1 files changed, 138 insertions, 0 deletions
diff --git a/pcr/icedove-bin/PKGBUILD b/pcr/icedove-bin/PKGBUILD
new file mode 100644
index 000000000..535238325
--- /dev/null
+++ b/pcr/icedove-bin/PKGBUILD
@@ -0,0 +1,138 @@
+# Maintainer: bill-auger <bill-auger@programmer.net>
+
+
+# FIXME: https://labs.parabola.nu/issues/3115
+#        Binary packages are generally not acceptable.
+#        Icedove has been unable to build for a long time though.
+#        libre/icedove still works; but is quite out-of-date.
+#        Ideally, let's fix libre/icedove and delete this package.
+
+
+# NOTE: Trisquel packages are not signed; but the repo databases are.
+#       The database contains checksums of per-repo manifests;
+#       and the manifests contain checksums of the packaged files.
+#       The check() function verifies the signature of the database,
+#       then verifies the manifest against its checksum in the database,
+#       then verifies all package files against their checksums in the manifest.
+#       That is why the makepkg integrity checks are used only for the signing key.
+
+
+pkgname=icedove-bin
+pkgver=115.8.1
+pkgrel=trisquel21
+pkgdesc="Email, RSS and newsgroup client with integrated spam filter (Trisquel binaries)"
+arch=(x86_64)
+url=http://www.trisquel.info
+# license=('MPL-2.0' 'GPL-2.0-only' 'LGPL-2.1-only') # TODO:
+license=(MPL2 GPL2 LGPL2.1)
+options=('!strip' '!emptydirs')
+
+# The 'depends' array is from the arch package.
+# The Trisquel binaries do not not link to most of these system sodeps.
+depends=(
+  glibc
+  gtk3 libgdk-3.so libgtk-3.so
+  mime-types
+  dbus # libdbus-1.so
+  dbus-glib
+  alsa-lib
+  nss
+  hunspell
+  sqlite
+  ttf-font
+  libvpx # libvpx.so
+  zlib
+  bzip2 # libbz2.so
+  botan2
+  libwebp # libwebp.so libwebpdemux.so
+  libevent
+  libjpeg-turbo
+  libffi # libffi.so
+  nspr
+  gcc-libs
+  libx11
+  libxrender
+  libxfixes
+  libxext
+  libxcomposite
+  libxdamage
+  pango libpango-1.0.so
+  cairo
+  gdk-pixbuf2
+  freetype2 # libfreetype.so
+  fontconfig # libfontconfig.so
+  glib2 libglib-2.0.so
+  pixman # libpixman-1.so
+  gnupg
+  json-c
+  libcanberra
+  ffmpeg
+  icu # libicui18n.so libicuuc.so
+)
+optdepends=(
+  'hunspell-en_us: Spell checking, American English'
+  'libotr: OTR support for active one-to-one chats'
+  'libnotify: Notification integration'
+)
+
+_upstream_name=icedove
+_deb_pkg=${_upstream_name}_${pkgver}+build1-0ubuntu0.22.04.1+11.0${pkgrel}_amd64.deb
+source=(http://us.archive.trisquel.info/trisquel/dists/aramo-updates/Release{,.gpg}
+        http://us.archive.trisquel.info/trisquel/dists/aramo-updates/main/binary-amd64/Packages
+        http://us.archive.trisquel.info/trisquel/pool/main/t/thunderbird/${_deb_pkg}
+        trisquel-archive-signkey.gpg)
+sha256sums=(SKIP SKIP SKIP SKIP a69f9e3c192d4805c37f2975c59339a5a048057cef3c9bf156d1663305f589ca)
+validpgpkeys=('60364C9869F92450421F0C22B138CA450C05112F') # Trisquel GNU/Linux <trisquel-devel@trisquel.info>
+
+
+build()
+{
+  mkdir pkg/
+
+  ar x ${_deb_pkg}
+  tar xf data.tar.zst --directory=pkg/
+}
+
+check()
+{
+  readonly MANIFEST_RX="^ [0-9a-f]{64} [0-9]+ main/binary-amd64/Packages$"
+  readonly PACKAGES_AWK="BEGIN { RS = \"Package:\" ; FS = \"\n\" } ( \$1 ~ /^ ${_upstream_name}$/ && \$3 ~ /${pkgver}.*${pkgrel}$/) { split(\$17 , a , \" \") ; split(\$18 , b , \" \") ; print a[2]\" \" b[2] }"
+  readonly PKGS_SIZE_ERR="Packages: filesize mismatch"
+  readonly PKGS_SUM_ERR="Packages: checksum mismatch"
+  readonly DEB_SIZE_ERR=".deb: filesize mismatch"
+  readonly DEB_SUM_ERR=".deb: checksum mismatch"
+  readonly SUMS_ERR="checksums: not found"
+  readonly FILES_SUM_ERR="files: checksum mismatch"
+  local sum n_bytes filepath
+
+  # validate repo manifest
+  echo -e "\n== validating repo manifest =="
+  gpg --import trisquel-archive-signkey.gpg
+  gpg --verify Release.gpg Release
+  read -r sum n_bytes _ < <(grep -E "${MANIFEST_RX}" Release | tail -n 1)
+  sum+="  Packages"
+  [[ "${n_bytes}" == "$(stat -c %s -L Packages)" ]]    || ! echo "${PKGS_SIZE_ERR}" || return 1
+  sha256sum --strict --check <(echo ${sum}   )         || ! echo "${PKGS_SUM_ERR}"  || return 1
+
+  # validate binary package
+  echo -e "\n== validating binary package =="
+  read -r n_bytes sum < <(awk "${PACKAGES_AWK}" Packages)
+  sum+="  ${_deb_pkg}"
+  [[ "${n_bytes}" == "$(stat -c %s -L ${_deb_pkg})" ]] || ! echo "${DEB_SIZE_ERR}" || return 1
+  sha256sum --strict --check <(echo ${sum})            || ! echo "${DEB_SUM_ERR}" || return 1
+
+  # validate binary package contents
+  echo -e "\n== validating binary package contents =="
+  tar xf control.tar.zst ./md5sums
+  cat md5sums
+  (( $(stat -c %s -L md5sums) ))                       || ! echo "${SUMS_ERR}" || return 1
+  while read sum filepath
+  do    sum+="  pkg/${filepath}"
+        md5sum --strict --check <(echo ${sum})         || ! echo "${FILES_SUM_ERR}" || return 1
+  done < md5sums
+}
+
+package()
+{
+  cp -a pkg/* "${pkgdir}"/
+}