gnomeos: Working up through WebKit

gnomeos/3.4/ca-certs-build.patch

@@ -0,0 +1,207 @@
+From 5171353bc89bab1f4717c11cacd1ab2463b58a99 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Tue, 17 Jan 2012 14:56:56 -0500
+Subject: [PATCH] Implement GNOME build API
+
+See http://people.gnome.org/~walters/docs/build-api.txt
+---
+ Makefile          |   22 ++++++++++++++++++
+ certdata2pem.py   |   12 ++++++---
+ configure         |   63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ make-ca-bundle.sh |   45 +++++++++++++++++++++++++++++++++++++
+ 4 files changed, 138 insertions(+), 4 deletions(-)
+ create mode 100644 Makefile
+ create mode 100755 configure
+ create mode 100755 make-ca-bundle.sh
+
+diff --git a/Makefile b/Makefile
+new file mode 100644
+index 0000000..422c8c2
+--- /dev/null
++++ b/Makefile
+@@ -0,0 +1,22 @@
++include Makefile.inc
++
++pkidir=$(sysconfdir)/pki
++
++stamp-certs-created:
++	mkdir -p ca-certificates/certs
++	python $(srcdir)/certdata2pem.py $(srcdir)/certdata.txt $(srcdir)/blacklist.txt ca-certificates/certs
++	$(srcdir)/make-ca-bundle.sh $(srcdir)/certdata.txt ca-certificates
++	touch stamp-certs-created
++
++install: stamp-certs-created
++	mkdir -p $(DESTDIR)$(sysconfdir)/pki/tls/certs
++	install -p -m 644 ca-certificates/ca-bundle.crt $(DESTDIR)$(pkidir)/tls/certs/ca-bundle.crt
++	install -p -m 644 ca-certificates/ca-bundle.trust.crt $(DESTDIR)$(pkidir)/tls/certs/ca-bundle.trust.crt
++	rm -f $(DESTDIR)$(pkidir)/tls/cert.pem
++	ln -s certs/ca-bundle.crt $(DESTDIR)$(pkidir)/tls/cert.pem
++	touch -r $(srcdir)/certdata.txt $(DESTDIR)$(pkidir)/tls/certs/ca-bundle.crt
++	touch -r $(srcdir)/certdata.txt $(DESTDIR)$(pkidir)/tls/certs/ca-bundle.trust.crt
++
++	mkdir -p -m 755 $(DESTDIR)$(sysconfdir)/ssl
++	rm -f $(DESTDIR)$(sysconfdir)/ssl/certs
++	ln -s ../pki/tls/certs $(DESTDIR)$(sysconfdir)/ssl/certs
+diff --git a/certdata2pem.py b/certdata2pem.py
+index c22946d..b0d6259 100644
+--- a/certdata2pem.py
++++ b/certdata2pem.py
+@@ -28,10 +28,14 @@ import textwrap
+ 
+ objects = []
+ 
++certdata_path = sys.argv[1]
++blacklist_path = sys.argv[2]
++outdir=sys.argv[3]
++
+ # Dirty file parser.
+ in_data, in_multiline, in_obj = False, False, False
+ field, type, value, obj = None, None, None, dict()
+-for line in open('certdata.txt', 'r'):
++for line in open(certdata_path, 'r'):
+     # Ignore the file header.
+     if not in_data:
+         if line.startswith('BEGINDATA'):
+@@ -81,8 +85,8 @@ if len(obj.items()) > 0:
+ 
+ # Read blacklist.
+ blacklist = []
+-if os.path.exists('blacklist.txt'):
+-    for line in open('blacklist.txt', 'r'):
++if os.path.exists(blacklist_path):
++    for line in open(blacklist_path, 'r'):
+         line = line.strip()
+         if line.startswith('#') or len(line) == 0:
+             continue
+@@ -161,7 +165,7 @@ for obj in objects:
+             print " -> untrusted, ignoring"
+             continue
+         fname = obj_to_filename(obj)
+-        f = open(fname, 'w')
++        f = open(os.path.join(outdir, fname), 'w')
+         trustbits = []
+         openssl_trustflags = []
+         tobj = trustmap[obj['CKA_LABEL']]
+diff --git a/configure b/configure
+new file mode 100755
+index 0000000..88752a9
+--- /dev/null
++++ b/configure
+@@ -0,0 +1,63 @@
++#!/bin/bash
++# -*- mode: sh -*-
++# Minimal configure script which writes out a Makefile.inc
++# Copyright 2010, 2011 Colin Walters <walters@verbum.org>
++# Licensed under the new-BSD license (http://www.opensource.org/licenses/bsd-license.php)
++
++prefix=/usr
++
++# Little helper function for reading args from the commandline.
++# it automatically handles -a b and -a=b variants, and returns 1 if
++# we need to shift $3.
++read_arg() {
++    # $1 = arg name
++    # $2 = arg value
++    # $3 = arg parameter
++    local rematch='^[^=]*=(.*)$'
++    if [[ $2 =~ $rematch ]]; then
++        read "$1" <<< "${BASH_REMATCH[1]}"
++    else
++        read "$1" <<< "$3"
++        # There is no way to shift our callers args, so
++        # return 1 to indicate they should do it instead.
++        return 1
++    fi
++}
++
++while (($# > 0)); do
++    case "${1%%=*}" in
++      	--prefix) read_arg prefix "$@" || shift;;
++      	--bindir) read_arg bindir "$@" || shift;;
++      	--sbindir) read_arg sbindir "$@" || shift;;
++      	--libexecdir) read_arg libexecdir "$@" || shift;;
++      	--datarootdir) read_arg datarootdir "$@" || shift;;
++      	--datadir) read_arg datadir "$@" || shift;;
++      	--sysconfdir) read_arg sysconfdir "$@" || shift;;
++      	--libdir) read_arg libdir "$@" || shift;;
++      	--mandir) read_arg mandir "$@" || shift;;
++	*) echo "Ignoring unknown option '$1'";;
++    esac
++    shift
++done
++
++# Handle srcdir != builddir
++srcdir=$(dirname $0)
++if ! test -f Makefile; then
++    ln -s ${srcdir}/Makefile Makefile
++fi
++
++cat > Makefile.inc.tmp <<EOF
++srcdir = ${srcdir}
++top_srcdir = ${srcdir}
++
++prefix ?= ${prefix}
++bindir ?= ${bindir:-${prefix}/bin}
++sbindir ?= ${sbindir:-${prefix}/sbin}
++libexecdir ?= ${libexecdir:-${prefix}/libexec}
++datarootdir ?= ${datarootdir:-${prefix}/share}
++datadir ?= ${datadir:-${prefix}/share}
++sysconfdir ?= ${sysconfdir:-${prefix}/etc}
++libdir ?= ${libdir:-${prefix}/lib}
++mandir ?= ${mandir:-${prefix}/share/man}
++EOF
++mv Makefile.inc.tmp Makefile.inc
+diff --git a/make-ca-bundle.sh b/make-ca-bundle.sh
+new file mode 100755
+index 0000000..9c57bef
+--- /dev/null
++++ b/make-ca-bundle.sh
+@@ -0,0 +1,45 @@
++#!/bin/sh
++
++src=$1
++out=$2
++
++(cat <<EOF 
++# This is a bundle of X.509 certificates of public Certificate
++# Authorities.  It was generated from the Mozilla root CA list.
++#
++# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
++#
++# Generated from:
++EOF
++   ident -q "$src" | sed '1d;s/^/#/';
++   echo '#';
++) > $out/ca-bundle.crt
++
++(
++   cat <<EOF
++# This is a bundle of X.509 certificates of public Certificate
++# Authorities.  It was generated from the Mozilla root CA list.
++# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
++# format and have trust bits set accordingly.
++#
++# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
++#
++# Generated from:
++EOF
++   ident -q "$1" | sed '1d;s/^/#/';
++   echo '#';
++) > $out/ca-bundle.trust.crt
++for f in $out/certs/*.crt; do 
++    tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
++    case $tbits in
++	*serverAuth*) openssl x509 -text -in "$f" >> $out/ca-bundle.crt ;;
++    esac
++    if [ -n "$tbits" ]; then
++	targs=""
++	for t in $tbits; do
++            targs="${targs} -addtrust $t"
++	done
++	openssl x509 -text -in "$f" -trustout $targs >> $out/ca-bundle.trust.crt
++    fi
++done
++
+-- 
+1.7.6.5
+

gnomeos/3.4/gst-plugins-base-no-builddir.patch

@@ -0,0 +1,26 @@
+From 23b2d7561fbc609ab2a00c2a261a203587fb802b Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Tue, 17 Jan 2012 17:12:07 -0500
+Subject: [PATCH] build: Note we don't support srcdir != builddir
+
+---
+ configure.ac |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0e3b20e..c811a58 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -14,6 +14,9 @@ AG_GST_INIT
+ dnl initialize automake
+ AM_INIT_AUTOMAKE([-Wno-portability 1.10])
+ 
++dnl http://people.gnome.org/~walters/docs/build-api.txt
++echo \#buildapi-variable-no-builddir >/dev/null
++
+ dnl define PACKAGE_VERSION_* variables
+ AS_VERSION
+ 
+-- 
+1.7.6.5
+

gnomeos/3.4/gst-plugins-base-warnings.patch

@@ -0,0 +1,64 @@
+From 1e8d86a199857d762b2bb13be8431112a8eed16d Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Tue, 17 Jan 2012 16:50:46 -0500
+Subject: [PATCH] build: Add --disable-fatal-warnings
+
+It's reasonable to build from git, but not want to turn all compiler
+warnings into fatal errors.  For example, GNOME's jhbuild helps people
+get newer versions of software than came from their distribution, but
+they may not necessarily want to hack on it.
+---
+ common       |    2 +-
+ configure.ac |   10 +++++++---
+ 2 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/common b/common
+index 63d592e..e4a9407 160000
+--- a/common
++++ b/common
+@@ -1 +1 @@
+-Subproject commit 63d592ed74618734d69438c770d6462efeb5ab9d
++Subproject commit e4a9407a51803016bab9918b03e2034981886bdb
+diff --git a/configure.ac b/configure.ac
+index 13647a4..0e3b20e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -19,6 +19,10 @@ AS_VERSION
+ 
+ dnl check if this is a release version
+ AS_NANO(GST_GIT="no", GST_GIT="yes")
++AC_ARG_ENABLE(fatal-warnings,
++  AS_HELP_STRING([--enable-fatal-warnings],
++		 [Turn compiler warnings into fatal errors]),
++  [GST_FATAL_WARNINGS=$enableval], [GST_FATAL_WARNINGS=$GST_GIT])
+ 
+ dnl can autoconf find the source ?
+ AC_CONFIG_SRCDIR([gst/audiotestsrc/gstaudiotestsrc.c])
+@@ -367,21 +371,21 @@ AG_GST_CHECK_GST_DEBUG_DISABLED([NO_WARNINGS="-Wno-unused"], [NO_WARNINGS=""])
+ 
+ dnl define an ERROR_CFLAGS Makefile variable
+ dnl -Wformat-nonliteral - see ext/pango/gstclockoverlay.c and http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39438
+-AG_GST_SET_ERROR_CFLAGS($GST_GIT, [
++AG_GST_SET_ERROR_CFLAGS($GST_FATAL_WARNINGS, [
+     -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wundef
+     -Wwrite-strings -Wformat-nonliteral -Wformat-security
+     -Winit-self -Wmissing-include-dirs -Waddress -Waggregate-return
+     -Wno-multichar -Wnested-externs $NO_WARNINGS])
+ 
+ dnl define an ERROR_CXXFLAGS Makefile variable
+-AG_GST_SET_ERROR_CXXFLAGS($GST_GIT, [
++AG_GST_SET_ERROR_CXXFLAGS($GST_FATAL_WARNINGS, [
+     -Wmissing-declarations -Wredundant-decls -Wundef
+     -Wwrite-strings -Wformat-nonliteral -Wformat-security
+     -Winit-self -Wmissing-include-dirs -Waddress -Waggregate-return
+     -Wno-multichar $NO_WARNINGS])
+ 
+ dnl define correct level for debugging messages
+-AG_GST_SET_LEVEL_DEFAULT($GST_GIT)
++AG_GST_SET_LEVEL_DEFAULT($GST_FATAL_WARNINGS)
+ 
+ dnl used in examples
+ AG_GST_DEFAULT_ELEMENTS
+-- 
+1.7.6.5
+

gnomeos/3.4/gstreamer-warning-errors.patch

@@ -0,0 +1,44 @@
+From 40ff38e54022d5330499addb8f9c4053bcccf413 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Tue, 17 Jan 2012 16:23:33 -0500
+Subject: [PATCH] build: Add --disable-fatal-warnings
+
+It's reasonable to build from git, but not want to turn all compiler
+warnings into fatal errors.  For example, GNOME's jhbuild helps people
+get newer versions of software than came from their distribution, but
+they may not necessarily want to hack on it.
+---
+ configure.ac |    8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 7a4d052..d02b043 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -16,6 +16,10 @@ AS_VERSION
+ 
+ dnl check if this is a release version
+ AS_NANO(GST_GIT="no", GST_GIT="yes")
++AC_ARG_ENABLE(fatal-warnings,
++  AS_HELP_STRING([--enable-fatal-warnings],
++		 [Turn compiler warnings into fatal errors]),
++  [GST_FATAL_WARNINGS=$enableval], [GST_FATAL_WARNINGS=$GST_GIT])
+ 
+ dnl can autoconf find the source ?
+ AC_CONFIG_SRCDIR([gst/gst.c])
+@@ -646,10 +650,10 @@ if test "x${GST_DISABLE_GST_DEBUG}" = "xyes"; then
+ fi
+ 
+ dnl define an ERROR_CFLAGS Makefile variable
+-AG_GST_SET_ERROR_CFLAGS($GST_GIT, [-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wformat-nonliteral -Wformat-security -Wold-style-definition -Winit-self -Wmissing-include-dirs -Waddress -Waggregate-return -Wno-multichar -Wnested-externs $NO_WARNINGS])
++AG_GST_SET_ERROR_CFLAGS($GST_FATAL_WARNINGS, [-Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wformat-nonliteral -Wformat-security -Wold-style-definition -Winit-self -Wmissing-include-dirs -Waddress -Waggregate-return -Wno-multichar -Wnested-externs $NO_WARNINGS])
+ 
+ dnl define correct level for debugging messages
+-AG_GST_SET_LEVEL_DEFAULT($GST_GIT)
++AG_GST_SET_LEVEL_DEFAULT($GST_FATAL_WARNINGS)
+ 
+ dnl *** finalize CFLAGS, LDFLAGS, LIBS
+ 
+-- 
+1.7.6.5
+

gnomeos/3.4/manifest.json

@@ -12,6 +12,7 @@
                 "fd-mesa": "git:git://anongit.freedesktop.org/git/mesa/",
                 "fd-pulse": "git:git://anongit.freedesktop.org/git/pulseaudio/",
                 "fd-p11": "git:git://anongit.freedesktop.org/git/p11-glue/",
+                "fd-gstreamer": "git:git://anongit.freedesktop.org/gstreamer/",
                 "0pointer": "git:git://git.0pointer.de/",
                 "linuxwacom": "git:git://linuxwacom.git.sourceforge.net/gitroot/linuxwacom/",
                 "fedora": "git:git://git.fedorahosted.org/",
@@ -518,7 +519,36 @@
 
 		{"src": "gnome:gnome-menus"},
 
-		{"src": "git:git://git.webkit.org/WebKit.git"},
+		{"src": "gnome:libgnome-keyring"},
+
+		{"src": "git:git://pkgs.fedoraproject.org/ca-certificates.git",
+		 "branch": "8c27f267a89811f60b0cb442f637a01b2978e2c2",
+		 "patches": ["ca-certs-build.patch"]},
+
+		{"src": "gnome:glib-networking"},
+
+		{"src": "gnome:libsoup",
+		 "config-args": ["--disable-tls-check"]},
+
+		{"src": "fd-gstreamer:gstreamer",
+		 "config-args": ["--disable-tests"],
+		 "branch": "RELEASE-0.11.1"},
+
+		{"src": "fd-gstreamer:gst-plugins-base",
+		 "config-args": ["--with-gtk=3.0",
+		                 "--disable-tests",
+				 "--disable-gnome_vfs"],
+		 "branch": "RELEASE-0.11.1",
+		 "patches": ["gst-plugins-base-no-builddir.patch"]},
+
+		{"src": "fd-gstreamer:gst-plugins-good",
+		 "config-args": ["--with-gtk=3.0",
+		                 "--disable-tests",
+				 "--disable-examples"],
+		 "branch": "RELEASE-0.10.30"},
+
+		{"src": "git:git://git.webkit.org/WebKit.git",
+		 "branch": "4e276ff268f3f3e97abb97f8e5a8cf6d8d97d2db"},
 
 		{"src": "gnome:gnome-online-accounts"},
 
@@ -534,6 +564,9 @@
 
 		{"src": "gnome:gdm",
 		 "config-opts": ["--disable-documentation"],
-		 "patches": ["gdm-disable-documentation.patch"]}
+		 "patches": ["gdm-disable-documentation.patch"]},
+
+		{"src": "gnome:gnome-control-center"}
+
 	]
 }