all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#28004] Chromium
@ 2017-08-07 19:58 Marius Bakke
  2017-08-07 20:23 ` ng0
                   ` (7 more replies)
  0 siblings, 8 replies; 152+ messages in thread
From: Marius Bakke @ 2017-08-07 19:58 UTC (permalink / raw)
  To: 28004


[-- Attachment #1.1: Type: text/plain, Size: 435 bytes --]

Hello Guix!

Attached is a patch for Chromium, a popular web browser.

It requires the new ld wrapper from 'core-updates' and a very powerful
build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).

Note that I cannot guarantee timely delivery of security updates. Major
version upgrades are hugely painful, and almost always contain many
high-severity fixes. Should we mention that in the description?

Happy for any feedback.


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 43663 bytes --]

From 8679de14536a8ff12cc6a7da5c51d669bd23fbe6 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-disable-api-keys-warning.patch,
  gnu/packages/patches/chromium-disable-third-party-cookies.patch,
  gnu/packages/patches/chromium-gn-bootstrap.patch,
  gnu/packages/patches/chromium-system-icu.patch,
  gnu/packages/patches/chromium-system-libevent.patch,
  gnu/packages/patches/chromium-system-nspr.patch,
  gnu/packages/patches/chromium-system-libxml.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                       |   8 +
 gnu/packages/chromium.scm                          | 594 +++++++++++++++++++++
 .../chromium-disable-api-keys-warning.patch        |  17 +
 .../chromium-disable-third-party-cookies.patch     |  13 +
 gnu/packages/patches/chromium-gn-bootstrap.patch   |  13 +
 gnu/packages/patches/chromium-system-icu.patch     |  15 +
 .../patches/chromium-system-libevent.patch         |  84 +++
 gnu/packages/patches/chromium-system-libxml.patch  |  29 +
 gnu/packages/patches/chromium-system-nspr.patch    |  65 +++
 9 files changed, 838 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-disable-api-keys-warning.patch
 create mode 100644 gnu/packages/patches/chromium-disable-third-party-cookies.patch
 create mode 100644 gnu/packages/patches/chromium-gn-bootstrap.patch
 create mode 100644 gnu/packages/patches/chromium-system-icu.patch
 create mode 100644 gnu/packages/patches/chromium-system-libevent.patch
 create mode 100644 gnu/packages/patches/chromium-system-libxml.patch
 create mode 100644 gnu/packages/patches/chromium-system-nspr.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index acdadd629..8fb6e63ce 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -86,6 +86,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/certs.scm			\
   %D%/packages/check.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cmake.scm			\
   %D%/packages/code.scm				\
@@ -540,6 +541,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/chicken-CVE-2017-6949.patch		\
   %D%/packages/patches/chicken-CVE-2017-11343.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-disable-api-keys-warning.patch	\
+  %D%/packages/patches/chromium-disable-third-party-cookies.patch	\
+  %D%/packages/patches/chromium-gn-bootstrap.patch		\
+  %D%/packages/patches/chromium-system-libevent.patch		\
+  %D%/packages/patches/chromium-system-libxml.patch		\
+  %D%/packages/patches/chromium-system-icu.patch		\
+  %D%/packages/patches/chromium-system-nspr.patch		\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clucene-pkgconfig.patch			\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..81bcb8f05
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,594 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define opus+custom
+  (package (inherit opus)
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes. Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+;; Chromium since 58 depends on an unreleased libvpx. So, we
+;; package the latest master branch as of 2017-08-05.
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://chromium.googlesource.com/webm/libvpx")
+                    (commit "cbb83ba4aa99b40b0b4a2a407bfd6d0d8be87d1f")))
+              (file-name "libvpx-for-chromium-checkout")
+              (sha256
+               (base32
+                "1rj4ag0zg8c7cn4a9q75vslk5wc7vqy119k669286lxy8dvarh86"))))
+    ;; TODO: Make libvpx configure flags overrideable.
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "CONFIG_SHELL" (which "bash"))
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "LDFLAGS"
+                       (string-append "-Wl,-rpath=" out "/lib"))
+               (zero? (system* "./configure"
+                               "--enable-shared"
+                               "--as=yasm"
+                               ;; Limit size to avoid CVE-2015-1258
+                               "--size-limit=16384x16384"
+                               ;; Spatial SVC is an experimental VP9 encoder
+                               ;; used by some packages (i.e. Chromium).
+                               "--enable-experimental"
+                               "--enable-spatial-svc"
+                               (string-append "--prefix=" out)))))))
+       #:tests? #f)))) ; No tests.
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "60.0.3112.90")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1rirhwvccidza4q4z1gqdwcd9v1bymh1m9r2cq8jhiabfrjpjbxl"))
+       (patches (search-patches
+                 "chromium-gn-bootstrap.patch"
+                 "chromium-system-nspr.patch"
+                 "chromium-system-icu.patch"
+                 "chromium-system-libevent.patch"
+                 "chromium-system-libxml.patch"
+                 "chromium-disable-api-keys-warning.patch"
+                 "chromium-disable-third-party-cookies.patch"))
+       (modules '((srfi srfi-1)
+                  (guix build utils)))
+       (snippet
+        '(begin
+            ;; Replace GN files from third_party with shims for building
+            ;; against system libraries.  Keep this list in sync with
+            ;; "build/linux/unbundle/replace_gn_files.py".
+            (for-each (lambda (pair)
+                        (let ((source (string-append
+                                       "build/linux/unbundle/" (car pair)))
+                              (dest (cdr pair)))
+                          (copy-file source dest)))
+                      (list
+                       '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                       '("flac.gn" . "third_party/flac/BUILD.gn")
+                       '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                       '("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                       '("icu.gn" . "third_party/icu/BUILD.gn")
+                       '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                       '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                       '("libjpeg.gn" .
+                         "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                       '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                       '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                       '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                       '("libxml.gn" . "third_party/libxml/BUILD.gn")
+                       '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                       '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                       '("opus.gn" . "third_party/opus/BUILD.gn")
+                       '("re2.gn" . "third_party/re2/BUILD.gn")
+                       '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                       '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                       '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+            #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; How?
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-bundled-software
+           (lambda _
+             (let ((keep-libs
+                    (list
+                     ;; Third party folders that cannot be deleted yet.
+                     "base/third_party/dmg_fp"
+                     "base/third_party/dynamic_annotations"
+                     "base/third_party/icu"
+                     "base/third_party/superfasthash"
+                     "base/third_party/symbolize" ; glog
+                     "base/third_party/xdg_mime"
+                     "base/third_party/xdg_user_dirs"
+                     "chrome/third_party/mozilla_security_manager"
+                     "courgette/third_party"
+                     "net/third_party/mozilla_security_manager"
+                     "net/third_party/nss"
+                     "third_party/adobe/flash/flapper_version.h"
+                     ;; FIXME: This is used in:
+                     ;; * ui/webui/resources/js/analytics.js
+                     ;; * ui/file_manager/
+                     "third_party/analytics"
+                     "third_party/angle"
+                     "third_party/angle/src/common/third_party/numerics"
+                     "third_party/angle/src/third_party/compiler"
+                     "third_party/angle/src/third_party/libXNVCtrl"
+                     "third_party/angle/src/third_party/murmurhash"
+                     "third_party/angle/src/third_party/trace_event"
+                     "third_party/boringssl"
+                     "third_party/brotli"
+                     "third_party/cacheinvalidation"
+                     "third_party/catapult"
+                     "third_party/catapult/third_party/polymer"
+                     "third_party/catapult/third_party/py_vulcanize"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rcssmin"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rjsmin"
+                     "third_party/catapult/tracing/third_party/d3"
+                     "third_party/catapult/tracing/third_party/gl-matrix"
+                     "third_party/catapult/tracing/third_party/jszip"
+                     "third_party/catapult/tracing/third_party/mannwhitneyu"
+                     "third_party/catapult/tracing/third_party/oboe"
+                     "third_party/ced"
+                     "third_party/cld_3"
+                     "third_party/cros_system_api"
+                     "third_party/dom_distiller_js"
+                     "third_party/fips181"
+                     "third_party/flatbuffers"
+                     ;; XXX Needed by pdfium since 59.
+                     "third_party/freetype"
+                     "third_party/glslang-angle"
+                     "third_party/google_input_tools"
+                     "third_party/google_input_tools/third_party/closure_library"
+                     (string-append "third_party/google_input_tools/third_party"
+                                    "/closure_library/third_party/closure")
+                     "third_party/googletest"
+                     "third_party/hunspell"
+                     "third_party/iccjpeg"
+                     "third_party/inspector_protocol"
+                     "third_party/jinja2"
+                     "third_party/jstemplate"
+                     "third_party/khronos"
+                     "third_party/leveldatabase"
+                     "third_party/libXNVCtrl"
+                     "third_party/libaddressinput"
+                     "third_party/libjingle_xmpp"
+                     "third_party/libphonenumber"
+                     "third_party/libsecret"       ;FIXME: needs pkg-config support.
+                     "third_party/libsrtp"         ;TODO: Requires libsrtp@2.
+                     "third_party/libudev"
+                     "third_party/libwebm"
+                     "third_party/libxml/chromium"
+                     "third_party/libyuv"
+                     "third_party/lss"
+                     "third_party/lzma_sdk"
+                     "third_party/markupsafe"
+                     "third_party/mesa"
+                     "third_party/modp_b64"
+                     "third_party/mt19937ar"
+                     "third_party/node"
+                     "third_party/node/node_modules/vulcanize/third_party/UglifyJS2"
+                     "third_party/openmax_dl"
+                     "third_party/ots"
+                     "third_party/pdfium"         ;TODO: can be built standalone.
+                     "third_party/pdfium/third_party"
+                     "third_party/ply"
+                     "third_party/polymer"
+                     "third_party/protobuf"
+                     "third_party/protobuf/third_party/six"
+                     "third_party/qcms"
+                     "third_party/sfntly"
+                     "third_party/skia"
+                     "third_party/skia/third_party/vulkan"
+                     "third_party/smhasher"
+                     ;; XXX the sources that include this are generated.
+                     "third_party/speech-dispatcher"
+                     "third_party/spirv-headers"
+                     "third_party/spirv-tools-angle"
+                     "third_party/sqlite"
+                     "third_party/swiftshader"
+                     "third_party/swiftshader/third_party"
+                     "third_party/usb_ids"
+                     "third_party/usrsctp"
+                     "third_party/vulkan"
+                     "third_party/vulkan-validation-layers"
+                     "third_party/WebKit"
+                     "third_party/web-animations-js"
+                     "third_party/webrtc"
+                     "third_party/widevine/cdm/widevine_cdm_version.h"
+                     "third_party/widevine/cdm/widevine_cdm_common.h"
+                     "third_party/woff2"
+                     "third_party/xdg-utils"
+                     "third_party/yasm/run_yasm.py"
+                     "third_party/zlib/google"
+                     "url/third_party/mozilla"
+                     "v8/src/third_party/valgrind"
+                     "v8/third_party/inspector_protocol")))
+               ;; FIXME: implement as source snippet. This traverses
+               ;; any "third_party" directory and deletes files that are:
+               ;; * not ending with ".gn" or ".gni"; or
+               ;; * not explicitly named as argument (folder or file).
+               (zero? (apply system* "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" keep-libs)))))
+         (add-after 'remove-bundled-software 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/tracked_objects.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage. Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_sysroot=false"
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     ;; Don't fail when using deprecated ffmpeg features.
+                     "treat_warnings_as_errors=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\"" ; Don't use tcmalloc.
+                     ;; Don't add any API keys. End users can set them in the
+                     ;; environment if necessary.
+                     ;; https://www.chromium.org/developers/how-tos/api-keys
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+
+                     "use_system_libjpeg=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;; "use_system_sqlite=true"
+                     "use_gtk3=true"
+                     "use_gconf=false"         ; deprecated by gsettings
+                     "use_gnome_keyring=false" ; deprecated by libsecret
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+                     "use_openh264=true"
+
+                     ;; Don't arbitrarily restrict formats supported by our ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libjpeg=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ; 2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (zero? (system* "python"
+                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
+                ;; Generate ninja build files.
+                (zero? (system* "./out/Release/gn" "gen" "out/Release"
+                                (string-append "--args="
+                                               (string-join gn-flags " "))))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "ninja" "-C" "out/Release"
+                             "-j" (number->string (parallel-job-count))
+                             "chrome"))))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(so|bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (mkdir-p applications)
+               (call-with-output-file (string-append applications
+                                                     "/chromium.desktop")
+                 (lambda (port)
+                   (format port
+                           "[Desktop Entry]~@
+                           Name=Chromium~@
+                           Comment=~a~@
+                           Exec=~a~@
+                           Icon=chromium.png~@
+                           Type=Application~%" ,synopsis exe)))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p man)
+                 (copy-file "chrome.1" (string-append man "/chromium.1"))
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             CHROMIUM_FLAGS=\"--disable-background-networking\"~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                                 CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git) ; last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ;; Headers.
+       ("curl" ,curl)
+       ("valgrind" ,valgrind)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("udev" ,eudev)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser using the @code{Blink} rendering engine.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; software with other licenses. For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-disable-api-keys-warning.patch b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
new file mode 100644
index 000000000..c7e219f40
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
@@ -0,0 +1,17 @@
+Disable warning about missing API keys.
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/google-api-warning.patch
+
+--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
++++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+@@ -816,8 +816,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+       !command_line_.HasSwitch(switches::kTestType) &&
+       !command_line_.HasSwitch(switches::kEnableAutomation)) {
+     chrome::ShowBadFlagsPrompt(browser);
+-    GoogleApiKeysInfoBarDelegate::Create(InfoBarService::FromWebContents(
+-        browser->tab_strip_model()->GetActiveWebContents()));
+     ObsoleteSystemInfoBarDelegate::Create(InfoBarService::FromWebContents(
+         browser->tab_strip_model()->GetActiveWebContents()));
+ 
diff --git a/gnu/packages/patches/chromium-disable-third-party-cookies.patch b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
new file mode 100644
index 000000000..0694c35f3
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
@@ -0,0 +1,13 @@
+Disable third party cookies by default.
+
+--- a/components/content_settings/core/browser/cookie_settings.cc
++++ b/components/content_settings/core/browser/cookie_settings.cc
+@@ -101,7 +101,7 @@ void CookieSettings::GetCookieSettings(
+ void CookieSettings::RegisterProfilePrefs(
+     user_prefs::PrefRegistrySyncable* registry) {
+   registry->RegisterBooleanPref(
+-      prefs::kBlockThirdPartyCookies, false,
++      prefs::kBlockThirdPartyCookies, true,
+       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+ }
+ 
diff --git a/gnu/packages/patches/chromium-gn-bootstrap.patch b/gnu/packages/patches/chromium-gn-bootstrap.patch
new file mode 100644
index 000000000..6d1dcb166
--- /dev/null
+++ b/gnu/packages/patches/chromium-gn-bootstrap.patch
@@ -0,0 +1,13 @@
+description: add file needed to build gn
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -490,6 +490,7 @@ def write_gn_ninja(path, root_gen_dir, o
+       'base/sys_info.cc',
+       'base/task_runner.cc',
+       'base/task_scheduler/delayed_task_manager.cc',
++      'base/task_scheduler/environment_config.cc',
+       'base/task_scheduler/post_task.cc',
+       'base/task_scheduler/priority_queue.cc',
+       'base/task_scheduler/scheduler_lock_impl.cc',
diff --git a/gnu/packages/patches/chromium-system-icu.patch b/gnu/packages/patches/chromium-system-icu.patch
new file mode 100644
index 000000000..c35c1b75c
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-icu.patch
@@ -0,0 +1,15 @@
+description: maintain compatibility with system icu library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -657,8 +657,7 @@ group("gn_all") {
+     }
+   }
+ 
+-  if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfuzz) ||
+-      (use_libfuzzer && is_mac)) {
++  if (false) {
+     deps += [
+       "//testing/libfuzzer/fuzzers",
+       "//testing/libfuzzer/tests:libfuzzer_tests",
diff --git a/gnu/packages/patches/chromium-system-libevent.patch b/gnu/packages/patches/chromium-system-libevent.patch
new file mode 100644
index 000000000..91fc9e3b5
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-libevent.patch
@@ -0,0 +1,84 @@
+description: build using system libevent
+author: Michael Gilbert <mgilbert@debian.org>
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/system/event.patch
+
+--- a/third_party/webrtc/base/task_queue_libevent.cc
++++ b/third_party/webrtc/base/task_queue_libevent.cc
+@@ -15,7 +15,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ 
+-#include "base/third_party/libevent/event.h"
++#include <event.h>
+ #include "webrtc/base/checks.h"
+ #include "webrtc/base/logging.h"
+ #include "webrtc/base/task_queue_posix.h"
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -609,26 +609,6 @@ def write_gn_ninja(path, root_gen_dir, o
+         'base/time/time_now_posix.cc',
+         'base/trace_event/heap_profiler_allocation_register_posix.cc',
+     ])
+-    static_libraries['libevent'] = {
+-        'sources': [
+-            'base/third_party/libevent/buffer.c',
+-            'base/third_party/libevent/evbuffer.c',
+-            'base/third_party/libevent/evdns.c',
+-            'base/third_party/libevent/event.c',
+-            'base/third_party/libevent/event_tagging.c',
+-            'base/third_party/libevent/evrpc.c',
+-            'base/third_party/libevent/evutil.c',
+-            'base/third_party/libevent/http.c',
+-            'base/third_party/libevent/log.c',
+-            'base/third_party/libevent/poll.c',
+-            'base/third_party/libevent/select.c',
+-            'base/third_party/libevent/signal.c',
+-            'base/third_party/libevent/strlcpy.c',
+-        ],
+-        'tool': 'cc',
+-        'include_dirs': [],
+-        'cflags': cflags + ['-DHAVE_CONFIG_H'],
+-    }
+ 
+   if is_linux or is_aix:
+     ldflags.extend(['-pthread'])
+@@ -660,13 +640,7 @@ def write_gn_ninja(path, root_gen_dir, o
+         'base/allocator/allocator_shim.cc',
+         'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
+       ])
+-      libs.extend(['-lrt', '-latomic', '-lnspr4'])
+-      static_libraries['libevent']['include_dirs'].extend([
+-          os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linux')
+-      ])
+-      static_libraries['libevent']['sources'].extend([
+-         'base/third_party/libevent/epoll.c',
+-      ])
++      libs.extend(['-lrt', '-latomic', '-lnspr4', '-levent'])
+     else:
+       libs.extend(['-lrt'])
+       static_libraries['base']['sources'].extend([
+@@ -703,12 +677,6 @@ def write_gn_ninja(path, root_gen_dir, o
+         'base/time/time_mac.cc',
+         'base/threading/platform_thread_mac.mm',
+     ])
+-    static_libraries['libevent']['include_dirs'].extend([
+-        os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'mac')
+-    ])
+-    static_libraries['libevent']['sources'].extend([
+-        'base/third_party/libevent/kqueue.c',
+-    ])
+ 
+     libs.extend([
+         '-framework', 'AppKit',
+--- a/base/message_loop/message_pump_libevent.cc
++++ b/base/message_loop/message_pump_libevent.cc
+@@ -14,7 +14,7 @@
+ #include "base/files/file_util.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
+-#include "base/third_party/libevent/event.h"
++#include <event.h>
+ #include "base/time/time.h"
+ #include "base/trace_event/trace_event.h"
+ #include "build/build_config.h"
diff --git a/gnu/packages/patches/chromium-system-libxml.patch b/gnu/packages/patches/chromium-system-libxml.patch
new file mode 100644
index 000000000..23c42d79c
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-libxml.patch
@@ -0,0 +1,29 @@
+description: system libxml2 2.9.4 does not yet provide XML_PARSE_NOXXE
+author: Michael Gilbert <mgilbert@debian.org>
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/system/libxml.patch
+
+--- a/third_party/libxml/chromium/libxml_utils.cc
++++ b/third_party/libxml/chromium/libxml_utils.cc
+@@ -24,8 +24,7 @@ XmlReader::~XmlReader() {
+ 
+ bool XmlReader::Load(const std::string& input) {
+   const int kParseOptions = XML_PARSE_RECOVER |  // recover on errors
+-                            XML_PARSE_NONET |    // forbid network access
+-                            XML_PARSE_NOXXE;     // no external entities
++                            XML_PARSE_NONET;     // forbid network access
+   // TODO(evanm): Verify it's OK to pass NULL for the URL and encoding.
+   // The libxml code allows for these, but it's unclear what effect is has.
+   reader_ = xmlReaderForMemory(input.data(), static_cast<int>(input.size()),
+@@ -35,8 +34,7 @@ bool XmlReader::Load(const std::string&
+ 
+ bool XmlReader::LoadFile(const std::string& file_path) {
+   const int kParseOptions = XML_PARSE_RECOVER |  // recover on errors
+-                            XML_PARSE_NONET |    // forbid network access
+-                            XML_PARSE_NOXXE;     // no external entities
++                            XML_PARSE_NONET;     // forbid network access
+   reader_ = xmlReaderForFile(file_path.c_str(), NULL, kParseOptions);
+   return reader_ != NULL;
+ }
diff --git a/gnu/packages/patches/chromium-system-nspr.patch b/gnu/packages/patches/chromium-system-nspr.patch
new file mode 100644
index 000000000..5f2cca0c3
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-nspr.patch
@@ -0,0 +1,65 @@
+description: use system nspr library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/base/time/pr_time_unittest.cc
++++ b/base/time/pr_time_unittest.cc
+@@ -7,7 +7,7 @@
+ 
+ #include "base/compiler_specific.h"
+ #include "base/macros.h"
+-#include "base/third_party/nspr/prtime.h"
++#include <nspr/prtime.h>
+ #include "base/time/time.h"
+ #include "build/build_config.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+--- a/base/time/time.cc
++++ b/base/time/time.cc
+@@ -14,7 +14,7 @@
+ #include "base/logging.h"
+ #include "base/macros.h"
+ #include "base/strings/stringprintf.h"
+-#include "base/third_party/nspr/prtime.h"
++#include <nspr/prtime.h>
+ #include "build/build_config.h"
+ 
+ namespace base {
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -510,7 +510,6 @@ def write_gn_ninja(path, root_gen_dir, o
+       'base/third_party/dmg_fp/dtoa_wrapper.cc',
+       'base/third_party/dmg_fp/g_fmt.cc',
+       'base/third_party/icu/icu_utf.cc',
+-      'base/third_party/nspr/prtime.cc',
+       'base/threading/non_thread_safe_impl.cc',
+       'base/threading/post_task_and_reply_impl.cc',
+       'base/threading/sequenced_task_runner_handle.cc',
+@@ -661,7 +660,7 @@ def write_gn_ninja(path, root_gen_dir, o
+         'base/allocator/allocator_shim.cc',
+         'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
+       ])
+-      libs.extend(['-lrt', '-latomic'])
++      libs.extend(['-lrt', '-latomic', '-lnspr4'])
+       static_libraries['libevent']['include_dirs'].extend([
+           os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linux')
+       ])
+--- a/base/BUILD.gn
++++ b/base/BUILD.gn
+@@ -58,6 +58,9 @@ config("base_flags") {
+       "-Wno-char-subscripts",
+     ]
+   }
++  ldflags = [
++    "-lnspr4",
++  ]
+ }
+ 
+ config("base_implementation") {
+@@ -868,8 +871,6 @@ component("base") {
+     "third_party/dmg_fp/g_fmt.cc",
+     "third_party/icu/icu_utf.cc",
+     "third_party/icu/icu_utf.h",
+-    "third_party/nspr/prtime.cc",
+-    "third_party/nspr/prtime.h",
+     "third_party/superfasthash/superfasthash.c",
+     "third_party/valgrind/memcheck.h",
+     "threading/non_thread_safe.h",
-- 
2.14.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
@ 2017-08-07 20:23 ` ng0
  2017-08-07 21:16   ` Marius Bakke
  2017-08-10  5:31 ` Efraim Flashner
                   ` (6 subsequent siblings)
  7 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2017-08-07 20:23 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1245 bytes --]

Hi Marius,

Marius Bakke transcribed 43K bytes:
> Hello Guix!
> 
> Attached is a patch for Chromium, a popular web browser.

Nice! I've been using this from your branch for a while now,
works just fine :)
Is this not affected by the chromium discussion which happened
a while back? Can we include this? I'm all for this, because I
mainly use it for websites where firefox/icecat doesn't work so
well, and building it locally takes a very long time.
(Pro-tip: Don't offload from very powerful laptops to 10 year
old computers with 2 cores ;))

> It requires the new ld wrapper from 'core-updates' and a very powerful
> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).

But to notice: it builds with less than 3GB RAM.

> Note that I cannot guarantee timely delivery of security updates. Major
> version upgrades are hugely painful, and almost always contain many
> high-severity fixes. Should we mention that in the description?
> 
> Happy for any feedback.
> 

Shouldn't you mention defines in addition to the define-public aswell,
or don't we do that?
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 20:23 ` ng0
@ 2017-08-07 21:16   ` Marius Bakke
  2017-08-08  5:53     ` ng0
  2017-08-08 13:18     ` ng0
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2017-08-07 21:16 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1824 bytes --]

ng0 <ng0@infotropique.org> writes:

> Hi Marius,
>
> Marius Bakke transcribed 43K bytes:
>> Hello Guix!
>> 
>> Attached is a patch for Chromium, a popular web browser.
>
> Nice! I've been using this from your branch for a while now,
> works just fine :)
> Is this not affected by the chromium discussion which happened
> a while back? Can we include this? I'm all for this, because I
> mainly use it for websites where firefox/icecat doesn't work so
> well, and building it locally takes a very long time.

I believe this is within the Free System Distribution Guidelines. DRM
("Widevine") is disabled at build time, and the Web Store is
non-functional without the end user explicitly enabling it.

There are some grey areas though. The browser may interact with certain
non-free APIs (apart from regular browser duties) such as translation or
prediction services. These features are optional, but some are enabled
by default, and difficult to maintain patches for (I've tried).

However, I have verified that it does not send any unsolicited requests
with the current command-line options, apart from the very first launch
which spawns a login prompt (help wanted!). Without either of those
flags the browser "calls home" every time it starts.

>> Note that I cannot guarantee timely delivery of security updates. Major
>> version upgrades are hugely painful, and almost always contain many
>> high-severity fixes. Should we mention that in the description?
>> 
>> Happy for any feedback.
>> 
>
> Shouldn't you mention defines in addition to the define-public aswell,
> or don't we do that?

Not for new files (modules), typically. I don't think Magit can fill out
those variable names (by pressing C on the hunks) either ;-) But it
should probably go in web-browsers.scm anyway.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 21:16   ` Marius Bakke
@ 2017-08-08  5:53     ` ng0
  2017-08-08 13:18     ` ng0
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2017-08-08  5:53 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2776 bytes --]

Marius Bakke transcribed 2.4K bytes:
> ng0 <ng0@infotropique.org> writes:
> 
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >> 
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
> 
> I believe this is within the Free System Distribution Guidelines.

What I meant was this long discussion about "QTWebengine is nonfree",
but as far as I experienced in being one of the early users of chromium
for a long time, it doesn't depend on anything Qt and doesn't bundle it.
So without having the time this morning to refresh the discussion, I think
it was about Chromium as a part for other software which is provided
through QtWebengine (Or maybe I'm tired and write only almost nonsense).

> DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
> 
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
> 
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
> 
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >> 
> >> Happy for any feedback.
> >> 
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
> 
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.

Isn't web-browsers just for smaller browsers? we have gnuzilla, and I'm
about to add palemoon when I have analysed and cleaned up my build of it.

Of course we coukd add them all to web-browser, the file won't become too large.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 21:16   ` Marius Bakke
  2017-08-08  5:53     ` ng0
@ 2017-08-08 13:18     ` ng0
  2017-08-08 14:22       ` ng0
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2017-08-08 13:18 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2479 bytes --]

Marius Bakke transcribed 2.4K bytes:
> ng0 <ng0@infotropique.org> writes:
> 
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >> 
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
> 
> I believe this is within the Free System Distribution Guidelines. DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
> 
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
> 
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
> 
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >> 
> >> Happy for any feedback.
> >> 
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
> 
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.

Unless someone else is already building this, I'm giving it a spin.

I guess you changed some things since the version of yours I have in
here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
so I have to rebuild it.
It might take a while because I'm offloading to something much slower
but which doesn't care about heat as much as a this one ;)
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-08 13:18     ` ng0
@ 2017-08-08 14:22       ` ng0
  2017-08-08 15:44         ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2017-08-08 14:22 UTC (permalink / raw)
  To: Marius Bakke, 28004

[-- Attachment #1: Type: text/plain, Size: 2736 bytes --]

ng0 transcribed 3.4K bytes:
> Marius Bakke transcribed 2.4K bytes:
> > ng0 <ng0@infotropique.org> writes:
> > 
> > > Hi Marius,
> > >
> > > Marius Bakke transcribed 43K bytes:
> > >> Hello Guix!
> > >> 
> > >> Attached is a patch for Chromium, a popular web browser.
> > >
> > > Nice! I've been using this from your branch for a while now,
> > > works just fine :)
> > > Is this not affected by the chromium discussion which happened
> > > a while back? Can we include this? I'm all for this, because I
> > > mainly use it for websites where firefox/icecat doesn't work so
> > > well, and building it locally takes a very long time.
> > 
> > I believe this is within the Free System Distribution Guidelines. DRM
> > ("Widevine") is disabled at build time, and the Web Store is
> > non-functional without the end user explicitly enabling it.
> > 
> > There are some grey areas though. The browser may interact with certain
> > non-free APIs (apart from regular browser duties) such as translation or
> > prediction services. These features are optional, but some are enabled
> > by default, and difficult to maintain patches for (I've tried).
> > 
> > However, I have verified that it does not send any unsolicited requests
> > with the current command-line options, apart from the very first launch
> > which spawns a login prompt (help wanted!). Without either of those
> > flags the browser "calls home" every time it starts.
> > 
> > >> Note that I cannot guarantee timely delivery of security updates. Major
> > >> version upgrades are hugely painful, and almost always contain many
> > >> high-severity fixes. Should we mention that in the description?
> > >> 
> > >> Happy for any feedback.
> > >> 
> > >
> > > Shouldn't you mention defines in addition to the define-public aswell,
> > > or don't we do that?
> > 
> > Not for new files (modules), typically. I don't think Magit can fill out
> > those variable names (by pressing C on the hunks) either ;-) But it
> > should probably go in web-browsers.scm anyway.
> 
> Unless someone else is already building this, I'm giving it a spin.
> 
> I guess you changed some things since the version of yours I have in
> here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> so I have to rebuild it.
> It might take a while because I'm offloading to something much slower
> but which doesn't care about heat as much as a this one ;)

Patch itself LGTM, I'm now waiting on the build to finish in the
next couple of hours.

Thanks for your work on this!
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-08 14:22       ` ng0
@ 2017-08-08 15:44         ` ng0
  2017-08-08 18:59           ` ng0
  2017-08-08 19:51           ` Leo Famulari
  0 siblings, 2 replies; 152+ messages in thread
From: ng0 @ 2017-08-08 15:44 UTC (permalink / raw)
  To: Marius Bakke, 28004

[-- Attachment #1: Type: text/plain, Size: 4611 bytes --]

ng0 transcribed 3.7K bytes:
> ng0 transcribed 3.4K bytes:
> > Marius Bakke transcribed 2.4K bytes:
> > > ng0 <ng0@infotropique.org> writes:
> > > 
> > > > Hi Marius,
> > > >
> > > > Marius Bakke transcribed 43K bytes:
> > > >> Hello Guix!
> > > >> 
> > > >> Attached is a patch for Chromium, a popular web browser.
> > > >
> > > > Nice! I've been using this from your branch for a while now,
> > > > works just fine :)
> > > > Is this not affected by the chromium discussion which happened
> > > > a while back? Can we include this? I'm all for this, because I
> > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > well, and building it locally takes a very long time.
> > > 
> > > I believe this is within the Free System Distribution Guidelines. DRM
> > > ("Widevine") is disabled at build time, and the Web Store is
> > > non-functional without the end user explicitly enabling it.
> > > 
> > > There are some grey areas though. The browser may interact with certain
> > > non-free APIs (apart from regular browser duties) such as translation or
> > > prediction services. These features are optional, but some are enabled
> > > by default, and difficult to maintain patches for (I've tried).
> > > 
> > > However, I have verified that it does not send any unsolicited requests
> > > with the current command-line options, apart from the very first launch
> > > which spawns a login prompt (help wanted!). Without either of those
> > > flags the browser "calls home" every time it starts.
> > > 
> > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > >> version upgrades are hugely painful, and almost always contain many
> > > >> high-severity fixes. Should we mention that in the description?
> > > >> 
> > > >> Happy for any feedback.
> > > >> 
> > > >
> > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > or don't we do that?
> > > 
> > > Not for new files (modules), typically. I don't think Magit can fill out
> > > those variable names (by pressing C on the hunks) either ;-) But it
> > > should probably go in web-browsers.scm anyway.
> > 
> > Unless someone else is already building this, I'm giving it a spin.
> > 
> > I guess you changed some things since the version of yours I have in
> > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > so I have to rebuild it.
> > It might take a while because I'm offloading to something much slower
> > but which doesn't care about heat as much as a this one ;)
> 
> Patch itself LGTM, I'm now waiting on the build to finish in the
> next couple of hours.

x86_64 architecture, builds fails at this point:

[6247/27388] STAMP obj/mojo/common/common.stamp
[6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
FAILED: gen/net/http/transport_security_state_static.h
python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
transport_security_state_generator failed with exit code 127
[6249/27388] AR obj/sandbox/linux/libsandbox_services.a
ninja: build stopped: subcommand failed.
phase `build' failed after 1777.2 seconds
builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed

Have you experienced this before?

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-08 15:44         ` ng0
@ 2017-08-08 18:59           ` ng0
  2017-08-08 19:51           ` Leo Famulari
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2017-08-08 18:59 UTC (permalink / raw)
  To: Marius Bakke, 28004

[-- Attachment #1: Type: text/plain, Size: 5021 bytes --]

ng0 transcribed 5.5K bytes:
> ng0 transcribed 3.7K bytes:
> > ng0 transcribed 3.4K bytes:
> > > Marius Bakke transcribed 2.4K bytes:
> > > > ng0 <ng0@infotropique.org> writes:
> > > > 
> > > > > Hi Marius,
> > > > >
> > > > > Marius Bakke transcribed 43K bytes:
> > > > >> Hello Guix!
> > > > >> 
> > > > >> Attached is a patch for Chromium, a popular web browser.
> > > > >
> > > > > Nice! I've been using this from your branch for a while now,
> > > > > works just fine :)
> > > > > Is this not affected by the chromium discussion which happened
> > > > > a while back? Can we include this? I'm all for this, because I
> > > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > > well, and building it locally takes a very long time.
> > > > 
> > > > I believe this is within the Free System Distribution Guidelines. DRM
> > > > ("Widevine") is disabled at build time, and the Web Store is
> > > > non-functional without the end user explicitly enabling it.
> > > > 
> > > > There are some grey areas though. The browser may interact with certain
> > > > non-free APIs (apart from regular browser duties) such as translation or
> > > > prediction services. These features are optional, but some are enabled
> > > > by default, and difficult to maintain patches for (I've tried).
> > > > 
> > > > However, I have verified that it does not send any unsolicited requests
> > > > with the current command-line options, apart from the very first launch
> > > > which spawns a login prompt (help wanted!). Without either of those
> > > > flags the browser "calls home" every time it starts.
> > > > 
> > > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > > >> version upgrades are hugely painful, and almost always contain many
> > > > >> high-severity fixes. Should we mention that in the description?
> > > > >> 
> > > > >> Happy for any feedback.
> > > > >> 
> > > > >
> > > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > > or don't we do that?
> > > > 
> > > > Not for new files (modules), typically. I don't think Magit can fill out
> > > > those variable names (by pressing C on the hunks) either ;-) But it
> > > > should probably go in web-browsers.scm anyway.
> > > 
> > > Unless someone else is already building this, I'm giving it a spin.
> > > 
> > > I guess you changed some things since the version of yours I have in
> > > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > > so I have to rebuild it.
> > > It might take a while because I'm offloading to something much slower
> > > but which doesn't care about heat as much as a this one ;)
> > 
> > Patch itself LGTM, I'm now waiting on the build to finish in the
> > next couple of hours.
> 
> x86_64 architecture, builds fails at this point:
> 
> [6247/27388] STAMP obj/mojo/common/common.stamp
> [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> FAILED: gen/net/http/transport_security_state_static.h
> python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> transport_security_state_generator failed with exit code 127
> [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> ninja: build stopped: subcommand failed.
> phase `build' failed after 1777.2 seconds
> builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> 
> Have you experienced this before?

As efraim pointed out I missed the part where you wrote that
it is for core-updates. I just assumed it worked like it is
on master because what I had locally (chromium 58) works on
master).

Someone else must test it then.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-08 15:44         ` ng0
  2017-08-08 18:59           ` ng0
@ 2017-08-08 19:51           ` Leo Famulari
  2017-08-08 20:46             ` ng0
  1 sibling, 1 reply; 152+ messages in thread
From: Leo Famulari @ 2017-08-08 19:51 UTC (permalink / raw)
  To: Marius Bakke, 28004

[-- Attachment #1: Type: text/plain, Size: 1967 bytes --]

On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote:
> x86_64 architecture, builds fails at this point:
> 
> [6247/27388] STAMP obj/mojo/common/common.stamp
> [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> FAILED: gen/net/http/transport_security_state_static.h
> python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> transport_security_state_generator failed with exit code 127
> [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> ninja: build stopped: subcommand failed.
> phase `build' failed after 1777.2 seconds
> builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> 
> Have you experienced this before?

Based on discussion on #guix, this package is based on core-updates. Did
you try building it on core-updates?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-08 19:51           ` Leo Famulari
@ 2017-08-08 20:46             ` ng0
  0 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2017-08-08 20:46 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2532 bytes --]

Leo Famulari transcribed 3.0K bytes:
> On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote:
> > x86_64 architecture, builds fails at this point:
> > 
> > [6247/27388] STAMP obj/mojo/common/common.stamp
> > [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> > FAILED: gen/net/http/transport_security_state_static.h
> > python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> > ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> > transport_security_state_generator failed with exit code 127
> > [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> > ninja: build stopped: subcommand failed.
> > phase `build' failed after 1777.2 seconds
> > builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> > derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> > guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> > 
> > Have you experienced this before?
> 
> Based on discussion on #guix, this package is based on core-updates. Did
> you try building it on core-updates?

No, I have no time for switching a system to core-updates for a moment and dealing with
whatever needs to be dealt with before I can build it there, unless core-updates is
stable.
I don't want to be the roadblock, I could test it at some point in the next 2 - 3 weeks
and this package looks like it is good to go if it builds.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
  2017-08-07 20:23 ` ng0
@ 2017-08-10  5:31 ` Efraim Flashner
  2017-08-31  7:36   ` ng0
  2017-10-10 13:19 ` ng0
                   ` (5 subsequent siblings)
  7 siblings, 1 reply; 152+ messages in thread
From: Efraim Flashner @ 2017-08-10  5:31 UTC (permalink / raw)
  To: 28004

[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]

This built on aarch64 on core-updates in about 12.5 hours. I did need to
add the following substitution* to the package definition.

diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 81bcb8f05..855779a11 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -346,6 +346,13 @@
                (("include \"third_party/curl") "include \"curl"))
              (substitute* "media/base/decode_capabilities.cc"
                (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+
              #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)

With this addition it builds for me.


-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-10  5:31 ` Efraim Flashner
@ 2017-08-31  7:36   ` ng0
  0 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2017-08-31  7:36 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 482 bytes --]

Efraim Flashner transcribed 2.2K bytes:
> This built on aarch64 on core-updates in about 12.5 hours. I did need to
> add the following substitution* to the package definition.

As core-updates has been merged now, is this package good
to go? I could build it on my x86_64 builder this afternoon
if it requires one more check.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
  2017-08-07 20:23 ` ng0
  2017-08-10  5:31 ` Efraim Flashner
@ 2017-10-10 13:19 ` ng0
  2017-10-11 19:52   ` Ludovic Courtès
  2018-02-26 18:19 ` [bug#28004] [PATCH] gnu: Add chromium Marius Bakke
                   ` (4 subsequent siblings)
  7 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2017-10-10 13:19 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 790 bytes --]

Marius Bakke transcribed 43K bytes:
> Hello Guix!
> 
> Attached is a patch for Chromium, a popular web browser.
> 
> It requires the new ld wrapper from 'core-updates' and a very powerful
> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).
> 
> Note that I cannot guarantee timely delivery of security updates. Major
> version upgrades are hugely painful, and almost always contain many
> high-severity fixes. Should we mention that in the description?
> 
> Happy for any feedback.

Hi,

could this patch be merged into master now?
It would be too bad to see this gathering digitial dust.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-10 13:19 ` ng0
@ 2017-10-11 19:52   ` Ludovic Courtès
  2017-10-12 19:56     ` Leo Famulari
  0 siblings, 1 reply; 152+ messages in thread
From: Ludovic Courtès @ 2017-10-11 19:52 UTC (permalink / raw)
  To: ng0, Leo Famulari; +Cc: 28004

Hi!

ng0 <ng0@infotropique.org> skribis:

> Marius Bakke transcribed 43K bytes:
>> Hello Guix!
>> 
>> Attached is a patch for Chromium, a popular web browser.
>> 
>> It requires the new ld wrapper from 'core-updates' and a very powerful
>> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).
>> 
>> Note that I cannot guarantee timely delivery of security updates. Major
>> version upgrades are hugely painful, and almost always contain many
>> high-severity fixes. Should we mention that in the description?
>> 
>> Happy for any feedback.
>
> Hi,
>
> could this patch be merged into master now?

Probably (I think at the time Marius submitted it the ‘ld’ wrapper
enhancements were not in ‘master’ yet.)

For the security aspect though, given that it’s a fairly critical
component, I’d like to have Leo’s opinion.  Thoughts?

> It would be too bad to see this gathering digitial dust.

Indeed!

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-11 19:52   ` Ludovic Courtès
@ 2017-10-12 19:56     ` Leo Famulari
  2017-10-12 20:28       ` ng0
  2017-10-13  6:51       ` Ludovic Courtès
  0 siblings, 2 replies; 152+ messages in thread
From: Leo Famulari @ 2017-10-12 19:56 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1840 bytes --]

On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
> ng0 <ng0@infotropique.org> skribis:
> > could this patch be merged into master now?
> 
> Probably (I think at the time Marius submitted it the ‘ld’ wrapper
> enhancements were not in ‘master’ yet.)
> 
> For the security aspect though, given that it’s a fairly critical
> component, I’d like to have Leo’s opinion.  Thoughts?

Any questions in particular?

For me, the primary question is maintenance.

As Marius pointed out when sending the patch, major version upgrades may
be difficult, and timely delivery of security updates cannot be
guaranteed. But these caveats apply to every package. [0] They aren't a
reason to exclude Chromium from Guix.

Now, if we add the Chromium package and then let if fall behind for
weeks or months, that will be a problem, and we will need to remove it.
It's relatively easy to remove packages of end-user applications, since
it's rare that other packages depend on them.

As always, I'm willing to help with security updates as much as my
volunteer schedule allows.

The other issue will be bugs caused by the use of non-bundled libraries.
Presumably, important bugs are fixed in the bundled libraries before
they are released by the upstream library (if ever). But again, this is
an issue with all of our packages. We will address these issues when we
find them.

There was a new release last month, 61.0.3163. I'd like to try updating
to it this weekend if I have the disk (does anyone know how much is
required) and computing power. Then we can push :)

[0] Users who really need to rely on the security of Chromium or Chrome
should use the "official" installation from the Chromium or Google
teams, and turn on auto-updates. Every update can be expected to fix
critical bugs.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-12 19:56     ` Leo Famulari
@ 2017-10-12 20:28       ` ng0
  2017-10-13  6:51       ` Ludovic Courtès
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2017-10-12 20:28 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2250 bytes --]

Leo Famulari transcribed 2.9K bytes:
> On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
> > ng0 <ng0@infotropique.org> skribis:
> > > could this patch be merged into master now?
> > 
> > Probably (I think at the time Marius submitted it the ‘ld’ wrapper
> > enhancements were not in ‘master’ yet.)
> > 
> > For the security aspect though, given that it’s a fairly critical
> > component, I’d like to have Leo’s opinion.  Thoughts?
> 
> Any questions in particular?
> 
> For me, the primary question is maintenance.
> 
> As Marius pointed out when sending the patch, major version upgrades may
> be difficult, and timely delivery of security updates cannot be
> guaranteed. But these caveats apply to every package. [0] They aren't a
> reason to exclude Chromium from Guix.
> 
> Now, if we add the Chromium package and then let if fall behind for
> weeks or months, that will be a problem, and we will need to remove it.
> It's relatively easy to remove packages of end-user applications, since
> it's rare that other packages depend on them.
> 
> As always, I'm willing to help with security updates as much as my
> volunteer schedule allows.
> 
> The other issue will be bugs caused by the use of non-bundled libraries.
> Presumably, important bugs are fixed in the bundled libraries before
> they are released by the upstream library (if ever). But again, this is
> an issue with all of our packages. We will address these issues when we
> find them.
> 
> There was a new release last month, 61.0.3163. I'd like to try updating
> to it this weekend if I have the disk (does anyone know how much is
> required) and computing power. Then we can push :)

Around 8 GiB for a full build as far as I know, that is when you include
debbuging symbols. So it's less than 8 GiB.

> [0] Users who really need to rely on the security of Chromium or Chrome
> should use the "official" installation from the Chromium or Google
> teams, and turn on auto-updates. Every update can be expected to fix
> critical bugs.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-12 19:56     ` Leo Famulari
  2017-10-12 20:28       ` ng0
@ 2017-10-13  6:51       ` Ludovic Courtès
  2017-10-18 22:41         ` Marius Bakke
  1 sibling, 1 reply; 152+ messages in thread
From: Ludovic Courtès @ 2017-10-13  6:51 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 28004

Heya,

Leo Famulari <leo@famulari.name> skribis:

> On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
>> ng0 <ng0@infotropique.org> skribis:
>> > could this patch be merged into master now?
>> 
>> Probably (I think at the time Marius submitted it the ‘ld’ wrapper
>> enhancements were not in ‘master’ yet.)
>> 
>> For the security aspect though, given that it’s a fairly critical
>> component, I’d like to have Leo’s opinion.  Thoughts?
>
> Any questions in particular?

Not really, I was wondering about the Marius’ warning as to the
difficulty of keeping it up-to-date.

> For me, the primary question is maintenance.
>
> As Marius pointed out when sending the patch, major version upgrades may
> be difficult, and timely delivery of security updates cannot be
> guaranteed. But these caveats apply to every package. [0] They aren't a
> reason to exclude Chromium from Guix.

Right.  A browser is particularly sensitive though.

> Now, if we add the Chromium package and then let if fall behind for
> weeks or months, that will be a problem, and we will need to remove it.
> It's relatively easy to remove packages of end-user applications, since
> it's rare that other packages depend on them.
>
> As always, I'm willing to help with security updates as much as my
> volunteer schedule allows.
>
> The other issue will be bugs caused by the use of non-bundled libraries.
> Presumably, important bugs are fixed in the bundled libraries before
> they are released by the upstream library (if ever). But again, this is
> an issue with all of our packages. We will address these issues when we
> find them.

Yeah.

> There was a new release last month, 61.0.3163. I'd like to try updating
> to it this weekend if I have the disk (does anyone know how much is
> required) and computing power. Then we can push :)

Sounds like a plan!

> [0] Users who really need to rely on the security of Chromium or Chrome
> should use the "official" installation from the Chromium or Google
> teams, and turn on auto-updates. Every update can be expected to fix
> critical bugs.

I get your point, but OTOH getting binaries from Google is not something
I feel like recommending.  :-)

I think we should make sure that our package does not call home in any
way.  That’s what I expect from a security- and privacy-conscious
distro.

WDYT?

Thanks for your feedback!

Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-13  6:51       ` Ludovic Courtès
@ 2017-10-18 22:41         ` Marius Bakke
  2017-10-19  5:48           ` ng0
                             ` (3 more replies)
  0 siblings, 4 replies; 152+ messages in thread
From: Marius Bakke @ 2017-10-18 22:41 UTC (permalink / raw)
  To: Ludovic Courtès, Leo Famulari; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 697 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> I think we should make sure that our package does not call home in any
> way.  That’s what I expect from a security- and privacy-conscious
> distro.

Currently, it calls home at first launch, prompting for a login.  But
I've verified that it does not send any unsolicited requests for
subsequent startups, as long as the user does not change the
command-line flags.

Anyway I'm attaching the current iteration of this patch.  Chromium 62
is out today, I'll try to update this weekend and will push it after
that in lieu of other feedback.

I would be very happy if someone managed to complete the 62 upgrade
before me, however!  ;-)


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 37254 bytes --]

From d6e3ef7f28a9bc4ace0c52e09b1e4bdde84e01e0 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-disable-api-keys-warning.patch,
  gnu/packages/patches/chromium-disable-third-party-cookies.patch,
  gnu/packages/patches/chromium-system-icu.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                       |   4 +
 gnu/packages/chromium.scm                          | 650 +++++++++++++++++++++
 .../chromium-disable-api-keys-warning.patch        |  17 +
 .../chromium-disable-third-party-cookies.patch     |  13 +
 gnu/packages/patches/chromium-system-icu.patch     |  15 +
 5 files changed, 699 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-disable-api-keys-warning.patch
 create mode 100644 gnu/packages/patches/chromium-disable-third-party-cookies.patch
 create mode 100644 gnu/packages/patches/chromium-system-icu.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index bb4724426..80be45d45 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -86,6 +86,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/certs.scm			\
   %D%/packages/check.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cmake.scm			\
   %D%/packages/cobol.scm			\
@@ -557,6 +558,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/chicken-CVE-2017-6949.patch		\
   %D%/packages/patches/chicken-CVE-2017-11343.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-disable-api-keys-warning.patch	\
+  %D%/packages/patches/chromium-disable-third-party-cookies.patch	\
+  %D%/packages/patches/chromium-system-icu.patch		\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clisp-remove-failing-test.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..5693b70ff
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,650 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (remote-patch file-name uri hash)
+  "Return an <origin> object with the given FILE-NAME.  URI must be a FTP or
+HTTP(S) URI that returns a file with the given HASH."
+  (origin
+    (method url-fetch)
+    (uri uri)
+    (sha256 (base32 hash))
+    (file-name file-name)))
+
+(define opus+custom
+  (package (inherit opus)
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes. Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+;; Chromium since 58 depends on an unreleased libvpx. So, we
+;; package the latest master branch as of 2017-10-12.
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://chromium.googlesource.com/webm/libvpx")
+                    (commit "175b36cb6d2811c721d63277ba953ea817f32361")))
+              (file-name "libvpx-for-chromium-checkout")
+              (sha256
+               (base32
+                "1j8ni29mcj74lfsc0hsha22zzp24ig53iki0id5bdfhzl8q1rpyk"))))
+    ;; TODO: Make libvpx configure flags overrideable.
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "CONFIG_SHELL" (which "bash"))
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "LDFLAGS"
+                       (string-append "-Wl,-rpath=" out "/lib"))
+               (zero? (system* "./configure"
+                               "--enable-shared"
+                               "--as=yasm"
+                               ;; Limit size to avoid CVE-2015-1258
+                               "--size-limit=16384x16384"
+                               ;; Spatial SVC is an experimental VP9 encoder
+                               ;; used by some packages (i.e. Chromium).
+                               "--enable-experimental"
+                               "--enable-spatial-svc"
+                               (string-append "--prefix=" out)))))))
+       #:tests? #f)))) ; No tests.
+
+(define %chromium-gn-bootstrap.patch
+  (remote-patch "chromium-gn-bootstrap.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-gn-bootstrap-r14.patch?id=\
+900e6203d4015711887137bcd03c913361dbf41f"
+                "1050abvq24s1a5vd97d5ljb8bmv0wcdgkj3vk0scygkr1954qy4q"))
+
+(define %chromium-gcc-compat.patch
+  (remote-patch "chromium-gcc-compat.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-gcc-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
+                "0n5bc1ckq83vlfzh5k3frh7cp7hyhxii89iq2v4jg46lblqgxkqi"))
+
+(define %chromium-gcc-5-compat.patch
+  (remote-patch "chromium-gcc-5-compat.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-gcc5-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
+                "0jz9sg24yzimcass3c3myynp3sf2c1rasrcwh7jn1gbbj4yp7j8v"))
+
+(define %chromium-atk-compat.patch
+  (remote-patch "chromium-atk-compat.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-atk-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
+                "13g9g1k9f3fqpgjhnlqvf5np6m58czr57zq1fqdf5y5nfyxrl3pw"))
+
+(define %chromium-system-nspr.patch
+  (remote-patch "chromium-system-nspr.patch"
+                "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/\
+plain/debian/patches/system/nspr.patch?id=64458c4216edd82503dc9366e2f4d80ae7c763b0"
+                "0l69sq3w9n5zygykf1gfzp1zfb7gkjk62nnvbrmkn00gzq6cc643"))
+
+(define %chromium-system-libevent.patch
+  (remote-patch "chromium-system-libevent.patch"
+                "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/\
+plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c763b0"
+                "0vibc92kwycm8jlyfa49135nq0flm6gkrf8ic76m5rkraclijvn9"))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "61.0.3163.100")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "06r89jim9cq87668ya8wwk69hh17rl04cj94nb9c28v6mj69cda1"))
+              (patches (append (list %chromium-gn-bootstrap.patch
+                                     %chromium-atk-compat.patch
+                                     %chromium-gcc-compat.patch
+                                     %chromium-gcc-5-compat.patch
+                                     %chromium-system-nspr.patch
+                                     %chromium-system-libevent.patch)
+                               (search-patches
+                                "chromium-system-icu.patch"
+                                "chromium-disable-api-keys-warning.patch"
+                                "chromium-disable-third-party-cookies.patch")))
+              (modules '((srfi srfi-1)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  ;; Replace GN files from third_party with shims for building
+                  ;; against system libraries.  Keep this list in sync with
+                  ;; "build/linux/unbundle/replace_gn_files.py".
+                  (for-each (lambda (pair)
+                              (let ((source (string-append
+                                             "build/linux/unbundle/" (car pair)))
+                                    (dest (cdr pair)))
+                                (copy-file source dest)))
+                            (list
+                             '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                             '("flac.gn" . "third_party/flac/BUILD.gn")
+                             '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                             '("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                             '("icu.gn" . "third_party/icu/BUILD.gn")
+                             '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                             '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                             '("libjpeg.gn" .
+                               "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                             '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                             '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                             '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                             ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+                             '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                             '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                             '("opus.gn" . "third_party/opus/BUILD.gn")
+                             '("re2.gn" . "third_party/re2/BUILD.gn")
+                             '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                             '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                             '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; TODO: Maybe run --headless or something.
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-bundled-software
+           (lambda _
+             (let ((keep-libs
+                    (list
+                     ;; Third party folders that cannot be deleted yet.
+                     "base/third_party/dmg_fp"
+                     "base/third_party/dynamic_annotations"
+                     "base/third_party/icu"
+                     "base/third_party/libevent"
+                     "base/third_party/nspr"
+                     "base/third_party/superfasthash"
+                     "base/third_party/symbolize" ; glog
+                     "base/third_party/xdg_mime"
+                     "base/third_party/xdg_user_dirs"
+                     "buildtools/third_party/libc++"
+                     "chrome/third_party/mozilla_security_manager"
+                     "courgette/third_party"
+                     "net/third_party/mozilla_security_manager"
+                     "net/third_party/nss"
+                     "third_party/adobe/flash/flapper_version.h"
+                     ;; FIXME: This is used in:
+                     ;; * ui/webui/resources/js/analytics.js
+                     ;; * ui/file_manager/
+                     "third_party/analytics"
+                     "third_party/angle"
+                     "third_party/angle/src/common/third_party/base"
+                     "third_party/angle/src/common/third_party/murmurhash"
+                     "third_party/angle/src/third_party/compiler"
+                     "third_party/angle/src/third_party/libXNVCtrl"
+                     "third_party/angle/src/third_party/trace_event"
+                     "third_party/boringssl"
+                     "third_party/brotli"
+                     "third_party/cacheinvalidation"
+                     "third_party/catapult"
+                     "third_party/catapult/third_party/polymer"
+                     "third_party/catapult/third_party/py_vulcanize"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rcssmin"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rjsmin"
+                     "third_party/catapult/tracing/third_party/d3"
+                     "third_party/catapult/tracing/third_party/gl-matrix"
+                     "third_party/catapult/tracing/third_party/jszip"
+                     "third_party/catapult/tracing/third_party/mannwhitneyu"
+                     "third_party/catapult/tracing/third_party/oboe"
+                     "third_party/ced"
+                     "third_party/cld_3"
+                     "third_party/cros_system_api"
+                     "third_party/dom_distiller_js"
+                     "third_party/fips181"
+                     "third_party/flatbuffers"
+                     ;; XXX Needed by pdfium since 59.
+                     "third_party/freetype"
+                     "third_party/glslang-angle"
+                     "third_party/google_input_tools"
+                     "third_party/google_input_tools/third_party/closure_library"
+                     (string-append "third_party/google_input_tools/third_party"
+                                    "/closure_library/third_party/closure")
+                     "third_party/googletest"
+                     "third_party/hunspell"
+                     "third_party/iccjpeg"
+                     "third_party/inspector_protocol"
+                     "third_party/jinja2"
+                     "third_party/jstemplate"
+                     "third_party/khronos"
+                     "third_party/leveldatabase"
+                     "third_party/libXNVCtrl"
+                     "third_party/libaddressinput"
+                     "third_party/libjingle_xmpp"
+                     "third_party/libphonenumber"
+                     "third_party/libsecret" ;FIXME: needs pkg-config support.
+                     "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                     "third_party/libudev"
+                     "third_party/libwebm"
+                     "third_party/libxml" ;FIXME: Unbundle (again).
+                     "third_party/libyuv"
+                     "third_party/lss"
+                     "third_party/lzma_sdk"
+                     "third_party/markupsafe"
+                     "third_party/mesa"
+                     "third_party/modp_b64"
+                     "third_party/mt19937ar"
+                     "third_party/node"
+                     "third_party/node/node_modules/vulcanize/third_party/UglifyJS2"
+                     "third_party/openmax_dl"
+                     "third_party/ots"
+                     "third_party/pdfium" ;TODO: can be built standalone.
+                     "third_party/pdfium/third_party"
+                     "third_party/ply"
+                     "third_party/polymer"
+                     "third_party/protobuf"
+                     "third_party/protobuf/third_party/six"
+                     "third_party/qcms"
+                     "third_party/sfntly"
+                     "third_party/skia"
+                     "third_party/skia/third_party/vulkan"
+                     "third_party/smhasher"
+                     ;; XXX the sources that include this are generated.
+                     "third_party/speech-dispatcher"
+                     "third_party/spirv-headers"
+                     "third_party/spirv-tools-angle"
+                     "third_party/sqlite"
+                     "third_party/swiftshader"
+                     "third_party/swiftshader/third_party"
+                     "third_party/usb_ids"
+                     "third_party/usrsctp"
+                     "third_party/vulkan"
+                     "third_party/vulkan-validation-layers"
+                     "third_party/WebKit"
+                     "third_party/web-animations-js"
+                     "third_party/webrtc"
+                     "third_party/widevine/cdm/widevine_cdm_version.h"
+                     "third_party/widevine/cdm/widevine_cdm_common.h"
+                     "third_party/woff2"
+                     "third_party/xdg-utils"
+                     "third_party/yasm/run_yasm.py"
+                     "third_party/zlib/google"
+                     "url/third_party/mozilla"
+                     "v8/src/third_party/valgrind"
+                     "v8/third_party/inspector_protocol")))
+               ;; FIXME: implement as source snippet. This traverses
+               ;; any "third_party" directory and deletes files that are:
+               ;; * not ending with ".gn" or ".gni"; or
+               ;; * not explicitly named as argument (folder or file).
+               (zero? (apply system* "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" keep-libs)))))
+         (add-after 'remove-bundled-software 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/tracked_objects.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage. Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_custom_libcxx=false"
+                     "use_sysroot=false"
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     ;; Don't fail when using deprecated ffmpeg features.
+                     "treat_warnings_as_errors=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\"" ; Don't use tcmalloc.
+                     ;; Don't add any API keys. End users can set them in the
+                     ;; environment if necessary.
+                     ;; https://www.chromium.org/developers/how-tos/api-keys
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+
+                     "use_system_libjpeg=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;; "use_system_sqlite=true"
+                     "use_gtk3=true"
+                     "use_gconf=false"         ; deprecated by gsettings
+                     "use_gnome_keyring=false" ; deprecated by libsecret
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+                     "use_openh264=true"
+
+                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libjpeg=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ; 2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (zero? (system* "python"
+                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
+                ;; Generate ninja build files.
+                (zero? (system* "./out/Release/gn" "gen" "out/Release"
+                                (string-append "--args="
+                                               (string-join gn-flags " "))))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "ninja" "-C" "out/Release"
+                             "-j" (number->string (parallel-job-count))
+                             "chrome"))))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(so|bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (mkdir-p applications)
+               (call-with-output-file (string-append applications
+                                                     "/chromium.desktop")
+                 (lambda (port)
+                   (format port
+                           "[Desktop Entry]~@
+                           Name=Chromium~@
+                           Comment=~a~@
+                           Exec=~a~@
+                           Icon=chromium.png~@
+                           Type=Application~%" ,synopsis exe)))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p man)
+                 (copy-file "chrome.1" (string-append man "/chromium.1"))
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             CHROMIUM_FLAGS=\"--disable-background-networking\"~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                                 CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser using the @code{Blink} rendering engine.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; software with other licenses. For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-disable-api-keys-warning.patch b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
new file mode 100644
index 000000000..c7e219f40
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
@@ -0,0 +1,17 @@
+Disable warning about missing API keys.
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/google-api-warning.patch
+
+--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
++++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+@@ -816,8 +816,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+       !command_line_.HasSwitch(switches::kTestType) &&
+       !command_line_.HasSwitch(switches::kEnableAutomation)) {
+     chrome::ShowBadFlagsPrompt(browser);
+-    GoogleApiKeysInfoBarDelegate::Create(InfoBarService::FromWebContents(
+-        browser->tab_strip_model()->GetActiveWebContents()));
+     ObsoleteSystemInfoBarDelegate::Create(InfoBarService::FromWebContents(
+         browser->tab_strip_model()->GetActiveWebContents()));
+ 
diff --git a/gnu/packages/patches/chromium-disable-third-party-cookies.patch b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
new file mode 100644
index 000000000..0694c35f3
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
@@ -0,0 +1,13 @@
+Disable third party cookies by default.
+
+--- a/components/content_settings/core/browser/cookie_settings.cc
++++ b/components/content_settings/core/browser/cookie_settings.cc
+@@ -101,7 +101,7 @@ void CookieSettings::GetCookieSettings(
+ void CookieSettings::RegisterProfilePrefs(
+     user_prefs::PrefRegistrySyncable* registry) {
+   registry->RegisterBooleanPref(
+-      prefs::kBlockThirdPartyCookies, false,
++      prefs::kBlockThirdPartyCookies, true,
+       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+ }
+ 
diff --git a/gnu/packages/patches/chromium-system-icu.patch b/gnu/packages/patches/chromium-system-icu.patch
new file mode 100644
index 000000000..c35c1b75c
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-icu.patch
@@ -0,0 +1,15 @@
+description: maintain compatibility with system icu library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -657,8 +657,7 @@ group("gn_all") {
+     }
+   }
+ 
+-  if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfuzz) ||
+-      (use_libfuzzer && is_mac)) {
++  if (false) {
+     deps += [
+       "//testing/libfuzzer/fuzzers",
+       "//testing/libfuzzer/tests:libfuzzer_tests",
-- 
2.14.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-18 22:41         ` Marius Bakke
@ 2017-10-19  5:48           ` ng0
  2017-10-24 21:11           ` Marius Bakke
                             ` (2 subsequent siblings)
  3 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2017-10-19  5:48 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 871 bytes --]

Marius Bakke transcribed 37K bytes:
> Ludovic Courtès <ludo@gnu.org> writes:
> 
> > I think we should make sure that our package does not call home in any
> > way.  That’s what I expect from a security- and privacy-conscious
> > distro.
> 
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.

Could the first launch just be a matter of changing what gets
displayed at first launch? At least that's my current plan
for meissa (my fork of Pale Moon), where the default is to
visit a tracker including homepage.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-18 22:41         ` Marius Bakke
  2017-10-19  5:48           ` ng0
@ 2017-10-24 21:11           ` Marius Bakke
  2017-11-05 23:52           ` Marius Bakke
  2018-01-04 19:16           ` ng0
  3 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2017-10-24 21:11 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 447 bytes --]

Marius Bakke <mbakke@fastmail.com> writes:

> Anyway I'm attaching the current iteration of this patch.  Chromium 62
> is out today, I'll try to update this weekend and will push it after
> that in lieu of other feedback.

Here is the interdiff for the 62 upgrade.  I mixed in some unrelated
changes after reading through Debians 61 refresh[0] and Archs 62
update[1], but overall it was straightforward (apart from the slow
hack-test-fix cycle).


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: chromium-62.diff --]
[-- Type: text/x-patch, Size: 10358 bytes --]

diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 5693b70ff..f5ee95c2f 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -32,6 +32,7 @@
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
@@ -84,7 +85,7 @@ HTTP(S) URI that returns a file with the given HASH."
               ,@(package-arguments opus)))))
 
 ;; Chromium since 58 depends on an unreleased libvpx. So, we
-;; package the latest master branch as of 2017-10-12.
+;; package the latest master branch as of 2017-10-22.
 (define libvpx+experimental
   (package
     (inherit libvpx)
@@ -92,11 +93,11 @@ HTTP(S) URI that returns a file with the given HASH."
               (method git-fetch)
               (uri (git-reference
                     (url "https://chromium.googlesource.com/webm/libvpx")
-                    (commit "175b36cb6d2811c721d63277ba953ea817f32361")))
+                    (commit "b58259ab55674cb028898a0ac9e8fdd3cf1d4b39")))
               (file-name "libvpx-for-chromium-checkout")
               (sha256
                (base32
-                "1j8ni29mcj74lfsc0hsha22zzp24ig53iki0id5bdfhzl8q1rpyk"))))
+                "0grx2p7add0qyycqvqiv3djk0i37xrg75phszg5mwnwd3ijv3qzj"))))
     ;; TODO: Make libvpx configure flags overrideable.
     (arguments
      `(#:phases
@@ -122,27 +123,15 @@ HTTP(S) URI that returns a file with the given HASH."
 (define %chromium-gn-bootstrap.patch
   (remote-patch "chromium-gn-bootstrap.patch"
                 "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gn-bootstrap-r14.patch?id=\
-900e6203d4015711887137bcd03c913361dbf41f"
-                "1050abvq24s1a5vd97d5ljb8bmv0wcdgkj3vk0scygkr1954qy4q"))
-
-(define %chromium-gcc-compat.patch
-  (remote-patch "chromium-gcc-compat.patch"
-                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gcc-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
-                "0n5bc1ckq83vlfzh5k3frh7cp7hyhxii89iq2v4jg46lblqgxkqi"))
+chromium/files/chromium-gn-bootstrap-r17.patch?id=\
+5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+                "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
 
 (define %chromium-gcc-5-compat.patch
   (remote-patch "chromium-gcc-5-compat.patch"
                 "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gcc5-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
-                "0jz9sg24yzimcass3c3myynp3sf2c1rasrcwh7jn1gbbj4yp7j8v"))
-
-(define %chromium-atk-compat.patch
-  (remote-patch "chromium-atk-compat.patch"
-                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-atk-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
-                "13g9g1k9f3fqpgjhnlqvf5np6m58czr57zq1fqdf5y5nfyxrl3pw"))
+chromium/files/chromium-gcc5-r3.patch?id=5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+                "0qwl396w2bnc4ww71q3621chh9rfnw1m3w6nbd55sbhq8yz6jnx0"))
 
 (define %chromium-system-nspr.patch
   (remote-patch "chromium-system-nspr.patch"
@@ -159,7 +148,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
 (define-public chromium
   (package
     (name "chromium")
-    (version "61.0.3163.100")
+    (version "62.0.3202.62")
     (synopsis "Graphical web browser")
     (source (origin
               (method url-fetch)
@@ -168,13 +157,12 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                                   version ".tar.xz"))
               (sha256
                (base32
-                "06r89jim9cq87668ya8wwk69hh17rl04cj94nb9c28v6mj69cda1"))
+                "0qn3pjq5n3ri3qh25wg5gd2as5a8wlkncqvi975xsab771833pz8"))
               (patches (append (list %chromium-gn-bootstrap.patch
-                                     %chromium-atk-compat.patch
-                                     %chromium-gcc-compat.patch
                                      %chromium-gcc-5-compat.patch
                                      %chromium-system-nspr.patch
-                                     %chromium-system-libevent.patch)
+                                     %chromium-system-libevent.patch
+                                     )
                                (search-patches
                                 "chromium-system-icu.patch"
                                 "chromium-disable-api-keys-warning.patch"
@@ -271,6 +259,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "third_party/catapult/tracing/third_party/oboe"
                      "third_party/ced"
                      "third_party/cld_3"
+                     "third_party/crc32c"
                      "third_party/cros_system_api"
                      "third_party/dom_distiller_js"
                      "third_party/fips181"
@@ -307,7 +296,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "third_party/modp_b64"
                      "third_party/mt19937ar"
                      "third_party/node"
-                     "third_party/node/node_modules/vulcanize/third_party/UglifyJS2"
+                     "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
                      "third_party/openmax_dl"
                      "third_party/ots"
                      "third_party/pdfium" ;TODO: can be built standalone.
@@ -320,6 +309,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "third_party/sfntly"
                      "third_party/skia"
                      "third_party/skia/third_party/vulkan"
+                     "third_party/skia/third_party/gif"
                      "third_party/smhasher"
                      ;; XXX the sources that include this are generated.
                      "third_party/speech-dispatcher"
@@ -419,9 +409,14 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "linux_use_bundled_binutils=false"
                      "use_custom_libcxx=false"
                      "use_sysroot=false"
+                     "goma_dir=\"\""
+                     "use_jumbo_build=true"     ;speeds up compilation
+                     "enable_precompiled_headers=false"
                      "remove_webcore_debug_symbols=true"
                      "enable_iterator_debugging=false"
+                     "exclude_unwind_tables=true"
                      "override_build_date=\"01 01 2000 05:00:00\""
+                     "use_unofficial_version_number=false"
                      ;; Don't fail when using deprecated ffmpeg features.
                      "treat_warnings_as_errors=false"
                      "enable_nacl=false"
@@ -433,8 +428,14 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "use_official_google_api_keys=false"
                      ;; Disable "field trials".
                      "fieldtrial_testing_like_official_build=true"
+                     "enable_reading_list=false"
+                     ;;"enable_reporting=false"   ;XXX breaks the build
 
+                     "use_openh264=true"
+                     "use_system_freetype=true"
                      "use_system_libjpeg=true"
+                     "use_system_lcms2=true"
+                     "use_system_zlib=true"
                      ;; This is currently not supported on Linux:
                      ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
                      ;; "use_system_sqlite=true"
@@ -443,7 +444,6 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      "use_gnome_keyring=false" ; deprecated by libsecret
                      "use_xkbcommon=true"
                      "link_pulseaudio=true"
-                     "use_openh264=true"
 
                      ;; Don't arbitrarily restrict formats supported by system ffmpeg.
                      "proprietary_codecs=true"
@@ -454,7 +454,6 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
                      ;; Don't use bundled sources.
                      "rtc_build_json=false"
                      "rtc_build_libevent=false"
-                     "rtc_build_libjpeg=false"
                      "rtc_build_libvpx=false"
                      "rtc_build_opus=false"
                      "rtc_build_ssl=false"
@@ -595,8 +594,9 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
        ("gtk+-2" ,gtk+-2)
        ("gtk+" ,gtk+)
        ("harfbuzz" ,harfbuzz)
-       ("icu4c" ,icu4c)
+       ("icu4c" ,icu4c-59.1)
        ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
        ("libevent" ,libevent)
        ("libffi" ,libffi)
        ("libjpeg-turbo" ,libjpeg-turbo)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 55bc9f203..b12de6ff0 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -80,6 +81,23 @@ C/C++ part.")
                          (origin-patches (package-source icu4c))
                          (search-patches "icu4c-CVE-2017-14952.patch")))))))
 
+(define-public icu4c-59.1
+  (package
+    (inherit icu4c)
+    (version "59.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://download.icu-project.org/files/icu4c/"
+                    version
+                    "/icu4c-"
+                    (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+                    "-src.tgz"))
+              (patches (search-patches "icu4c-CVE-2017-14952.patch"))
+              (sha256
+               (base32
+                "1zkmbg2932ggvpgjp8pys0cj6z8bw087y8858009shkrjfpzscki"))))))
+
 (define-public java-icu4j
   (package
     (name "java-icu4j")

[-- Attachment #1.3: Type: text/plain, Size: 801 bytes --]


Below is the full patch for convenience.  I plan to commit it on Friday
or Saturday, after a cosmetic check.  Especially the description could
use some work, and the grouping of "configure flags".

One final note for future contributors is that Gentoo[2] is kind-of
upstream for Chromium, as ChromiumOS is based on Portage and I've seen
several Gentoo developers on the Chromium bug tracker.  They often have
early compatibility patches (e.g. when it invariably breaks with GCC).

[0] https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/commit/?id=794aa1820460727711e534ea1042db7eebc1601d
[1] https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/chromium&id=6ebdd8085de0b7c8bbc66e47b937271ab4a85fbd
[2] https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium


[-- Attachment #1.4: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 38665 bytes --]

From 021bccfd3fc3bf0e912d27cef9ca2de36346a379 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-disable-api-keys-warning.patch,
  gnu/packages/patches/chromium-disable-third-party-cookies.patch,
  gnu/packages/patches/chromium-system-icu.patch: New files.
* gnu/local.mk: Record it.
* gnu/packages/icu4c.scm (icu-59.1): New variable.
---
 gnu/local.mk                                       |   4 +
 gnu/packages/chromium.scm                          | 650 +++++++++++++++++++++
 gnu/packages/icu4c.scm                             |  18 +
 .../chromium-disable-api-keys-warning.patch        |  17 +
 .../chromium-disable-third-party-cookies.patch     |  13 +
 gnu/packages/patches/chromium-system-icu.patch     |  15 +
 6 files changed, 717 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-disable-api-keys-warning.patch
 create mode 100644 gnu/packages/patches/chromium-disable-third-party-cookies.patch
 create mode 100644 gnu/packages/patches/chromium-system-icu.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f2044c985..274dcc87f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -87,6 +87,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/certs.scm			\
   %D%/packages/check.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -560,6 +561,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/chicken-CVE-2017-6949.patch		\
   %D%/packages/patches/chicken-CVE-2017-11343.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-disable-api-keys-warning.patch	\
+  %D%/packages/patches/chromium-disable-third-party-cookies.patch	\
+  %D%/packages/patches/chromium-system-icu.patch		\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clisp-remove-failing-test.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..f5ee95c2f
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,650 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (remote-patch file-name uri hash)
+  "Return an <origin> object with the given FILE-NAME.  URI must be a FTP or
+HTTP(S) URI that returns a file with the given HASH."
+  (origin
+    (method url-fetch)
+    (uri uri)
+    (sha256 (base32 hash))
+    (file-name file-name)))
+
+(define opus+custom
+  (package (inherit opus)
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes. Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+;; Chromium since 58 depends on an unreleased libvpx. So, we
+;; package the latest master branch as of 2017-10-22.
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://chromium.googlesource.com/webm/libvpx")
+                    (commit "b58259ab55674cb028898a0ac9e8fdd3cf1d4b39")))
+              (file-name "libvpx-for-chromium-checkout")
+              (sha256
+               (base32
+                "0grx2p7add0qyycqvqiv3djk0i37xrg75phszg5mwnwd3ijv3qzj"))))
+    ;; TODO: Make libvpx configure flags overrideable.
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "CONFIG_SHELL" (which "bash"))
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "LDFLAGS"
+                       (string-append "-Wl,-rpath=" out "/lib"))
+               (zero? (system* "./configure"
+                               "--enable-shared"
+                               "--as=yasm"
+                               ;; Limit size to avoid CVE-2015-1258
+                               "--size-limit=16384x16384"
+                               ;; Spatial SVC is an experimental VP9 encoder
+                               ;; used by some packages (i.e. Chromium).
+                               "--enable-experimental"
+                               "--enable-spatial-svc"
+                               (string-append "--prefix=" out)))))))
+       #:tests? #f)))) ; No tests.
+
+(define %chromium-gn-bootstrap.patch
+  (remote-patch "chromium-gn-bootstrap.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-gn-bootstrap-r17.patch?id=\
+5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+                "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
+
+(define %chromium-gcc-5-compat.patch
+  (remote-patch "chromium-gcc-5-compat.patch"
+                "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
+chromium/files/chromium-gcc5-r3.patch?id=5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+                "0qwl396w2bnc4ww71q3621chh9rfnw1m3w6nbd55sbhq8yz6jnx0"))
+
+(define %chromium-system-nspr.patch
+  (remote-patch "chromium-system-nspr.patch"
+                "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/\
+plain/debian/patches/system/nspr.patch?id=64458c4216edd82503dc9366e2f4d80ae7c763b0"
+                "0l69sq3w9n5zygykf1gfzp1zfb7gkjk62nnvbrmkn00gzq6cc643"))
+
+(define %chromium-system-libevent.patch
+  (remote-patch "chromium-system-libevent.patch"
+                "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/\
+plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c763b0"
+                "0vibc92kwycm8jlyfa49135nq0flm6gkrf8ic76m5rkraclijvn9"))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "62.0.3202.62")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0qn3pjq5n3ri3qh25wg5gd2as5a8wlkncqvi975xsab771833pz8"))
+              (patches (append (list %chromium-gn-bootstrap.patch
+                                     %chromium-gcc-5-compat.patch
+                                     %chromium-system-nspr.patch
+                                     %chromium-system-libevent.patch
+                                     )
+                               (search-patches
+                                "chromium-system-icu.patch"
+                                "chromium-disable-api-keys-warning.patch"
+                                "chromium-disable-third-party-cookies.patch")))
+              (modules '((srfi srfi-1)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  ;; Replace GN files from third_party with shims for building
+                  ;; against system libraries.  Keep this list in sync with
+                  ;; "build/linux/unbundle/replace_gn_files.py".
+                  (for-each (lambda (pair)
+                              (let ((source (string-append
+                                             "build/linux/unbundle/" (car pair)))
+                                    (dest (cdr pair)))
+                                (copy-file source dest)))
+                            (list
+                             '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                             '("flac.gn" . "third_party/flac/BUILD.gn")
+                             '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                             '("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                             '("icu.gn" . "third_party/icu/BUILD.gn")
+                             '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                             '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                             '("libjpeg.gn" .
+                               "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                             '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                             '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                             '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                             ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+                             '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                             '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                             '("opus.gn" . "third_party/opus/BUILD.gn")
+                             '("re2.gn" . "third_party/re2/BUILD.gn")
+                             '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                             '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                             '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; TODO: Maybe run --headless or something.
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-bundled-software
+           (lambda _
+             (let ((keep-libs
+                    (list
+                     ;; Third party folders that cannot be deleted yet.
+                     "base/third_party/dmg_fp"
+                     "base/third_party/dynamic_annotations"
+                     "base/third_party/icu"
+                     "base/third_party/libevent"
+                     "base/third_party/nspr"
+                     "base/third_party/superfasthash"
+                     "base/third_party/symbolize" ; glog
+                     "base/third_party/xdg_mime"
+                     "base/third_party/xdg_user_dirs"
+                     "buildtools/third_party/libc++"
+                     "chrome/third_party/mozilla_security_manager"
+                     "courgette/third_party"
+                     "net/third_party/mozilla_security_manager"
+                     "net/third_party/nss"
+                     "third_party/adobe/flash/flapper_version.h"
+                     ;; FIXME: This is used in:
+                     ;; * ui/webui/resources/js/analytics.js
+                     ;; * ui/file_manager/
+                     "third_party/analytics"
+                     "third_party/angle"
+                     "third_party/angle/src/common/third_party/base"
+                     "third_party/angle/src/common/third_party/murmurhash"
+                     "third_party/angle/src/third_party/compiler"
+                     "third_party/angle/src/third_party/libXNVCtrl"
+                     "third_party/angle/src/third_party/trace_event"
+                     "third_party/boringssl"
+                     "third_party/brotli"
+                     "third_party/cacheinvalidation"
+                     "third_party/catapult"
+                     "third_party/catapult/third_party/polymer"
+                     "third_party/catapult/third_party/py_vulcanize"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rcssmin"
+                     "third_party/catapult/third_party/py_vulcanize/third_party/rjsmin"
+                     "third_party/catapult/tracing/third_party/d3"
+                     "third_party/catapult/tracing/third_party/gl-matrix"
+                     "third_party/catapult/tracing/third_party/jszip"
+                     "third_party/catapult/tracing/third_party/mannwhitneyu"
+                     "third_party/catapult/tracing/third_party/oboe"
+                     "third_party/ced"
+                     "third_party/cld_3"
+                     "third_party/crc32c"
+                     "third_party/cros_system_api"
+                     "third_party/dom_distiller_js"
+                     "third_party/fips181"
+                     "third_party/flatbuffers"
+                     ;; XXX Needed by pdfium since 59.
+                     "third_party/freetype"
+                     "third_party/glslang-angle"
+                     "third_party/google_input_tools"
+                     "third_party/google_input_tools/third_party/closure_library"
+                     (string-append "third_party/google_input_tools/third_party"
+                                    "/closure_library/third_party/closure")
+                     "third_party/googletest"
+                     "third_party/hunspell"
+                     "third_party/iccjpeg"
+                     "third_party/inspector_protocol"
+                     "third_party/jinja2"
+                     "third_party/jstemplate"
+                     "third_party/khronos"
+                     "third_party/leveldatabase"
+                     "third_party/libXNVCtrl"
+                     "third_party/libaddressinput"
+                     "third_party/libjingle_xmpp"
+                     "third_party/libphonenumber"
+                     "third_party/libsecret" ;FIXME: needs pkg-config support.
+                     "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                     "third_party/libudev"
+                     "third_party/libwebm"
+                     "third_party/libxml" ;FIXME: Unbundle (again).
+                     "third_party/libyuv"
+                     "third_party/lss"
+                     "third_party/lzma_sdk"
+                     "third_party/markupsafe"
+                     "third_party/mesa"
+                     "third_party/modp_b64"
+                     "third_party/mt19937ar"
+                     "third_party/node"
+                     "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
+                     "third_party/openmax_dl"
+                     "third_party/ots"
+                     "third_party/pdfium" ;TODO: can be built standalone.
+                     "third_party/pdfium/third_party"
+                     "third_party/ply"
+                     "third_party/polymer"
+                     "third_party/protobuf"
+                     "third_party/protobuf/third_party/six"
+                     "third_party/qcms"
+                     "third_party/sfntly"
+                     "third_party/skia"
+                     "third_party/skia/third_party/vulkan"
+                     "third_party/skia/third_party/gif"
+                     "third_party/smhasher"
+                     ;; XXX the sources that include this are generated.
+                     "third_party/speech-dispatcher"
+                     "third_party/spirv-headers"
+                     "third_party/spirv-tools-angle"
+                     "third_party/sqlite"
+                     "third_party/swiftshader"
+                     "third_party/swiftshader/third_party"
+                     "third_party/usb_ids"
+                     "third_party/usrsctp"
+                     "third_party/vulkan"
+                     "third_party/vulkan-validation-layers"
+                     "third_party/WebKit"
+                     "third_party/web-animations-js"
+                     "third_party/webrtc"
+                     "third_party/widevine/cdm/widevine_cdm_version.h"
+                     "third_party/widevine/cdm/widevine_cdm_common.h"
+                     "third_party/woff2"
+                     "third_party/xdg-utils"
+                     "third_party/yasm/run_yasm.py"
+                     "third_party/zlib/google"
+                     "url/third_party/mozilla"
+                     "v8/src/third_party/valgrind"
+                     "v8/third_party/inspector_protocol")))
+               ;; FIXME: implement as source snippet. This traverses
+               ;; any "third_party" directory and deletes files that are:
+               ;; * not ending with ".gn" or ".gni"; or
+               ;; * not explicitly named as argument (folder or file).
+               (zero? (apply system* "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" keep-libs)))))
+         (add-after 'remove-bundled-software 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/tracked_objects.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage. Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_custom_libcxx=false"
+                     "use_sysroot=false"
+                     "goma_dir=\"\""
+                     "use_jumbo_build=true"     ;speeds up compilation
+                     "enable_precompiled_headers=false"
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     "exclude_unwind_tables=true"
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     "use_unofficial_version_number=false"
+                     ;; Don't fail when using deprecated ffmpeg features.
+                     "treat_warnings_as_errors=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\"" ; Don't use tcmalloc.
+                     ;; Don't add any API keys. End users can set them in the
+                     ;; environment if necessary.
+                     ;; https://www.chromium.org/developers/how-tos/api-keys
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+                     "enable_reading_list=false"
+                     ;;"enable_reporting=false"   ;XXX breaks the build
+
+                     "use_openh264=true"
+                     "use_system_freetype=true"
+                     "use_system_libjpeg=true"
+                     "use_system_lcms2=true"
+                     "use_system_zlib=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;; "use_system_sqlite=true"
+                     "use_gtk3=true"
+                     "use_gconf=false"         ; deprecated by gsettings
+                     "use_gnome_keyring=false" ; deprecated by libsecret
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+
+                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ; 2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (zero? (system* "python"
+                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
+                ;; Generate ninja build files.
+                (zero? (system* "./out/Release/gn" "gen" "out/Release"
+                                (string-append "--args="
+                                               (string-join gn-flags " "))))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "ninja" "-C" "out/Release"
+                             "-j" (number->string (parallel-job-count))
+                             "chrome"))))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(so|bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (mkdir-p applications)
+               (call-with-output-file (string-append applications
+                                                     "/chromium.desktop")
+                 (lambda (port)
+                   (format port
+                           "[Desktop Entry]~@
+                           Name=Chromium~@
+                           Comment=~a~@
+                           Exec=~a~@
+                           Icon=chromium.png~@
+                           Type=Application~%" ,synopsis exe)))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p man)
+                 (copy-file "chrome.1" (string-append man "/chromium.1"))
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             CHROMIUM_FLAGS=\"--disable-background-networking\"~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                                 CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c-59.1)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser using the @code{Blink} rendering engine.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; software with other licenses. For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 55bc9f203..b12de6ff0 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -80,6 +81,23 @@ C/C++ part.")
                          (origin-patches (package-source icu4c))
                          (search-patches "icu4c-CVE-2017-14952.patch")))))))
 
+(define-public icu4c-59.1
+  (package
+    (inherit icu4c)
+    (version "59.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://download.icu-project.org/files/icu4c/"
+                    version
+                    "/icu4c-"
+                    (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+                    "-src.tgz"))
+              (patches (search-patches "icu4c-CVE-2017-14952.patch"))
+              (sha256
+               (base32
+                "1zkmbg2932ggvpgjp8pys0cj6z8bw087y8858009shkrjfpzscki"))))))
+
 (define-public java-icu4j
   (package
     (name "java-icu4j")
diff --git a/gnu/packages/patches/chromium-disable-api-keys-warning.patch b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
new file mode 100644
index 000000000..c7e219f40
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
@@ -0,0 +1,17 @@
+Disable warning about missing API keys.
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/google-api-warning.patch
+
+--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
++++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+@@ -816,8 +816,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+       !command_line_.HasSwitch(switches::kTestType) &&
+       !command_line_.HasSwitch(switches::kEnableAutomation)) {
+     chrome::ShowBadFlagsPrompt(browser);
+-    GoogleApiKeysInfoBarDelegate::Create(InfoBarService::FromWebContents(
+-        browser->tab_strip_model()->GetActiveWebContents()));
+     ObsoleteSystemInfoBarDelegate::Create(InfoBarService::FromWebContents(
+         browser->tab_strip_model()->GetActiveWebContents()));
+ 
diff --git a/gnu/packages/patches/chromium-disable-third-party-cookies.patch b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
new file mode 100644
index 000000000..0694c35f3
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
@@ -0,0 +1,13 @@
+Disable third party cookies by default.
+
+--- a/components/content_settings/core/browser/cookie_settings.cc
++++ b/components/content_settings/core/browser/cookie_settings.cc
+@@ -101,7 +101,7 @@ void CookieSettings::GetCookieSettings(
+ void CookieSettings::RegisterProfilePrefs(
+     user_prefs::PrefRegistrySyncable* registry) {
+   registry->RegisterBooleanPref(
+-      prefs::kBlockThirdPartyCookies, false,
++      prefs::kBlockThirdPartyCookies, true,
+       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+ }
+ 
diff --git a/gnu/packages/patches/chromium-system-icu.patch b/gnu/packages/patches/chromium-system-icu.patch
new file mode 100644
index 000000000..c35c1b75c
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-icu.patch
@@ -0,0 +1,15 @@
+description: maintain compatibility with system icu library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -657,8 +657,7 @@ group("gn_all") {
+     }
+   }
+ 
+-  if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfuzz) ||
+-      (use_libfuzzer && is_mac)) {
++  if (false) {
+     deps += [
+       "//testing/libfuzzer/fuzzers",
+       "//testing/libfuzzer/tests:libfuzzer_tests",
-- 
2.14.3


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-18 22:41         ` Marius Bakke
  2017-10-19  5:48           ` ng0
  2017-10-24 21:11           ` Marius Bakke
@ 2017-11-05 23:52           ` Marius Bakke
  2017-11-10 11:33             ` Adonay Felipe Nogueira
  2018-01-04 19:16           ` ng0
  3 siblings, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2017-11-05 23:52 UTC (permalink / raw)
  To: Ludovic Courtès, Leo Famulari; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2173 bytes --]

Marius Bakke <mbakke@fastmail.com> writes:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> I think we should make sure that our package does not call home in any
>> way.  That’s what I expect from a security- and privacy-conscious
>> distro.
>
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.

I tried picking two other Debian patches[0][1] to see if it helped with
the annoying splash screen and decided to verify whether the browser
still "calls home" from a clean profile.  The last time I checked was
many versions ago.

After dismissing the sign-in dialog, the "New Tab Page" loads a regular
Google search bar, and "pre-fills" two of the "most commonly used" slots
with Chrome URLs, (still) downloading a bunch of data in the process.

Not great, but maybe we could live with that if it was just for the
first run (it wasn't; had to change search engine to prevent the New Tab
Page from calling the mothership).

To my great surprise, while watching tcpdump from a different window, it
also called home *when I switched windows*.  Every time the Chromium
window was activated, some data was sent to Google servers.

Going into settings and toggling the "Use a prediction service to help
complete searches and URLs typed in the address bar" option (to off)
disabled that behaviour.

Not very confidence-instilling.

I'm going to try to incorporate the "Inox Patchset"[2], which is a set
of patches that attempts to remove all such misfeatures from Chromium.
They seem to have managed to stay on top of recent Chromium development,
unlike two other prominent privacy-focused "forks", so I'm optimistic.

But it might take some weeks before the next update.  Stay tuned..

[0] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch>
[1] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch>
[2] <https://github.com/gcarq/inox-patchset>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-11-05 23:52           ` Marius Bakke
@ 2017-11-10 11:33             ` Adonay Felipe Nogueira
  0 siblings, 0 replies; 152+ messages in thread
From: Adonay Felipe Nogueira @ 2017-11-10 11:33 UTC (permalink / raw)
  To: 28004

As a continuation, directory-discuss started to discuss the Chromium
issue once again ([1]).

[1] <https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=%2Bsubject%3A%7BFSF+opinion+on+chromium%2C+QtWebEngine%2C+electron%7D&submit=Search%21&idxname=directory-discuss&max=20&result=normal&sort=date%3Alate>.

Marius Bakke <mbakke@fastmail.com> writes:

> I tried picking two other Debian patches[0][1] to see if it helped with
> the annoying splash screen and decided to verify whether the browser
> still "calls home" from a clean profile.  The last time I checked was
> many versions ago.
>
> After dismissing the sign-in dialog, the "New Tab Page" loads a regular
> Google search bar, and "pre-fills" two of the "most commonly used" slots
> with Chrome URLs, (still) downloading a bunch of data in the process.
>
> Not great, but maybe we could live with that if it was just for the
> first run (it wasn't; had to change search engine to prevent the New Tab
> Page from calling the mothership).
>
> To my great surprise, while watching tcpdump from a different window, it
> also called home *when I switched windows*.  Every time the Chromium
> window was activated, some data was sent to Google servers.
>
> Going into settings and toggling the "Use a prediction service to help
> complete searches and URLs typed in the address bar" option (to off)
> disabled that behaviour.
>
> Not very confidence-instilling.
>
> I'm going to try to incorporate the "Inox Patchset"[2], which is a set
> of patches that attempts to remove all such misfeatures from Chromium.
> They seem to have managed to stay on top of recent Chromium development,
> unlike two other prominent privacy-focused "forks", so I'm optimistic.
>
> But it might take some weeks before the next update.  Stay tuned..
>
> [0]
> <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch>
> [1]
> <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch>
> [2] <https://github.com/gcarq/inox-patchset>

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2017-10-18 22:41         ` Marius Bakke
                             ` (2 preceding siblings ...)
  2017-11-05 23:52           ` Marius Bakke
@ 2018-01-04 19:16           ` ng0
  2018-01-08 21:56             ` Marius Bakke
  3 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-01-04 19:16 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 11353 bytes --]

Marius Bakke transcribed 37K bytes:
> Ludovic Courtès <ludo@gnu.org> writes:
> 
> > I think we should make sure that our package does not call home in any
> > way.  That’s what I expect from a security- and privacy-conscious
> > distro.
> 
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.
> 
> Anyway I'm attaching the current iteration of this patch.  Chromium 62
> is out today, I'll try to update this weekend and will push it after
> that in lieu of other feedback.
> 
> I would be very happy if someone managed to complete the 62 upgrade
> before me, however!  ;-)
> 

> From d6e3ef7f28a9bc4ace0c52e09b1e4bdde84e01e0 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
...
> +(define-public chromium
> +  (package
> +    (name "chromium")
...
> +             (substitute* "chrome/common/chrome_paths.cc"
> +               (("/usr/share/chromium/extensions")
> +                ;; TODO: Add ~/.guix-profile.
> +                "/run/current-system/profile/share/chromium/extensions"))

What's the idea behind this? Did you test it? Do you have any guix build-system
using Chromium extensions as an example? So far this completely disables the
installation of any plugins and addons.

> +
> +             (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
> +               (("include \"third_party/curl") "include \"curl"))
> +             (substitute* "media/base/decode_capabilities.cc"
> +               (("third_party/libvpx/source/libvpx/") ""))
> +
> +             ;; We don't cross compile most packages, so get rid of the
> +             ;; unnecessary ARCH-linux-gnu* prefix.
> +             (substitute* "build/toolchain/linux/BUILD.gn"
> +               (("aarch64-linux-gnu-") "")
> +               (("arm-linux-gnueabihf-") ""))
> +             #t))
> +         (replace 'configure
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let ((gn-flags
> +                    (list
> +                     ;; See tools/gn/docs/cookbook.md and
> +                     ;; https://www.chromium.org/developers/gn-build-configuration
> +                     ;; for usage. Run "./gn args . --list" in the Release
> +                     ;; directory for an exhaustive list of supported flags.
> +                     "is_debug=false"
> +                     "is_official_build=false"
> +                     "is_clang=false"
> +                     "use_gold=false"
> +                     "linux_use_bundled_binutils=false"
> +                     "use_custom_libcxx=false"
> +                     "use_sysroot=false"
> +                     "remove_webcore_debug_symbols=true"
> +                     "enable_iterator_debugging=false"
> +                     "override_build_date=\"01 01 2000 05:00:00\""
> +                     ;; Don't fail when using deprecated ffmpeg features.
> +                     "treat_warnings_as_errors=false"
> +                     "enable_nacl=false"
> +                     "enable_nacl_nonsfi=false"
> +                     "use_allocator=\"none\"" ; Don't use tcmalloc.
> +                     ;; Don't add any API keys. End users can set them in the
> +                     ;; environment if necessary.
> +                     ;; https://www.chromium.org/developers/how-tos/api-keys
> +                     "use_official_google_api_keys=false"
> +                     ;; Disable "field trials".
> +                     "fieldtrial_testing_like_official_build=true"
> +
> +                     "use_system_libjpeg=true"
> +                     ;; This is currently not supported on Linux:
> +                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> +                     ;; "use_system_sqlite=true"
> +                     "use_gtk3=true"
> +                     "use_gconf=false"         ; deprecated by gsettings
> +                     "use_gnome_keyring=false" ; deprecated by libsecret
> +                     "use_xkbcommon=true"
> +                     "link_pulseaudio=true"
> +                     "use_openh264=true"
> +
> +                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> +                     "proprietary_codecs=true"
> +                     "ffmpeg_branding=\"Chrome\""
> +
> +                     ;; WebRTC stuff.
> +                     "rtc_use_h264=true"
> +                     ;; Don't use bundled sources.
> +                     "rtc_build_json=false"
> +                     "rtc_build_libevent=false"
> +                     "rtc_build_libjpeg=false"
> +                     "rtc_build_libvpx=false"
> +                     "rtc_build_opus=false"
> +                     "rtc_build_ssl=false"
> +                     ;; TODO: Package these.
> +                     "rtc_build_libsrtp=true" ; 2.0
> +                     "rtc_build_libyuv=true"
> +                     "rtc_build_openmax_dl=true"
> +                     "rtc_build_usrsctp=true"
> +                     (string-append "rtc_jsoncpp_root=\""
> +                                    (assoc-ref inputs "jsoncpp")
> +                                    "/include/jsoncpp/json\"")
> +                     (string-append "rtc_ssl_root=\""
> +                                    (assoc-ref inputs "openssl")
> +                                    "/include/openssl\""))))
> +
> +               ;; XXX: How portable is this.
> +               (mkdir-p "third_party/node/linux/node-linux-x64")
> +               (symlink (string-append (assoc-ref inputs "node") "/bin")
> +                        "third_party/node/linux/node-linux-x64/bin")
> +
> +               (setenv "CC" "gcc")
> +               (setenv "CXX" "g++")
> +               ;; TODO: pre-compile instead. Avoids a race condition.
> +               (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +               (and
> +                ;; Build the "gn" tool.
> +                (zero? (system* "python"
> +                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> +                ;; Generate ninja build files.
> +                (zero? (system* "./out/Release/gn" "gen" "out/Release"
> +                                (string-append "--args="
> +                                               (string-join gn-flags " "))))))))
> +         (replace 'build
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (zero? (system* "ninja" "-C" "out/Release"
> +                             "-j" (number->string (parallel-job-count))
> +                             "chrome"))))
> +         (replace 'install
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let* ((out            (assoc-ref outputs "out"))
> +                    (bin            (string-append out "/bin"))
> +                    (exe            (string-append bin "/chromium"))
> +                    (lib            (string-append out "/lib"))
> +                    (man            (string-append out "/share/man/man1"))
> +                    (applications   (string-append out "/share/applications"))
> +                    (install-regexp (make-regexp "\\.(so|bin|pak)$"))
> +                    (locales        (string-append lib "/locales"))
> +                    (resources      (string-append lib "/resources"))
> +                    (gtk+           (assoc-ref inputs "gtk+"))
> +                    (mesa           (assoc-ref inputs "mesa"))
> +                    (nss            (assoc-ref inputs "nss"))
> +                    (udev           (assoc-ref inputs "udev"))
> +                    (sh             (which "sh")))
> +
> +               (mkdir-p applications)
> +               (call-with-output-file (string-append applications
> +                                                     "/chromium.desktop")
> +                 (lambda (port)
> +                   (format port
> +                           "[Desktop Entry]~@
> +                           Name=Chromium~@
> +                           Comment=~a~@
> +                           Exec=~a~@
> +                           Icon=chromium.png~@
> +                           Type=Application~%" ,synopsis exe)))
> +
> +               (with-directory-excursion "out/Release"
> +                 (for-each (lambda (file)
> +                             (install-file file lib))
> +                           (scandir "." (cut regexp-exec install-regexp <>)))
> +                 (copy-file "chrome" (string-append lib "/chromium"))
> +
> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> +                 ;; "out/share/icons/hicolor/$size".
> +                 (install-file
> +                  "product_logo_48.png"
> +                  (string-append out "/share/icons/48x48/chromium.png"))
> +
> +                 (copy-recursively "locales" locales)
> +                 (copy-recursively "resources" resources)
> +
> +                 (mkdir-p man)
> +                 (copy-file "chrome.1" (string-append man "/chromium.1"))
> +
> +                 (mkdir-p bin)
> +                 ;; Add a thin wrapper to prevent the user from inadvertently
> +                 ;; installing non-free software through the Web Store.
> +                 ;; TODO: Discover extensions from the profile and pass
> +                 ;; something like "--disable-extensions-except=...".

Same question here.

If you need help, there's at least 3 users of Chromium now. I'd like to read
your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
progress? Maybe we can team collaborate on this huge browser.

> +                 (call-with-output-file exe
> +                   (lambda (port)
> +                     (format port
> +                             "#!~a~@
> +                             CHROMIUM_FLAGS=\"--disable-background-networking\"~@
> +                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> +                             then~@
> +                                 CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
> +                             fi~@
> +                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> +                             sh (string-append lib "/chromium"))))
> +                 (chmod exe #o755)
> +
> +                 (wrap-program exe
> +                   ;; TODO: Get these in RUNPATH.
> +                   `("LD_LIBRARY_PATH" ":" prefix
> +                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> +                                      mesa "/lib:" udev "/lib")))
> +                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> +                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> +                 #t)))))))



-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/  ::  https://ea.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-04 19:16           ` ng0
@ 2018-01-08 21:56             ` Marius Bakke
  2018-01-08 23:20               ` ng0
  2018-01-09  6:58               ` ng0
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-01-08 21:56 UTC (permalink / raw)
  To: ng0; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 2960 bytes --]

ng0 <ng0@n0.is> writes:

>> +             (substitute* "chrome/common/chrome_paths.cc"
>> +               (("/usr/share/chromium/extensions")
>> +                ;; TODO: Add ~/.guix-profile.
>> +                "/run/current-system/profile/share/chromium/extensions"))
>
> What's the idea behind this? Did you test it? Do you have any guix build-system
> using Chromium extensions as an example? So far this completely disables the
> installation of any plugins and addons.

The idea is to eventually be able to distribute extensions with Guix.  I
added this path mostly to document it, but don't see how keeping the
default makes a difference.  If you can place an extension in
/usr/share, you can also copy it to the system profile through your
config.scm, or symlink this location on a foreign distribution.

>> +                 (mkdir-p bin)
>> +                 ;; Add a thin wrapper to prevent the user from inadvertently
>> +                 ;; installing non-free software through the Web Store.
>> +                 ;; TODO: Discover extensions from the profile and pass
>> +                 ;; something like "--disable-extensions-except=...".
>
> Same question here.

The Web Store has serious freedom issues, thus we can not enable it by
default.  Enabling it *must* be a conscious choice by the end user.

The TODO here is inspired by Debians wrapper script, which enumerates
the location where apt places extensions, and gives that list to
"--disable-extensions-except".

> If you need help, there's at least 3 users of Chromium now. I'd like to read
> your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> progress? Maybe we can team collaborate on this huge browser.

I do maintain this patch, but unfortunately not in a public repository.
I've attached the latest iteration here (sorry for squashed).

New since the last time are some fixes from the "Inox patchset" that
resolves most of the privacy issues.  Namely removing the "login
wizard", changing to sensible defaults, and forcing the "classic" New
Tab Page that does not load a search engine.

Also, all patches have been moved to remote origins.

Testing and feedback welcome!

Currently there are two "important" (blocking?) TODOs left:

* Move the 'delete-bundled-software' phase to a source snippet.
  Repacking the ~500MiB compressed tarball is *really* expensive.  It
  should also aid the licensing situation.
* Delete the two default entries from the "most used" list on the New
  Tab page.  The first run will download thumbnails for these sites,
  leaking data.  One of them also leads to the disabled-by-default
  store, promoting non-free software.

I'm optimistic that fixing the second item will make the browser not
leak *any* data at launch with the default configuration.  Which leads
to a third item: writing a system test that verifies that launching
Chromium does indeed not initiate any network traffic.

Anyway, here is the latest patch:


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 36825 bytes --]

From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/local.mk: Record it.
---
 gnu/local.mk              |   1 +
 gnu/packages/chromium.scm | 733 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 734 insertions(+)
 create mode 100644 gnu/packages/chromium.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index d4e841921..529fdd2be 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..78cfb3097
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,733 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+(define opus+custom
+  (package (inherit opus)
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes. Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+;; Chromium since 58 depends on an unreleased libvpx. So, we
+;; package the latest master branch as of 2018-01-07.
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://chromium.googlesource.com/webm/libvpx")
+                    (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44")))
+              (file-name "libvpx-for-chromium-checkout")
+              (sha256
+               (base32
+                "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817"))))
+    ;; TODO: Make libvpx configure flags overrideable.
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "CONFIG_SHELL" (which "bash"))
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "LDFLAGS"
+                       (string-append "-Wl,-rpath=" out "/lib"))
+               (zero? (system* "./configure"
+                               "--enable-shared"
+                               "--as=yasm"
+                               ;; Limit size to avoid CVE-2015-1258
+                               "--size-limit=16384x16384"
+                               ;; Spatial SVC is an experimental VP9 encoder
+                               ;; used by some packages (i.e. Chromium).
+                               "--enable-experimental"
+                               "--enable-spatial-svc"
+                               (string-append "--prefix=" out)))))))
+       #:tests? #f)))) ; No tests.
+
+(define %chromium-gn-bootstrap.patch
+  (gentoo-patch "chromium-gn-bootstrap-r17.patch"
+                "5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+                "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
+
+(define %chromium-gcc-compat.patch
+  (gentoo-patch "chromium-gcc5-r4.patch"
+                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
+                "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg"))
+
+(define %chromium-webkit-gcc-compat.patch
+  (gentoo-patch "chromium-gcc5-r5.patch"
+                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
+                "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw"))
+
+(define %chromium-webrtc-gcc-compat.patch
+  (gentoo-patch "chromium-webrtc-r0.patch"
+                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
+                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
+
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                "debian/63.0.3239.40-1"
+                "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s"))
+
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                "debian/63.0.3239.40-1"
+                "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc"))
+
+(define %chromium-system-icu.patch
+  (debian-patch "system/icu.patch"
+                "debian/63.0.3239.40-1"
+                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
+
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                "36794e57f1f97068640c6845dbeb9291155893c0"
+                "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m"))
+
+(define %chromium-external-components.patch
+  (debian-patch "disable/external-components.patch"
+                "debian/63.0.3239.40-1"
+                "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l"))
+
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              "5af0e6187c22471b8cb803f6dda6738f23a530e7"
+              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              "3336bb286ea054271ac2199cf374e96c64ed53cf"
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              "3336bb286ea054271ac2199cf374e96c64ed53cf"
+              "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              "2f60b788bff89bde11ac802d4c19093661cd23f7"
+              "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2"))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "63.0.3239.132")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44"))
+              (patches (list ;%chromium-gn-bootstrap.patch
+                             %chromium-gcc-compat.patch
+                             %chromium-webkit-gcc-compat.patch
+                             %chromium-webrtc-gcc-compat.patch
+                             %chromium-duckduckgo.patch
+                             %chromium-default-preferences.patch
+                             %chromium-first-run.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-system-icu.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+                             %chromium-disable-api-keys-warning.patch))
+              (modules '((srfi srfi-1)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  ;; Replace GN files from third_party with shims for building
+                  ;; against system libraries.  Keep this list in sync with
+                  ;; "build/linux/unbundle/replace_gn_files.py".
+                  (for-each (lambda (pair)
+                              (let ((source (string-append
+                                             "build/linux/unbundle/" (car pair)))
+                                    (dest (cdr pair)))
+                                (copy-file source dest)))
+                            (list
+                             '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                             '("flac.gn" . "third_party/flac/BUILD.gn")
+                             '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                             ;; XXX: This broke in 63.
+                             ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                             '("icu.gn" . "third_party/icu/BUILD.gn")
+                             '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                             '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                             '("libjpeg.gn" .
+                               "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                             '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                             '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                             '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                             ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+                             '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                             '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                             '("opus.gn" . "third_party/opus/BUILD.gn")
+                             '("re2.gn" . "third_party/re2/BUILD.gn")
+                             '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                             '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                             '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-bundled-software
+           (lambda _
+             (let ((keep-libs
+                    (list
+                     ;; Third party folders that cannot be deleted yet.
+                     "base/third_party/dmg_fp"
+                     "base/third_party/dynamic_annotations"
+                     "base/third_party/icu"
+                     "base/third_party/libevent"
+                     "base/third_party/nspr"
+                     "base/third_party/superfasthash"
+                     "base/third_party/symbolize" ; glog
+                     "base/third_party/xdg_mime"
+                     "base/third_party/xdg_user_dirs"
+                     "buildtools/third_party/libc++"
+                     "chrome/third_party/mozilla_security_manager"
+                     "courgette/third_party"
+                     "net/third_party/mozilla_security_manager"
+                     "net/third_party/nss"
+                     "third_party/adobe/flash/flapper_version.h"
+                     ;; FIXME: This is used in:
+                     ;; * ui/webui/resources/js/analytics.js
+                     ;; * ui/file_manager/
+                     "third_party/analytics"
+                     "third_party/angle"
+                     "third_party/angle/src/common/third_party/base"
+                     "third_party/angle/src/common/third_party/smhasher"
+                     "third_party/angle/src/third_party/compiler"
+                     "third_party/angle/src/third_party/libXNVCtrl"
+                     "third_party/angle/src/third_party/trace_event"
+                     "third_party/blink"
+                     "third_party/boringssl"
+                     "third_party/breakpad"
+                     "third_party/brotli"
+                     "third_party/cacheinvalidation"
+                     "third_party/catapult"
+                     "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                     "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                     "third_party/catapult/third_party/polymer"
+                     "third_party/catapult/tracing/third_party/d3"
+                     "third_party/catapult/tracing/third_party/gl-matrix"
+                     "third_party/catapult/tracing/third_party/jszip"
+                     "third_party/catapult/tracing/third_party/mannwhitneyu"
+                     "third_party/catapult/tracing/third_party/oboe"
+                     "third_party/catapult/tracing/third_party/pako"
+                     "third_party/ced"
+                     "third_party/cld_3"
+                     "third_party/crc32c"
+                     "third_party/cros_system_api"
+                     "third_party/dom_distiller_js"
+                     "third_party/fips181"
+                     "third_party/flatbuffers"
+                     ;; XXX Needed by pdfium since 59.
+                     "third_party/freetype"
+                     "third_party/glslang-angle"
+                     "third_party/google_input_tools"
+                     "third_party/google_input_tools/third_party/closure_library"
+                     (string-append "third_party/google_input_tools/third_party"
+                                    "/closure_library/third_party/closure")
+                     "third_party/googletest"
+                     "third_party/harfbuzz-ng" ;XXX why is this required in 63+
+                     "third_party/hunspell"
+                     "third_party/iccjpeg"
+                     "third_party/inspector_protocol"
+                     "third_party/jinja2"
+                     "third_party/jstemplate"
+                     "third_party/khronos"
+                     "third_party/leveldatabase"
+                     "third_party/libXNVCtrl"
+                     "third_party/libaddressinput"
+                     "third_party/libjingle_xmpp"
+                     "third_party/libphonenumber"
+                     "third_party/libsecret" ;FIXME: needs pkg-config support.
+                     "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                     "third_party/libudev"
+                     "third_party/libwebm"
+                     "third_party/libxml" ;FIXME: Unbundle (again).
+                     "third_party/libyuv"
+                     "third_party/lss"
+                     "third_party/lzma_sdk"
+                     "third_party/markupsafe"
+                     "third_party/mesa"
+                     "third_party/modp_b64"
+                     "third_party/mt19937ar"
+                     "third_party/node"
+                     "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
+                     "third_party/openmax_dl"
+                     "third_party/ots"
+                     "third_party/pdfium"
+                     "third_party/pdfium/third_party"
+                     "third_party/ply"
+                     "third_party/polymer"
+                     "third_party/protobuf"
+                     "third_party/protobuf/third_party/six"
+                     "third_party/qcms"
+                     "third_party/sfntly"
+                     "third_party/skia"
+                     "third_party/skia/third_party/vulkan"
+                     "third_party/skia/third_party/gif"
+                     "third_party/smhasher"
+                     "third_party/speech-dispatcher"
+                     "third_party/spirv-headers"
+                     "third_party/spirv-tools-angle"
+                     "third_party/sqlite"
+                     "third_party/swiftshader"
+                     "third_party/swiftshader/third_party"
+                     "third_party/usb_ids"
+                     "third_party/usrsctp"
+                     "third_party/vulkan"
+                     "third_party/vulkan-validation-layers"
+                     "third_party/WebKit"
+                     "third_party/web-animations-js"
+                     "third_party/webrtc"
+                     "third_party/widevine/cdm/widevine_cdm_version.h"
+                     "third_party/widevine/cdm/widevine_cdm_common.h"
+                     "third_party/woff2"
+                     "third_party/xdg-utils"
+                     "third_party/yasm/run_yasm.py"
+                     "third_party/zlib/google"
+                     "url/third_party/mozilla"
+                     "v8/src/third_party/valgrind"
+                     "v8/third_party/inspector_protocol")))
+               ;; FIXME: implement as source snippet. This traverses
+               ;; any "third_party" directory and deletes files that are:
+               ;; * not ending with ".gn" or ".gni"; or
+               ;; * not explicitly named as argument (folder or file).
+               (zero? (apply system* "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" keep-libs)))))
+         (add-after 'remove-bundled-software 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage. Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_custom_libcxx=false"
+                     "use_sysroot=false"
+                     "goma_dir=\"\""
+                     "enable_precompiled_headers=false"
+                     "use_jumbo_build=true"        ;speeds up build
+                     ;; Use a deterministic version identifier.
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     "use_unofficial_version_number=false"
+                     ;; Disable debugging features to save space.
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     ;; Don't fail when using deprecated ffmpeg features.
+                     "treat_warnings_as_errors=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\""     ;don't use tcmalloc
+                     ;; Don't add any API keys. End users can set them in the
+                     ;; environment if necessary.
+                     ;; https://www.chromium.org/developers/how-tos/api-keys
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+
+                     "use_system_freetype=true"
+                     ;; FIXME: Try enabling this for 63+.
+                     ;;"use_system_harfbuzz=true"
+                     "use_system_libjpeg=true"
+                     "use_system_lcms2=true"
+                     "use_system_zlib=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;; "use_system_sqlite=true"
+                     "use_gconf=false"         ; deprecated by gsettings
+                     "use_gnome_keyring=false" ; deprecated by libsecret
+                     "use_gtk3=true"
+                     "use_openh264=true"
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+
+                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ; 2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (zero? (system* "python"
+                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
+                ;; Generate ninja build files.
+                (zero? (system* "./out/Release/gn" "gen" "out/Release"
+                                (string-append "--args="
+                                               (string-join gn-flags " "))))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "ninja" "-C" "out/Release"
+                             "-j" (number->string (parallel-job-count))
+                             "chrome"))))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c-59.1)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser using the @code{Blink} rendering engine.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; software with other licenses. For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
-- 
2.15.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-08 21:56             ` Marius Bakke
@ 2018-01-08 23:20               ` ng0
  2018-01-08 23:40                 ` Marius Bakke
  2018-01-12  0:09                 ` Marius Bakke
  2018-01-09  6:58               ` ng0
  1 sibling, 2 replies; 152+ messages in thread
From: ng0 @ 2018-01-08 23:20 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 42558 bytes --]

Marius Bakke transcribed 39K bytes:
> ng0 <ng0@n0.is> writes:
> 
> >> +             (substitute* "chrome/common/chrome_paths.cc"
> >> +               (("/usr/share/chromium/extensions")
> >> +                ;; TODO: Add ~/.guix-profile.
> >> +                "/run/current-system/profile/share/chromium/extensions"))
> >
> > What's the idea behind this? Did you test it? Do you have any guix build-system
> > using Chromium extensions as an example? So far this completely disables the
> > installation of any plugins and addons.
> 
> The idea is to eventually be able to distribute extensions with Guix.  I
> added this path mostly to document it, but don't see how keeping the
> default makes a difference.  If you can place an extension in
> /usr/share, you can also copy it to the system profile through your
> config.scm, or symlink this location on a foreign distribution.
> 
> >> +                 (mkdir-p bin)
> >> +                 ;; Add a thin wrapper to prevent the user from inadvertently
> >> +                 ;; installing non-free software through the Web Store.
> >> +                 ;; TODO: Discover extensions from the profile and pass
> >> +                 ;; something like "--disable-extensions-except=...".
> >
> > Same question here.
> 
> The Web Store has serious freedom issues, thus we can not enable it by
> default.  Enabling it *must* be a conscious choice by the end user.
> 
> The TODO here is inspired by Debians wrapper script, which enumerates
> the location where apt places extensions, and gives that list to
> "--disable-extensions-except".
> 
> > If you need help, there's at least 3 users of Chromium now. I'd like to read

Actually more than 3: I have to make chromium accessible for work we agreed
on in GNU Taler (where the "How should we package extensions in a way that
works" comes in important, not just as a PoC/TODO).

> > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> > progress? Maybe we can team collaborate on this huge browser.
> 
> I do maintain this patch, but unfortunately not in a public repository.

Ah, ok.

> I've attached the latest iteration here (sorry for squashed).

Thanks

> New since the last time are some fixes from the "Inox patchset" that
> resolves most of the privacy issues.  Namely removing the "login
> wizard", changing to sensible defaults, and forcing the "classic" New
> Tab Page that does not load a search engine.

Cool!

> Also, all patches have been moved to remote origins.
> 
> Testing and feedback welcome!

I'll build it tomorrow or tonight (whenever my build of linux-mainline to
search for fixes for the i915 issue finishes) and report back.
So far I'um using your version 58and it works for me :)

> Currently there are two "important" (blocking?) TODOs left:
> 
> * Move the 'delete-bundled-software' phase to a source snippet.
>   Repacking the ~500MiB compressed tarball is *really* expensive.  It

Yep. It takes a verrry long time, I've noticed this when I started
working on Chromium.

>   should also aid the licensing situation.
> * Delete the two default entries from the "most used" list on the New
>   Tab page.  The first run will download thumbnails for these sites,
>   leaking data.  One of them also leads to the disabled-by-default
>   store, promoting non-free software.
> 
> I'm optimistic that fixing the second item will make the browser not
> leak *any* data at launch with the default configuration.  Which leads
> to a third item: writing a system test that verifies that launching
> Chromium does indeed not initiate any network traffic.
> 
> Anyway, here is the latest patch:
> 

> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
> 
> * gnu/packages/chromium.scm: New file.
> * gnu/local.mk: Record it.
> ---
>  gnu/local.mk              |   1 +
>  gnu/packages/chromium.scm | 733 ++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 734 insertions(+)
>  create mode 100644 gnu/packages/chromium.scm
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d4e841921..529fdd2be 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/packages/check.scm			\
>    %D%/packages/chemistry.scm			\
>    %D%/packages/chez.scm				\
> +  %D%/packages/chromium.scm			\
>    %D%/packages/ci.scm				\
>    %D%/packages/cinnamon.scm			\
>    %D%/packages/cmake.scm			\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..78cfb3097
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,733 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> +  #:use-module ((guix licenses) #:prefix license:)
> +  #:use-module (guix packages)
> +  #:use-module (guix download)
> +  #:use-module (guix git-download)
> +  #:use-module (guix utils)
> +  #:use-module (guix build-system gnu)
> +  #:use-module (gnu packages)
> +  #:use-module (gnu packages assembly)
> +  #:use-module (gnu packages base)
> +  #:use-module (gnu packages bison)
> +  #:use-module (gnu packages compression)
> +  #:use-module (gnu packages cups)
> +  #:use-module (gnu packages curl)
> +  #:use-module (gnu packages databases)
> +  #:use-module (gnu packages fontutils)
> +  #:use-module (gnu packages ghostscript)
> +  #:use-module (gnu packages gl)
> +  #:use-module (gnu packages glib)
> +  #:use-module (gnu packages gnome)
> +  #:use-module (gnu packages gnuzilla)
> +  #:use-module (gnu packages gperf)
> +  #:use-module (gnu packages gtk)
> +  #:use-module (gnu packages icu4c)
> +  #:use-module (gnu packages image)
> +  #:use-module (gnu packages libevent)
> +  #:use-module (gnu packages libffi)
> +  #:use-module (gnu packages libusb)
> +  #:use-module (gnu packages linux)
> +  #:use-module (gnu packages kerberos)
> +  #:use-module (gnu packages ninja)
> +  #:use-module (gnu packages node)
> +  #:use-module (gnu packages pciutils)
> +  #:use-module (gnu packages photo)
> +  #:use-module (gnu packages pkg-config)
> +  #:use-module (gnu packages protobuf)
> +  #:use-module (gnu packages pulseaudio)
> +  #:use-module (gnu packages python)
> +  #:use-module (gnu packages python-web)
> +  #:use-module (gnu packages regex)
> +  #:use-module (gnu packages serialization)
> +  #:use-module (gnu packages speech)
> +  #:use-module (gnu packages tls)
> +  #:use-module (gnu packages valgrind)
> +  #:use-module (gnu packages version-control)
> +  #:use-module (gnu packages video)
> +  #:use-module (gnu packages xiph)
> +  #:use-module (gnu packages xml)
> +  #:use-module (gnu packages xdisorg)
> +  #:use-module (gnu packages xorg))
> +
> +(define (strip-directory-prefix pathspec)
> +  "Return everything after the last '/' in PATHSPEC."
> +  (let ((index (string-rindex pathspec #\/)))
> +    (if index (string-drop pathspec (+ 1 index))
> +        pathspec)))
> +
> +(define (chromium-patch-file-name pathspec)
> +  (let ((patch-name (strip-directory-prefix pathspec)))
> +    (if (string-prefix? "chromium-" patch-name)
> +        patch-name
> +        (string-append "chromium-" patch-name))))
> +
> +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
> +(define (debian-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
> +          "/plain/debian/patches/" pathspec "?id=" revision))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> +          "/chromium/files/" pathspec "?id=" revision))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> +                        revision "/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +(define opus+custom
> +  (package (inherit opus)
> +           (arguments
> +            `(;; Opus Custom is an optional extension of the Opus
> +              ;; specification that allows for unsupported frame
> +              ;; sizes. Chromium requires that this is enabled.
> +              #:configure-flags '("--enable-custom-modes")
> +              ,@(package-arguments opus)))))
> +
> +;; Chromium since 58 depends on an unreleased libvpx. So, we
> +;; package the latest master branch as of 2018-01-07.
> +(define libvpx+experimental
> +  (package
> +    (inherit libvpx)
> +    (source (origin
> +              (method git-fetch)
> +              (uri (git-reference
> +                    (url "https://chromium.googlesource.com/webm/libvpx")
> +                    (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44")))
> +              (file-name "libvpx-for-chromium-checkout")
> +              (sha256
> +               (base32
> +                "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817"))))
> +    ;; TODO: Make libvpx configure flags overrideable.
> +    (arguments
> +     `(#:phases
> +       (modify-phases %standard-phases
> +         (replace 'configure
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (setenv "CONFIG_SHELL" (which "bash"))
> +             (let ((out (assoc-ref outputs "out")))
> +               (setenv "LDFLAGS"
> +                       (string-append "-Wl,-rpath=" out "/lib"))
> +               (zero? (system* "./configure"
> +                               "--enable-shared"
> +                               "--as=yasm"
> +                               ;; Limit size to avoid CVE-2015-1258
> +                               "--size-limit=16384x16384"
> +                               ;; Spatial SVC is an experimental VP9 encoder
> +                               ;; used by some packages (i.e. Chromium).
> +                               "--enable-experimental"
> +                               "--enable-spatial-svc"
> +                               (string-append "--prefix=" out)))))))
> +       #:tests? #f)))) ; No tests.
> +
> +(define %chromium-gn-bootstrap.patch
> +  (gentoo-patch "chromium-gn-bootstrap-r17.patch"
> +                "5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
> +                "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
> +
> +(define %chromium-gcc-compat.patch
> +  (gentoo-patch "chromium-gcc5-r4.patch"
> +                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> +                "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg"))
> +
> +(define %chromium-webkit-gcc-compat.patch
> +  (gentoo-patch "chromium-gcc5-r5.patch"
> +                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> +                "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw"))
> +
> +(define %chromium-webrtc-gcc-compat.patch
> +  (gentoo-patch "chromium-webrtc-r0.patch"
> +                "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> +                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
> +
> +(define %chromium-system-nspr.patch
> +  (debian-patch "system/nspr.patch"
> +                "debian/63.0.3239.40-1"
> +                "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s"))
> +
> +(define %chromium-system-libevent.patch
> +  (debian-patch "system/event.patch"
> +                "debian/63.0.3239.40-1"
> +                "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc"))
> +
> +(define %chromium-system-icu.patch
> +  (debian-patch "system/icu.patch"
> +                "debian/63.0.3239.40-1"
> +                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
> +
> +(define %chromium-disable-api-keys-warning.patch
> +  (debian-patch "disable/google-api-warning.patch"
> +                "36794e57f1f97068640c6845dbeb9291155893c0"
> +                "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m"))
> +
> +(define %chromium-external-components.patch
> +  (debian-patch "disable/external-components.patch"
> +                "debian/63.0.3239.40-1"
> +                "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l"))
> +
> +(define %chromium-duckduckgo.patch
> +  (inox-patch "0011-add-duckduckgo-search-engine.patch"
> +              "5af0e6187c22471b8cb803f6dda6738f23a530e7"
> +              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
> +
> +;; Don't start a "Login Wizard" at first launch.
> +(define %chromium-first-run.patch
> +  (inox-patch "0018-disable-first-run-behaviour.patch"
> +              "3336bb286ea054271ac2199cf374e96c64ed53cf"
> +              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
> +
> +;; Use privacy-preserving defaults.
> +(define %chromium-default-preferences.patch
> +  (inox-patch "0006-modify-default-prefs.patch"
> +              "3336bb286ea054271ac2199cf374e96c64ed53cf"
> +              "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888"))
> +
> +;; Recent versions of Chromium may load a remote search engine on the
> +;; New Tab Page, causing unnecessary and involuntary network traffic.
> +(define %chromium-restore-classic-ntp.patch
> +  (inox-patch "0008-restore-classic-ntp.patch"
> +              "2f60b788bff89bde11ac802d4c19093661cd23f7"
> +              "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2"))
> +
> +(define-public chromium
> +  (package
> +    (name "chromium")
> +    (version "63.0.3239.132")
> +    (synopsis "Graphical web browser")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append "https://commondatastorage.googleapis.com/"
> +                                  "chromium-browser-official/chromium-"
> +                                  version ".tar.xz"))
> +              (sha256
> +               (base32
> +                "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44"))
> +              (patches (list ;%chromium-gn-bootstrap.patch
> +                             %chromium-gcc-compat.patch
> +                             %chromium-webkit-gcc-compat.patch
> +                             %chromium-webrtc-gcc-compat.patch
> +                             %chromium-duckduckgo.patch
> +                             %chromium-default-preferences.patch
> +                             %chromium-first-run.patch
> +                             %chromium-restore-classic-ntp.patch
> +                             %chromium-system-icu.patch
> +                             %chromium-system-nspr.patch
> +                             %chromium-system-libevent.patch
> +                             %chromium-disable-api-keys-warning.patch))
> +              (modules '((srfi srfi-1)
> +                         (guix build utils)))
> +              (snippet
> +               '(begin
> +                  ;; Replace GN files from third_party with shims for building
> +                  ;; against system libraries.  Keep this list in sync with
> +                  ;; "build/linux/unbundle/replace_gn_files.py".
> +                  (for-each (lambda (pair)
> +                              (let ((source (string-append
> +                                             "build/linux/unbundle/" (car pair)))
> +                                    (dest (cdr pair)))
> +                                (copy-file source dest)))
> +                            (list
> +                             '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> +                             '("flac.gn" . "third_party/flac/BUILD.gn")
> +                             '("freetype.gn" . "third_party/freetype/BUILD.gn")
> +                             ;; XXX: This broke in 63.
> +                             ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
> +                             '("icu.gn" . "third_party/icu/BUILD.gn")
> +                             '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> +                             '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> +                             '("libjpeg.gn" .
> +                               "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
> +                             '("libpng.gn" . "third_party/libpng/BUILD.gn")
> +                             '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> +                             '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> +                             ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
> +                             '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> +                             '("openh264.gn" . "third_party/openh264/BUILD.gn")
> +                             '("opus.gn" . "third_party/opus/BUILD.gn")
> +                             '("re2.gn" . "third_party/re2/BUILD.gn")
> +                             '("snappy.gn" . "third_party/snappy/BUILD.gn")
> +                             '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> +                             '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> +                  #t))))
> +    (build-system gnu-build-system)
> +    (arguments
> +     `(#:tests? #f
> +       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> +       ;; it's not recognized when passed.
> +       #:validate-runpath? #f
> +       #:modules ((srfi srfi-26)
> +                  (ice-9 ftw)
> +                  (ice-9 regex)
> +                  (guix build gnu-build-system)
> +                  (guix build utils))
> +       #:phases
> +       (modify-phases %standard-phases
> +         (add-after 'unpack 'remove-bundled-software
> +           (lambda _
> +             (let ((keep-libs
> +                    (list
> +                     ;; Third party folders that cannot be deleted yet.
> +                     "base/third_party/dmg_fp"
> +                     "base/third_party/dynamic_annotations"
> +                     "base/third_party/icu"
> +                     "base/third_party/libevent"
> +                     "base/third_party/nspr"
> +                     "base/third_party/superfasthash"
> +                     "base/third_party/symbolize" ; glog
> +                     "base/third_party/xdg_mime"
> +                     "base/third_party/xdg_user_dirs"
> +                     "buildtools/third_party/libc++"
> +                     "chrome/third_party/mozilla_security_manager"
> +                     "courgette/third_party"
> +                     "net/third_party/mozilla_security_manager"
> +                     "net/third_party/nss"
> +                     "third_party/adobe/flash/flapper_version.h"
> +                     ;; FIXME: This is used in:
> +                     ;; * ui/webui/resources/js/analytics.js
> +                     ;; * ui/file_manager/
> +                     "third_party/analytics"
> +                     "third_party/angle"
> +                     "third_party/angle/src/common/third_party/base"
> +                     "third_party/angle/src/common/third_party/smhasher"
> +                     "third_party/angle/src/third_party/compiler"
> +                     "third_party/angle/src/third_party/libXNVCtrl"
> +                     "third_party/angle/src/third_party/trace_event"
> +                     "third_party/blink"
> +                     "third_party/boringssl"
> +                     "third_party/breakpad"
> +                     "third_party/brotli"
> +                     "third_party/cacheinvalidation"
> +                     "third_party/catapult"
> +                     "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> +                     "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> +                     "third_party/catapult/third_party/polymer"
> +                     "third_party/catapult/tracing/third_party/d3"
> +                     "third_party/catapult/tracing/third_party/gl-matrix"
> +                     "third_party/catapult/tracing/third_party/jszip"
> +                     "third_party/catapult/tracing/third_party/mannwhitneyu"
> +                     "third_party/catapult/tracing/third_party/oboe"
> +                     "third_party/catapult/tracing/third_party/pako"
> +                     "third_party/ced"
> +                     "third_party/cld_3"
> +                     "third_party/crc32c"
> +                     "third_party/cros_system_api"
> +                     "third_party/dom_distiller_js"
> +                     "third_party/fips181"
> +                     "third_party/flatbuffers"
> +                     ;; XXX Needed by pdfium since 59.
> +                     "third_party/freetype"
> +                     "third_party/glslang-angle"
> +                     "third_party/google_input_tools"
> +                     "third_party/google_input_tools/third_party/closure_library"
> +                     (string-append "third_party/google_input_tools/third_party"
> +                                    "/closure_library/third_party/closure")
> +                     "third_party/googletest"
> +                     "third_party/harfbuzz-ng" ;XXX why is this required in 63+
> +                     "third_party/hunspell"
> +                     "third_party/iccjpeg"
> +                     "third_party/inspector_protocol"
> +                     "third_party/jinja2"
> +                     "third_party/jstemplate"
> +                     "third_party/khronos"
> +                     "third_party/leveldatabase"
> +                     "third_party/libXNVCtrl"
> +                     "third_party/libaddressinput"
> +                     "third_party/libjingle_xmpp"
> +                     "third_party/libphonenumber"
> +                     "third_party/libsecret" ;FIXME: needs pkg-config support.
> +                     "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
> +                     "third_party/libudev"
> +                     "third_party/libwebm"
> +                     "third_party/libxml" ;FIXME: Unbundle (again).
> +                     "third_party/libyuv"
> +                     "third_party/lss"
> +                     "third_party/lzma_sdk"
> +                     "third_party/markupsafe"
> +                     "third_party/mesa"
> +                     "third_party/modp_b64"
> +                     "third_party/mt19937ar"
> +                     "third_party/node"
> +                     "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
> +                     "third_party/openmax_dl"
> +                     "third_party/ots"
> +                     "third_party/pdfium"
> +                     "third_party/pdfium/third_party"
> +                     "third_party/ply"
> +                     "third_party/polymer"
> +                     "third_party/protobuf"
> +                     "third_party/protobuf/third_party/six"
> +                     "third_party/qcms"
> +                     "third_party/sfntly"
> +                     "third_party/skia"
> +                     "third_party/skia/third_party/vulkan"
> +                     "third_party/skia/third_party/gif"
> +                     "third_party/smhasher"
> +                     "third_party/speech-dispatcher"
> +                     "third_party/spirv-headers"
> +                     "third_party/spirv-tools-angle"
> +                     "third_party/sqlite"
> +                     "third_party/swiftshader"
> +                     "third_party/swiftshader/third_party"
> +                     "third_party/usb_ids"
> +                     "third_party/usrsctp"
> +                     "third_party/vulkan"
> +                     "third_party/vulkan-validation-layers"
> +                     "third_party/WebKit"
> +                     "third_party/web-animations-js"
> +                     "third_party/webrtc"
> +                     "third_party/widevine/cdm/widevine_cdm_version.h"
> +                     "third_party/widevine/cdm/widevine_cdm_common.h"
> +                     "third_party/woff2"
> +                     "third_party/xdg-utils"
> +                     "third_party/yasm/run_yasm.py"
> +                     "third_party/zlib/google"
> +                     "url/third_party/mozilla"
> +                     "v8/src/third_party/valgrind"
> +                     "v8/third_party/inspector_protocol")))
> +               ;; FIXME: implement as source snippet. This traverses
> +               ;; any "third_party" directory and deletes files that are:
> +               ;; * not ending with ".gn" or ".gni"; or
> +               ;; * not explicitly named as argument (folder or file).
> +               (zero? (apply system* "python"
> +                             "build/linux/unbundle/remove_bundled_libraries.py"
> +                             "--do-remove" keep-libs)))))
> +         (add-after 'remove-bundled-software 'patch-stuff
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (substitute* "printing/cups_config_helper.py"
> +               (("cups_config =.*")
> +                (string-append "cups_config = '" (assoc-ref inputs "cups")
> +                               "/bin/cups-config'\n")))
> +
> +             (substitute*
> +                 '("base/process/launch_posix.cc"
> +                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
> +                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> +                   "sandbox/linux/services/credentials.cc"
> +                   "sandbox/linux/services/namespace_utils.cc"
> +                   "sandbox/linux/services/syscall_wrappers.cc"
> +                   "sandbox/linux/syscall_broker/broker_host.cc")
> +               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> +             (for-each (lambda (file)
> +                         (substitute* file
> +                           ;; Fix opus include path.
> +                           ;; Do not substitute opus_private.h.
> +                           (("#include \"opus\\.h\"")
> +                            "#include \"opus/opus.h\"")
> +                           (("#include \"opus_custom\\.h\"")
> +                            "#include \"opus/opus_custom.h\"")
> +                           (("#include \"opus_defines\\.h\"")
> +                            "#include \"opus/opus_defines.h\"")
> +                           (("#include \"opus_multistream\\.h\"")
> +                            "#include \"opus/opus_multistream.h\"")
> +                           (("#include \"opus_types\\.h\"")
> +                            "#include \"opus/opus_types.h\"")))
> +                       (append (find-files "third_party/opus/src/celt")
> +                               (find-files "third_party/opus/src/src")
> +                               (find-files (string-append "third_party/webrtc/modules"
> +                                                          "/audio_coding/codecs/opus"))))
> +
> +             (substitute* "chrome/common/chrome_paths.cc"
> +               (("/usr/share/chromium/extensions")
> +                ;; TODO: Add ~/.guix-profile.
> +                "/run/current-system/profile/share/chromium/extensions"))
> +
> +             (substitute*
> +                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> +               (("include \"third_party/curl") "include \"curl"))
> +             (substitute* "media/base/decode_capabilities.cc"
> +               (("third_party/libvpx/source/libvpx/") ""))
> +
> +             ;; We don't cross compile most packages, so get rid of the
> +             ;; unnecessary ARCH-linux-gnu* prefix.
> +             (substitute* "build/toolchain/linux/BUILD.gn"
> +               (("aarch64-linux-gnu-") "")
> +               (("arm-linux-gnueabihf-") ""))
> +             #t))
> +         (replace 'configure
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let ((gn-flags
> +                    (list
> +                     ;; See tools/gn/docs/cookbook.md and
> +                     ;; https://www.chromium.org/developers/gn-build-configuration
> +                     ;; for usage. Run "./gn args . --list" in the Release
> +                     ;; directory for an exhaustive list of supported flags.
> +                     "is_debug=false"
> +                     "is_official_build=false"
> +                     "is_clang=false"
> +                     "use_gold=false"
> +                     "linux_use_bundled_binutils=false"
> +                     "use_custom_libcxx=false"
> +                     "use_sysroot=false"
> +                     "goma_dir=\"\""
> +                     "enable_precompiled_headers=false"
> +                     "use_jumbo_build=true"        ;speeds up build
> +                     ;; Use a deterministic version identifier.
> +                     "override_build_date=\"01 01 2000 05:00:00\""
> +                     "use_unofficial_version_number=false"
> +                     ;; Disable debugging features to save space.
> +                     "remove_webcore_debug_symbols=true"
> +                     "enable_iterator_debugging=false"
> +                     ;; Don't fail when using deprecated ffmpeg features.
> +                     "treat_warnings_as_errors=false"
> +                     "enable_nacl=false"
> +                     "enable_nacl_nonsfi=false"
> +                     "use_allocator=\"none\""     ;don't use tcmalloc
> +                     ;; Don't add any API keys. End users can set them in the
> +                     ;; environment if necessary.
> +                     ;; https://www.chromium.org/developers/how-tos/api-keys
> +                     "use_official_google_api_keys=false"
> +                     ;; Disable "field trials".
> +                     "fieldtrial_testing_like_official_build=true"
> +
> +                     "use_system_freetype=true"
> +                     ;; FIXME: Try enabling this for 63+.
> +                     ;;"use_system_harfbuzz=true"
> +                     "use_system_libjpeg=true"
> +                     "use_system_lcms2=true"
> +                     "use_system_zlib=true"
> +                     ;; This is currently not supported on Linux:
> +                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> +                     ;; "use_system_sqlite=true"
> +                     "use_gconf=false"         ; deprecated by gsettings
> +                     "use_gnome_keyring=false" ; deprecated by libsecret
> +                     "use_gtk3=true"
> +                     "use_openh264=true"
> +                     "use_xkbcommon=true"
> +                     "link_pulseaudio=true"
> +
> +                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> +                     "proprietary_codecs=true"
> +                     "ffmpeg_branding=\"Chrome\""
> +
> +                     ;; WebRTC stuff.
> +                     "rtc_use_h264=true"
> +                     ;; Don't use bundled sources.
> +                     "rtc_build_json=false"
> +                     "rtc_build_libevent=false"
> +                     "rtc_build_libvpx=false"
> +                     "rtc_build_opus=false"
> +                     "rtc_build_ssl=false"
> +                     ;; TODO: Package these.
> +                     "rtc_build_libsrtp=true" ; 2.0
> +                     "rtc_build_libyuv=true"
> +                     "rtc_build_openmax_dl=true"
> +                     "rtc_build_usrsctp=true"
> +                     (string-append "rtc_jsoncpp_root=\""
> +                                    (assoc-ref inputs "jsoncpp")
> +                                    "/include/jsoncpp/json\"")
> +                     (string-append "rtc_ssl_root=\""
> +                                    (assoc-ref inputs "openssl")
> +                                    "/include/openssl\""))))
> +
> +               ;; XXX: How portable is this.
> +               (mkdir-p "third_party/node/linux/node-linux-x64")
> +               (symlink (string-append (assoc-ref inputs "node") "/bin")
> +                        "third_party/node/linux/node-linux-x64/bin")
> +
> +               (setenv "CC" "gcc")
> +               (setenv "CXX" "g++")
> +               ;; TODO: pre-compile instead. Avoids a race condition.
> +               (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +               (and
> +                ;; Build the "gn" tool.
> +                (zero? (system* "python"
> +                                "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> +                ;; Generate ninja build files.
> +                (zero? (system* "./out/Release/gn" "gen" "out/Release"
> +                                (string-append "--args="
> +                                               (string-join gn-flags " "))))))))
> +         (replace 'build
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (zero? (system* "ninja" "-C" "out/Release"
> +                             "-j" (number->string (parallel-job-count))
> +                             "chrome"))))
> +         (replace 'install
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let* ((out            (assoc-ref outputs "out"))
> +                    (bin            (string-append out "/bin"))
> +                    (exe            (string-append bin "/chromium"))
> +                    (lib            (string-append out "/lib"))
> +                    (man            (string-append out "/share/man/man1"))
> +                    (applications   (string-append out "/share/applications"))
> +                    (install-regexp (make-regexp "\\.(bin|pak)$"))
> +                    (locales        (string-append lib "/locales"))
> +                    (resources      (string-append lib "/resources"))
> +                    (gtk+           (assoc-ref inputs "gtk+"))
> +                    (mesa           (assoc-ref inputs "mesa"))
> +                    (nss            (assoc-ref inputs "nss"))
> +                    (udev           (assoc-ref inputs "udev"))
> +                    (sh             (which "sh")))
> +
> +               (substitute* '("chrome/app/resources/manpage.1.in"
> +                              "chrome/installer/linux/common/desktop.template")
> +                 (("@@MENUNAME@@") "Chromium")
> +                 (("@@PACKAGE@@") "chromium")
> +                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> +               (mkdir-p man)
> +               (copy-file "chrome/app/resources/manpage.1.in"
> +                          (string-append man "/chromium.1"))
> +               (mkdir-p applications)
> +               (copy-file "chrome/installer/linux/common/desktop.template"
> +                          (string-append applications "/chromium.desktop"))
> +
> +               (with-directory-excursion "out/Release"
> +                 (for-each (lambda (file)
> +                             (install-file file lib))
> +                           (scandir "." (cut regexp-exec install-regexp <>)))
> +                 (copy-file "chrome" (string-append lib "/chromium"))
> +
> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> +                 ;; "out/share/icons/hicolor/$size".
> +                 (install-file
> +                  "product_logo_48.png"
> +                  (string-append out "/share/icons/48x48/chromium.png"))
> +
> +                 (copy-recursively "locales" locales)
> +                 (copy-recursively "resources" resources)
> +
> +                 (mkdir-p bin)
> +                 ;; Add a thin wrapper to prevent the user from inadvertently
> +                 ;; installing non-free software through the Web Store.
> +                 ;; TODO: Discover extensions from the profile and pass
> +                 ;; something like "--disable-extensions-except=...".
> +                 (call-with-output-file exe
> +                   (lambda (port)
> +                     (format port
> +                             "#!~a~@
> +                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> +                             then~@
> +                               CHROMIUM_FLAGS=\" \\~@
> +                                 --disable-background-networking \\~@
> +                                 --disable-extensions \\~@
> +                               \"~@
> +                             fi~@
> +                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> +                             sh (string-append lib "/chromium"))))
> +                 (chmod exe #o755)
> +
> +                 (wrap-program exe
> +                   ;; TODO: Get these in RUNPATH.
> +                   `("LD_LIBRARY_PATH" ":" prefix
> +                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> +                                      mesa "/lib:" udev "/lib")))
> +                   ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> +                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> +                 #t)))))))
> +    (native-inputs
> +     `(("bison" ,bison)
> +       ("git" ,git)                     ;last_commit_position.py
> +       ("gperf" ,gperf)
> +       ("ninja" ,ninja)
> +       ("node" ,node)
> +       ("pkg-config" ,pkg-config)
> +       ("which" ,which)
> +       ("yasm" ,yasm)
> +
> +       ("python-beautifulsoup4" ,python2-beautifulsoup4)
> +       ("python-html5lib" ,python2-html5lib)
> +       ("python" ,python-2)))
> +    (inputs
> +     `(("alsa-lib" ,alsa-lib)
> +       ("atk" ,atk)
> +       ("cups" ,cups)
> +       ("curl" ,curl)
> +       ("dbus" ,dbus)
> +       ("dbus-glib" ,dbus-glib)
> +       ("expat" ,expat)
> +       ("flac" ,flac)
> +       ("ffmpeg" ,ffmpeg)
> +       ("fontconfig" ,fontconfig)
> +       ("freetype" ,freetype)
> +       ("gdk-pixbuf" ,gdk-pixbuf)
> +       ("glib" ,glib)
> +       ("gtk+-2" ,gtk+-2)
> +       ("gtk+" ,gtk+)
> +       ("harfbuzz" ,harfbuzz)
> +       ("icu4c" ,icu4c-59.1)
> +       ("jsoncpp" ,jsoncpp)
> +       ("lcms" ,lcms)
> +       ("libevent" ,libevent)
> +       ("libffi" ,libffi)
> +       ("libjpeg-turbo" ,libjpeg-turbo)
> +       ("libpng" ,libpng)
> +       ("libusb" ,libusb)
> +       ("libvpx" ,libvpx+experimental)
> +       ("libwebp" ,libwebp)
> +       ("libx11" ,libx11)
> +       ("libxcb" ,libxcb)
> +       ("libxcomposite" ,libxcomposite)
> +       ("libxcursor" ,libxcursor)
> +       ("libxdamage" ,libxdamage)
> +       ("libxext" ,libxext)
> +       ("libxfixes" ,libxfixes)
> +       ("libxi" ,libxi)
> +       ("libxkbcommon" ,libxkbcommon)
> +       ("libxml2" ,libxml2)
> +       ("libxrandr" ,libxrandr)
> +       ("libxrender" ,libxrender)
> +       ("libxscrnsaver" ,libxscrnsaver)
> +       ("libxslt" ,libxslt)
> +       ("libxtst" ,libxtst)
> +       ("mesa" ,mesa)
> +       ("minizip" ,minizip)
> +       ("mit-krb5" ,mit-krb5)
> +       ("nss" ,nss)
> +       ("openh264" ,openh264)
> +       ("openssl" ,openssl)
> +       ("opus" ,opus+custom)
> +       ("pango" ,pango)
> +       ("pciutils" ,pciutils)
> +       ("protobuf" ,protobuf)
> +       ("pulseaudio" ,pulseaudio)
> +       ("re2" ,re2)
> +       ("snappy" ,snappy)
> +       ("speech-dispatcher" ,speech-dispatcher)
> +       ("sqlite" ,sqlite)
> +       ("udev" ,eudev)
> +       ("valgrind" ,valgrind)))
> +    (home-page "https://www.chromium.org/")
> +    (description
> +     "Chromium is a web browser using the @code{Blink} rendering engine.")
> +    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> +    ;; software with other licenses. For full information, see chrome://credits.
> +    (license (list license:bsd-3
> +                   license:bsd-2
> +                   license:expat
> +                   license:asl2.0
> +                   license:mpl2.0
> +                   license:public-domain
> +                   license:lgpl2.1+))))
> -- 
> 2.15.1
> 


Many thanks for your ongoing work with this (and the patience :))
As this is 63, you you are keeping track of Debian, right? I tried
to package 64 a couple of days ago because I wanted the workaround
for some of the recent security clusterfucks, but Debian is still
on 63 :/
I hope they'll update their patchset soon.

-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/  ::  https://ea.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-08 23:20               ` ng0
@ 2018-01-08 23:40                 ` Marius Bakke
  2018-01-12  0:09                 ` Marius Bakke
  1 sibling, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2018-01-08 23:40 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 528 bytes --]

ng0 <ng0@n0.is> writes:

> Many thanks for your ongoing work with this (and the patience :))
> As this is 63, you you are keeping track of Debian, right? I tried
> to package 64 a couple of days ago because I wanted the workaround
> for some of the recent security clusterfucks, but Debian is still
> on 63 :/
> I hope they'll update their patchset soon.

I track the upstream stable branch, which is currently 63.

https://www.chromestatus.com/features/schedule

(see also <https://chromereleases.googleblog.com/> for updates)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-08 21:56             ` Marius Bakke
  2018-01-08 23:20               ` ng0
@ 2018-01-09  6:58               ` ng0
  2018-01-12  0:03                 ` Marius Bakke
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-01-09  6:58 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1436 bytes --]

Marius Bakke transcribed 39K bytes:

> Testing and feedback welcome!
> 
> Currently there are two "important" (blocking?) TODOs left:
> 
> * Move the 'delete-bundled-software' phase to a source snippet.
>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
>   should also aid the licensing situation.
> * Delete the two default entries from the "most used" list on the New
>   Tab page.  The first run will download thumbnails for these sites,
>   leaking data.  One of them also leads to the disabled-by-default
>   store, promoting non-free software.
> 
> I'm optimistic that fixing the second item will make the browser not
> leak *any* data at launch with the default configuration.  Which leads
> to a third item: writing a system test that verifies that launching
> Chromium does indeed not initiate any network traffic.
> 
> Anyway, here is the latest patch:
> 

> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
> 
> * gnu/packages/chromium.scm: New file.
> * gnu/local.mk: Record it.

I think you forgot a package:

gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable



-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/  ::  https://ea.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-09  6:58               ` ng0
@ 2018-01-12  0:03                 ` Marius Bakke
  2018-01-12  9:38                   ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2018-01-12  0:03 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1774 bytes --]

ng0 <ng0@n0.is> writes:

> Marius Bakke transcribed 39K bytes:
>
>> Testing and feedback welcome!
>> 
>> Currently there are two "important" (blocking?) TODOs left:
>> 
>> * Move the 'delete-bundled-software' phase to a source snippet.
>>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
>>   should also aid the licensing situation.
>> * Delete the two default entries from the "most used" list on the New
>>   Tab page.  The first run will download thumbnails for these sites,
>>   leaking data.  One of them also leads to the disabled-by-default
>>   store, promoting non-free software.
>> 
>> I'm optimistic that fixing the second item will make the browser not
>> leak *any* data at launch with the default configuration.  Which leads
>> to a third item: writing a system test that verifies that launching
>> Chromium does indeed not initiate any network traffic.
>> 
>> Anyway, here is the latest patch:
>> 
>
>> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Wed, 12 Oct 2016 17:25:05 +0100
>> Subject: [PATCH] gnu: Add chromium.
>> 
>> * gnu/packages/chromium.scm: New file.
>> * gnu/local.mk: Record it.
>
> I think you forgot a package:
>
> gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable

Indeed.  This can now be changed to use the regular "icu4c" package.

Tangentially, these kinds of problems are typical with new Chromium
releases.  In 63 or later, system harfbuzz had to be disabled.  If we
are going to carry this package, changes like these *will* be normal.

Upstream only tests their releases with Clang, and with the bundled
versions of packages, regardless of the unbundling script.  Not great.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-08 23:20               ` ng0
  2018-01-08 23:40                 ` Marius Bakke
@ 2018-01-12  0:09                 ` Marius Bakke
  2018-01-13 19:02                   ` ng0
  2018-01-16 14:18                   ` Ludovic Courtès
  1 sibling, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-01-12  0:09 UTC (permalink / raw)
  To: ng0; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 801 bytes --]

ng0 <ng0@n0.is> writes:

> Many thanks for your ongoing work with this (and the patience :))
> As this is 63, you you are keeping track of Debian, right? I tried
> to package 64 a couple of days ago because I wanted the workaround
> for some of the recent security clusterfucks, but Debian is still
> on 63 :/
> I hope they'll update their patchset soon.

Indeed Google did not add the Spectre mitigation to Chromium 63, even
though the latest version was released after the fact.

https://xlab.tencent.com/special/spectre/spectre_check.html

For reasons that beat me, they only added it to the proprietary Chrome
browser, which follows the same version number as Chromium.

The attached patch adds Spectre mitigation to the current Chromium
release.  The patch was pulled from the Chrome 64 branch:


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-chromium-Add-spectre-mitigation.patch --]
[-- Type: text/x-patch, Size: 2990 bytes --]

From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Thu, 11 Jan 2018 14:36:47 +0100
Subject: [PATCH] gnu: chromium: Add spectre mitigation.

* gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chromium.scm (chromium)[source]: Use it.
---
 gnu/local.mk                                           |  1 +
 gnu/packages/chromium.scm                              |  3 ++-
 gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 513f64043..89dab227c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -575,6 +575,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-spectre-mitigation.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clementine-use-openssl.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index dd040527b..1e9dba42e 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -240,7 +240,8 @@
                              %chromium-system-icu.patch
                              %chromium-system-nspr.patch
                              %chromium-system-libevent.patch
-                             %chromium-disable-api-keys-warning.patch))
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-spectre-mitigation.patch")))
               (modules '((srfi srfi-1)
                          (guix build utils)))
               (snippet
diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
new file mode 100644
index 000000000..a44a3bce4
--- /dev/null
+++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
@@ -0,0 +1,13 @@
+diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
+index 43feb76..33a49b8 100644
+--- a/content/public/common/content_features.cc
++++ b/content/public/common/content_features.cc
+@@ -308,7 +308,7 @@
+ 
+ // http://tc39.github.io/ecmascript_sharedmem/shmem.html
+ const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
+-                                       base::FEATURE_ENABLED_BY_DEFAULT};
++                                       base::FEATURE_DISABLED_BY_DEFAULT};
+ 
+ // An experiment to require process isolation for the sign-in origin,
+ // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
-- 
2.15.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-12  0:03                 ` Marius Bakke
@ 2018-01-12  9:38                   ` ng0
  0 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2018-01-12  9:38 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2238 bytes --]

Marius Bakke transcribed 2.3K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 39K bytes:
> >
> >> Testing and feedback welcome!
> >> 
> >> Currently there are two "important" (blocking?) TODOs left:
> >> 
> >> * Move the 'delete-bundled-software' phase to a source snippet.
> >>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
> >>   should also aid the licensing situation.
> >> * Delete the two default entries from the "most used" list on the New
> >>   Tab page.  The first run will download thumbnails for these sites,
> >>   leaking data.  One of them also leads to the disabled-by-default
> >>   store, promoting non-free software.
> >> 
> >> I'm optimistic that fixing the second item will make the browser not
> >> leak *any* data at launch with the default configuration.  Which leads
> >> to a third item: writing a system test that verifies that launching
> >> Chromium does indeed not initiate any network traffic.
> >> 
> >> Anyway, here is the latest patch:
> >> 
> >
> >> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> >> From: Marius Bakke <mbakke@fastmail.com>
> >> Date: Wed, 12 Oct 2016 17:25:05 +0100
> >> Subject: [PATCH] gnu: Add chromium.
> >> 
> >> * gnu/packages/chromium.scm: New file.
> >> * gnu/local.mk: Record it.
> >
> > I think you forgot a package:
> >
> > gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable
> 
> Indeed.  This can now be changed to use the regular "icu4c" package.

Okay, will change. Thanks!

> Tangentially, these kinds of problems are typical with new Chromium
> releases.  In 63 or later, system harfbuzz had to be disabled.  If we
> are going to carry this package, changes like these *will* be normal.
>
> Upstream only tests their releases with Clang, and with the bundled
> versions of packages, regardless of the unbundling script.  Not great.

Yeah. I've been there, and read the frustration of other packagers
when I worked on getting a basic skeleton of chromium + dependencies
ready one(?) year ago.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/  ::  https://ea.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-12  0:09                 ` Marius Bakke
@ 2018-01-13 19:02                   ` ng0
  2018-01-13 19:13                     ` ng0
  2018-01-16 14:18                   ` Ludovic Courtès
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-01-13 19:02 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 4713 bytes --]

I just got a bug report for the build via:

guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
guix package --install chromium

Failing with the attached build log excerpt. We are not FreeBSD, but I found
this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
Maybe it helps to debug this, or maybe you've encountered this before.

I myself have been able to build this without issues on two systems.

All mentioned systems are GuixSD.


This should be a blocker, but maybe a head-up in potential build issues.
Marius Bakke transcribed 4.5K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Many thanks for your ongoing work with this (and the patience :))
> > As this is 63, you you are keeping track of Debian, right? I tried
> > to package 64 a couple of days ago because I wanted the workaround
> > for some of the recent security clusterfucks, but Debian is still
> > on 63 :/
> > I hope they'll update their patchset soon.
> 
> Indeed Google did not add the Spectre mitigation to Chromium 63, even
> though the latest version was released after the fact.
> 
> https://xlab.tencent.com/special/spectre/spectre_check.html
> 
> For reasons that beat me, they only added it to the proprietary Chrome
> browser, which follows the same version number as Chromium.
> 
> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
> 

> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> 
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.
> ---
>  gnu/local.mk                                           |  1 +
>  gnu/packages/chromium.scm                              |  3 ++-
>  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
>  3 files changed, 16 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 513f64043..89dab227c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -575,6 +575,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
>    %D%/packages/patches/clang-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clementine-use-openssl.patch		\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index dd040527b..1e9dba42e 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -240,7 +240,8 @@
>                               %chromium-system-icu.patch
>                               %chromium-system-nspr.patch
>                               %chromium-system-libevent.patch
> -                             %chromium-disable-api-keys-warning.patch))
> +                             %chromium-disable-api-keys-warning.patch
> +                             (search-patch "chromium-spectre-mitigation.patch")))
>                (modules '((srfi srfi-1)
>                           (guix build utils)))
>                (snippet
> diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> new file mode 100644
> index 000000000..a44a3bce4
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> @@ -0,0 +1,13 @@
> +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> +index 43feb76..33a49b8 100644
> +--- a/content/public/common/content_features.cc
> ++++ b/content/public/common/content_features.cc
> +@@ -308,7 +308,7 @@
> + 
> + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> + 
> + // An experiment to require process isolation for the sign-in origin,
> + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> -- 
> 2.15.1
> 




-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-13 19:02                   ` ng0
@ 2018-01-13 19:13                     ` ng0
  2018-01-14 12:10                       ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-01-13 19:13 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 5091 bytes --]

ng0 transcribed 5.6K bytes:
> I just got a bug report for the build via:
> 
> guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
> guix package --install chromium
> 
> Failing with the attached build log excerpt. We are not FreeBSD, but I found
> this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> Maybe it helps to debug this, or maybe you've encountered this before.
> 
> I myself have been able to build this without issues on two systems.
> 
> All mentioned systems are GuixSD.
> 

this time with attached file.

> This should be a blocker, but maybe a head-up in potential build issues.
> Marius Bakke transcribed 4.5K bytes:
> > ng0 <ng0@n0.is> writes:
> > 
> > > Many thanks for your ongoing work with this (and the patience :))
> > > As this is 63, you you are keeping track of Debian, right? I tried
> > > to package 64 a couple of days ago because I wanted the workaround
> > > for some of the recent security clusterfucks, but Debian is still
> > > on 63 :/
> > > I hope they'll update their patchset soon.
> > 
> > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > though the latest version was released after the fact.
> > 
> > https://xlab.tencent.com/special/spectre/spectre_check.html
> > 
> > For reasons that beat me, they only added it to the proprietary Chrome
> > browser, which follows the same version number as Chromium.
> > 
> > The attached patch adds Spectre mitigation to the current Chromium
> > release.  The patch was pulled from the Chrome 64 branch:
> > 
> 
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> > 
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > ---
> >  gnu/local.mk                                           |  1 +
> >  gnu/packages/chromium.scm                              |  3 ++-
> >  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> >  3 files changed, 16 insertions(+), 1 deletion(-)
> >  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> > 
> > diff --git a/gnu/local.mk b/gnu/local.mk
> > index 513f64043..89dab227c 100644
> > --- a/gnu/local.mk
> > +++ b/gnu/local.mk
> > @@ -575,6 +575,7 @@ dist_patch_DATA =						\
> >    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
> >    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
> >    %D%/packages/patches/chmlib-inttypes.patch			\
> > +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
> >    %D%/packages/patches/clang-libc-search-path.patch		\
> >    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
> >    %D%/packages/patches/clementine-use-openssl.patch		\
> > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > index dd040527b..1e9dba42e 100644
> > --- a/gnu/packages/chromium.scm
> > +++ b/gnu/packages/chromium.scm
> > @@ -240,7 +240,8 @@
> >                               %chromium-system-icu.patch
> >                               %chromium-system-nspr.patch
> >                               %chromium-system-libevent.patch
> > -                             %chromium-disable-api-keys-warning.patch))
> > +                             %chromium-disable-api-keys-warning.patch
> > +                             (search-patch "chromium-spectre-mitigation.patch")))
> >                (modules '((srfi srfi-1)
> >                           (guix build utils)))
> >                (snippet
> > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > new file mode 100644
> > index 000000000..a44a3bce4
> > --- /dev/null
> > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > @@ -0,0 +1,13 @@
> > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> > +index 43feb76..33a49b8 100644
> > +--- a/content/public/common/content_features.cc
> > ++++ b/content/public/common/content_features.cc
> > +@@ -308,7 +308,7 @@
> > + 
> > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> > ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> > + 
> > + // An experiment to require process isolation for the sign-in origin,
> > + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> > -- 
> > 2.15.1
> > 
> 
> 
> 
> 
> -- 
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/



-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[-- Attachment #1.2: chromium.fail --]
[-- Type: text/plain, Size: 7784 bytes --]

[19248/23429] CXX obj/content/browser/browser/web_bluetooth_service_impl.o
FAILED: obj/content/browser/browser/web_bluetooth_service_impl.o 
g++ -MMD -MF obj/content/browser/browser/web_bluetooth_service_impl.o.d -DENABLE_SCREEN_CAPTURE=1 -DV8_DEPRECATION_WARNINGS 
-DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD 
-DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE 
-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 
-DCONTENT_IMPLEMENTATION -DV8_USE_EXTERNAL_STARTUP_DATA 
-DATK_LIB_DIR=\"/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/lib\" -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 
-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DGL_GLEXT_PROTOTYPES -DUSE_GLX -DUSE_EGL -DGOOGLE_PROTOBUF_NO_RTTI 
-DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC 
-DUCHAR_TYPE=uint16_t -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_HAS_JPEG_LIBRARY 
-DSK_SUPPORT_GPU=1 -DLEVELDB_PLATFORM_CHROMIUM=1 -DWEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS=0 -DFEATURE_ENABLE_VOICEMAIL 
-DGTEST_RELATIVE_PATH -DWEBRTC_CHROMIUM_BUILD -DWEBRTC_POSIX -DWEBRTC_LINUX -DWTF_USE_WEBAUDIO_FFMPEG=1 
-DWTF_USE_DEFAULT_RENDER_THEME=1 -DUSE_SYSTEM_ZLIB=1 -DNO_MAIN_THREAD_WRAPPING -I../.. -Igen 
-I/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/include/atk-1.0 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
-I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
-I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
-I/gnu/store/3k1y78v6nxjvmivnri5j46wai6ppvyz0-harfbuzz-1.5.1/include/harfbuzz 
-I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16 
-I/gnu/store/4b9y9f5fvghk2vmwpbgzncal7z3r4n5y-pango-1.40.12/include/pango-1.0 
-I/gnu/store/c4vl4hw5jccg0b23sfvs0kdnfdbxdlgm-cairo-1.14.10/include/cairo 
-I/gnu/store/w8kii3hjvmh50yxs52gkdywkq9jc7s19-pixman-0.34.0/include/pixman-1 -Igen/shim_headers/libevent_shim 
-Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/re2_shim -Igen/shim_headers/libpng_shim 
-Igen/shim_headers/zlib_shim -Igen/shim_headers/libdrm_shim -I../../third_party/khronos -I../../gpu 
-Igen/shim_headers/ffmpeg_shim -Igen/shim_headers/libvpx_shim -Igen/shim_headers/opus_shim -Igen/shim_headers/snappy_shim 
-Igen/shim_headers/openh264_shim -Igen/shim_headers/minizip_shim -Igen/shim_headers/flac_shim -I../../third_party/protobuf/src 
-I../../third_party/ced/src -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c 
-I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects 
-I../../third_party/skia/include/encode -I../../third_party/skia/include/gpu -I../../third_party/skia/include/images 
-I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf 
-I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils 
-I../../third_party/skia/third_party/vulkan -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl 
-I../../third_party/leveldatabase -I../../third_party/leveldatabase/src -I../../third_party/leveldatabase/src/include 
-I../../third_party/webrtc_overrides -I../../testing/gtest/include -I../../third_party/webrtc 
-I../../third_party/webrtc_overrides -I../../third_party/webrtc -I../../third_party/protobuf/src -Igen/protoc_out 
-Igen/components/metrics/proto -I../../third_party/boringssl/src/include 
-I/gnu/store/yk0bk0y3dvz2pa3f56knjhdby16fb62s-nss-3.34/include/nss 
-I/gnu/store/544jcd4141xgg72dk5xxbs4zjzvxvvxi-nspr-4.17/include/nspr -I../../third_party/libwebm/source -Igen 
-I../../third_party/WebKit -Igen/third_party/WebKit -I../../v8/include -Igen/v8/include -I../../third_party/mesa/src/include 
-I../../third_party/WebKit/Source -I../../third_party/WebKit -Igen/blink -Igen/third_party/WebKit 
-I../../third_party/angle/src/common/third_party/base -Igen/angle -I../../third_party/brotli/include 
-I../../third_party/libyuv/include -I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/include/dbus-1.0 
-I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/lib/dbus-1.0/include -fno-strict-aliasing --param=ssp-buffer-size=4 
-fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread 
-m64 -march=x86-64 -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-missing-field-initializers 
-Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -fomit-frame-pointer -g0 -fvisibility=hidden 
-Wno-unused-local-typedef -Wno-unused-function -std=gnu++14 -Wno-narrowing -fno-rtti -fno-exceptions -fvisibility-inlines-hidden 
-c ../../content/browser/bluetooth/web_bluetooth_service_impl.cc -o obj/content/browser/browser/web_bluetooth_service_impl.o
g++: internal compiler error: Killed (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
[19249/23429] CXX obj/content/browser/browser/render_frame_host_factory.o
In file included from ../../content/browser/frame_host/frame_tree_node.h:18:0,
                 from ../../content/browser/frame_host/render_frame_host_factory.cc:9:
../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
   //                 /  |   \
   ^
../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
   //               /   /  \   \
   ^
cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
[19250/23429] CXX obj/content/browser/browser/render_frame_host_manager.o
In file included from ../../content/browser/frame_host/render_frame_host_manager.h:19:0,
                 from ../../content/browser/frame_host/render_frame_host_manager.cc:5:
../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
   //                 /  |   \
   ^
../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
   //               /   /  \   \
   ^
cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
[19251/23429] CXX obj/content/browser/browser/render_frame_host_impl.o
In file included from ../../content/browser/frame_host/render_frame_host_impl.cc:5:0:
../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
   //                 /  |   \
   ^
../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
   //               /   /  \   \
   ^
cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
ninja: build stopped: subcommand failed.
phase `build' failed after 16570.6 seconds
builder for `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed with exit code 1
guix package: error: build failed: build of `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-13 19:13                     ` ng0
@ 2018-01-14 12:10                       ` ng0
  0 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2018-01-14 12:10 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 13535 bytes --]

ng0 transcribed 14K bytes:
> ng0 transcribed 5.6K bytes:
> > I just got a bug report for the build via:
> > 
> > guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
> > guix package --install chromium
> > 
> > Failing with the attached build log excerpt. We are not FreeBSD, but I found
> > this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> > Maybe it helps to debug this, or maybe you've encountered this before.
> > 
> > I myself have been able to build this without issues on two systems.
> > 
> > All mentioned systems are GuixSD.
> > 
> 
> this time with attached file.

My guess was "low on RAM or swap", as it turns out this was right. With more
RAM and/or swap space it builds.

> > This should be a blocker, but maybe a head-up in potential build issues.
> > Marius Bakke transcribed 4.5K bytes:
> > > ng0 <ng0@n0.is> writes:
> > > 
> > > > Many thanks for your ongoing work with this (and the patience :))
> > > > As this is 63, you you are keeping track of Debian, right? I tried
> > > > to package 64 a couple of days ago because I wanted the workaround
> > > > for some of the recent security clusterfucks, but Debian is still
> > > > on 63 :/
> > > > I hope they'll update their patchset soon.
> > > 
> > > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > > though the latest version was released after the fact.
> > > 
> > > https://xlab.tencent.com/special/spectre/spectre_check.html
> > > 
> > > For reasons that beat me, they only added it to the proprietary Chrome
> > > browser, which follows the same version number as Chromium.
> > > 
> > > The attached patch adds Spectre mitigation to the current Chromium
> > > release.  The patch was pulled from the Chrome 64 branch:
> > > 
> > 
> > > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > > From: Marius Bakke <mbakke@fastmail.com>
> > > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> > > 
> > > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > > * gnu/local.mk (dist_patch_DATA): Register it.
> > > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > > ---
> > >  gnu/local.mk                                           |  1 +
> > >  gnu/packages/chromium.scm                              |  3 ++-
> > >  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> > >  3 files changed, 16 insertions(+), 1 deletion(-)
> > >  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> > > 
> > > diff --git a/gnu/local.mk b/gnu/local.mk
> > > index 513f64043..89dab227c 100644
> > > --- a/gnu/local.mk
> > > +++ b/gnu/local.mk
> > > @@ -575,6 +575,7 @@ dist_patch_DATA =						\
> > >    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
> > >    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
> > >    %D%/packages/patches/chmlib-inttypes.patch			\
> > > +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
> > >    %D%/packages/patches/clang-libc-search-path.patch		\
> > >    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
> > >    %D%/packages/patches/clementine-use-openssl.patch		\
> > > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > > index dd040527b..1e9dba42e 100644
> > > --- a/gnu/packages/chromium.scm
> > > +++ b/gnu/packages/chromium.scm
> > > @@ -240,7 +240,8 @@
> > >                               %chromium-system-icu.patch
> > >                               %chromium-system-nspr.patch
> > >                               %chromium-system-libevent.patch
> > > -                             %chromium-disable-api-keys-warning.patch))
> > > +                             %chromium-disable-api-keys-warning.patch
> > > +                             (search-patch "chromium-spectre-mitigation.patch")))
> > >                (modules '((srfi srfi-1)
> > >                           (guix build utils)))
> > >                (snippet
> > > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > > new file mode 100644
> > > index 000000000..a44a3bce4
> > > --- /dev/null
> > > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > > @@ -0,0 +1,13 @@
> > > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> > > +index 43feb76..33a49b8 100644
> > > +--- a/content/public/common/content_features.cc
> > > ++++ b/content/public/common/content_features.cc
> > > +@@ -308,7 +308,7 @@
> > > + 
> > > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > > +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> > > ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> > > + 
> > > + // An experiment to require process isolation for the sign-in origin,
> > > + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> > > -- 
> > > 2.15.1
> > > 
> > 
> > 
> > 
> > 
> > -- 
> > ng0 :: https://ea.n0.is
> > A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
> 
> 
> 
> -- 
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

> [19248/23429] CXX obj/content/browser/browser/web_bluetooth_service_impl.o
> FAILED: obj/content/browser/browser/web_bluetooth_service_impl.o 
> g++ -MMD -MF obj/content/browser/browser/web_bluetooth_service_impl.o.d -DENABLE_SCREEN_CAPTURE=1 -DV8_DEPRECATION_WARNINGS 
> -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD 
> -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE 
> -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 
> -DCONTENT_IMPLEMENTATION -DV8_USE_EXTERNAL_STARTUP_DATA 
> -DATK_LIB_DIR=\"/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/lib\" -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 
> -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DGL_GLEXT_PROTOTYPES -DUSE_GLX -DUSE_EGL -DGOOGLE_PROTOBUF_NO_RTTI 
> -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC 
> -DUCHAR_TYPE=uint16_t -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_HAS_JPEG_LIBRARY 
> -DSK_SUPPORT_GPU=1 -DLEVELDB_PLATFORM_CHROMIUM=1 -DWEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS=0 -DFEATURE_ENABLE_VOICEMAIL 
> -DGTEST_RELATIVE_PATH -DWEBRTC_CHROMIUM_BUILD -DWEBRTC_POSIX -DWEBRTC_LINUX -DWTF_USE_WEBAUDIO_FFMPEG=1 
> -DWTF_USE_DEFAULT_RENDER_THEME=1 -DUSE_SYSTEM_ZLIB=1 -DNO_MAIN_THREAD_WRAPPING -I../.. -Igen 
> -I/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/include/atk-1.0 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
> -I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0 
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include 
> -I/gnu/store/3k1y78v6nxjvmivnri5j46wai6ppvyz0-harfbuzz-1.5.1/include/harfbuzz 
> -I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16 
> -I/gnu/store/4b9y9f5fvghk2vmwpbgzncal7z3r4n5y-pango-1.40.12/include/pango-1.0 
> -I/gnu/store/c4vl4hw5jccg0b23sfvs0kdnfdbxdlgm-cairo-1.14.10/include/cairo 
> -I/gnu/store/w8kii3hjvmh50yxs52gkdywkq9jc7s19-pixman-0.34.0/include/pixman-1 -Igen/shim_headers/libevent_shim 
> -Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/re2_shim -Igen/shim_headers/libpng_shim 
> -Igen/shim_headers/zlib_shim -Igen/shim_headers/libdrm_shim -I../../third_party/khronos -I../../gpu 
> -Igen/shim_headers/ffmpeg_shim -Igen/shim_headers/libvpx_shim -Igen/shim_headers/opus_shim -Igen/shim_headers/snappy_shim 
> -Igen/shim_headers/openh264_shim -Igen/shim_headers/minizip_shim -Igen/shim_headers/flac_shim -I../../third_party/protobuf/src 
> -I../../third_party/ced/src -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c 
> -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects 
> -I../../third_party/skia/include/encode -I../../third_party/skia/include/gpu -I../../third_party/skia/include/images 
> -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf 
> -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils 
> -I../../third_party/skia/third_party/vulkan -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl 
> -I../../third_party/leveldatabase -I../../third_party/leveldatabase/src -I../../third_party/leveldatabase/src/include 
> -I../../third_party/webrtc_overrides -I../../testing/gtest/include -I../../third_party/webrtc 
> -I../../third_party/webrtc_overrides -I../../third_party/webrtc -I../../third_party/protobuf/src -Igen/protoc_out 
> -Igen/components/metrics/proto -I../../third_party/boringssl/src/include 
> -I/gnu/store/yk0bk0y3dvz2pa3f56knjhdby16fb62s-nss-3.34/include/nss 
> -I/gnu/store/544jcd4141xgg72dk5xxbs4zjzvxvvxi-nspr-4.17/include/nspr -I../../third_party/libwebm/source -Igen 
> -I../../third_party/WebKit -Igen/third_party/WebKit -I../../v8/include -Igen/v8/include -I../../third_party/mesa/src/include 
> -I../../third_party/WebKit/Source -I../../third_party/WebKit -Igen/blink -Igen/third_party/WebKit 
> -I../../third_party/angle/src/common/third_party/base -Igen/angle -I../../third_party/brotli/include 
> -I../../third_party/libyuv/include -I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/include/dbus-1.0 
> -I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/lib/dbus-1.0/include -fno-strict-aliasing --param=ssp-buffer-size=4 
> -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread 
> -m64 -march=x86-64 -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-missing-field-initializers 
> -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -fomit-frame-pointer -g0 -fvisibility=hidden 
> -Wno-unused-local-typedef -Wno-unused-function -std=gnu++14 -Wno-narrowing -fno-rtti -fno-exceptions -fvisibility-inlines-hidden 
> -c ../../content/browser/bluetooth/web_bluetooth_service_impl.cc -o obj/content/browser/browser/web_bluetooth_service_impl.o
> g++: internal compiler error: Killed (program cc1plus)
> Please submit a full bug report,
> with preprocessed source if appropriate.
> See <http://gcc.gnu.org/bugs.html> for instructions.
> [19249/23429] CXX obj/content/browser/browser/render_frame_host_factory.o
> In file included from ../../content/browser/frame_host/frame_tree_node.h:18:0,
>                  from ../../content/browser/frame_host/render_frame_host_factory.cc:9:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
>    //                 /  |   \
>    ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
>    //               /   /  \   \
>    ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> [19250/23429] CXX obj/content/browser/browser/render_frame_host_manager.o
> In file included from ../../content/browser/frame_host/render_frame_host_manager.h:19:0,
>                  from ../../content/browser/frame_host/render_frame_host_manager.cc:5:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
>    //                 /  |   \
>    ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
>    //               /   /  \   \
>    ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> [19251/23429] CXX obj/content/browser/browser/render_frame_host_impl.o
> In file included from ../../content/browser/frame_host/render_frame_host_impl.cc:5:0:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
>    //                 /  |   \
>    ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
>    //               /   /  \   \
>    ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> ninja: build stopped: subcommand failed.
> phase `build' failed after 16570.6 seconds
> builder for `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed with exit code 1
> guix package: error: build failed: build of `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed




-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-12  0:09                 ` Marius Bakke
  2018-01-13 19:02                   ` ng0
@ 2018-01-16 14:18                   ` Ludovic Courtès
  2018-01-16 19:01                     ` Marius Bakke
  2018-01-16 20:04                     ` ng0
  1 sibling, 2 replies; 152+ messages in thread
From: Ludovic Courtès @ 2018-01-16 14:18 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Hi Marius,

Marius Bakke <mbakke@fastmail.com> skribis:

> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
>
> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.

I didn’t really follow the whole discussion :-), but if what you have is
now OK from the freedom and security viewpoints (including bundling),
perhaps you can go ahead?

Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 14:18                   ` Ludovic Courtès
@ 2018-01-16 19:01                     ` Marius Bakke
  2018-01-16 19:09                       ` Tobias Geerinckx-Rice
                                         ` (2 more replies)
  2018-01-16 20:04                     ` ng0
  1 sibling, 3 replies; 152+ messages in thread
From: Marius Bakke @ 2018-01-16 19:01 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1199 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Marius,
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> The attached patch adds Spectre mitigation to the current Chromium
>> release.  The patch was pulled from the Chrome 64 branch:
>>
>> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Thu, 11 Jan 2018 14:36:47 +0100
>> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>>
>> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/chromium.scm (chromium)[source]: Use it.
>
> I didn’t really follow the whole discussion :-), but if what you have is
> now OK from the freedom and security viewpoints (including bundling),
> perhaps you can go ahead?

I believe this is pretty much ready.  However Chromium 64 is due in one
week, so I'll wait for that.  Meanwhile I'll try to get rid of the
default "most used" sites which links to the nonfree Web Store.

Not sure what to put in the description.  Can I hire Tobias for this? :P

If there are no objections, expect to see this in 'master' in 1-2 weeks.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 19:01                     ` Marius Bakke
@ 2018-01-16 19:09                       ` Tobias Geerinckx-Rice
  2018-01-16 19:22                         ` Marius Bakke
  2018-01-17  8:53                       ` Ludovic Courtès
  2018-01-17 14:55                       ` Mike Gerwitz
  2 siblings, 1 reply; 152+ messages in thread
From: Tobias Geerinckx-Rice @ 2018-01-16 19:09 UTC (permalink / raw)
  To: mbakke, ludo; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 221 bytes --]

Marius!

Marius Bakke wrote on 16/01/18 at 20:01:
> Not sure what to put in the description.  Can I hire Tobias for this? :P

You probably don't want me writing what I think of Chromium.

Kind regards,

T G-R


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 248 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 19:09                       ` Tobias Geerinckx-Rice
@ 2018-01-16 19:22                         ` Marius Bakke
  2018-01-16 20:41                           ` Leo Famulari
  0 siblings, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2018-01-16 19:22 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice, ludo; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 677 bytes --]

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> Marius!
>
> Marius Bakke wrote on 16/01/18 at 20:01:
>> Not sure what to put in the description.  Can I hire Tobias for this? :P
>
> You probably don't want me writing what I think of Chromium.

LOL, fair enough.

I tend to assume zero-knowledge when writing descriptions and have been
playing on spins of "Chromium is a browser designed to spy on the user",
but carrying software with that description does not reflect very well
on us...besides, I've gone great lengths to remove those antifeatures.

I'd like to make it very clear that users concerned about privacy should
prefer GNU IceCat though...  Suggestions welcome. :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 14:18                   ` Ludovic Courtès
  2018-01-16 19:01                     ` Marius Bakke
@ 2018-01-16 20:04                     ` ng0
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2018-01-16 20:04 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1414 bytes --]

Ludovic Courtès transcribed 0.8K bytes:
> Hi Marius,
> 
> Marius Bakke <mbakke@fastmail.com> skribis:
> 
> > The attached patch adds Spectre mitigation to the current Chromium
> > release.  The patch was pulled from the Chrome 64 branch:
> >
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> >
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> 
> I didn’t really follow the whole discussion :-), but if what you have is
> now OK from the freedom and security viewpoints (including bundling),
> perhaps you can go ahead?
> 
> Ludo’.
> 

From a usability point of view it's definitely okay, I've been using this
for a while now, no crashes so far.
Coming up with a way to define extensions is just a matter of placing the
Lego blocks in the right position. Gentoo and other systems (maybe Nix) offer
insights.
I'd say to get to a PoC package for an easy extension, under the assumption
that the general integration works, it could be done in a couple of working
weekends.
-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 19:22                         ` Marius Bakke
@ 2018-01-16 20:41                           ` Leo Famulari
  0 siblings, 0 replies; 152+ messages in thread
From: Leo Famulari @ 2018-01-16 20:41 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1223 bytes --]

On Tue, Jan 16, 2018 at 08:22:32PM +0100, Marius Bakke wrote:
> Tobias Geerinckx-Rice <me@tobias.gr> writes:
> > Marius Bakke wrote on 16/01/18 at 20:01:
> >> Not sure what to put in the description.  Can I hire Tobias for this? :P
> >
> > You probably don't want me writing what I think of Chromium.
> 
> LOL, fair enough.
> 
> I tend to assume zero-knowledge when writing descriptions and have been
> playing on spins of "Chromium is a browser designed to spy on the user",
> but carrying software with that description does not reflect very well
> on us...besides, I've gone great lengths to remove those antifeatures.
> 
> I'd like to make it very clear that users concerned about privacy should
> prefer GNU IceCat though...  Suggestions welcome. :-)

The Synopses and Descriptions section of the manual says "Please avoid
marketing phrases" and "try to be factual, mentioning use cases and
features". I think we should also avoid "anti-marketing" language.

Why not keep it simple and say something like this:

"Chromium is a graphical web browser.  This package omits the FOO, BAR,
and BAZ features in order to help protect the user's privacy."

The IceCat description is similarly terse.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 19:01                     ` Marius Bakke
  2018-01-16 19:09                       ` Tobias Geerinckx-Rice
@ 2018-01-17  8:53                       ` Ludovic Courtès
  2018-01-17 14:55                       ` Mike Gerwitz
  2 siblings, 0 replies; 152+ messages in thread
From: Ludovic Courtès @ 2018-01-17  8:53 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Hello,

Marius Bakke <mbakke@fastmail.com> skribis:

> I believe this is pretty much ready.  However Chromium 64 is due in one
> week, so I'll wait for that.  Meanwhile I'll try to get rid of the
> default "most used" sites which links to the nonfree Web Store.

Oh yes, we should definitely do that.

> Not sure what to put in the description.  Can I hire Tobias for this? :P
>
> If there are no objections, expect to see this in 'master' in 1-2 weeks.

Sounds good.  Quite an achievement!

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-16 19:01                     ` Marius Bakke
  2018-01-16 19:09                       ` Tobias Geerinckx-Rice
  2018-01-17  8:53                       ` Ludovic Courtès
@ 2018-01-17 14:55                       ` Mike Gerwitz
  2018-02-26 18:18                         ` Marius Bakke
  2 siblings, 1 reply; 152+ messages in thread
From: Mike Gerwitz @ 2018-01-17 14:55 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 562 bytes --]

On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> If there are no objections, expect to see this in 'master' in 1-2 weeks.

I want to express gratitude for your hard work on this---given that
IceCat does not contain many of the FF devtool updates, Chromium is very
desirable for web development.  It's also needed for certain Node.js
tools, like node-inspector.

So, thank you!

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-01-17 14:55                       ` Mike Gerwitz
@ 2018-02-26 18:18                         ` Marius Bakke
  2018-02-26 20:01                           ` ng0
  2018-02-27  2:00                           ` Mike Gerwitz
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-26 18:18 UTC (permalink / raw)
  To: Mike Gerwitz; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1549 bytes --]

Mike Gerwitz <mtg@gnu.org> writes:

> On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>
> I want to express gratitude for your hard work on this---given that
> IceCat does not contain many of the FF devtool updates, Chromium is very
> desirable for web development.  It's also needed for certain Node.js
> tools, like node-inspector.
>
> So, thank you!

Thank *you* for the kind words! :-)

Here is the latest iteration of this patch.  New in this version:

* Chromium 64 (duh).
* The 'delete-bundled-software' phase has been moved to a snippet,
  shaving ~100MiB (~22%) off the compressed tarball size (and
  drastically reduces (de)compression time).
* The New Tab page does not show any thumbnails for new profiles.

I've also added more comments about the patches and other flags.

Now, when launching the browser for the first time, it *still* connects
to Google services.  After a while it also does a lookup for AdWords...
However subsequent launches are "silent" as long as the Web Store is
disabled and "--disable-background-networking" is passed, like the
wrapper script does.

Incidentally, now that IceCat supports WebRTC (and somehow plugged the
IP address leak[0]!), I no longer *need* this package.  However, having
multiple high quality browsers at hand is a huge advantage IMO, so I'd
still like to have it in Guix.

What do y'all think?  Feedback on the snippet and description very
welcome.

[0] https://en.wikipedia.org/wiki/WebRTC#Concerns

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] [PATCH] gnu: Add chromium.
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
                   ` (2 preceding siblings ...)
  2017-10-10 13:19 ` ng0
@ 2018-02-26 18:19 ` Marius Bakke
  2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-26 18:19 UTC (permalink / raw)
  To: 28004

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-gcc.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                       |   3 +
 gnu/packages/chromium.scm                          | 756 +++++++++++++++++++++
 gnu/packages/patches/chromium-gcc5.patch           |  39 ++
 .../patches/chromium-remove-default-history.patch  |  13 +
 4 files changed, 811 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-gcc5.patch
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index fa98810d6..fb1320f7b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -581,6 +582,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-gcc5.patch			\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-runtime-asan-build-fixes.patch	\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..1dd77b089
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,756 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index
+        (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+                        revision "/pkgs/applications/networking/browsers"
+                        "/chromium/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; Fix build for older versions of GCC.
+(define %chromium-angle-gcc-compat.patch
+  (gentoo-patch "chromium-angle-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
+
+;; https://webrtc-review.googlesource.com/9384
+(define %chromium-webrtc-gcc-compat.patch
+  (gentoo-patch "chromium-webrtc-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
+
+;; https://chromium-review.googlesource.com/813737
+(define %chromium-memcpy.patch
+  (gentoo-patch "chromium-memcpy-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
+
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                "debian/64.0.3282.119-2"
+                "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
+
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                "debian/64.0.3282.119-2"
+                "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
+
+(define %chromium-system-icu.patch
+  (debian-patch "system/icu.patch"
+                "debian/64.0.3282.119-2"
+                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                "debian/64.0.3282.119-2"
+                "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes.  Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (name "libvpx+experimental")
+    (arguments
+     `(,@(substitute-keyword-arguments (package-arguments libvpx)
+           ((#:configure-flags flags ''())
+            ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
+            `(cons* "--enable-experimental" "--enable-spatial-svc"
+                    ,flags)))))))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "64.0.3282.186")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
+              (patches (list %chromium-duckduckgo.patch
+                             %chromium-default-preferences.patch
+                             %chromium-first-run.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-angle-gcc-compat.patch
+                             %chromium-webrtc-gcc-compat.patch
+                             %chromium-memcpy.patch
+                             %chromium-system-icu.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-gcc5.patch")
+                             (search-patch "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (ice-9 ftw)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-files
+                         (map
+                          (lambda (path) (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/libevent"
+                           "base/third_party/nspr"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize" ;glog
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "buildtools/third_party/libc++"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           ;; PDFium requires a private freetype API.
+                           ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
+                           "third_party/freetype/src/src/psnames/pstables.h"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/harfbuzz-ng"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/lzma_sdk"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/mt19937ar"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/openmax_dl"
+                           "third_party/ots"
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party"
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/qcms"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/spirv-headers"
+                           "third_party/spirv-tools-angle"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/vulkan"
+                           "third_party/vulkan-validation-layers"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/inspector_protocol"))))
+
+                    ;; This is an implementation of
+                    ;; "build/linux/unbundle/remove_bundled_libraries.py".
+                    ;; It traverses any "third_party" directory and deletes
+                    ;; files that are:
+                    ;; * not ending with ".gn" or ".gni"; or
+                    ;; * not explicitly named as argument (folder or file).
+                    ;; TODO: Remove empty directories.
+                    (define (delete-files-except exceptions dir)
+
+                      (define (enter? name stat result)
+                        (not (member name exceptions)))
+
+                      (define (leaf name stat result)
+                        (let ((protected-files (make-regexp "\\.(gn|gyp)i?$"
+                                                            regexp/icase)))
+                          (unless (or (member name exceptions)
+                                      (regexp-exec protected-files name))
+                            (delete-file name))))
+
+                      (file-system-fold enter?
+                                        leaf
+                                        (lambda (dir stat result) result) ;down
+                                        (lambda (dir stat result) result) ;up
+                                        (lambda (dir stat result) result) ;skip
+                                        (lambda (dir stat result) result) ;error
+                                        #t
+                                        dir))
+
+                    (for-each (lambda (third-party)
+                                (delete-files-except preserved-files
+                                                     third-party))
+                              (find-files "." "^third_party$" #:directories? #t))
+
+                    ;; Replace GN files from third_party with shims for building
+                    ;; against system libraries.  Keep this list in sync with
+                    ;; "build/linux/unbundle/replace_gn_files.py".
+                    (for-each (lambda (pair)
+                                (let ((source (string-append
+                                               "build/linux/unbundle/" (car pair)))
+                                      (dest (cdr pair)))
+                                  (copy-file source dest)))
+                              (list
+                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                               '("flac.gn" . "third_party/flac/BUILD.gn")
+                               '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                               ;; FIXME: This is no longer supported since 63.
+                               ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                               '("icu.gn" . "third_party/icu/BUILD.gn")
+                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                               '("libjpeg.gn" .
+                                 "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                               '("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                               '("opus.gn" . "third_party/opus/BUILD.gn")
+                               '("re2.gn" . "third_party/re2/BUILD.gn")
+                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                    #t)))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage.  Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "use_lld=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_custom_libcxx=false"
+                     "use_sysroot=false"
+                     "goma_dir=\"\""
+                     "enable_precompiled_headers=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\"" ;don't use tcmalloc
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     "use_unofficial_version_number=false"
+                     ;; Optimize for building everything at once, as opposed
+                     ;; to incrementally for development.  See "docs/jumbo.md".
+                     ;; XXX: On some systems this may trigger a compiler error.
+                     ;;"use_jumbo_build=true"
+                     ;; Disable debugging features to save space.
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     ;; Some of the unbundled libraries throws deprecation
+                     ;; warnings, etc.  Ignore it.
+                     "treat_warnings_as_errors=false"
+                     ;; Don't add any API keys.  End users can set them in the
+                     ;; environment if desired.  See
+                     ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+
+                     "use_system_freetype=true"
+                     "use_system_harfbuzz=true"
+                     "use_system_libjpeg=true"
+                     "use_system_lcms2=true"
+                     "use_system_zlib=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;;"use_system_sqlite=true"
+
+                     "use_gconf=false"         ;deprecated by gsettings
+                     "use_gnome_keyring=false" ;deprecated by libsecret
+                     "use_gtk3=true"
+                     "use_openh264=true"
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+
+                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ;2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (invoke "python"
+                        "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
+                ;; Generate ninja build files.
+                (invoke "./out/Release/gn" "gen" "out/Release"
+                        (string-append "--args="
+                                       (string-join gn-flags " ")))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser designed for speed and security.  This
+version incorporates patches from
+@url{https://github.com/gcarq/inox-patchset,Inox} and
+@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-gcc5.patch b/gnu/packages/patches/chromium-gcc5.patch
new file mode 100644
index 000000000..56b2cd6ef
--- /dev/null
+++ b/gnu/packages/patches/chromium-gcc5.patch
@@ -0,0 +1,39 @@
+Work around a GCC5 bug where it fails to choose the correct base::span
+constructor.
+
+Adapted from this commit:
+https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=7843d29ab07411a9c70962fb90b4cd1546910242
+
+--- a/gpu/ipc/common/mailbox_struct_traits.h
++++ b/gpu/ipc/common/mailbox_struct_traits.h
+@@ -15,7 +15,7 @@ namespace mojo {
+ template <>
+ struct StructTraits<gpu::mojom::MailboxDataView, gpu::Mailbox> {
+   static base::span<const int8_t> name(const gpu::Mailbox& mailbox) {
+-    return mailbox.name;
++    return base::make_span(mailbox.name);
+   }
+   static bool Read(gpu::mojom::MailboxDataView data, gpu::Mailbox* out);
+ };
+--- a/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
++++ b/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
+@@ -134,7 +134,7 @@ struct StructTraits<viz::mojom::FilterOperationDataView, cc::FilterOperation> {
+   static base::span<const float> matrix(const cc::FilterOperation& operation) {
+     if (operation.type() != cc::FilterOperation::COLOR_MATRIX)
+       return base::span<const float>();
+-    return operation.matrix();
++    return base::make_span(operation.matrix());
+   }
+
+   static base::span<const gfx::Rect> shape(
+--- a/services/viz/public/cpp/compositing/quads_struct_traits.h
++++ b/services/viz/public/cpp/compositing/quads_struct_traits.h
+@@ -308,7 +308,7 @@
+   static base::span<const float> vertex_opacity(const viz::DrawQuad& input) {
+     const viz::TextureDrawQuad* quad =
+         viz::TextureDrawQuad::MaterialCast(&input);
+-    return quad->vertex_opacity;
++    return base::make_span(quad->vertex_opacity);
+   }
+ 
+   static bool y_flipped(const viz::DrawQuad& input) {
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..38be10820
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+ 
+ void InitializePrepopulatedPageList(
+     history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if false
+   DCHECK(prepopulated_pages);
+   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
-- 
2.16.2

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 18:18                         ` Marius Bakke
@ 2018-02-26 20:01                           ` ng0
  2018-02-26 20:06                             ` Marius Bakke
  2018-02-27  2:00                           ` Mike Gerwitz
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-02-26 20:01 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2056 bytes --]

Marius Bakke transcribed 2.1K bytes:
> Mike Gerwitz <mtg@gnu.org> writes:
> 
> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >
> > I want to express gratitude for your hard work on this---given that
> > IceCat does not contain many of the FF devtool updates, Chromium is very
> > desirable for web development.  It's also needed for certain Node.js
> > tools, like node-inspector.
> >
> > So, thank you!
> 
> Thank *you* for the kind words! :-)
> 
> Here is the latest iteration of this patch.  New in this version:
> 
> * Chromium 64 (duh).
> * The 'delete-bundled-software' phase has been moved to a snippet,
>   shaving ~100MiB (~22%) off the compressed tarball size (and
>   drastically reduces (de)compression time).
> * The New Tab page does not show any thumbnails for new profiles.

I think you forgot to attach the patches :)

> I've also added more comments about the patches and other flags.
> 
> Now, when launching the browser for the first time, it *still* connects
> to Google services.  After a while it also does a lookup for AdWords...
> However subsequent launches are "silent" as long as the Web Store is
> disabled and "--disable-background-networking" is passed, like the
> wrapper script does.
> 
> Incidentally, now that IceCat supports WebRTC (and somehow plugged the
> IP address leak[0]!), I no longer *need* this package.  However, having
> multiple high quality browsers at hand is a huge advantage IMO, so I'd
> still like to have it in Guix.
> 
> What do y'all think?  Feedback on the snippet and description very
> welcome.

I still would like to have Chromium in Guix too. Icecat doesn't work
for everyone's needs and requirements. I'd help volunteering time to
building and updating, when it's possible for me.

> [0] https://en.wikipedia.org/wiki/WebRTC#Concerns



-- 
ng0
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
http://krosos.org | https://n0.is/~ng0/ | https://crash.cx

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 20:01                           ` ng0
@ 2018-02-26 20:06                             ` Marius Bakke
  2018-02-26 20:34                               ` ng0
                                                 ` (2 more replies)
  0 siblings, 3 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-26 20:06 UTC (permalink / raw)
  To: ng0; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 1257 bytes --]

ng0 <ng0@n0.is> writes:

> Marius Bakke transcribed 2.1K bytes:
>> Mike Gerwitz <mtg@gnu.org> writes:
>> 
>> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>> >
>> > I want to express gratitude for your hard work on this---given that
>> > IceCat does not contain many of the FF devtool updates, Chromium is very
>> > desirable for web development.  It's also needed for certain Node.js
>> > tools, like node-inspector.
>> >
>> > So, thank you!
>> 
>> Thank *you* for the kind words! :-)
>> 
>> Here is the latest iteration of this patch.  New in this version:
>> 
>> * Chromium 64 (duh).
>> * The 'delete-bundled-software' phase has been moved to a snippet,
>>   shaving ~100MiB (~22%) off the compressed tarball size (and
>>   drastically reduces (de)compression time).
>> * The New Tab page does not show any thumbnails for new profiles.
>
> I think you forgot to attach the patches :)

Derp.  I realized that and just used `git send-email`[0], but have
attached it here for convenience since the debbugs web UI doesn't allow
easy download of a raw message.

[0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 42462 bytes --]

From f00529f4cd9e2e5efef146915d217cbb413d1f1a Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-gcc.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                       |   3 +
 gnu/packages/chromium.scm                          | 756 +++++++++++++++++++++
 gnu/packages/patches/chromium-gcc5.patch           |  39 ++
 .../patches/chromium-remove-default-history.patch  |  13 +
 4 files changed, 811 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-gcc5.patch
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index fa98810d6..fb1320f7b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -581,6 +582,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-gcc5.patch			\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-runtime-asan-build-fixes.patch	\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..1dd77b089
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,756 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index
+        (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+                        revision "/pkgs/applications/networking/browsers"
+                        "/chromium/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; Fix build for older versions of GCC.
+(define %chromium-angle-gcc-compat.patch
+  (gentoo-patch "chromium-angle-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
+
+;; https://webrtc-review.googlesource.com/9384
+(define %chromium-webrtc-gcc-compat.patch
+  (gentoo-patch "chromium-webrtc-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
+
+;; https://chromium-review.googlesource.com/813737
+(define %chromium-memcpy.patch
+  (gentoo-patch "chromium-memcpy-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
+
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                "debian/64.0.3282.119-2"
+                "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
+
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                "debian/64.0.3282.119-2"
+                "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
+
+(define %chromium-system-icu.patch
+  (debian-patch "system/icu.patch"
+                "debian/64.0.3282.119-2"
+                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                "debian/64.0.3282.119-2"
+                "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes.  Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (name "libvpx+experimental")
+    (arguments
+     `(,@(substitute-keyword-arguments (package-arguments libvpx)
+           ((#:configure-flags flags ''())
+            ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
+            `(cons* "--enable-experimental" "--enable-spatial-svc"
+                    ,flags)))))))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "64.0.3282.186")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
+              (patches (list %chromium-duckduckgo.patch
+                             %chromium-default-preferences.patch
+                             %chromium-first-run.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-angle-gcc-compat.patch
+                             %chromium-webrtc-gcc-compat.patch
+                             %chromium-memcpy.patch
+                             %chromium-system-icu.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-gcc5.patch")
+                             (search-patch "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (ice-9 ftw)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-files
+                         (map
+                          (lambda (path) (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/libevent"
+                           "base/third_party/nspr"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize" ;glog
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "buildtools/third_party/libc++"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           ;; PDFium requires a private freetype API.
+                           ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
+                           "third_party/freetype/src/src/psnames/pstables.h"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/harfbuzz-ng"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/lzma_sdk"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/mt19937ar"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/openmax_dl"
+                           "third_party/ots"
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party"
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/qcms"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/spirv-headers"
+                           "third_party/spirv-tools-angle"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/vulkan"
+                           "third_party/vulkan-validation-layers"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/inspector_protocol"))))
+
+                    ;; This is an implementation of
+                    ;; "build/linux/unbundle/remove_bundled_libraries.py".
+                    ;; It traverses any "third_party" directory and deletes
+                    ;; files that are:
+                    ;; * not ending with ".gn" or ".gni"; or
+                    ;; * not explicitly named as argument (folder or file).
+                    ;; TODO: Remove empty directories.
+                    (define (delete-files-except exceptions dir)
+
+                      (define (enter? name stat result)
+                        (not (member name exceptions)))
+
+                      (define (leaf name stat result)
+                        (let ((protected-files (make-regexp "\\.(gn|gyp)i?$"
+                                                            regexp/icase)))
+                          (unless (or (member name exceptions)
+                                      (regexp-exec protected-files name))
+                            (delete-file name))))
+
+                      (file-system-fold enter?
+                                        leaf
+                                        (lambda (dir stat result) result) ;down
+                                        (lambda (dir stat result) result) ;up
+                                        (lambda (dir stat result) result) ;skip
+                                        (lambda (dir stat result) result) ;error
+                                        #t
+                                        dir))
+
+                    (for-each (lambda (third-party)
+                                (delete-files-except preserved-files
+                                                     third-party))
+                              (find-files "." "^third_party$" #:directories? #t))
+
+                    ;; Replace GN files from third_party with shims for building
+                    ;; against system libraries.  Keep this list in sync with
+                    ;; "build/linux/unbundle/replace_gn_files.py".
+                    (for-each (lambda (pair)
+                                (let ((source (string-append
+                                               "build/linux/unbundle/" (car pair)))
+                                      (dest (cdr pair)))
+                                  (copy-file source dest)))
+                              (list
+                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                               '("flac.gn" . "third_party/flac/BUILD.gn")
+                               '("freetype.gn" . "third_party/freetype/BUILD.gn")
+                               ;; FIXME: This is no longer supported since 63.
+                               ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+                               '("icu.gn" . "third_party/icu/BUILD.gn")
+                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                               '("libjpeg.gn" .
+                                 "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                               '("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                               '("opus.gn" . "third_party/opus/BUILD.gn")
+                               '("re2.gn" . "third_party/re2/BUILD.gn")
+                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                    #t)))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it's not recognized when passed.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (append (find-files "third_party/opus/src/celt")
+                               (find-files "third_party/opus/src/src")
+                               (find-files (string-append "third_party/webrtc/modules"
+                                                          "/audio_coding/codecs/opus"))))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((gn-flags
+                    (list
+                     ;; See tools/gn/docs/cookbook.md and
+                     ;; https://www.chromium.org/developers/gn-build-configuration
+                     ;; for usage.  Run "./gn args . --list" in the Release
+                     ;; directory for an exhaustive list of supported flags.
+                     "is_debug=false"
+                     "is_official_build=false"
+                     "is_clang=false"
+                     "use_gold=false"
+                     "use_lld=false"
+                     "linux_use_bundled_binutils=false"
+                     "use_custom_libcxx=false"
+                     "use_sysroot=false"
+                     "goma_dir=\"\""
+                     "enable_precompiled_headers=false"
+                     "enable_nacl=false"
+                     "enable_nacl_nonsfi=false"
+                     "use_allocator=\"none\"" ;don't use tcmalloc
+                     "override_build_date=\"01 01 2000 05:00:00\""
+                     "use_unofficial_version_number=false"
+                     ;; Optimize for building everything at once, as opposed
+                     ;; to incrementally for development.  See "docs/jumbo.md".
+                     ;; XXX: On some systems this may trigger a compiler error.
+                     ;;"use_jumbo_build=true"
+                     ;; Disable debugging features to save space.
+                     "remove_webcore_debug_symbols=true"
+                     "enable_iterator_debugging=false"
+                     ;; Some of the unbundled libraries throws deprecation
+                     ;; warnings, etc.  Ignore it.
+                     "treat_warnings_as_errors=false"
+                     ;; Don't add any API keys.  End users can set them in the
+                     ;; environment if desired.  See
+                     ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+                     "use_official_google_api_keys=false"
+                     ;; Disable "field trials".
+                     "fieldtrial_testing_like_official_build=true"
+
+                     "use_system_freetype=true"
+                     "use_system_harfbuzz=true"
+                     "use_system_libjpeg=true"
+                     "use_system_lcms2=true"
+                     "use_system_zlib=true"
+                     ;; This is currently not supported on Linux:
+                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                     ;;"use_system_sqlite=true"
+
+                     "use_gconf=false"         ;deprecated by gsettings
+                     "use_gnome_keyring=false" ;deprecated by libsecret
+                     "use_gtk3=true"
+                     "use_openh264=true"
+                     "use_xkbcommon=true"
+                     "link_pulseaudio=true"
+
+                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                     "proprietary_codecs=true"
+                     "ffmpeg_branding=\"Chrome\""
+
+                     ;; WebRTC stuff.
+                     "rtc_use_h264=true"
+                     ;; Don't use bundled sources.
+                     "rtc_build_json=false"
+                     "rtc_build_libevent=false"
+                     "rtc_build_libvpx=false"
+                     "rtc_build_opus=false"
+                     "rtc_build_ssl=false"
+                     ;; TODO: Package these.
+                     "rtc_build_libsrtp=true" ;2.0
+                     "rtc_build_libyuv=true"
+                     "rtc_build_openmax_dl=true"
+                     "rtc_build_usrsctp=true"
+                     (string-append "rtc_jsoncpp_root=\""
+                                    (assoc-ref inputs "jsoncpp")
+                                    "/include/jsoncpp/json\"")
+                     (string-append "rtc_ssl_root=\""
+                                    (assoc-ref inputs "openssl")
+                                    "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "gcc")
+               (setenv "CXX" "g++")
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (invoke "python"
+                        "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
+                ;; Generate ninja build files.
+                (invoke "./out/Release/gn" "gen" "out/Release"
+                        (string-append "--args="
+                                       (string-join gn-flags " ")))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser designed for speed and security.  This
+version incorporates patches from
+@url{https://github.com/gcarq/inox-patchset,Inox} and
+@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-gcc5.patch b/gnu/packages/patches/chromium-gcc5.patch
new file mode 100644
index 000000000..56b2cd6ef
--- /dev/null
+++ b/gnu/packages/patches/chromium-gcc5.patch
@@ -0,0 +1,39 @@
+Work around a GCC5 bug where it fails to choose the correct base::span
+constructor.
+
+Adapted from this commit:
+https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=7843d29ab07411a9c70962fb90b4cd1546910242
+
+--- a/gpu/ipc/common/mailbox_struct_traits.h
++++ b/gpu/ipc/common/mailbox_struct_traits.h
+@@ -15,7 +15,7 @@ namespace mojo {
+ template <>
+ struct StructTraits<gpu::mojom::MailboxDataView, gpu::Mailbox> {
+   static base::span<const int8_t> name(const gpu::Mailbox& mailbox) {
+-    return mailbox.name;
++    return base::make_span(mailbox.name);
+   }
+   static bool Read(gpu::mojom::MailboxDataView data, gpu::Mailbox* out);
+ };
+--- a/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
++++ b/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
+@@ -134,7 +134,7 @@ struct StructTraits<viz::mojom::FilterOperationDataView, cc::FilterOperation> {
+   static base::span<const float> matrix(const cc::FilterOperation& operation) {
+     if (operation.type() != cc::FilterOperation::COLOR_MATRIX)
+       return base::span<const float>();
+-    return operation.matrix();
++    return base::make_span(operation.matrix());
+   }
+
+   static base::span<const gfx::Rect> shape(
+--- a/services/viz/public/cpp/compositing/quads_struct_traits.h
++++ b/services/viz/public/cpp/compositing/quads_struct_traits.h
+@@ -308,7 +308,7 @@
+   static base::span<const float> vertex_opacity(const viz::DrawQuad& input) {
+     const viz::TextureDrawQuad* quad =
+         viz::TextureDrawQuad::MaterialCast(&input);
+-    return quad->vertex_opacity;
++    return base::make_span(quad->vertex_opacity);
+   }
+ 
+   static bool y_flipped(const viz::DrawQuad& input) {
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..38be10820
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+ 
+ void InitializePrepopulatedPageList(
+     history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if false
+   DCHECK(prepopulated_pages);
+   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
-- 
2.16.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 20:06                             ` Marius Bakke
@ 2018-02-26 20:34                               ` ng0
  2018-02-26 22:41                               ` Björn Höfling
  2018-02-27 22:17                               ` ng0
  2 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2018-02-26 20:34 UTC (permalink / raw)
  To: Marius Bakke; +Cc: ng0, 28004

[-- Attachment #1: Type: text/plain, Size: 1826 bytes --]

Marius Bakke transcribed 43K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 2.1K bytes:
> >> Mike Gerwitz <mtg@gnu.org> writes:
> >> 
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >> >
> >> > I want to express gratitude for your hard work on this---given that
> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
> >> > desirable for web development.  It's also needed for certain Node.js
> >> > tools, like node-inspector.
> >> >
> >> > So, thank you!
> >> 
> >> Thank *you* for the kind words! :-)
> >> 
> >> Here is the latest iteration of this patch.  New in this version:
> >> 
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >>   drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.
> >
> > I think you forgot to attach the patches :)
> 
> Derp.  I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't allow
> easy download of a raw message.
> 
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> 

Great, thanks! I'll comment after building (so the usual 3 - 16 hours ;D).

Something I noticed in the past: A succesful build for Chromium depends on
the system libraries we use. The last version broke a while back when icu4c
got updated I think.
So changes need to be adjusted. We can not know when this happens, but we
can act when it happens.
-- 
ng0
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
http://krosos.org | https://n0.is/~ng0/ | https://crash.cx

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 20:06                             ` Marius Bakke
  2018-02-26 20:34                               ` ng0
@ 2018-02-26 22:41                               ` Björn Höfling
  2018-02-27 21:57                                 ` ng0
  2018-02-28 17:38                                 ` Marius Bakke
  2018-02-27 22:17                               ` ng0
  2 siblings, 2 replies; 152+ messages in thread
From: Björn Höfling @ 2018-02-26 22:41 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 3613 bytes --]

Hi Marius,

On Mon, 26 Feb 2018 21:06:57 +0100
Marius Bakke <mbakke@fastmail.com> wrote:

> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 2.1K bytes:  
> >> Mike Gerwitz <mtg@gnu.org> writes:
> >>   
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> >> >> If there are no objections, expect to see this in 'master' in
> >> >> 1-2 weeks.  
> >> >
> >> > I want to express gratitude for your hard work on this---given
> >> > that IceCat does not contain many of the FF devtool updates,
> >> > Chromium is very desirable for web development.  It's also
> >> > needed for certain Node.js tools, like node-inspector.
> >> >
> >> > So, thank you!  
> >> 
> >> Thank *you* for the kind words! :-)
> >> 
> >> Here is the latest iteration of this patch.  New in this version:
> >> 
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >>   drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.  
> >
> > I think you forgot to attach the patches :)  
> 
> Derp.  I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't
> allow easy download of a raw message.
> 
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> 


This looks like a lot of work. Thank you!

I quickly tried to apply and build the patch and have two first remarks:

The file says:

;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>

I haven't followed history, have you worked on this since 2016?

One patch has a hash-mismatch:

Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
 icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
@ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
@ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed

I looked into the file and it looks reasonable, like a patch-file. It has no download errors.

It starts like this:

description: backwards compatibility for older versions of icu
author: Michael Gilbert <mgilbert@debian.org>

--- a/v8/src/runtime/runtime-intl.cc
+++ b/v8/src/runtime/runtime-intl.cc
@@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele

...

Can you check this file again?

Björn



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 18:18                         ` Marius Bakke
  2018-02-26 20:01                           ` ng0
@ 2018-02-27  2:00                           ` Mike Gerwitz
  2018-02-28  8:17                             ` ng0
  2018-02-28 17:28                             ` Marius Bakke
  1 sibling, 2 replies; 152+ messages in thread
From: Mike Gerwitz @ 2018-02-27  2:00 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 675 bytes --]

On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:
> Now, when launching the browser for the first time, it *still* connects
> to Google services.  After a while it also does a lookup for AdWords...

Do you know what code initiates this?  Would it be easy to remove, and
would that harm other functionality?

Saying that it only runs the first time implies to me that there's a
flag, and that perhaps the flag can either be permanently set or the
conditional triggering this behavior removed.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 22:41                               ` Björn Höfling
@ 2018-02-27 21:57                                 ` ng0
  2018-02-28 17:38                                 ` Marius Bakke
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2018-02-27 21:57 UTC (permalink / raw)
  To: Björn Höfling; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 4148 bytes --]

Björn Höfling transcribed 4.0K bytes:
> Hi Marius,
> 
> On Mon, 26 Feb 2018 21:06:57 +0100
> Marius Bakke <mbakke@fastmail.com> wrote:
> 
> > ng0 <ng0@n0.is> writes:
> > 
> > > Marius Bakke transcribed 2.1K bytes:  
> > >> Mike Gerwitz <mtg@gnu.org> writes:
> > >>   
> > >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> > >> >> If there are no objections, expect to see this in 'master' in
> > >> >> 1-2 weeks.  
> > >> >
> > >> > I want to express gratitude for your hard work on this---given
> > >> > that IceCat does not contain many of the FF devtool updates,
> > >> > Chromium is very desirable for web development.  It's also
> > >> > needed for certain Node.js tools, like node-inspector.
> > >> >
> > >> > So, thank you!  
> > >> 
> > >> Thank *you* for the kind words! :-)
> > >> 
> > >> Here is the latest iteration of this patch.  New in this version:
> > >> 
> > >> * Chromium 64 (duh).
> > >> * The 'delete-bundled-software' phase has been moved to a snippet,
> > >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> > >>   drastically reduces (de)compression time).
> > >> * The New Tab page does not show any thumbnails for new profiles.  
> > >
> > > I think you forgot to attach the patches :)  
> > 
> > Derp.  I realized that and just used `git send-email`[0], but have
> > attached it here for convenience since the debbugs web UI doesn't
> > allow easy download of a raw message.
> > 
> > [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> > 
> 
> 
> This looks like a lot of work. Thank you!
> 
> I quickly tried to apply and build the patch and have two first remarks:
> 
> The file says:
> 
> ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> 
> I haven't followed history, have you worked on this since 2016?

Marius, myself (and others?) have been working on this at least since October 2017.
I did a search, and indeed: Date: Tue, 27 Sep 2016 07:39:10 +0000 ... this is when I
first send the original Inox WIP. Wow.

> One patch has a hash-mismatch:
> 
> Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
>  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
> 
> I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
> 
> It starts like this:
> 
> description: backwards compatibility for older versions of icu
> author: Michael Gilbert <mgilbert@debian.org>
> 
> --- a/v8/src/runtime/runtime-intl.cc
> +++ b/v8/src/runtime/runtime-intl.cc
> @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
> 
> ...
> 
> Can you check this file again?

With the patch Marius send yesterday it works for me.

> Björn
> 
> 



-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 20:06                             ` Marius Bakke
  2018-02-26 20:34                               ` ng0
  2018-02-26 22:41                               ` Björn Höfling
@ 2018-02-27 22:17                               ` ng0
  2018-02-28 17:14                                 ` Marius Bakke
  2 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-02-27 22:17 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0

[-- Attachment #1: Type: text/plain, Size: 46478 bytes --]

Marius Bakke transcribed 43K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 2.1K bytes:
> >> Mike Gerwitz <mtg@gnu.org> writes:
> >> 
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >> >
> >> > I want to express gratitude for your hard work on this---given that
> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
> >> > desirable for web development.  It's also needed for certain Node.js
> >> > tools, like node-inspector.
> >> >
> >> > So, thank you!
> >> 
> >> Thank *you* for the kind words! :-)
> >> 
> >> Here is the latest iteration of this patch.  New in this version:
> >> 
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >>   drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.
> >
> > I think you forgot to attach the patches :)
> 
> Derp.  I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't allow
> easy download of a raw message.
> 
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>

Comments inlined, some words ahead.

I think it's good that we will be able to handle extensions via Guix.
But: We should point it out that you won't be able to install extensions
manually, via the store or as a file. People who betatested this got
confused.
Once we have extensions as packages, we can describe how to get extensions.
Gentoo (and Nix?) have done some work on handling the extensions via system
tools.

> From f00529f4cd9e2e5efef146915d217cbb413d1f1a Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
> 
> * gnu/packages/chromium.scm: New file.
> * gnu/packages/patches/chromium-gcc.patch,
> gnu/packages/patches/chromium-remove-default-history.patch: New files.
> * gnu/local.mk: Record it.
> ---
>  gnu/local.mk                                       |   3 +
>  gnu/packages/chromium.scm                          | 756 +++++++++++++++++++++
>  gnu/packages/patches/chromium-gcc5.patch           |  39 ++
>  .../patches/chromium-remove-default-history.patch  |  13 +
>  4 files changed, 811 insertions(+)
>  create mode 100644 gnu/packages/chromium.scm
>  create mode 100644 gnu/packages/patches/chromium-gcc5.patch
>  create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index fa98810d6..fb1320f7b 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/packages/check.scm			\
>    %D%/packages/chemistry.scm			\
>    %D%/packages/chez.scm				\
> +  %D%/packages/chromium.scm			\
>    %D%/packages/ci.scm				\
>    %D%/packages/cinnamon.scm			\
>    %D%/packages/cmake.scm			\
> @@ -581,6 +582,8 @@ dist_patch_DATA =						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-gcc5.patch			\
> +  %D%/packages/patches/chromium-remove-default-history.patch	\
>    %D%/packages/patches/clang-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clang-runtime-asan-build-fixes.patch	\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..1dd77b089
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,756 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> +  #:use-module ((guix licenses) #:prefix license:)
> +  #:use-module (guix packages)
> +  #:use-module (guix download)
> +  #:use-module (guix git-download)
> +  #:use-module (guix utils)
> +  #:use-module (guix build-system gnu)
> +  #:use-module (gnu packages)
> +  #:use-module (gnu packages assembly)
> +  #:use-module (gnu packages base)
> +  #:use-module (gnu packages bison)
> +  #:use-module (gnu packages compression)
> +  #:use-module (gnu packages cups)
> +  #:use-module (gnu packages curl)
> +  #:use-module (gnu packages databases)
> +  #:use-module (gnu packages fontutils)
> +  #:use-module (gnu packages ghostscript)
> +  #:use-module (gnu packages gl)
> +  #:use-module (gnu packages glib)
> +  #:use-module (gnu packages gnome)
> +  #:use-module (gnu packages gnuzilla)
> +  #:use-module (gnu packages gperf)
> +  #:use-module (gnu packages gtk)
> +  #:use-module (gnu packages icu4c)
> +  #:use-module (gnu packages image)
> +  #:use-module (gnu packages libevent)
> +  #:use-module (gnu packages libffi)
> +  #:use-module (gnu packages libusb)
> +  #:use-module (gnu packages linux)
> +  #:use-module (gnu packages kerberos)
> +  #:use-module (gnu packages ninja)
> +  #:use-module (gnu packages node)
> +  #:use-module (gnu packages pciutils)
> +  #:use-module (gnu packages photo)
> +  #:use-module (gnu packages pkg-config)
> +  #:use-module (gnu packages protobuf)
> +  #:use-module (gnu packages pulseaudio)
> +  #:use-module (gnu packages python)
> +  #:use-module (gnu packages python-web)
> +  #:use-module (gnu packages regex)
> +  #:use-module (gnu packages serialization)
> +  #:use-module (gnu packages speech)
> +  #:use-module (gnu packages tls)
> +  #:use-module (gnu packages valgrind)
> +  #:use-module (gnu packages version-control)
> +  #:use-module (gnu packages video)
> +  #:use-module (gnu packages xiph)
> +  #:use-module (gnu packages xml)
> +  #:use-module (gnu packages xdisorg)
> +  #:use-module (gnu packages xorg))
> +
> +(define (strip-directory-prefix pathspec)
> +  "Return everything after the last '/' in PATHSPEC."
> +  (let ((index (string-rindex pathspec #\/)))
> +    (if index
> +        (string-drop pathspec (+ 1 index))
> +        pathspec)))
> +
> +(define (chromium-patch-file-name pathspec)
> +  (let ((patch-name (strip-directory-prefix pathspec)))
> +    (if (string-prefix? "chromium-" patch-name)
> +        patch-name
> +        (string-append "chromium-" patch-name))))
> +
> +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
> +(define (debian-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
> +          "/plain/debian/patches/" pathspec "?id=" revision))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> +          "/chromium/files/" pathspec "?id=" revision))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> +                        revision "/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
> +(define (nixos-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
> +                        revision "/pkgs/applications/networking/browsers"
> +                        "/chromium/patches/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; Fix build for older versions of GCC.
> +(define %chromium-angle-gcc-compat.patch
> +  (gentoo-patch "chromium-angle-r0.patch"
> +                "08971011b4d6fa37aa906920fba7564e48b9e60b"
> +                "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
> +
> +;; https://webrtc-review.googlesource.com/9384
> +(define %chromium-webrtc-gcc-compat.patch
> +  (gentoo-patch "chromium-webrtc-r0.patch"
> +                "08971011b4d6fa37aa906920fba7564e48b9e60b"
> +                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
> +
> +;; https://chromium-review.googlesource.com/813737
> +(define %chromium-memcpy.patch
> +  (gentoo-patch "chromium-memcpy-r0.patch"
> +                "08971011b4d6fa37aa906920fba7564e48b9e60b"
> +                "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
> +
> +(define %chromium-system-nspr.patch
> +  (debian-patch "system/nspr.patch"
> +                "debian/64.0.3282.119-2"
> +                "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
> +
> +(define %chromium-system-libevent.patch
> +  (debian-patch "system/event.patch"
> +                "debian/64.0.3282.119-2"
> +                "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
> +
> +(define %chromium-system-icu.patch
> +  (debian-patch "system/icu.patch"
> +                "debian/64.0.3282.119-2"
> +                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
> +
> +;; Don't show a warning about missing API keys.
> +(define %chromium-disable-api-keys-warning.patch
> +  (debian-patch "disable/google-api-warning.patch"
> +                "debian/64.0.3282.119-2"
> +                "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
> +
> +;; Add DuckDuckGo and set it as the default search engine.
> +(define %chromium-duckduckgo.patch
> +  (inox-patch "0011-add-duckduckgo-search-engine.patch"
> +              "d655594419af6b82a2a070e4d3eedd926a04fa79"
> +              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
> +
> +;; Don't start a "Login Wizard" at first launch.
> +(define %chromium-first-run.patch
> +  (inox-patch "0018-disable-first-run-behaviour.patch"
> +              "d655594419af6b82a2a070e4d3eedd926a04fa79"
> +              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
> +
> +;; Use privacy-preserving defaults.
> +(define %chromium-default-preferences.patch
> +  (inox-patch "0006-modify-default-prefs.patch"
> +              "d655594419af6b82a2a070e4d3eedd926a04fa79"
> +              "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
> +
> +;; Recent versions of Chromium may load a remote search engine on the
> +;; New Tab Page, causing unnecessary and involuntary network traffic.
> +(define %chromium-restore-classic-ntp.patch
> +  (inox-patch "0008-restore-classic-ntp.patch"
> +              "d655594419af6b82a2a070e4d3eedd926a04fa79"
> +              "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
> +
> +(define opus+custom
> +  (package (inherit opus)
> +           (name "opus+custom")
> +           (arguments
> +            `(;; Opus Custom is an optional extension of the Opus
> +              ;; specification that allows for unsupported frame
> +              ;; sizes.  Chromium requires that this is enabled.
> +              #:configure-flags '("--enable-custom-modes")
> +              ,@(package-arguments opus)))))
> +
> +(define libvpx+experimental
> +  (package
> +    (inherit libvpx)
> +    (name "libvpx+experimental")
> +    (arguments
> +     `(,@(substitute-keyword-arguments (package-arguments libvpx)
> +           ((#:configure-flags flags ''())
> +            ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
> +            `(cons* "--enable-experimental" "--enable-spatial-svc"
> +                    ,flags)))))))
> +
> +(define-public chromium
> +  (package
> +    (name "chromium")
> +    (version "64.0.3282.186")
> +    (synopsis "Graphical web browser")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append "https://commondatastorage.googleapis.com/"
> +                                  "chromium-browser-official/chromium-"
> +                                  version ".tar.xz"))
> +              (sha256
> +               (base32
> +                "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
> +              (patches (list %chromium-duckduckgo.patch
> +                             %chromium-default-preferences.patch
> +                             %chromium-first-run.patch
> +                             %chromium-restore-classic-ntp.patch
> +                             %chromium-angle-gcc-compat.patch
> +                             %chromium-webrtc-gcc-compat.patch
> +                             %chromium-memcpy.patch
> +                             %chromium-system-icu.patch
> +                             %chromium-system-nspr.patch
> +                             %chromium-system-libevent.patch
> +                             %chromium-disable-api-keys-warning.patch
> +                             (search-patch "chromium-gcc5.patch")
> +                             (search-patch "chromium-remove-default-history.patch")))
> +              (modules '((srfi srfi-1)
> +                         (ice-9 ftw)
> +                         (ice-9 regex)
> +                         (guix build utils)))
> +              (snippet
> +               '(begin
> +                  (let ((preserved-files
> +                         (map
> +                          (lambda (path) (string-append "./" path))
> +                          (list
> +                           "base/third_party/dmg_fp"
> +                           "base/third_party/dynamic_annotations"
> +                           "base/third_party/icu"
> +                           "base/third_party/libevent"
> +                           "base/third_party/nspr"
> +                           "base/third_party/superfasthash"
> +                           "base/third_party/symbolize" ;glog
> +                           "base/third_party/xdg_mime"
> +                           "base/third_party/xdg_user_dirs"
> +                           "buildtools/third_party/libc++"
> +                           "chrome/third_party/mozilla_security_manager"
> +                           "courgette/third_party"
> +                           "net/third_party/mozilla_security_manager"
> +                           "net/third_party/nss"
> +                           "third_party/adobe/flash/flapper_version.h"
> +                           ;; FIXME: This is used in:
> +                           ;; * ui/webui/resources/js/analytics.js
> +                           ;; * ui/file_manager/
> +                           "third_party/analytics"
> +                           "third_party/angle"
> +                           "third_party/angle/src/common/third_party/base"
> +                           "third_party/angle/src/common/third_party/smhasher"
> +                           "third_party/angle/src/third_party/compiler"
> +                           "third_party/angle/src/third_party/libXNVCtrl"
> +                           "third_party/angle/src/third_party/trace_event"
> +                           "third_party/blink"
> +                           "third_party/boringssl"
> +                           "third_party/boringssl/src/third_party/fiat"
> +                           "third_party/breakpad"
> +                           "third_party/brotli"
> +                           "third_party/cacheinvalidation"
> +                           "third_party/catapult"
> +                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> +                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> +                           "third_party/catapult/third_party/polymer"
> +                           "third_party/catapult/tracing/third_party/d3"
> +                           "third_party/catapult/tracing/third_party/gl-matrix"
> +                           "third_party/catapult/tracing/third_party/jszip"
> +                           "third_party/catapult/tracing/third_party/mannwhitneyu"
> +                           "third_party/catapult/tracing/third_party/oboe"
> +                           "third_party/catapult/tracing/third_party/pako"
> +                           "third_party/ced"
> +                           "third_party/cld_3"
> +                           "third_party/crc32c"
> +                           "third_party/cros_system_api"
> +                           "third_party/dom_distiller_js"
> +                           "third_party/fips181"
> +                           "third_party/flatbuffers"
> +                           ;; PDFium requires a private freetype API.
> +                           ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
> +                           "third_party/freetype/src/src/psnames/pstables.h"
> +                           "third_party/glslang-angle"
> +                           "third_party/google_input_tools"
> +                           "third_party/google_input_tools/third_party/closure_library"
> +                           (string-append "third_party/google_input_tools/third_party"
> +                                          "/closure_library/third_party/closure")
> +                           "third_party/googletest"
> +                           "third_party/harfbuzz-ng"
> +                           "third_party/hunspell"
> +                           "third_party/iccjpeg"
> +                           "third_party/inspector_protocol"
> +                           "third_party/jinja2"
> +                           "third_party/jstemplate"
> +                           "third_party/khronos"
> +                           "third_party/leveldatabase"
> +                           "third_party/libXNVCtrl"
> +                           "third_party/libaddressinput"
> +                           "third_party/libjingle_xmpp"
> +                           "third_party/libphonenumber"
> +                           "third_party/libsecret" ;FIXME: needs pkg-config support.
> +                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
> +                           "third_party/libudev"
> +                           "third_party/libwebm"
> +                           "third_party/libxml"
> +                           "third_party/libyuv"
> +                           "third_party/lss"
> +                           "third_party/lzma_sdk"
> +                           "third_party/markupsafe"
> +                           "third_party/mesa"
> +                           "third_party/metrics_proto"
> +                           "third_party/modp_b64"
> +                           "third_party/mt19937ar"
> +                           "third_party/node"
> +                           (string-append "third_party/node/node_modules/"
> +                                          "polymer-bundler/lib/third_party/UglifyJS2")
> +                           "third_party/openmax_dl"
> +                           "third_party/ots"
> +                           "third_party/pdfium"
> +                           "third_party/pdfium/third_party"
> +                           "third_party/ply"
> +                           "third_party/polymer"
> +                           "third_party/protobuf"
> +                           "third_party/protobuf/third_party/six"
> +                           "third_party/qcms"
> +                           "third_party/sfntly"
> +                           "third_party/skia"
> +                           "third_party/skia/third_party/vulkan"
> +                           "third_party/skia/third_party/gif"
> +                           "third_party/smhasher"
> +                           "third_party/speech-dispatcher"
> +                           "third_party/spirv-headers"
> +                           "third_party/spirv-tools-angle"
> +                           "third_party/sqlite"
> +                           "third_party/swiftshader"
> +                           "third_party/swiftshader/third_party"
> +                           "third_party/usb_ids"
> +                           "third_party/usrsctp"
> +                           "third_party/vulkan"
> +                           "third_party/vulkan-validation-layers"
> +                           "third_party/WebKit"
> +                           "third_party/web-animations-js"
> +                           "third_party/webrtc"
> +                           "third_party/webrtc_overrides"
> +                           "third_party/widevine/cdm/widevine_cdm_version.h"
> +                           "third_party/widevine/cdm/widevine_cdm_common.h"
> +                           "third_party/woff2"
> +                           "third_party/xdg-utils"
> +                           "third_party/yasm/run_yasm.py"
> +                           "third_party/zlib/google"
> +                           "url/third_party/mozilla"
> +                           "v8/src/third_party/valgrind"
> +                           "v8/third_party/inspector_protocol"))))
> +
> +                    ;; This is an implementation of
> +                    ;; "build/linux/unbundle/remove_bundled_libraries.py".
> +                    ;; It traverses any "third_party" directory and deletes
> +                    ;; files that are:
> +                    ;; * not ending with ".gn" or ".gni"; or
> +                    ;; * not explicitly named as argument (folder or file).
> +                    ;; TODO: Remove empty directories.
> +                    (define (delete-files-except exceptions dir)
> +
> +                      (define (enter? name stat result)
> +                        (not (member name exceptions)))
> +
> +                      (define (leaf name stat result)
> +                        (let ((protected-files (make-regexp "\\.(gn|gyp)i?$"
> +                                                            regexp/icase)))
> +                          (unless (or (member name exceptions)
> +                                      (regexp-exec protected-files name))
> +                            (delete-file name))))
> +
> +                      (file-system-fold enter?
> +                                        leaf
> +                                        (lambda (dir stat result) result) ;down
> +                                        (lambda (dir stat result) result) ;up
> +                                        (lambda (dir stat result) result) ;skip
> +                                        (lambda (dir stat result) result) ;error
> +                                        #t
> +                                        dir))
> +
> +                    (for-each (lambda (third-party)
> +                                (delete-files-except preserved-files
> +                                                     third-party))
> +                              (find-files "." "^third_party$" #:directories? #t))
> +
> +                    ;; Replace GN files from third_party with shims for building
> +                    ;; against system libraries.  Keep this list in sync with
> +                    ;; "build/linux/unbundle/replace_gn_files.py".
> +                    (for-each (lambda (pair)
> +                                (let ((source (string-append
> +                                               "build/linux/unbundle/" (car pair)))
> +                                      (dest (cdr pair)))
> +                                  (copy-file source dest)))
> +                              (list
> +                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> +                               '("flac.gn" . "third_party/flac/BUILD.gn")
> +                               '("freetype.gn" . "third_party/freetype/BUILD.gn")
> +                               ;; FIXME: This is no longer supported since 63.
> +                               ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
> +                               '("icu.gn" . "third_party/icu/BUILD.gn")
> +                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> +                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> +                               '("libjpeg.gn" .
> +                                 "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
> +                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
> +                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> +                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> +                               '("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
> +                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> +                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
> +                               '("opus.gn" . "third_party/opus/BUILD.gn")
> +                               '("re2.gn" . "third_party/re2/BUILD.gn")
> +                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
> +                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> +                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> +                    #t)))))
> +    (build-system gnu-build-system)
> +    (arguments
> +     `(#:tests? #f
> +       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> +       ;; it's not recognized when passed.
> +       #:validate-runpath? #f
> +       #:modules ((srfi srfi-26)
> +                  (ice-9 ftw)
> +                  (ice-9 regex)
> +                  (guix build gnu-build-system)
> +                  (guix build utils))
> +       #:phases
> +       (modify-phases %standard-phases
> +         (add-after 'unpack 'patch-stuff
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (substitute* "printing/cups_config_helper.py"
> +               (("cups_config =.*")
> +                (string-append "cups_config = '" (assoc-ref inputs "cups")
> +                               "/bin/cups-config'\n")))
> +
> +             (substitute*
> +                 '("base/process/launch_posix.cc"
> +                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
> +                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> +                   "sandbox/linux/services/credentials.cc"
> +                   "sandbox/linux/services/namespace_utils.cc"
> +                   "sandbox/linux/services/syscall_wrappers.cc"
> +                   "sandbox/linux/syscall_broker/broker_host.cc")
> +               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> +             (for-each (lambda (file)
> +                         (substitute* file
> +                           ;; Fix opus include path.
> +                           ;; Do not substitute opus_private.h.
> +                           (("#include \"opus\\.h\"")
> +                            "#include \"opus/opus.h\"")
> +                           (("#include \"opus_custom\\.h\"")
> +                            "#include \"opus/opus_custom.h\"")
> +                           (("#include \"opus_defines\\.h\"")
> +                            "#include \"opus/opus_defines.h\"")
> +                           (("#include \"opus_multistream\\.h\"")
> +                            "#include \"opus/opus_multistream.h\"")
> +                           (("#include \"opus_types\\.h\"")
> +                            "#include \"opus/opus_types.h\"")))
> +                       (append (find-files "third_party/opus/src/celt")
> +                               (find-files "third_party/opus/src/src")
> +                               (find-files (string-append "third_party/webrtc/modules"
> +                                                          "/audio_coding/codecs/opus"))))
> +
> +             (substitute* "chrome/common/chrome_paths.cc"
> +               (("/usr/share/chromium/extensions")
> +                ;; TODO: Add ~/.guix-profile.
> +                "/run/current-system/profile/share/chromium/extensions"))

                   I don't know if I asked you about this in the past, but can you explain why you
                   picked the run dir? I have to re-read the Gentoo eclass and Nix integration for this.

> +
> +             (substitute*
> +                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> +               (("include \"third_party/curl") "include \"curl"))
> +             (substitute* "media/base/decode_capabilities.cc"
> +               (("third_party/libvpx/source/libvpx/") ""))
> +
> +             ;; We don't cross compile most packages, so get rid of the
> +             ;; unnecessary ARCH-linux-gnu* prefix.
> +             (substitute* "build/toolchain/linux/BUILD.gn"
> +               (("aarch64-linux-gnu-") "")
> +               (("arm-linux-gnueabihf-") ""))
> +             #t))
> +         (replace 'configure
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let ((gn-flags
> +                    (list
> +                     ;; See tools/gn/docs/cookbook.md and
> +                     ;; https://www.chromium.org/developers/gn-build-configuration
> +                     ;; for usage.  Run "./gn args . --list" in the Release
> +                     ;; directory for an exhaustive list of supported flags.
> +                     "is_debug=false"
> +                     "is_official_build=false"
> +                     "is_clang=false"
> +                     "use_gold=false"
> +                     "use_lld=false"
> +                     "linux_use_bundled_binutils=false"
> +                     "use_custom_libcxx=false"
> +                     "use_sysroot=false"
> +                     "goma_dir=\"\""
> +                     "enable_precompiled_headers=false"
> +                     "enable_nacl=false"
> +                     "enable_nacl_nonsfi=false"
> +                     "use_allocator=\"none\"" ;don't use tcmalloc
> +                     "override_build_date=\"01 01 2000 05:00:00\""
> +                     "use_unofficial_version_number=false"
> +                     ;; Optimize for building everything at once, as opposed
> +                     ;; to incrementally for development.  See "docs/jumbo.md".
> +                     ;; XXX: On some systems this may trigger a compiler error.
> +                     ;;"use_jumbo_build=true"
> +                     ;; Disable debugging features to save space.
> +                     "remove_webcore_debug_symbols=true"
> +                     "enable_iterator_debugging=false"
> +                     ;; Some of the unbundled libraries throws deprecation
> +                     ;; warnings, etc.  Ignore it.
> +                     "treat_warnings_as_errors=false"
> +                     ;; Don't add any API keys.  End users can set them in the
> +                     ;; environment if desired.  See
> +                     ;; <https://www.chromium.org/developers/how-tos/api-keys>.
> +                     "use_official_google_api_keys=false"
> +                     ;; Disable "field trials".
> +                     "fieldtrial_testing_like_official_build=true"
> +
> +                     "use_system_freetype=true"
> +                     "use_system_harfbuzz=true"
> +                     "use_system_libjpeg=true"
> +                     "use_system_lcms2=true"
> +                     "use_system_zlib=true"
> +                     ;; This is currently not supported on Linux:
> +                     ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> +                     ;;"use_system_sqlite=true"
> +
> +                     "use_gconf=false"         ;deprecated by gsettings
> +                     "use_gnome_keyring=false" ;deprecated by libsecret
> +                     "use_gtk3=true"
> +                     "use_openh264=true"
> +                     "use_xkbcommon=true"
> +                     "link_pulseaudio=true"
> +
> +                     ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> +                     "proprietary_codecs=true"
> +                     "ffmpeg_branding=\"Chrome\""
> +
> +                     ;; WebRTC stuff.
> +                     "rtc_use_h264=true"
> +                     ;; Don't use bundled sources.
> +                     "rtc_build_json=false"
> +                     "rtc_build_libevent=false"
> +                     "rtc_build_libvpx=false"
> +                     "rtc_build_opus=false"
> +                     "rtc_build_ssl=false"
> +                     ;; TODO: Package these.
> +                     "rtc_build_libsrtp=true" ;2.0
> +                     "rtc_build_libyuv=true"
> +                     "rtc_build_openmax_dl=true"
> +                     "rtc_build_usrsctp=true"
> +                     (string-append "rtc_jsoncpp_root=\""
> +                                    (assoc-ref inputs "jsoncpp")
> +                                    "/include/jsoncpp/json\"")
> +                     (string-append "rtc_ssl_root=\""
> +                                    (assoc-ref inputs "openssl")
> +                                    "/include/openssl\""))))
> +
> +               ;; XXX: How portable is this.

                  Can you extend this comment?

> +               (mkdir-p "third_party/node/linux/node-linux-x64")
> +               (symlink (string-append (assoc-ref inputs "node") "/bin")
> +                        "third_party/node/linux/node-linux-x64/bin")
> +
> +               (setenv "CC" "gcc")
> +               (setenv "CXX" "g++")
> +               ;; TODO: pre-compile instead. Avoids a race condition.
> +               (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +               (and
> +                ;; Build the "gn" tool.
> +                (invoke "python"
> +                        "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
> +                ;; Generate ninja build files.
> +                (invoke "./out/Release/gn" "gen" "out/Release"
> +                        (string-append "--args="
> +                                       (string-join gn-flags " ")))))))
> +         (replace 'build
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (invoke "ninja" "-C" "out/Release"
> +                     "-j" (number->string (parallel-job-count))
> +                     "chrome")))
> +         (replace 'install
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let* ((out            (assoc-ref outputs "out"))
> +                    (bin            (string-append out "/bin"))
> +                    (exe            (string-append bin "/chromium"))
> +                    (lib            (string-append out "/lib"))
> +                    (man            (string-append out "/share/man/man1"))
> +                    (applications   (string-append out "/share/applications"))
> +                    (install-regexp (make-regexp "\\.(bin|pak)$"))
> +                    (locales        (string-append lib "/locales"))
> +                    (resources      (string-append lib "/resources"))
> +                    (gtk+           (assoc-ref inputs "gtk+"))
> +                    (mesa           (assoc-ref inputs "mesa"))
> +                    (nss            (assoc-ref inputs "nss"))
> +                    (udev           (assoc-ref inputs "udev"))
> +                    (sh             (which "sh")))
> +
> +               (substitute* '("chrome/app/resources/manpage.1.in"
> +                              "chrome/installer/linux/common/desktop.template")
> +                 (("@@MENUNAME@@") "Chromium")
> +                 (("@@PACKAGE@@") "chromium")
> +                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> +               (mkdir-p man)
> +               (copy-file "chrome/app/resources/manpage.1.in"
> +                          (string-append man "/chromium.1"))
> +               (mkdir-p applications)
> +               (copy-file "chrome/installer/linux/common/desktop.template"
> +                          (string-append applications "/chromium.desktop"))
> +
> +               (with-directory-excursion "out/Release"
> +                 (for-each (lambda (file)
> +                             (install-file file lib))
> +                           (scandir "." (cut regexp-exec install-regexp <>)))
> +                 (copy-file "chrome" (string-append lib "/chromium"))
> +
> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> +                 ;; "out/share/icons/hicolor/$size".
> +                 (install-file
> +                  "product_logo_48.png"
> +                  (string-append out "/share/icons/48x48/chromium.png"))
> +
> +                 (copy-recursively "locales" locales)
> +                 (copy-recursively "resources" resources)
> +
> +                 (mkdir-p bin)
> +                 ;; Add a thin wrapper to prevent the user from inadvertently
> +                 ;; installing non-free software through the Web Store.
> +                 ;; TODO: Discover extensions from the profile and pass
> +                 ;; something like "--disable-extensions-except=...".

                    To be able to work on this, can you (at least in this bug ticket,
                    explain the TODO part a bit more?

> +                 (call-with-output-file exe
> +                   (lambda (port)
> +                     (format port
> +                             "#!~a~@
> +                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> +                             then~@
> +                               CHROMIUM_FLAGS=\" \\~@
> +                                 --disable-background-networking \\~@
> +                                 --disable-extensions \\~@
> +                               \"~@
> +                             fi~@
> +                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> +                             sh (string-append lib "/chromium"))))
> +                 (chmod exe #o755)
> +
> +                 (wrap-program exe
> +                   ;; TODO: Get these in RUNPATH.
> +                   `("LD_LIBRARY_PATH" ":" prefix
> +                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> +                                      mesa "/lib:" udev "/lib")))
> +                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
> +                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> +                 #t)))))))
> +    (native-inputs
> +     `(("bison" ,bison)
> +       ("git" ,git)                     ;last_commit_position.py
> +       ("gperf" ,gperf)
> +       ("ninja" ,ninja)
> +       ("node" ,node)
> +       ("pkg-config" ,pkg-config)
> +       ("which" ,which)
> +       ("yasm" ,yasm)
> +
> +       ("python-beautifulsoup4" ,python2-beautifulsoup4)
> +       ("python-html5lib" ,python2-html5lib)
> +       ("python" ,python-2)))
> +    (inputs
> +     `(("alsa-lib" ,alsa-lib)
> +       ("atk" ,atk)
> +       ("cups" ,cups)
> +       ("curl" ,curl)
> +       ("dbus" ,dbus)
> +       ("dbus-glib" ,dbus-glib)
> +       ("expat" ,expat)
> +       ("flac" ,flac)
> +       ("ffmpeg" ,ffmpeg)
> +       ("fontconfig" ,fontconfig)
> +       ("freetype" ,freetype)
> +       ("gdk-pixbuf" ,gdk-pixbuf)
> +       ("glib" ,glib)
> +       ("gtk+-2" ,gtk+-2)
> +       ("gtk+" ,gtk+)
> +       ("harfbuzz" ,harfbuzz)
> +       ("icu4c" ,icu4c)
> +       ("jsoncpp" ,jsoncpp)
> +       ("lcms" ,lcms)
> +       ("libevent" ,libevent)
> +       ("libffi" ,libffi)
> +       ("libjpeg-turbo" ,libjpeg-turbo)
> +       ("libpng" ,libpng)
> +       ("libusb" ,libusb)
> +       ("libvpx" ,libvpx+experimental)
> +       ("libwebp" ,libwebp)
> +       ("libx11" ,libx11)
> +       ("libxcb" ,libxcb)
> +       ("libxcomposite" ,libxcomposite)
> +       ("libxcursor" ,libxcursor)
> +       ("libxdamage" ,libxdamage)
> +       ("libxext" ,libxext)
> +       ("libxfixes" ,libxfixes)
> +       ("libxi" ,libxi)
> +       ("libxkbcommon" ,libxkbcommon)
> +       ("libxml2" ,libxml2)
> +       ("libxrandr" ,libxrandr)
> +       ("libxrender" ,libxrender)
> +       ("libxscrnsaver" ,libxscrnsaver)
> +       ("libxslt" ,libxslt)
> +       ("libxtst" ,libxtst)
> +       ("mesa" ,mesa)
> +       ("minizip" ,minizip)
> +       ("mit-krb5" ,mit-krb5)
> +       ("nss" ,nss)
> +       ("openh264" ,openh264)
> +       ("openssl" ,openssl)
> +       ("opus" ,opus+custom)
> +       ("pango" ,pango)
> +       ("pciutils" ,pciutils)
> +       ("protobuf" ,protobuf)
> +       ("pulseaudio" ,pulseaudio)
> +       ("re2" ,re2)
> +       ("snappy" ,snappy)
> +       ("speech-dispatcher" ,speech-dispatcher)
> +       ("sqlite" ,sqlite)
> +       ("udev" ,eudev)
> +       ("valgrind" ,valgrind)))
> +    (home-page "https://www.chromium.org/")
> +    (description
> +     "Chromium is a web browser designed for speed and security.  This
> +version incorporates patches from
> +@url{https://github.com/gcarq/inox-patchset,Inox} and
> +@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
> +    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> +    ;; components with other licenses.  For full information, see chrome://credits.
> +    (license (list license:bsd-3
> +                   license:bsd-2
> +                   license:expat
> +                   license:asl2.0
> +                   license:mpl2.0
> +                   license:public-domain
> +                   license:lgpl2.1+))))
> diff --git a/gnu/packages/patches/chromium-gcc5.patch b/gnu/packages/patches/chromium-gcc5.patch
> new file mode 100644
> index 000000000..56b2cd6ef
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-gcc5.patch
> @@ -0,0 +1,39 @@
> +Work around a GCC5 bug where it fails to choose the correct base::span
> +constructor.
> +
> +Adapted from this commit:
> +https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=7843d29ab07411a9c70962fb90b4cd1546910242
> +
> +--- a/gpu/ipc/common/mailbox_struct_traits.h
> ++++ b/gpu/ipc/common/mailbox_struct_traits.h
> +@@ -15,7 +15,7 @@ namespace mojo {
> + template <>
> + struct StructTraits<gpu::mojom::MailboxDataView, gpu::Mailbox> {
> +   static base::span<const int8_t> name(const gpu::Mailbox& mailbox) {
> +-    return mailbox.name;
> ++    return base::make_span(mailbox.name);
> +   }
> +   static bool Read(gpu::mojom::MailboxDataView data, gpu::Mailbox* out);
> + };
> +--- a/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
> ++++ b/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
> +@@ -134,7 +134,7 @@ struct StructTraits<viz::mojom::FilterOperationDataView, cc::FilterOperation> {
> +   static base::span<const float> matrix(const cc::FilterOperation& operation) {
> +     if (operation.type() != cc::FilterOperation::COLOR_MATRIX)
> +       return base::span<const float>();
> +-    return operation.matrix();
> ++    return base::make_span(operation.matrix());
> +   }
> +
> +   static base::span<const gfx::Rect> shape(
> +--- a/services/viz/public/cpp/compositing/quads_struct_traits.h
> ++++ b/services/viz/public/cpp/compositing/quads_struct_traits.h
> +@@ -308,7 +308,7 @@
> +   static base::span<const float> vertex_opacity(const viz::DrawQuad& input) {
> +     const viz::TextureDrawQuad* quad =
> +         viz::TextureDrawQuad::MaterialCast(&input);
> +-    return quad->vertex_opacity;
> ++    return base::make_span(quad->vertex_opacity);
> +   }
> + 
> +   static bool y_flipped(const viz::DrawQuad& input) {
> diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
> new file mode 100644
> index 000000000..38be10820
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-remove-default-history.patch
> @@ -0,0 +1,13 @@
> +Don't pre-populate the New Tab Page for new profiles.
> +
> +--- a/chrome/browser/history/top_sites_factory.cc
> ++++ b/chrome/browser/history/top_sites_factory.cc
> +@@ -74,7 +74,7 @@
> + 
> + void InitializePrepopulatedPageList(
> +     history::PrepopulatedPageList* prepopulated_pages) {
> +-#if !defined(OS_ANDROID)
> ++#if false
> +   DCHECK(prepopulated_pages);
> +   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
> +   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
> -- 
> 2.16.2
> 

Otherwise, LGTM.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-27  2:00                           ` Mike Gerwitz
@ 2018-02-28  8:17                             ` ng0
  2018-02-28 17:28                             ` Marius Bakke
  1 sibling, 0 replies; 152+ messages in thread
From: ng0 @ 2018-02-28  8:17 UTC (permalink / raw)
  To: Mike Gerwitz; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2509 bytes --]

Mike Gerwitz transcribed 1.6K bytes:
> On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:
> > Now, when launching the browser for the first time, it *still* connects
> > to Google services.  After a while it also does a lookup for AdWords...
> 
> Do you know what code initiates this?  Would it be easy to remove, and
> would that harm other functionality?
> 
> Saying that it only runs the first time implies to me that there's a
> flag, and that perhaps the flag can either be permanently set or the
> conditional triggering this behavior removed.
> 
> -- 
> Mike Gerwitz
> Free Software Hacker+Activist | GNU Maintainer & Volunteer
> GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
> https://mikegerwitz.com

Could this be a connectivity check?

switch "--connectivity-check-url" exists:
https://peter.sh/experiments/chromium-command-line-switches/
and there might be a flag here: chrome://flags/

We can also creatre our own settings file as suggested in
this thread:
https://www.jamf.com/jamf-nation/discussions/10331/chrome-master-preferences-file-and-suppressing-first-run-browser

Someone else suggested this file:
http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc
404 now.

Adwords query might really be rlz, but I'm just guessing for now. Post from 2010:
https://blog.chromium.org/2010/06/in-open-for-rlz.html

> When we released a new stable version of Google Chrome last March, we tried to improve the transparency and privacy options of Google Chrome. One area where ve seen a lot of interest and questions is the RLZ library that is built into Google Chrome. RLZ gives us the ability to accurately measure the success of marketing promotions and distribution partnerships in order to meet our contractual and financial obligations. It assigns non-unique, non-personally identifiable promotion tracking labels to client products; these labels sometimes appear in Google search queries in Google Chrome.we

This is the source code view:
https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup
https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup


Different topic. This will help us to integrate packaged extensions once we get there:
https://data.gpo.zugaina.org/gentoo/www-client/chromium/files/chromium-launcher-r3.sh
and probably some more files.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-27 22:17                               ` ng0
@ 2018-02-28 17:14                                 ` Marius Bakke
  0 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-28 17:14 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 3435 bytes --]

ng0 <ng0@n0.is> writes:

> Marius Bakke transcribed 43K bytes:
>> ng0 <ng0@n0.is> writes:
>> 
>> > Marius Bakke transcribed 2.1K bytes:
>> >> Mike Gerwitz <mtg@gnu.org> writes:
>> >> 
>> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>> >> >
>> >> > I want to express gratitude for your hard work on this---given that
>> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
>> >> > desirable for web development.  It's also needed for certain Node.js
>> >> > tools, like node-inspector.
>> >> >
>> >> > So, thank you!
>> >> 
>> >> Thank *you* for the kind words! :-)
>> >> 
>> >> Here is the latest iteration of this patch.  New in this version:
>> >> 
>> >> * Chromium 64 (duh).
>> >> * The 'delete-bundled-software' phase has been moved to a snippet,
>> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
>> >>   drastically reduces (de)compression time).
>> >> * The New Tab page does not show any thumbnails for new profiles.
>> >
>> > I think you forgot to attach the patches :)
>> 
>> Derp.  I realized that and just used `git send-email`[0], but have
>> attached it here for convenience since the debbugs web UI doesn't allow
>> easy download of a raw message.
>> 
>> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>>
>
> Comments inlined, some words ahead.
>
> I think it's good that we will be able to handle extensions via Guix.
> But: We should point it out that you won't be able to install extensions
> manually, via the store or as a file. People who betatested this got
> confused.

I haven't tested installing from a file.  Which error are you getting?

You can use extensions from the store by setting the variable
"CHROMIUM_ENABLE_WEB_STORE", as in Debian.  But I don't see a need to
document it since it's unsupported territory from a Guix viewpoint.

>> +             (substitute* "chrome/common/chrome_paths.cc"
>> +               (("/usr/share/chromium/extensions")
>> +                ;; TODO: Add ~/.guix-profile.
>> +                "/run/current-system/profile/share/chromium/extensions"))
>
>                    I don't know if I asked you about this in the past, but can you explain why you
>                    picked the run dir? I have to re-read the Gentoo eclass and Nix integration for this.

The plan is to package extensions with Guix and place them in
"out/share/chromium/extensions".  Then you would be able to install
extensions through the system profile, until a better solution is in
place (like a search path).

>> +                 (mkdir-p bin)
>> +                 ;; Add a thin wrapper to prevent the user from inadvertently
>> +                 ;; installing non-free software through the Web Store.
>> +                 ;; TODO: Discover extensions from the profile and pass
>> +                 ;; something like "--disable-extensions-except=...".
>
>                     To be able to work on this, can you (at least in this bug ticket,
>                     explain the TODO part a bit more?

This was inspired by Debians wrapper script, which discovers extensions
installed by Apt and composes this command line.  It allows disabling
the web store while still using extensions.  I'll see if I can improve
the comment.

Thanks for the feedback!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-27  2:00                           ` Mike Gerwitz
  2018-02-28  8:17                             ` ng0
@ 2018-02-28 17:28                             ` Marius Bakke
  1 sibling, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-28 17:28 UTC (permalink / raw)
  To: Mike Gerwitz; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]

Mike Gerwitz <mtg@gnu.org> writes:

> On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:
>> Now, when launching the browser for the first time, it *still* connects
>> to Google services.  After a while it also does a lookup for AdWords...
>
> Do you know what code initiates this?  Would it be easy to remove, and
> would that harm other functionality?

Unfortunately, I don't know what triggers it.  Feel free to try picking
some of the other Inox patches and see if it makes a difference:

https://github.com/gcarq/inox-patchset

Inox goes great lengths to "ungooglify" the browser.  I've decided
against picking *all* their patches, for two reasons:

1) I'd like users to be able to use Chromium with their Google account
if they wish to (although I haven't actually tested this), and more
importantly:

2) More patches means more porting work every new release.  Usually
major versions bumps come with a plethora of security fixes, so I wish
to minimize maintenance overhead.  Just figuring out the changed
dependencies, build flags, and GCC bugs with every release is a lot of
work already.

> Saying that it only runs the first time implies to me that there's a
> flag, and that perhaps the flag can either be permanently set or the
> conditional triggering this behavior removed.

Indeed.  Any help figuring out the offender is very welcome!  No external
connectivity in the default configuration is a goal we should strive for.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-26 22:41                               ` Björn Höfling
  2018-02-27 21:57                                 ` ng0
@ 2018-02-28 17:38                                 ` Marius Bakke
  2018-02-28 18:09                                   ` Björn Höfling
  2018-03-16 17:30                                   ` ng0
  1 sibling, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-02-28 17:38 UTC (permalink / raw)
  To: Björn Höfling; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 4291 bytes --]

Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:

> Hi Marius,
>
> On Mon, 26 Feb 2018 21:06:57 +0100
> Marius Bakke <mbakke@fastmail.com> wrote:
>
>> ng0 <ng0@n0.is> writes:
>> 
>> > Marius Bakke transcribed 2.1K bytes:  
>> >> Mike Gerwitz <mtg@gnu.org> writes:
>> >>   
>> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
>> >> >> If there are no objections, expect to see this in 'master' in
>> >> >> 1-2 weeks.  
>> >> >
>> >> > I want to express gratitude for your hard work on this---given
>> >> > that IceCat does not contain many of the FF devtool updates,
>> >> > Chromium is very desirable for web development.  It's also
>> >> > needed for certain Node.js tools, like node-inspector.
>> >> >
>> >> > So, thank you!  
>> >> 
>> >> Thank *you* for the kind words! :-)
>> >> 
>> >> Here is the latest iteration of this patch.  New in this version:
>> >> 
>> >> * Chromium 64 (duh).
>> >> * The 'delete-bundled-software' phase has been moved to a snippet,
>> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
>> >>   drastically reduces (de)compression time).
>> >> * The New Tab page does not show any thumbnails for new profiles.  
>> >
>> > I think you forgot to attach the patches :)  
>> 
>> Derp.  I realized that and just used `git send-email`[0], but have
>> attached it here for convenience since the debbugs web UI doesn't
>> allow easy download of a raw message.
>> 
>> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>> 
>
>
> This looks like a lot of work. Thank you!
>
> I quickly tried to apply and build the patch and have two first remarks:
>
> The file says:
>
> ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
>
> I haven't followed history, have you worked on this since 2016?

Yeah, I started this shortly after going full-GuixSD in October 2016.
But I didn't submit it until now because I didn't think it met Guix's
standards (and still think it's questionable due to privacy concerns).

> One patch has a hash-mismatch:
>
> Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
>  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
>
> I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
>
> It starts like this:
>
> description: backwards compatibility for older versions of icu
> author: Michael Gilbert <mgilbert@debian.org>
>
> --- a/v8/src/runtime/runtime-intl.cc
> +++ b/v8/src/runtime/runtime-intl.cc
> @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
>
> ...
>
> Can you check this file again?

Whoops, indeed.  I had an older patch in my store and apparently forgot
to update the hash.

The correct hash for %chromium-system-icu.patch is:

19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59

Thanks for letting me know!  I'll send an updated patch later, with some
other minor improvements.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-28 17:38                                 ` Marius Bakke
@ 2018-02-28 18:09                                   ` Björn Höfling
  2018-03-16 17:30                                   ` ng0
  1 sibling, 0 replies; 152+ messages in thread
From: Björn Höfling @ 2018-02-28 18:09 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1186 bytes --]

On Wed, 28 Feb 2018 18:38:56 +0100
Marius Bakke <mbakke@fastmail.com> wrote:

> Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:

> > One patch has a hash-mismatch:
> >
> > Starting download
> > of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> > From
> > https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
> > icu.patch  2KiB                    1.8MiB/s 00:00
> > [####################] 100.0% output path
> > `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch'
> > should have sha256 hash
> > `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has
> > `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' @

[..]

> 
> Whoops, indeed.  I had an older patch in my store and apparently
> forgot to update the hash.
> 
> The correct hash for %chromium-system-icu.patch is:
> 
> 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59
> 
> Thanks for letting me know!  I'll send an updated patch later, with
> some other minor improvements.

With that confirmation, I could build the source derivation.

Thanks.

Björn

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-02-28 17:38                                 ` Marius Bakke
  2018-02-28 18:09                                   ` Björn Höfling
@ 2018-03-16 17:30                                   ` ng0
  2018-03-16 17:45                                     ` Marius Bakke
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-03-16 17:30 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Marius Bakke transcribed 4.8K bytes:
> Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:
> 
> > Hi Marius,
> >
> > On Mon, 26 Feb 2018 21:06:57 +0100
> > Marius Bakke <mbakke@fastmail.com> wrote:
> >
> >> ng0 <ng0@n0.is> writes:
> >> 
> >> > Marius Bakke transcribed 2.1K bytes:  
> >> >> Mike Gerwitz <mtg@gnu.org> writes:
> >> >>   
> >> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> >> >> >> If there are no objections, expect to see this in 'master' in
> >> >> >> 1-2 weeks.  
> >> >> >
> >> >> > I want to express gratitude for your hard work on this---given
> >> >> > that IceCat does not contain many of the FF devtool updates,
> >> >> > Chromium is very desirable for web development.  It's also
> >> >> > needed for certain Node.js tools, like node-inspector.
> >> >> >
> >> >> > So, thank you!  
> >> >> 
> >> >> Thank *you* for the kind words! :-)
> >> >> 
> >> >> Here is the latest iteration of this patch.  New in this version:
> >> >> 
> >> >> * Chromium 64 (duh).
> >> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >> >>   drastically reduces (de)compression time).
> >> >> * The New Tab page does not show any thumbnails for new profiles.  
> >> >
> >> > I think you forgot to attach the patches :)  
> >> 
> >> Derp.  I realized that and just used `git send-email`[0], but have
> >> attached it here for convenience since the debbugs web UI doesn't
> >> allow easy download of a raw message.
> >> 
> >> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> >> 
> >
> >
> > This looks like a lot of work. Thank you!
> >
> > I quickly tried to apply and build the patch and have two first remarks:
> >
> > The file says:
> >
> > ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> >
> > I haven't followed history, have you worked on this since 2016?
> 
> Yeah, I started this shortly after going full-GuixSD in October 2016.
> But I didn't submit it until now because I didn't think it met Guix's
> standards (and still think it's questionable due to privacy concerns).
> 
> > One patch has a hash-mismatch:
> >
> > Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> > From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
> >  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> > output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> > @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> > cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> > @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> > cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> > guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
> >
> > I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
> >
> > It starts like this:
> >
> > description: backwards compatibility for older versions of icu
> > author: Michael Gilbert <mgilbert@debian.org>
> >
> > --- a/v8/src/runtime/runtime-intl.cc
> > +++ b/v8/src/runtime/runtime-intl.cc
> > @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
> >
> > ...
> >
> > Can you check this file again?
> 
> Whoops, indeed.  I had an older patch in my store and apparently forgot
> to update the hash.
> 
> The correct hash for %chromium-system-icu.patch is:
> 
> 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59
> 
> Thanks for letting me know!  I'll send an updated patch later, with some
> other minor improvements.


I think we found it to be good enough to be included in master, or did I miss anything?

Would be nice if I could drop my local patch (and building). The team around Taler seems
to be interested in it as well as far as I can remember our chats in Leipzig.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 17:30                                   ` ng0
@ 2018-03-16 17:45                                     ` Marius Bakke
  2018-03-16 17:52                                       ` ng0
  2018-03-16 19:01                                       ` Adonay Felipe Nogueira
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-03-16 17:45 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 804 bytes --]

ng0 <ng0@n0.is> writes:

> I think we found it to be good enough to be included in master, or did I miss anything?
>
> Would be nice if I could drop my local patch (and building). The team around Taler seems
> to be interested in it as well as far as I can remember our chats in Leipzig.

Reading up on GNU Taler, Chromium seems like a poor choice for an
anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
becoming stable enough for guaranteed privacy any time soon.  And a full
fork would require a large maintenance team.

Unfortunately I got busy after the latest update, and haven't had time
to work on 65 yet.  I will send an update once I get around to it, and
also try some other Inox patches and see if they help with the "first
launch" issue -- hopefully within a week or two.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 17:45                                     ` Marius Bakke
@ 2018-03-16 17:52                                       ` ng0
  2018-07-25  8:08                                         ` ng0
  2018-03-16 19:01                                       ` Adonay Felipe Nogueira
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-03-16 17:52 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0

[-- Attachment #1: Type: text/plain, Size: 1211 bytes --]

Marius Bakke transcribed 1.4K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > I think we found it to be good enough to be included in master, or did I miss anything?
> >
> > Would be nice if I could drop my local patch (and building). The team around Taler seems
> > to be interested in it as well as far as I can remember our chats in Leipzig.
> 
> Reading up on GNU Taler, Chromium seems like a poor choice for an
> anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
> becoming stable enough for guaranteed privacy any time soon.  And a full
> fork would require a large maintenance team.

Why: Ask Taler directly, I'm not involved with them.
And on for what: It is just for the Browser extension. No one is forking
Chromium again.

> Unfortunately I got busy after the latest update, and haven't had time
> to work on 65 yet.  I will send an update once I get around to it, and
> also try some other Inox patches and see if they help with the "first
> launch" issue -- hopefully within a week or two.

Cool, thanks! And thanks for your continued work on this. I'll definitely
try to help out once it is in master.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 17:45                                     ` Marius Bakke
  2018-03-16 17:52                                       ` ng0
@ 2018-03-16 19:01                                       ` Adonay Felipe Nogueira
  2018-03-16 19:34                                         ` ng0
  1 sibling, 1 reply; 152+ messages in thread
From: Adonay Felipe Nogueira @ 2018-03-16 19:01 UTC (permalink / raw)
  To: 28004

> Reading up on GNU Taler, Chromium seems like a poor choice for an
> anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
> becoming stable enough for guaranteed privacy any time soon.  And a full
> fork would require a large maintenance team.

+1 (I agree with you).

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 19:01                                       ` Adonay Felipe Nogueira
@ 2018-03-16 19:34                                         ` ng0
  2018-03-16 21:20                                           ` Adonay Felipe Nogueira
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-03-16 19:34 UTC (permalink / raw)
  To: Adonay Felipe Nogueira; +Cc: 28004

Adonay Felipe Nogueira transcribed 890 bytes:
> > Reading up on GNU Taler, Chromium seems like a poor choice for an
> > anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
> > becoming stable enough for guaranteed privacy any time soon.  And a full
> > fork would require a large maintenance team.
> 
> +1 (I agree with you).

Read the follow-up emails I've sent.

Also, 1 line emails which basically say "+1" are not really good,
even more so when it goes offtopic (this is about getting Chrmium into
Guix!). As we are already offtopic: Want Cross-Browser support
so that the Browser *extension* (Taler is not *a* Browser) runs
in legacy old cruft Icecat base and newer Firefox (which shares
extension format with Chrome?
Good, there's something to work on in Taler if you want it.

Again, I am not a Taler developer, reach out to them.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 19:34                                         ` ng0
@ 2018-03-16 21:20                                           ` Adonay Felipe Nogueira
  0 siblings, 0 replies; 152+ messages in thread
From: Adonay Felipe Nogueira @ 2018-03-16 21:20 UTC (permalink / raw)
  To: 28004

> Guix!). As we are already offtopic: Want Cross-Browser support
> so that the Browser *extension* (Taler is not *a* Browser) runs
> in legacy old cruft Icecat base and newer Firefox (which shares
> extension format with Chrome?
> Good, there's something to work on in Taler if you want it.
>
> Again, I am not a Taler developer, reach out to them.

Indeed, sorry for the bother, I tought I was replying to Taler. I guess
I'm somewhat asleep today.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 65
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
                   ` (3 preceding siblings ...)
  2018-02-26 18:19 ` [bug#28004] [PATCH] gnu: Add chromium Marius Bakke
@ 2018-04-13 19:10 ` Marius Bakke
  2018-04-17 19:10   ` Oleg Pykhalov
  2018-04-24 17:05   ` Christopher Lemmer Webber
  2018-08-29 23:31 ` [bug#28004] (no subject) Amirouche Boubekki
                   ` (2 subsequent siblings)
  7 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-04-13 19:10 UTC (permalink / raw)
  To: 28004


[-- Attachment #1.1: Type: text/plain, Size: 1282 bytes --]

Hello!

Attached is a patch for Chromium 65.

New in this version:

* Deleting third party files is now done with a single traversal of the
  file system, instead of the "shotgun" approach used previously.  I
  also added a second pass to scrub bundled JARs and tarballs, that will
  be incorporated in the "nftw" snippet eventually.

* It's using Clang instead of GCC since the latter is no longer
  supported upstream (as in part of their continuous integration).  GCC5
  in particular is completely broken with this release.  Debian and
  NixOS are apparently able to build it with GCC 6 and 7 respectively,
  but Arch and Gentoo changed to Clang with 65.  Unfortunately GCC6 and
  later has other problems in Guix: <https://bugs.gnu.org/30756>.

* Various tweaks to build options after reading the "GN" flags more
  closely.  In particular, more debugging symbols have been removed.

I haven't done anything on the privacy side since this update was
difficult enough as-is.  You'll notice a few hacks around Clang and
libstdc++, and also that currently only x86_64 is supported due to
unconditionally adding the x86_64 triplet to CPLUS_INCLUDE_PATH.

Hopefully future updates will be easier.  Any feedback on the
Clang/libstdc++ issues mentioned in the patch are very welcome.


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 48410 bytes --]

From 759253a8966e2e6afbeaeb67255e4e067ce33b76 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-glibc-compat.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                  |   3 +
 gnu/packages/chromium.scm                     | 894 ++++++++++++++++++
 .../patches/chromium-glibc-compat.patch       |  38 +
 .../chromium-remove-default-history.patch     |  13 +
 4 files changed, 948 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-glibc-compat.patch
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 3d4b05c77..03f972130 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -94,6 +94,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -591,6 +592,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-glibc-compat.patch		\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-3.5-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-6.0-libc-search-path.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..cecbab7a1
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,894 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index
+        (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+                        revision "/pkgs/applications/networking/browsers"
+                        "/chromium/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; Fix an assignment bug when using Clang and libstdc++.
+(define %chromium-clang-assignment.patch
+  (gentoo-patch "chromium-clang-r3.patch"
+                "804a0d7244a06736d01c353b45c20daf324f0722"
+                "1d10il3mjzyzwgqi8iifw3aw9jnbqfrzz8v1x7cmvqpwjkykwk2a"))
+
+;; Add missing stdint include.
+(define %chromium-add-missing-stdint.patch
+  (gentoo-patch "chromium-stdint.patch"
+                "804a0d7244a06736d01c353b45c20daf324f0722"
+                "03r16zqi0hm3i00b9bwq2bdn2sp731rllizcxfl3i2q7y432a3f0"))
+
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                "debian/65.0.3325.146-4"
+                "1ggdrlz94d75ni21rx6ivvajjwhx7zwnl3s5aapysqn9kls4qsr2"))
+
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                "debian/65.0.3325.146-4"
+                "1k3zc59vpwc8rzbknxryjzzy99jk666whdablzcvxnyzaqk38kfx"))
+
+(define %chromium-system-icu.patch
+  (debian-patch "system/icu.patch"
+                "debian/65.0.3325.146-4"
+                "19wclidx1kyjbi3b3hnmkjs0h34d67p4dp6a48vbjbx9rxmfdk3b"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                "debian/65.0.3325.146-4"
+                "1g5yk51bl7svrqx8wjxsgpz545mnymnpi3bsa62kwdm4qd8bx10x"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
+              "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
+              "0zyshpl1hjssqrfhdfbgxdib4smdszjgf0ac98l978hrn9gwwk03"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
+              "1h698cbp97g8lgmndfy6kswgwfvss7c3k609xgvyxbfldkzy7pd5"))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            (substitute-keyword-arguments (package-arguments opus)
+              ((#:configure-flags flags ''())
+               ;; Opus Custom is an optional extension of the Opus
+               ;; specification that allows for unsupported frame
+               ;; sizes.  Chromium requires that this is enabled.
+               `(cons "--enable-custom-modes"
+                      ,flags))))))
+
+(define libvpx+experimental
+  (package (inherit libvpx)
+           (name "libvpx+experimental")
+           (arguments
+            (substitute-keyword-arguments (package-arguments libvpx)
+              ((#:configure-flags flags)
+               ;; Spatial SVC is an experimental VP9 encoder required
+               ;; by Chromium.
+               `(cons* "--enable-experimental" "--enable-spatial-svc"
+                       ,flags))))))
+
+;; XXX: This ugly libstdc++ variant stems from the fact that building
+;; libstdc++ standalone is not officially supported by GCC upstream, and
+;; the "make-libstdc++" procedure consequently builds a library without
+;; threading support, since the configure script fails to detect gthreads.
+;;
+;; Fixing it properly would require building libgcc (which creates
+;; gthr-default.h) before building libstdc++.  This authors attempts
+;; at doing so were unsuccessful, hence this hack.
+;;
+;; This behaviour changed upstream in this commit:
+;; https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=630d52ca0a88d173f89634a5d7dd8aee07d04d80
+;; ...or around GCC 4.6.  The libstdc++ docs are very explicit about it
+;; not being designed to used standalone (even though it worked just fine
+;; before 4.6, according to multiple mailing list threads around that time),
+;; so upstream is not interested in improving the situation.
+;;
+;; In fact, there used to be an "INSTALL" document with libstdc++, which
+;; is conspicuously missing in later releases.
+;;
+;; An alternative would be to change the GCC package to install C++ headers
+;; in "include" rather than "include/c++".  I tried that too; but it caused
+;; a bootstrapping failure.  The situation is further complicated by the
+;; fact that GCC installs C++ headers in the default output, but libstdc++.so
+;; ends up in "lib".
+;;
+;; To be continued...
+
+(define (libstdc++-from-gcc gcc)
+  "Return a libstdc++ library extracted from gcc.  The primary use case
+is when using compilers other than GCC."
+  (package
+    (inherit gcc)
+    (source #f)
+    (name "libstdc++")
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                  (use-modules (guix build utils))
+                  (let* ((out (assoc-ref %outputs "out"))
+                         (lib (string-append out "/lib"))
+                         (include (string-append out "/include"))
+                         (gcc (assoc-ref %build-inputs "gcc"))
+                         (gcc-lib (assoc-ref %build-inputs "gcc:lib")))
+                    (mkdir-p out)
+                    (copy-recursively (string-append gcc "/include/c++")
+                                      include)
+                    (for-each (lambda (file)
+                                (install-file file lib))
+                              (find-files (string-append gcc-lib "/lib")
+                                          "^libstdc\\+\\+\\.so.*"))
+                    #t))))
+    (outputs '("out"))
+    (inputs `(("gcc" ,gcc)
+              ("gcc:lib" ,gcc "lib")))
+    (native-inputs '())
+    (propagated-inputs '())
+    (synopsis "GNU C++ standard library")))
+
+(define (make-clang-toolchain clang libcxx)
+  "Return a complete toolchain for Clang."
+  (package
+    (name "clang-toolchain")
+    (version (package-version clang))
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build union))
+       #:builder (begin
+                   (use-modules (ice-9 match)
+                                (srfi srfi-26)
+                                (guix build union))
+
+                   (let ((out (assoc-ref %outputs "out")))
+
+                     (match %build-inputs
+                       (((names . directories) ...)
+                        (union-build out directories)))
+                     #t))))
+    (native-search-paths (package-native-search-paths clang))
+    (search-paths (package-search-paths clang))
+    (license (package-license clang))
+    (synopsis "Complete Clang tool chain for C/C++ development")
+    (description
+     "This package provides a complete Clang tool chain for C/C++.  This
+includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
+    (home-page "https://clang.llvm.org")
+    (outputs '("out"))
+    (inputs `(("clang" ,clang)
+              ("libcxx" ,libcxx)
+              ("ld-wrapper" ,(car (assoc-ref (%final-inputs) "ld-wrapper")))
+              ("binutils" ,binutils)
+              ("libc" ,glibc)))))
+
+;; When using Clang, Chromium expects to find "ar" and friends next
+;; to the clang executable.  For simplicity just create this union.
+(define chromium-clang-toolchain
+  (make-clang-toolchain clang (libstdc++-from-gcc gcc-6)))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "65.0.3325.181")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "11w6wg862ixbgm7dpqag2lmbjknv83zlr9imd8zchvmrqr468rlk"))
+              (patches (list %chromium-duckduckgo.patch
+                             %chromium-default-preferences.patch
+                             %chromium-first-run.patch
+                             %chromium-restore-classic-ntp.patch
+
+                             %chromium-clang-assignment.patch
+                             %chromium-add-missing-stdint.patch
+                             %chromium-system-icu.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-glibc-compat.patch")
+                             (search-patch "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (srfi srfi-26)
+                         (ice-9 ftw)
+                         (ice-9 match)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-club
+                         (map
+                          (lambda (path)
+                            ;; Prepend paths with "./" for comparison with ftw.
+                            (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/libevent"
+                           "base/third_party/nspr"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize" ;glog
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "buildtools/third_party/libc++"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/harfbuzz-ng"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/lzma_sdk"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/mt19937ar"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/openmax_dl"
+                           "third_party/ots"
+                           ;; TODO: Build as extension.
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party"
+                           (string-append "third_party/pdfium/third_party/freetype"
+                                          "/include/psnames/pstables.h")
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/qcms"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/spirv-headers"
+                           "third_party/spirv-tools-angle"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party"
+                           "third_party/s2cellid"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/vulkan"
+                           "third_party/vulkan-validation-layers"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/utf8-decoder"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/inspector_protocol"))))
+
+                    (define (empty? dir)
+                      (equal? (scandir dir) '("." "..")))
+
+                    (define (third_party? file)
+                      (if (string-contains file "third_party/")
+                          #t
+                          #f))
+
+                    (define (parents child)
+                      "Return a list of paths up to and including the closest third_party"
+                      (let ((lst (reverse (string-split child #\/))))
+                        (let loop ((hierarchy lst)
+                                   (result '()))
+                          (if (or (null? hierarchy)
+                                  (and (not (null? result))
+                                       (string-suffix? "third_party" (car result))))
+                              result
+                              (loop (cdr hierarchy)
+                                    (cons (string-join (reverse hierarchy) "/")
+                                          result))))))
+
+                    (define (delete-unwanted child stat flag base level)
+                      (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
+                        (match flag
+                          ((or 'regular 'symlink 'stale-symlink)
+                           (when (third_party? child)
+                             (unless (or (member child preserved-club)
+                                         (any (cute member <> preserved-club)
+                                              (parents child))
+                                         (regexp-exec protected child))
+                               (delete-file child)))
+                           #t)
+                          ('directory-processed
+                           (when (empty? child)
+                             (rmdir child))
+                           #t)
+                          (_ #t))))
+
+                    (nftw "." delete-unwanted 'depth 'physical)
+
+                    ;; Do a second pass to get rid of various binary archives.
+                    (for-each delete-file
+                              (find-files "." "\\.(zip|jar|tar.gz|exe)$"))
+
+                    ;; Replace "GN" files from third_party with shims for
+                    ;; building against system libraries.  Keep this list in
+                    ;; sync with "build/linux/unbundle/replace_gn_files.py".
+                    (for-each (lambda (pair)
+                                (let ((source (string-append
+                                               "build/linux/unbundle/" (car pair)))
+                                      (dest (cdr pair)))
+                                  (copy-file source dest)))
+                              (list
+                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                               '("flac.gn" . "third_party/flac/BUILD.gn")
+                               '("fontconfig.gn" . "third_party/fontconfig/BUILD.gn")
+                               '("freetype.gn" . "build/config/freetype/freetype.gni")
+                               '("harfbuzz-ng.gn" .
+                                 "third_party/harfbuzz-ng/harfbuzz.gni")
+                               '("icu.gn" . "third_party/icu/BUILD.gn")
+                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                               '("libjpeg.gn" .
+                                 "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                               '("libxml.gn" . "third_party/libxml/BUILD.gn")
+                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                               '("opus.gn" . "third_party/opus/BUILD.gn")
+                               '("re2.gn" . "third_party/re2/BUILD.gn")
+                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                    #t)))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (find-files (string-append "third_party/webrtc/modules"
+                                                  "/audio_coding/codecs/opus")))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (clang-toolchain (assoc-ref inputs "clang-toolchain"))
+                    (gtk+ (assoc-ref inputs "gtk+"))
+                    (mesa (assoc-ref inputs "mesa"))
+                    (nss (assoc-ref inputs "nss"))
+                    (udev (assoc-ref inputs "udev"))
+                    (gn-flags
+                     (list
+                      ;; See tools/gn/docs/cookbook.md and
+                      ;; https://www.chromium.org/developers/gn-build-configuration
+                      ;; for usage.  Run "./gn args . --list" in the Release
+                      ;; directory for an exhaustive list of supported flags.
+                      "is_debug=false"
+                      "use_gold=false"
+                      "use_lld=false"
+                      "linux_use_bundled_binutils=false"
+                      "use_custom_libcxx=false"
+                      "use_sysroot=false"
+                      "enable_precompiled_headers=false"
+                      "goma_dir=\"\""
+                      "enable_nacl=false"
+                      "enable_nacl_nonsfi=false"
+                      "use_allocator=\"none\"" ;don't use tcmalloc
+                      "override_build_date=\"01 01 2000 05:00:00\""
+                      "use_unofficial_version_number=false"
+
+                      ;; GCC is poorly supported, so we use Clang for now.
+                      (string-append "clang_base_path=\"" clang-toolchain "\"")
+                      "clang_use_chrome_plugins=false"
+
+                      ;; Optimize for building everything at once, as opposed
+                      ;; to incrementally for development.  See "docs/jumbo.md".
+                      "use_jumbo_build=true"
+                      ;; Disable debugging features to save space.
+                      "symbol_level=1"
+                      "remove_webcore_debug_symbols=true"
+                      "enable_iterator_debugging=false"
+                      ;; Some of the unbundled libraries throws deprecation
+                      ;; warnings, etc.  Ignore it.
+                      "treat_warnings_as_errors=false"
+                      ;; Don't add any API keys.  End users can set them in the
+                      ;; environment if desired.  See
+                      ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+                      "use_official_google_api_keys=false"
+                      ;; Disable "field trials".
+                      "fieldtrial_testing_like_official_build=true"
+                      ;; Disable Chrome Remote Desktop (aka Chromoting).
+                      "enable_remoting=false"
+
+                      "use_system_freetype=true"
+                      "use_system_lcms2=true"
+                      "use_system_libjpeg=true"
+                      "use_system_libpng=true"
+                      "use_system_zlib=true"
+                      ;; This is currently not supported on GNU/Linux:
+                      ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                      ;;"use_system_sqlite=true"
+
+                      "use_gnome_keyring=false" ;deprecated by libsecret
+                      "use_gtk3=true"
+                      "use_openh264=true"
+                      "use_xkbcommon=true"
+                      "use_pulseaudio=true"
+                      "link_pulseaudio=true"
+
+                      ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                      "proprietary_codecs=true"
+                      "ffmpeg_branding=\"Chrome\""
+
+                      ;; WebRTC stuff.
+                      "rtc_use_h264=true"
+                      ;; Don't use bundled sources.
+                      "rtc_build_json=false"
+                      "rtc_build_libevent=false"
+                      "rtc_build_libvpx=false"
+                      "rtc_build_opus=false"
+                      "rtc_build_ssl=false"
+                      ;; TODO: Package these.
+                      "rtc_build_libsrtp=true" ;2.0
+                      "rtc_build_openmax_dl=true"
+                      "rtc_build_usrsctp=true"
+                      (string-append "rtc_jsoncpp_root=\""
+                                     (assoc-ref inputs "jsoncpp")
+                                     "/include/jsoncpp/json\"")
+                      (string-append "rtc_ssl_root=\""
+                                     (assoc-ref inputs "openssl")
+                                     "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "clang")
+               (setenv "CXX" "clang++")
+
+               ;; FIXME: This nasty hack works around a problem where
+               ;; Clang does not add the arch triplet to the libtsdc++
+               ;; search path.  Fixing it seems tricky, since it only
+               ;; searches "include/<triplet>" when it detects libstdc++
+               ;; in GCC which is not the case in Guix; the only reason
+               ;; libstdc++ works here is because it's already on the
+               ;; include path...
+               (setenv "CPLUS_INCLUDE_PATH"
+                       (string-append (getenv "CPLUS_INCLUDE_PATH")
+                                      ":" clang-toolchain
+                                      "/include/x86_64-unknown-linux-gnu"))
+
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (invoke "python"
+                        "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
+                ;; Generate ninja build files.
+                (invoke "./out/Release/gn" "gen" "out/Release"
+                        (string-append "--args="
+                                       (string-join gn-flags " ")))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("clang-toolchain" ,chromium-clang-toolchain)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser designed for speed and security.  This
+version incorporates patches from
+@url{https://github.com/gcarq/inox-patchset,Inox} and
+@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-glibc-compat.patch b/gnu/packages/patches/chromium-glibc-compat.patch
new file mode 100644
index 000000000..720adbeef
--- /dev/null
+++ b/gnu/packages/patches/chromium-glibc-compat.patch
@@ -0,0 +1,38 @@
+Upstream-Status: Backport
+
+Signed-off-by: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
+---
+From 9f63f94a11abc34d40ede8b8712fa15b5844a8c0 Mon Sep 17 00:00:00 2001
+From: Tom Anderson <thomasanderson@chromium.org>
+Date: Sat, 27 Jan 2018 20:03:37 +0000
+Subject: [PATCH] Fix build with glibc 2.27
+
+BUG=806340
+TBR=hamelphi@chromium.org
+
+Change-Id: Ib4e5091212d874d9ad88f3e9a1fdfee3ed7e0d5e
+Reviewed-on: https://chromium-review.googlesource.com/890059
+Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
+Reviewed-by: Philippe Hamel <hamelphi@chromium.org>
+Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#532249}
+---
+ components/assist_ranker/ranker_example_util.cc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/components/assist_ranker/ranker_example_util.cc b/components/assist_ranker/ranker_example_util.cc
+index 54d4dbd58f7d..ceedd8f9b18d 100644
+--- a/components/assist_ranker/ranker_example_util.cc
++++ b/components/assist_ranker/ranker_example_util.cc
+@@ -2,6 +2,8 @@
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ 
++#include <math.h>
++
+ #include "components/assist_ranker/ranker_example_util.h"
+ #include "base/bit_cast.h"
+ #include "base/format_macros.h"
+-- 
+2.14.3
+
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..38be10820
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+ 
+ void InitializePrepopulatedPageList(
+     history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if false
+   DCHECK(prepopulated_pages);
+   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
-- 
2.17.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 65
  2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
@ 2018-04-17 19:10   ` Oleg Pykhalov
  2018-04-24 17:05   ` Christopher Lemmer Webber
  1 sibling, 0 replies; 152+ messages in thread
From: Oleg Pykhalov @ 2018-04-17 19:10 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 587 bytes --]

Hello Marius,

First of all, thank you for working on this!

Marius Bakke <mbakke@fastmail.com> writes:

> Attached is a patch for Chromium 65.

I've built it successfully.  Thank you for such a hard work!


I build ‘chromium’ from my first day of using GuixSD (about one year).
Because of I cannot build it constantly, I always use out of date
‘chromium’ closure.  It's more worse for privacy and security than
unchecked new ‘chromium’ version in my case (I guess).

Could we have it pushed to ‘origin/master’ for people like me?  :-)

Thanks,
Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 65
  2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
  2018-04-17 19:10   ` Oleg Pykhalov
@ 2018-04-24 17:05   ` Christopher Lemmer Webber
  2018-04-24 18:08     ` [bug#28004] Chromium 66 + status update Marius Bakke
  1 sibling, 1 reply; 152+ messages in thread
From: Christopher Lemmer Webber @ 2018-04-24 17:05 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Hello!  I'd like to speak up in favor of getting Chromium merged into
Guix master.  As a web developer, sometimes I have to test things
against multiple browsers.  Having Chromium in GuixSD would help me out
a lot.

It looks like a mountain of hard work has been put into this.  Could we
get it merged rather than have that work languish?

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 17:05   ` Christopher Lemmer Webber
@ 2018-04-24 18:08     ` Marius Bakke
  2018-04-24 18:45       ` Christopher Lemmer Webber
                         ` (2 more replies)
  0 siblings, 3 replies; 152+ messages in thread
From: Marius Bakke @ 2018-04-24 18:08 UTC (permalink / raw)
  To: Christopher Lemmer Webber; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 1951 bytes --]

Christopher Lemmer Webber <cwebber@dustycloud.org> writes:

> Hello!  I'd like to speak up in favor of getting Chromium merged into
> Guix master.  As a web developer, sometimes I have to test things
> against multiple browsers.  Having Chromium in GuixSD would help me out
> a lot.
>
> It looks like a mountain of hard work has been put into this.  Could we
> get it merged rather than have that work languish?

Hello!

I use this browser a lot, so it's hardly languishing.

There was a recent discussion[0] about the Pale Moon browser, where it
was pointed out that the FSDG[1] requires that any third-party
repositories must be committed to only free software.

[0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
[1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules

Unfortunately there are UI links to the Chrome "Web Store" still.  It's
not possible to install from it without setting the
CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
sufficient.  It's unfortunate if an unsuspecting user stumbles into the
Web Store and tries to install something (free or not) and only then
finds out that it does not work.

The other remaining issue is that some data is sent to Google whenever
you start the browser for the first time.  I don't think that's a
blocker, but it's certainly something we should aim to fix.

Attached are updates for 66.  The first is an interdiff from the
previous 65 patch; the other is the full "squashed" patch for
convenience.

New in this version:

* The snippet will now error if a preserved directory is not present.
* Chromium again requires a git revision of libvpx.
* The "safe browsing" feature requires the nonfree "unrar" program(!!),
  as such it has been compiled out.  Luckily "Inox" already had a patch
  to make the thing actually build with that flag disabled.
* Cosmetic rearrangement of patches to follow Debian and Inox patch order.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-Chromium-66-update.patch --]
[-- Type: text/x-patch, Size: 19463 bytes --]

From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 17 Apr 2018 03:54:56 +0200
Subject: [PATCH] Chromium 66 update.

---
 gnu/local.mk                                  |   1 -
 gnu/packages/chromium.scm                     | 173 ++++++++++++------
 .../patches/chromium-glibc-compat.patch       |  38 ----
 3 files changed, 115 insertions(+), 97 deletions(-)
 delete mode 100644 gnu/packages/patches/chromium-glibc-compat.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index fdb15a074..0bc3220f8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -592,7 +592,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
-  %D%/packages/patches/chromium-glibc-compat.patch		\
   %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-3.5-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index cecbab7a1..a6f9fec0f 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -122,63 +122,89 @@
     (sha256 (base32 hash))
     (file-name (chromium-patch-file-name pathspec))))
 
-;; Fix an assignment bug when using Clang and libstdc++.
-(define %chromium-clang-assignment.patch
-  (gentoo-patch "chromium-clang-r3.patch"
-                "804a0d7244a06736d01c353b45c20daf324f0722"
-                "1d10il3mjzyzwgqi8iifw3aw9jnbqfrzz8v1x7cmvqpwjkykwk2a"))
-
-;; Add missing stdint include.
-(define %chromium-add-missing-stdint.patch
-  (gentoo-patch "chromium-stdint.patch"
-                "804a0d7244a06736d01c353b45c20daf324f0722"
-                "03r16zqi0hm3i00b9bwq2bdn2sp731rllizcxfl3i2q7y432a3f0"))
+(define %debian-revision "debian/66.0.3359.26-1")
+(define %gentoo-revision "599be358f257098e7ba29196f6fce498b0a8d208")
+(define %inox-revision "365a106e298e04b4a7063559b7a0ee16888b928f")
 
+;; Use system NSPR.
 (define %chromium-system-nspr.patch
   (debian-patch "system/nspr.patch"
-                "debian/65.0.3325.146-4"
-                "1ggdrlz94d75ni21rx6ivvajjwhx7zwnl3s5aapysqn9kls4qsr2"))
+                %debian-revision
+                "0x54c8zhwjldlnx4754aaq0xyb24spqia3fgn94kcf686wp61srz"))
 
+;; And system libevent.
 (define %chromium-system-libevent.patch
   (debian-patch "system/event.patch"
-                "debian/65.0.3325.146-4"
-                "1k3zc59vpwc8rzbknxryjzzy99jk666whdablzcvxnyzaqk38kfx"))
+                %debian-revision
+                "18ka0zmfd6g5yxhknh6x94bfm643v1kgczzag5sfndizsaaxrlpc"))
 
-(define %chromium-system-icu.patch
-  (debian-patch "system/icu.patch"
-                "debian/65.0.3325.146-4"
-                "19wclidx1kyjbi3b3hnmkjs0h34d67p4dp6a48vbjbx9rxmfdk3b"))
+;; Avoid dependency on Chromiums embedded libc++ library for GN.
+(define %chromium-gn-libcxx.patch
+  (debian-patch "gn/libcxx.patch"
+                %debian-revision
+                "14rx16abxv0pz4qyp194cy999z3390hxi80rdbjs3v2lwscx36cl"))
 
 ;; Don't show a warning about missing API keys.
 (define %chromium-disable-api-keys-warning.patch
   (debian-patch "disable/google-api-warning.patch"
-                "debian/65.0.3325.146-4"
-                "1g5yk51bl7svrqx8wjxsgpz545mnymnpi3bsa62kwdm4qd8bx10x"))
+                %debian-revision
+                "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
 
-;; Add DuckDuckGo and set it as the default search engine.
-(define %chromium-duckduckgo.patch
-  (inox-patch "0011-add-duckduckgo-search-engine.patch"
-              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
-              "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+;; Some files were missing in the Chromium 66 release tarball.
+;; See <https://crbug.com/832283>.
+(define %chromium-add-blink-tools.patch
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
+                        "/chromium-browser/bionic-stable/download/head:"
+                        "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
+                        "/add-missing-blink-tools.patch"))
+    (sha256
+     (base32
+      "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
 
-;; Don't start a "Login Wizard" at first launch.
-(define %chromium-first-run.patch
-  (inox-patch "0018-disable-first-run-behaviour.patch"
-              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
-              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+;; Fix an assignment bug when using Clang and libstdc++.
+(define %chromium-clang-assignment.patch
+  (gentoo-patch "chromium-clang-r4.patch"
+                %gentoo-revision
+                "0ip3pzk9is6n7icpml33ryysiq4cfrx8jlr0jkjgdg6mvl8pli3i"))
+
+;; Fix error detecting system ffmpeg.
+(define %chromium-ffmpeg.patch
+  (gentoo-patch "chromium-ffmpeg-r1.patch"
+                %gentoo-revision
+                "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a"))
+
+;; Fix build failure when built with "safe_browsing_mode=0".
+(define %chromium-build-without-safebrowsing.patch
+  (inox-patch "0001-fix-building-without-safebrowsing.patch"
+              %inox-revision
+              "0r1as6vmc6bbc7i54cxbmbm6rrwj33a12hfz6rzj0yxyqnnps00f"))
 
 ;; Use privacy-preserving defaults.
 (define %chromium-default-preferences.patch
   (inox-patch "0006-modify-default-prefs.patch"
-              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
-              "0zyshpl1hjssqrfhdfbgxdib4smdszjgf0ac98l978hrn9gwwk03"))
+              %inox-revision
+              "1ncjij9sib7fliafpv37j1zf8zz5hvyxqad669vvadg7vvwr9rza"))
 
 ;; Recent versions of Chromium may load a remote search engine on the
 ;; New Tab Page, causing unnecessary and involuntary network traffic.
 (define %chromium-restore-classic-ntp.patch
   (inox-patch "0008-restore-classic-ntp.patch"
-              "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
-              "1h698cbp97g8lgmndfy6kswgwfvss7c3k609xgvyxbfldkzy7pd5"))
+              %inox-revision
+              "1jl978qas2ry9lnq6x42xl4qa6arxxj9a37k9j2wclz2pin8cmzn"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              %inox-revision
+              "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              %inox-revision
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
 
 (define opus+custom
   (package (inherit opus)
@@ -194,6 +220,17 @@
 
 (define libvpx+experimental
   (package (inherit libvpx)
+           ;; XXX: Chromium 66 relies on unreleased libvpx features.
+           ;; The commit below is the tip of the "m66-3359" branch
+           ;; as of 2018-04-19.
+           (source (origin
+                     (method git-fetch)
+                     (uri (git-reference
+                           (url "https://chromium.googlesource.com/webm/libvpx")
+                           (commit "e9fff8a9dbcd03fbf3e5b7caaa9dc2631a79882a")))
+                     (sha256
+                      (base32
+                       "1b1d89dlbr8ydakvp82cg6xnlnkz5hj7679f4pgxwlgd6x46f4g2"))))
            (name "libvpx+experimental")
            (arguments
             (substitute-keyword-arguments (package-arguments libvpx)
@@ -305,7 +342,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
 (define-public chromium
   (package
     (name "chromium")
-    (version "65.0.3325.181")
+    (version "66.0.3359.117")
     (synopsis "Graphical web browser")
     (source (origin
               (method url-fetch)
@@ -314,19 +351,22 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "11w6wg862ixbgm7dpqag2lmbjknv83zlr9imd8zchvmrqr468rlk"))
-              (patches (list %chromium-duckduckgo.patch
-                             %chromium-default-preferences.patch
-                             %chromium-first-run.patch
-                             %chromium-restore-classic-ntp.patch
-
-                             %chromium-clang-assignment.patch
-                             %chromium-add-missing-stdint.patch
-                             %chromium-system-icu.patch
+                "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
+              (patches (list %chromium-gn-libcxx.patch
+                             %chromium-disable-api-keys-warning.patch
                              %chromium-system-nspr.patch
                              %chromium-system-libevent.patch
-                             %chromium-disable-api-keys-warning.patch
-                             (search-patch "chromium-glibc-compat.patch")
+
+                             %chromium-add-blink-tools.patch
+
+                             %chromium-clang-assignment.patch
+                             %chromium-ffmpeg.patch
+
+                             %chromium-build-without-safebrowsing.patch
+                             %chromium-default-preferences.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-duckduckgo.patch
+                             %chromium-first-run.patch
                              (search-patch "chromium-remove-default-history.patch")))
               (modules '((srfi srfi-1)
                          (srfi srfi-26)
@@ -351,7 +391,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "base/third_party/symbolize" ;glog
                            "base/third_party/xdg_mime"
                            "base/third_party/xdg_user_dirs"
-                           "buildtools/third_party/libc++"
                            "chrome/third_party/mozilla_security_manager"
                            "courgette/third_party"
                            "net/third_party/mozilla_security_manager"
@@ -367,6 +406,10 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/angle/src/third_party/compiler"
                            "third_party/angle/src/third_party/libXNVCtrl"
                            "third_party/angle/src/third_party/trace_event"
+                           "third_party/angle/third_party/glslang"
+                           "third_party/angle/third_party/spirv-headers"
+                           "third_party/angle/third_party/spirv-tools"
+                           "third_party/angle/third_party/vulkan-validation-layers"
                            "third_party/blink"
                            "third_party/boringssl"
                            "third_party/boringssl/src/third_party/fiat"
@@ -406,6 +449,8 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/leveldatabase"
                            "third_party/libXNVCtrl"
                            "third_party/libaddressinput"
+                           "third_party/libaom"
+                           "third_party/libaom/source/libaom/third_party/x86inc/x86inc.asm"
                            "third_party/libjingle_xmpp"
                            "third_party/libphonenumber"
                            "third_party/libsecret" ;FIXME: needs pkg-config support.
@@ -420,7 +465,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/mesa"
                            "third_party/metrics_proto"
                            "third_party/modp_b64"
-                           "third_party/mt19937ar"
                            "third_party/node"
                            (string-append "third_party/node/node_modules/"
                                           "polymer-bundler/lib/third_party/UglifyJS2")
@@ -430,7 +474,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/pdfium"
                            "third_party/pdfium/third_party"
                            (string-append "third_party/pdfium/third_party/freetype"
-                                          "/include/psnames/pstables.h")
+                                          "/include/pstables.h")
                            "third_party/ply"
                            "third_party/polymer"
                            "third_party/protobuf"
@@ -442,16 +486,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/skia/third_party/gif"
                            "third_party/smhasher"
                            "third_party/speech-dispatcher"
-                           "third_party/spirv-headers"
-                           "third_party/spirv-tools-angle"
                            "third_party/sqlite"
                            "third_party/swiftshader"
                            "third_party/swiftshader/third_party"
                            "third_party/s2cellid"
                            "third_party/usb_ids"
                            "third_party/usrsctp"
-                           "third_party/vulkan"
-                           "third_party/vulkan-validation-layers"
                            "third_party/WebKit"
                            "third_party/web-animations-js"
                            "third_party/webrtc"
@@ -475,6 +515,10 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                           #t
                           #f))
 
+                    (define (useless? file)
+                      (any (cute string-suffix? <> file)
+                           '(".tar.gz" ".zip" ".exe" ".jar")))
+
                     (define (parents child)
                       "Return a list of paths up to and including the closest third_party"
                       (let ((lst (reverse (string-split child #\/))))
@@ -492,11 +536,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                       (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
                         (match flag
                           ((or 'regular 'symlink 'stale-symlink)
-                           (when (third_party? child)
+                           (when (or (third_party? child) (useless? child))
                              (unless (or (member child preserved-club)
                                          (any (cute member <> preserved-club)
                                               (parents child))
                                          (regexp-exec protected child))
+                               (format (current-error-port) "deleting ~s~%" child)
                                (delete-file child)))
                            #t)
                           ('directory-processed
@@ -507,9 +552,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
 
                     (nftw "." delete-unwanted 'depth 'physical)
 
-                    ;; Do a second pass to get rid of various binary archives.
-                    (for-each delete-file
-                              (find-files "." "\\.(zip|jar|tar.gz|exe)$"))
+                    ;; Assert that each listed item is present to catch removals.
+                    (for-each (lambda (third-party)
+                                (unless (file-exists? third-party)
+                                  (error (format #f "~s does not exist!" third-party))))
+                              preserved-club)
 
                     ;; Replace "GN" files from third_party with shims for
                     ;; building against system libraries.  Keep this list in
@@ -635,7 +682,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                       "override_build_date=\"01 01 2000 05:00:00\""
                       "use_unofficial_version_number=false"
 
+                      ;; Disable "safe browsing", which pulls in a dependency
+                      ;; on the nonfree "unrar" program.
+                      "safe_browsing_mode=0"
+
                       ;; GCC is poorly supported, so we use Clang for now.
+                      ;;"is_clang=false"
                       (string-append "clang_base_path=\"" clang-toolchain "\"")
                       "clang_use_chrome_plugins=false"
 
@@ -716,6 +768,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                        (string-append (getenv "CPLUS_INCLUDE_PATH")
                                       ":" clang-toolchain
                                       "/include/x86_64-unknown-linux-gnu"))
+               ;; XXX: For some reason this is needed also for C code (libaom).
+               (setenv "C_INCLUDE_PATH"
+                       (string-append (getenv "C_INCLUDE_PATH")
+                                      ":" clang-toolchain
+                                      "/include/x86_64-unknown-linux-gnu"))
 
                ;; TODO: pre-compile instead. Avoids a race condition.
                (setenv "PYTHONDONTWRITEBYTECODE" "1")
diff --git a/gnu/packages/patches/chromium-glibc-compat.patch b/gnu/packages/patches/chromium-glibc-compat.patch
deleted file mode 100644
index 720adbeef..000000000
--- a/gnu/packages/patches/chromium-glibc-compat.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
----
-From 9f63f94a11abc34d40ede8b8712fa15b5844a8c0 Mon Sep 17 00:00:00 2001
-From: Tom Anderson <thomasanderson@chromium.org>
-Date: Sat, 27 Jan 2018 20:03:37 +0000
-Subject: [PATCH] Fix build with glibc 2.27
-
-BUG=806340
-TBR=hamelphi@chromium.org
-
-Change-Id: Ib4e5091212d874d9ad88f3e9a1fdfee3ed7e0d5e
-Reviewed-on: https://chromium-review.googlesource.com/890059
-Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
-Reviewed-by: Philippe Hamel <hamelphi@chromium.org>
-Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#532249}
----
- components/assist_ranker/ranker_example_util.cc | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/components/assist_ranker/ranker_example_util.cc b/components/assist_ranker/ranker_example_util.cc
-index 54d4dbd58f7d..ceedd8f9b18d 100644
---- a/components/assist_ranker/ranker_example_util.cc
-+++ b/components/assist_ranker/ranker_example_util.cc
-@@ -2,6 +2,8 @@
- // Use of this source code is governed by a BSD-style license that can be
- // found in the LICENSE file.
- 
-+#include <math.h>
-+
- #include "components/assist_ranker/ranker_example_util.h"
- #include "base/bit_cast.h"
- #include "base/format_macros.h"
--- 
-2.14.3
-
-- 
2.17.0


[-- Attachment #1.3: Type: text/plain, Size: 25 bytes --]


...and the full thing:


[-- Attachment #1.4: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 49290 bytes --]

From 0b08dd695ee9f3d8e64173dea5f9d0470ed92718 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-glibc-compat.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                  |   2 +
 gnu/packages/chromium.scm                     | 951 ++++++++++++++++++
 .../chromium-remove-default-history.patch     |  13 +
 3 files changed, 966 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 056a46cb7..0bc3220f8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -94,6 +94,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -591,6 +592,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-3.5-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-6.0-libc-search-path.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..a6f9fec0f
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,951 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index
+        (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+                        revision "/pkgs/applications/networking/browsers"
+                        "/chromium/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+(define %debian-revision "debian/66.0.3359.26-1")
+(define %gentoo-revision "599be358f257098e7ba29196f6fce498b0a8d208")
+(define %inox-revision "365a106e298e04b4a7063559b7a0ee16888b928f")
+
+;; Use system NSPR.
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                %debian-revision
+                "0x54c8zhwjldlnx4754aaq0xyb24spqia3fgn94kcf686wp61srz"))
+
+;; And system libevent.
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                %debian-revision
+                "18ka0zmfd6g5yxhknh6x94bfm643v1kgczzag5sfndizsaaxrlpc"))
+
+;; Avoid dependency on Chromiums embedded libc++ library for GN.
+(define %chromium-gn-libcxx.patch
+  (debian-patch "gn/libcxx.patch"
+                %debian-revision
+                "14rx16abxv0pz4qyp194cy999z3390hxi80rdbjs3v2lwscx36cl"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                %debian-revision
+                "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
+
+;; Some files were missing in the Chromium 66 release tarball.
+;; See <https://crbug.com/832283>.
+(define %chromium-add-blink-tools.patch
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
+                        "/chromium-browser/bionic-stable/download/head:"
+                        "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
+                        "/add-missing-blink-tools.patch"))
+    (sha256
+     (base32
+      "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
+
+;; Fix an assignment bug when using Clang and libstdc++.
+(define %chromium-clang-assignment.patch
+  (gentoo-patch "chromium-clang-r4.patch"
+                %gentoo-revision
+                "0ip3pzk9is6n7icpml33ryysiq4cfrx8jlr0jkjgdg6mvl8pli3i"))
+
+;; Fix error detecting system ffmpeg.
+(define %chromium-ffmpeg.patch
+  (gentoo-patch "chromium-ffmpeg-r1.patch"
+                %gentoo-revision
+                "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a"))
+
+;; Fix build failure when built with "safe_browsing_mode=0".
+(define %chromium-build-without-safebrowsing.patch
+  (inox-patch "0001-fix-building-without-safebrowsing.patch"
+              %inox-revision
+              "0r1as6vmc6bbc7i54cxbmbm6rrwj33a12hfz6rzj0yxyqnnps00f"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              %inox-revision
+              "1ncjij9sib7fliafpv37j1zf8zz5hvyxqad669vvadg7vvwr9rza"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              %inox-revision
+              "1jl978qas2ry9lnq6x42xl4qa6arxxj9a37k9j2wclz2pin8cmzn"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              %inox-revision
+              "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              %inox-revision
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            (substitute-keyword-arguments (package-arguments opus)
+              ((#:configure-flags flags ''())
+               ;; Opus Custom is an optional extension of the Opus
+               ;; specification that allows for unsupported frame
+               ;; sizes.  Chromium requires that this is enabled.
+               `(cons "--enable-custom-modes"
+                      ,flags))))))
+
+(define libvpx+experimental
+  (package (inherit libvpx)
+           ;; XXX: Chromium 66 relies on unreleased libvpx features.
+           ;; The commit below is the tip of the "m66-3359" branch
+           ;; as of 2018-04-19.
+           (source (origin
+                     (method git-fetch)
+                     (uri (git-reference
+                           (url "https://chromium.googlesource.com/webm/libvpx")
+                           (commit "e9fff8a9dbcd03fbf3e5b7caaa9dc2631a79882a")))
+                     (sha256
+                      (base32
+                       "1b1d89dlbr8ydakvp82cg6xnlnkz5hj7679f4pgxwlgd6x46f4g2"))))
+           (name "libvpx+experimental")
+           (arguments
+            (substitute-keyword-arguments (package-arguments libvpx)
+              ((#:configure-flags flags)
+               ;; Spatial SVC is an experimental VP9 encoder required
+               ;; by Chromium.
+               `(cons* "--enable-experimental" "--enable-spatial-svc"
+                       ,flags))))))
+
+;; XXX: This ugly libstdc++ variant stems from the fact that building
+;; libstdc++ standalone is not officially supported by GCC upstream, and
+;; the "make-libstdc++" procedure consequently builds a library without
+;; threading support, since the configure script fails to detect gthreads.
+;;
+;; Fixing it properly would require building libgcc (which creates
+;; gthr-default.h) before building libstdc++.  This authors attempts
+;; at doing so were unsuccessful, hence this hack.
+;;
+;; This behaviour changed upstream in this commit:
+;; https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=630d52ca0a88d173f89634a5d7dd8aee07d04d80
+;; ...or around GCC 4.6.  The libstdc++ docs are very explicit about it
+;; not being designed to used standalone (even though it worked just fine
+;; before 4.6, according to multiple mailing list threads around that time),
+;; so upstream is not interested in improving the situation.
+;;
+;; In fact, there used to be an "INSTALL" document with libstdc++, which
+;; is conspicuously missing in later releases.
+;;
+;; An alternative would be to change the GCC package to install C++ headers
+;; in "include" rather than "include/c++".  I tried that too; but it caused
+;; a bootstrapping failure.  The situation is further complicated by the
+;; fact that GCC installs C++ headers in the default output, but libstdc++.so
+;; ends up in "lib".
+;;
+;; To be continued...
+
+(define (libstdc++-from-gcc gcc)
+  "Return a libstdc++ library extracted from gcc.  The primary use case
+is when using compilers other than GCC."
+  (package
+    (inherit gcc)
+    (source #f)
+    (name "libstdc++")
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                  (use-modules (guix build utils))
+                  (let* ((out (assoc-ref %outputs "out"))
+                         (lib (string-append out "/lib"))
+                         (include (string-append out "/include"))
+                         (gcc (assoc-ref %build-inputs "gcc"))
+                         (gcc-lib (assoc-ref %build-inputs "gcc:lib")))
+                    (mkdir-p out)
+                    (copy-recursively (string-append gcc "/include/c++")
+                                      include)
+                    (for-each (lambda (file)
+                                (install-file file lib))
+                              (find-files (string-append gcc-lib "/lib")
+                                          "^libstdc\\+\\+\\.so.*"))
+                    #t))))
+    (outputs '("out"))
+    (inputs `(("gcc" ,gcc)
+              ("gcc:lib" ,gcc "lib")))
+    (native-inputs '())
+    (propagated-inputs '())
+    (synopsis "GNU C++ standard library")))
+
+(define (make-clang-toolchain clang libcxx)
+  "Return a complete toolchain for Clang."
+  (package
+    (name "clang-toolchain")
+    (version (package-version clang))
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build union))
+       #:builder (begin
+                   (use-modules (ice-9 match)
+                                (srfi srfi-26)
+                                (guix build union))
+
+                   (let ((out (assoc-ref %outputs "out")))
+
+                     (match %build-inputs
+                       (((names . directories) ...)
+                        (union-build out directories)))
+                     #t))))
+    (native-search-paths (package-native-search-paths clang))
+    (search-paths (package-search-paths clang))
+    (license (package-license clang))
+    (synopsis "Complete Clang tool chain for C/C++ development")
+    (description
+     "This package provides a complete Clang tool chain for C/C++.  This
+includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
+    (home-page "https://clang.llvm.org")
+    (outputs '("out"))
+    (inputs `(("clang" ,clang)
+              ("libcxx" ,libcxx)
+              ("ld-wrapper" ,(car (assoc-ref (%final-inputs) "ld-wrapper")))
+              ("binutils" ,binutils)
+              ("libc" ,glibc)))))
+
+;; When using Clang, Chromium expects to find "ar" and friends next
+;; to the clang executable.  For simplicity just create this union.
+(define chromium-clang-toolchain
+  (make-clang-toolchain clang (libstdc++-from-gcc gcc-6)))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "66.0.3359.117")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
+              (patches (list %chromium-gn-libcxx.patch
+                             %chromium-disable-api-keys-warning.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+
+                             %chromium-add-blink-tools.patch
+
+                             %chromium-clang-assignment.patch
+                             %chromium-ffmpeg.patch
+
+                             %chromium-build-without-safebrowsing.patch
+                             %chromium-default-preferences.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-duckduckgo.patch
+                             %chromium-first-run.patch
+                             (search-patch "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (srfi srfi-26)
+                         (ice-9 ftw)
+                         (ice-9 match)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-club
+                         (map
+                          (lambda (path)
+                            ;; Prepend paths with "./" for comparison with ftw.
+                            (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/libevent"
+                           "base/third_party/nspr"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize" ;glog
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/angle/third_party/glslang"
+                           "third_party/angle/third_party/spirv-headers"
+                           "third_party/angle/third_party/spirv-tools"
+                           "third_party/angle/third_party/vulkan-validation-layers"
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/harfbuzz-ng"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libaom"
+                           "third_party/libaom/source/libaom/third_party/x86inc/x86inc.asm"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/lzma_sdk"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/openmax_dl"
+                           "third_party/ots"
+                           ;; TODO: Build as extension.
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party"
+                           (string-append "third_party/pdfium/third_party/freetype"
+                                          "/include/pstables.h")
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/qcms"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party"
+                           "third_party/s2cellid"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/utf8-decoder"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/inspector_protocol"))))
+
+                    (define (empty? dir)
+                      (equal? (scandir dir) '("." "..")))
+
+                    (define (third_party? file)
+                      (if (string-contains file "third_party/")
+                          #t
+                          #f))
+
+                    (define (useless? file)
+                      (any (cute string-suffix? <> file)
+                           '(".tar.gz" ".zip" ".exe" ".jar")))
+
+                    (define (parents child)
+                      "Return a list of paths up to and including the closest third_party"
+                      (let ((lst (reverse (string-split child #\/))))
+                        (let loop ((hierarchy lst)
+                                   (result '()))
+                          (if (or (null? hierarchy)
+                                  (and (not (null? result))
+                                       (string-suffix? "third_party" (car result))))
+                              result
+                              (loop (cdr hierarchy)
+                                    (cons (string-join (reverse hierarchy) "/")
+                                          result))))))
+
+                    (define (delete-unwanted child stat flag base level)
+                      (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
+                        (match flag
+                          ((or 'regular 'symlink 'stale-symlink)
+                           (when (or (third_party? child) (useless? child))
+                             (unless (or (member child preserved-club)
+                                         (any (cute member <> preserved-club)
+                                              (parents child))
+                                         (regexp-exec protected child))
+                               (format (current-error-port) "deleting ~s~%" child)
+                               (delete-file child)))
+                           #t)
+                          ('directory-processed
+                           (when (empty? child)
+                             (rmdir child))
+                           #t)
+                          (_ #t))))
+
+                    (nftw "." delete-unwanted 'depth 'physical)
+
+                    ;; Assert that each listed item is present to catch removals.
+                    (for-each (lambda (third-party)
+                                (unless (file-exists? third-party)
+                                  (error (format #f "~s does not exist!" third-party))))
+                              preserved-club)
+
+                    ;; Replace "GN" files from third_party with shims for
+                    ;; building against system libraries.  Keep this list in
+                    ;; sync with "build/linux/unbundle/replace_gn_files.py".
+                    (for-each (lambda (pair)
+                                (let ((source (string-append
+                                               "build/linux/unbundle/" (car pair)))
+                                      (dest (cdr pair)))
+                                  (copy-file source dest)))
+                              (list
+                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                               '("flac.gn" . "third_party/flac/BUILD.gn")
+                               '("fontconfig.gn" . "third_party/fontconfig/BUILD.gn")
+                               '("freetype.gn" . "build/config/freetype/freetype.gni")
+                               '("harfbuzz-ng.gn" .
+                                 "third_party/harfbuzz-ng/harfbuzz.gni")
+                               '("icu.gn" . "third_party/icu/BUILD.gn")
+                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                               '("libjpeg.gn" .
+                                 "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                               '("libxml.gn" . "third_party/libxml/BUILD.gn")
+                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                               '("opus.gn" . "third_party/opus/BUILD.gn")
+                               '("re2.gn" . "third_party/re2/BUILD.gn")
+                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                    #t)))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((srfi srfi-26)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (find-files (string-append "third_party/webrtc/modules"
+                                                  "/audio_coding/codecs/opus")))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (clang-toolchain (assoc-ref inputs "clang-toolchain"))
+                    (gtk+ (assoc-ref inputs "gtk+"))
+                    (mesa (assoc-ref inputs "mesa"))
+                    (nss (assoc-ref inputs "nss"))
+                    (udev (assoc-ref inputs "udev"))
+                    (gn-flags
+                     (list
+                      ;; See tools/gn/docs/cookbook.md and
+                      ;; https://www.chromium.org/developers/gn-build-configuration
+                      ;; for usage.  Run "./gn args . --list" in the Release
+                      ;; directory for an exhaustive list of supported flags.
+                      "is_debug=false"
+                      "use_gold=false"
+                      "use_lld=false"
+                      "linux_use_bundled_binutils=false"
+                      "use_custom_libcxx=false"
+                      "use_sysroot=false"
+                      "enable_precompiled_headers=false"
+                      "goma_dir=\"\""
+                      "enable_nacl=false"
+                      "enable_nacl_nonsfi=false"
+                      "use_allocator=\"none\"" ;don't use tcmalloc
+                      "override_build_date=\"01 01 2000 05:00:00\""
+                      "use_unofficial_version_number=false"
+
+                      ;; Disable "safe browsing", which pulls in a dependency
+                      ;; on the nonfree "unrar" program.
+                      "safe_browsing_mode=0"
+
+                      ;; GCC is poorly supported, so we use Clang for now.
+                      ;;"is_clang=false"
+                      (string-append "clang_base_path=\"" clang-toolchain "\"")
+                      "clang_use_chrome_plugins=false"
+
+                      ;; Optimize for building everything at once, as opposed
+                      ;; to incrementally for development.  See "docs/jumbo.md".
+                      "use_jumbo_build=true"
+                      ;; Disable debugging features to save space.
+                      "symbol_level=1"
+                      "remove_webcore_debug_symbols=true"
+                      "enable_iterator_debugging=false"
+                      ;; Some of the unbundled libraries throws deprecation
+                      ;; warnings, etc.  Ignore it.
+                      "treat_warnings_as_errors=false"
+                      ;; Don't add any API keys.  End users can set them in the
+                      ;; environment if desired.  See
+                      ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+                      "use_official_google_api_keys=false"
+                      ;; Disable "field trials".
+                      "fieldtrial_testing_like_official_build=true"
+                      ;; Disable Chrome Remote Desktop (aka Chromoting).
+                      "enable_remoting=false"
+
+                      "use_system_freetype=true"
+                      "use_system_lcms2=true"
+                      "use_system_libjpeg=true"
+                      "use_system_libpng=true"
+                      "use_system_zlib=true"
+                      ;; This is currently not supported on GNU/Linux:
+                      ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+                      ;;"use_system_sqlite=true"
+
+                      "use_gnome_keyring=false" ;deprecated by libsecret
+                      "use_gtk3=true"
+                      "use_openh264=true"
+                      "use_xkbcommon=true"
+                      "use_pulseaudio=true"
+                      "link_pulseaudio=true"
+
+                      ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+                      "proprietary_codecs=true"
+                      "ffmpeg_branding=\"Chrome\""
+
+                      ;; WebRTC stuff.
+                      "rtc_use_h264=true"
+                      ;; Don't use bundled sources.
+                      "rtc_build_json=false"
+                      "rtc_build_libevent=false"
+                      "rtc_build_libvpx=false"
+                      "rtc_build_opus=false"
+                      "rtc_build_ssl=false"
+                      ;; TODO: Package these.
+                      "rtc_build_libsrtp=true" ;2.0
+                      "rtc_build_openmax_dl=true"
+                      "rtc_build_usrsctp=true"
+                      (string-append "rtc_jsoncpp_root=\""
+                                     (assoc-ref inputs "jsoncpp")
+                                     "/include/jsoncpp/json\"")
+                      (string-append "rtc_ssl_root=\""
+                                     (assoc-ref inputs "openssl")
+                                     "/include/openssl\""))))
+
+               ;; XXX: How portable is this.
+               (mkdir-p "third_party/node/linux/node-linux-x64")
+               (symlink (string-append (assoc-ref inputs "node") "/bin")
+                        "third_party/node/linux/node-linux-x64/bin")
+
+               (setenv "CC" "clang")
+               (setenv "CXX" "clang++")
+
+               ;; FIXME: This nasty hack works around a problem where
+               ;; Clang does not add the arch triplet to the libtsdc++
+               ;; search path.  Fixing it seems tricky, since it only
+               ;; searches "include/<triplet>" when it detects libstdc++
+               ;; in GCC which is not the case in Guix; the only reason
+               ;; libstdc++ works here is because it's already on the
+               ;; include path...
+               (setenv "CPLUS_INCLUDE_PATH"
+                       (string-append (getenv "CPLUS_INCLUDE_PATH")
+                                      ":" clang-toolchain
+                                      "/include/x86_64-unknown-linux-gnu"))
+               ;; XXX: For some reason this is needed also for C code (libaom).
+               (setenv "C_INCLUDE_PATH"
+                       (string-append (getenv "C_INCLUDE_PATH")
+                                      ":" clang-toolchain
+                                      "/include/x86_64-unknown-linux-gnu"))
+
+               ;; TODO: pre-compile instead. Avoids a race condition.
+               (setenv "PYTHONDONTWRITEBYTECODE" "1")
+               (and
+                ;; Build the "gn" tool.
+                (invoke "python"
+                        "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
+                ;; Generate ninja build files.
+                (invoke "./out/Release/gn" "gen" "out/Release"
+                        (string-append "--args="
+                                       (string-join gn-flags " ")))))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("clang-toolchain" ,chromium-clang-toolchain)
+       ("git" ,git)                     ;last_commit_position.py
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libusb" ,libusb)
+       ("libvpx" ,libvpx+experimental)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("protobuf" ,protobuf)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("sqlite" ,sqlite)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser designed for speed and security.  This
+version incorporates patches from
+@url{https://github.com/gcarq/inox-patchset,Inox} and
+@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..38be10820
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+ 
+ void InitializePrepopulatedPageList(
+     history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if false
+   DCHECK(prepopulated_pages);
+   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
-- 
2.17.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 18:08     ` [bug#28004] Chromium 66 + status update Marius Bakke
@ 2018-04-24 18:45       ` Christopher Lemmer Webber
  2018-04-24 18:48         ` Tobias Geerinckx-Rice
  2018-04-24 18:46       ` Tobias Geerinckx-Rice
  2018-05-03 17:49       ` Nils Gillmann
  2 siblings, 1 reply; 152+ messages in thread
From: Christopher Lemmer Webber @ 2018-04-24 18:45 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Marius!

On 2018-04-24 20:08, Marius Bakke wrote:
> The other remaining issue is that some data is sent to Google whenever
> you start the browser for the first time.

Sounds great! What data, exactly?

> I don't think that's a blocker

I hope it is.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 18:08     ` [bug#28004] Chromium 66 + status update Marius Bakke
  2018-04-24 18:45       ` Christopher Lemmer Webber
@ 2018-04-24 18:46       ` Tobias Geerinckx-Rice
  2018-04-24 19:30         ` Marius Bakke
  2018-05-03 17:49       ` Nils Gillmann
  2 siblings, 1 reply; 152+ messages in thread
From: Tobias Geerinckx-Rice @ 2018-04-24 18:46 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Marius!

On 2018-04-24 20:08, Marius Bakke wrote:
> The other remaining issue is that some data is sent to Google whenever
> you start the browser for the first time.

Sounds great! What data, exactly?

> I don't think that's a blocker

I hope it is.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 18:45       ` Christopher Lemmer Webber
@ 2018-04-24 18:48         ` Tobias Geerinckx-Rice
  0 siblings, 0 replies; 152+ messages in thread
From: Tobias Geerinckx-Rice @ 2018-04-24 18:48 UTC (permalink / raw)
  To: Christopher Lemmer Webber; +Cc: 28004

Erm

On 2018-04-24 20:45, Christopher Lemmer Webber wrote:
> some nonsense

My apologies: of course Chris did no such thing.

I really need to get rid of Roundcube, that's what.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 18:46       ` Tobias Geerinckx-Rice
@ 2018-04-24 19:30         ` Marius Bakke
  2018-04-25 17:00           ` Leo Famulari
  2018-04-25 17:02           ` Leo Famulari
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-04-24 19:30 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 971 bytes --]

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> Marius!
>
> On 2018-04-24 20:08, Marius Bakke wrote:
>> The other remaining issue is that some data is sent to Google whenever
>> you start the browser for the first time.
>
> Sounds great! What data, exactly?

I haven't MITM'd it to check, unfortunately.  Help wanted!

The reason I don't think it's a blocking issue, is because Chromium is
a massive project and I cannot guarantee that it will never "call
home".  So while I am intent on fixing the issue, especially since it's
easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many
"call home" scenarios/antifeatures.  And if you enable extensions or log
in all bets are off.  Even Inox, which goes great lengths to de-google
it, admits that they can't guarantee privacy.

Other scenarios include checking for IPv6 availability, testing for
captive portal, etc.  And I think it even falls back to Google DNS if
the system resolver is unresponsive.  :-(

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 19:30         ` Marius Bakke
@ 2018-04-25 17:00           ` Leo Famulari
  2018-04-25 17:02           ` Leo Famulari
  1 sibling, 0 replies; 152+ messages in thread
From: Leo Famulari @ 2018-04-25 17:00 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 1250 bytes --]

On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote:
> The reason I don't think it's a blocking issue, is because Chromium is
> a massive project and I cannot guarantee that it will never "call
> home".  So while I am intent on fixing the issue, especially since it's
> easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many
> "call home" scenarios/antifeatures.  And if you enable extensions or log
> in all bets are off.  Even Inox, which goes great lengths to de-google
> it, admits that they can't guarantee privacy.

I agree with Marius here.

> Other scenarios include checking for IPv6 availability, testing for
> captive portal, etc.  And I think it even falls back to Google DNS if
> the system resolver is unresponsive.  :-(

I think that handling captive portals and falling back to Google DNS (or
any fallback DNS) are *great* features that address common problems that
most internet users can not work around on their own.

I don't believe these features are forbidden by the FSDG:

https://www.gnu.org/distros/free-system-distribution-guidelines.en.html

Finally, there are several packages that automatically send data out,
even in Guix. This is not a reason to exclude the software from Guix, in
my opinion.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 19:30         ` Marius Bakke
  2018-04-25 17:00           ` Leo Famulari
@ 2018-04-25 17:02           ` Leo Famulari
  1 sibling, 0 replies; 152+ messages in thread
From: Leo Famulari @ 2018-04-25 17:02 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote:
> The reason I don't think it's a blocking issue, is because Chromium is
> a massive project and I cannot guarantee that it will never "call
> home".  So while I am intent on fixing the issue, especially since it's
> easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many
> "call home" scenarios/antifeatures.  And if you enable extensions or log
> in all bets are off.  Even Inox, which goes great lengths to de-google
> it, admits that they can't guarantee privacy.

I'd also like to point out that we cannot and should not try to
guarantee privacy.

Privacy from whom? For whom?

Of course we want to offer a system that is reasonably private, but if
we use words like "guarantee", we are setting an impossible and
undefined goal for ourselves.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-04-24 18:08     ` [bug#28004] Chromium 66 + status update Marius Bakke
  2018-04-24 18:45       ` Christopher Lemmer Webber
  2018-04-24 18:46       ` Tobias Geerinckx-Rice
@ 2018-05-03 17:49       ` Nils Gillmann
  2018-05-03 17:58         ` Nils Gillmann
  2018-05-04 12:10         ` Marius Bakke
  2 siblings, 2 replies; 152+ messages in thread
From: Nils Gillmann @ 2018-05-03 17:49 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Marius Bakke transcribed 69K bytes:
> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
> 
> > Hello!  I'd like to speak up in favor of getting Chromium merged into
> > Guix master.  As a web developer, sometimes I have to test things
> > against multiple browsers.  Having Chromium in GuixSD would help me out
> > a lot.
> >
> > It looks like a mountain of hard work has been put into this.  Could we
> > get it merged rather than have that work languish?
> 
> Hello!
> 
> I use this browser a lot, so it's hardly languishing.
> 
> There was a recent discussion[0] about the Pale Moon browser, where it
> was pointed out that the FSDG[1] requires that any third-party
> repositories must be committed to only free software.
> 
> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> 
> Unfortunately there are UI links to the Chrome "Web Store" still.  It's
> not possible to install from it without setting the
> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> sufficient.  It's unfortunate if an unsuspecting user stumbles into the
> Web Store and tries to install something (free or not) and only then
> finds out that it does not work.
> 
> The other remaining issue is that some data is sent to Google whenever
> you start the browser for the first time.  I don't think that's a
> blocker, but it's certainly something we should aim to fix.
> 
> Attached are updates for 66.  The first is an interdiff from the
> previous 65 patch; the other is the full "squashed" patch for
> convenience.
> 
> New in this version:
> 
> * The snippet will now error if a preserved directory is not present.
> * Chromium again requires a git revision of libvpx.
> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
>   as such it has been compiled out.  Luckily "Inox" already had a patch
>   to make the thing actually build with that flag disabled.
> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> 

> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Tue, 17 Apr 2018 03:54:56 +0200
> Subject: [PATCH] Chromium 66 update.
 > 

Good progress :)

However, I'm a friend of bundling patches. Patches you have in a known location
don't run away, like "addmissingblinktools":

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-05-03 17:49       ` Nils Gillmann
@ 2018-05-03 17:58         ` Nils Gillmann
  2018-05-04 12:10         ` Marius Bakke
  1 sibling, 0 replies; 152+ messages in thread
From: Nils Gillmann @ 2018-05-03 17:58 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Nils Gillmann transcribed 4.4K bytes:
> Marius Bakke transcribed 69K bytes:
> > Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
> > 
> > > Hello!  I'd like to speak up in favor of getting Chromium merged into
> > > Guix master.  As a web developer, sometimes I have to test things
> > > against multiple browsers.  Having Chromium in GuixSD would help me out
> > > a lot.
> > >
> > > It looks like a mountain of hard work has been put into this.  Could we
> > > get it merged rather than have that work languish?
> > 
> > Hello!
> > 
> > I use this browser a lot, so it's hardly languishing.
> > 
> > There was a recent discussion[0] about the Pale Moon browser, where it
> > was pointed out that the FSDG[1] requires that any third-party
> > repositories must be committed to only free software.
> > 
> > [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> > [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> > 
> > Unfortunately there are UI links to the Chrome "Web Store" still.  It's
> > not possible to install from it without setting the
> > CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> > sufficient.  It's unfortunate if an unsuspecting user stumbles into the
> > Web Store and tries to install something (free or not) and only then
> > finds out that it does not work.
> > 
> > The other remaining issue is that some data is sent to Google whenever
> > you start the browser for the first time.  I don't think that's a
> > blocker, but it's certainly something we should aim to fix.
> > 
> > Attached are updates for 66.  The first is an interdiff from the
> > previous 65 patch; the other is the full "squashed" patch for
> > convenience.
> > 
> > New in this version:
> > 
> > * The snippet will now error if a preserved directory is not present.
> > * Chromium again requires a git revision of libvpx.
> > * The "safe browsing" feature requires the nonfree "unrar" program(!!),
> >   as such it has been compiled out.  Luckily "Inox" already had a patch
> >   to make the thing actually build with that flag disabled.
> > * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> > 
> 
> > From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Tue, 17 Apr 2018 03:54:56 +0200
> > Subject: [PATCH] Chromium 66 update.
>  > 
> 
> Good progress :)
> 
> However, I'm a friend of bundling patches. Patches you have in a known location
> don't run away, like "addmissingblinktools":
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed
> 
> 
> 

Is this the patch you included?

https://bazaar.launchpad.net/~chromium-team/chromium-browser/artful-beta/view/head:/debian/patches/add-missing-blink-tools.patch

guix hash is 1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s and matches the one the package definition expected.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-05-03 17:49       ` Nils Gillmann
  2018-05-03 17:58         ` Nils Gillmann
@ 2018-05-04 12:10         ` Marius Bakke
  2018-05-04 13:02           ` Nils Gillmann
  1 sibling, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2018-05-04 12:10 UTC (permalink / raw)
  To: Nils Gillmann; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 4943 bytes --]

Nils Gillmann <ng0@n0.is> writes:

> Marius Bakke transcribed 69K bytes:
>> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
>> 
>> > Hello!  I'd like to speak up in favor of getting Chromium merged into
>> > Guix master.  As a web developer, sometimes I have to test things
>> > against multiple browsers.  Having Chromium in GuixSD would help me out
>> > a lot.
>> >
>> > It looks like a mountain of hard work has been put into this.  Could we
>> > get it merged rather than have that work languish?
>> 
>> Hello!
>> 
>> I use this browser a lot, so it's hardly languishing.
>> 
>> There was a recent discussion[0] about the Pale Moon browser, where it
>> was pointed out that the FSDG[1] requires that any third-party
>> repositories must be committed to only free software.
>> 
>> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
>> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
>> 
>> Unfortunately there are UI links to the Chrome "Web Store" still.  It's
>> not possible to install from it without setting the
>> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
>> sufficient.  It's unfortunate if an unsuspecting user stumbles into the
>> Web Store and tries to install something (free or not) and only then
>> finds out that it does not work.
>> 
>> The other remaining issue is that some data is sent to Google whenever
>> you start the browser for the first time.  I don't think that's a
>> blocker, but it's certainly something we should aim to fix.
>> 
>> Attached are updates for 66.  The first is an interdiff from the
>> previous 65 patch; the other is the full "squashed" patch for
>> convenience.
>> 
>> New in this version:
>> 
>> * The snippet will now error if a preserved directory is not present.
>> * Chromium again requires a git revision of libvpx.
>> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
>>   as such it has been compiled out.  Luckily "Inox" already had a patch
>>   to make the thing actually build with that flag disabled.
>> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
>> 
>
>> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Tue, 17 Apr 2018 03:54:56 +0200
>> Subject: [PATCH] Chromium 66 update.
>  > 
>
> Good progress :)
>
> However, I'm a friend of bundling patches. Patches you have in a known location
> don't run away, like "addmissingblinktools":
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed

Whoops.  I'm not used to constructing stable Bazaar URLs.

However this patch is not needed for the latest tarball.

Here's a diff to the 66 patch updating to the latest Chromium.  I also
removed some inputs and third party directories that were not needed.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: chromium.diff --]
[-- Type: text/x-patch, Size: 7542 bytes --]

diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index a6f9fec0f..59c90f869 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -31,7 +31,6 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages curl)
-  #:use-module (gnu packages databases)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages ghostscript)
@@ -52,7 +51,6 @@
   #:use-module (gnu packages ninja)
   #:use-module (gnu packages node)
   #:use-module (gnu packages pciutils)
-  #:use-module (gnu packages photo)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages protobuf)
   #:use-module (gnu packages pulseaudio)
@@ -63,7 +61,6 @@
   #:use-module (gnu packages speech)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages valgrind)
-  #:use-module (gnu packages version-control)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages xml)
@@ -150,19 +147,6 @@
                 %debian-revision
                 "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
 
-;; Some files were missing in the Chromium 66 release tarball.
-;; See <https://crbug.com/832283>.
-(define %chromium-add-blink-tools.patch
-  (origin
-    (method url-fetch)
-    (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
-                        "/chromium-browser/bionic-stable/download/head:"
-                        "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
-                        "/add-missing-blink-tools.patch"))
-    (sha256
-     (base32
-      "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
-
 ;; Fix an assignment bug when using Clang and libstdc++.
 (define %chromium-clang-assignment.patch
   (gentoo-patch "chromium-clang-r4.patch"
@@ -342,7 +326,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
 (define-public chromium
   (package
     (name "chromium")
-    (version "66.0.3359.117")
+    (version "66.0.3359.139")
     (synopsis "Graphical web browser")
     (source (origin
               (method url-fetch)
@@ -351,14 +335,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
+                "1ck4wbi28702p1lfs4sz894ysbgm7fj79wrqj8srsy65z2ssaxdy"))
               (patches (list %chromium-gn-libcxx.patch
                              %chromium-disable-api-keys-warning.patch
                              %chromium-system-nspr.patch
                              %chromium-system-libevent.patch
 
-                             %chromium-add-blink-tools.patch
-
                              %chromium-clang-assignment.patch
                              %chromium-ffmpeg.patch
 
@@ -385,14 +367,13 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "base/third_party/dmg_fp"
                            "base/third_party/dynamic_annotations"
                            "base/third_party/icu"
-                           "base/third_party/libevent"
-                           "base/third_party/nspr"
                            "base/third_party/superfasthash"
-                           "base/third_party/symbolize" ;glog
+                           "base/third_party/symbolize"
                            "base/third_party/xdg_mime"
                            "base/third_party/xdg_user_dirs"
                            "chrome/third_party/mozilla_security_manager"
-                           "courgette/third_party"
+                           "courgette/third_party/bsdiff"
+                           "courgette/third_party/divsufsort"
                            "net/third_party/mozilla_security_manager"
                            "net/third_party/nss"
                            "third_party/adobe/flash/flapper_version.h"
@@ -439,7 +420,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            (string-append "third_party/google_input_tools/third_party"
                                           "/closure_library/third_party/closure")
                            "third_party/googletest"
-                           "third_party/harfbuzz-ng"
                            "third_party/hunspell"
                            "third_party/iccjpeg"
                            "third_party/inspector_protocol"
@@ -472,7 +452,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/ots"
                            ;; TODO: Build as extension.
                            "third_party/pdfium"
-                           "third_party/pdfium/third_party"
+                           "third_party/pdfium/third_party/agg23"
+                           "third_party/pdfium/third_party/base"
+                           "third_party/pdfium/third_party/bigint"
+                           "third_party/pdfium/third_party/libopenjpeg20"
+                           "third_party/pdfium/third_party/skia_shared"
                            (string-append "third_party/pdfium/third_party/freetype"
                                           "/include/pstables.h")
                            "third_party/ply"
@@ -488,7 +472,8 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
                            "third_party/speech-dispatcher"
                            "third_party/sqlite"
                            "third_party/swiftshader"
-                           "third_party/swiftshader/third_party"
+                           "third_party/swiftshader/third_party/llvm-subzero"
+                           "third_party/swiftshader/third_party/subzero"
                            "third_party/s2cellid"
                            "third_party/usb_ids"
                            "third_party/usrsctp"
@@ -864,7 +849,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
     (native-inputs
      `(("bison" ,bison)
        ("clang-toolchain" ,chromium-clang-toolchain)
-       ("git" ,git)                     ;last_commit_position.py
        ("gperf" ,gperf)
        ("ninja" ,ninja)
        ("node" ,node)
@@ -889,7 +873,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
        ("freetype" ,freetype)
        ("gdk-pixbuf" ,gdk-pixbuf)
        ("glib" ,glib)
-       ("gtk+-2" ,gtk+-2)
        ("gtk+" ,gtk+)
        ("harfbuzz" ,harfbuzz)
        ("icu4c" ,icu4c)
@@ -899,6 +882,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
        ("libffi" ,libffi)
        ("libjpeg-turbo" ,libjpeg-turbo)
        ("libpng" ,libpng)
+       ;;("libsecret" ,libsecret)
        ("libusb" ,libusb)
        ("libvpx" ,libvpx+experimental)
        ("libwebp" ,libwebp)
@@ -931,7 +915,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
        ("re2" ,re2)
        ("snappy" ,snappy)
        ("speech-dispatcher" ,speech-dispatcher)
-       ("sqlite" ,sqlite)
+       ;;("sqlite" ,sqlite)
        ("udev" ,eudev)
        ("valgrind" ,valgrind)))
     (home-page "https://www.chromium.org/")

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium 66 + status update
  2018-05-04 12:10         ` Marius Bakke
@ 2018-05-04 13:02           ` Nils Gillmann
  0 siblings, 0 replies; 152+ messages in thread
From: Nils Gillmann @ 2018-05-04 13:02 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, Nils Gillmann

[-- Attachment #1: Type: text/plain, Size: 13023 bytes --]

Marius Bakke transcribed 13K bytes:
> Nils Gillmann <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 69K bytes:
> >> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
> >> 
> >> > Hello!  I'd like to speak up in favor of getting Chromium merged into
> >> > Guix master.  As a web developer, sometimes I have to test things
> >> > against multiple browsers.  Having Chromium in GuixSD would help me out
> >> > a lot.
> >> >
> >> > It looks like a mountain of hard work has been put into this.  Could we
> >> > get it merged rather than have that work languish?
> >> 
> >> Hello!
> >> 
> >> I use this browser a lot, so it's hardly languishing.
> >> 
> >> There was a recent discussion[0] about the Pale Moon browser, where it
> >> was pointed out that the FSDG[1] requires that any third-party
> >> repositories must be committed to only free software.
> >> 
> >> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> >> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> >> 
> >> Unfortunately there are UI links to the Chrome "Web Store" still.  It's
> >> not possible to install from it without setting the
> >> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> >> sufficient.  It's unfortunate if an unsuspecting user stumbles into the
> >> Web Store and tries to install something (free or not) and only then
> >> finds out that it does not work.
> >> 
> >> The other remaining issue is that some data is sent to Google whenever
> >> you start the browser for the first time.  I don't think that's a
> >> blocker, but it's certainly something we should aim to fix.
> >> 
> >> Attached are updates for 66.  The first is an interdiff from the
> >> previous 65 patch; the other is the full "squashed" patch for
> >> convenience.
> >> 
> >> New in this version:
> >> 
> >> * The snippet will now error if a preserved directory is not present.
> >> * Chromium again requires a git revision of libvpx.
> >> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
> >>   as such it has been compiled out.  Luckily "Inox" already had a patch
> >>   to make the thing actually build with that flag disabled.
> >> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> >> 
> >
> >> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> >> From: Marius Bakke <mbakke@fastmail.com>
> >> Date: Tue, 17 Apr 2018 03:54:56 +0200
> >> Subject: [PATCH] Chromium 66 update.
> >  > 
> >
> > Good progress :)
> >
> > However, I'm a friend of bundling patches. Patches you have in a known location
> > don't run away, like "addmissingblinktools":
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> > download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> > download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> > download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> > failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> > builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> > cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> > cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> > guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed
> 
> Whoops.  I'm not used to constructing stable Bazaar URLs.
> 
> However this patch is not needed for the latest tarball.
> 
> Here's a diff to the 66 patch updating to the latest Chromium.  I also
> removed some inputs and third party directories that were not needed.


Nice, thanks.

> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index a6f9fec0f..59c90f869 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -31,7 +31,6 @@
>    #:use-module (gnu packages compression)
>    #:use-module (gnu packages cups)
>    #:use-module (gnu packages curl)
> -  #:use-module (gnu packages databases)
>    #:use-module (gnu packages fontutils)
>    #:use-module (gnu packages gcc)
>    #:use-module (gnu packages ghostscript)
> @@ -52,7 +51,6 @@
>    #:use-module (gnu packages ninja)
>    #:use-module (gnu packages node)
>    #:use-module (gnu packages pciutils)
> -  #:use-module (gnu packages photo)
>    #:use-module (gnu packages pkg-config)
>    #:use-module (gnu packages protobuf)
>    #:use-module (gnu packages pulseaudio)
> @@ -63,7 +61,6 @@
>    #:use-module (gnu packages speech)
>    #:use-module (gnu packages tls)
>    #:use-module (gnu packages valgrind)
> -  #:use-module (gnu packages version-control)
>    #:use-module (gnu packages video)
>    #:use-module (gnu packages xiph)
>    #:use-module (gnu packages xml)
> @@ -150,19 +147,6 @@
>                  %debian-revision
>                  "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
>  
> -;; Some files were missing in the Chromium 66 release tarball.
> -;; See <https://crbug.com/832283>.
> -(define %chromium-add-blink-tools.patch
> -  (origin
> -    (method url-fetch)
> -    (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
> -                        "/chromium-browser/bionic-stable/download/head:"
> -                        "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
> -                        "/add-missing-blink-tools.patch"))
> -    (sha256
> -     (base32
> -      "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
> -
>  ;; Fix an assignment bug when using Clang and libstdc++.
>  (define %chromium-clang-assignment.patch
>    (gentoo-patch "chromium-clang-r4.patch"
> @@ -342,7 +326,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>  (define-public chromium
>    (package
>      (name "chromium")
> -    (version "66.0.3359.117")
> +    (version "66.0.3359.139")
>      (synopsis "Graphical web browser")
>      (source (origin
>                (method url-fetch)
> @@ -351,14 +335,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>                                    version ".tar.xz"))
>                (sha256
>                 (base32
> -                "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
> +                "1ck4wbi28702p1lfs4sz894ysbgm7fj79wrqj8srsy65z2ssaxdy"))
>                (patches (list %chromium-gn-libcxx.patch
>                               %chromium-disable-api-keys-warning.patch
>                               %chromium-system-nspr.patch
>                               %chromium-system-libevent.patch
>  
> -                             %chromium-add-blink-tools.patch
> -
>                               %chromium-clang-assignment.patch
>                               %chromium-ffmpeg.patch
>  
> @@ -385,14 +367,13 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>                             "base/third_party/dmg_fp"
>                             "base/third_party/dynamic_annotations"
>                             "base/third_party/icu"
> -                           "base/third_party/libevent"
> -                           "base/third_party/nspr"
>                             "base/third_party/superfasthash"
> -                           "base/third_party/symbolize" ;glog
> +                           "base/third_party/symbolize"
>                             "base/third_party/xdg_mime"
>                             "base/third_party/xdg_user_dirs"
>                             "chrome/third_party/mozilla_security_manager"
> -                           "courgette/third_party"
> +                           "courgette/third_party/bsdiff"
> +                           "courgette/third_party/divsufsort"
>                             "net/third_party/mozilla_security_manager"
>                             "net/third_party/nss"
>                             "third_party/adobe/flash/flapper_version.h"
> @@ -439,7 +420,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>                             (string-append "third_party/google_input_tools/third_party"
>                                            "/closure_library/third_party/closure")
>                             "third_party/googletest"
> -                           "third_party/harfbuzz-ng"
>                             "third_party/hunspell"
>                             "third_party/iccjpeg"
>                             "third_party/inspector_protocol"
> @@ -472,7 +452,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>                             "third_party/ots"
>                             ;; TODO: Build as extension.
>                             "third_party/pdfium"
> -                           "third_party/pdfium/third_party"
> +                           "third_party/pdfium/third_party/agg23"
> +                           "third_party/pdfium/third_party/base"
> +                           "third_party/pdfium/third_party/bigint"
> +                           "third_party/pdfium/third_party/libopenjpeg20"
> +                           "third_party/pdfium/third_party/skia_shared"
>                             (string-append "third_party/pdfium/third_party/freetype"
>                                            "/include/pstables.h")
>                             "third_party/ply"
> @@ -488,7 +472,8 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>                             "third_party/speech-dispatcher"
>                             "third_party/sqlite"
>                             "third_party/swiftshader"
> -                           "third_party/swiftshader/third_party"
> +                           "third_party/swiftshader/third_party/llvm-subzero"
> +                           "third_party/swiftshader/third_party/subzero"
>                             "third_party/s2cellid"
>                             "third_party/usb_ids"
>                             "third_party/usrsctp"
> @@ -864,7 +849,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>      (native-inputs
>       `(("bison" ,bison)
>         ("clang-toolchain" ,chromium-clang-toolchain)
> -       ("git" ,git)                     ;last_commit_position.py
>         ("gperf" ,gperf)
>         ("ninja" ,ninja)
>         ("node" ,node)
> @@ -889,7 +873,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>         ("freetype" ,freetype)
>         ("gdk-pixbuf" ,gdk-pixbuf)
>         ("glib" ,glib)
> -       ("gtk+-2" ,gtk+-2)
>         ("gtk+" ,gtk+)
>         ("harfbuzz" ,harfbuzz)
>         ("icu4c" ,icu4c)
> @@ -899,6 +882,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>         ("libffi" ,libffi)
>         ("libjpeg-turbo" ,libjpeg-turbo)
>         ("libpng" ,libpng)
> +       ;;("libsecret" ,libsecret)
>         ("libusb" ,libusb)
>         ("libvpx" ,libvpx+experimental)
>         ("libwebp" ,libwebp)
> @@ -931,7 +915,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
>         ("re2" ,re2)
>         ("snappy" ,snappy)
>         ("speech-dispatcher" ,speech-dispatcher)
> -       ("sqlite" ,sqlite)
> +       ;;("sqlite" ,sqlite)
>         ("udev" ,eudev)
>         ("valgrind" ,valgrind)))
>      (home-page "https://www.chromium.org/")




[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-03-16 17:52                                       ` ng0
@ 2018-07-25  8:08                                         ` ng0
  2018-08-05 13:04                                           ` Marius Bakke
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-07-25  8:08 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0

Hi Marius,

any chance you had the time to update to a more recent version release
of Chromium?

--ng0

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-07-25  8:08                                         ` ng0
@ 2018-08-05 13:04                                           ` Marius Bakke
  2018-08-05 16:18                                             ` ng0
  2018-08-06  8:22                                             ` Oleg Pykhalov
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2018-08-05 13:04 UTC (permalink / raw)
  To: ng0; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 1747 bytes --]

ng0 <ng0@n0.is> writes:

> Hi Marius,
>
> any chance you had the time to update to a more recent version release
> of Chromium?

Good news!  Please find Chromium 68 attached.

There are *a lot* of changes in this version.  Some highlights:

* It's using GCC 8 instead of Clang.
* A bug in the source scrubber has been fixed, so .zip and .jar files
  are now purged even if the parent directory is preserved.  Currently
  we're reducing the uncompressed size from 4.3 GiB to 2.1 GiB.
* External patches are now in an easier to manage format.
* Upstream have discontinued the libvpx "experiment"; but still
  require an unreleased version.
* We're installing a "master_preferences" file, which allows us to
  easily add defaults for new profiles.
* All the various knobs for the build system have been moved to
  #:configure-flags.  This should make it easier to create custom
  Chromium variants based on this package (qtwebkit?).
* The 'configure' phase will now print *all* supported flags for
  convenience (I usually did this manually every now and then).
* I've started cherry-picking patches from Ungoogled-Chromium in the
  quest to reduce data transmission to Google.

TODO:

* There is still some data transmitted when starting the browser for the
  first time.  It seems related to the "domain_reliability" component.
* Remove remaining "Web Store" links.  Currently I've only found it in
  settings, under "accessibility" and "fonts".
* Opening settings transmits a bunch of data, the next version will
  include the 'disable-translation-lang-fetch' patch from Inox.
* PDFium is built, but does not seem to work (the 'install' phase
  probably needs tweaking).  Might just disable it instead.

As always, feedback very welcome.  Enjoy!


[-- Attachment #1.2: 0001-gnu-Add-chromium.patch --]
[-- Type: text/x-patch, Size: 46374 bytes --]

From a4e343c57d70344dd4cef51ccd37c2650c746b46 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 12 Oct 2016 17:25:05 +0100
Subject: [PATCH] gnu: Add chromium.

* gnu/packages/chromium.scm, gnu/packages/chromium-master-preferences.json,
gnu/packages/patches/chromium-gcc-unique-ptr.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                  |   3 +
 gnu/packages/chromium-master-preferences.json |  26 +
 gnu/packages/chromium.scm                     | 829 ++++++++++++++++++
 .../patches/chromium-gcc-unique-ptr.patch     |  33 +
 .../chromium-remove-default-history.patch     |  13 +
 5 files changed, 904 insertions(+)
 create mode 100644 gnu/packages/chromium-master-preferences.json
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-gcc-unique-ptr.patch
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 4ed341df8..320f27c44 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -95,6 +95,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cluster.scm			\
@@ -603,6 +604,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-gcc-unique-ptr.patch		\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-3.5-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-6.0-libc-search-path.patch		\
diff --git a/gnu/packages/chromium-master-preferences.json b/gnu/packages/chromium-master-preferences.json
new file mode 100644
index 000000000..0caa7cc4c
--- /dev/null
+++ b/gnu/packages/chromium-master-preferences.json
@@ -0,0 +1,26 @@
+{
+  "distribution": {
+     "import_bookmarks": false,
+     "make_chrome_default": false,
+     "make_chrome_default_for_user": false,
+     "verbose_logging": true,
+     "skip_first_run_ui": true,
+     "suppress_first_run_default_browser_prompt": true
+  },
+  "browser": {
+     "has_seen_welcome_page" : true,
+     "check_default_browser" : false
+  },
+  "dns_prefetching": {
+    "enabled": false
+  },
+  "alternate_error_pages": {
+    "enabled": false
+  },
+  "hardware": {
+    "audio_capture_enabled": false
+  },
+  "default_apps": "noinstall",
+  "hide_web_store_icon": true,
+  "homepage": "https://www.gnu.org/software/guix"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..2fc40a0d2
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,829 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix gexp)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (basename pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://salsa.debian.org/chromium-team/chromium/tree/master/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://salsa.debian.org/chromium-team/chromium/raw/"
+          revision "/debian/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/Eloston/ungoogled-chromium
+(define (ungoogled-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/Eloston"
+                        "/ungoogled-chromium/" revision "/resources"
+                        "/patches/ungoogled-chromium/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; XXX: It would be great to have (upstream-patch ...), but the API
+;; at <https://chromium.googlesource.com/chromium/> can only return
+;; base64-encoded patches.
+
+(define %debian-revision "debian/68.0.3440.75-2")
+(define %gentoo-revision "a79be956bb7bbeaca245564ecb4a350b1203ca98")
+(define %inox-revision "8afa26a5ffb2e8ff52ac5b7bbdccc9f09290120e")
+(define %ungoogled-revision "55d1a2442dcd9efc574f6c4fa99804d5b8658e4e")
+
+(define %debian-patches
+  (list
+   ;; Bootstrap "GN" using system NSPR.
+   (debian-patch "system/nspr.patch" %debian-revision
+                 "0xywgsq14xdpfdf0wb5plv5jy2738zbwj7caj2i5g9s5zpdclhsv")
+   ;; Ditto for system libevent.
+   (debian-patch "system/event.patch" %debian-revision
+                 "0cq5kz5yi737vb3k8v67hrr38czqm3mj6g3swh765pmfzvx5inj6")
+   ;; Make PDFium use system OpenJPEG.
+   (debian-patch "system/openjpeg.patch" %debian-revision
+                 "0fxvbfvmimg0ykzhsk3l0kyvhz1fgbys51ldh950106yj6dszsmx")
+   ;; Make "Courgette" use system zlib instead of the bundled lzma.
+   (debian-patch "system/zlib.patch" %debian-revision
+                 "1fmkiw7xrhwadvjxkzpv8j5iih2ws59l3llsdrpapw1vybfyq9nr")
+   ;; Avoid dependency on Chromiums embedded libc++ when bootstrapping.
+   (debian-patch "gn/libcxx.patch" %debian-revision
+                 "02w94h9jd29jyvq09yxl9g31hk8j07qzr7rg23rhibhkn1rvg38x")
+   ;; Avoid dependency on Android tools.
+   (debian-patch "disable/android.patch" %debian-revision
+                 "06kxx1fx9yi52h2fka71i9qqp6jh4r3w890k77nihv8arnabc0nq")
+   ;; Do not show a warning about missing API keys.
+   (debian-patch "disable/google-api-warning.patch" %debian-revision
+                 "0vqi3n8i1vkp2cxmza7c60fl6d03195sax0ahrk1ksa04xjbkkqv")
+   ;; Don't override the home page set in master_preferences.
+   (debian-patch "disable/welcome-page.patch" %debian-revision
+                 "15c6a296mkqnjdqqq90kmapn56rykb7saz4bs16han6by8q07lbx")))
+
+(define %gentoo-patches
+  (list
+   ;; Fix error detecting system ffmpeg.
+   (gentoo-patch "chromium-ffmpeg-r1.patch" %gentoo-revision
+                 "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a")
+   ;; Add missing <string> #include.
+   (gentoo-patch "chromium-cors-string-r0.patch" %gentoo-revision
+                 "075lgl6g8rih21adsr3hf2mm0qm16s4w2h4h1qjh652sl941w57l")))
+
+(define %inox-patches
+  (list
+   ;; Fix build without the "safe browsing" feature.
+   (inox-patch "0001-fix-building-without-safebrowsing.patch" %inox-revision
+               "0qchqc3i772drx0c8n44yhkx45fgdvd0h325w0qvaqrakzixbmr4")
+   ;; Use sane defaults.  In particular, don't depend on any Google services.
+   (inox-patch "0006-modify-default-prefs.patch" %inox-revision
+               "0sbvs6l80h8ar8na6065ihqnmcsr1b4zc21jcs2wzkrjlxsgspw6")
+   ;; Recent versions of Chromium may load a remote search engine on the "New
+   ;; Tab Page", which causes unnecessary and involuntary network traffic.
+   (inox-patch "0008-restore-classic-ntp.patch" %inox-revision
+               "16z5accrri90s922n1r6nj8rqss3g7f579dwwzkk2hdxbkc9wzyr")
+   ;; Add DuckDuckGo and use it as the default search engine.
+   (inox-patch "0011-add-duckduckgo-search-engine.patch" %inox-revision
+               "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg")
+   ;; Don't start a "Login Wizard" at first launch.
+   (inox-patch "0018-disable-first-run-behaviour.patch" %inox-revision
+               "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb")))
+
+(define %ungoogled-patches
+  (list
+   ;; Disable browser sign-in to prevent leaking data at launch.
+   (ungoogled-patch "disable-signin.patch" %ungoogled-revision
+                    "0a6akb10bzk6z6nhqa211y8rbj0ibdhhg5n92482q9sikavd8hz0")))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            (substitute-keyword-arguments (package-arguments opus)
+              ((#:configure-flags flags ''())
+               ;; Opus Custom is an optional extension of the Opus
+               ;; specification that allows for unsupported frame
+               ;; sizes.  Chromium requires that this is enabled.
+               `(cons "--enable-custom-modes"
+                      ,flags))))))
+
+(define libvpx/chromium
+  ;; Chromium 66 and later requires an unreleased libvpx, so we take the
+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
+  ;; XXX: Might as well reuse Chromium source.
+  (let ((version (package-version libvpx))
+        (commit "e27a331778c4c99ec37262ea786a3b4cc2a491ac")
+        (revision "0"))
+    (package
+      (inherit libvpx)
+      (name "libvpx-chromium")
+      (version (git-version version revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://chromium.googlesource.com/webm/libvpx")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "03a0443dnfn6l2v19qpw7p7k29v98c5b5hl4br93czgq0wi29m1g")))))))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "68.0.3440.84")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com"
+                                  "/chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1nf9xha7ncnh8g1g4c8hzk03f8ya7nd0xzwij9zs7n0qmrkx2c8h"))
+              (patches (append %debian-patches
+                               %gentoo-patches
+                               %inox-patches
+                               %ungoogled-patches
+                               (search-patches "chromium-gcc-unique-ptr.patch"
+                                               "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (srfi srfi-26)
+                         (ice-9 ftw)
+                         (ice-9 match)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-club
+                         (map
+                          (lambda (path)
+                            ;; Prepend paths with "./" for comparison with ftw.
+                            (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize"
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party/bsdiff"
+                           "courgette/third_party/divsufsort"
+                           "net/third_party/http2"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "net/third_party/spdy"
+                           "net/third_party/quic"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/angle/third_party/glslang"
+                           "third_party/angle/third_party/spirv-headers"
+                           "third_party/angle/third_party/spirv-tools"
+                           "third_party/angle/third_party/vulkan-validation-layers"
+                           "third_party/apple_apsl" ;XXX add APSL2.0 license
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crashpad"
+                           (string-append "third_party/crashpad/crashpad/"
+                                          "third_party/zlib/zlib_crashpad.h")
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libaom"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"
+                           "third_party/libsync"   ;TODO: package
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/ots"
+                           ;; TODO: Build as extension.
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party/agg23"
+                           "third_party/pdfium/third_party/base"
+                           "third_party/pdfium/third_party/bigint"
+                           "third_party/pdfium/third_party/skia_shared"
+                           (string-append "third_party/pdfium/third_party/freetype"
+                                          "/include/pstables.h")
+                           "third_party/perfetto"
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/pyjson5"
+                           "third_party/qcms"
+                           "third_party/rnnoise"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/skcms"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party/llvm-subzero"
+                           "third_party/swiftshader/third_party/subzero"
+                           "third_party/s2cellid"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/utf8-decoder"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/antlr4"
+                           "v8/third_party/inspector_protocol"))))
+
+                    (define (empty? dir)
+                      (equal? (scandir dir) '("." "..")))
+
+                    (define (third_party? file)
+                      (if (string-contains file "third_party/")
+                          #t
+                          #f))
+
+                    (define (useless? file)
+                      (any (cute string-suffix? <> file)
+                           '(".tar.gz" ".zip" ".exe" ".jar")))
+
+                    (define (parents child)
+                      (let ((lst (reverse (string-split child #\/))))
+                        (let loop ((hierarchy lst)
+                                   (result '()))
+                          (if (or (null? hierarchy)
+                                  (and (not (null? result))
+                                       (string-suffix? "third_party" (car result))))
+                              result
+                              (loop (cdr hierarchy)
+                                    (cons (string-join (reverse hierarchy) "/")
+                                          result))))))
+
+                    (define (delete-unwanted-files child stat flag base level)
+                      (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
+                        (match flag
+                          ((or 'regular 'symlink 'stale-symlink)
+                           (when (third_party? child)
+                             (unless (or (member child preserved-club)
+                                         (any (cute member <> preserved-club)
+                                              (parents child))
+                                         (regexp-exec protected child))
+                               (format (current-error-port) "deleting ~s~%" child)
+                               (delete-file child)))
+                           (when (and (useless? child) (file-exists? child))
+                             (delete-file child))
+                           #t)
+                          ('directory-processed
+                           (when (empty? child)
+                             (rmdir child))
+                           #t)
+                          (_ #t))))
+
+                    (nftw "." delete-unwanted-files 'depth 'physical)
+
+                    ;; Assert that each listed item is present to catch removals.
+                    (for-each (lambda (third-party)
+                                (unless (file-exists? third-party)
+                                  (error (format #f "~s does not exist!" third-party))))
+                              preserved-club)
+
+                    ;; Replace "GN" files from third_party with shims for
+                    ;; building against system libraries.  Keep this list in
+                    ;; sync with "build/linux/unbundle/replace_gn_files.py".
+                    (for-each (lambda (pair)
+                                (let ((source (string-append
+                                               "build/linux/unbundle/" (car pair)))
+                                      (dest (cdr pair)))
+                                  (copy-file source dest)))
+                              (list
+                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+                               '("flac.gn" . "third_party/flac/BUILD.gn")
+                               '("fontconfig.gn" . "third_party/fontconfig/BUILD.gn")
+                               '("freetype.gn" . "build/config/freetype/freetype.gni")
+                               '("harfbuzz-ng.gn" .
+                                 "third_party/harfbuzz-ng/harfbuzz.gni")
+                               '("icu.gn" . "third_party/icu/BUILD.gn")
+                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+                               '("libjpeg.gn" . "third_party/libjpeg.gni")
+                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
+                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+                               '("libxml.gn" . "third_party/libxml/BUILD.gn")
+                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
+                               '("opus.gn" . "third_party/opus/BUILD.gn")
+                               '("re2.gn" . "third_party/re2/BUILD.gn")
+                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
+                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+                    #t)))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (srfi srfi-26))
+       #:configure-flags
+       ;; See tools/gn/docs/cookbook.md and
+       ;; https://www.chromium.org/developers/gn-build-configuration
+       ;; for usage.  Run "./gn args . --list" in the Release
+       ;; directory for an exhaustive list of supported flags.
+       ;; (Note: The 'configure' phase will do that for you.)
+       (list "is_debug=false"
+             "use_gold=false"
+             "use_lld=false"
+             "linux_use_bundled_binutils=false"
+             "use_custom_libcxx=false"
+             "use_sysroot=false"
+             "enable_precompiled_headers=false"
+             "goma_dir=\"\""
+             "enable_nacl=false"
+             "enable_nacl_nonsfi=false"
+             "use_allocator=\"none\""   ;don't use tcmalloc
+             "override_build_date=\"01 01 2000 05:00:00\""
+             "use_unofficial_version_number=false"
+
+             ;; Disable "safe browsing", which pulls in a dependency on
+             ;; the nonfree "unrar" program (as of m66).
+             "safe_browsing_mode=0"
+
+             ;; Define a custom toolchain that simply looks up CC, AR and
+             ;; friends from the environment.
+             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+             ;; Don't assume it's clang.
+             "is_clang=false"
+
+             ;; Optimize for building everything at once, as opposed to
+             ;; incrementally for development.  See "docs/jumbo.md".
+             "use_jumbo_build=true"
+
+             ;; Disable debugging features to save space.
+             "symbol_level=0"
+             "remove_webcore_debug_symbols=true"
+             "enable_iterator_debugging=false"
+
+             ;; Some of the unbundled libraries throws deprecation
+             ;; warnings, etc.  Ignore it.
+             "treat_warnings_as_errors=false"
+
+             ;; Don't add any API keys.  End users can set them in the
+             ;; environment if desired.  See
+             ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+             "use_official_google_api_keys=false"
+
+             ;; Disable "field trials".
+             "fieldtrial_testing_like_official_build=true"
+
+             ;; Disable Chrome Remote Desktop (aka Chromoting).
+             "enable_remoting=false"
+
+             ;; Use system libraries where possible.
+             "use_system_freetype=true"
+             "use_system_harfbuzz=true"
+             "use_system_lcms2=true"
+             "use_system_libjpeg=true"
+             "use_system_libpng=true"
+             "use_system_zlib=true"
+
+             "use_gnome_keyring=false"  ;deprecated by libsecret
+             "use_gtk3=true"
+             "use_openh264=true"
+             "use_xkbcommon=true"
+             "use_pulseaudio=true"
+             "link_pulseaudio=true"
+
+             ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+             "proprietary_codecs=true"
+             "ffmpeg_branding=\"Chrome\""
+
+             ;; WebRTC stuff.
+             "rtc_use_h264=true"
+             ;; Don't use bundled sources.
+             "rtc_build_json=false"
+             "rtc_build_libevent=false"
+             "rtc_build_libvpx=false"
+             "rtc_build_opus=false"
+             "rtc_build_ssl=false"
+
+             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
+             "rtc_build_usrsctp=true"   ;TODO: package this
+             (string-append "rtc_jsoncpp_root=\""
+                            (assoc-ref %build-inputs "jsoncpp")
+                            "/include/jsoncpp/json\"")
+             (string-append "rtc_ssl_root=\""
+                            (assoc-ref %build-inputs "openssl")
+                            "/include/openssl\""))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (find-files (string-append "third_party/webrtc/modules"
+                                                  "/audio_coding/codecs/opus")))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             (substitute*
+                 ;; XXX: Probably not needed for M69.
+                 "third_party/blink/renderer/platform/image-encoders/image_encoder.h"
+               (("#include \"third_party/libjpeg/") "#include \"")
+               (("#include \"third_party/libwebp/src/") "#include \""))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             #t))
+         (add-before 'configure 'prepare-build-environment
+           (lambda* (#:key inputs #:allow-other-keys)
+
+             ;; Make sure the right build tools are used.
+             (setenv "AR" "ar") (setenv "NM" "nm")
+             (setenv "CC" "gcc") (setenv "CXX" "g++")
+
+             ;; Work around <https://bugs.gnu.org/30756>.
+             (unsetenv "C_INCLUDE_PATH")
+             (unsetenv "CPLUS_INCLUDE_PATH")
+
+             ;; TODO: pre-compile instead. Avoids a race condition.
+             (setenv "PYTHONDONTWRITEBYTECODE" "1")
+
+             ;; XXX: How portable is this.
+             (mkdir-p "third_party/node/linux/node-linux-x64")
+             (symlink (string-append (assoc-ref inputs "node") "/bin")
+                      "third_party/node/linux/node-linux-x64/bin")
+
+             #t))
+         (add-after 'prepare-build-environment 'bootstrap-gn
+           (lambda _
+             (invoke "python" "tools/gn/bootstrap/bootstrap.py" "-s" "-v")))
+         (replace 'configure
+           (lambda* (#:key configure-flags #:allow-other-keys)
+             (let ((args (string-join configure-flags " ")))
+               (with-directory-excursion "out/Release"
+                 ;; Generate ninja build files.
+                 (invoke "./gn" "gen" "."
+                         (string-append "--args=" args))
+
+                 ;; Print the full list of supported arguments as well as
+                 ;; their current status for convenience.
+                 (format #t "Dumping configure flags...\n")
+                 (invoke "./gn" "args" "." "--list")))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (preferences    (assoc-ref inputs "master-preferences"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (mkdir-p lib)
+               (copy-file preferences (string-append lib "/master_preferences"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 ;; Add a thin wrapper to prevent the user from inadvertently
+                 ;; installing non-free software through the Web Store.
+                 ;; TODO: Discover extensions from the profile and pass
+                 ;; something like "--disable-extensions-except=...".
+                 (call-with-output-file exe
+                   (lambda (port)
+                     (format port
+                             "#!~a~@
+                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+                             then~@
+                               CHROMIUM_FLAGS=\" \\~@
+                                 --disable-background-networking \\~@
+                                 --disable-extensions \\~@
+                               \"~@
+                             fi~@
+                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+                             sh (string-append lib "/chromium"))))
+                 (chmod exe #o755)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("gcc" ,gcc-8)                        ;a recent compiler is required
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("master-preferences" ,(local-file "chromium-master-preferences.json"))
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ;;("libsrtp" ,libsrtp)
+       ("libvpx" ,libvpx/chromium)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openjpeg" ,openjpeg)                          ;PDFium only
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Chromium is a web browser designed for speed and security.  This
+version incorporates features from
+@url{https://github.com/gcarq/inox-patchset,the Inox patchset} and
+@url{https://github.com/Eloston/ungoogled-chromium,ungoogled-chromium} in
+order to protect the users privacy.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl2.0
+                   license:public-domain
+                   license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-gcc-unique-ptr.patch b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
new file mode 100644
index 000000000..9c9a9fc09
--- /dev/null
+++ b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
@@ -0,0 +1,33 @@
+Help GCC resolve <UrlIndex>.
+
+Taken from upstream:
+https://chromium.googlesource.com/chromium/src/+/56cb5f7da1025f6db869e840ed34d3b98b9ab899
+
+diff --git a/components/bookmarks/browser/bookmark_storage.cc b/components/bookmarks/browser/bookmark_storage.cc
+index 1633ba1..3ae0c62 100644
+--- a/components/bookmarks/browser/bookmark_storage.cc
++++ b/components/bookmarks/browser/bookmark_storage.cc
+@@ -158,6 +158,10 @@
+   url_index_ = std::make_unique<UrlIndex>(std::move(root_node_));
+ }
+ 
++std::unique_ptr<UrlIndex> BookmarkLoadDetails::owned_url_index() {
++  return std::move(url_index_);
++}
++
+ BookmarkPermanentNode* BookmarkLoadDetails::CreatePermanentNode(
+     BookmarkClient* client,
+     BookmarkNode::Type type) {
+diff --git a/components/bookmarks/browser/bookmark_storage.h b/components/bookmarks/browser/bookmark_storage.h
+index 08df5bb..0a1b1a1 100644
+--- a/components/bookmarks/browser/bookmark_storage.h
++++ b/components/bookmarks/browser/bookmark_storage.h
+@@ -104,7 +104,7 @@
+   bool ids_reassigned() const { return ids_reassigned_; }
+ 
+   void CreateUrlIndex();
+-  std::unique_ptr<UrlIndex> owned_url_index() { return std::move(url_index_); }
++  std::unique_ptr<UrlIndex> owned_url_index();
+ 
+  private:
+   // Creates one of the possible permanent nodes (bookmark bar node, other node
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..42363805b
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+ 
+ void InitializePrepopulatedPageList(
+     history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if 0
+   DCHECK(prepopulated_pages);
+   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
-- 
2.18.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 13:04                                           ` Marius Bakke
@ 2018-08-05 16:18                                             ` ng0
  2018-08-05 18:25                                               ` Marius Bakke
  2018-08-06  8:22                                             ` Oleg Pykhalov
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2018-08-05 16:18 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0

[-- Attachment #1: Type: text/plain, Size: 52202 bytes --]

Marius Bakke transcribed 47K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Hi Marius,
> >
> > any chance you had the time to update to a more recent version release
> > of Chromium?
> 
> Good news!  Please find Chromium 68 attached.

Cool :) I was halfway through updating chromium myself before
you've sent this.

> There are *a lot* of changes in this version.  Some highlights:
> 
> * It's using GCC 8 instead of Clang.
> * A bug in the source scrubber has been fixed, so .zip and .jar files
>   are now purged even if the parent directory is preserved.  Currently
>   we're reducing the uncompressed size from 4.3 GiB to 2.1 GiB.
> * External patches are now in an easier to manage format.
> * Upstream have discontinued the libvpx "experiment"; but still
>   require an unreleased version.
> * We're installing a "master_preferences" file, which allows us to
>   easily add defaults for new profiles.
> * All the various knobs for the build system have been moved to
>   #:configure-flags.  This should make it easier to create custom
>   Chromium variants based on this package (qtwebkit?).
> * The 'configure' phase will now print *all* supported flags for
>   convenience (I usually did this manually every now and then).
> * I've started cherry-picking patches from Ungoogled-Chromium in the
>   quest to reduce data transmission to Google.
> 
> TODO:
> 
> * There is still some data transmitted when starting the browser for the
>   first time.  It seems related to the "domain_reliability" component.
> * Remove remaining "Web Store" links.  Currently I've only found it in
>   settings, under "accessibility" and "fonts".
> * Opening settings transmits a bunch of data, the next version will
>   include the 'disable-translation-lang-fetch' patch from Inox.
> * PDFium is built, but does not seem to work (the 'install' phase
>   probably needs tweaking).  Might just disable it instead.

NixOS' nixpkgs has a patch for making their chromium build to take
packaged extensions and addons. This is not everything which is
required to make it work, but given enough time to think it through it
should be doable.

> As always, feedback very welcome.  Enjoy!
> 

> From a4e343c57d70344dd4cef51ccd37c2650c746b46 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
> 
> * gnu/packages/chromium.scm, gnu/packages/chromium-master-preferences.json,
> gnu/packages/patches/chromium-gcc-unique-ptr.patch,
> gnu/packages/patches/chromium-remove-default-history.patch: New files.
> * gnu/local.mk: Record it.
> ---
>  gnu/local.mk                                  |   3 +
>  gnu/packages/chromium-master-preferences.json |  26 +
>  gnu/packages/chromium.scm                     | 829 ++++++++++++++++++
>  .../patches/chromium-gcc-unique-ptr.patch     |  33 +
>  .../chromium-remove-default-history.patch     |  13 +
>  5 files changed, 904 insertions(+)
>  create mode 100644 gnu/packages/chromium-master-preferences.json
>  create mode 100644 gnu/packages/chromium.scm
>  create mode 100644 gnu/packages/patches/chromium-gcc-unique-ptr.patch
>  create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 4ed341df8..320f27c44 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -95,6 +95,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/packages/check.scm			\
>    %D%/packages/chemistry.scm			\
>    %D%/packages/chez.scm				\
> +  %D%/packages/chromium.scm			\
>    %D%/packages/ci.scm				\
>    %D%/packages/cinnamon.scm			\
>    %D%/packages/cluster.scm			\
> @@ -603,6 +604,8 @@ dist_patch_DATA =						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-gcc-unique-ptr.patch		\
> +  %D%/packages/patches/chromium-remove-default-history.patch	\
>    %D%/packages/patches/clang-3.5-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clang-6.0-libc-search-path.patch		\
> diff --git a/gnu/packages/chromium-master-preferences.json b/gnu/packages/chromium-master-preferences.json
> new file mode 100644
> index 000000000..0caa7cc4c
> --- /dev/null
> +++ b/gnu/packages/chromium-master-preferences.json
> @@ -0,0 +1,26 @@
> +{
> +  "distribution": {
> +     "import_bookmarks": false,
> +     "make_chrome_default": false,
> +     "make_chrome_default_for_user": false,
> +     "verbose_logging": true,
> +     "skip_first_run_ui": true,
> +     "suppress_first_run_default_browser_prompt": true
> +  },
> +  "browser": {
> +     "has_seen_welcome_page" : true,
> +     "check_default_browser" : false
> +  },
> +  "dns_prefetching": {
> +    "enabled": false
> +  },
> +  "alternate_error_pages": {
> +    "enabled": false
> +  },
> +  "hardware": {
> +    "audio_capture_enabled": false
> +  },
> +  "default_apps": "noinstall",
> +  "hide_web_store_icon": true,
> +  "homepage": "https://www.gnu.org/software/guix"
> +}
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..2fc40a0d2
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,829 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> +  #:use-module ((guix licenses) #:prefix license:)
> +  #:use-module (guix packages)
> +  #:use-module (guix gexp)
> +  #:use-module (guix download)
> +  #:use-module (guix git-download)
> +  #:use-module (guix utils)
> +  #:use-module (guix build-system gnu)
> +  #:use-module (gnu packages)
> +  #:use-module (gnu packages assembly)
> +  #:use-module (gnu packages base)
> +  #:use-module (gnu packages bison)
> +  #:use-module (gnu packages compression)
> +  #:use-module (gnu packages cups)
> +  #:use-module (gnu packages curl)
> +  #:use-module (gnu packages fontutils)
> +  #:use-module (gnu packages gcc)
> +  #:use-module (gnu packages ghostscript)
> +  #:use-module (gnu packages gl)
> +  #:use-module (gnu packages glib)
> +  #:use-module (gnu packages gnome)
> +  #:use-module (gnu packages gnuzilla)
> +  #:use-module (gnu packages gperf)
> +  #:use-module (gnu packages gtk)
> +  #:use-module (gnu packages icu4c)
> +  #:use-module (gnu packages image)
> +  #:use-module (gnu packages libevent)
> +  #:use-module (gnu packages libffi)
> +  #:use-module (gnu packages linux)
> +  #:use-module (gnu packages kerberos)
> +  #:use-module (gnu packages ninja)
> +  #:use-module (gnu packages node)
> +  #:use-module (gnu packages pciutils)
> +  #:use-module (gnu packages pkg-config)
> +  #:use-module (gnu packages pulseaudio)
> +  #:use-module (gnu packages python)
> +  #:use-module (gnu packages python-web)
> +  #:use-module (gnu packages regex)
> +  #:use-module (gnu packages serialization)
> +  #:use-module (gnu packages speech)
> +  #:use-module (gnu packages tls)
> +  #:use-module (gnu packages valgrind)
> +  #:use-module (gnu packages video)
> +  #:use-module (gnu packages xiph)
> +  #:use-module (gnu packages xml)
> +  #:use-module (gnu packages xdisorg)
> +  #:use-module (gnu packages xorg))
> +
> +(define (chromium-patch-file-name pathspec)
> +  (let ((patch-name (basename pathspec)))
> +    (if (string-prefix? "chromium-" patch-name)
> +        patch-name
> +        (string-append "chromium-" patch-name))))
> +
> +;; https://salsa.debian.org/chromium-team/chromium/tree/master/debian/patches
> +(define (debian-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://salsa.debian.org/chromium-team/chromium/raw/"
> +          revision "/debian/patches/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append
> +          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> +          "/chromium/files/" pathspec "?id=" revision))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> +                        revision "/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/Eloston/ungoogled-chromium
> +(define (ungoogled-patch pathspec revision hash)
> +  (origin
> +    (method url-fetch)
> +    (uri (string-append "https://raw.githubusercontent.com/Eloston"
> +                        "/ungoogled-chromium/" revision "/resources"
> +                        "/patches/ungoogled-chromium/" pathspec))
> +    (sha256 (base32 hash))
> +    (file-name (chromium-patch-file-name pathspec))))
> +
> +;; XXX: It would be great to have (upstream-patch ...), but the API
> +;; at <https://chromium.googlesource.com/chromium/> can only return
> +;; base64-encoded patches.
> +
> +(define %debian-revision "debian/68.0.3440.75-2")
> +(define %gentoo-revision "a79be956bb7bbeaca245564ecb4a350b1203ca98")
> +(define %inox-revision "8afa26a5ffb2e8ff52ac5b7bbdccc9f09290120e")
> +(define %ungoogled-revision "55d1a2442dcd9efc574f6c4fa99804d5b8658e4e")
> +
> +(define %debian-patches
> +  (list
> +   ;; Bootstrap "GN" using system NSPR.
> +   (debian-patch "system/nspr.patch" %debian-revision
> +                 "0xywgsq14xdpfdf0wb5plv5jy2738zbwj7caj2i5g9s5zpdclhsv")
> +   ;; Ditto for system libevent.
> +   (debian-patch "system/event.patch" %debian-revision
> +                 "0cq5kz5yi737vb3k8v67hrr38czqm3mj6g3swh765pmfzvx5inj6")
> +   ;; Make PDFium use system OpenJPEG.
> +   (debian-patch "system/openjpeg.patch" %debian-revision
> +                 "0fxvbfvmimg0ykzhsk3l0kyvhz1fgbys51ldh950106yj6dszsmx")
> +   ;; Make "Courgette" use system zlib instead of the bundled lzma.
> +   (debian-patch "system/zlib.patch" %debian-revision
> +                 "1fmkiw7xrhwadvjxkzpv8j5iih2ws59l3llsdrpapw1vybfyq9nr")
> +   ;; Avoid dependency on Chromiums embedded libc++ when bootstrapping.
> +   (debian-patch "gn/libcxx.patch" %debian-revision
> +                 "02w94h9jd29jyvq09yxl9g31hk8j07qzr7rg23rhibhkn1rvg38x")
> +   ;; Avoid dependency on Android tools.
> +   (debian-patch "disable/android.patch" %debian-revision
> +                 "06kxx1fx9yi52h2fka71i9qqp6jh4r3w890k77nihv8arnabc0nq")
> +   ;; Do not show a warning about missing API keys.
> +   (debian-patch "disable/google-api-warning.patch" %debian-revision
> +                 "0vqi3n8i1vkp2cxmza7c60fl6d03195sax0ahrk1ksa04xjbkkqv")
> +   ;; Don't override the home page set in master_preferences.
> +   (debian-patch "disable/welcome-page.patch" %debian-revision
> +                 "15c6a296mkqnjdqqq90kmapn56rykb7saz4bs16han6by8q07lbx")))
> +
> +(define %gentoo-patches
> +  (list
> +   ;; Fix error detecting system ffmpeg.
> +   (gentoo-patch "chromium-ffmpeg-r1.patch" %gentoo-revision
> +                 "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a")
> +   ;; Add missing <string> #include.
> +   (gentoo-patch "chromium-cors-string-r0.patch" %gentoo-revision
> +                 "075lgl6g8rih21adsr3hf2mm0qm16s4w2h4h1qjh652sl941w57l")))
> +
> +(define %inox-patches
> +  (list
> +   ;; Fix build without the "safe browsing" feature.
> +   (inox-patch "0001-fix-building-without-safebrowsing.patch" %inox-revision
> +               "0qchqc3i772drx0c8n44yhkx45fgdvd0h325w0qvaqrakzixbmr4")
> +   ;; Use sane defaults.  In particular, don't depend on any Google services.
> +   (inox-patch "0006-modify-default-prefs.patch" %inox-revision
> +               "0sbvs6l80h8ar8na6065ihqnmcsr1b4zc21jcs2wzkrjlxsgspw6")
> +   ;; Recent versions of Chromium may load a remote search engine on the "New
> +   ;; Tab Page", which causes unnecessary and involuntary network traffic.
> +   (inox-patch "0008-restore-classic-ntp.patch" %inox-revision
> +               "16z5accrri90s922n1r6nj8rqss3g7f579dwwzkk2hdxbkc9wzyr")
> +   ;; Add DuckDuckGo and use it as the default search engine.
> +   (inox-patch "0011-add-duckduckgo-search-engine.patch" %inox-revision
> +               "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg")
> +   ;; Don't start a "Login Wizard" at first launch.
> +   (inox-patch "0018-disable-first-run-behaviour.patch" %inox-revision
> +               "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb")))
> +
> +(define %ungoogled-patches
> +  (list
> +   ;; Disable browser sign-in to prevent leaking data at launch.
> +   (ungoogled-patch "disable-signin.patch" %ungoogled-revision
> +                    "0a6akb10bzk6z6nhqa211y8rbj0ibdhhg5n92482q9sikavd8hz0")))
> +
> +(define opus+custom
> +  (package (inherit opus)
> +           (name "opus+custom")
> +           (arguments
> +            (substitute-keyword-arguments (package-arguments opus)
> +              ((#:configure-flags flags ''())
> +               ;; Opus Custom is an optional extension of the Opus
> +               ;; specification that allows for unsupported frame
> +               ;; sizes.  Chromium requires that this is enabled.
> +               `(cons "--enable-custom-modes"
> +                      ,flags))))))
> +
> +(define libvpx/chromium
> +  ;; Chromium 66 and later requires an unreleased libvpx, so we take the
> +  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
> +  ;; XXX: Might as well reuse Chromium source.
> +  (let ((version (package-version libvpx))
> +        (commit "e27a331778c4c99ec37262ea786a3b4cc2a491ac")
> +        (revision "0"))
> +    (package
> +      (inherit libvpx)
> +      (name "libvpx-chromium")
> +      (version (git-version version revision commit))
> +      (source (origin
> +                (method git-fetch)
> +                (uri (git-reference
> +                      (url "https://chromium.googlesource.com/webm/libvpx")
> +                      (commit commit)))
> +                (file-name (git-file-name name version))
> +                (sha256
> +                 (base32
> +                  "03a0443dnfn6l2v19qpw7p7k29v98c5b5hl4br93czgq0wi29m1g")))))))
> +
> +(define-public chromium
> +  (package
> +    (name "chromium")
> +    (version "68.0.3440.84")
> +    (synopsis "Graphical web browser")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append "https://commondatastorage.googleapis.com"
> +                                  "/chromium-browser-official/chromium-"
> +                                  version ".tar.xz"))
> +              (sha256
> +               (base32
> +                "1nf9xha7ncnh8g1g4c8hzk03f8ya7nd0xzwij9zs7n0qmrkx2c8h"))
> +              (patches (append %debian-patches
> +                               %gentoo-patches
> +                               %inox-patches
> +                               %ungoogled-patches
> +                               (search-patches "chromium-gcc-unique-ptr.patch"
> +                                               "chromium-remove-default-history.patch")))
> +              (modules '((srfi srfi-1)
> +                         (srfi srfi-26)
> +                         (ice-9 ftw)
> +                         (ice-9 match)
> +                         (ice-9 regex)
> +                         (guix build utils)))
> +              (snippet
> +               '(begin
> +                  (let ((preserved-club

Once we merge this into master, can we document the update procedure?
Or even better, write an update script if possible? For me it was 40%
hit everything which doesn't move and take what's left over and 60%
reading. I understand the code, but some people might want an
explanation for how it's decided which folder gets to stay.

> +                         (map
> +                          (lambda (path)
> +                            ;; Prepend paths with "./" for comparison with ftw.
> +                            (string-append "./" path))
> +                          (list
> +                           "base/third_party/dmg_fp"
> +                           "base/third_party/dynamic_annotations"
> +                           "base/third_party/icu"
> +                           "base/third_party/superfasthash"
> +                           "base/third_party/symbolize"
> +                           "base/third_party/xdg_mime"
> +                           "base/third_party/xdg_user_dirs"
> +                           "chrome/third_party/mozilla_security_manager"
> +                           "courgette/third_party/bsdiff"
> +                           "courgette/third_party/divsufsort"
> +                           "net/third_party/http2"
> +                           "net/third_party/mozilla_security_manager"
> +                           "net/third_party/nss"
> +                           "net/third_party/spdy"
> +                           "net/third_party/quic"
> +                           "third_party/adobe/flash/flapper_version.h"
> +                           ;; FIXME: This is used in:
> +                           ;; * ui/webui/resources/js/analytics.js
> +                           ;; * ui/file_manager/
> +                           "third_party/analytics"
> +                           "third_party/angle"
> +                           "third_party/angle/src/common/third_party/base"
> +                           "third_party/angle/src/common/third_party/smhasher"
> +                           "third_party/angle/src/third_party/compiler"
> +                           "third_party/angle/src/third_party/libXNVCtrl"
> +                           "third_party/angle/src/third_party/trace_event"
> +                           "third_party/angle/third_party/glslang"
> +                           "third_party/angle/third_party/spirv-headers"
> +                           "third_party/angle/third_party/spirv-tools"
> +                           "third_party/angle/third_party/vulkan-validation-layers"
> +                           "third_party/apple_apsl" ;XXX add APSL2.0 license
> +                           "third_party/blink"
> +                           "third_party/boringssl"
> +                           "third_party/boringssl/src/third_party/fiat"
> +                           "third_party/breakpad"
> +                           "third_party/brotli"
> +                           "third_party/cacheinvalidation"
> +                           "third_party/catapult"
> +                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> +                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> +                           "third_party/catapult/third_party/polymer"
> +                           "third_party/catapult/tracing/third_party/d3"
> +                           "third_party/catapult/tracing/third_party/gl-matrix"
> +                           "third_party/catapult/tracing/third_party/jszip"
> +                           "third_party/catapult/tracing/third_party/mannwhitneyu"
> +                           "third_party/catapult/tracing/third_party/oboe"
> +                           "third_party/catapult/tracing/third_party/pako"
> +                           "third_party/ced"
> +                           "third_party/cld_3"
> +                           "third_party/crashpad"
> +                           (string-append "third_party/crashpad/crashpad/"
> +                                          "third_party/zlib/zlib_crashpad.h")
> +                           "third_party/crc32c"
> +                           "third_party/cros_system_api"
> +                           "third_party/dom_distiller_js"
> +                           "third_party/fips181"
> +                           "third_party/flatbuffers"
> +                           "third_party/glslang-angle"
> +                           "third_party/google_input_tools"
> +                           "third_party/google_input_tools/third_party/closure_library"
> +                           (string-append "third_party/google_input_tools/third_party"
> +                                          "/closure_library/third_party/closure")
> +                           "third_party/googletest"
> +                           "third_party/hunspell"
> +                           "third_party/iccjpeg"
> +                           "third_party/inspector_protocol"
> +                           "third_party/jinja2"
> +                           "third_party/jstemplate"
> +                           "third_party/khronos"
> +                           "third_party/leveldatabase"
> +                           "third_party/libXNVCtrl"
> +                           "third_party/libaddressinput"
> +                           "third_party/libaom"
> +                           "third_party/libjingle_xmpp"
> +                           "third_party/libphonenumber"
> +                           "third_party/libsecret" ;FIXME: needs pkg-config support.
> +                           "third_party/libsrtp"
> +                           "third_party/libsync"   ;TODO: package
> +                           "third_party/libudev"
> +                           "third_party/libwebm"
> +                           "third_party/libxml"
> +                           "third_party/libyuv"
> +                           "third_party/lss"
> +                           "third_party/markupsafe"
> +                           "third_party/mesa"
> +                           "third_party/metrics_proto"
> +                           "third_party/modp_b64"
> +                           "third_party/node"
> +                           (string-append "third_party/node/node_modules/"
> +                                          "polymer-bundler/lib/third_party/UglifyJS2")
> +                           "third_party/ots"
> +                           ;; TODO: Build as extension.
> +                           "third_party/pdfium"
> +                           "third_party/pdfium/third_party/agg23"
> +                           "third_party/pdfium/third_party/base"
> +                           "third_party/pdfium/third_party/bigint"
> +                           "third_party/pdfium/third_party/skia_shared"
> +                           (string-append "third_party/pdfium/third_party/freetype"
> +                                          "/include/pstables.h")
> +                           "third_party/perfetto"
> +                           "third_party/ply"
> +                           "third_party/polymer"
> +                           "third_party/protobuf"
> +                           "third_party/protobuf/third_party/six"
> +                           "third_party/pyjson5"
> +                           "third_party/qcms"
> +                           "third_party/rnnoise"
> +                           "third_party/sfntly"
> +                           "third_party/skia"
> +                           "third_party/skia/third_party/skcms"
> +                           "third_party/skia/third_party/vulkan"
> +                           "third_party/skia/third_party/gif"
> +                           "third_party/smhasher"
> +                           "third_party/speech-dispatcher"
> +                           "third_party/sqlite"
> +                           "third_party/swiftshader"
> +                           "third_party/swiftshader/third_party/llvm-subzero"
> +                           "third_party/swiftshader/third_party/subzero"
> +                           "third_party/s2cellid"
> +                           "third_party/usb_ids"
> +                           "third_party/usrsctp"
> +                           "third_party/WebKit"
> +                           "third_party/web-animations-js"
> +                           "third_party/webrtc"
> +                           "third_party/webrtc_overrides"
> +                           "third_party/widevine/cdm/widevine_cdm_version.h"
> +                           "third_party/widevine/cdm/widevine_cdm_common.h"
> +                           "third_party/woff2"
> +                           "third_party/xdg-utils"
> +                           "third_party/yasm/run_yasm.py"
> +                           "third_party/zlib/google"
> +                           "url/third_party/mozilla"
> +                           "v8/src/third_party/utf8-decoder"
> +                           "v8/src/third_party/valgrind"
> +                           "v8/third_party/antlr4"
> +                           "v8/third_party/inspector_protocol"))))
> +
> +                    (define (empty? dir)
> +                      (equal? (scandir dir) '("." "..")))
> +
> +                    (define (third_party? file)
> +                      (if (string-contains file "third_party/")
> +                          #t
> +                          #f))
> +
> +                    (define (useless? file)
> +                      (any (cute string-suffix? <> file)
> +                           '(".tar.gz" ".zip" ".exe" ".jar")))
> +
> +                    (define (parents child)
> +                      (let ((lst (reverse (string-split child #\/))))
> +                        (let loop ((hierarchy lst)
> +                                   (result '()))
> +                          (if (or (null? hierarchy)
> +                                  (and (not (null? result))
> +                                       (string-suffix? "third_party" (car result))))
> +                              result
> +                              (loop (cdr hierarchy)
> +                                    (cons (string-join (reverse hierarchy) "/")
> +                                          result))))))
> +
> +                    (define (delete-unwanted-files child stat flag base level)
> +                      (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
> +                        (match flag
> +                          ((or 'regular 'symlink 'stale-symlink)
> +                           (when (third_party? child)
> +                             (unless (or (member child preserved-club)
> +                                         (any (cute member <> preserved-club)
> +                                              (parents child))
> +                                         (regexp-exec protected child))
> +                               (format (current-error-port) "deleting ~s~%" child)
> +                               (delete-file child)))
> +                           (when (and (useless? child) (file-exists? child))
> +                             (delete-file child))
> +                           #t)
> +                          ('directory-processed
> +                           (when (empty? child)
> +                             (rmdir child))
> +                           #t)
> +                          (_ #t))))
> +
> +                    (nftw "." delete-unwanted-files 'depth 'physical)
> +
> +                    ;; Assert that each listed item is present to catch removals.
> +                    (for-each (lambda (third-party)
> +                                (unless (file-exists? third-party)
> +                                  (error (format #f "~s does not exist!" third-party))))
> +                              preserved-club)
> +
> +                    ;; Replace "GN" files from third_party with shims for
> +                    ;; building against system libraries.  Keep this list in
> +                    ;; sync with "build/linux/unbundle/replace_gn_files.py".
> +                    (for-each (lambda (pair)
> +                                (let ((source (string-append
> +                                               "build/linux/unbundle/" (car pair)))
> +                                      (dest (cdr pair)))
> +                                  (copy-file source dest)))
> +                              (list
> +                               '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> +                               '("flac.gn" . "third_party/flac/BUILD.gn")
> +                               '("fontconfig.gn" . "third_party/fontconfig/BUILD.gn")
> +                               '("freetype.gn" . "build/config/freetype/freetype.gni")
> +                               '("harfbuzz-ng.gn" .
> +                                 "third_party/harfbuzz-ng/harfbuzz.gni")
> +                               '("icu.gn" . "third_party/icu/BUILD.gn")
> +                               '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> +                               '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> +                               '("libjpeg.gn" . "third_party/libjpeg.gni")
> +                               '("libpng.gn" . "third_party/libpng/BUILD.gn")
> +                               '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> +                               '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> +                               '("libxml.gn" . "third_party/libxml/BUILD.gn")
> +                               '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> +                               '("openh264.gn" . "third_party/openh264/BUILD.gn")
> +                               '("opus.gn" . "third_party/opus/BUILD.gn")
> +                               '("re2.gn" . "third_party/re2/BUILD.gn")
> +                               '("snappy.gn" . "third_party/snappy/BUILD.gn")
> +                               '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> +                               '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> +                    #t)))))
> +    (build-system gnu-build-system)
> +    (arguments
> +     `(#:tests? #f
> +       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> +       ;; it overrides the RUNPATH set by the linker.
> +       #:validate-runpath? #f
> +       #:modules ((guix build gnu-build-system)
> +                  (guix build utils)
> +                  (ice-9 ftw)
> +                  (ice-9 regex)
> +                  (srfi srfi-26))
> +       #:configure-flags
> +       ;; See tools/gn/docs/cookbook.md and
> +       ;; https://www.chromium.org/developers/gn-build-configuration
> +       ;; for usage.  Run "./gn args . --list" in the Release
> +       ;; directory for an exhaustive list of supported flags.
> +       ;; (Note: The 'configure' phase will do that for you.)
> +       (list "is_debug=false"
> +             "use_gold=false"
> +             "use_lld=false"
> +             "linux_use_bundled_binutils=false"
> +             "use_custom_libcxx=false"
> +             "use_sysroot=false"
> +             "enable_precompiled_headers=false"
> +             "goma_dir=\"\""
> +             "enable_nacl=false"
> +             "enable_nacl_nonsfi=false"
> +             "use_allocator=\"none\""   ;don't use tcmalloc
> +             "override_build_date=\"01 01 2000 05:00:00\""
> +             "use_unofficial_version_number=false"
> +
> +             ;; Disable "safe browsing", which pulls in a dependency on
> +             ;; the nonfree "unrar" program (as of m66).
> +             "safe_browsing_mode=0"
> +
> +             ;; Define a custom toolchain that simply looks up CC, AR and
> +             ;; friends from the environment.
> +             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
> +             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
> +
> +             ;; Don't assume it's clang.
> +             "is_clang=false"
> +
> +             ;; Optimize for building everything at once, as opposed to
> +             ;; incrementally for development.  See "docs/jumbo.md".
> +             "use_jumbo_build=true"
> +
> +             ;; Disable debugging features to save space.
> +             "symbol_level=0"
> +             "remove_webcore_debug_symbols=true"
> +             "enable_iterator_debugging=false"
> +
> +             ;; Some of the unbundled libraries throws deprecation
> +             ;; warnings, etc.  Ignore it.
> +             "treat_warnings_as_errors=false"
> +
> +             ;; Don't add any API keys.  End users can set them in the
> +             ;; environment if desired.  See
> +             ;; <https://www.chromium.org/developers/how-tos/api-keys>.
> +             "use_official_google_api_keys=false"
> +
> +             ;; Disable "field trials".
> +             "fieldtrial_testing_like_official_build=true"
> +
> +             ;; Disable Chrome Remote Desktop (aka Chromoting).
> +             "enable_remoting=false"
> +
> +             ;; Use system libraries where possible.
> +             "use_system_freetype=true"
> +             "use_system_harfbuzz=true"
> +             "use_system_lcms2=true"
> +             "use_system_libjpeg=true"
> +             "use_system_libpng=true"
> +             "use_system_zlib=true"
> +
> +             "use_gnome_keyring=false"  ;deprecated by libsecret
> +             "use_gtk3=true"
> +             "use_openh264=true"
> +             "use_xkbcommon=true"
> +             "use_pulseaudio=true"
> +             "link_pulseaudio=true"
> +
> +             ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> +             "proprietary_codecs=true"
> +             "ffmpeg_branding=\"Chrome\""
> +
> +             ;; WebRTC stuff.
> +             "rtc_use_h264=true"
> +             ;; Don't use bundled sources.
> +             "rtc_build_json=false"
> +             "rtc_build_libevent=false"
> +             "rtc_build_libvpx=false"
> +             "rtc_build_opus=false"
> +             "rtc_build_ssl=false"
> +
> +             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
> +             "rtc_build_usrsctp=true"   ;TODO: package this
> +             (string-append "rtc_jsoncpp_root=\""
> +                            (assoc-ref %build-inputs "jsoncpp")
> +                            "/include/jsoncpp/json\"")
> +             (string-append "rtc_ssl_root=\""
> +                            (assoc-ref %build-inputs "openssl")
> +                            "/include/openssl\""))
> +       #:phases
> +       (modify-phases %standard-phases
> +         (add-after 'unpack 'patch-stuff
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (substitute* "printing/cups_config_helper.py"
> +               (("cups_config =.*")
> +                (string-append "cups_config = '" (assoc-ref inputs "cups")
> +                               "/bin/cups-config'\n")))
> +
> +             (substitute*
> +                 '("base/process/launch_posix.cc"
> +                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
> +                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> +                   "sandbox/linux/services/credentials.cc"
> +                   "sandbox/linux/services/namespace_utils.cc"
> +                   "sandbox/linux/services/syscall_wrappers.cc"
> +                   "sandbox/linux/syscall_broker/broker_host.cc")

Not related to this section, but: NixOS has a "sandbox" output for Chromium
which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
Nix/NixOS specific, maybe we can add that.

> +               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> +             (for-each (lambda (file)
> +                         (substitute* file
> +                           ;; Fix opus include path.
> +                           ;; Do not substitute opus_private.h.
> +                           (("#include \"opus\\.h\"")
> +                            "#include \"opus/opus.h\"")
> +                           (("#include \"opus_custom\\.h\"")
> +                            "#include \"opus/opus_custom.h\"")
> +                           (("#include \"opus_defines\\.h\"")
> +                            "#include \"opus/opus_defines.h\"")
> +                           (("#include \"opus_multistream\\.h\"")
> +                            "#include \"opus/opus_multistream.h\"")
> +                           (("#include \"opus_types\\.h\"")
> +                            "#include \"opus/opus_types.h\"")))
> +                       (find-files (string-append "third_party/webrtc/modules"
> +                                                  "/audio_coding/codecs/opus")))
> +
> +             (substitute* "chrome/common/chrome_paths.cc"
> +               (("/usr/share/chromium/extensions")
> +                ;; TODO: Add ~/.guix-profile.
> +                "/run/current-system/profile/share/chromium/extensions"))
> +
> +             (substitute*
> +                 ;; XXX: Probably not needed for M69.
> +                 "third_party/blink/renderer/platform/image-encoders/image_encoder.h"
> +               (("#include \"third_party/libjpeg/") "#include \"")
> +               (("#include \"third_party/libwebp/src/") "#include \""))
> +
> +             (substitute*
> +                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> +               (("include \"third_party/curl") "include \"curl"))
> +             (substitute* "media/base/decode_capabilities.cc"
> +               (("third_party/libvpx/source/libvpx/") ""))
> +
> +             #t))
> +         (add-before 'configure 'prepare-build-environment
> +           (lambda* (#:key inputs #:allow-other-keys)
> +
> +             ;; Make sure the right build tools are used.
> +             (setenv "AR" "ar") (setenv "NM" "nm")
> +             (setenv "CC" "gcc") (setenv "CXX" "g++")
> +
> +             ;; Work around <https://bugs.gnu.org/30756>.
> +             (unsetenv "C_INCLUDE_PATH")
> +             (unsetenv "CPLUS_INCLUDE_PATH")
> +
> +             ;; TODO: pre-compile instead. Avoids a race condition.
> +             (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +
> +             ;; XXX: How portable is this.
> +             (mkdir-p "third_party/node/linux/node-linux-x64")
> +             (symlink (string-append (assoc-ref inputs "node") "/bin")
> +                      "third_party/node/linux/node-linux-x64/bin")
> +
> +             #t))
> +         (add-after 'prepare-build-environment 'bootstrap-gn
> +           (lambda _
> +             (invoke "python" "tools/gn/bootstrap/bootstrap.py" "-s" "-v")))
> +         (replace 'configure
> +           (lambda* (#:key configure-flags #:allow-other-keys)
> +             (let ((args (string-join configure-flags " ")))
> +               (with-directory-excursion "out/Release"
> +                 ;; Generate ninja build files.
> +                 (invoke "./gn" "gen" "."
> +                         (string-append "--args=" args))
> +
> +                 ;; Print the full list of supported arguments as well as
> +                 ;; their current status for convenience.
> +                 (format #t "Dumping configure flags...\n")
> +                 (invoke "./gn" "args" "." "--list")))))
> +         (replace 'build
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (invoke "ninja" "-C" "out/Release"
> +                     "-j" (number->string (parallel-job-count))
> +                     "chrome")))
> +         (replace 'install
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let* ((out            (assoc-ref outputs "out"))
> +                    (bin            (string-append out "/bin"))
> +                    (exe            (string-append bin "/chromium"))
> +                    (lib            (string-append out "/lib"))
> +                    (man            (string-append out "/share/man/man1"))
> +                    (applications   (string-append out "/share/applications"))
> +                    (install-regexp (make-regexp "\\.(bin|pak)$"))
> +                    (locales        (string-append lib "/locales"))
> +                    (resources      (string-append lib "/resources"))
> +                    (preferences    (assoc-ref inputs "master-preferences"))
> +                    (gtk+           (assoc-ref inputs "gtk+"))
> +                    (mesa           (assoc-ref inputs "mesa"))
> +                    (nss            (assoc-ref inputs "nss"))
> +                    (udev           (assoc-ref inputs "udev"))
> +                    (sh             (which "sh")))
> +
> +               (substitute* '("chrome/app/resources/manpage.1.in"
> +                              "chrome/installer/linux/common/desktop.template")
> +                 (("@@MENUNAME@@") "Chromium")
> +                 (("@@PACKAGE@@") "chromium")
> +                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> +
> +               (mkdir-p man)
> +               (copy-file "chrome/app/resources/manpage.1.in"
> +                          (string-append man "/chromium.1"))
> +
> +               (mkdir-p applications)
> +               (copy-file "chrome/installer/linux/common/desktop.template"
> +                          (string-append applications "/chromium.desktop"))
> +
> +               (mkdir-p lib)
> +               (copy-file preferences (string-append lib "/master_preferences"))
> +
> +               (with-directory-excursion "out/Release"
> +                 (for-each (lambda (file)
> +                             (install-file file lib))
> +                           (scandir "." (cut regexp-exec install-regexp <>)))
> +                 (copy-file "chrome" (string-append lib "/chromium"))
> +
> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> +                 ;; "out/share/icons/hicolor/$size".

I have more icons here in my definition, the whole section looked like...

> +                 (install-file
> +                  "product_logo_48.png"
> +                  (string-append out "/share/icons/48x48/chromium.png"))

this:

+                 ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
+                 (for-each
+                  (lambda (file)
+                    (let* ((size (string-filter char-numeric? file))
+                           (icons (string-append out "/share/icons/hicolor/"
+                                                 size "x" size "/apps")))
+                      (mkdir-p icons)
+                      (copy-file file (string-append icons "/chromium.png"))))
+                  '("../../chrome/app/theme/chromium/product_logo_128.png"
+                    "../../chrome/app/theme/chromium/product_logo_22.png"
+                    "../../chrome/app/theme/chromium/product_logo_22_mono.png"
+                    "../../chrome/app/theme/chromium/product_logo_24.png"
+                    "../../chrome/app/theme/chromium/product_logo_256.png"
+                    "../../chrome/app/theme/chromium/product_logo_48.png"
+                    "../../chrome/app/theme/chromium/product_logo_64.png"))

> +
> +                 (copy-recursively "locales" locales)
> +                 (copy-recursively "resources" resources)
> +
> +                 (mkdir-p bin)
> +                 ;; Add a thin wrapper to prevent the user from inadvertently
> +                 ;; installing non-free software through the Web Store.
> +                 ;; TODO: Discover extensions from the profile and pass
> +                 ;; something like "--disable-extensions-except=...".
> +                 (call-with-output-file exe
> +                   (lambda (port)
> +                     (format port
> +                             "#!~a~@
> +                             if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> +                             then~@
> +                               CHROMIUM_FLAGS=\" \\~@
> +                                 --disable-background-networking \\~@
> +                                 --disable-extensions \\~@
> +                               \"~@
> +                             fi~@
> +                             exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> +                             sh (string-append lib "/chromium"))))
> +                 (chmod exe #o755)
> +
> +                 (wrap-program exe
> +                   ;; TODO: Get these in RUNPATH.
> +                   `("LD_LIBRARY_PATH" ":" prefix
> +                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> +                                      mesa "/lib:" udev "/lib")))
> +                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
> +                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> +                 #t)))))))
> +    (native-inputs
> +     `(("bison" ,bison)
> +       ("gcc" ,gcc-8)                        ;a recent compiler is required
> +       ("gperf" ,gperf)
> +       ("ninja" ,ninja)
> +       ("node" ,node)
> +       ("pkg-config" ,pkg-config)
> +       ("master-preferences" ,(local-file "chromium-master-preferences.json"))
> +       ("which" ,which)
> +       ("yasm" ,yasm)
> +
> +       ("python-beautifulsoup4" ,python2-beautifulsoup4)
> +       ("python-html5lib" ,python2-html5lib)
> +       ("python" ,python-2)))
> +    (inputs
> +     `(("alsa-lib" ,alsa-lib)
> +       ("atk" ,atk)
> +       ("cups" ,cups)
> +       ("curl" ,curl)
> +       ("dbus" ,dbus)
> +       ("dbus-glib" ,dbus-glib)
> +       ("expat" ,expat)
> +       ("flac" ,flac)
> +       ("ffmpeg" ,ffmpeg)
> +       ("fontconfig" ,fontconfig)
> +       ("freetype" ,freetype)
> +       ("gdk-pixbuf" ,gdk-pixbuf)
> +       ("glib" ,glib)
> +       ("gtk+" ,gtk+)
> +       ("harfbuzz" ,harfbuzz)
> +       ("icu4c" ,icu4c)
> +       ("jsoncpp" ,jsoncpp)
> +       ("lcms" ,lcms)
> +       ("libevent" ,libevent)
> +       ("libffi" ,libffi)
> +       ("libjpeg-turbo" ,libjpeg-turbo)
> +       ("libpng" ,libpng)
> +       ;;("libsrtp" ,libsrtp)
> +       ("libvpx" ,libvpx/chromium)
> +       ("libwebp" ,libwebp)
> +       ("libx11" ,libx11)
> +       ("libxcb" ,libxcb)
> +       ("libxcomposite" ,libxcomposite)
> +       ("libxcursor" ,libxcursor)
> +       ("libxdamage" ,libxdamage)
> +       ("libxext" ,libxext)
> +       ("libxfixes" ,libxfixes)
> +       ("libxi" ,libxi)
> +       ("libxkbcommon" ,libxkbcommon)
> +       ("libxml2" ,libxml2)
> +       ("libxrandr" ,libxrandr)
> +       ("libxrender" ,libxrender)
> +       ("libxscrnsaver" ,libxscrnsaver)
> +       ("libxslt" ,libxslt)
> +       ("libxtst" ,libxtst)
> +       ("mesa" ,mesa)
> +       ("minizip" ,minizip)
> +       ("mit-krb5" ,mit-krb5)
> +       ("nss" ,nss)
> +       ("openh264" ,openh264)
> +       ("openjpeg" ,openjpeg)                          ;PDFium only
> +       ("openssl" ,openssl)
> +       ("opus" ,opus+custom)
> +       ("pango" ,pango)
> +       ("pciutils" ,pciutils)
> +       ("pulseaudio" ,pulseaudio)
> +       ("re2" ,re2)
> +       ("snappy" ,snappy)
> +       ("speech-dispatcher" ,speech-dispatcher)
> +       ("udev" ,eudev)
> +       ("valgrind" ,valgrind)))
> +    (home-page "https://www.chromium.org/")
> +    (description
> +     "Chromium is a web browser designed for speed and security.  This
> +version incorporates features from
> +@url{https://github.com/gcarq/inox-patchset,the Inox patchset} and
> +@url{https://github.com/Eloston/ungoogled-chromium,ungoogled-chromium} in
> +order to protect the users privacy.")
> +    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> +    ;; components with other licenses.  For full information, see chrome://credits.
> +    (license (list license:bsd-3
> +                   license:bsd-2
> +                   license:expat
> +                   license:asl2.0
> +                   license:mpl2.0
> +                   license:public-domain
> +                   license:lgpl2.1+))))
> diff --git a/gnu/packages/patches/chromium-gcc-unique-ptr.patch b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
> new file mode 100644
> index 000000000..9c9a9fc09
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
> @@ -0,0 +1,33 @@
> +Help GCC resolve <UrlIndex>.
> +
> +Taken from upstream:
> +https://chromium.googlesource.com/chromium/src/+/56cb5f7da1025f6db869e840ed34d3b98b9ab899
> +
> +diff --git a/components/bookmarks/browser/bookmark_storage.cc b/components/bookmarks/browser/bookmark_storage.cc
> +index 1633ba1..3ae0c62 100644
> +--- a/components/bookmarks/browser/bookmark_storage.cc
> ++++ b/components/bookmarks/browser/bookmark_storage.cc
> +@@ -158,6 +158,10 @@
> +   url_index_ = std::make_unique<UrlIndex>(std::move(root_node_));
> + }
> + 
> ++std::unique_ptr<UrlIndex> BookmarkLoadDetails::owned_url_index() {
> ++  return std::move(url_index_);
> ++}
> ++
> + BookmarkPermanentNode* BookmarkLoadDetails::CreatePermanentNode(
> +     BookmarkClient* client,
> +     BookmarkNode::Type type) {
> +diff --git a/components/bookmarks/browser/bookmark_storage.h b/components/bookmarks/browser/bookmark_storage.h
> +index 08df5bb..0a1b1a1 100644
> +--- a/components/bookmarks/browser/bookmark_storage.h
> ++++ b/components/bookmarks/browser/bookmark_storage.h
> +@@ -104,7 +104,7 @@
> +   bool ids_reassigned() const { return ids_reassigned_; }
> + 
> +   void CreateUrlIndex();
> +-  std::unique_ptr<UrlIndex> owned_url_index() { return std::move(url_index_); }
> ++  std::unique_ptr<UrlIndex> owned_url_index();
> + 
> +  private:
> +   // Creates one of the possible permanent nodes (bookmark bar node, other node
> diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
> new file mode 100644
> index 000000000..42363805b
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-remove-default-history.patch
> @@ -0,0 +1,13 @@
> +Don't pre-populate the New Tab Page for new profiles.
> +
> +--- a/chrome/browser/history/top_sites_factory.cc
> ++++ b/chrome/browser/history/top_sites_factory.cc
> +@@ -74,7 +74,7 @@
> + 
> + void InitializePrepopulatedPageList(
> +     history::PrepopulatedPageList* prepopulated_pages) {
> +-#if !defined(OS_ANDROID)
> ++#if 0
> +   DCHECK(prepopulated_pages);
> +   prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
> +   for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
> -- 
> 2.18.0
> 




[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 16:18                                             ` ng0
@ 2018-08-05 18:25                                               ` Marius Bakke
  2018-08-05 20:32                                                 ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2018-08-05 18:25 UTC (permalink / raw)
  To: ng0; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2659 bytes --]

ng0 <ng0@n0.is> writes:

> Once we merge this into master, can we document the update procedure?
> Or even better, write an update script if possible? For me it was 40%
> hit everything which doesn't move and take what's left over and 60%
> reading. I understand the code, but some people might want an
> explanation for how it's decided which folder gets to stay.

The "preserved-club" are simply third_party directories that are
necessary for the build.  Removing any single one will cause the build
to fail (in theory, there might be outdated entries..).

It's difficult to automate because you don't know what's needed until
the build process starts and fails because of some missing dependency.

> Not related to this section, but: NixOS has a "sandbox" output for Chromium
> which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
> Nix/NixOS specific, maybe we can add that.

I guess that's for the SUID sandbox binary.  I haven't had a reason to
build that because the user namespace sandbox works just fine.  Perhaps
it's useful for distributions that don't have user namespaces enabled?

>> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
>> +                 ;; "out/share/icons/hicolor/$size".
>
> I have more icons here in my definition, the whole section looked like...
>
>> +                 (install-file
>> +                  "product_logo_48.png"
>> +                  (string-append out "/share/icons/48x48/chromium.png"))
>
> this:
>
> +                 ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> +                 (for-each
> +                  (lambda (file)
> +                    (let* ((size (string-filter char-numeric? file))
> +                           (icons (string-append out "/share/icons/hicolor/"
> +                                                 size "x" size "/apps")))
> +                      (mkdir-p icons)
> +                      (copy-file file (string-append icons "/chromium.png"))))
> +                  '("../../chrome/app/theme/chromium/product_logo_128.png"
> +                    "../../chrome/app/theme/chromium/product_logo_22.png"
> +                    "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> +                    "../../chrome/app/theme/chromium/product_logo_24.png"
> +                    "../../chrome/app/theme/chromium/product_logo_256.png"
> +                    "../../chrome/app/theme/chromium/product_logo_48.png"
> +                    "../../chrome/app/theme/chromium/product_logo_64.png"))

Nice.  Now the next step is to generate the latter list, maybe with
find-files?

Thanks for the feedback!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 18:25                                               ` Marius Bakke
@ 2018-08-05 20:32                                                 ` ng0
  2018-08-05 23:58                                                   ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-08-05 20:32 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0

[-- Attachment #1: Type: text/plain, Size: 3129 bytes --]

Marius Bakke transcribed 3.2K bytes:
> ng0 <ng0@n0.is> writes:
> 
> > Once we merge this into master, can we document the update procedure?
> > Or even better, write an update script if possible? For me it was 40%
> > hit everything which doesn't move and take what's left over and 60%
> > reading. I understand the code, but some people might want an
> > explanation for how it's decided which folder gets to stay.
> 
> The "preserved-club" are simply third_party directories that are
> necessary for the build.  Removing any single one will cause the build
> to fail (in theory, there might be outdated entries..).
> 
> It's difficult to automate because you don't know what's needed until
> the build process starts and fails because of some missing dependency.

Hm okay.
Yes, I noticed. But they usually fail very early, so it's just 4 - 20
minutes waiting depending on your harddrive and network speed.

> > Not related to this section, but: NixOS has a "sandbox" output for Chromium
> > which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
> > Nix/NixOS specific, maybe we can add that.
> 
> I guess that's for the SUID sandbox binary.  I haven't had a reason to
> build that because the user namespace sandbox works just fine.  Perhaps
> it's useful for distributions that don't have user namespaces enabled?

Maybe, it's worth investigating. I haven't looked at it very much.

> 
> >> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> >> +                 ;; "out/share/icons/hicolor/$size".
> >
> > I have more icons here in my definition, the whole section looked like...
> >
> >> +                 (install-file
> >> +                  "product_logo_48.png"
> >> +                  (string-append out "/share/icons/48x48/chromium.png"))
> >
> > this:
> >
> > +                 ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> > +                 (for-each
> > +                  (lambda (file)
> > +                    (let* ((size (string-filter char-numeric? file))
> > +                           (icons (string-append out "/share/icons/hicolor/"
> > +                                                 size "x" size "/apps")))
> > +                      (mkdir-p icons)
> > +                      (copy-file file (string-append icons "/chromium.png"))))
> > +                  '("../../chrome/app/theme/chromium/product_logo_128.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_22.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_24.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_256.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_48.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_64.png"))
> 
> Nice.  Now the next step is to generate the latter list, maybe with
> find-files?
> 
> Thanks for the feedback!

Thanks for your continued work on this monster ;)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 20:32                                                 ` ng0
@ 2018-08-05 23:58                                                   ` ng0
  2018-08-30 13:25                                                     ` ng0
  0 siblings, 1 reply; 152+ messages in thread
From: ng0 @ 2018-08-05 23:58 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004, ng0


[-- Attachment #1.1: Type: text/plain, Size: 195 bytes --]

It took a while because of the heat, but here's a fail log appended. I'm going to bed,
and I don't know when I have time to look into it. Maybe you get to work on it
earlier than myself.

Thanks

[-- Attachment #1.2: chromium68.txt --]
[-- Type: text/plain, Size: 32267 bytes --]

[13587/19325] CXX obj/chrome/browser/browser/browser_jumbo_2.o
FAILED: obj/chrome/browser/browser/browser_jumbo_2.o 
g++ -MMD -MF obj/chrome/browser/browser/browser_jumbo_2.o.d -DUSE_LIBSECRET -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DUSE_CUPS -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 
-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DGL_GLEXT_PROTOTYPES -DUSE_GLX -DUSE_EGL -DTOOLKIT_VIEWS=1 -DEXPAT_RELATIVE_PATH -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC -DUCHAR_TYPE=uint16_t 
-DU_IMPORT=U_EXPORT -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -DV8_USE_EXTERNAL_STARTUP_DATA -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY 
-DSK_HAS_JPEG_LIBRARY -DSK_SUPPORT_GPU=1 -DSK_GPU_WORKAROUNDS_HEADER=\"gpu/config/gpu_driver_bug_workaround_autogen.h\" -DLEVELDB_PLATFORM_CHROMIUM=1 -DWEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS=0 -DGTEST_RELATIVE_PATH 
-DWEBRTC_CHROMIUM_BUILD -DWEBRTC_POSIX -DWEBRTC_LINUX -DNO_MAIN_THREAD_WRAPPING -DI18N_ADDRESS_VALIDATION_DATA_URL=\"https://chromium-i18n.appspot.com/ssl-aggregate-address/\" -DUSE_SYSTEM_ZLIB=1 -DHUNSPELL_STATIC 
-DHUNSPELL_CHROME_CLIENT -DUSE_HUNSPELL -I. -I../.. -Igen -Igen/shim_headers/libevent_shim -Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/zlib_shim -Igen/shim_headers/libpng_shim 
-Igen/shim_headers/re2_shim -Igen/shim_headers/snappy_shim -Igen/shim_headers/libdrm_shim -I../../third_party/khronos -I../../gpu -I../../third_party/libyuv/include -Igen/shim_headers/ffmpeg_shim -Igen/shim_headers/libvpx_shim 
-Igen/shim_headers/opus_shim -Igen/shim_headers/openh264_shim -Igen/shim_headers/minizip_shim -Igen/shim_headers/flac_shim -I../../third_party/webrtc_overrides -I../../testing/gtest/include -I../../third_party/libyuv/include 
-I../../third_party/usrsctp/usrsctplib -I../../third_party/webrtc -I../../third_party/ced/src -I../../third_party/protobuf/src -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/boringssl/src/include 
-I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/encode 
-I../../third_party/skia/include/gpu -I../../third_party/skia/include/images -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf -I../../third_party/skia/include/pipe 
-I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl -I../../third_party/leveldatabase -I../../third_party/leveldatabase/src 
-I../../third_party/leveldatabase/src/include -I../../third_party/libwebm/source -I../../v8/include -Igen/v8/include -I../../third_party/webrtc_overrides -I../../third_party/webrtc -Igen/third_party/metrics_proto 
-I../../third_party/mesa/src/include -Igen -Igen -I../../third_party/libaddressinput/src/cpp/include -I../../third_party/perfetto/include -Igen/third_party/perfetto/protos -I../../third_party/cacheinvalidation/overrides 
-I../../third_party/cacheinvalidation/src -I../../third_party/flatbuffers/src/include -I../../third_party/webrtc_overrides -I../../testing/gtest/include -I../../third_party/webrtc -I../../third_party/libsecret 
-I../../third_party/breakpad/breakpad/src -Igen -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread -m64 
-march=x86-64 -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -fno-delete-null-pointer-checks -Wno-comments -Wno-missing-field-initializers -Wno-unused-parameter -O2 -fno-ident -fdata-sections 
-ffunction-sections -fno-omit-frame-pointer -g0 -fvisibility=hidden -isystem../../../../../gnu/store/x9lfcagl47zbb6krfpmwm31m70s9pk00-glib-2.56.0/include/glib-2.0 
-isystem../../../../../gnu/store/x9lfcagl47zbb6krfpmwm31m70s9pk00-glib-2.56.0/lib/glib-2.0/include -isystem../../../../../gnu/store/9xx9gzlgp20bzb9r9ksajwzdcpm0qs5z-nss-3.38/include/nss 
-isystem../../../../../gnu/store/714dy9b910rdvsy8i8bx6ln3ap032z2z-nspr-4.19/include/nspr -isystem../../../../../gnu/store/kl4fr813f98mh1zjs6bwkardgnrzxi8c-libxml2-2.9.8/include/libxml2 
-isystem../../../../../gnu/store/84dgv1gy1cyms37zlmykpsafbpwbm7xr-dbus-1.12.6/include/dbus-1.0 -isystem../../../../../gnu/store/84dgv1gy1cyms37zlmykpsafbpwbm7xr-dbus-1.12.6/lib/dbus-1.0/include -std=gnu++14 -Wno-narrowing 
-fno-exceptions -fno-rtti -fvisibility-inlines-hidden -c gen/chrome/browser/browser_jumbo_2.cc -o obj/chrome/browser/browser/browser_jumbo_2.o
In file included from gen/mojo/public/mojom/base/string16.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/device.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared.h:24,
                 from gen/device/usb/public/mojom/chooser_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:30,
                 from ../../chrome/browser/profiles/profile.h:18,
                 from ./../../chrome/browser/browsing_data/browsing_data_quota_helper_impl.cc:15,
                 from gen/chrome/browser/browser_jumbo_2.cc:6:
gen/mojo/public/mojom/base/big_buffer.mojom-shared-internal.h:30:48: warning: alignment 1 of ?mojo_base::mojom::internal::BigBuffer_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) BigBuffer_Data {
                                                ^~~~~~~~~~~~~~
In file included from gen/services/network/public/mojom/network_context.mojom-shared-internal.h:14,
                 from gen/services/network/public/mojom/network_service.mojom-shared-internal.h:13,
                 from gen/services/network/public/mojom/network_service.mojom-shared.h:24,
                 from gen/services/network/public/mojom/network_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:36,
                 from ../../chrome/browser/profiles/profile.h:18,
                 from ./../../chrome/browser/browsing_data/browsing_data_quota_helper_impl.cc:15,
                 from gen/chrome/browser/browser_jumbo_2.cc:6:
gen/mojo/public/mojom/base/values.mojom-shared-internal.h:31:48: warning: alignment 1 of ?mojo_base::mojom::internal::Value_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) Value_Data {
                                                ^~~~~~~~~~
In file included from gen/media/mojo/interfaces/video_decode_perf_history.mojom-shared-internal.h:12,
                 from gen/media/mojo/interfaces/video_decode_perf_history.mojom-shared.h:24,
                 from gen/media/mojo/interfaces/video_decode_perf_history.mojom.h:28,
                 from ../../media/mojo/services/video_decode_perf_history.h:18,
                 from ./../../chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc:93,
                 from gen/chrome/browser/browser_jumbo_2.cc:10:
gen/media/mojo/interfaces/media_types.mojom-shared-internal.h:89:8: warning: alignment 1 of ?media::mojom::internal::VideoFrameData_Data? is less than 8 [-Wpacked-not-aligned]
 class  VideoFrameData_Data {
        ^~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/budget_service/budget_service_impl.cc:13,
                 from gen/chrome/browser/browser_jumbo_2.cc:27:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:92:53: warning: alignment 1 of ?blink::mojom::internal::OpenResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) OpenResult_Data {
                                                     ^~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:171:53: warning: alignment 1 of ?blink::mojom::internal::MatchResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchResult_Data {
                                                     ^~~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:250:53: warning: alignment 1 of ?blink::mojom::internal::MatchAllResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchAllResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/budget_service/budget_service_impl.cc:13,
                 from gen/chrome/browser/browser_jumbo_2.cc:27:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:329:53: warning: alignment 1 of ?blink::mojom::internal::CacheKeysResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) CacheKeysResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~
In file included from gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom-shared.h:24,
                 from gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom.h:28,
                 from ../../services/resource_coordinator/public/cpp/memory_instrumentation/coordinator.h:8,
                 from ../../services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h:12,
                 from ../../chrome/browser/resource_coordinator/render_process_probe.h:17,
                 from ./../../chrome/browser/chrome_browser_main.cc:97,
                 from gen/chrome/browser/browser_jumbo_2.cc:31:
gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom-shared-internal.h:174:66: warning: alignment 1 of ?memory_instrumentation::mojom::internal::RawAllocatorDumpEntryValue_Data? is less 
than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(RESOURCE_COORDINATOR_PUBLIC_MOJOM_SHARED) RawAllocatorDumpEntryValue_Data {
                                                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/presentation/presentation.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/presentation/presentation.mojom.h:28,
                 from ../../content/public/browser/presentation_service_delegate.h:17,
                 from ../../chrome/browser/media/router/media_router.h:26,
                 from ../../chrome/browser/media/router/presentation/presentation_service_delegate_impl.h:20,
                 from ./../../chrome/browser/chrome_content_browser_client.cc:54,
                 from gen/chrome/browser/browser_jumbo_2.cc:34:
gen/third_party/blink/public/platform/modules/presentation/presentation.mojom-shared-internal.h:137:53: warning: alignment 1 of ?blink::mojom::internal::PresentationConnectionMessage_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) PresentationConnectionMessage_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from gen/services/preferences/public/mojom/preferences.mojom-shared.h:24,
                 from gen/services/preferences/public/mojom/preferences.mojom.h:28,
                 from ./../../chrome/browser/chrome_content_browser_client.cc:255,
                 from gen/chrome/browser/browser_jumbo_2.cc:34:
gen/services/preferences/public/mojom/preferences.mojom-shared-internal.h:174:8: warning: alignment 1 of ?prefs::mojom::internal::PrefUpdateValue_Data? is less than 8 [-Wpacked-not-aligned]
 class  PrefUpdateValue_Data {
        ^~~~~~~~~~~~~~~~~~~~
g++: fatal error: Killed signal terminated program cc1plus
compilation terminated.
[13588/19325] CXX obj/chrome/browser/browser/browser_jumbo_23.o
In file included from gen/mojo/public/mojom/base/string16.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/device.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared.h:24,
                 from gen/device/usb/public/mojom/chooser_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:30,
                 from ../../chrome/browser/browser_process_platform_part_base.h:11,
                 from ../../chrome/browser/browser_process_platform_part.h:20,
                 from ../../chrome/browser/browser_process.h:21,
                 from ./../../chrome/browser/printing/cloud_print/privet_url_fetcher.cc:22,
                 from gen/chrome/browser/browser_jumbo_23.cc:5:
gen/mojo/public/mojom/base/big_buffer.mojom-shared-internal.h:30:48: warning: alignment 1 of ?mojo_base::mojom::internal::BigBuffer_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) BigBuffer_Data {
                                                ^~~~~~~~~~~~~~
In file included from gen/services/network/public/mojom/network_context.mojom-shared-internal.h:14,
                 from gen/services/network/public/mojom/network_service.mojom-shared-internal.h:13,
                 from gen/services/network/public/mojom/network_service.mojom-shared.h:24,
                 from gen/services/network/public/mojom/network_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:36,
                 from ../../chrome/browser/browser_process_platform_part_base.h:11,
                 from ../../chrome/browser/browser_process_platform_part.h:20,
                 from ../../chrome/browser/browser_process.h:21,
                 from ./../../chrome/browser/printing/cloud_print/privet_url_fetcher.cc:22,
                 from gen/chrome/browser/browser_jumbo_23.cc:5:
gen/mojo/public/mojom/base/values.mojom-shared-internal.h:31:48: warning: alignment 1 of ?mojo_base::mojom::internal::Value_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) Value_Data {
                                                ^~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/sessions/session_restore.cc:58,
                 from gen/chrome/browser/browser_jumbo_23.cc:6:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:92:53: warning: alignment 1 of ?blink::mojom::internal::OpenResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) OpenResult_Data {
                                                     ^~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:171:53: warning: alignment 1 of ?blink::mojom::internal::MatchResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchResult_Data {
                                                     ^~~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:250:53: warning: alignment 1 of ?blink::mojom::internal::MatchAllResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchAllResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/sessions/session_restore.cc:58,
                 from gen/chrome/browser/browser_jumbo_23.cc:6:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:329:53: warning: alignment 1 of ?blink::mojom::internal::CacheKeysResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) CacheKeysResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~
In file included from gen/chrome/browser/browser_jumbo_23.cc:42:
./../../chrome/browser/supervised_user/supervised_user_url_filter.cc:76:33: warning: ?SupervisedUserURLFilter::Contents? has a field ?SupervisedUserURLFilter::Contents::hostname_hashes? whose type uses the anonymous namespace 
[-Wsubobject-linkage]
 struct SupervisedUserURLFilter::Contents {
                                 ^~~~~~~~
In file included from gen/chrome/browser/browser_jumbo_23.cc:53:
./../../chrome/browser/net/trial_comparison_cert_verifier.cc: In function ?void {anonymous}::SendTrialVerificationReport(void*, const net::CertVerifier::RequestParams&, const net::CertVerifyResult&, const net::CertVerifyResult&)?:
./../../chrome/browser/net/trial_comparison_cert_verifier.cc:85:12: warning: unused variable ?profile? [-Wunused-variable]
   Profile* profile = reinterpret_cast<Profile*>(profile_id);
            ^~~~~~~
[13589/19325] CXX obj/chrome/browser/browser/browser_jumbo_8.o
In file included from gen/mojo/public/mojom/base/string16.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/device.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared.h:24,
                 from gen/device/usb/public/mojom/chooser_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:30,
                 from ../../chrome/browser/browser_process_platform_part_base.h:11,
                 from ../../chrome/browser/browser_process_platform_part.h:20,
                 from ../../chrome/browser/browser_process.h:21,
                 from ./../../chrome/browser/page_load_metrics/observers/core_page_load_metrics_observer.cc:13,
                 from gen/chrome/browser/browser_jumbo_8.cc:8:
gen/mojo/public/mojom/base/big_buffer.mojom-shared-internal.h:30:48: warning: alignment 1 of ?mojo_base::mojom::internal::BigBuffer_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) BigBuffer_Data {
                                                ^~~~~~~~~~~~~~
In file included from gen/services/network/public/mojom/network_context.mojom-shared-internal.h:14,
                 from gen/services/network/public/mojom/network_service.mojom-shared-internal.h:13,
                 from gen/services/network/public/mojom/network_service.mojom-shared.h:24,
                 from gen/services/network/public/mojom/network_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:36,
                 from ../../chrome/browser/browser_process_platform_part_base.h:11,
                 from ../../chrome/browser/browser_process_platform_part.h:20,
                 from ../../chrome/browser/browser_process.h:21,
                 from ./../../chrome/browser/page_load_metrics/observers/core_page_load_metrics_observer.cc:13,
                 from gen/chrome/browser/browser_jumbo_8.cc:8:
gen/mojo/public/mojom/base/values.mojom-shared-internal.h:31:48: warning: alignment 1 of ?mojo_base::mojom::internal::Value_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) Value_Data {
                                                ^~~~~~~~~~
In file included from gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom-shared.h:24,
                 from gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom.h:28,
                 from ../../services/resource_coordinator/public/cpp/memory_instrumentation/coordinator.h:8,
                 from ../../services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h:12,
                 from ../../chrome/browser/page_load_metrics/observers/data_reduction_proxy_metrics_observer.h:18,
                 from ./../../chrome/browser/page_load_metrics/observers/data_reduction_proxy_metrics_observer.cc:5,
                 from gen/chrome/browser/browser_jumbo_8.cc:10:
gen/services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom-shared-internal.h:174:66: warning: alignment 1 of ?memory_instrumentation::mojom::internal::RawAllocatorDumpEntryValue_Data? is less 
than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(RESOURCE_COORDINATOR_PUBLIC_MOJOM_SHARED) RawAllocatorDumpEntryValue_Data {
                                                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/page_load_metrics/observers/data_reduction_proxy_metrics_observer.cc:30,
                 from gen/chrome/browser/browser_jumbo_8.cc:10:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:92:53: warning: alignment 1 of ?blink::mojom::internal::OpenResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) OpenResult_Data {
                                                     ^~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:171:53: warning: alignment 1 of ?blink::mojom::internal::MatchResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchResult_Data {
                                                     ^~~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:250:53: warning: alignment 1 of ?blink::mojom::internal::MatchAllResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchAllResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ./../../chrome/browser/page_load_metrics/observers/data_reduction_proxy_metrics_observer.cc:30,
                 from gen/chrome/browser/browser_jumbo_8.cc:10:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:329:53: warning: alignment 1 of ?blink::mojom::internal::CacheKeysResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) CacheKeysResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~
[13590/19325] CXX obj/chrome/browser/browser/browser_jumbo_5.o
In file included from gen/mojo/public/mojom/base/string16.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/device.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared-internal.h:12,
                 from gen/device/usb/public/mojom/chooser_service.mojom-shared.h:24,
                 from gen/device/usb/public/mojom/chooser_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:30,
                 from ../../chrome/browser/profiles/profile.h:18,
                 from ../../chrome/browser/google/google_search_domain_mixing_metrics_emitter_factory.h:11,
                 from ./../../chrome/browser/google/google_search_domain_mixing_metrics_emitter_factory.cc:5,
                 from gen/chrome/browser/browser_jumbo_5.cc:5:
gen/mojo/public/mojom/base/big_buffer.mojom-shared-internal.h:30:48: warning: alignment 1 of ?mojo_base::mojom::internal::BigBuffer_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) BigBuffer_Data {
                                                ^~~~~~~~~~~~~~
In file included from gen/services/network/public/mojom/network_context.mojom-shared-internal.h:14,
                 from gen/services/network/public/mojom/network_service.mojom-shared-internal.h:13,
                 from gen/services/network/public/mojom/network_service.mojom-shared.h:24,
                 from gen/services/network/public/mojom/network_service.mojom.h:28,
                 from ../../content/public/browser/content_browser_client.h:36,
                 from ../../chrome/browser/profiles/profile.h:18,
                 from ../../chrome/browser/google/google_search_domain_mixing_metrics_emitter_factory.h:11,
                 from ./../../chrome/browser/google/google_search_domain_mixing_metrics_emitter_factory.cc:5,
                 from gen/chrome/browser/browser_jumbo_5.cc:5:
gen/mojo/public/mojom/base/values.mojom-shared-internal.h:31:48: warning: alignment 1 of ?mojo_base::mojom::internal::Value_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJO_BASE_MOJOM_SHARED) Value_Data {
                                                ^~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ../../content/public/browser/network_quality_observer_factory.h:14,
                 from ./../../chrome/browser/io_thread.cc:60,
                 from gen/chrome/browser/browser_jumbo_5.cc:31:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:92:53: warning: alignment 1 of ?blink::mojom::internal::OpenResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) OpenResult_Data {
                                                     ^~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:171:53: warning: alignment 1 of ?blink::mojom::internal::MatchResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchResult_Data {
                                                     ^~~~~~~~~~~~~~~~
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:250:53: warning: alignment 1 of ?blink::mojom::internal::MatchAllResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) MatchAllResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom.h:28,
                 from ../../content/public/browser/render_process_host.h:25,
                 from ../../content/public/browser/network_quality_observer_factory.h:14,
                 from ./../../chrome/browser/io_thread.cc:60,
                 from gen/chrome/browser/browser_jumbo_5.cc:31:
gen/third_party/blink/public/platform/modules/cache_storage/cache_storage.mojom-shared-internal.h:329:53: warning: alignment 1 of ?blink::mojom::internal::CacheKeysResult_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) CacheKeysResult_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~
In file included from gen/third_party/blink/public/platform/modules/presentation/presentation.mojom-shared.h:24,
                 from gen/third_party/blink/public/platform/modules/presentation/presentation.mojom.h:28,
                 from ../../content/public/browser/presentation_service_delegate.h:17,
                 from ../../chrome/browser/media/router/media_router.h:26,
                 from ./../../chrome/browser/media/cast_remoting_connector.cc:16,
                 from gen/chrome/browser/browser_jumbo_5.cc:39:
gen/third_party/blink/public/platform/modules/presentation/presentation.mojom-shared-internal.h:137:53: warning: alignment 1 of ?blink::mojom::internal::PresentationConnectionMessage_Data? is less than 8 [-Wpacked-not-aligned]
 class COMPONENT_EXPORT(MOJOM_SHARED_CONTENT_EXPORT) PresentationConnectionMessage_Data {
                                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ninja: build stopped: subcommand failed.
Backtrace:
           4 (primitive-load "/gnu/store/zic2hlrw2j88fsw8b731kmrk1d5?")
In ice-9/eval.scm:
   191:35  3 (_ _)
In srfi/srfi-1.scm:
    640:9  2 (for-each #<procedure b98ee0 at /gnu/store/f95ghy8mx00?> ?)
In /gnu/store/f95ghy8mx00fc22nrvswvnpqlfdkf2nk-module-import/guix/build/gnu-build-system.scm:
   799:31  1 (_ _)
In /gnu/store/f95ghy8mx00fc22nrvswvnpqlfdkf2nk-module-import/guix/build/utils.scm:
    616:6  0 (invoke _ . _)

/gnu/store/f95ghy8mx00fc22nrvswvnpqlfdkf2nk-module-import/guix/build/utils.scm:616:6: In procedure invoke:
Throw to key `srfi-34' with args `(#<condition &invoke-error [program: "ninja" arguments: ("-C" "out/Release" "-j" "4" "chrome") exit-status: 1 term-signal: #f stop-signal: #f] d24d80>)'.
builder for `/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' failed with exit code 1
@ build-failed /gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv - 1 builder for `/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' failed with exit code 1
derivation '/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' offloaded to '192.168.1.198' failed: build of `/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' failed
@ build-failed /gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv - 1 builder for `/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' failed with exit code 100
guix build: error: build failed: build of `/gnu/store/nlxwmgqigbysmjq3j9vx1rk7kdqc74zp-chromium-68.0.3440.84.drv' failed


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 13:04                                           ` Marius Bakke
  2018-08-05 16:18                                             ` ng0
@ 2018-08-06  8:22                                             ` Oleg Pykhalov
  2018-08-30  6:04                                               ` Amirouche Boubekki
  1 sibling, 1 reply; 152+ messages in thread
From: Oleg Pykhalov @ 2018-08-06  8:22 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 89 bytes --]

Hello,

compiled successfully on 340ee00bbf91a8e0ea567d00d7ff54dd025abc05

Thanks,
Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] (no subject)
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
                   ` (4 preceding siblings ...)
  2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
@ 2018-08-29 23:31 ` Amirouche Boubekki
  2018-09-02  4:37 ` [bug#28004] Chromium FSDG requirements Mark H Weaver
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
  7 siblings, 0 replies; 152+ messages in thread
From: Amirouche Boubekki @ 2018-08-29 23:31 UTC (permalink / raw)
  To: 28004

I would like to work on the TODO items.

* There is still some data transmitted when starting the browser for the
   first time.  It seems related to the "domain_reliability" component.

* Remove remaining "Web Store" links.  Currently I've only found it in
   settings, under "accessibility" and "fonts".

Is is taken by anybody?

The build is in progress, I will report later.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-06  8:22                                             ` Oleg Pykhalov
@ 2018-08-30  6:04                                               ` Amirouche Boubekki
  0 siblings, 0 replies; 152+ messages in thread
From: Amirouche Boubekki @ 2018-08-30  6:04 UTC (permalink / raw)
  To: Oleg Pykhalov; +Cc: 28004, Guix-patches

compiled successfully on 256d5c6e339d59287284bb83f35c594f13bd08f9

I have the following messages appear:

   Gtk-Message: 07:58:25.671: Failed to load module "canberra-gtk-module"

   [3434:3434:0830/075901.665931:ERROR:sandbox_linux.cc(378)] 
InitializeSandbox() called with multiple threads in process gpu-process.

   libpng warning: iCCP: known incorrect sRGB profile

   (pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry 
existed


I tested http://hyperdev.fr/ and https://zty.pe/


If nobody is working on the remaining TODO items, I will work my way 
through it. LMK.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium
  2018-08-05 23:58                                                   ` ng0
@ 2018-08-30 13:25                                                     ` ng0
  0 siblings, 0 replies; 152+ messages in thread
From: ng0 @ 2018-08-30 13:25 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Build sucessfully on f9e140a243b6d6b5d28bd0813b69604562a39653.

Previously the lack of a swapfile was to blame - when you don't run
headless this really requires a swapfile when you have 8 GB RAM.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium FSDG requirements
  2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
                   ` (5 preceding siblings ...)
  2018-08-29 23:31 ` [bug#28004] (no subject) Amirouche Boubekki
@ 2018-09-02  4:37 ` Mark H Weaver
  2018-09-02 13:16   ` Marius Bakke
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
  7 siblings, 1 reply; 152+ messages in thread
From: Mark H Weaver @ 2018-09-02  4:37 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 28004

Hi Marius,

Does the modified version of Chromium in your draft package support
Encrypted Media Extensions (EME)?

  https://en.wikipedia.org/wiki/Encrypted_Media_Extensions

Does it refer to third-party repositories of software that are not
committed to only including free software?

Does it contain spyware?

      Thanks,
        Mark

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] Chromium FSDG requirements
  2018-09-02  4:37 ` [bug#28004] Chromium FSDG requirements Mark H Weaver
@ 2018-09-02 13:16   ` Marius Bakke
  0 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2018-09-02 13:16 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 607 bytes --]

Mark H Weaver <mhw@netris.org> writes:

> Hi Marius,
>
> Does the modified version of Chromium in your draft package support
> Encrypted Media Extensions (EME)?
>
>   https://en.wikipedia.org/wiki/Encrypted_Media_Extensions

No.  EME is called "Widevine" in Chromium lingo and I believe all
components are purged from the source.

> Does it refer to third-party repositories of software that are not
> committed to only including free software?

Yes.  It includes support for the Chromium "Web Store", although it's
not usable in the default configuration.

> Does it contain spyware?

Not to my knowledge.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [PATCH] gnu: Add ungoogled-chromium.
@ 2019-02-02 19:20 ` Marius Bakke
  2019-02-03 18:16   ` Joshua Branson
                     ` (3 more replies)
  0 siblings, 4 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-02 19:20 UTC (permalink / raw)
  To: guix-devel; +Cc: 28004

Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
is finally ready for inclusion in Guix.

Features:
* Chromium 72.
* No unsolicited network traffic.
* Free software only.
* No DRM.
* Not an April Fools joke.

It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
will be upstreamed once the upstream reorganization[1] is done.

Comments appreciated!

[0]: https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
[1]: https://github.com/Eloston/ungoogled-chromium/issues/651

* gnu/packages/aux-files/chromium/master-preferences.json,
gnu/packages/chromium.scm: New files.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
---
 gnu/local.mk                                  |   1 +
 .../chromium/master-preferences.json          |  26 +
 gnu/packages/chromium.scm                     | 741 ++++++++++++++++++
 3 files changed, 768 insertions(+)
 create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json
 create mode 100644 gnu/packages/chromium.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index 82db1488d6..b5e937cdd7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/clojure.scm			\
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..0caa7cc4cd
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+  "distribution": {
+     "import_bookmarks": false,
+     "make_chrome_default": false,
+     "make_chrome_default_for_user": false,
+     "verbose_logging": true,
+     "skip_first_run_ui": true,
+     "suppress_first_run_default_browser_prompt": true
+  },
+  "browser": {
+     "has_seen_welcome_page" : true,
+     "check_default_browser" : false
+  },
+  "dns_prefetching": {
+    "enabled": false
+  },
+  "alternate_error_pages": {
+    "enabled": false
+  },
+  "hardware": {
+    "audio_capture_enabled": false
+  },
+  "default_apps": "noinstall",
+  "hide_web_store_icon": true,
+  "homepage": "https://www.gnu.org/software/guix"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..eb404246d3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,741 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages vulkan)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+  '("base/third_party/dmg_fp" ;X11-style
+    "base/third_party/dynamic_annotations" ;BSD-2
+    "base/third_party/icu" ;Unicode, X11-style
+    "base/third_party/superfasthash" ;BSD-3
+    "base/third_party/symbolize" ;BSD-3
+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+    "base/third_party/xdg_user_dirs" ;Expat
+    "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+    "courgette/third_party/divsufsort" ;Expat
+    "net/third_party/http2" ;BSD-3
+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "net/third_party/nss" ;MPL-2.0
+    "net/third_party/quic" ;BSD-3
+    "net/third_party/spdy" ;BSD-3
+    "net/third_party/uri_template" ;ASL2.0
+    "third_party/abseil-cpp" ;ASL2.0
+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+    "third_party/angle" ;BSD-3
+    "third_party/angle/src/common/third_party/base" ;BSD-3
+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+    "third_party/angle/src/third_party/compiler" ;BSD-2
+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+    "third_party/angle/src/third_party/trace_event" ;BSD-3
+    "third_party/angle/third_party/glslang" ;BSD-3
+    "third_party/angle/third_party/spirv-headers" ;Expat
+    "third_party/angle/third_party/spirv-tools" ;Expat
+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+    "third_party/apple_apsl" ;APSL2.0
+    "third_party/blink" ;BSD-3
+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+    "third_party/boringssl/src/third_party/fiat" ;Expat
+    "third_party/breakpad" ;BSD-3
+    "third_party/brotli" ;Expat
+    "third_party/cacheinvalidation" ;ASL2.0
+    "third_party/catapult" ;BSD-3
+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+    "third_party/catapult/third_party/polymer" ;BSD-3
+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+    "third_party/catapult/tracing/third_party/pako" ;Expat
+    "third_party/ced" ;BSD-3
+    "third_party/cld_3" ;ASL2.0
+    "third_party/closure_compiler" ;ASL2.0
+    "third_party/crashpad" ;ASL2.0
+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+    "third_party/crc32c" ;BSD-3
+    "third_party/cros_system_api" ;BSD-3
+    "third_party/dom_distiller_js" ;BSD-3
+    "third_party/fips181" ;BSD-3
+    "third_party/flatbuffers" ;ASL2.0
+    "third_party/google_input_tools" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+    "third_party/googletest" ;BSD-3
+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/iccjpeg" ;IJG
+    "third_party/inspector_protocol" ;BSD-3
+    "third_party/jinja2" ;BSD-3
+    "third_party/jstemplate" ;ASL2.0
+    "third_party/khronos" ;Expat, SGI
+    "third_party/leveldatabase" ;BSD-3
+    "third_party/libXNVCtrl" ;Expat
+    "third_party/libaddressinput" ;ASL2.0
+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+    "third_party/libjingle_xmpp" ;BSD-3
+    "third_party/libphonenumber" ;ASL2.0
+    "third_party/libsecret" ;LGPL2.1+
+    "third_party/libsrtp" ;BSD-3
+    "third_party/libsync" ;ASL2.0
+    "third_party/libudev" ;LGPL2.1+
+    "third_party/libwebm" ;BSD-3
+    "third_party/libxml/chromium" ;BSD-3
+    "third_party/libyuv" ;BSD-3
+    "third_party/lss" ;BSD-3
+    "third_party/markupsafe" ;BSD-3
+    "third_party/mesa_headers" ;Expat, SGI
+    "third_party/metrics_proto" ;BSD-3
+    "third_party/modp_b64" ;BSD-3
+    "third_party/nasm" ;BSD-2
+    "third_party/node" ;Expat
+    "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+    "third_party/ots" ;BSD-3
+    "third_party/pdfium" ;BSD-3
+    "third_party/pdfium/third_party/agg23" ;Expat
+    "third_party/pdfium/third_party/base" ;BSD-3
+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
+    "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+    "third_party/ply" ;BSD-3
+    "third_party/polymer" ;BSD-3
+    "third_party/protobuf" ;BSD-3
+    "third_party/protobuf/third_party/six" ;Expat
+    "third_party/pyjson5" ;ASL2.0
+    "third_party/qcms" ;Expat
+    "third_party/rnnoise" ;BSD-3
+    "third_party/s2cellid" ;ASL2.0
+    "third_party/sfntly" ;ASL2.0
+    "third_party/skia" ;BSD-3
+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/skia/third_party/skcms" ;BSD-3
+    "third_party/skia/third_party/vulkan" ;BSD-3
+    "third_party/smhasher" ;Expat, public domain
+    "third_party/speech-dispatcher" ;GPL2+
+    "third_party/spirv-headers" ;ASL2.0
+    "third_party/SPIRV-Tools" ;ASL2.0
+    "third_party/sqlite" ;Public domain
+    "third_party/ungoogled" ;BSD-3
+    "third_party/usb_ids" ;BSD-3
+    "third_party/usrsctp" ;BSD-2
+    "third_party/web-animations-js" ;ASL2.0
+    "third_party/webdriver" ;ASL2.0
+    "third_party/webrtc" ;BSD-3
+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+    "third_party/webrtc/modules/third_party/g711" ;Public domain
+    "third_party/webrtc/modules/third_party/g722" ;Public domain
+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+    "third_party/woff2" ;ASL2.0
+    "third_party/xdg-utils" ;Expat
+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+    "third_party/zlib/google" ;BSD-3
+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+    "v8/src/third_party/utf8-decoder" ;Expat
+    "v8/src/third_party/valgrind" ;BSD-4
+    "v8/third_party/inspector_protocol" ;BSD-3
+    "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.81")
+(define %ungoogled-revision "f9b9074c322a67b04baf0982797cd7b7e09614b5")
+
+;; This is a computed origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+  (let* ((chromium-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://commondatastorage.googleapis.com"
+                                "/chromium-browser-official/chromium-"
+                                %chromium-version ".tar.xz"))
+            (sha256
+             (base32
+              "01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
+         (ungoogled-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference (url "https://github.com/mbakke/ungoogled-chromium")
+                                (commit %ungoogled-revision)))
+            (file-name (git-file-name "ungoogled-chromium"
+                                      (string-take %ungoogled-revision 7)))
+            (sha256
+             (base32
+              "0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
+
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+           #~(begin
+               (use-modules (guix build utils))
+               (let ((chromium-dir    (string-append "chromium-" #$%chromium-version))
+                     (preserved-files (list #$@%preserved-third-party-files)))
+
+                 (mkdir "/tmp/bin")
+                 (set-path-environment-variable
+                  "PATH" '("bin")
+                  (list "/tmp"
+                        #+(canonical-package patch)
+                        #+(canonical-package xz)
+                        #+(canonical-package tar)
+                        #+python-2
+                        #+python))
+
+                 (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+                 (with-directory-excursion "/tmp/ungoogled"
+
+                   (format #t "Unpacking chromium tarball...~%")
+                   (force-output)
+                   (invoke "tar" "xf" #+chromium-source)
+
+                   (format #t "Ungooglifying...~%")
+                   (force-output)
+                   (invoke "python3" "run_buildkit_cli.py" "prune"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+                           "-b" "config_bundles/linux_rooted"
+                           "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+                   (with-directory-excursion chromium-dir
+                     (format #t "Pruning third party files...~%")
+                     (force-output)
+                     (apply invoke "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" preserved-files)
+
+                     (format #t "Replacing GN files...~%")
+                     (force-output)
+                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+                             "--system-libraries" "ffmpeg" "flac" "fontconfig"
+                             "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+                             "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+                             "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+                             "zlib"))
+
+                   (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+                   (force-output)
+                   (invoke "tar" "cvfa" #$output
+                           ;; Avoid non-determinism in the archive.
+                           "--mtime=@0"
+                           "--owner=root:0"
+                           "--group=root:0"
+                           "--sort=name"
+                           chromium-dir)
+
+                   #t)))))))))
+
+(define opus+custom
+  (package/inherit opus
+    (name "opus+custom")
+    (arguments
+     (substitute-keyword-arguments (package-arguments opus)
+       ((#:configure-flags flags ''())
+        ;; Opus Custom is an optional extension of the Opus
+        ;; specification that allows for unsupported frame
+        ;; sizes.  Chromium requires that this is enabled.
+        `(cons "--enable-custom-modes"
+               ,flags))))))
+
+(define libvpx/chromium
+  ;; Chromium 66 and later requires an unreleased libvpx, so we take the
+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
+  (let ((version (package-version libvpx))
+        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
+        (revision "0"))
+    (package/inherit libvpx
+      (name "libvpx-chromium")
+      (version (git-version version revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://chromium.googlesource.com/webm/libvpx")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
+
+;; Transitional package until HarfBuzz 2.2 is available in Guix master branch.
+(define harfbuzz/chromium
+  (package/inherit harfbuzz
+    (version "2.2.0")
+    (source (origin
+              (inherit (package-source harfbuzz))
+              (uri (string-append "https://www.freedesktop.org/software/harfbuzz"
+                                  "/release/harfbuzz-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
+
+(define-public ungoogled-chromium
+  (package
+    (name "ungoogled-chromium")
+    (version %chromium-version)
+    (synopsis "Graphical web browser")
+    (source ungoogled-chromium-source)
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (srfi srfi-26))
+       #:configure-flags
+       ;; See tools/gn/docs/cookbook.md and
+       ;; https://www.chromium.org/developers/gn-build-configuration
+       ;; for usage.  Run "./gn args . --list" in the Release
+       ;; directory for an exhaustive list of supported flags.
+       ;; (Note: The 'configure' phase will do that for you.)
+       (list "is_debug=false"
+             "use_gold=false"
+             "use_lld=false"
+             "linux_use_bundled_binutils=false"
+             "use_custom_libcxx=false"
+             "use_sysroot=false"
+             "enable_precompiled_headers=false"
+             "goma_dir=\"\""
+             "enable_nacl=false"
+             "enable_nacl_nonsfi=false"
+             "use_allocator=\"none\""   ;don't use tcmalloc
+             "use_unofficial_version_number=false"
+
+             ;; Define a custom toolchain that simply looks up CC, AR and
+             ;; friends from the environment.
+             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+             ;; Don't assume it's clang.
+             "is_clang=false"
+
+             ;; Optimize for building everything at once, as opposed to
+             ;; incrementally for development.  See "docs/jumbo.md".
+             "use_jumbo_build=true"
+
+             ;; Disable type-checking for the Web UI to avoid a Java dependency.
+             "closure_compile=false"
+
+             ;; Disable debugging features to save space.
+             "blink_symbol_level=0"
+             "enable_iterator_debugging=false"
+
+             ;; Some of the unbundled libraries throws deprecation
+             ;; warnings, etc.  Ignore it.
+             "treat_warnings_as_errors=false"
+
+             ;; Don't add any API keys.  End users can set them in the
+             ;; environment if desired.  See
+             ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+             "use_official_google_api_keys=false"
+
+             ;; Disable "safe browsing", which pulls in a dependency on
+             ;; the nonfree "unrar" program (as of m66).
+             "safe_browsing_mode=0"
+
+             ;; Disable "field trials".
+             "fieldtrial_testing_like_official_build=true"
+
+             ;; Ungoogled components.
+             "enable_mdns=false"
+             "enable_one_click_signin=false"
+             "enable_reading_list=false"
+             "enable_remoting=false"
+             "enable_reporting=false"
+             "enable_service_discovery=false"
+             "enable_swiftshader=false"
+             "use_vaapi=true"
+
+             ;; Use system libraries where possible.
+             "use_system_freetype=true"
+             "use_system_harfbuzz=true"
+             "use_system_lcms2=true"
+             "use_system_libdrm=true"
+             "use_system_libjpeg=true"
+             "use_system_libpng=true"
+             ;;"use_system_libsync=true"
+             "use_system_zlib=true"
+
+             "use_gnome_keyring=false"  ;deprecated by libsecret
+             "use_openh264=true"
+             "use_pulseaudio=true"
+             "link_pulseaudio=true"
+
+             ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+             "proprietary_codecs=true"
+             "ffmpeg_branding=\"Chrome\""
+
+             ;; WebRTC stuff.
+             "rtc_use_h264=true"
+             ;; Don't use bundled sources.
+             "rtc_build_json=false"
+             "rtc_build_libevent=false"
+             "rtc_build_libvpx=false"
+             "rtc_build_opus=false"
+             "rtc_build_ssl=false"
+
+             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
+             "rtc_build_usrsctp=true"   ;TODO: package this
+             (string-append "rtc_jsoncpp_root=\""
+                            (assoc-ref %build-inputs "jsoncpp")
+                            "/include/jsoncpp/json\"")
+             (string-append "rtc_ssl_root=\""
+                            (assoc-ref %build-inputs "openssl")
+                            "/include/openssl\""))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (find-files (string-append "third_party/webrtc/modules"
+                                                  "/audio_coding/codecs/opus")))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             ;; XXX: Should be unnecessary when use_system_lcms2=true.
+             (substitute* "third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
+               (("include \"third_party/lcms/include/lcms2\\.h\"")
+                "include \"lcms2.h\""))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+
+             (substitute* "third_party/webrtc/rtc_base/strings/json.h"
+               (("#include \"third_party/jsoncpp/") "#include \"json/"))
+
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             (substitute* "ui/gfx/skia_util.h"
+               (("third_party/vulkan/include/") ""))
+
+             ;; Building chromedriver embeds some files using the ZIP
+             ;; format which doesn't support timestamps before
+             ;; 1980. Therefore, advance the timestamps of the files
+             ;; which are included so that building chromedriver
+             ;; works.
+             (let ((circa-1980 (* 10 366 24 60 60)))
+               (for-each (lambda (file)
+                           (utime file circa-1980 circa-1980))
+                         '("chrome/test/chromedriver/extension/background.js"
+                           "chrome/test/chromedriver/extension/manifest.json")))
+
+             #t))
+         (add-before 'configure 'prepare-build-environment
+           (lambda* (#:key inputs #:allow-other-keys)
+
+             ;; Make sure the right build tools are used.
+             (setenv "AR" "ar") (setenv "NM" "nm")
+             (setenv "CC" "gcc") (setenv "CXX" "g++")
+
+             ;; Work around <https://bugs.gnu.org/30756>.
+             (unsetenv "C_INCLUDE_PATH")
+             (unsetenv "CPLUS_INCLUDE_PATH")
+
+             ;; TODO: pre-compile instead. Avoids a race condition.
+             (setenv "PYTHONDONTWRITEBYTECODE" "1")
+
+             ;; XXX: How portable is this.
+             (mkdir-p "third_party/node/linux/node-linux-x64")
+             (symlink (string-append (assoc-ref inputs "node") "/bin")
+                      "third_party/node/linux/node-linux-x64/bin")
+
+             #t))
+         (replace 'configure
+           (lambda* (#:key configure-flags #:allow-other-keys)
+             (let ((args (string-join configure-flags " ")))
+               ;; Generate ninja build files.
+               (invoke "gn" "gen" "out/Release"
+                       (string-append "--args=" args))
+
+               ;; Print the full list of supported arguments as well as
+               ;; their current status for convenience.
+               (format #t "Dumping configure flags...\n")
+               (invoke "gn" "args" "out/Release" "--list"))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome"
+                     "chromedriver")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (preferences    (assoc-ref inputs "master-preferences"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (mkdir-p lib)
+               (copy-file preferences (string-append lib "/master_preferences"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 (symlink "../lib/chromium" exe)
+                 (install-file "chromedriver" bin)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("gcc" ,gcc-8)
+       ("gn" ,gn)
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ;; This file contains defaults for new user profiles.
+       ("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz/chromium)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libva" ,libva)
+       ("libvpx" ,libvpx/chromium)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openjpeg" ,openjpeg)                          ;PDFium only
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)
+       ("vulkan-headers" ,vulkan-headers)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Ungoogled-Chromium is the Chromium web browser, sans integration with
+Google web services.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl1.1
+                   license:mpl2.0
+                   license:public-domain
+                   license:isc
+                   (license:non-copyleft "chrome://credits"
+                                         "See chrome://credits for more information.")
+                   license:lgpl2.1+))))
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
@ 2019-02-03 18:16   ` Joshua Branson
  2019-02-04  4:52     ` bill-auger
  2019-02-03 20:21   ` Amin Bandali
                     ` (2 subsequent siblings)
  3 siblings, 1 reply; 152+ messages in thread
From: Joshua Branson @ 2019-02-03 18:16 UTC (permalink / raw)
  To: guix-devel

Marius Bakke <mbakke@fastmail.com> writes:

> Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
> is finally ready for inclusion in Guix.
>
> Features:
> * Chromium 72.
> * No unsolicited network traffic.
> * Free software only.
> * No DRM.
> * Not an April Fools joke.

Ahh man.  I was really hoping this was an April fools joke.  Last year
someone had packaged systemd, and this person recommended that we do
away with the Shepherd.  May I request that we do an April fools joke
once a year?

I'm sorry if this email is not professional enough.

>
> It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
> will be upstreamed once the upstream reorganization[1] is done.
>
> Comments appreciated!
>
> [0]: https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
> [1]: https://github.com/Eloston/ungoogled-chromium/issues/651
>
> * gnu/packages/aux-files/chromium/master-preferences.json,
> gnu/packages/chromium.scm: New files.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
> ---
>  gnu/local.mk                                  |   1 +
>  .../chromium/master-preferences.json          |  26 +
>  gnu/packages/chromium.scm                     | 741 ++++++++++++++++++
>  3 files changed, 768 insertions(+)
>  create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json
>  create mode 100644 gnu/packages/chromium.scm
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 82db1488d6..b5e937cdd7 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/packages/check.scm			\
>    %D%/packages/chemistry.scm			\
>    %D%/packages/chez.scm				\
> +  %D%/packages/chromium.scm			\
>    %D%/packages/ci.scm				\
>    %D%/packages/cinnamon.scm			\
>    %D%/packages/clojure.scm			\
> diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
> new file mode 100644
> index 0000000000..0caa7cc4cd
> --- /dev/null
> +++ b/gnu/packages/aux-files/chromium/master-preferences.json
> @@ -0,0 +1,26 @@
> +{
> +  "distribution": {
> +     "import_bookmarks": false,
> +     "make_chrome_default": false,
> +     "make_chrome_default_for_user": false,
> +     "verbose_logging": true,
> +     "skip_first_run_ui": true,
> +     "suppress_first_run_default_browser_prompt": true
> +  },
> +  "browser": {
> +     "has_seen_welcome_page" : true,
> +     "check_default_browser" : false
> +  },
> +  "dns_prefetching": {
> +    "enabled": false
> +  },
> +  "alternate_error_pages": {
> +    "enabled": false
> +  },
> +  "hardware": {
> +    "audio_capture_enabled": false
> +  },
> +  "default_apps": "noinstall",
> +  "hide_web_store_icon": true,
> +  "homepage": "https://www.gnu.org/software/guix"
> +}
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 0000000000..eb404246d3
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,741 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> +  #:use-module ((guix licenses) #:prefix license:)
> +  #:use-module (guix packages)
> +  #:use-module (guix gexp)
> +  #:use-module (guix store)
> +  #:use-module (guix monads)
> +  #:use-module (guix download)
> +  #:use-module (guix git-download)
> +  #:use-module (guix utils)
> +  #:use-module (guix build-system gnu)
> +  #:use-module (gnu packages)
> +  #:use-module (gnu packages assembly)
> +  #:use-module (gnu packages base)
> +  #:use-module (gnu packages bison)
> +  #:use-module (gnu packages build-tools)
> +  #:use-module (gnu packages compression)
> +  #:use-module (gnu packages cups)
> +  #:use-module (gnu packages curl)
> +  #:use-module (gnu packages fontutils)
> +  #:use-module (gnu packages gcc)
> +  #:use-module (gnu packages ghostscript)
> +  #:use-module (gnu packages gl)
> +  #:use-module (gnu packages glib)
> +  #:use-module (gnu packages gnome)
> +  #:use-module (gnu packages gnuzilla)
> +  #:use-module (gnu packages gperf)
> +  #:use-module (gnu packages gtk)
> +  #:use-module (gnu packages icu4c)
> +  #:use-module (gnu packages image)
> +  #:use-module (gnu packages libevent)
> +  #:use-module (gnu packages libffi)
> +  #:use-module (gnu packages linux)
> +  #:use-module (gnu packages kerberos)
> +  #:use-module (gnu packages ninja)
> +  #:use-module (gnu packages node)
> +  #:use-module (gnu packages pciutils)
> +  #:use-module (gnu packages pkg-config)
> +  #:use-module (gnu packages pulseaudio)
> +  #:use-module (gnu packages python)
> +  #:use-module (gnu packages python-web)
> +  #:use-module (gnu packages python-xyz)
> +  #:use-module (gnu packages regex)
> +  #:use-module (gnu packages serialization)
> +  #:use-module (gnu packages speech)
> +  #:use-module (gnu packages tls)
> +  #:use-module (gnu packages valgrind)
> +  #:use-module (gnu packages vulkan)
> +  #:use-module (gnu packages video)
> +  #:use-module (gnu packages xiph)
> +  #:use-module (gnu packages xml)
> +  #:use-module (gnu packages xdisorg)
> +  #:use-module (gnu packages xorg))
> +
> +(define %preserved-third-party-files
> +  '("base/third_party/dmg_fp" ;X11-style
> +    "base/third_party/dynamic_annotations" ;BSD-2
> +    "base/third_party/icu" ;Unicode, X11-style
> +    "base/third_party/superfasthash" ;BSD-3
> +    "base/third_party/symbolize" ;BSD-3
> +    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
> +    "base/third_party/xdg_user_dirs" ;Expat
> +    "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
> +    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
> +    "courgette/third_party/divsufsort" ;Expat
> +    "net/third_party/http2" ;BSD-3
> +    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
> +    "net/third_party/nss" ;MPL-2.0
> +    "net/third_party/quic" ;BSD-3
> +    "net/third_party/spdy" ;BSD-3
> +    "net/third_party/uri_template" ;ASL2.0
> +    "third_party/abseil-cpp" ;ASL2.0
> +    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
> +    "third_party/angle" ;BSD-3
> +    "third_party/angle/src/common/third_party/base" ;BSD-3
> +    "third_party/angle/src/common/third_party/smhasher" ;Public domain
> +    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
> +    "third_party/angle/src/third_party/compiler" ;BSD-2
> +    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
> +    "third_party/angle/src/third_party/trace_event" ;BSD-3
> +    "third_party/angle/third_party/glslang" ;BSD-3
> +    "third_party/angle/third_party/spirv-headers" ;Expat
> +    "third_party/angle/third_party/spirv-tools" ;Expat
> +    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
> +    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
> +    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
> +    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
> +    "third_party/apple_apsl" ;APSL2.0
> +    "third_party/blink" ;BSD-3
> +    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
> +    "third_party/boringssl/src/third_party/fiat" ;Expat
> +    "third_party/breakpad" ;BSD-3
> +    "third_party/brotli" ;Expat
> +    "third_party/cacheinvalidation" ;ASL2.0
> +    "third_party/catapult" ;BSD-3
> +    "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
> +    "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
> +    "third_party/catapult/third_party/polymer" ;BSD-3
> +    "third_party/catapult/tracing/third_party/d3" ;BSD-3
> +    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
> +    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
> +    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
> +    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
> +    "third_party/catapult/tracing/third_party/pako" ;Expat
> +    "third_party/ced" ;BSD-3
> +    "third_party/cld_3" ;ASL2.0
> +    "third_party/closure_compiler" ;ASL2.0
> +    "third_party/crashpad" ;ASL2.0
> +    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
> +    "third_party/crc32c" ;BSD-3
> +    "third_party/cros_system_api" ;BSD-3
> +    "third_party/dom_distiller_js" ;BSD-3
> +    "third_party/fips181" ;BSD-3
> +    "third_party/flatbuffers" ;ASL2.0
> +    "third_party/google_input_tools" ;ASL2.0
> +    "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
> +    "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
> +    "third_party/googletest" ;BSD-3
> +    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
> +    "third_party/iccjpeg" ;IJG
> +    "third_party/inspector_protocol" ;BSD-3
> +    "third_party/jinja2" ;BSD-3
> +    "third_party/jstemplate" ;ASL2.0
> +    "third_party/khronos" ;Expat, SGI
> +    "third_party/leveldatabase" ;BSD-3
> +    "third_party/libXNVCtrl" ;Expat
> +    "third_party/libaddressinput" ;ASL2.0
> +    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
> +    "third_party/libaom/source/libaom/third_party/vector" ;Expat
> +    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
> +    "third_party/libjingle_xmpp" ;BSD-3
> +    "third_party/libphonenumber" ;ASL2.0
> +    "third_party/libsecret" ;LGPL2.1+
> +    "third_party/libsrtp" ;BSD-3
> +    "third_party/libsync" ;ASL2.0
> +    "third_party/libudev" ;LGPL2.1+
> +    "third_party/libwebm" ;BSD-3
> +    "third_party/libxml/chromium" ;BSD-3
> +    "third_party/libyuv" ;BSD-3
> +    "third_party/lss" ;BSD-3
> +    "third_party/markupsafe" ;BSD-3
> +    "third_party/mesa_headers" ;Expat, SGI
> +    "third_party/metrics_proto" ;BSD-3
> +    "third_party/modp_b64" ;BSD-3
> +    "third_party/nasm" ;BSD-2
> +    "third_party/node" ;Expat
> +    "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
> +    "third_party/ots" ;BSD-3
> +    "third_party/pdfium" ;BSD-3
> +    "third_party/pdfium/third_party/agg23" ;Expat
> +    "third_party/pdfium/third_party/base" ;BSD-3
> +    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
> +    "third_party/pdfium/third_party/skia_shared" ;BSD-3
> +    "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
> +    "third_party/ply" ;BSD-3
> +    "third_party/polymer" ;BSD-3
> +    "third_party/protobuf" ;BSD-3
> +    "third_party/protobuf/third_party/six" ;Expat
> +    "third_party/pyjson5" ;ASL2.0
> +    "third_party/qcms" ;Expat
> +    "third_party/rnnoise" ;BSD-3
> +    "third_party/s2cellid" ;ASL2.0
> +    "third_party/sfntly" ;ASL2.0
> +    "third_party/skia" ;BSD-3
> +    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
> +    "third_party/skia/third_party/skcms" ;BSD-3
> +    "third_party/skia/third_party/vulkan" ;BSD-3
> +    "third_party/smhasher" ;Expat, public domain
> +    "third_party/speech-dispatcher" ;GPL2+
> +    "third_party/spirv-headers" ;ASL2.0
> +    "third_party/SPIRV-Tools" ;ASL2.0
> +    "third_party/sqlite" ;Public domain
> +    "third_party/ungoogled" ;BSD-3
> +    "third_party/usb_ids" ;BSD-3
> +    "third_party/usrsctp" ;BSD-2
> +    "third_party/web-animations-js" ;ASL2.0
> +    "third_party/webdriver" ;ASL2.0
> +    "third_party/webrtc" ;BSD-3
> +    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
> +    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
> +    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
> +    "third_party/webrtc/modules/third_party/g711" ;Public domain
> +    "third_party/webrtc/modules/third_party/g722" ;Public domain
> +    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
> +    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
> +    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
> +    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
> +    "third_party/woff2" ;ASL2.0
> +    "third_party/xdg-utils" ;Expat
> +    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
> +    "third_party/zlib/google" ;BSD-3
> +    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
> +    "v8/src/third_party/utf8-decoder" ;Expat
> +    "v8/src/third_party/valgrind" ;BSD-4
> +    "v8/third_party/inspector_protocol" ;BSD-3
> +    "v8/third_party/v8/builtins")) ;PSFL
> +
> +(define* (computed-origin-method gexp-promise hash-algo hash
> +                                 #:optional (name "source")
> +                                 #:key (system (%current-system))
> +                                 (guile (default-guile)))
> +  "Return a derivation that executes the G-expression that results
> +from forcing GEXP-PROMISE."
> +  (mlet %store-monad ((guile (package->derivation guile system)))
> +    (gexp->derivation (or name "computed-origin")
> +                      (force gexp-promise)
> +                      #:system system
> +                      #:guile-for-build guile)))
> +
> +(define %chromium-version "72.0.3626.81")
> +(define %ungoogled-revision "f9b9074c322a67b04baf0982797cd7b7e09614b5")
> +
> +;; This is a computed origin that does the following:
> +;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
> +;; 2) Prunes all third_party folders that are not explicitly preserved.
> +;; 3) Adjusts "GN" build files such that system libraries are preferred.
> +(define ungoogled-chromium-source
> +  (let* ((chromium-source
> +          (origin
> +            (method url-fetch)
> +            (uri (string-append "https://commondatastorage.googleapis.com"
> +                                "/chromium-browser-official/chromium-"
> +                                %chromium-version ".tar.xz"))
> +            (sha256
> +             (base32
> +              "01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
> +         (ungoogled-source
> +          (origin
> +            (method git-fetch)
> +            (uri (git-reference (url "https://github.com/mbakke/ungoogled-chromium")
> +                                (commit %ungoogled-revision)))
> +            (file-name (git-file-name "ungoogled-chromium"
> +                                      (string-take %ungoogled-revision 7)))
> +            (sha256
> +             (base32
> +              "0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
> +
> +    (origin
> +      (method computed-origin-method)
> +      (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
> +      (sha256 #f)
> +      (uri
> +       (delay
> +         (with-imported-modules '((guix build utils))
> +           #~(begin
> +               (use-modules (guix build utils))
> +               (let ((chromium-dir    (string-append "chromium-" #$%chromium-version))
> +                     (preserved-files (list #$@%preserved-third-party-files)))
> +
> +                 (mkdir "/tmp/bin")
> +                 (set-path-environment-variable
> +                  "PATH" '("bin")
> +                  (list "/tmp"
> +                        #+(canonical-package patch)
> +                        #+(canonical-package xz)
> +                        #+(canonical-package tar)
> +                        #+python-2
> +                        #+python))
> +
> +                 (copy-recursively #+ungoogled-source "/tmp/ungoogled")
> +
> +                 (with-directory-excursion "/tmp/ungoogled"
> +
> +                   (format #t "Unpacking chromium tarball...~%")
> +                   (force-output)
> +                   (invoke "tar" "xf" #+chromium-source)
> +
> +                   (format #t "Ungooglifying...~%")
> +                   (force-output)
> +                   (invoke "python3" "run_buildkit_cli.py" "prune"
> +                           "-b" "config_bundles/guix" chromium-dir)
> +                   (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
> +                           "-b" "config_bundles/guix" chromium-dir)
> +                   (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
> +                           "-b" "config_bundles/linux_rooted"
> +                           "-c" "/tmp/domainscache.tar.gz" chromium-dir)
> +
> +                   (with-directory-excursion chromium-dir
> +                     (format #t "Pruning third party files...~%")
> +                     (force-output)
> +                     (apply invoke "python"
> +                             "build/linux/unbundle/remove_bundled_libraries.py"
> +                             "--do-remove" preserved-files)
> +
> +                     (format #t "Replacing GN files...~%")
> +                     (force-output)
> +                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
> +                             "--system-libraries" "ffmpeg" "flac" "fontconfig"
> +                             "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
> +                             "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
> +                             "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
> +                             "zlib"))
> +
> +                   (format #t (string-append "Packing new Ungoogled tarball ...~%"))
> +                   (force-output)
> +                   (invoke "tar" "cvfa" #$output
> +                           ;; Avoid non-determinism in the archive.
> +                           "--mtime=@0"
> +                           "--owner=root:0"
> +                           "--group=root:0"
> +                           "--sort=name"
> +                           chromium-dir)
> +
> +                   #t)))))))))
> +
> +(define opus+custom
> +  (package/inherit opus
> +    (name "opus+custom")
> +    (arguments
> +     (substitute-keyword-arguments (package-arguments opus)
> +       ((#:configure-flags flags ''())
> +        ;; Opus Custom is an optional extension of the Opus
> +        ;; specification that allows for unsupported frame
> +        ;; sizes.  Chromium requires that this is enabled.
> +        `(cons "--enable-custom-modes"
> +               ,flags))))))
> +
> +(define libvpx/chromium
> +  ;; Chromium 66 and later requires an unreleased libvpx, so we take the
> +  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
> +  (let ((version (package-version libvpx))
> +        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
> +        (revision "0"))
> +    (package/inherit libvpx
> +      (name "libvpx-chromium")
> +      (version (git-version version revision commit))
> +      (source (origin
> +                (method git-fetch)
> +                (uri (git-reference
> +                      (url "https://chromium.googlesource.com/webm/libvpx")
> +                      (commit commit)))
> +                (file-name (git-file-name name version))
> +                (sha256
> +                 (base32
> +                  "0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
> +
> +;; Transitional package until HarfBuzz 2.2 is available in Guix master branch.
> +(define harfbuzz/chromium
> +  (package/inherit harfbuzz
> +    (version "2.2.0")
> +    (source (origin
> +              (inherit (package-source harfbuzz))
> +              (uri (string-append "https://www.freedesktop.org/software/harfbuzz"
> +                                  "/release/harfbuzz-" version ".tar.bz2"))
> +              (sha256
> +               (base32
> +                "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
> +
> +(define-public ungoogled-chromium
> +  (package
> +    (name "ungoogled-chromium")
> +    (version %chromium-version)
> +    (synopsis "Graphical web browser")
> +    (source ungoogled-chromium-source)
> +    (build-system gnu-build-system)
> +    (arguments
> +     `(#:tests? #f
> +       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> +       ;; it overrides the RUNPATH set by the linker.
> +       #:validate-runpath? #f
> +       #:modules ((guix build gnu-build-system)
> +                  (guix build utils)
> +                  (ice-9 ftw)
> +                  (ice-9 regex)
> +                  (srfi srfi-26))
> +       #:configure-flags
> +       ;; See tools/gn/docs/cookbook.md and
> +       ;; https://www.chromium.org/developers/gn-build-configuration
> +       ;; for usage.  Run "./gn args . --list" in the Release
> +       ;; directory for an exhaustive list of supported flags.
> +       ;; (Note: The 'configure' phase will do that for you.)
> +       (list "is_debug=false"
> +             "use_gold=false"
> +             "use_lld=false"
> +             "linux_use_bundled_binutils=false"
> +             "use_custom_libcxx=false"
> +             "use_sysroot=false"
> +             "enable_precompiled_headers=false"
> +             "goma_dir=\"\""
> +             "enable_nacl=false"
> +             "enable_nacl_nonsfi=false"
> +             "use_allocator=\"none\""   ;don't use tcmalloc
> +             "use_unofficial_version_number=false"
> +
> +             ;; Define a custom toolchain that simply looks up CC, AR and
> +             ;; friends from the environment.
> +             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
> +             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
> +
> +             ;; Don't assume it's clang.
> +             "is_clang=false"
> +
> +             ;; Optimize for building everything at once, as opposed to
> +             ;; incrementally for development.  See "docs/jumbo.md".
> +             "use_jumbo_build=true"
> +
> +             ;; Disable type-checking for the Web UI to avoid a Java dependency.
> +             "closure_compile=false"
> +
> +             ;; Disable debugging features to save space.
> +             "blink_symbol_level=0"
> +             "enable_iterator_debugging=false"
> +
> +             ;; Some of the unbundled libraries throws deprecation
> +             ;; warnings, etc.  Ignore it.
> +             "treat_warnings_as_errors=false"
> +
> +             ;; Don't add any API keys.  End users can set them in the
> +             ;; environment if desired.  See
> +             ;; <https://www.chromium.org/developers/how-tos/api-keys>.
> +             "use_official_google_api_keys=false"
> +
> +             ;; Disable "safe browsing", which pulls in a dependency on
> +             ;; the nonfree "unrar" program (as of m66).
> +             "safe_browsing_mode=0"
> +
> +             ;; Disable "field trials".
> +             "fieldtrial_testing_like_official_build=true"
> +
> +             ;; Ungoogled components.
> +             "enable_mdns=false"
> +             "enable_one_click_signin=false"
> +             "enable_reading_list=false"
> +             "enable_remoting=false"
> +             "enable_reporting=false"
> +             "enable_service_discovery=false"
> +             "enable_swiftshader=false"
> +             "use_vaapi=true"
> +
> +             ;; Use system libraries where possible.
> +             "use_system_freetype=true"
> +             "use_system_harfbuzz=true"
> +             "use_system_lcms2=true"
> +             "use_system_libdrm=true"
> +             "use_system_libjpeg=true"
> +             "use_system_libpng=true"
> +             ;;"use_system_libsync=true"
> +             "use_system_zlib=true"
> +
> +             "use_gnome_keyring=false"  ;deprecated by libsecret
> +             "use_openh264=true"
> +             "use_pulseaudio=true"
> +             "link_pulseaudio=true"
> +
> +             ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> +             "proprietary_codecs=true"
> +             "ffmpeg_branding=\"Chrome\""
> +
> +             ;; WebRTC stuff.
> +             "rtc_use_h264=true"
> +             ;; Don't use bundled sources.
> +             "rtc_build_json=false"
> +             "rtc_build_libevent=false"
> +             "rtc_build_libvpx=false"
> +             "rtc_build_opus=false"
> +             "rtc_build_ssl=false"
> +
> +             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
> +             "rtc_build_usrsctp=true"   ;TODO: package this
> +             (string-append "rtc_jsoncpp_root=\""
> +                            (assoc-ref %build-inputs "jsoncpp")
> +                            "/include/jsoncpp/json\"")
> +             (string-append "rtc_ssl_root=\""
> +                            (assoc-ref %build-inputs "openssl")
> +                            "/include/openssl\""))
> +       #:phases
> +       (modify-phases %standard-phases
> +         (add-after 'unpack 'patch-stuff
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (substitute* "printing/cups_config_helper.py"
> +               (("cups_config =.*")
> +                (string-append "cups_config = '" (assoc-ref inputs "cups")
> +                               "/bin/cups-config'\n")))
> +
> +             (substitute*
> +                 '("base/process/launch_posix.cc"
> +                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
> +                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> +                   "sandbox/linux/services/credentials.cc"
> +                   "sandbox/linux/services/namespace_utils.cc"
> +                   "sandbox/linux/services/syscall_wrappers.cc"
> +                   "sandbox/linux/syscall_broker/broker_host.cc")
> +               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> +             (for-each (lambda (file)
> +                         (substitute* file
> +                           ;; Fix opus include path.
> +                           ;; Do not substitute opus_private.h.
> +                           (("#include \"opus\\.h\"")
> +                            "#include \"opus/opus.h\"")
> +                           (("#include \"opus_custom\\.h\"")
> +                            "#include \"opus/opus_custom.h\"")
> +                           (("#include \"opus_defines\\.h\"")
> +                            "#include \"opus/opus_defines.h\"")
> +                           (("#include \"opus_multistream\\.h\"")
> +                            "#include \"opus/opus_multistream.h\"")
> +                           (("#include \"opus_types\\.h\"")
> +                            "#include \"opus/opus_types.h\"")))
> +                       (find-files (string-append "third_party/webrtc/modules"
> +                                                  "/audio_coding/codecs/opus")))
> +
> +             (substitute* "chrome/common/chrome_paths.cc"
> +               (("/usr/share/chromium/extensions")
> +                ;; TODO: Add ~/.guix-profile.
> +                "/run/current-system/profile/share/chromium/extensions"))
> +
> +             ;; XXX: Should be unnecessary when use_system_lcms2=true.
> +             (substitute* "third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
> +               (("include \"third_party/lcms/include/lcms2\\.h\"")
> +                "include \"lcms2.h\""))
> +
> +             (substitute*
> +                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> +               (("include \"third_party/curl") "include \"curl"))
> +
> +             (substitute* "third_party/webrtc/rtc_base/strings/json.h"
> +               (("#include \"third_party/jsoncpp/") "#include \"json/"))
> +
> +             (substitute* "media/base/decode_capabilities.cc"
> +               (("third_party/libvpx/source/libvpx/") ""))
> +
> +             (substitute* "ui/gfx/skia_util.h"
> +               (("third_party/vulkan/include/") ""))
> +
> +             ;; Building chromedriver embeds some files using the ZIP
> +             ;; format which doesn't support timestamps before
> +             ;; 1980. Therefore, advance the timestamps of the files
> +             ;; which are included so that building chromedriver
> +             ;; works.
> +             (let ((circa-1980 (* 10 366 24 60 60)))
> +               (for-each (lambda (file)
> +                           (utime file circa-1980 circa-1980))
> +                         '("chrome/test/chromedriver/extension/background.js"
> +                           "chrome/test/chromedriver/extension/manifest.json")))
> +
> +             #t))
> +         (add-before 'configure 'prepare-build-environment
> +           (lambda* (#:key inputs #:allow-other-keys)
> +
> +             ;; Make sure the right build tools are used.
> +             (setenv "AR" "ar") (setenv "NM" "nm")
> +             (setenv "CC" "gcc") (setenv "CXX" "g++")
> +
> +             ;; Work around <https://bugs.gnu.org/30756>.
> +             (unsetenv "C_INCLUDE_PATH")
> +             (unsetenv "CPLUS_INCLUDE_PATH")
> +
> +             ;; TODO: pre-compile instead. Avoids a race condition.
> +             (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +
> +             ;; XXX: How portable is this.
> +             (mkdir-p "third_party/node/linux/node-linux-x64")
> +             (symlink (string-append (assoc-ref inputs "node") "/bin")
> +                      "third_party/node/linux/node-linux-x64/bin")
> +
> +             #t))
> +         (replace 'configure
> +           (lambda* (#:key configure-flags #:allow-other-keys)
> +             (let ((args (string-join configure-flags " ")))
> +               ;; Generate ninja build files.
> +               (invoke "gn" "gen" "out/Release"
> +                       (string-append "--args=" args))
> +
> +               ;; Print the full list of supported arguments as well as
> +               ;; their current status for convenience.
> +               (format #t "Dumping configure flags...\n")
> +               (invoke "gn" "args" "out/Release" "--list"))))
> +         (replace 'build
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (invoke "ninja" "-C" "out/Release"
> +                     "-j" (number->string (parallel-job-count))
> +                     "chrome"
> +                     "chromedriver")))
> +         (replace 'install
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let* ((out            (assoc-ref outputs "out"))
> +                    (bin            (string-append out "/bin"))
> +                    (exe            (string-append bin "/chromium"))
> +                    (lib            (string-append out "/lib"))
> +                    (man            (string-append out "/share/man/man1"))
> +                    (applications   (string-append out "/share/applications"))
> +                    (install-regexp (make-regexp "\\.(bin|pak)$"))
> +                    (locales        (string-append lib "/locales"))
> +                    (resources      (string-append lib "/resources"))
> +                    (preferences    (assoc-ref inputs "master-preferences"))
> +                    (gtk+           (assoc-ref inputs "gtk+"))
> +                    (mesa           (assoc-ref inputs "mesa"))
> +                    (nss            (assoc-ref inputs "nss"))
> +                    (udev           (assoc-ref inputs "udev"))
> +                    (sh             (which "sh")))
> +
> +               (substitute* '("chrome/app/resources/manpage.1.in"
> +                              "chrome/installer/linux/common/desktop.template")
> +                 (("@@MENUNAME@@") "Chromium")
> +                 (("@@PACKAGE@@") "chromium")
> +                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> +
> +               (mkdir-p man)
> +               (copy-file "chrome/app/resources/manpage.1.in"
> +                          (string-append man "/chromium.1"))
> +
> +               (mkdir-p applications)
> +               (copy-file "chrome/installer/linux/common/desktop.template"
> +                          (string-append applications "/chromium.desktop"))
> +
> +               (mkdir-p lib)
> +               (copy-file preferences (string-append lib "/master_preferences"))
> +
> +               (with-directory-excursion "out/Release"
> +                 (for-each (lambda (file)
> +                             (install-file file lib))
> +                           (scandir "." (cut regexp-exec install-regexp <>)))
> +                 (copy-file "chrome" (string-append lib "/chromium"))
> +
> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> +                 ;; "out/share/icons/hicolor/$size".
> +                 (install-file
> +                  "product_logo_48.png"
> +                  (string-append out "/share/icons/48x48/chromium.png"))
> +
> +                 (copy-recursively "locales" locales)
> +                 (copy-recursively "resources" resources)
> +
> +                 (mkdir-p bin)
> +                 (symlink "../lib/chromium" exe)
> +                 (install-file "chromedriver" bin)
> +
> +                 (wrap-program exe
> +                   ;; TODO: Get these in RUNPATH.
> +                   `("LD_LIBRARY_PATH" ":" prefix
> +                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> +                                      mesa "/lib:" udev "/lib")))
> +                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
> +                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> +                 #t)))))))
> +    (native-inputs
> +     `(("bison" ,bison)
> +       ("gcc" ,gcc-8)
> +       ("gn" ,gn)
> +       ("gperf" ,gperf)
> +       ("ninja" ,ninja)
> +       ("node" ,node)
> +       ("pkg-config" ,pkg-config)
> +       ("which" ,which)
> +       ("yasm" ,yasm)
> +
> +       ;; This file contains defaults for new user profiles.
> +       ("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
> +
> +       ("python-beautifulsoup4" ,python2-beautifulsoup4)
> +       ("python-html5lib" ,python2-html5lib)
> +       ("python" ,python-2)))
> +    (inputs
> +     `(("alsa-lib" ,alsa-lib)
> +       ("atk" ,atk)
> +       ("cups" ,cups)
> +       ("curl" ,curl)
> +       ("dbus" ,dbus)
> +       ("dbus-glib" ,dbus-glib)
> +       ("expat" ,expat)
> +       ("flac" ,flac)
> +       ("ffmpeg" ,ffmpeg)
> +       ("fontconfig" ,fontconfig)
> +       ("freetype" ,freetype)
> +       ("gdk-pixbuf" ,gdk-pixbuf)
> +       ("glib" ,glib)
> +       ("gtk+" ,gtk+)
> +       ("harfbuzz" ,harfbuzz/chromium)
> +       ("icu4c" ,icu4c)
> +       ("jsoncpp" ,jsoncpp)
> +       ("lcms" ,lcms)
> +       ("libevent" ,libevent)
> +       ("libffi" ,libffi)
> +       ("libjpeg-turbo" ,libjpeg-turbo)
> +       ("libpng" ,libpng)
> +       ("libva" ,libva)
> +       ("libvpx" ,libvpx/chromium)
> +       ("libwebp" ,libwebp)
> +       ("libx11" ,libx11)
> +       ("libxcb" ,libxcb)
> +       ("libxcomposite" ,libxcomposite)
> +       ("libxcursor" ,libxcursor)
> +       ("libxdamage" ,libxdamage)
> +       ("libxext" ,libxext)
> +       ("libxfixes" ,libxfixes)
> +       ("libxi" ,libxi)
> +       ("libxml2" ,libxml2)
> +       ("libxrandr" ,libxrandr)
> +       ("libxrender" ,libxrender)
> +       ("libxscrnsaver" ,libxscrnsaver)
> +       ("libxslt" ,libxslt)
> +       ("libxtst" ,libxtst)
> +       ("mesa" ,mesa)
> +       ("minizip" ,minizip)
> +       ("mit-krb5" ,mit-krb5)
> +       ("nss" ,nss)
> +       ("openh264" ,openh264)
> +       ("openjpeg" ,openjpeg)                          ;PDFium only
> +       ("openssl" ,openssl)
> +       ("opus" ,opus+custom)
> +       ("pango" ,pango)
> +       ("pciutils" ,pciutils)
> +       ("pulseaudio" ,pulseaudio)
> +       ("re2" ,re2)
> +       ("snappy" ,snappy)
> +       ("speech-dispatcher" ,speech-dispatcher)
> +       ("udev" ,eudev)
> +       ("valgrind" ,valgrind)
> +       ("vulkan-headers" ,vulkan-headers)))
> +    (home-page "https://www.chromium.org/")
> +    (description
> +     "Ungoogled-Chromium is the Chromium web browser, sans integration with
> +Google web services.")
> +    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> +    ;; components with other licenses.  For full information, see chrome://credits.
> +    (license (list license:bsd-3
> +                   license:bsd-2
> +                   license:expat
> +                   license:asl2.0
> +                   license:mpl1.1
> +                   license:mpl2.0
> +                   license:public-domain
> +                   license:isc
> +                   (license:non-copyleft "chrome://credits"
> +                                         "See chrome://credits for more information.")
> +                   license:lgpl2.1+))))

--
Joshua Branson
Sent from Emacs and Gnus

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
  2019-02-03 18:16   ` Joshua Branson
@ 2019-02-03 20:21   ` Amin Bandali
  2019-02-05  5:22     ` swedebugia
  2019-02-12 15:58   ` [PATCH v2] " Marius Bakke
  3 siblings, 0 replies; 152+ messages in thread
From: Amin Bandali @ 2019-02-03 20:21 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel, 28004

Hello Marius,

Thanks for your work patching and packaging ungoogled-chromium!

I haven’t had a chance to have a closer look at your patch, but would
you mind elaborating on the “* Free software only.” part of your stated
feature-set and if/how it addresses licensing concerns raised previously
e.g. by bill-auger here[1] with respect to the FSDG status of Chromium,
as well as maintaining solidarity with other FSDG-complying distros?

[1]: https://lists.gnu.org/r/guix-devel/2018-09/msg00264.html

Best,
amin

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-03 18:16   ` Joshua Branson
@ 2019-02-04  4:52     ` bill-auger
  2019-02-04  5:52       ` brettg
                         ` (5 more replies)
  0 siblings, 6 replies; 152+ messages in thread
From: bill-auger @ 2019-02-04  4:52 UTC (permalink / raw)
  To: guix-devel; +Cc: 28004, gnu-linux-libre

re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html

i would like to remind readers of the guix-devel list that it was
discussed some months ago, why no FSDG distros currently distribute
chromium[1] - it appeared at that time, that most people in that
discussion were in agreement that chromium should not be included in
guix; and marius was instead hosting it in a private repo, as not to
taint the main guix repos with dubious software - has there been a
notable break-through since then?

what is the evidence for this claim that this guix package is "free
software only"? - what does "Marks beautiful computed-origin-method" do
toward that end? - if a procedure for liberating any chromium-derived
software has been discovered, this would be a marvelous accomplishment
and very good news indeed, of which people outside of the guix dev team
would also be interested to learn

if the guix team has discovered some new information or has concocted a
viable liberation recipe for chromium or any of it's offspring, then i
hope that, for the benefit of all fellow Fosstopians, someone would
present that information to the FSDG mailing list for review and
discussion - it would be extra neighborly if that happened *before*
offering this program to guix users, while fully knowing that the other
FSDG distros are still intentionally suppressing it in solidarity

again, i am totally indifferent as to whether anyone uses chromium or
not - my only interest in this is that i would like to strengthen the
FSDG by convincing FSDG distros to communicate and collaborate with each
other, and to achieve consensus about common issues such as this, that
clearly affect all distros equally; so that no one is compelled to ask
"why does guixsd endorse that popular program if other FSDG distros
reject it on principal?" - it is difficult enough to explain to users
why these programs are rejected in the first place; but at least the
way things are now, we can say that all FSDG distros are in agreement to
err on the conservative side until a satisfactory liberation procedure
is found and documented - currently, the documented liberation
procedure is: "Remove program/package. Use GNU IceCat, or
equivalent"[2] - if there is a better candidate procedure now, let us
get it onto the table for discussion

i would like to consider all FSDG distros as being part of a larger
federation, sharing the same primary goals; but we cant all be reading
all of the dev lists - let us communicate whenever applicable, in the
common venue that exists for that purpose[3] - i tried enticing the
folks on the guix team to do that previously - if there is indeed
something new to announce regarding chromium's dubious FSDG status,
please elect someone from guix to do so now - this would be very
interesting news to the readers of that list, and your effort and/or
accomplishment would be sincerely applauded - other FSDG distros would
be happy (and some quite eager) to re-instate any of these
chromium-derived packages if a consensus could be reached that any of
them could be distributed 100% freely; but if all distros are to decide
for themselves what is freely distributable and what is not, without
evidence and without discussing it with the other FSDG distros nor the
FSF, then the FSDG loses its teeth, and we all look wishy-washy and
flakey on that, the main, central FSDG concern: which programs are
freely distributable and which are not


[1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
[2]:
https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
[3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
@ 2019-02-04  5:52       ` brettg
  2019-02-04  7:46       ` Ineiev
                         ` (4 subsequent siblings)
  5 siblings, 0 replies; 152+ messages in thread
From: brettg @ 2019-02-04  5:52 UTC (permalink / raw)
  To: bill-auger; +Cc: guix-devel, 28004, Guix-devel, gnu-linux-libre

As always, I second Bill here. There is a lot of history behind the 
Chromium project that I think many of us are aware of. There, to my 
knowledge, remains to be a complete audit of the Chromium source. Such 
an audit is crucial for us to even know what is problematic and what is 
not when it comes to FSDG compliance. So, unless the ungoogled chromium 
project has done this audit successfully I remain a kind skeptic.

On 04.02.2019 05:52, bill-auger wrote:
> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn
> 
> if the guix team has discovered some new information or has concocted a
> viable liberation recipe for chromium or any of it's offspring, then i
> hope that, for the benefit of all fellow Fosstopians, someone would
> present that information to the FSDG mailing list for review and
> discussion - it would be extra neighborly if that happened *before*
> offering this program to guix users, while fully knowing that the other
> FSDG distros are still intentionally suppressing it in solidarity
> 
> again, i am totally indifferent as to whether anyone uses chromium or
> not - my only interest in this is that i would like to strengthen the
> FSDG by convincing FSDG distros to communicate and collaborate with 
> each
> other, and to achieve consensus about common issues such as this, that
> clearly affect all distros equally; so that no one is compelled to ask
> "why does guixsd endorse that popular program if other FSDG distros
> reject it on principal?" - it is difficult enough to explain to users
> why these programs are rejected in the first place; but at least the
> way things are now, we can say that all FSDG distros are in agreement 
> to
> err on the conservative side until a satisfactory liberation procedure
> is found and documented - currently, the documented liberation
> procedure is: "Remove program/package. Use GNU IceCat, or
> equivalent"[2] - if there is a better candidate procedure now, let us
> get it onto the table for discussion
> 
> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals; but we cant all be reading
> all of the dev lists - let us communicate whenever applicable, in the
> common venue that exists for that purpose[3] - i tried enticing the
> folks on the guix team to do that previously - if there is indeed
> something new to announce regarding chromium's dubious FSDG status,
> please elect someone from guix to do so now - this would be very
> interesting news to the readers of that list, and your effort and/or
> accomplishment would be sincerely applauded - other FSDG distros would
> be happy (and some quite eager) to re-instate any of these
> chromium-derived packages if a consensus could be reached that any of
> them could be distributed 100% freely; but if all distros are to decide
> for themselves what is freely distributable and what is not, without
> evidence and without discussing it with the other FSDG distros nor the
> FSF, then the FSDG loses its teeth, and we all look wishy-washy and
> flakey on that, the main, central FSDG concern: which programs are
> freely distributable and which are not
> 
> 
> [1]: 
> https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
> [2]:
> https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
> [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
  2019-02-04  5:52       ` brettg
@ 2019-02-04  7:46       ` Ineiev
  2019-02-04 10:56         ` bill-auger
  2019-02-04 12:26       ` [GNU-linux-libre] " Julie Marchant
                         ` (3 subsequent siblings)
  5 siblings, 1 reply; 152+ messages in thread
From: Ineiev @ 2019-02-04  7:46 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions; +Cc: guix-devel, 28004

[-- Attachment #1: Type: text/plain, Size: 478 bytes --]

On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:
> FSF, then the FSDG loses its teeth, and we all look wishy-washy and
> flakey on that, the main, central FSDG concern: which programs are
> freely distributable and which are not

I don't think the main FSDG concern is which programs are freely
distributable, and even which programs are free; IMHO it is,
"a free system distribution must not steer users towards obtaining
any nonfree information for practical use."

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  7:46       ` Ineiev
@ 2019-02-04 10:56         ` bill-auger
  2019-02-04 14:43           ` Jean Louis
  0 siblings, 1 reply; 152+ messages in thread
From: bill-auger @ 2019-02-04 10:56 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Mon, 4 Feb 2019 02:46:30 -0500 Ineiev wrote:
> On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:
> > the main, central FSDG concern: which programs are
> > freely distributable and which are not  
> 
> I don't think the main FSDG concern is which programs are freely
> distributable, and even which programs are free

geez, i almost erased that bit before sending it too :( - to be clear:
by "freely distributable" i totally meant "provides all five of the
four freedoms"

i will append just this - the issue here is really quite simple to
express - one (and only one) of the following statements must be true:

* the chromium software provides all of the four freedoms
* the chromium software does not provide all of the four freedoms

there is no third option

according to the FSDG, qualifying distros are free to distribute any
software that is known to provide all of the four freedoms; and must
not distribute any software that does not meet that standard - we can
all agree on this so far - yes?

therefore, both of the following statements must be true:

* IF chromium provides all of the four freedoms, then any FSDG distro
  is free to distribute it, if they so choose

* IF chromium is not known to provide all of the four freedoms, or is
  known to not provide all of the four freedoms, then none of the
  FSDG distros should choose to distribute it; and any that does,
  should have a freedom bug posted against it immediately, just as
  happened with pureos

does anyone disagree with either of those two statements?

the FSDG itself is not really the issue here - it is quite clear on
most matters - the problem is that no one knows for certain which one
of those two statements is the actual case in reality - so the key
concerns are: "who shall make that determination?", and "by which
standards?"

should software be considered to be provide all of the four freedoms
until proven otherwise? (e.g. because someone slapped an MIT on top of
it) - or should software be considered to not necessarily provide all
of the four freedoms until proven to do so?

should each distro decide for itself what qualifies as FSDG-free
software and what does not? - or would such decisions be better made by
consensus with the guidance of the FSF?

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
  2019-02-04  5:52       ` brettg
  2019-02-04  7:46       ` Ineiev
@ 2019-02-04 12:26       ` Julie Marchant
  2019-02-04 15:03         ` bill-auger
  2019-02-04 13:46       ` [bug#28004] " Leo Famulari
                         ` (2 subsequent siblings)
  5 siblings, 1 reply; 152+ messages in thread
From: Julie Marchant @ 2019-02-04 12:26 UTC (permalink / raw)
  To: guix-devel; +Cc: 28004

On 02/03/2019 11:52 PM, bill-auger wrote:
> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn
> 
> if the guix team has discovered some new information or has concocted a
> viable liberation recipe for chromium or any of it's offspring, then i
> hope that, for the benefit of all fellow Fosstopians, someone would
> present that information to the FSDG mailing list for review and
> discussion - it would be extra neighborly if that happened *before*
> offering this program to guix users, while fully knowing that the other
> FSDG distros are still intentionally suppressing it in solidarity
> 
> again, i am totally indifferent as to whether anyone uses chromium or
> not - my only interest in this is that i would like to strengthen the
> FSDG by convincing FSDG distros to communicate and collaborate with each
> other, and to achieve consensus about common issues such as this, that
> clearly affect all distros equally; so that no one is compelled to ask
> "why does guixsd endorse that popular program if other FSDG distros
> reject it on principal?" - it is difficult enough to explain to users
> why these programs are rejected in the first place; but at least the
> way things are now, we can say that all FSDG distros are in agreement to
> err on the conservative side until a satisfactory liberation procedure
> is found and documented - currently, the documented liberation
> procedure is: "Remove program/package. Use GNU IceCat, or
> equivalent"[2] - if there is a better candidate procedure now, let us
> get it onto the table for discussion
> 
> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals; but we cant all be reading
> all of the dev lists - let us communicate whenever applicable, in the
> common venue that exists for that purpose[3] - i tried enticing the
> folks on the guix team to do that previously - if there is indeed
> something new to announce regarding chromium's dubious FSDG status,
> please elect someone from guix to do so now - this would be very
> interesting news to the readers of that list, and your effort and/or
> accomplishment would be sincerely applauded - other FSDG distros would
> be happy (and some quite eager) to re-instate any of these
> chromium-derived packages if a consensus could be reached that any of
> them could be distributed 100% freely; but if all distros are to decide
> for themselves what is freely distributable and what is not, without
> evidence and without discussing it with the other FSDG distros nor the
> FSF, then the FSDG loses its teeth, and we all look wishy-washy and
> flakey on that, the main, central FSDG concern: which programs are
> freely distributable and which are not
> 
> 
> [1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
> [2]:
> https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
> [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

Sorry, I didn't notice that this thread was on multiple lists, so when I
hit "Reply List" it only went to the GNU-linux-libre list. Sending a
copy to the other lists; sorry for the messiness.

I'm not sure if I've mentioned it on the GNU-linux-libre list before,
but I have never seen any actual evidence of the current version of
Chromium containing proprietary components.

It's an unreasonable standard to demand proof that programs are libre.
That's an impossible thing to prove. If someone points out, as I have
many times, "I have looked through Chromium's code and not found a
single proprietary program," someone can simply say that they didn't
look hard enough.

That LibrePlanet page, by the way, is not evidence of Chromium
containing proprietary components. It claims such, but the only evidence
provided is a copyright file that clearly indicates a libre license, and
a bug report about not passing a license checking script, which I might
add is also not proof of any program being proprietary. Not to mention,
this is from over eight years ago. Should distro maintainers also take
the outdated recommendation to remove Project: Starfighter from that
page at face value, despite the fact that I released a completely libre
version almost four years ago? The point is, that's a wiki page
sporadically maintained by volunteers. It's a possible starting point
(though to be honest I'm not so sure it's even useful for that), but not
an indication of the GNU FSDG gold standard, so to speak.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
                         ` (2 preceding siblings ...)
  2019-02-04 12:26       ` [GNU-linux-libre] " Julie Marchant
@ 2019-02-04 13:46       ` Leo Famulari
  2019-02-04 14:47         ` bill-auger
  2019-02-04 22:34         ` [bug#28004] " Ludovic Courtès
  2019-02-09 14:04       ` Adonay Felipe Nogueira
  5 siblings, 1 reply; 152+ messages in thread
From: Leo Famulari @ 2019-02-04 13:46 UTC (permalink / raw)
  To: bill-auger; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 772 bytes --]

On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn

If you have a concrete example of a Chromium component that is not free
software please list it in a reply-all this email.

In general, if upstream developers say their software is released under
a free software license by putting the license header in the repo or in
the files, then we take them at their word.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04 10:56         ` bill-auger
@ 2019-02-04 14:43           ` Jean Louis
  0 siblings, 0 replies; 152+ messages in thread
From: Jean Louis @ 2019-02-04 14:43 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions; +Cc: guix-devel

On Mon, Feb 04, 2019 at 05:56:56AM -0500, bill-auger wrote:
> On Mon, 4 Feb 2019 02:46:30 -0500 Ineiev wrote:
> > On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:
> > > the main, central FSDG concern: which programs are
> > > freely distributable and which are not  
> > 
> > I don't think the main FSDG concern is which programs are freely
> > distributable, and even which programs are free
> 
> geez, i almost erased that bit before sending it too :( - to be clear:
> by "freely distributable" i totally meant "provides all five of the
> four freedoms"
> 
> i will append just this - the issue here is really quite simple to
> express - one (and only one) of the following statements must be true:
> 
> * the chromium software provides all of the four freedoms
> * the chromium software does not provide all of the four freedoms
> 
> there is no third option

I am not sure that issue is just that simple.

Software may have free license, but it may be made
to control users, or steer to non-free software.

I cannot know if Chromium is now full free, but I
do know, and there are references on issues, here
is one example I found:
https://tracker.pureos.net/T57

There are various issues here referenced:
https://en.wikipedia.org/wiki/Talk:Chromium_(web_browser)

In general, one can make also the free software
that is controlling user or abusing users'
privacy, or sending information to companies
worldwide.

Should such software be included in free software
distributions? I don't think so.

None of 4 freedoms is referencing "no spyware",
but the guidelines do:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

"The distro must contain no DRM, no back doors,
and no spyware."

That is just example, as so far I know, Chromium
was so much connected to Google and was sending
data there.

Jean

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04 13:46       ` [bug#28004] " Leo Famulari
@ 2019-02-04 14:47         ` bill-auger
  0 siblings, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-04 14:47 UTC (permalink / raw)
  To: 28004

On Mon, 4 Feb 2019 14:46:38 +0100 Leo wrote:
> If you have a concrete example of a Chromium component that is not
> free software please list it in a reply-all this email.

this is not a discussion list i will apologize in advance for this
length reply - i did not CC this list

if you demand evidence you need look no further than the upstream
itself - the upstream developers can not verify for themselves that
their program is freely licensed; as evidenced by the 10 year old bug
report on this issue that is still open

https://bugs.chromium.org/p/chromium/issues/detail?id=28291

the default copy permissions for every copyrighted work is "none" - in
order for that work be be set free, the author must very explicitly
label it as such, and try their very best to ensure that their formal
statement of permission follows along with any copies of it - because if
that permission is missing, or difficult to locate or to comprehend,
there is no reason to assume the work is freely distributable

i would hope that i would not need to explain that to a member of
GNU

the burden of proof is not upon the one who claims that the default
case applies, it is upon the one who claims that some special case
applies

and anyway - let me please repeat this one more time - i have no desire
to defend nor condemn this particular program - this has been
discussed ad nauseam for many years - all that i intend today is to
entice the guix developers to communicate with the other FSDG distros
and the FSF to reach a uniform consensus on the matter - rather than to
see guix choose to distribute it, while all other FSDG distros are in
agreement not to distribute it

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04 12:26       ` [GNU-linux-libre] " Julie Marchant
@ 2019-02-04 15:03         ` bill-auger
  0 siblings, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-04 15:03 UTC (permalink / raw)
  To: guix-devel

On Mon, 4 Feb 2019 07:26:59 -0500 Julie wrote:
> I have never seen any actual evidence of the current version of
> Chromium containing proprietary components.
> It's an unreasonable standard to demand proof that programs are libre.

julie, that is like saying "i dont see any evidence on that new car
that says: i do not belong to you" - would you then conclude that you
can drive it home? - i think you would prefer to see the explicit
evidence proving that you do in fact have the right to do that

the default copy permissions for every copyrighted work is "none" - in
order for that work be be set free, the author must very explicitly
label it as such, and try their very best to ensure that their formal
statement of permission follows along with any copies of it - because if
that permission is missing, or difficult to locate or to comprehend,
there is no reason to assume the work is freely distributable

the burden of proof is not upon the one who claims that the default
case applies, it is upon the one who claims that some special case
applies

i will say again though, that my main intention was not to make any
claims neither for nor against this particular program; but to entice
the guix devs to discuss it on the FSDG mailing list for the benefit
of the others who are also interested

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
@ 2019-02-04 22:34         ` Ludovic Courtès
  2019-02-04  7:46       ` Ineiev
                           ` (4 subsequent siblings)
  5 siblings, 0 replies; 152+ messages in thread
From: Ludovic Courtès @ 2019-02-04 22:34 UTC (permalink / raw)
  To: bill-auger; +Cc: guix-devel, 28004, gnu-linux-libre

Hi bill-auger,

bill-auger <bill-auger@peers.community> skribis:

> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?

It’s not entirely clear to me what the problems are, to be honest.
Marius listed specific issues that were addressed by the patches; others
then pointed out at additional issues that ungoogled-chromium fixes,
which Marius took into account; what’s left now?

I understand you’re skeptical about Chromium, but we cannot base
decisions based on vague skepticism.  If you know of issues that are
still unaddressed, please do list them.

I’d also like to stress that, if Chromium is eventually included in
Guix, we are committed to fixing it or removing it should someone later
discover that it does not comply with the FSDG (that’s the “Commitment
to Correct Mistakes” section of FSDG.)

> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals;

As you know, several of us have occasionally asked for advice on the
gnu-linux-libre list regarding concrete issues that we encountered (a
recent example was Inferno, which we ended up not adding to the distro
due to unresolved issues.)

I believe Marius and others here made a real effort in understanding and
addressing the ways in which Chromium would not comply with the FSDG.
If you’re aware of issues that are unaddressed, please share!

Thank you,
Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] [PATCH] gnu: Add ungoogled-chromium.
@ 2019-02-04 22:34         ` Ludovic Courtès
  0 siblings, 0 replies; 152+ messages in thread
From: Ludovic Courtès @ 2019-02-04 22:34 UTC (permalink / raw)
  To: bill-auger; +Cc: guix-devel, 28004, gnu-linux-libre

Hi bill-auger,

bill-auger <bill-auger@peers.community> skribis:

> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?

It’s not entirely clear to me what the problems are, to be honest.
Marius listed specific issues that were addressed by the patches; others
then pointed out at additional issues that ungoogled-chromium fixes,
which Marius took into account; what’s left now?

I understand you’re skeptical about Chromium, but we cannot base
decisions based on vague skepticism.  If you know of issues that are
still unaddressed, please do list them.

I’d also like to stress that, if Chromium is eventually included in
Guix, we are committed to fixing it or removing it should someone later
discover that it does not comply with the FSDG (that’s the “Commitment
to Correct Mistakes” section of FSDG.)

> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals;

As you know, several of us have occasionally asked for advice on the
gnu-linux-libre list regarding concrete issues that we encountered (a
recent example was Inferno, which we ended up not adding to the distro
due to unresolved issues.)

I believe Marius and others here made a real effort in understanding and
addressing the ways in which Chromium would not comply with the FSDG.
If you’re aware of issues that are unaddressed, please share!

Thank you,
Ludo’.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [bug#28004] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
@ 2019-02-05  5:22     ` swedebugia
  2019-02-03 20:21   ` Amin Bandali
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 152+ messages in thread
From: swedebugia @ 2019-02-05  5:22 UTC (permalink / raw)
  To: guix-patches, Marius Bakke, guix-devel; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 37242 bytes --]

Marius Bakke <mbakke@fastmail.com> skrev: (2 februari 2019 20:20:23 CET)
>Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
>is finally ready for inclusion in Guix.
>
>Features:
>* Chromium 72.
>* No unsolicited network traffic.
>* Free software only.
>* No DRM.
>* Not an April Fools joke.
>
>It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
>will be upstreamed once the upstream reorganization[1] is done.
>
>Comments appreciated!
>
>[0]:
>https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
>[1]: https://github.com/Eloston/ungoogled-chromium/issues/651
>
>* gnu/packages/aux-files/chromium/master-preferences.json,
>gnu/packages/chromium.scm: New files.
>* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
>---
> gnu/local.mk                                  |   1 +
> .../chromium/master-preferences.json          |  26 +
> gnu/packages/chromium.scm                     | 741 ++++++++++++++++++
> 3 files changed, 768 insertions(+)
>create mode 100644
>gnu/packages/aux-files/chromium/master-preferences.json
> create mode 100644 gnu/packages/chromium.scm
>
>diff --git a/gnu/local.mk b/gnu/local.mk
>index 82db1488d6..b5e937cdd7 100644
>--- a/gnu/local.mk
>+++ b/gnu/local.mk
>@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
>   %D%/packages/check.scm			\
>   %D%/packages/chemistry.scm			\
>   %D%/packages/chez.scm				\
>+  %D%/packages/chromium.scm			\
>   %D%/packages/ci.scm				\
>   %D%/packages/cinnamon.scm			\
>   %D%/packages/clojure.scm			\
>diff --git a/gnu/packages/aux-files/chromium/master-preferences.json
>b/gnu/packages/aux-files/chromium/master-preferences.json
>new file mode 100644
>index 0000000000..0caa7cc4cd
>--- /dev/null
>+++ b/gnu/packages/aux-files/chromium/master-preferences.json
>@@ -0,0 +1,26 @@
>+{
>+  "distribution": {
>+     "import_bookmarks": false,
>+     "make_chrome_default": false,
>+     "make_chrome_default_for_user": false,
>+     "verbose_logging": true,
>+     "skip_first_run_ui": true,
>+     "suppress_first_run_default_browser_prompt": true
>+  },
>+  "browser": {
>+     "has_seen_welcome_page" : true,
>+     "check_default_browser" : false
>+  },
>+  "dns_prefetching": {
>+    "enabled": false
>+  },
>+  "alternate_error_pages": {
>+    "enabled": false
>+  },
>+  "hardware": {
>+    "audio_capture_enabled": false
>+  },
>+  "default_apps": "noinstall",
>+  "hide_web_store_icon": true,
>+  "homepage": "https://www.gnu.org/software/guix"
>+}
>diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
>new file mode 100644
>index 0000000000..eb404246d3
>--- /dev/null
>+++ b/gnu/packages/chromium.scm
>@@ -0,0 +1,741 @@
>+;;; GNU Guix --- Functional package management for GNU
>+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
>+;;;
>+;;; GNU Guix is free software; you can redistribute it and/or modify
>it
>+;;; under the terms of the GNU General Public License as published by
>+;;; the Free Software Foundation; either version 3 of the License, or
>(at
>+;;; your option) any later version.
>+;;;
>+;;; GNU Guix is distributed in the hope that it will be useful, but
>+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
>+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+;;; GNU General Public License for more details.
>+;;;
>+;;; You should have received a copy of the GNU General Public License
>+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
>+
>+(define-module (gnu packages chromium)
>+  #:use-module ((guix licenses) #:prefix license:)
>+  #:use-module (guix packages)
>+  #:use-module (guix gexp)
>+  #:use-module (guix store)
>+  #:use-module (guix monads)
>+  #:use-module (guix download)
>+  #:use-module (guix git-download)
>+  #:use-module (guix utils)
>+  #:use-module (guix build-system gnu)
>+  #:use-module (gnu packages)
>+  #:use-module (gnu packages assembly)
>+  #:use-module (gnu packages base)
>+  #:use-module (gnu packages bison)
>+  #:use-module (gnu packages build-tools)
>+  #:use-module (gnu packages compression)
>+  #:use-module (gnu packages cups)
>+  #:use-module (gnu packages curl)
>+  #:use-module (gnu packages fontutils)
>+  #:use-module (gnu packages gcc)
>+  #:use-module (gnu packages ghostscript)
>+  #:use-module (gnu packages gl)
>+  #:use-module (gnu packages glib)
>+  #:use-module (gnu packages gnome)
>+  #:use-module (gnu packages gnuzilla)
>+  #:use-module (gnu packages gperf)
>+  #:use-module (gnu packages gtk)
>+  #:use-module (gnu packages icu4c)
>+  #:use-module (gnu packages image)
>+  #:use-module (gnu packages libevent)
>+  #:use-module (gnu packages libffi)
>+  #:use-module (gnu packages linux)
>+  #:use-module (gnu packages kerberos)
>+  #:use-module (gnu packages ninja)
>+  #:use-module (gnu packages node)
>+  #:use-module (gnu packages pciutils)
>+  #:use-module (gnu packages pkg-config)
>+  #:use-module (gnu packages pulseaudio)
>+  #:use-module (gnu packages python)
>+  #:use-module (gnu packages python-web)
>+  #:use-module (gnu packages python-xyz)
>+  #:use-module (gnu packages regex)
>+  #:use-module (gnu packages serialization)
>+  #:use-module (gnu packages speech)
>+  #:use-module (gnu packages tls)
>+  #:use-module (gnu packages valgrind)
>+  #:use-module (gnu packages vulkan)
>+  #:use-module (gnu packages video)
>+  #:use-module (gnu packages xiph)
>+  #:use-module (gnu packages xml)
>+  #:use-module (gnu packages xdisorg)
>+  #:use-module (gnu packages xorg))
>+
>+(define %preserved-third-party-files
>+  '("base/third_party/dmg_fp" ;X11-style
>+    "base/third_party/dynamic_annotations" ;BSD-2
>+    "base/third_party/icu" ;Unicode, X11-style
>+    "base/third_party/superfasthash" ;BSD-3
>+    "base/third_party/symbolize" ;BSD-3
>+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
>+    "base/third_party/xdg_user_dirs" ;Expat
>+    "chrome/third_party/mozilla_security_manager"
>;MPL-1.1/GPL2+/LGPL2.1+
>+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
>+    "courgette/third_party/divsufsort" ;Expat
>+    "net/third_party/http2" ;BSD-3
>+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
>+    "net/third_party/nss" ;MPL-2.0
>+    "net/third_party/quic" ;BSD-3
>+    "net/third_party/spdy" ;BSD-3
>+    "net/third_party/uri_template" ;ASL2.0
>+    "third_party/abseil-cpp" ;ASL2.0
>+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
>+    "third_party/angle" ;BSD-3
>+    "third_party/angle/src/common/third_party/base" ;BSD-3
>+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
>+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
>+    "third_party/angle/src/third_party/compiler" ;BSD-2
>+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
>+    "third_party/angle/src/third_party/trace_event" ;BSD-3
>+    "third_party/angle/third_party/glslang" ;BSD-3
>+    "third_party/angle/third_party/spirv-headers" ;Expat
>+    "third_party/angle/third_party/spirv-tools" ;Expat
>+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
>+    "third_party/apple_apsl" ;APSL2.0
>+    "third_party/blink" ;BSD-3
>+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
>+    "third_party/boringssl/src/third_party/fiat" ;Expat
>+    "third_party/breakpad" ;BSD-3
>+    "third_party/brotli" ;Expat
>+    "third_party/cacheinvalidation" ;ASL2.0
>+    "third_party/catapult" ;BSD-3
>+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
>;ASL2.0
>+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
>;ASL2.0
>+    "third_party/catapult/third_party/polymer" ;BSD-3
>+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
>+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
>+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
>+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
>+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
>+    "third_party/catapult/tracing/third_party/pako" ;Expat
>+    "third_party/ced" ;BSD-3
>+    "third_party/cld_3" ;ASL2.0
>+    "third_party/closure_compiler" ;ASL2.0
>+    "third_party/crashpad" ;ASL2.0
>+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h"
>;Zlib
>+    "third_party/crc32c" ;BSD-3
>+    "third_party/cros_system_api" ;BSD-3
>+    "third_party/dom_distiller_js" ;BSD-3
>+    "third_party/fips181" ;BSD-3
>+    "third_party/flatbuffers" ;ASL2.0
>+    "third_party/google_input_tools" ;ASL2.0
>+    "third_party/google_input_tools/third_party/closure_library"
>;ASL2.0
>+   
>"third_party/google_input_tools/third_party/closure_library/third_party/closure"
>;Expat
>+    "third_party/googletest" ;BSD-3
>+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/iccjpeg" ;IJG
>+    "third_party/inspector_protocol" ;BSD-3
>+    "third_party/jinja2" ;BSD-3
>+    "third_party/jstemplate" ;ASL2.0
>+    "third_party/khronos" ;Expat, SGI
>+    "third_party/leveldatabase" ;BSD-3
>+    "third_party/libXNVCtrl" ;Expat
>+    "third_party/libaddressinput" ;ASL2.0
>+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent
>License 1.0"
>+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
>+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
>+    "third_party/libjingle_xmpp" ;BSD-3
>+    "third_party/libphonenumber" ;ASL2.0
>+    "third_party/libsecret" ;LGPL2.1+
>+    "third_party/libsrtp" ;BSD-3
>+    "third_party/libsync" ;ASL2.0
>+    "third_party/libudev" ;LGPL2.1+
>+    "third_party/libwebm" ;BSD-3
>+    "third_party/libxml/chromium" ;BSD-3
>+    "third_party/libyuv" ;BSD-3
>+    "third_party/lss" ;BSD-3
>+    "third_party/markupsafe" ;BSD-3
>+    "third_party/mesa_headers" ;Expat, SGI
>+    "third_party/metrics_proto" ;BSD-3
>+    "third_party/modp_b64" ;BSD-3
>+    "third_party/nasm" ;BSD-2
>+    "third_party/node" ;Expat
>+   
>"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
>;BSD-2
>+    "third_party/ots" ;BSD-3
>+    "third_party/pdfium" ;BSD-3
>+    "third_party/pdfium/third_party/agg23" ;Expat
>+    "third_party/pdfium/third_party/base" ;BSD-3
>+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
>+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
>+    "third_party/pdfium/third_party/freetype/include/pstables.h"
>;FreeType
>+    "third_party/ply" ;BSD-3
>+    "third_party/polymer" ;BSD-3
>+    "third_party/protobuf" ;BSD-3
>+    "third_party/protobuf/third_party/six" ;Expat
>+    "third_party/pyjson5" ;ASL2.0
>+    "third_party/qcms" ;Expat
>+    "third_party/rnnoise" ;BSD-3
>+    "third_party/s2cellid" ;ASL2.0
>+    "third_party/sfntly" ;ASL2.0
>+    "third_party/skia" ;BSD-3
>+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/skia/third_party/skcms" ;BSD-3
>+    "third_party/skia/third_party/vulkan" ;BSD-3
>+    "third_party/smhasher" ;Expat, public domain
>+    "third_party/speech-dispatcher" ;GPL2+
>+    "third_party/spirv-headers" ;ASL2.0
>+    "third_party/SPIRV-Tools" ;ASL2.0
>+    "third_party/sqlite" ;Public domain
>+    "third_party/ungoogled" ;BSD-3
>+    "third_party/usb_ids" ;BSD-3
>+    "third_party/usrsctp" ;BSD-2
>+    "third_party/web-animations-js" ;ASL2.0
>+    "third_party/webdriver" ;ASL2.0
>+    "third_party/webrtc" ;BSD-3
>+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
>+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor"
>;Public domain
>+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
>+    "third_party/webrtc/modules/third_party/g711" ;Public domain
>+    "third_party/webrtc/modules/third_party/g722" ;Public domain
>+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
>+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
>+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
>+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
>+    "third_party/woff2" ;ASL2.0
>+    "third_party/xdg-utils" ;Expat
>+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
>+    "third_party/zlib/google" ;BSD-3
>+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
>+    "v8/src/third_party/utf8-decoder" ;Expat
>+    "v8/src/third_party/valgrind" ;BSD-4
>+    "v8/third_party/inspector_protocol" ;BSD-3
>+    "v8/third_party/v8/builtins")) ;PSFL
>+
>+(define* (computed-origin-method gexp-promise hash-algo hash
>+                                 #:optional (name "source")
>+                                 #:key (system (%current-system))
>+                                 (guile (default-guile)))
>+  "Return a derivation that executes the G-expression that results
>+from forcing GEXP-PROMISE."
>+  (mlet %store-monad ((guile (package->derivation guile system)))
>+    (gexp->derivation (or name "computed-origin")
>+                      (force gexp-promise)
>+                      #:system system
>+                      #:guile-for-build guile)))
>+
>+(define %chromium-version "72.0.3626.81")
>+(define %ungoogled-revision
>"f9b9074c322a67b04baf0982797cd7b7e09614b5")
>+
>+;; This is a computed origin that does the following:
>+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
>+;; 2) Prunes all third_party folders that are not explicitly
>preserved.
>+;; 3) Adjusts "GN" build files such that system libraries are
>preferred.
>+(define ungoogled-chromium-source
>+  (let* ((chromium-source
>+          (origin
>+            (method url-fetch)
>+            (uri (string-append
>"https://commondatastorage.googleapis.com"
>+                                "/chromium-browser-official/chromium-"
>+                                %chromium-version ".tar.xz"))
>+            (sha256
>+             (base32
>+             
>"01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
>+         (ungoogled-source
>+          (origin
>+            (method git-fetch)
>+            (uri (git-reference (url
>"https://github.com/mbakke/ungoogled-chromium")
>+                                (commit %ungoogled-revision)))
>+            (file-name (git-file-name "ungoogled-chromium"
>+                                      (string-take %ungoogled-revision
>7)))
>+            (sha256
>+             (base32
>+             
>"0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
>+
>+    (origin
>+      (method computed-origin-method)
>+      (file-name (string-append "ungoogled-chromium-"
>%chromium-version ".tar.xz"))
>+      (sha256 #f)
>+      (uri
>+       (delay
>+         (with-imported-modules '((guix build utils))
>+           #~(begin
>+               (use-modules (guix build utils))
>+               (let ((chromium-dir    (string-append "chromium-"
>#$%chromium-version))
>+                     (preserved-files (list
>#$@%preserved-third-party-files)))
>+
>+                 (mkdir "/tmp/bin")
>+                 (set-path-environment-variable
>+                  "PATH" '("bin")
>+                  (list "/tmp"
>+                        #+(canonical-package patch)
>+                        #+(canonical-package xz)
>+                        #+(canonical-package tar)
>+                        #+python-2
>+                        #+python))
>+
>+                 (copy-recursively #+ungoogled-source
>"/tmp/ungoogled")
>+
>+                 (with-directory-excursion "/tmp/ungoogled"
>+
>+                   (format #t "Unpacking chromium tarball...~%")
>+                   (force-output)
>+                   (invoke "tar" "xf" #+chromium-source)
>+
>+                   (format #t "Ungooglifying...~%")
>+                   (force-output)
>+                   (invoke "python3" "run_buildkit_cli.py" "prune"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "patches"
>"apply"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "domains"
>"apply"
>+                           "-b" "config_bundles/linux_rooted"
>+                           "-c" "/tmp/domainscache.tar.gz"
>chromium-dir)
>+
>+                   (with-directory-excursion chromium-dir
>+                     (format #t "Pruning third party files...~%")
>+                     (force-output)
>+                     (apply invoke "python"
>+                            
>"build/linux/unbundle/remove_bundled_libraries.py"
>+                             "--do-remove" preserved-files)
>+
>+                     (format #t "Replacing GN files...~%")
>+                     (force-output)
>+                     (invoke "python3"
>"build/linux/unbundle/replace_gn_files.py"
>+                             "--system-libraries" "ffmpeg" "flac"
>"fontconfig"
>+                             "freetype" "harfbuzz-ng" "icu" "libdrm"
>"libevent"
>+                             "libjpeg" "libpng" "libvpx" "libwebp"
>"libxml"
>+                             "libxslt" "openh264" "opus" "re2"
>"snappy" "yasm"
>+                             "zlib"))
>+
>+                   (format #t (string-append "Packing new Ungoogled
>tarball ...~%"))
>+                   (force-output)
>+                   (invoke "tar" "cvfa" #$output
>+                           ;; Avoid non-determinism in the archive.
>+                           "--mtime=@0"
>+                           "--owner=root:0"
>+                           "--group=root:0"
>+                           "--sort=name"
>+                           chromium-dir)
>+
>+                   #t)))))))))
>+
>+(define opus+custom
>+  (package/inherit opus
>+    (name "opus+custom")
>+    (arguments
>+     (substitute-keyword-arguments (package-arguments opus)
>+       ((#:configure-flags flags ''())
>+        ;; Opus Custom is an optional extension of the Opus
>+        ;; specification that allows for unsupported frame
>+        ;; sizes.  Chromium requires that this is enabled.
>+        `(cons "--enable-custom-modes"
>+               ,flags))))))
>+
>+(define libvpx/chromium
>+  ;; Chromium 66 and later requires an unreleased libvpx, so we take
>the
>+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
>+  (let ((version (package-version libvpx))
>+        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
>+        (revision "0"))
>+    (package/inherit libvpx
>+      (name "libvpx-chromium")
>+      (version (git-version version revision commit))
>+      (source (origin
>+                (method git-fetch)
>+                (uri (git-reference
>+                      (url
>"https://chromium.googlesource.com/webm/libvpx")
>+                      (commit commit)))
>+                (file-name (git-file-name name version))
>+                (sha256
>+                 (base32
>+                 
>"0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
>+
>+;; Transitional package until HarfBuzz 2.2 is available in Guix master
>branch.
>+(define harfbuzz/chromium
>+  (package/inherit harfbuzz
>+    (version "2.2.0")
>+    (source (origin
>+              (inherit (package-source harfbuzz))
>+              (uri (string-append
>"https://www.freedesktop.org/software/harfbuzz"
>+                                  "/release/harfbuzz-" version
>".tar.bz2"))
>+              (sha256
>+               (base32
>+               
>"047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
>+
>+(define-public ungoogled-chromium
>+  (package
>+    (name "ungoogled-chromium")
>+    (version %chromium-version)
>+    (synopsis "Graphical web browser")
>+    (source ungoogled-chromium-source)
>+    (build-system gnu-build-system)
>+    (arguments
>+     `(#:tests? #f
>+       ;; FIXME: There is a "gn" option specifically for setting
>-rpath, but
>+       ;; it overrides the RUNPATH set by the linker.
>+       #:validate-runpath? #f
>+       #:modules ((guix build gnu-build-system)
>+                  (guix build utils)
>+                  (ice-9 ftw)
>+                  (ice-9 regex)
>+                  (srfi srfi-26))
>+       #:configure-flags
>+       ;; See tools/gn/docs/cookbook.md and
>+       ;; https://www.chromium.org/developers/gn-build-configuration
>+       ;; for usage.  Run "./gn args . --list" in the Release
>+       ;; directory for an exhaustive list of supported flags.
>+       ;; (Note: The 'configure' phase will do that for you.)
>+       (list "is_debug=false"
>+             "use_gold=false"
>+             "use_lld=false"
>+             "linux_use_bundled_binutils=false"
>+             "use_custom_libcxx=false"
>+             "use_sysroot=false"
>+             "enable_precompiled_headers=false"
>+             "goma_dir=\"\""
>+             "enable_nacl=false"
>+             "enable_nacl_nonsfi=false"
>+             "use_allocator=\"none\""   ;don't use tcmalloc
>+             "use_unofficial_version_number=false"
>+
>+             ;; Define a custom toolchain that simply looks up CC, AR
>and
>+             ;; friends from the environment.
>+            
>"custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+            
>"host_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+
>+             ;; Don't assume it's clang.
>+             "is_clang=false"
>+
>+             ;; Optimize for building everything at once, as opposed
>to
>+             ;; incrementally for development.  See "docs/jumbo.md".
>+             "use_jumbo_build=true"
>+
>+             ;; Disable type-checking for the Web UI to avoid a Java
>dependency.
>+             "closure_compile=false"
>+
>+             ;; Disable debugging features to save space.
>+             "blink_symbol_level=0"
>+             "enable_iterator_debugging=false"
>+
>+             ;; Some of the unbundled libraries throws deprecation
>+             ;; warnings, etc.  Ignore it.
>+             "treat_warnings_as_errors=false"
>+
>+             ;; Don't add any API keys.  End users can set them in the
>+             ;; environment if desired.  See
>+             ;;
><https://www.chromium.org/developers/how-tos/api-keys>.
>+             "use_official_google_api_keys=false"
>+
>+             ;; Disable "safe browsing", which pulls in a dependency
>on
>+             ;; the nonfree "unrar" program (as of m66).
>+             "safe_browsing_mode=0"
>+
>+             ;; Disable "field trials".
>+             "fieldtrial_testing_like_official_build=true"
>+
>+             ;; Ungoogled components.
>+             "enable_mdns=false"
>+             "enable_one_click_signin=false"
>+             "enable_reading_list=false"
>+             "enable_remoting=false"
>+             "enable_reporting=false"
>+             "enable_service_discovery=false"
>+             "enable_swiftshader=false"
>+             "use_vaapi=true"
>+
>+             ;; Use system libraries where possible.
>+             "use_system_freetype=true"
>+             "use_system_harfbuzz=true"
>+             "use_system_lcms2=true"
>+             "use_system_libdrm=true"
>+             "use_system_libjpeg=true"
>+             "use_system_libpng=true"
>+             ;;"use_system_libsync=true"
>+             "use_system_zlib=true"
>+
>+             "use_gnome_keyring=false"  ;deprecated by libsecret
>+             "use_openh264=true"
>+             "use_pulseaudio=true"
>+             "link_pulseaudio=true"
>+
>+             ;; Don't arbitrarily restrict formats supported by system
>ffmpeg.
>+             "proprietary_codecs=true"
>+             "ffmpeg_branding=\"Chrome\""
>+
>+             ;; WebRTC stuff.
>+             "rtc_use_h264=true"
>+             ;; Don't use bundled sources.
>+             "rtc_build_json=false"
>+             "rtc_build_libevent=false"
>+             "rtc_build_libvpx=false"
>+             "rtc_build_opus=false"
>+             "rtc_build_ssl=false"
>+
>+             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
>+             "rtc_build_usrsctp=true"   ;TODO: package this
>+             (string-append "rtc_jsoncpp_root=\""
>+                            (assoc-ref %build-inputs "jsoncpp")
>+                            "/include/jsoncpp/json\"")
>+             (string-append "rtc_ssl_root=\""
>+                            (assoc-ref %build-inputs "openssl")
>+                            "/include/openssl\""))
>+       #:phases
>+       (modify-phases %standard-phases
>+         (add-after 'unpack 'patch-stuff
>+           (lambda* (#:key inputs #:allow-other-keys)
>+             (substitute* "printing/cups_config_helper.py"
>+               (("cups_config =.*")
>+                (string-append "cups_config = '" (assoc-ref inputs
>"cups")
>+                               "/bin/cups-config'\n")))
>+
>+             (substitute*
>+                 '("base/process/launch_posix.cc"
>+                  
>"base/third_party/dynamic_annotations/dynamic_annotations.c"
>+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
>+                   "sandbox/linux/services/credentials.cc"
>+                   "sandbox/linux/services/namespace_utils.cc"
>+                   "sandbox/linux/services/syscall_wrappers.cc"
>+                   "sandbox/linux/syscall_broker/broker_host.cc")
>+               (("include \"base/third_party/valgrind/") "include
>\"valgrind/"))
>+
>+             (for-each (lambda (file)
>+                         (substitute* file
>+                           ;; Fix opus include path.
>+                           ;; Do not substitute opus_private.h.
>+                           (("#include \"opus\\.h\"")
>+                            "#include \"opus/opus.h\"")
>+                           (("#include \"opus_custom\\.h\"")
>+                            "#include \"opus/opus_custom.h\"")
>+                           (("#include \"opus_defines\\.h\"")
>+                            "#include \"opus/opus_defines.h\"")
>+                           (("#include \"opus_multistream\\.h\"")
>+                            "#include \"opus/opus_multistream.h\"")
>+                           (("#include \"opus_types\\.h\"")
>+                            "#include \"opus/opus_types.h\"")))
>+                       (find-files (string-append
>"third_party/webrtc/modules"
>+                                                 
>"/audio_coding/codecs/opus")))
>+
>+             (substitute* "chrome/common/chrome_paths.cc"
>+               (("/usr/share/chromium/extensions")
>+                ;; TODO: Add ~/.guix-profile.
>+               
>"/run/current-system/profile/share/chromium/extensions"))
>+
>+             ;; XXX: Should be unnecessary when use_system_lcms2=true.
>+             (substitute*
>"third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
>+               (("include \"third_party/lcms/include/lcms2\\.h\"")
>+                "include \"lcms2.h\""))
>+
>+             (substitute*
>+                
>"third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
>+               (("include \"third_party/curl") "include \"curl"))
>+
>+             (substitute* "third_party/webrtc/rtc_base/strings/json.h"
>+               (("#include \"third_party/jsoncpp/") "#include
>\"json/"))
>+
>+             (substitute* "media/base/decode_capabilities.cc"
>+               (("third_party/libvpx/source/libvpx/") ""))
>+
>+             (substitute* "ui/gfx/skia_util.h"
>+               (("third_party/vulkan/include/") ""))
>+
>+             ;; Building chromedriver embeds some files using the ZIP
>+             ;; format which doesn't support timestamps before
>+             ;; 1980. Therefore, advance the timestamps of the files
>+             ;; which are included so that building chromedriver
>+             ;; works.
>+             (let ((circa-1980 (* 10 366 24 60 60)))
>+               (for-each (lambda (file)
>+                           (utime file circa-1980 circa-1980))
>+                        
>'("chrome/test/chromedriver/extension/background.js"
>+                          
>"chrome/test/chromedriver/extension/manifest.json")))
>+
>+             #t))
>+         (add-before 'configure 'prepare-build-environment
>+           (lambda* (#:key inputs #:allow-other-keys)
>+
>+             ;; Make sure the right build tools are used.
>+             (setenv "AR" "ar") (setenv "NM" "nm")
>+             (setenv "CC" "gcc") (setenv "CXX" "g++")
>+
>+             ;; Work around <https://bugs.gnu.org/30756>.
>+             (unsetenv "C_INCLUDE_PATH")
>+             (unsetenv "CPLUS_INCLUDE_PATH")
>+
>+             ;; TODO: pre-compile instead. Avoids a race condition.
>+             (setenv "PYTHONDONTWRITEBYTECODE" "1")
>+
>+             ;; XXX: How portable is this.
>+             (mkdir-p "third_party/node/linux/node-linux-x64")
>+             (symlink (string-append (assoc-ref inputs "node") "/bin")
>+                      "third_party/node/linux/node-linux-x64/bin")
>+
>+             #t))
>+         (replace 'configure
>+           (lambda* (#:key configure-flags #:allow-other-keys)
>+             (let ((args (string-join configure-flags " ")))
>+               ;; Generate ninja build files.
>+               (invoke "gn" "gen" "out/Release"
>+                       (string-append "--args=" args))
>+
>+               ;; Print the full list of supported arguments as well
>as
>+               ;; their current status for convenience.
>+               (format #t "Dumping configure flags...\n")
>+               (invoke "gn" "args" "out/Release" "--list"))))
>+         (replace 'build
>+           (lambda* (#:key outputs #:allow-other-keys)
>+             (invoke "ninja" "-C" "out/Release"
>+                     "-j" (number->string (parallel-job-count))
>+                     "chrome"
>+                     "chromedriver")))
>+         (replace 'install
>+           (lambda* (#:key inputs outputs #:allow-other-keys)
>+             (let* ((out            (assoc-ref outputs "out"))
>+                    (bin            (string-append out "/bin"))
>+                    (exe            (string-append bin "/chromium"))
>+                    (lib            (string-append out "/lib"))
>+                    (man            (string-append out
>"/share/man/man1"))
>+                    (applications   (string-append out
>"/share/applications"))
>+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
>+                    (locales        (string-append lib "/locales"))
>+                    (resources      (string-append lib "/resources"))
>+                    (preferences    (assoc-ref inputs
>"master-preferences"))
>+                    (gtk+           (assoc-ref inputs "gtk+"))
>+                    (mesa           (assoc-ref inputs "mesa"))
>+                    (nss            (assoc-ref inputs "nss"))
>+                    (udev           (assoc-ref inputs "udev"))
>+                    (sh             (which "sh")))
>+
>+               (substitute* '("chrome/app/resources/manpage.1.in"
>+                             
>"chrome/installer/linux/common/desktop.template")
>+                 (("@@MENUNAME@@") "Chromium")
>+                 (("@@PACKAGE@@") "chromium")
>+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
>+
>+               (mkdir-p man)
>+               (copy-file "chrome/app/resources/manpage.1.in"
>+                          (string-append man "/chromium.1"))
>+
>+               (mkdir-p applications)
>+               (copy-file
>"chrome/installer/linux/common/desktop.template"
>+                          (string-append applications
>"/chromium.desktop"))
>+
>+               (mkdir-p lib)
>+               (copy-file preferences (string-append lib
>"/master_preferences"))
>+
>+               (with-directory-excursion "out/Release"
>+                 (for-each (lambda (file)
>+                             (install-file file lib))
>+                           (scandir "." (cut regexp-exec
>install-regexp <>)))
>+                 (copy-file "chrome" (string-append lib "/chromium"))
>+
>+                 ;; TODO: Install icons from "../../chrome/app/themes"
>into
>+                 ;; "out/share/icons/hicolor/$size".
>+                 (install-file
>+                  "product_logo_48.png"
>+                  (string-append out
>"/share/icons/48x48/chromium.png"))
>+
>+                 (copy-recursively "locales" locales)
>+                 (copy-recursively "resources" resources)
>+
>+                 (mkdir-p bin)
>+                 (symlink "../lib/chromium" exe)
>+                 (install-file "chromedriver" bin)
>+
>+                 (wrap-program exe
>+                   ;; TODO: Get these in RUNPATH.
>+                   `("LD_LIBRARY_PATH" ":" prefix
>+                     (,(string-append lib ":" nss "/lib/nss:" gtk+
>"/lib:"
>+                                      mesa "/lib:" udev "/lib")))
>+                   ;; Avoid file manager crash.  See
><https://bugs.gnu.org/26593>.
>+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+
>"/share"))))
>+                 #t)))))))
>+    (native-inputs
>+     `(("bison" ,bison)
>+       ("gcc" ,gcc-8)
>+       ("gn" ,gn)
>+       ("gperf" ,gperf)
>+       ("ninja" ,ninja)
>+       ("node" ,node)
>+       ("pkg-config" ,pkg-config)
>+       ("which" ,which)
>+       ("yasm" ,yasm)
>+
>+       ;; This file contains defaults for new user profiles.
>+       ("master-preferences" ,(local-file
>"aux-files/chromium/master-preferences.json"))
>+
>+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
>+       ("python-html5lib" ,python2-html5lib)
>+       ("python" ,python-2)))
>+    (inputs
>+     `(("alsa-lib" ,alsa-lib)
>+       ("atk" ,atk)
>+       ("cups" ,cups)
>+       ("curl" ,curl)
>+       ("dbus" ,dbus)
>+       ("dbus-glib" ,dbus-glib)
>+       ("expat" ,expat)
>+       ("flac" ,flac)
>+       ("ffmpeg" ,ffmpeg)
>+       ("fontconfig" ,fontconfig)
>+       ("freetype" ,freetype)
>+       ("gdk-pixbuf" ,gdk-pixbuf)
>+       ("glib" ,glib)
>+       ("gtk+" ,gtk+)
>+       ("harfbuzz" ,harfbuzz/chromium)
>+       ("icu4c" ,icu4c)
>+       ("jsoncpp" ,jsoncpp)
>+       ("lcms" ,lcms)
>+       ("libevent" ,libevent)
>+       ("libffi" ,libffi)
>+       ("libjpeg-turbo" ,libjpeg-turbo)
>+       ("libpng" ,libpng)
>+       ("libva" ,libva)
>+       ("libvpx" ,libvpx/chromium)
>+       ("libwebp" ,libwebp)
>+       ("libx11" ,libx11)
>+       ("libxcb" ,libxcb)
>+       ("libxcomposite" ,libxcomposite)
>+       ("libxcursor" ,libxcursor)
>+       ("libxdamage" ,libxdamage)
>+       ("libxext" ,libxext)
>+       ("libxfixes" ,libxfixes)
>+       ("libxi" ,libxi)
>+       ("libxml2" ,libxml2)
>+       ("libxrandr" ,libxrandr)
>+       ("libxrender" ,libxrender)
>+       ("libxscrnsaver" ,libxscrnsaver)
>+       ("libxslt" ,libxslt)
>+       ("libxtst" ,libxtst)
>+       ("mesa" ,mesa)
>+       ("minizip" ,minizip)
>+       ("mit-krb5" ,mit-krb5)
>+       ("nss" ,nss)
>+       ("openh264" ,openh264)
>+       ("openjpeg" ,openjpeg)                          ;PDFium only
>+       ("openssl" ,openssl)
>+       ("opus" ,opus+custom)
>+       ("pango" ,pango)
>+       ("pciutils" ,pciutils)
>+       ("pulseaudio" ,pulseaudio)
>+       ("re2" ,re2)
>+       ("snappy" ,snappy)
>+       ("speech-dispatcher" ,speech-dispatcher)
>+       ("udev" ,eudev)
>+       ("valgrind" ,valgrind)
>+       ("vulkan-headers" ,vulkan-headers)))
>+    (home-page "https://www.chromium.org/")
>+    (description
>+     "Ungoogled-Chromium is the Chromium web browser, sans integration
>with
>+Google web services.")
>+    ;; Chromium is developed as BSD-3, but bundles a large number of
>third-party
>+    ;; components with other licenses.  For full information, see
>chrome://credits.
>+    (license (list license:bsd-3
>+                   license:bsd-2
>+                   license:expat
>+                   license:asl2.0
>+                   license:mpl1.1
>+                   license:mpl2.0
>+                   license:public-domain
>+                   license:isc
>+                   (license:non-copyleft "chrome://credits"
>+                                         "See chrome://credits for
>more information.")
>+                   license:lgpl2.1+))))
>-- 
>2.20.1

Wow. 
Nice work! 😃
-- 
Sent from my k-9 mail for Android.

[-- Attachment #2: Type: text/html, Size: 38621 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [bug#28004] [PATCH] gnu: Add ungoogled-chromium.
@ 2019-02-05  5:22     ` swedebugia
  0 siblings, 0 replies; 152+ messages in thread
From: swedebugia @ 2019-02-05  5:22 UTC (permalink / raw)
  To: 28004, mbakke, guix-devel

[-- Attachment #1: Type: text/plain, Size: 37242 bytes --]

Marius Bakke <mbakke@fastmail.com> skrev: (2 februari 2019 20:20:23 CET)
>Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
>is finally ready for inclusion in Guix.
>
>Features:
>* Chromium 72.
>* No unsolicited network traffic.
>* Free software only.
>* No DRM.
>* Not an April Fools joke.
>
>It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
>will be upstreamed once the upstream reorganization[1] is done.
>
>Comments appreciated!
>
>[0]:
>https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
>[1]: https://github.com/Eloston/ungoogled-chromium/issues/651
>
>* gnu/packages/aux-files/chromium/master-preferences.json,
>gnu/packages/chromium.scm: New files.
>* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
>---
> gnu/local.mk                                  |   1 +
> .../chromium/master-preferences.json          |  26 +
> gnu/packages/chromium.scm                     | 741 ++++++++++++++++++
> 3 files changed, 768 insertions(+)
>create mode 100644
>gnu/packages/aux-files/chromium/master-preferences.json
> create mode 100644 gnu/packages/chromium.scm
>
>diff --git a/gnu/local.mk b/gnu/local.mk
>index 82db1488d6..b5e937cdd7 100644
>--- a/gnu/local.mk
>+++ b/gnu/local.mk
>@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
>   %D%/packages/check.scm			\
>   %D%/packages/chemistry.scm			\
>   %D%/packages/chez.scm				\
>+  %D%/packages/chromium.scm			\
>   %D%/packages/ci.scm				\
>   %D%/packages/cinnamon.scm			\
>   %D%/packages/clojure.scm			\
>diff --git a/gnu/packages/aux-files/chromium/master-preferences.json
>b/gnu/packages/aux-files/chromium/master-preferences.json
>new file mode 100644
>index 0000000000..0caa7cc4cd
>--- /dev/null
>+++ b/gnu/packages/aux-files/chromium/master-preferences.json
>@@ -0,0 +1,26 @@
>+{
>+  "distribution": {
>+     "import_bookmarks": false,
>+     "make_chrome_default": false,
>+     "make_chrome_default_for_user": false,
>+     "verbose_logging": true,
>+     "skip_first_run_ui": true,
>+     "suppress_first_run_default_browser_prompt": true
>+  },
>+  "browser": {
>+     "has_seen_welcome_page" : true,
>+     "check_default_browser" : false
>+  },
>+  "dns_prefetching": {
>+    "enabled": false
>+  },
>+  "alternate_error_pages": {
>+    "enabled": false
>+  },
>+  "hardware": {
>+    "audio_capture_enabled": false
>+  },
>+  "default_apps": "noinstall",
>+  "hide_web_store_icon": true,
>+  "homepage": "https://www.gnu.org/software/guix"
>+}
>diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
>new file mode 100644
>index 0000000000..eb404246d3
>--- /dev/null
>+++ b/gnu/packages/chromium.scm
>@@ -0,0 +1,741 @@
>+;;; GNU Guix --- Functional package management for GNU
>+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
>+;;;
>+;;; GNU Guix is free software; you can redistribute it and/or modify
>it
>+;;; under the terms of the GNU General Public License as published by
>+;;; the Free Software Foundation; either version 3 of the License, or
>(at
>+;;; your option) any later version.
>+;;;
>+;;; GNU Guix is distributed in the hope that it will be useful, but
>+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
>+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+;;; GNU General Public License for more details.
>+;;;
>+;;; You should have received a copy of the GNU General Public License
>+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
>+
>+(define-module (gnu packages chromium)
>+  #:use-module ((guix licenses) #:prefix license:)
>+  #:use-module (guix packages)
>+  #:use-module (guix gexp)
>+  #:use-module (guix store)
>+  #:use-module (guix monads)
>+  #:use-module (guix download)
>+  #:use-module (guix git-download)
>+  #:use-module (guix utils)
>+  #:use-module (guix build-system gnu)
>+  #:use-module (gnu packages)
>+  #:use-module (gnu packages assembly)
>+  #:use-module (gnu packages base)
>+  #:use-module (gnu packages bison)
>+  #:use-module (gnu packages build-tools)
>+  #:use-module (gnu packages compression)
>+  #:use-module (gnu packages cups)
>+  #:use-module (gnu packages curl)
>+  #:use-module (gnu packages fontutils)
>+  #:use-module (gnu packages gcc)
>+  #:use-module (gnu packages ghostscript)
>+  #:use-module (gnu packages gl)
>+  #:use-module (gnu packages glib)
>+  #:use-module (gnu packages gnome)
>+  #:use-module (gnu packages gnuzilla)
>+  #:use-module (gnu packages gperf)
>+  #:use-module (gnu packages gtk)
>+  #:use-module (gnu packages icu4c)
>+  #:use-module (gnu packages image)
>+  #:use-module (gnu packages libevent)
>+  #:use-module (gnu packages libffi)
>+  #:use-module (gnu packages linux)
>+  #:use-module (gnu packages kerberos)
>+  #:use-module (gnu packages ninja)
>+  #:use-module (gnu packages node)
>+  #:use-module (gnu packages pciutils)
>+  #:use-module (gnu packages pkg-config)
>+  #:use-module (gnu packages pulseaudio)
>+  #:use-module (gnu packages python)
>+  #:use-module (gnu packages python-web)
>+  #:use-module (gnu packages python-xyz)
>+  #:use-module (gnu packages regex)
>+  #:use-module (gnu packages serialization)
>+  #:use-module (gnu packages speech)
>+  #:use-module (gnu packages tls)
>+  #:use-module (gnu packages valgrind)
>+  #:use-module (gnu packages vulkan)
>+  #:use-module (gnu packages video)
>+  #:use-module (gnu packages xiph)
>+  #:use-module (gnu packages xml)
>+  #:use-module (gnu packages xdisorg)
>+  #:use-module (gnu packages xorg))
>+
>+(define %preserved-third-party-files
>+  '("base/third_party/dmg_fp" ;X11-style
>+    "base/third_party/dynamic_annotations" ;BSD-2
>+    "base/third_party/icu" ;Unicode, X11-style
>+    "base/third_party/superfasthash" ;BSD-3
>+    "base/third_party/symbolize" ;BSD-3
>+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
>+    "base/third_party/xdg_user_dirs" ;Expat
>+    "chrome/third_party/mozilla_security_manager"
>;MPL-1.1/GPL2+/LGPL2.1+
>+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
>+    "courgette/third_party/divsufsort" ;Expat
>+    "net/third_party/http2" ;BSD-3
>+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
>+    "net/third_party/nss" ;MPL-2.0
>+    "net/third_party/quic" ;BSD-3
>+    "net/third_party/spdy" ;BSD-3
>+    "net/third_party/uri_template" ;ASL2.0
>+    "third_party/abseil-cpp" ;ASL2.0
>+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
>+    "third_party/angle" ;BSD-3
>+    "third_party/angle/src/common/third_party/base" ;BSD-3
>+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
>+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
>+    "third_party/angle/src/third_party/compiler" ;BSD-2
>+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
>+    "third_party/angle/src/third_party/trace_event" ;BSD-3
>+    "third_party/angle/third_party/glslang" ;BSD-3
>+    "third_party/angle/third_party/spirv-headers" ;Expat
>+    "third_party/angle/third_party/spirv-tools" ;Expat
>+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
>+    "third_party/apple_apsl" ;APSL2.0
>+    "third_party/blink" ;BSD-3
>+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
>+    "third_party/boringssl/src/third_party/fiat" ;Expat
>+    "third_party/breakpad" ;BSD-3
>+    "third_party/brotli" ;Expat
>+    "third_party/cacheinvalidation" ;ASL2.0
>+    "third_party/catapult" ;BSD-3
>+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
>;ASL2.0
>+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
>;ASL2.0
>+    "third_party/catapult/third_party/polymer" ;BSD-3
>+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
>+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
>+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
>+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
>+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
>+    "third_party/catapult/tracing/third_party/pako" ;Expat
>+    "third_party/ced" ;BSD-3
>+    "third_party/cld_3" ;ASL2.0
>+    "third_party/closure_compiler" ;ASL2.0
>+    "third_party/crashpad" ;ASL2.0
>+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h"
>;Zlib
>+    "third_party/crc32c" ;BSD-3
>+    "third_party/cros_system_api" ;BSD-3
>+    "third_party/dom_distiller_js" ;BSD-3
>+    "third_party/fips181" ;BSD-3
>+    "third_party/flatbuffers" ;ASL2.0
>+    "third_party/google_input_tools" ;ASL2.0
>+    "third_party/google_input_tools/third_party/closure_library"
>;ASL2.0
>+   
>"third_party/google_input_tools/third_party/closure_library/third_party/closure"
>;Expat
>+    "third_party/googletest" ;BSD-3
>+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/iccjpeg" ;IJG
>+    "third_party/inspector_protocol" ;BSD-3
>+    "third_party/jinja2" ;BSD-3
>+    "third_party/jstemplate" ;ASL2.0
>+    "third_party/khronos" ;Expat, SGI
>+    "third_party/leveldatabase" ;BSD-3
>+    "third_party/libXNVCtrl" ;Expat
>+    "third_party/libaddressinput" ;ASL2.0
>+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent
>License 1.0"
>+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
>+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
>+    "third_party/libjingle_xmpp" ;BSD-3
>+    "third_party/libphonenumber" ;ASL2.0
>+    "third_party/libsecret" ;LGPL2.1+
>+    "third_party/libsrtp" ;BSD-3
>+    "third_party/libsync" ;ASL2.0
>+    "third_party/libudev" ;LGPL2.1+
>+    "third_party/libwebm" ;BSD-3
>+    "third_party/libxml/chromium" ;BSD-3
>+    "third_party/libyuv" ;BSD-3
>+    "third_party/lss" ;BSD-3
>+    "third_party/markupsafe" ;BSD-3
>+    "third_party/mesa_headers" ;Expat, SGI
>+    "third_party/metrics_proto" ;BSD-3
>+    "third_party/modp_b64" ;BSD-3
>+    "third_party/nasm" ;BSD-2
>+    "third_party/node" ;Expat
>+   
>"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
>;BSD-2
>+    "third_party/ots" ;BSD-3
>+    "third_party/pdfium" ;BSD-3
>+    "third_party/pdfium/third_party/agg23" ;Expat
>+    "third_party/pdfium/third_party/base" ;BSD-3
>+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
>+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
>+    "third_party/pdfium/third_party/freetype/include/pstables.h"
>;FreeType
>+    "third_party/ply" ;BSD-3
>+    "third_party/polymer" ;BSD-3
>+    "third_party/protobuf" ;BSD-3
>+    "third_party/protobuf/third_party/six" ;Expat
>+    "third_party/pyjson5" ;ASL2.0
>+    "third_party/qcms" ;Expat
>+    "third_party/rnnoise" ;BSD-3
>+    "third_party/s2cellid" ;ASL2.0
>+    "third_party/sfntly" ;ASL2.0
>+    "third_party/skia" ;BSD-3
>+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/skia/third_party/skcms" ;BSD-3
>+    "third_party/skia/third_party/vulkan" ;BSD-3
>+    "third_party/smhasher" ;Expat, public domain
>+    "third_party/speech-dispatcher" ;GPL2+
>+    "third_party/spirv-headers" ;ASL2.0
>+    "third_party/SPIRV-Tools" ;ASL2.0
>+    "third_party/sqlite" ;Public domain
>+    "third_party/ungoogled" ;BSD-3
>+    "third_party/usb_ids" ;BSD-3
>+    "third_party/usrsctp" ;BSD-2
>+    "third_party/web-animations-js" ;ASL2.0
>+    "third_party/webdriver" ;ASL2.0
>+    "third_party/webrtc" ;BSD-3
>+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
>+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor"
>;Public domain
>+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
>+    "third_party/webrtc/modules/third_party/g711" ;Public domain
>+    "third_party/webrtc/modules/third_party/g722" ;Public domain
>+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
>+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
>+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
>+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
>+    "third_party/woff2" ;ASL2.0
>+    "third_party/xdg-utils" ;Expat
>+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
>+    "third_party/zlib/google" ;BSD-3
>+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
>+    "v8/src/third_party/utf8-decoder" ;Expat
>+    "v8/src/third_party/valgrind" ;BSD-4
>+    "v8/third_party/inspector_protocol" ;BSD-3
>+    "v8/third_party/v8/builtins")) ;PSFL
>+
>+(define* (computed-origin-method gexp-promise hash-algo hash
>+                                 #:optional (name "source")
>+                                 #:key (system (%current-system))
>+                                 (guile (default-guile)))
>+  "Return a derivation that executes the G-expression that results
>+from forcing GEXP-PROMISE."
>+  (mlet %store-monad ((guile (package->derivation guile system)))
>+    (gexp->derivation (or name "computed-origin")
>+                      (force gexp-promise)
>+                      #:system system
>+                      #:guile-for-build guile)))
>+
>+(define %chromium-version "72.0.3626.81")
>+(define %ungoogled-revision
>"f9b9074c322a67b04baf0982797cd7b7e09614b5")
>+
>+;; This is a computed origin that does the following:
>+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
>+;; 2) Prunes all third_party folders that are not explicitly
>preserved.
>+;; 3) Adjusts "GN" build files such that system libraries are
>preferred.
>+(define ungoogled-chromium-source
>+  (let* ((chromium-source
>+          (origin
>+            (method url-fetch)
>+            (uri (string-append
>"https://commondatastorage.googleapis.com"
>+                                "/chromium-browser-official/chromium-"
>+                                %chromium-version ".tar.xz"))
>+            (sha256
>+             (base32
>+             
>"01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
>+         (ungoogled-source
>+          (origin
>+            (method git-fetch)
>+            (uri (git-reference (url
>"https://github.com/mbakke/ungoogled-chromium")
>+                                (commit %ungoogled-revision)))
>+            (file-name (git-file-name "ungoogled-chromium"
>+                                      (string-take %ungoogled-revision
>7)))
>+            (sha256
>+             (base32
>+             
>"0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
>+
>+    (origin
>+      (method computed-origin-method)
>+      (file-name (string-append "ungoogled-chromium-"
>%chromium-version ".tar.xz"))
>+      (sha256 #f)
>+      (uri
>+       (delay
>+         (with-imported-modules '((guix build utils))
>+           #~(begin
>+               (use-modules (guix build utils))
>+               (let ((chromium-dir    (string-append "chromium-"
>#$%chromium-version))
>+                     (preserved-files (list
>#$@%preserved-third-party-files)))
>+
>+                 (mkdir "/tmp/bin")
>+                 (set-path-environment-variable
>+                  "PATH" '("bin")
>+                  (list "/tmp"
>+                        #+(canonical-package patch)
>+                        #+(canonical-package xz)
>+                        #+(canonical-package tar)
>+                        #+python-2
>+                        #+python))
>+
>+                 (copy-recursively #+ungoogled-source
>"/tmp/ungoogled")
>+
>+                 (with-directory-excursion "/tmp/ungoogled"
>+
>+                   (format #t "Unpacking chromium tarball...~%")
>+                   (force-output)
>+                   (invoke "tar" "xf" #+chromium-source)
>+
>+                   (format #t "Ungooglifying...~%")
>+                   (force-output)
>+                   (invoke "python3" "run_buildkit_cli.py" "prune"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "patches"
>"apply"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "domains"
>"apply"
>+                           "-b" "config_bundles/linux_rooted"
>+                           "-c" "/tmp/domainscache.tar.gz"
>chromium-dir)
>+
>+                   (with-directory-excursion chromium-dir
>+                     (format #t "Pruning third party files...~%")
>+                     (force-output)
>+                     (apply invoke "python"
>+                            
>"build/linux/unbundle/remove_bundled_libraries.py"
>+                             "--do-remove" preserved-files)
>+
>+                     (format #t "Replacing GN files...~%")
>+                     (force-output)
>+                     (invoke "python3"
>"build/linux/unbundle/replace_gn_files.py"
>+                             "--system-libraries" "ffmpeg" "flac"
>"fontconfig"
>+                             "freetype" "harfbuzz-ng" "icu" "libdrm"
>"libevent"
>+                             "libjpeg" "libpng" "libvpx" "libwebp"
>"libxml"
>+                             "libxslt" "openh264" "opus" "re2"
>"snappy" "yasm"
>+                             "zlib"))
>+
>+                   (format #t (string-append "Packing new Ungoogled
>tarball ...~%"))
>+                   (force-output)
>+                   (invoke "tar" "cvfa" #$output
>+                           ;; Avoid non-determinism in the archive.
>+                           "--mtime=@0"
>+                           "--owner=root:0"
>+                           "--group=root:0"
>+                           "--sort=name"
>+                           chromium-dir)
>+
>+                   #t)))))))))
>+
>+(define opus+custom
>+  (package/inherit opus
>+    (name "opus+custom")
>+    (arguments
>+     (substitute-keyword-arguments (package-arguments opus)
>+       ((#:configure-flags flags ''())
>+        ;; Opus Custom is an optional extension of the Opus
>+        ;; specification that allows for unsupported frame
>+        ;; sizes.  Chromium requires that this is enabled.
>+        `(cons "--enable-custom-modes"
>+               ,flags))))))
>+
>+(define libvpx/chromium
>+  ;; Chromium 66 and later requires an unreleased libvpx, so we take
>the
>+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
>+  (let ((version (package-version libvpx))
>+        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
>+        (revision "0"))
>+    (package/inherit libvpx
>+      (name "libvpx-chromium")
>+      (version (git-version version revision commit))
>+      (source (origin
>+                (method git-fetch)
>+                (uri (git-reference
>+                      (url
>"https://chromium.googlesource.com/webm/libvpx")
>+                      (commit commit)))
>+                (file-name (git-file-name name version))
>+                (sha256
>+                 (base32
>+                 
>"0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
>+
>+;; Transitional package until HarfBuzz 2.2 is available in Guix master
>branch.
>+(define harfbuzz/chromium
>+  (package/inherit harfbuzz
>+    (version "2.2.0")
>+    (source (origin
>+              (inherit (package-source harfbuzz))
>+              (uri (string-append
>"https://www.freedesktop.org/software/harfbuzz"
>+                                  "/release/harfbuzz-" version
>".tar.bz2"))
>+              (sha256
>+               (base32
>+               
>"047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
>+
>+(define-public ungoogled-chromium
>+  (package
>+    (name "ungoogled-chromium")
>+    (version %chromium-version)
>+    (synopsis "Graphical web browser")
>+    (source ungoogled-chromium-source)
>+    (build-system gnu-build-system)
>+    (arguments
>+     `(#:tests? #f
>+       ;; FIXME: There is a "gn" option specifically for setting
>-rpath, but
>+       ;; it overrides the RUNPATH set by the linker.
>+       #:validate-runpath? #f
>+       #:modules ((guix build gnu-build-system)
>+                  (guix build utils)
>+                  (ice-9 ftw)
>+                  (ice-9 regex)
>+                  (srfi srfi-26))
>+       #:configure-flags
>+       ;; See tools/gn/docs/cookbook.md and
>+       ;; https://www.chromium.org/developers/gn-build-configuration
>+       ;; for usage.  Run "./gn args . --list" in the Release
>+       ;; directory for an exhaustive list of supported flags.
>+       ;; (Note: The 'configure' phase will do that for you.)
>+       (list "is_debug=false"
>+             "use_gold=false"
>+             "use_lld=false"
>+             "linux_use_bundled_binutils=false"
>+             "use_custom_libcxx=false"
>+             "use_sysroot=false"
>+             "enable_precompiled_headers=false"
>+             "goma_dir=\"\""
>+             "enable_nacl=false"
>+             "enable_nacl_nonsfi=false"
>+             "use_allocator=\"none\""   ;don't use tcmalloc
>+             "use_unofficial_version_number=false"
>+
>+             ;; Define a custom toolchain that simply looks up CC, AR
>and
>+             ;; friends from the environment.
>+            
>"custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+            
>"host_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+
>+             ;; Don't assume it's clang.
>+             "is_clang=false"
>+
>+             ;; Optimize for building everything at once, as opposed
>to
>+             ;; incrementally for development.  See "docs/jumbo.md".
>+             "use_jumbo_build=true"
>+
>+             ;; Disable type-checking for the Web UI to avoid a Java
>dependency.
>+             "closure_compile=false"
>+
>+             ;; Disable debugging features to save space.
>+             "blink_symbol_level=0"
>+             "enable_iterator_debugging=false"
>+
>+             ;; Some of the unbundled libraries throws deprecation
>+             ;; warnings, etc.  Ignore it.
>+             "treat_warnings_as_errors=false"
>+
>+             ;; Don't add any API keys.  End users can set them in the
>+             ;; environment if desired.  See
>+             ;;
><https://www.chromium.org/developers/how-tos/api-keys>.
>+             "use_official_google_api_keys=false"
>+
>+             ;; Disable "safe browsing", which pulls in a dependency
>on
>+             ;; the nonfree "unrar" program (as of m66).
>+             "safe_browsing_mode=0"
>+
>+             ;; Disable "field trials".
>+             "fieldtrial_testing_like_official_build=true"
>+
>+             ;; Ungoogled components.
>+             "enable_mdns=false"
>+             "enable_one_click_signin=false"
>+             "enable_reading_list=false"
>+             "enable_remoting=false"
>+             "enable_reporting=false"
>+             "enable_service_discovery=false"
>+             "enable_swiftshader=false"
>+             "use_vaapi=true"
>+
>+             ;; Use system libraries where possible.
>+             "use_system_freetype=true"
>+             "use_system_harfbuzz=true"
>+             "use_system_lcms2=true"
>+             "use_system_libdrm=true"
>+             "use_system_libjpeg=true"
>+             "use_system_libpng=true"
>+             ;;"use_system_libsync=true"
>+             "use_system_zlib=true"
>+
>+             "use_gnome_keyring=false"  ;deprecated by libsecret
>+             "use_openh264=true"
>+             "use_pulseaudio=true"
>+             "link_pulseaudio=true"
>+
>+             ;; Don't arbitrarily restrict formats supported by system
>ffmpeg.
>+             "proprietary_codecs=true"
>+             "ffmpeg_branding=\"Chrome\""
>+
>+             ;; WebRTC stuff.
>+             "rtc_use_h264=true"
>+             ;; Don't use bundled sources.
>+             "rtc_build_json=false"
>+             "rtc_build_libevent=false"
>+             "rtc_build_libvpx=false"
>+             "rtc_build_opus=false"
>+             "rtc_build_ssl=false"
>+
>+             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
>+             "rtc_build_usrsctp=true"   ;TODO: package this
>+             (string-append "rtc_jsoncpp_root=\""
>+                            (assoc-ref %build-inputs "jsoncpp")
>+                            "/include/jsoncpp/json\"")
>+             (string-append "rtc_ssl_root=\""
>+                            (assoc-ref %build-inputs "openssl")
>+                            "/include/openssl\""))
>+       #:phases
>+       (modify-phases %standard-phases
>+         (add-after 'unpack 'patch-stuff
>+           (lambda* (#:key inputs #:allow-other-keys)
>+             (substitute* "printing/cups_config_helper.py"
>+               (("cups_config =.*")
>+                (string-append "cups_config = '" (assoc-ref inputs
>"cups")
>+                               "/bin/cups-config'\n")))
>+
>+             (substitute*
>+                 '("base/process/launch_posix.cc"
>+                  
>"base/third_party/dynamic_annotations/dynamic_annotations.c"
>+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
>+                   "sandbox/linux/services/credentials.cc"
>+                   "sandbox/linux/services/namespace_utils.cc"
>+                   "sandbox/linux/services/syscall_wrappers.cc"
>+                   "sandbox/linux/syscall_broker/broker_host.cc")
>+               (("include \"base/third_party/valgrind/") "include
>\"valgrind/"))
>+
>+             (for-each (lambda (file)
>+                         (substitute* file
>+                           ;; Fix opus include path.
>+                           ;; Do not substitute opus_private.h.
>+                           (("#include \"opus\\.h\"")
>+                            "#include \"opus/opus.h\"")
>+                           (("#include \"opus_custom\\.h\"")
>+                            "#include \"opus/opus_custom.h\"")
>+                           (("#include \"opus_defines\\.h\"")
>+                            "#include \"opus/opus_defines.h\"")
>+                           (("#include \"opus_multistream\\.h\"")
>+                            "#include \"opus/opus_multistream.h\"")
>+                           (("#include \"opus_types\\.h\"")
>+                            "#include \"opus/opus_types.h\"")))
>+                       (find-files (string-append
>"third_party/webrtc/modules"
>+                                                 
>"/audio_coding/codecs/opus")))
>+
>+             (substitute* "chrome/common/chrome_paths.cc"
>+               (("/usr/share/chromium/extensions")
>+                ;; TODO: Add ~/.guix-profile.
>+               
>"/run/current-system/profile/share/chromium/extensions"))
>+
>+             ;; XXX: Should be unnecessary when use_system_lcms2=true.
>+             (substitute*
>"third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
>+               (("include \"third_party/lcms/include/lcms2\\.h\"")
>+                "include \"lcms2.h\""))
>+
>+             (substitute*
>+                
>"third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
>+               (("include \"third_party/curl") "include \"curl"))
>+
>+             (substitute* "third_party/webrtc/rtc_base/strings/json.h"
>+               (("#include \"third_party/jsoncpp/") "#include
>\"json/"))
>+
>+             (substitute* "media/base/decode_capabilities.cc"
>+               (("third_party/libvpx/source/libvpx/") ""))
>+
>+             (substitute* "ui/gfx/skia_util.h"
>+               (("third_party/vulkan/include/") ""))
>+
>+             ;; Building chromedriver embeds some files using the ZIP
>+             ;; format which doesn't support timestamps before
>+             ;; 1980. Therefore, advance the timestamps of the files
>+             ;; which are included so that building chromedriver
>+             ;; works.
>+             (let ((circa-1980 (* 10 366 24 60 60)))
>+               (for-each (lambda (file)
>+                           (utime file circa-1980 circa-1980))
>+                        
>'("chrome/test/chromedriver/extension/background.js"
>+                          
>"chrome/test/chromedriver/extension/manifest.json")))
>+
>+             #t))
>+         (add-before 'configure 'prepare-build-environment
>+           (lambda* (#:key inputs #:allow-other-keys)
>+
>+             ;; Make sure the right build tools are used.
>+             (setenv "AR" "ar") (setenv "NM" "nm")
>+             (setenv "CC" "gcc") (setenv "CXX" "g++")
>+
>+             ;; Work around <https://bugs.gnu.org/30756>.
>+             (unsetenv "C_INCLUDE_PATH")
>+             (unsetenv "CPLUS_INCLUDE_PATH")
>+
>+             ;; TODO: pre-compile instead. Avoids a race condition.
>+             (setenv "PYTHONDONTWRITEBYTECODE" "1")
>+
>+             ;; XXX: How portable is this.
>+             (mkdir-p "third_party/node/linux/node-linux-x64")
>+             (symlink (string-append (assoc-ref inputs "node") "/bin")
>+                      "third_party/node/linux/node-linux-x64/bin")
>+
>+             #t))
>+         (replace 'configure
>+           (lambda* (#:key configure-flags #:allow-other-keys)
>+             (let ((args (string-join configure-flags " ")))
>+               ;; Generate ninja build files.
>+               (invoke "gn" "gen" "out/Release"
>+                       (string-append "--args=" args))
>+
>+               ;; Print the full list of supported arguments as well
>as
>+               ;; their current status for convenience.
>+               (format #t "Dumping configure flags...\n")
>+               (invoke "gn" "args" "out/Release" "--list"))))
>+         (replace 'build
>+           (lambda* (#:key outputs #:allow-other-keys)
>+             (invoke "ninja" "-C" "out/Release"
>+                     "-j" (number->string (parallel-job-count))
>+                     "chrome"
>+                     "chromedriver")))
>+         (replace 'install
>+           (lambda* (#:key inputs outputs #:allow-other-keys)
>+             (let* ((out            (assoc-ref outputs "out"))
>+                    (bin            (string-append out "/bin"))
>+                    (exe            (string-append bin "/chromium"))
>+                    (lib            (string-append out "/lib"))
>+                    (man            (string-append out
>"/share/man/man1"))
>+                    (applications   (string-append out
>"/share/applications"))
>+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
>+                    (locales        (string-append lib "/locales"))
>+                    (resources      (string-append lib "/resources"))
>+                    (preferences    (assoc-ref inputs
>"master-preferences"))
>+                    (gtk+           (assoc-ref inputs "gtk+"))
>+                    (mesa           (assoc-ref inputs "mesa"))
>+                    (nss            (assoc-ref inputs "nss"))
>+                    (udev           (assoc-ref inputs "udev"))
>+                    (sh             (which "sh")))
>+
>+               (substitute* '("chrome/app/resources/manpage.1.in"
>+                             
>"chrome/installer/linux/common/desktop.template")
>+                 (("@@MENUNAME@@") "Chromium")
>+                 (("@@PACKAGE@@") "chromium")
>+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
>+
>+               (mkdir-p man)
>+               (copy-file "chrome/app/resources/manpage.1.in"
>+                          (string-append man "/chromium.1"))
>+
>+               (mkdir-p applications)
>+               (copy-file
>"chrome/installer/linux/common/desktop.template"
>+                          (string-append applications
>"/chromium.desktop"))
>+
>+               (mkdir-p lib)
>+               (copy-file preferences (string-append lib
>"/master_preferences"))
>+
>+               (with-directory-excursion "out/Release"
>+                 (for-each (lambda (file)
>+                             (install-file file lib))
>+                           (scandir "." (cut regexp-exec
>install-regexp <>)))
>+                 (copy-file "chrome" (string-append lib "/chromium"))
>+
>+                 ;; TODO: Install icons from "../../chrome/app/themes"
>into
>+                 ;; "out/share/icons/hicolor/$size".
>+                 (install-file
>+                  "product_logo_48.png"
>+                  (string-append out
>"/share/icons/48x48/chromium.png"))
>+
>+                 (copy-recursively "locales" locales)
>+                 (copy-recursively "resources" resources)
>+
>+                 (mkdir-p bin)
>+                 (symlink "../lib/chromium" exe)
>+                 (install-file "chromedriver" bin)
>+
>+                 (wrap-program exe
>+                   ;; TODO: Get these in RUNPATH.
>+                   `("LD_LIBRARY_PATH" ":" prefix
>+                     (,(string-append lib ":" nss "/lib/nss:" gtk+
>"/lib:"
>+                                      mesa "/lib:" udev "/lib")))
>+                   ;; Avoid file manager crash.  See
><https://bugs.gnu.org/26593>.
>+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+
>"/share"))))
>+                 #t)))))))
>+    (native-inputs
>+     `(("bison" ,bison)
>+       ("gcc" ,gcc-8)
>+       ("gn" ,gn)
>+       ("gperf" ,gperf)
>+       ("ninja" ,ninja)
>+       ("node" ,node)
>+       ("pkg-config" ,pkg-config)
>+       ("which" ,which)
>+       ("yasm" ,yasm)
>+
>+       ;; This file contains defaults for new user profiles.
>+       ("master-preferences" ,(local-file
>"aux-files/chromium/master-preferences.json"))
>+
>+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
>+       ("python-html5lib" ,python2-html5lib)
>+       ("python" ,python-2)))
>+    (inputs
>+     `(("alsa-lib" ,alsa-lib)
>+       ("atk" ,atk)
>+       ("cups" ,cups)
>+       ("curl" ,curl)
>+       ("dbus" ,dbus)
>+       ("dbus-glib" ,dbus-glib)
>+       ("expat" ,expat)
>+       ("flac" ,flac)
>+       ("ffmpeg" ,ffmpeg)
>+       ("fontconfig" ,fontconfig)
>+       ("freetype" ,freetype)
>+       ("gdk-pixbuf" ,gdk-pixbuf)
>+       ("glib" ,glib)
>+       ("gtk+" ,gtk+)
>+       ("harfbuzz" ,harfbuzz/chromium)
>+       ("icu4c" ,icu4c)
>+       ("jsoncpp" ,jsoncpp)
>+       ("lcms" ,lcms)
>+       ("libevent" ,libevent)
>+       ("libffi" ,libffi)
>+       ("libjpeg-turbo" ,libjpeg-turbo)
>+       ("libpng" ,libpng)
>+       ("libva" ,libva)
>+       ("libvpx" ,libvpx/chromium)
>+       ("libwebp" ,libwebp)
>+       ("libx11" ,libx11)
>+       ("libxcb" ,libxcb)
>+       ("libxcomposite" ,libxcomposite)
>+       ("libxcursor" ,libxcursor)
>+       ("libxdamage" ,libxdamage)
>+       ("libxext" ,libxext)
>+       ("libxfixes" ,libxfixes)
>+       ("libxi" ,libxi)
>+       ("libxml2" ,libxml2)
>+       ("libxrandr" ,libxrandr)
>+       ("libxrender" ,libxrender)
>+       ("libxscrnsaver" ,libxscrnsaver)
>+       ("libxslt" ,libxslt)
>+       ("libxtst" ,libxtst)
>+       ("mesa" ,mesa)
>+       ("minizip" ,minizip)
>+       ("mit-krb5" ,mit-krb5)
>+       ("nss" ,nss)
>+       ("openh264" ,openh264)
>+       ("openjpeg" ,openjpeg)                          ;PDFium only
>+       ("openssl" ,openssl)
>+       ("opus" ,opus+custom)
>+       ("pango" ,pango)
>+       ("pciutils" ,pciutils)
>+       ("pulseaudio" ,pulseaudio)
>+       ("re2" ,re2)
>+       ("snappy" ,snappy)
>+       ("speech-dispatcher" ,speech-dispatcher)
>+       ("udev" ,eudev)
>+       ("valgrind" ,valgrind)
>+       ("vulkan-headers" ,vulkan-headers)))
>+    (home-page "https://www.chromium.org/")
>+    (description
>+     "Ungoogled-Chromium is the Chromium web browser, sans integration
>with
>+Google web services.")
>+    ;; Chromium is developed as BSD-3, but bundles a large number of
>third-party
>+    ;; components with other licenses.  For full information, see
>chrome://credits.
>+    (license (list license:bsd-3
>+                   license:bsd-2
>+                   license:expat
>+                   license:asl2.0
>+                   license:mpl1.1
>+                   license:mpl2.0
>+                   license:public-domain
>+                   license:isc
>+                   (license:non-copyleft "chrome://credits"
>+                                         "See chrome://credits for
>more information.")
>+                   license:lgpl2.1+))))
>-- 
>2.20.1

Wow. 
Nice work! 😃
-- 
Sent from my k-9 mail for Android.

[-- Attachment #2: Type: text/html, Size: 38621 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04 22:34         ` [bug#28004] " Ludovic Courtès
  (?)
@ 2019-02-06 21:04         ` Marius Bakke
  -1 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-06 21:04 UTC (permalink / raw)
  To: Ludovic Courtès, bill-auger; +Cc: guix-devel, 28004, gnu-linux-libre

[-- Attachment #1: Type: text/plain, Size: 1597 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Hi bill-auger,
>
> bill-auger <bill-auger@peers.community> skribis:
>
>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>
>> i would like to remind readers of the guix-devel list that it was
>> discussed some months ago, why no FSDG distros currently distribute
>> chromium[1] - it appeared at that time, that most people in that
>> discussion were in agreement that chromium should not be included in
>> guix; and marius was instead hosting it in a private repo, as not to
>> taint the main guix repos with dubious software - has there been a
>> notable break-through since then?
>
> It’s not entirely clear to me what the problems are, to be honest.
> Marius listed specific issues that were addressed by the patches; others
> then pointed out at additional issues that ungoogled-chromium fixes,
> which Marius took into account; what’s left now?

Indeed, the only real breakthrough is that we now have a script to
create an Ungooglified source tarball with all unnecessary third_party
components removed.  The compressed tarball is smaller than that of
IceCat and takes up around 2.1 GiB uncompressed, roughly 1GiB of which
is third_party stuff.

That leaves "just" over 1GiB of source code to audit (assuming my
third_party audit is correct).  I haven't been able to find any
proprietary parts in first party code, and am convinced that the
remaining third_party components are free, hence this patch.

I am of course happy to help other FSDG distributions liberate their
Chromium too.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04 22:34         ` [bug#28004] " Ludovic Courtès
  (?)
  (?)
@ 2019-02-07 23:52         ` Christopher Lemmer Webber
  2019-02-07 23:59           ` Julie Marchant
  2019-02-16  8:00           ` bill-auger
  -1 siblings, 2 replies; 152+ messages in thread
From: Christopher Lemmer Webber @ 2019-02-07 23:52 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel, gnu-linux-libre, 28004

Ludovic Courtès writes:

> Hi bill-auger,
>
> bill-auger <bill-auger@peers.community> skribis:
>
>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>
>> i would like to remind readers of the guix-devel list that it was
>> discussed some months ago, why no FSDG distros currently distribute
>> chromium[1] - it appeared at that time, that most people in that
>> discussion were in agreement that chromium should not be included in
>> guix; and marius was instead hosting it in a private repo, as not to
>> taint the main guix repos with dubious software - has there been a
>> notable break-through since then?
>
> It’s not entirely clear to me what the problems are, to be honest.
> Marius listed specific issues that were addressed by the patches; others
> then pointed out at additional issues that ungoogled-chromium fixes,
> which Marius took into account; what’s left now?
>
> I understand you’re skeptical about Chromium, but we cannot base
> decisions based on vague skepticism.  If you know of issues that are
> still unaddressed, please do list them.
>
> I’d also like to stress that, if Chromium is eventually included in
> Guix, we are committed to fixing it or removing it should someone later
> discover that it does not comply with the FSDG (that’s the “Commitment
> to Correct Mistakes” section of FSDG.)

+1 ... If concrete problems are found, by all means those should be
raised and addressed.  Otherwise I really think we ought to merge this
work.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-07 23:52         ` Christopher Lemmer Webber
@ 2019-02-07 23:59           ` Julie Marchant
  2019-02-16  8:00           ` bill-auger
  1 sibling, 0 replies; 152+ messages in thread
From: Julie Marchant @ 2019-02-07 23:59 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions,
	Christopher Lemmer Webber, Ludovic Courtès
  Cc: guix-devel, 28004

On 02/07/2019 06:52 PM, Christopher Lemmer Webber wrote:
> Ludovic Courtès writes:
> 
>> Hi bill-auger,
>>
>> bill-auger <bill-auger@peers.community> skribis:
>>
>>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>>
>>> i would like to remind readers of the guix-devel list that it was
>>> discussed some months ago, why no FSDG distros currently distribute
>>> chromium[1] - it appeared at that time, that most people in that
>>> discussion were in agreement that chromium should not be included in
>>> guix; and marius was instead hosting it in a private repo, as not to
>>> taint the main guix repos with dubious software - has there been a
>>> notable break-through since then?
>>
>> It’s not entirely clear to me what the problems are, to be honest.
>> Marius listed specific issues that were addressed by the patches; others
>> then pointed out at additional issues that ungoogled-chromium fixes,
>> which Marius took into account; what’s left now?
>>
>> I understand you’re skeptical about Chromium, but we cannot base
>> decisions based on vague skepticism.  If you know of issues that are
>> still unaddressed, please do list them.
>>
>> I’d also like to stress that, if Chromium is eventually included in
>> Guix, we are committed to fixing it or removing it should someone later
>> discover that it does not comply with the FSDG (that’s the “Commitment
>> to Correct Mistakes” section of FSDG.)
> 
> +1 ... If concrete problems are found, by all means those should be
> raised and addressed.  Otherwise I really think we ought to merge this
> work.

Yes, exactly.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-04  4:52     ` bill-auger
                         ` (4 preceding siblings ...)
  2019-02-04 22:34         ` [bug#28004] " Ludovic Courtès
@ 2019-02-09 14:04       ` Adonay Felipe Nogueira
  5 siblings, 0 replies; 152+ messages in thread
From: Adonay Felipe Nogueira @ 2019-02-09 14:04 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, guix-devel; +Cc: 28004


[-- Attachment #1.1: Type: text/plain, Size: 3488 bytes --]

Em 04/02/2019 02:52, bill-auger escreveu:
> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn

On this matter, I think this discussion and also the review should be
tracked either in a bug report or in the Free Software Directory wiki
talk page about Chromium package/entry[1], this one also has a partial
review still to be finished. Besides, the last time I read the FSD's
entry inclusion requirements (about June, 2018) I was informed also in
IRC that they have plans to make the FSD mimic the requirements of the
GNU FSDG so that free/libre system distributions would have an easier
time getting a list of reviewed packages for inclusion. That means that
the FSD would also have the requirements from the GNU FSDG regarding not
including malware and not steering towards non-free functional data.
There are optional things to consider, for which the Antifeature Project
Team is working on drafting[2], although these are not requirements for
inclusion in the FSD.

Regarding the review results in the page referenced by [1], please keep
in mind that the torrents have no trackers, so please share/seed with
DHT and PEX enabled so others can discover the shares too.

Another alternative is of course to ditch Chromium and
Ungoogled-Chromium and focus on Iridium Browser[3].

Anyways, if you do want to see progress in the Chromium review, please
contribute by downloading, seeding and also actually reviewing parts of
the reports generated. The last stop is marked with "Continue.". I did
start the review, but I'm not the most experienced person in regards to
all of legal, security and privacy matters. Just remember to remake a
torrent with the modified report and change the old hash in the page to
the new one you're seeding if you do make changes to the report, and
mark/save the change as major so that other people get notified.

Lastly, bill-auger's question of which should be the "assumed value" for
the GNU FSDG compliance status of a unreviewed package, based on various
proofs related to the dangers of non-free software (well, gnu.org has a
page with these reports/news[4]) and also on the reasoning given by
Richard Stallman in his talks[5], the unreviewed entries should be
considered non-free.

[1] https://directory.fsf.org/wiki/Talk:Chromium
[2] https://directory.fsf.org/wiki/Free_Software_Directory:Antifeatures
[3] https://directory.fsf.org/wiki/Iridium_Browser
[4] https://www.gnu.org/proprietary/proprietary.html
[5]
http://audio-video.gnu.org/video/2015-10-24--rms--free-software-and-your-freedom--seagl--speech.ogv


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* [PATCH v2] gnu: Add ungoogled-chromium.
  2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
                     ` (2 preceding siblings ...)
  2019-02-05  5:22     ` swedebugia
@ 2019-02-12 15:58   ` Marius Bakke
  2019-02-18 22:43     ` [bug#28004] " Marius Bakke
  3 siblings, 1 reply; 152+ messages in thread
From: Marius Bakke @ 2019-02-12 15:58 UTC (permalink / raw)
  To: guix-devel; +Cc: 28004

Changes in this version:

* New upstream release.
* No longer using a fork of Ungoogled-Chromium.
* The special HarfBuzz and libvpx variants have been removed due to
  obsolesence.

Enjoy (or despair)!  Comments appreciated.

* gnu/packages/aux-files/chromium/master-preferences.json,
gnu/packages/chromium.scm: New files.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
---
 gnu/local.mk                                  |   1 +
 .../chromium/master-preferences.json          |  26 +
 gnu/packages/chromium.scm                     | 726 ++++++++++++++++++
 3 files changed, 753 insertions(+)
 create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json
 create mode 100644 gnu/packages/chromium.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index 154b03313a..1496bae066 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/clojure.scm			\
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..5a2049fa72
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+    "distribution": {
+        "import_bookmarks": false,
+        "make_chrome_default": false,
+        "make_chrome_default_for_user": false,
+        "verbose_logging": true,
+        "skip_first_run_ui": true,
+        "suppress_first_run_default_browser_prompt": true
+    },
+    "browser": {
+        "has_seen_welcome_page" : true,
+        "check_default_browser" : false
+    },
+    "dns_prefetching": {
+        "enabled": false
+    },
+    "alternate_error_pages": {
+        "enabled": false
+    },
+    "hardware": {
+        "audio_capture_enabled": false
+    },
+    "default_apps": "noinstall",
+    "hide_web_store_icon": true,
+    "homepage": "https://www.gnu.org/software/guix/"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..85e96131e3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,726 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages vulkan)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+  '("base/third_party/dmg_fp" ;X11-style
+    "base/third_party/dynamic_annotations" ;BSD-2
+    "base/third_party/icu" ;Unicode, X11-style
+    "base/third_party/superfasthash" ;BSD-3
+    "base/third_party/symbolize" ;BSD-3
+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+    "base/third_party/xdg_user_dirs" ;Expat
+    "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+    "courgette/third_party/divsufsort" ;Expat
+    "net/third_party/http2" ;BSD-3
+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "net/third_party/nss" ;MPL-2.0
+    "net/third_party/quic" ;BSD-3
+    "net/third_party/spdy" ;BSD-3
+    "net/third_party/uri_template" ;ASL2.0
+    "third_party/abseil-cpp" ;ASL2.0
+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+    "third_party/angle" ;BSD-3
+    "third_party/angle/src/common/third_party/base" ;BSD-3
+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+    "third_party/angle/src/third_party/compiler" ;BSD-2
+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+    "third_party/angle/src/third_party/trace_event" ;BSD-3
+    "third_party/angle/third_party/glslang" ;BSD-3
+    "third_party/angle/third_party/spirv-headers" ;Expat
+    "third_party/angle/third_party/spirv-tools" ;Expat
+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+    "third_party/apple_apsl" ;APSL2.0
+    "third_party/blink" ;BSD-3
+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+    "third_party/boringssl/src/third_party/fiat" ;Expat
+    "third_party/breakpad" ;BSD-3
+    "third_party/brotli" ;Expat
+    "third_party/cacheinvalidation" ;ASL2.0
+    "third_party/catapult" ;BSD-3
+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+    "third_party/catapult/third_party/polymer" ;BSD-3
+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+    "third_party/catapult/tracing/third_party/pako" ;Expat
+    "third_party/ced" ;BSD-3
+    "third_party/cld_3" ;ASL2.0
+    "third_party/crashpad" ;ASL2.0
+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+    "third_party/crc32c" ;BSD-3
+    "third_party/cros_system_api" ;BSD-3
+    "third_party/dom_distiller_js" ;BSD-3
+    "third_party/fips181" ;BSD-3
+    "third_party/flatbuffers" ;ASL2.0
+    "third_party/google_input_tools" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+    "third_party/googletest" ;BSD-3
+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/iccjpeg" ;IJG
+    "third_party/inspector_protocol" ;BSD-3
+    "third_party/jinja2" ;BSD-3
+    "third_party/jstemplate" ;ASL2.0
+    "third_party/khronos" ;Expat, SGI
+    "third_party/leveldatabase" ;BSD-3
+    "third_party/libXNVCtrl" ;Expat
+    "third_party/libaddressinput" ;ASL2.0
+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+    "third_party/libjingle_xmpp" ;BSD-3
+    "third_party/libphonenumber" ;ASL2.0
+    "third_party/libsecret" ;LGPL2.1+
+    "third_party/libsrtp" ;BSD-3
+    "third_party/libsync" ;ASL2.0
+    "third_party/libudev" ;LGPL2.1+
+    "third_party/libwebm" ;BSD-3
+    "third_party/libxml/chromium" ;BSD-3
+    "third_party/libyuv" ;BSD-3
+    "third_party/lss" ;BSD-3
+    "third_party/markupsafe" ;BSD-3
+    "third_party/mesa_headers" ;Expat, SGI
+    "third_party/metrics_proto" ;BSD-3
+    "third_party/modp_b64" ;BSD-3
+    "third_party/nasm" ;BSD-2
+    "third_party/node" ;Expat
+    "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+    "third_party/ots" ;BSD-3
+    "third_party/pdfium" ;BSD-3
+    "third_party/pdfium/third_party/agg23" ;Expat
+    "third_party/pdfium/third_party/base" ;BSD-3
+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
+    "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+    "third_party/ply" ;BSD-3
+    "third_party/polymer" ;BSD-3
+    "third_party/protobuf" ;BSD-3
+    "third_party/protobuf/third_party/six" ;Expat
+    "third_party/pyjson5" ;ASL2.0
+    "third_party/qcms" ;Expat
+    "third_party/rnnoise" ;BSD-3
+    "third_party/s2cellid" ;ASL2.0
+    "third_party/sfntly" ;ASL2.0
+    "third_party/skia" ;BSD-3
+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/skia/third_party/skcms" ;BSD-3
+    "third_party/skia/third_party/vulkan" ;BSD-3
+    "third_party/smhasher" ;Expat, public domain
+    "third_party/speech-dispatcher" ;GPL2+
+    "third_party/spirv-headers" ;ASL2.0
+    "third_party/SPIRV-Tools" ;ASL2.0
+    "third_party/sqlite" ;Public domain
+    "third_party/ungoogled" ;BSD-3
+    "third_party/usb_ids" ;BSD-3
+    "third_party/usrsctp" ;BSD-2
+    "third_party/web-animations-js" ;ASL2.0
+    "third_party/webdriver" ;ASL2.0
+    "third_party/webrtc" ;BSD-3
+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+    "third_party/webrtc/modules/third_party/g711" ;Public domain
+    "third_party/webrtc/modules/third_party/g722" ;Public domain
+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+    "third_party/woff2" ;ASL2.0
+    "third_party/xdg-utils" ;Expat
+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+    "third_party/zlib/google" ;BSD-3
+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+    "v8/src/third_party/utf8-decoder" ;Expat
+    "v8/src/third_party/valgrind" ;BSD-4
+    "v8/third_party/inspector_protocol" ;BSD-3
+    "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.96")
+(define %ungoogled-revision "82b1194615a6542c28edfc5505d357c9dfca88c7")
+
+;; This is a "computed" origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+  (let* ((chromium-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://commondatastorage.googleapis.com"
+                                "/chromium-browser-official/chromium-"
+                                %chromium-version ".tar.xz"))
+            (sha256
+             (base32
+              "0fxavi4nwfiyb15lqm02vlq6kb8i4ipxnd7hp45bm7jdmhmgbnmj"))))
+         (ungoogled-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
+                                (commit %ungoogled-revision)))
+            (file-name (git-file-name "ungoogled-chromium"
+                                      (string-take %ungoogled-revision 7)))
+            (sha256
+             (base32
+              "067bccrv67wh8p0vak0n38gc8mvb9hvx2pz83r0y1iiqkhrglnp3")))))
+
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+           #~(begin
+               (use-modules (guix build utils))
+               (let ((chromium-dir    (string-append "chromium-" #$%chromium-version))
+                     (preserved-files (list #$@%preserved-third-party-files)))
+
+                 (mkdir "/tmp/bin")
+                 (set-path-environment-variable
+                  "PATH" '("bin")
+                  (list "/tmp"
+                        #+(canonical-package patch)
+                        #+(canonical-package xz)
+                        #+(canonical-package tar)
+                        #+python-2
+                        #+python))
+
+                 (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+                 (with-directory-excursion "/tmp/ungoogled"
+
+                   ;; Create a custom "bundle" that inherits from linux_rooted
+                   ;; and adds an additional patch.
+                   (format #t "Creating Guix config bundle...~%")
+                   (force-output)
+                   (mkdir-p "config_bundles/guix")
+                   (call-with-output-file "config_bundles/guix/bundlemeta.ini"
+                     (lambda (port)
+                       (format port
+                               "[bundle]
+display_name = GNU Guix
+depends = linux_rooted\n")))
+                   (call-with-output-file "config_bundles/guix/patch_order.list"
+                     (lambda (port)
+                       (format port "debian_buster/system/openjpeg.patch\n")))
+
+                   (format #t "Unpacking chromium tarball...~%")
+                   (force-output)
+                   (invoke "tar" "xf" #+chromium-source)
+
+                   (format #t "Ungooglifying...~%")
+                   (force-output)
+                   (invoke "python3" "run_buildkit_cli.py" "prune"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+                           "-b" "config_bundles/linux_rooted"
+                           "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+                   (with-directory-excursion chromium-dir
+                     (format #t "Pruning third party files...~%")
+                     (force-output)
+                     (apply invoke "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" preserved-files)
+
+                     (format #t "Replacing GN files...~%")
+                     (force-output)
+                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+                             "--system-libraries" "ffmpeg" "flac" "fontconfig"
+                             "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+                             "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+                             "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+                             "zlib"))
+
+                   (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+                   (force-output)
+                   (invoke "tar" "cvfa" #$output
+                           ;; Avoid non-determinism in the archive.
+                           "--mtime=@0"
+                           "--owner=root:0"
+                           "--group=root:0"
+                           "--sort=name"
+                           chromium-dir)
+
+                   #t)))))))))
+
+(define opus+custom
+  (package/inherit opus
+    (name "opus+custom")
+    (arguments
+     (substitute-keyword-arguments (package-arguments opus)
+       ((#:configure-flags flags ''())
+        ;; Opus Custom is an optional extension of the Opus
+        ;; specification that allows for unsupported frame
+        ;; sizes.  Chromium requires that this is enabled.
+        `(cons "--enable-custom-modes"
+               ,flags))))))
+
+(define-public ungoogled-chromium
+  (package
+    (name "ungoogled-chromium")
+    (version %chromium-version)
+    (synopsis "Graphical web browser")
+    (source ungoogled-chromium-source)
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (srfi srfi-26))
+       #:configure-flags
+       ;; See tools/gn/docs/cookbook.md and
+       ;; https://www.chromium.org/developers/gn-build-configuration
+       ;; for usage.  Run "./gn args . --list" in the Release
+       ;; directory for an exhaustive list of supported flags.
+       ;; (Note: The 'configure' phase will do that for you.)
+       (list "is_debug=false"
+             "use_gold=false"
+             "use_lld=false"
+             "linux_use_bundled_binutils=false"
+             "use_custom_libcxx=false"
+             "use_sysroot=false"
+             "enable_precompiled_headers=false"
+             "goma_dir=\"\""
+             "enable_nacl=false"
+             "enable_nacl_nonsfi=false"
+             "use_allocator=\"none\""   ;don't use tcmalloc
+             "use_unofficial_version_number=false"
+
+             ;; Define a custom toolchain that simply looks up CC, AR and
+             ;; friends from the environment.
+             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+             ;; Don't assume it's clang.
+             "is_clang=false"
+
+             ;; Optimize for building everything at once, as opposed to
+             ;; incrementally for development.  See "docs/jumbo.md".
+             "use_jumbo_build=true"
+
+             ;; Disable type-checking for the Web UI to avoid a Java dependency.
+             "closure_compile=false"
+
+             ;; Disable debugging features to save space.
+             "blink_symbol_level=0"
+             "enable_iterator_debugging=false"
+
+             ;; Some of the unbundled libraries throws deprecation
+             ;; warnings, etc.  Ignore it.
+             "treat_warnings_as_errors=false"
+
+             ;; Don't add any API keys.  End users can set them in the
+             ;; environment if desired.  See
+             ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+             "use_official_google_api_keys=false"
+
+             ;; Disable "safe browsing", which pulls in a dependency on
+             ;; the nonfree "unrar" program (as of m66).
+             "safe_browsing_mode=0"
+
+             ;; Disable "field trials".
+             "fieldtrial_testing_like_official_build=true"
+
+             ;; Ungoogled components.
+             "enable_mdns=false"
+             "enable_one_click_signin=false"
+             "enable_reading_list=false"
+             "enable_remoting=false"
+             "enable_reporting=false"
+             "enable_service_discovery=false"
+             "enable_swiftshader=false"
+             "use_vaapi=true"
+
+             ;; Use system libraries where possible.
+             "use_system_freetype=true"
+             "use_system_harfbuzz=true"
+             "use_system_lcms2=true"
+             "use_system_libdrm=true"
+             "use_system_libjpeg=true"
+             "use_system_libpng=true"
+             ;;"use_system_libsync=true"
+             "use_system_zlib=true"
+
+             "use_gnome_keyring=false"  ;deprecated by libsecret
+             "use_openh264=true"
+             "use_pulseaudio=true"
+             "link_pulseaudio=true"
+
+             ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+             "proprietary_codecs=true"
+             "ffmpeg_branding=\"Chrome\""
+
+             ;; WebRTC stuff.
+             "rtc_use_h264=true"
+             ;; Don't use bundled sources.
+             "rtc_build_json=false"
+             "rtc_build_libevent=false"
+             "rtc_build_libvpx=false"
+             "rtc_build_opus=false"
+             "rtc_build_ssl=false"
+
+             "rtc_build_libsrtp=true"   ;FIXME: fails to find headers
+             "rtc_build_usrsctp=true"   ;TODO: package this
+             (string-append "rtc_jsoncpp_root=\""
+                            (assoc-ref %build-inputs "jsoncpp")
+                            "/include/jsoncpp/json\"")
+             (string-append "rtc_ssl_root=\""
+                            (assoc-ref %build-inputs "openssl")
+                            "/include/openssl\""))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-stuff
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "printing/cups_config_helper.py"
+               (("cups_config =.*")
+                (string-append "cups_config = '" (assoc-ref inputs "cups")
+                               "/bin/cups-config'\n")))
+
+             (substitute*
+                 '("base/process/launch_posix.cc"
+                   "base/third_party/dynamic_annotations/dynamic_annotations.c"
+                   "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+                   "sandbox/linux/services/credentials.cc"
+                   "sandbox/linux/services/namespace_utils.cc"
+                   "sandbox/linux/services/syscall_wrappers.cc"
+                   "sandbox/linux/syscall_broker/broker_host.cc")
+               (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+             (for-each (lambda (file)
+                         (substitute* file
+                           ;; Fix opus include path.
+                           ;; Do not substitute opus_private.h.
+                           (("#include \"opus\\.h\"")
+                            "#include \"opus/opus.h\"")
+                           (("#include \"opus_custom\\.h\"")
+                            "#include \"opus/opus_custom.h\"")
+                           (("#include \"opus_defines\\.h\"")
+                            "#include \"opus/opus_defines.h\"")
+                           (("#include \"opus_multistream\\.h\"")
+                            "#include \"opus/opus_multistream.h\"")
+                           (("#include \"opus_types\\.h\"")
+                            "#include \"opus/opus_types.h\"")))
+                       (find-files (string-append "third_party/webrtc/modules"
+                                                  "/audio_coding/codecs/opus")))
+
+             (substitute* "chrome/common/chrome_paths.cc"
+               (("/usr/share/chromium/extensions")
+                ;; TODO: Add ~/.guix-profile.
+                "/run/current-system/profile/share/chromium/extensions"))
+
+             ;; XXX: Should be unnecessary when use_system_lcms2=true.
+             (substitute* "third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
+               (("include \"third_party/lcms/include/lcms2\\.h\"")
+                "include \"lcms2.h\""))
+
+             (substitute*
+                 "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+               (("include \"third_party/curl") "include \"curl"))
+
+             (substitute* "third_party/webrtc/rtc_base/strings/json.h"
+               (("#include \"third_party/jsoncpp/") "#include \"json/"))
+
+             (substitute* "media/base/decode_capabilities.cc"
+               (("third_party/libvpx/source/libvpx/") ""))
+
+             (substitute* "ui/gfx/skia_util.h"
+               (("third_party/vulkan/include/") ""))
+
+             ;; Building chromedriver embeds some files using the ZIP
+             ;; format which doesn't support timestamps before
+             ;; 1980. Therefore, advance the timestamps of the files
+             ;; which are included so that building chromedriver
+             ;; works.
+             (let ((circa-1980 (* 10 366 24 60 60)))
+               (for-each (lambda (file)
+                           (utime file circa-1980 circa-1980))
+                         '("chrome/test/chromedriver/extension/background.js"
+                           "chrome/test/chromedriver/extension/manifest.json")))
+
+             #t))
+         (add-before 'configure 'prepare-build-environment
+           (lambda* (#:key inputs #:allow-other-keys)
+
+             ;; Make sure the right build tools are used.
+             (setenv "AR" "ar") (setenv "NM" "nm")
+             (setenv "CC" "gcc") (setenv "CXX" "g++")
+
+             ;; Work around <https://bugs.gnu.org/30756>.
+             (unsetenv "C_INCLUDE_PATH")
+             (unsetenv "CPLUS_INCLUDE_PATH")
+
+             ;; TODO: pre-compile instead. Avoids a race condition.
+             (setenv "PYTHONDONTWRITEBYTECODE" "1")
+
+             ;; XXX: How portable is this.
+             (mkdir-p "third_party/node/linux/node-linux-x64")
+             (symlink (string-append (assoc-ref inputs "node") "/bin")
+                      "third_party/node/linux/node-linux-x64/bin")
+
+             #t))
+         (replace 'configure
+           (lambda* (#:key configure-flags #:allow-other-keys)
+             (let ((args (string-join configure-flags " ")))
+               ;; Generate ninja build files.
+               (invoke "gn" "gen" "out/Release"
+                       (string-append "--args=" args))
+
+               ;; Print the full list of supported arguments as well as
+               ;; their current status for convenience.
+               (format #t "Dumping configure flags...\n")
+               (invoke "gn" "args" "out/Release" "--list"))))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "ninja" "-C" "out/Release"
+                     "-j" (number->string (parallel-job-count))
+                     "chrome"
+                     "chromedriver")))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out            (assoc-ref outputs "out"))
+                    (bin            (string-append out "/bin"))
+                    (exe            (string-append bin "/chromium"))
+                    (lib            (string-append out "/lib"))
+                    (man            (string-append out "/share/man/man1"))
+                    (applications   (string-append out "/share/applications"))
+                    (install-regexp (make-regexp "\\.(bin|pak)$"))
+                    (locales        (string-append lib "/locales"))
+                    (resources      (string-append lib "/resources"))
+                    (preferences    (assoc-ref inputs "master-preferences"))
+                    (gtk+           (assoc-ref inputs "gtk+"))
+                    (mesa           (assoc-ref inputs "mesa"))
+                    (nss            (assoc-ref inputs "nss"))
+                    (udev           (assoc-ref inputs "udev"))
+                    (sh             (which "sh")))
+
+               (substitute* '("chrome/app/resources/manpage.1.in"
+                              "chrome/installer/linux/common/desktop.template")
+                 (("@@MENUNAME@@") "Chromium")
+                 (("@@PACKAGE@@") "chromium")
+                 (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+
+               (mkdir-p man)
+               (copy-file "chrome/app/resources/manpage.1.in"
+                          (string-append man "/chromium.1"))
+
+               (mkdir-p applications)
+               (copy-file "chrome/installer/linux/common/desktop.template"
+                          (string-append applications "/chromium.desktop"))
+
+               (mkdir-p lib)
+               (copy-file preferences (string-append lib "/master_preferences"))
+
+               (with-directory-excursion "out/Release"
+                 (for-each (lambda (file)
+                             (install-file file lib))
+                           (scandir "." (cut regexp-exec install-regexp <>)))
+                 (copy-file "chrome" (string-append lib "/chromium"))
+
+                 ;; TODO: Install icons from "../../chrome/app/themes" into
+                 ;; "out/share/icons/hicolor/$size".
+                 (install-file
+                  "product_logo_48.png"
+                  (string-append out "/share/icons/48x48/chromium.png"))
+
+                 (copy-recursively "locales" locales)
+                 (copy-recursively "resources" resources)
+
+                 (mkdir-p bin)
+                 (symlink "../lib/chromium" exe)
+                 (install-file "chromedriver" bin)
+
+                 (wrap-program exe
+                   ;; TODO: Get these in RUNPATH.
+                   `("LD_LIBRARY_PATH" ":" prefix
+                     (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+                                      mesa "/lib:" udev "/lib")))
+                   ;; Avoid file manager crash.  See <https://bugs.gnu.org/26593>.
+                   `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+                 #t)))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("gcc" ,gcc-8)
+       ("gn" ,gn)
+       ("gperf" ,gperf)
+       ("ninja" ,ninja)
+       ("node" ,node)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)
+       ("yasm" ,yasm)
+
+       ;; This file contains defaults for new user profiles.
+       ("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
+
+       ("python-beautifulsoup4" ,python2-beautifulsoup4)
+       ("python-html5lib" ,python2-html5lib)
+       ("python" ,python-2)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("atk" ,atk)
+       ("cups" ,cups)
+       ("curl" ,curl)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("harfbuzz" ,harfbuzz)
+       ("icu4c" ,icu4c)
+       ("jsoncpp" ,jsoncpp)
+       ("lcms" ,lcms)
+       ("libevent" ,libevent)
+       ("libffi" ,libffi)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("libpng" ,libpng)
+       ("libva" ,libva)
+       ("libvpx" ,libvpx)
+       ("libwebp" ,libwebp)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxi" ,libxi)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libxslt" ,libxslt)
+       ("libxtst" ,libxtst)
+       ("mesa" ,mesa)
+       ("minizip" ,minizip)
+       ("mit-krb5" ,mit-krb5)
+       ("nss" ,nss)
+       ("openh264" ,openh264)
+       ("openjpeg" ,openjpeg)                          ;PDFium only
+       ("openssl" ,openssl)
+       ("opus" ,opus+custom)
+       ("pango" ,pango)
+       ("pciutils" ,pciutils)
+       ("pulseaudio" ,pulseaudio)
+       ("re2" ,re2)
+       ("snappy" ,snappy)
+       ("speech-dispatcher" ,speech-dispatcher)
+       ("udev" ,eudev)
+       ("valgrind" ,valgrind)
+       ("vulkan-headers" ,vulkan-headers)))
+    (home-page "https://www.chromium.org/")
+    (description
+     "Ungoogled-Chromium is the Chromium web browser, sans integration with
+Google web services.")
+    ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+    ;; components with other licenses.  For full information, see chrome://credits.
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:expat
+                   license:asl2.0
+                   license:mpl1.1
+                   license:mpl2.0
+                   license:public-domain
+                   license:isc
+                   (license:non-copyleft "chrome://credits"
+                                         "See chrome://credits for more information.")
+                   license:lgpl2.1+))))
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-07 23:52         ` Christopher Lemmer Webber
  2019-02-07 23:59           ` Julie Marchant
@ 2019-02-16  8:00           ` bill-auger
  2019-02-16 10:25             ` Brett Gilio
                               ` (4 more replies)
  1 sibling, 5 replies; 152+ messages in thread
From: bill-auger @ 2019-02-16  8:00 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Mon, 04 Feb 2019 23:34:45 +0100 Ludovic wrote:
> It’s not entirely clear to me what the problems are, to be honest.  

On Wed, 06 Feb 2019 22:04:59 +0100 Marius wrote:
> Indeed, the only real breakthrough is that we now have a script to
> create an Ungooglified source tarball with all unnecessary third_party
> components removed.
> I am of course happy to help other FSDG distributions liberate their
> Chromium too.  

it is not clear to *anyone* precisely what the licensing problems are -
not even the upstream developers have been able to confirm or deny them
with any certainty - that is the very reason why this ugly situation has
been standing all these years, as yet unresolved

by your own admittance there, you have not "liberated" chromium - you
have "ungooglified" it, and discarded some non-essential third-party
code - the work of the "ungoogled" and "iridium" teams has been
discussed at length and was concluded to be insufficient as a liberation
procedure, because their work only addresses proivacy issues, but not
licensing - "liberation" would first require *something* that is not
FSDG compliant to be identified as such, and *then* for that something
to be removed or patched in order to be compliant - neither of those
events has occurred, and we all know it - that is the very reason this
situation has stood unresolved for so long

so, this recent work done by guix is not a resolution to the problem -
it is merely sweeping the problem under the rug, rather than confronting
it at face value, as Adfeno has been suggesting


On Thu, 07 Feb 2019 18:52:02 -0500 Christopher wrote:
> +1 ... If concrete problems are found, by all means those should be
> raised and addressed.  Otherwise I really think we ought to merge this
> work.  

this statement is indicative of the lack of concern for the wider FSDG
ecosystem which is implicit in most of the guix team's statements on
this issue - do correct me if im wrong, but i read that: "we" as:
"guix" - as in: guix should adopt this program - as in: regardless of
the long standing consensus among the other FSDG distros that it is not
yet fit for inclusion

this is puts the other FSDG distros in a very uncomfortable position;
and the chromium program specifically, is not really the crux of the
issue - i do hope that i have not lost anyone's attention yet; because
this is where i will try to explain, what is the critical point of
contention at this time

about a year ago, the FSDG review process and criteria for endorsement
of new distros was updated - the new FSDG criteria checklist for
community review that was adopted includes the following essential
criteria:

  "Programs commonly known to have freedom issues are liberated or
  excluded"

that criteria is a link to the "software that does not respect the
FSDG" wiki page, which includes an entry for 'chromium-browser' (the
debian package name) with the liberation procedure being specified as:

  "Remove program/package Use GNU IceCat, or equivalent"

that created an uncomfortable pressure point for any distro that wants
to distribute this browser - according to the literal reading of that
criteria, no new distro could be endorsed by the FSF today if it
distributes chromium; because it would never make it past the community
review stage - this was not a concern for the last new distro because
it did not include chromium; so that ugly wart is still sitting there
today

it was also agreed upon at that time, that the FSDG criteria should be
applicable to all currently endorsed distros in perpetuity, so ...


On Mon, 04 Feb 2019 23:34:45 +0100 Ludovic wrote:
> I’d also like to stress that, if Chromium is eventually included in
> Guix, we are committed to fixing it or removing it should someone
> later discover that it does not comply with the FSDG (that’s the
> “Commitment to Correct Mistakes” section of FSDG.)  

if chromium enters the guix repo it will almost surely be followed by a
freedom bug report (which per the current FSDG criteria, would be fully
justifiable), just as what happened with pureos; which they reluctantly,
but eventually acted upon by removing chromium from their free repos -
so, why would guix want to invite controversy, by knowingly repeating
this historical mistake?

and BTW, where was guix's voice on this matter last year when pureos was
trying to defend their very same position on this very same issue? - no
one came forward to back them up on that position then; and to their
credit, they decided to adopt the position of the group, for the sake of
presenting a coherent message to the free software community as a
unified group - that was an important gesture on their part, which
strengthened the credibility of the FSDG, by showing that its
guidelines are not subject to the interpretation of each distro
arbitrarily - perhaps that consensus could have gone the other way if
the argument: "we should always trust the upstream on their word"[1]
had gained favor, and guix's induction of a chromium package would be
an entirely uninteresting event today

so, i suggest that it is in the best interest of guix (and any other
distro that wants chromium) to explicitly challenge that one point and
see if that entry can be removed or changed before that bug report is
posted against guix - i think i have just demonstrated that it would be
an easy argument to make, that chromium entered guix knowingly and
willingly in conflict with the new FSDG criteria

this is not a comfortable situation for anyone - a number of people
on this list have openly expressed a strong dislike for that current
situation - it is a really ugly point of contention at the moment; but
nothing has been done about it yet - i think the reason for that, is
mainly because there has been too few interested in defending or
liberating that program until now - even the pureos devs, who were the
last to remove it, were not particularly fond of it, but were slow to
remove it, only to appease users - this would be a great entry point for
guix to join the discussions on the FSDG mailing list, and perhaps
resolve this issue for everyone, including distros yet to come

it was, of course, nice of Marius to offer to assist other distros; but
individual assistance is not what is needed - what is needed is a
generally agreed upon, documented, liberation procedure that can
replace: "Use GNU IceCat instead" as the new FSDG recommendation - i
think we would all like to see that happen; but i dont think anything
convincing has yet been presented, much less been discussed openly or
agreed upon


[1]: https://debbugs.gnu.org/cgi/bugreport.cgi?msg=305;bug=28004;att=0 

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16  8:00           ` bill-auger
@ 2019-02-16 10:25             ` Brett Gilio
  2019-02-16 14:18               ` Julie Marchant
  2019-02-16 11:16             ` Gábor Boskovits
                               ` (3 subsequent siblings)
  4 siblings, 1 reply; 152+ messages in thread
From: Brett Gilio @ 2019-02-16 10:25 UTC (permalink / raw)
  To: bill-auger; +Cc: guix-devel, gnu-linux-libre


bill-auger writes:

> On Mon, 04 Feb 2019 23:34:45 +0100 Ludovic wrote:
>> It’s not entirely clear to me what the problems are, to be honest.  
>
> On Wed, 06 Feb 2019 22:04:59 +0100 Marius wrote:
>> Indeed, the only real breakthrough is that we now have a script to
>> create an Ungooglified source tarball with all unnecessary third_party
>> components removed.
>> I am of course happy to help other FSDG distributions liberate their
>> Chromium too.  
>

I agree with everything Bill said in his message, and I heavily
encourage all of us lurking in this mailing list with an opinion on the
matter to please state your opinion on this controversy and the Guix
relationship to the FSDG.

The free software guidelines are first and foremost put up by the free
software community by what is specified to be important to the values of
free software. This needs to be addressed sooner than later, because the
act of solidarity on the part of the community here is a tremendously
crucial and singular event.

I'd like to see the offerings of free software to grow, and include
chromium if chromium has a reasonable method of liberation. But there is
yet to be a complete audit to identify the problems. We can not rely
solely on speculation, so lets get to the bottom of this once and for
all.

Brett Gilio

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16  8:00           ` bill-auger
  2019-02-16 10:25             ` Brett Gilio
@ 2019-02-16 11:16             ` Gábor Boskovits
  2019-02-16 12:55               ` ng0
  2019-02-18 13:47               ` Denis 'GNUtoo' Carikli
  2019-02-16 15:10             ` znavko
                               ` (2 subsequent siblings)
  4 siblings, 2 replies; 152+ messages in thread
From: Gábor Boskovits @ 2019-02-16 11:16 UTC (permalink / raw)
  To: bill-auger; +Cc: Guix-devel, gnu-linux-libre

Hello,

bill-auger <bill-auger@peers.community> ezt írta (időpont: 2019. febr.
16., Szo, 9:01):

> it is not clear to *anyone* precisely what the licensing problems are -
> not even the upstream developers have been able to confirm or deny them
> with any certainty - that is the very reason why this ugly situation has
> been standing all these years, as yet unresolved
>

It seems to me, that there is a whole bunch of people interested in this,
but due to lack of resources or for some other reasons nothing is really
happening. Do you know any we we could help getting this resolved?

> by your own admittance there, you have not "liberated" chromium - you
> have "ungooglified" it, and discarded some non-essential third-party
> code - the work of the "ungoogled" and "iridium" teams has been
> discussed at length and was concluded to be insufficient as a liberation
> procedure, because their work only addresses proivacy issues, but not
> licensing - "liberation" would first require *something* that is not
> FSDG compliant to be identified as such, and *then* for that something
> to be removed or patched in order to be compliant - neither of those
> events has occurred, and we all know it - that is the very reason this
> situation has stood unresolved for so long

I also suspect, that the possible licensing problems are not resolved by this,
if they even exists, what seemingly noone has checked yet.

Also, what ensures you that on the very next commit no non-free software gets
included?

> about a year ago, the FSDG review process and criteria for endorsement
> of new distros was updated - the new FSDG criteria checklist for
> community review that was adopted includes the following essential
> criteria:
>
>   "Programs commonly known to have freedom issues are liberated or
>   excluded"
>
> that criteria is a link to the "software that does not respect the
> FSDG" wiki page, which includes an entry for 'chromium-browser' (the
> debian package name) with the liberation procedure being specified as:
>
>   "Remove program/package Use GNU IceCat, or equivalent"
>
> that created an uncomfortable pressure point for any distro that wants
> to distribute this browser - according to the literal reading of that
> criteria, no new distro could be endorsed by the FSF today if it
> distributes chromium; because it would never make it past the community
> review stage - this was not a concern for the last new distro because
> it did not include chromium; so that ugly wart is still sitting there
> today

The main question is what needs to be done, in order to get chromium off
that list. Whatever it takes however, it is very clear that upstream won't do
that, so it is not an option to rely on them any more. What's the way forward?

> if chromium enters the guix repo it will almost surely be followed by a
> freedom bug report (which per the current FSDG criteria, would be fully
> justifiable), just as what happened with pureos; which they reluctantly,
> but eventually acted upon by removing chromium from their free repos -
> so, why would guix want to invite controversy, by knowingly repeating
> this historical mistake?

Most probably you are right on this point.

>
> this is not a comfortable situation for anyone - a number of people
> on this list have openly expressed a strong dislike for that current
> situation - it is a really ugly point of contention at the moment; but
> nothing has been done about it yet - i think the reason for that, is
> mainly because there has been too few interested in defending or
> liberating that program until now - even the pureos devs, who were the
> last to remove it, were not particularly fond of it, but were slow to
> remove it, only to appease users - this would be a great entry point for
> guix to join the discussions on the FSDG mailing list, and perhaps
> resolve this issue for everyone, including distros yet to come
>
> it was, of course, nice of Marius to offer to assist other distros; but
> individual assistance is not what is needed - what is needed is a
> generally agreed upon, documented, liberation procedure that can
> replace: "Use GNU IceCat instead" as the new FSDG recommendation - i
> think we would all like to see that happen; but i dont think anything
> convincing has yet been presented, much less been discussed openly or
> agreed upon
>

Yes I think it would be really important to decide what liberation procedure
would be applicable.

>
> [1]: https://debbugs.gnu.org/cgi/bugreport.cgi?msg=305;bug=28004;att=0
>

Best regards,
g_bor

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 11:16             ` Gábor Boskovits
@ 2019-02-16 12:55               ` ng0
  2019-02-16 13:10                 ` Gábor Boskovits
  2019-02-18 13:47               ` Denis 'GNUtoo' Carikli
  1 sibling, 1 reply; 152+ messages in thread
From: ng0 @ 2019-02-16 12:55 UTC (permalink / raw)
  To: guix-devel

I think it's unreasonable to assume that everyone involved in GNU Distros
reads and participates in gnu-linux-libre@nongnu.org discussions. You have
a limited amount of time for projects, and this other mailinglist, when I
used to follow it has lots of discussions not related to Guix. So please
don't assume that the collective "we" gets involved in discussions on
two lists.

Gbor Boskovits transcribed 4.5K bytes:
> Hello,
> 
> bill-auger <bill-auger@peers.community> ezt írta (időpont: 2019. febr.
> 16., Szo, 9:01):
> 
> > it is not clear to *anyone* precisely what the licensing problems are -
> > not even the upstream developers have been able to confirm or deny them
> > with any certainty - that is the very reason why this ugly situation has
> > been standing all these years, as yet unresolved
> >
> 
> It seems to me, that there is a whole bunch of people interested in this,
> but due to lack of resources or for some other reasons nothing is really
> happening. Do you know any we we could help getting this resolved?
> 
> > by your own admittance there, you have not "liberated" chromium - you
> > have "ungooglified" it, and discarded some non-essential third-party
> > code - the work of the "ungoogled" and "iridium" teams has been
> > discussed at length and was concluded to be insufficient as a liberation
> > procedure, because their work only addresses proivacy issues, but not
> > licensing - "liberation" would first require *something* that is not
> > FSDG compliant to be identified as such, and *then* for that something
> > to be removed or patched in order to be compliant - neither of those
> > events has occurred, and we all know it - that is the very reason this
> > situation has stood unresolved for so long
> 
> I also suspect, that the possible licensing problems are not resolved by this,
> if they even exists, what seemingly noone has checked yet.
> 
> Also, what ensures you that on the very next commit no non-free software gets
> included?
> 
> > about a year ago, the FSDG review process and criteria for endorsement
> > of new distros was updated - the new FSDG criteria checklist for
> > community review that was adopted includes the following essential
> > criteria:
> >
> >   "Programs commonly known to have freedom issues are liberated or
> >   excluded"
> >
> > that criteria is a link to the "software that does not respect the
> > FSDG" wiki page, which includes an entry for 'chromium-browser' (the
> > debian package name) with the liberation procedure being specified as:
> >
> >   "Remove program/package Use GNU IceCat, or equivalent"
> >
> > that created an uncomfortable pressure point for any distro that wants
> > to distribute this browser - according to the literal reading of that
> > criteria, no new distro could be endorsed by the FSF today if it
> > distributes chromium; because it would never make it past the community
> > review stage - this was not a concern for the last new distro because
> > it did not include chromium; so that ugly wart is still sitting there
> > today
> 
> The main question is what needs to be done, in order to get chromium off
> that list. Whatever it takes however, it is very clear that upstream won't do
> that, so it is not an option to rely on them any more. What's the way forward?
> 
> > if chromium enters the guix repo it will almost surely be followed by a
> > freedom bug report (which per the current FSDG criteria, would be fully
> > justifiable), just as what happened with pureos; which they reluctantly,
> > but eventually acted upon by removing chromium from their free repos -
> > so, why would guix want to invite controversy, by knowingly repeating
> > this historical mistake?
> 
> Most probably you are right on this point.
> 
> >
> > this is not a comfortable situation for anyone - a number of people
> > on this list have openly expressed a strong dislike for that current
> > situation - it is a really ugly point of contention at the moment; but
> > nothing has been done about it yet - i think the reason for that, is
> > mainly because there has been too few interested in defending or
> > liberating that program until now - even the pureos devs, who were the
> > last to remove it, were not particularly fond of it, but were slow to
> > remove it, only to appease users - this would be a great entry point for
> > guix to join the discussions on the FSDG mailing list, and perhaps
> > resolve this issue for everyone, including distros yet to come
> >
> > it was, of course, nice of Marius to offer to assist other distros; but
> > individual assistance is not what is needed - what is needed is a
> > generally agreed upon, documented, liberation procedure that can
> > replace: "Use GNU IceCat instead" as the new FSDG recommendation - i
> > think we would all like to see that happen; but i dont think anything
> > convincing has yet been presented, much less been discussed openly or
> > agreed upon
> >
> 
> Yes I think it would be really important to decide what liberation procedure
> would be applicable.
> 
> >
> > [1]: https://debbugs.gnu.org/cgi/bugreport.cgi?msg=305;bug=28004;att=0
> >
> 
> Best regards,
> g_bor
> 
> 

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 12:55               ` ng0
@ 2019-02-16 13:10                 ` Gábor Boskovits
  0 siblings, 0 replies; 152+ messages in thread
From: Gábor Boskovits @ 2019-02-16 13:10 UTC (permalink / raw)
  To: Guix-devel

Hello,

<ng0@n0.is> ezt írta (időpont: 2019. febr. 16., Szo, 13:56):
>
> I think it's unreasonable to assume that everyone involved in GNU Distros
> reads and participates in gnu-linux-libre@nongnu.org discussions. You have
> a limited amount of time for projects, and this other mailinglist, when I
> used to follow it has lots of discussions not related to Guix. So please
> don't assume that the collective "we" gets involved in discussions on
> two lists.
>

Yes, I totally agree. I believe that keeping both list in CC is the
way to go here.

I am also not subscribed to gnu-linux-libre.

Best regards,
g_bor

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 10:25             ` Brett Gilio
@ 2019-02-16 14:18               ` Julie Marchant
  2019-02-16 15:37                 ` [GNU-linux-libre] " Adam Van Ymeren
                                   ` (3 more replies)
  0 siblings, 4 replies; 152+ messages in thread
From: Julie Marchant @ 2019-02-16 14:18 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, Brett Gilio,
	bill-auger
  Cc: guix-devel

On 02/16/2019 05:25 AM, Brett Gilio wrote:
> I agree with everything Bill said in his message, and I heavily
> encourage all of us lurking in this mailing list with an opinion on the
> matter to please state your opinion on this controversy and the Guix
> relationship to the FSDG.
> 
> The free software guidelines are first and foremost put up by the free
> software community by what is specified to be important to the values of
> free software. This needs to be addressed sooner than later, because the
> act of solidarity on the part of the community here is a tremendously
> crucial and singular event.
> 
> I'd like to see the offerings of free software to grow, and include
> chromium if chromium has a reasonable method of liberation. But there is
> yet to be a complete audit to identify the problems. We can not rely
> solely on speculation, so lets get to the bottom of this once and for
> all.

I think that assuming Chromium is no good until something no good is
found in it is a wrong approach.

I don't understand what's so complicated about this issue. In justice
systems, we adopt an "innocent until proven guilty" system because you
can't really prove innocence, only guilt. Would it not make sense to use
this tried and tested system when evaluating whether or not a program is
libre? The only argument I've seen on the matter is the way copyright
works, but Chromium is under the Modified BSD License according to
documentation I was able to find. If some files are not actually covered
by this license, or some other license, it would be very easy to simply
point to the file. As far as I know, and correct me if I'm wrong here,
no one in the entire history of this claim about Chromium being
proprietary has ever done so. If I'm wrong about this, though, then it
seems to me that the correct action to take would be to address that
issue, if not upstream, then in a fork.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16  8:00           ` bill-auger
  2019-02-16 10:25             ` Brett Gilio
  2019-02-16 11:16             ` Gábor Boskovits
@ 2019-02-16 15:10             ` znavko
  2019-02-16 15:50             ` Marius Bakke
  2019-02-16 18:56             ` Giovanni Biscuolo
  4 siblings, 0 replies; 152+ messages in thread
From: znavko @ 2019-02-16 15:10 UTC (permalink / raw)
  To: bill-auger; +Cc: Guix Devel, gnu-linux-libre

[-- Attachment #1: Type: text/plain, Size: 484 bytes --]

Hello, bill! Thanks for your clarifications!
Really, is it possible to make chromium free software?
Also, FSF free software directory can divide packages by criteria like
1) Totally free GNU - open-source and free license GPL
2) Totally free nonGNU - - open-source and free license non-GPL
3) Totally open-source (with non-free license)
4) Non-free

This may help people to solve such issues more conveniently, having this knowledge base.
It also will help developers to adopt FSDG.


[-- Attachment #2: Type: text/html, Size: 1106 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 14:18               ` Julie Marchant
@ 2019-02-16 15:37                 ` Adam Van Ymeren
  2019-02-16 19:47                 ` Adonay Felipe Nogueira
                                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 152+ messages in thread
From: Adam Van Ymeren @ 2019-02-16 15:37 UTC (permalink / raw)
  To: guix-devel, Julie Marchant,
	Workgroup for fully free GNU/Linux distributions, Brett Gilio,
	bill-auger



On February 16, 2019 9:18:58 AM EST, Julie Marchant <onpon4@riseup.net> wrote:
>On 02/16/2019 05:25 AM, Brett Gilio wrote:
>> I agree with everything Bill said in his message, and I heavily
>> encourage all of us lurking in this mailing list with an opinion on
>the
>> matter to please state your opinion on this controversy and the Guix
>> relationship to the FSDG.
>> 
>> The free software guidelines are first and foremost put up by the
>free
>> software community by what is specified to be important to the values
>of
>> free software. This needs to be addressed sooner than later, because
>the
>> act of solidarity on the part of the community here is a tremendously
>> crucial and singular event.
>> 
>> I'd like to see the offerings of free software to grow, and include
>> chromium if chromium has a reasonable method of liberation. But there
>is
>> yet to be a complete audit to identify the problems. We can not rely
>> solely on speculation, so lets get to the bottom of this once and for
>> all.
>
>I think that assuming Chromium is no good until something no good is
>found in it is a wrong approach.
>
>I don't understand what's so complicated about this issue. In justice
>systems, we adopt an "innocent until proven guilty" system because you
>can't really prove innocence, only guilt. Would it not make sense to
>use
>this tried and tested system when evaluating whether or not a program
>is
>libre? The only argument I've seen on the matter is the way copyright
>works, but Chromium is under the Modified BSD License according to
>documentation I was able to find. If some files are not actually
>covered
>by this license, or some other license, it would be very easy to simply
>point to the file. As far as I know, and correct me if I'm wrong here,
>no one in the entire history of this claim about Chromium being
>proprietary has ever done so. If I'm wrong about this, though, then it
>seems to me that the correct action to take would be to address that
>issue, if not upstream, then in a fork.

This issue documents some chromium efforts to update to copyright on all files.  I haven't looked at the source myself yet but this bug suggests that there are still hundreds to thousand's of files with no clear license.

https://bugs.chromium.org/p/chromium/issues/detail?id=28291

Someone should run their check licenses script again on the latest codebase and see what it reports.

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16  8:00           ` bill-auger
                               ` (2 preceding siblings ...)
  2019-02-16 15:10             ` znavko
@ 2019-02-16 15:50             ` Marius Bakke
  2019-02-16 16:20               ` [GNU-linux-libre] " Amin Bandali
  2019-02-16 16:34               ` Alexandre Oliva
  2019-02-16 18:56             ` Giovanni Biscuolo
  4 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-16 15:50 UTC (permalink / raw)
  To: bill-auger, gnu-linux-libre; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 3699 bytes --]

bill-auger <bill-auger@peers.community> writes:

> On Mon, 04 Feb 2019 23:34:45 +0100 Ludovic wrote:
>> It’s not entirely clear to me what the problems are, to be honest.  
>
> On Wed, 06 Feb 2019 22:04:59 +0100 Marius wrote:
>> Indeed, the only real breakthrough is that we now have a script to
>> create an Ungooglified source tarball with all unnecessary third_party
>> components removed.
>> I am of course happy to help other FSDG distributions liberate their
>> Chromium too.  
>
> it is not clear to *anyone* precisely what the licensing problems are -
> not even the upstream developers have been able to confirm or deny them
> with any certainty - that is the very reason why this ugly situation has
> been standing all these years, as yet unresolved
>
> by your own admittance there, you have not "liberated" chromium - you
> have "ungooglified" it, and discarded some non-essential third-party
> code - the work of the "ungoogled" and "iridium" teams has been
> discussed at length and was concluded to be insufficient as a liberation
> procedure, because their work only addresses proivacy issues, but not
> licensing - "liberation" would first require *something* that is not
> FSDG compliant to be identified as such, and *then* for that something
> to be removed or patched in order to be compliant - neither of those
> events has occurred, and we all know it - that is the very reason this
> situation has stood unresolved for so long
>
> so, this recent work done by guix is not a resolution to the problem -
> it is merely sweeping the problem under the rug, rather than confronting
> it at face value, as Adfeno has been suggesting

For the benefit of everyone following this discussion, I'll summarize
the problems with Chromium and how they are addressed by my patch.

1) Chromium is non-free.

The raw Chromium tarball contains a lot of software that is non-free.
Heck, it's not even possible to build it without the proprietary Unrar
program unless you patch it!

Luckily, these non-free components are in various "third_party"
directories.  Thus, it is possible to traverse the tarball and remove
all such parts that are not already audited and whitelisted.  Which is
exactly what my patch does.

Despite years of searching, I have not found any proprietary parts in
first party code!  I cannot prove this obviously; but proving the
contrary should be trivial.

Thus, I surmise that the code is indeed free --- I would not have
submitted it for Guix if I had the slightest doubt to the contrary.

2) Chromium spies on the user.

Just starting the browser in the default configuration will cause it to
submit traffic to Google.  The exact nature of this data is unclear, but
such behaviour is clearly not something fit for a GNU distribution.

Ungoogled-Chromium solves this by 1) patching out all non-essential
functionality (such as "safe browsing" and web store integration); and
2) performing a tree-wide "domain substitution" such that all Google
(and some more) domains are replaced with a bogus "9oo91e.qjz9zk" domain.

I have verified that the browser sends no unsolicited network requests
when launching or during usage after applying the Ungoogled patches,
something I never managed with the "normal" free Chromium no matter how
many flags or patches I tried.

Thus, I surmise that this browser does indeed protect the users privacy.

------------------------------------------------------------------------

Since there have been no coherent arguments against this browser in the
two weeks since it was submitted, I plan to push this patch *tomorrow*.

Thanks for the feedback,
Marius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 15:50             ` Marius Bakke
@ 2019-02-16 16:20               ` Amin Bandali
  2019-02-16 16:33                 ` Marius Bakke
  2019-02-16 16:34               ` Alexandre Oliva
  1 sibling, 1 reply; 152+ messages in thread
From: Amin Bandali @ 2019-02-16 16:20 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel, gnu-linux-libre

Marius, if I understand correctly, you have summarized your patch with
respect to the following two issues:

1. Your patch strips out parts of Chromium that are /clearly/ nonfree
   and proprietary (e.g. unrar per your example), and

2. Your patch addresses (or tries to) privacy concerns.

But as far as I can tell, you have not addressed the concerns shared by
Bill and others about the situation with files in the Chromium codebase
that don’t have a clear license.  So I’ll try to repeat/rephrase their
question(s): does your patch address the files with unclear license?
Does it strip out those files that don’t have a clear license?  Can we
be certain that the Chromium built from your patch explicitly *only*
contained free software?

Best,
amin

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 16:20               ` [GNU-linux-libre] " Amin Bandali
@ 2019-02-16 16:33                 ` Marius Bakke
  2019-02-16 19:27                   ` Amin Bandali
  2019-02-17  2:20                   ` bill-auger
  0 siblings, 2 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-16 16:33 UTC (permalink / raw)
  To: Amin Bandali; +Cc: guix-devel, gnu-linux-libre

[-- Attachment #1: Type: text/plain, Size: 975 bytes --]

Amin,

Amin Bandali <bandali@gnu.org> writes:

> Marius, if I understand correctly, you have summarized your patch with
> respect to the following two issues:
>
> 1. Your patch strips out parts of Chromium that are /clearly/ nonfree
>    and proprietary (e.g. unrar per your example), and
>
> 2. Your patch addresses (or tries to) privacy concerns.
>
> But as far as I can tell, you have not addressed the concerns shared by
> Bill and others about the situation with files in the Chromium codebase
> that don’t have a clear license.  So I’ll try to repeat/rephrase their
> question(s): does your patch address the files with unclear license?
> Does it strip out those files that don’t have a clear license?  Can we
> be certain that the Chromium built from your patch explicitly *only*
> contained free software?

Can you point out one or more files with an unclear license?  Do we have
any reason to distrust what's written in the LICENSE file?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 15:50             ` Marius Bakke
  2019-02-16 16:20               ` [GNU-linux-libre] " Amin Bandali
@ 2019-02-16 16:34               ` Alexandre Oliva
  2019-02-16 16:54                 ` Marius Bakke
  2019-02-17  3:38                 ` bill-auger
  1 sibling, 2 replies; 152+ messages in thread
From: Alexandre Oliva @ 2019-02-16 16:34 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel, gnu-linux-libre

On Feb 16, 2019, Marius Bakke <mbakke@fastmail.com> wrote:

> Despite years of searching, I have not found any proprietary parts in
> first party code!

Could you please summarize what you did in your searching?

Maybe you have actually completed the steps that were missing in the
auditing or Chromium to conclude it's Free, or at least some of the
remaining tasks can be checked off.

-- 
Alexandre Oliva, freedom fighter   https://FSFLA.org/blogs/lxo
Be the change, be Free!         FSF Latin America board member
GNU Toolchain Engineer                Free Software Evangelist
Hay que enGNUrecerse, pero sin perder la terGNUra jamás-GNUChe

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 16:34               ` Alexandre Oliva
@ 2019-02-16 16:54                 ` Marius Bakke
  2019-02-17  3:38                 ` bill-auger
  1 sibling, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-16 16:54 UTC (permalink / raw)
  To: Alexandre Oliva; +Cc: guix-devel, gnu-linux-libre

[-- Attachment #1: Type: text/plain, Size: 756 bytes --]

Alexandre Oliva <lxoliva@fsfla.org> writes:

> On Feb 16, 2019, Marius Bakke <mbakke@fastmail.com> wrote:
>
>> Despite years of searching, I have not found any proprietary parts in
>> first party code!
>
> Could you please summarize what you did in your searching?
>
> Maybe you have actually completed the steps that were missing in the
> auditing or Chromium to conclude it's Free, or at least some of the
> remaining tasks can be checked off.

I'm afraid I don't have a good summary.  I have grepped for certain
keywords and looked for LICENSE-like files, sanity checked many
different parts of the source...  Much like I do for any Guix package,
only going over the course of years.  Are there any concrete tasks that
that I can look at and check off?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
@ 2019-02-16 18:46 Clément Lassieur
  0 siblings, 0 replies; 152+ messages in thread
From: Clément Lassieur @ 2019-02-16 18:46 UTC (permalink / raw)
  To: mbakke; +Cc: guix-devel

> Since there have been no coherent arguments against this browser in
> the two weeks since it was submitted, I plan to push this patch
> *tomorrow*.

Hi Marius,

Thank you again for your excellent work.  I'm looking forward to seeing
it pushed!

Clément

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16  8:00           ` bill-auger
                               ` (3 preceding siblings ...)
  2019-02-16 15:50             ` Marius Bakke
@ 2019-02-16 18:56             ` Giovanni Biscuolo
  2019-02-19 16:28               ` Giovanni Biscuolo
  4 siblings, 1 reply; 152+ messages in thread
From: Giovanni Biscuolo @ 2019-02-16 18:56 UTC (permalink / raw)
  To: bill-auger, guix-devel; +Cc: 28004

[-- Attachment #1: Type: text/plain, Size: 2439 bytes --]

Hi guix-devel!

this is my humble contribution to this discussion...
(I'm not a Guix maintainer)

first and foremost, IMHO guix-devel is not the place to discuss GNU FSDG
criteria; I'm going to subscribe gnu-linux-libre@nongnu.org to send
my comments - and I _have_ some - on the FSDG compliance process

if you are interested please follow this thread:
http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/threads.html#00020
:-D

bill-auger <bill-auger@peers.community> writes:

[...]

> about a year ago, the FSDG review process and criteria for endorsement
> of new distros was updated the new FSDG criteria checklist for
> community review that was adopted includes the following essential
> criteria:
>
>   "Programs commonly known to have freedom issues are liberated or
>   excluded"
>
> that criteria is a link to the "software that does not respect the
> FSDG" wiki page,

for reference, this page:
https://libreplanet.org/wiki/Template:FSDG_Checklist

> which includes an entry for 'chromium-browser' (the
> debian package name) with the liberation procedure being specified as:
>
>   "Remove program/package Use GNU IceCat, or equivalent"

[...]

> it was also agreed upon at that time, that the FSDG criteria should be
> applicable to all currently endorsed distros in perpetuity, so ...

thank you for the clarification, Bill: you explained us the entire
FSDG_Checklist is *mandatory* for a distro to be GNU FSDG compliant; so
there's **no discussion** here

if Guix System Distribution wants to remain GNU FSDG compliant - as most
if not all Guix contributors would like, I suppose - ungoogled-chromium
should still not be included in Guix System Distribution

so, regarding this bug #28004 the natural resolution should be to
*postpone* the inclusion of this package with a statement like this one:

  "ungoogled-chromium cannot be included in Guix System Distribution since
  it is listed - as 'chromium-browser' - on the page
  <List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser>
  that is an integral part of the GNU FSDG Guidelines as extended by the
  FSDG_Checklist via https://libreplanet.org/wiki/Incoming_distros#Endorsement_Process"

Happy hacking! :-)
Giovanni



[1] https://www.gnu.org/distros/free-system-distribution-guidelines.en.html

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 16:33                 ` Marius Bakke
@ 2019-02-16 19:27                   ` Amin Bandali
  2019-02-17  2:20                   ` bill-auger
  1 sibling, 0 replies; 152+ messages in thread
From: Amin Bandali @ 2019-02-16 19:27 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel, gnu-linux-libre

Marius,

On 2019-02-16  5:33 PM, Marius Bakke wrote:

[...]

>
> Can you point out one or more files with an unclear license?  Do we have
> any reason to distrust what's written in the LICENSE file?
>

I don’t have a direct example of one such file off top of my head, but
looking at the large reported chromium issue[1], I see there are a
number of open blocking issues linked to that one.  Also, I was looking
at [2] and [3] from a little over a year ago, which included the results
of running licensecheck on the chromium tree, but I wasn’t able to
download any of the resulting txt files there.  So I thought I’d clone a
fresh copy of chromium and run licensecheck from the Debian Stretch repo
on all the files as follows:

git clone --depth 1 https://chromium.googlesource.com/chromium/src.git
cd src
git rev-parse HEAD  # result: eda06a0b859a08d15a1ab6a6850e42e667530f0b
licensecheck -c '.*' -r * > ../licensecheck-chromium-eda06a0b859a.txt

I’ve attached a gzipped version of the above text file.  Granted, there
are caveats: firstly, that the above invocation of licensecheck examines
/all/ of the files in the repo, including test html files which are not
relevant and should be filtered out; and secondly, the output contains a
very large number of “UNKNOWN” results which may be false positives.

Link [3] mentioned running FSD Script Aid on the chromium tree as well,
but I don’t have enough time at the moment to do so.

Hope this is of some help.

[1]: https://bugs.chromium.org/p/chromium/issues/detail?id=28291
[2]: https://lists.gnu.org/r/directory-discuss/2017-11/msg00014.html
[3]: https://directory.fsf.org/wiki/Talk:Chromium

Best,
amin

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 14:18               ` Julie Marchant
  2019-02-16 15:37                 ` [GNU-linux-libre] " Adam Van Ymeren
@ 2019-02-16 19:47                 ` Adonay Felipe Nogueira
  2019-02-16 20:01                   ` Brett Gilio
  2019-02-16 20:07                   ` [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium Alex Griffin
  2019-02-17  1:37                 ` bill-auger
  2019-02-17 20:55                 ` Christopher Lemmer Webber
  3 siblings, 2 replies; 152+ messages in thread
From: Adonay Felipe Nogueira @ 2019-02-16 19:47 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, 28004; +Cc: guix-devel


[-- Attachment #1.1: Type: text/plain, Size: 1683 bytes --]

Em 16/02/2019 12:18, Julie Marchant escreveu:
> libre? The only argument I've seen on the matter is the way copyright
> works, but Chromium is under the Modified BSD License according to
> documentation I was able to find. If some files are not actually covered

For what is worth, what I learned with projects that don't follow the
Open Source Definition (I know that I shouldn't support this term here,
but I had to mention it) is that they mask their non-compliance behind a
license. Of course we don't intend to foster open source here, as this
project, having the goal to provide a package manager that is under the
GNU project, also aims to create a system distribution that follows the
GNU FSDG and uses such package manager

If the norm would be to only check the licenses, then we would have for
example, taken ages to figure out that the kernel source files from
upstream of GNU Linux-libre was/is non-free.

Having a requirement for a package to be first throughly reviewed
eliminates some of the possibility of having non-free functional data or
non-distributable non-functional data. It's not a perfect protection
(since the package in review might have implemented things from other
works that one of the reviewers might not be aware of).

As I said in a message to these mailing lists, I already started
reviewing Chromium, although this project is big and I might not have
the time nor all the skills to do it alone. Since today, I moved the
review, which was available at [1], to the appropriate Review namespace
at [2].


[1] https://directory.fsf.org/wiki/Talk:Chromium
[2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 19:47                 ` Adonay Felipe Nogueira
@ 2019-02-16 20:01                   ` Brett Gilio
  2019-02-16 20:06                     ` Brett Gilio
  2019-02-16 20:07                   ` [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium Alex Griffin
  1 sibling, 1 reply; 152+ messages in thread
From: Brett Gilio @ 2019-02-16 20:01 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions; +Cc: guix-devel, 28004


Adonay Felipe Nogueira writes:

> Em 16/02/2019 12:18, Julie Marchant escreveu:
>> libre? The only argument I've seen on the matter is the way copyright
>> works, but Chromium is under the Modified BSD License according to
>> documentation I was able to find. If some files are not actually covered
>
> For what is worth, what I learned with projects that don't follow the
> Open Source Definition (I know that I shouldn't support this term here,
> but I had to mention it) is that they mask their non-compliance behind a
> license. Of course we don't intend to foster open source here, as this
> project, having the goal to provide a package manager that is under the
> GNU project, also aims to create a system distribution that follows the
> GNU FSDG and uses such package manager
>
> If the norm would be to only check the licenses, then we would have for
> example, taken ages to figure out that the kernel source files from
> upstream of GNU Linux-libre was/is non-free.
>
> Having a requirement for a package to be first throughly reviewed
> eliminates some of the possibility of having non-free functional data or
> non-distributable non-functional data. It's not a perfect protection
> (since the package in review might have implemented things from other
> works that one of the reviewers might not be aware of).
>
> As I said in a message to these mailing lists, I already started
> reviewing Chromium, although this project is big and I might not have
> the time nor all the skills to do it alone. Since today, I moved the
> review, which was available at [1], to the appropriate Review namespace
> at [2].
>
>
> [1] https://directory.fsf.org/wiki/Talk:Chromium
> [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1

Adonay, thank you for taking the initiative here! I think this is a
needed step forward.

Brett Gilio

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 20:01                   ` Brett Gilio
@ 2019-02-16 20:06                     ` Brett Gilio
  2019-02-17  1:39                       ` bill-auger
  0 siblings, 1 reply; 152+ messages in thread
From: Brett Gilio @ 2019-02-16 20:06 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions; +Cc: guix-devel, 28004


Brett Gilio writes:

> Adonay Felipe Nogueira writes:
>
>> Em 16/02/2019 12:18, Julie Marchant escreveu:
>>> libre? The only argument I've seen on the matter is the way copyright
>>> works, but Chromium is under the Modified BSD License according to
>>> documentation I was able to find. If some files are not actually covered
>>
>> For what is worth, what I learned with projects that don't follow the
>> Open Source Definition (I know that I shouldn't support this term here,
>> but I had to mention it) is that they mask their non-compliance behind a
>> license. Of course we don't intend to foster open source here, as this
>> project, having the goal to provide a package manager that is under the
>> GNU project, also aims to create a system distribution that follows the
>> GNU FSDG and uses such package manager
>>
>> If the norm would be to only check the licenses, then we would have for
>> example, taken ages to figure out that the kernel source files from
>> upstream of GNU Linux-libre was/is non-free.
>>
>> Having a requirement for a package to be first throughly reviewed
>> eliminates some of the possibility of having non-free functional data or
>> non-distributable non-functional data. It's not a perfect protection
>> (since the package in review might have implemented things from other
>> works that one of the reviewers might not be aware of).
>>
>> As I said in a message to these mailing lists, I already started
>> reviewing Chromium, although this project is big and I might not have
>> the time nor all the skills to do it alone. Since today, I moved the
>> review, which was available at [1], to the appropriate Review namespace
>> at [2].
>>
>>
>> [1] https://directory.fsf.org/wiki/Talk:Chromium
>> [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1
>
> Adonay, thank you for taking the initiative here! I think this is a
> needed step forward.
>
> Brett Gilio

Also, maybe it would be of some help to involve somebody from the FSF to
be a neutral mediator on this process until we come to some reasonable
conclusion?

Marius,

I think you can probably go ahead and push that patch, knowing full well
that Bill warned a bug report will be filed against the Guix source tree
until such time that an audit concludes or Adonay's suggestion is
followed through with.

Bill,

What do you think here?

Brett Gilio

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 19:47                 ` Adonay Felipe Nogueira
  2019-02-16 20:01                   ` Brett Gilio
@ 2019-02-16 20:07                   ` Alex Griffin
  2019-02-17  1:49                     ` bill-auger
  1 sibling, 1 reply; 152+ messages in thread
From: Alex Griffin @ 2019-02-16 20:07 UTC (permalink / raw)
  To: guix-devel

On Sat, Feb 16, 2019, at 7:48 PM, Adonay Felipe Nogueira wrote:
> If the norm would be to only check the licenses, then we would have for
> example, taken ages to figure out that the kernel source files from
> upstream of GNU Linux-libre was/is non-free.

The Linux kernel was included in GNU distributions until a concrete problem was identified, exactly the opposite of what is being demanded here. AFAICT Marius has expended quite a bit of effort to resolve every known problem with the package, and what is left is literally just FUD (fear, uncertainty, doubt).

-- 
Alex Griffin

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 14:18               ` Julie Marchant
  2019-02-16 15:37                 ` [GNU-linux-libre] " Adam Van Ymeren
  2019-02-16 19:47                 ` Adonay Felipe Nogueira
@ 2019-02-17  1:37                 ` bill-auger
  2019-02-17  2:30                   ` Julie Marchant
  2019-02-17 20:55                 ` Christopher Lemmer Webber
  3 siblings, 1 reply; 152+ messages in thread
From: bill-auger @ 2019-02-17  1:37 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Sat, 16 Feb 2019 09:18:58 -0500 Julie wrote:
> In justice
> systems, we adopt an "innocent until proven guilty" system because you
> can't really prove innocence, only guilt.   

i wondered if someone would bring that up - 

there is a huge difference with this (and i have already made this
clear, BTW) - the default state for copyright is not "innocent" - the
default state is "no permission granted" - according to this analogy,
software is guilty until proven innocent under the existing copyright
laws - that is not something we can decide to re-interpret


On Sat, 16 Feb 2019 09:18:58 -0500 Julie wrote:
> As far as I know, and correct
> me if I'm wrong here, no one in the entire history of this claim  

yes they have - the original bug report noted several; and those were
said to be fixed


On Sat, 16 Feb 2019 09:18:58 -0500 Julie wrote:
> this, though, then it seems to me that the correct action to take
> would be to address that issue, if not upstream, then in a fork.  
 
i agree - at the very least, i would to see that original bug report
closed by the upstream - its continued presence is looms ominously and
dubiously

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 20:06                     ` Brett Gilio
@ 2019-02-17  1:39                       ` bill-auger
  2019-02-17 22:33                         ` [GNU-linux-libre] " Ricardo Wurmus
       [not found]                         ` <671b6c83-0ed0-84eb-4cc5-b6a8fd14cb90@fsf.org>
  0 siblings, 2 replies; 152+ messages in thread
From: bill-auger @ 2019-02-17  1:39 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Sat, 16 Feb 2019 14:06:43 -0600 Brett wrote:
> I think you can probably go ahead and push that patch
> Bill,  What do you think here?

i think that would be intentionally creating exactly the same
unpleasant situation as the pureos bug report that stood for many
months, unaddressed

i think that IF this is the proper course of action, then we
should apologize to pureos for asking them to remove it last year

but let me rephrase that more plainly:

if we do not FIRSTLY apologize to pureos for asking them to remove
chromium and publicly endorse them to re-instate it, then endorsing it
into guix would be hypocritical and shameful

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 20:07                   ` [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium Alex Griffin
@ 2019-02-17  1:49                     ` bill-auger
  0 siblings, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-17  1:49 UTC (permalink / raw)
  To: guix-devel

Alex -

you are really mis-characterizing the situation here - this really has
very little to do with chromium specifically - the problem is when some
FSDG distro decide for themselves that *any* program qualifies as "free
software" when the others have agreed that it does not - this plants the
seeds for an uncomfortable family fued which could be best avoided
i dont know that anyone really cares enough about this browser to
waste their time spreading FUD about it - we just want everyone to
agree whether it is "free software" or it is not, and for all FSDG
distros to endorse or OR reject as a unified group - whichever the case
may actually be is not central to the discussion

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 16:33                 ` Marius Bakke
  2019-02-16 19:27                   ` Amin Bandali
@ 2019-02-17  2:20                   ` bill-auger
  1 sibling, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-17  2:20 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Sat, 16 Feb 2019 17:33:21 +0100 Marius wrote:
> Do we have
> any reason to distrust what's written in the LICENSE file?  

based on your own account, you very explicitly distrust the code
released by those authors in terms of privacy - so why would you
implicitly trust it in terms of licensing - there seems to be a
disjunct in logic there

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  1:37                 ` bill-auger
@ 2019-02-17  2:30                   ` Julie Marchant
  2019-02-17  2:42                     ` bill-auger
  0 siblings, 1 reply; 152+ messages in thread
From: Julie Marchant @ 2019-02-17  2:30 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, bill-auger; +Cc: guix-devel

On 02/16/2019 08:37 PM, bill-auger wrote:
> On Sat, 16 Feb 2019 09:18:58 -0500 Julie wrote:
> yes they have - the original bug report noted several; and those were
> said to be fixed

Ah, perfect. Then the problem is solved, no? Those issues, as you say,
were fixed by the Chromium team (according to them, and since you don't
point to evidence that the problems remain, I assume that means they
don't), and the Ungoogled-Chromium project has apparently fixed all
other problems. Unless you are aware of another unaddressed problem,
that is.

> there is a huge difference with this (and i have already made this
> clear, BTW) - the default state for copyright is not "innocent" - the
> default state is "no permission granted" - according to this analogy,
> software is guilty until proven innocent under the existing copyright
> laws - that is not something we can decide to re-interpret

I already responded to this, but it appears it went past your radar for
some reason, or perhaps I just didn't make myself clear enough, so let
me restate it. I'll be talking about how copyright works, so let me just
state upfront that I'm not a lawyer and no one should take this as legal
advice.

Copyright is based on declarations. That is, when someone declares that
you are allowed to do something, as long as they are the rightful
copyright holder, you are allowed to do that thing. It's the same sort
of deal as any other permission you might have to get from someone else.
So what you need is proof of such a declaration of permission. That's
what license statements are for.

So looking at the Chromium source code tree, we see a number of text
files. Of particular note, you see a file called "LICENSE", which is
simply a copy of the Modified BSD License. It doesn't specify what files
it applies to, and obviously, there are files it doesn't. But the fact
that they label it this way strongly implies that Chromium is generally
speaking under that license. And when you look through files, that
assumption is reaffirmed with statements that look like this:

// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

So given this, any differently-licensed file would be an exception, and
it would be very easy to point these exceptions out and then fix them.
The same is true of Linux, by the way, and apparently there was no
problem simply identifying proprietary pieces and removing them.

Hence, I think, if someone says they've produced a version of Chromium
with all freedom-related problems solved, and no one has any evidence to
the contrary, that version of Chromium should be accepted.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  2:30                   ` Julie Marchant
@ 2019-02-17  2:42                     ` bill-auger
  2019-02-17  4:19                       ` Julie Marchant
  0 siblings, 1 reply; 152+ messages in thread
From: bill-auger @ 2019-02-17  2:42 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

Julie -

that was all just a long winded re-statement of the "we should always
trust the upstream blindly" argument - i think the Great Wise Old Gnu
would conclude that is a very unwise general policy; and especially
unwise when that particular upstream is well-known for its code being
non-FSDG free

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 16:34               ` Alexandre Oliva
  2019-02-16 16:54                 ` Marius Bakke
@ 2019-02-17  3:38                 ` bill-auger
  1 sibling, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-17  3:38 UTC (permalink / raw)
  To: guix-devel; +Cc: gnu-linux-libre

On Sat, 16 Feb 2019 14:34:38 -0200 Alexandre wrote:
> Maybe you have actually completed the steps that were missing in the
> auditing or Chromium to conclude it's Free, or at least some of the
> remaining tasks can be checked off.

that would be something wonderful, indeed

nothing would please me more at this time than to declare chromium as
FSDG-free, to finally put this controversy behind us in the past, and
never to speak of chromium nor qt5-webengine nor electron again - never
again to devote precious time liberating and re-packaging yet another
KDE program, for such a trivial reason as the frivolous presumption,
that the year 2019, demands their 20 year old system monitor GUI to
embed it's own web browser

im not making this up - the 'kde-plasma-desktop' became un-installable
on parabola this week, for exactly that reason

it should not be surprising that most have been satisfied thus far, to
throw this insidious chromiumm/webengine/electron thing under the bus
and move on; but it cant stay that way forever - at some point, a real
solution will be imperative, as this "javascript-on-the-desktop" trend
continues to infect the system

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  2:42                     ` bill-auger
@ 2019-02-17  4:19                       ` Julie Marchant
  2019-02-17  7:43                         ` bill-auger
  0 siblings, 1 reply; 152+ messages in thread
From: Julie Marchant @ 2019-02-17  4:19 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, bill-auger; +Cc: guix-devel

On 02/16/2019 09:42 PM, bill-auger wrote:
> Julie -
> 
> that was all just a long winded re-statement of the "we should always
> trust the upstream blindly" argument - i think the Great Wise Old Gnu
> would conclude that is a very unwise general policy; and especially
> unwise when that particular upstream is well-known for its code being
> non-FSDG free

Just to repeat the disclaimer, I'm not a lawyer and none of this is
legal advice.

I don't see why you're bringing "trust" into this. I've been trying to
argue that it has nothing to do with the issue. If the copyright holder
of a work says you're allowed to use it under X conditions, you are.
There's no "trust" there. You can't say that someone is allowed to do X
and then claim later that they weren't *really* allowed to do X.

I feel like I already gave this analogy at some point, but it's like
your "trust" that Walmart permits you to enter the store and shop. You
don't demand proof that you're allowed to shop at Walmart; it's implied
by the fact that the doors are unlocked and the building is enticing you
to go in. Similarly, Walmart can't just retroactively claim you weren't
really allowed in, even though you obviously were, and have you arrested
for trespassing. No, because of the conditions, if a Walmart wants to
keep you out, you have to be specifically told that you're not welcome.
They can't just call the police one day and have you arrested for
trespassing. Ergo, you don't need "trust".

The same sort of thing would apply to a licensing situation like this.
If the Chromium team says that Chromium is under the Modified BSD
License, then it *is* under the Modified BSD License, unless a
particular file says otherwise. The same applies to ungoogled-chromium
and its maintainer.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  4:19                       ` Julie Marchant
@ 2019-02-17  7:43                         ` bill-auger
  2019-02-17 14:06                           ` Julie Marchant
  0 siblings, 1 reply; 152+ messages in thread
From: bill-auger @ 2019-02-17  7:43 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

the difference there is that chromium is not one piece of software
written by one person or even one modestly sized team - it is a
conglomeration of perhaps 100s of different projects written by perhaps
1000s of authors - for some files, it may not actually be known who the
author is, never mind which license they chose, or when - the word
"trust" comes into play there, because it is not clear that any one
single person on the chromium team can honestly account for everything
in the code-base, much less to authoritatively vouch for all of the
authors and various licensing

it is a more reasonable argument to make for projects with a much,
much fewer number of files and many, many fewer devs; but i think a
program this size is far beyond the benefit of reasonable doubt - and,
of course, on the other hand, if the project had many fewer files and
many fewer devs, then a comprehensive audit would not be as absurdly
difficult - so i think that is a moot point in this case

per your analogy, this is more like the owners of one building giving
you permission to go anywhere in the city, because they believe that
every other building in the city shares their trespassing policy -
though, they can not themselves, demonstrate that they have precise
knowledge of the exact number of buildings in the city, nor who their
owners are, nor their owners' trespassing policies

o/c someone could probably raise exactly the same doubts about mozilla -
luckily for us though, we are not aware of any, and so are not yet so
uncomfortably compelled to address them

most importantly, i personally dont care to argue for nor against
chromium - i just want all FSDG distros to agree on how it should be
treated, regardless of what that entails

if we can not all agree on how to interpret the FSDG, and apply it
uniformly to all distro, then the FSDG endorsement has no value and the
FSDG work-group serves no meaningful purpose to the world - we may as
well just go our own separate ways, and satisfy our own individual
fancies

that is what is truly at stake here - not this particular: "yet another
web browser"

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  7:43                         ` bill-auger
@ 2019-02-17 14:06                           ` Julie Marchant
  2019-02-18  7:43                             ` bill-auger
  0 siblings, 1 reply; 152+ messages in thread
From: Julie Marchant @ 2019-02-17 14:06 UTC (permalink / raw)
  To: Workgroup for fully free GNU/Linux distributions, bill-auger; +Cc: guix-devel

On 02/17/2019 02:43 AM, bill-auger wrote:
> the difference there is that chromium is not one piece of software
> written by one person or even one modestly sized team - it is a
> conglomeration of perhaps 100s of different projects written by perhaps
> 1000s of authors - for some files, it may not actually be known who the
> author is, never mind which license they chose, or when - the word
> "trust" comes into play there, because it is not clear that any one
> single person on the chromium team can honestly account for everything
> in the code-base, much less to authoritatively vouch for all of the
> authors and various licensing

So... the same thing as Linux. And many stores, for that matter. On that
note...

> per your analogy, this is more like the owners of one building giving
> you permission to go anywhere in the city, because they believe that
> every other building in the city shares their trespassing policy -
> though, they can not themselves, demonstrate that they have precise
> knowledge of the exact number of buildings in the city, nor who their
> owners are, nor their owners' trespassing policies

You do know many stores don't own everything in the building, right?
Lots of machinery is owned by third parties such as vendors; coolers
holding drinks, for example, are typically owned and stocked by vendors
such as Coca-Cola and Pepsi. In the Walmart I work at, there's even a
separate business in the exact same building whose area is either owned
or leased by them (I don't know which). Plus, all stores have sections
where customers are not allowed to go (indicated by signs). So no, the
analogy is exactly the same. You see that a door says "Employees Only"
and don't enter; you don't go asking for proof that you can walk
throughout every inch of the store that you seem to have implicit
permission to walk through.

> o/c someone could probably raise exactly the same doubts about mozilla -
> luckily for us though, we are not aware of any, and so are not yet so
> uncomfortably compelled to address them

Are you saying, then, that we are specifically aware of proprietary
software in ungoogled-chromium? Have stated what that proprietary
software is?

After all, if you aren't aware of proprietary software in
ungoogled-chromium, this would seem to be special pleading. Am I wrong?

> most importantly, i personally dont care to argue for nor against
> chromium - i just want all FSDG distros to agree on how it should be
> treated, regardless of what that entails

Why? Are you opposed to individual distros making their own individual
decisions?

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 14:18               ` Julie Marchant
                                   ` (2 preceding siblings ...)
  2019-02-17  1:37                 ` bill-auger
@ 2019-02-17 20:55                 ` Christopher Lemmer Webber
  3 siblings, 0 replies; 152+ messages in thread
From: Christopher Lemmer Webber @ 2019-02-17 20:55 UTC (permalink / raw)
  To: Julie Marchant
  Cc: guix-devel, Workgroup for fully free GNU/Linux distributions

Julie Marchant writes:

> I don't understand what's so complicated about this issue. In justice
> systems, we adopt an "innocent until proven guilty" system because you
> can't really prove innocence, only guilt.

I agree with Julie's point here.  The fear that "there might be
something nonfree in there"... well, that's true for our entire system.
We also have a similar issue with security vulnerabilities... there are
almost certainly security vulnerabilities in the sum total of our
packages.  Which packages though?  And what are they?  We don't know the
answer to either of those.  Our response is to take action if and when
problems are found.  That's the same approach we should take here.

 - Chris

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17  1:39                       ` bill-auger
@ 2019-02-17 22:33                         ` Ricardo Wurmus
  2019-02-18 12:05                           ` bill-auger
       [not found]                         ` <671b6c83-0ed0-84eb-4cc5-b6a8fd14cb90@fsf.org>
  1 sibling, 1 reply; 152+ messages in thread
From: Ricardo Wurmus @ 2019-02-17 22:33 UTC (permalink / raw)
  To: bill-auger; +Cc: guix-devel, gnu-linux-libre


bill-auger <bill-auger@peers.community> writes:

> if we do not FIRSTLY apologize to pureos for asking them to remove
> chromium and publicly endorse them to re-instate it, then endorsing it
> into guix would be hypocritical and shameful

I find this use of “we” confusing.

I don’t feel motivated to apologize to the people involved in PureOS
because I wasn’t around when they were pressured / convinced to drop
Chromium.  I don’t know if any of the regular Guix contributors have.

In day to day Guix activities, we don’t ask developers of other distros
that also happen to subscribe to the FSDG to reach consensus before
making project decisions.  You are suggesting that FSDG distros form a
community beyond the sense that they abide by the same guidelines.  I
don’t think that’s reflecting reality.  It’s another thing to discuss if
this should be so.

With regards to the Chromium upstream bug report about the license
script and the suggestion that upstream doesn’t know what license their
code has, I’m satisfied with this comment:

   https://bugs.chromium.org/p/chromium/issues/detail?id=28291#c31

The script appears to be not very successful in detecting valid license
declarations in third party code.  FWIW, in my opinion it would be
unreasonable to further delay Marius’s work from becoming part of Guix.
I see no violation of the FSDG here.

--
Ricardo

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17 14:06                           ` Julie Marchant
@ 2019-02-18  7:43                             ` bill-auger
  0 siblings, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-18  7:43 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Sun, 17 Feb 2019 09:06:20 -0500 Julie wrote:
> So... the same thing as Linux.

yes, much the same situation as linux, but with the very important
difference, that we have people like the good folks at linux-libre who
are constantly watching linux for new undesirables entering it, and
those people are actively and routinely removing anything non-free - no
such thing is happening for web browsers - no one is even watching


On Sun, 17 Feb 2019 09:06:20 -0500 Julie wrote:
> Are you saying, then, that we are specifically aware of proprietary
> software in ungoogled-chromium? Have stated what that proprietary
> software is?

i am saying that i am not aware of anyone making any such accusations
of non-free software being in that browser - but we are painfully aware
of the accusations against chromium, and it is sitting "on the table";
so we are very unfortunately compelled to address it - thats all

i am not personally wedded to any preference on *how* we should address
it; but we should address it

if ever someone raises the same concern with firefox, then we will be
compelled to address that, when or if that unfortunate day comes;
because that is exactly what the FSDG is for: to determine which
software is fit for free distribution, and which is not


On Sun, 17 Feb 2019 09:06:20 -0500 Julie wrote:
> Why? Are you opposed to individual distros making their own individual
> decisions?

not all "decisions" - only the most crucial and obvious decisions like
this one, regarding exactly what is "free software" and what is not
"free software" - because if we can not agree on what is and is not
"free software", then the term "free software" is meaningless, and
hence a FSDG-free distro is a pointless distinction

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-17 22:33                         ` [GNU-linux-libre] " Ricardo Wurmus
@ 2019-02-18 12:05                           ` bill-auger
  2019-02-18 12:15                             ` Hartmut Goebel
  2019-02-18 13:44                             ` Tobias Geerinckx-Rice
  0 siblings, 2 replies; 152+ messages in thread
From: bill-auger @ 2019-02-18 12:05 UTC (permalink / raw)
  To: gnu-linux-libre; +Cc: guix-devel

On Sun, 17 Feb 2019 23:33:06 +0100 Ricardo wrote:
> I don’t feel motivated to apologize to the people involved in PureOS
> because I wasn’t around when they were pressured / convinced to drop
> Chromium.

no, but you could have been around - you also could have argued for
pureos on their side of the debate, and perhaps won favor for chromium
at that time; so that none of us would need to be discussing it today,
nor ever again - but unfortunately, it is true, you did not do that -
so here we are today, raking this ugly old thing out of the mud once
again


On Sun, 17 Feb 2019 23:33:06 +0100 Ricardo wrote:
> In day to day Guix activities, we don’t ask developers of other
> distros that also happen to subscribe to the FSDG to reach consensus
> before making project decisions.  

of course every distro should have complete autonomy, especially for
decisions that only pertain to that one distro - i am only considering
the most fundamental decisions that obviously affect all distros
equally, and reflect upon the integrity of the FSDG itself, such as
which software is FSDG-free and which are not (and clarifying why or
why not, and ideally, offering specific guidance for acceptably
liberating the most common or troublesome ones) - if we can not all
agree on that single most central concern to the FSDG, then what
exactly is the value of the FSDG anyways?


On Sun, 17 Feb 2019 23:33:06 +0100 Ricardo wrote:
> You are suggesting that FSDG
> distros form a community beyond the sense that they abide by the same
> guidelines.  I don’t think that’s reflecting reality.  It’s another
> thing to discuss if this should be so.

yes - awesome!! - that is exactly what i have been proposing and
working toward for a long time - in this case, not as just "another
thing to discuss"; but it is *the* sole reason that i raised this issue
with guix at this time (last september actually[1])

i have repeated it over and over again, that i couldnt care less about
the chromium program, specifically - i want to discuss only and exactly
this: enticing all FSDG distros to collaborate toward the achievement
of common goals and solutions to common problems; as to avoid both
redundant efforts and the presenting of conflicting philosophies to
users, regarding the nature and essence of "free software" - the
chromium program is not itself a fundamental problem, but one, albeit
notorious, example of a common problem that affects all FSDG distros,
and has been addressed by the group for the purpose of presenting a
uniform message regarding it's FSDG status

it would be a beautiful thing to have vigorous cross-distro
collaboration as a focal point of the FSDG itself, very much in the
collaborative spirit of GNU; and i think that most of the distros are
already on board with that idea as a worthwhile plan, and have always
been participating on the FSDG mailing list under that presumption -
last year's re-structuring of the incoming distros community evaluation
process was a concrete step in that direction

"reality" is only what we make of it - if you see the FSDG as nothing
more than a trophy or badge that you earned once upon a time, a
milestone that need not be any concerned ever more after, then that
is the reality you will have - the FSF does not want to mandate that
anyone participate in the on-going group discussions; but it is a very
good idea to show that the FSDG distros behave as a community of
siblings by, at the very least, presenting a uniform stance on shared
freedom issues


On Sun, 17 Feb 2019 23:33:06 +0100 Ricardo wrote:
> I see no violation of the FSDG here.

that is not news, Ricardo - no one sees any obvious licensing violation
of the FSDG; not today, nor a year ago, nor five years ago - if there
were any known, they could have (and probably would have) been
addressed long ago, and maybe we would not be discussing this now - the
only clear FSDG problem today is the new one that guix is making for all
other distros that are trying to be compliant with the FSDG as it is
written, by intentionally doing something that is explicitly against
the written recommendation - the "as it is written" part is perhaps
dubious; but it is the keystone of a long-standing FSDG anomaly, and
guix is in a very good position to help resolve that once and for all,
for the benefit of all

whether anyone likes it or not, adding chromium into any FSDG distro
today, is in direct conflict with that pesky: "what is written" - the
solution is almost certainly, that it needs to be re-written; but there
is not yet anything to over-write it with - "i see no problem" is
clearly not sufficient - we all know it has FSDG problems; and the
current wording will remain until someone who cares about chromium
offers a convincing liberation procedure to replace it as the FSDG
recommendation

we are asking for your help with this, for the benefit of all FSDG
distros and their users, present and future, because it is only guix
that claims to have any new information about chromium, and guix is
probably the only distro that wants this program to be considered as
FSDG-free badly enough to do anything about it; but all we have seen so
far, are sentiments plainly discounting the validity of the request
like: "i dont see any problem", "i dont feel compelled to address
this", and "sorry, i dont remember how i did it" - not only is that
indifference leaving the others to remain in this quagmire that we have
been in for years; but pushing this through while knowing that this
conflict exists, is making it more uncomfortable than it needs to be
going forward, especially if no one from guix plans to help resolve the
conflict in a timely manor

whether or not guix considers itself to be part of the larger
FSDG community, you should realize that we do exist as such, and that
this particular action by guix is forcing a wedge into a small, but
visible crack in the foundation of FSDG itself; which has negative
repercussion on those who would be your allies, and creates a strong
point of contention for any new distro that comes along


[1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-18 12:05                           ` bill-auger
@ 2019-02-18 12:15                             ` Hartmut Goebel
  2019-02-18 13:44                             ` Tobias Geerinckx-Rice
  1 sibling, 0 replies; 152+ messages in thread
From: Hartmut Goebel @ 2019-02-18 12:15 UTC (permalink / raw)
  To: guix-devel

Am 18.02.19 um 13:05 schrieb bill-auger:
> no, but you could have been around -


InvalidArgementError

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-18 12:05                           ` bill-auger
  2019-02-18 12:15                             ` Hartmut Goebel
@ 2019-02-18 13:44                             ` Tobias Geerinckx-Rice
  2019-02-18 19:22                               ` Simon Nielsen
  1 sibling, 1 reply; 152+ messages in thread
From: Tobias Geerinckx-Rice @ 2019-02-18 13:44 UTC (permalink / raw)
  To: guix-devel; +Cc: gnu-linux-libre

bill-auger wrote:
> On Sun, 17 Feb 2019 23:33:06 +0100 Ricardo wrote:
>> I don’t feel motivated to apologize to the people involved in 
>> PureOS
>> because I wasn’t around when they were pressured / convinced to 
>> drop
>> Chromium.
>
> no, but you could have been around - you also could have argued 
> for
> pureos on their side of the debate, and perhaps won favor for 
> chromium
> at that time; so that none of us would need to be discussing it 
> today,
> nor ever again - but unfortunately, it is true, you did not do 
> that -
> so here we are today, raking this ugly old thing out of the mud 
> once
> again

If this is the quality of argument that ‘won’ over PureOS, it's 
blaming Guix/Ricardo for not being around to stop others from 
being bullied.

Kind regards,

T G-R

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 11:16             ` Gábor Boskovits
  2019-02-16 12:55               ` ng0
@ 2019-02-18 13:47               ` Denis 'GNUtoo' Carikli
  1 sibling, 0 replies; 152+ messages in thread
From: Denis 'GNUtoo' Carikli @ 2019-02-18 13:47 UTC (permalink / raw)
  To: Gábor Boskovits
  Cc: Guix-devel, Workgroup for fully free GNU/Linux distributions

[-- Attachment #1: Type: text/plain, Size: 584 bytes --]

On Sat, 16 Feb 2019 12:16:41 +0100
Gábor Boskovits <boskovits@gmail.com> wrote:

> It seems to me, that there is a whole bunch of people interested in
> this, but due to lack of resources or for some other reasons nothing
> is really happening. Do you know any we we could help getting this
> resolved?
This is a very good point.

I also wonder if at the end, working to fix the problem by reviewing
chromium source code more carefully would take less resources than
discussing endlessly on how to deal with the fact that the source code
hasn't been reviewed.

Denis.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-18 13:44                             ` Tobias Geerinckx-Rice
@ 2019-02-18 19:22                               ` Simon Nielsen
  2019-02-19 20:45                                 ` [GNU-linux-libre] " bill-auger
  0 siblings, 1 reply; 152+ messages in thread
From: Simon Nielsen @ 2019-02-18 19:22 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice, guix-devel@gnu.org; +Cc: gnu-linux-libre@nongnu.org

18.02.2019, 14:44, "Tobias Geerinckx-Rice" <somebody@not-sent-or-endorsed-by.tobias.gr>:
> If this is the quality of argument that ‘won’ over PureOS, it's
> blaming Guix/Ricardo for not being around to stop others from
> being bullied.
>
> Kind regards,
>
> T G-R

Hi Tobias,

I've been reading this conversation from the outside but noticed it seems to be shifting to a meta
rather than about the state of chromium itself so it would be nice if it went back on topic.
‌
Seeing as the issue here relates to being uncertain shouldn't upstream confirm which parts run
under what license in more detail? As I can tell so far this hasn't been done (unless I've missed
something) thus the current situation.

So the choice here is really about following the FSDG for now until it's revised or going against it
causing a split in the community around it. Guix would be in the right but depending on the result
there's a chance for a negative return (or a positive one). Are most here sure which direction it
will go? From just reading the snippets about PureOS they seemed to have gotten quite a bit of
flack until it was removed, won't the same happen to Guix?

I've enjoyed using Guix for a bit over a year now and will continue regardless of the outcome.

I apologize if this email is in conflict with the standard format as I usually don't engage in responding
to mailing lists so my interpretation of the desired style might not be as accurate as of yet.

Thank you

Simon Nielsen

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [bug#28004] [PATCH v2] gnu: Add ungoogled-chromium.
  2019-02-12 15:58   ` [PATCH v2] " Marius Bakke
@ 2019-02-18 22:43     ` Marius Bakke
  0 siblings, 0 replies; 152+ messages in thread
From: Marius Bakke @ 2019-02-18 22:43 UTC (permalink / raw)
  To: guix-devel; +Cc: 28004-done

[-- Attachment #1: Type: text/plain, Size: 435 bytes --]

Marius Bakke <mbakke@fastmail.com> writes:

> Changes in this version:
>
> * New upstream release.
> * No longer using a fork of Ungoogled-Chromium.
> * The special HarfBuzz and libvpx variants have been removed due to
>   obsolesence.

I've pushed this patch now, with minor cosmetic improvements:

<https://git.savannah.gnu.org/cgit/guix.git/commit/?id=f1e9de4d3aefae420db633a56ba9cd93f7750df3>

Thanks to everyone who participated!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [PATCH] gnu: Add ungoogled-chromium.
  2019-02-16 18:56             ` Giovanni Biscuolo
@ 2019-02-19 16:28               ` Giovanni Biscuolo
  0 siblings, 0 replies; 152+ messages in thread
From: Giovanni Biscuolo @ 2019-02-19 16:28 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1249 bytes --]

Hi!

Giovanni Biscuolo <g@xelera.eu> writes:

[...]

> first and foremost, IMHO guix-devel is not the place to discuss GNU FSDG
> criteria; I'm going to subscribe gnu-linux-libre@nongnu.org to send
> my comments - and I _have_ some - on the FSDG compliance process

then I decided to "escalate" this issue since I found the "Software
blacklist" mandatory requiment is a mistake

if anybody is interested in the followup, this is what I asked to
licensing@fsf.org:
http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/msg00064.html

[...]

>   "ungoogled-chromium cannot be included in Guix System Distribution since
>   it is listed - as 'chromium-browser' - on the page
>   <List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser>
>   that is an integral part of the GNU FSDG Guidelines as extended by the
>   FSDG_Checklist via
>   https://libreplanet.org/wiki/Incoming_distros#Endorsement_Process"

indeed I'm very happy Guix maintainers decided to push

kudos Marius Bakke! it is very likely you liberated chromium once and
for all! and if not... we can **build** it out :-D

Happy hacking
Giovanni

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.
  2019-02-18 19:22                               ` Simon Nielsen
@ 2019-02-19 20:45                                 ` bill-auger
  0 siblings, 0 replies; 152+ messages in thread
From: bill-auger @ 2019-02-19 20:45 UTC (permalink / raw)
  To: guix-devel

On Mon, 18 Feb 2019 20:22:20 +0100 Simon wrote:
> seems to be shifting to a meta rather than about the state of
> chromium itself

simon - i would like to explain that the reason for that confusion, is
because this thread got cross-posted on multiple mailing lists

the chromium browser is the topic of the thread on the guix mailing
list - but that "meta" divergence as you described it, is entirely the
purpose of the FSDG workgroup - the central concern on that list
today, is not chromium itself, but is enticing guix to discuss what has
been done to liberate chromium with the group; so that the recipe can
be peer reviewed and possibly be recommended to other distros

the folks reading the FSDG list would not describe that as a
divergence, but as the latest attempt to make progress on a long
standing problem that affects all FSDG distros equally

^ permalink raw reply	[flat|nested] 152+ messages in thread

* bug#34605: ungoogled-chromium: proprietary codecs enabled?
       [not found]                                   ` <1740db7c-29c4-137e-85b7-33c9a6b71b16@hyperbola.info>
@ 2019-02-21  8:02                                     ` Giovanni Biscuolo
  2019-02-21 15:50                                       ` Ricardo Wurmus
  0 siblings, 1 reply; 152+ messages in thread
From: Giovanni Biscuolo @ 2019-02-21  8:02 UTC (permalink / raw)
  To: 34605; +Cc: Luke

[-- Attachment #1: Type: text/plain, Size: 733 bytes --]

Hello,

I'm forwarding this, extracted from this message
http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/msg00083.html

Luke <g4jc@hyperbola.info> writes:

[...]

> Some GN prefs missing from chromium.scm:
> ---
> ;; Disable non-free codecs
> "proprietary_codecs=false"

while ungoogled-chromiun package definition now contains

--8<---------------cut here---------------start------------->8---
 ;; Don't arbitrarily restrict formats supported by system ffmpeg.
 "proprietary_codecs=true"
 "ffmpeg_branding=\"Chrome\""
--8<---------------cut here---------------end--------------->8---

does this conflicts with GNU FSDG?

Thanks!
Giovanni

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 152+ messages in thread

* bug#34605: ungoogled-chromium: proprietary codecs enabled?
  2019-02-21  8:02                                     ` bug#34605: ungoogled-chromium: proprietary codecs enabled? Giovanni Biscuolo
@ 2019-02-21 15:50                                       ` Ricardo Wurmus
  2021-11-14  1:29                                         ` Maxim Cournoyer
  0 siblings, 1 reply; 152+ messages in thread
From: Ricardo Wurmus @ 2019-02-21 15:50 UTC (permalink / raw)
  To: Giovanni Biscuolo; +Cc: 34605, Luke


Giovanni Biscuolo <g@xelera.eu> writes:

> Hello,
>
> I'm forwarding this, extracted from this message
> http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/msg00083.html
>
> Luke <g4jc@hyperbola.info> writes:
>
> [...]
>
>> Some GN prefs missing from chromium.scm:
>> ---
>> ;; Disable non-free codecs
>> "proprietary_codecs=false"
>
> while ungoogled-chromiun package definition now contains
>
> --8<---------------cut here---------------start------------->8---
>  ;; Don't arbitrarily restrict formats supported by system ffmpeg.
>  "proprietary_codecs=true"
>  "ffmpeg_branding=\"Chrome\""
> --8<---------------cut here---------------end--------------->8---
>
> does this conflicts with GNU FSDG?

As far as I understand, this lets Chromium use whatever codecs are
provided by the system ffmpeg.  Restrictions in codecs are up to the
ffmpeg package, not Chromium.

--
Ricardo

^ permalink raw reply	[flat|nested] 152+ messages in thread

* bug#34605: ungoogled-chromium: proprietary codecs enabled?
  2019-02-21 15:50                                       ` Ricardo Wurmus
@ 2021-11-14  1:29                                         ` Maxim Cournoyer
  0 siblings, 0 replies; 152+ messages in thread
From: Maxim Cournoyer @ 2021-11-14  1:29 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 34605-done, Luke

Hello,

Ricardo Wurmus <rekado@elephly.net> writes:

> Giovanni Biscuolo <g@xelera.eu> writes:
>
>> Hello,
>>
>> I'm forwarding this, extracted from this message
>> http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/msg00083.html
>>
>> Luke <g4jc@hyperbola.info> writes:
>>
>> [...]
>>
>>> Some GN prefs missing from chromium.scm:
>>> ---
>>> ;; Disable non-free codecs
>>> "proprietary_codecs=false"
>>
>> while ungoogled-chromiun package definition now contains
>>
>> --8<---------------cut here---------------start------------->8---
>>  ;; Don't arbitrarily restrict formats supported by system ffmpeg.
>>  "proprietary_codecs=true"
>>  "ffmpeg_branding=\"Chrome\""
>> --8<---------------cut here---------------end--------------->8---
>>
>> does this conflicts with GNU FSDG?
>
> As far as I understand, this lets Chromium use whatever codecs are
> provided by the system ffmpeg.  Restrictions in codecs are up to the
> ffmpeg package, not Chromium.

I confirm this is how it works; and that it isn't an FSDG problem.  The
source now mentions ";; Do not artifically restrict formats supported by
system ffmpeg.".

Closing.

Thanks for the report!

Maxim




^ permalink raw reply	[flat|nested] 152+ messages in thread

end of thread, other threads:[~2021-11-14  1:30 UTC | newest]

Thread overview: 152+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
2017-08-07 20:23 ` ng0
2017-08-07 21:16   ` Marius Bakke
2017-08-08  5:53     ` ng0
2017-08-08 13:18     ` ng0
2017-08-08 14:22       ` ng0
2017-08-08 15:44         ` ng0
2017-08-08 18:59           ` ng0
2017-08-08 19:51           ` Leo Famulari
2017-08-08 20:46             ` ng0
2017-08-10  5:31 ` Efraim Flashner
2017-08-31  7:36   ` ng0
2017-10-10 13:19 ` ng0
2017-10-11 19:52   ` Ludovic Courtès
2017-10-12 19:56     ` Leo Famulari
2017-10-12 20:28       ` ng0
2017-10-13  6:51       ` Ludovic Courtès
2017-10-18 22:41         ` Marius Bakke
2017-10-19  5:48           ` ng0
2017-10-24 21:11           ` Marius Bakke
2017-11-05 23:52           ` Marius Bakke
2017-11-10 11:33             ` Adonay Felipe Nogueira
2018-01-04 19:16           ` ng0
2018-01-08 21:56             ` Marius Bakke
2018-01-08 23:20               ` ng0
2018-01-08 23:40                 ` Marius Bakke
2018-01-12  0:09                 ` Marius Bakke
2018-01-13 19:02                   ` ng0
2018-01-13 19:13                     ` ng0
2018-01-14 12:10                       ` ng0
2018-01-16 14:18                   ` Ludovic Courtès
2018-01-16 19:01                     ` Marius Bakke
2018-01-16 19:09                       ` Tobias Geerinckx-Rice
2018-01-16 19:22                         ` Marius Bakke
2018-01-16 20:41                           ` Leo Famulari
2018-01-17  8:53                       ` Ludovic Courtès
2018-01-17 14:55                       ` Mike Gerwitz
2018-02-26 18:18                         ` Marius Bakke
2018-02-26 20:01                           ` ng0
2018-02-26 20:06                             ` Marius Bakke
2018-02-26 20:34                               ` ng0
2018-02-26 22:41                               ` Björn Höfling
2018-02-27 21:57                                 ` ng0
2018-02-28 17:38                                 ` Marius Bakke
2018-02-28 18:09                                   ` Björn Höfling
2018-03-16 17:30                                   ` ng0
2018-03-16 17:45                                     ` Marius Bakke
2018-03-16 17:52                                       ` ng0
2018-07-25  8:08                                         ` ng0
2018-08-05 13:04                                           ` Marius Bakke
2018-08-05 16:18                                             ` ng0
2018-08-05 18:25                                               ` Marius Bakke
2018-08-05 20:32                                                 ` ng0
2018-08-05 23:58                                                   ` ng0
2018-08-30 13:25                                                     ` ng0
2018-08-06  8:22                                             ` Oleg Pykhalov
2018-08-30  6:04                                               ` Amirouche Boubekki
2018-03-16 19:01                                       ` Adonay Felipe Nogueira
2018-03-16 19:34                                         ` ng0
2018-03-16 21:20                                           ` Adonay Felipe Nogueira
2018-02-27 22:17                               ` ng0
2018-02-28 17:14                                 ` Marius Bakke
2018-02-27  2:00                           ` Mike Gerwitz
2018-02-28  8:17                             ` ng0
2018-02-28 17:28                             ` Marius Bakke
2018-01-16 20:04                     ` ng0
2018-01-09  6:58               ` ng0
2018-01-12  0:03                 ` Marius Bakke
2018-01-12  9:38                   ` ng0
2018-02-26 18:19 ` [bug#28004] [PATCH] gnu: Add chromium Marius Bakke
2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
2018-04-17 19:10   ` Oleg Pykhalov
2018-04-24 17:05   ` Christopher Lemmer Webber
2018-04-24 18:08     ` [bug#28004] Chromium 66 + status update Marius Bakke
2018-04-24 18:45       ` Christopher Lemmer Webber
2018-04-24 18:48         ` Tobias Geerinckx-Rice
2018-04-24 18:46       ` Tobias Geerinckx-Rice
2018-04-24 19:30         ` Marius Bakke
2018-04-25 17:00           ` Leo Famulari
2018-04-25 17:02           ` Leo Famulari
2018-05-03 17:49       ` Nils Gillmann
2018-05-03 17:58         ` Nils Gillmann
2018-05-04 12:10         ` Marius Bakke
2018-05-04 13:02           ` Nils Gillmann
2018-08-29 23:31 ` [bug#28004] (no subject) Amirouche Boubekki
2018-09-02  4:37 ` [bug#28004] Chromium FSDG requirements Mark H Weaver
2018-09-02 13:16   ` Marius Bakke
2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
2019-02-03 18:16   ` Joshua Branson
2019-02-04  4:52     ` bill-auger
2019-02-04  5:52       ` brettg
2019-02-04  7:46       ` Ineiev
2019-02-04 10:56         ` bill-auger
2019-02-04 14:43           ` Jean Louis
2019-02-04 12:26       ` [GNU-linux-libre] " Julie Marchant
2019-02-04 15:03         ` bill-auger
2019-02-04 13:46       ` [bug#28004] " Leo Famulari
2019-02-04 14:47         ` bill-auger
2019-02-04 22:34       ` Ludovic Courtès
2019-02-04 22:34         ` [bug#28004] " Ludovic Courtès
2019-02-06 21:04         ` [GNU-linux-libre] " Marius Bakke
2019-02-07 23:52         ` Christopher Lemmer Webber
2019-02-07 23:59           ` Julie Marchant
2019-02-16  8:00           ` bill-auger
2019-02-16 10:25             ` Brett Gilio
2019-02-16 14:18               ` Julie Marchant
2019-02-16 15:37                 ` [GNU-linux-libre] " Adam Van Ymeren
2019-02-16 19:47                 ` Adonay Felipe Nogueira
2019-02-16 20:01                   ` Brett Gilio
2019-02-16 20:06                     ` Brett Gilio
2019-02-17  1:39                       ` bill-auger
2019-02-17 22:33                         ` [GNU-linux-libre] " Ricardo Wurmus
2019-02-18 12:05                           ` bill-auger
2019-02-18 12:15                             ` Hartmut Goebel
2019-02-18 13:44                             ` Tobias Geerinckx-Rice
2019-02-18 19:22                               ` Simon Nielsen
2019-02-19 20:45                                 ` [GNU-linux-libre] " bill-auger
     [not found]                         ` <671b6c83-0ed0-84eb-4cc5-b6a8fd14cb90@fsf.org>
     [not found]                           ` <20190220010728.3426713f@parabola>
     [not found]                             ` <87r2c2ms4l.fsf@fastmail.com>
     [not found]                               ` <20190220114742.0d2034fb@parabola>
     [not found]                                 ` <87ftsim7qc.fsf@fastmail.com>
     [not found]                                   ` <1740db7c-29c4-137e-85b7-33c9a6b71b16@hyperbola.info>
2019-02-21  8:02                                     ` bug#34605: ungoogled-chromium: proprietary codecs enabled? Giovanni Biscuolo
2019-02-21 15:50                                       ` Ricardo Wurmus
2021-11-14  1:29                                         ` Maxim Cournoyer
2019-02-16 20:07                   ` [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium Alex Griffin
2019-02-17  1:49                     ` bill-auger
2019-02-17  1:37                 ` bill-auger
2019-02-17  2:30                   ` Julie Marchant
2019-02-17  2:42                     ` bill-auger
2019-02-17  4:19                       ` Julie Marchant
2019-02-17  7:43                         ` bill-auger
2019-02-17 14:06                           ` Julie Marchant
2019-02-18  7:43                             ` bill-auger
2019-02-17 20:55                 ` Christopher Lemmer Webber
2019-02-16 11:16             ` Gábor Boskovits
2019-02-16 12:55               ` ng0
2019-02-16 13:10                 ` Gábor Boskovits
2019-02-18 13:47               ` Denis 'GNUtoo' Carikli
2019-02-16 15:10             ` znavko
2019-02-16 15:50             ` Marius Bakke
2019-02-16 16:20               ` [GNU-linux-libre] " Amin Bandali
2019-02-16 16:33                 ` Marius Bakke
2019-02-16 19:27                   ` Amin Bandali
2019-02-17  2:20                   ` bill-auger
2019-02-16 16:34               ` Alexandre Oliva
2019-02-16 16:54                 ` Marius Bakke
2019-02-17  3:38                 ` bill-auger
2019-02-16 18:56             ` Giovanni Biscuolo
2019-02-19 16:28               ` Giovanni Biscuolo
2019-02-09 14:04       ` Adonay Felipe Nogueira
2019-02-03 20:21   ` Amin Bandali
2019-02-05  5:22   ` [bug#28004] " swedebugia
2019-02-05  5:22     ` swedebugia
2019-02-12 15:58   ` [PATCH v2] " Marius Bakke
2019-02-18 22:43     ` [bug#28004] " Marius Bakke
  -- strict thread matches above, loose matches on Subject: below --
2019-02-16 18:46 [GNU-linux-libre] [PATCH] " Clément Lassieur

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.