mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-30 16:12:58 -05:00
aadfcd1b6f
This fixes CVE-2019-13723 and CVE-2019-13724. * gnu/packages/chromium.scm (%chromium-version): Set to 78.0.3904.108. (%ungoogled-revision): Set to 8f065138317a6152b20decc224027a5192ba76b1. (%chromium-origin, %ungoogled-origin): Update hashes.
872 lines
38 KiB
Scheme
872 lines
38 KiB
Scheme
;;; GNU Guix --- Functional package management for GNU
|
|
;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
|
|
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
|
|
;;;
|
|
;;; This file is part of GNU Guix.
|
|
;;;
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
;;; under the terms of the GNU General Public License as published by
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
;;; your option) any later version.
|
|
;;;
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
;;; GNU General Public License for more details.
|
|
;;;
|
|
;;; You should have received a copy of the GNU General Public License
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
(define-module (gnu packages chromium)
|
|
#:use-module ((guix licenses) #:prefix license:)
|
|
#:use-module (guix packages)
|
|
#:use-module (guix gexp)
|
|
#:use-module (guix store)
|
|
#:use-module (guix monads)
|
|
#:use-module (guix download)
|
|
#:use-module (guix git-download)
|
|
#:use-module (guix utils)
|
|
#:use-module (guix build-system gnu)
|
|
#:use-module (gnu packages)
|
|
#:use-module (gnu packages assembly)
|
|
#:use-module (gnu packages base)
|
|
#:use-module (gnu packages bison)
|
|
#:use-module (gnu packages build-tools)
|
|
#:use-module (gnu packages compression)
|
|
#:use-module (gnu packages cups)
|
|
#:use-module (gnu packages curl)
|
|
#:use-module (gnu packages fontutils)
|
|
#:use-module (gnu packages freedesktop)
|
|
#:use-module (gnu packages gcc)
|
|
#:use-module (gnu packages ghostscript)
|
|
#:use-module (gnu packages gl)
|
|
#:use-module (gnu packages glib)
|
|
#:use-module (gnu packages gnome)
|
|
#:use-module (gnu packages gperf)
|
|
#:use-module (gnu packages gtk)
|
|
#:use-module (gnu packages icu4c)
|
|
#:use-module (gnu packages image)
|
|
#:use-module (gnu packages libevent)
|
|
#:use-module (gnu packages libffi)
|
|
#:use-module (gnu packages linux)
|
|
#:use-module (gnu packages kerberos)
|
|
#:use-module (gnu packages ninja)
|
|
#:use-module (gnu packages node)
|
|
#:use-module (gnu packages nss)
|
|
#:use-module (gnu packages pciutils)
|
|
#:use-module (gnu packages pkg-config)
|
|
#:use-module (gnu packages pulseaudio)
|
|
#:use-module (gnu packages python)
|
|
#:use-module (gnu packages python-web)
|
|
#:use-module (gnu packages python-xyz)
|
|
#:use-module (gnu packages regex)
|
|
#:use-module (gnu packages serialization)
|
|
#:use-module (gnu packages speech)
|
|
#:use-module (gnu packages tls)
|
|
#:use-module (gnu packages valgrind)
|
|
#:use-module (gnu packages vulkan)
|
|
#:use-module (gnu packages video)
|
|
#:use-module (gnu packages xiph)
|
|
#:use-module (gnu packages xml)
|
|
#:use-module (gnu packages xdisorg)
|
|
#:use-module (gnu packages xorg))
|
|
|
|
(define %preserved-third-party-files
|
|
'("base/third_party/cityhash" ;Expat
|
|
"base/third_party/double_conversion" ;BSD-3
|
|
"base/third_party/dynamic_annotations" ;BSD-2
|
|
"base/third_party/icu" ;Unicode, X11-style
|
|
"base/third_party/superfasthash" ;BSD-3
|
|
"base/third_party/symbolize" ;BSD-3
|
|
"base/third_party/xdg_mime" ;LGPL2.0+ or Academic 2.0
|
|
"base/third_party/xdg_user_dirs" ;Expat
|
|
"chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
|
|
"courgette/third_party/bsdiff" ;BSD-2, BSD protection license
|
|
"courgette/third_party/divsufsort" ;Expat
|
|
"net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
|
|
"net/third_party/nss" ;MPL-2.0
|
|
"net/third_party/quiche" ;BSD-3
|
|
"net/third_party/uri_template" ;ASL2.0
|
|
"third_party/abseil-cpp" ;ASL2.0
|
|
"third_party/adobe/flash/flapper_version.h" ;no license, trivial
|
|
"third_party/angle" ;BSD-3
|
|
"third_party/angle/src/common/third_party/base" ;BSD-3
|
|
"third_party/angle/src/common/third_party/smhasher" ;Public domain
|
|
"third_party/angle/src/common/third_party/xxhash" ;BSD-2
|
|
"third_party/angle/src/third_party/compiler" ;BSD-2
|
|
"third_party/angle/src/third_party/libXNVCtrl" ;Expat
|
|
"third_party/angle/src/third_party/trace_event" ;BSD-3
|
|
"third_party/angle/third_party/vulkan-headers" ;ASL2.0
|
|
"third_party/angle/third_party/vulkan-loader" ;ASL2.0
|
|
"third_party/angle/third_party/vulkan-tools" ;ASL2.0
|
|
"third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
|
|
"third_party/apple_apsl" ;APSL2.0
|
|
"third_party/axe-core" ;MPL2.0
|
|
"third_party/blink" ;BSD-3, LGPL2+
|
|
"third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
|
|
"third_party/boringssl/src/third_party/fiat" ;Expat
|
|
"third_party/boringssl/src/third_party/sike" ;Expat
|
|
;; XXX: these files are generated by fp-$arch.pl in the above directory.
|
|
"third_party/boringssl/linux-aarch64/crypto/third_party/sike/asm/fp-armv8.S"
|
|
"third_party/boringssl/linux-x86_64/crypto/third_party/sike/asm/fp-x86_64.S"
|
|
"third_party/breakpad" ;BSD-3
|
|
"third_party/brotli" ;Expat
|
|
"third_party/cacheinvalidation" ;ASL2.0
|
|
"third_party/catapult" ;BSD-3
|
|
"third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
|
|
"third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
|
|
"third_party/catapult/third_party/polymer" ;BSD-3
|
|
"third_party/catapult/tracing/third_party/d3" ;BSD-3
|
|
"third_party/catapult/tracing/third_party/gl-matrix" ;Expat
|
|
"third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
|
|
"third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
|
|
"third_party/catapult/tracing/third_party/oboe" ;BSD-2
|
|
"third_party/catapult/tracing/third_party/pako" ;Expat
|
|
"third_party/ced" ;BSD-3
|
|
"third_party/cld_3" ;ASL2.0
|
|
"third_party/closure_compiler" ;ASL2.0
|
|
"third_party/crashpad" ;ASL2.0
|
|
"third_party/crashpad/crashpad/third_party/lss" ;ASL2.0
|
|
"third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
|
|
"third_party/crc32c" ;BSD-3
|
|
"third_party/cros_system_api" ;BSD-3
|
|
"third_party/dav1d" ;BSD-2
|
|
"third_party/dawn" ;ASL2.0
|
|
"third_party/depot_tools/owners.py" ;BSD-3
|
|
"third_party/dom_distiller_js" ;BSD-3
|
|
"third_party/emoji-segmenter" ;ASL2.0
|
|
"third_party/flatbuffers" ;ASL2.0
|
|
"third_party/glslang" ;BSD-3, Expat, ASL2.0
|
|
"third_party/google_input_tools" ;ASL2.0
|
|
"third_party/google_input_tools/third_party/closure_library" ;ASL2.0
|
|
"third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
|
|
"third_party/googletest" ;BSD-3
|
|
"third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
|
|
"third_party/iccjpeg" ;IJG
|
|
"third_party/inspector_protocol" ;BSD-3
|
|
"third_party/jinja2" ;BSD-3
|
|
"third_party/jstemplate" ;ASL2.0
|
|
"third_party/khronos" ;Expat, SGI
|
|
"third_party/leveldatabase" ;BSD-3
|
|
"third_party/libXNVCtrl" ;Expat
|
|
"third_party/libaddressinput" ;ASL2.0
|
|
"third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
|
|
"third_party/libaom/source/libaom/third_party/vector" ;Expat
|
|
"third_party/libaom/source/libaom/third_party/x86inc" ;ISC
|
|
"third_party/libjingle_xmpp" ;BSD-3
|
|
"third_party/libphonenumber" ;ASL2.0
|
|
"third_party/libsecret" ;LGPL2.1+
|
|
"third_party/libsrtp" ;BSD-3
|
|
"third_party/libsync" ;ASL2.0
|
|
"third_party/libudev" ;LGPL2.1+
|
|
"third_party/libwebm" ;BSD-3
|
|
"third_party/libxml/chromium" ;BSD-3
|
|
"third_party/libyuv" ;BSD-3
|
|
"third_party/lss" ;BSD-3
|
|
"third_party/markupsafe" ;BSD-3
|
|
"third_party/mesa_headers" ;Expat, SGI
|
|
"third_party/metrics_proto" ;BSD-3
|
|
"third_party/modp_b64" ;BSD-3
|
|
"third_party/nasm" ;BSD-2
|
|
"third_party/node" ;Expat
|
|
"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
|
|
"third_party/one_euro_filter" ;BSD-3
|
|
"third_party/openscreen" ;BSD-3
|
|
"third_party/openscreen/src/third_party/tinycbor" ;Expat
|
|
"third_party/ots" ;BSD-3
|
|
"third_party/pdfium" ;BSD-3
|
|
"third_party/pdfium/third_party/agg23" ;Expat
|
|
"third_party/pdfium/third_party/base" ;BSD-3
|
|
"third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
|
|
"third_party/pdfium/third_party/skia_shared" ;BSD-3
|
|
"third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
|
|
"third_party/pffft" ;the "FFTPACK" license, similar to BSD-3
|
|
"third_party/ply" ;BSD-3
|
|
"third_party/polymer" ;BSD-3
|
|
"third_party/private-join-and-compute" ;ASL2.0
|
|
"third_party/protobuf" ;BSD-3
|
|
"third_party/protobuf/third_party/six" ;Expat
|
|
"third_party/pyjson5" ;ASL2.0
|
|
"third_party/qcms" ;Expat
|
|
"third_party/rnnoise" ;BSD-3
|
|
"third_party/s2cellid" ;ASL2.0
|
|
"third_party/sfntly" ;ASL2.0
|
|
"third_party/skia" ;BSD-3
|
|
"third_party/skia/include/third_party/skcms" ;BSD-3
|
|
"third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
|
|
"third_party/skia/third_party/skcms" ;BSD-3
|
|
"third_party/skia/third_party/vulkanmemoryallocator" ;BSD-3, Expat
|
|
"third_party/smhasher" ;Expat, public domain
|
|
"third_party/speech-dispatcher" ;GPL2+
|
|
"third_party/spirv-headers" ;ASL2.0
|
|
"third_party/SPIRV-Tools" ;ASL2.0
|
|
"third_party/sqlite" ;Public domain
|
|
"third_party/ungoogled" ;BSD-3
|
|
"third_party/usb_ids" ;BSD-3
|
|
"third_party/usrsctp" ;BSD-2
|
|
"third_party/wayland/wayland_scanner_wrapper.py" ;BSD-3
|
|
"third_party/wayland-protocols" ;Expat
|
|
"third_party/web-animations-js" ;ASL2.0
|
|
"third_party/webdriver" ;ASL2.0
|
|
"third_party/webrtc" ;BSD-3
|
|
"third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
|
|
"third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
|
|
"third_party/webrtc/modules/third_party/fft" ;Non-copyleft
|
|
"third_party/webrtc/modules/third_party/g711" ;Public domain
|
|
"third_party/webrtc/modules/third_party/g722" ;Public domain
|
|
"third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
|
|
"third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
|
|
"third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
|
|
"third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
|
|
"third_party/woff2" ;ASL2.0
|
|
"third_party/xdg-utils" ;Expat
|
|
"third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
|
|
"third_party/zlib/google" ;BSD-3
|
|
"url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
|
|
"v8/src/third_party/siphash" ;Public domain
|
|
"v8/src/third_party/utf8-decoder" ;Expat
|
|
"v8/src/third_party/valgrind" ;BSD-4
|
|
"v8/third_party/inspector_protocol" ;BSD-3
|
|
"v8/third_party/v8/builtins")) ;PSFL
|
|
|
|
(define* (computed-origin-method gexp-promise hash-algo hash
|
|
#:optional (name "source")
|
|
#:key (system (%current-system))
|
|
(guile (default-guile)))
|
|
"Return a derivation that executes the G-expression that results
|
|
from forcing GEXP-PROMISE."
|
|
(mlet %store-monad ((guile (package->derivation guile system)))
|
|
(gexp->derivation (or name "computed-origin")
|
|
(force gexp-promise)
|
|
#:graft? #f ;nothing to graft
|
|
#:system system
|
|
#:guile-for-build guile)))
|
|
|
|
(define %chromium-version "78.0.3904.108")
|
|
(define %ungoogled-revision "8f065138317a6152b20decc224027a5192ba76b1")
|
|
(define %debian-revision "e43d74632091324774a5049668782dba7b09cf72")
|
|
(define package-revision "0")
|
|
(define %package-version (string-append %chromium-version "-"
|
|
package-revision "."
|
|
(string-take %ungoogled-revision 7)))
|
|
|
|
(define %chromium-origin
|
|
(origin
|
|
(method url-fetch)
|
|
(uri (string-append "https://commondatastorage.googleapis.com"
|
|
"/chromium-browser-official/chromium-"
|
|
%chromium-version ".tar.xz"))
|
|
(sha256
|
|
(base32
|
|
"03jvfz68nvmmrplygf96sh0l347p4h03c8vpw8yrglh6ycwkiigr"))))
|
|
|
|
(define %ungoogled-origin
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
|
|
(commit %ungoogled-revision)))
|
|
(file-name (git-file-name "ungoogled-chromium"
|
|
(string-take %ungoogled-revision 7)))
|
|
(sha256
|
|
(base32
|
|
"0zix90jz82hpym9jmyf99yw19swaf13ps6szi60wccmz1gccv77g"))))
|
|
|
|
(define %debian-origin
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://salsa.debian.org/chromium-team/chromium.git")
|
|
(commit %debian-revision)))
|
|
(file-name (git-file-name "debian-chromium-packaging"
|
|
(if (string-prefix? "debian/" %debian-revision)
|
|
(cadr (string-split %debian-revision #\/))
|
|
(string-take %debian-revision 7))))
|
|
(sha256
|
|
(base32
|
|
"1l1ajjkn1y7ql5w4zb3c3vw57hkydvy1mac7y81rycx4g5djasaz"))))
|
|
|
|
(define (gentoo-patch name hash revision)
|
|
(origin
|
|
(method url-fetch)
|
|
(uri (string-append "https://gitweb.gentoo.org/repo/gentoo.git/plain"
|
|
"/www-client/chromium/files/" name "?id=" revision))
|
|
(file-name name)
|
|
(sha256 (base32 hash))))
|
|
|
|
;; This is a "computed" origin that does the following:
|
|
;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
|
|
;; *) Applies Debians Chromium patches, for their unbundling and GCC work.
|
|
;; *) Prunes all third_party directories that are not explicitly preserved.
|
|
;; *) Adjusts "GN" build files such that system libraries are preferred.
|
|
(define ungoogled-chromium-source
|
|
(let ((chromium-source %chromium-origin)
|
|
(ungoogled-source %ungoogled-origin)
|
|
(debian-source %debian-origin))
|
|
(origin
|
|
(method computed-origin-method)
|
|
(file-name (string-append "ungoogled-chromium-" %package-version ".tar.xz"))
|
|
(sha256 #f)
|
|
(uri
|
|
(delay
|
|
(with-imported-modules '((guix build utils))
|
|
#~(begin
|
|
(use-modules (guix build utils)
|
|
(ice-9 rdelim)
|
|
(srfi srfi-1)
|
|
(srfi srfi-26))
|
|
(let ((chromium-dir (string-append "chromium-" #$%chromium-version))
|
|
(preserved-files (list #$@%preserved-third-party-files)))
|
|
|
|
(set-path-environment-variable
|
|
"PATH" '("bin")
|
|
(list #+(canonical-package patch)
|
|
#+(canonical-package xz)
|
|
#+(canonical-package tar)
|
|
#+python-2
|
|
#+python))
|
|
|
|
(copy-recursively #+ungoogled-source "/tmp/ungoogled")
|
|
|
|
(with-directory-excursion "/tmp/ungoogled"
|
|
|
|
(format #t "Unpacking chromium tarball...~%")
|
|
(force-output)
|
|
(invoke "tar" "xf" #+chromium-source)
|
|
|
|
;; Ungoogled-Chromium contains a forked subset of the Debian
|
|
;; patches. Disable those, as we apply newer versions later.
|
|
(substitute* "patches/series"
|
|
((".*/debian_buster/.*")
|
|
""))
|
|
|
|
(format #t "Ungooglifying...~%")
|
|
(force-output)
|
|
(invoke "python3" "utils/prune_binaries.py" chromium-dir
|
|
"pruning.list")
|
|
(invoke "python3" "utils/patches.py" "apply"
|
|
chromium-dir "patches")
|
|
(invoke "python3" "utils/domain_substitution.py" "apply" "-r"
|
|
"domain_regex.list" "-f" "domain_substitution.list"
|
|
"-c" "/tmp/domainscache.tar.gz" chromium-dir)
|
|
|
|
(with-directory-excursion chromium-dir
|
|
|
|
(format #t "applying Debian patches...~%")
|
|
(force-output)
|
|
(let* ((debian #+debian-source)
|
|
(patches (string-append debian "/debian/patches"))
|
|
(series (string-append patches "/series")))
|
|
(with-input-from-file series
|
|
(lambda ()
|
|
(let loop ((line (read-line)))
|
|
(unless (eof-object? line)
|
|
(when (and (> (string-length line) 1)
|
|
;; Skip the Debian-specific ones.
|
|
(not (string-prefix? "debianization/" line))
|
|
(not (string-prefix? "buster/" line))
|
|
(not (any (cute string-suffix? <> line)
|
|
;; These conflict with Ungoogled.
|
|
'("widevine-buildflag.patch"
|
|
"signin.patch"
|
|
"third-party-cookies.patch"
|
|
|
|
;; Disable workarounds for the
|
|
;; Chromium "-lite" tarball. We
|
|
;; use the "full" version and don't
|
|
;; need these patches.
|
|
"closure.patch"
|
|
"owners.patch"
|
|
|
|
;; XXX: 'fixes/inspector.patch'
|
|
;; makes v8 reuse the top-level
|
|
;; third_party/inspector_protocol
|
|
;; instead of its own bundled copy,
|
|
;; but that does not work here for
|
|
;; some reason. Ignore that patch
|
|
;; and those that depend on it.
|
|
"inspector.patch"))))
|
|
(invoke "patch" "--force" "-p1" "--input"
|
|
(string-append patches "/" line)
|
|
"--no-backup-if-mismatch"))
|
|
(loop (read-line)))))))
|
|
|
|
(format #t "Pruning third party files...~%")
|
|
(force-output)
|
|
(apply invoke "python"
|
|
"build/linux/unbundle/remove_bundled_libraries.py"
|
|
"--do-remove" preserved-files)
|
|
|
|
(format #t "Replacing GN files...~%")
|
|
(force-output)
|
|
(invoke "python3" "build/linux/unbundle/replace_gn_files.py"
|
|
"--system-libraries" "ffmpeg" "flac" "fontconfig"
|
|
"freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
|
|
"libjpeg" "libpng" "libvpx" "libwebp" "libxml"
|
|
"libxslt" "openh264" "opus" "re2" "snappy" "yasm"
|
|
"zlib"))
|
|
|
|
(format #t (string-append "Packing new ungoogled tarball ...~%"))
|
|
(force-output)
|
|
(invoke "tar" "cvfa" #$output
|
|
;; Avoid non-determinism in the archive.
|
|
"--mtime=@0"
|
|
"--owner=root:0"
|
|
"--group=root:0"
|
|
"--sort=name"
|
|
chromium-dir)
|
|
|
|
#t)))))))))
|
|
|
|
(define opus+custom
|
|
(package/inherit opus
|
|
(name "opus+custom")
|
|
(arguments
|
|
(substitute-keyword-arguments (package-arguments opus)
|
|
((#:configure-flags flags ''())
|
|
;; Opus Custom is an optional extension of the Opus
|
|
;; specification that allows for unsupported frame
|
|
;; sizes. Chromium requires that this is enabled.
|
|
`(cons "--enable-custom-modes"
|
|
,flags))))))
|
|
|
|
;; Chromium 78 requires libvpx features that are not in any release.
|
|
(define libvpx/chromium
|
|
(package/inherit
|
|
libvpx
|
|
(version "m78-3904")
|
|
(source (origin
|
|
(inherit (package-source libvpx))
|
|
(uri (git-reference
|
|
(url "https://chromium.googlesource.com/webm/libvpx")
|
|
(commit version)))
|
|
(file-name (git-file-name "libvpx" version))
|
|
(sha256
|
|
(base32
|
|
"1pphjfmg0aqq93n5cq790884v1h84di8p9mk3r28sm053wszhm7g"))))))
|
|
|
|
(define-public ungoogled-chromium
|
|
(package
|
|
(name "ungoogled-chromium")
|
|
(version %package-version)
|
|
(synopsis "Graphical web browser")
|
|
(source ungoogled-chromium-source)
|
|
(build-system gnu-build-system)
|
|
(arguments
|
|
`(#:tests? #f
|
|
;; FIXME: Chromiums RUNPATH lacks entries for some libraries, so
|
|
;; we have to disable validation and add a wrapper below.
|
|
#:validate-runpath? #f
|
|
#:modules ((guix build gnu-build-system)
|
|
(guix build utils)
|
|
(ice-9 ftw)
|
|
(ice-9 regex)
|
|
(srfi srfi-26))
|
|
#:configure-flags
|
|
;; See tools/gn/docs/cookbook.md and
|
|
;; https://www.chromium.org/developers/gn-build-configuration
|
|
;; for usage. Run "./gn args . --list" in the Release
|
|
;; directory for an exhaustive list of supported flags.
|
|
;; (Note: The 'configure' phase will do that for you.)
|
|
(list "is_debug=false"
|
|
"use_gold=false"
|
|
"use_lld=false"
|
|
"linux_use_bundled_binutils=false"
|
|
"use_custom_libcxx=false"
|
|
"use_sysroot=false"
|
|
"enable_precompiled_headers=false"
|
|
"goma_dir=\"\""
|
|
"enable_nacl=false"
|
|
"enable_nacl_nonsfi=false"
|
|
"use_allocator=\"none\""
|
|
"use_unofficial_version_number=false"
|
|
"treat_warnings_as_errors=false"
|
|
"use_official_google_api_keys=false"
|
|
"fieldtrial_testing_like_official_build=true"
|
|
"safe_browsing_mode=0"
|
|
"enable_mdns=false"
|
|
"enable_one_click_signin=false"
|
|
"enable_reading_list=false"
|
|
"enable_remoting=false"
|
|
"enable_reporting=false"
|
|
"enable_service_discovery=false"
|
|
"enable_swiftshader=false"
|
|
"enable_vr=false"
|
|
"enable_widevine=false"
|
|
;; Disable type-checking for the Web UI to avoid a Java dependency.
|
|
"closure_compile=false"
|
|
|
|
;; Define a custom toolchain that simply looks up CC, AR and
|
|
;; friends from the environment.
|
|
"custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
|
|
"host_toolchain=\"//build/toolchain/linux/unbundle:default\""
|
|
;; Don't assume it's clang.
|
|
"is_clang=false"
|
|
;; Disable debugging features to save space. These are normally
|
|
;; pulled in by "is_official_build", but that requires "is_clang".
|
|
"enable_iterator_debugging=false"
|
|
"exclude_unwind_tables=true"
|
|
;; Optimize for building everything at once, as opposed to
|
|
;; incrementally for development. See "docs/jumbo.md".
|
|
"use_jumbo_build=true"
|
|
;; The default file merge limit of 50 requires huge amounts of RAM.
|
|
;; Cap it to make sure the build succeeds on commodity hardware.
|
|
"jumbo_file_merge_limit=8"
|
|
|
|
;; Prefer system libraries.
|
|
"use_system_freetype=true"
|
|
"use_system_harfbuzz=true"
|
|
"use_system_lcms2=true"
|
|
"use_system_libdrm=true"
|
|
"use_system_libjpeg=true"
|
|
"use_system_libopenjpeg2=true"
|
|
"use_system_libpng=true"
|
|
"use_system_zlib=true"
|
|
"use_gnome_keyring=false" ;deprecated by libsecret
|
|
"use_openh264=true"
|
|
"use_pulseaudio=true"
|
|
"link_pulseaudio=true"
|
|
|
|
;; VA-API acceleration is currently only supported on x86_64-linux.
|
|
,@(if (string-prefix? "x86_64" (or (%current-target-system)
|
|
(%current-system)))
|
|
'("use_vaapi=true")
|
|
'())
|
|
|
|
;; Do not artifically restrict formats supported by system ffmpeg.
|
|
"proprietary_codecs=true"
|
|
"ffmpeg_branding=\"Chrome\""
|
|
|
|
;; WebRTC stuff.
|
|
"rtc_use_h264=true"
|
|
;; Don't use bundled sources.
|
|
"rtc_build_json=false"
|
|
"rtc_build_libevent=false"
|
|
"rtc_build_libvpx=false"
|
|
"rtc_build_opus=false"
|
|
"rtc_build_ssl=false"
|
|
"rtc_build_libsrtp=true" ;FIXME: fails to find headers
|
|
"rtc_build_usrsctp=true" ;TODO: package this
|
|
(string-append "rtc_jsoncpp_root=\""
|
|
(assoc-ref %build-inputs "jsoncpp")
|
|
"/include/jsoncpp/json\"")
|
|
(string-append "rtc_ssl_root=\""
|
|
(assoc-ref %build-inputs "openssl")
|
|
"/include/openssl\""))
|
|
#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'patch-stuff
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
(substitute* "printing/cups_config_helper.py"
|
|
(("cups_config =.*")
|
|
(string-append "cups_config = '" (assoc-ref inputs "cups")
|
|
"/bin/cups-config'\n")))
|
|
|
|
(substitute*
|
|
'("base/process/launch_posix.cc"
|
|
"base/third_party/dynamic_annotations/dynamic_annotations.c"
|
|
"sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
|
|
"sandbox/linux/services/credentials.cc"
|
|
"sandbox/linux/services/namespace_utils.cc"
|
|
"sandbox/linux/services/syscall_wrappers.cc"
|
|
"sandbox/linux/syscall_broker/broker_host.cc")
|
|
(("include \"base/third_party/valgrind/") "include \"valgrind/"))
|
|
|
|
(for-each (lambda (file)
|
|
(substitute* file
|
|
;; Fix opus include path.
|
|
;; Do not substitute opus_private.h.
|
|
(("#include \"opus\\.h\"")
|
|
"#include \"opus/opus.h\"")
|
|
(("#include \"opus_custom\\.h\"")
|
|
"#include \"opus/opus_custom.h\"")
|
|
(("#include \"opus_defines\\.h\"")
|
|
"#include \"opus/opus_defines.h\"")
|
|
(("#include \"opus_multistream\\.h\"")
|
|
"#include \"opus/opus_multistream.h\"")
|
|
(("#include \"opus_types\\.h\"")
|
|
"#include \"opus/opus_types.h\"")))
|
|
(find-files (string-append "third_party/webrtc/modules"
|
|
"/audio_coding/codecs/opus")))
|
|
|
|
(substitute* "chrome/common/chrome_paths.cc"
|
|
(("/usr/share/chromium/extensions")
|
|
;; TODO: Add ~/.guix-profile.
|
|
"/run/current-system/profile/share/chromium/extensions"))
|
|
|
|
;; Many files try to include ICU headers from "third_party/icu/...".
|
|
;; Remove the "third_party/" prefix to use system headers instead.
|
|
(substitute* (find-files "chrome" "\\.cc$")
|
|
(("third_party/icu/source/(common|i18n)/")
|
|
""))
|
|
|
|
;; XXX: Should be unnecessary when use_system_lcms2=true.
|
|
(substitute* "third_party/pdfium/core/fxcodec/icc/iccmodule.h"
|
|
(("include \"third_party/lcms/include/lcms2\\.h\"")
|
|
"include \"lcms2.h\""))
|
|
|
|
(substitute*
|
|
"third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
|
|
(("include \"third_party/curl") "include \"curl"))
|
|
|
|
(substitute* "third_party/webrtc/rtc_base/strings/json.h"
|
|
(("#include \"third_party/jsoncpp/") "#include \"json/"))
|
|
|
|
(substitute* '("components/viz/common/gpu/vulkan_context_provider.h"
|
|
"components/viz/common/resources/resource_format_utils.h")
|
|
(("third_party/vulkan/include/") ""))
|
|
|
|
(substitute* "third_party/skia/include/gpu/vk/GrVkVulkan.h"
|
|
(("include/third_party/vulkan/") ""))
|
|
|
|
;; Building chromedriver embeds some files using the ZIP
|
|
;; format which doesn't support timestamps before
|
|
;; 1980. Therefore, advance the timestamps of the files
|
|
;; which are included so that building chromedriver
|
|
;; works.
|
|
(let ((circa-1980 (* 10 366 24 60 60)))
|
|
(for-each (lambda (file)
|
|
(utime file circa-1980 circa-1980))
|
|
'("chrome/test/chromedriver/extension/background.js"
|
|
"chrome/test/chromedriver/extension/manifest.json")))
|
|
|
|
#t))
|
|
(add-before 'configure 'prepare-build-environment
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
|
|
;; Make sure the right build tools are used.
|
|
(setenv "AR" "ar") (setenv "NM" "nm")
|
|
(setenv "CC" "gcc") (setenv "CXX" "g++")
|
|
|
|
;; Prevent GCC from optimizing away null pointer safety checks.
|
|
(setenv "CXXFLAGS" "-fno-delete-null-pointer-checks")
|
|
|
|
;; TODO: pre-compile instead. Avoids a race condition.
|
|
(setenv "PYTHONDONTWRITEBYTECODE" "1")
|
|
|
|
;; XXX: How portable is this.
|
|
(mkdir-p "third_party/node/linux/node-linux-x64")
|
|
(symlink (string-append (assoc-ref inputs "node") "/bin")
|
|
"third_party/node/linux/node-linux-x64/bin")
|
|
|
|
#t))
|
|
(replace 'configure
|
|
(lambda* (#:key configure-flags #:allow-other-keys)
|
|
(let ((args (string-join configure-flags " ")))
|
|
;; Generate ninja build files.
|
|
(invoke "gn" "gen" "out/Release"
|
|
(string-append "--args=" args))
|
|
|
|
;; Print the full list of supported arguments as well as
|
|
;; their current status for convenience.
|
|
(format #t "Dumping configure flags...\n")
|
|
(invoke "gn" "args" "out/Release" "--list"))))
|
|
(add-before 'build 'increase-resource-limits
|
|
(lambda _
|
|
;; XXX: Chromiums linking step requires a lot of simultaneous file
|
|
;; accesses. Having a too low ulimit will result in bogus linker
|
|
;; errors such as "foo.a: error adding symbols: malformed archive".
|
|
|
|
;; Try increasing the soft resource limit of max open files to 4096,
|
|
;; or equal to the hard limit, whichever is lower.
|
|
(call-with-values (lambda () (getrlimit 'nofile))
|
|
(lambda (soft hard)
|
|
(when (and soft (< soft 4096))
|
|
(if hard
|
|
(setrlimit 'nofile (min hard 4096) hard)
|
|
(setrlimit 'nofile 4096 #f))
|
|
(format #t
|
|
"increased maximum number of open files from ~d to ~d~%"
|
|
soft (if hard (min hard 4096) 4096)))))
|
|
#t))
|
|
(replace 'build
|
|
(lambda* (#:key (parallel-build? #t) #:allow-other-keys)
|
|
(invoke "ninja" "-C" "out/Release"
|
|
"-j" (if parallel-build?
|
|
(number->string (parallel-job-count))
|
|
"1")
|
|
"chrome"
|
|
"chromedriver")))
|
|
(replace 'install
|
|
(lambda* (#:key inputs outputs #:allow-other-keys)
|
|
(let* ((out (assoc-ref outputs "out"))
|
|
(bin (string-append out "/bin"))
|
|
(exe (string-append bin "/chromium"))
|
|
(lib (string-append out "/lib"))
|
|
(man (string-append out "/share/man/man1"))
|
|
(applications (string-append out "/share/applications"))
|
|
(install-regexp (make-regexp "\\.(bin|pak)$"))
|
|
(locales (string-append lib "/locales"))
|
|
(resources (string-append lib "/resources"))
|
|
(preferences (assoc-ref inputs "master-preferences"))
|
|
(gtk+ (assoc-ref inputs "gtk+"))
|
|
(mesa (assoc-ref inputs "mesa"))
|
|
(nss (assoc-ref inputs "nss"))
|
|
(udev (assoc-ref inputs "udev"))
|
|
(sh (which "sh")))
|
|
|
|
(substitute* '("chrome/app/resources/manpage.1.in"
|
|
"chrome/installer/linux/common/desktop.template")
|
|
(("@@MENUNAME@@") "Chromium")
|
|
(("@@PACKAGE@@") "chromium")
|
|
(("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
|
|
|
|
(mkdir-p man)
|
|
(copy-file "chrome/app/resources/manpage.1.in"
|
|
(string-append man "/chromium.1"))
|
|
|
|
(mkdir-p applications)
|
|
(copy-file "chrome/installer/linux/common/desktop.template"
|
|
(string-append applications "/chromium.desktop"))
|
|
|
|
(mkdir-p lib)
|
|
(copy-file preferences (string-append lib "/master_preferences"))
|
|
|
|
(with-directory-excursion "out/Release"
|
|
(for-each (lambda (file)
|
|
(install-file file lib))
|
|
(scandir "." (cut regexp-exec install-regexp <>)))
|
|
(copy-file "chrome" (string-append lib "/chromium"))
|
|
|
|
(copy-recursively "locales" locales)
|
|
(copy-recursively "resources" resources)
|
|
|
|
(mkdir-p bin)
|
|
(symlink "../lib/chromium" exe)
|
|
(install-file "chromedriver" bin)
|
|
|
|
(wrap-program exe
|
|
;; TODO: Get these in RUNPATH.
|
|
`("LD_LIBRARY_PATH" ":" prefix
|
|
(,(string-append lib ":" nss "/lib/nss:" mesa "/lib:"
|
|
udev "/lib")))
|
|
;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
|
|
`("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share")))))
|
|
|
|
(with-directory-excursion "chrome/app/theme/chromium"
|
|
(for-each
|
|
(lambda (size)
|
|
(let ((icons (string-append out "/share/icons/hicolor/"
|
|
size "x" size "/apps")))
|
|
(mkdir-p icons)
|
|
(copy-file (string-append "product_logo_" size ".png")
|
|
(string-append icons "/chromium.png"))))
|
|
'("24" "48" "64" "128" "256")))
|
|
#t))))))
|
|
(native-inputs
|
|
`(("bison" ,bison)
|
|
("gcc" ,gcc-8)
|
|
("gn" ,gn)
|
|
("gperf" ,gperf)
|
|
("ninja" ,ninja)
|
|
("node" ,node)
|
|
("pkg-config" ,pkg-config)
|
|
("which" ,which)
|
|
("yasm" ,yasm)
|
|
|
|
;; This file contains defaults for new user profiles.
|
|
("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
|
|
|
|
("python-beautifulsoup4" ,python2-beautifulsoup4)
|
|
("python-html5lib" ,python2-html5lib)
|
|
("python" ,python-2)))
|
|
(inputs
|
|
`(("alsa-lib" ,alsa-lib)
|
|
("atk" ,atk)
|
|
("cups" ,cups)
|
|
("curl" ,curl)
|
|
("dbus" ,dbus)
|
|
("dbus-glib" ,dbus-glib)
|
|
("expat" ,expat)
|
|
("flac" ,flac)
|
|
("ffmpeg" ,ffmpeg)
|
|
("fontconfig" ,fontconfig)
|
|
("freetype" ,freetype)
|
|
("gdk-pixbuf" ,gdk-pixbuf)
|
|
("glib" ,glib)
|
|
("gtk+" ,gtk+)
|
|
("harfbuzz" ,harfbuzz)
|
|
("icu4c" ,icu4c)
|
|
("jsoncpp" ,jsoncpp)
|
|
("lcms" ,lcms)
|
|
("libevent" ,libevent)
|
|
("libffi" ,libffi)
|
|
("libjpeg-turbo" ,libjpeg-turbo)
|
|
("libpng" ,libpng)
|
|
("libva" ,libva)
|
|
("libvpx" ,libvpx/chromium)
|
|
("libwebp" ,libwebp)
|
|
("libx11" ,libx11)
|
|
("libxcb" ,libxcb)
|
|
("libxcomposite" ,libxcomposite)
|
|
("libxcursor" ,libxcursor)
|
|
("libxdamage" ,libxdamage)
|
|
("libxext" ,libxext)
|
|
("libxfixes" ,libxfixes)
|
|
("libxi" ,libxi)
|
|
("libxml2" ,libxml2)
|
|
("libxrandr" ,libxrandr)
|
|
("libxrender" ,libxrender)
|
|
("libxscrnsaver" ,libxscrnsaver)
|
|
("libxslt" ,libxslt)
|
|
("libxtst" ,libxtst)
|
|
("mesa" ,mesa)
|
|
("minizip" ,minizip)
|
|
("mit-krb5" ,mit-krb5)
|
|
("nss" ,nss)
|
|
("openh264" ,openh264)
|
|
("openjpeg" ,openjpeg) ;PDFium only
|
|
("openssl" ,openssl)
|
|
("opus" ,opus+custom)
|
|
("pango" ,pango)
|
|
("pciutils" ,pciutils)
|
|
("pulseaudio" ,pulseaudio)
|
|
("re2" ,re2)
|
|
("snappy" ,snappy)
|
|
("speech-dispatcher" ,speech-dispatcher)
|
|
("udev" ,eudev)
|
|
("valgrind" ,valgrind)
|
|
("vulkan-headers" ,vulkan-headers)))
|
|
|
|
;; Building Chromium takes ... a very long time. On a single core, a busy
|
|
;; mid-end x86 system may need more than 24 hours to complete the build.
|
|
(properties '((timeout . 144000))) ;40 hours
|
|
|
|
(home-page "https://github.com/Eloston/ungoogled-chromium")
|
|
(description
|
|
"Ungoogled-Chromium is the Chromium web browser, with some functionality
|
|
disabled in order to protect the users privacy.")
|
|
;; Chromium is developed as BSD-3, but bundles a large number of third-party
|
|
;; components with other licenses. For full information, see chrome://credits.
|
|
(license (list license:bsd-3
|
|
license:bsd-2
|
|
license:expat
|
|
license:asl2.0
|
|
license:mpl1.1
|
|
license:mpl2.0
|
|
license:public-domain
|
|
license:isc
|
|
(license:non-copyleft "chrome://credits"
|
|
"See chrome://credits for more information.")
|
|
license:lgpl2.1+))))
|
|
|
|
(define-public ungoogled-chromium/wayland
|
|
(package/inherit ungoogled-chromium
|
|
(name "ungoogled-chromium-wayland")
|
|
(inputs
|
|
`(("wayland" ,wayland)
|
|
("wayland-protocols" ,wayland-protocols)
|
|
,@(package-inputs ungoogled-chromium)))
|
|
|
|
(arguments
|
|
(substitute-keyword-arguments (package-arguments ungoogled-chromium)
|
|
((#:configure-flags flags)
|
|
`(append (list "use_ozone=true"
|
|
"ozone_platform_wayland=true"
|
|
"ozone_auto_platforms=false"
|
|
"use_xkbcommon=true"
|
|
"use_system_minigbm=true"
|
|
"use_system_libwayland=true"
|
|
(string-append "system_wayland_scanner_path=\""
|
|
(assoc-ref %build-inputs "wayland")
|
|
"/bin/wayland-scanner\""))
|
|
(delete "use_vaapi=true" ,flags)))))))
|