+
+- Some default addons from Mozilla are now removed (#59)
+
 ## [75.0-1] - 2020-04-08

 ### Added
--- a/18
+++ b/18
@ -7,7 +7,7 @@ pkgname=librewolf
 _pkgname=LibreWolf
 # how to get ci vars instead?
 pkgver=75.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Community-maintained fork of Firefox, focused on privacy, security and freedom."
 arch=(x86_64 aarch64)
 license=(MPL GPL LGPL)
@ -26,11 +26,13 @@ options=(!emptydirs !makeflags !strip)
 source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
        $pkgname.desktop
        "git+https://gitlab.com/${pkgname}-community/browser/common.git"
-        "git+https://gitlab.com/${pkgname}-community/settings.git")
+        "git+https://gitlab.com/${pkgname}-community/settings.git"
+        "remove_addons.patch")
 sha256sums=('bbb1054d8f2717c634480556d3753a8483986af7360e023bb6232df80b746b0f'
            '0471d32366c6f415f7608b438ddeb10e2f998498c389217cdd6cc52e8249996b'
            'SKIP'
-            'SKIP')
+            'SKIP'
+            '24b75ba55cb4a2c9a088a22279a1f07fd3b8f3ef4f47774c0c12b79f4bfad124')

 if [[ $CARCH == 'aarch64' ]]; then
  source+=(arm.patch
@ -124,11 +126,21 @@ ac_add_options --enable-optimize
 END
 fi

+  # Remove some pre-installed addons that might be questionable
+  patch -p1 -i ../remove_addons.patch
+
  # Disabling Pocket
  sed -i "s/'pocket'/#'pocket'/g" browser/components/moz.build
  # this one only to remove an annoying error message:
  sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm

+  # Remove Internal Plugin Certificates
+  _cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
+  _cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
+  _cert_sed+='[[:blank:]]\+}#'
+  _cert_sed+='// NOTE: removed#g'
+  sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
+
  # allow SearchEngines option in non-ESR builds
  sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json

--- a/binary_tarball/scripts/3_Configure_Source_Code.sh
+++ b/binary_tarball/scripts/3_Configure_Source_Code.sh
@ -122,11 +122,21 @@ patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/build-with-libstdc++-7.patch"
 patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/drop-libstdcxx-check.patch"
 patch -p1 -i "${CI_PROJECT_DIR}/deb_patches/add-missing-include-functional.patch"

+# Remove some pre-installed addons that might be questionable
+patch -p1 -i ${CI_PROJECT_DIR}/remove_addons.patch
+
 # Disabling Pocket
 printf "\nDisabling Pocket\n";
 sed -i "s/'pocket'/#'pocket'/g" browser/components/moz.build
 # this one only to remove an annoying error message:
 sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm

+# Remove Internal Plugin Certificates
+_cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
+_cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
+_cert_sed+='[[:blank:]]\+}#'
+_cert_sed+='// NOTE: removed#g'
+sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
+
 # allow SearchEngines option in non-ESR builds
 sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json
--- a/remove_addons.patch
+++ b/remove_addons.patch
@ -0,0 +1,16 @@
+diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
+index 4c9fa78..095d199 100644
+--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
+@@ -5,10 +5,7 @@
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ 
+ DIRS += [
+-    'doh-rollout',
+     'formautofill',
+     'pdfjs',
+-    'screenshots',
+-    'webcompat',
+-    'report-site-issue'
+    'screenshots'
+ ]