ng0 writes: >> + (substitute* "chrome/common/chrome_paths.cc" >> + (("/usr/share/chromium/extensions") >> + ;; TODO: Add ~/.guix-profile. >> + "/run/current-system/profile/share/chromium/extensions")) > > What's the idea behind this? Did you test it? Do you have any guix build-system > using Chromium extensions as an example? So far this completely disables the > installation of any plugins and addons. The idea is to eventually be able to distribute extensions with Guix. I added this path mostly to document it, but don't see how keeping the default makes a difference. If you can place an extension in /usr/share, you can also copy it to the system profile through your config.scm, or symlink this location on a foreign distribution. >> + (mkdir-p bin) >> + ;; Add a thin wrapper to prevent the user from inadvertently >> + ;; installing non-free software through the Web Store. >> + ;; TODO: Discover extensions from the profile and pass >> + ;; something like "--disable-extensions-except=...". > > Same question here. The Web Store has serious freedom issues, thus we can not enable it by default. Enabling it *must* be a conscious choice by the end user. The TODO here is inspired by Debians wrapper script, which enumerates the location where apt places extensions, and gives that list to "--disable-extensions-except". > If you need help, there's at least 3 users of Chromium now. I'd like to read > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed > progress? Maybe we can team collaborate on this huge browser. I do maintain this patch, but unfortunately not in a public repository. I've attached the latest iteration here (sorry for squashed). New since the last time are some fixes from the "Inox patchset" that resolves most of the privacy issues. Namely removing the "login wizard", changing to sensible defaults, and forcing the "classic" New Tab Page that does not load a search engine. Also, all patches have been moved to remote origins. Testing and feedback welcome! Currently there are two "important" (blocking?) TODOs left: * Move the 'delete-bundled-software' phase to a source snippet. Repacking the ~500MiB compressed tarball is *really* expensive. It should also aid the licensing situation. * Delete the two default entries from the "most used" list on the New Tab page. The first run will download thumbnails for these sites, leaking data. One of them also leads to the disabled-by-default store, promoting non-free software. I'm optimistic that fixing the second item will make the browser not leak *any* data at launch with the default configuration. Which leads to a third item: writing a system test that verifies that launching Chromium does indeed not initiate any network traffic. Anyway, here is the latest patch: