aboutsummaryrefslogtreecommitdiffstats
path: root/community/firefox-esr/APKBUILD
blob: 74824992b222e86d09a3311f03fb1b68b66ef365 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
pkgname=firefox-esr
pkgver=115.9.1
# Date of release, YY-MM-DD for metainfo file (see package())
# https://www.mozilla.org/firefox/organizations/notes/
_releasedate=2024-03-22
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
# s390x and riscv64: blocked by rust and cargo
# armhf: build failure on armhf due to wasm
arch="x86_64 armv7 aarch64 x86 ppc64le"
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
install="$pkgname.post-upgrade"
depends="
	ffmpeg-libavcodec
	"
makedepends="
	alsa-lib-dev
	automake
	bsd-compat-headers
	cargo
	cbindgen
	clang
	clang-libclang
	dbus-glib-dev
	gettext
	gtk+3.0-dev
	hunspell-dev
	icu-dev>=69.1
	libevent-dev
	libffi-dev
	libjpeg-turbo-dev
	libnotify-dev
	libogg-dev
	libtheora-dev
	libtool
	libvorbis-dev
	libvpx-dev
	libwebp-dev
	libxcomposite-dev
	libxt-dev
	lld
	llvm-dev
	m4
	mesa-dev
	nasm
	nodejs
	nspr-dev
	nss-dev
	pipewire-dev
	pulseaudio-dev
	py3-psutil
	py3-zstandard
	python3
	sed
	wasi-sdk
	wireless-tools-dev
	zip
	"
subpackages="$pkgname-intl"
source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
	audio-lfs64.patch
	disable-moz-stackwalk.patch
	esr-metainfo.patch
	fix-fortify-system-wrappers.patch
	fix-rust-target.patch
	fix-webrtc-glibcisms.patch
	icu74.patch
	lfs64.patch
	no-ccache-stats.patch
	ppc-musttail.patch
	ppc-webrtc.patch
	python-deps.patch
	rust-lto-thin.patch
	sandbox-fork.patch
	sandbox-largefile.patch
	sandbox-sched_setscheduler.patch

	stab.h

	firefox.desktop
	mozilla-location.keys
	vendor-prefs.js
	"

builddir="$srcdir/firefox-$pkgver"
_mozappdir=/usr/lib/firefox-esr

# help our shared-object scanner to find the libs
ldpath="$_mozappdir"

# secfixes:
#   115.6.0-r0:
#     - CVE-2023-6856
#     - CVE-2023-6865
#     - CVE-2023-6857
#     - CVE-2023-6858
#     - CVE-2023-6859
#     - CVE-2023-6860
#     - CVE-2023-6867
#     - CVE-2023-6861
#     - CVE-2023-6862
#     - CVE-2023-6863
#     - CVE-2023-6864
#   115.5.0-r0:
#     - CVE-2023-6204
#     - CVE-2023-6205
#     - CVE-2023-6206
#     - CVE-2023-6207
#     - CVE-2023-6208
#     - CVE-2023-6209
#     - CVE-2023-6212
#   115.4.0-r0:
#     - CVE-2023-5721
#     - CVE-2023-5732
#     - CVE-2023-5724
#     - CVE-2023-5725
#     - CVE-2023-5726
#     - CVE-2023-5727
#     - CVE-2023-5728
#     - CVE-2023-5730
#   115.3.1-r0:
#     - CVE-2023-5217
#   115.3.0-r0:
#     - CVE-2023-5168
#     - CVE-2023-5169
#     - CVE-2023-5171
#     - CVE-2023-5174
#     - CVE-2023-5176
#   115.2.1-r0:
#     - CVE-2023-4863
#   115.2.0-r0:
#     - CVE-2023-4573
#     - CVE-2023-4574
#     - CVE-2023-4575
#     - CVE-2023-4576
#     - CVE-2023-4577
#     - CVE-2023-4051
#     - CVE-2023-4578
#     - CVE-2023-4053
#     - CVE-2023-4580
#     - CVE-2023-4581
#     - CVE-2023-4582
#     - CVE-2023-4583
#     - CVE-2023-4584
#     - CVE-2023-4585
#   115.1.0-r0:
#     - CVE-2023-4045
#     - CVE-2023-4046
#     - CVE-2023-4047
#     - CVE-2023-4048
#     - CVE-2023-4049
#     - CVE-2023-4050
#     - CVE-2023-4052
#     - CVE-2023-4054
#     - CVE-2023-4055
#     - CVE-2023-4056
#     - CVE-2023-4057
#   115.0.2-r0:
#     - CVE-2023-3600
#   115.0-r0:
#     - CVE-2023-3482
#     - CVE-2023-37201
#     - CVE-2023-37202
#     - CVE-2023-37203
#     - CVE-2023-37204
#     - CVE-2023-37205
#     - CVE-2023-37206
#     - CVE-2023-37207
#     - CVE-2023-37208
#     - CVE-2023-37209
#     - CVE-2023-37210
#     - CVE-2023-37211
#     - CVE-2023-37212
#   102.12.0-r0:
#     - CVE-2023-34414
#     - CVE-2023-34416
#   102.11.0-r0:
#     - CVE-2023-32205
#     - CVE-2023-32206
#     - CVE-2023-32207
#     - CVE-2023-32211
#     - CVE-2023-32212
#     - CVE-2023-32213
#     - CVE-2023-32214
#     - CVE-2023-32215
#   102.10.0-r0:
#     - CVE-2023-29531
#     - CVE-2023-29532
#     - CVE-2023-29533
#     - CVE-2023-1999
#     - CVE-2023-29535
#     - CVE-2023-29536
#     - CVE-2023-29539
#     - CVE-2023-29541
#     - CVE-2023-29542
#     - CVE-2023-29545
#     - CVE-2023-1945
#     - CVE-2023-29548
#     - CVE-2023-29550
#   102.9.0-r0:
#     - CVE-2023-25751
#     - CVE-2023-28164
#     - CVE-2023-28162
#     - CVE-2023-25752
#     - CVE-2023-28163
#     - CVE-2023-28176
#   102.8.0-r0:
#     - CVE-2023-25728
#     - CVE-2023-25730
#     - CVE-2023-0767
#     - CVE-2023-25735
#     - CVE-2023-25737
#     - CVE-2023-25738
#     - CVE-2023-25739
#     - CVE-2023-25729
#     - CVE-2023-25732
#     - CVE-2023-25734
#     - CVE-2023-25742
#     - CVE-2023-25744
#     - CVE-2023-25746
#   102.7.0-r0:
#     - CVE-2022-46871
#     - CVE-2023-23598
#     - CVE-2023-23599
#     - CVE-2023-23601
#     - CVE-2023-23602
#     - CVE-2022-46877
#     - CVE-2023-23603
#     - CVE-2023-23605
#   102.6.0-r0:
#     - CVE-2022-46880
#     - CVE-2022-46872
#     - CVE-2022-46881
#     - CVE-2022-46874
#     - CVE-2022-46875
#     - CVE-2022-46882
#     - CVE-2022-46878
#   102.5.0-r0:
#     - CVE-2022-45403
#     - CVE-2022-45404
#     - CVE-2022-45405
#     - CVE-2022-45406
#     - CVE-2022-45408
#     - CVE-2022-45409
#     - CVE-2022-45410
#     - CVE-2022-45411
#     - CVE-2022-45412
#     - CVE-2022-45416
#     - CVE-2022-45418
#     - CVE-2022-45420
#     - CVE-2022-45421
#   102.4.0-r0:
#     - CVE-2022-42927
#     - CVE-2022-42928
#     - CVE-2022-42929
#     - CVE-2022-42932
#   102.3.0-r0:
#     - CVE-2022-3266
#     - CVE-2022-40959
#     - CVE-2022-40960
#     - CVE-2022-40958
#     - CVE-2022-40956
#     - CVE-2022-40957
#     - CVE-2022-40962
#   102.2.0-r0:
#     - CVE-2022-38472
#     - CVE-2022-38473
#     - CVE-2022-38476
#     - CVE-2022-38477
#     - CVE-2022-38478
#   102.1.0-r0:
#     - CVE-2022-2505
#     - CVE-2022-36314
#     - CVE-2022-36318
#     - CVE-2022-36319
#   91.11.0-r0:
#     - CVE-2022-2200
#     - CVE-2022-31744
#     - CVE-2022-34468
#     - CVE-2022-34470
#     - CVE-2022-34472
#     - CVE-2022-34478
#     - CVE-2022-34479
#     - CVE-2022-34481
#     - CVE-2022-34484
#   91.10.0-r0:
#     - CVE-2022-31736
#     - CVE-2022-31737
#     - CVE-2022-31738
#     - CVE-2022-31739
#     - CVE-2022-31740
#     - CVE-2022-31741
#     - CVE-2022-31742
#     - CVE-2022-31747
#   91.9.1-r0:
#     - CVE-2022-1529
#     - CVE-2022-1802
#   91.9.0-r0:
#     - CVE-2022-29909
#     - CVE-2022-29911
#     - CVE-2022-29912
#     - CVE-2022-29914
#     - CVE-2022-29916
#     - CVE-2022-29917
#   91.8.0-r0:
#     - CVE-2022-1097
#     - CVE-2022-1196
#     - CVE-2022-24713
#     - CVE-2022-28281
#     - CVE-2022-28282
#     - CVE-2022-28285
#     - CVE-2022-28286
#     - CVE-2022-28289
#   91.7.0-r0:
#     - CVE-2022-26381
#     - CVE-2022-26383
#     - CVE-2022-26384
#     - CVE-2022-26386
#     - CVE-2022-26387
#   91.6.1-r0:
#     - CVE-2022-26485
#     - CVE-2022-26486
#   91.6.0-r0:
#     - CVE-2022-22754
#     - CVE-2022-22756
#     - CVE-2022-22759
#     - CVE-2022-22760
#     - CVE-2022-22761
#     - CVE-2022-22763
#     - CVE-2022-22764
#   91.5.0-r0:
#     - CVE-2021-4140
#     - CVE-2022-22737
#     - CVE-2022-22738
#     - CVE-2022-22739
#     - CVE-2022-22740
#     - CVE-2022-22741
#     - CVE-2022-22742
#     - CVE-2022-22743
#     - CVE-2022-22744
#     - CVE-2022-22745
#     - CVE-2022-22746
#     - CVE-2022-22747
#     - CVE-2022-22748
#     - CVE-2022-22751
#   91.4.0-r0:
#     - CVE-2021-43536
#     - CVE-2021-43537
#     - CVE-2021-43538
#     - CVE-2021-43539
#     - CVE-2021-43541
#     - CVE-2021-43542
#     - CVE-2021-43543
#     - CVE-2021-43545
#     - CVE-2021-43546
#   91.3.0-r0:
#     - CVE-2021-38503
#     - CVE-2021-38504
#     - CVE-2021-38505
#     - CVE-2021-38506
#     - CVE-2021-38507
#     - CVE-2021-38508
#     - CVE-2021-38509
#     - CVE-2021-38510
#   91.2.0-r0:
#     - CVE-2021-32810
#     - CVE-2021-38492
#     - CVE-2021-38493
#     - CVE-2021-38495
#     - CVE-2021-38496
#     - CVE-2021-38497
#     - CVE-2021-38498
#     - CVE-2021-38500
#     - CVE-2021-38501
#   78.13.0-r0:
#     - CVE-2021-29980
#     - CVE-2021-29984
#     - CVE-2021-29985
#     - CVE-2021-29986
#     - CVE-2021-29988
#     - CVE-2021-29989
#   78.12.0-r0:
#     - CVE-2021-29970
#     - CVE-2021-29976
#     - CVE-2021-30547
#   78.11.0-r0:
#     - CVE-2021-29967
#   78.10.0-r0:
#     - CVE-2021-23961
#     - CVE-2021-23994
#     - CVE-2021-23995
#     - CVE-2021-23998
#     - CVE-2021-23999
#     - CVE-2021-24002
#     - CVE-2021-29945
#     - CVE-2021-29946
#   78.9.0-r0:
#     - CVE-2021-23981
#     - CVE-2021-23982
#     - CVE-2021-23984
#     - CVE-2021-23987
#   78.8.0-r0:
#     - CVE-2021-23968
#     - CVE-2021-23969
#     - CVE-2021-23973
#     - CVE-2021-23978
#   78.7.0-r0:
#     - CVE-2020-26976
#     - CVE-2021-23953
#     - CVE-2021-23954
#     - CVE-2021-23960
#     - CVE-2021-23964
#   78.6.1-r0:
#     - CVE-2020-16044
#   78.6.0-r0:
#     - CVE-2020-16042
#     - CVE-2020-26971
#     - CVE-2020-26973
#     - CVE-2020-26974
#     - CVE-2020-26978
#     - CVE-2020-35111
#     - CVE-2020-35112
#     - CVE-2020-35113
#   78.5.0-r0:
#     - CVE-2020-15683
#     - CVE-2020-15969
#     - CVE-2020-15999
#     - CVE-2020-16012
#     - CVE-2020-26950
#     - CVE-2020-26951
#     - CVE-2020-26953
#     - CVE-2020-26956
#     - CVE-2020-26958
#     - CVE-2020-26959
#     - CVE-2020-26960
#     - CVE-2020-26961
#     - CVE-2020-26965
#     - CVE-2020-26966
#     - CVE-2020-26968
#   78.3.0-r0:
#     - CVE-2020-15673
#     - CVE-2020-15676
#     - CVE-2020-15677
#     - CVE-2020-15678
#   78.2.0-r0:
#     - CVE-2020-15663
#     - CVE-2020-15664
#     - CVE-2020-15670
#   78.1.0-r0:
#     - CVE-2020-15652
#     - CVE-2020-15653
#     - CVE-2020-15654
#     - CVE-2020-15655
#     - CVE-2020-15656
#     - CVE-2020-15657
#     - CVE-2020-15658
#     - CVE-2020-15659
#     - CVE-2020-6463
#     - CVE-2020-6514
#   68.10.0-r0:
#     - CVE-2020-12417
#     - CVE-2020-12418
#     - CVE-2020-12419
#     - CVE-2020-12420
#     - CVE-2020-12421
#   68.9.0-r0:
#     - CVE-2020-12399
#     - CVE-2020-12405
#     - CVE-2020-12406
#     - CVE-2020-12410
#   68.8.0-r0:
#     - CVE-2020-12387
#     - CVE-2020-12388
#     - CVE-2020-12389
#     - CVE-2020-12392
#     - CVE-2020-12393
#     - CVE-2020-12395
#     - CVE-2020-6831
#   68.7.0-r0:
#     - CVE-2020-6821
#     - CVE-2020-6822
#     - CVE-2020-6825
#   68.6.1-r0:
#     - CVE-2020-6819
#     - CVE-2020-6820
#   68.6.0-r0:
#     - CVE-2019-20503
#     - CVE-2020-6805
#     - CVE-2020-6806
#     - CVE-2020-6807
#     - CVE-2020-6811
#     - CVE-2020-6812
#     - CVE-2020-6814
#   68.5.0-r0:
#     - CVE-2020-6796
#     - CVE-2020-6797
#     - CVE-2020-6798
#     - CVE-2020-6799
#     - CVE-2020-6800
#   68.4.1-r0:
#     - CVE-2019-17016
#     - CVE-2019-17022
#     - CVE-2019-17024
#     - CVE-2019-17026
#   68.3.0-r0:
#     - CVE-2019-17005
#     - CVE-2019-17008
#     - CVE-2019-17009
#     - CVE-2019-17010
#     - CVE-2019-17011
#     - CVE-2019-17012
#   68.2.0-r0:
#     - CVE-2019-11757
#     - CVE-2019-11758
#     - CVE-2019-11759
#     - CVE-2019-11760
#     - CVE-2019-11761
#     - CVE-2019-11762
#     - CVE-2019-11763
#     - CVE-2019-11764
#     - CVE-2019-15903
#   68.1.0-r0:
#     - CVE-2019-9812
#     - CVE-2019-11740
#     - CVE-2019-11742
#     - CVE-2019-11743
#     - CVE-2019-11744
#     - CVE-2019-11746
#     - CVE-2019-11752
#   68.0.2-r0:
#     - CVE-2019-11733
#   68.0-r0:
#     - CVE-2019-11709
#     - CVE-2019-11711
#     - CVE-2019-11712
#     - CVE-2019-11713
#     - CVE-2019-11715
#     - CVE-2019-11717
#     - CVE-2019-11719
#     - CVE-2019-11729
#     - CVE-2019-11730
#     - CVE-2019-9811
#   60.7.2-r0:
#     - CVE-2019-11708
#   60.7.1-r0:
#     - CVE-2019-11707
#   60.7.0-r0:
#     - CVE-2019-9815
#     - CVE-2019-9816
#     - CVE-2019-9817
#     - CVE-2019-9818
#     - CVE-2019-9819
#     - CVE-2019-9820
#     - CVE-2019-11691
#     - CVE-2019-11692
#     - CVE-2019-11693
#     - CVE-2019-7317
#     - CVE-2019-9797
#     - CVE-2018-18511
#     - CVE-2019-11694
#     - CVE-2019-11698
#     - CVE-2019-5798
#     - CVE-2019-9800
#   60.6.1-r0:
#     - CVE-2019-9810
#     - CVE-2019-9813
#     - CVE-2019-9790
#     - CVE-2019-9791
#     - CVE-2019-9792
#     - CVE-2019-9793
#     - CVE-2019-9794
#     - CVE-2019-9795
#     - CVE-2019-9796
#     - CVE-2019-9801
#     - CVE-2018-18506
#     - CVE-2019-9788
#   60.5.2-r0:
#     - CVE-2019-5785
#     - CVE-2018-18335
#     - CVE-2018-18356
#   60.5.0-r0:
#     - CVE-2018-18500
#     - CVE-2018-18505
#     - CVE-2018-18501
#   52.6.0-r0:
#     - CVE-2018-5089
#     - CVE-2018-5091
#     - CVE-2018-5095
#     - CVE-2018-5096
#     - CVE-2018-5097
#     - CVE-2018-5098
#     - CVE-2018-5099
#     - CVE-2018-5102
#     - CVE-2018-5103
#     - CVE-2018-5104
#     - CVE-2018-5117
#   52.5.2-r0:
#     - CVE-2017-7843

# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
	sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}

export SHELL=/bin/sh
export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export USE_SHORT_LIBNAME=1
export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
export MOZ_APP_PROFILE="mozilla/firefox"
export MOZ_APP_REMOTINGNAME=firefox-esr
export MOZBUILD_STATE_PATH="$srcdir"/mozbuild
# disable desktop notifications
export MOZ_NOSPAM=1
# Find our triplet JSON
export RUST_TARGET="$CTARGET"

# Build with Clang, takes less RAM
export CC="clang"
export CXX="clang++"

# set rpath so linker finds the libs
export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"

# let firefox do this itself.
unset CARGO_PROFILE_RELEASE_OPT_LEVEL
unset CARGO_PROFILE_RELEASE_LTO

export CFLAGS="${CFLAGS/-fstack-clash-protection/} -g0 -O2"
export CXXFLAGS="${CXXFLAGS/-fstack-clash-protection/} -g0 -O2 -Wno-deprecated-builtins -Wno-deprecated-declarations"

prepare() {
	default_prepare
	cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/

	_clear_vendor_checksums audio_thread_priority

	base64 -d "$srcdir"/mozilla-location.keys > "$builddir"/mozilla-api-key

	# webrtc does not build on these
	case "$CARCH" in
	ppc64le)
		local webrtc_config="ac_add_options --disable-webrtc"
		;;
	esac
	case "$CARCH" in
	armv7)
		# broken here
		local rust_simd="ac_add_options --disable-rust-simd"
		;;
	*)
		local rust_simd="ac_add_options --enable-rust-simd"
		;;
	esac

	case "$CARCH" in
	aarch64|arm*|x86*)
		# disable-elf-hack: exists only on aarch64, arm*, x86, x86_64
		local arch_config="ac_add_options --disable-elf-hack"
		;;
	esac

	# sandbox only supported here
	case "$CARCH" in
	x86*|armv7|aarch64)
		local sandbox="ac_add_options --enable-sandbox"
		;;
	*)
		local sandbox="ac_add_options --disable-sandbox"
		;;
	esac

	cat > base-mozconfig <<-EOF
	# disable unwanted things
	ac_add_options --disable-bootstrap
	ac_add_options --disable-cargo-incremental
	ac_add_options --disable-crashreporter
	ac_add_options --disable-debug
	ac_add_options --disable-debug-symbols
	ac_add_options --disable-install-strip
	ac_add_options --disable-jemalloc
	ac_add_options --disable-strip
	ac_add_options --disable-tests
	ac_add_options --disable-updater

	# features
	ac_add_options --enable-alsa
	ac_add_options --enable-dbus
	ac_add_options --enable-default-toolkit=cairo-gtk3-wayland
	ac_add_options --enable-ffmpeg
	ac_add_options --enable-hardening
	ac_add_options --enable-linker=lld
	ac_add_options --enable-necko-wifi
	ac_add_options --enable-official-branding
	ac_add_options --enable-optimize="$CFLAGS"
	ac_add_options --enable-pulseaudio
	ac_add_options --enable-release
	ac_add_options --enable-update-channel=release

	# system libs
	ac_add_options --enable-system-pixman
	ac_add_options --with-system-ffi
	ac_add_options --with-system-icu
	ac_add_options --with-system-jpeg
	ac_add_options --with-system-libevent
	ac_add_options --with-system-libvpx
	ac_add_options --with-system-nspr
	ac_add_options --with-system-nss
	ac_add_options --with-system-png
	ac_add_options --with-system-webp
	ac_add_options --with-system-zlib

	# misc
	ac_add_options --allow-addon-sideload
	ac_add_options --prefix=/usr
	ac_add_options --with-app-name=firefox-esr
	ac_add_options --with-distribution-id=org.alpinelinux
	ac_add_options --with-libclang-path=/usr/lib
	ac_add_options --with-unsigned-addon-scopes=app,system
	ac_add_options --with-wasi-sysroot=/usr/share/wasi-sysroot
	ac_add_options --host=$CHOST
	ac_add_options --target=$CTARGET

	# objdir
	mk_add_options MOZ_OBJDIR="$builddir/obj"

	mk_add_options RUSTFLAGS="$RUSTFLAGS"

	# keys
	# these are for alpine linux use only
	ac_add_options --with-mozilla-api-keyfile="$builddir/mozilla-api-key"

	$arch_config
	$rust_simd
	$sandbox
	$webrtc_config
	EOF
}

build() {
	cat > .mozconfig base-mozconfig

	export MOZ_BUILD_DATE=$(date ${SOURCE_DATE_EPOCH:+ -d@${SOURCE_DATE_EPOCH}} "+%Y%m%d%H%M%S")

	# for lto
	ulimit -n 4096

	# can't be set here and fail
	unset RUSTFLAGS

	local thinlto_jobs=${JOBS:-1}

	case "$CARCH" in
	# on this platforms, lld seems to not utilise >1 threads for thinlto for some reason.
	# at the same time, having more than 8 also crashes lld for firefox buildsystems (why?).
	aarch64)
		if [ $thinlto_jobs -gt 8 ]; then
			thinlto_jobs=8
		fi
		;;
	esac

	export LDFLAGS="$LDFLAGS -Wl,--thinlto-jobs=$thinlto_jobs"

	case "$CARCH" in
	# lto for 64-bit systems only
	aarch64|x86_64|ppc64le)
		cat > .mozconfig base-mozconfig <<-EOF
		ac_add_options --enable-lto=cross
		EOF
	esac

	./mach build
}

package() {
	DESTDIR="$pkgdir" ./mach install

	local _png
	for _png in ./browser/branding/official/default*.png; do
		local i=${_png%.png}
		i=${i##*/default}
		install -Dm644 "$_png" \
			"$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox-esr.png
	done

	install -Dm644 browser/branding/official/content/about-logo.png \
		"$pkgdir"/usr/share/icons/hicolor/192x192/apps/firefox-esr.png
	install -Dm644 browser/branding/official/content/about-logo@2x.png \
		"$pkgdir"/usr/share/icons/hicolor/384x384/apps/firefox-esr.png
	install -Dm644 browser/branding/official/content/about-logo.svg \
		"$pkgdir"/usr/share/icons/hicolor/scalable/apps/firefox-esr.svg

	install -Dm644 "$srcdir"/firefox.desktop \
		"$pkgdir"/usr/share/applications/firefox-esr.desktop

	# install our vendor prefs
	install -Dm644 "$srcdir"/vendor-prefs.js \
		"$pkgdir"/$_mozappdir/browser/defaults/preferences/vendor.js

	# Generate appdata file
	mkdir -p "$pkgdir"/usr/share/metainfo/
	export VERSION="$pkgver"
	export DATE="$_releasedate"
	envsubst < "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox-esr.appdata.xml

	# Replace duplicate binary with wrapper
	# https://bugzilla.mozilla.org/show_bug.cgi?id=658850
	install -Dm755 /dev/stdin "$pkgdir"/usr/bin/firefox-esr <<- EOF
	#!/bin/sh
	exec $_mozappdir/firefox-esr "\$@"
	EOF
	rm "$pkgdir"/$_mozappdir/firefox-esr-bin
	ln -sfv /usr/bin/firefox-esr "$pkgdir"/$_mozappdir/firefox-esr-bin
}

intl() {
	pkgdesc="$pkgname - International ICU data"
	depends="icu-data-full"
	install_if="$pkgname=$pkgver-r$pkgrel icu"
	mkdir -p "$subpkgdir"
}

sha512sums="
9ccaede2fcda13a07f98a2110bb8f99c7324601d66bff311f3070a669576a1598fe1d7de2d005d725d1f44dbe3934a9c0fd0b7950f60686047d4ce8d9d812310  firefox-115.9.1esr.source.tar.xz
3e0501ae7a650346c667dfdc0ae0ca286084f22e89ab2ac671cc0d7315673dc5b6dcb9f9882f6f39d26e9a31e57f7a0fd53d6b805e520224e22b8976850e2eb8  audio-lfs64.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c  disable-moz-stackwalk.patch
f7b3b45ba04d05d17439d009bf0c9f27881e126f424e2257552338a0c1e3771ee1289c044babcb0920f62af62873a268c0cf524e1d35711e6dc8b808ca5e9f26  esr-metainfo.patch
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556  fix-rust-target.patch
305c874fdea3096e9c4c6aa6520ac64bb1c347c4b59db8360096646593fe684c3b5377874d91cecd33d56d1410b4714fbdea2b514923723ecbeff79d51265d9b  fix-webrtc-glibcisms.patch
afabea91b328c5a68eaa20f9099ac7b2d0e7f2423e816b05ed168bdd326a5684fa02de08bf05c6033e9b888f02775d1b0443a00329b7a632ee399122a391c13a  icu74.patch
5fa9382c692e4bd6a2634308f24a6526fd12a60a2563d2090056d43a60505df3ec9881bbf54562e69394467529b3b0dc45955afca46ed329af03cea074fff070  lfs64.patch
c0437a6753f3f350968fa12d250efdfe1bea77baf0e4c06b072b5cc9e78c774dbf4506bc536337030d349fb3ba4460097b75b0c7c5b8fb2d39d8b0a392948936  no-ccache-stats.patch
2d8dff86212d6d2a904cbb5a5a1d6c17b89adc929fc6a3f4c6cb669f5e83ecddff5a799225319ba445a187b04d111251af75dd3ce8a039164bc14d2a432a2a04  ppc-musttail.patch
6f60e83599041db1b707c21784197ea9816b2c936b89a274bfc24554a600981e6f28448fe41fab0942bd31acd49b1c00beb2eb0961149f2ffa6a4154be123ea7  ppc-webrtc.patch
4e40b34c5f77a1a21fe971a6fcd8a21b1a63423a3a7932a5a6e1c7a2779f9f06a561c806614a01931679a4b1c6afdfd8ae1f3cc6b673f259ccd368e8e54f6e90  python-deps.patch
1c6918dd6655d3a1251bfd4af2e1c561cbb00d540a883b4c1ebf7f5de530d754d9ac07b4b5f56cdab6c511d25c8910ec94043f5733e97501a67abffe1bafaeb1  rust-lto-thin.patch
2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609  sandbox-fork.patch
b7d0a6126bdf6c0569f80aabf5b37ed2c7a35712eb8a0404a2d85381552f5555d4f97d213ea26cec6a45dc2785f22439376ed5f8e78b4fd664ef0223307b333e  sandbox-largefile.patch
f8c3555ef6207933cbffbf4fc101a9b4c0d2990c0063162f0f0bde70ef0b46f86bfac42e7110695183424a87948de593f3927b2d8509ede3e4fc7bd8a1fad1ce  sandbox-sched_setscheduler.patch
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
d354f48a29bfc16719f3b230b1395063239d4420f9e47522de4662392d9697b15f931ca3bf6055d100fa33d61a9a1a13477687d5eac99e50ae7dbef9882a5808  firefox.desktop
382510375b1a2fa79be0ab79e3391a021ae2c022429ffbaa7e7a69166f99bb56d01e59a1b10688592a29238f21c9d6977672bd77f9fae439b66bdfe0c55ddb15  mozilla-location.keys
fc45bc3ffb9404e5338ea26a9f04807b40f6f516324972cddd48bedb91b8bd7c6b8d4e03a0209020f5e67b703bc4ff89389985791b9bd544a0fc3951e2dc338e  vendor-prefs.js
"