diff options
Diffstat (limited to 'linux')
-rw-r--r-- | linux/.config | 111 | ||||
-rw-r--r-- | linux/config.yaml | 63 | ||||
-rw-r--r-- | linux/firejail/poi.profile | 48 | ||||
-rw-r--r-- | linux/makepkg/PKGBUILD | 98 |
4 files changed, 217 insertions, 103 deletions
diff --git a/linux/.config b/linux/.config new file mode 100644 index 0000000..2fb8236 --- /dev/null +++ b/linux/.config @@ -0,0 +1,111 @@ + +# +# Application +# +CONFIG_POI_NAME="smolbote" +CONFIG_POI_ICON=":/icons/poi.svg" +CONFIG_POI_CFG_PATH="~/.config/smolbote/smolbote.cfg" +# end of Application + +# +# Keyboard shortcuts +# + +# +# Main Window shortcuts +# +CONFIG_shortcuts.session.save="Ctrl+S,S" +CONFIG_shortcuts.session.open="Ctrl+S,O" +CONFIG_shortcuts.window.newgroup="Ctrl+G" +CONFIG_shortcuts.window.newwindow="Ctrl+N" +CONFIG_shortcuts.window.about="F1" +CONFIG_shortcuts.window.quit="Ctrl+Q" +CONFIG_shortcuts.window.search="F3" +CONFIG_shortcuts.window.downloads.show="Ctrl+D" + +# +# Navigation Bar shortcuts +# +CONFIG_navigationbar.show="Ctrl+Shift+N" +CONFIG_shortcuts.navigation.back="Ctrl+Left" +CONFIG_shortcuts.navigation.backmenu="Ctrl+Down" +CONFIG_shortcuts.navigation.forward="Ctrl+Right" +CONFIG_shortcuts.navigation.forwardmenu="Ctrl+Up" +CONFIG_shortcuts.navigation.refresh="F5" +CONFIG_shortcuts.navigation.reload="Ctrl+F5" +CONFIG_shortcuts.navigation.home="Ctrl+Home" + +# +# Address Bar shortcuts +# +CONFIG_shortcuts.address.focus="F4" +CONFIG_shortcuts.address.menu="F2" + +# +# Subwindow shortcuts +# +CONFIG_shortcuts.subwindow.close="Ctrl+Shift+W" +CONFIG_shortcuts.subwindow.fullscreen="F11" +CONFIG_shortcuts.subwindow.newtab="Ctrl+T" +CONFIG_shortcuts.subwindow.closetab="Ctrl+W" +CONFIG_shortcuts.subwindow.restoretab="Ctrl+Shift+T" +CONFIG_shortcuts.subwindow.tableft="Ctrl+O" +CONFIG_shortcuts.subwindow.movetableft="Ctrl+Shift+O" +CONFIG_shortcuts.subwindow.tabright="Ctrl+P" +CONFIG_shortcuts.subwindow.movetabright="Ctrl+Shift+P" +# end of Keyboard shortcuts + +# +# Main Window +# +CONFIG_mainwindow.title="smolbote" +CONFIG_mainwindow.width=1280 +CONFIG_mainwindow.height=720 +# end of Main Window + +# +# Bookmarks +# +CONFIG_bookmarks.path="~/.config/smolbote/bookmarks.xbel" +CONFIG_shortcuts.window.bookmarks.show="Ctrl+B" +CONFIG_bookmarks.toolbar.show="Ctrl+Shift+B" +# CONFIG_bookmarks.toolbar.movable is not set +# CONFIG_bookmarks.toolbar.visible is not set +# end of Bookmarks + +# +# Profile Settings +# +CONFIG_profile.path="~/.config/smolbote/profiles.d" +CONFIG_profile.default="default" +CONFIG_profile.search="https://duckduckgo.com/?q=%1&ia=web" +CONFIG_profile.homepage="about:blank" +CONFIG_profile.newtab="about:blank" +# end of Profile Settings + +CONFIG_USEPLUGINS=y + +# +# Plugin Settings +# +CONFIG_PLUGINS_PATH="~/.config/smolbote/plugins.d" +# CONFIG_PLUGINS_SIGNATURE_IGNORED is not set +CONFIG_PLUGINS_SIGNATURE_CHECKED=y +# CONFIG_PLUGINS_SIGNATURE_ENFORCED is not set +CONFIG_PLUGINS_SIGNATURE_HASH="SHA256" +# end of Plugin Settings + +# +# Default paths +# +CONFIG_filter.path="~/.config/smolbote/hosts.d" +CONFIG_downloads.path="~/Downloads" +CONFIG_session.path="~/.config/smolbote/session.d" +# CONFIG_USEPLASMA is not set +# CONFIG_USEBREAKPAD is not set + +# +# Workarounds +# +CONFIG_QTBUG_65223=y +# end of Workarounds diff --git a/linux/config.yaml b/linux/config.yaml new file mode 100644 index 0000000..38e6e6e --- /dev/null +++ b/linux/config.yaml @@ -0,0 +1,63 @@ +--- +- poi: + name: smolbote + icon: :/icons/poi.svg + config: ~/.config/smolbote/smolbote.cfg + +- shortcuts: + session.save: Ctrl+S,S + session.open: Ctrl+S,O + + window.newgroup: Ctrl+G + window.newwindow: Ctrl+N + window.about: F1 + window.quit: Ctrl+Q + window.search: F3 + window.bookmarks.show: Ctrl+B + window.downloads.show: Ctrl+D + + navigationbar.show: Ctrl+Shift+N + navigation.back: Ctrl+Left + navigation.backmenu: Ctrl+Down + navigation.forward: Ctrl+Right + navigation.forwardmenu: Ctrl+Up + navigation.refresh: F5 + navigation.reload: Ctrl+F5 + navigation.home: Ctrl+Home + + address.focus: F4 + address.menu: F2 + + subwindow.close: Ctrl+Shift+W + subwindow.fullscreen: F11 + subwindow.newtab: Ctrl+T + subwindow.closetab: Ctrl+W + subwindow.restoretab: Ctrl+Shift+T + subwindow.tableft: Ctrl+O + subwindow.movetableft: Ctrl+Shift+O + subwindow.tabright: Ctrl+P + subwindow.movetabright: Ctrl+Shift+P + +- mainwindow: + title: smolbote + width: 1280 + height: 720 + +- bookmarks: + path: ~/.config/smolbote/bookmarks.xbel + toolbar.show: Ctrl+Shift+B + toolbar.movable: false + toolbar.visible: true + +- downloads: + path: ~/Downloads + +- profile: + path: ~/.config/smolbote/profiles.d + default: default + search: https://duckduckgo.com/?q=%1&ia=web + homepage: about:blank + newtab: about:blank + +- session: + path: ~/.config/smolbote/session.d diff --git a/linux/firejail/poi.profile b/linux/firejail/poi.profile index a7d3005..1a644d7 100644 --- a/linux/firejail/poi.profile +++ b/linux/firejail/poi.profile @@ -1,21 +1,22 @@ # Firejail profile for poi # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/poi.local +include poi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # noblacklist: exclude from blacklist noblacklist ${HOME}/.cache/smolbote noblacklist ${HOME}/.config/smolbote noblacklist ${HOME}/.local/share/smolbote -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.cache/smolbote mkdir ${HOME}/.config/smolbote @@ -25,7 +26,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/smolbote whitelist ${HOME}/.config/smolbote whitelist ${HOME}/.local/share/smolbote -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid @@ -43,7 +44,9 @@ caps.drop all netfilter ## nodbus - Disable access to dbus. -nodbus +#nodbus +dbus-user none +dbus-system none ## nodvd - Disable access to optical disk drives. nodvd @@ -60,6 +63,9 @@ noroot ## notv - Disable access to DVB TV devices. notv +## nou2f - Disable access to U2F devices. +nou2f + # novideo - Disable access to video devices. novideo @@ -67,20 +73,16 @@ novideo protocol unix,inet,inet6,netlink ## seccomp - Blacklists a large swath of syscalls from being accessible. -#seccomp -## Use seccomp.drop for now as seccomp is broken with many programs. -seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@privileged,@raw-io,@reboot,@resources,@swap,ptrace -# QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason -# Use the following seccomp.drop instead on such systems. -#seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@raw-io,@reboot,@resources,@swap,ptrace,mount,umount2,pivot_root +# QtWebEngine requires chroot syscall on AMD and ATI Graphics for some bizarre reason +seccomp !name_to_handle_at,!chroot ## shell - Run the program directly, without a user shell. # breaks secondary instances when using join-or-start after shell=none -#shell none +shell none ## tracelog - Log all viloations to syslog. -# tracelog segfaults QtWebEngine on AMD CPUS and/or ATI Graphics for some bizarre reason -tracelog +# tracelog segfaults QtWebEngine on AMD and ATI Graphics for some bizarre reason +#tracelog ## disable-mnt - Deny access to /mnt, /media, /run/mount, and /run/media disable-mnt @@ -88,7 +90,7 @@ disable-mnt ## private-bin - Creates a virtual /bin directory containing only temporary copies of the following executables. # bash required to launch from kde kickoff menu # breaks if installed to /usr/local -#private-bin bash,poi +private-bin bash,poi ## private-dev - Create a virtual /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. private-dev @@ -101,12 +103,6 @@ private-etc fonts,group,machine-id,resolv.conf # breaks SingleApplication without join-or-start set private-tmp - -## noexec - Prevent execution of files in the specified locations -noexec ${HOME} -noexec /tmp - - # join-or-start - Join the sandbox identified by name or start a new one join-or-start poi diff --git a/linux/makepkg/PKGBUILD b/linux/makepkg/PKGBUILD index 5e27542..efdea15 100644 --- a/linux/makepkg/PKGBUILD +++ b/linux/makepkg/PKGBUILD @@ -1,53 +1,43 @@ # Maintainer: Aqua-sama <aqua at iserlohn-fortress dot net> ## not-use flags -# Enable plugin signing: -_signPlugins=0 -# Enable breakpad integraton: -_enableBreakpad=0 # install prefix -_prefix='/usr/local' +_prefix='/usr' pkgname=smolbote-git pkgdesc='Yet another no-frills browser' pkgver=0 pkgrel=1 -url="https://neueland.iserlohn-fortress.net/gitea/smolbote" +url="https://neueland.iserlohn-fortress.net/cgit/smolbote" install="smolbote.install" arch=('x86_64' 'aarch64') license=('GPL3') -depends=('qt5-webengine>=5.11.0' 'spdlog') -makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt5-tools' 'scdoc' 'catch2') -if [ $_enableBreakpad == "1" ]; then - makedepends+=('breakpad-git') -fi +depends=('qt6-svg' 'qt6-webengine' 'spdlog' 'fmt') +makedepends=('git' 'cmake' 'openssl' 'qt6-tools' 'scdoc') optdepends=('firejail: launch a sandboxed instance') -# this isn't a hard requirement, simply a workaround as the build script -# sets some additional hardening flags that the default makepkg.conf -# will turn down -options=(!buildflags) - # use git+file:///path/to/your/repo to build from a local repo -source=("git+https://library.iserlohn-fortress.net/aqua/smolbote.git" - "https://neueland.iserlohn-fortress.net/releases/SingleApplication-3.1.1a.tar.xz"{,.sig} - "https://neueland.iserlohn-fortress.net/releases/args.hxx-6.2.2.tar.xz"{,.sig}) +source=("git+https://neueland.iserlohn-fortress.net/cgit/smolbote" + "SingleApplication-v3.4.1.tar.gz::https://github.com/itay-grudev/SingleApplication/archive/refs/tags/v3.4.1.tar.gz") b2sums=('SKIP' - 'cec3de8dbf252bfa6dc488e5a1440695f4dd3abffdf30948b7d1a3df3d9c85911e981c802ed5a882f1407315114529f4016e55c7d05fbbd1dafe5495b0a63f4a' - 'SKIP' - '440e357006883fbf1b1a796051500a6b068858a35947cd1119767bed8e0a86a7db4aff16498934d7217c375fe643da03c22007e438f30899e247153f25c922b6' - 'SKIP') + 'fe320ccb0390b13b1c7b0c017cff34b02f5138bd6643457843a7200374c8a994a37a1b00a65c70e83ba5bdc61f157ccfaa8cdfc0eee7b2149df4acda06173669') -validgpgkeys=(BB1C090188E3E32B375C13FD095DE26BC16D2E98) # Aqua-sama <aqua@iserlohn-fortress.net> +validpgpkeys=(BB1C090188E3E32B375C13FD095DE26BC16D2E98) # Aqua-sama <aqua@iserlohn-fortress.net> prepare() { - mkdir "$srcdir/smolbote/subprojects/packagecache/" - ln -s "$srcdir/SingleApplication-3.1.1a" "$srcdir/smolbote/subprojects/" - ln -s "$srcdir/args.hxx-6.2.2" "$srcdir/smolbote/subprojects/" + msg2 "Populate third_party packages..." + mkdir "$srcdir/smolbote/third_party" + ln -s "$srcdir/SingleApplication-3.4.1" "$srcdir/smolbote/third_party/SingleApplication" + + msg2 "Configure..." + cmake -S $srcdir/smolbote -B $srcdir/build \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DINSTALL_MANPAGES=ON } pkgver() { @@ -57,61 +47,15 @@ pkgver() { } build() { - mkdir -p $srcdir/build - cd $srcdir/smolbote - KCONFIG_CONFIG=linux/.config alldefconfig - - # For a list of configureable options, check smolbote/meson_options.txt, or - # run `meson configure` in $srcdir/build - - # --wrap-mode=nodownload - disable meson from downloading dependency wraps. This will cause it to fail if makedepends are not found by pkg-config or cmake. - # --wrap-mode=nofallback - disable downloads as a fallback too. Implies --wrap-mode=nodownload - # --buildtype=plain - meson won't add any flags to the command line - # --prefix=... - install prefix - # --auto-features=disabled - features should be explicitly enabled - # b_pie: Build executables as position independent - # b_lto: Use link time optimization - meson --buildtype=release --wrap-mode=nodownload \ - --prefix=$_prefix --auto-features=disabled \ - -Db_pie=true -Ddefault_library=static \ - -Dmanpage=enabled \ - $srcdir/build - - if [ $_enableBreakpad == "1" ]; then - msg2 "Enabling crashhandler" - meson configure -Ddebug=true -Dcrashhandler=enabled - KCONFIG_CONFIG=linux/.config setconfig USEBREAKPAD=y - fi - - # Run menuconfig - #KCONFIG_CONFIG=linux/.config menuconfig - - # Build - ninja -C $srcdir/build "$MAKEFLAGS" + cmake --build $srcdir/build -- ${MAKEFLAGS} + cmake --build $srcdir/build --target manpages -- ${MAKEFLAGS} } check() { - ninja -C $srcdir/build test + ctest --test-dir $srcdir/build } package() { - # Install - cd $srcdir/build - DESTDIR="$pkgdir" ninja install - - if [ $_signPlugins == "1" ]; then - msg "Signing plugins" - for so in $pkgdir/$_prefix/lib/smolbote/plugins/*.so; do - openssl dgst -sha256 -sign $srcdir/build/lib/pluginloader/privateKey.pem -out $so.sig $so - msg2 "Signed $(basename $so)" - done - fi - - if [ $_enableBreakpad == "1" ]; then - msg "Installing debug symbols" - ninja -C $srcdir/build linux/poi.sym - install -dm644 $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') - install -m644 -t $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') $srcdir/build/linux/poi.sym - fi + DESTDIR="$pkgdir" cmake --install $srcdir/build --strip } |