[arch-commits] Commit in thunderbird-extension-enigmail/repos (5 files)
Eli Schwartz
eschwartz at archlinux.org
Thu Oct 1 15:02:51 UTC 2020
Date: Thursday, October 1, 2020 @ 15:02:36
Author: eschwartz
Revision: 714195
archrelease: copy trunk to community-staging-any
Added:
thunderbird-extension-enigmail/repos/community-staging-any/
thunderbird-extension-enigmail/repos/community-staging-any/0001-Disable-Thunderbird-78-upgrade-warning-message.patch
(from rev 714194, thunderbird-extension-enigmail/trunk/0001-Disable-Thunderbird-78-upgrade-warning-message.patch)
thunderbird-extension-enigmail/repos/community-staging-any/0001-genxpi-make-XPI-files-reproducible.patch
(from rev 714194, thunderbird-extension-enigmail/trunk/0001-genxpi-make-XPI-files-reproducible.patch)
thunderbird-extension-enigmail/repos/community-staging-any/0001-preferences-disable-pEpAutoDownload-by-default.patch
(from rev 714194, thunderbird-extension-enigmail/trunk/0001-preferences-disable-pEpAutoDownload-by-default.patch)
thunderbird-extension-enigmail/repos/community-staging-any/PKGBUILD
(from rev 714194, thunderbird-extension-enigmail/trunk/PKGBUILD)
-----------------------------------------------------------+
0001-Disable-Thunderbird-78-upgrade-warning-message.patch | 31 +++++
0001-genxpi-make-XPI-files-reproducible.patch | 64 ++++++++++++
0001-preferences-disable-pEpAutoDownload-by-default.patch | 40 +++++++
PKGBUILD | 63 +++++++++++
4 files changed, 198 insertions(+)
Copied: thunderbird-extension-enigmail/repos/community-staging-any/0001-Disable-Thunderbird-78-upgrade-warning-message.patch (from rev 714194, thunderbird-extension-enigmail/trunk/0001-Disable-Thunderbird-78-upgrade-warning-message.patch)
===================================================================
--- community-staging-any/0001-Disable-Thunderbird-78-upgrade-warning-message.patch (rev 0)
+++ community-staging-any/0001-Disable-Thunderbird-78-upgrade-warning-message.patch 2020-10-01 15:02:36 UTC (rev 714195)
@@ -0,0 +1,31 @@
+From de048bbaa2c236914ab6e13008bbc1f434b05e62 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at archlinux.org>
+Date: Sun, 5 Jul 2020 13:43:42 +0200
+Subject: [PATCH] Disable Thunderbird 78 upgrade warning message
+
+---
+ package/configure.jsm | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/package/configure.jsm b/package/configure.jsm
+index c230cdf0..8f09b54f 100644
+--- a/package/configure.jsm
++++ b/package/configure.jsm
+@@ -311,6 +311,13 @@ var EnigmailConfigure = {
+ upgradeTo217: function(win) {
+ if (EnigmailCompat.isPostbox() || (!EnigmailCompat.isAtLeastTb68())) return;
+
+- displayUpgradeInfo(win);
++ /* Enigmail obtained from addons.mozilla.org shows a warning that the extension will stop
++ working with Thunderbird >= 78 and that users should hold back on upgrading Thunderbird until
++ its new builtin OpenPGP support is mature (expected for Thunderbird 78.2). This makes sense for
++ users of the builtin Thunderbird auto-update function, but less so for user obtaining Thunderbird
++ from a distribution repository, since it encourages partial upgrades. Hence for Arch Linux we
++ remove this warning and add a versioned dependency on Thunderbird < 78 instead to prevent users
++ from accidentally upgrading to the next release while still having Enigmail installed. */
++ // displayUpgradeInfo(win);
+ }
+ };
+--
+2.28.0
+
Copied: thunderbird-extension-enigmail/repos/community-staging-any/0001-genxpi-make-XPI-files-reproducible.patch (from rev 714194, thunderbird-extension-enigmail/trunk/0001-genxpi-make-XPI-files-reproducible.patch)
===================================================================
--- community-staging-any/0001-genxpi-make-XPI-files-reproducible.patch (rev 0)
+++ community-staging-any/0001-genxpi-make-XPI-files-reproducible.patch 2020-10-01 15:02:36 UTC (rev 714195)
@@ -0,0 +1,64 @@
+From 52c76d2380eaa057f083bcdad3bf7a93817f680c Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at gmx.de>
+Date: Fri, 10 Jul 2020 19:02:43 +0200
+Subject: [PATCH] genxpi: make XPI files reproducible
+
+zip records the mtime of packed files, making it harder to reproduce the
+generated file bit for bit. Use the SOURCE_DATE_EPOCH specification that is
+already respected in other places of this project (package/Makefile) to set the
+modification time to a known, reproducible value.
+
+To avoid embedding time zone information and Unix UIDs/GIDs as further sources
+of unreproducibilty use "export TZ=UTC" and "zip -X", resp. Also make the mtime
+of the generated XPI file reproducible using "zip -o" for good measure.
+---
+ util/genxpi | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/util/genxpi b/util/genxpi
+index 1ef552ea..d2d1a384 100755
+--- a/util/genxpi
++++ b/util/genxpi
+@@ -55,9 +55,10 @@ find chrome/content/modules -name "*.js*" | LC_ALL=C sort > chrome/content/modul
+
+ echo "Creating ${xpiFile} file"
+
+-zip -9 --must-match\
+- ../${xpiFile} \
+- chrome/content/preferences/defaultPrefs.js \
++# Avoid embedding time zone information about the current system into the XPI
++export TZ=UTC
++
++set chrome/content/preferences/defaultPrefs.js \
+ chrome/content/modules/app.jsm \
+ chrome/content/modules/armor.jsm \
+ chrome/content/modules/buildDate.jsm \
+@@ -114,16 +115,22 @@ zip -9 --must-match\
+ chrome/content/modules/windows.jsm \
+ chrome/content/modules/all-modules.txt
+
++# Set modification timestamps to a fixed value for reproducibilty
++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@"
++zip -9 -o -X --must-match ../${xpiFile} "$@"
++
+ if [ $? -ne 0 ]; then
+ exit 1
+ fi
+
+-zip -9 \
+- ../${xpiFile} \
+- chrome/content/ui/*.* \
++set chrome/content/ui/*.* \
+ chrome/content/skin/*.* \
+ chrome/locale/*/*.* \
+ webextension.js \
+ chrome.manifest \
+ schema.json \
+ manifest.json
++
++# Set modification timestamps to a fixed value for reproducibilty
++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@"
++zip -9 -o -X ../${xpiFile} "$@"
+--
+2.28.0
+
Copied: thunderbird-extension-enigmail/repos/community-staging-any/0001-preferences-disable-pEpAutoDownload-by-default.patch (from rev 714194, thunderbird-extension-enigmail/trunk/0001-preferences-disable-pEpAutoDownload-by-default.patch)
===================================================================
--- community-staging-any/0001-preferences-disable-pEpAutoDownload-by-default.patch (rev 0)
+++ community-staging-any/0001-preferences-disable-pEpAutoDownload-by-default.patch 2020-10-01 15:02:36 UTC (rev 714195)
@@ -0,0 +1,40 @@
+From 03993708d4d1fb327f102f45d7aa4e9c4fa8237b Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz at archlinux.org>
+Date: Thu, 10 Jan 2019 11:38:38 -0500
+Subject: [PATCH] preferences: disable pEpAutoDownload by default and avoid p=p
+
+Distributions should not automatically download this untrusted code;
+should be opt-in by users or be packaged separately.
+
+Additionally, we are an advanced distro and should generally avoid p=p
+in favor of the user's PGP keys. Moreover, p=p is undocumented and seems
+to lead to unintuitive use of the wrong PGP keys in new installations.
+---
+ package/prefs/defaultPrefs.js | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/package/prefs/defaultPrefs.js b/package/prefs/defaultPrefs.js
+index d5ca1249..f7ddc864 100755
+--- a/package/prefs/defaultPrefs.js
++++ b/package/prefs/defaultPrefs.js
+@@ -14,7 +14,7 @@
+ // 0: force using Enigmail
+ // 1: automatic mode (use pEp if Enigmail and S/MIME are not configured for any identity)
+ // 2: force using pEp
+-pref("extensions.enigmail.juniorMode", 1);
++pref("extensions.enigmail.juniorMode", 0);
+
+ // the last configured Enigmail version
+ pref("extensions.enigmail.configuredVersion", "");
+@@ -204,7 +204,7 @@ pref("extensions.enigmail.warnDownloadContactKeys", true);
+ pref("extensions.enigmail.wrapHtmlBeforeSend", true);
+
+ // automatically download pepmda if it is available (without askin user)
+-pref("extensions.enigmail.pEpAutoDownload", true);
++pref("extensions.enigmail.pEpAutoDownload", false);
+
+ // holds the last result of the last check for pEp updates
+ pref("extensions.enigmail.pEpLastUpdate", 0);
+--
+2.23.0
+
Copied: thunderbird-extension-enigmail/repos/community-staging-any/PKGBUILD (from rev 714194, thunderbird-extension-enigmail/trunk/PKGBUILD)
===================================================================
--- community-staging-any/PKGBUILD (rev 0)
+++ community-staging-any/PKGBUILD 2020-10-01 15:02:36 UTC (rev 714195)
@@ -0,0 +1,63 @@
+# Maintainer: Eli Schwartz <eschwartz at archlinux.org>
+# Maintainer: Jonas Witschel <diabonas at archlinux.org>
+# Contributor: Daniel Landau <daniel.landau at iki.fi>
+# Contributor: Einhard Leichtfuß <alguien at respiranto.de>
+# Contributor: Xyne
+# Contributor: David Manouchehri <d at 32t.ca>
+# Contributor: Alexander Fehr <pizzapunk gmail com>
+# Contributor: Thomas Jost <schnouki schnouki net>
+# Contributor: Hinrich Harms <arch hinrich de>
+
+pkgname=thunderbird-extension-enigmail
+pkgver=2.2.4
+pkgrel=1
+pkgdesc="OpenPGP message encryption and authentication for Thunderbird"
+arch=('any')
+url="https://www.enigmail.net/"
+license=('MPL' 'GPL3')
+makedepends=('zip' 'python' 'perl')
+replaces=('thunderbird-enigmail')
+source=("https://www.enigmail.net/download/source/enigmail-${pkgver}.tar.gz"{,.asc}
+ "0001-genxpi-make-XPI-files-reproducible.patch")
+sha512sums=('bf23f52ed61002b05e2e432a0abd1f576fe6eb97d94ab2241e17be86138cee153d668747f5759b967d9a4977be3dc901ee78ddb168347bdbbfed9229d27f786d'
+ 'SKIP'
+ '78457902b66792e75f284e5e5a73e5431b71908da79c94f1b9e45faf0f4cefcbe4e3c355d226e7e0a682dd65e913a3a68ef3dc4d6223f9584962fb7c13f70eb4')
+b2sums=('e6d5eab4cba2cd66669ddf38f8152511606c48ce995be331551a7b403ecbd06967c22702a06e06aa89219b5c905e835ddb4d146c0fc2cb11e1a647e46854dd1f'
+ 'SKIP'
+ 'f0fe6d5b0637002a16f066fc25b3c69113d88651163b3eab4a5da179842d5ddf4e5185dbc45491a5d4800b5cf00a5a89e355768263a710bd467ff070608de900')
+validpgpkeys=('4F9F89F5505AC1D1A260631CDB1187B9DD5F693B') # Patrick Brunschwig <patrick at enigmail.net>
+
+prepare() {
+ cd "${srcdir}"/enigmail
+
+ # Make timestamps in the generated XPI file respect SOURCE_DATE_EPOCH
+ # (https://gitlab.com/enigmail/enigmail/-/merge_requests/45 and
+ # https://gitlab.com/enigmail/enigmail/-/merge_requests/46)
+ patch -p1 -i ../0001-genxpi-make-XPI-files-reproducible.patch
+}
+
+build() {
+ cd "${srcdir}"/enigmail
+
+ ./configure
+ make -j1 # fails with -j greater than 1
+}
+
+package() {
+ depends=('thunderbird>=78' 'gnupg')
+ cd "${srcdir}"/enigmail
+
+ if ! _extension_id="$(sed -n '/.*<em:id>\(.*\)<\/em:id>.*/{s//\1/p;q}' build-tb/dist/install.rdf 2>/dev/null)" ||
+ [[ -z $_extension_id ]]; then
+ _extension_id="$(sed -n 's/.*"id": "\(.*\)".*/\1/p' build-tb/dist/manifest.json)"
+ fi
+ _extension_dest="${pkgdir}/usr/lib/thunderbird/extensions/${_extension_id}"
+ # Should this extension be unpacked or not?
+ if grep -q '<em:unpack>true</em:unpack>' build-tb/dist/install.rdf 2>/dev/null; then
+ install -dm755 "${_extension_dest}"
+ cp -R build-tb/dist/* "${_extension_dest}"
+ chmod -R ugo+rX "${_extension_dest}"
+ else
+ install -Dm644 build-tb/enigmail-${pkgver}.xpi "${_extension_dest}.xpi"
+ fi
+}
More information about the arch-commits
mailing list