Marius Bakke transcribed 39K bytes: > ng0 writes: > > >> + (substitute* "chrome/common/chrome_paths.cc" > >> + (("/usr/share/chromium/extensions") > >> + ;; TODO: Add ~/.guix-profile. > >> + "/run/current-system/profile/share/chromium/extensions")) > > > > What's the idea behind this? Did you test it? Do you have any guix build-system > > using Chromium extensions as an example? So far this completely disables the > > installation of any plugins and addons. > > The idea is to eventually be able to distribute extensions with Guix. I > added this path mostly to document it, but don't see how keeping the > default makes a difference. If you can place an extension in > /usr/share, you can also copy it to the system profile through your > config.scm, or symlink this location on a foreign distribution. > > >> + (mkdir-p bin) > >> + ;; Add a thin wrapper to prevent the user from inadvertently > >> + ;; installing non-free software through the Web Store. > >> + ;; TODO: Discover extensions from the profile and pass > >> + ;; something like "--disable-extensions-except=...". > > > > Same question here. > > The Web Store has serious freedom issues, thus we can not enable it by > default. Enabling it *must* be a conscious choice by the end user. > > The TODO here is inspired by Debians wrapper script, which enumerates > the location where apt places extensions, and gives that list to > "--disable-extensions-except". > > > If you need help, there's at least 3 users of Chromium now. I'd like to read Actually more than 3: I have to make chromium accessible for work we agreed on in GNU Taler (where the "How should we package extensions in a way that works" comes in important, not just as a PoC/TODO). > > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed > > progress? Maybe we can team collaborate on this huge browser. > > I do maintain this patch, but unfortunately not in a public repository. Ah, ok. > I've attached the latest iteration here (sorry for squashed). Thanks > New since the last time are some fixes from the "Inox patchset" that > resolves most of the privacy issues. Namely removing the "login > wizard", changing to sensible defaults, and forcing the "classic" New > Tab Page that does not load a search engine. Cool! > Also, all patches have been moved to remote origins. > > Testing and feedback welcome! I'll build it tomorrow or tonight (whenever my build of linux-mainline to search for fixes for the i915 issue finishes) and report back. So far I'um using your version 58and it works for me :) > Currently there are two "important" (blocking?) TODOs left: > > * Move the 'delete-bundled-software' phase to a source snippet. > Repacking the ~500MiB compressed tarball is *really* expensive. It Yep. It takes a verrry long time, I've noticed this when I started working on Chromium. > should also aid the licensing situation. > * Delete the two default entries from the "most used" list on the New > Tab page. The first run will download thumbnails for these sites, > leaking data. One of them also leads to the disabled-by-default > store, promoting non-free software. > > I'm optimistic that fixing the second item will make the browser not > leak *any* data at launch with the default configuration. Which leads > to a third item: writing a system test that verifies that launching > Chromium does indeed not initiate any network traffic. > > Anyway, here is the latest patch: > > From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Wed, 12 Oct 2016 17:25:05 +0100 > Subject: [PATCH] gnu: Add chromium. > > * gnu/packages/chromium.scm: New file. > * gnu/local.mk: Record it. > --- > gnu/local.mk | 1 + > gnu/packages/chromium.scm | 733 ++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 734 insertions(+) > create mode 100644 gnu/packages/chromium.scm > > diff --git a/gnu/local.mk b/gnu/local.mk > index d4e841921..529fdd2be 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES = \ > %D%/packages/check.scm \ > %D%/packages/chemistry.scm \ > %D%/packages/chez.scm \ > + %D%/packages/chromium.scm \ > %D%/packages/ci.scm \ > %D%/packages/cinnamon.scm \ > %D%/packages/cmake.scm \ > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm > new file mode 100644 > index 000000000..78cfb3097 > --- /dev/null > +++ b/gnu/packages/chromium.scm > @@ -0,0 +1,733 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright © 2016, 2017 Marius Bakke > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify it > +;;; under the terms of the GNU General Public License as published by > +;;; the Free Software Foundation; either version 3 of the License, or (at > +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see . > + > +(define-module (gnu packages chromium) > + #:use-module ((guix licenses) #:prefix license:) > + #:use-module (guix packages) > + #:use-module (guix download) > + #:use-module (guix git-download) > + #:use-module (guix utils) > + #:use-module (guix build-system gnu) > + #:use-module (gnu packages) > + #:use-module (gnu packages assembly) > + #:use-module (gnu packages base) > + #:use-module (gnu packages bison) > + #:use-module (gnu packages compression) > + #:use-module (gnu packages cups) > + #:use-module (gnu packages curl) > + #:use-module (gnu packages databases) > + #:use-module (gnu packages fontutils) > + #:use-module (gnu packages ghostscript) > + #:use-module (gnu packages gl) > + #:use-module (gnu packages glib) > + #:use-module (gnu packages gnome) > + #:use-module (gnu packages gnuzilla) > + #:use-module (gnu packages gperf) > + #:use-module (gnu packages gtk) > + #:use-module (gnu packages icu4c) > + #:use-module (gnu packages image) > + #:use-module (gnu packages libevent) > + #:use-module (gnu packages libffi) > + #:use-module (gnu packages libusb) > + #:use-module (gnu packages linux) > + #:use-module (gnu packages kerberos) > + #:use-module (gnu packages ninja) > + #:use-module (gnu packages node) > + #:use-module (gnu packages pciutils) > + #:use-module (gnu packages photo) > + #:use-module (gnu packages pkg-config) > + #:use-module (gnu packages protobuf) > + #:use-module (gnu packages pulseaudio) > + #:use-module (gnu packages python) > + #:use-module (gnu packages python-web) > + #:use-module (gnu packages regex) > + #:use-module (gnu packages serialization) > + #:use-module (gnu packages speech) > + #:use-module (gnu packages tls) > + #:use-module (gnu packages valgrind) > + #:use-module (gnu packages version-control) > + #:use-module (gnu packages video) > + #:use-module (gnu packages xiph) > + #:use-module (gnu packages xml) > + #:use-module (gnu packages xdisorg) > + #:use-module (gnu packages xorg)) > + > +(define (strip-directory-prefix pathspec) > + "Return everything after the last '/' in PATHSPEC." > + (let ((index (string-rindex pathspec #\/))) > + (if index (string-drop pathspec (+ 1 index)) > + pathspec))) > + > +(define (chromium-patch-file-name pathspec) > + (let ((patch-name (strip-directory-prefix pathspec))) > + (if (string-prefix? "chromium-" patch-name) > + patch-name > + (string-append "chromium-" patch-name)))) > + > +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches > +(define (debian-patch pathspec revision hash) > + (origin > + (method url-fetch) > + (uri (string-append > + "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git" > + "/plain/debian/patches/" pathspec "?id=" revision)) > + (sha256 (base32 hash)) > + (file-name (chromium-patch-file-name pathspec)))) > + > +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files > +(define (gentoo-patch pathspec revision hash) > + (origin > + (method url-fetch) > + (uri (string-append > + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client" > + "/chromium/files/" pathspec "?id=" revision)) > + (sha256 (base32 hash)) > + (file-name (chromium-patch-file-name pathspec)))) > + > +;; https://github.com/gcarq/inox-patchset > +(define (inox-patch pathspec revision hash) > + (origin > + (method url-fetch) > + (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/" > + revision "/" pathspec)) > + (sha256 (base32 hash)) > + (file-name (chromium-patch-file-name pathspec)))) > + > +(define opus+custom > + (package (inherit opus) > + (arguments > + `(;; Opus Custom is an optional extension of the Opus > + ;; specification that allows for unsupported frame > + ;; sizes. Chromium requires that this is enabled. > + #:configure-flags '("--enable-custom-modes") > + ,@(package-arguments opus))))) > + > +;; Chromium since 58 depends on an unreleased libvpx. So, we > +;; package the latest master branch as of 2018-01-07. > +(define libvpx+experimental > + (package > + (inherit libvpx) > + (source (origin > + (method git-fetch) > + (uri (git-reference > + (url "https://chromium.googlesource.com/webm/libvpx") > + (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44"))) > + (file-name "libvpx-for-chromium-checkout") > + (sha256 > + (base32 > + "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817")))) > + ;; TODO: Make libvpx configure flags overrideable. > + (arguments > + `(#:phases > + (modify-phases %standard-phases > + (replace 'configure > + (lambda* (#:key outputs #:allow-other-keys) > + (setenv "CONFIG_SHELL" (which "bash")) > + (let ((out (assoc-ref outputs "out"))) > + (setenv "LDFLAGS" > + (string-append "-Wl,-rpath=" out "/lib")) > + (zero? (system* "./configure" > + "--enable-shared" > + "--as=yasm" > + ;; Limit size to avoid CVE-2015-1258 > + "--size-limit=16384x16384" > + ;; Spatial SVC is an experimental VP9 encoder > + ;; used by some packages (i.e. Chromium). > + "--enable-experimental" > + "--enable-spatial-svc" > + (string-append "--prefix=" out))))))) > + #:tests? #f)))) ; No tests. > + > +(define %chromium-gn-bootstrap.patch > + (gentoo-patch "chromium-gn-bootstrap-r17.patch" > + "5c9cf110bd61fa287a5c536760b5d8ed13f65d52" > + "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq")) > + > +(define %chromium-gcc-compat.patch > + (gentoo-patch "chromium-gcc5-r4.patch" > + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" > + "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg")) > + > +(define %chromium-webkit-gcc-compat.patch > + (gentoo-patch "chromium-gcc5-r5.patch" > + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" > + "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw")) > + > +(define %chromium-webrtc-gcc-compat.patch > + (gentoo-patch "chromium-webrtc-r0.patch" > + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" > + "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw")) > + > +(define %chromium-system-nspr.patch > + (debian-patch "system/nspr.patch" > + "debian/63.0.3239.40-1" > + "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s")) > + > +(define %chromium-system-libevent.patch > + (debian-patch "system/event.patch" > + "debian/63.0.3239.40-1" > + "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc")) > + > +(define %chromium-system-icu.patch > + (debian-patch "system/icu.patch" > + "debian/63.0.3239.40-1" > + "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv")) > + > +(define %chromium-disable-api-keys-warning.patch > + (debian-patch "disable/google-api-warning.patch" > + "36794e57f1f97068640c6845dbeb9291155893c0" > + "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m")) > + > +(define %chromium-external-components.patch > + (debian-patch "disable/external-components.patch" > + "debian/63.0.3239.40-1" > + "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l")) > + > +(define %chromium-duckduckgo.patch > + (inox-patch "0011-add-duckduckgo-search-engine.patch" > + "5af0e6187c22471b8cb803f6dda6738f23a530e7" > + "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7")) > + > +;; Don't start a "Login Wizard" at first launch. > +(define %chromium-first-run.patch > + (inox-patch "0018-disable-first-run-behaviour.patch" > + "3336bb286ea054271ac2199cf374e96c64ed53cf" > + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb")) > + > +;; Use privacy-preserving defaults. > +(define %chromium-default-preferences.patch > + (inox-patch "0006-modify-default-prefs.patch" > + "3336bb286ea054271ac2199cf374e96c64ed53cf" > + "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888")) > + > +;; Recent versions of Chromium may load a remote search engine on the > +;; New Tab Page, causing unnecessary and involuntary network traffic. > +(define %chromium-restore-classic-ntp.patch > + (inox-patch "0008-restore-classic-ntp.patch" > + "2f60b788bff89bde11ac802d4c19093661cd23f7" > + "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2")) > + > +(define-public chromium > + (package > + (name "chromium") > + (version "63.0.3239.132") > + (synopsis "Graphical web browser") > + (source (origin > + (method url-fetch) > + (uri (string-append "https://commondatastorage.googleapis.com/" > + "chromium-browser-official/chromium-" > + version ".tar.xz")) > + (sha256 > + (base32 > + "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44")) > + (patches (list ;%chromium-gn-bootstrap.patch > + %chromium-gcc-compat.patch > + %chromium-webkit-gcc-compat.patch > + %chromium-webrtc-gcc-compat.patch > + %chromium-duckduckgo.patch > + %chromium-default-preferences.patch > + %chromium-first-run.patch > + %chromium-restore-classic-ntp.patch > + %chromium-system-icu.patch > + %chromium-system-nspr.patch > + %chromium-system-libevent.patch > + %chromium-disable-api-keys-warning.patch)) > + (modules '((srfi srfi-1) > + (guix build utils))) > + (snippet > + '(begin > + ;; Replace GN files from third_party with shims for building > + ;; against system libraries. Keep this list in sync with > + ;; "build/linux/unbundle/replace_gn_files.py". > + (for-each (lambda (pair) > + (let ((source (string-append > + "build/linux/unbundle/" (car pair))) > + (dest (cdr pair))) > + (copy-file source dest))) > + (list > + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn") > + '("flac.gn" . "third_party/flac/BUILD.gn") > + '("freetype.gn" . "third_party/freetype/BUILD.gn") > + ;; XXX: This broke in 63. > + ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn") > + '("icu.gn" . "third_party/icu/BUILD.gn") > + '("libdrm.gn" . "third_party/libdrm/BUILD.gn") > + '("libevent.gn" . "base/third_party/libevent/BUILD.gn") > + '("libjpeg.gn" . > + "build/secondary/third_party/libjpeg_turbo/BUILD.gn") > + '("libpng.gn" . "third_party/libpng/BUILD.gn") > + '("libvpx.gn" . "third_party/libvpx/BUILD.gn") > + '("libwebp.gn" . "third_party/libwebp/BUILD.gn") > + ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO > + '("libxslt.gn" . "third_party/libxslt/BUILD.gn") > + '("openh264.gn" . "third_party/openh264/BUILD.gn") > + '("opus.gn" . "third_party/opus/BUILD.gn") > + '("re2.gn" . "third_party/re2/BUILD.gn") > + '("snappy.gn" . "third_party/snappy/BUILD.gn") > + '("yasm.gn" . "third_party/yasm/yasm_assemble.gni") > + '("zlib.gn" . "third_party/zlib/BUILD.gn"))) > + #t)))) > + (build-system gnu-build-system) > + (arguments > + `(#:tests? #f > + ;; FIXME: There is a "gn" option specifically for setting -rpath, but > + ;; it's not recognized when passed. > + #:validate-runpath? #f > + #:modules ((srfi srfi-26) > + (ice-9 ftw) > + (ice-9 regex) > + (guix build gnu-build-system) > + (guix build utils)) > + #:phases > + (modify-phases %standard-phases > + (add-after 'unpack 'remove-bundled-software > + (lambda _ > + (let ((keep-libs > + (list > + ;; Third party folders that cannot be deleted yet. > + "base/third_party/dmg_fp" > + "base/third_party/dynamic_annotations" > + "base/third_party/icu" > + "base/third_party/libevent" > + "base/third_party/nspr" > + "base/third_party/superfasthash" > + "base/third_party/symbolize" ; glog > + "base/third_party/xdg_mime" > + "base/third_party/xdg_user_dirs" > + "buildtools/third_party/libc++" > + "chrome/third_party/mozilla_security_manager" > + "courgette/third_party" > + "net/third_party/mozilla_security_manager" > + "net/third_party/nss" > + "third_party/adobe/flash/flapper_version.h" > + ;; FIXME: This is used in: > + ;; * ui/webui/resources/js/analytics.js > + ;; * ui/file_manager/ > + "third_party/analytics" > + "third_party/angle" > + "third_party/angle/src/common/third_party/base" > + "third_party/angle/src/common/third_party/smhasher" > + "third_party/angle/src/third_party/compiler" > + "third_party/angle/src/third_party/libXNVCtrl" > + "third_party/angle/src/third_party/trace_event" > + "third_party/blink" > + "third_party/boringssl" > + "third_party/breakpad" > + "third_party/brotli" > + "third_party/cacheinvalidation" > + "third_party/catapult" > + "third_party/catapult/common/py_vulcanize/third_party/rcssmin" > + "third_party/catapult/common/py_vulcanize/third_party/rjsmin" > + "third_party/catapult/third_party/polymer" > + "third_party/catapult/tracing/third_party/d3" > + "third_party/catapult/tracing/third_party/gl-matrix" > + "third_party/catapult/tracing/third_party/jszip" > + "third_party/catapult/tracing/third_party/mannwhitneyu" > + "third_party/catapult/tracing/third_party/oboe" > + "third_party/catapult/tracing/third_party/pako" > + "third_party/ced" > + "third_party/cld_3" > + "third_party/crc32c" > + "third_party/cros_system_api" > + "third_party/dom_distiller_js" > + "third_party/fips181" > + "third_party/flatbuffers" > + ;; XXX Needed by pdfium since 59. > + "third_party/freetype" > + "third_party/glslang-angle" > + "third_party/google_input_tools" > + "third_party/google_input_tools/third_party/closure_library" > + (string-append "third_party/google_input_tools/third_party" > + "/closure_library/third_party/closure") > + "third_party/googletest" > + "third_party/harfbuzz-ng" ;XXX why is this required in 63+ > + "third_party/hunspell" > + "third_party/iccjpeg" > + "third_party/inspector_protocol" > + "third_party/jinja2" > + "third_party/jstemplate" > + "third_party/khronos" > + "third_party/leveldatabase" > + "third_party/libXNVCtrl" > + "third_party/libaddressinput" > + "third_party/libjingle_xmpp" > + "third_party/libphonenumber" > + "third_party/libsecret" ;FIXME: needs pkg-config support. > + "third_party/libsrtp" ;TODO: Requires libsrtp@2. > + "third_party/libudev" > + "third_party/libwebm" > + "third_party/libxml" ;FIXME: Unbundle (again). > + "third_party/libyuv" > + "third_party/lss" > + "third_party/lzma_sdk" > + "third_party/markupsafe" > + "third_party/mesa" > + "third_party/modp_b64" > + "third_party/mt19937ar" > + "third_party/node" > + "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" > + "third_party/openmax_dl" > + "third_party/ots" > + "third_party/pdfium" > + "third_party/pdfium/third_party" > + "third_party/ply" > + "third_party/polymer" > + "third_party/protobuf" > + "third_party/protobuf/third_party/six" > + "third_party/qcms" > + "third_party/sfntly" > + "third_party/skia" > + "third_party/skia/third_party/vulkan" > + "third_party/skia/third_party/gif" > + "third_party/smhasher" > + "third_party/speech-dispatcher" > + "third_party/spirv-headers" > + "third_party/spirv-tools-angle" > + "third_party/sqlite" > + "third_party/swiftshader" > + "third_party/swiftshader/third_party" > + "third_party/usb_ids" > + "third_party/usrsctp" > + "third_party/vulkan" > + "third_party/vulkan-validation-layers" > + "third_party/WebKit" > + "third_party/web-animations-js" > + "third_party/webrtc" > + "third_party/widevine/cdm/widevine_cdm_version.h" > + "third_party/widevine/cdm/widevine_cdm_common.h" > + "third_party/woff2" > + "third_party/xdg-utils" > + "third_party/yasm/run_yasm.py" > + "third_party/zlib/google" > + "url/third_party/mozilla" > + "v8/src/third_party/valgrind" > + "v8/third_party/inspector_protocol"))) > + ;; FIXME: implement as source snippet. This traverses > + ;; any "third_party" directory and deletes files that are: > + ;; * not ending with ".gn" or ".gni"; or > + ;; * not explicitly named as argument (folder or file). > + (zero? (apply system* "python" > + "build/linux/unbundle/remove_bundled_libraries.py" > + "--do-remove" keep-libs))))) > + (add-after 'remove-bundled-software 'patch-stuff > + (lambda* (#:key inputs #:allow-other-keys) > + (substitute* "printing/cups_config_helper.py" > + (("cups_config =.*") > + (string-append "cups_config = '" (assoc-ref inputs "cups") > + "/bin/cups-config'\n"))) > + > + (substitute* > + '("base/process/launch_posix.cc" > + "base/third_party/dynamic_annotations/dynamic_annotations.c" > + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc" > + "sandbox/linux/services/credentials.cc" > + "sandbox/linux/services/namespace_utils.cc" > + "sandbox/linux/services/syscall_wrappers.cc" > + "sandbox/linux/syscall_broker/broker_host.cc") > + (("include \"base/third_party/valgrind/") "include \"valgrind/")) > + > + (for-each (lambda (file) > + (substitute* file > + ;; Fix opus include path. > + ;; Do not substitute opus_private.h. > + (("#include \"opus\\.h\"") > + "#include \"opus/opus.h\"") > + (("#include \"opus_custom\\.h\"") > + "#include \"opus/opus_custom.h\"") > + (("#include \"opus_defines\\.h\"") > + "#include \"opus/opus_defines.h\"") > + (("#include \"opus_multistream\\.h\"") > + "#include \"opus/opus_multistream.h\"") > + (("#include \"opus_types\\.h\"") > + "#include \"opus/opus_types.h\""))) > + (append (find-files "third_party/opus/src/celt") > + (find-files "third_party/opus/src/src") > + (find-files (string-append "third_party/webrtc/modules" > + "/audio_coding/codecs/opus")))) > + > + (substitute* "chrome/common/chrome_paths.cc" > + (("/usr/share/chromium/extensions") > + ;; TODO: Add ~/.guix-profile. > + "/run/current-system/profile/share/chromium/extensions")) > + > + (substitute* > + "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h" > + (("include \"third_party/curl") "include \"curl")) > + (substitute* "media/base/decode_capabilities.cc" > + (("third_party/libvpx/source/libvpx/") "")) > + > + ;; We don't cross compile most packages, so get rid of the > + ;; unnecessary ARCH-linux-gnu* prefix. > + (substitute* "build/toolchain/linux/BUILD.gn" > + (("aarch64-linux-gnu-") "") > + (("arm-linux-gnueabihf-") "")) > + #t)) > + (replace 'configure > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (let ((gn-flags > + (list > + ;; See tools/gn/docs/cookbook.md and > + ;; https://www.chromium.org/developers/gn-build-configuration > + ;; for usage. Run "./gn args . --list" in the Release > + ;; directory for an exhaustive list of supported flags. > + "is_debug=false" > + "is_official_build=false" > + "is_clang=false" > + "use_gold=false" > + "linux_use_bundled_binutils=false" > + "use_custom_libcxx=false" > + "use_sysroot=false" > + "goma_dir=\"\"" > + "enable_precompiled_headers=false" > + "use_jumbo_build=true" ;speeds up build > + ;; Use a deterministic version identifier. > + "override_build_date=\"01 01 2000 05:00:00\"" > + "use_unofficial_version_number=false" > + ;; Disable debugging features to save space. > + "remove_webcore_debug_symbols=true" > + "enable_iterator_debugging=false" > + ;; Don't fail when using deprecated ffmpeg features. > + "treat_warnings_as_errors=false" > + "enable_nacl=false" > + "enable_nacl_nonsfi=false" > + "use_allocator=\"none\"" ;don't use tcmalloc > + ;; Don't add any API keys. End users can set them in the > + ;; environment if necessary. > + ;; https://www.chromium.org/developers/how-tos/api-keys > + "use_official_google_api_keys=false" > + ;; Disable "field trials". > + "fieldtrial_testing_like_official_build=true" > + > + "use_system_freetype=true" > + ;; FIXME: Try enabling this for 63+. > + ;;"use_system_harfbuzz=true" > + "use_system_libjpeg=true" > + "use_system_lcms2=true" > + "use_system_zlib=true" > + ;; This is currently not supported on Linux: > + ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208 > + ;; "use_system_sqlite=true" > + "use_gconf=false" ; deprecated by gsettings > + "use_gnome_keyring=false" ; deprecated by libsecret > + "use_gtk3=true" > + "use_openh264=true" > + "use_xkbcommon=true" > + "link_pulseaudio=true" > + > + ;; Don't arbitrarily restrict formats supported by system ffmpeg. > + "proprietary_codecs=true" > + "ffmpeg_branding=\"Chrome\"" > + > + ;; WebRTC stuff. > + "rtc_use_h264=true" > + ;; Don't use bundled sources. > + "rtc_build_json=false" > + "rtc_build_libevent=false" > + "rtc_build_libvpx=false" > + "rtc_build_opus=false" > + "rtc_build_ssl=false" > + ;; TODO: Package these. > + "rtc_build_libsrtp=true" ; 2.0 > + "rtc_build_libyuv=true" > + "rtc_build_openmax_dl=true" > + "rtc_build_usrsctp=true" > + (string-append "rtc_jsoncpp_root=\"" > + (assoc-ref inputs "jsoncpp") > + "/include/jsoncpp/json\"") > + (string-append "rtc_ssl_root=\"" > + (assoc-ref inputs "openssl") > + "/include/openssl\"")))) > + > + ;; XXX: How portable is this. > + (mkdir-p "third_party/node/linux/node-linux-x64") > + (symlink (string-append (assoc-ref inputs "node") "/bin") > + "third_party/node/linux/node-linux-x64/bin") > + > + (setenv "CC" "gcc") > + (setenv "CXX" "g++") > + ;; TODO: pre-compile instead. Avoids a race condition. > + (setenv "PYTHONDONTWRITEBYTECODE" "1") > + (and > + ;; Build the "gn" tool. > + (zero? (system* "python" > + "tools/gn/bootstrap/bootstrap.py" "-s" "-v")) > + ;; Generate ninja build files. > + (zero? (system* "./out/Release/gn" "gen" "out/Release" > + (string-append "--args=" > + (string-join gn-flags " ")))))))) > + (replace 'build > + (lambda* (#:key outputs #:allow-other-keys) > + (zero? (system* "ninja" "-C" "out/Release" > + "-j" (number->string (parallel-job-count)) > + "chrome")))) > + (replace 'install > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (let* ((out (assoc-ref outputs "out")) > + (bin (string-append out "/bin")) > + (exe (string-append bin "/chromium")) > + (lib (string-append out "/lib")) > + (man (string-append out "/share/man/man1")) > + (applications (string-append out "/share/applications")) > + (install-regexp (make-regexp "\\.(bin|pak)$")) > + (locales (string-append lib "/locales")) > + (resources (string-append lib "/resources")) > + (gtk+ (assoc-ref inputs "gtk+")) > + (mesa (assoc-ref inputs "mesa")) > + (nss (assoc-ref inputs "nss")) > + (udev (assoc-ref inputs "udev")) > + (sh (which "sh"))) > + > + (substitute* '("chrome/app/resources/manpage.1.in" > + "chrome/installer/linux/common/desktop.template") > + (("@@MENUNAME@@") "Chromium") > + (("@@PACKAGE@@") "chromium") > + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe)) > + (mkdir-p man) > + (copy-file "chrome/app/resources/manpage.1.in" > + (string-append man "/chromium.1")) > + (mkdir-p applications) > + (copy-file "chrome/installer/linux/common/desktop.template" > + (string-append applications "/chromium.desktop")) > + > + (with-directory-excursion "out/Release" > + (for-each (lambda (file) > + (install-file file lib)) > + (scandir "." (cut regexp-exec install-regexp <>))) > + (copy-file "chrome" (string-append lib "/chromium")) > + > + ;; TODO: Install icons from "../../chrome/app/themes" into > + ;; "out/share/icons/hicolor/$size". > + (install-file > + "product_logo_48.png" > + (string-append out "/share/icons/48x48/chromium.png")) > + > + (copy-recursively "locales" locales) > + (copy-recursively "resources" resources) > + > + (mkdir-p bin) > + ;; Add a thin wrapper to prevent the user from inadvertently > + ;; installing non-free software through the Web Store. > + ;; TODO: Discover extensions from the profile and pass > + ;; something like "--disable-extensions-except=...". > + (call-with-output-file exe > + (lambda (port) > + (format port > + "#!~a~@ > + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@ > + then~@ > + CHROMIUM_FLAGS=\" \\~@ > + --disable-background-networking \\~@ > + --disable-extensions \\~@ > + \"~@ > + fi~@ > + exec ~a $CHROMIUM_FLAGS \"$@\"~%" > + sh (string-append lib "/chromium")))) > + (chmod exe #o755) > + > + (wrap-program exe > + ;; TODO: Get these in RUNPATH. > + `("LD_LIBRARY_PATH" ":" prefix > + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:" > + mesa "/lib:" udev "/lib"))) > + ;; Avoid file manager crash. See . > + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share")))) > + #t))))))) > + (native-inputs > + `(("bison" ,bison) > + ("git" ,git) ;last_commit_position.py > + ("gperf" ,gperf) > + ("ninja" ,ninja) > + ("node" ,node) > + ("pkg-config" ,pkg-config) > + ("which" ,which) > + ("yasm" ,yasm) > + > + ("python-beautifulsoup4" ,python2-beautifulsoup4) > + ("python-html5lib" ,python2-html5lib) > + ("python" ,python-2))) > + (inputs > + `(("alsa-lib" ,alsa-lib) > + ("atk" ,atk) > + ("cups" ,cups) > + ("curl" ,curl) > + ("dbus" ,dbus) > + ("dbus-glib" ,dbus-glib) > + ("expat" ,expat) > + ("flac" ,flac) > + ("ffmpeg" ,ffmpeg) > + ("fontconfig" ,fontconfig) > + ("freetype" ,freetype) > + ("gdk-pixbuf" ,gdk-pixbuf) > + ("glib" ,glib) > + ("gtk+-2" ,gtk+-2) > + ("gtk+" ,gtk+) > + ("harfbuzz" ,harfbuzz) > + ("icu4c" ,icu4c-59.1) > + ("jsoncpp" ,jsoncpp) > + ("lcms" ,lcms) > + ("libevent" ,libevent) > + ("libffi" ,libffi) > + ("libjpeg-turbo" ,libjpeg-turbo) > + ("libpng" ,libpng) > + ("libusb" ,libusb) > + ("libvpx" ,libvpx+experimental) > + ("libwebp" ,libwebp) > + ("libx11" ,libx11) > + ("libxcb" ,libxcb) > + ("libxcomposite" ,libxcomposite) > + ("libxcursor" ,libxcursor) > + ("libxdamage" ,libxdamage) > + ("libxext" ,libxext) > + ("libxfixes" ,libxfixes) > + ("libxi" ,libxi) > + ("libxkbcommon" ,libxkbcommon) > + ("libxml2" ,libxml2) > + ("libxrandr" ,libxrandr) > + ("libxrender" ,libxrender) > + ("libxscrnsaver" ,libxscrnsaver) > + ("libxslt" ,libxslt) > + ("libxtst" ,libxtst) > + ("mesa" ,mesa) > + ("minizip" ,minizip) > + ("mit-krb5" ,mit-krb5) > + ("nss" ,nss) > + ("openh264" ,openh264) > + ("openssl" ,openssl) > + ("opus" ,opus+custom) > + ("pango" ,pango) > + ("pciutils" ,pciutils) > + ("protobuf" ,protobuf) > + ("pulseaudio" ,pulseaudio) > + ("re2" ,re2) > + ("snappy" ,snappy) > + ("speech-dispatcher" ,speech-dispatcher) > + ("sqlite" ,sqlite) > + ("udev" ,eudev) > + ("valgrind" ,valgrind))) > + (home-page "https://www.chromium.org/") > + (description > + "Chromium is a web browser using the @code{Blink} rendering engine.") > + ;; Chromium is developed as BSD-3, but bundles a large number of third-party > + ;; software with other licenses. For full information, see chrome://credits. > + (license (list license:bsd-3 > + license:bsd-2 > + license:expat > + license:asl2.0 > + license:mpl2.0 > + license:public-domain > + license:lgpl2.1+)))) > -- > 2.15.1 > Many thanks for your ongoing work with this (and the patience :)) As this is 63, you you are keeping track of Debian, right? I tried to package 64 a couple of days ago because I wanted the workaround for some of the recent security clusterfucks, but Debian is still on 63 :/ I hope they'll update their patchset soon. -- GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is/a/ :: https://ea.n0.is