[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#28004] Chromium
|
From: |
ng0 |
|
Subject: |
[bug#28004] Chromium |
|
Date: |
Mon, 8 Jan 2018 23:20:42 +0000 |
Marius Bakke transcribed 39K bytes:
> ng0 <address@hidden> writes:
>
> >> + (substitute* "chrome/common/chrome_paths.cc"
> >> + (("/usr/share/chromium/extensions")
> >> + ;; TODO: Add ~/.guix-profile.
> >> + "/run/current-system/profile/share/chromium/extensions"))
> >
> > What's the idea behind this? Did you test it? Do you have any guix
> > build-system
> > using Chromium extensions as an example? So far this completely disables the
> > installation of any plugins and addons.
>
> The idea is to eventually be able to distribute extensions with Guix. I
> added this path mostly to document it, but don't see how keeping the
> default makes a difference. If you can place an extension in
> /usr/share, you can also copy it to the system profile through your
> config.scm, or symlink this location on a foreign distribution.
>
> >> + (mkdir-p bin)
> >> + ;; Add a thin wrapper to prevent the user from
> >> inadvertently
> >> + ;; installing non-free software through the Web Store.
> >> + ;; TODO: Discover extensions from the profile and pass
> >> + ;; something like "--disable-extensions-except=...".
> >
> > Same question here.
>
> The Web Store has serious freedom issues, thus we can not enable it by
> default. Enabling it *must* be a conscious choice by the end user.
>
> The TODO here is inspired by Debians wrapper script, which enumerates
> the location where apt places extensions, and gives that list to
> "--disable-extensions-except".
>
> > If you need help, there's at least 3 users of Chromium now. I'd like to read
Actually more than 3: I have to make chromium accessible for work we agreed
on in GNU Taler (where the "How should we package extensions in a way that
works" comes in important, not just as a PoC/TODO).
> > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> > progress? Maybe we can team collaborate on this huge browser.
>
> I do maintain this patch, but unfortunately not in a public repository.
Ah, ok.
> I've attached the latest iteration here (sorry for squashed).
Thanks
> New since the last time are some fixes from the "Inox patchset" that
> resolves most of the privacy issues. Namely removing the "login
> wizard", changing to sensible defaults, and forcing the "classic" New
> Tab Page that does not load a search engine.
Cool!
> Also, all patches have been moved to remote origins.
>
> Testing and feedback welcome!
I'll build it tomorrow or tonight (whenever my build of linux-mainline to
search for fixes for the i915 issue finishes) and report back.
So far I'um using your version 58and it works for me :)
> Currently there are two "important" (blocking?) TODOs left:
>
> * Move the 'delete-bundled-software' phase to a source snippet.
> Repacking the ~500MiB compressed tarball is *really* expensive. It
Yep. It takes a verrry long time, I've noticed this when I started
working on Chromium.
> should also aid the licensing situation.
> * Delete the two default entries from the "most used" list on the New
> Tab page. The first run will download thumbnails for these sites,
> leaking data. One of them also leads to the disabled-by-default
> store, promoting non-free software.
>
> I'm optimistic that fixing the second item will make the browser not
> leak *any* data at launch with the default configuration. Which leads
> to a third item: writing a system test that verifies that launching
> Chromium does indeed not initiate any network traffic.
>
> Anyway, here is the latest patch:
>
> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> From: Marius Bakke <address@hidden>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
>
> * gnu/packages/chromium.scm: New file.
> * gnu/local.mk: Record it.
> ---
> gnu/local.mk | 1 +
> gnu/packages/chromium.scm | 733
> ++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 734 insertions(+)
> create mode 100644 gnu/packages/chromium.scm
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d4e841921..529fdd2be 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/check.scm \
> %D%/packages/chemistry.scm \
> %D%/packages/chez.scm \
> + %D%/packages/chromium.scm \
> %D%/packages/ci.scm \
> %D%/packages/cinnamon.scm \
> %D%/packages/cmake.scm \
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..78cfb3097
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,733 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017 Marius Bakke <address@hidden>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages)
> + #:use-module (guix download)
> + #:use-module (guix git-download)
> + #:use-module (guix utils)
> + #:use-module (guix build-system gnu)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages assembly)
> + #:use-module (gnu packages base)
> + #:use-module (gnu packages bison)
> + #:use-module (gnu packages compression)
> + #:use-module (gnu packages cups)
> + #:use-module (gnu packages curl)
> + #:use-module (gnu packages databases)
> + #:use-module (gnu packages fontutils)
> + #:use-module (gnu packages ghostscript)
> + #:use-module (gnu packages gl)
> + #:use-module (gnu packages glib)
> + #:use-module (gnu packages gnome)
> + #:use-module (gnu packages gnuzilla)
> + #:use-module (gnu packages gperf)
> + #:use-module (gnu packages gtk)
> + #:use-module (gnu packages icu4c)
> + #:use-module (gnu packages image)
> + #:use-module (gnu packages libevent)
> + #:use-module (gnu packages libffi)
> + #:use-module (gnu packages libusb)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages kerberos)
> + #:use-module (gnu packages ninja)
> + #:use-module (gnu packages node)
> + #:use-module (gnu packages pciutils)
> + #:use-module (gnu packages photo)
> + #:use-module (gnu packages pkg-config)
> + #:use-module (gnu packages protobuf)
> + #:use-module (gnu packages pulseaudio)
> + #:use-module (gnu packages python)
> + #:use-module (gnu packages python-web)
> + #:use-module (gnu packages regex)
> + #:use-module (gnu packages serialization)
> + #:use-module (gnu packages speech)
> + #:use-module (gnu packages tls)
> + #:use-module (gnu packages valgrind)
> + #:use-module (gnu packages version-control)
> + #:use-module (gnu packages video)
> + #:use-module (gnu packages xiph)
> + #:use-module (gnu packages xml)
> + #:use-module (gnu packages xdisorg)
> + #:use-module (gnu packages xorg))
> +
> +(define (strip-directory-prefix pathspec)
> + "Return everything after the last '/' in PATHSPEC."
> + (let ((index (string-rindex pathspec #\/)))
> + (if index (string-drop pathspec (+ 1 index))
> + pathspec)))
> +
> +(define (chromium-patch-file-name pathspec)
> + (let ((patch-name (strip-directory-prefix pathspec)))
> + (if (string-prefix? "chromium-" patch-name)
> + patch-name
> + (string-append "chromium-" patch-name))))
> +
> +;;
> https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
> +(define (debian-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git";
> + "/plain/debian/patches/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client";
> + "/chromium/files/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> "https://raw.githubusercontent.com/gcarq/inox-patchset/";
> + revision "/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +(define opus+custom
> + (package (inherit opus)
> + (arguments
> + `(;; Opus Custom is an optional extension of the Opus
> + ;; specification that allows for unsupported frame
> + ;; sizes. Chromium requires that this is enabled.
> + #:configure-flags '("--enable-custom-modes")
> + ,@(package-arguments opus)))))
> +
> +;; Chromium since 58 depends on an unreleased libvpx. So, we
> +;; package the latest master branch as of 2018-01-07.
> +(define libvpx+experimental
> + (package
> + (inherit libvpx)
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://chromium.googlesource.com/webm/libvpx";)
> + (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44")))
> + (file-name "libvpx-for-chromium-checkout")
> + (sha256
> + (base32
> + "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817"))))
> + ;; TODO: Make libvpx configure flags overrideable.
> + (arguments
> + `(#:phases
> + (modify-phases %standard-phases
> + (replace 'configure
> + (lambda* (#:key outputs #:allow-other-keys)
> + (setenv "CONFIG_SHELL" (which "bash"))
> + (let ((out (assoc-ref outputs "out")))
> + (setenv "LDFLAGS"
> + (string-append "-Wl,-rpath=" out "/lib"))
> + (zero? (system* "./configure"
> + "--enable-shared"
> + "--as=yasm"
> + ;; Limit size to avoid CVE-2015-1258
> + "--size-limit=16384x16384"
> + ;; Spatial SVC is an experimental VP9 encoder
> + ;; used by some packages (i.e. Chromium).
> + "--enable-experimental"
> + "--enable-spatial-svc"
> + (string-append "--prefix=" out)))))))
> + #:tests? #f)))) ; No tests.
> +
> +(define %chromium-gn-bootstrap.patch
> + (gentoo-patch "chromium-gn-bootstrap-r17.patch"
> + "5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
> + "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
> +
> +(define %chromium-gcc-compat.patch
> + (gentoo-patch "chromium-gcc5-r4.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg"))
> +
> +(define %chromium-webkit-gcc-compat.patch
> + (gentoo-patch "chromium-gcc5-r5.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw"))
> +
> +(define %chromium-webrtc-gcc-compat.patch
> + (gentoo-patch "chromium-webrtc-r0.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
> +
> +(define %chromium-system-nspr.patch
> + (debian-patch "system/nspr.patch"
> + "debian/63.0.3239.40-1"
> + "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s"))
> +
> +(define %chromium-system-libevent.patch
> + (debian-patch "system/event.patch"
> + "debian/63.0.3239.40-1"
> + "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc"))
> +
> +(define %chromium-system-icu.patch
> + (debian-patch "system/icu.patch"
> + "debian/63.0.3239.40-1"
> + "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
> +
> +(define %chromium-disable-api-keys-warning.patch
> + (debian-patch "disable/google-api-warning.patch"
> + "36794e57f1f97068640c6845dbeb9291155893c0"
> + "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m"))
> +
> +(define %chromium-external-components.patch
> + (debian-patch "disable/external-components.patch"
> + "debian/63.0.3239.40-1"
> + "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l"))
> +
> +(define %chromium-duckduckgo.patch
> + (inox-patch "0011-add-duckduckgo-search-engine.patch"
> + "5af0e6187c22471b8cb803f6dda6738f23a530e7"
> + "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
> +
> +;; Don't start a "Login Wizard" at first launch.
> +(define %chromium-first-run.patch
> + (inox-patch "0018-disable-first-run-behaviour.patch"
> + "3336bb286ea054271ac2199cf374e96c64ed53cf"
> + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
> +
> +;; Use privacy-preserving defaults.
> +(define %chromium-default-preferences.patch
> + (inox-patch "0006-modify-default-prefs.patch"
> + "3336bb286ea054271ac2199cf374e96c64ed53cf"
> + "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888"))
> +
> +;; Recent versions of Chromium may load a remote search engine on the
> +;; New Tab Page, causing unnecessary and involuntary network traffic.
> +(define %chromium-restore-classic-ntp.patch
> + (inox-patch "0008-restore-classic-ntp.patch"
> + "2f60b788bff89bde11ac802d4c19093661cd23f7"
> + "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2"))
> +
> +(define-public chromium
> + (package
> + (name "chromium")
> + (version "63.0.3239.132")
> + (synopsis "Graphical web browser")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://commondatastorage.googleapis.com/";
> + "chromium-browser-official/chromium-"
> + version ".tar.xz"))
> + (sha256
> + (base32
> + "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44"))
> + (patches (list ;%chromium-gn-bootstrap.patch
> + %chromium-gcc-compat.patch
> + %chromium-webkit-gcc-compat.patch
> + %chromium-webrtc-gcc-compat.patch
> + %chromium-duckduckgo.patch
> + %chromium-default-preferences.patch
> + %chromium-first-run.patch
> + %chromium-restore-classic-ntp.patch
> + %chromium-system-icu.patch
> + %chromium-system-nspr.patch
> + %chromium-system-libevent.patch
> + %chromium-disable-api-keys-warning.patch))
> + (modules '((srfi srfi-1)
> + (guix build utils)))
> + (snippet
> + '(begin
> + ;; Replace GN files from third_party with shims for
> building
> + ;; against system libraries. Keep this list in sync with
> + ;; "build/linux/unbundle/replace_gn_files.py".
> + (for-each (lambda (pair)
> + (let ((source (string-append
> + "build/linux/unbundle/" (car
> pair)))
> + (dest (cdr pair)))
> + (copy-file source dest)))
> + (list
> + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> + '("flac.gn" . "third_party/flac/BUILD.gn")
> + '("freetype.gn" .
> "third_party/freetype/BUILD.gn")
> + ;; XXX: This broke in 63.
> + ;;'("harfbuzz-ng.gn" .
> "third_party/harfbuzz-ng/BUILD.gn")
> + '("icu.gn" . "third_party/icu/BUILD.gn")
> + '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> + '("libevent.gn" .
> "base/third_party/libevent/BUILD.gn")
> + '("libjpeg.gn" .
> +
> "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
> + '("libpng.gn" . "third_party/libpng/BUILD.gn")
> + '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> + '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> + ;;'("libxml.gn" .
> "third_party/libxml/BUILD.gn") ;TODO
> + '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> + '("openh264.gn" .
> "third_party/openh264/BUILD.gn")
> + '("opus.gn" . "third_party/opus/BUILD.gn")
> + '("re2.gn" . "third_party/re2/BUILD.gn")
> + '("snappy.gn" . "third_party/snappy/BUILD.gn")
> + '("yasm.gn" .
> "third_party/yasm/yasm_assemble.gni")
> + '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> + #t))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:tests? #f
> + ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> + ;; it's not recognized when passed.
> + #:validate-runpath? #f
> + #:modules ((srfi srfi-26)
> + (ice-9 ftw)
> + (ice-9 regex)
> + (guix build gnu-build-system)
> + (guix build utils))
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'remove-bundled-software
> + (lambda _
> + (let ((keep-libs
> + (list
> + ;; Third party folders that cannot be deleted yet.
> + "base/third_party/dmg_fp"
> + "base/third_party/dynamic_annotations"
> + "base/third_party/icu"
> + "base/third_party/libevent"
> + "base/third_party/nspr"
> + "base/third_party/superfasthash"
> + "base/third_party/symbolize" ; glog
> + "base/third_party/xdg_mime"
> + "base/third_party/xdg_user_dirs"
> + "buildtools/third_party/libc++"
> + "chrome/third_party/mozilla_security_manager"
> + "courgette/third_party"
> + "net/third_party/mozilla_security_manager"
> + "net/third_party/nss"
> + "third_party/adobe/flash/flapper_version.h"
> + ;; FIXME: This is used in:
> + ;; * ui/webui/resources/js/analytics.js
> + ;; * ui/file_manager/
> + "third_party/analytics"
> + "third_party/angle"
> + "third_party/angle/src/common/third_party/base"
> + "third_party/angle/src/common/third_party/smhasher"
> + "third_party/angle/src/third_party/compiler"
> + "third_party/angle/src/third_party/libXNVCtrl"
> + "third_party/angle/src/third_party/trace_event"
> + "third_party/blink"
> + "third_party/boringssl"
> + "third_party/breakpad"
> + "third_party/brotli"
> + "third_party/cacheinvalidation"
> + "third_party/catapult"
> +
> "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> +
> "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> + "third_party/catapult/third_party/polymer"
> + "third_party/catapult/tracing/third_party/d3"
> + "third_party/catapult/tracing/third_party/gl-matrix"
> + "third_party/catapult/tracing/third_party/jszip"
> + "third_party/catapult/tracing/third_party/mannwhitneyu"
> + "third_party/catapult/tracing/third_party/oboe"
> + "third_party/catapult/tracing/third_party/pako"
> + "third_party/ced"
> + "third_party/cld_3"
> + "third_party/crc32c"
> + "third_party/cros_system_api"
> + "third_party/dom_distiller_js"
> + "third_party/fips181"
> + "third_party/flatbuffers"
> + ;; XXX Needed by pdfium since 59.
> + "third_party/freetype"
> + "third_party/glslang-angle"
> + "third_party/google_input_tools"
> +
> "third_party/google_input_tools/third_party/closure_library"
> + (string-append
> "third_party/google_input_tools/third_party"
> + "/closure_library/third_party/closure")
> + "third_party/googletest"
> + "third_party/harfbuzz-ng" ;XXX why is this required in
> 63+
> + "third_party/hunspell"
> + "third_party/iccjpeg"
> + "third_party/inspector_protocol"
> + "third_party/jinja2"
> + "third_party/jstemplate"
> + "third_party/khronos"
> + "third_party/leveldatabase"
> + "third_party/libXNVCtrl"
> + "third_party/libaddressinput"
> + "third_party/libjingle_xmpp"
> + "third_party/libphonenumber"
> + "third_party/libsecret" ;FIXME: needs pkg-config
> support.
> + "third_party/libsrtp" ;TODO: Requires address@hidden
> + "third_party/libudev"
> + "third_party/libwebm"
> + "third_party/libxml" ;FIXME: Unbundle (again).
> + "third_party/libyuv"
> + "third_party/lss"
> + "third_party/lzma_sdk"
> + "third_party/markupsafe"
> + "third_party/mesa"
> + "third_party/modp_b64"
> + "third_party/mt19937ar"
> + "third_party/node"
> +
> "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
> + "third_party/openmax_dl"
> + "third_party/ots"
> + "third_party/pdfium"
> + "third_party/pdfium/third_party"
> + "third_party/ply"
> + "third_party/polymer"
> + "third_party/protobuf"
> + "third_party/protobuf/third_party/six"
> + "third_party/qcms"
> + "third_party/sfntly"
> + "third_party/skia"
> + "third_party/skia/third_party/vulkan"
> + "third_party/skia/third_party/gif"
> + "third_party/smhasher"
> + "third_party/speech-dispatcher"
> + "third_party/spirv-headers"
> + "third_party/spirv-tools-angle"
> + "third_party/sqlite"
> + "third_party/swiftshader"
> + "third_party/swiftshader/third_party"
> + "third_party/usb_ids"
> + "third_party/usrsctp"
> + "third_party/vulkan"
> + "third_party/vulkan-validation-layers"
> + "third_party/WebKit"
> + "third_party/web-animations-js"
> + "third_party/webrtc"
> + "third_party/widevine/cdm/widevine_cdm_version.h"
> + "third_party/widevine/cdm/widevine_cdm_common.h"
> + "third_party/woff2"
> + "third_party/xdg-utils"
> + "third_party/yasm/run_yasm.py"
> + "third_party/zlib/google"
> + "url/third_party/mozilla"
> + "v8/src/third_party/valgrind"
> + "v8/third_party/inspector_protocol")))
> + ;; FIXME: implement as source snippet. This traverses
> + ;; any "third_party" directory and deletes files that are:
> + ;; * not ending with ".gn" or ".gni"; or
> + ;; * not explicitly named as argument (folder or file).
> + (zero? (apply system* "python"
> +
> "build/linux/unbundle/remove_bundled_libraries.py"
> + "--do-remove" keep-libs)))))
> + (add-after 'remove-bundled-software 'patch-stuff
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "printing/cups_config_helper.py"
> + (("cups_config =.*")
> + (string-append "cups_config = '" (assoc-ref inputs "cups")
> + "/bin/cups-config'\n")))
> +
> + (substitute*
> + '("base/process/launch_posix.cc"
> +
> "base/third_party/dynamic_annotations/dynamic_annotations.c"
> + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> + "sandbox/linux/services/credentials.cc"
> + "sandbox/linux/services/namespace_utils.cc"
> + "sandbox/linux/services/syscall_wrappers.cc"
> + "sandbox/linux/syscall_broker/broker_host.cc")
> + (("include \"base/third_party/valgrind/") "include
> \"valgrind/"))
> +
> + (for-each (lambda (file)
> + (substitute* file
> + ;; Fix opus include path.
> + ;; Do not substitute opus_private.h.
> + (("#include \"opus\\.h\"")
> + "#include \"opus/opus.h\"")
> + (("#include \"opus_custom\\.h\"")
> + "#include \"opus/opus_custom.h\"")
> + (("#include \"opus_defines\\.h\"")
> + "#include \"opus/opus_defines.h\"")
> + (("#include \"opus_multistream\\.h\"")
> + "#include \"opus/opus_multistream.h\"")
> + (("#include \"opus_types\\.h\"")
> + "#include \"opus/opus_types.h\"")))
> + (append (find-files "third_party/opus/src/celt")
> + (find-files "third_party/opus/src/src")
> + (find-files (string-append
> "third_party/webrtc/modules"
> +
> "/audio_coding/codecs/opus"))))
> +
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
> +
> + (substitute*
> +
> "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + ;; We don't cross compile most packages, so get rid of the
> + ;; unnecessary ARCH-linux-gnu* prefix.
> + (substitute* "build/toolchain/linux/BUILD.gn"
> + (("aarch64-linux-gnu-") "")
> + (("arm-linux-gnueabihf-") ""))
> + #t))
> + (replace 'configure
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((gn-flags
> + (list
> + ;; See tools/gn/docs/cookbook.md and
> + ;;
> https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + "is_debug=false"
> + "is_official_build=false"
> + "is_clang=false"
> + "use_gold=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "goma_dir=\"\""
> + "enable_precompiled_headers=false"
> + "use_jumbo_build=true" ;speeds up build
> + ;; Use a deterministic version identifier.
> + "override_build_date=\"01 01 2000 05:00:00\""
> + "use_unofficial_version_number=false"
> + ;; Disable debugging features to save space.
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> + ;; Don't fail when using deprecated ffmpeg features.
> + "treat_warnings_as_errors=false"
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ;don't use tcmalloc
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if necessary.
> + ;; https://www.chromium.org/developers/how-tos/api-keys
> + "use_official_google_api_keys=false"
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + "use_system_freetype=true"
> + ;; FIXME: Try enabling this for 63+.
> + ;;"use_system_harfbuzz=true"
> + "use_system_libjpeg=true"
> + "use_system_lcms2=true"
> + "use_system_zlib=true"
> + ;; This is currently not supported on Linux:
> + ;;
> https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> + ;; "use_system_sqlite=true"
> + "use_gconf=false" ; deprecated by gsettings
> + "use_gnome_keyring=false" ; deprecated by libsecret
> + "use_gtk3=true"
> + "use_openh264=true"
> + "use_xkbcommon=true"
> + "link_pulseaudio=true"
> +
> + ;; Don't arbitrarily restrict formats supported by
> system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> + ;; TODO: Package these.
> + "rtc_build_libsrtp=true" ; 2.0
> + "rtc_build_libyuv=true"
> + "rtc_build_openmax_dl=true"
> + "rtc_build_usrsctp=true"
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref inputs "openssl")
> + "/include/openssl\""))))
> +
> + ;; XXX: How portable is this.
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + (setenv "CC" "gcc")
> + (setenv "CXX" "g++")
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> + (and
> + ;; Build the "gn" tool.
> + (zero? (system* "python"
> + "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> + ;; Generate ninja build files.
> + (zero? (system* "./out/Release/gn" "gen" "out/Release"
> + (string-append "--args="
> + (string-join gn-flags "
> "))))))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (zero? (system* "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome"))))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out
> "/share/applications"))
> + (install-regexp (make-regexp "\\.(bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (substitute* '("chrome/app/resources/manpage.1.in"
> +
> "chrome/installer/linux/common/desktop.template")
> + (("@@MENUNAME@@") "Chromium")
> + (("@@PACKAGE@@") "chromium")
> + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> + (mkdir-p man)
> + (copy-file "chrome/app/resources/manpage.1.in"
> + (string-append man "/chromium.1"))
> + (mkdir-p applications)
> + (copy-file "chrome/installer/linux/common/desktop.template"
> + (string-append applications "/chromium.desktop"))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\" \\~@
> + --disable-background-networking \\~@
> + --disable-extensions \\~@
> + \"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"address@hidden"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See
> <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+
> "/share"))))
> + #t)))))))
> + (native-inputs
> + `(("bison" ,bison)
> + ("git" ,git) ;last_commit_position.py
> + ("gperf" ,gperf)
> + ("ninja" ,ninja)
> + ("node" ,node)
> + ("pkg-config" ,pkg-config)
> + ("which" ,which)
> + ("yasm" ,yasm)
> +
> + ("python-beautifulsoup4" ,python2-beautifulsoup4)
> + ("python-html5lib" ,python2-html5lib)
> + ("python" ,python-2)))
> + (inputs
> + `(("alsa-lib" ,alsa-lib)
> + ("atk" ,atk)
> + ("cups" ,cups)
> + ("curl" ,curl)
> + ("dbus" ,dbus)
> + ("dbus-glib" ,dbus-glib)
> + ("expat" ,expat)
> + ("flac" ,flac)
> + ("ffmpeg" ,ffmpeg)
> + ("fontconfig" ,fontconfig)
> + ("freetype" ,freetype)
> + ("gdk-pixbuf" ,gdk-pixbuf)
> + ("glib" ,glib)
> + ("gtk+-2" ,gtk+-2)
> + ("gtk+" ,gtk+)
> + ("harfbuzz" ,harfbuzz)
> + ("icu4c" ,icu4c-59.1)
> + ("jsoncpp" ,jsoncpp)
> + ("lcms" ,lcms)
> + ("libevent" ,libevent)
> + ("libffi" ,libffi)
> + ("libjpeg-turbo" ,libjpeg-turbo)
> + ("libpng" ,libpng)
> + ("libusb" ,libusb)
> + ("libvpx" ,libvpx+experimental)
> + ("libwebp" ,libwebp)
> + ("libx11" ,libx11)
> + ("libxcb" ,libxcb)
> + ("libxcomposite" ,libxcomposite)
> + ("libxcursor" ,libxcursor)
> + ("libxdamage" ,libxdamage)
> + ("libxext" ,libxext)
> + ("libxfixes" ,libxfixes)
> + ("libxi" ,libxi)
> + ("libxkbcommon" ,libxkbcommon)
> + ("libxml2" ,libxml2)
> + ("libxrandr" ,libxrandr)
> + ("libxrender" ,libxrender)
> + ("libxscrnsaver" ,libxscrnsaver)
> + ("libxslt" ,libxslt)
> + ("libxtst" ,libxtst)
> + ("mesa" ,mesa)
> + ("minizip" ,minizip)
> + ("mit-krb5" ,mit-krb5)
> + ("nss" ,nss)
> + ("openh264" ,openh264)
> + ("openssl" ,openssl)
> + ("opus" ,opus+custom)
> + ("pango" ,pango)
> + ("pciutils" ,pciutils)
> + ("protobuf" ,protobuf)
> + ("pulseaudio" ,pulseaudio)
> + ("re2" ,re2)
> + ("snappy" ,snappy)
> + ("speech-dispatcher" ,speech-dispatcher)
> + ("sqlite" ,sqlite)
> + ("udev" ,eudev)
> + ("valgrind" ,valgrind)))
> + (home-page "https://www.chromium.org/";)
> + (description
> + "Chromium is a web browser using the @code{Blink} rendering engine.")
> + ;; Chromium is developed as BSD-3, but bundles a large number of
> third-party
> + ;; software with other licenses. For full information, see
> chrome://credits.
> + (license (list license:bsd-3
> + license:bsd-2
> + license:expat
> + license:asl2.0
> + license:mpl2.0
> + license:public-domain
> + license:lgpl2.1+))))
> --
> 2.15.1
>
Many thanks for your ongoing work with this (and the patience :))
As this is 63, you you are keeping track of Debian, right? I tried
to package 64 a couple of days ago because I wanted the workaround
for some of the recent security clusterfucks, but Debian is still
on 63 :/
I hope they'll update their patchset soon.
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is/a/ :: https://ea.n0.is
signature.asc
Description: PGP signature
- [bug#28004] Chromium, ng0, 2018/01/04
- [bug#28004] Chromium, Marius Bakke, 2018/01/08
- [bug#28004] Chromium,
ng0 <=
- [bug#28004] Chromium, Marius Bakke, 2018/01/08
- [bug#28004] Chromium, Marius Bakke, 2018/01/11
- [bug#28004] Chromium, ng0, 2018/01/13
- [bug#28004] Chromium, ng0, 2018/01/13
- [bug#28004] Chromium, ng0, 2018/01/14
- [bug#28004] Chromium, Ludovic Courtès, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16
- [bug#28004] Chromium, Tobias Geerinckx-Rice, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16
- [bug#28004] Chromium, Leo Famulari, 2018/01/16