From: ng0 <ng0@n0.is>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 28004@debbugs.gnu.org
Subject: [bug#28004] Chromium
Date: Thu, 4 Jan 2018 19:16:48 +0000 [thread overview]
Message-ID: <20180104191648.custe7w3l57fvbac@abyayala> (raw)
In-Reply-To: <87o9p45bb6.fsf@fastmail.com>
[-- Attachment #1: Type: text/plain, Size: 11353 bytes --]
Marius Bakke transcribed 37K bytes:
> Ludovic Courtès <ludo@gnu.org> writes:
>
> > I think we should make sure that our package does not call home in any
> > way. That’s what I expect from a security- and privacy-conscious
> > distro.
>
> Currently, it calls home at first launch, prompting for a login. But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.
>
> Anyway I'm attaching the current iteration of this patch. Chromium 62
> is out today, I'll try to update this weekend and will push it after
> that in lieu of other feedback.
>
> I would be very happy if someone managed to complete the 62 upgrade
> before me, however! ;-)
>
> From d6e3ef7f28a9bc4ace0c52e09b1e4bdde84e01e0 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
...
> +(define-public chromium
> + (package
> + (name "chromium")
...
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
What's the idea behind this? Did you test it? Do you have any guix build-system
using Chromium extensions as an example? So far this completely disables the
installation of any plugins and addons.
> +
> + (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + ;; We don't cross compile most packages, so get rid of the
> + ;; unnecessary ARCH-linux-gnu* prefix.
> + (substitute* "build/toolchain/linux/BUILD.gn"
> + (("aarch64-linux-gnu-") "")
> + (("arm-linux-gnueabihf-") ""))
> + #t))
> + (replace 'configure
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((gn-flags
> + (list
> + ;; See tools/gn/docs/cookbook.md and
> + ;; https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + "is_debug=false"
> + "is_official_build=false"
> + "is_clang=false"
> + "use_gold=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> + "override_build_date=\"01 01 2000 05:00:00\""
> + ;; Don't fail when using deprecated ffmpeg features.
> + "treat_warnings_as_errors=false"
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ; Don't use tcmalloc.
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if necessary.
> + ;; https://www.chromium.org/developers/how-tos/api-keys
> + "use_official_google_api_keys=false"
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + "use_system_libjpeg=true"
> + ;; This is currently not supported on Linux:
> + ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> + ;; "use_system_sqlite=true"
> + "use_gtk3=true"
> + "use_gconf=false" ; deprecated by gsettings
> + "use_gnome_keyring=false" ; deprecated by libsecret
> + "use_xkbcommon=true"
> + "link_pulseaudio=true"
> + "use_openh264=true"
> +
> + ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libjpeg=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> + ;; TODO: Package these.
> + "rtc_build_libsrtp=true" ; 2.0
> + "rtc_build_libyuv=true"
> + "rtc_build_openmax_dl=true"
> + "rtc_build_usrsctp=true"
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref inputs "openssl")
> + "/include/openssl\""))))
> +
> + ;; XXX: How portable is this.
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + (setenv "CC" "gcc")
> + (setenv "CXX" "g++")
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> + (and
> + ;; Build the "gn" tool.
> + (zero? (system* "python"
> + "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> + ;; Generate ninja build files.
> + (zero? (system* "./out/Release/gn" "gen" "out/Release"
> + (string-append "--args="
> + (string-join gn-flags " "))))))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (zero? (system* "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome"))))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out "/share/applications"))
> + (install-regexp (make-regexp "\\.(so|bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (mkdir-p applications)
> + (call-with-output-file (string-append applications
> + "/chromium.desktop")
> + (lambda (port)
> + (format port
> + "[Desktop Entry]~@
> + Name=Chromium~@
> + Comment=~a~@
> + Exec=~a~@
> + Icon=chromium.png~@
> + Type=Application~%" ,synopsis exe)))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p man)
> + (copy-file "chrome.1" (string-append man "/chromium.1"))
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
Same question here.
If you need help, there's at least 3 users of Chromium now. I'd like to read
your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
progress? Maybe we can team collaborate on this huge browser.
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + CHROMIUM_FLAGS=\"--disable-background-networking\"~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> + #t)))))))
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is/a/ :: https://ea.n0.is
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-01-04 19:18 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
2017-08-07 20:23 ` ng0
2017-08-07 21:16 ` Marius Bakke
2017-08-08 5:53 ` ng0
2017-08-08 13:18 ` ng0
2017-08-08 14:22 ` ng0
2017-08-08 15:44 ` ng0
2017-08-08 18:59 ` ng0
2017-08-08 19:51 ` Leo Famulari
2017-08-08 20:46 ` ng0
2017-08-10 5:31 ` Efraim Flashner
2017-08-31 7:36 ` ng0
2017-10-10 13:19 ` ng0
2017-10-11 19:52 ` Ludovic Courtès
2017-10-12 19:56 ` Leo Famulari
2017-10-12 20:28 ` ng0
2017-10-13 6:51 ` Ludovic Courtès
2017-10-18 22:41 ` Marius Bakke
2017-10-19 5:48 ` ng0
2017-10-24 21:11 ` Marius Bakke
2017-11-05 23:52 ` Marius Bakke
2017-11-10 11:33 ` Adonay Felipe Nogueira
2018-01-04 19:16 ` ng0 [this message]
2018-01-08 21:56 ` Marius Bakke
2018-01-08 23:20 ` ng0
2018-01-08 23:40 ` Marius Bakke
2018-01-12 0:09 ` Marius Bakke
2018-01-13 19:02 ` ng0
2018-01-13 19:13 ` ng0
2018-01-14 12:10 ` ng0
2018-01-16 14:18 ` Ludovic Courtès
2018-01-16 19:01 ` Marius Bakke
2018-01-16 19:09 ` Tobias Geerinckx-Rice
2018-01-16 19:22 ` Marius Bakke
2018-01-16 20:41 ` Leo Famulari
2018-01-17 8:53 ` Ludovic Courtès
2018-01-17 14:55 ` Mike Gerwitz
2018-02-26 18:18 ` Marius Bakke
2018-02-26 20:01 ` ng0
2018-02-26 20:06 ` Marius Bakke
2018-02-26 20:34 ` ng0
2018-02-26 22:41 ` Björn Höfling
2018-02-27 21:57 ` ng0
2018-02-28 17:38 ` Marius Bakke
2018-02-28 18:09 ` Björn Höfling
2018-03-16 17:30 ` ng0
2018-03-16 17:45 ` Marius Bakke
2018-03-16 17:52 ` ng0
2018-07-25 8:08 ` ng0
2018-08-05 13:04 ` Marius Bakke
2018-08-05 16:18 ` ng0
2018-08-05 18:25 ` Marius Bakke
2018-08-05 20:32 ` ng0
2018-08-05 23:58 ` ng0
2018-08-30 13:25 ` ng0
2018-08-06 8:22 ` Oleg Pykhalov
2018-08-30 6:04 ` Amirouche Boubekki
2018-03-16 19:01 ` Adonay Felipe Nogueira
2018-03-16 19:34 ` ng0
2018-03-16 21:20 ` Adonay Felipe Nogueira
2018-02-27 22:17 ` ng0
2018-02-28 17:14 ` Marius Bakke
2018-02-27 2:00 ` Mike Gerwitz
2018-02-28 8:17 ` ng0
2018-02-28 17:28 ` Marius Bakke
2018-01-16 20:04 ` ng0
2018-01-09 6:58 ` ng0
2018-01-12 0:03 ` Marius Bakke
2018-01-12 9:38 ` ng0
2018-02-26 18:19 ` [bug#28004] [PATCH] gnu: Add chromium Marius Bakke
2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
2018-04-17 19:10 ` Oleg Pykhalov
2018-04-24 17:05 ` Christopher Lemmer Webber
2018-04-24 18:08 ` [bug#28004] Chromium 66 + status update Marius Bakke
2018-04-24 18:45 ` Christopher Lemmer Webber
2018-04-24 18:48 ` Tobias Geerinckx-Rice
2018-04-24 18:46 ` Tobias Geerinckx-Rice
2018-04-24 19:30 ` Marius Bakke
2018-04-25 17:00 ` Leo Famulari
2018-04-25 17:02 ` Leo Famulari
2018-05-03 17:49 ` Nils Gillmann
2018-05-03 17:58 ` Nils Gillmann
2018-05-04 12:10 ` Marius Bakke
2018-05-04 13:02 ` Nils Gillmann
2018-08-29 23:31 ` [bug#28004] (no subject) Amirouche Boubekki
2018-09-02 4:37 ` [bug#28004] Chromium FSDG requirements Mark H Weaver
2018-09-02 13:16 ` Marius Bakke
[not found] ` <20190202192023.22087-1-mbakke@fastmail.com>
[not found] ` <87k1igpwk8.fsf@dismail.de>
[not found] ` <20190203235204.63970587@parabola>
2019-02-04 13:46 ` [bug#28004] [PATCH] gnu: Add ungoogled-chromium Leo Famulari
2019-02-04 14:47 ` bill-auger
2019-02-04 22:34 ` Ludovic Courtès
2019-02-05 5:22 ` swedebugia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180104191648.custe7w3l57fvbac@abyayala \
--to=ng0@n0.is \
--cc=28004@debbugs.gnu.org \
--cc=mbakke@fastmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).