From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32902) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1deoCA-0008Fs-AF for guix-patches@gnu.org; Mon, 07 Aug 2017 16:00:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1deoC2-0002A7-CY for guix-patches@gnu.org; Mon, 07 Aug 2017 16:00:10 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:42072) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1deoC2-00029o-7Y for guix-patches@gnu.org; Mon, 07 Aug 2017 16:00:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1deoC1-0005KG-VU for guix-patches@gnu.org; Mon, 07 Aug 2017 16:00:02 -0400 Subject: [bug#28004] Chromium Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59998) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1deoAm-0007jZ-87 for guix-patches@gnu.org; Mon, 07 Aug 2017 15:58:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1deoAe-0001LE-BX for guix-patches@gnu.org; Mon, 07 Aug 2017 15:58:44 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34941) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1deoAd-0001KM-PC for guix-patches@gnu.org; Mon, 07 Aug 2017 15:58:36 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 1E9AC21AC3 for ; Mon, 7 Aug 2017 15:58:34 -0400 (EDT) Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 681E77E780 for ; Mon, 7 Aug 2017 15:58:33 -0400 (EDT) From: Marius Bakke Date: Mon, 07 Aug 2017 21:58:31 +0200 Message-ID: <87y3qvb15k.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 28004@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello Guix! Attached is a patch for Chromium, a popular web browser. It requires the new ld wrapper from 'core-updates' and a very powerful build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours). Note that I cannot guarantee timely delivery of security updates. Major version upgrades are hugely painful, and almost always contain many high-severity fixes. Should we mention that in the description? Happy for any feedback. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-gnu-Add-chromium.patch Content-Transfer-Encoding: quoted-printable From=208679de14536a8ff12cc6a7da5c51d669bd23fbe6 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Oct 2016 17:25:05 +0100 Subject: [PATCH] gnu: Add chromium. * gnu/packages/chromium.scm: New file. * gnu/packages/patches/chromium-disable-api-keys-warning.patch, gnu/packages/patches/chromium-disable-third-party-cookies.patch, gnu/packages/patches/chromium-gn-bootstrap.patch, gnu/packages/patches/chromium-system-icu.patch, gnu/packages/patches/chromium-system-libevent.patch, gnu/packages/patches/chromium-system-nspr.patch, gnu/packages/patches/chromium-system-libxml.patch: New files. * gnu/local.mk: Record it. =2D-- gnu/local.mk | 8 + gnu/packages/chromium.scm | 594 +++++++++++++++++= ++++ .../chromium-disable-api-keys-warning.patch | 17 + .../chromium-disable-third-party-cookies.patch | 13 + gnu/packages/patches/chromium-gn-bootstrap.patch | 13 + gnu/packages/patches/chromium-system-icu.patch | 15 + .../patches/chromium-system-libevent.patch | 84 +++ gnu/packages/patches/chromium-system-libxml.patch | 29 + gnu/packages/patches/chromium-system-nspr.patch | 65 +++ 9 files changed, 838 insertions(+) create mode 100644 gnu/packages/chromium.scm create mode 100644 gnu/packages/patches/chromium-disable-api-keys-warning.= patch create mode 100644 gnu/packages/patches/chromium-disable-third-party-cooki= es.patch create mode 100644 gnu/packages/patches/chromium-gn-bootstrap.patch create mode 100644 gnu/packages/patches/chromium-system-icu.patch create mode 100644 gnu/packages/patches/chromium-system-libevent.patch create mode 100644 gnu/packages/patches/chromium-system-libxml.patch create mode 100644 gnu/packages/patches/chromium-system-nspr.patch diff --git a/gnu/local.mk b/gnu/local.mk index acdadd629..8fb6e63ce 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -86,6 +86,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/packages/certs.scm \ %D%/packages/check.scm \ %D%/packages/chez.scm \ + %D%/packages/chromium.scm \ %D%/packages/ci.scm \ %D%/packages/cmake.scm \ %D%/packages/code.scm \ @@ -540,6 +541,13 @@ dist_patch_DATA =3D \ %D%/packages/patches/chicken-CVE-2017-6949.patch \ %D%/packages/patches/chicken-CVE-2017-11343.patch \ %D%/packages/patches/chmlib-inttypes.patch \ + %D%/packages/patches/chromium-disable-api-keys-warning.patch \ + %D%/packages/patches/chromium-disable-third-party-cookies.patch \ + %D%/packages/patches/chromium-gn-bootstrap.patch \ + %D%/packages/patches/chromium-system-libevent.patch \ + %D%/packages/patches/chromium-system-libxml.patch \ + %D%/packages/patches/chromium-system-icu.patch \ + %D%/packages/patches/chromium-system-nspr.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm new file mode 100644 index 000000000..81bcb8f05 =2D-- /dev/null +++ b/gnu/packages/chromium.scm @@ -0,0 +1,594 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2016, 2017 Marius Bakke +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages chromium) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module (guix utils) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages assembly) + #:use-module (gnu packages base) + #:use-module (gnu packages bison) + #:use-module (gnu packages compression) + #:use-module (gnu packages cups) + #:use-module (gnu packages curl) + #:use-module (gnu packages databases) + #:use-module (gnu packages fontutils) + #:use-module (gnu packages gl) + #:use-module (gnu packages glib) + #:use-module (gnu packages gnome) + #:use-module (gnu packages gnuzilla) + #:use-module (gnu packages gperf) + #:use-module (gnu packages gtk) + #:use-module (gnu packages icu4c) + #:use-module (gnu packages image) + #:use-module (gnu packages libevent) + #:use-module (gnu packages libffi) + #:use-module (gnu packages libusb) + #:use-module (gnu packages linux) + #:use-module (gnu packages kerberos) + #:use-module (gnu packages ninja) + #:use-module (gnu packages node) + #:use-module (gnu packages pciutils) + #:use-module (gnu packages photo) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) + #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages python) + #:use-module (gnu packages regex) + #:use-module (gnu packages serialization) + #:use-module (gnu packages speech) + #:use-module (gnu packages tls) + #:use-module (gnu packages valgrind) + #:use-module (gnu packages version-control) + #:use-module (gnu packages video) + #:use-module (gnu packages xiph) + #:use-module (gnu packages xml) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xorg)) + +(define opus+custom + (package (inherit opus) + (arguments + `(;; Opus Custom is an optional extension of the Opus + ;; specification that allows for unsupported frame + ;; sizes. Chromium requires that this is enabled. + #:configure-flags '("--enable-custom-modes") + ,@(package-arguments opus))))) + +;; Chromium since 58 depends on an unreleased libvpx. So, we +;; package the latest master branch as of 2017-08-05. +(define libvpx+experimental + (package + (inherit libvpx) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://chromium.googlesource.com/webm/libvpx") + (commit "cbb83ba4aa99b40b0b4a2a407bfd6d0d8be87d1f"))) + (file-name "libvpx-for-chromium-checkout") + (sha256 + (base32 + "1rj4ag0zg8c7cn4a9q75vslk5wc7vqy119k669286lxy8dvarh86")))) + ;; TODO: Make libvpx configure flags overrideable. + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (setenv "CONFIG_SHELL" (which "bash")) + (let ((out (assoc-ref outputs "out"))) + (setenv "LDFLAGS" + (string-append "-Wl,-rpath=3D" out "/lib")) + (zero? (system* "./configure" + "--enable-shared" + "--as=3Dyasm" + ;; Limit size to avoid CVE-2015-1258 + "--size-limit=3D16384x16384" + ;; Spatial SVC is an experimental VP9 encod= er + ;; used by some packages (i.e. Chromium). + "--enable-experimental" + "--enable-spatial-svc" + (string-append "--prefix=3D" out))))))) + #:tests? #f)))) ; No tests. + +(define-public chromium + (package + (name "chromium") + (version "60.0.3112.90") + (synopsis "Graphical web browser") + (source (origin + (method url-fetch) + (uri (string-append "https://commondatastorage.googleapis.co= m/" + "chromium-browser-official/chromium-" + version ".tar.xz")) + (sha256 + (base32 + "1rirhwvccidza4q4z1gqdwcd9v1bymh1m9r2cq8jhiabfrjpjbxl")) + (patches (search-patches + "chromium-gn-bootstrap.patch" + "chromium-system-nspr.patch" + "chromium-system-icu.patch" + "chromium-system-libevent.patch" + "chromium-system-libxml.patch" + "chromium-disable-api-keys-warning.patch" + "chromium-disable-third-party-cookies.patch")) + (modules '((srfi srfi-1) + (guix build utils))) + (snippet + '(begin + ;; Replace GN files from third_party with shims for building + ;; against system libraries. Keep this list in sync with + ;; "build/linux/unbundle/replace_gn_files.py". + (for-each (lambda (pair) + (let ((source (string-append + "build/linux/unbundle/" (car pair))) + (dest (cdr pair))) + (copy-file source dest))) + (list + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn") + '("flac.gn" . "third_party/flac/BUILD.gn") + '("freetype.gn" . "third_party/freetype/BUILD.gn") + '("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD= .gn") + '("icu.gn" . "third_party/icu/BUILD.gn") + '("libdrm.gn" . "third_party/libdrm/BUILD.gn") + '("libevent.gn" . "base/third_party/libevent/BUILD.= gn") + '("libjpeg.gn" . + "build/secondary/third_party/libjpeg_turbo/BUILD.= gn") + '("libpng.gn" . "third_party/libpng/BUILD.gn") + '("libvpx.gn" . "third_party/libvpx/BUILD.gn") + '("libwebp.gn" . "third_party/libwebp/BUILD.gn") + '("libxml.gn" . "third_party/libxml/BUILD.gn") + '("libxslt.gn" . "third_party/libxslt/BUILD.gn") + '("openh264.gn" . "third_party/openh264/BUILD.gn") + '("opus.gn" . "third_party/opus/BUILD.gn") + '("re2.gn" . "third_party/re2/BUILD.gn") + '("snappy.gn" . "third_party/snappy/BUILD.gn") + '("yasm.gn" . "third_party/yasm/yasm_assemble.gni") + '("zlib.gn" . "third_party/zlib/BUILD.gn"))) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; How? + ;; FIXME: There is a "gn" option specifically for setting -rpath, b= ut + ;; it's not recognized when passed. + #:validate-runpath? #f + #:modules ((srfi srfi-26) + (ice-9 ftw) + (ice-9 regex) + (guix build gnu-build-system) + (guix build utils)) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'remove-bundled-software + (lambda _ + (let ((keep-libs + (list + ;; Third party folders that cannot be deleted yet. + "base/third_party/dmg_fp" + "base/third_party/dynamic_annotations" + "base/third_party/icu" + "base/third_party/superfasthash" + "base/third_party/symbolize" ; glog + "base/third_party/xdg_mime" + "base/third_party/xdg_user_dirs" + "chrome/third_party/mozilla_security_manager" + "courgette/third_party" + "net/third_party/mozilla_security_manager" + "net/third_party/nss" + "third_party/adobe/flash/flapper_version.h" + ;; FIXME: This is used in: + ;; * ui/webui/resources/js/analytics.js + ;; * ui/file_manager/ + "third_party/analytics" + "third_party/angle" + "third_party/angle/src/common/third_party/numerics" + "third_party/angle/src/third_party/compiler" + "third_party/angle/src/third_party/libXNVCtrl" + "third_party/angle/src/third_party/murmurhash" + "third_party/angle/src/third_party/trace_event" + "third_party/boringssl" + "third_party/brotli" + "third_party/cacheinvalidation" + "third_party/catapult" + "third_party/catapult/third_party/polymer" + "third_party/catapult/third_party/py_vulcanize" + "third_party/catapult/third_party/py_vulcanize/third_= party/rcssmin" + "third_party/catapult/third_party/py_vulcanize/third_= party/rjsmin" + "third_party/catapult/tracing/third_party/d3" + "third_party/catapult/tracing/third_party/gl-matrix" + "third_party/catapult/tracing/third_party/jszip" + "third_party/catapult/tracing/third_party/mannwhitney= u" + "third_party/catapult/tracing/third_party/oboe" + "third_party/ced" + "third_party/cld_3" + "third_party/cros_system_api" + "third_party/dom_distiller_js" + "third_party/fips181" + "third_party/flatbuffers" + ;; XXX Needed by pdfium since 59. + "third_party/freetype" + "third_party/glslang-angle" + "third_party/google_input_tools" + "third_party/google_input_tools/third_party/closure_l= ibrary" + (string-append "third_party/google_input_tools/third_= party" + "/closure_library/third_party/closure") + "third_party/googletest" + "third_party/hunspell" + "third_party/iccjpeg" + "third_party/inspector_protocol" + "third_party/jinja2" + "third_party/jstemplate" + "third_party/khronos" + "third_party/leveldatabase" + "third_party/libXNVCtrl" + "third_party/libaddressinput" + "third_party/libjingle_xmpp" + "third_party/libphonenumber" + "third_party/libsecret" ;FIXME: needs pkg-confi= g support. + "third_party/libsrtp" ;TODO: Requires libsrtp= @2. + "third_party/libudev" + "third_party/libwebm" + "third_party/libxml/chromium" + "third_party/libyuv" + "third_party/lss" + "third_party/lzma_sdk" + "third_party/markupsafe" + "third_party/mesa" + "third_party/modp_b64" + "third_party/mt19937ar" + "third_party/node" + "third_party/node/node_modules/vulcanize/third_party/= UglifyJS2" + "third_party/openmax_dl" + "third_party/ots" + "third_party/pdfium" ;TODO: can be built stan= dalone. + "third_party/pdfium/third_party" + "third_party/ply" + "third_party/polymer" + "third_party/protobuf" + "third_party/protobuf/third_party/six" + "third_party/qcms" + "third_party/sfntly" + "third_party/skia" + "third_party/skia/third_party/vulkan" + "third_party/smhasher" + ;; XXX the sources that include this are generated. + "third_party/speech-dispatcher" + "third_party/spirv-headers" + "third_party/spirv-tools-angle" + "third_party/sqlite" + "third_party/swiftshader" + "third_party/swiftshader/third_party" + "third_party/usb_ids" + "third_party/usrsctp" + "third_party/vulkan" + "third_party/vulkan-validation-layers" + "third_party/WebKit" + "third_party/web-animations-js" + "third_party/webrtc" + "third_party/widevine/cdm/widevine_cdm_version.h" + "third_party/widevine/cdm/widevine_cdm_common.h" + "third_party/woff2" + "third_party/xdg-utils" + "third_party/yasm/run_yasm.py" + "third_party/zlib/google" + "url/third_party/mozilla" + "v8/src/third_party/valgrind" + "v8/third_party/inspector_protocol"))) + ;; FIXME: implement as source snippet. This traverses + ;; any "third_party" directory and deletes files that are: + ;; * not ending with ".gn" or ".gni"; or + ;; * not explicitly named as argument (folder or file). + (zero? (apply system* "python" + "build/linux/unbundle/remove_bundled_librarie= s.py" + "--do-remove" keep-libs))))) + (add-after 'remove-bundled-software 'patch-stuff + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "printing/cups_config_helper.py" + (("cups_config =3D.*") + (string-append "cups_config =3D '" (assoc-ref inputs "cups= ") + "/bin/cups-config'\n"))) + + (substitute* + '("base/process/launch_posix.cc" + "base/tracked_objects.cc" + "base/third_party/dynamic_annotations/dynamic_annotatio= ns.c" + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc" + "sandbox/linux/services/credentials.cc" + "sandbox/linux/services/namespace_utils.cc" + "sandbox/linux/services/syscall_wrappers.cc" + "sandbox/linux/syscall_broker/broker_host.cc") + (("include \"base/third_party/valgrind/") "include \"valgri= nd/")) + + (for-each (lambda (file) + (substitute* file + ;; Fix opus include path. + ;; Do not substitute opus_private.h. + (("#include \"opus\\.h\"") + "#include \"opus/opus.h\"") + (("#include \"opus_custom\\.h\"") + "#include \"opus/opus_custom.h\"") + (("#include \"opus_defines\\.h\"") + "#include \"opus/opus_defines.h\"") + (("#include \"opus_multistream\\.h\"") + "#include \"opus/opus_multistream.h\"") + (("#include \"opus_types\\.h\"") + "#include \"opus/opus_types.h\""))) + (append (find-files "third_party/opus/src/celt") + (find-files "third_party/opus/src/src") + (find-files (string-append "third_party/web= rtc/modules" + "/audio_coding/c= odecs/opus")))) + + (substitute* "chrome/common/chrome_paths.cc" + (("/usr/share/chromium/extensions") + ;; TODO: Add ~/.guix-profile. + "/run/current-system/profile/share/chromium/extensions")) + + (substitute* "breakpad/src/common/linux/libcurl_wrapper.h" + (("include \"third_party/curl") "include \"curl")) + (substitute* "media/base/decode_capabilities.cc" + (("third_party/libvpx/source/libvpx/") "")) + #t)) + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((gn-flags + (list + ;; See tools/gn/docs/cookbook.md and + ;; https://www.chromium.org/developers/gn-build-confi= guration + ;; for usage. Run "./gn args . --list" in the Release + ;; directory for an exhaustive list of supported flag= s. + "is_debug=3Dfalse" + "is_official_build=3Dfalse" + "is_clang=3Dfalse" + "use_gold=3Dfalse" + "linux_use_bundled_binutils=3Dfalse" + "use_sysroot=3Dfalse" + "remove_webcore_debug_symbols=3Dtrue" + "enable_iterator_debugging=3Dfalse" + "override_build_date=3D\"01 01 2000 05:00:00\"" + ;; Don't fail when using deprecated ffmpeg features. + "treat_warnings_as_errors=3Dfalse" + "enable_nacl=3Dfalse" + "enable_nacl_nonsfi=3Dfalse" + "use_allocator=3D\"none\"" ; Don't use tcmalloc. + ;; Don't add any API keys. End users can set them in = the + ;; environment if necessary. + ;; https://www.chromium.org/developers/how-tos/api-ke= ys + "use_official_google_api_keys=3Dfalse" + ;; Disable "field trials". + "fieldtrial_testing_like_official_build=3Dtrue" + + "use_system_libjpeg=3Dtrue" + ;; This is currently not supported on Linux: + ;; https://bugs.chromium.org/p/chromium/issues/detail= ?id=3D22208 + ;; "use_system_sqlite=3Dtrue" + "use_gtk3=3Dtrue" + "use_gconf=3Dfalse" ; deprecated by gsettings + "use_gnome_keyring=3Dfalse" ; deprecated by libsecret + "use_xkbcommon=3Dtrue" + "link_pulseaudio=3Dtrue" + "use_openh264=3Dtrue" + + ;; Don't arbitrarily restrict formats supported by ou= r ffmpeg. + "proprietary_codecs=3Dtrue" + "ffmpeg_branding=3D\"Chrome\"" + + ;; WebRTC stuff. + "rtc_use_h264=3Dtrue" + ;; Don't use bundled sources. + "rtc_build_json=3Dfalse" + "rtc_build_libevent=3Dfalse" + "rtc_build_libjpeg=3Dfalse" + "rtc_build_libvpx=3Dfalse" + "rtc_build_opus=3Dfalse" + "rtc_build_ssl=3Dfalse" + ;; TODO: Package these. + "rtc_build_libsrtp=3Dtrue" ; 2.0 + "rtc_build_libyuv=3Dtrue" + "rtc_build_openmax_dl=3Dtrue" + "rtc_build_usrsctp=3Dtrue" + (string-append "rtc_jsoncpp_root=3D\"" + (assoc-ref inputs "jsoncpp") + "/include/jsoncpp/json\"") + (string-append "rtc_ssl_root=3D\"" + (assoc-ref inputs "openssl") + "/include/openssl\"")))) + + ;; XXX: How portable is this. + (mkdir-p "third_party/node/linux/node-linux-x64") + (symlink (string-append (assoc-ref inputs "node") "/bin") + "third_party/node/linux/node-linux-x64/bin") + + (setenv "CC" "gcc") + (setenv "CXX" "g++") + ;; TODO: pre-compile instead. Avoids a race condition. + (setenv "PYTHONDONTWRITEBYTECODE" "1") + (and + ;; Build the "gn" tool. + (zero? (system* "python" + "tools/gn/bootstrap/bootstrap.py" "-s" "-v= ")) + ;; Generate ninja build files. + (zero? (system* "./out/Release/gn" "gen" "out/Release" + (string-append "--args=3D" + (string-join gn-flags " "))= )))))) + (replace 'build + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "ninja" "-C" "out/Release" + "-j" (number->string (parallel-job-count)) + "chrome")))) + (replace 'install + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (exe (string-append bin "/chromium")) + (lib (string-append out "/lib")) + (man (string-append out "/share/man/man1")) + (applications (string-append out "/share/application= s")) + (install-regexp (make-regexp "\\.(so|bin|pak)$")) + (locales (string-append lib "/locales")) + (resources (string-append lib "/resources")) + (gtk+ (assoc-ref inputs "gtk+")) + (mesa (assoc-ref inputs "mesa")) + (nss (assoc-ref inputs "nss")) + (udev (assoc-ref inputs "udev")) + (sh (which "sh"))) + + (mkdir-p applications) + (call-with-output-file (string-append applications + "/chromium.desktop") + (lambda (port) + (format port + "[Desktop Entry]~@ + Name=3DChromium~@ + Comment=3D~a~@ + Exec=3D~a~@ + Icon=3Dchromium.png~@ + Type=3DApplication~%" ,synopsis exe))) + + (with-directory-excursion "out/Release" + (for-each (lambda (file) + (install-file file lib)) + (scandir "." (cut regexp-exec install-regexp <>= ))) + (copy-file "chrome" (string-append lib "/chromium")) + + ;; TODO: Install icons from "../../chrome/app/themes" into + ;; "out/share/icons/hicolor/$size". + (install-file + "product_logo_48.png" + (string-append out "/share/icons/48x48/chromium.png")) + + (copy-recursively "locales" locales) + (copy-recursively "resources" resources) + + (mkdir-p man) + (copy-file "chrome.1" (string-append man "/chromium.1")) + + (mkdir-p bin) + ;; Add a thin wrapper to prevent the user from inadverten= tly + ;; installing non-free software through the Web Store. + ;; TODO: Discover extensions from the profile and pass + ;; something like "--disable-extensions-except=3D...". + (call-with-output-file exe + (lambda (port) + (format port + "#!~a~@ + CHROMIUM_FLAGS=3D\"--disable-background-netwo= rking\"~@ + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@ + then~@ + CHROMIUM_FLAGS=3D\"$CHROMIUM_FLAGS --disa= ble-extensions\"~@ + fi~@ + exec ~a $CHROMIUM_FLAGS \"$@\"~%" + sh (string-append lib "/chromium")))) + (chmod exe #o755) + + (wrap-program exe + ;; TODO: Get these in RUNPATH. + `("LD_LIBRARY_PATH" ":" prefix + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:" + mesa "/lib:" udev "/lib"))) + ;; Avoid file manager crash. See . + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/sh= are")))) + #t))))))) + (native-inputs + `(("bison" ,bison) + ("git" ,git) ; last_commit_position.py + ("gperf" ,gperf) + ("ninja" ,ninja) + ("node" ,node) + ("pkg-config" ,pkg-config) + ("which" ,which) + ("yasm" ,yasm) + + ;; Headers. + ("curl" ,curl) + ("valgrind" ,valgrind) + + ("python-beautifulsoup4" ,python2-beautifulsoup4) + ("python-html5lib" ,python2-html5lib) + ("python" ,python-2))) + (inputs + `(("alsa-lib" ,alsa-lib) + ("atk" ,atk) + ("cups" ,cups) + ("dbus" ,dbus) + ("dbus-glib" ,dbus-glib) + ("udev" ,eudev) + ("expat" ,expat) + ("flac" ,flac) + ("ffmpeg" ,ffmpeg) + ("fontconfig" ,fontconfig) + ("freetype" ,freetype) + ("gdk-pixbuf" ,gdk-pixbuf) + ("glib" ,glib) + ("gtk+-2" ,gtk+-2) + ("gtk+" ,gtk+) + ("harfbuzz" ,harfbuzz) + ("icu4c" ,icu4c) + ("jsoncpp" ,jsoncpp) + ("libevent" ,libevent) + ("libffi" ,libffi) + ("libjpeg-turbo" ,libjpeg-turbo) + ("libpng" ,libpng) + ("libusb" ,libusb) + ("libvpx" ,libvpx+experimental) + ("libwebp" ,libwebp) + ("libx11" ,libx11) + ("libxcb" ,libxcb) + ("libxcomposite" ,libxcomposite) + ("libxcursor" ,libxcursor) + ("libxdamage" ,libxdamage) + ("libxext" ,libxext) + ("libxfixes" ,libxfixes) + ("libxi" ,libxi) + ("libxkbcommon" ,libxkbcommon) + ("libxml2" ,libxml2) + ("libxrandr" ,libxrandr) + ("libxrender" ,libxrender) + ("libxscrnsaver" ,libxscrnsaver) + ("libxslt" ,libxslt) + ("libxtst" ,libxtst) + ("mesa" ,mesa) + ("minizip" ,minizip) + ("mit-krb5" ,mit-krb5) + ("nss" ,nss) + ("openh264" ,openh264) + ("openssl" ,openssl) + ("opus" ,opus+custom) + ("pango" ,pango) + ("pciutils" ,pciutils) + ("protobuf" ,protobuf) + ("pulseaudio" ,pulseaudio) + ("re2" ,re2) + ("snappy" ,snappy) + ("speech-dispatcher" ,speech-dispatcher) + ("sqlite" ,sqlite))) + (home-page "https://www.chromium.org/") + (description + "Chromium is a web browser using the @code{Blink} rendering engine.") + ;; Chromium is developed as BSD-3, but bundles a large number of third= -party + ;; software with other licenses. For full information, see chrome://cr= edits. + (license (list license:bsd-3 + license:bsd-2 + license:expat + license:asl2.0 + license:mpl2.0 + license:public-domain + license:lgpl2.1+)))) diff --git a/gnu/packages/patches/chromium-disable-api-keys-warning.patch b= /gnu/packages/patches/chromium-disable-api-keys-warning.patch new file mode 100644 index 000000000..c7e219f40 =2D-- /dev/null +++ b/gnu/packages/patches/chromium-disable-api-keys-warning.patch @@ -0,0 +1,17 @@ +Disable warning about missing API keys. + +Copied from: + +https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/= patches/disable/google-api-warning.patch + +--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc ++++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc +@@ -816,8 +816,6 @@ void StartupBrowserCreatorImpl::AddInfoB + !command_line_.HasSwitch(switches::kTestType) && + !command_line_.HasSwitch(switches::kEnableAutomation)) { + chrome::ShowBadFlagsPrompt(browser); +- GoogleApiKeysInfoBarDelegate::Create(InfoBarService::FromWebContents( +- browser->tab_strip_model()->GetActiveWebContents())); + ObsoleteSystemInfoBarDelegate::Create(InfoBarService::FromWebContents( + browser->tab_strip_model()->GetActiveWebContents())); +=20 diff --git a/gnu/packages/patches/chromium-disable-third-party-cookies.patc= h b/gnu/packages/patches/chromium-disable-third-party-cookies.patch new file mode 100644 index 000000000..0694c35f3 =2D-- /dev/null +++ b/gnu/packages/patches/chromium-disable-third-party-cookies.patch @@ -0,0 +1,13 @@ +Disable third party cookies by default. + +--- a/components/content_settings/core/browser/cookie_settings.cc ++++ b/components/content_settings/core/browser/cookie_settings.cc +@@ -101,7 +101,7 @@ void CookieSettings::GetCookieSettings( + void CookieSettings::RegisterProfilePrefs( + user_prefs::PrefRegistrySyncable* registry) { + registry->RegisterBooleanPref( +- prefs::kBlockThirdPartyCookies, false, ++ prefs::kBlockThirdPartyCookies, true, + user_prefs::PrefRegistrySyncable::SYNCABLE_PREF); + } +=20 diff --git a/gnu/packages/patches/chromium-gn-bootstrap.patch b/gnu/package= s/patches/chromium-gn-bootstrap.patch new file mode 100644 index 000000000..6d1dcb166 =2D-- /dev/null +++ b/gnu/packages/patches/chromium-gn-bootstrap.patch @@ -0,0 +1,13 @@ +description: add file needed to build gn +author: Michael Gilbert + +--- a/tools/gn/bootstrap/bootstrap.py ++++ b/tools/gn/bootstrap/bootstrap.py +@@ -490,6 +490,7 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/sys_info.cc', + 'base/task_runner.cc', + 'base/task_scheduler/delayed_task_manager.cc', ++ 'base/task_scheduler/environment_config.cc', + 'base/task_scheduler/post_task.cc', + 'base/task_scheduler/priority_queue.cc', + 'base/task_scheduler/scheduler_lock_impl.cc', diff --git a/gnu/packages/patches/chromium-system-icu.patch b/gnu/packages/= patches/chromium-system-icu.patch new file mode 100644 index 000000000..c35c1b75c =2D-- /dev/null +++ b/gnu/packages/patches/chromium-system-icu.patch @@ -0,0 +1,15 @@ +description: maintain compatibility with system icu library +author: Michael Gilbert + +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -657,8 +657,7 @@ group("gn_all") { + } + } +=20 +- if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfu= zz) || +- (use_libfuzzer && is_mac)) { ++ if (false) { + deps +=3D [ + "//testing/libfuzzer/fuzzers", + "//testing/libfuzzer/tests:libfuzzer_tests", diff --git a/gnu/packages/patches/chromium-system-libevent.patch b/gnu/pack= ages/patches/chromium-system-libevent.patch new file mode 100644 index 000000000..91fc9e3b5 =2D-- /dev/null +++ b/gnu/packages/patches/chromium-system-libevent.patch @@ -0,0 +1,84 @@ +description: build using system libevent +author: Michael Gilbert + +https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/= patches/system/event.patch + +--- a/third_party/webrtc/base/task_queue_libevent.cc ++++ b/third_party/webrtc/base/task_queue_libevent.cc +@@ -15,7 +15,7 @@ + #include + #include +=20 +-#include "base/third_party/libevent/event.h" ++#include + #include "webrtc/base/checks.h" + #include "webrtc/base/logging.h" + #include "webrtc/base/task_queue_posix.h" +--- a/tools/gn/bootstrap/bootstrap.py ++++ b/tools/gn/bootstrap/bootstrap.py +@@ -609,26 +609,6 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/time/time_now_posix.cc', + 'base/trace_event/heap_profiler_allocation_register_posix.cc', + ]) +- static_libraries['libevent'] =3D { +- 'sources': [ +- 'base/third_party/libevent/buffer.c', +- 'base/third_party/libevent/evbuffer.c', +- 'base/third_party/libevent/evdns.c', +- 'base/third_party/libevent/event.c', +- 'base/third_party/libevent/event_tagging.c', +- 'base/third_party/libevent/evrpc.c', +- 'base/third_party/libevent/evutil.c', +- 'base/third_party/libevent/http.c', +- 'base/third_party/libevent/log.c', +- 'base/third_party/libevent/poll.c', +- 'base/third_party/libevent/select.c', +- 'base/third_party/libevent/signal.c', +- 'base/third_party/libevent/strlcpy.c', +- ], +- 'tool': 'cc', +- 'include_dirs': [], +- 'cflags': cflags + ['-DHAVE_CONFIG_H'], +- } +=20 + if is_linux or is_aix: + ldflags.extend(['-pthread']) +@@ -660,13 +640,7 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/allocator/allocator_shim.cc', + 'base/allocator/allocator_shim_default_dispatch_to_glibc.cc', + ]) +- libs.extend(['-lrt', '-latomic', '-lnspr4']) +- static_libraries['libevent']['include_dirs'].extend([ +- os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linu= x') +- ]) +- static_libraries['libevent']['sources'].extend([ +- 'base/third_party/libevent/epoll.c', +- ]) ++ libs.extend(['-lrt', '-latomic', '-lnspr4', '-levent']) + else: + libs.extend(['-lrt']) + static_libraries['base']['sources'].extend([ +@@ -703,12 +677,6 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/time/time_mac.cc', + 'base/threading/platform_thread_mac.mm', + ]) +- static_libraries['libevent']['include_dirs'].extend([ +- os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'mac') +- ]) +- static_libraries['libevent']['sources'].extend([ +- 'base/third_party/libevent/kqueue.c', +- ]) +=20 + libs.extend([ + '-framework', 'AppKit', +--- a/base/message_loop/message_pump_libevent.cc ++++ b/base/message_loop/message_pump_libevent.cc +@@ -14,7 +14,7 @@ + #include "base/files/file_util.h" + #include "base/logging.h" + #include "base/posix/eintr_wrapper.h" +-#include "base/third_party/libevent/event.h" ++#include + #include "base/time/time.h" + #include "base/trace_event/trace_event.h" + #include "build/build_config.h" diff --git a/gnu/packages/patches/chromium-system-libxml.patch b/gnu/packag= es/patches/chromium-system-libxml.patch new file mode 100644 index 000000000..23c42d79c =2D-- /dev/null +++ b/gnu/packages/patches/chromium-system-libxml.patch @@ -0,0 +1,29 @@ +description: system libxml2 2.9.4 does not yet provide XML_PARSE_NOXXE +author: Michael Gilbert + +Copied from: + +https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/= patches/system/libxml.patch + +--- a/third_party/libxml/chromium/libxml_utils.cc ++++ b/third_party/libxml/chromium/libxml_utils.cc +@@ -24,8 +24,7 @@ XmlReader::~XmlReader() { +=20 + bool XmlReader::Load(const std::string& input) { + const int kParseOptions =3D XML_PARSE_RECOVER | // recover on errors +- XML_PARSE_NONET | // forbid network access +- XML_PARSE_NOXXE; // no external entities ++ XML_PARSE_NONET; // forbid network access + // TODO(evanm): Verify it's OK to pass NULL for the URL and encoding. + // The libxml code allows for these, but it's unclear what effect is ha= s. + reader_ =3D xmlReaderForMemory(input.data(), static_cast(input.siz= e()), +@@ -35,8 +34,7 @@ bool XmlReader::Load(const std::string& +=20 + bool XmlReader::LoadFile(const std::string& file_path) { + const int kParseOptions =3D XML_PARSE_RECOVER | // recover on errors +- XML_PARSE_NONET | // forbid network access +- XML_PARSE_NOXXE; // no external entities ++ XML_PARSE_NONET; // forbid network access + reader_ =3D xmlReaderForFile(file_path.c_str(), NULL, kParseOptions); + return reader_ !=3D NULL; + } diff --git a/gnu/packages/patches/chromium-system-nspr.patch b/gnu/packages= /patches/chromium-system-nspr.patch new file mode 100644 index 000000000..5f2cca0c3 =2D-- /dev/null +++ b/gnu/packages/patches/chromium-system-nspr.patch @@ -0,0 +1,65 @@ +description: use system nspr library +author: Michael Gilbert + +--- a/base/time/pr_time_unittest.cc ++++ b/base/time/pr_time_unittest.cc +@@ -7,7 +7,7 @@ +=20 + #include "base/compiler_specific.h" + #include "base/macros.h" +-#include "base/third_party/nspr/prtime.h" ++#include + #include "base/time/time.h" + #include "build/build_config.h" + #include "testing/gtest/include/gtest/gtest.h" +--- a/base/time/time.cc ++++ b/base/time/time.cc +@@ -14,7 +14,7 @@ + #include "base/logging.h" + #include "base/macros.h" + #include "base/strings/stringprintf.h" +-#include "base/third_party/nspr/prtime.h" ++#include + #include "build/build_config.h" +=20 + namespace base { +--- a/tools/gn/bootstrap/bootstrap.py ++++ b/tools/gn/bootstrap/bootstrap.py +@@ -510,7 +510,6 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/third_party/dmg_fp/dtoa_wrapper.cc', + 'base/third_party/dmg_fp/g_fmt.cc', + 'base/third_party/icu/icu_utf.cc', +- 'base/third_party/nspr/prtime.cc', + 'base/threading/non_thread_safe_impl.cc', + 'base/threading/post_task_and_reply_impl.cc', + 'base/threading/sequenced_task_runner_handle.cc', +@@ -661,7 +660,7 @@ def write_gn_ninja(path, root_gen_dir, o + 'base/allocator/allocator_shim.cc', + 'base/allocator/allocator_shim_default_dispatch_to_glibc.cc', + ]) +- libs.extend(['-lrt', '-latomic']) ++ libs.extend(['-lrt', '-latomic', '-lnspr4']) + static_libraries['libevent']['include_dirs'].extend([ + os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linu= x') + ]) +--- a/base/BUILD.gn ++++ b/base/BUILD.gn +@@ -58,6 +58,9 @@ config("base_flags") { + "-Wno-char-subscripts", + ] + } ++ ldflags =3D [ ++ "-lnspr4", ++ ] + } +=20 + config("base_implementation") { +@@ -868,8 +871,6 @@ component("base") { + "third_party/dmg_fp/g_fmt.cc", + "third_party/icu/icu_utf.cc", + "third_party/icu/icu_utf.h", +- "third_party/nspr/prtime.cc", +- "third_party/nspr/prtime.h", + "third_party/superfasthash/superfasthash.c", + "third_party/valgrind/memcheck.h", + "threading/non_thread_safe.h", =2D-=20 2.14.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlmIxmgACgkQoqBt8qM6 VPohGQf/aE97eOjQpjyF93GU6xb2DYFASSUOjCgHn/8UUyZj1hmqfDXUNsPeNEo3 kZW9U9vGQH4dKK2j4wpc72rQZQ8598VCwnr2lg8sT3vU+DOOEVsRr5KjnMLKMoZJ pgLbEnHbnNtlVPmFGBWi0M3VvMqn4XWJRJKAZsl69CQBUDOTCW148PqnG8UfNL4U /bBVsKJWk/vhtXR0PSPyJzeHLbPFlopbxh7uPISacX/j5waY6jE7qdh8hy7q+TR0 JyVsX/nszBWGIXU+Dr7pCo/C0nbRz7qt+IDE5iCv247Ao4zhnp4+Jtbwej0QFPuo kXcvP2GoZy7m4r1nx6GzveU/Eg2g5g== =9Kg8 -----END PGP SIGNATURE----- --==-=-=--