aboutsummaryrefslogtreecommitdiff
path: root/linux/makepkg/PKGBUILD
blob: badf319dc711d31269e6438f973ae06af245be99 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Maintainer: Aqua-sama <aqua@iserlohn-fortress.net>

pkgname=smolbote-git
pkgdesc='Yet another no-frills browser'

pkgver=r0
pkgrel=1

url="https://neueland.iserlohn-fortress.net/smolbote"
install="smolbote.install"

arch=('x86_64')
license=('GPL3')

depends=('qt5-webengine>=5.11.0' 'boost-libs>=1.66.0')
optdepends=('firejail: launch a sandboxed instance')
makedepends=('git' 'meson' 'pkg-config' 'python-kconfiglib' 'asciidoctor' 'openssl')

# this is the central repository
source=("git+https://neueland.iserlohn-fortress.net/gitea/aeon/smolbote.git"
        "git+https://github.com/itay-grudev/SingleApplication.git")

sha512sums=('SKIP'
            'SKIP')

#validgpgkeys=(# Aqua-sama <aqua@iserlohn-fortress.net>
#              BB1C090188E3E32B375C13FD095DE26BC16D2E98)

## Build Options

# Run menuconfig
#_menuconfig=

# Enable plugin signing:
# - generate a 4096-bit RSA key and embed the public key into the binary
# - apply the plugin signing patch to the config, enabling PluginLoader::verify
# - sign the plugins with the private key, and install the signatures
# Because this embeds the public key into the executable, enabling this option will break reproducible builds.
_signPlugins=

prepare() {
    cd $srcdir/smolbote

    git submodule init
    git config submodule.3rd-party/SingleApplication/SingleApplication.git.url $srcdir/SingleApplication
    git submodule update 3rd-party/SingleApplication/SingleApplication.git

    if [ -n $_signPlugins ]; then
        msg "Creating OpenSSL signing key"
        mkdir $srcdir/signing
        cd $srcdir/signing
        # generate rsa keypair
        openssl genrsa -out privateKey.pem 4096
        msg2 "Keypair written to $srcdir/signing/privateKey.pem."

        openssl rsa -in privateKey.pem -pubout -out publicKey.pem
        ./tools/hexdump.py --name='publicKey_pem' publicKey.pem $srcdir/smolbote/src/plugin/publicKey.h
        msg2 "Public key exported to $srcdir/signing/publicKey.pem."
    fi
}

pkgver() {
    cd smolbote
    # Without version tag
    echo r$(git rev-list --count HEAD)-$(git rev-parse --short HEAD) | sed 's/\([^-]*-g\)/r\1/;s/-/./g'

    # With version tag
    #git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
}

build() {
    if [ ! -d $srcdir/build ]; then
        mkdir $srcdir/build
    fi
    cd $srcdir/smolbote

    # For a list of configureable options, check smolbote/meson_options.txt, or
    # run `meson configure` in $srcdir/build

    # --wrap-mode=nodownload - disable meson from downloading dependency wraps. This will cause it to fail if makedepends are not found by pkg-config or cmake.
    # --buildtype=plain - meson won't add any flags to the command line
    # --prefix=... - install prefix
    # --auto-features=disabled - features should be explicitly enabled
    # b_pie: Build executables as position independent
    # b_lto: Use link time optimization
    meson --buildtype=plain --prefix=/usr/local --auto-features=disabled \
        -Db_pie=true -Db_lto=true -Dcpp_link_args="-fuse-ld=gold" \
        -Dmanpage=enabled \
        $srcdir/build

    # Run menuconfig
    #KCONFIG_CONFIG=linux/.config menuconfig

    # Build
    cd $srcdir/build
    ninja
}

package() {
    # Install
    cd $srcdir/build
    DESTDIR="$pkgdir" ninja install

    msg "Signing plugins"
    for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
        openssl dgst -sha256 -sign $srcdir/signing/privateKey.pem -out $so.sig $so
        install -m644 $so.sig $pkgdir/usr/lib/smolbote/plugins/$so.sig
    done
}