From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eYfPm-0006jK-F2 for guix-patches@gnu.org; Mon, 08 Jan 2018 16:57:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYfPi-0008Cm-H2 for guix-patches@gnu.org; Mon, 08 Jan 2018 16:57:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:33137) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eYfPi-0008CC-A0 for guix-patches@gnu.org; Mon, 08 Jan 2018 16:57:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eYfPh-0000f3-TL for guix-patches@gnu.org; Mon, 08 Jan 2018 16:57:01 -0500 Subject: [bug#28004] Chromium Resent-Message-ID: From: Marius Bakke In-Reply-To: <20180104191648.custe7w3l57fvbac@abyayala> References: <87y3qvb15k.fsf@fastmail.com> <20171010131949.y43plpzxbppvrigr@abyayala> <87lgkha2cx.fsf@gnu.org> <20171012195628.GA31843@jasmine.lan> <87shensfq6.fsf@gnu.org> <87o9p45bb6.fsf@fastmail.com> <20180104191648.custe7w3l57fvbac@abyayala> Date: Mon, 08 Jan 2018 22:56:26 +0100 Message-ID: <87wp0s2ewl.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: ng0 Cc: 28004@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain ng0 writes: >> + (substitute* "chrome/common/chrome_paths.cc" >> + (("/usr/share/chromium/extensions") >> + ;; TODO: Add ~/.guix-profile. >> + "/run/current-system/profile/share/chromium/extensions")) > > What's the idea behind this? Did you test it? Do you have any guix build-system > using Chromium extensions as an example? So far this completely disables the > installation of any plugins and addons. The idea is to eventually be able to distribute extensions with Guix. I added this path mostly to document it, but don't see how keeping the default makes a difference. If you can place an extension in /usr/share, you can also copy it to the system profile through your config.scm, or symlink this location on a foreign distribution. >> + (mkdir-p bin) >> + ;; Add a thin wrapper to prevent the user from inadvertently >> + ;; installing non-free software through the Web Store. >> + ;; TODO: Discover extensions from the profile and pass >> + ;; something like "--disable-extensions-except=...". > > Same question here. The Web Store has serious freedom issues, thus we can not enable it by default. Enabling it *must* be a conscious choice by the end user. The TODO here is inspired by Debians wrapper script, which enumerates the location where apt places extensions, and gives that list to "--disable-extensions-except". > If you need help, there's at least 3 users of Chromium now. I'd like to read > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed > progress? Maybe we can team collaborate on this huge browser. I do maintain this patch, but unfortunately not in a public repository. I've attached the latest iteration here (sorry for squashed). New since the last time are some fixes from the "Inox patchset" that resolves most of the privacy issues. Namely removing the "login wizard", changing to sensible defaults, and forcing the "classic" New Tab Page that does not load a search engine. Also, all patches have been moved to remote origins. Testing and feedback welcome! Currently there are two "important" (blocking?) TODOs left: * Move the 'delete-bundled-software' phase to a source snippet. Repacking the ~500MiB compressed tarball is *really* expensive. It should also aid the licensing situation. * Delete the two default entries from the "most used" list on the New Tab page. The first run will download thumbnails for these sites, leaking data. One of them also leads to the disabled-by-default store, promoting non-free software. I'm optimistic that fixing the second item will make the browser not leak *any* data at launch with the default configuration. Which leads to a third item: writing a system test that verifies that launching Chromium does indeed not initiate any network traffic. Anyway, here is the latest patch: --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-gnu-Add-chromium.patch Content-Transfer-Encoding: quoted-printable From=20f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Oct 2016 17:25:05 +0100 Subject: [PATCH] gnu: Add chromium. * gnu/packages/chromium.scm: New file. * gnu/local.mk: Record it. =2D-- gnu/local.mk | 1 + gnu/packages/chromium.scm | 733 ++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 734 insertions(+) create mode 100644 gnu/packages/chromium.scm diff --git a/gnu/local.mk b/gnu/local.mk index d4e841921..529fdd2be 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/packages/check.scm \ %D%/packages/chemistry.scm \ %D%/packages/chez.scm \ + %D%/packages/chromium.scm \ %D%/packages/ci.scm \ %D%/packages/cinnamon.scm \ %D%/packages/cmake.scm \ diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm new file mode 100644 index 000000000..78cfb3097 =2D-- /dev/null +++ b/gnu/packages/chromium.scm @@ -0,0 +1,733 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2016, 2017 Marius Bakke +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages chromium) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module (guix utils) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages assembly) + #:use-module (gnu packages base) + #:use-module (gnu packages bison) + #:use-module (gnu packages compression) + #:use-module (gnu packages cups) + #:use-module (gnu packages curl) + #:use-module (gnu packages databases) + #:use-module (gnu packages fontutils) + #:use-module (gnu packages ghostscript) + #:use-module (gnu packages gl) + #:use-module (gnu packages glib) + #:use-module (gnu packages gnome) + #:use-module (gnu packages gnuzilla) + #:use-module (gnu packages gperf) + #:use-module (gnu packages gtk) + #:use-module (gnu packages icu4c) + #:use-module (gnu packages image) + #:use-module (gnu packages libevent) + #:use-module (gnu packages libffi) + #:use-module (gnu packages libusb) + #:use-module (gnu packages linux) + #:use-module (gnu packages kerberos) + #:use-module (gnu packages ninja) + #:use-module (gnu packages node) + #:use-module (gnu packages pciutils) + #:use-module (gnu packages photo) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) + #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages python) + #:use-module (gnu packages python-web) + #:use-module (gnu packages regex) + #:use-module (gnu packages serialization) + #:use-module (gnu packages speech) + #:use-module (gnu packages tls) + #:use-module (gnu packages valgrind) + #:use-module (gnu packages version-control) + #:use-module (gnu packages video) + #:use-module (gnu packages xiph) + #:use-module (gnu packages xml) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xorg)) + +(define (strip-directory-prefix pathspec) + "Return everything after the last '/' in PATHSPEC." + (let ((index (string-rindex pathspec #\/))) + (if index (string-drop pathspec (+ 1 index)) + pathspec))) + +(define (chromium-patch-file-name pathspec) + (let ((patch-name (strip-directory-prefix pathspec))) + (if (string-prefix? "chromium-" patch-name) + patch-name + (string-append "chromium-" patch-name)))) + +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debi= an/patches +(define (debian-patch pathspec revision hash) + (origin + (method url-fetch) + (uri (string-append + "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git" + "/plain/debian/patches/" pathspec "?id=3D" revision)) + (sha256 (base32 hash)) + (file-name (chromium-patch-file-name pathspec)))) + +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files +(define (gentoo-patch pathspec revision hash) + (origin + (method url-fetch) + (uri (string-append + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client" + "/chromium/files/" pathspec "?id=3D" revision)) + (sha256 (base32 hash)) + (file-name (chromium-patch-file-name pathspec)))) + +;; https://github.com/gcarq/inox-patchset +(define (inox-patch pathspec revision hash) + (origin + (method url-fetch) + (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patc= hset/" + revision "/" pathspec)) + (sha256 (base32 hash)) + (file-name (chromium-patch-file-name pathspec)))) + +(define opus+custom + (package (inherit opus) + (arguments + `(;; Opus Custom is an optional extension of the Opus + ;; specification that allows for unsupported frame + ;; sizes. Chromium requires that this is enabled. + #:configure-flags '("--enable-custom-modes") + ,@(package-arguments opus))))) + +;; Chromium since 58 depends on an unreleased libvpx. So, we +;; package the latest master branch as of 2018-01-07. +(define libvpx+experimental + (package + (inherit libvpx) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://chromium.googlesource.com/webm/libvpx") + (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44"))) + (file-name "libvpx-for-chromium-checkout") + (sha256 + (base32 + "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817")))) + ;; TODO: Make libvpx configure flags overrideable. + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (setenv "CONFIG_SHELL" (which "bash")) + (let ((out (assoc-ref outputs "out"))) + (setenv "LDFLAGS" + (string-append "-Wl,-rpath=3D" out "/lib")) + (zero? (system* "./configure" + "--enable-shared" + "--as=3Dyasm" + ;; Limit size to avoid CVE-2015-1258 + "--size-limit=3D16384x16384" + ;; Spatial SVC is an experimental VP9 encod= er + ;; used by some packages (i.e. Chromium). + "--enable-experimental" + "--enable-spatial-svc" + (string-append "--prefix=3D" out))))))) + #:tests? #f)))) ; No tests. + +(define %chromium-gn-bootstrap.patch + (gentoo-patch "chromium-gn-bootstrap-r17.patch" + "5c9cf110bd61fa287a5c536760b5d8ed13f65d52" + "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq")) + +(define %chromium-gcc-compat.patch + (gentoo-patch "chromium-gcc5-r4.patch" + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" + "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg")) + +(define %chromium-webkit-gcc-compat.patch + (gentoo-patch "chromium-gcc5-r5.patch" + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" + "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw")) + +(define %chromium-webrtc-gcc-compat.patch + (gentoo-patch "chromium-webrtc-r0.patch" + "1c5423aab094796b3da7a2905f02cbdcdd6a7742" + "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw")) + +(define %chromium-system-nspr.patch + (debian-patch "system/nspr.patch" + "debian/63.0.3239.40-1" + "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s")) + +(define %chromium-system-libevent.patch + (debian-patch "system/event.patch" + "debian/63.0.3239.40-1" + "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc")) + +(define %chromium-system-icu.patch + (debian-patch "system/icu.patch" + "debian/63.0.3239.40-1" + "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv")) + +(define %chromium-disable-api-keys-warning.patch + (debian-patch "disable/google-api-warning.patch" + "36794e57f1f97068640c6845dbeb9291155893c0" + "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m")) + +(define %chromium-external-components.patch + (debian-patch "disable/external-components.patch" + "debian/63.0.3239.40-1" + "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l")) + +(define %chromium-duckduckgo.patch + (inox-patch "0011-add-duckduckgo-search-engine.patch" + "5af0e6187c22471b8cb803f6dda6738f23a530e7" + "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7")) + +;; Don't start a "Login Wizard" at first launch. +(define %chromium-first-run.patch + (inox-patch "0018-disable-first-run-behaviour.patch" + "3336bb286ea054271ac2199cf374e96c64ed53cf" + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb")) + +;; Use privacy-preserving defaults. +(define %chromium-default-preferences.patch + (inox-patch "0006-modify-default-prefs.patch" + "3336bb286ea054271ac2199cf374e96c64ed53cf" + "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888")) + +;; Recent versions of Chromium may load a remote search engine on the +;; New Tab Page, causing unnecessary and involuntary network traffic. +(define %chromium-restore-classic-ntp.patch + (inox-patch "0008-restore-classic-ntp.patch" + "2f60b788bff89bde11ac802d4c19093661cd23f7" + "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2")) + +(define-public chromium + (package + (name "chromium") + (version "63.0.3239.132") + (synopsis "Graphical web browser") + (source (origin + (method url-fetch) + (uri (string-append "https://commondatastorage.googleapis.co= m/" + "chromium-browser-official/chromium-" + version ".tar.xz")) + (sha256 + (base32 + "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44")) + (patches (list ;%chromium-gn-bootstrap.patch + %chromium-gcc-compat.patch + %chromium-webkit-gcc-compat.patch + %chromium-webrtc-gcc-compat.patch + %chromium-duckduckgo.patch + %chromium-default-preferences.patch + %chromium-first-run.patch + %chromium-restore-classic-ntp.patch + %chromium-system-icu.patch + %chromium-system-nspr.patch + %chromium-system-libevent.patch + %chromium-disable-api-keys-warning.patch)) + (modules '((srfi srfi-1) + (guix build utils))) + (snippet + '(begin + ;; Replace GN files from third_party with shims for buil= ding + ;; against system libraries. Keep this list in sync with + ;; "build/linux/unbundle/replace_gn_files.py". + (for-each (lambda (pair) + (let ((source (string-append + "build/linux/unbundle/" (car = pair))) + (dest (cdr pair))) + (copy-file source dest))) + (list + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn") + '("flac.gn" . "third_party/flac/BUILD.gn") + '("freetype.gn" . "third_party/freetype/BUILD= .gn") + ;; XXX: This broke in 63. + ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-= ng/BUILD.gn") + '("icu.gn" . "third_party/icu/BUILD.gn") + '("libdrm.gn" . "third_party/libdrm/BUILD.gn") + '("libevent.gn" . "base/third_party/libevent/= BUILD.gn") + '("libjpeg.gn" . + "build/secondary/third_party/libjpeg_turbo/= BUILD.gn") + '("libpng.gn" . "third_party/libpng/BUILD.gn") + '("libvpx.gn" . "third_party/libvpx/BUILD.gn") + '("libwebp.gn" . "third_party/libwebp/BUILD.g= n") + ;;'("libxml.gn" . "third_party/libxml/BUILD.g= n") ;TODO + '("libxslt.gn" . "third_party/libxslt/BUILD.g= n") + '("openh264.gn" . "third_party/openh264/BUILD= .gn") + '("opus.gn" . "third_party/opus/BUILD.gn") + '("re2.gn" . "third_party/re2/BUILD.gn") + '("snappy.gn" . "third_party/snappy/BUILD.gn") + '("yasm.gn" . "third_party/yasm/yasm_assemble= .gni") + '("zlib.gn" . "third_party/zlib/BUILD.gn"))) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f + ;; FIXME: There is a "gn" option specifically for setting -rpath, b= ut + ;; it's not recognized when passed. + #:validate-runpath? #f + #:modules ((srfi srfi-26) + (ice-9 ftw) + (ice-9 regex) + (guix build gnu-build-system) + (guix build utils)) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'remove-bundled-software + (lambda _ + (let ((keep-libs + (list + ;; Third party folders that cannot be deleted yet. + "base/third_party/dmg_fp" + "base/third_party/dynamic_annotations" + "base/third_party/icu" + "base/third_party/libevent" + "base/third_party/nspr" + "base/third_party/superfasthash" + "base/third_party/symbolize" ; glog + "base/third_party/xdg_mime" + "base/third_party/xdg_user_dirs" + "buildtools/third_party/libc++" + "chrome/third_party/mozilla_security_manager" + "courgette/third_party" + "net/third_party/mozilla_security_manager" + "net/third_party/nss" + "third_party/adobe/flash/flapper_version.h" + ;; FIXME: This is used in: + ;; * ui/webui/resources/js/analytics.js + ;; * ui/file_manager/ + "third_party/analytics" + "third_party/angle" + "third_party/angle/src/common/third_party/base" + "third_party/angle/src/common/third_party/smhasher" + "third_party/angle/src/third_party/compiler" + "third_party/angle/src/third_party/libXNVCtrl" + "third_party/angle/src/third_party/trace_event" + "third_party/blink" + "third_party/boringssl" + "third_party/breakpad" + "third_party/brotli" + "third_party/cacheinvalidation" + "third_party/catapult" + "third_party/catapult/common/py_vulcanize/third_party= /rcssmin" + "third_party/catapult/common/py_vulcanize/third_party= /rjsmin" + "third_party/catapult/third_party/polymer" + "third_party/catapult/tracing/third_party/d3" + "third_party/catapult/tracing/third_party/gl-matrix" + "third_party/catapult/tracing/third_party/jszip" + "third_party/catapult/tracing/third_party/mannwhitney= u" + "third_party/catapult/tracing/third_party/oboe" + "third_party/catapult/tracing/third_party/pako" + "third_party/ced" + "third_party/cld_3" + "third_party/crc32c" + "third_party/cros_system_api" + "third_party/dom_distiller_js" + "third_party/fips181" + "third_party/flatbuffers" + ;; XXX Needed by pdfium since 59. + "third_party/freetype" + "third_party/glslang-angle" + "third_party/google_input_tools" + "third_party/google_input_tools/third_party/closure_l= ibrary" + (string-append "third_party/google_input_tools/third_= party" + "/closure_library/third_party/closure") + "third_party/googletest" + "third_party/harfbuzz-ng" ;XXX why is this required i= n 63+ + "third_party/hunspell" + "third_party/iccjpeg" + "third_party/inspector_protocol" + "third_party/jinja2" + "third_party/jstemplate" + "third_party/khronos" + "third_party/leveldatabase" + "third_party/libXNVCtrl" + "third_party/libaddressinput" + "third_party/libjingle_xmpp" + "third_party/libphonenumber" + "third_party/libsecret" ;FIXME: needs pkg-config supp= ort. + "third_party/libsrtp" ;TODO: Requires libsrtp@2. + "third_party/libudev" + "third_party/libwebm" + "third_party/libxml" ;FIXME: Unbundle (again). + "third_party/libyuv" + "third_party/lss" + "third_party/lzma_sdk" + "third_party/markupsafe" + "third_party/mesa" + "third_party/modp_b64" + "third_party/mt19937ar" + "third_party/node" + "third_party/node/node_modules/polymer-bundler/lib/th= ird_party/UglifyJS2" + "third_party/openmax_dl" + "third_party/ots" + "third_party/pdfium" + "third_party/pdfium/third_party" + "third_party/ply" + "third_party/polymer" + "third_party/protobuf" + "third_party/protobuf/third_party/six" + "third_party/qcms" + "third_party/sfntly" + "third_party/skia" + "third_party/skia/third_party/vulkan" + "third_party/skia/third_party/gif" + "third_party/smhasher" + "third_party/speech-dispatcher" + "third_party/spirv-headers" + "third_party/spirv-tools-angle" + "third_party/sqlite" + "third_party/swiftshader" + "third_party/swiftshader/third_party" + "third_party/usb_ids" + "third_party/usrsctp" + "third_party/vulkan" + "third_party/vulkan-validation-layers" + "third_party/WebKit" + "third_party/web-animations-js" + "third_party/webrtc" + "third_party/widevine/cdm/widevine_cdm_version.h" + "third_party/widevine/cdm/widevine_cdm_common.h" + "third_party/woff2" + "third_party/xdg-utils" + "third_party/yasm/run_yasm.py" + "third_party/zlib/google" + "url/third_party/mozilla" + "v8/src/third_party/valgrind" + "v8/third_party/inspector_protocol"))) + ;; FIXME: implement as source snippet. This traverses + ;; any "third_party" directory and deletes files that are: + ;; * not ending with ".gn" or ".gni"; or + ;; * not explicitly named as argument (folder or file). + (zero? (apply system* "python" + "build/linux/unbundle/remove_bundled_librarie= s.py" + "--do-remove" keep-libs))))) + (add-after 'remove-bundled-software 'patch-stuff + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "printing/cups_config_helper.py" + (("cups_config =3D.*") + (string-append "cups_config =3D '" (assoc-ref inputs "cups= ") + "/bin/cups-config'\n"))) + + (substitute* + '("base/process/launch_posix.cc" + "base/third_party/dynamic_annotations/dynamic_annotatio= ns.c" + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc" + "sandbox/linux/services/credentials.cc" + "sandbox/linux/services/namespace_utils.cc" + "sandbox/linux/services/syscall_wrappers.cc" + "sandbox/linux/syscall_broker/broker_host.cc") + (("include \"base/third_party/valgrind/") "include \"valgri= nd/")) + + (for-each (lambda (file) + (substitute* file + ;; Fix opus include path. + ;; Do not substitute opus_private.h. + (("#include \"opus\\.h\"") + "#include \"opus/opus.h\"") + (("#include \"opus_custom\\.h\"") + "#include \"opus/opus_custom.h\"") + (("#include \"opus_defines\\.h\"") + "#include \"opus/opus_defines.h\"") + (("#include \"opus_multistream\\.h\"") + "#include \"opus/opus_multistream.h\"") + (("#include \"opus_types\\.h\"") + "#include \"opus/opus_types.h\""))) + (append (find-files "third_party/opus/src/celt") + (find-files "third_party/opus/src/src") + (find-files (string-append "third_party/web= rtc/modules" + "/audio_coding/c= odecs/opus")))) + + (substitute* "chrome/common/chrome_paths.cc" + (("/usr/share/chromium/extensions") + ;; TODO: Add ~/.guix-profile. + "/run/current-system/profile/share/chromium/extensions")) + + (substitute* + "third_party/breakpad/breakpad/src/common/linux/libcurl_w= rapper.h" + (("include \"third_party/curl") "include \"curl")) + (substitute* "media/base/decode_capabilities.cc" + (("third_party/libvpx/source/libvpx/") "")) + + ;; We don't cross compile most packages, so get rid of the + ;; unnecessary ARCH-linux-gnu* prefix. + (substitute* "build/toolchain/linux/BUILD.gn" + (("aarch64-linux-gnu-") "") + (("arm-linux-gnueabihf-") "")) + #t)) + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((gn-flags + (list + ;; See tools/gn/docs/cookbook.md and + ;; https://www.chromium.org/developers/gn-build-confi= guration + ;; for usage. Run "./gn args . --list" in the Release + ;; directory for an exhaustive list of supported flag= s. + "is_debug=3Dfalse" + "is_official_build=3Dfalse" + "is_clang=3Dfalse" + "use_gold=3Dfalse" + "linux_use_bundled_binutils=3Dfalse" + "use_custom_libcxx=3Dfalse" + "use_sysroot=3Dfalse" + "goma_dir=3D\"\"" + "enable_precompiled_headers=3Dfalse" + "use_jumbo_build=3Dtrue" ;speeds up build + ;; Use a deterministic version identifier. + "override_build_date=3D\"01 01 2000 05:00:00\"" + "use_unofficial_version_number=3Dfalse" + ;; Disable debugging features to save space. + "remove_webcore_debug_symbols=3Dtrue" + "enable_iterator_debugging=3Dfalse" + ;; Don't fail when using deprecated ffmpeg features. + "treat_warnings_as_errors=3Dfalse" + "enable_nacl=3Dfalse" + "enable_nacl_nonsfi=3Dfalse" + "use_allocator=3D\"none\"" ;don't use tcmalloc + ;; Don't add any API keys. End users can set them in = the + ;; environment if necessary. + ;; https://www.chromium.org/developers/how-tos/api-ke= ys + "use_official_google_api_keys=3Dfalse" + ;; Disable "field trials". + "fieldtrial_testing_like_official_build=3Dtrue" + + "use_system_freetype=3Dtrue" + ;; FIXME: Try enabling this for 63+. + ;;"use_system_harfbuzz=3Dtrue" + "use_system_libjpeg=3Dtrue" + "use_system_lcms2=3Dtrue" + "use_system_zlib=3Dtrue" + ;; This is currently not supported on Linux: + ;; https://bugs.chromium.org/p/chromium/issues/detail= ?id=3D22208 + ;; "use_system_sqlite=3Dtrue" + "use_gconf=3Dfalse" ; deprecated by gsettings + "use_gnome_keyring=3Dfalse" ; deprecated by libsecret + "use_gtk3=3Dtrue" + "use_openh264=3Dtrue" + "use_xkbcommon=3Dtrue" + "link_pulseaudio=3Dtrue" + + ;; Don't arbitrarily restrict formats supported by sy= stem ffmpeg. + "proprietary_codecs=3Dtrue" + "ffmpeg_branding=3D\"Chrome\"" + + ;; WebRTC stuff. + "rtc_use_h264=3Dtrue" + ;; Don't use bundled sources. + "rtc_build_json=3Dfalse" + "rtc_build_libevent=3Dfalse" + "rtc_build_libvpx=3Dfalse" + "rtc_build_opus=3Dfalse" + "rtc_build_ssl=3Dfalse" + ;; TODO: Package these. + "rtc_build_libsrtp=3Dtrue" ; 2.0 + "rtc_build_libyuv=3Dtrue" + "rtc_build_openmax_dl=3Dtrue" + "rtc_build_usrsctp=3Dtrue" + (string-append "rtc_jsoncpp_root=3D\"" + (assoc-ref inputs "jsoncpp") + "/include/jsoncpp/json\"") + (string-append "rtc_ssl_root=3D\"" + (assoc-ref inputs "openssl") + "/include/openssl\"")))) + + ;; XXX: How portable is this. + (mkdir-p "third_party/node/linux/node-linux-x64") + (symlink (string-append (assoc-ref inputs "node") "/bin") + "third_party/node/linux/node-linux-x64/bin") + + (setenv "CC" "gcc") + (setenv "CXX" "g++") + ;; TODO: pre-compile instead. Avoids a race condition. + (setenv "PYTHONDONTWRITEBYTECODE" "1") + (and + ;; Build the "gn" tool. + (zero? (system* "python" + "tools/gn/bootstrap/bootstrap.py" "-s" "-v= ")) + ;; Generate ninja build files. + (zero? (system* "./out/Release/gn" "gen" "out/Release" + (string-append "--args=3D" + (string-join gn-flags " "))= )))))) + (replace 'build + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "ninja" "-C" "out/Release" + "-j" (number->string (parallel-job-count)) + "chrome")))) + (replace 'install + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (exe (string-append bin "/chromium")) + (lib (string-append out "/lib")) + (man (string-append out "/share/man/man1")) + (applications (string-append out "/share/application= s")) + (install-regexp (make-regexp "\\.(bin|pak)$")) + (locales (string-append lib "/locales")) + (resources (string-append lib "/resources")) + (gtk+ (assoc-ref inputs "gtk+")) + (mesa (assoc-ref inputs "mesa")) + (nss (assoc-ref inputs "nss")) + (udev (assoc-ref inputs "udev")) + (sh (which "sh"))) + + (substitute* '("chrome/app/resources/manpage.1.in" + "chrome/installer/linux/common/desktop.templ= ate") + (("@@MENUNAME@@") "Chromium") + (("@@PACKAGE@@") "chromium") + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe)) + (mkdir-p man) + (copy-file "chrome/app/resources/manpage.1.in" + (string-append man "/chromium.1")) + (mkdir-p applications) + (copy-file "chrome/installer/linux/common/desktop.template" + (string-append applications "/chromium.desktop")) + + (with-directory-excursion "out/Release" + (for-each (lambda (file) + (install-file file lib)) + (scandir "." (cut regexp-exec install-regexp <>= ))) + (copy-file "chrome" (string-append lib "/chromium")) + + ;; TODO: Install icons from "../../chrome/app/themes" into + ;; "out/share/icons/hicolor/$size". + (install-file + "product_logo_48.png" + (string-append out "/share/icons/48x48/chromium.png")) + + (copy-recursively "locales" locales) + (copy-recursively "resources" resources) + + (mkdir-p bin) + ;; Add a thin wrapper to prevent the user from inadverten= tly + ;; installing non-free software through the Web Store. + ;; TODO: Discover extensions from the profile and pass + ;; something like "--disable-extensions-except=3D...". + (call-with-output-file exe + (lambda (port) + (format port + "#!~a~@ + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@ + then~@ + CHROMIUM_FLAGS=3D\" \\~@ + --disable-background-networking \\~@ + --disable-extensions \\~@ + \"~@ + fi~@ + exec ~a $CHROMIUM_FLAGS \"$@\"~%" + sh (string-append lib "/chromium")))) + (chmod exe #o755) + + (wrap-program exe + ;; TODO: Get these in RUNPATH. + `("LD_LIBRARY_PATH" ":" prefix + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:" + mesa "/lib:" udev "/lib"))) + ;; Avoid file manager crash. See . + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/sh= are")))) + #t))))))) + (native-inputs + `(("bison" ,bison) + ("git" ,git) ;last_commit_position.py + ("gperf" ,gperf) + ("ninja" ,ninja) + ("node" ,node) + ("pkg-config" ,pkg-config) + ("which" ,which) + ("yasm" ,yasm) + + ("python-beautifulsoup4" ,python2-beautifulsoup4) + ("python-html5lib" ,python2-html5lib) + ("python" ,python-2))) + (inputs + `(("alsa-lib" ,alsa-lib) + ("atk" ,atk) + ("cups" ,cups) + ("curl" ,curl) + ("dbus" ,dbus) + ("dbus-glib" ,dbus-glib) + ("expat" ,expat) + ("flac" ,flac) + ("ffmpeg" ,ffmpeg) + ("fontconfig" ,fontconfig) + ("freetype" ,freetype) + ("gdk-pixbuf" ,gdk-pixbuf) + ("glib" ,glib) + ("gtk+-2" ,gtk+-2) + ("gtk+" ,gtk+) + ("harfbuzz" ,harfbuzz) + ("icu4c" ,icu4c-59.1) + ("jsoncpp" ,jsoncpp) + ("lcms" ,lcms) + ("libevent" ,libevent) + ("libffi" ,libffi) + ("libjpeg-turbo" ,libjpeg-turbo) + ("libpng" ,libpng) + ("libusb" ,libusb) + ("libvpx" ,libvpx+experimental) + ("libwebp" ,libwebp) + ("libx11" ,libx11) + ("libxcb" ,libxcb) + ("libxcomposite" ,libxcomposite) + ("libxcursor" ,libxcursor) + ("libxdamage" ,libxdamage) + ("libxext" ,libxext) + ("libxfixes" ,libxfixes) + ("libxi" ,libxi) + ("libxkbcommon" ,libxkbcommon) + ("libxml2" ,libxml2) + ("libxrandr" ,libxrandr) + ("libxrender" ,libxrender) + ("libxscrnsaver" ,libxscrnsaver) + ("libxslt" ,libxslt) + ("libxtst" ,libxtst) + ("mesa" ,mesa) + ("minizip" ,minizip) + ("mit-krb5" ,mit-krb5) + ("nss" ,nss) + ("openh264" ,openh264) + ("openssl" ,openssl) + ("opus" ,opus+custom) + ("pango" ,pango) + ("pciutils" ,pciutils) + ("protobuf" ,protobuf) + ("pulseaudio" ,pulseaudio) + ("re2" ,re2) + ("snappy" ,snappy) + ("speech-dispatcher" ,speech-dispatcher) + ("sqlite" ,sqlite) + ("udev" ,eudev) + ("valgrind" ,valgrind))) + (home-page "https://www.chromium.org/") + (description + "Chromium is a web browser using the @code{Blink} rendering engine.") + ;; Chromium is developed as BSD-3, but bundles a large number of third= -party + ;; software with other licenses. For full information, see chrome://cr= edits. + (license (list license:bsd-3 + license:bsd-2 + license:expat + license:asl2.0 + license:mpl2.0 + license:public-domain + license:lgpl2.1+)))) =2D-=20 2.15.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlpT6QoACgkQoqBt8qM6 VPpUtwgAq+kfYJHXhUn4kFeWpKffMt3woWyztcTHYrKaoqGIwpnR41+/tom/8yf2 qsdcmoD7p632w/ZrFtuDKhq28IriFi0cHZqmnacZU2Y1/9+UlQf7DmQYO2RdV5Rl RNlAFVSO+vhuAzMTwhXePAg1vDHWUGpF/vuy6GTyzhehoG/bKIY+t0xIaAL4ViBI 6/Lw/Fh/+QfCruGHs4x58sG0CMQM38xdrsK4hQS/ywX1Sz0zPSzckXlnthb0E18q VzHqBAh80EOGZ3NubX9u46gW0d+n4vlgtGlY4RirUBJ3TZKVsrN604bpV+LNSs4p pY7dXovy62hkYISj0J3Ax3e3ZbrOTg== =u9L2 -----END PGP SIGNATURE----- --==-=-=--