From 3f72c39fb0e95d45d15bde64661040e920574a85 Mon Sep 17 00:00:00 2001 From: aqua Date: Tue, 23 Apr 2024 11:22:02 +0300 Subject: Ported to qt6 --- linux/.config | 111 +++++++++++++++++++++++++++++++++++++++++++++ linux/firejail/poi.profile | 48 +++++++++----------- linux/makepkg/PKGBUILD | 58 +++++++++++------------ 3 files changed, 163 insertions(+), 54 deletions(-) create mode 100644 linux/.config (limited to 'linux') diff --git a/linux/.config b/linux/.config new file mode 100644 index 0000000..2fb8236 --- /dev/null +++ b/linux/.config @@ -0,0 +1,111 @@ + +# +# Application +# +CONFIG_POI_NAME="smolbote" +CONFIG_POI_ICON=":/icons/poi.svg" +CONFIG_POI_CFG_PATH="~/.config/smolbote/smolbote.cfg" +# end of Application + +# +# Keyboard shortcuts +# + +# +# Main Window shortcuts +# +CONFIG_shortcuts.session.save="Ctrl+S,S" +CONFIG_shortcuts.session.open="Ctrl+S,O" +CONFIG_shortcuts.window.newgroup="Ctrl+G" +CONFIG_shortcuts.window.newwindow="Ctrl+N" +CONFIG_shortcuts.window.about="F1" +CONFIG_shortcuts.window.quit="Ctrl+Q" +CONFIG_shortcuts.window.search="F3" +CONFIG_shortcuts.window.downloads.show="Ctrl+D" + +# +# Navigation Bar shortcuts +# +CONFIG_navigationbar.show="Ctrl+Shift+N" +CONFIG_shortcuts.navigation.back="Ctrl+Left" +CONFIG_shortcuts.navigation.backmenu="Ctrl+Down" +CONFIG_shortcuts.navigation.forward="Ctrl+Right" +CONFIG_shortcuts.navigation.forwardmenu="Ctrl+Up" +CONFIG_shortcuts.navigation.refresh="F5" +CONFIG_shortcuts.navigation.reload="Ctrl+F5" +CONFIG_shortcuts.navigation.home="Ctrl+Home" + +# +# Address Bar shortcuts +# +CONFIG_shortcuts.address.focus="F4" +CONFIG_shortcuts.address.menu="F2" + +# +# Subwindow shortcuts +# +CONFIG_shortcuts.subwindow.close="Ctrl+Shift+W" +CONFIG_shortcuts.subwindow.fullscreen="F11" +CONFIG_shortcuts.subwindow.newtab="Ctrl+T" +CONFIG_shortcuts.subwindow.closetab="Ctrl+W" +CONFIG_shortcuts.subwindow.restoretab="Ctrl+Shift+T" +CONFIG_shortcuts.subwindow.tableft="Ctrl+O" +CONFIG_shortcuts.subwindow.movetableft="Ctrl+Shift+O" +CONFIG_shortcuts.subwindow.tabright="Ctrl+P" +CONFIG_shortcuts.subwindow.movetabright="Ctrl+Shift+P" +# end of Keyboard shortcuts + +# +# Main Window +# +CONFIG_mainwindow.title="smolbote" +CONFIG_mainwindow.width=1280 +CONFIG_mainwindow.height=720 +# end of Main Window + +# +# Bookmarks +# +CONFIG_bookmarks.path="~/.config/smolbote/bookmarks.xbel" +CONFIG_shortcuts.window.bookmarks.show="Ctrl+B" +CONFIG_bookmarks.toolbar.show="Ctrl+Shift+B" +# CONFIG_bookmarks.toolbar.movable is not set +# CONFIG_bookmarks.toolbar.visible is not set +# end of Bookmarks + +# +# Profile Settings +# +CONFIG_profile.path="~/.config/smolbote/profiles.d" +CONFIG_profile.default="default" +CONFIG_profile.search="https://duckduckgo.com/?q=%1&ia=web" +CONFIG_profile.homepage="about:blank" +CONFIG_profile.newtab="about:blank" +# end of Profile Settings + +CONFIG_USEPLUGINS=y + +# +# Plugin Settings +# +CONFIG_PLUGINS_PATH="~/.config/smolbote/plugins.d" +# CONFIG_PLUGINS_SIGNATURE_IGNORED is not set +CONFIG_PLUGINS_SIGNATURE_CHECKED=y +# CONFIG_PLUGINS_SIGNATURE_ENFORCED is not set +CONFIG_PLUGINS_SIGNATURE_HASH="SHA256" +# end of Plugin Settings + +# +# Default paths +# +CONFIG_filter.path="~/.config/smolbote/hosts.d" +CONFIG_downloads.path="~/Downloads" +CONFIG_session.path="~/.config/smolbote/session.d" +# CONFIG_USEPLASMA is not set +# CONFIG_USEBREAKPAD is not set + +# +# Workarounds +# +CONFIG_QTBUG_65223=y +# end of Workarounds diff --git a/linux/firejail/poi.profile b/linux/firejail/poi.profile index a7d3005..1a644d7 100644 --- a/linux/firejail/poi.profile +++ b/linux/firejail/poi.profile @@ -1,21 +1,22 @@ # Firejail profile for poi # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/poi.local +include poi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # noblacklist: exclude from blacklist noblacklist ${HOME}/.cache/smolbote noblacklist ${HOME}/.config/smolbote noblacklist ${HOME}/.local/share/smolbote -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.cache/smolbote mkdir ${HOME}/.config/smolbote @@ -25,7 +26,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/smolbote whitelist ${HOME}/.config/smolbote whitelist ${HOME}/.local/share/smolbote -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid @@ -43,7 +44,9 @@ caps.drop all netfilter ## nodbus - Disable access to dbus. -nodbus +#nodbus +dbus-user none +dbus-system none ## nodvd - Disable access to optical disk drives. nodvd @@ -60,6 +63,9 @@ noroot ## notv - Disable access to DVB TV devices. notv +## nou2f - Disable access to U2F devices. +nou2f + # novideo - Disable access to video devices. novideo @@ -67,20 +73,16 @@ novideo protocol unix,inet,inet6,netlink ## seccomp - Blacklists a large swath of syscalls from being accessible. -#seccomp -## Use seccomp.drop for now as seccomp is broken with many programs. -seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@privileged,@raw-io,@reboot,@resources,@swap,ptrace -# QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason -# Use the following seccomp.drop instead on such systems. -#seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@raw-io,@reboot,@resources,@swap,ptrace,mount,umount2,pivot_root +# QtWebEngine requires chroot syscall on AMD and ATI Graphics for some bizarre reason +seccomp !name_to_handle_at,!chroot ## shell - Run the program directly, without a user shell. # breaks secondary instances when using join-or-start after shell=none -#shell none +shell none ## tracelog - Log all viloations to syslog. -# tracelog segfaults QtWebEngine on AMD CPUS and/or ATI Graphics for some bizarre reason -tracelog +# tracelog segfaults QtWebEngine on AMD and ATI Graphics for some bizarre reason +#tracelog ## disable-mnt - Deny access to /mnt, /media, /run/mount, and /run/media disable-mnt @@ -88,7 +90,7 @@ disable-mnt ## private-bin - Creates a virtual /bin directory containing only temporary copies of the following executables. # bash required to launch from kde kickoff menu # breaks if installed to /usr/local -#private-bin bash,poi +private-bin bash,poi ## private-dev - Create a virtual /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. private-dev @@ -101,12 +103,6 @@ private-etc fonts,group,machine-id,resolv.conf # breaks SingleApplication without join-or-start set private-tmp - -## noexec - Prevent execution of files in the specified locations -noexec ${HOME} -noexec /tmp - - # join-or-start - Join the sandbox identified by name or start a new one join-or-start poi diff --git a/linux/makepkg/PKGBUILD b/linux/makepkg/PKGBUILD index 5bcf684..34d54ef 100644 --- a/linux/makepkg/PKGBUILD +++ b/linux/makepkg/PKGBUILD @@ -3,14 +3,16 @@ ## not-use flags # Enable plugin signing: _signPlugins=0 -# Enable breakpad integraton: -_enableBreakpad=0 +# test +_test=0 +_branch=devel +_optimized=0 # install prefix -_prefix='/usr/local' +_prefix='/usr' pkgname=smolbote-git pkgdesc='Yet another no-frills browser' -pkgver=0 +pkgver=r638.be627c1 pkgrel=1 url="https://neueland.iserlohn-fortress.net/gitea/smolbote" @@ -19,33 +21,46 @@ install="smolbote.install" arch=('x86_64' 'aarch64') license=('GPL3') -depends=('qt5-svg' 'qt5-webengine>=5.11.0' 'spdlog') -makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt5-tools' 'scdoc' 'catch2') -if [ $_enableBreakpad == "1" ]; then - makedepends+=('breakpad-git') -fi +depends=('qt6-svg' 'qt6-webengine' 'spdlog' 'fmt') +makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt6-tools' 'scdoc') optdepends=('firejail: launch a sandboxed instance') +# this isn't a hard requirement, simply a workaround as the build script +# sets some additional hardening flags that the default makepkg.conf +# will turn down +options=(!buildflags) + # use git+file:///path/to/your/repo to build from a local repo source=("git+https://neueland.iserlohn-fortress.net/cgit/smolbote" - "https://neueland.iserlohn-fortress.net/releases/SingleApplication-3.1.1a.tar.xz"{,.sig} + "https://github.com/itay-grudev/SingleApplication/archive/refs/tags/v3.5.1.tar.gz" "https://neueland.iserlohn-fortress.net/releases/args.hxx-6.2.2.tar.xz"{,.sig}) +if [ $_optimized == "1" ]; then + source+=(meson.build.diff) +fi b2sums=('SKIP' - 'cec3de8dbf252bfa6dc488e5a1440695f4dd3abffdf30948b7d1a3df3d9c85911e981c802ed5a882f1407315114529f4016e55c7d05fbbd1dafe5495b0a63f4a' - 'SKIP' + '924cef0b6aeb76aace3444f46141acb58c5f5019e1e09c78e1b1d973f1689283b5f5f7612dc58dc542fc04364197128f2f3f9e1a97b8b78e704fae5d995a8eca' '440e357006883fbf1b1a796051500a6b068858a35947cd1119767bed8e0a86a7db4aff16498934d7217c375fe643da03c22007e438f30899e247153f25c922b6' 'SKIP') -validgpgkeys=(BB1C090188E3E32B375C13FD095DE26BC16D2E98) # Aqua-sama +validpgpkeys=('BB1C090188E3E32B375C13FD095DE26BC16D2E98') prepare() { mkdir "$srcdir/smolbote/subprojects/packagecache/" - ln -s "$srcdir/SingleApplication-3.1.1a" "$srcdir/smolbote/subprojects/" + ln -s "$srcdir/SingleApplication-3.5.1" "$srcdir/smolbote/subprojects/" ln -s "$srcdir/args.hxx-6.2.2" "$srcdir/smolbote/subprojects/" cd $srcdir/smolbote + + if [ $_test == "1" ]; then + git checkout ${_branch} + fi + KCONFIG_CONFIG=linux/.config alldefconfig + +if [ $_optimized == "1" ]; then + patch -p1 -i ${srcdir}/meson.build.diff +fi } pkgver() { @@ -72,14 +87,8 @@ build() { -Dmanpage=true \ $srcdir/smolbote $srcdir/build - if [ $_enableBreakpad == "1" ]; then - msg2 "Enabling crashhandler" - meson configure -Ddebug=true -Dcrashhandler=enabled - KCONFIG_CONFIG=linux/.config setconfig USEBREAKPAD=y - fi - # Build - ninja -C $srcdir/build + ninja -C $srcdir/build "$MAKEFLAGS" } #check() { @@ -98,12 +107,5 @@ package() { msg2 "Signed $(basename $so)" done fi - - if [ $_enableBreakpad == "1" ]; then - msg "Installing debug symbols" - ninja -C $srcdir/build linux/poi.sym - install -dm644 $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') - install -m644 -t $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') $srcdir/build/linux/poi.sym - fi } -- cgit v1.2.1