From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35245) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eXB1i-0005lm-L7 for guix-patches@gnu.org; Thu, 04 Jan 2018 14:18:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eXB1e-0006V6-7e for guix-patches@gnu.org; Thu, 04 Jan 2018 14:18:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:55546) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eXB1e-0006Uk-2J for guix-patches@gnu.org; Thu, 04 Jan 2018 14:18:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eXB1d-0007FD-Ol for guix-patches@gnu.org; Thu, 04 Jan 2018 14:18:01 -0500 Subject: [bug#28004] Chromium Resent-Message-ID: Date: Thu, 4 Jan 2018 19:16:48 +0000 From: ng0 Message-ID: <20180104191648.custe7w3l57fvbac@abyayala> References: <87y3qvb15k.fsf@fastmail.com> <20171010131949.y43plpzxbppvrigr@abyayala> <87lgkha2cx.fsf@gnu.org> <20171012195628.GA31843@jasmine.lan> <87shensfq6.fsf@gnu.org> <87o9p45bb6.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="a4wtjznlvype5xp3" Content-Disposition: inline In-Reply-To: <87o9p45bb6.fsf@fastmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 28004@debbugs.gnu.org --a4wtjznlvype5xp3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Marius Bakke transcribed 37K bytes: > Ludovic Court=C3=A8s writes: >=20 > > I think we should make sure that our package does not call home in any > > way. That=E2=80=99s what I expect from a security- and privacy-conscio= us > > distro. >=20 > Currently, it calls home at first launch, prompting for a login. But > I've verified that it does not send any unsolicited requests for > subsequent startups, as long as the user does not change the > command-line flags. >=20 > Anyway I'm attaching the current iteration of this patch. Chromium 62 > is out today, I'll try to update this weekend and will push it after > that in lieu of other feedback. >=20 > I would be very happy if someone managed to complete the 62 upgrade > before me, however! ;-) >=20 > From d6e3ef7f28a9bc4ace0c52e09b1e4bdde84e01e0 Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Wed, 12 Oct 2016 17:25:05 +0100 > Subject: [PATCH] gnu: Add chromium. =2E.. > +(define-public chromium > + (package > + (name "chromium") =2E.. > + (substitute* "chrome/common/chrome_paths.cc" > + (("/usr/share/chromium/extensions") > + ;; TODO: Add ~/.guix-profile. > + "/run/current-system/profile/share/chromium/extensions")) What's the idea behind this? Did you test it? Do you have any guix build-sy= stem using Chromium extensions as an example? So far this completely disables the installation of any plugins and addons. > + > + (substitute* "breakpad/src/common/linux/libcurl_wrapper.h" > + (("include \"third_party/curl") "include \"curl")) > + (substitute* "media/base/decode_capabilities.cc" > + (("third_party/libvpx/source/libvpx/") "")) > + > + ;; We don't cross compile most packages, so get rid of the > + ;; unnecessary ARCH-linux-gnu* prefix. > + (substitute* "build/toolchain/linux/BUILD.gn" > + (("aarch64-linux-gnu-") "") > + (("arm-linux-gnueabihf-") "")) > + #t)) > + (replace 'configure > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (let ((gn-flags > + (list > + ;; See tools/gn/docs/cookbook.md and > + ;; https://www.chromium.org/developers/gn-build-con= figuration > + ;; for usage. Run "./gn args . --list" in the Relea= se > + ;; directory for an exhaustive list of supported fl= ags. > + "is_debug=3Dfalse" > + "is_official_build=3Dfalse" > + "is_clang=3Dfalse" > + "use_gold=3Dfalse" > + "linux_use_bundled_binutils=3Dfalse" > + "use_custom_libcxx=3Dfalse" > + "use_sysroot=3Dfalse" > + "remove_webcore_debug_symbols=3Dtrue" > + "enable_iterator_debugging=3Dfalse" > + "override_build_date=3D\"01 01 2000 05:00:00\"" > + ;; Don't fail when using deprecated ffmpeg features. > + "treat_warnings_as_errors=3Dfalse" > + "enable_nacl=3Dfalse" > + "enable_nacl_nonsfi=3Dfalse" > + "use_allocator=3D\"none\"" ; Don't use tcmalloc. > + ;; Don't add any API keys. End users can set them i= n the > + ;; environment if necessary. > + ;; https://www.chromium.org/developers/how-tos/api-= keys > + "use_official_google_api_keys=3Dfalse" > + ;; Disable "field trials". > + "fieldtrial_testing_like_official_build=3Dtrue" > + > + "use_system_libjpeg=3Dtrue" > + ;; This is currently not supported on Linux: > + ;; https://bugs.chromium.org/p/chromium/issues/deta= il?id=3D22208 > + ;; "use_system_sqlite=3Dtrue" > + "use_gtk3=3Dtrue" > + "use_gconf=3Dfalse" ; deprecated by gsettin= gs > + "use_gnome_keyring=3Dfalse" ; deprecated by libsecr= et > + "use_xkbcommon=3Dtrue" > + "link_pulseaudio=3Dtrue" > + "use_openh264=3Dtrue" > + > + ;; Don't arbitrarily restrict formats supported by = system ffmpeg. > + "proprietary_codecs=3Dtrue" > + "ffmpeg_branding=3D\"Chrome\"" > + > + ;; WebRTC stuff. > + "rtc_use_h264=3Dtrue" > + ;; Don't use bundled sources. > + "rtc_build_json=3Dfalse" > + "rtc_build_libevent=3Dfalse" > + "rtc_build_libjpeg=3Dfalse" > + "rtc_build_libvpx=3Dfalse" > + "rtc_build_opus=3Dfalse" > + "rtc_build_ssl=3Dfalse" > + ;; TODO: Package these. > + "rtc_build_libsrtp=3Dtrue" ; 2.0 > + "rtc_build_libyuv=3Dtrue" > + "rtc_build_openmax_dl=3Dtrue" > + "rtc_build_usrsctp=3Dtrue" > + (string-append "rtc_jsoncpp_root=3D\"" > + (assoc-ref inputs "jsoncpp") > + "/include/jsoncpp/json\"") > + (string-append "rtc_ssl_root=3D\"" > + (assoc-ref inputs "openssl") > + "/include/openssl\"")))) > + > + ;; XXX: How portable is this. > + (mkdir-p "third_party/node/linux/node-linux-x64") > + (symlink (string-append (assoc-ref inputs "node") "/bin") > + "third_party/node/linux/node-linux-x64/bin") > + > + (setenv "CC" "gcc") > + (setenv "CXX" "g++") > + ;; TODO: pre-compile instead. Avoids a race condition. > + (setenv "PYTHONDONTWRITEBYTECODE" "1") > + (and > + ;; Build the "gn" tool. > + (zero? (system* "python" > + "tools/gn/bootstrap/bootstrap.py" "-s" "= -v")) > + ;; Generate ninja build files. > + (zero? (system* "./out/Release/gn" "gen" "out/Release" > + (string-append "--args=3D" > + (string-join gn-flags " "= )))))))) > + (replace 'build > + (lambda* (#:key outputs #:allow-other-keys) > + (zero? (system* "ninja" "-C" "out/Release" > + "-j" (number->string (parallel-job-count)) > + "chrome")))) > + (replace 'install > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (let* ((out (assoc-ref outputs "out")) > + (bin (string-append out "/bin")) > + (exe (string-append bin "/chromium")) > + (lib (string-append out "/lib")) > + (man (string-append out "/share/man/man1"= )) > + (applications (string-append out "/share/applicati= ons")) > + (install-regexp (make-regexp "\\.(so|bin|pak)$")) > + (locales (string-append lib "/locales")) > + (resources (string-append lib "/resources")) > + (gtk+ (assoc-ref inputs "gtk+")) > + (mesa (assoc-ref inputs "mesa")) > + (nss (assoc-ref inputs "nss")) > + (udev (assoc-ref inputs "udev")) > + (sh (which "sh"))) > + > + (mkdir-p applications) > + (call-with-output-file (string-append applications > + "/chromium.desktop") > + (lambda (port) > + (format port > + "[Desktop Entry]~@ > + Name=3DChromium~@ > + Comment=3D~a~@ > + Exec=3D~a~@ > + Icon=3Dchromium.png~@ > + Type=3DApplication~%" ,synopsis exe))) > + > + (with-directory-excursion "out/Release" > + (for-each (lambda (file) > + (install-file file lib)) > + (scandir "." (cut regexp-exec install-regexp = <>))) > + (copy-file "chrome" (string-append lib "/chromium")) > + > + ;; TODO: Install icons from "../../chrome/app/themes" i= nto > + ;; "out/share/icons/hicolor/$size". > + (install-file > + "product_logo_48.png" > + (string-append out "/share/icons/48x48/chromium.png")) > + > + (copy-recursively "locales" locales) > + (copy-recursively "resources" resources) > + > + (mkdir-p man) > + (copy-file "chrome.1" (string-append man "/chromium.1")) > + > + (mkdir-p bin) > + ;; Add a thin wrapper to prevent the user from inadvert= ently > + ;; installing non-free software through the Web Store. > + ;; TODO: Discover extensions from the profile and pass > + ;; something like "--disable-extensions-except=3D...". Same question here. If you need help, there's at least 3 users of Chromium now. I'd like to read your ideas on how to solve the TODOs, aswell as: Do you have any unpushed progress? Maybe we can team collaborate on this huge browser. > + (call-with-output-file exe > + (lambda (port) > + (format port > + "#!~a~@ > + CHROMIUM_FLAGS=3D\"--disable-background-net= working\"~@ > + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@ > + then~@ > + CHROMIUM_FLAGS=3D\"$CHROMIUM_FLAGS --di= sable-extensions\"~@ > + fi~@ > + exec ~a $CHROMIUM_FLAGS \"$@\"~%" > + sh (string-append lib "/chromium")))) > + (chmod exe #o755) > + > + (wrap-program exe > + ;; TODO: Get these in RUNPATH. > + `("LD_LIBRARY_PATH" ":" prefix > + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib= :" > + mesa "/lib:" udev "/lib"))) > + ;; Avoid file manager crash. See . > + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/= share")))) > + #t))))))) --=20 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is/a/ :: https://ea.n0.is --a4wtjznlvype5xp3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlpOfaAACgkQ4i+bv+40 hYgbwA/+MkmSWzs84ZAEAJC0cI8nvwE+cSplcQReUxebkDacVOykqBHti2cds3+l cO7ovSd8U0VifKZ3j3HkR7UGxdRIfbwwrdQzcpm4TBe34LO0iXMGnRv26EgQ7HZQ 9cHjDHVaB8vmlH5IFZJu95K7dkgYiPu+BxbD9dYlr4V7c1KLs/aQflCnh9Ymcknd 7SyTfxr5XXgMd4BDZKerDTqa0ccdH57WujybEuzOmfRnH7L9Wr3tzQ7njh2qRLMZ Aiz+P6KWfnnKOb9iaxvaK7YGH0B3yCl6yz/9D+0JYmZLQiwA3t2obqr1cwcZLrOv OsZ+fwSPLqUaRvXlCskeZbmCT20XW142p5q9eo/BuMB38p99IgoiXKFnzrDDjWxv mK8X56rodgjMdHI3HwEFDJ1E4MnLzfBQdMNusCTqrzTNd7SsgnYDChRFZc1Yshif +J/83Izu4M7Aq6XXYzNMXLCmdtnGFCxBnYvkbImbvnEeK/WiSxHNbIVZsLUWudw1 QWyE4sJDT6K0lq9yOh0Bpm7v2AkgT4XprFIw61Ps4C8vj3pwcqhaw8DBera7GHQh ZSJ5uf8GHSGGP1b7Ah8H6XAFEXveXaGFaKFSsJ7KwdGgOXVLjfMElAozfzTe8KJq 3UE+VwuoCTOnsGM5HMHOS2/c8gGriQ6Wf4YPC7uPeoODGthYzRk= =J5lQ -----END PGP SIGNATURE----- --a4wtjznlvype5xp3--