diff --git a/firefox-mozconfig b/firefox-mozconfig index 9944800..0a4e08a 100644 --- a/firefox-mozconfig +++ b/firefox-mozconfig @@ -12,9 +12,7 @@ ac_add_options --enable-official-branding ac_add_options --enable-pulseaudio ac_add_options --enable-release ac_add_options --enable-system-ffi -ac_add_options --without-sysroot ac_add_options --without-system-icu -ac_add_options --without-wasm-sandboxed-libraries ac_add_options --with-system-jpeg ac_add_options --with-system-zlib ac_add_options --with-unsigned-addon-scopes=app,system diff --git a/firefox.spec b/firefox.spec index f4c5851..63939ac 100644 --- a/firefox.spec +++ b/firefox.spec @@ -12,6 +12,9 @@ %global run_firefox_tests 0 %endif +# wasi_sdk is for sandboxing third party c/c++ libs by using rlbox, exclude s390x on the f39. +%bcond_with wasi_sdk + %{lua: function dist_to_rhel_minor(str, start) match = string.match(str, ".module%+el8.%d+") @@ -56,22 +59,31 @@ end} %global bundle_nss 0 %if 0%{?rhel} == 7 -%global bundle_nss 0 -%global system_nss 0 + %global bundle_nss 0 + %global system_nss 0 %endif + %if 0%{?rhel} == 8 %if %{rhel_minor_version} < 8 %global bundle_nss 1 %global system_nss 1 %endif + %if %{rhel_minor_version} >= 10 + %global with_wasi_sdk 1 + %endif %endif + %if 0%{?rhel} == 9 %if %{rhel_minor_version} < 2 %global bundle_nss 1 %global system_nss 1 %endif + %if %{rhel_minor_version} > 5 + %global with_wasi_sdk 1 + %endif %endif + %global dts_version 11 %global llvm_version 7.0 %global nspr_version 4.35 @@ -189,6 +201,11 @@ Source34: firefox-search-provider.ini Source35: google-loc-api-key Source36: testing.sh Source37: mochitest-python.tar.gz +Source38: wasi.patch.template +# Created by: +# git clone --recursive https://github.com/WebAssembly/wasi-sdk.git +# cd wasi-sdk && git-archive-all --force-submodules wasi-sdk-20.tar.gz +Source50: wasi-sdk-20.tar.gz # Bundled libraries Source401: nss-setup-flags-env.inc @@ -240,7 +257,7 @@ Patch155: rhbz-1354671.patch Patch200: webrtc-128.0.patch.patch Patch201: D224587.1728128070.diff Patch202: D224588.1728128098.diff - +Patch203: wasi.patch # ---- Test patches ---- # Generate without context by @@ -359,6 +376,11 @@ BuildRequires: xmlto BuildRequires: zlib-devel %endif +%if %{with wasi_sdk} +BuildRequires: lld +BuildRequires: clang cmake ninja-build +%endif + %if !0%{?flatpak} #TODO BuildRequires: system-bookmarks @@ -1123,10 +1145,15 @@ echo "system_nss %{?system_nss}" echo "use_dts %{?use_dts}" echo "use_nodejs_scl %{?use_nodejs_scl}" echo "use_python3_scl %{?use_python3_scl}" +echo "with_wasi_sdk %{?with_wasi_sdk}" echo "--------------------------------------------" #clang -print-search-dirs %setup -q -n %{name}-%{version} +%if %{with wasi_sdk} +%setup -q -T -D -a 50 +%endif + # ---- RHEL specific patches --- # -- Downstream only -- %patch -P1 -p1 -b .disable-elfhack @@ -1152,6 +1179,12 @@ echo "--------------------------------------------" %patch -P9 -p1 -b .rhbz-2131158-webrtc-nss-fix %patch -P10 -p1 -b .build-ffvpx +# We need to create the wasi.patch with the correct path to the wasm libclang_rt. +%if %{with wasi_sdk} +export LIBCLANG_RT=`pwd`/wasi-sdk-20/build/compiler-rt/lib/wasi/libclang_rt.builtins-wasm32.a; cat %{SOURCE38} | envsubst > %{_sourcedir}/wasi.patch +%patch -P203 -p1 -b .wasi +%endif + # -- Upstreamed patches -- %patch -P51 -p1 -b .mozilla-bmo1170092 @@ -1183,7 +1216,6 @@ echo "--------------------------------------------" %patch -P202 -p1 -b .D224588 %endif - # ---- Security patches ---- %{__rm} -f .mozconfig @@ -1264,6 +1296,13 @@ echo "ac_add_options --with-google-safebrowsing-api-keyfile=`pwd`/google-api-key # Clang 17 upstream's detection fails, tell it where to look. echo "ac_add_options --with-libclang-path=`llvm-config --libdir`" >> .mozconfig +%if %{with wasi_sdk} +echo "ac_add_options --with-wasi-sysroot=`pwd`/wasi-sdk-20/build/install/opt/wasi-sdk/share/wasi-sysroot" >> .mozconfig +%else +echo "ac_add_options --without-sysroot" >> .mozconfig +echo "ac_add_options --without-wasm-sandboxed-libraries" >> .mozconfig +%endif + echo 'export NODEJS="%{_buildrootdir}/bin/node-stdout-nonblocking-wrapper"' >> .mozconfig # Remove executable bit to make brp-mangle-shebangs happy. @@ -1279,6 +1318,15 @@ chmod a-x third_party/rust/ash/src/extensions/nv/*.rs # Disable LTO to work around rhbz#1883904 %define _lto_cflags %{nil} +#WASI SDK +%if %{with wasi_sdk} +pushd wasi-sdk-20 +sed -i -e "s|VERSION=.*|VERSION=20|g" tar_from_installation.sh +cat tar_from_installation.sh +NINJA_FLAGS=-v CC=clang CXX=clang++ env -u CFLAGS -u CXXFLAGS -u FFLAGS -u VALFLAGS -u RUSTFLAGS -u LDFLAGS -u LT_SYS_LIBRARY_PATH make package +popd +%endif + export PATH="%{_buildrootdir}/bin:$PATH" # Cleanup buildroot for existing rpms from bundled nss/nspr and other packages rm -rf %{_buildrootdir}/* diff --git a/sources b/sources index 2ef1192..6a0a104 100644 --- a/sources +++ b/sources @@ -3,5 +3,6 @@ SHA512 (cbindgen-vendor.tar.xz) = 0c7a40033ccd38dadd30ad064feef390444af4562be07d SHA512 (nspr-4.35.0-1.el8_1.src.rpm) = 5123a443fcc42602e31104999be339ae899eb7b1f1e2f1ea87ba4f283eb894d08ab568e421dba1df4770f23be91ff88aa6a0748bce7feef31ed88bee5bdecb2c SHA512 (nss-3.101.0-7.el9_2.src.rpm) = 7c325e0e437c1266031af02b3a026d20b789548ae435be6c39d710aa9d19c967ac0a79097fd50dd8ab878bf0d72c19e937d54863aa8cd0654ef2ef288e3102ec SHA512 (nss-3.101.0-7.el8_2.src.rpm) = c25551b06cf9239bb54aaf3edaea2c60804b449de4e06af4f5192bc181b5c6468ea8a69ddeff9de1b11bfc123e894b1ce8fc5d6deddfd5062f8736b75db56f8d +SHA512 (wasi-sdk-20.tar.gz) = 95be9d9b41ed1f7884e9cd68bad22abbb355b049fd09731c89b9e36666d0205b1a16ec9c21820adf0c5a34e2048015cbfbef0542170d466fa3336c636873c405 SHA512 (firefox-128.4.0esr.processed-source.tar.xz) = b1bb73f1ba8a05a72717b0ebb3de5a7da5c55552e62c1a735e862e9dbfe77c7fc6aa201a722bdddd74b8f90e28d3b26b98417cf163c3b1398992fea45762ceaa SHA512 (firefox-langpacks-128.4.0esr-20241022.tar.xz) = 6b2637b0b6785a5520af01e5ccd3f7fea1c50c33f88dcc5a915ec169f0c0a85d16eb92e732d2be97b0524f92cfacf136fde1dcd6679e84d75ebaba09bda2484c diff --git a/wasi.patch b/wasi.patch new file mode 100644 index 0000000..b47b496 --- /dev/null +++ b/wasi.patch @@ -0,0 +1,12 @@ +diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure +--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100 ++++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100 +@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing + def wasi_sysroot_flags(wasi_sysroot): + if wasi_sysroot: + log.info("Using wasi sysroot in %s", wasi_sysroot) +- return ["--sysroot=%s" % wasi_sysroot] ++ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "/home/jhorak/rpmbuild/BUILDROOT/usr/share/wasi-sysroot/lib/libclang_rt.builtins-wasm32.a"] + return [] + + set_config("WASI_SYSROOT", wasi_sysroot) diff --git a/wasi.patch.template b/wasi.patch.template new file mode 100644 index 0000000..aa2838e --- /dev/null +++ b/wasi.patch.template @@ -0,0 +1,12 @@ +diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure +--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100 ++++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100 +@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing + def wasi_sysroot_flags(wasi_sysroot): + if wasi_sysroot: + log.info("Using wasi sysroot in %s", wasi_sysroot) +- return ["--sysroot=%s" % wasi_sysroot] ++ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "$LIBCLANG_RT"] + return [] + + set_config("WASI_SYSROOT", wasi_sysroot)