# Maintainer (arch): Jan Alexander Steffens (heftig) <heftig@archlinux.org>
# Contributor: Ionut Biru <ibiru@archlinux.org>
# Contributor: Jakub Schmidtke <sjakub@gmail.com>
# Contributor: Henry Jensen <hjensen@connochaetos.org>
# Maintainer (archarm): Kevin Mihelich <kevin@archlinuxarm.org>
# Maintainer (arch32): Andreas Baumann <mail@andreasbaumann.cc>
# Contributor: Erich Eckner <git@eckner.net>
# Contributor: Andreas Grapentin <andreas@grapentin.org>
# Contributor: Luke Shumaker <lukeshu@parabola.nu>
# Contributor: André Silva <emulatorman@hyperbola.info>
# Contributor: Márcio Silva <coadde@hyperbola.info>
# Contributor: fauno <fauno@kiwwwi.com.ar>
# Contributor: vando <facundo@esdebian.org>
# Contributor: Figue <ffigue at gmail>
# Contributor: evr <evanroman at gmail>
# Contributor: Muhammad 'MJ' Jassim <UnbreakableMJ@gmail.com>
# Contributor: taro-k <taro-k@movasense_com>
# Contributor: Michał Masłowski <mtjm@mtjm.eu>
# Contributor: Luke R. <g4jc@openmailbox.org>
# Contributor: Isaac David <isacdaavid@isacdaavid.info>
# Contributor: bill-auger <bill-auger@programmer.net>
# Contributor: grizzlyuser <grizzlyuser@protonmail.com>


# parabola changes and rationale
# FSDG:
#  - Modify the addons pages to use GNU IceCat plugins sources, rather
#    than addons.mozilla.org, which hosts non-free addons
#  - Disable EME, which is implemented via the non-free libWideVine CDM
#  - Disable Normandy that let Mozilla push messages with recommendations
#    of nonfree software
#  - Make Remote Settings work completely offline using local data
#
# technical:
#  - build i686 with GCC instead of clang
#  - disable rust-SIMD, LTO, PGO, and skip profiling build for armv7h and i686
#  - allow skipping profiling build for x86_64 (_x86_64_skip_pgo)
#  - prefer as many system libs as possible, over their vendored couterparts
#  - Rebrand to Iceweasel, per the mozilla trademark policy, due to the FSDG changes
#  - set user profile directory to ~/.mozilla/iceweasel
#
# privacy:
#  - Remove Google API keys and usage
#  - Disable Mozilla telemetry and crash reporting
#    (good manners because of all of the other patching we're doing)
#  - do not compile/upload remote debug symbols


# NOTE: This PKGBUILD is kept in-sync with arch{,arm,32}, as closely as possible,
#       for the sake of documentation and cleaner diffs.
#       That also helps to identify which changes were made by Parabola vs upstream.
#       Therefore, this PKGBUILD may declare blacklisted dependencies, non-free sources,
#       or include code for anti-features; but those will be filtered-out subsequently.
#       Any code which implements an anti-feature should be commented-out;
#       and include an 'anti-feature' comment, for clarity.
#       Any blacklisted dependencies and non-free sources should be filtered.
#       Without those over-rides, the resulting program may not be FSDG-fit.
#       Do not circumvent those over-rides, if compiling for the Parabola repos.


pkgname=iceweasel
epoch=1
pkgver=103.0
pkgrel=1
pkgrel+=.parabola1
_brandingver=102.0-1
pkgdesc="Standalone web browser derived from Mozilla Firefox"
arch=(x86_64)
arch+=(armv7h i686)
license=(MPL GPL LGPL)
url="https://wiki.parabola.nu/Iceweasel"
depends=(gtk3 libxt mime-types dbus-glib ffmpeg nss ttf-font libpulse)
makedepends=(unzip zip diffutils yasm mesa imake inetutils xorg-server-xvfb
             autoconf2.13 rust clang llvm jack nodejs cbindgen nasm
             python-setuptools python-zstandard lld dump_syms
             wasi-compiler-rt wasi-libc wasi-libc++ wasi-libc++abi)
makedepends+=(quilt libxslt imagemagick git jq python-jsonschema)
[[ "${CARCH}" == 'armv7h' ]] && makedepends=( ${makedepends[*]/wasi*/} ) # armv7h has no wasi compiler
[[ "${CARCH}" == 'i686'   ]] && makedepends=( ${makedepends[*]/wasi-compiler-rt/wasi-compiler-rt=13.0.1-1.0} ) # dustbin
[[ "${CARCH}" == 'i686'   ]] && makedepends=( ${makedepends[*]/wasi-libc++*/}                                )
[[ "${CARCH}" == 'i686'   ]] && makedepends+=( wasi-libc++=13.0.1-1.0 wasi-libc++abi=13.0.1-1.0              ) # dustbin
optdepends=('networkmanager: Location detection via available WiFi networks'
            'libnotify: Notification integration'
            'pulseaudio: Audio support'
            'speech-dispatcher: Text-to-Speech'
            'hunspell-en_US: Spell checking, American English'
            'xdg-desktop-portal: Screensharing with Wayland')
replaces=('firefox')
options=(!emptydirs !makeflags !strip !lto !debug)
source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz{,.asc}
        zstandard-0.18.0.diff
        $pkgname.desktop identity-icons-brand.svg)
source=(${source[*]/identity-icons-brand.svg/})
source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}.branding.tar.xz{,.sig}
         9001-FSDG-sync-remote-settings-with-local-dump.patch
         9002-FSDG-preference-defaults.patch
         9003-FSDG-urihandlers.patch
         9004-FSDG-misc.patch
         process-json-files.py
         vendor.js.in)
source_armv7h=(build-arm-libopus.patch)
source_i686=('avoid-libxul-OOM-python-check.patch'
             'rust-static-disable-network-test-on-static-libraries.patch'
             'firefox-99.0.1-fdlibm-double.patch')
sha256sums=('acc41d050560db4c4177ea86e2d00e47d74229041fea4c02c0e9e87e64093773'
            'SKIP'
            'a6857ad2f2e2091c6c4fdcde21a59fbeb0138914c0e126df64b50a5af5ff63be'
            '9cdc2602661717712092d28bb494e5b48e518cb930898aca85eaf21f91f7ef58')
sha256sums+=('d29c194ed7b3b4fa0f511866723118938c2be40077b4e9aadf8b3e6bfff91049'
             'SKIP'
             '1c385fa5b2e2dd1cb7404c2d101de499a6b4b1324ddc051c5fb94aea6c24b42a'
             'a2c71759290dd48c87bf8aacb681040dcaefdabe0d57317de361d2d2d509664b'
             'e192458a2a9878483984e1400bb3c66df369adfbf6f144b90445f80973c32ed1'
             '2697d54f827a493f7d74b8b8b01a10c70fd286a02924faae0d09c5f432a841a8'
             '6a0250c20a6f4cbf0ff1320c194342fe691ece56959d87de41be8f82a8feca65'
             'c93ce98e1cb64033079343ff1f3037fab6a3bc6d3eb5bc14c5edb70e2d45965d')
sha256sums_armv7h=('2d4d91f7e35d0860225084e37ec320ca6cae669f6c9c8fe7735cdbd542e3a7c9')
sha256sums_i686=('2f0c81a38c4578f68f5456b618fe84a78974072821488173eb55e0e72287e353'
                 '10c5276eab2e87f400a6ec15d7ffbef3b0407ee888dea36f1128927ca55b9041'
                 '62695e56daf8c0b8bb921980d475b3fd169b9134188ad9ffaeb9cd660589c23d')
validpgpkeys=('14F26682D0916CDD81E37B6D61B7B526D98F0353') # Mozilla Software Releases <release@mozilla.com>
validpgpkeys+=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin
validpgpkeys+=('3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40') # bill-auger

# Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)  # anti-feature
# Note: These are for Arch Linux use ONLY. For your own distribution, please # anti-feature
# get your own set of keys. Feel free to contact foutrelis@archlinux.org for # anti-feature
# more information.                                                          # anti-feature
# _google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM                    # anti-feature

# Mozilla API keys (see https://location.services.mozilla.com/api)           # anti-feature
# Note: These are for Arch Linux use ONLY. For your own distribution, please # anti-feature
# get your own set of keys. Feel free to contact heftig@archlinux.org for    # anti-feature
# more information.                                                          # anti-feature
# _mozilla_api_key=e05d56db0a694edc8b5aaebda3f2db6a                          # anti-feature


# disable PGO for 32-bit arches
_should_skip_pgo=0 # for x86_64 (try '1' if the build hangs indefinitely)
[[ "${CARCH}" != 'armv7h' && "${CARCH}" != 'i686' ]] || _should_skip_pgo=1


## helpers ##

_check_build_config() {
  pushd "${srcdir}"/firefox-${pkgver} > /dev/null

  echo "Checking build configuration..."

  # Each of the [ARCH-SPECIFIC CONFIG] branches in prepare(), should have prepared a
  # $srcdir/mozconfig file with any arch-specific changes to the Arch x86_64 PKGBUILD.
  # Finally, that file should have been copied to $srcdir/firefox-$pkgver/.mozconfig
  grep '^ac_add_options --with-distribution-id=nu.parabola' .mozconfig || \
  ! echo "cannot continue without a .mozconfig file"                   || return 1

  if   [[ "${CARCH}" != 'armv7h' ]] # armv7h has no --disable-eme option
  then grep '^ac_add_options --disable-eme' .mozconfig                || \
       ! echo ".mozconfig file was not properly treated per the FSDG" || return 1
  fi

  # Configure produces mozinfo.json that reflects current configuration.
  # See build/docs/mozinfo.rst
  ./mach configure

  # In this test, jq collects values of the following keys of mozinfo.json into array,
  # and checks if any of them are not equal to false, in which case it returns "true".
  # E.g. if the value of any key is true or null (in case the key is missing from mozinfo.json),
  # that means the build configuration has to be reworked.
  local obj_directory=$(./mach environment | sed -En '/object directory:/{n;s/^\s+//;p;}')
  local antifeature_keys=(.crashreporter .datareporting .healthreport .normandy .telemetry .updater)
  local antifeatures=()
  echo "obj_directory is: ${obj_directory}"
  for key in ${antifeature_keys[@]}
  do  jq -e "${key} != false" "${obj_directory}"/mozinfo.json && antifeatures+=(${key})
  done
  if   (( ${#antifeatures[@]} ))
  then echo "Some anti-features are not disabled in build configuration files, aborting:"
       for key in ${antifeatures[@]} ; do echo " - ${key} is enabled" ; done ;
       return 1
  fi

  popd > /dev/null
}

_check_patching() {
  pushd "${srcdir}"/firefox-${pkgver} > /dev/null

  # URI protocol handlers
  local uri_handlers=uriloader/exthandler/HandlerList.jsm
  local webmails='google|yahoo'
  grep   'name:'          $uri_handlers | grep    '"KiwiIRC",' &> /dev/null && \
  ! grep 'name:'          $uri_handlers | grep -v '"KiwiIRC",' &> /dev/null && \
  ! grep -E "($webmails)" $uri_handlers                        &> /dev/null || \
  ! echo "9003-FSDG-misc.patch needs reworking"                             || \
  return 1

  # Remote Settings
  local settings_server='firefox.settings.services.mozilla.com'
  ! grep -qr $settings_server &> /dev/null                                      || \
  ! echo '9001-FSDG-sync-remote-settings-with-local-dump.patch needs reworking' || \
  return 1

  popd > /dev/null
}


## business ##

prepare() {
  mkdir mozbuild
  cd firefox-$pkgver

  # Unbreak build with python-zstandard 0.18.0
  patch -Np1 -i ../zstandard-0.18.0.diff

  # echo -n "$_google_api_key" >google-api-key   # anti-feature
  # echo -n "$_mozilla_api_key" >mozilla-api-key # anti-feature

  cat >../mozconfig <<END
ac_add_options --enable-application=browser
mk_add_options MOZ_OBJDIR=${PWD@Q}/obj

ac_add_options --prefix=/usr
ac_add_options --enable-release
ac_add_options --enable-hardening
ac_add_options --enable-optimize
ac_add_options --enable-rust-simd
ac_add_options --enable-linker=lld
ac_add_options --disable-elf-hack
ac_add_options --disable-bootstrap
ac_add_options --with-wasi-sysroot=/usr/share/wasi-sysroot

# Branding
ac_add_options --disable-official-branding                 # branding over-ride
ac_add_options --enable-update-channel=release
ac_add_options --with-distribution-id=nu.parabola          # branding over-ride
ac_add_options --with-branding=browser/branding/${pkgname} # branding over-ride
ac_add_options --with-app-name=${pkgname}                  # branding over-ride
ac_add_options --with-app-basename=${pkgname}              # branding over-ride
ac_add_options --with-unsigned-addon-scopes=app,system
ac_add_options --allow-addon-sideload
# export MOZILLA_OFFICIAL=1                                # branding over-ride
export MOZ_APP_REMOTINGNAME=${pkgname//-/}
export MOZ_TELEMETRY_REPORTING=
export MOZ_REQUIRE_SIGNING=

# Keys
# ac_add_options --with-google-location-service-api-keyfile=${PWD@Q}/google-api-key # anti-feature
# ac_add_options --with-google-safebrowsing-api-keyfile=${PWD@Q}/google-api-key     # anti-feature
# ac_add_options --with-mozilla-api-keyfile=${PWD@Q}/mozilla-api-key                # anti-feature

# System libraries
ac_add_options --with-system-nspr
ac_add_options --with-system-nss

# Features
ac_add_options --enable-alsa
ac_add_options --enable-jack
ac_add_options --disable-crashreporter # anti-feature
ac_add_options --disable-updater
ac_add_options --disable-tests
ac_add_options --disable-eme
END


  ## [ARCH-SPECIFIC CONFIG] ##

  case ${CARCH} in
    armv7h)

      # archarm has these changes in-line above
      sed -i '
        /--enable-hardening/d
        /--enable-optimize/d
        /--enable-rust-simd/d
        s|--with-wasi-sysroot=/usr/share/wasi-sysroot|--without-wasm-sandboxed-libraries|
      ' ../mozconfig

      echo "ac_add_options --disable-elf-hack" >> .mozconfig
      # https://bugzilla.redhat.com/show_bug.cgi?id=1641623
      echo "ac_add_options --disable-av1" >> .mozconfig
      # reduce jobs due to RAM constraints
      MAKEFLAGS="-j4"
      #MAKEFLAGS="-j1"
      # disable hard-coded LTO
      sed -i '/cargo_rustc_flags += -Clto/d' config/makefiles/rust.mk
      sed -i '/RUSTFLAGS += -Cembed-bitcode=yes/d' config/makefiles/rust.mk
      # increase codegen-units due to RAM constraints
      sed -i 's/codegen-units=1/codegen-units=16/' config/makefiles/rust.mk
      # webrtc on ARMv7 implies android, so disable it
      echo "ac_add_options --disable-webrtc" >> .mozconfig

      echo 'ac_add_options --enable-optimize="-g0 -O2"' >> .mozconfig
      echo "mk_add_options MOZ_MAKE_FLAGS=\"${MAKEFLAGS}\"" >> .mozconfig

      # export statements are under the '[ARCH-SPECIFIC BUILD ENV]' section

      patch -p1 -i ../build-arm-libopus.patch

      # mozbuild.configure.options.InvalidOptionError: --disable-eme is not available in this configuration
      # EME is disabled anyway in the built package, but better check if it exists for ARM each new release.
      sed -i 's|ac_add_options --disable-eme||' ../mozconfig

      # for consistency across arches, we actually want .mozconfig to be ../mozconfig
      # we allowed .mozconfig to be written, only to minimize the diff against archarm
      # ${srcdir}/mozconfig will clobber firefox-$pkgver/.mozconfig later, in build()
      cat .mozconfig >> ../mozconfig
    ;;
    i686)
      export MOZ_SOURCE_CHANGESET="DEVEDITION_${pkgver//./_}_RELEASE"

      # disable LTO as it has little benefit and uses too many resources
      # don't compile with clang, use gcc toolchain (clang has issues on IA32)
      # disable SIMD (SSE2 for i686)
      # set correct compiler and toochain tools
      cat >>../mozconfig <<END
ac_add_options --disable-linker=lld
ac_add_options --enable-linker=bfd
ac_add_options --disable-lto
ac_add_options --disable-rust-simd
ac_add_options --enable-strip
ac_add_options --disable-debug
ac_add_options --disable-debug-symbols
export CC=gcc
export CXX=g++
export AR=gcc-ar
export NM=gcc-nm
export RANLIB=gcc-ranlib
export STRIP=strip
END

      # readelf: Error: Unable to seek to 0x801db328 for section headers
      echo "applying avoid-libxul-OOM-python-check.patch"
      patch -p1 -i ../avoid-libxul-OOM-python-check.patch

      # test failure in rust code (complaining about network functions) when PGO is used,
      # see https://bugzilla.mozilla.org/show_bug.cgi?id=1565757
      echo "applying rust-static-disable-network-test-on-static-libraries.patch"
      patch -p1 -i ../rust-static-disable-network-test-on-static-libraries.patch

      # FIXME: this patch is probably temporary - it comes from mozilla
      #          https://bugzilla.mozilla.org/show_bug.cgi?id=1729459
      #        /build/iceweasel/src/firefox-96.0.1/modules/fdlibm/src/math_private.h:34:21:
      #          error: conflicting declaration ‘typedef __double_t double_t’
      #        /usr/include/math.h:156:21: note: previous declaration as ‘typedef long double double_t’
      echo "applying firefox-99.0.1-fdlibm-double.patch"
      patch -p1 -i "$srcdir/firefox-99.0.1-fdlibm-double.patch"
    ;;
    x86_64)
    ;;
    *) echo "no [ARCH-SPECIFIC CONFIG] for arch: ${CARCH}" ; return 1 ;
    ;;
  esac


  ## branding ##

  echo "applying parabola branding"
  local brandingsrcdir="${srcdir}"/${pkgname}-${_brandingver/-*}
  local brandingdestdir="${srcdir}"/firefox-${pkgver}/browser/branding/${pkgname}
  local tippytopdir="${srcdir}"/firefox-${pkgver}/browser/components/newtab/data/content/tippytop
  local blank_svg='<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"></svg>'
  rm -rf -- ${brandingdestdir}
  cp -aT -- ${brandingsrcdir}/branding ${brandingdestdir}

  pushd "${brandingdestdir}" > /dev/null

  # generate icons, logos, banners
  for size in 16 22 24 32 48 64 128 256
  do  rsvg-convert -w ${size} -h ${size}  iceweasel_icon.svg -o default${size}.png
  done
  cp                                      iceweasel_logo.svg    content/aboutlogins.svg
  cp                                      iceweasel_logo.svg    content/about-logo.svg
  rsvg-convert -w 192 --keep-aspect-ratio iceweasel_logo.svg -o content/about-logo.png
  rsvg-convert -w 384 --keep-aspect-ratio iceweasel_logo.svg -o content/about-logo@2x.png
  echo ${blank_svg}                                           > content/blank.svg

  popd > /dev/null

  # custom new tab page
  # FIXME: the newtab page (aka "Start Page") has changed significantly
  #        the new upstream start page ('activity-streams') is an add-on now
  #        it must be forked and customized externally, then copied into the browser tree
  #        see: the branding-dev-build/ dir on the '68.0' branch of the branding git repo
  #        some of the branding components above and commented out below may no longer be used
  #        the following section aims to restore something similar
  #          to the previous parabola-branded "start page"
  #        once it is working well, all of these comments should be removed
  #          and any unused branding components may be deleted from the branding package
  # Put "Start Page" branding images in the source code
  # install -m644 -t browser/base/content/abouthome -- \
  #   "${brandingsrcdir}/branding"/{drm-free,gnu_headshadow,parabola-banner}.png
  # install -m644 -t browser/extensions/onboarding/content/img -- \
  #   "${brandingsrcdir}/branding/watermark.svg"

  # process default Top Sites and their icons
  find ${tippytopdir} -type f      \
       -not -name 'wikipedia-org*' \
       -not -name 'top_sites.json' \
       -exec rm -v {} \;
  for image in "${brandingsrcdir}"/tippytop/*.svg; do
    local outname=$(basename -s .svg "${image}")
    local size=$(identify -format '%wx%h' ${tippytopdir}/images/wikipedia-org@2x.png)
    local background=$( [[ "${outname}" == 'gnu' ]] && echo 'white' || echo 'none' )
    magick -density 300 ${image}                           \
           -gravity center -resize ${size} -extent ${size} \
           "${tippytopdir}/images/${outname}@2x.png"

    size=256x256
    magick -density 300 -background ${background} ${image} \
           -gravity center -resize ${size} -extent ${size} \
           -define icon:auto-resize=64,48,32,16            \
           "${tippytopdir}/favicons/${outname}.ico"
  done

  # apply branding patches
  export QUILT_PATCHES="${brandingsrcdir}"/patches
  export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
  export QUILT_DIFF_ARGS='--no-timestamps'
  export QUILT_PC="${srcdir}"/.pc
  quilt push -av

  # misc branding
  sed -i "s|({ \$bits }-bit)|($CARCH)|" browser/locales/en-US/browser/aboutDialog.ftl


  ## searchengines ##

  pushd browser/components/search/extensions > /dev/null

  # Patch search-engines configs
  sed -i 's|https://duckduckgo.com/|https://html.duckduckgo.com/html/|' ddg/manifest.json

  # Removing URL parameters that let DuckDuckGo know the place in UI
  # the search was ran from (like address bar, context menu, etc.)
  local jq_cmd='del(.chrome_settings_overrides.search_provider.params)'
  jq "${jq_cmd}"           ddg/manifest.json > manifest.json.tmp
  ! diff manifest.json.tmp ddg/manifest.json > /dev/null
  mv manifest.json.tmp     ddg/manifest.json

  # Delete unused search engine configs
  find -mindepth 1 -maxdepth 1 \
       -not -name ddg          \
       -not -name wikipedia    \
       -exec rm -frv {} \;

  popd > /dev/null


  ## libre patching ##

  # Upstream tarball can contain some ignored cruft,
  # including binaries (for example, python3).
  echo 'Removing files specified in .gitignore...'
  git init && git clean -dfX                                                \
    --exclude='!ipc/chromium/src/third_party/libevent/evconfig-private.h'   \
    --exclude='!toolkit/crashreporter/google-breakpad/src/third_party/lss/' \
    --exclude='!third_party/python/**/*.egg-info/'
  rm -rf .git

  # Remove test-related networking dumps, because they contain code from
  # some Amazon webpage with no clear licensing, thus nonfree.
  # Also they interfere with checking of Remote Settings patching done later,
  # because communication with RS server has been captured in them too.
  rm python/mozperftest/mozperftest/system/example.zip
  rm testing/mozbase/mozproxy/tests/files/mitm5-linux-firefox-amazon.zip

  # Disable/neutralize Remote Settings (as best we can)
  echo "applying 9001-FSDG-sync-remote-settings-with-local-dump.patch"
  git apply ../9001-FSDG-sync-remote-settings-with-local-dump.patch

  # Disable various components at the source level
  sed -i 's/;1/;0/' toolkit/components/telemetry/components.conf
  sed -Ei 's/((MOZ_SERVICES_HEALTHREPORT|MOZ_NORMANDY).+)True/\1False/' browser/moz.configure
  #sed -i 's/;1/;0/' browser/experiments/Experiments.manifest
  #sed -i '/pocket/d'          browser/extensions/moz.build
  #sed -i '/activity-stream/d' browser/extensions/moz.build

  python ../process-json-files.py "${srcdir}"/firefox-${pkgver} "${brandingsrcdir}"

  # disable various phone-home/goelocation anti-featires
  echo "applying 9002-FSDG-preference-defaults.patch"
  patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9002-FSDG-preference-defaults.patch

  # over-ride/install default URI protocol handlers
  echo "applying 9003-FSDG-urihandlers.patch"
  patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9003-FSDG-urihandlers.patch

  # Remove remaining non-free bits
  echo "applying 9004-FSDG-misc.patch"
  patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9004-FSDG-misc.patch
  rm toolkit/crashreporter/tools/upload_symbols.py
  rm -frv third_party/rust/winapi-{i686,x86_64}-pc-windows-gnu/**/*.a


  ## patching sanity checks ##

  _check_patching
}

build() {
  cd firefox-$pkgver

  ## build env ##

  export MOZ_NOSPAM=1
  export MOZBUILD_STATE_PATH="$srcdir/mozbuild"
  # export MOZ_ENABLE_FULL_SYMBOLS=1            # anti-feature
  export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system

  # LTO needs more open files
  ulimit -n 4096


  ## [ARCH-SPECIFIC BUILD ENV] ##

  case ${CARCH} in
    armv7h)
      export MOZ_DEBUG_FLAGS=" "
      export CFLAGS+=" -g0"
      export CXXFLAGS+=" -g0"
      export LDFLAGS+=" -Wl,--no-keep-memory"
      export RUSTFLAGS="-Cdebuginfo=0"
    ;;
    i686)
      # -fno-plt with cross-LTO -> LLVM ERROR: Function Import: link error
      CFLAGS="${CFLAGS/-fno-plt/}"
      CXXFLAGS="${CXXFLAGS/-fno-plt/}"

      # try hard to tell ld and rust not to use too much memory (no lto, no debug info, etc.)
      export RUSTFLAGS+=" -Cdebuginfo=0 -Clto=off"
      export LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"

      # libvpx has some hard-coded compiler flags for MMX, SSE, SSE2, use the correct one
      # per CARCH (75.0 uses an intrisic _mm_empty now, which required the corresponding
      # architecture flag to be preset - before it was merely embedding some assembly
      # code with EMMS
      export CFLAGS+=" -mmmx"
      export CXXFLAGS+=" -mmmx"
    ;;
    x86_64)
    ;;
    *) echo "no [ARCH-SPECIFIC BUILD ENV] for arch: ${CARCH}" ; return 1 ;
    ;;
  esac
  export CFLAGS
  export CXXFLAGS


  ## [ARCH-SPECIFIC BUILD CONFIG] ##

  case ${CARCH} in
    armv7h)
    ;;
    i686)
      # /usr/bin/ld.bfd: error: libxul.so(.debug_info) is too large (0x54c5369a bytes)
      options=( ${options[*]/\!strip/} )

      # avoid excessive debug symbols in rust leading to out-of-memory situations
      sed -i "s/debug_info = '\''2'\''/debug_info = '\''0'\''/" build/moz.configure/toolchain.configure
    ;;
    x86_64)
    ;;
    *) echo "no [ARCH-SPECIFIC BUILD CONFIG] for arch: ${CARCH}" ; return 1 ;
    ;;
  esac


  ## PGO build ##

  if (( $_should_skip_pgo ))
  then
    # skipping "3-tier PGO" "instrumented browser", to avoid OOM problems;
    # so we have the final .mozconfig now
    cp ../mozconfig .mozconfig
  else
    # Do 3-tier PGO
    echo "Building instrumented browser..."
    cat >.mozconfig ../mozconfig - <<END
ac_add_options --enable-profile-generate=cross
END
    _check_build_config
    ./mach build

    echo "Profiling instrumented browser..."
    ./mach package
    LLVM_PROFDATA=llvm-profdata \
      JARLOG_FILE="$PWD/jarlog" \
      xvfb-run -s "-screen 0 1920x1080x24 -nolisten local" \
      ./mach python build/pgo/profileserver.py

    stat -c "Profile data found (%s bytes)" merged.profdata
    test -s merged.profdata

    stat -c "Jar log found (%s bytes)" jarlog
    test -s jarlog

    echo "Removing instrumented browser..."
    ./mach clobber

    cat >.mozconfig ../mozconfig - <<END
ac_add_options --enable-lto=cross
ac_add_options --enable-profile-use=cross
ac_add_options --with-pgo-profile-path=${PWD@Q}/merged.profdata
ac_add_options --with-pgo-jarlog=${PWD@Q}/jarlog
END
  fi # $_should_skip_pgo


  ## sanity checks ##

  _check_build_config


  ## main build ##

  echo "Building optimized browser..."
  ./mach build

  # echo "Building symbol archive..." # anti-feature
  # ./mach buildsymbols               # anti-feature
}

package() {
  cd firefox-$pkgver
  DESTDIR="$pkgdir" ./mach install

  local vendorjs="$pkgdir/usr/lib/$pkgname/browser/defaults/preferences/vendor.js"
  install -Dvm644 /dev/stdin "$vendorjs" <<END
// Use LANG environment variable to choose locale
pref("intl.locale.requested", "");

// Use system-provided dictionaries
pref("spellchecker.dictionary_path", "/usr/share/hunspell");

// Disable default browser checking.
pref("browser.shell.checkDefaultBrowser", false);

// Don't disable extensions in the application directory
pref("extensions.autoDisableScopes", 11);
END

  # Parabola additions to vendor.js
  cat "${srcdir}"/vendor.js.in >> "${vendorjs}"

  local distini="$pkgdir/usr/lib/$pkgname/distribution/distribution.ini"
  install -Dvm644 /dev/stdin "$distini" <<END
[Global]
id=parabola
version=(${_brandingver} branding)
about=Iceweasel for Parabola GNU/Linux-libre
about.en-US=Iceweasel for Parabola GNU/Linux-libre
about.eo=Iceweasel por Parabola GNU/Linux-libre
about.es-ES=Iceweasel para Parabola GNU/Linux-libre
about.gl=Iceweasel para Parabola GNU/Linux-libre
about.pt-BR=Iceweasel para Parabola GNU/Linux-libre

[Preferences]
app.distributor=parabola
app.distributor.channel=$pkgname
app.partner.parabola=parabola
END

  # NOTE: browser/branding/$theme is $brandingdestdir in configure()
  local i theme=$pkgname
  for i in 16 22 24 32 48 64 128 256; do
    install -Dvm644 browser/branding/$theme/default$i.png \
      "$pkgdir/usr/share/icons/hicolor/${i}x${i}/apps/$pkgname.png"
  done
  install -Dvm644 browser/branding/$theme/content/about-logo.png \
    "$pkgdir/usr/share/icons/hicolor/192x192/apps/$pkgname.png"
  install -Dvm644 browser/branding/$theme/content/about-logo@2x.png \
    "$pkgdir/usr/share/icons/hicolor/384x384/apps/$pkgname.png"
  install -Dvm644 browser/branding/$theme/content/about-logo.svg \
    "$pkgdir/usr/share/icons/hicolor/scalable/apps/$pkgname.svg"
  install -Dvm644 browser/branding/$theme/content/blank.svg \
    "$pkgdir/usr/share/icons/hicolor/symbolic/apps/$pkgname-symbolic.svg"

  install -Dvm644 ../$pkgname.desktop \
    "$pkgdir/usr/share/applications/$pkgname.desktop"

  # Install a wrapper to avoid confusion about binary path
  install -Dvm755 /dev/stdin "$pkgdir/usr/bin/$pkgname" <<END
#!/bin/sh
exec /usr/lib/$pkgname/$pkgname "\$@"
END


  ## [ARCH-SPECIFIC INSTALL] ##

  case ${CARCH} in
    armv7h)
    ;;
    i686)
      # libxul.so cannot find it's libraries
      install -dm 755 "${pkgdir}/etc/ld.so.conf.d"
      echo "/usr/lib/${pkgname}" > "${pkgdir}"/etc/ld.so.conf.d/${pkgname}.conf

      # disable stripping in mozconfig.<arch> (insists to use llvm-strip which runs
      # out of memory on libxul.so. Now 2.5 GB can be strupped to 166 MB, so we do
      # that with the normal 'strip' from binutils after 'mach install'
      strip "$pkgdir/usr/lib/$pkgname/libxul.so"
    ;;
    x86_64)
    ;;
    *) echo "no [ARCH-SPECIFIC INSTALL] for arch: ${CARCH}" ; return 1 ;
    ;;
  esac

  # Replace duplicate binary with wrapper
  # https://bugzilla.mozilla.org/show_bug.cgi?id=658850
  ln -srfv "$pkgdir/usr/bin/$pkgname" "$pkgdir/usr/lib/$pkgname/$pkgname-bin"

  # Use system certificates
  local nssckbi="$pkgdir/usr/lib/$pkgname/libnssckbi.so"
  if [[ -e $nssckbi ]]; then
    ln -srfv "$pkgdir/usr/lib/libnssckbi.so" "$nssckbi"
  fi

  # export SOCORRO_SYMBOL_UPLOAD_TOKEN_FILE="$startdir/.crash-stats-api.token" # anti-feature
  # if [[ -f $SOCORRO_SYMBOL_UPLOAD_TOKEN_FILE ]]; then                        # anti-feature
  #   make -C obj uploadsymbols                                                # anti-feature
  # else                                                                       # anti-feature
  #   cp -fvt "$startdir" obj/dist/*crashreporter-symbols-full.tar.zst         # anti-feature
  # fi

  # BEGIN RENAME_PROFILE - temporary
  # replace binary with a temporary wrapper, to rename the user profile directory
  # NOTE: prior to v99, if another 'firefox' is installed in addition to iceweasel,
  #       both applications would share a profile, which is not very sane behavior.
  # TODO: this 'rename-profile.sh' source file, and the following two LOC,
  #       could be removed after a reasonable deprecation period (eg: in 2023)
  mv                                  "${pkgdir}"/usr/lib/iceweasel/ice{,-}weasel
  install -Dm755 ../rename-profile.sh "${pkgdir}"/usr/lib/iceweasel/iceweasel
  # END RENAME_PROFILE
}


# BEGIN RENAME_PROFILE - temporary - see note in package()
depends+=(gxmessage) ; source+=(rename-profile.sh) ;
sha256sums+=('da332a538662b6f8ebe67c0aee85a12af57a6f20309b1eec9f30add3ac1cbc4f')
# END RENAME_PROFILE