CMXSL.org/package-helpers-cmxsl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: CMXSL.org:ecne-cmxsl
Branches Tags
CMXSL.org:ecne-cmxsl
CMXSL.org:aramo-cmxsl
CMXSL.org:ecne
CMXSL.org:aramo
...
pull from: CMXSL.org:aramo-cmxsl
Branches Tags
CMXSL.org:ecne-cmxsl
CMXSL.org:aramo-cmxsl
CMXSL.org:ecne
CMXSL.org:aramo
Sign in to create a new pull request.

167 commits
ecne-cmxsl ... aramo-cmxs

Author SHA1 Message Date
Ark74
d6cea70132 Merge branch 'aramo' of git.cmxsl.org:CMXSL.org/package-helpers-cmxsl into aramo-cmxsl 2025-09-28 02:20:52 -06:00
Ark74
9e3a800a4f config: set custom config values for cmxsl 2025-09-28 01:57:34 -06:00
Luis Guzmán
f6dec89128 yt-dlp: fix license table for parsing properly. 2025-09-25 15:05:43 -06:00
Ark74
7cfab2b6b1 libmateweather: update patch. 2025-09-24 16:53:58 -06:00
Luis Guzmán
4309bbb18c firefox: set higher priority than chromium based ones 2025-09-22 13:43:27 -06:00
Ark74
a18b9a93cc libmateweather: update default server uri. 2025-09-20 20:06:17 -06:00
Ark74
d61e03b0a2 hplip: add trisquel distro-name definition for hplip tools. 2025-09-15 15:38:44 -06:00
Luis Guzmán
1084ad3d7d firefox: update for v143 and remove conflict on sponsors reference. 2025-09-13 01:51:27 -06:00
Luis Guzmán
939adc704b firefox: publish 142 build, disable Sponsored Checkboxes 2025-08-31 01:04:53 -06:00
Luis Guzmán
765b4d5059 firefox: publish 142 build, disable Sponsored Checkboxes 2025-08-31 00:56:15 -06:00
Luis Guzmán
c8a2a75e3a yt-dlp: update integration with abrowser patch. 2025-08-28 08:10:55 -06:00
Ark74
472b6928a5 icecat: adding trisquel binaries. 2025-08-20 15:24:50 -06:00
Luis Guzmán
813a6be87b minetest: backporting ecne's release to fix CVE-2022-35978 and many others 2025-08-20 10:57:55 -06:00
Luis Guzmán
ce7eb58666 yt-dlp: update upstream keyring 2025-08-12 16:33:11 -06:00
Ark74
9147ba0080 videomass,vidtuber: fix dependencies on upstream package. 2025-07-30 12:18:08 -06:00
Luis Guzmán
b3e9560864 videomass: fix update python3-request dependencies. 2025-07-22 19:10:30 -06:00
Ark74
be0ad5a911 vidtuber: add simple yt-dlp GUI frontend. 2025-07-22 19:06:06 -06:00
Luis Guzmán
1e6aa228d5 firefox: patch external links for addons & update gnuzilla addon url 2025-07-09 04:26:28 -06:00
Luis Guzmán
dcd433256e emacs: agregar backport para v30.1 (#1) 
Prueba de emacs 30.1 en Aramo

Co-authored-by: Ark74 <ark@switnet.org>
Reviewed-on: #1
 2025-07-07 06:58:33 +00:00
Luis Guzman
98fa1b2279 firefox: restore upstream release available for v140 2025-06-24 18:51:21 +00:00
Ark74
db3ee3edc0 config: agregar personalización del CMXSL 2025-06-21 21:42:59 -06:00
Ark74
cb785f108d yt-dlp: enable abrowser to use 'cookies-from-browser' feature 2025-06-21 00:44:09 -06:00
Luis Guzmán
f7c9a74b92 python-apt: mirrors update bump. 2025-06-19 21:32:54 -06:00
Luis Guzmán
af678e2b2b firefox: prepare package changes for v139 2025-06-19 15:23:08 -06:00
Luis Guzmán
b6b5bf299f rustc-1.82: manually backported rustc-1.82 for latest abrowser builds 2025-06-19 15:17:38 -06:00
Luis Guzman
73229c9749 libgit2: backport for newer abrowser releases 2025-06-19 21:03:27 +00:00
Luis Guzmán
1aab15ff3a dh-cargo: backport for newer abrowser releases 2025-06-19 15:01:55 -06:00
Luis Guzmán
af31af9d45 cron: remove build until direction. 2025-06-17 00:39:36 -06:00
Jacob K
94fcd284a3 cron: correct copyright on crontab2english.pl (fixes TPH # 199) 2025-06-17 00:14:21 -06:00
Ark74
492256dd6f misc: clean unused component on src line 2025-06-14 16:00:02 -06:00
Luis Guzmán
bf25cfe3ce config: add start info for package helpers 2025-06-12 18:55:15 -06:00
Ark74
692365065d update-manager: update patch to remove pro 2025-06-12 02:32:00 -06:00
Ark74
d62d4dd516 llvm-toolchain-19: restore armhf rt runtime. 2025-06-07 01:22:52 -06:00
Ark74
c7b19a492f config: add apply_patch_changes function 2025-06-02 23:03:59 -06:00
Luis Guzmán
d703c69384 debconf-kde: fix TPH #212, pass home to prevent requests. 2025-06-02 19:14:08 -06:00
Luis Guzmán
c175b38d84 apparmor: upate apparmor profile 2025-05-31 17:31:18 -06:00
Luis Guzmán
2e58fef9fd llvm-toolchain-19: backported for latest abrowser updates 2025-05-29 02:06:37 -06:00
Luis Guzmán
c82672e89a weechat: backport fixed security release 2025-05-27 06:16:07 -06:00
Luis Guzmán
c223536ed0 misc: rename issue template 2025-05-14 17:55:29 +00:00
Ark74
3db09bbd0b misc: add issue template for bug report 2025-05-14 11:16:56 -06:00
Ark74
ed0d32e790 osinfo-db: improve trisquel derivation from earlier releases. 2025-04-29 04:47:29 -06:00
Luis Guzmán
e48d27b4e7 gnupg2: lower dependency of gpg-wks-server from desktop environment 2025-04-28 21:18:36 +00:00
Luis Guzman
603d8b7c64 openssh: bump security update 0.13 2025-04-27 19:58:03 +00:00
Ark74
42232b0f1c linux-hwe-6.8: update deblob-check for 6.8 2025-04-24 14:28:59 -06:00
Luis Guzmán
20ee3b87b8 thunderbird: update patch set for v128.9 2025-04-12 17:59:39 +00:00
Ark74
8adb9c62f5 expat: actually bump helper version 2025-04-08 17:31:35 -06:00
Ark74
6e5124d605 expat: bump version to trigger update 2025-04-08 16:33:27 -06:00
Luis Guzmán
aa1bb83ff3 firefox: prepare 136 release and strength privacy 2025-04-05 06:14:56 +00:00
Ark74
90fef7b990 linux-hwe-6.8: update deblob-check tools. 2025-04-04 10:16:57 -06:00
Ark74
b3799f8366 linux-hwe-6.8: update silent patch for 57.59 2025-04-04 00:08:26 -06:00
Ark74
96d3253765 linux-hwe-6.8: removal of references to external sources for firmware 2025-04-02 03:32:16 -06:00
Ark74
96cf108af6 linux: removal of references to external sources for firmware 2025-04-02 03:22:16 -06:00
Luis Guzmán
e7ae52a1ea config: add finish timestamp 2025-03-28 11:04:31 +00:00
Jacob K
1be49b69d4 apparmor-profiles-extra: fix screen reader in pidgin (issue #198) 2025-03-05 21:19:11 +00:00
Luis Guzman
4e2896e48c firefox: update patches for current release. 2025-02-25 06:07:35 +00:00
Ark74
06a3cb2c23 0ad{,-data}: backport version 0.27 for aramo 2025-02-24 15:53:34 -06:00
Luis Guzmán
2281936bd8 firefox: fix build for 135 update 2025-02-24 07:06:37 +00:00
Luis Guzman
f102d4c04e openssh: bump security update 0.11 2025-02-18 20:08:38 +00:00
Ark74
d602065589 nano: bump security update 0.1 2025-02-17 21:04:49 -06:00
Ark74
5412a1bae7 expat: bump security update 0.5 2025-02-17 20:55:13 -06:00
Ark74
913bb5a75d python-apt,choose-mirror: mirrors list update 02-2025 2025-02-01 06:02:41 +00:00
Ark74
bc2827457c firefox: disable hover preview tab as privacy settings maintenance. 2025-01-25 00:48:01 +00:00
Luis Guzman
8380da6089 firefox: test 134 version 2025-01-18 05:59:53 +00:00
Luis Guzmán
7ed3fcbcff qt6-webengine: make sure to disable safe_browsing_mode by default. 2025-01-16 23:44:54 +00:00
Ark74
e1d249923d qtwebengine-opensource-src: update removal list, fixes TPH:#196 2025-01-15 00:26:35 +00:00
Ark74
c499caf3a4 qt6-webengine: add helper to remove non-free and prebuilt binaries 2025-01-14 14:39:17 -06:00
Luis Guzmán
9572d7031a yt-dlp: add missing repokey 2025-01-14 17:52:55 +00:00
Luis Guzmán
43f99b854e yt-dlp: add latest stable upstream and remove explicit site listing 2025-01-14 17:38:49 +00:00
Luis Guzmán
c308416eb2 linux-hwe-6.8: update 001-disable_zstd_module_compression.patch 2025-01-13 04:48:15 +00:00
Luis Guzmán
2d72e52681 thuderbird: prepare icedove release v128 2025-01-10 14:11:28 +00:00
Luis Guzmán
42344a8d22 linux-hwe-6.8: restore udebs for latest linux-hwe-6.8 release 2025-01-09 21:19:33 +00:00
Ark74
c55c8bf080 python-apt: promote https sites by default on mirmon option 2025-01-07 22:32:41 -06:00
Ark74
46d5e40e51 python-apt: add option to parse Mastermirror list for mirmon format. 2025-01-06 15:25:47 -06:00
Ark74
37d28150c3 config: upgrade discover dpkg-vendor or distro-related behaviors 2025-01-03 14:55:22 -06:00
Luis Guzmán
22b7d58dad linux-hwe-6.5: restore udebs for latest linux-hwe-6.5 release. 2025-01-03 07:28:46 +00:00
Luis Guzmán
04b7fe41f7 config: add old kernel build capability for development 2025-01-01 08:12:47 +00:00
Luis Guzmán
60b1c33a70 firefox: final changes to fix trisquel's search engine icons. 2024-12-27 17:10:39 +00:00
Luis Guzmán
6b8c0b5c38 linux-hwe-6.8: tweak deblob-check for upstream update. 2024-12-24 16:36:03 +00:00
Luis Guzman
905d792784 linux: update cleaning linux tools for 5.15-130 2024-12-20 08:08:38 +00:00
Luis Guzmán
68b179b512 firefox: test firefox v133 release 2024-12-17 23:46:39 +00:00
Luis Guzmán
2cc2eaa5e0 llvm-toolchain-18: backport as dependency for icedove 128 2024-12-13 10:00:15 +00:00
Luis Guzmán
c3ad925bce atril: add custom apparmor profile for atril 2024-12-06 15:40:29 +00:00
Ark74
dc5da8840f debian-installer: no change, bump to rebuild against latest choose-mirror. 2024-12-04 20:05:06 -06:00
Luis Guzmán
ad12eaf56a python-apt: use git Mirrors.masterlist as main source 2024-12-05 00:06:06 +00:00
Luis Guzmán
c20840005e choose-mirror: use git Mirrors.masterlist source. 2024-12-05 00:00:34 +00:00
Luis Guzmán
9b803b2d03 firefox: use v132.0.2 for some maintenance work. 2024-11-16 18:27:56 +00:00
Luis Guzman
94cb4fd000 evince: fix apparmor profile for Trisquel Mini 2024-11-10 07:34:17 +00:00
Luis Guzmán
b640585ac8 distro-info-data: add test data for ecne / noble. 2024-11-10 06:22:28 +00:00
Luis Guzmán
57e5ef19ba firefox: add lost comment on patch 005_apply_custom_urls.patch 2024-11-08 15:56:42 +00:00
Luis Guzmán
20a25ce6d3 firefox: update for 132 release. 2024-11-08 04:08:49 +00:00
Luis Guzman
9d85d5a76d linux-hwe-6.8: update deblob-check for upstream included drivers on 6.8 2024-11-04 23:43:07 +00:00
Luis Guzmán
c7d80f569a python-apt: november update for repositories. 2024-11-01 10:34:45 +00:00
Luis Guzman
dda0d24f45 greybird-gtk-theme: update focused deprecated pseudo-class 2024-10-30 04:27:18 -06:00
Luis Guzmán
dbda85fde6 guix: add patches to fix guix#73919. 2024-10-23 15:31:17 +00:00
Luis Guzmán
1e8d358cbf config: add note when dpkg-vendor is present in debian/rules 2024-10-18 02:43:56 +00:00
Luis Guzmán
b294eb5ae9 firefox: prepare security 131.0.2 release 2024-10-15 12:16:11 +00:00
dinomug
8aee9943a1 yyjson: backport from debian trixie as fastfetch dependency 2024-10-10 21:16:41 +00:00
Luis Guzmán
44b98eef40 pkg-kde-tools: add patch for all policy.mk files. 2024-10-04 06:49:12 +00:00
Luis Guzman
e36e53d60b umbrello: remove deprecated changes on control file. 2024-10-04 05:44:12 +00:00
Luis Guzman
d61583cbf2 pkg-kde-tools: add Trisquel as valid Maintainer at pkg-kde-tools. 2024-10-04 05:38:43 +00:00
Luis Guzman
869d519689 python-apt: fix version FULLVERSION value 2024-10-01 21:27:44 +00:00
Luis Guzmán
32646fde69 python-apt: update mirrors October 2024 2024-10-01 21:17:46 +00:00
Luis Guzmán
26b0e44d7d firefox: prepare v130.0.1 release 2024-10-01 07:27:28 +00:00
Ark74
4c7f4310c5 linux-hwe-6.8: update silent patch. 2024-09-20 15:21:44 -06:00
Luis Guzmán
f05eeee8e4 linux-meta-hwe-6.8: restore improved version. 2024-09-19 04:29:38 +00:00
Luis Guzman
80f5ab8fd7 linux-meta-hwe-6.8: add meta package for linux-hwe-6.8 2024-09-19 04:09:43 +00:00
Luis Guzmán
c0320163fe linux-hwe-6.8: fix hwe definition and changelog version. 2024-09-18 18:26:56 +00:00
Ark74
bd4bcea380 expat: bump version for ubuntu0.4 release 2024-09-17 20:21:14 -06:00
Luis Guzmán
f24da921d2 nextcloud-desktop: backport packages required for v3.14 2024-09-16 15:11:46 +00:00
Luis Guzman
7b3f63da19 linux: update linux-libre tools and silent patch for 5.15-121 2024-09-15 20:13:11 +00:00
Ark74
8deec99563 linux-meta-hwe-6.8: add meta helper for hwe 6.8 2024-09-15 11:04:51 -06:00
Luis Guzman
d2239ec76a linux-hwe-6.8: add hwe 6.8 for aramo. 2024-09-15 06:13:46 +00:00
Luis Guzmán
07803be7f6 nextcloud-desktop: remove custom patches now applied upstream. 2024-09-14 20:40:33 +00:00
Luis Guzman
5bab20d013 update-manager: update patches and match newer release. 2024-09-14 16:27:10 +00:00
Luis Guzmán
226526fcbc nextcloud-desktop: backport fix for #7026 bug 2024-09-12 21:34:17 +00:00
Luis Guzmán
b5a0d8260a debootstrap: add Ecne script 2024-09-12 05:41:00 +00:00
Ark74
9565068877 gnome-software: update remove snap & fwup patch. 2024-09-11 02:50:22 -06:00
Luis Guzmán
95edfb114a gnome-software: remove fwup and snap support from gnome-software. 2024-09-11 02:15:27 -06:00
Luis Guzmán
05320ef185 firefox: 129.0.2 ; apply last patch before migrate to search-config-v2 2024-08-26 04:12:05 +00:00
Luis Guzmán
1374485dfd software-properties: make software-properties-qt visible with custom icon. 2024-08-17 22:08:59 +00:00
Luis Guzman
e34bb8fb39 nheko: backport newer release to improve matrix support on aramo. 2024-08-12 22:15:01 +00:00
Luis Guzmán
ff9bd1d520 gnome-boxes: add support for trisquel logo from osinfo-db. 2024-08-06 01:37:07 +00:00
Ark74
1cbeb6452b osinfo-db: update osinfo with ecne's release. 2024-08-05 19:08:53 -06:00
Luis Guzmán
7553ea11aa config: add option to set security component on helper. 2024-07-24 16:09:49 +00:00
Luis Guzmán
969774c9c4 guix: upgrade version from FTBFS + add missing CVE-2024-27297 fix via helper. 2024-07-23 00:40:52 +00:00
Luis Guzmán
47e7a17a54 linux-hwe-6.5: update deblob-check to match 6.5 changes. 2024-07-20 06:42:06 +00:00
Luis Guzman
6f60f2801c firefox: roll back old serach-config and update privacy settings. 2024-07-19 16:45:34 +00:00
Luis Guzman
876aa59124 config: add rollback patch function 2024-07-19 15:57:28 +00:00
Luis Guzmán
8af4bc9c9a firefox: update strict patch for v128 2024-07-11 05:39:01 +00:00
Luis Guzmán
eed30ae01c virtnbdbackup: drop target specific python3 version instead use generic v3 one. 2024-07-10 08:09:33 +00:00
Luis Guzman
057509e640 openssh: bump ssh version. 2024-07-01 18:18:14 +00:00
Luis Guzmán
c57af22e38 firefox: update and test changes for v127 2024-06-27 17:47:01 +00:00
Luis Guzman
84a1f3e553 rust-1.76: backported as dependency for abrowser. 2024-06-27 05:52:33 +00:00
Luis Guzmán
6df130993b ubuntu-themes: improve branding logos replacement. 2024-06-21 05:13:51 +00:00
Luis Guzmán
814669556e linux-hwe-6.5: update s-a-f patch for rev_41.41 2024-06-19 23:27:30 +00:00
Luis Guzman
3e89d26e3d make-linux: update linux-libre deblob-check. 2024-06-07 06:49:10 +00:00
Ark74
df85682d15 config: add function to simplify patch application. 2024-06-05 10:40:06 -06:00
Ark74
b440107ea3 misc: bump version to apply latest fixes. 2024-06-04 19:05:11 -06:00
Luis Guzman
c03ed2178d notmuch: backport fixes via debian-backports 2024-05-30 17:49:52 +00:00
Ark74
2dc0f8da09 python-apt: add freedif.org mirror (Singapore). 2024-05-20 01:34:40 -06:00
Ark74
7d1e8b0f4b usb-creator: add german l10n update, thanks knife. 2024-05-18 04:54:01 -06:00
Luis Guzman
3a4c59b33d linux{,hwe-6.5}: update hwe kernel dmks removal. 2024-05-18 05:14:29 +00:00
Luis Guzmán
f6c8d0a1f7 software-properties: update l10n german strings, thanks knife. 2024-05-18 03:27:34 +00:00
Ark74
59dce80f42 linux{,hwe-6.5}: fix disable dkms modules with external sources. 2024-05-17 14:14:01 -06:00
Luis Guzmán
088da83a52 update-manager: add german l10n, thanks knife. 2024-05-12 17:52:10 +00:00
Luis Guzmán
7921aef7ec update-manager: add german l10n, thanks knife. 2024-05-12 14:45:11 +00:00
Luis Guzmán
ae058aaab1 greybird-gtk-theme: fix caja selected elements on inactive panel at list view 2024-05-10 06:35:28 +00:00
Luis Guzmán
59c07048d4 misc: restore libxnvctrl for nvidia hardware detection 2024-05-09 19:20:45 +00:00
Luis Guzman
d815cecda4 firefox: update helper and patches for v126 2024-05-09 07:26:36 +00:00
Luis Guzmán
5f44eef626 config: add echo comment to easily identify sed_csum errors. 2024-05-08 19:05:39 +00:00
Ark74
036ae24511 python-virtualenv: remove python3-pip as dependency from virtualenv. 2024-05-03 19:18:58 -06:00
Luis Guzmán
cf01842269 dino-im: apply CVE-2023-28686 missing upstream 2024-05-04 00:06:49 +00:00
Ark74
cb72766b55 nvidia-settings: bump version to apply helper. 2024-05-02 00:22:47 -06:00
Ark74
f8835acec0 deboostrap: backport latest debootstrap for ecne support. 2024-05-01 01:17:51 -06:00
Luis Guzmán
ef906f1bfa pupnp: update backport helper to match dpkg version. 2024-04-30 05:14:49 +00:00
Luis Guzmán
e45548320a ubuntu-release-upgrader: actually upgrade version number 2024-04-26 01:07:05 +00:00
Luis Guzmán
580e426c0f ubuntu-release-upgrader: remove expired mirror. 2024-04-25 22:32:29 +00:00
Ark74
f0842c0799 base-files: update point release for new iso set. 2024-04-25 21:15:18 +00:00
Luis Guzmán
8dde32e79b libreoffice: update max libreoffice jobs for amd64. 2024-04-19 06:15:23 +00:00
Ark74
50e421142d nvidia-settings: remove pointer to external repository. 2024-04-17 13:28:59 -06:00
Luis Guzmán
d0e8271cbb opendmarc: rebuild to introduce missing armhf package in aramo repository 2024-04-15 18:42:18 +00:00
Luis Guzmán
76393fb349 update-manager: rollback uaclient.api.u.pro usage 2024-04-15 18:41:19 +00:00
Luis Guzmán
56bf7aedfd linux-meta: remove wireguard load on meta package. 2024-04-10 14:33:05 +00:00
Luis Guzmán
f1139c25b7 linux-hwe-6.5: sync base helper for linux and linux-hwe 2024-04-10 06:03:01 +00:00
Luis Guzman
2e68bebf50 firefox: update checksum for v125. 2024-04-09 18:10:30 +00:00
Luis Guzmán
dcc7af2408 linux: merge linux/linux-hwe helpers for both. 2024-04-09 08:18:23 +00:00
Luis Guzmán
63ffabcd4a firefox: set widget.gtk.libadwaita-colors.enabled to false. 2024-04-04 21:46:57 +00:00
857 changed files with 25271 additions and 1675 deletions
Download patch file Download diff file Expand all files Collapse all files

52
.gitlab/issue_templates/Default.md Normal file
View file

@ -0,0 +1,52 @@
## Bug Report Template
> **If you have a question or are not sure about what you are about to post, please use the forums instead.**
> **Also, check for possible duplicate reports here or in the forum before submitting this issue.**
---
### 1. Affected Package revision / version
<!-- Example: v1.3.2, v1.2.3trisquel1, etc -->
---
### 2. Steps to Reproduce
<!-- List the minimal steps to reproduce the issue -->
1. ...
2. ...
3. ...
---
### 3. Current Behavior
<!-- Describe what is happening -->
---
### 4. Expected Behavior *(optional)*
<!-- Describe what you expected to happen instead -->
---
### 5. Workaround *(optional)*
<!-- Is there a known workaround? -->
---
### 6. Suggestions, Investigation and Possible Causes *(optional)*
<!-- Share any insights, code references, or debugging steps you've taken -->
---
### 7. Other Tests *(optional)*
<!-- Any other environments or tests tried? -->
---

38
helpers/DATA/apparmor-profiles-extra/70aed868a4ed76d74eecf3b210ce7bf3098ffab4.patch Normal file
View file

@ -0,0 +1,38 @@
From 70aed868a4ed76d74eecf3b210ce7bf3098ffab4 Mon Sep 17 00:00:00 2001
From: Jacob K <jacobk@disroot.org>
Date: Wed, 12 Feb 2025 12:19:24 -0600
Subject: [PATCH] Add some lines from Atril's profile to fix the screen reader
---
profiles/usr.bin.pidgin | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/profiles/usr.bin.pidgin b/profiles/usr.bin.pidgin
index 5e18702..085301c 100644
--- a/profiles/usr.bin.pidgin
+++ b/profiles/usr.bin.pidgin
@@ -8,6 +8,7 @@
#include <abstractions/bash>
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
+ #include <abstractions/dbus-accessibility>
#include <abstractions/dconf>
#include <abstractions/enchant>
#include <abstractions/gnome>
@@ -82,6 +83,13 @@
owner @{PROC}/@{pid}/auxv r,
owner @{PROC}/@{pid}/fd/ r,
+ # These lines were copied from Atril's profile to make the screen reader functional
+ owner /{,var/}run/user/*/at-spi2-*/ rw,
+ owner /{,var/}run/user/*/at-spi2-*/** rw,
+ # Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
+ # https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
+ owner /{,var/}run/user/*/at-spi/bus* rw,
+
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.pidgin>
}
--
2.25.1

2
helpers/DATA/apparmor/b5a7641dd3502fcfb897d3b96e197628b674ce3c.patch
View file

@ -17,7 +17,7 @@ index 01493260d..dd783992d 100644
/etc/wildmidi/wildmidi.cfg r, /etc/wildmidi/wildmidi.cfg r,
+# pipewire +# pipewire
+/usr/share/pipewire/client.conf r, +/usr/share/pipewire/client{,-rt}.conf r,
+ +
# Include additions to the abstraction # Include additions to the abstraction
include if exists <abstractions/audio.d> include if exists <abstractions/audio.d>

350
helpers/DATA/atril/apparmor-profile Normal file
View file

@ -0,0 +1,350 @@
# vim:syntax=apparmor
# evince is not written with application confinement in mind and is designed to
# operate within a trusted desktop session where anything running within the
# user's session is trusted. That said, evince will often process untrusted
# input (PDFs, images, etc). Ideally evince would be written in such a way that
# image processing is separate from the main process and that processing
# happens in a restrictive sandbox, but unfortunately that is not currently the
# case. Because evince will process untrusted input, this profile aims to
# provide some hardening, but considering evince's design and other factors such
# as X, gsettings, accessibility, translations, DBus session and system
# services, etc, complete confinement is not possible.
#include <tunables/global>
/usr/bin/atril {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus-accessibility>
#include <abstractions/atril>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# allow atril to spawn browsers distributed as snaps (LP: #1794064)
#include <abstractions/snap_browsers>
# For now, let atril talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only atril is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
##include <abstractions/ubuntu-konsole>
/usr/bin/atril rmPx,
/usr/bin/atril-previewer Px,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# 'Show Containing Folder' (LP: #1022962)
/usr/bin/nautilus Cx -> sanitized_helper, # Gnome
/usr/bin/pcmanfm Cx -> sanitized_helper, # LXDE
/usr/bin/krusader Cx -> sanitized_helper, # KDE
/usr/bin/thunar Cx -> sanitized_helper, # XFCE
# Print Dialog
/usr/lib/@{multiarch}/libproxy/*/pxgsettings Cx -> sanitized_helper,
# For Xubuntu to launch the browser
#include <abstractions/exo-open>
# For text attachments
/usr/bin/gedit ixr,
# For Send to
/usr/bin/nautilus-sendto Cx -> sanitized_helper,
# GLib desktop launch helper (used under the hood by g_app_info_launch)
/usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,
/usr/bin/env ixr,
# allow directory listings (ie 'r' on directories) so browsing via the file
# dialog works
/ r,
/**/ r,
# This is need for saving files in your home directory without an extension.
# Changing this to '@{HOME}/** r' makes it require an extension and more
# secure (but with 'rw', we still have abstractions/private-files-strict in
# effect).
owner @{HOME}/** rw,
owner /media/** rw,
owner @{HOME}/.local/share/gvfs-metadata/** l,
owner /{,var/}run/user/*/gvfs-metadata/** l,
# Maybe add to an abstraction?
/etc/dconf/** r,
owner @{HOME}/.cache/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
owner @{HOME}/.config/enchant/* rk,
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
owner /{,var/}run/user/*/dconf-service/keyfile/ w,
owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
# Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
# https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
owner /{,var/}run/user/*/at-spi/bus* rw,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read and write for all supported file formats
/**.[aA][iI] rw,
/**.[bB][mM][pP] rw,
/**.[dD][jJ][vV][uU] rw,
/**.[dD][vV][iI] rw,
/**.[gG][iI][fF] rw,
/**.[jJ][pP][gG] rw,
/**.[jJ][pP][eE][gG] rw,
/**.[oO][dD][pP] rw,
/**.[fFpP][dD][fF] rw,
/**.[pP][nN][mM] rw,
/**.[pP][nN][gG] rw,
/**.[pP][sS] rw,
/**.[eE][pP][sS] rw,
/**.[tT][iI][fF] rw,
/**.[tT][iI][fF][fF] rw,
/**.[xX][pP][mM] rw,
/**.[gG][zZ] rw,
/**.[bB][zZ]2 rw,
/**.[cC][bB][rRzZ7] rw,
/**.[xX][zZ] rw,
# atril creates a temporary stream file like '.goutputstream-XXXXXX' in the
# directory a file is saved. This allows that behavior.
owner /**/.goutputstream-* w,
# allow atril to spawn browsers distributed as snaps (LP: #1794064)
/{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrCx -> snap_browsers,
}
/usr/bin/atril-previewer {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus-accessibility>
#include <abstractions/atril>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# For now, let atril talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only atril is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
/usr/bin/atril-previewer mr,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# Lenient, but remember we still have abstractions/private-files-strict in
# effect). Write is needed for 'print to file' from the previewer.
@{HOME}/ r,
@{HOME}/** rw,
# Maybe add to an abstraction?
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
}
/usr/bin/atril-thumbnailer {
#include <abstractions/base>
#include <abstractions/private-files-strict>
#include <abstractions/fonts>
deny @{HOME}/.{,cache/}fontconfig/** wl,
deny @{HOME}/missfont.log wl,
#include <abstractions/dbus-session-strict>
dbus (receive) bus=session,
dbus (send)
bus=session
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="ListMountableInfo"
peer=(label=unconfined),
# updating gvfs-metadata for thumbnails is unneeded, so explicitly deny it
deny dbus (send)
bus=session
path="/org/gtk/vfs/metadata"
interface="org.gtk.vfs.Metadata"
member="GetTreeFromDevice"
peer=(label=unconfined),
deny @{HOME}/.local/share/gvfs-metadata/* r,
dbus (send)
bus=session
path="/org/gtk/vfs/Daemon"
interface="org.gtk.vfs.Daemon"
member="List*"
peer=(label=unconfined),
# The thumbnailer doesn't need access to everything in the nameservice
# abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
# logging denial of nsswitch.conf.
/etc/passwd r,
/etc/group r,
deny /etc/nsswitch.conf r,
# TCP/UDP network access for NFS
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
/etc/papersize r,
/usr/bin/atril-thumbnailer mr,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
/usr/bin/gs-esp ixr,
# Silence these denials since 'no new privs' drops transitions to
# sanitized_helper, we don't want all those perms in the thumbnailer
# and the thumbnailer generates thumbnails without these just fine.
deny /usr/bin/mktexpk x,
deny /usr/bin/mktextfm x,
deny /usr/bin/dvipdfm x,
deny /usr/bin/dvipdfmx x,
deny /usr/bin/mkofm x,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# miscellaneous access for the above
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
/sys/devices/system/cpu/ r,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/** r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRzZ7] r,
/**.[xX][zZ] r,
owner @{HOME}/.texlive*/** r,
owner @{HOME}/.texmf*/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
# With the network rules above, this allows data exfiltration for files
# not covered by private-files-strict.
@{HOME}/ r,
owner @{HOME}/[^.]** r,
owner /media/** r,
owner /tmp/.gnome_desktop_thumbnail* w,
owner /tmp/gnome-desktop-* rw,
owner /tmp/atril-thumbnailer*/{,**} rw,
# these happen post pivot_root
/ r,
deny /missfont.log w,
# Add apparmor rule for mate's caja - LP#1798091
owner /tmp/.mate_desktop_thumbnail* w,
owner /tmp/mate-desktop-thumbnailer* w,
# Fix thumbnail issue #915024
owner @{HOME}/.cache/thumbnails/** rw,
owner /tmp/atril-thumbnailer* rw,
}

127
helpers/DATA/atril/apparmor-profile.abstraction Normal file
View file

@ -0,0 +1,127 @@
# vim:syntax=apparmor
#
# abstraction used by atril binaries
#
#include <abstractions/gnome>
#include <abstractions/p11-kit>
#include <abstractions/ubuntu-helpers>
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/mountinfo r,
owner @{PROC}/[0-9]*/auxv r,
owner @{PROC}/[0-9]*/status r,
# Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
# Possibly move to an abstraction if anything else needs it.
deny /run/udev/data/** r,
# move out to the gnome abstraction if anyone else needs these
/etc/udev/udev.conf r,
/sys/devices/**/block/**/uevent r,
# apport
/etc/default/apport r,
# XFCE
/etc/xfce4/defaults.list r,
# Lubuntu
/etc/xdg/lubuntu/applications/defaults.list r,
# atril specific
/etc/ r,
/etc/fstab r,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
owner @{HOME}/.config/atril/ rw,
owner @{HOME}/.config/atril/** rwkl,
/usr/bin/gs-esp ixr,
/usr/bin/mktexpk Cx -> sanitized_helper,
/usr/bin/mktextfm Cx -> sanitized_helper,
/usr/bin/dvipdfm Cx -> sanitized_helper,
/usr/bin/dvipdfmx Cx -> sanitized_helper,
# gio-launch-desktop was replaced by a very small shell script
/{usr/,}bin/{dash,bash} ixr,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/{,**} r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[aA][iI] r,
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRzZ7] r,
/**.[xX][zZ] r,
# Use abstractions/private-files instead of abstractions/private-files-strict
# and add the sensitive files manually to work around LP: #451422. The goal
# is to disallow access to the .mozilla folder in general, but to allow
# access to the Cache directory, which the browser may tell atril to open
# from directly.
#include <abstractions/private-files>
audit deny @{HOME}/.gnupg/{,**} mrwkl,
audit deny @{HOME}/.ssh/{,**} mrwkl,
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
audit deny @{HOME}/.gnome2/ w,
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/apps/kwallet/{,**} mrwkl,
audit deny @{HOME}/.pki/{,nssdb/} w,
audit deny @{HOME}/.pki/nssdb/{,**} wl,
audit deny @{HOME}/.mozilla/{,**/} w,
audit deny @{HOME}/.mozilla/*/*/* mrwkl,
audit deny @{HOME}/.mozilla/**/bookmarkbackups/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/chrome/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/extensions/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/gm_scripts/{,**} mrwkl,
audit deny @{HOME}/.config/ w,
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
audit deny @{HOME}/.config/evolution/{,**} mrwkl,
audit deny @{HOME}/.evolution/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/config/{,**} mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/{,**} mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/{,**/} w,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/{,**} mrwkl,

21
helpers/DATA/atril/atril.apport Normal file
View file

@ -0,0 +1,21 @@
'''apport package hook for atril
(c) 2024 Luis Guzmán
Author:
Luis Guzmán <ark@switnet.org>
based on evince's hook
'''
from apport.hookutils import *
from os import path
import re
def add_info(report):
attach_conffiles(report, 'atril')
attach_related_packages(report, ['apparmor', 'libapparmor1',
'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit1'])
attach_mac_events(report, ['/usr/bin/atril',
'/usr/bin/atril-previewer',
'/usr/bin/atril-thumbnailer'])

29
helpers/DATA/atril/patches/add_install_profiles_rules.patch Normal file
View file

@ -0,0 +1,29 @@
diff --git a/debian/rules b/debian/rules
old mode 100755
new mode 100644
index 8a7ff87..655c574
--- a/debian/rules
+++ b/debian/rules
@@ -52,3 +52,9 @@ override_dh_auto_configure:
get-orig-source:
uscan --noconf --force-download --rename --download-current-version --destdir=..
+
+execute_after_dh_install:
+ install -m 0644 -D debian/apparmor-profile debian/atril/etc/apparmor.d/usr.bin.atril
+ install -m 0644 -D debian/apparmor-profile.abstraction debian/atril/etc/apparmor.d/abstractions/atril
+ install -m 0644 -D debian/atril.apport debian/atril/usr/share/apport/package-hooks/source_atril.py
+ dh_apparmor --profile-name=usr.bin.atril -patril
diff --git a/debian/control b/debian/control
index f5bda53..6d72cc9 100644
--- a/debian/control
+++ b/debian/control
@@ -9,6 +9,7 @@ Uploaders: Mike Gabriel <sunweaver@debian.org>,
Vangelis Mouhtsis <vangelis@gnugr.org>,
Martin Wimpress <code@flexion.org>,
Build-Depends: debhelper-compat (= 13),
+ dh-apparmor,
dpkg-dev (>= 1.16.1.1),
gobject-introspection,
intltool,

2
helpers/DATA/choose-mirror/rev_Makefile.patch
View file

@ -5,7 +5,7 @@ diff -ru choose-mirror-2.78ubuntu7+10.0trisquel3/Makefile choose-mirror-2.111/Ma
STRIP=strip STRIP=strip
# Derivative distributions may want to change these. # Derivative distributions may want to change these.
-#MIRRORLISTURL=https://anonscm.debian.org/git/mirror/mirror-masterlist.git/plain/Mirrors.masterlist -#MIRRORLISTURL=https://gitlab.trisquel.org/trisquel/trisquel-packages/-/raw/master/extra/mirrors/Mirrors.masterlist
-MASTERLIST=Mirrors.masterlist.trisquel -MASTERLIST=Mirrors.masterlist.trisquel
+MIRRORLISTURL=https://salsa.debian.org/mirror-team/masterlist/raw/master/Mirrors.masterlist +MIRRORLISTURL=https://salsa.debian.org/mirror-team/masterlist/raw/master/Mirrors.masterlist
+MASTERLIST=Mirrors.masterlist +MASTERLIST=Mirrors.masterlist

37
helpers/DATA/cron/license-info-fix.patch Normal file
View file

@ -0,0 +1,37 @@
diff --git a/debian/copyright b/debian/copyright
index 3c8824f..c6ec81a 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -38,7 +38,7 @@ License: GPL-2+
Files: debian/examples/crontab2english.pl
Copyright: 2001, Sean M. Burke
-License: Artistic
+License: GPL-1+ or Artistic
License: Paul-Vixie's-license
Distribute freely, except: don't remove my name from the source or
@@ -67,6 +67,23 @@ License: GPL-2+
On Debian systems, the complete text of the GNU General
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+License: GPL-1+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 1 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 1 can be found in "/usr/share/common-licenses/GPL-1".
+
License: Artistic
This program is free software; you can redistribute it and/or modify it
under the terms of the "Artistic License" which comes with Debian.

33
helpers/DATA/debconf-kde/patch_changes/000-fix_TPH_212_LP_1851573.patch Normal file
View file

@ -0,0 +1,33 @@
diff --git a/tools/main.cpp b/tools/main.cpp
index 813aba5a..5f91e057 100644
--- a/tools/main.cpp
+++ b/tools/main.cpp
@@ -37,6 +37,8 @@
#include <DebconfGui.h>
+#include <pwd.h>
+
using namespace DebconfKde;
// Handle SIGQUIT. Clients (e.g. packagekit) may use QUIT which would otherwise
@@ -73,6 +76,19 @@ static void setupQuitHandler() {
int main(int argc, char **argv)
{
+ /* TPH: #212 | LP: #1851573 — When the helper is started through pkexec/aptdaemon
+ * the environment may arrive without $HOME. Without HOME, KConfig writes
+ * to "//.config/..." and shows a "not writable" dialog for every debconf
+ * question. Substitute the passwd entrys home directory.
+ */
+ const char *homeEnv = getenv("HOME");
+ if (!homeEnv || homeEnv[0] == '\0') {
+ struct passwd *pw = getpwuid(getuid());
+ if (pw && pw->pw_dir) {
+ setenv("HOME", pw->pw_dir, /* overwrite = */ 1);
+ }
+ }
+
QApplication app(argc, argv);
setupQuitHandler();

1
helpers/DATA/debootstrap/ecne Symbolic link
View file

@ -0,0 +1 @@
trisquel

37
helpers/DATA/dino-im/cve/01_ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch Normal file
View file

@ -0,0 +1,37 @@
From ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec Mon Sep 17 00:00:00 2001
From: Marvin W <git@larma.de>
Date: Thu, 23 Mar 2023 10:13:30 -0600
Subject: [PATCH] Check sender of bookmark:1 updates
---
xmpp-vala/src/module/xep/0402_bookmarks2.vala | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/xmpp-vala/src/module/xep/0402_bookmarks2.vala b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
index 406f37f43..d1e53e6e3 100644
--- a/xmpp-vala/src/module/xep/0402_bookmarks2.vala
+++ b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
@@ -68,6 +68,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
}
private void on_pupsub_item(XmppStream stream, Jid jid, string id, StanzaNode? node) {
+ if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+ warning("Received alleged bookmarks:1 item from %s, ignoring", jid.to_string());
+ return;
+ }
+
Conference conference = parse_item_node(node, id);
Flag? flag = stream.get_flag(Flag.IDENTITY);
if (flag != null) {
@@ -77,6 +82,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
}
private void on_pupsub_retract(XmppStream stream, Jid jid, string id) {
+ if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+ warning("Received alleged bookmarks:1 retract from %s, ignoring", jid.to_string());
+ return;
+ }
+
try {
Jid jid_parsed = new Jid(id);
Flag? flag = stream.get_flag(Flag.IDENTITY);

4
helpers/DATA/distro-info-data/README.Debian.patch
View file

@ -1,5 +1,5 @@
--- debian/README.Debian 2019-10-17 15:10:30.000000000 -0500 --- a/debian/README.Debian 2019-10-17 15:10:30.000000000 -0500
+++ debian/README.Debian_trisquel 2021-11-26 13:26:20.362971709 -0600 +++ b/debian/README.Debian 2021-11-26 13:26:20.362971709 -0600
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
=========== ===========

4
helpers/DATA/distro-info-data/add_trisquel_tools_py.patch
View file

@ -1,5 +1,5 @@
--- lib/tools.py 2021-10-15 08:01:00.000000000 -0500 --- a/lib/tools.py 2021-10-15 08:01:00.000000000 -0500
+++ lib/tools.py 2022-04-06 12:27:07.672427372 -0500 +++ a/lib/tools.py 2022-04-06 12:27:07.672427372 -0500
@@ -37,7 +37,7 @@ @@ -37,7 +37,7 @@
def main(validation_function): def main(validation_function):
"""Main function with command line parameter parsing.""" """Main function with command line parameter parsing."""

4
helpers/DATA/distro-info-data/add_trisquel_validate.patch
View file

@ -1,5 +1,5 @@
--- validate-csv-data 2021-10-15 08:01:00.000000000 -0500 --- a/validate-csv-data 2021-10-15 08:01:00.000000000 -0500
+++ validate-csv-data 2022-04-06 12:27:29.004706669 -0500 +++ b/validate-csv-data 2022-04-06 12:27:29.004706669 -0500
@@ -27,6 +27,13 @@ @@ -27,6 +27,13 @@

1
helpers/DATA/distro-info-data/trisquel.csv
View file

@ -12,3 +12,4 @@ version,codename,series,created,release,eol,upstream
9.0 LTS,Etiona,etiona,2017-10-19,2020-10-16,2023-05-31,bionic 9.0 LTS,Etiona,etiona,2017-10-19,2020-10-16,2023-05-31,bionic
10.0 LTS,Nabia,nabia,2019-10-17,2021-12-16,2025-05-29,focal 10.0 LTS,Nabia,nabia,2019-10-17,2021-12-16,2025-05-29,focal
11.0 LTS,Aramo,aramo,2021-10-14,2023-03-19,2027-06-01,jammy 11.0 LTS,Aramo,aramo,2021-10-14,2023-03-19,2027-06-01,jammy
12.0 LTS,Ecne,ecne,2023-10-12,2029-05-31,2029-05-31,noble

1 version codename series created release eol upstream
12 9.0 LTS Etiona etiona 2017-10-19 2020-10-16 2023-05-31 bionic
13 10.0 LTS Nabia nabia 2019-10-17 2021-12-16 2025-05-29 focal
14 11.0 LTS Aramo aramo 2021-10-14 2023-03-19 2027-06-01 jammy
15 12.0 LTS Ecne ecne 2023-10-12 2029-05-31 2029-05-31 noble

41
helpers/DATA/emacs/patch_changes/000-add_custom_libs_imagemagic_tree-sitter_json.patch Normal file
View file

@ -0,0 +1,41 @@
diff --git a/debian/rules b/debian/rules
index 2aaaef13..db5d184f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -297,6 +297,9 @@ confflags_gtk := $(confflags)
confflags_gtk += --with-cairo
confflags_gtk += --with-x=yes
confflags_gtk += --with-x-toolkit=gtk3
+confflags_gtk += --with-imagemagick
+#confflags_gtk += --with-tree-sitter
+confflags_gtk += --with-json
# For those who prefer the old-style non-toolkit scrollbars, just
# change the assignment below to --without-toolkit-scroll-bars. The
# resulting emacs-gtk package will have the old scrollbars.
@@ -317,6 +320,9 @@ confflags_lucid += --with-x=yes
confflags_lucid += --with-x-toolkit=lucid
confflags_lucid += --with-toolkit-scroll-bars
confflags_lucid += --without-gsettings
+confflags_gtk += --with-imagemagick
+#confflags_gtk += --with-tree-sitter
+confflags_gtk += --with-json
define cfg_tree
cd $(1) && \
diff --git a/debian/control b/debian/control
index 005b695..169abfc 100644
--- a/debian/control
+++ b/debian/control
@@ -26,10 +26,12 @@ Build-Depends:
libgpm-dev [linux-any],
libgtk-3-dev,
libharfbuzz-dev,
+ libjansson-dev,
libjpeg-dev,
liblcms2-dev,
liblockfile-dev,
libm17n-dev,
+ libmagickwand-dev,
libncurses-dev,
liboss4-salsa-dev [hurd-i386 kfreebsd-i386 kfreebsd-amd64],
libotf-dev,

74
helpers/DATA/firefox/branding/content/about-wordmark.svg
View file

File diff suppressed because one or more lines are too long
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.4 KiB

After

Width:  |  Height:  |  Size: 7 KiB

Before After
Before After

5
helpers/DATA/firefox/branding/content/aboutDialog.css
View file

@ -40,8 +40,9 @@
} }
#rightBox { #rightBox {
margin-left: 30px; background-size: auto 64px;
margin-right: 30px; margin-inline: 30px;
padding-top: 64px;
} }
#bottomBox { #bottomBox {

84
helpers/DATA/firefox/branding/content/firefox-wordmark.svg
View file

File diff suppressed because one or more lines are too long
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.8 KiB

After

Width:  |  Height:  |  Size: 6.9 KiB

Before After
Before After

15
helpers/DATA/firefox/default-strict.patch
View file

@ -1,7 +1,8 @@
diff -ru firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs_fix diff --git a/browser/components/BrowserGlue.sys.mjs b/browser/components/BrowserGlue.sys.mjs
--- firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs 2023-02-07 01:52:32.000000000 -0600 index 8fa6f7a..a34ab8b 100644
+++ firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs_fix 2023-02-07 14:52:59.465762604 -0600 --- a/browser/components/BrowserGlue.sys.mjs
@@ -1637,6 +1637,19 @@ +++ b/browser/components/BrowserGlue.sys.mjs
@@ -1860,6 +1860,19 @@ BrowserGlue.prototype = {
} }
}); });
@ -18,6 +19,6 @@ diff -ru firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs firefox-110
+ Services.prefs.setStringPref("browser.contentblocking.category", "strict"); this._updateCBCategory; + Services.prefs.setStringPref("browser.contentblocking.category", "strict"); this._updateCBCategory;
+ } + }
+ +
// Offer to reset a user's profile if it hasn't been used for 60 days. this._maybeOfferProfileReset();
const OFFER_PROFILE_RESET_INTERVAL_MS = 60 * 24 * 60 * 60 * 1000;
let lastUse = Services.appinfo.replacedLockTime; this._checkForOldBuildUpdates();

16
helpers/DATA/firefox/patch_changes/Remove_Android_and_iOS_promotion.patch → helpers/DATA/firefox/patch_changes/001-Remove_Android_and_iOS_promotion.patch
View file

@ -1,13 +1,14 @@
diff --git a/browser/components/preferences/sync.inc.xhtml b/browser/components/preferences/sync.inc.xhtml diff --git a/browser/components/preferences/sync.inc.xhtml b/browser/components/preferences/sync.inc.xhtml
index 7d37d26..4ebbc06 100644 index 492491a3..0c8c462a 100644
--- a/browser/components/preferences/sync.inc.xhtml --- a/browser/components/preferences/sync.inc.xhtml
+++ b/browser/components/preferences/sync.inc.xhtml +++ b/browser/components/preferences/sync.inc.xhtml
@@ -35,22 +35,6 @@ @@ -35,24 +35,6 @@
</hbox> </hbox>
</vbox> </vbox>
</hbox> </hbox>
- <label class="fxaMobilePromo" data-l10n-id="sync-mobile-promo"> - <label class="fxaMobilePromo" data-l10n-id="sync-mobile-promo">
- <html:img - <html:img
- role="none"
- src="chrome://browser/skin/logo-android.svg" - src="chrome://browser/skin/logo-android.svg"
- data-l10n-name="android-icon" - data-l10n-name="android-icon"
- class="androidIcon"/> - class="androidIcon"/>
@ -15,6 +16,7 @@ index 7d37d26..4ebbc06 100644
- data-l10n-name="android-link" - data-l10n-name="android-link"
- class="fxaMobilePromo-android text-link" target="_blank"/> - class="fxaMobilePromo-android text-link" target="_blank"/>
- <html:img - <html:img
- role="none"
- src="chrome://browser/skin/logo-ios.svg" - src="chrome://browser/skin/logo-ios.svg"
- data-l10n-name="ios-icon" - data-l10n-name="ios-icon"
- class="iOSIcon"/> - class="iOSIcon"/>
@ -49,12 +51,12 @@ index 1b29e8d..6f7566c 100644
sync-profile-picture = sync-profile-picture =
.tooltiptext = Change profile picture .tooltiptext = Change profile picture
diff --git a/browser/components/protections/content/vpn-card.mjs b/browser/components/protections/content/vpn-card.mjs diff --git a/browser/components/protections/content/vpn-card.mjs b/browser/components/protections/content/vpn-card.mjs
index 2417f1a641..698c48ccc3 100644 index d9fe35c0..1b166048 100644
--- a/browser/components/protections/content/vpn-card.mjs --- a/browser/components/protections/content/vpn-card.mjs
+++ b/browser/components/protections/content/vpn-card.mjs +++ b/browser/components/protections/content/vpn-card.mjs
@@ -23,22 +23,6 @@ export default class VPNCard { @@ -24,22 +24,6 @@ export default class VPNCard {
vpnLink.addEventListener("click", () => { vpnLink.addEventListener("click", () => {
this.doc.sendTelemetryEvent("click", "vpn_card_link"); this.doc.sendTelemetryEvent("clickVpnCardLink");
}); });
- let androidVPNAppLink = document.getElementById( - let androidVPNAppLink = document.getElementById(
- "vpn-google-playstore-link" - "vpn-google-playstore-link"
@ -63,14 +65,14 @@ index 2417f1a641..698c48ccc3 100644
- "browser.contentblocking.report.vpn-android.url" - "browser.contentblocking.report.vpn-android.url"
- ); - );
- androidVPNAppLink.addEventListener("click", () => { - androidVPNAppLink.addEventListener("click", () => {
- document.sendTelemetryEvent("click", "vpn_app_link_android"); - document.sendTelemetryEvent("clickVpnAppLinkAndroid");
- }); - });
- let iosVPNAppLink = document.getElementById("vpn-app-store-link"); - let iosVPNAppLink = document.getElementById("vpn-app-store-link");
- iosVPNAppLink.href = RPMGetStringPref( - iosVPNAppLink.href = RPMGetStringPref(
- "browser.contentblocking.report.vpn-ios.url" - "browser.contentblocking.report.vpn-ios.url"
- ); - );
- iosVPNAppLink.addEventListener("click", () => { - iosVPNAppLink.addEventListener("click", () => {
- document.sendTelemetryEvent("click", "vpn_app_link_ios"); - document.sendTelemetryEvent("clickVpnAppLinkIos");
- }); - });
const vpnBanner = this.doc.querySelector(".vpn-banner"); const vpnBanner = this.doc.querySelector(".vpn-banner");

186
helpers/DATA/firefox/patch_changes/Remove_moreFromMozilla_Focus_and_Klar.patch → helpers/DATA/firefox/patch_changes/002-Remove_moreFromMozilla_Focus_and_Klar.patch
View file

File diff suppressed because one or more lines are too long

54
helpers/DATA/firefox/patch_changes/003-disable_sponsored_topsites_and_keep_weather_widget_static.patch Normal file
View file

@ -0,0 +1,54 @@
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 52a520fd..81cc685d 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1718,19 +1718,19 @@
pref("browser.topsites.component.enabled", false);
pref("browser.topsites.useRemoteSetting", true);
// Fetch sponsored Top Sites from Mozilla Tiles Service (Contile)
-pref("browser.topsites.contile.enabled", true);
-pref("browser.topsites.contile.endpoint", "https://contile.services.mozilla.com/v1/tiles");
+pref("browser.topsites.contile.enabled", false);
+pref("browser.topsites.contile.endpoint", "");
// Whether to enable the Share-of-Voice feature for Sponsored Topsites via Contile.
-pref("browser.topsites.contile.sov.enabled", true);
+pref("browser.topsites.contile.sov.enabled", false);
// The base URL for the Quick Suggest anonymizing proxy. To make a request to
// the proxy, include a campaign ID in the path.
-pref("browser.partnerlink.attributionURL", "https://topsites.services.mozilla.com/cid/");
-pref("browser.partnerlink.campaign.topsites", "amzn_2020_a1");
+pref("browser.partnerlink.attributionURL", "");
+pref("browser.partnerlink.campaign.topsites", "");
// Activates preloading of the new tab url.
-pref("browser.newtab.preload", true);
+pref("browser.newtab.preload", false);
pref("browser.preonboarding.onTrainRolloutPopulation", 0);
// Mozilla Ad Routing Service (MARS) unified ads service
-pref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", true);
-pref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", true);
-pref("browser.newtabpage.activity-stream.unifiedAds.endpoint", "https://ads.mozilla.org/");
+pref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", false);
+pref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", false);
+pref("browser.newtabpage.activity-stream.unifiedAds.endpoint", "");
pref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.enabled", false);
pref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.tiles.enabled", false);
// Weather widget for newtab
-pref("browser.newtabpage.activity-stream.showWeather", true);
+pref("browser.newtabpage.activity-stream.showWeather", false);
pref("browser.newtabpage.activity-stream.weather.query", "");
pref("browser.newtabpage.activity-stream.weather.display", "simple");
+pref("browser.newtabpage.activity-stream.images.smart", true);
// enable location search for newtab weather widget
-pref("browser.newtabpage.activity-stream.weather.locationSearchEnabled", true);
+pref("browser.newtabpage.activity-stream.weather.locationSearchEnabled", false);
// List of regions that get weather by default.
pref("browser.newtabpage.activity-stream.discoverystream.region-weather-config", "US,CA")

0
helpers/DATA/firefox/patch_changes/sqlite-ppc.patch → helpers/DATA/firefox/patch_changes/004-sqlite-ppc.patch
View file

53
helpers/DATA/firefox/patch_changes/005-apply_custom_urls.patch Normal file
View file

@ -0,0 +1,53 @@
# WIP - Help needed
URL customizations requires to comprehend the scope to handle the documentation for this
and other projects heavily customizing and rebranding Firefox like Abrowser does.
This patch documents how to handle custom URLs to point to a desired page (initially).
It replaces,
* is="moz-support-link"
* support-page="..."
to customize the default URL, making sure there is an id for l10n field,
* data-l10n-id="..."
so the corresponding message is displayed as it seems to be linked on some cases
with is="" and support-page="..."
Cheers!
diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml_
index 77ea8f5d..62c3ce8e 100644
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@@ -372,10 +372,7 @@
support-page="global-privacy-control" />
</hbox>
<hbox id="doNotTrackBox" flex="1" align="center" hidden="true">
- <html:a is="moz-support-link"
- id="doNotTrackRemoval"
- support-page="how-do-i-turn-do-not-track-feature"
- data-l10n-id="do-not-track-removal" />
+ <html:a class="learnMore" href="https://trisquel.info/en/wiki/abrowser-help" target="_blank"/>
</hbox>
</vbox>
</groupbox>
@@ -388,11 +385,10 @@
<vbox flex="1">
<description class="description-with-side-element description-deemphasized" flex="1">
<html:span id="totalSiteDataSize"></html:span>
- <html:a is="moz-support-link"
- id="siteDataLearnMoreLink"
- data-l10n-id="sitedata-learn-more"
- support-page="storage-permissions"
- />
+ <html:a id="doNotTrackLearnMoreLink"
+ href="https://trisquel.info/en/wiki/abrowser-help"
+ data-l10n-id="do-not-track-learn-more"
+ target="_blank"/>
</description>
<hbox flex="1" id="deleteOnCloseNote" class="info-box-container smaller-font-size">
<hbox class="info-icon-container">

204
helpers/DATA/firefox/patch_changes/006-remova_mailto_handlers_correctly.patch Normal file
View file

@ -0,0 +1,204 @@
diff --git a/uriloader/exthandler/HandlerList.sys.mjs b/uriloader/exthandler/HandlerList.sys.mjs
index e95d627..beef04d 100644
--- a/uriloader/exthandler/HandlerList.sys.mjs
+++ b/uriloader/exthandler/HandlerList.sys.mjs
@@ -8,198 +8,7 @@ export const kHandlerList = {
default: {
schemes: {
mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- cs: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Seznam",
- uriTemplate: "https://email.seznam.cz/newMessageScreen?mailto=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- "es-CL": {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- {
- name: "Outlook",
- uriTemplate:
- "https://outlook.live.com/default.aspx?rru=compose&to=%s",
- },
- ],
- },
- },
- },
- "ja-JP-mac": {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Yahoo!メール",
- uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- ja: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Yahoo!メール",
- uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- kk: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Яндекс.Почта",
- uriTemplate: "https://mail.yandex.ru/compose?mailto=%s",
- },
- {
- name: "Mail.Ru",
- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- ltg: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- {
- name: "inbox.lv mail",
- uriTemplate: "https://mail.inbox.lv/compose?to=%s",
- },
- ],
- },
- },
- },
- lv: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- {
- name: "inbox.lv mail",
- uriTemplate: "https://mail.inbox.lv/compose?to=%s",
- },
- ],
- },
- },
- },
- pl: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Poczta Interia.pl",
- uriTemplate: "https://poczta.interia.pl/mh/?mailto=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- ru: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Яндекс.Почту",
- uriTemplate: "https://mail.yandex.ru/compose?mailto=%s",
- },
- {
- name: "Mail.Ru",
- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
- },
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- ],
- },
- },
- },
- uk: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- {
- name: "Outlook",
- uriTemplate:
- "https://outlook.live.com/default.aspx?rru=compose&to=%s",
- },
- ],
- },
- },
- },
- uz: {
- schemes: {
- mailto: {
- handlers: [
- {
- name: "Gmail",
- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
- },
- {
- name: "Mail.Ru",
- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
- },
- ],
+ handlers: [],
},
},
},

96
helpers/DATA/firefox/patch_changes/007-disable_remote_settings_antifeature.patch Normal file
View file

@ -0,0 +1,96 @@
diff --git a/services/settings/RemoteSettingsClient.sys.mjs b/services/settings/RemoteSettingsClient.sys.mjs
index 7e98e6d..7716e41 100644
--- a/services/settings/RemoteSettingsClient.sys.mjs
+++ b/services/settings/RemoteSettingsClient.sys.mjs
@@ -229,13 +229,8 @@ class AttachmentDownloader extends Downloader {
* @see Downloader.download
*/
async download(record, options) {
- await lazy.UptakeTelemetry.report(
- TELEMETRY_COMPONENT,
- lazy.UptakeTelemetry.STATUS.DOWNLOAD_START,
- {
- source: this._client.identifier,
- }
- );
+ console.warn("Function 'download' disabled in Abrowser due privacy concerns.");
+ return null;
try {
// Explicitly await here to ensure we catch a network error.
return await super.download(record, options);
diff --git a/services/settings/Utils.sys.mjs b/services/settings/Utils.sys.mjs
index 12fef6c..c52b65e 100644
--- a/services/settings/Utils.sys.mjs
+++ b/services/settings/Utils.sys.mjs
@@ -409,6 +409,8 @@ export var Utils = {
* @param {Object} filters
*/
async fetchLatestChanges(serverUrl, options = {}) {
+ console.warn("Function 'fetchLatestChanges' disabled in Abrowser due privacy concerns.");
+ return null;
const { expectedTimestamp, lastEtag = "", filters = {} } = options;
let url = serverUrl + Utils.CHANGES_PATH;
diff --git a/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs b/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
index 803d52a1..1a3ef5ba 100644
--- a/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
+++ b/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
@@ -124,6 +124,11 @@ export var TelemetryUtils = {
* Takes a date and returns it truncated to a date with daily precision.
*/
truncateToDays(date) {
+ console.warn("Function 'truncateToDays' called with:", date);
+ if (!date || !(date instanceof Date)) {
+ console.warn("Function 'truncateToDays' disabled in Abrowser due to privacy concerns. Received invalid or undefined date.");
+ return null; // Retorna null para evitar errores posteriores
+ }
return new Date(
date.getFullYear(),
date.getMonth(),
@@ -172,6 +172,10 @@ export var TelemetryUtils = {
* @return {Object} The Date object representing the next midnight.
*/
getNextMidnight(date) {
+ if (!date || !(date instanceof Date)) {
+ console.warn("Function 'getNextMidnight' disabled in Abrowser due to privacy concerns.");
+ return null;
+ }
let nextMidnight = new Date(this.truncateToDays(date));
nextMidnight.setDate(nextMidnight.getDate() + 1);
return nextMidnight;
@@ -185,6 +189,10 @@ export var TelemetryUtils = {
* is not within the midnight tolerance.
*/
getNearestMidnight(date, tolerance) {
+ if (!date || !(date instanceof Date)) {
+ console.warn("Function 'getNearestMidnight' disabled in Abrowser due to privacy concerns.");
+ return null;
+ }
let lastMidnight = this.truncateToDays(date);
if (this.areTimesClose(date.getTime(), lastMidnight.getTime(), tolerance)) {
return lastMidnight;
diff --git a/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs b/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
index 539447a..43d846b 100644
--- a/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
+++ b/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
@@ -183,8 +183,20 @@ export var TelemetryScheduler = {
},
_sentPingToday(pingTime, nowDate) {
+ // Validar 'nowDate' antes de usarlo
+ if (!nowDate || !(nowDate instanceof Date)) {
+ console.warn("Invalid 'nowDate' passed to _sentPingToday. Function disabled in Abrowser due to privacy concerns.");
+ return false; // Devolvemos 'false' para evitar errores
+ }
+
// This is today's date and also the previous midnight (0:00).
const todayDate = TelemetryUtils.truncateToDays(nowDate);
+
+ if (!todayDate) {
+ console.warn("TelemetryUtils.truncateToDays returned null. Skipping _sentPingToday.");
+ return false;
+ }
+
// We consider a ping sent for today if it occured after or at 00:00 today.
return pingTime >= todayDate.getTime();
},

26
helpers/DATA/firefox/patch_changes/008-aboutRights_removal_fix.patch Normal file
View file

@ -0,0 +1,26 @@
diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml
index c6498081..a8db34ad 100644
--- a/browser/base/content/aboutDialog.xhtml
+++ b/browser/base/content/aboutDialog.xhtml
@@ -138,7 +138,7 @@
<vbox id="bottomBox">
<hbox pack="center">
<label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"/>
- <label is="text-link" class="bottom-link" href="https://www.mozilla.org/about/legal/terms/firefox/" data-l10n-id="bottom-links-terms"/>
+ <label is="text-link" class="bottom-link" href="https://trisquel.info/legal" data-l10n-id="bottom-links-terms"/>
<label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&#38;utm_medium=firefox-desktop&#38;utm_campaign=about-dialog" data-l10n-id="bottom-links-privacy"/>
</hbox>
<description id="trademark" data-l10n-id="trademarkInfo"></description>
diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp
index d1fe0148..ce5d1f42 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -90,7 +90,7 @@ static const RedirEntry kRedirMap[] = {
{"profiling",
"chrome://devtools/content/performance-new/aboutprofiling/index.xhtml",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
- {"rights", "https://www.mozilla.org/about/legal/terms/firefox/",
+ {"rights", "https://trisquel.info/legal",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
{"robots", "chrome://browser/content/aboutRobots.xhtml",

24
helpers/DATA/firefox/patch_changes/009-remove_ubunfox_suggest_webext-ublock-origin.patch Normal file
View file

@ -0,0 +1,24 @@
diff --git a/debian/control.in b/debian/control.in
index dd3c8daa..911d9667 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -52,8 +52,7 @@ Architecture: any
Depends: lsb-release,
${misc:Depends},
${shlibs:Depends}
-Recommends: xul-ext-ubufox,
- ${support:Recommends},
+Recommends: ${support:Recommends},
libcanberra0,
libdbusmenu-glib4,
libdbusmenu-gtk3-4
@@ -61,7 +60,8 @@ Provides: www-browser,
iceweasel, firefox,
gnome-www-browser,
${app:Provides}
-Suggests: fonts-lyx,
+Suggests: webext-ublock-origin,
+ fonts-lyx,
${support:Suggests}
Breaks: ${transitional:Breaks}
Replaces: ${transitional:Replaces}

23
helpers/DATA/firefox/patch_changes/010-remove_theme_recommendation_and_saas_forge.patch Normal file
View file

@ -0,0 +1,23 @@
diff --git a/toolkit/mozapps/extensions/content/aboutaddons.html b/toolkit/mozapps/extensions/content/aboutaddons.html
index 77702576..35cf6593 100644
--- a/toolkit/mozapps/extensions/content/aboutaddons.html
+++ b/toolkit/mozapps/extensions/content/aboutaddons.html
@@ -799,18 +799,6 @@
<footer is="recommended-footer" class="view-footer"></footer>
</template>
- <template name="recommended-themes-footer">
- <p data-l10n-id="recommended-theme-1" class="theme-recommendation">
- <a data-l10n-name="link" target="_blank"></a>
- </p>
- <div class="amo-link-container view-footer-item">
- <button
- class="primary"
- action="open-amo"
- data-l10n-id="find-more-themes"
- ></button>
- </div>
- </template>
<template name="recommended-themes-section">
<h2

14
helpers/DATA/firefox/patch_changes/012-fix_wrong_directory_on_home_dir_for_abrowser.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index 9c94cb88..0c19fad9 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -1232,7 +1232,8 @@ nsresult nsXREDirProvider::AppendProfilePath(nsIFile* aFile, bool aLocal) {
if (gAppData->profile) {
profile = gAppData->profile;
} else {
- appName = gAppData->name;
+ // For Abrowser compatibility: force use of ~/.mozilla/abrowser
+ appName.AssignLiteral("abrowser");
vendor = gAppData->vendor;
}

98
helpers/DATA/firefox/patch_changes/013-remove_finish_setup_third_party_services.patch Normal file
View file

@ -0,0 +1,98 @@
diff --git a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
index ba47adb6..c4b29ec4 100644
--- a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
+++ b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
@@ -704,7 +704,7 @@ const MR_ABOUT_WELCOME_DEFAULT = {
action: {
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "tabshifted",
},
navigate: true,
@@ -750,49 +750,6 @@ const MR_ABOUT_WELCOME_DEFAULT = {
},
targeting: "isFxASignedIn",
},
- {
- id: "AW_ACCOUNT_LOGIN",
- content: {
- fullscreen: true,
- position: "split",
- split_narrow_bkg_position: "-228px",
- image_alt_text: {
- string_id: "mr2022-onboarding-gratitude-image-alt",
- },
- background:
- "url('chrome://activity-stream/content/data/content/assets/fox-doodle-waving-laptop.svg') center center / 80% no-repeat var(--mr-screen-background-color)",
- progress_bar: true,
- logo: {},
- title: {
- string_id: "onboarding-sign-up-title",
- },
- subtitle: {
- string_id: "onboarding-sign-up-description",
- },
- secondary_button: {
- label: {
- string_id: "mr2-onboarding-start-browsing-button-label",
- },
- style: "secondary",
- action: {
- navigate: true,
- },
- },
- primary_button: {
- label: {
- string_id: "onboarding-sign-up-button",
- },
- action: {
- data: {
- entrypoint: "newuser-onboarding-desktop",
- },
- type: "FXA_SIGNIN_FLOW",
- navigate: true,
- },
- },
- },
- targeting: "!isFxASignedIn",
- },
],
};
diff --git a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
index 29d2ca46..41b65ac4 100644
--- a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
+++ b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
@@ -885,7 +885,7 @@ const MESSAGES = () => {
dismiss: true,
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/36d285535db74c6986abbeeed3e214/?page=1&collection_sort=added",
+ args: "https://gnuzilla.gnu.org/",
where: "tabshifted",
},
},
diff --git a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
index abc6db68..0c86955f 100644
--- a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
+++ b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
@@ -1226,7 +1226,7 @@ const BASE_MESSAGES = () => [
{
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "current",
},
},
@@ -1430,7 +1430,7 @@ const BASE_MESSAGES = () => [
{
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "current",
},
},

138
helpers/DATA/firefox/patch_changes/014-remove_support_firefox_mission_on_abrowser.patch Normal file
View file

@ -0,0 +1,138 @@
diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml
index c0094fe0..08856c78 100644
--- a/browser/components/preferences/home.inc.xhtml
+++ b/browser/components/preferences/home.inc.xhtml
@@ -101,15 +101,6 @@
<vbox id="trending-searches" />
<vbox id="topsites" />
<vbox id="topstories" />
- <vbox id="support-firefox" />
-
- <html:moz-box-item class="mission-message">
- <html:span data-l10n-id="home-prefs-mission-message" />
- <html:a is="moz-support-link"
- support-page="sponsor-privacy"
- data-l10n-id="home-prefs-mission-message-learn-more-link" />
- </html:moz-box-item>
-
<vbox id="highlights" />
</groupbox>
</html:template>
diff --git a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
index 0d43919b..f2e0fbd0 100644
--- a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
+++ b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
@@ -120,37 +120,6 @@ const PREFS_FOR_SETTINGS = () => [
),
eventSource: "TOP_STORIES",
},
- {
- id: "support-firefox",
- pref: {
- feed: "showSponsoredCheckboxes",
- titleString: "home-prefs-support-firefox-header",
- nestedPrefs: [
- {
- name: "showSponsoredTopSites",
- titleString: "home-prefs-shortcuts-by-option-sponsored",
- eventSource: "SPONSORED_TOP_SITES",
- },
- {
- name: "showSponsored",
- titleString: "home-prefs-recommended-by-option-sponsored-stories",
- eventSource: "POCKET_SPOCS",
- shouldHidePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.feeds.system.topstories",
- true
- ),
- shouldDisablePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.feeds.section.topstories",
- true
- ),
- },
- ],
- },
- shouldHidePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.system.showSponsoredCheckboxes",
- false
- ),
- },
];
export class AboutPreferences {
@@ -351,41 +320,8 @@ export class AboutPreferences {
}
});
- // Special cases to like the nested prefs with another pref,
- // so we can disable it real time.
- if (id === "support-firefox") {
- function setupSupportFirefoxSubCheck(triggerPref, subPref) {
- const subCheckFullName = `browser.newtabpage.activity-stream.${triggerPref}`;
- const subCheckPref = Preferences.get(subCheckFullName);
-
- subCheckPref?.on("change", () => {
- const showSponsoredFullName = `browser.newtabpage.activity-stream.${subPref}`;
- const showSponsoredSubcheck = subChecks.find(
- subcheck =>
- subcheck.getAttribute("preference") === showSponsoredFullName
- );
- if (showSponsoredSubcheck) {
- showSponsoredSubcheck.disabled = !Services.prefs.getBoolPref(
- subCheckFullName,
- true
- );
- }
- });
- }
-
- setupSupportFirefoxSubCheck("feeds.section.topstories", "showSponsored");
- setupSupportFirefoxSubCheck("feeds.topsites", "showSponsoredTopSites");
- }
-
pref.on("change", () => {
subChecks.forEach(subcheck => {
- // Update child preferences for the "Support Firefox" checkbox group
- // so that they're turned on and off at the same time.
- if (id === "support-firefox") {
- const subPref = Preferences.get(subcheck.getAttribute("preference"));
- subPref.value = pref.value;
- }
-
// Disable any nested checkboxes if the parent pref is not enabled.
subcheck.disabled = !pref._value;
});
diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl
index 269eca10..4c35b53f 100644
--- a/browser/locales/en-US/browser/preferences/preferences.ftl
+++ b/browser/locales/en-US/browser/preferences/preferences.ftl
@@ -749,11 +749,7 @@ home-prefs-trending-search-header =
home-prefs-trending-search-description = Popular and frequently searched topics
# "Support" here means to help sustain or contribute to something, especially through funding or sponsorship.
-home-prefs-support-firefox-header =
- .label = Support { -brand-product-name }
-
-home-prefs-mission-message = Our sponsors support our mission to build a better web
-home-prefs-mission-message-learn-more-link = Find out how
+## Removed by Abrowser customization process.
# Variables:
# $num (number) - Number of rows displayed
diff --git a/browser/themes/shared/preferences/preferences.css b/browser/themes/shared/preferences/preferences.css
index 9c8155e5..4718341f 100644
--- a/browser/themes/shared/preferences/preferences.css
+++ b/browser/themes/shared/preferences/preferences.css
@@ -1541,12 +1541,3 @@ richlistitem .text-link:hover {
.search-header:has(.section-heading) {
margin: 0;
}
-
-/* Styles for the "sponsors support our mission" message and link on the Home tab */
-.mission-message {
- margin-block-start: var(--space-large);
-
- > a {
- font-size: var(--font-size-small);
- }
-}

17
helpers/DATA/firefox/patch_changes/015-set_higher_priority_than_chromium_based_ones.patch Normal file
View file

@ -0,0 +1,17 @@
diff --git a/debian/firefox.postinst.in b/debian/firefox.postinst.in
index 4cb73f02..44e9261a 100644
--- a/debian/firefox.postinst.in
+++ b/debian/firefox.postinst.in
@@ -36,10 +36,10 @@ finish_rm_conffile() {
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] ; then
update-alternatives --install /usr/bin/gnome-www-browser \
- gnome-www-browser /usr/bin/$MOZ_APP_NAME 40
+ gnome-www-browser /usr/bin/$MOZ_APP_NAME 240
update-alternatives --install /usr/bin/x-www-browser \
- x-www-browser /usr/bin/$MOZ_APP_NAME 40
+ x-www-browser /usr/bin/$MOZ_APP_NAME 240
fi
if [ "$1" = "configure" ] ; then

204
helpers/DATA/firefox/process-json-files.py
View file

@ -1,6 +1,9 @@
#! /usr/bin/python3 #! /usr/bin/python3
# Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
# Copyright (C) 2020, 2021 grizzlyuser <grizzlyuser@protonmail.com> # Copyright (C) 2020, 2021, 2022, 2023, 2024 grizzlyuser <grizzlyuser@protonmail.com>
# Based on: https://gitlab.trisquel.org/trisquel/wrapage-helpers/-/blob/81881d89b2bf7d502dd14fcccdb471fec6f6b206/helpers/DATA/firefox/reprocess-search-config.py
# Below is the notice from the original author:
#
# Copyright (C) 2020, 2021 Ruben Rodriguez <ruben@trisquel.info> # Copyright (C) 2020, 2021 Ruben Rodriguez <ruben@trisquel.info>
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
@ -23,6 +26,7 @@ import time
import copy import copy
import argparse import argparse
import pathlib import pathlib
import logging
from collections import namedtuple from collections import namedtuple
from jsonschema import validate from jsonschema import validate
@ -41,12 +45,42 @@ parser.add_argument(
type=int, type=int,
default=2, default=2,
help='indent for pretty printing of output files') help='indent for pretty printing of output files')
parser.add_argument(
'-l',
'--loglevel',
choices=logging._nameToLevel.keys(),
default=logging.INFO,
help='logging level')
arguments = parser.parse_args() arguments = parser.parse_args()
logging.basicConfig(level=arguments.loglevel)
logger = logging.getLogger(str(pathlib.Path(__file__).name))
File = namedtuple('File', ['path', 'content']) File = namedtuple('File', ['path', 'content'])
class RemoteSettings: class JsonProcessor:
@classmethod
def process(cls):
parsed_jsons = []
for json_path in cls.JSON_PATHS:
logger.info('Reading input: ' + str(json_path) + '...')
with json_path.open(encoding='utf-8') as file:
parsed_jsons.append(File(json_path, json.load(file)))
parsed_schema = None
if hasattr(cls, "SCHEMA_PATH"):
logger.info('Reading schema: ' + str(json_path) + '...')
with cls.SCHEMA_PATH.open() as file:
parsed_schema = json.load(file)
processed = cls.process_parsed(parsed_jsons, parsed_schema)
with processed.path.open('w') as file:
json.dump(processed.content, file, indent=arguments.indent)
logger.info('Wrote: ' + str(processed.path))
class RemoteSettings(JsonProcessor):
DUMPS_PATH_RELATIVE = 'services/settings/dumps' DUMPS_PATH_RELATIVE = 'services/settings/dumps'
DUMPS_PATH_ABSOLUTE = arguments.MAIN_PATH / DUMPS_PATH_RELATIVE DUMPS_PATH_ABSOLUTE = arguments.MAIN_PATH / DUMPS_PATH_RELATIVE
@ -75,11 +109,12 @@ class RemoteSettings:
@classmethod @classmethod
def now(cls): def now(cls):
return int(round(time.time() / 10 ** 6)) return int(round(time.time() * 1000))
@classmethod @classmethod
def process_raw(cls, unwrapped_jsons, parsed_schema): def process_raw(cls, unwrapped_jsons, parsed_schema):
timestamps, result = [], [] timestamps, result = [], []
for collection in unwrapped_jsons: for collection in unwrapped_jsons:
should_modify_collection = cls.should_modify_collection(collection) should_modify_collection = cls.should_modify_collection(collection)
for record in collection.content: for record in collection.content:
@ -110,13 +145,23 @@ class RemoteSettings:
return File(cls.OUTPUT_PATH, result) return File(cls.OUTPUT_PATH, result)
@classmethod @classmethod
def process(cls, parsed_jsons, parsed_schema): def process_parsed(cls, parsed_jsons, parsed_schema):
return cls.wrap( return cls.wrap(
cls.process_raw( cls.process_raw(
cls.unwrap(parsed_jsons), cls.unwrap(parsed_jsons),
parsed_schema)) parsed_schema))
class EmptyRemoteSettings(RemoteSettings):
@classmethod
def should_drop_record(cls, search_engine):
return True
@classmethod
def process_record(cls, record):
return record
class Changes(RemoteSettings): class Changes(RemoteSettings):
JSON_PATHS = tuple(RemoteSettings.DUMPS_PATH_ABSOLUTE.glob('*/*.json')) JSON_PATHS = tuple(RemoteSettings.DUMPS_PATH_ABSOLUTE.glob('*/*.json'))
OUTPUT_PATH = RemoteSettings.DUMPS_PATH_ABSOLUTE / 'monitor/changes' OUTPUT_PATH = RemoteSettings.DUMPS_PATH_ABSOLUTE / 'monitor/changes'
@ -132,7 +177,7 @@ class Changes(RemoteSettings):
changes = [] changes = []
for collection in unwrapped_jsons: for collection in unwrapped_jsons:
if collection.path not in (RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/example.json', RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/search-config-v2.json'): if collection.path != RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/example.json':
latest_change = {} latest_change = {}
latest_change[cls._LAST_MODIFIED_KEY_NAME] = cls.get_collection_timestamp( latest_change[cls._LAST_MODIFIED_KEY_NAME] = cls.get_collection_timestamp(
collection) collection)
@ -145,61 +190,116 @@ class Changes(RemoteSettings):
return File(cls.OUTPUT_PATH, changes) return File(cls.OUTPUT_PATH, changes)
class SearchConfig(RemoteSettings): class SearchConfigV2(RemoteSettings):
JSON_PATHS = ( JSON_PATHS = (
RemoteSettings.DUMPS_PATH_ABSOLUTE / RemoteSettings.DUMPS_PATH_ABSOLUTE /
'main/search-config.json', 'main/search-config-v2.json',
) )
SCHEMA_PATH = arguments.MAIN_PATH / \ SCHEMA_PATH = arguments.MAIN_PATH / \
'toolkit/components/search/schema/search-config-schema.json' 'toolkit/components/search/schema/search-config-v2-schema.json'
OUTPUT_PATH = JSON_PATHS[0] OUTPUT_PATH = JSON_PATHS[0]
_DUCKDUCKGO_SEARCH_ENGINE_ID = 'ddg@search.mozilla.org' _DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER = 'ddg'
@classmethod @classmethod
def should_drop_record(cls, search_engine): def should_drop_record(cls, record):
return search_engine['webExtension']['id'] not in ( if record['recordType'] != 'engine':
cls._DUCKDUCKGO_SEARCH_ENGINE_ID, 'wikipedia@search.mozilla.org', return False
'trisquel@search.mozilla.org', 'trisquel-packages@@search.mozilla.org',
'qwant@search.mozilla.org', 'ecosia@search.mozilla.org') identifier = record['identifier']
excluded_identifiers = ['ecosia', 'qwant', 'trisquel', 'trisquel-packages']
return (
identifier != cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER and
not (identifier.startswith('wikipedia') or identifier in excluded_identifiers)
)
@classmethod @classmethod
def process_record(cls, search_engine): def process_record(cls, record):
[search_engine.pop(key, None) if record['recordType'] == 'defaultEngines':
for key in ['extraParams', 'telemetryId']] return cls.process_default_engines(record)
elif record['recordType'] == 'engine':
return cls.process_engine(record)
elif record['recordType'] == 'engineOrders':
return cls.process_engine_orders(record)
else:
return record
general_specifier = {} @classmethod
for specifier in search_engine['appliesTo'].copy(): def process_default_engines(cls, default_engines):
if 'application' in specifier: default_engines['globalDefault'] = cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER
if 'distributions' in specifier['application']: default_engines['specificDefaults'] = []
search_engine['appliesTo'].remove(specifier) return default_engines
continue
specifier['application'].pop('extraParams', None)
if 'included' in specifier and 'everywhere' in specifier[ @classmethod
'included'] and specifier['included']['everywhere']: def process_engine(cls, engine):
if search_engine['webExtension']['id'] == cls._DUCKDUCKGO_SEARCH_ENGINE_ID: engine['base'].pop('partnerCode', None)
specifier['default'] = 'yes' engine['base']['urls']['search'].pop('params', None)
general_specifier = specifier
if not general_specifier: if engine['identifier'] == cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER:
general_specifier = {'included': {'everywhere': True}} engine['base']['name'] += ' HTML'
search_engine['appliesTo'].insert(0, general_specifier) engine['base']['urls']['search']['base'] = 'https://html.duckduckgo.com/html'
if search_engine['webExtension']['id'] == cls._DUCKDUCKGO_SEARCH_ENGINE_ID:
general_specifier['default'] = 'yes'
return search_engine allRegions_prefixes = ['ecosia', 'qwant', 'trisquel']
if any(engine['identifier'].startswith(prefix) for prefix in allRegions_prefixes) or \
engine['identifier'] == cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER:
engine['variants'] = [{'environment': {'allRegionsAndLocales': True}}]
return engine
@classmethod
def process_engine_orders(cls, engine_orders):
engine_orders['orders'] = []
return engine_orders
class SearchConfigOverridesV2(EmptyRemoteSettings):
JSON_PATHS = (
RemoteSettings.DUMPS_PATH_ABSOLUTE /
'main/search-config-overrides-v2.json',
)
SCHEMA_PATH = arguments.MAIN_PATH / \
'toolkit/components/search/schema/search-config-overrides-v2-schema.json'
OUTPUT_PATH = JSON_PATHS[0]
class TippyTopSites: class SearchDefaultOverrideAllowlist(EmptyRemoteSettings):
JSON_PATHS = (
RemoteSettings.DUMPS_PATH_ABSOLUTE /
'main/search-default-override-allowlist.json',
)
SCHEMA_PATH = arguments.MAIN_PATH / \
'toolkit/components/search/schema/search-default-override-allowlist-schema.json'
OUTPUT_PATH = JSON_PATHS[0]
class SearchTelemetryV2(EmptyRemoteSettings):
JSON_PATHS = (
RemoteSettings.DUMPS_PATH_ABSOLUTE /
'main/search-telemetry-v2.json',
)
SCHEMA_PATH = arguments.MAIN_PATH / \
'browser/components/search/schema/search-telemetry-v2-schema.json'
OUTPUT_PATH = JSON_PATHS[0]
class UrlClassifierSkipUrls(EmptyRemoteSettings):
JSON_PATHS = (
RemoteSettings.DUMPS_PATH_ABSOLUTE /
'main/url-classifier-skip-urls.json',
)
OUTPUT_PATH = JSON_PATHS[0]
class TippyTopSites(JsonProcessor):
JSON_PATHS = ( JSON_PATHS = (
arguments.MAIN_PATH / arguments.MAIN_PATH /
'browser/components/newtab/data/content/tippytop/top_sites.json', 'browser/components/topsites/content/tippytop/top_sites.json',
arguments.BRANDING_PATH / arguments.BRANDING_PATH /
'tippytop/top_sites.json') 'tippytop/top_sites.json')
@classmethod @classmethod
def process(cls, parsed_jsons, parsed_schema): def process_parsed(cls, parsed_jsons, parsed_schema):
tippy_top_sites_main = parsed_jsons[0] tippy_top_sites_main = parsed_jsons[0]
tippy_top_sites_branding = parsed_jsons[1] tippy_top_sites_branding = parsed_jsons[1]
result = tippy_top_sites_branding.content + \ result = tippy_top_sites_branding.content + \
@ -224,7 +324,7 @@ class TopSites(RemoteSettings):
@classmethod @classmethod
def should_drop_record(cls, site): def should_drop_record(cls, site):
return site['url'] != 'https://www.wikipedia.org/' return True
@classmethod @classmethod
def process_record(cls, site): def process_record(cls, site):
@ -234,19 +334,15 @@ class TopSites(RemoteSettings):
# To reflect the latest timestamps, Changes class should always come after # To reflect the latest timestamps, Changes class should always come after
# all other RemoteSettings subclasses # all other RemoteSettings subclasses
processors = (SearchConfig, Changes) processors = (
SearchConfigV2,
SearchConfigOverridesV2,
SearchDefaultOverrideAllowlist,
SearchTelemetryV2,
UrlClassifierSkipUrls,
TopSites,
Changes,
TippyTopSites)
for processor in processors: for processor in processors:
parsed_jsons = [] processor.process()
for json_path in processor.JSON_PATHS:
with json_path.open(encoding='utf-8') as file:
parsed_jsons.append(File(json_path, json.load(file)))
parsed_schema = None
if hasattr(processor, "SCHEMA_PATH"):
with processor.SCHEMA_PATH.open() as file:
parsed_schema = json.load(file)
processed = processor.process(parsed_jsons, parsed_schema)
with processed.path.open('w') as file:
json.dump(processed.content, file, indent=arguments.indent)

24
helpers/DATA/firefox/rollback_ddg_firefox_partnership_codes.patch
View file

@ -1,24 +0,0 @@
More info related to the change: https://hg.mozilla.org/mozilla-central/rev/5079bb7577182734823d6e4a3c468115d45a9dd9
--- a/browser/components/search/extensions/ddg/manifest.json 2023-04-06 23:48:16.983734806 -0600
+++ b/browser/components/search/extensions/ddg/manifest.json 2023-04-06 23:54:27.848103496 -0600
@@ -21,7 +21,7 @@
"name": "DuckDuckGo",
"search_url": "https://duckduckgo.com/",
"search_form": "https://duckduckgo.com/",
- "search_url_get_params": "t=ffab&q={searchTerms}",
+ "search_url_get_params": "q={searchTerms}",
"suggest_url": "https://ac.duckduckgo.com/ac/",
"suggest_url_get_params": "q={searchTerms}&type=list"
}
--- a/browser/components/search/extensions/ddg-html/manifest.json 2023-04-06 23:48:16.987734810 -0600
+++ b/browser/components/search/extensions/ddg-html/manifest.json 2023-04-06 23:55:19.080158907 -0600
@@ -21,7 +21,7 @@
"name": "DuckDuckGo (HTML)",
"search_url": "https://html.duckduckgo.com/html/",
"search_form": "https://html.duckduckgo.com/html/",
- "search_url_get_params": "t=ffab&q={searchTerms}",
+ "search_url_get_params": "q={searchTerms}",
"suggest_url": "https://ac.duckduckgo.com/ac/",
"suggest_url_get_params": "q={searchTerms}&type=list"
}

61
helpers/DATA/firefox/search-custom/services/settings/dumps/main/top-sites.json Normal file
View file

@ -0,0 +1,61 @@
{
"data": [
{
"url": "https://trisquel.info/",
"order": 0,
"title": "Trisquel",
"id": "ec7f4843-6be5-5e86-870a-1c8383500a4b",
"last_modified": 1715345084783
},
{
"url": "https://packages.trisquel.org/",
"order": 1,
"title": "Trisquel Packages",
"id": "27a9b035-0b8b-4472-97cb-b1866aba0740",
"last_modified": 1715345084786
},
{
"url": "https://www.gnu.org/",
"order": 2,
"title": "GNU",
"id": "1baee931-751c-5993-b6fe-d86fbf78f9b0",
"last_modified": 1715345084789
},
{
"url": "https://www.fsf.org/",
"order": 3,
"title": "FSF",
"id": "fcc60dd8-4d97-5aca-8e5d-784652c75818",
"last_modified": 1715345084792
},
{
"url": "https://directory.fsf.org/",
"order": 4,
"title": "FSF Directory",
"id": "abe5bfb2-9487-5697-9f27-e0b782dfe006",
"last_modified": 1715345084796
},
{
"url": "https://libreplanet.org/",
"order": 5,
"title": "LibrePlanet",
"id": "e3d2cf88-a4dc-5d2e-9f9a-f3ea241d17d8",
"last_modified": 1715345084800
},
{
"url": "https://www.wikipedia.org/",
"order": 6,
"title": "Wikipedia",
"id": "02c295f5-54a8-5d29-8d1f-b619216b20c0",
"last_modified": 1715345084803
},
{
"url": "https://h-node.org/",
"order": 7,
"title": "h-node",
"id": "c426481f-8c3f-53b8-b23a-431a91a1c7b4",
"last_modified": 1715345084807
}
],
"timestamp": 1715345084810
}

52
helpers/DATA/firefox/search-custom/tippytop/top_sites.json Normal file
View file

@ -0,0 +1,52 @@
[
{
"domains": ["duckduckgo.com"],
"image_url": "images/duckduckgo-com@2x.svg",
"favicon_url": "favicons/duckduckgo-com.ico"
},
{
"domains": ["trisquel.info"],
"image_url": "images/trisquel.png",
"favicon_url": "favicons/trisquel.ico"
},
{
"domains": ["packages.trisquel.org"],
"image_url": "images/trisquel-packages.png",
"favicon_url": "favicons/trisquel-packages.ico"
},
{
"domains": ["gnu.org"],
"image_url": "images/gnu.png",
"favicon_url": "favicons/gnu.ico"
},
{
"domains": ["fsf.org"],
"image_url": "images/fsf.png",
"favicon_url": "favicons/fsf.ico"
},
{
"domains": ["directory.fsf.org"],
"image_url": "images/directory.png",
"favicon_url": "favicons/fsf.ico"
},
{
"domains": ["libreplanet.org"],
"image_url": "images/libreplanet.png",
"favicon_url": "favicons/libreplanet.ico"
},
{
"domains": ["fsfe.org"],
"image_url": "images/fsfe.png",
"favicon_url": "favicons/fsfe.ico"
},
{
"domains": ["wikipedia.org"],
"image_url": "images/wikipedia.png",
"favicon_url": "favicons/wikipedia.ico"
},
{
"domains": ["h-node.org"],
"image_url": "images/hnode.png",
"favicon_url": "favicons/hnode.ico"
}
]

30
helpers/DATA/firefox/searchplugins/trisquel-packages-v2.json Normal file
View file

@ -0,0 +1,30 @@
{
"base": {
"aliases": [
"packages",
"p"
],
"classification": "unknown",
"name": "Trisquel Packages",
"urls": {
"search": {
"base": "https://packages.trisquel.org/search",
"params": [],
"searchTermParamName": "keywords"
}
}
},
"id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
"identifier": "trisquel-packages",
"last_modified": 1678,
"recordType": "engine",
"schema": "defaultEngines",
"variants": [
{
"environment": {
"allRegionsAndLocales": true
},
"optional": false
}
]
},

15
helpers/DATA/firefox/searchplugins/trisquel-packages.json
View file

@ -1,15 +0,0 @@
{
"schema": 1674147734592,
"appliesTo": [
{
"included": {
"everywhere": true
}
}
],
"webExtension": {
"id": "trisquel-packages@search.mozilla.org"
},
"id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
"last_modified": 1678
},

0
helpers/DATA/firefox/newtab/trisquel-packages.ico → helpers/DATA/firefox/searchplugins/trisquel-packages/b5fd21a8-e369-477f-a3f2-b47a370f9030
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

Before After
Before After

30
helpers/DATA/firefox/searchplugins/trisquel-v2.json Normal file
View file

@ -0,0 +1,30 @@
{
"base": {
"aliases": [
"trisquel",
"t"
],
"classification": "unknown",
"name": "Trisquel",
"urls": {
"search": {
"base": "https://trisquel.info/search/node",
"params": [],
"searchTermParamName": "q"
}
}
},
"id": "b99ed276-9557-4492-8bbb-d59826381893",
"identifier": "trisquel",
"last_modified": 1678,
"recordType": "engine",
"schema": "defaultEngines",
"variants": [
{
"environment": {
"allRegionsAndLocales": true
},
"optional": false
}
]
},

15
helpers/DATA/firefox/searchplugins/trisquel.json
View file

@ -1,15 +0,0 @@
{
"schema": 1674147734535,
"appliesTo": [
{
"included": {
"everywhere": true
}
}
],
"webExtension": {
"id": "trisquel@search.mozilla.org"
},
"id": "b99ed276-9557-4492-8bbb-d59826381893",
"last_modified": 1678
},

BIN
helpers/DATA/firefox/searchplugins/trisquel/b99ed276-9557-4492-8bbb-d59826381893 Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 48 KiB

57
helpers/DATA/firefox/settings.js
View file

@ -1,4 +1,3 @@
// Release notes and vendor URLs // Release notes and vendor URLs
pref("app.releaseNotesURL", "https://trisquel.info/en/wiki/abrowser-help"); pref("app.releaseNotesURL", "https://trisquel.info/en/wiki/abrowser-help");
pref("app.vendorURL", "https://trisquel.info/en/wiki/abrowser-help"); pref("app.vendorURL", "https://trisquel.info/en/wiki/abrowser-help");
@ -63,7 +62,7 @@ pref("general.useragent.compatMode.abrowser",true);
pref ("browser.startup.homepage_override.mstone", "ignore"); pref ("browser.startup.homepage_override.mstone", "ignore");
// Preferences for the Get Add-ons panel // Preferences for the Get Add-ons panel
pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/mozzarella/"); pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/");
pref ("extensions.getAddons.search.url", "https://trisquel.info"); pref ("extensions.getAddons.search.url", "https://trisquel.info");
// Help URL // Help URL
@ -75,8 +74,8 @@ pref ("plugins.update.url", "https://trisquel.info/en/wiki/abrowser-help");
pref ("browser.customizemode.tip0.learnMoreUrl", "https://trisquel.info/en/wiki/abrowser-help"); pref ("browser.customizemode.tip0.learnMoreUrl", "https://trisquel.info/en/wiki/abrowser-help");
// Dictionary download preference // Dictionary download preference
pref("browser.dictionaries.download.url", "http://dictionaries.mozdev.org/"); pref("browser.dictionaries.download.url", "https://addons.mozilla.org/%LOCALE%/firefox/language-tools/");
pref("browser.search.searchEnginesURL", "http://mycroft.mozdev.org/"); pref("browser.search.searchEnginesURL", "https://mycroftproject.com/");
// Enable Spell Checking In All Text Fields // Enable Spell Checking In All Text Fields
pref("layout.spellcheckDefault", 2); pref("layout.spellcheckDefault", 2);
@ -117,6 +116,7 @@ pref("network.http.sendRefererHeader", 2);
pref("dom.event.clipboardevents.enabled",false); pref("dom.event.clipboardevents.enabled",false);
pref("network.prefetch-next", false); pref("network.prefetch-next", false);
pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetch", true);
pref("network.dns.disablePrefetchFromHTTPS", true);
pref("network.http.sendSecureXSiteReferrer", false); pref("network.http.sendSecureXSiteReferrer", false);
pref("toolkit.telemetry.enabled", false); pref("toolkit.telemetry.enabled", false);
// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html // Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
@ -126,6 +126,7 @@ pref("plugin.state.flash", 1);
pref("browser.newtabpage.directory.source", ""); pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", ""); pref("browser.newtabpage.directory.ping", "");
pref("browser.newtabpage.introShown", true); pref("browser.newtabpage.introShown", true);
pref("browser.newtabpage.activity-stream.unifiedAds.endpoint","");
// Disable home snippets // Disable home snippets
pref("browser.aboutHomeSnippets.updateUrl", ""); pref("browser.aboutHomeSnippets.updateUrl", "");
// Always ask before restoring the browsing session // Always ask before restoring the browsing session
@ -152,6 +153,7 @@ pref("toolkit.telemetry.firstShutdownPing.enabled", false);
pref("toolkit.telemetry.bhrPing.enabled", false); pref("toolkit.telemetry.bhrPing.enabled", false);
pref("browser.ping-centre.telemetry", false); pref("browser.ping-centre.telemetry", false);
pref("dom.security.unexpected_system_load_telemetry_enabled", false); pref("dom.security.unexpected_system_load_telemetry_enabled", false);
pref("network.connectivity-service.enabled", false);
// Canvas fingerprint protection // Canvas fingerprint protection
// Disabled, as it breaks things and does little improvements to fingerprinting // Disabled, as it breaks things and does little improvements to fingerprinting
@ -202,6 +204,10 @@ pref("media.gmp-manager.url", "");
pref("media.gmp-provider.enabled", false); pref("media.gmp-provider.enabled", false);
// Don't install openh264 codec // Don't install openh264 codec
pref("media.gmp-gmpopenh264.enabled", false); pref("media.gmp-gmpopenh264.enabled", false);
// Disable Widevine
pref("media.gmp-widevinecdm.enabled", false);
// Disable eme codecs
pref("media.eme.enabled", false);
//Disable middle click content load //Disable middle click content load
//Avoid loading urls by mistake //Avoid loading urls by mistake
@ -246,9 +252,13 @@ pref("browser.onboarding.enabled", false);
pref("browser.newtabpage.activity-stream.default.sites", "https://trisquel.info/,https://packages.trisquel.org,https://www.gnu.org/,https://www.fsf.org/,https://directory.fsf.org,https://libreplanet.org/,https://fsfe.org,https://www.wikipedia.org/wiki/,https://www.h-node.org/"); pref("browser.newtabpage.activity-stream.default.sites", "https://trisquel.info/,https://packages.trisquel.org,https://www.gnu.org/,https://www.fsf.org/,https://directory.fsf.org,https://libreplanet.org/,https://fsfe.org,https://www.wikipedia.org/wiki/,https://www.h-node.org/");
pref("browser.newtabpage.activity-stream.showTopSites",true); pref("browser.newtabpage.activity-stream.showTopSites",true);
pref("browser.newtabpage.activity-stream.feeds.section.topstories",false); pref("browser.newtabpage.activity-stream.feeds.section.topstories",false);
pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
pref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "");
pref("browser.newtabpage.activity-stream.feeds.snippets",false); pref("browser.newtabpage.activity-stream.feeds.snippets",false);
pref("browser.newtabpage.activity-stream.disableSnippets", true); pref("browser.newtabpage.activity-stream.disableSnippets", true);
user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", ""); pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
// Enable xrender // Enable xrender
//pref("gfx.xrender.enabled",true); //pref("gfx.xrender.enabled",true);
@ -256,7 +266,6 @@ user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
// Disable push notifications // Disable push notifications
pref("dom.webnotifications.enabled",false); pref("dom.webnotifications.enabled",false);
pref("dom.webnotifications.serviceworker.enabled",false); pref("dom.webnotifications.serviceworker.enabled",false);
pref("dom.push.enabled",false);
// Disable services server // Disable services server
pref("services.settings.server", ""); pref("services.settings.server", "");
@ -268,14 +277,13 @@ pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
pref("extensions.htmlaboutaddons.discover.enabled", false); pref("extensions.htmlaboutaddons.discover.enabled", false);
pref("extensions.htmlaboutaddons.recommendations.enabled", false); pref("extensions.htmlaboutaddons.recommendations.enabled", false);
//pref("browser.newtabpage.activity-stream.asrouterExperimentEnabled", false); pref("extensions.getAddons.cache.enabled", false);
pref("extensions.getAddons.get.url", ""); pref("extensions.getAddons.get.url", "");
pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/mozzarella/"); pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/");
pref("extensions.getAddons.langpacks.url", ""); pref("extensions.getAddons.langpacks.url", "");
pref("extensions.getAddons.discovery.api_url", ""); pref("extensions.getAddons.discovery.api_url", "");
pref("extensions.recommendations.privacyPolicyUrl", "https://trisquel.info/legal"); pref("extensions.recommendations.privacyPolicyUrl", "https://trisquel.info/legal");
pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/mozzarella/search.php?q=%TERMS%"); pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/search.php?q=%TERMS%");
// Disable pingback on first run // Disable pingback on first run
pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
@ -284,3 +292,32 @@ pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
// Disable Normandy (remote settings changer for AB testing) // Disable Normandy (remote settings changer for AB testing)
pref("app.normandy.enabled", false); pref("app.normandy.enabled", false);
pref("app.normandy.api_url", ""); pref("app.normandy.api_url", "");
// Disable Adwaita theme by default.
pref("widget.gtk.libadwaita-colors.enabled", false);
// High level search data collection
pref("browser.search.serpEventTelemetry.enabled",false);
// Disable Privacy-Preserving Attribution submition
pref("dom.private-attribution.submission.enabled", false);
// Disable Machine Learning
pref("browser.ml.chat.enabled", false);
// Hide from UI
pref("browser.ml.chat.hideFromLabs", true);
pref("browser.ml.chat.hideLabsShortcuts", true);
// Disable tab hover preview
pref("browser.tabs.hoverPreview.enabled", false);
// Disable DAP telemetry servers & experiments
pref("toolkit.telemetry.dap.leader.url", "");
pref("toolkit.telemetry.dap.helper.url", "");
pref("messaging-system.rsexperimentloader.enabled", false);
// Disable DoH as third party service, users can restore it at will.
pref("network.trr.mode", 5);
pref("doh-rollout.enabled", false);
pref("doh-rollout.provider-steering.enabled", false);

0
helpers/DATA/firefox/newtab/directory.png → helpers/DATA/firefox/topsites/directory.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/fsf.ico → helpers/DATA/firefox/topsites/fsf.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 873 B

After

Width:  |  Height:  |  Size: 873 B

Before After
Before After

0
helpers/DATA/firefox/newtab/fsf.png → helpers/DATA/firefox/topsites/fsf.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/fsfe.ico → helpers/DATA/firefox/topsites/fsfe.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.2 KiB

After

Width:  |  Height:  |  Size: 3.2 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/fsfe.png → helpers/DATA/firefox/topsites/fsfe.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 60 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/gnu.ico → helpers/DATA/firefox/topsites/gnu.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.5 KiB

After

Width:  |  Height:  |  Size: 1.5 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/gnu.png → helpers/DATA/firefox/topsites/gnu.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 75 KiB

After

Width:  |  Height:  |  Size: 75 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/hnode.ico → helpers/DATA/firefox/topsites/hnode.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.4 KiB

After

Width:  |  Height:  |  Size: 1.4 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/hnode.png → helpers/DATA/firefox/topsites/hnode.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 62 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/libreplanet.ico → helpers/DATA/firefox/topsites/libreplanet.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.4 KiB

After

Width:  |  Height:  |  Size: 1.4 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/libreplanet.png → helpers/DATA/firefox/topsites/libreplanet.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

Before After
Before After

BIN
helpers/DATA/firefox/topsites/trisquel-packages.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 40 KiB

0
helpers/DATA/firefox/newtab/trisquel-packages.png → helpers/DATA/firefox/topsites/trisquel-packages.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/trisquel.ico → helpers/DATA/firefox/topsites/trisquel.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/trisquel.png → helpers/DATA/firefox/topsites/trisquel.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 196 KiB

After

Width:  |  Height:  |  Size: 196 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/wikinews.ico → helpers/DATA/firefox/topsites/wikinews.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.6 KiB

After

Width:  |  Height:  |  Size: 7.6 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/wikinews.png → helpers/DATA/firefox/topsites/wikinews.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 58 KiB

After

Width:  |  Height:  |  Size: 58 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/wikipedia-org@2x.png → helpers/DATA/firefox/topsites/wikipedia-org@2x.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 46 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/wikipedia.ico → helpers/DATA/firefox/topsites/wikipedia.ico
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.7 KiB

After

Width:  |  Height:  |  Size: 2.7 KiB

Before After
Before After

0
helpers/DATA/firefox/newtab/wikipedia.png → helpers/DATA/firefox/topsites/wikipedia.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 46 KiB

Before After
Before After

BIN
helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.4 KiB

17
helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-trisquel-packages.json Normal file
View file

@ -0,0 +1,17 @@
{
"schema": 40960,
"imageSize": 48,
"attachment": {
"hash": "0b077376b224b66159130f587371d67f97454fd692296c449590a9123591c9f6",
"size": 3441,
"filename": "trisquel-packages-48-firefox.png",
"location": "main-workspace/search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.png",
"mimetype": "image/png"
},
"engineIdentifiers": [
"trisquel-packages"
],
"filter_expression": "env.appinfo.ID == \"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\"",
"id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
"last_modified": 1734316560
}

BIN
helpers/DATA/firefox/trisquel-search-icons/b99ed276-9557-4492-8bbb-d59826381893.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.4 KiB

17
helpers/DATA/firefox/trisquel-search-icons/b99ed276-trisquel.json Normal file
View file

@ -0,0 +1,17 @@
{
"schema": 45056,
"imageSize": 48,
"attachment": {
"hash": "93bc9a505442520b44ae5ffb880979943826308bcc051b966e1cbd67dbc64125",
"size": 4493,
"filename": "trisquel-48-firefox.png",
"location": "main-workspace/search-config-icons/b99ed276-9557-4492-8bbb-d59826381893",
"mimetype": "image/png"
},
"engineIdentifiers": [
"trisquel"
],
"filter_expression": "env.appinfo.ID == \"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\"",
"id": "b99ed276-9557-4492-8bbb-d59826381893",
"last_modified": 1734316560
}

64
helpers/DATA/firefox/trisquel-search-icons/update_mozbuild.py Normal file
View file

@ -0,0 +1,64 @@
#! /usr/bin/python3
#
# Script to add trisquel's icons on search engine options.
#
# Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
# File path
moz_build_path = "services/settings/dumps/main/moz.build"
# New entries to add
new_entries = [
"search-config-icons/b99ed276-9557-4492-8bbb-d59826381893",
"search-config-icons/b99ed276-9557-4492-8bbb-d59826381893.meta.json",
"search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030",
"search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.meta.json",
]
# Read the moz.build file
with open(moz_build_path, "r") as file:
lines = file.readlines()
# Locate the section for `search-config-icons`
start_idx = None
for idx, line in enumerate(lines):
if "FINAL_TARGET_FILES.defaults.settings.main[\"search-config-icons\"] += [" in line:
start_idx = idx
break
if start_idx is None:
raise RuntimeError("Could not find the 'search-config-icons' section in moz.build")
# Extract existing entries
start_idx += 1
end_idx = start_idx
while end_idx < len(lines) and lines[end_idx].strip() != "]":
end_idx += 1
current_entries = [line.strip().strip(",") for line in lines[start_idx:end_idx]]
# Combine and sort all entries
all_entries = sorted(set(current_entries + [f'"{entry}"' for entry in new_entries]))
# Replace the section in moz.build
lines[start_idx:end_idx] = [f" {entry},\n" for entry in all_entries]
# Write the updated content back to the file
with open(moz_build_path, "w") as file:
file.writelines(lines)
print("> Added trisquel's search engine icons to 'moz.build'")

29
helpers/DATA/gnome-boxes/001_add_trisquel_gnome-boxes_logo.patch Normal file
View file

@ -0,0 +1,29 @@
diff --git a/data/osinfo/meson.build b/data/osinfo/meson.build
index acf27962..158af16b 100644
--- a/data/osinfo/meson.build
+++ b/data/osinfo/meson.build
@@ -16,7 +16,8 @@ osinfo_db = [
['popos-17.10.xml', 'gnome-boxes/osinfo/os/system76.com'],
['rhel-8.0.xml', 'gnome-boxes/osinfo/os/redhat.com'],
['rocky-8.4.xml', 'gnome-boxes/osinfo/os/rockylinux.org'],
- ['silverblue-28.xml', 'gnome-boxes/osinfo/os/fedoraproject.org']
+ ['silverblue-28.xml', 'gnome-boxes/osinfo/os/fedoraproject.org'],
+ ['trisquel-9.xml', 'gnome-boxes/osinfo/os/trisquel.info']
]
foreach os: osinfo_db
diff --git a/data/osinfo/trisquel-11.xml b/data/osinfo/trisquel-11.xml
new file mode 100644
index 00000000..ce9b4b36
--- /dev/null
+++ b/data/osinfo/trisquel-9.xml
@@ -0,0 +1,9 @@
+<libosinfo version="0.0.1">
+
+ <!-- Please read https://gitlab.gnome.org/GNOME/gnome-boxes-logos/-/raw/master/README.md for any questions about usage of product logos in Boxes. !-->
+
+ <os id="http://trisquel.info/trisquel/9">
+ <logo>https://gitlab.gnome.org/GNOME/gnome-boxes-logos/-/raw/master/logos/trisquel.svg</logo>
+ </os>
+
+</libosinfo>

86
helpers/DATA/gnome-software/rm_snap_fwup_support.patch Normal file
View file

@ -0,0 +1,86 @@
diff --git a/debian/control b/debian/control
index 2ea9e66..91f61fc 100644
--- a/debian/control
+++ b/debian/control
@@ -62,9 +62,8 @@ Depends: appstream,
${misc:Depends},
${shlibs:Depends}
Conflicts: sessioninstaller
-Recommends: fwupd [linux-any], ${plugin:Recommends}
+Recommends: ${plugin:Recommends}
Suggests: apt-config-icons-hidpi,
- gnome-software-plugin-flatpak [amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x hppa powerpc powerpcspe ppc64],
${plugin:Suggests}
Description: Software Center for GNOME
Software lets you install and update applications and system extensions.
@@ -106,26 +106,6 @@ Description: Flatpak support for GNOME Software
.
This package contains the Flatpak plugin.
-Package: gnome-software-plugin-snap
-Architecture: amd64 arm64 armel armhf i386 ppc64el s390x
-Depends: gnome-software (= ${binary:Version}),
- snapd [amd64 arm64 armel armhf i386 ppc64el],
- ${misc:Depends},
- ${shlibs:Depends}
-Recommends: snapd [s390x]
-Breaks: gnome-software (<< 3.22.3)
-Replaces: gnome-software (<< 3.22.3)
-Description: Snap support for GNOME Software
- Software lets you install and update applications and system extensions.
- .
- Software uses a plugin architecture to separate the frontend from the
- technologies that are used underneath. Currently, a PackageKit plugin provides
- data from a number of traditional packaging systems, such as rpm or apt. An
- appdata plugin provides additional metadata from locally installed data in the
- appdata format.
- .
- This package contains the Snap plugin.
-
Package: gnome-software-dev
Section: libdevel
Architecture: any
diff --git a/debian/rules b/debian/rules
index f0bb2394..58b4bc70 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,11 +30,11 @@ ifeq ($(DEB_HOST_ARCH_OS), linux)
GS_CONFIGURE_FLAGS += -Dgudev=true
# Enable fwupd support on Linux
- GS_CONFIGURE_FLAGS += -Dfwupd=true
+ GS_CONFIGURE_FLAGS += -Dfwupd=false
# Enable snap support on supported architectures
ifneq (,$(filter $(DEB_HOST_ARCH), amd64 arm64 armel armhf i386 ppc64el s390x))
- GS_CONFIGURE_FLAGS += -Dsnap=true
+ GS_CONFIGURE_FLAGS += -Dsnap=false
endif
endif
@@ -42,9 +42,9 @@ DISTRO_ID = debian
FREE_REPOS = \'@DISTRO@-*-main\'
FREE_URL = https:\/\/www.debian.org\/social_contract\#guidelines
ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
- DISTRO_ID = ubuntu
- FREE_REPOS = \'@DISTRO@-*-main\', \'@DISTRO@-*-universe\'
- FREE_URL = https:\/\/www.ubuntu.com\/about\/about-ubuntu\/licensing
+ DISTRO_ID = trisquel
+ FREE_REPOS = \'@DISTRO@-*-main\'
+ FREE_URL = https:\/\/trisquel.info\/legal
else ifeq (yes,$(shell dpkg-vendor --derives-from Tanglu && echo yes))
DISTRO_ID = tanglu
else ifeq (yes,$(shell dpkg-vendor --derives-from PureOS && echo yes))
@@ -87,11 +87,7 @@ override_dh_shlibdeps:
override_dh_auto_test:
override_dh_gencontrol:
-ifeq ($(shell dpkg-vendor --query vendor),Ubuntu)
- dh_gencontrol -- -Vplugin:Recommends='gnome-software-plugin-snap [linux-any]'
-else
- dh_gencontrol -- -Vplugin:Suggests='gnome-software-plugin-snap [linux-any]'
-endif
+ dh_gencontrol
override_dh_clean:
rm -f debian/gnome-software.gsettings-override

35
helpers/DATA/gnupg2/001-reduce_gpg-wks-server_dependency_to_match_later_releases.patch Normal file
View file

@ -0,0 +1,35 @@
diff --git a/debian/control b/debian/control
index c6a9778..ca0b1f0 100644
--- a/debian/control
+++ b/debian/control
@@ -254,8 +254,6 @@ Depends:
gpg-agent (>= ${source:Version}),
gpg-wks-client (<< ${source:Version}.1~),
gpg-wks-client (>= ${source:Version}),
- gpg-wks-server (<< ${source:Version}.1~),
- gpg-wks-server (>= ${source:Version}),
gpgsm (<< ${source:Version}.1~),
gpgsm (>= ${source:Version}),
gpgv (<< ${source:Version}.1~),
@@ -265,6 +263,8 @@ Depends:
Recommends:
${shlibs:Recommends},
Suggests:
+ gpg-wks-server (<< ${source:Version}.1~),
+ gpg-wks-server (>= ${source:Version}),
parcimonie,
xloadimage,
Breaks:
diff --git a/debian/control b/debian/control
index ca0b1f0..dc1d5cd 100644
--- a/debian/control
+++ b/debian/control
@@ -279,6 +279,8 @@ Breaks:
python-apt (<= 1.1.0~beta4),
python-gnupg (<< 0.3.8-3),
python3-apt (<= 1.1.0~beta4),
+Conflicts:
+ gpg-wks-server (<= 2.2.27-3ubuntu2.3+11.0trisquel0),
Replaces:
gnupg2 (<< 2.1.11-7+exp1),
Description: GNU privacy guard - a free PGP replacement

57
helpers/DATA/guix/cve/0001-etc-news-add-news-entry-for-build-user-takeover-vuln.patch Normal file
View file

@ -0,0 +1,57 @@
From 532996c5908fb14cc8d102865280fb203c075c9c Mon Sep 17 00:00:00 2001
From: Reepca Russelstein <reepca@russelstein.xyz>
Date: Sun, 20 Oct 2024 17:32:23 -0500
Subject: [PATCH] etc: news: add news entry for build user takeover
vulnerability fix.
* etc/news.scm: add entry about build user takeover vulnerability.
---
etc/news.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/etc/news.scm b/etc/news.scm
index a90f92a9ff..3fb53a9849 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -33,6 +33,38 @@
(channel-news
(version 0)
+ (entry (commit "5966e0fdc78771c562e0f484a22f381a77908be0")
+ (title
+ (en "Daemon vulnerability allowing takeover of build users fixed"))
+ (body
+ (en "A vulnerability allowing a local user to execute arbitrary code
+as any of the build users has been identified and fixed. Most notably, this
+allows any local user to alter the result of any local build, even if it
+happens inside a container. The only requirements to exploit this
+vulnerability are the ability to start a derivation build and the ability to
+run arbitrary code with access to the store in the root PID namespace on the
+machine that build occurs on. This largely limits the vulnerability to
+multi-user systems.
+
+This vulnerability is caused by the fact that @command{guix-daemon} does not
+change ownership and permissions on the outputs of failed builds when it moves
+them to the store, and is also caused by there being a window of time between
+when it moves outputs of successful builds to the store and when it changes
+their ownership and permissions. Because of this, a build can create a binary
+with both setuid and setgid bits set and have it become visible to the outside
+world once the build ends. At that point any process that can access the
+store can execute it and gain the build user's privileges. From there any
+process owned by that build user can be manipulated via procfs and signals at
+will, allowing the attacker to control the output of its builds.
+
+You are advised to upgrade @command{guix-daemon}. Run @command{info \"(guix)
+Upgrading Guix\"}, for info on how to do that. Additionally, if there is any
+risk that a builder may have already created these setuid binaries (for
+example on accident), run @command{guix gc} to remove all failed build
+outputs.
+
+See @uref{https://issues.guix.gnu.org/73919} for more information on this
+vulnerability.")))
(entry (commit "2161820ebbbab62a5ce76c9101ebaec54dc61586")
(title
(en "Risk of local privilege escalation during user account creation")
--
2.45.2

83
helpers/DATA/guix/cve/0001-nix-build-sanitize-failed-build-outputs-prior-to-exp.patch Normal file
View file

@ -0,0 +1,83 @@
From e936861263d9bafdfbe395c12526f2dc48ac17d7 Mon Sep 17 00:00:00 2001
Message-ID: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
From: Reepca Russelstein <reepca@russelstein.xyz>
Date: Sun, 20 Oct 2024 15:36:06 -0500
Subject: [PATCH 1/2] nix: build: sanitize failed build outputs prior to
exposing them.
The only thing keeping a rogue builder and a local user from collaborating to
usurp control over the builder's user during the build is the fact that
whatever files the builder may produce are not accessible to any other users
yet. If we're going to make them accessible, we should probably do some
sanity checking to ensure that sort of collaborating can't happen.
Currently this isn't happening when failed build outputs are moved from the
chroot as an aid to debugging.
* nix/libstore/build.cc (secureFilePerms): new function.
(DerivationGoal::buildDone): use it.
Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96
---
nix/libstore/build.cc | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index d23c0944a4..67ebfe2f14 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1301,6 +1301,34 @@ void replaceValidPath(const Path & storePath, const Path tmpPath)
MakeError(NotDeterministic, BuildError)
+/* Recursively make the file permissions of a path safe for exposure to
+ arbitrary users, but without canonicalising its permissions, timestamp, and
+ user. Throw an exception if a file type that isn't explicitly known to be
+ safe is found. */
+static void secureFilePerms(Path path)
+{
+ struct stat st;
+ if (lstat(path.c_str(), &st)) return;
+
+ switch(st.st_mode & S_IFMT) {
+ case S_IFLNK:
+ return;
+
+ case S_IFDIR:
+ for (auto & i : readDirectory(path)) {
+ secureFilePerms(path + "/" + i.name);
+ }
+ /* FALLTHROUGH */
+
+ case S_IFREG:
+ chmod(path.c_str(), (st.st_mode & ~S_IFMT) & ~(S_ISUID | S_ISGID | S_IWOTH));
+ break;
+
+ default:
+ throw Error(format("file `%1%' has an unsupported type") % path);
+ }
+}
+
void DerivationGoal::buildDone()
{
trace("build done");
@@ -1372,9 +1400,15 @@ void DerivationGoal::buildDone()
build failures. */
if (useChroot && buildMode == bmNormal)
foreach (PathSet::iterator, i, missingPaths)
- if (pathExists(chrootRootDir + *i))
+ if (pathExists(chrootRootDir + *i)) {
+ try {
+ secureFilePerms(chrootRootDir + *i);
rename((chrootRootDir + *i).c_str(), i->c_str());
+ } catch(Error & e) {
+ printMsg(lvlError, e.msg());
+ }
+ }
if (diskFull)
printMsg(lvlError, "note: build failure may have been caused by lack of free disk space");
--
2.45.2

64
helpers/DATA/guix/cve/0002-nix-build-sanitize-successful-build-outputs-prior-to.patch Normal file
View file

@ -0,0 +1,64 @@
From d096d653cc69118e05f49247ab312d0096b16656 Mon Sep 17 00:00:00 2001
Message-ID: <d096d653cc69118e05f49247ab312d0096b16656.1729457080.git.reepca@russelstein.xyz>
In-Reply-To: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
References: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
From: Reepca Russelstein <reepca@russelstein.xyz>
Date: Sun, 20 Oct 2024 15:39:02 -0500
Subject: [PATCH 2/2] nix: build: sanitize successful build outputs prior to
exposing them.
There is currently a window of time between when the build outputs are exposed
and when their metadata is canonicalized.
* nix/libstore/build.cc (DerivationGoal::registerOutputs): wait until after
metadata canonicalization to move successful build outputs to the store.
Change-Id: Ia995136f3f965eaf7b0e1d92af964b816f3fb276
---
nix/libstore/build.cc | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 67ebfe2f14..43a8a37184 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -2369,15 +2369,6 @@ void DerivationGoal::registerOutputs()
Path actualPath = path;
if (useChroot) {
actualPath = chrootRootDir + path;
- if (pathExists(actualPath)) {
- /* Move output paths from the chroot to the store. */
- if (buildMode == bmRepair)
- replaceValidPath(path, actualPath);
- else
- if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1)
- throw SysError(format("moving build output `%1%' from the chroot to the store") % path);
- }
- if (buildMode != bmCheck) actualPath = path;
} else {
Path redirected = redirectedOutputs[path];
if (buildMode == bmRepair
@@ -2463,6 +2454,20 @@ void DerivationGoal::registerOutputs()
canonicalisePathMetaData(actualPath,
buildUser.enabled() && !rewritten ? buildUser.getUID() : -1, inodesSeen);
+ if (useChroot) {
+ if (pathExists(actualPath)) {
+ /* Now that output paths have been canonicalized (in particular
+ there are no setuid files left), move them outside of the
+ chroot and to the store. */
+ if (buildMode == bmRepair)
+ replaceValidPath(path, actualPath);
+ else
+ if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1)
+ throw SysError(format("moving build output `%1%' from the chroot to the store") % path);
+ }
+ if (buildMode != bmCheck) actualPath = path;
+ }
+
/* For this output path, find the references to other paths
contained in it. Compute the SHA-256 NAR hash at the same
time. The hash is stored in the database so that we can
--
2.45.2

378
helpers/DATA/guix/cve/CVE-2024-27297_4a67c00ad02fbe7a7f5796c4c4dc2c0ad70f0472.patch Normal file
View file

@ -0,0 +1,378 @@
From 4a67c00ad02fbe7a7f5796c4c4dc2c0ad70f0472 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@debian.org>
Date: Tue, 12 Mar 2024 09:18:23 -0700
Subject: [PATCH] debian/patches: guix-daemon: Protect against file descriptor
escape when building fixed-output derivations (CVE-2024-27297). (Closes:
#1066113)
---
...gainst-FD-escape-when-building-fixed.patch | 232 ++++++++++++++++++
...hortcoming-in-previous-security-fix-.patch | 106 ++++++++
debian/patches/series | 2 +
3 files changed, 340 insertions(+)
create mode 100644 debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
create mode 100644 debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
diff --git a/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch b/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
new file mode 100644
index 0000000000..e6e02cf206
--- /dev/null
+++ b/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
@@ -0,0 +1,232 @@
+From 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
+Date: Mon, 11 Mar 2024 10:59:42 +0100
+Subject: [PATCH 01/36] daemon: Protect against FD escape when building
+ fixed-output derivations (CVE-2024-27297).
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes a security issue (CVE-2024-27297) whereby a fixed-output
+derivation build process could open a writable file descriptor to its
+output, send it to some outside process for instance over an abstract
+AF_UNIX socket, which would then allow said process to modify the file
+in the store after it has been marked as “valid”.
+
+Vulnerability discovered by puck <https://github.com/puckipedia>.
+
+Nix security advisory:
+https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
+
+Nix fix:
+https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9
+
+* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
+a file descriptor. Rewrite the Path variant accordingly.
+(copyFile, copyFileRecursively): New functions.
+* nix/libutil/util.hh (copyFileRecursively): New declaration.
+* nix/libstore/build.cc (DerivationGoal::buildDone): When fixedOutput
+is true, call copyFileRecursively followed by rename on each output.
+
+Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4
+
+Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
+Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
+---
+ nix/libstore/build.cc | 16 ++++++
+ nix/libutil/util.cc | 112 ++++++++++++++++++++++++++++++++++++++++--
+ nix/libutil/util.hh | 6 +++
+ 3 files changed, 129 insertions(+), 5 deletions(-)
+
+diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
+index 461fcbc584..e2adee118b 100644
+--- a/nix/libstore/build.cc
++++ b/nix/libstore/build.cc
+@@ -1382,6 +1382,22 @@ void DerivationGoal::buildDone()
+ % drvPath % statusToString(status));
+ }
+
++ if (fixedOutput) {
++ /* Replace the output, if it exists, by a fresh copy of itself to
++ make sure that there's no stale file descriptor pointing to it
++ (CVE-2024-27297). */
++ foreach (DerivationOutputs::iterator, i, drv.outputs) {
++ if (pathExists(i->second.path)) {
++ Path pivot = i->second.path + ".tmp";
++ copyFileRecursively(i->second.path, pivot, true);
++ int err = rename(pivot.c_str(), i->second.path.c_str());
++ if (err != 0)
++ throw SysError(format("renaming `%1%' to `%2%'")
++ % pivot % i->second.path);
++ }
++ }
++ }
++
+ /* Compute the FS closure of the outputs and register them as
+ being valid. */
+ registerOutputs();
+diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
+index 82eac72120..493f06f357 100644
+--- a/nix/libutil/util.cc
++++ b/nix/libutil/util.cc
+@@ -215,14 +215,11 @@ bool isLink(const Path & path)
+ }
+
+
+-DirEntries readDirectory(const Path & path)
++static DirEntries readDirectory(DIR *dir)
+ {
+ DirEntries entries;
+ entries.reserve(64);
+
+- AutoCloseDir dir = opendir(path.c_str());
+- if (!dir) throw SysError(format("opening directory `%1%'") % path);
+-
+ struct dirent * dirent;
+ while (errno = 0, dirent = readdir(dir)) { /* sic */
+ checkInterrupt();
+@@ -230,11 +227,29 @@ DirEntries readDirectory(const Path & path)
+ if (name == "." || name == "..") continue;
+ entries.emplace_back(name, dirent->d_ino, dirent->d_type);
+ }
+- if (errno) throw SysError(format("reading directory `%1%'") % path);
++ if (errno) throw SysError(format("reading directory"));
+
+ return entries;
+ }
+
++DirEntries readDirectory(const Path & path)
++{
++ AutoCloseDir dir = opendir(path.c_str());
++ if (!dir) throw SysError(format("opening directory `%1%'") % path);
++ return readDirectory(dir);
++}
++
++static DirEntries readDirectory(int fd)
++{
++ /* Since 'closedir' closes the underlying file descriptor, duplicate FD
++ beforehand. */
++ int fdcopy = dup(fd);
++ if (fdcopy < 0) throw SysError("dup");
++
++ AutoCloseDir dir = fdopendir(fdcopy);
++ if (!dir) throw SysError(format("opening directory from file descriptor `%1%'") % fd);
++ return readDirectory(dir);
++}
+
+ unsigned char getFileType(const Path & path)
+ {
+@@ -364,6 +379,93 @@ void deletePath(const Path & path, unsigned long long & bytesFreed, size_t linkT
+ _deletePath(path, bytesFreed, linkThreshold);
+ }
+
++static void copyFile(int sourceFd, int destinationFd)
++{
++ struct stat st;
++ if (fstat(sourceFd, &st) == -1) throw SysError("statting file");
++
++ ssize_t result = copy_file_range(sourceFd, NULL, destinationFd, NULL, st.st_size, 0);
++ if (result < 0 && errno == ENOSYS) {
++ for (size_t remaining = st.st_size; remaining > 0; ) {
++ unsigned char buf[8192];
++ size_t count = std::min(remaining, sizeof buf);
++
++ readFull(sourceFd, buf, count);
++ writeFull(destinationFd, buf, count);
++ remaining -= count;
++ }
++ } else {
++ if (result < 0)
++ throw SysError(format("copy_file_range `%1%' to `%2%'") % sourceFd % destinationFd);
++ if (result < st.st_size)
++ throw SysError(format("short write in copy_file_range `%1%' to `%2%'")
++ % sourceFd % destinationFd);
++ }
++}
++
++static void copyFileRecursively(int sourceroot, const Path &source,
++ int destinationroot, const Path &destination,
++ bool deleteSource)
++{
++ struct stat st;
++ if (fstatat(sourceroot, source.c_str(), &st, AT_SYMLINK_NOFOLLOW) == -1)
++ throw SysError(format("statting file `%1%'") % source);
++
++ if (S_ISREG(st.st_mode)) {
++ AutoCloseFD sourceFd = openat(sourceroot, source.c_str(),
++ O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
++ if (sourceFd == -1) throw SysError(format("opening `%1%'") % source);
++
++ AutoCloseFD destinationFd = openat(destinationroot, destination.c_str(),
++ O_CLOEXEC | O_CREAT | O_WRONLY | O_TRUNC,
++ st.st_mode);
++ if (destinationFd == -1) throw SysError(format("opening `%1%'") % source);
++
++ copyFile(sourceFd, destinationFd);
++ } else if (S_ISLNK(st.st_mode)) {
++ char target[st.st_size + 1];
++ ssize_t result = readlinkat(sourceroot, source.c_str(), target, st.st_size);
++ if (result != st.st_size) throw SysError("reading symlink target");
++ target[st.st_size] = '\0';
++ int err = symlinkat(target, destinationroot, destination.c_str());
++ if (err != 0)
++ throw SysError(format("creating symlink `%1%'") % destination);
++ } else if (S_ISDIR(st.st_mode)) {
++ int err = mkdirat(destinationroot, destination.c_str(), 0755);
++ if (err != 0)
++ throw SysError(format("creating directory `%1%'") % destination);
++
++ AutoCloseFD destinationFd = openat(destinationroot, destination.c_str(),
++ O_CLOEXEC | O_RDONLY | O_DIRECTORY);
++ if (err != 0)
++ throw SysError(format("opening directory `%1%'") % destination);
++
++ AutoCloseFD sourceFd = openat(sourceroot, source.c_str(),
++ O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
++ if (sourceFd == -1)
++ throw SysError(format("opening `%1%'") % source);
++
++ if (deleteSource && !(st.st_mode & S_IWUSR)) {
++ /* Ensure the directory writable so files within it can be
++ deleted. */
++ if (fchmod(sourceFd, st.st_mode | S_IWUSR) == -1)
++ throw SysError(format("making `%1%' directory writable") % source);
++ }
++
++ for (auto & i : readDirectory(sourceFd))
++ copyFileRecursively((int)sourceFd, i.name, (int)destinationFd, i.name,
++ deleteSource);
++ } else throw Error(format("refusing to copy irregular file `%1%'") % source);
++
++ if (deleteSource)
++ unlinkat(sourceroot, source.c_str(),
++ S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0);
++}
++
++void copyFileRecursively(const Path &source, const Path &destination, bool deleteSource)
++{
++ copyFileRecursively(AT_FDCWD, source, AT_FDCWD, destination, deleteSource);
++}
+
+ static Path tempName(Path tmpRoot, const Path & prefix, bool includePid,
+ int & counter)
+diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh
+index 880b0e93b2..058f5f8446 100644
+--- a/nix/libutil/util.hh
++++ b/nix/libutil/util.hh
+@@ -102,6 +102,12 @@ void deletePath(const Path & path);
+ void deletePath(const Path & path, unsigned long long & bytesFreed,
+ size_t linkThreshold = 1);
+
++/* Copy SOURCE to DESTINATION, recursively. Throw if SOURCE contains a file
++ that is not a regular file, symlink, or directory. When DELETESOURCE is
++ true, delete source files once they have been copied. */
++void copyFileRecursively(const Path &source, const Path &destination,
++ bool deleteSource = false);
++
+ /* Create a temporary directory. */
+ Path createTempDir(const Path & tmpRoot = "", const Path & prefix = "nix",
+ bool includePid = true, bool useGlobalCounter = true, mode_t mode = 0755);
+--
+2.39.2
+
diff --git a/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch b/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
new file mode 100644
index 0000000000..0d0b6bd22f
--- /dev/null
+++ b/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
@@ -0,0 +1,106 @@
+From ff1251de0bc327ec478fc66a562430fbf35aef42 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
+Date: Tue, 12 Mar 2024 11:53:35 +0100
+Subject: [PATCH 32/36] daemon: Address shortcoming in previous security fix
+ for CVE-2024-27297.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
+
+Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
+ways: (1) it didnt have any effet for fixed-output derivations
+performed in a chroot, which is the case for all of them except those
+using “builtin:download” and “builtin:git-download”, and (2) it did not
+preserve ownership when copying, leading to “suspicious ownership or
+permission […] rejecting this build output” errors.
+
+* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
+chrootRootDir when copying drv.outputs.
+* nix/libutil/util.cc (copyFileRecursively): Add fchown and fchownat
+calls to preserve file ownership; this is necessary for chrooted
+fixed-output derivation builds.
+* nix/libutil/util.hh: Update comment.
+
+Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
+---
+ nix/libstore/build.cc | 11 ++++++-----
+ nix/libutil/util.cc | 4 ++++
+ nix/libutil/util.hh | 7 ++++---
+ 3 files changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
+index e2adee118b..d23c0944a4 100644
+--- a/nix/libstore/build.cc
++++ b/nix/libstore/build.cc
+@@ -1387,13 +1387,14 @@ void DerivationGoal::buildDone()
+ make sure that there's no stale file descriptor pointing to it
+ (CVE-2024-27297). */
+ foreach (DerivationOutputs::iterator, i, drv.outputs) {
+- if (pathExists(i->second.path)) {
+- Path pivot = i->second.path + ".tmp";
+- copyFileRecursively(i->second.path, pivot, true);
+- int err = rename(pivot.c_str(), i->second.path.c_str());
++ Path output = chrootRootDir + i->second.path;
++ if (pathExists(output)) {
++ Path pivot = output + ".tmp";
++ copyFileRecursively(output, pivot, true);
++ int err = rename(pivot.c_str(), output.c_str());
+ if (err != 0)
+ throw SysError(format("renaming `%1%' to `%2%'")
+- % pivot % i->second.path);
++ % pivot % output);
+ }
+ }
+ }
+diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
+index 493f06f357..578d657293 100644
+--- a/nix/libutil/util.cc
++++ b/nix/libutil/util.cc
+@@ -422,6 +422,7 @@ static void copyFileRecursively(int sourceroot, const Path &source,
+ if (destinationFd == -1) throw SysError(format("opening `%1%'") % source);
+
+ copyFile(sourceFd, destinationFd);
++ fchown(destinationFd, st.st_uid, st.st_gid);
+ } else if (S_ISLNK(st.st_mode)) {
+ char target[st.st_size + 1];
+ ssize_t result = readlinkat(sourceroot, source.c_str(), target, st.st_size);
+@@ -430,6 +431,8 @@ static void copyFileRecursively(int sourceroot, const Path &source,
+ int err = symlinkat(target, destinationroot, destination.c_str());
+ if (err != 0)
+ throw SysError(format("creating symlink `%1%'") % destination);
++ fchownat(destinationroot, destination.c_str(),
++ st.st_uid, st.st_gid, AT_SYMLINK_NOFOLLOW);
+ } else if (S_ISDIR(st.st_mode)) {
+ int err = mkdirat(destinationroot, destination.c_str(), 0755);
+ if (err != 0)
+@@ -455,6 +458,7 @@ static void copyFileRecursively(int sourceroot, const Path &source,
+ for (auto & i : readDirectory(sourceFd))
+ copyFileRecursively((int)sourceFd, i.name, (int)destinationFd, i.name,
+ deleteSource);
++ fchown(destinationFd, st.st_uid, st.st_gid);
+ } else throw Error(format("refusing to copy irregular file `%1%'") % source);
+
+ if (deleteSource)
+diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh
+index 058f5f8446..377aac0684 100644
+--- a/nix/libutil/util.hh
++++ b/nix/libutil/util.hh
+@@ -102,9 +102,10 @@ void deletePath(const Path & path);
+ void deletePath(const Path & path, unsigned long long & bytesFreed,
+ size_t linkThreshold = 1);
+
+-/* Copy SOURCE to DESTINATION, recursively. Throw if SOURCE contains a file
+- that is not a regular file, symlink, or directory. When DELETESOURCE is
+- true, delete source files once they have been copied. */
++/* Copy SOURCE to DESTINATION, recursively, preserving ownership. Throw if
++ SOURCE contains a file that is not a regular file, symlink, or directory.
++ When DELETESOURCE is true, delete source files once they have been
++ copied. */
+ void copyFileRecursively(const Path &source, const Path &destination,
+ bool deleteSource = false);
+
+--
+2.39.2
+
diff --git a/debian/patches/series b/debian/patches/series_
index 5d506e57..0b8879d1 100644
--- a/debian/patches/series
+++ b/debian/patches/series_
@@ -40,3 +40,5 @@ lsb-init-functions
guix-daemon-openrc-fixes
tests-Ensure-test-OpenPGP-keys-never-expire.patch
use-c-utf8-locale
+security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
+security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
--
GitLab

157
helpers/DATA/guix/guix-1.3.0.4-to-1.3.0-5.patch Normal file
View file

@ -0,0 +1,157 @@
diff --git a/debian/control b/debian/control
index f5080c40..24f545ae 100644
--- a/debian/control
+++ b/debian/control
@@ -44,7 +44,9 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
guile-sqlite3 (>= 0.1.3-2~),
guile-zlib (>= 0.1.0),
libssh-dev,
-Recommends: nscd,
+Recommends: ca-certificates,
+ less,
+ nscd,
systemd,
Description: GNU Guix functional package manager
Guix is an advanced distribution of the GNU operating system
diff --git a/debian/patches/series b/debian/patches/series
index 2151eca4..5d506e57 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,3 +38,5 @@ lsb-init-functions
0030-Disable-gexp-derivation-allowed-references-test-when.patch
0031-Disable-substitue-deduplication-test-when-network-is.patch
guix-daemon-openrc-fixes
+tests-Ensure-test-OpenPGP-keys-never-expire.patch
+use-c-utf8-locale
diff --git a/guix/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch b/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch
new file mode 100644
index 00000000..3d23bd95
--- /dev/null
+++ b/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch
@@ -0,0 +1,62 @@
+From 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
+Date: Wed, 18 May 2022 23:20:21 +0200
+Subject: [PATCH] tests: Ensure test OpenPGP keys never expire.
+
+All these keys had expiration dates. 'tests/keys/ed25519.pub' expired
+on 2022-04-24.
+
+Fixes <https://issues.guix.gnu.org/55506>.
+
+* tests/keys/ed25519.pub, tests/keys/ed25519-2.pub,
+tests/keys/ed25519-3.pub: Remove expiration date.
+---
+ tests/keys/ed25519-2.pub | 11 +++++------
+ tests/keys/ed25519-3.pub | 10 +++++-----
+ tests/keys/ed25519.pub | 10 +++++-----
+ 3 files changed, 15 insertions(+), 16 deletions(-)
+
+Adjusted to apply to older locations present in 1.3.0.
+
+diff --git a/tests/ed25519bis.key b/tests/ed25519bis.key
+index f5329105d5..ef050e3845 100644
+--- a/tests/ed25519bis.key
++++ b/tests/ed25519bis.key
+@@ -1,10 +1,9 @@
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mDMEXtVsNhYJKwYBBAHaRw8BAQdAnLsYdh3BpeK1xDguJE80XW2/MSmqeeP6pbQw
+-8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IlgQTFggA
+-PhYhBKBDaY1jer75FlruS4IkDtyrgNqDBQJe1Ww2AhsDBQkDwmcABQsJCAcCBhUK
+-CQgLAgQWAgMBAh4BAheAAAoJEIIkDtyrgNqDM6cA/idDdoxo9SU+witdTXt24APH
+-yRzHbX9Iyh4dZNIek9JwAP9E0BwSvDHB4LY9z4RWf2hJp3dm/yZ/jEpK+w4BGN4J
+-Ag==
+-=JIU0
++8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IkAQTFggA
++OAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBKBDaY1jer75FlruS4IkDtyr
++gNqDBQJihWJtAAoJEIIkDtyrgNqDbs0BAPOaGSYf3pX3DReEe1zbxxVQrolX9/AZ
++VP0AOt0TAgkzAP0Sr7G1NuCtjWWGK1WmlyTFPhOWLhNriKgZFkBZrGypAw==
++=pdTB
+ -----END PGP PUBLIC KEY BLOCK-----
+diff --git a/tests/ed25519.key b/tests/ed25519.key
+index f6bf906783..5a2fccc9f9 100644
+--- a/tests/ed25519.key
++++ b/tests/ed25519.key
+@@ -2,9 +2,9 @@
+
+ mDMEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6
+ b23Hdim0KEVkIFR3by1GaWZ0eSA8bHVkbyt0ZXN0LWVjY0BjaGJvdWliLm9yZz6I
+-lgQTFggAPhYhBETTHiGvcTj5tjIoCncfScv6rgctBQJeo1qgAhsDBQkDwmcABQsJ
+-CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHcfScv6rgctq4MA/1R9G0roEwrHwmTd
+-DHxt211eLqupwXE0Z7xY2FH6DHk9AP4owEefBU7jQprSAzBS+c6gdS3SCCKKqAh6
+-ToZ4LmbKAw==
+-=FXMK
++kAQTFggAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBETTHiGvcTj5tjIo
++CncfScv6rgctBQJihWH6AAoJEHcfScv6rgctfPMBAPv+yPmEgM+J6D1nZjXsO4zW
+++4e3y2Ez+QxgI2tn8Z2xAQDBUWyyu0X+8dguGmVlsaiQdkazaUSpexvIhh9zONYw
++Bg==
++=s4Vp
+ -----END PGP PUBLIC KEY BLOCK-----
+--
+2.30.2
+
diff --git a/guix/debian/patches/use-c-utf8-locale b/debian/patches/use-c-utf8-locale
new file mode 100644
index 00000000..6f69c0fa
--- /dev/null
+++ b/debian/patches/use-c-utf8-locale
@@ -0,0 +1,58 @@
+Use the C.UTF-8 locale for guix-daemon and guix-publish.
+
+https://bugs.debian.org/1012536
+
+Index: guix/etc/guix-daemon.service.in
+===================================================================
+--- guix.orig/etc/guix-daemon.service.in
++++ guix/etc/guix-daemon.service.in
+@@ -7,7 +7,7 @@ Description=Build daemon for GNU Guix
+
+ [Service]
+ ExecStart=/usr/bin/guix-daemon --build-users-group=_guixbuild
+-Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
++Environment=LC_ALL=C.UTF-8
+ RemainAfterExit=yes
+ StandardOutput=syslog
+ StandardError=syslog
+Index: guix/etc/init.d/guix-daemon.in
+===================================================================
+--- guix.orig/etc/init.d/guix-daemon.in
++++ guix/etc/init.d/guix-daemon.in
+@@ -35,8 +35,7 @@ start)
+ -a \
+ -e "/var/log/guix-daemon-stderr.log" \
+ -o "/var/log/guix-daemon-stdout.log" \
+- -E GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale \
+- -E LC_ALL=en_US.utf8 \
++ -E LC_ALL=C.UTF-8 \
+ -p "/var/run/guix-daemon.pid" \
+ /usr/bin/guix-daemon \
+ --build-users-group=_guixbuild
+Index: guix/etc/openrc/guix-daemon.in
+===================================================================
+--- guix.orig/etc/openrc/guix-daemon.in
++++ guix/etc/openrc/guix-daemon.in
+@@ -17,8 +17,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+-export GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale
+-export LC_ALL=en_US.utf8
++export LC_ALL=C.UTF-8
+ command="/usr/bin/guix-daemon"
+ command_args="--build-users-group=_guixbuild"
+ command_background="yes"
+Index: guix/etc/guix-publish.service.in
+===================================================================
+--- guix.orig/etc/guix-publish.service.in
++++ guix/etc/guix-publish.service.in
+@@ -10,7 +10,7 @@ After=guix-daemon.service
+
+ [Service]
+ ExecStart=/usr/bin/guix publish --user=nobody --port=8181
+-Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
++Environment=LC_ALL=C.UTF-8
+ RemainAfterExit=yes
+ StandardOutput=syslog
+ StandardError=syslog

313
helpers/DATA/hplip/patch_changes/000-add_trisquel_distro_definition_distros_password.patch Normal file
View file

@ -0,0 +1,313 @@
diff --git a/installer/distros.dat b/installer/distros.dat
index 80588920..66bb81a1 100644
--- a/installer/distros.dat
+++ b/installer/distros.dat
@@ -94,7 +94,7 @@
# ****************************************
[distros]
-distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary
+distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary,trisquel
# ****************************************
@@ -18946,3 +18946,287 @@ packages=automake1.11
packages=epm
# ****************************************
+
+[trisquel]
+index=99
+versions=11.0.1,12.0
+display_name=Trisquel GNU/Linux
+alt_names=trisquel,Trisquel GNU/Linux
+display=1
+notes=
+package_mgrs=dpkg,apt-get,synaptic,update-manager,adept,aptitude,adept-updater
+package_mgr_cmd=sudo apt-get install --assume-yes $packages_to_install
+pre_depend_cmd=sudo dpkg --configure -a,sudo apt-get install --yes --force-yes -f,sudo apt-get update
+post_depend_cmd=
+hp_libs_remove_cmd= sudo apt-get remove libhpmud0 libsane-hpaio printer-driver-postscript-hp
+hplip_remove_cmd=sudo aptitude remove --assume-yes hplip hpijs
+su_sudo=sudo
+ppd_install=ppd
+udev_mode_fix=1
+ppd_dir=
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+
+# ****************************************
+
+[trisquel:11.0.1]
+code_name=aramo
+supported=1
+scan_supported=1
+fax_supported=1
+pcard_supported=1
+network_supported=1
+parallel_supported=1
+usb_supported=1
+packaged_version=3.21.12
+release_date=01/01/2022
+notes=
+ppd_install=drv
+udev_mode_fix=1
+ppd_dir=/usr/share/ppd/HP
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+ui_toolkit=qt5
+native_cups=1
+acl_rules=1
+
+libdir_path=/usr/lib
+
+[trisquel:11.0.1:cups]
+packages=libcups2
+
+[trisquel:11.0.1:cups-devel]
+packages=libcups2-dev,cups-bsd,cups-client
+
+[trisquel:11.0.1:gcc]
+packages=build-essential
+
+[trisquel:11.0.1:gs]
+packages=ghostscript
+
+[trisquel:11.0.1:libcrypto]
+packages=openssl
+
+[trisquel:11.0.1:libjpeg]
+packages=libjpeg-dev
+
+[trisquel:11.0.1:libatk-adaptor]
+packages=libatk-adaptor
+
+[trisquel:11.0.1:libgail-common]
+packages=libgail-common
+
+[trisquel:11.0.1:libnetsnmp-devel]
+packages=libsnmp-dev
+
+[trisquel:11.0.1:libpthread]
+packages=build-essential
+
+[trisquel:11.0.1:libtool]
+packages=libtool,libtool-bin
+
+[trisquel:11.0.1:libusb]
+packages=libusb-1.0-0-dev,libusb-0.1-4
+
+[trisquel:11.0.1:make]
+packages=build-essential
+
+[trisquel:11.0.1:ppdev]
+packages=
+commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
+
+[trisquel:11.0.1:sane]
+packages=libsane
+
+[trisquel:11.0.1:sane-devel]
+packages=libsane-dev
+
+[trisquel:11.0.1:scanimage]
+packages=sane-utils
+
+[trisquel:11.0.1:xsane]
+packages=gtk2-engines-pixbuf,xsane
+
+[trisquel:11.0.1:dbus]
+packages=libdbus-1-dev
+
+[trisquel:11.0.1:cups-image]
+packages=libcupsimage2-dev
+
+[trisquel:11.0.1:cups-ddk]
+packages=cups
+
+[trisquel:11.0.1:policykit]
+packages=policykit-1,policykit-1-gnome
+
+[trisquel:11.0.1:network]
+packages=wget
+
+[trisquel:11.0.1:avahi-utils]
+packages=avahi-utils
+
+[trisquel:11.0.1:libavahi-dev]
+packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
+
+[trisquel:11.0.1:python3-notify2]
+packages=python3-notify2
+
+[trisquel:11.0.1:python3-pyqt5-dbus]
+packages=python3-dbus.mainloop.pyqt5
+
+[trisquel:11.0.1:python3-pyqt5]
+packages=python3-pyqt5,gtk2-engines-pixbuf
+
+[trisquel:11.0.1:python3-dbus]
+packages=python3-dbus,python3-gi
+
+[trisquel:11.0.1:python3-xml]
+packages=python3-lxml
+
+[trisquel:11.0.1:python3-devel]
+packages=python3-dev
+
+[trisquel:11.0.1:python3-pil]
+packages=python3-pil
+
+[trisquel:11.0.1:python3-reportlab]
+packages=python3-reportlab
+
+[trisquel:11.0.1:automake]
+packages=automake1.11
+
+[trisquel:11.0.1:epm]
+packages=epm
+
+# ****************************************
+
+[trisquel:12.0]
+code_name=ecne
+supported=1
+scan_supported=1
+fax_supported=1
+pcard_supported=1
+network_supported=1
+parallel_supported=1
+usb_supported=1
+packaged_version=3.23.12
+release_date=01/01/2022
+notes=
+ppd_install=drv
+udev_mode_fix=1
+ppd_dir=/usr/share/ppd/HP
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+ui_toolkit=qt5
+native_cups=1
+acl_rules=1
+
+libdir_path=/usr/lib
+
+[trisquel:12.0:cups]
+packages=libcups2t64
+
+[trisquel:12.0:cups-devel]
+packages=libcups2-dev,cups-bsd,cups-client
+
+[trisquel:12.0:gcc]
+packages=build-essential
+
+[trisquel:12.0:gs]
+packages=ghostscript
+
+[trisquel:12.0:libcrypto]
+packages=openssl
+
+[trisquel:12.0:libjpeg]
+packages=libjpeg-dev
+
+[trisquel:12.0:libatk-adaptor]
+packages=libatk-adaptor
+
+[trisquel:12.0:libgail-common]
+packages=libgail-common
+
+[trisquel:12.0:libnetsnmp-devel]
+packages=libsnmp-dev
+
+[trisquel:12.0:libpthread]
+packages=build-essential
+
+[trisquel:12.0:libtool]
+packages=libtool,libtool-bin
+
+[trisquel:12.0:libusb]
+packages=libusb-1.0-0-dev,libusb-0.1-4
+
+[trisquel:12.0:make]
+packages=build-essential
+
+[trisquel:12.0:ppdev]
+packages=
+commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
+
+[trisquel:12.0:sane]
+packages=libsane1
+
+[trisquel:12.0:sane-devel]
+packages=libsane-dev
+
+[trisquel:12.0:scanimage]
+packages=sane-utils
+
+[trisquel:12.0:xsane]
+packages=gtk2-engines-pixbuf,xsane
+
+[trisquel:12.0:dbus]
+packages=libdbus-1-dev
+
+[trisquel:12.0:cups-image]
+packages=libcupsimage2-dev
+
+[trisquel:12.0:cups-ddk]
+packages=cups
+
+[trisquel:12.0:policykit]
+packages=policykit-1,policykit-1-gnome
+
+[trisquel:12.0:network]
+packages=wget
+
+[trisquel:12.0:avahi-utils]
+packages=avahi-utils
+
+[trisquel:12.0:libavahi-dev]
+packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
+
+[trisquel:12.0:python3-notify2]
+packages=python3-notify2
+
+[trisquel:12.0:python3-pyqt5-dbus]
+packages=python3-dbus.mainloop.pyqt5
+
+[trisquel:12.0:python3-pyqt5]
+packages=python3-pyqt5,gtk2-engines-pixbuf
+
+[trisquel:12.0:python3-dbus]
+packages=python3-dbus,python3-gi
+
+[trisquel:12.0:python3-xml]
+packages=python3-lxml
+
+[trisquel:12.0:python3-devel]
+packages=python3-dev
+
+[trisquel:12.0:python3-pil]
+packages=python3-pil
+
+[trisquel:12.0:python3-reportlab]
+packages=python3-reportlab
+
+[trisquel:12.0:automake]
+packages=automake1.11
+
+[trisquel:12.0:epm]
+packages=epm
+
+# ****************************************
diff --git a/base/password.py b/base/password.py
index a76d4048..b0c6fe20 100644
--- a/base/password.py
+++ b/base/password.py
@@ -63,6 +63,7 @@ AUTH_TYPES = {'mepis': 'su',
'debiangnu/linux' : 'su',
'mxlinux' : 'su',
'elementaryos' : 'sudo',
+ 'trisquel' : 'sudo',
}

16
helpers/DATA/hplip/patch_changes/001-enable_distro_name_dectection.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/installer/core_install.py b/installer/core_install.py
index 1c8af23e..9595b2c7 100644
--- a/installer/core_install.py
+++ b/installer/core_install.py
@@ -644,6 +644,11 @@ class CoreInstall(object):
ld = distro.linux_distribution(full_distribution_name=False)
name = ld[0]
ver = ld[1]
+ # Ensure variable exists (used below for MX detection)
+ try:
+ distro_release_name = distro.name(pretty=True) or ""
+ except Exception:
+ distro_release_name = ""
found = True

0
helpers/DATA/libmateweather/0cc07f7e5163870bcc2fb7281c28e8e39c9cbc54.patch → helpers/DATA/libmateweather/patch_changes/001-0cc07f7e5163870bcc2fb7281c28e8e39c9cbc54.patch
View file

0
helpers/DATA/libmateweather/a61542ffc2d3807dbc3163d1727cc5d8c2118838.patch → helpers/DATA/libmateweather/patch_changes/002-a61542ffc2d3807dbc3163d1727cc5d8c2118838.patch
View file

38
helpers/DATA/libmateweather/patch_changes/003-weather_server_uri_update_138.patch Normal file
View file

@ -0,0 +1,38 @@
From 4e54f44dab4efa8c216b26ea7188b99c94882ba4 Mon Sep 17 00:00:00 2001
From: Victor Kareh <vkareh@redhat.com>
Date: Thu, 18 Sep 2025 11:40:55 -0400
Subject: [PATCH] metar: Update AviationWeather URL
According to their website: "The AviationWeather Data API has been
redeveloped in 2025."
Also they put 'METAR' (or 'SPECI') onto the beginning of data to make it
ICAO compliant, so we add code to parse that.
Fixes #135
---
libmateweather/weather-metar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libmateweather/weather-metar.c b/libmateweather/weather-metar.c
index 7bc24fc9..4698a077 100644
--- a/libmateweather/weather-metar.c
+++ b/libmateweather/weather-metar.c
@@ -510,7 +510,7 @@ metar_finish (SoupSession *session, SoupMessage *msg, gpointer data)
loc = info->location;
- searchkey = g_strdup_printf ("<raw_text>%s", loc->code);
+ searchkey = g_strdup_printf ("<raw_text>METAR %s", loc->code);
p = strstr (msg->response_body->data, searchkey);
g_free (searchkey);
if (p) {
@@ -550,7 +550,7 @@ metar_start_open (WeatherInfo *info)
}
msg = soup_form_request_new (
- "GET", "https://www.aviationweather.gov/cgi-bin/data/dataserver.php",
+ "GET", "https://aviationweather.gov/api/data/dataserver",
"dataSource", "metars",
"requestType", "retrieve",
"format", "xml",

3
helpers/DATA/linux-hwe-6.5/deblob-check
View file

@ -7058,6 +7058,9 @@ set_except () {
# New in 6.6-rc, 6.5.9, 6.1.60, 5.15.137, 5.10.199. # New in 6.6-rc, 6.5.9, 6.1.60, 5.15.137, 5.10.199.
blobname 'gsl1680-\(bush-bush-windows-tablet\|positivo-c4128b\)\.fw' drivers/platform/x86/otuchscreen_dmi.c blobname 'gsl1680-\(bush-bush-windows-tablet\|positivo-c4128b\)\.fw' drivers/platform/x86/otuchscreen_dmi.c
# Trisquel changes for HWE 6.5
blobname 'qcom[/]prog_firehose_sdx6x\.elf' drivers/bus/mhi/host/pci_generic.c
;; ;;
*/*freedo*.patch | */*logo*.patch) */*freedo*.patch | */*logo*.patch)

114
helpers/DATA/linux-hwe-6.5/silent-accept-firmware.patch
View file

@ -229,20 +229,21 @@ diff --color -Nru a/drivers/gpu/drm/amd/amdgpu/cik_sdma.c b/drivers/gpu/drm/amd/
for (i = 0; i < adev->sdma.num_instances; i++) for (i = 0; i < adev->sdma.num_instances; i++)
amdgpu_ucode_release(&adev->sdma.instance[i].fw); amdgpu_ucode_release(&adev->sdma.instance[i].fw);
} }
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c # removed starting at
index 49d34c7..376ccc3 100644 #diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c #index 49d34c7..376ccc3 100644
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c #--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
@@ -4011,8 +4011,7 @@ static int gfx_v10_0_init_microcode(struct amdgpu_device *adev) #+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
goto out; #@@ -4011,8 +4011,7 @@ static int gfx_v10_0_init_microcode(struct amdgpu_device *adev)
if (err) # goto out;
dev_dbg(adev->dev, # if (err)
- "gfx10: amdgpu_ucode_request() failed \"%s\"\n", # dev_dbg(adev->dev,
- fw_name); #- "gfx10: amdgpu_ucode_request() failed \"%s\"\n",
+ "gfx10: amdgpu_ucode_request() failed \n"); #- fw_name);
rlc_hdr = (const struct rlc_firmware_header_v2_0 *)adev->gfx.rlc_fw->data; #+ "gfx10: amdgpu_ucode_request() failed \n");
version_major = le16_to_cpu(rlc_hdr->header.header_version_major); # rlc_hdr = (const struct rlc_firmware_header_v2_0 *)adev->gfx.rlc_fw->data;
version_minor = le16_to_cpu(rlc_hdr->header.header_version_minor); # version_major = le16_to_cpu(rlc_hdr->header.header_version_major);
# version_minor = le16_to_cpu(rlc_hdr->header.header_version_minor);
diff --color -Nru a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c diff --color -Nru a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c 2022-07-31 16:03:01.000000000 -0500 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c 2022-07-31 16:03:01.000000000 -0500
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c 2023-03-09 19:48:18.700813841 -0600 +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c 2023-03-09 19:48:18.700813841 -0600
@ -1973,3 +1974,88 @@ index bd4c4174..9beeb2e6 100644
return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name, return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name,
drv->trans->dev, drv->trans->dev,
diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
index f9d2740a..37f4b0c3 100644
--- a/drivers/bluetooth/hci_intel.c
+++ b/drivers/bluetooth/hci_intel.c
@@ -701,8 +701,7 @@ static int intel_setup(struct hci_uart *hu)
err = request_firmware(&fw, fwname, &hdev->dev);
if (err < 0) {
- bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
- err);
+ bt_dev_err(hdev, "Failed to load firmware file");
return err;
}
diff --git a/drivers/bluetooth/hci_nokia.c b/drivers/bluetooth/hci_nokia.c
index 97da0b2b..f8c38d91 100644
--- a/drivers/bluetooth/hci_nokia.c
+++ b/drivers/bluetooth/hci_nokia.c
@@ -344,8 +344,7 @@ static int nokia_setup_fw(struct hci_uart *hu)
err = request_firmware(&fw, fwname, dev);
if (err < 0) {
- dev_err(dev, "%s: Failed to load Nokia firmware file (%d)",
- hu->hdev->name, err);
+ dev_err(dev, "Failed to load firmware file");
return err;
}
diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
index f9b77a17..147d9fff 100644
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -2049,12 +2049,11 @@ static int btintel_download_fw(struct hci_dev *hdev,
return 0;
}
- bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
- err);
+ bt_dev_err(hdev, "Failed to load firmware file");
return err;
}
- bt_dev_info(hdev, "Found device firmware: %s", fwname);
+ bt_dev_info(hdev, "Found device firmware");
if (fw->size < 644) {
bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
@@ -2238,13 +2237,12 @@ static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
return 0;
}
- bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
- err);
+ bt_dev_err(hdev, "Failed to load firmware file");
return err;
}
- bt_dev_info(hdev, "Found device firmware: %s", fwname);
+ bt_dev_info(hdev, "Found device firmware");
if (fw->size < 644) {
bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index 809762d6..fe2545ce 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -69,7 +69,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
err = request_firmware(&fw, fwname, &hdev->dev);
if (err < 0) {
- bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
+ bt_dev_err(hdev, "Failed to load firmware file");
return err;
}
@@ -181,7 +181,7 @@ int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
err = request_firmware(&fw, fwname, &hdev->dev);
if (err < 0) {
- bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
+ bt_dev_err(hdev, "Failed to load firmware file");
return err;
}

23
helpers/DATA/linux-hwe-6.5/udeb/d-i.patch
View file

@ -1,8 +1,8 @@
diff --git a/debian/rules b/debian/rules diff --git a/debian/rules b/debian/rules
index fe52711..b2d1921 100755 index 661286bd..e828a0ac 100755
--- a/debian/rules --- a/debian/rules
+++ b/debian/rules +++ b/debian/rules
@@ -134,12 +134,19 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs. @@ -128,12 +128,19 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
dh_testroot dh_testroot
dh_clean dh_clean
@ -12,7 +12,7 @@ index fe52711..b2d1921 100755
+ rm -f $(DEBIAN)/d-i/firmware/$(arch)/kernel-image + rm -f $(DEBIAN)/d-i/firmware/$(arch)/kernel-image
+ +
# normal build junk # normal build junk
rm -rf $(DEBIAN)/abi/$(release)-$(revision) rm -rf $(DEBIAN)/abi
rm -rf $(builddir) rm -rf $(builddir)
rm -f $(stampdir)/stamp-* rm -f $(stampdir)/stamp-*
rm -rf debian/linux-*/ rm -rf debian/linux-*/
@ -22,14 +22,15 @@ index fe52711..b2d1921 100755
cp $(DEBIAN)/changelog debian/changelog cp $(DEBIAN)/changelog debian/changelog
# Install the copyright information. # Install the copyright information.
@@ -184,7 +191,6 @@ $(DEBIAN)/control.stub: \ #removed at 6.5.0-27.28~22.04.1
$(DROOT)/scripts/control-create \ #@@ -184,7 +191,6 @@ $(DEBIAN)/control.stub: \
$(control_files) \ # $(DROOT)/scripts/control-create \
debian/canonical-revoked-certs.pem \ # $(control_files) \
- $(DROOT)/control.d/flavour-module.stub \ # debian/canonical-revoked-certs.pem \
$(DEBIAN)/changelog \ #- $(DROOT)/control.d/flavour-module.stub \
$(wildcard $(DEBIAN)/control.d/* $(DEBIAN)/sub-flavours/*.vars) # $(DEBIAN)/changelog \
for i in $(control_files); do \ # $(wildcard $(DEBIAN)/control.d/* $(DEBIAN)/sub-flavours/*.vars)
# for i in $(control_files); do \
@@ -211,7 +217,14 @@ $(DEBIAN)/control.stub: \ @@ -211,7 +217,14 @@ $(DEBIAN)/control.stub: \
.PHONY: debian/control .PHONY: debian/control

15
helpers/DATA/linux-hwe-6.5/udeb/disable_zstd_module_compression.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/debian/rules.d/0-common-vars.mk b/debian/rules.d/0-common-vars.mk_
index bc873563..d6692ca1 100644
--- a/debian/rules.d/0-common-vars.mk
+++ b/debian/rules.d/0-common-vars.mk_
@@ -197,8 +197,9 @@ do_dtbs=false
do_fips_checks=false
# ZSTD compressed kernel modules
+ifeq ($(filter $(series),jammy aramo),)
do_zstd_ko=true
-ifeq ($(series),jammy)
+else
do_zstd_ko=
endif

1992
helpers/DATA/linux-hwe-6.8/000-silent-accept-firmware.patch Normal file
View file

File diff suppressed because it is too large Load diff

21
helpers/DATA/linux-hwe-6.8/001-revert_iwlwifi_clear_firmware1.patch Normal file
View file

@ -0,0 +1,21 @@
reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
--- b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -1597,8 +1597,15 @@
* else from proceeding if the module fails to load
* or hangs loading.
*/
+ if (load_module) {
- if (load_module)
request_module("%s", op->name);
+#ifdef CONFIG_IWLWIFI_OPMODE_MODULAR
+ if (err)
+ IWL_ERR(drv,
+ "failed to load module %s (error %d), is dynamic loading enabled?\n",
+ op->name, err);
+#endif
+ }
failure = false;
goto free;

40
helpers/DATA/linux-hwe-6.8/002-revert_iwlwifi_clear_firmware2.patch Normal file
View file

@ -0,0 +1,40 @@
reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
--- b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -130,9 +130,6 @@
for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
iwl_free_fw_img(drv, drv->fw.img + i);
-
- /* clear the data for the aborted load case */
- memset(&drv->fw, 0, sizeof(drv->fw));
}
static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
@@ -1429,7 +1426,6 @@
int i;
bool load_module = false;
bool usniffer_images = false;
- bool failure = true;
fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
fw->ucode_capa.standard_phy_calibration_size =
@@ -1699,7 +1695,6 @@
op->name, err);
#endif
}
- failure = false;
goto free;
try_again:
@@ -1715,9 +1710,6 @@
complete(&drv->request_firmware_complete);
device_release_driver(drv->trans->dev);
free:
- if (failure)
- iwl_dealloc_ucode(drv);
-
if (pieces) {
for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
kfree(pieces->img[i].sec);

13
helpers/DATA/linux-hwe-6.8/003-revert_iwlwifi_clear_firmware3.patch Normal file
View file

@ -0,0 +1,13 @@
reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
diff -ru source.orig/drivers/net/wireless/intel/iwlwifi/iwl-drv.c source/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
--- source.orig/drivers/net/wireless/intel/iwlwifi/iwl-drv.c 2022-05-13 16:10:11.883295769 -0400
+++ source/drivers/net/wireless/intel/iwlwifi/iwl-drv.c 2022-05-13 20:13:06.568151229 -0400
@@ -1605,7 +1605,6 @@
complete(&drv->request_firmware_complete);
device_release_driver(drv->trans->dev);
/* drv has just been freed by the release */
- failure = false;
free:
if (pieces) {
for (i = 0; i < ARRAY_SIZE(pieces->img); i++)

227
helpers/DATA/linux-hwe-6.8/004-enable_blobless_activation_radeon.patch Normal file
View file

@ -0,0 +1,227 @@
Based on https://libreplanet.org/wiki/Group:Hardware/research/gpu/radeon
diff -ru a/drivers/gpu/drm/radeon/btc_dpm.c b/drivers/gpu/drm/radeon/btc_dpm.c
--- a/drivers/gpu/drm/radeon/btc_dpm.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/btc_dpm.c 2023-02-13 15:50:41.218608376 -0500
@@ -2437,7 +2437,6 @@
ret = rv770_upload_firmware(rdev);
if (ret) {
DRM_ERROR("rv770_upload_firmware failed\n");
- return ret;
}
ret = cypress_get_table_locations(rdev);
if (ret) {
diff -ru a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c
--- a/drivers/gpu/drm/radeon/ci_dpm.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/ci_dpm.c 2023-02-13 15:53:38.591724496 -0500
@@ -5157,7 +5157,6 @@
ret = ci_upload_firmware(rdev);
if (ret) {
DRM_ERROR("ci_upload_firmware failed\n");
- return ret;
}
ret = ci_process_firmware_header(rdev);
if (ret) {
diff -ru a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
--- a/drivers/gpu/drm/radeon/cik.c 2023-02-13 15:21:35.174999782 -0500
+++ b/drivers/gpu/drm/radeon/cik.c 2023-02-13 15:47:37.149601121 -0500
@@ -8285,7 +8285,6 @@
r = ci_mc_load_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load MC firmware!\n");
- return r;
}
}
@@ -8591,7 +8590,6 @@
r = cik_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
} else {
@@ -8601,7 +8599,6 @@
r = cik_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
}
@@ -8668,7 +8665,6 @@
*/
if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
DRM_ERROR("radeon: MC ucode required for NI+.\n");
- return -EINVAL;
}
return 0;
diff -ru a/drivers/gpu/drm/radeon/cypress_dpm.c b/drivers/gpu/drm/radeon/cypress_dpm.c
--- a/drivers/gpu/drm/radeon/cypress_dpm.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/cypress_dpm.c 2023-02-13 15:50:25.130869935 -0500
@@ -1862,7 +1862,6 @@
ret = rv770_upload_firmware(rdev);
if (ret) {
DRM_ERROR("rv770_upload_firmware failed\n");
- return ret;
}
ret = cypress_get_table_locations(rdev);
diff -ru a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
--- a/drivers/gpu/drm/radeon/evergreen.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/evergreen.c 2023-02-13 15:47:50.457384749 -0500
@@ -5018,7 +5018,6 @@
r = ni_mc_load_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load MC firmware!\n");
- return r;
}
}
@@ -5235,7 +5234,6 @@
r = ni_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
} else {
@@ -5243,7 +5241,6 @@
r = r600_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
}
@@ -5289,7 +5286,6 @@
if (ASIC_IS_DCE5(rdev)) {
if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
DRM_ERROR("radeon: MC ucode required for NI+.\n");
- return -EINVAL;
}
}
diff -ru a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c
--- a/drivers/gpu/drm/radeon/ni.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/ni.c 2023-02-13 15:46:45.402442454 -0500
@@ -2163,7 +2163,6 @@
r = ni_mc_load_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load MC firmware!\n");
- return r;
}
}
@@ -2390,7 +2389,6 @@
r = ni_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
} else {
@@ -2398,7 +2396,6 @@
r = ni_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
}
@@ -2453,7 +2450,6 @@
*/
if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
DRM_ERROR("radeon: MC ucode required for NI+.\n");
- return -EINVAL;
}
return 0;
diff -ru a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c
--- a/drivers/gpu/drm/radeon/r100.c 2023-02-13 15:21:35.174999782 -0500
+++ b/drivers/gpu/drm/radeon/r100.c 2023-02-13 15:49:15.548001277 -0500
@@ -1134,7 +1134,6 @@
r = r100_cp_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
diff -ru a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
--- a/drivers/gpu/drm/radeon/r600.c 2023-02-13 15:21:35.174999782 -0500
+++ b/drivers/gpu/drm/radeon/r600.c 2023-02-13 15:46:07.291062125 -0500
@@ -3299,7 +3299,6 @@
r = r600_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
diff -ru a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c
--- a/drivers/gpu/drm/radeon/rv770.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/rv770.c 2023-02-13 15:26:54.385808292 -0500
@@ -1966,7 +1966,6 @@
r = r600_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
diff -ru a/drivers/gpu/drm/radeon/rv770_dpm.c b/drivers/gpu/drm/radeon/rv770_dpm.c
--- a/drivers/gpu/drm/radeon/rv770_dpm.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/rv770_dpm.c 2023-02-13 15:50:13.591057564 -0500
@@ -1948,12 +1948,10 @@
ret = rv770_upload_firmware(rdev);
if (ret) {
DRM_ERROR("rv770_upload_firmware failed\n");
- return ret;
}
ret = rv770_init_smc_table(rdev, boot_ps);
if (ret) {
DRM_ERROR("rv770_init_smc_table failed\n");
- return ret;
}
rv770_program_response_times(rdev);
diff -ru a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
--- a/drivers/gpu/drm/radeon/si.c 2023-02-13 15:21:35.178999717 -0500
+++ b/drivers/gpu/drm/radeon/si.c 2023-02-13 15:47:00.042204445 -0500
@@ -6619,7 +6619,6 @@
r = si_mc_load_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load MC firmware!\n");
- return r;
}
}
@@ -6867,7 +6866,6 @@
r = si_init_microcode(rdev);
if (r) {
DRM_ERROR("Failed to load firmware!\n");
- return r;
}
}
@@ -6926,7 +6924,6 @@
*/
if (!rdev->mc_fw) {
DRM_ERROR("radeon: MC ucode required for NI+.\n");
- return -EINVAL;
}
return 0;
diff -ru a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
--- a/drivers/gpu/drm/radeon/si_dpm.c 2021-10-31 16:53:10.000000000 -0400
+++ b/drivers/gpu/drm/radeon/si_dpm.c 2023-02-13 15:53:00.844338238 -0500
@@ -6366,7 +6366,6 @@
ret = si_upload_firmware(rdev);
if (ret) {
DRM_ERROR("si_upload_firmware failed\n");
- return ret;
}
ret = si_process_firmware_header(rdev);
if (ret) {

29
helpers/DATA/linux-hwe-6.8/005-removal_of_external_recommendation_for_firmware.patch Normal file
View file

@ -0,0 +1,29 @@
Removal of references to external repositories we can't manage what kind of firmware is pointed to.
The only firmware we can confirm to work with is the one contained on the packge source code.
diff --git a/drivers/net/wireless/atmel/at76c50x-usb.c b/drivers/net/wireless/atmel/at76c50x-usb.c
index 447b51cf..898b83af 100644
--- a/drivers/net/wireless/atmel/at76c50x-usb.c
+++ b/drivers/net/wireless/atmel/at76c50x-usb.c
@@ -1619,8 +1619,6 @@ static struct fwentry *at76_load_firmware(struct usb_device *udev,
if (ret < 0) {
dev_err(&udev->dev, "firmware %s not found!\n",
fwe->fwname);
- dev_err(&udev->dev,
- "you may need to download the firmware from http://developer.berlios.de/projects/at76c503a/\n");
goto exit;
}
diff --git a/sound/soc/sof/topology.c b/sound/soc/sof/topology.c
index f3b50528..1860f2b7 100644
--- a/sound/soc/sof/topology.c
+++ b/sound/soc/sof/topology.c
@@ -2445,8 +2445,6 @@ int snd_sof_load_topology(struct snd_soc_component *scomp, const char *file)
if (ret < 0) {
dev_err(scomp->dev, "error: tplg request firmware %s failed err: %d\n",
file, ret);
- dev_err(scomp->dev,
- "you may need to download the firmware from https://github.com/thesofproject/sof-bin/\n");
return ret;
}

7
helpers/DATA/linux-hwe-6.8/check.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
files=`find -type f`
while read -r line
do
./deblob-check $line
done <<< "$files"

4185
helpers/DATA/linux-hwe-6.8/deblob-6.8 Normal file
View file

File diff suppressed because it is too large Load diff

9044
helpers/DATA/linux-hwe-6.8/deblob-check Normal file
View file

File diff suppressed because it is too large Load diff

61
helpers/DATA/linux-hwe-6.8/udeb/000-d-i.patch Normal file
View file

@ -0,0 +1,61 @@
diff --git a/debian/rules b/debian/rules
index 43eae8d5..c81721bc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -136,11 +136,18 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
dh_testroot
dh_clean
+ # d-i stuff
+ rm -rf $(DEBIAN)/d-i-$(arch)
+ # Generated on the fly.
+ rm -f $(DEBIAN)/d-i/firmware/$(arch)/kernel-image
+
# normal build junk
rm -rf $(DEBIAN)/abi
rm -rf $(builddir) $(stampdir)
rm -rf debian/linux-*/
+ # This gets rid of the d-i packages in control
+ cp -f $(DEBIAN)/control.stub $(DROOT)/control
cp $(DEBIAN)/changelog debian/changelog
# Install the copyright information.
@@ -213,7 +221,14 @@ $(DEBIAN)/control.stub: \
.PHONY: debian/control
debian/control: $(DEBIAN)/control.stub
+ echo "# placebo control.stub for kernel-wedge flow change" >debian/control.stub
cp $(DEBIAN)/control.stub debian/control
+ # append udeb packages
+ export KW_DEFCONFIG_DIR=$(DEBIAN)/d-i && \
+ export KW_CONFIG_DIR=$(DEBIAN)/d-i && \
+ LANG=C kernel-wedge gen-control $(release)-$(abinum) | \
+ grep-dctrl -FArchitecture $(arch) \
+ >>$(CURDIR)/debian/control
debian/canonical-certs.pem: $(wildcard $(DROOT)/certs/*-all.pem) $(wildcard $(DROOT)/certs/*-$(arch).pem) $(wildcard $(DEBIAN)/certs/*-all.pem) $(wildcard $(DEBIAN)/certs/*-$(arch).pem)
for cert in $(sort $(notdir $^)); \
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index fe66f8a0..e934f797 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -145,10 +145,14 @@ endif
install -m600 $(builddir)/build-$*/System.map \
$(pkgdir)/boot/System.map-$(abi_release)-$*
-ifeq ($(do_dtbs),true)
- $(kmake) O=$(builddir)/build-$* $(conc_level) dtbs_install \
- INSTALL_DTBS_PATH=$(pkgdir)/lib/firmware/$(abi_release)-$*/device-tree
-endif
+ if [ "$(filter true,$(do_dtbs))" ]; then \
+ $(kmake) O=$(builddir)/build-$* $(conc_level) dtbs_install \
+ INSTALL_DTBS_PATH=$(pkgdir)/lib/firmware/$(abi_release)-$*/device-tree; \
+ ( cd $(pkgdir)/lib/firmware/$(abi_release)-$*/ && find device-tree -print ) | \
+ while read dtb_file; do \
+ echo "$$dtb_file ?" >> $(DEBIAN)/d-i/firmware/$(arch)/kernel-image; \
+ done; \
+ fi
ifeq ($(no_dumpfile),)
makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \

20
helpers/DATA/linux-hwe-6.8/udeb/001-disable_zstd_module_compression.patch Normal file
View file

@ -0,0 +1,20 @@
Debian doesn't use zstd compression for kernel modules by default, and
kernel-wedge does not currently support this compression. It is recommended
to continue using XZ compression to maintain compatibility with udeb
packages in Trisquel, at least while this changes.
diff --git a/debian/rules.d/0-common-vars.mk b/debian/rules.d/0-common-vars.mk
index d832106b..4afdd290 100644
--- a/debian/rules.d/0-common-vars.mk
+++ b/debian/rules.d/0-common-vars.mk
@@ -154,6 +154,10 @@ do_zstd_ko=true
ifeq ($(series),jammy)
do_zstd_ko=
endif
+# Trisquel use udebs, so it disable zstd by default.
+ifeq (yes,$(shell dpkg-vendor --is Trisquel && echo yes))
+do_zstd_ko=
+endif
# Support parallel=<n> in DEB_BUILD_OPTIONS (see #209008)
#

2
helpers/DATA/linux/5-udebs.mk → helpers/DATA/linux-hwe-6.8/udeb/5-udebs.mk
View file

@ -6,7 +6,7 @@ ifeq ($(disable_d_i),)
do-binary-udebs do-binary-udebs
endif endif
do-binary-udebs: linux_udeb_name=$(shell if echo $(src_pkg_name)|egrep -q '(linux-lts|linux-hwe)'; then echo $(src_pkg_name); else echo linux; fi) do-binary-udebs: linux_udeb_name=$(shell if echo $(src_pkg_name)|egrep -q '(linux-lts|linux-hwe|linux-[0-9]+\.[0-9]+)'; then echo $(src_pkg_name); else echo linux; fi)
do-binary-udebs: debian/control do-binary-udebs: debian/control
@echo Debug: $@ @echo Debug: $@
dh_testdir dh_testdir

Some files were not shown because too many files have changed in this diff Show more