new package: tor-browser

.github/workflows/packages.yml

@@ -170,7 +170,7 @@ jobs:
         done
     - name: Free additional disk space (if necessary)
       run: |
-        if grep -Eq '^(chromium|code-server|code-oss|electron-headers-.*)$' ./built_tur_packages.txt; then
+        if grep -Eq '^(tor-browser|chromium|code-server|code-oss|electron-headers-.*)$' ./built_tur_packages.txt; then
           sudo apt purge -yq $(dpkg -l | grep '^ii' | awk '{ print $2 }' | grep -P '(cabal-|dotnet-|ghc-|libmono|php|aspnetcore)') \
             mono-runtime-common monodoc-manual ruby
           sudo apt autoremove -yq

tur/openssl-1.1/Configurations-15-android.conf.patch

@@ -0,0 +1,47 @@
+diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations/15-android.conf
+--- ../openssl-1.1.1-pre9/Configurations/15-android.conf	2018-08-21 12:14:11.000000000 +0000
++++ ./Configurations/15-android.conf	2018-08-22 09:48:30.506584421 +0000
+@@ -130,10 +130,10 @@
+         # systems are perfectly capable of executing binaries targeting
+         # Froyo. Keep in mind that in the nutshell Android builds are
+         # about JNI, i.e. shared libraries, not applications.
+-        cflags           => add(sub { android_ndk()->{cflags} }),
+-        cppflags         => add(sub { android_ndk()->{cppflags} }),
+-        cxxflags         => add(sub { android_ndk()->{cflags} }),
+-        bn_ops           => sub { android_ndk()->{bn_ops} },
++        #cflags           => add(sub { android_ndk()->{cflags} }),
++        #cppflags         => add(sub { android_ndk()->{cppflags} }),
++        #cxxflags         => add(sub { android_ndk()->{cflags} }),
++        #bn_ops           => sub { android_ndk()->{bn_ops} },
+         bin_cflags       => "-pie",
+         enable           => [ ],
+     },
+@@ -166,11 +166,11 @@
+         # Newer NDK versions reportedly require additional -latomic.
+         #
+         inherit_from     => [ "android", asm("armv4_asm") ],
+-        bn_ops           => add("RC4_CHAR"),
++        bn_ops           => "BN_LLONG RC4_CHAR",
+     },
+     "android-arm64" => {
+         inherit_from     => [ "android", asm("aarch64_asm") ],
+-        bn_ops           => add("RC4_CHAR"),
++        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+         perlasm_scheme   => "linux64",
+     },
+
+@@ -197,12 +197,12 @@
+     "android-x86" => {
+         inherit_from     => [ "android", asm("x86_asm") ],
+         CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+-        bn_ops           => add("RC4_INT"),
++        bn_ops           => "BN_LLONG RC4_INT",
+         perlasm_scheme   => "android",
+     },
+     "android-x86_64" => {
+         inherit_from     => [ "android", asm("x86_64_asm") ],
+-        bn_ops           => add("RC4_INT"),
++        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_INT",
+         perlasm_scheme   => "elf",
+     },
+

tur/openssl-1.1/apps-ocsp.c.patch

@@ -0,0 +1,11 @@
+diff -u -r ../openssl-1.1.1g/apps/ocsp.c ./apps/ocsp.c
+--- ../openssl-1.1.1g/apps/ocsp.c	2020-04-21 12:22:39.000000000 +0000
++++ ./apps/ocsp.c	2020-04-28 22:42:57.312189000 +0000
+@@ -48,6 +48,7 @@
+ #endif
+
+ #if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
++     && !defined(__ANDROID__) \
+      && !defined(OPENSSL_NO_POSIX_IO)
+ # define OCSP_DAEMON
+ # include <sys/types.h>

tur/openssl-1.1/build.sh

@@ -0,0 +1,77 @@
+TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
+TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
+TERMUX_PKG_LICENSE="custom"
+TERMUX_PKG_LICENSE_FILE="LICENSE"
+TERMUX_PKG_MAINTAINER="@termux"
+_VERSION=1.1.1w
+TERMUX_PKG_VERSION=1:${_VERSION}
+TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${_VERSION/\~/-}.tar.gz
+TERMUX_PKG_SHA256=cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
+TERMUX_PKG_AUTO_UPDATE=false
+TERMUX_PKG_DEPENDS="ca-certificates, zlib"
+TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf"
+TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/"
+TERMUX_PKG_BUILD_IN_SRC=true
+TERMUX_PKG_CONFLICTS="libcurl (<< 7.61.0-1)"
+TERMUX_PKG_BREAKS="openssl (<< 1.1.1m)"
+TERMUX_PKG_REPLACES="openssl (<< 1.1.1m)"
+
+termux_step_pre_configure() {
+	test -d $TERMUX_PREFIX/include/openssl && mv $TERMUX_PREFIX/include/openssl{,.tmp} || :
+	LDFLAGS="-L$TERMUX_PREFIX/lib/openssl-1.1 -Wl,-rpath=$TERMUX_PREFIX/lib/openssl-1.1 $LDFLAGS"
+}
+
+termux_step_configure() {
+	# Certain packages are not safe to build on device because their
+	# build.sh script deletes specific files in $TERMUX_PREFIX.
+	if $TERMUX_ON_DEVICE_BUILD; then
+		termux_error_exit "Package '$TERMUX_PKG_NAME' is not safe for on-device builds."
+	fi
+
+	CFLAGS+=" -DNO_SYSLOG"
+
+	perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure
+	test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-arm"
+	test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="android-arm64"
+	test $TERMUX_ARCH = "i686" && TERMUX_OPENSSL_PLATFORM="android-x86"
+	test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="android-x86_64"
+
+	install -m755 -d $TERMUX_PREFIX/lib/openssl-1.1
+
+	./Configure $TERMUX_OPENSSL_PLATFORM \
+		--prefix=$TERMUX_PREFIX \
+		--openssldir=$TERMUX_PREFIX/etc/tls \
+		--libdir=$TERMUX_PREFIX/lib/openssl-1.1 \
+		shared \
+		zlib-dynamic \
+		no-ssl \
+		no-hw \
+		no-srp \
+		no-tests
+}
+
+termux_step_make() {
+	make depend
+	make -j $TERMUX_PKG_MAKE_PROCESSES all
+}
+
+termux_step_make_install() {
+	# "install_sw" instead of "install" to not install man pages:
+	make -j 1 install_sw MANDIR=$TERMUX_PREFIX/share/man MANSUFFIX=.ssl
+
+	mkdir -p $TERMUX_PREFIX/etc/tls/
+
+	cp apps/openssl.cnf $TERMUX_PREFIX/etc/tls/openssl.cnf
+
+	install -m755 -d $TERMUX_PREFIX/include/openssl-1.1
+	mv $TERMUX_PREFIX/include/openssl $TERMUX_PREFIX/include/openssl-1.1/
+	mv $TERMUX_PREFIX/bin/openssl $TERMUX_PREFIX/bin/openssl-1.1
+}
+
+termux_step_post_make_install() {
+	test -d $TERMUX_PREFIX/include/openssl.tmp && mv $TERMUX_PREFIX/include/openssl{.tmp,} || :
+}
+
+termux_step_post_massage() {
+	rm -rf include/openssl
+}

tur/openssl-1.1/e_os.h.patch

@@ -0,0 +1,12 @@
+diff -u -r ../openssl-1.1.1c/e_os.h ./e_os.h
+--- ../openssl-1.1.1c/e_os.h	2019-05-28 13:12:21.000000000 +0000
++++ ./e_os.h	2019-05-29 20:59:46.153243395 +0000
+@@ -38,7 +38,7 @@
+  * sockets will be tried in the order listed in case accessing the device
+  * files listed in DEVRANDOM did not return enough randomness.
+  */
+-#  define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
++#  define DEVRANDOM_EGD "@TERMUX_PREFIX@/var/run/egd-pool", "/dev/egd-pool", "@TERMUX_PREFIX@/etc/egd-pool", "@TERMUX_PREFIX@/etc/entropy"
+ # endif
+
+ # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)

tur/openssl-1.1/openssl1.1-tool.subpackage.sh

@@ -0,0 +1,2 @@
+TERMUX_SUBPKG_INCLUDE="bin"
+TERMUX_SUBPKG_DESCRIPTION="The openssl command line cryptographic tool"

tur/tor-browser/0001-configure-treat-termux-as-linux.patch

@@ -0,0 +1,11 @@
+--- a/build/moz.configure/init.configure
++++ b/build/moz.configure/init.configure
+@@ -500,7 +500,7 @@
+     abi = None
+     sub_configure_alias = triplet
+     if "android" in os:
+-        canonical_os = "Android"
++        canonical_os = "GNU"
+         canonical_kernel = "Linux"
+     elif os.startswith("linux"):
+         canonical_os = "GNU"

tur/tor-browser/0002-configure-fix-arm-options.patch

@@ -0,0 +1,11 @@
+--- a/build/moz.configure/arm.configure
++++ b/build/moz.configure/arm.configure
+@@ -7,7 +7,7 @@
+
+ @depends(target.os)
+ def arm_option_defaults(os):
+-    if os == "Android":
++    if True:
+         arch = "armv7-a"
+         thumb = "yes"
+         fpu = "neon"

tur/tor-browser/0003-configure-fix-rustflags.patch

@@ -0,0 +1,44 @@
+--- a/build/moz.configure/rust.configure
++++ b/build/moz.configure/rust.configure
+@@ -514,17 +514,27 @@
+     assert_rust_compile(host, rustc_target, rustc)
+     return rustc_target
+
++option("--custom-rust-target-triple", nargs=1, help="Customize Rust Target Triple")
++
++@depends("--custom-rust-target-triple")
++def get_custom_rust_target_triple(custom_rust_target_triple):
++    if custom_rust_target_triple:
++        return custom_rust_target_triple[0]
++    return None
+
+ @depends(
+-    rustc, target, c_compiler, rust_supported_targets, arm_target, when=rust_compiler
++    get_custom_rust_target_triple, rustc, target, c_compiler, rust_supported_targets, arm_target, when=rust_compiler
+ )
+ @checking("for rust target triplet")
+ def rust_target_triple(
+-    rustc, target, compiler_info, rust_supported_targets, arm_target
++    custom_rust_target_triple, rustc, target, compiler_info, rust_supported_targets, arm_target
+ ):
+-    rustc_target = detect_rustc_target(
+-        target, compiler_info, arm_target, rust_supported_targets
+-    )
++    if custom_rust_target_triple:
++        rustc_target = custom_rust_target_triple
++    else:
++        rustc_target = detect_rustc_target(
++            target, compiler_info, arm_target, rust_supported_targets
++        )
+     assert_rust_compile(target, rustc_target, rustc)
+     return rustc_target
+
+@@ -599,8 +609,6 @@
+
+ # ==============================================================
+
+-option(env="RUSTFLAGS", nargs=1, help="Rust compiler flags")
+-set_config("RUSTFLAGS", depends("RUSTFLAGS")(lambda flags: flags))
+
+
+ # Rust compiler flags

tur/tor-browser/0004-configure-do-not-check-libstdcxx-headers.patch

@@ -0,0 +1,21 @@
+--- a/build/moz.configure/toolchain.configure
++++ b/build/moz.configure/toolchain.configure
+@@ -1981,17 +1981,7 @@
+
+ @depends(cxx_compiler, target)
+ def needs_libstdcxx_newness_check(cxx_compiler, target):
+-    # We only have to care about this on Linux and MinGW.
+-    if cxx_compiler.type == "clang-cl":
+-        return
+-
+-    if target.kernel not in ("Linux", "WINNT"):
+-        return
+-
+-    if target.os == "Android":
+-        return
+-
+-    return True
++    return
+
+
+ def die_on_old_libstdcxx():

tur/tor-browser/0005-configure-do-not-append-sysroot.patch

@@ -0,0 +1,22 @@
+--- a/build/moz.configure/toolchain.configure
++++ b/build/moz.configure/toolchain.configure
+@@ -1256,7 +1256,7 @@
+     ):
+         wrapper = list(compiler_wrapper or ())
+         flags = []
+-        if sysroot.path:
++        if False:
+             if host_or_target.kernel == "Darwin":
+                 # While --sysroot and -isysroot are roughly equivalent, when not using
+                 # -isysroot on mac, clang takes the SDKROOT environment variable into
+--- a/build/moz.configure/pkg.configure
++++ b/build/moz.configure/pkg.configure
+@@ -56,7 +56,7 @@
+ @imports(_from="os", _import="environ")
+ @imports(_from="os", _import="pathsep")
+ def pkg_config_vars(target, sysroot_path, multiarch_dir):
+-    if sysroot_path and target.kernel != "Darwin":
++    if False:
+         pkgconfig_dirs = [
+             "usr/lib/pkgconfig",
+             "usr/lib/{}/pkgconfig".format(multiarch_dir),

tur/tor-browser/0006-configure-do-not-enable-alsa.patch

@@ -0,0 +1,11 @@
+--- a/toolkit/moz.configure
++++ b/toolkit/moz.configure
+@@ -174,7 +174,7 @@
+ @depends(target)
+ def midir_linux_support(target):
+     return (
+-        target.kernel == "Linux" and target.os != "Android" and target.cpu != "riscv64"
++        False
+     )
+
+

tur/tor-browser/0007-fix-link-with-libcxx-18.patch

@@ -0,0 +1,14 @@
+https://bugzilla.mozilla.org/show_bug.cgi?id=1874059
+https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276746
+
+--- a/build/moz.configure/toolchain.configure
++++ b/build/moz.configure/toolchain.configure
+@@ -2344,7 +2344,7 @@
+ @depends(target, build_environment)
+ def visibility_flags(target, env):
+     if target.os != "WINNT":
+-        if target.kernel == "Darwin":
++        if True:
+             return ("-fvisibility=hidden", "-fvisibility-inlines-hidden")
+         return (
+             "-I%s/system_wrappers" % os.path.join(env.dist),

tur/tor-browser/0008-fix-marcos.patch

@@ -0,0 +1,88 @@
+--- a/dom/media/systemservices/VideoEngine.cpp
++++ b/dom/media/systemservices/VideoEngine.cpp
+@@ -30,7 +30,7 @@
+ #define LOG(args) MOZ_LOG(gVideoEngineLog, mozilla::LogLevel::Debug, args)
+ #define LOG_ENABLED() MOZ_LOG_TEST(gVideoEngineLog, mozilla::LogLevel::Debug)
+
+-#if defined(ANDROID)
++#if defined(ANDROID) && !defined(__TERMUX__)
+ int VideoEngine::SetAndroidObjects() {
+   LOG(("%s", __PRETTY_FUNCTION__));
+
+--- a/ipc/chromium/src/base/lock_impl_posix.cc
++++ b/ipc/chromium/src/base/lock_impl_posix.cc
+@@ -22,7 +22,7 @@
+ // Lock::PriorityInheritanceAvailable still must be checked as the code may
+ // compile but the underlying platform still may not correctly support priority
+ // inheritance locks.
+-#if defined(ANDROID)
++#if defined(ANDROID) || defined(__TERMUX__)
+ #  define PRIORITY_INHERITANCE_LOCKS_POSSIBLE() 0
+ #else
+ #  define PRIORITY_INHERITANCE_LOCKS_POSSIBLE() 1
+--- a/js/src/ctypes/libffi/src/closures.c
++++ b/js/src/ctypes/libffi/src/closures.c
+@@ -112,7 +112,7 @@
+ #else /* !NetBSD with PROT_MPROTECT */
+
+ #if !FFI_MMAP_EXEC_WRIT && !FFI_EXEC_TRAMPOLINE_TABLE
+-# if __linux__ && !defined(__ANDROID__)
++# if __linux__ && !defined(__TERMUX__)
+ /* This macro indicates it may be forbidden to map anonymous memory
+    with both write and execute permission.  Code compiled when this
+    option is defined will attempt to map such pages once, but if it
+--- a/memory/build/malloc_decls.h
++++ b/memory/build/malloc_decls.h
+@@ -39,7 +39,7 @@
+ // consistent declare certain functions as `throw()`, though.
+
+ // Bionic and OS X don't seem to care about `throw()`ness.
+-#  if defined(ANDROID) || defined(XP_DARWIN)
++#  if defined(__TERMUX__) || defined(XP_DARWIN)
+ #    undef NOTHROW_MALLOC_DECL
+ #    define NOTHROW_MALLOC_DECL MALLOC_DECL
+ // Some places don't care about the distinction.
+--- a/dom/media/CubebUtils.cpp
++++ b/dom/media/CubebUtils.cpp
+@@ -57,7 +57,7 @@
+ #define PREF_AUDIOIPC_STACK_SIZE "media.audioipc.stack_size"
+ #define PREF_AUDIOIPC_SHM_AREA_SIZE "media.audioipc.shm_area_size"
+
+-#if defined(XP_LINUX) || defined(XP_MACOSX) || defined(XP_WIN)
++#if (defined(XP_LINUX) && !defined(__TERMUX__)) || defined(XP_MACOSX) || defined(XP_WIN)
+ #  define MOZ_CUBEB_REMOTING
+ #endif
+
+--- a/mozglue/misc/ConditionVariable_posix.cpp
++++ b/mozglue/misc/ConditionVariable_posix.cpp
+@@ -23,7 +23,7 @@
+ // Android 4.4 or earlier & macOS 10.12 has the clock functions, but not
+ // pthread_condattr_setclock.
+ #if defined(HAVE_CLOCK_MONOTONIC) && \
+-    !(defined(__ANDROID__) && __ANDROID_API__ < 21) && !defined(__APPLE__)
++    defined(__TERMUX__)
+ #  define CV_USE_CLOCK_API
+ #endif
+
+--- a/mozglue/misc/StackWalk.cpp
++++ b/mozglue/misc/StackWalk.cpp
+@@ -692,7 +692,7 @@
+   stackEnd = __libc_stack_end;
+ #    elif defined(XP_DARWIN)
+   stackEnd = pthread_get_stackaddr_np(pthread_self());
+-#    elif defined(ANDROID)
++#    elif defined(__TERMUX__)
+   pthread_attr_t sattr;
+   pthread_attr_init(&sattr);
+   pthread_getattr_np(pthread_self(), &sattr);
+--- a/nsprpub/pr/src/pthreads/ptsynch.c
++++ b/nsprpub/pr/src/pthreads/ptsynch.c
+@@ -953,7 +953,7 @@
+ #if (defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED)) \
+     || (defined(FREEBSD) && __FreeBSD_version < 1200059) \
+     || defined(OPENBSD) || defined(BSDI) \
+-    || defined(DARWIN)
++    || defined(DARWIN) || defined(__TERMUX__)
+ /* union semun is defined by including <sys/sem.h> */
+ #else
+ /* according to X/OPEN we have to define it ourselves */