summaryrefslogtreecommitdiff
path: root/libre-testing/iceweasel/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'libre-testing/iceweasel/PKGBUILD')
-rw-r--r--libre-testing/iceweasel/PKGBUILD553
1 files changed, 553 insertions, 0 deletions
diff --git a/libre-testing/iceweasel/PKGBUILD b/libre-testing/iceweasel/PKGBUILD
new file mode 100644
index 000000000..635568990
--- /dev/null
+++ b/libre-testing/iceweasel/PKGBUILD
@@ -0,0 +1,553 @@
+# Maintainer (Arch:firefox): Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
+# Contributor (Arch:firefox): Ionut Biru <ibiru@archlinux.org>
+# Contributor (Arch:firefox): Jakub Schmidtke <sjakub@gmail.com>
+
+# Contributor (ConnochaetOS): Henry Jensen <hjensen@connochaetos.org>
+
+# Maintainer: Andreas Grapentin <andreas@grapentin.org>
+# Maintainer: Luke Shumaker <lukeshu@parabola.nu>
+# Contributor: André Silva <emulatorman@hyperbola.info>
+# Contributor: Márcio Silva <coadde@hyperbola.info>
+# Contributor: fauno <fauno@kiwwwi.com.ar>
+# Contributor: vando <facundo@esdebian.org>
+# Contributor: Figue <ffigue at gmail>
+# Contributor: taro-k <taro-k@movasense_com>
+# Contributor: Michał Masłowski <mtjm@mtjm.eu>
+# Contributor: Luke R. <g4jc@openmailbox.org>
+# Contributor: Isaac David <isacdaavid@isacdaavid.info>
+# Contributor: bill-auger <bill-auger@programmer.net>
+# Contributor: evr <evanroman at gmail>
+# Contributor: Muhammad 'MJ' Jassim <UnbreakableMJ@gmail.com>
+
+# Rational for inclusion in [libre]:
+# - Modify the addons pages to use GNU IceCat plugins sources, rather
+# than addons.mozilla.org, which hosts non-free addons.
+# - Disable EME, which is implemented via the non-free libWideVine
+# CDM.
+#
+# The above changes cause us to run afoul of the Firefox trademark
+# policy[1], so making those changes also requires us to:
+# - Rebrand to Iceweasel
+#
+# While we're at it, while not strictly nescessary for FSDG
+# compliance:
+# - Remove Google API keys and usage
+# - Disable Mozilla telemetry and crash reporting (good manners
+# because of all of the other patching we're doing
+#
+# [1]: https://www.mozilla.org/en-US/foundation/trademarks/policy/
+
+pkgname=iceweasel
+replaces=('firefox')
+epoch=1
+pkgver=61.0.2
+pkgrel=1
+pkgrel+=.parabola4
+pkgdesc="Libre standalone web browser based on Mozilla Firefox"
+arch=(x86_64)
+arch+=(i686 armv7h)
+license=(MPL GPL LGPL)
+url="https://wiki.parabola.nu/$pkgname"
+depends=(gtk3 mozilla-common libxt startup-notification mime-types dbus-glib ffmpeg
+ nss hunspell-en_US sqlite ttf-font libpulse libvpx icu)
+makedepends=(unzip zip diffutils python2 yasm mesa imake gconf inetutils xorg-server-xvfb
+ autoconf2.13 rust mercurial clang llvm jack gtk2 python)
+optdepends=('networkmanager: Location detection via available WiFi networks'
+ 'libnotify: Notification integration'
+ 'pulseaudio: Audio support'
+ 'speech-dispatcher: Text-to-Speech')
+options=(!emptydirs !makeflags !strip)
+_repo=https://hg.mozilla.org/mozilla-unified
+source=("hg+$_repo#tag=FIREFOX_${pkgver//./_}_RELEASE"
+ $pkgname.desktop)
+sha256sums=('SKIP'
+ 'ed350ef2f528b999a621f7080fa80948be6b351e67ce32529fb32bcf47bb21fa'
+ 'dabd5a0b8023e8ca13f6ae5fcb9e6c29531fc952bc781b4aa25c8a598187768e'
+ 'SKIP'
+ 'f2ebd5054b81a0f0f642b523a545145bdd5939e70b79c8129415cd1646cc6d74'
+ '070f9e1a8513ab66903f2f19d6fa9d13c9a2d975921a21821a6e76cd8fec53c6'
+ 'b695926b8a1f9560f0e11e0bad2ef42df6152d4f16f95af1027bc12c487c1ede')
+
+# Branding
+_brandingver=$(cut -d. -f1,2<<<"$pkgver")
+_brandingrel=1
+makedepends+=(mozilla-searchplugins quilt libxslt imagemagick)
+source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}-${_brandingrel}.branding.tar.xz{,.sig}
+ 0001-branding-Fix-for-v60-v61.patch
+ 0002-Fix-triplet-two-parts.patch
+ libre.patch)
+validpgpkeys+=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin
+
+prepare() {
+ cd mozilla-unified
+
+ cat >.mozconfig <<END
+ac_add_options --enable-application=browser
+
+ac_add_options --prefix=/usr
+ac_add_options --enable-release
+ac_add_options --enable-linker=gold
+ac_add_options --enable-hardening
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+
+# Branding
+ac_add_options --disable-official-branding
+ac_add_options --with-branding=browser/branding/iceweasel
+ac_add_options --enable-update-channel=release
+ac_add_options --with-distribution-id=nu.parabola
+
+# System libraries
+ac_add_options --with-system-zlib
+ac_add_options --with-system-bz2
+ac_add_options --with-system-icu
+ac_add_options --with-system-jpeg
+ac_add_options --with-system-libvpx
+ac_add_options --with-system-nspr
+ac_add_options --with-system-nss
+ac_add_options --enable-system-sqlite
+ac_add_options --enable-system-ffi
+
+# Features
+ac_add_options --enable-alsa
+ac_add_options --enable-jack
+ac_add_options --enable-startup-notification
+ac_add_options --disable-crashreporter
+ac_add_options --disable-updater
+ac_add_options --disable-eme
+END
+
+ if [[ $CARCH = arm* ]]; then
+ sed -i '/--enable-linker=gold/d' .mozconfig
+ cat >> .mozconfig <<- END
+ ac_add_options --enable-optimize="-g -O2 -fno-schedule-insns"
+ END
+ fi # end [[ $CARCH = arm* ]]
+
+ patch -Np1 -i "$srcdir/0002-Fix-triplet-two-parts.patch"
+
+ ## Rebranding
+ local brandingdir="$srcdir/$pkgname-$_brandingver"
+ pushd "$brandingdir"
+ patch -Np1 -i "$srcdir/0001-branding-Fix-for-v60-v61.patch"
+ popd
+ # file dump
+ rm -rf -- browser/branding/$pkgname
+ cp -aT -- $brandingdir/branding browser/branding/$pkgname
+ # patching
+ rm -rf .pc
+ export QUILT_PATCHES=$brandingdir/patches
+ export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+ export QUILT_DIFF_ARGS='--no-timestamps'
+ quilt push -av
+ # Put "Start Page" branding images in the source code
+ install -m644 -t browser/base/content/abouthome -- \
+ "$brandingdir/branding"/{drm-free,gnu_headshadow,parabola-banner}.png
+ install -m644 -t browser/extensions/onboarding/content/img -- \
+ "$brandingdir/branding/watermark.svg"
+ # produce icons
+ for i in 16 22 24 32 48 64 128 192 256 384; do
+ rsvg-convert -w $i -h $i "$brandingdir/branding/${pkgname}_icon.svg" \
+ -o "browser/branding/iceweasel/default$i.png"
+ done
+
+ # Remove remaining non-free bits
+ patch -Np1 -i "$srcdir/libre.patch"
+ sed -i 's/Adobe Flash/SWF Player/g' -- \
+ browser/base/content/pageinfo/permissions.js \
+ browser/base/content/browser-plugins.js
+ sed -e '/"displayName": "Flash"/ s/Flash/SWF Player/' \
+ -e '/"displayName": "Shockwave"/ s/Shockwave/DCR Player/' \
+ -e '/"displayName": "QuickTime"/ s/QuickTime/MOV Player/' \
+ -e '/installLinux/ s/true/false/' \
+ -i -- browser/base/content/browser-plugins.js
+ # re-use 'abouthome' page for 'newtab' page
+ install -d browser/base/content/newtab
+ cat browser/base/content/abouthome/aboutHome.xhtml > browser/base/content/newtab/newTab.xhtml
+ # Load our searchplugins
+ rm -rf -- browser/locales/searchplugins
+ cp -aT -- /usr/lib/mozilla/searchplugins browser/locales/searchplugins
+ # Disable various components at the source level
+ sed -i 's/;1/;0/' toolkit/components/telemetry/TelemetryStartup.manifest
+ #sed -i 's/;1/;0/' browser/experiments/Experiments.manifest
+ sed -i '/pocket/d' browser/extensions/moz.build
+ sed -i '/activity-stream/d' browser/extensions/moz.build
+}
+
+build() {
+ cd mozilla-unified
+
+ export MOZ_SOURCE_REPO="$_repo"
+
+ ./mach build
+ ./mach buildsymbols
+}
+
+package() {
+ local _icu_ver
+ _icu_ver=$(pacman -S --print-format='%v' icu)
+ depends+=("icu>=${_icu_ver}" "icu<$((${_icu_ver%%.*} + 1))")
+
+ cd mozilla-unified
+ DESTDIR="$pkgdir" ./mach install
+ find . -name '*crashreporter-symbols-full.zip' -exec cp -fvt "$startdir" {} +
+
+ _vendorjs="$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js"
+ install -Dm644 /dev/stdin "$_vendorjs" <<END
+// Use LANG environment variable to choose locale
+pref("intl.locale.requested", "");
+
+// Use system-provided dictionaries
+pref("spellchecker.dictionary_path", "/usr/share/hunspell");
+
+// Disable default browser checking.
+pref("browser.shell.checkDefaultBrowser", false);
+
+// Don't disable our bundled extensions in the application directory
+pref("extensions.autoDisableScopes", 11);
+pref("extensions.shownSelectionUI", true);
+END
+
+ # Parabola additions to vendor.js
+ #
+ # TODO: Go through this and figure out what's nescessary, remove
+ # most of it. This is mostly cargo-cult BS. For example, disabling
+ # all the EME stuff... that's already off because of `--disable-eme`
+ # in `.mozconfig`. Some of these settings no longer exist. Some of
+ # these settings don't do anything on GNU/Linux.
+ #
+ # However, they don't seem to be causing any of the critical issues.
+ local _shortver=$(cut -d. -f1,2 <<<"$pkgver")
+ cat >> "$_vendorjs" <<END
+// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
+pref("ui.key.menuAccessKeyFocuses", false);
+
+// Disable the GeoLocation API for content
+pref("geo.enabled", false);
+
+// Make sure that the request URL of the GeoLocation backend is empty
+pref("geo.wifi.uri", "");
+
+// Disable Freedom Violating DRM Feature
+pref("browser.eme.ui.enabled", false);
+// EME
+pref("media.eme.enabled", false);
+pref("media.eme.apiVisible", false);
+
+// Google Widevine DRM
+// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/
+// https://wiki.mozilla.org/QA/Widevine_CDM
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580
+pref("media.gmp-widevinecdm.visible", false);
+pref("media.gmp-widevinecdm.enabled", false);
+pref("media.gmp-widevinecdm.autoupdate", false);
+
+// Default to classic view for about:newtab
+pref("browser.newtabpage.enhanced", false);
+pref("browser.newtabpage.activity-stream.enabled", false);
+
+// Poodle attack
+pref("security.tls.version.min", 1);
+
+// Don't call home for blacklisting
+pref("extensions.blocklist.enabled", false);
+
+// Disable plugin installer
+pref("plugins.hide_infobar_for_missing_plugin", true);
+pref("plugins.hide_infobar_for_outdated_plugin", true);
+pref("plugins.notifyMissingFlash", false);
+
+//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource
+//pref("media.mediasource.enabled",true);
+
+// Speeding it up
+pref("network.http.pipelining", true);
+pref("network.http.proxy.pipelining", true);
+pref("network.http.pipelining.maxrequests", 10);
+pref("nglayout.initialpaint.delay", 0);
+
+// Disable third party cookies
+pref("network.cookie.cookieBehavior", 1);
+
+// Prevent EULA dialog to popup on first run
+pref("browser.EULA.override", true);
+
+// Set useragent to Firefox compatible
+//pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:$_shortver) Gecko/20100101 Firefox/$_shortver");
+pref("general.appname.override", "Netscape");
+pref("general.appversion.override", "$_shortver");
+pref("general.buildID.override", "Gecko/20100101");
+pref("general.oscpu.override", "Windows NT 6.1");
+pref("general.platform.override", "Win32");
+
+// Privacy & Freedom Issues
+// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/
+// https://panopticlick.eff.org
+// http://ip-check.info
+// http://browserspy.dk
+// https://wiki.mozilla.org/Fingerprinting
+// http://www.browserleaks.com
+// http://fingerprint.pet-portal.eu
+pref("privacy.donottrackheader.enabled", true);
+pref("privacy.donottrackheader.value", 1);
+pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+
+// CIS 2.1.1 Disable Auto Update / Balrog
+pref("app.update.auto", false);
+pref("app.update.checkInstallTime", false);
+pref("app.update.enabled", false);
+pref("app.update.staging.enabled", false);
+pref("app.update.url", "about:blank");
+pref("media.gmp-manager.certs.1.commonName", "");
+pref("media.gmp-manager.certs.2.commonName", "");
+// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
+pref("media.gmp-manager.url", "http://127.0.0.1/");
+pref("media.gmp-manager.url.override", "data:text/plain,");
+pref("media.gmp-provider.enabled", false);
+// Don't install openh264 codec
+pref("media.gmp-gmpopenh264.enabled", false);
+pref("media.gmp-eme-adobe.enabled", false);
+pref("media.peerconnection.video.h264_enabled", false);
+
+// CIS 2.3.4 Block Reported Web Forgeries
+// http://kb.mozillazine.org/Browser.safebrowsing.enabled
+// http://kb.mozillazine.org/Safe_browsing
+// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
+// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
+pref("browser.safebrowsing.enabled", false);
+
+// CIS 2.3.5 Block Reported Attack Sites
+// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
+pref("browser.safebrowsing.malware.enabled", false);
+
+// Disable safe browsing remote lookups for downloaded files.
+// This leaks information to google.
+// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
+// https://wiki.mozilla.org/Security/Application_Reputation
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.appRepURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
+pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.url", "about:blank");
+pref("browser.safebrowsing.provider.google.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google.lists", "about:blank");
+
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
+pref("browser.safebrowsing.phishing.enabled", false);
+pref("browser.safebrowsing.provider.google4.lists", "about:blank");
+pref("browser.safebrowsing.provider.google4.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.reportURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.lists", "about:blank");
+
+// Disable Microsoft Family Safety MiTM support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
+// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
+// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
+pref("security.family_safety.mode", 0);
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113
+// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883
+pref("security.enterprise_roots.enabled", false);
+
+//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
+pref("social.enabled", false);
+pref("social.remote-install.enabled", false);
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
+pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
+pref("healthreport.uploadEnabled", false);
+pref("social.toast-notifications.enabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+pref("datareporting.healthreport.service.enabled", false);
+pref("browser.slowStartup.notificationDisabled", true);
+pref("network.http.sendRefererHeader", 2);
+//pref("network.http.referer.spoofSource", true);
+//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
+//pref("dom.storage.enabled", false);
+pref("dom.event.clipboardevents.enabled",false);
+pref("network.prefetch-next", false);
+pref("network.dns.disablePrefetch", true);
+pref("network.http.sendSecureXSiteReferrer", false);
+pref("toolkit.telemetry.archive.enabled", false);
+pref("toolkit.telemetry.bhrPing.enabled", false);
+pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.unified", false);
+pref("toolkit.telemetry.newProfilePing.enabled", false);
+pref("toolkit.telemetry.firstShutdownPing.enabled", false);
+pref("toolkit.telemetry.server", "127.0.0.1");
+pref("app.shield.optoutstudies.enabled", false);
+pref("experiments.enabled", false);
+pref("experiments.manifest.uri", "127.0.0.1");
+pref("extensions.pocket.enabled", false);
+pref("extensions.pocket.api", "127.0.0.1");
+// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
+pref("plugins.enumerable_names", "");
+pref("plugin.state.flash", 0);
+// Do not autoupdate search engines
+pref("browser.search.update", false);
+// Warn when the page tries to redirect or refresh
+//pref("accessibility.blockautorefresh", true);
+pref("dom.battery.enabled", false);
+pref("device.sensors.enabled", false);
+pref("camera.control.face_detection.enabled", false);
+pref("camera.control.autofocus_moving_callback.enabled", false);
+pref("network.http.speculative-parallel-limit", 0);
+// No search suggestions
+pref("browser.urlbar.userMadeSearchSuggestionsChoice", true);
+pref("browser.search.suggest.enabled", false);
+
+// Crypto hardening
+// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
+// General settings
+//pref("security.tls.unrestricted_rc4_fallback", false);
+//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+//pref("security.tls.version.min", 1);
+//pref("security.ssl.require_safe_negotiation", true);
+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+//pref("security.ssl3.rsa_seed_sha", true);
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
+
+
+// WebRTC
+pref("media.peerconnection.enabled", false);
+pref("media.peerconnection.ice.default_address_only", true);
+
+pref("font.default.x-western", "sans-serif");
+
+// Preferences for the Get Add-ons panel and search engines
+pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("browser.search.searchEnginesURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+
+// Mobile
+pref("privacy.announcements.enabled", false);
+pref("browser.snippets.enabled", false);
+pref("browser.snippets.syncPromo.enabled", false);
+pref("identity.mobilepromo.android", "https://f-droid.org/repository/browse/?fdid=org.gnu.icecat&");
+pref("browser.snippets.geoUrl", "http://127.0.0.1/");
+pref("browser.snippets.updateUrl", "http://127.0.0.1/");
+pref("browser.snippets.statsUrl", "http://127.0.0.1/");
+pref("datareporting.policy.firstRunTime", 0);
+pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
+pref("browser.webapps.checkForUpdates", 0);
+pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/");
+pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
+
+// PFS url
+pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+
+// Geolocation depends on third party services
+pref("geo.enabled", false);
+pref("geo.wifi.uri", "");
+
+// Disable heartbeat
+pref("browser.selfsupport.url", "");
+
+// Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
+pref("browser.apps.URL", "");
+
+// Use old style preferences, that allow javascript to be disabled
+pref("browser.preferences.inContent",false);
+
+// Don't download ads for the newtab page
+pref("browser.newtabpage.directory.source", "");
+pref("browser.newtabpage.directory.ping", "");
+pref("browser.newtabpage.introShown", true);
+
+// Disable home snippets
+pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
+
+// Disable hardware acceleration and WebGL
+//pref("layers.acceleration.disabled", false);
+pref("webgl.disabled", false);
+
+// Disable SSDP
+pref("browser.casting.enabled", false);
+
+// Disable directory service
+pref("social.directories", "");
+pref("social.whitelist", "");
+pref("social.shareDirectory", "");
+
+// Disable Pocket integration
+pref("browser.pocket.api", "about:blank");
+pref("browser.pocket.enabled", false);
+pref("browser.pocket.enabledLocales", "about:blank");
+pref("browser.pocket.oAuthConsumerKey", "about:blank");
+pref("browser.pocket.site", "about:blank");
+pref("browser.pocket.useLocaleList", false);
+pref("extensions.pocket.enabled", false);
+
+// Do not require xpi extensions to be signed by Mozilla
+pref("xpinstall.signatures.required", false);
+
+// Disable File and Directory Entries API (Imported from Edge/Chromium)
+// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767
+pref("dom.webkitBlink.filesystem.enabled", false);
+// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
+// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
+pref("dom.webkitBlink.dirPicker.enabled", false);
+
+// Directory Upload API, webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
+// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
+// https://wicg.github.io/directory-upload/proposal.html
+pref("dom.input.dirpicker", false);
+
+// fix alsa sound sandbox issue for iceweasel-58
+// https://labs.parabola.nu/issues/1628
+pref("security.sandbox.content.syscall_whitelist", "16");
+END
+
+ _distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini"
+ install -Dm644 /dev/stdin "$_distini" <<END
+[Global]
+id=parabola
+version=1.0
+about=Parabola Iceweasel for Parabola GNU/Linux-libre
+
+[Preferences]
+app.distributor=parabola
+app.distributor.channel=$pkgname
+app.partner.parabola=parabola
+END
+
+ for i in 16 22 24 32 48 64 128 192 256 384; do
+ install -Dm644 browser/branding/$pkgname/default$i.png \
+ "$pkgdir/usr/share/icons/hicolor/${i}x${i}/apps/$pkgname.png"
+ done
+ install -Dm644 "browser/branding/$pkgname/${pkgname}_icon.svg" \
+ "$pkgdir/usr/share/icons/hicolor/scalable/apps/$pkgname.svg"
+
+ install -Dm644 ../$pkgname.desktop \
+ "$pkgdir/usr/share/applications/$pkgname.desktop"
+
+ # Install a wrapper to avoid confusion about binary path
+ install -Dm755 /dev/stdin "$pkgdir/usr/bin/$pkgname" <<END
+#!/bin/sh
+exec /usr/lib/$pkgname/$pkgname "\$@"
+END
+
+ # Replace duplicate binary with wrapper
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=658850
+ ln -srf "$pkgdir/usr/bin/$pkgname" \
+ "$pkgdir/usr/lib/$pkgname/$pkgname-bin"
+}