Package: guix-patches;
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Mon, 7 Aug 2017 20:00:01 UTC
Severity: normal
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 28004 in the body.
You can then email your comments to 28004 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 07 Aug 2017 20:00:01 GMT) Full text and rfc822 format available.Marius Bakke <mbakke <at> fastmail.com>:guix-patches <at> gnu.org.
(Mon, 07 Aug 2017 20:00:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: guix-patches <at> gnu.org Subject: Chromium Date: Mon, 07 Aug 2017 21:58:31 +0200
[Message part 1 (text/plain, inline)]
Hello Guix! Attached is a patch for Chromium, a popular web browser. It requires the new ld wrapper from 'core-updates' and a very powerful build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours). Note that I cannot guarantee timely delivery of security updates. Major version upgrades are hugely painful, and almost always contain many high-severity fixes. Should we mention that in the description? Happy for any feedback.
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 07 Aug 2017 20:25:01 GMT) Full text and rfc822 format available.Message #8 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 7 Aug 2017 20:23:41 +0000
[Message part 1 (text/plain, inline)]
Hi Marius, Marius Bakke transcribed 43K bytes: > Hello Guix! > > Attached is a patch for Chromium, a popular web browser. Nice! I've been using this from your branch for a while now, works just fine :) Is this not affected by the chromium discussion which happened a while back? Can we include this? I'm all for this, because I mainly use it for websites where firefox/icecat doesn't work so well, and building it locally takes a very long time. (Pro-tip: Don't offload from very powerful laptops to 10 year old computers with 2 cores ;)) > It requires the new ld wrapper from 'core-updates' and a very powerful > build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours). But to notice: it builds with less than 3GB RAM. > Note that I cannot guarantee timely delivery of security updates. Major > version upgrades are hugely painful, and almost always contain many > high-severity fixes. Should we mention that in the description? > > Happy for any feedback. > Shouldn't you mention defines in addition to the define-public aswell, or don't we do that? -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 07 Aug 2017 21:17:02 GMT) Full text and rfc822 format available.Message #11 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> infotropique.org> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 07 Aug 2017 23:16:36 +0200
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> infotropique.org> writes:
> Hi Marius,
>
> Marius Bakke transcribed 43K bytes:
>> Hello Guix!
>>
>> Attached is a patch for Chromium, a popular web browser.
>
> Nice! I've been using this from your branch for a while now,
> works just fine :)
> Is this not affected by the chromium discussion which happened
> a while back? Can we include this? I'm all for this, because I
> mainly use it for websites where firefox/icecat doesn't work so
> well, and building it locally takes a very long time.
I believe this is within the Free System Distribution Guidelines. DRM
("Widevine") is disabled at build time, and the Web Store is
non-functional without the end user explicitly enabling it.
There are some grey areas though. The browser may interact with certain
non-free APIs (apart from regular browser duties) such as translation or
prediction services. These features are optional, but some are enabled
by default, and difficult to maintain patches for (I've tried).
However, I have verified that it does not send any unsolicited requests
with the current command-line options, apart from the very first launch
which spawns a login prompt (help wanted!). Without either of those
flags the browser "calls home" every time it starts.
>> Note that I cannot guarantee timely delivery of security updates. Major
>> version upgrades are hugely painful, and almost always contain many
>> high-severity fixes. Should we mention that in the description?
>>
>> Happy for any feedback.
>>
>
> Shouldn't you mention defines in addition to the define-public aswell,
> or don't we do that?
Not for new files (modules), typically. I don't think Magit can fill out
those variable names (by pressing C on the hunks) either ;-) But it
should probably go in web-browsers.scm anyway.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 05:54:02 GMT) Full text and rfc822 format available.Message #14 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 05:53:29 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 2.4K bytes:
> ng0 <ng0 <at> infotropique.org> writes:
>
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >>
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
>
> I believe this is within the Free System Distribution Guidelines.
What I meant was this long discussion about "QTWebengine is nonfree",
but as far as I experienced in being one of the early users of chromium
for a long time, it doesn't depend on anything Qt and doesn't bundle it.
So without having the time this morning to refresh the discussion, I think
it was about Chromium as a part for other software which is provided
through QtWebengine (Or maybe I'm tired and write only almost nonsense).
> DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
>
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
>
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
>
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >>
> >> Happy for any feedback.
> >>
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
>
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.
Isn't web-browsers just for smaller browsers? we have gnuzilla, and I'm
about to add palemoon when I have analysed and cleaned up my build of it.
Of course we coukd add them all to web-browser, the file won't become too large.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 13:19:01 GMT) Full text and rfc822 format available.Message #17 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 13:18:01 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 2.4K bytes:
> ng0 <ng0 <at> infotropique.org> writes:
>
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >>
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
>
> I believe this is within the Free System Distribution Guidelines. DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
>
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
>
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
>
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >>
> >> Happy for any feedback.
> >>
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
>
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.
Unless someone else is already building this, I'm giving it a spin.
I guess you changed some things since the version of yours I have in
here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
so I have to rebuild it.
It might take a while because I'm offloading to something much slower
but which doesn't care about heat as much as a this one ;)
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 14:23:01 GMT) Full text and rfc822 format available.Message #20 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 14:22:23 +0000
[Message part 1 (text/plain, inline)]
ng0 transcribed 3.4K bytes:
> Marius Bakke transcribed 2.4K bytes:
> > ng0 <ng0 <at> infotropique.org> writes:
> >
> > > Hi Marius,
> > >
> > > Marius Bakke transcribed 43K bytes:
> > >> Hello Guix!
> > >>
> > >> Attached is a patch for Chromium, a popular web browser.
> > >
> > > Nice! I've been using this from your branch for a while now,
> > > works just fine :)
> > > Is this not affected by the chromium discussion which happened
> > > a while back? Can we include this? I'm all for this, because I
> > > mainly use it for websites where firefox/icecat doesn't work so
> > > well, and building it locally takes a very long time.
> >
> > I believe this is within the Free System Distribution Guidelines. DRM
> > ("Widevine") is disabled at build time, and the Web Store is
> > non-functional without the end user explicitly enabling it.
> >
> > There are some grey areas though. The browser may interact with certain
> > non-free APIs (apart from regular browser duties) such as translation or
> > prediction services. These features are optional, but some are enabled
> > by default, and difficult to maintain patches for (I've tried).
> >
> > However, I have verified that it does not send any unsolicited requests
> > with the current command-line options, apart from the very first launch
> > which spawns a login prompt (help wanted!). Without either of those
> > flags the browser "calls home" every time it starts.
> >
> > >> Note that I cannot guarantee timely delivery of security updates. Major
> > >> version upgrades are hugely painful, and almost always contain many
> > >> high-severity fixes. Should we mention that in the description?
> > >>
> > >> Happy for any feedback.
> > >>
> > >
> > > Shouldn't you mention defines in addition to the define-public aswell,
> > > or don't we do that?
> >
> > Not for new files (modules), typically. I don't think Magit can fill out
> > those variable names (by pressing C on the hunks) either ;-) But it
> > should probably go in web-browsers.scm anyway.
>
> Unless someone else is already building this, I'm giving it a spin.
>
> I guess you changed some things since the version of yours I have in
> here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> so I have to rebuild it.
> It might take a while because I'm offloading to something much slower
> but which doesn't care about heat as much as a this one ;)
Patch itself LGTM, I'm now waiting on the build to finish in the
next couple of hours.
Thanks for your work on this!
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 15:45:01 GMT) Full text and rfc822 format available.Message #23 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 15:44:22 +0000
[Message part 1 (text/plain, inline)]
ng0 transcribed 3.7K bytes:
> ng0 transcribed 3.4K bytes:
> > Marius Bakke transcribed 2.4K bytes:
> > > ng0 <ng0 <at> infotropique.org> writes:
> > >
> > > > Hi Marius,
> > > >
> > > > Marius Bakke transcribed 43K bytes:
> > > >> Hello Guix!
> > > >>
> > > >> Attached is a patch for Chromium, a popular web browser.
> > > >
> > > > Nice! I've been using this from your branch for a while now,
> > > > works just fine :)
> > > > Is this not affected by the chromium discussion which happened
> > > > a while back? Can we include this? I'm all for this, because I
> > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > well, and building it locally takes a very long time.
> > >
> > > I believe this is within the Free System Distribution Guidelines. DRM
> > > ("Widevine") is disabled at build time, and the Web Store is
> > > non-functional without the end user explicitly enabling it.
> > >
> > > There are some grey areas though. The browser may interact with certain
> > > non-free APIs (apart from regular browser duties) such as translation or
> > > prediction services. These features are optional, but some are enabled
> > > by default, and difficult to maintain patches for (I've tried).
> > >
> > > However, I have verified that it does not send any unsolicited requests
> > > with the current command-line options, apart from the very first launch
> > > which spawns a login prompt (help wanted!). Without either of those
> > > flags the browser "calls home" every time it starts.
> > >
> > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > >> version upgrades are hugely painful, and almost always contain many
> > > >> high-severity fixes. Should we mention that in the description?
> > > >>
> > > >> Happy for any feedback.
> > > >>
> > > >
> > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > or don't we do that?
> > >
> > > Not for new files (modules), typically. I don't think Magit can fill out
> > > those variable names (by pressing C on the hunks) either ;-) But it
> > > should probably go in web-browsers.scm anyway.
> >
> > Unless someone else is already building this, I'm giving it a spin.
> >
> > I guess you changed some things since the version of yours I have in
> > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > so I have to rebuild it.
> > It might take a while because I'm offloading to something much slower
> > but which doesn't care about heat as much as a this one ;)
>
> Patch itself LGTM, I'm now waiting on the build to finish in the
> next couple of hours.
x86_64 architecture, builds fails at this point:
[6247/27388] STAMP obj/mojo/common/common.stamp
[6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
FAILED: gen/net/http/transport_security_state_static.h
python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
transport_security_state_generator failed with exit code 127
[6249/27388] AR obj/sandbox/linux/libsandbox_services.a
ninja: build stopped: subcommand failed.
phase `build' failed after 1777.2 seconds
builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
Have you experienced this before?
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 19:01:01 GMT) Full text and rfc822 format available.Message #26 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 18:59:52 +0000
[Message part 1 (text/plain, inline)]
ng0 transcribed 5.5K bytes:
> ng0 transcribed 3.7K bytes:
> > ng0 transcribed 3.4K bytes:
> > > Marius Bakke transcribed 2.4K bytes:
> > > > ng0 <ng0 <at> infotropique.org> writes:
> > > >
> > > > > Hi Marius,
> > > > >
> > > > > Marius Bakke transcribed 43K bytes:
> > > > >> Hello Guix!
> > > > >>
> > > > >> Attached is a patch for Chromium, a popular web browser.
> > > > >
> > > > > Nice! I've been using this from your branch for a while now,
> > > > > works just fine :)
> > > > > Is this not affected by the chromium discussion which happened
> > > > > a while back? Can we include this? I'm all for this, because I
> > > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > > well, and building it locally takes a very long time.
> > > >
> > > > I believe this is within the Free System Distribution Guidelines. DRM
> > > > ("Widevine") is disabled at build time, and the Web Store is
> > > > non-functional without the end user explicitly enabling it.
> > > >
> > > > There are some grey areas though. The browser may interact with certain
> > > > non-free APIs (apart from regular browser duties) such as translation or
> > > > prediction services. These features are optional, but some are enabled
> > > > by default, and difficult to maintain patches for (I've tried).
> > > >
> > > > However, I have verified that it does not send any unsolicited requests
> > > > with the current command-line options, apart from the very first launch
> > > > which spawns a login prompt (help wanted!). Without either of those
> > > > flags the browser "calls home" every time it starts.
> > > >
> > > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > > >> version upgrades are hugely painful, and almost always contain many
> > > > >> high-severity fixes. Should we mention that in the description?
> > > > >>
> > > > >> Happy for any feedback.
> > > > >>
> > > > >
> > > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > > or don't we do that?
> > > >
> > > > Not for new files (modules), typically. I don't think Magit can fill out
> > > > those variable names (by pressing C on the hunks) either ;-) But it
> > > > should probably go in web-browsers.scm anyway.
> > >
> > > Unless someone else is already building this, I'm giving it a spin.
> > >
> > > I guess you changed some things since the version of yours I have in
> > > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > > so I have to rebuild it.
> > > It might take a while because I'm offloading to something much slower
> > > but which doesn't care about heat as much as a this one ;)
> >
> > Patch itself LGTM, I'm now waiting on the build to finish in the
> > next couple of hours.
>
> x86_64 architecture, builds fails at this point:
>
> [6247/27388] STAMP obj/mojo/common/common.stamp
> [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> FAILED: gen/net/http/transport_security_state_static.h
> python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> transport_security_state_generator failed with exit code 127
> [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> ninja: build stopped: subcommand failed.
> phase `build' failed after 1777.2 seconds
> builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
>
> Have you experienced this before?
As efraim pointed out I missed the part where you wrote that
it is for core-updates. I just assumed it worked like it is
on master because what I had locally (chromium 58) works on
master).
Someone else must test it then.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 19:52:02 GMT) Full text and rfc822 format available.Message #29 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Marius Bakke <mbakke <at> fastmail.com>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 15:51:39 -0400
[Message part 1 (text/plain, inline)]
On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote: > x86_64 architecture, builds fails at this point: > > [6247/27388] STAMP obj/mojo/common/common.stamp > [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64) > FAILED: gen/net/http/transport_security_state_static.h > python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h > ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory > transport_security_state_generator failed with exit code 127 > [6249/27388] AR obj/sandbox/linux/libsandbox_services.a > ninja: build stopped: subcommand failed. > phase `build' failed after 1777.2 seconds > builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1 > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1 > derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100 > guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed > > Have you experienced this before? Based on discussion on #guix, this package is based on core-updates. Did you try building it on core-updates?
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 08 Aug 2017 20:47:02 GMT) Full text and rfc822 format available.Message #32 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#28004] Chromium Date: Tue, 8 Aug 2017 20:46:33 +0000
[Message part 1 (text/plain, inline)]
Leo Famulari transcribed 3.0K bytes: > On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote: > > x86_64 architecture, builds fails at this point: > > > > [6247/27388] STAMP obj/mojo/common/common.stamp > > [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64) > > FAILED: gen/net/http/transport_security_state_static.h > > python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h > > ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory > > transport_security_state_generator failed with exit code 127 > > [6249/27388] AR obj/sandbox/linux/libsandbox_services.a > > ninja: build stopped: subcommand failed. > > phase `build' failed after 1777.2 seconds > > builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1 > > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1 > > derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed > > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100 > > guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed > > > > Have you experienced this before? > > Based on discussion on #guix, this package is based on core-updates. Did > you try building it on core-updates? No, I have no time for switching a system to core-updates for a moment and dealing with whatever needs to be dealt with before I can build it there, unless core-updates is stable. I don't want to be the roadblock, I could test it at some point in the next 2 - 3 weeks and this package looks like it is good to go if it builds. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 10 Aug 2017 05:33:02 GMT) Full text and rfc822 format available.Message #35 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Efraim Flashner <efraim <at> flashner.co.il> To: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Thu, 10 Aug 2017 08:31:49 +0300
[Message part 1 (text/plain, inline)]
This built on aarch64 on core-updates in about 12.5 hours. I did need to
add the following substitution* to the package definition.
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 81bcb8f05..855779a11 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -346,6 +346,13 @@
(("include \"third_party/curl") "include \"curl"))
(substitute* "media/base/decode_capabilities.cc"
(("third_party/libvpx/source/libvpx/") ""))
+
+ ;; We don't cross compile most packages, so get rid of the
+ ;; unnecessary ARCH-linux-gnu* prefix.
+ (substitute* "build/toolchain/linux/BUILD.gn"
+ (("aarch64-linux-gnu-") "")
+ (("arm-linux-gnueabihf-") ""))
+
#t))
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
With this addition it builds for me.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 31 Aug 2017 07:37:02 GMT) Full text and rfc822 format available.Message #38 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Efraim Flashner <efraim <at> flashner.co.il> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Thu, 31 Aug 2017 07:36:49 +0000
[Message part 1 (text/plain, inline)]
Efraim Flashner transcribed 2.2K bytes: > This built on aarch64 on core-updates in about 12.5 hours. I did need to > add the following substitution* to the package definition. As core-updates has been merged now, is this package good to go? I could build it on my x86_64 builder this afternoon if it requires one more check. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 10 Oct 2017 13:21:02 GMT) Full text and rfc822 format available.Message #41 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 10 Oct 2017 13:19:49 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 43K bytes: > Hello Guix! > > Attached is a patch for Chromium, a popular web browser. > > It requires the new ld wrapper from 'core-updates' and a very powerful > build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours). > > Note that I cannot guarantee timely delivery of security updates. Major > version upgrades are hugely painful, and almost always contain many > high-severity fixes. Should we mention that in the description? > > Happy for any feedback. Hi, could this patch be merged into master now? It would be too bad to see this gathering digitial dust. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 11 Oct 2017 19:53:02 GMT) Full text and rfc822 format available.Message #44 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: ng0 <ng0 <at> infotropique.org>, Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#28004] Chromium Date: Wed, 11 Oct 2017 21:52:46 +0200
Hi! ng0 <ng0 <at> infotropique.org> skribis: > Marius Bakke transcribed 43K bytes: >> Hello Guix! >> >> Attached is a patch for Chromium, a popular web browser. >> >> It requires the new ld wrapper from 'core-updates' and a very powerful >> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours). >> >> Note that I cannot guarantee timely delivery of security updates. Major >> version upgrades are hugely painful, and almost always contain many >> high-severity fixes. Should we mention that in the description? >> >> Happy for any feedback. > > Hi, > > could this patch be merged into master now? Probably (I think at the time Marius submitted it the ‘ld’ wrapper enhancements were not in ‘master’ yet.) For the security aspect though, given that it’s a fairly critical component, I’d like to have Leo’s opinion. Thoughts? > It would be too bad to see this gathering digitial dust. Indeed! Thanks, Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 12 Oct 2017 20:06:01 GMT) Full text and rfc822 format available.Message #47 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Thu, 12 Oct 2017 15:56:28 -0400
[Message part 1 (text/plain, inline)]
On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote: > ng0 <ng0 <at> infotropique.org> skribis: > > could this patch be merged into master now? > > Probably (I think at the time Marius submitted it the ‘ld’ wrapper > enhancements were not in ‘master’ yet.) > > For the security aspect though, given that it’s a fairly critical > component, I’d like to have Leo’s opinion. Thoughts? Any questions in particular? For me, the primary question is maintenance. As Marius pointed out when sending the patch, major version upgrades may be difficult, and timely delivery of security updates cannot be guaranteed. But these caveats apply to every package. [0] They aren't a reason to exclude Chromium from Guix. Now, if we add the Chromium package and then let if fall behind for weeks or months, that will be a problem, and we will need to remove it. It's relatively easy to remove packages of end-user applications, since it's rare that other packages depend on them. As always, I'm willing to help with security updates as much as my volunteer schedule allows. The other issue will be bugs caused by the use of non-bundled libraries. Presumably, important bugs are fixed in the bundled libraries before they are released by the upstream library (if ever). But again, this is an issue with all of our packages. We will address these issues when we find them. There was a new release last month, 61.0.3163. I'd like to try updating to it this weekend if I have the disk (does anyone know how much is required) and computing power. Then we can push :) [0] Users who really need to rely on the security of Chromium or Chrome should use the "official" installation from the Chromium or Google teams, and turn on auto-updates. Every update can be expected to fix critical bugs.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 12 Oct 2017 20:29:01 GMT) Full text and rfc822 format available.Message #50 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, Marius Bakke <mbakke <at> fastmail.com>, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Thu, 12 Oct 2017 20:28:18 +0000
[Message part 1 (text/plain, inline)]
Leo Famulari transcribed 2.9K bytes: > On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote: > > ng0 <ng0 <at> infotropique.org> skribis: > > > could this patch be merged into master now? > > > > Probably (I think at the time Marius submitted it the ‘ld’ wrapper > > enhancements were not in ‘master’ yet.) > > > > For the security aspect though, given that it’s a fairly critical > > component, I’d like to have Leo’s opinion. Thoughts? > > Any questions in particular? > > For me, the primary question is maintenance. > > As Marius pointed out when sending the patch, major version upgrades may > be difficult, and timely delivery of security updates cannot be > guaranteed. But these caveats apply to every package. [0] They aren't a > reason to exclude Chromium from Guix. > > Now, if we add the Chromium package and then let if fall behind for > weeks or months, that will be a problem, and we will need to remove it. > It's relatively easy to remove packages of end-user applications, since > it's rare that other packages depend on them. > > As always, I'm willing to help with security updates as much as my > volunteer schedule allows. > > The other issue will be bugs caused by the use of non-bundled libraries. > Presumably, important bugs are fixed in the bundled libraries before > they are released by the upstream library (if ever). But again, this is > an issue with all of our packages. We will address these issues when we > find them. > > There was a new release last month, 61.0.3163. I'd like to try updating > to it this weekend if I have the disk (does anyone know how much is > required) and computing power. Then we can push :) Around 8 GiB for a full build as far as I know, that is when you include debbuging symbols. So it's less than 8 GiB. > [0] Users who really need to rely on the security of Chromium or Chrome > should use the "official" installation from the Chromium or Google > teams, and turn on auto-updates. Every update can be expected to fix > critical bugs. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 13 Oct 2017 06:52:01 GMT) Full text and rfc822 format available.Message #53 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Fri, 13 Oct 2017 08:51:13 +0200
Heya, Leo Famulari <leo <at> famulari.name> skribis: > On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote: >> ng0 <ng0 <at> infotropique.org> skribis: >> > could this patch be merged into master now? >> >> Probably (I think at the time Marius submitted it the ‘ld’ wrapper >> enhancements were not in ‘master’ yet.) >> >> For the security aspect though, given that it’s a fairly critical >> component, I’d like to have Leo’s opinion. Thoughts? > > Any questions in particular? Not really, I was wondering about the Marius’ warning as to the difficulty of keeping it up-to-date. > For me, the primary question is maintenance. > > As Marius pointed out when sending the patch, major version upgrades may > be difficult, and timely delivery of security updates cannot be > guaranteed. But these caveats apply to every package. [0] They aren't a > reason to exclude Chromium from Guix. Right. A browser is particularly sensitive though. > Now, if we add the Chromium package and then let if fall behind for > weeks or months, that will be a problem, and we will need to remove it. > It's relatively easy to remove packages of end-user applications, since > it's rare that other packages depend on them. > > As always, I'm willing to help with security updates as much as my > volunteer schedule allows. > > The other issue will be bugs caused by the use of non-bundled libraries. > Presumably, important bugs are fixed in the bundled libraries before > they are released by the upstream library (if ever). But again, this is > an issue with all of our packages. We will address these issues when we > find them. Yeah. > There was a new release last month, 61.0.3163. I'd like to try updating > to it this weekend if I have the disk (does anyone know how much is > required) and computing power. Then we can push :) Sounds like a plan! > [0] Users who really need to rely on the security of Chromium or Chrome > should use the "official" installation from the Chromium or Google > teams, and turn on auto-updates. Every update can be expected to fix > critical bugs. I get your point, but OTOH getting binaries from Google is not something I feel like recommending. :-) I think we should make sure that our package does not call home in any way. That’s what I expect from a security- and privacy-conscious distro. WDYT? Thanks for your feedback! Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 18 Oct 2017 22:42:02 GMT) Full text and rfc822 format available.Message #56 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Ludovic Courtès <ludo <at> gnu.org>, Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Thu, 19 Oct 2017 00:41:01 +0200
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes: > I think we should make sure that our package does not call home in any > way. That’s what I expect from a security- and privacy-conscious > distro. Currently, it calls home at first launch, prompting for a login. But I've verified that it does not send any unsolicited requests for subsequent startups, as long as the user does not change the command-line flags. Anyway I'm attaching the current iteration of this patch. Chromium 62 is out today, I'll try to update this weekend and will push it after that in lieu of other feedback. I would be very happy if someone managed to complete the 62 upgrade before me, however! ;-)
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 19 Oct 2017 05:49:01 GMT) Full text and rfc822 format available.Message #59 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> infotropique.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> infotropique.org>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Thu, 19 Oct 2017 05:48:22 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 37K bytes: > Ludovic Courtès <ludo <at> gnu.org> writes: > > > I think we should make sure that our package does not call home in any > > way. That’s what I expect from a security- and privacy-conscious > > distro. > > Currently, it calls home at first launch, prompting for a login. But > I've verified that it does not send any unsolicited requests for > subsequent startups, as long as the user does not change the > command-line flags. Could the first launch just be a matter of changing what gets displayed at first launch? At least that's my current plan for meissa (my fork of Pale Moon), where the default is to visit a tracker including homepage. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Oct 2017 21:12:01 GMT) Full text and rfc822 format available.Message #62 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 24 Oct 2017 23:11:10 +0200
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes: > Anyway I'm attaching the current iteration of this patch. Chromium 62 > is out today, I'll try to update this weekend and will push it after > that in lieu of other feedback. Here is the interdiff for the 62 upgrade. I mixed in some unrelated changes after reading through Debians 61 refresh[0] and Archs 62 update[1], but overall it was straightforward (apart from the slow hack-test-fix cycle).
[chromium-62.diff (text/x-patch, inline)]
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 5693b70ff..f5ee95c2f 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -32,6 +32,7 @@
#:use-module (gnu packages curl)
#:use-module (gnu packages databases)
#:use-module (gnu packages fontutils)
+ #:use-module (gnu packages ghostscript)
#:use-module (gnu packages gl)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
@@ -84,7 +85,7 @@ HTTP(S) URI that returns a file with the given HASH."
,@(package-arguments opus)))))
;; Chromium since 58 depends on an unreleased libvpx. So, we
-;; package the latest master branch as of 2017-10-12.
+;; package the latest master branch as of 2017-10-22.
(define libvpx+experimental
(package
(inherit libvpx)
@@ -92,11 +93,11 @@ HTTP(S) URI that returns a file with the given HASH."
(method git-fetch)
(uri (git-reference
(url "https://chromium.googlesource.com/webm/libvpx")
- (commit "175b36cb6d2811c721d63277ba953ea817f32361")))
+ (commit "b58259ab55674cb028898a0ac9e8fdd3cf1d4b39")))
(file-name "libvpx-for-chromium-checkout")
(sha256
(base32
- "1j8ni29mcj74lfsc0hsha22zzp24ig53iki0id5bdfhzl8q1rpyk"))))
+ "0grx2p7add0qyycqvqiv3djk0i37xrg75phszg5mwnwd3ijv3qzj"))))
;; TODO: Make libvpx configure flags overrideable.
(arguments
`(#:phases
@@ -122,27 +123,15 @@ HTTP(S) URI that returns a file with the given HASH."
(define %chromium-gn-bootstrap.patch
(remote-patch "chromium-gn-bootstrap.patch"
"https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gn-bootstrap-r14.patch?id=\
-900e6203d4015711887137bcd03c913361dbf41f"
- "1050abvq24s1a5vd97d5ljb8bmv0wcdgkj3vk0scygkr1954qy4q"))
-
-(define %chromium-gcc-compat.patch
- (remote-patch "chromium-gcc-compat.patch"
- "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gcc-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
- "0n5bc1ckq83vlfzh5k3frh7cp7hyhxii89iq2v4jg46lblqgxkqi"))
+chromium/files/chromium-gn-bootstrap-r17.patch?id=\
+5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+ "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
(define %chromium-gcc-5-compat.patch
(remote-patch "chromium-gcc-5-compat.patch"
"https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-gcc5-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
- "0jz9sg24yzimcass3c3myynp3sf2c1rasrcwh7jn1gbbj4yp7j8v"))
-
-(define %chromium-atk-compat.patch
- (remote-patch "chromium-atk-compat.patch"
- "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/\
-chromium/files/chromium-atk-r1.patch?id=506399c6ac2ace6501429925a608db9d7e502bde"
- "13g9g1k9f3fqpgjhnlqvf5np6m58czr57zq1fqdf5y5nfyxrl3pw"))
+chromium/files/chromium-gcc5-r3.patch?id=5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
+ "0qwl396w2bnc4ww71q3621chh9rfnw1m3w6nbd55sbhq8yz6jnx0"))
(define %chromium-system-nspr.patch
(remote-patch "chromium-system-nspr.patch"
@@ -159,7 +148,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
(define-public chromium
(package
(name "chromium")
- (version "61.0.3163.100")
+ (version "62.0.3202.62")
(synopsis "Graphical web browser")
(source (origin
(method url-fetch)
@@ -168,13 +157,12 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
version ".tar.xz"))
(sha256
(base32
- "06r89jim9cq87668ya8wwk69hh17rl04cj94nb9c28v6mj69cda1"))
+ "0qn3pjq5n3ri3qh25wg5gd2as5a8wlkncqvi975xsab771833pz8"))
(patches (append (list %chromium-gn-bootstrap.patch
- %chromium-atk-compat.patch
- %chromium-gcc-compat.patch
%chromium-gcc-5-compat.patch
%chromium-system-nspr.patch
- %chromium-system-libevent.patch)
+ %chromium-system-libevent.patch
+ )
(search-patches
"chromium-system-icu.patch"
"chromium-disable-api-keys-warning.patch"
@@ -271,6 +259,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"third_party/catapult/tracing/third_party/oboe"
"third_party/ced"
"third_party/cld_3"
+ "third_party/crc32c"
"third_party/cros_system_api"
"third_party/dom_distiller_js"
"third_party/fips181"
@@ -307,7 +296,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"third_party/modp_b64"
"third_party/mt19937ar"
"third_party/node"
- "third_party/node/node_modules/vulcanize/third_party/UglifyJS2"
+ "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
"third_party/openmax_dl"
"third_party/ots"
"third_party/pdfium" ;TODO: can be built standalone.
@@ -320,6 +309,7 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"third_party/sfntly"
"third_party/skia"
"third_party/skia/third_party/vulkan"
+ "third_party/skia/third_party/gif"
"third_party/smhasher"
;; XXX the sources that include this are generated.
"third_party/speech-dispatcher"
@@ -419,9 +409,14 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"linux_use_bundled_binutils=false"
"use_custom_libcxx=false"
"use_sysroot=false"
+ "goma_dir=\"\""
+ "use_jumbo_build=true" ;speeds up compilation
+ "enable_precompiled_headers=false"
"remove_webcore_debug_symbols=true"
"enable_iterator_debugging=false"
+ "exclude_unwind_tables=true"
"override_build_date=\"01 01 2000 05:00:00\""
+ "use_unofficial_version_number=false"
;; Don't fail when using deprecated ffmpeg features.
"treat_warnings_as_errors=false"
"enable_nacl=false"
@@ -433,8 +428,14 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"use_official_google_api_keys=false"
;; Disable "field trials".
"fieldtrial_testing_like_official_build=true"
+ "enable_reading_list=false"
+ ;;"enable_reporting=false" ;XXX breaks the build
+ "use_openh264=true"
+ "use_system_freetype=true"
"use_system_libjpeg=true"
+ "use_system_lcms2=true"
+ "use_system_zlib=true"
;; This is currently not supported on Linux:
;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
;; "use_system_sqlite=true"
@@ -443,7 +444,6 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
"use_gnome_keyring=false" ; deprecated by libsecret
"use_xkbcommon=true"
"link_pulseaudio=true"
- "use_openh264=true"
;; Don't arbitrarily restrict formats supported by system ffmpeg.
"proprietary_codecs=true"
@@ -454,7 +454,6 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
;; Don't use bundled sources.
"rtc_build_json=false"
"rtc_build_libevent=false"
- "rtc_build_libjpeg=false"
"rtc_build_libvpx=false"
"rtc_build_opus=false"
"rtc_build_ssl=false"
@@ -595,8 +594,9 @@ plain/debian/patches/system/event.patch?id=64458c4216edd82503dc9366e2f4d80ae7c76
("gtk+-2" ,gtk+-2)
("gtk+" ,gtk+)
("harfbuzz" ,harfbuzz)
- ("icu4c" ,icu4c)
+ ("icu4c" ,icu4c-59.1)
("jsoncpp" ,jsoncpp)
+ ("lcms" ,lcms)
("libevent" ,libevent)
("libffi" ,libffi)
("libjpeg-turbo" ,libjpeg-turbo)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 55bc9f203..b12de6ff0 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -80,6 +81,23 @@ C/C++ part.")
(origin-patches (package-source icu4c))
(search-patches "icu4c-CVE-2017-14952.patch")))))))
+(define-public icu4c-59.1
+ (package
+ (inherit icu4c)
+ (version "59.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "http://download.icu-project.org/files/icu4c/"
+ version
+ "/icu4c-"
+ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
+ "-src.tgz"))
+ (patches (search-patches "icu4c-CVE-2017-14952.patch"))
+ (sha256
+ (base32
+ "1zkmbg2932ggvpgjp8pys0cj6z8bw087y8858009shkrjfpzscki"))))))
+
(define-public java-icu4j
(package
(name "java-icu4j")
[Message part 3 (text/plain, inline)]
Below is the full patch for convenience. I plan to commit it on Friday or Saturday, after a cosmetic check. Especially the description could use some work, and the grouping of "configure flags". One final note for future contributors is that Gentoo[2] is kind-of upstream for Chromium, as ChromiumOS is based on Portage and I've seen several Gentoo developers on the Chromium bug tracker. They often have early compatibility patches (e.g. when it invariably breaks with GCC). [0] https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/commit/?id=794aa1820460727711e534ea1042db7eebc1601d [1] https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/chromium&id=6ebdd8085de0b7c8bbc66e47b937271ab4a85fbd [2] https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Nov 2017 23:53:02 GMT) Full text and rfc822 format available.Message #65 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Ludovic Courtès <ludo <at> gnu.org>, Leo Famulari <leo <at> famulari.name> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org> Subject: Re: [bug#28004] Chromium Date: Mon, 06 Nov 2017 00:52:32 +0100
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes: > Ludovic Courtès <ludo <at> gnu.org> writes: > >> I think we should make sure that our package does not call home in any >> way. That’s what I expect from a security- and privacy-conscious >> distro. > > Currently, it calls home at first launch, prompting for a login. But > I've verified that it does not send any unsolicited requests for > subsequent startups, as long as the user does not change the > command-line flags. I tried picking two other Debian patches[0][1] to see if it helped with the annoying splash screen and decided to verify whether the browser still "calls home" from a clean profile. The last time I checked was many versions ago. After dismissing the sign-in dialog, the "New Tab Page" loads a regular Google search bar, and "pre-fills" two of the "most commonly used" slots with Chrome URLs, (still) downloading a bunch of data in the process. Not great, but maybe we could live with that if it was just for the first run (it wasn't; had to change search engine to prevent the New Tab Page from calling the mothership). To my great surprise, while watching tcpdump from a different window, it also called home *when I switched windows*. Every time the Chromium window was activated, some data was sent to Google servers. Going into settings and toggling the "Use a prediction service to help complete searches and URLs typed in the address bar" option (to off) disabled that behaviour. Not very confidence-instilling. I'm going to try to incorporate the "Inox Patchset"[2], which is a set of patches that attempts to remove all such misfeatures from Chromium. They seem to have managed to stay on top of recent Chromium development, unlike two other prominent privacy-focused "forks", so I'm optimistic. But it might take some weeks before the next update. Stay tuned.. [0] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch> [1] <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch> [2] <https://github.com/gcarq/inox-patchset>
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 10 Nov 2017 11:34:02 GMT) Full text and rfc822 format available.Message #68 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> To: guix-patches <at> gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 10 Nov 2017 09:33:05 -0200
As a continuation, directory-discuss started to discuss the Chromium issue once again ([1]). [1] <https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=%2Bsubject%3A%7BFSF+opinion+on+chromium%2C+QtWebEngine%2C+electron%7D&submit=Search%21&idxname=directory-discuss&max=20&result=normal&sort=date%3Alate>. Marius Bakke <mbakke <at> fastmail.com> writes: > I tried picking two other Debian patches[0][1] to see if it helped with > the annoying splash screen and decided to verify whether the browser > still "calls home" from a clean profile. The last time I checked was > many versions ago. > > After dismissing the sign-in dialog, the "New Tab Page" loads a regular > Google search bar, and "pre-fills" two of the "most commonly used" slots > with Chrome URLs, (still) downloading a bunch of data in the process. > > Not great, but maybe we could live with that if it was just for the > first run (it wasn't; had to change search engine to prevent the New Tab > Page from calling the mothership). > > To my great surprise, while watching tcpdump from a different window, it > also called home *when I switched windows*. Every time the Chromium > window was activated, some data was sent to Google servers. > > Going into settings and toggling the "Use a prediction service to help > complete searches and URLs typed in the address bar" option (to off) > disabled that behaviour. > > Not very confidence-instilling. > > I'm going to try to incorporate the "Inox Patchset"[2], which is a set > of patches that attempts to remove all such misfeatures from Chromium. > They seem to have managed to stay on top of recent Chromium development, > unlike two other prominent privacy-focused "forks", so I'm optimistic. > > But it might take some weeks before the next update. Stay tuned.. > > [0] > <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch> > [1] > <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch> > [2] <https://github.com/gcarq/inox-patchset>
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 04 Jan 2018 19:18:01 GMT) Full text and rfc822 format available.Message #71 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Thu, 4 Jan 2018 19:16:48 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 37K bytes:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>
> > I think we should make sure that our package does not call home in any
> > way. That’s what I expect from a security- and privacy-conscious
> > distro.
>
> Currently, it calls home at first launch, prompting for a login. But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.
>
> Anyway I'm attaching the current iteration of this patch. Chromium 62
> is out today, I'll try to update this weekend and will push it after
> that in lieu of other feedback.
>
> I would be very happy if someone managed to complete the 62 upgrade
> before me, however! ;-)
>
> From d6e3ef7f28a9bc4ace0c52e09b1e4bdde84e01e0 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
...
> +(define-public chromium
> + (package
> + (name "chromium")
...
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
What's the idea behind this? Did you test it? Do you have any guix build-system
using Chromium extensions as an example? So far this completely disables the
installation of any plugins and addons.
> +
> + (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + ;; We don't cross compile most packages, so get rid of the
> + ;; unnecessary ARCH-linux-gnu* prefix.
> + (substitute* "build/toolchain/linux/BUILD.gn"
> + (("aarch64-linux-gnu-") "")
> + (("arm-linux-gnueabihf-") ""))
> + #t))
> + (replace 'configure
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((gn-flags
> + (list
> + ;; See tools/gn/docs/cookbook.md and
> + ;; https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + "is_debug=false"
> + "is_official_build=false"
> + "is_clang=false"
> + "use_gold=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> + "override_build_date=\"01 01 2000 05:00:00\""
> + ;; Don't fail when using deprecated ffmpeg features.
> + "treat_warnings_as_errors=false"
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ; Don't use tcmalloc.
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if necessary.
> + ;; https://www.chromium.org/developers/how-tos/api-keys
> + "use_official_google_api_keys=false"
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + "use_system_libjpeg=true"
> + ;; This is currently not supported on Linux:
> + ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> + ;; "use_system_sqlite=true"
> + "use_gtk3=true"
> + "use_gconf=false" ; deprecated by gsettings
> + "use_gnome_keyring=false" ; deprecated by libsecret
> + "use_xkbcommon=true"
> + "link_pulseaudio=true"
> + "use_openh264=true"
> +
> + ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libjpeg=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> + ;; TODO: Package these.
> + "rtc_build_libsrtp=true" ; 2.0
> + "rtc_build_libyuv=true"
> + "rtc_build_openmax_dl=true"
> + "rtc_build_usrsctp=true"
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref inputs "openssl")
> + "/include/openssl\""))))
> +
> + ;; XXX: How portable is this.
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + (setenv "CC" "gcc")
> + (setenv "CXX" "g++")
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> + (and
> + ;; Build the "gn" tool.
> + (zero? (system* "python"
> + "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> + ;; Generate ninja build files.
> + (zero? (system* "./out/Release/gn" "gen" "out/Release"
> + (string-append "--args="
> + (string-join gn-flags " "))))))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (zero? (system* "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome"))))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out "/share/applications"))
> + (install-regexp (make-regexp "\\.(so|bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (mkdir-p applications)
> + (call-with-output-file (string-append applications
> + "/chromium.desktop")
> + (lambda (port)
> + (format port
> + "[Desktop Entry]~@
> + Name=Chromium~@
> + Comment=~a~@
> + Exec=~a~@
> + Icon=chromium.png~@
> + Type=Application~%" ,synopsis exe)))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p man)
> + (copy-file "chrome.1" (string-append man "/chromium.1"))
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
Same question here.
If you need help, there's at least 3 users of Chromium now. I'd like to read
your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
progress? Maybe we can team collaborate on this huge browser.
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + CHROMIUM_FLAGS=\"--disable-background-networking\"~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> + #t)))))))
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is/a/ :: https://ea.n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 08 Jan 2018 21:57:01 GMT) Full text and rfc822 format available.Message #74 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Mon, 08 Jan 2018 22:56:26 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes:
>> + (substitute* "chrome/common/chrome_paths.cc"
>> + (("/usr/share/chromium/extensions")
>> + ;; TODO: Add ~/.guix-profile.
>> + "/run/current-system/profile/share/chromium/extensions"))
>
> What's the idea behind this? Did you test it? Do you have any guix build-system
> using Chromium extensions as an example? So far this completely disables the
> installation of any plugins and addons.
The idea is to eventually be able to distribute extensions with Guix. I
added this path mostly to document it, but don't see how keeping the
default makes a difference. If you can place an extension in
/usr/share, you can also copy it to the system profile through your
config.scm, or symlink this location on a foreign distribution.
>> + (mkdir-p bin)
>> + ;; Add a thin wrapper to prevent the user from inadvertently
>> + ;; installing non-free software through the Web Store.
>> + ;; TODO: Discover extensions from the profile and pass
>> + ;; something like "--disable-extensions-except=...".
>
> Same question here.
The Web Store has serious freedom issues, thus we can not enable it by
default. Enabling it *must* be a conscious choice by the end user.
The TODO here is inspired by Debians wrapper script, which enumerates
the location where apt places extensions, and gives that list to
"--disable-extensions-except".
> If you need help, there's at least 3 users of Chromium now. I'd like to read
> your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> progress? Maybe we can team collaborate on this huge browser.
I do maintain this patch, but unfortunately not in a public repository.
I've attached the latest iteration here (sorry for squashed).
New since the last time are some fixes from the "Inox patchset" that
resolves most of the privacy issues. Namely removing the "login
wizard", changing to sensible defaults, and forcing the "classic" New
Tab Page that does not load a search engine.
Also, all patches have been moved to remote origins.
Testing and feedback welcome!
Currently there are two "important" (blocking?) TODOs left:
* Move the 'delete-bundled-software' phase to a source snippet.
Repacking the ~500MiB compressed tarball is *really* expensive. It
should also aid the licensing situation.
* Delete the two default entries from the "most used" list on the New
Tab page. The first run will download thumbnails for these sites,
leaking data. One of them also leads to the disabled-by-default
store, promoting non-free software.
I'm optimistic that fixing the second item will make the browser not
leak *any* data at launch with the default configuration. Which leads
to a third item: writing a system test that verifies that launching
Chromium does indeed not initiate any network traffic.
Anyway, here is the latest patch:
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 08 Jan 2018 23:22:02 GMT) Full text and rfc822 format available.Message #77 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Mon, 8 Jan 2018 23:20:42 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 39K bytes:
> ng0 <ng0 <at> n0.is> writes:
>
> >> + (substitute* "chrome/common/chrome_paths.cc"
> >> + (("/usr/share/chromium/extensions")
> >> + ;; TODO: Add ~/.guix-profile.
> >> + "/run/current-system/profile/share/chromium/extensions"))
> >
> > What's the idea behind this? Did you test it? Do you have any guix build-system
> > using Chromium extensions as an example? So far this completely disables the
> > installation of any plugins and addons.
>
> The idea is to eventually be able to distribute extensions with Guix. I
> added this path mostly to document it, but don't see how keeping the
> default makes a difference. If you can place an extension in
> /usr/share, you can also copy it to the system profile through your
> config.scm, or symlink this location on a foreign distribution.
>
> >> + (mkdir-p bin)
> >> + ;; Add a thin wrapper to prevent the user from inadvertently
> >> + ;; installing non-free software through the Web Store.
> >> + ;; TODO: Discover extensions from the profile and pass
> >> + ;; something like "--disable-extensions-except=...".
> >
> > Same question here.
>
> The Web Store has serious freedom issues, thus we can not enable it by
> default. Enabling it *must* be a conscious choice by the end user.
>
> The TODO here is inspired by Debians wrapper script, which enumerates
> the location where apt places extensions, and gives that list to
> "--disable-extensions-except".
>
> > If you need help, there's at least 3 users of Chromium now. I'd like to read
Actually more than 3: I have to make chromium accessible for work we agreed
on in GNU Taler (where the "How should we package extensions in a way that
works" comes in important, not just as a PoC/TODO).
> > your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> > progress? Maybe we can team collaborate on this huge browser.
>
> I do maintain this patch, but unfortunately not in a public repository.
Ah, ok.
> I've attached the latest iteration here (sorry for squashed).
Thanks
> New since the last time are some fixes from the "Inox patchset" that
> resolves most of the privacy issues. Namely removing the "login
> wizard", changing to sensible defaults, and forcing the "classic" New
> Tab Page that does not load a search engine.
Cool!
> Also, all patches have been moved to remote origins.
>
> Testing and feedback welcome!
I'll build it tomorrow or tonight (whenever my build of linux-mainline to
search for fixes for the i915 issue finishes) and report back.
So far I'um using your version 58and it works for me :)
> Currently there are two "important" (blocking?) TODOs left:
>
> * Move the 'delete-bundled-software' phase to a source snippet.
> Repacking the ~500MiB compressed tarball is *really* expensive. It
Yep. It takes a verrry long time, I've noticed this when I started
working on Chromium.
> should also aid the licensing situation.
> * Delete the two default entries from the "most used" list on the New
> Tab page. The first run will download thumbnails for these sites,
> leaking data. One of them also leads to the disabled-by-default
> store, promoting non-free software.
>
> I'm optimistic that fixing the second item will make the browser not
> leak *any* data at launch with the default configuration. Which leads
> to a third item: writing a system test that verifies that launching
> Chromium does indeed not initiate any network traffic.
>
> Anyway, here is the latest patch:
>
> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
>
> * gnu/packages/chromium.scm: New file.
> * gnu/local.mk: Record it.
> ---
> gnu/local.mk | 1 +
> gnu/packages/chromium.scm | 733 ++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 734 insertions(+)
> create mode 100644 gnu/packages/chromium.scm
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d4e841921..529fdd2be 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -89,6 +89,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/check.scm \
> %D%/packages/chemistry.scm \
> %D%/packages/chez.scm \
> + %D%/packages/chromium.scm \
> %D%/packages/ci.scm \
> %D%/packages/cinnamon.scm \
> %D%/packages/cmake.scm \
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..78cfb3097
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,733 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017 Marius Bakke <mbakke <at> fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages)
> + #:use-module (guix download)
> + #:use-module (guix git-download)
> + #:use-module (guix utils)
> + #:use-module (guix build-system gnu)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages assembly)
> + #:use-module (gnu packages base)
> + #:use-module (gnu packages bison)
> + #:use-module (gnu packages compression)
> + #:use-module (gnu packages cups)
> + #:use-module (gnu packages curl)
> + #:use-module (gnu packages databases)
> + #:use-module (gnu packages fontutils)
> + #:use-module (gnu packages ghostscript)
> + #:use-module (gnu packages gl)
> + #:use-module (gnu packages glib)
> + #:use-module (gnu packages gnome)
> + #:use-module (gnu packages gnuzilla)
> + #:use-module (gnu packages gperf)
> + #:use-module (gnu packages gtk)
> + #:use-module (gnu packages icu4c)
> + #:use-module (gnu packages image)
> + #:use-module (gnu packages libevent)
> + #:use-module (gnu packages libffi)
> + #:use-module (gnu packages libusb)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages kerberos)
> + #:use-module (gnu packages ninja)
> + #:use-module (gnu packages node)
> + #:use-module (gnu packages pciutils)
> + #:use-module (gnu packages photo)
> + #:use-module (gnu packages pkg-config)
> + #:use-module (gnu packages protobuf)
> + #:use-module (gnu packages pulseaudio)
> + #:use-module (gnu packages python)
> + #:use-module (gnu packages python-web)
> + #:use-module (gnu packages regex)
> + #:use-module (gnu packages serialization)
> + #:use-module (gnu packages speech)
> + #:use-module (gnu packages tls)
> + #:use-module (gnu packages valgrind)
> + #:use-module (gnu packages version-control)
> + #:use-module (gnu packages video)
> + #:use-module (gnu packages xiph)
> + #:use-module (gnu packages xml)
> + #:use-module (gnu packages xdisorg)
> + #:use-module (gnu packages xorg))
> +
> +(define (strip-directory-prefix pathspec)
> + "Return everything after the last '/' in PATHSPEC."
> + (let ((index (string-rindex pathspec #\/)))
> + (if index (string-drop pathspec (+ 1 index))
> + pathspec)))
> +
> +(define (chromium-patch-file-name pathspec)
> + (let ((patch-name (strip-directory-prefix pathspec)))
> + (if (string-prefix? "chromium-" patch-name)
> + patch-name
> + (string-append "chromium-" patch-name))))
> +
> +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
> +(define (debian-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
> + "/plain/debian/patches/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> + "/chromium/files/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> + revision "/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +(define opus+custom
> + (package (inherit opus)
> + (arguments
> + `(;; Opus Custom is an optional extension of the Opus
> + ;; specification that allows for unsupported frame
> + ;; sizes. Chromium requires that this is enabled.
> + #:configure-flags '("--enable-custom-modes")
> + ,@(package-arguments opus)))))
> +
> +;; Chromium since 58 depends on an unreleased libvpx. So, we
> +;; package the latest master branch as of 2018-01-07.
> +(define libvpx+experimental
> + (package
> + (inherit libvpx)
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://chromium.googlesource.com/webm/libvpx")
> + (commit "bed28a55f593efd3a71a3a9d05cf8bb25d15fa44")))
> + (file-name "libvpx-for-chromium-checkout")
> + (sha256
> + (base32
> + "0h01vmb8awzrb2xwqaz215v73yjdjf67hzdm2yfcz4h4qrvwf817"))))
> + ;; TODO: Make libvpx configure flags overrideable.
> + (arguments
> + `(#:phases
> + (modify-phases %standard-phases
> + (replace 'configure
> + (lambda* (#:key outputs #:allow-other-keys)
> + (setenv "CONFIG_SHELL" (which "bash"))
> + (let ((out (assoc-ref outputs "out")))
> + (setenv "LDFLAGS"
> + (string-append "-Wl,-rpath=" out "/lib"))
> + (zero? (system* "./configure"
> + "--enable-shared"
> + "--as=yasm"
> + ;; Limit size to avoid CVE-2015-1258
> + "--size-limit=16384x16384"
> + ;; Spatial SVC is an experimental VP9 encoder
> + ;; used by some packages (i.e. Chromium).
> + "--enable-experimental"
> + "--enable-spatial-svc"
> + (string-append "--prefix=" out)))))))
> + #:tests? #f)))) ; No tests.
> +
> +(define %chromium-gn-bootstrap.patch
> + (gentoo-patch "chromium-gn-bootstrap-r17.patch"
> + "5c9cf110bd61fa287a5c536760b5d8ed13f65d52"
> + "12wsq3bs46mvr7cinxvqjmbzymigm8yzf478r08y9l6sd3qij4yq"))
> +
> +(define %chromium-gcc-compat.patch
> + (gentoo-patch "chromium-gcc5-r4.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "18s152pkqzzw6grxj1m6mp3pc2x3ha2gyayw5hf2nhranak5wlkg"))
> +
> +(define %chromium-webkit-gcc-compat.patch
> + (gentoo-patch "chromium-gcc5-r5.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "0z7rggizzg85wfr8zhw0yfwd3q69lsh3yp297s939jgzp66cwwkw"))
> +
> +(define %chromium-webrtc-gcc-compat.patch
> + (gentoo-patch "chromium-webrtc-r0.patch"
> + "1c5423aab094796b3da7a2905f02cbdcdd6a7742"
> + "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
> +
> +(define %chromium-system-nspr.patch
> + (debian-patch "system/nspr.patch"
> + "debian/63.0.3239.40-1"
> + "07a0q3khz77gk0rxzp965pjzhly5r08k019pinss18xc1caj971s"))
> +
> +(define %chromium-system-libevent.patch
> + (debian-patch "system/event.patch"
> + "debian/63.0.3239.40-1"
> + "0604ia06w40zn66d85in03xg3hd6144y8b222kzyc9nzhq3xm2pc"))
> +
> +(define %chromium-system-icu.patch
> + (debian-patch "system/icu.patch"
> + "debian/63.0.3239.40-1"
> + "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
> +
> +(define %chromium-disable-api-keys-warning.patch
> + (debian-patch "disable/google-api-warning.patch"
> + "36794e57f1f97068640c6845dbeb9291155893c0"
> + "11llghxm0a75kb8fnpy6ky8ix4f1kk7n0c0zfcpwxsx05pask11m"))
> +
> +(define %chromium-external-components.patch
> + (debian-patch "disable/external-components.patch"
> + "debian/63.0.3239.40-1"
> + "1i3b801hjafxv7djk7cl7nj2skxid0vysf12yjr364db949f164l"))
> +
> +(define %chromium-duckduckgo.patch
> + (inox-patch "0011-add-duckduckgo-search-engine.patch"
> + "5af0e6187c22471b8cb803f6dda6738f23a530e7"
> + "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
> +
> +;; Don't start a "Login Wizard" at first launch.
> +(define %chromium-first-run.patch
> + (inox-patch "0018-disable-first-run-behaviour.patch"
> + "3336bb286ea054271ac2199cf374e96c64ed53cf"
> + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
> +
> +;; Use privacy-preserving defaults.
> +(define %chromium-default-preferences.patch
> + (inox-patch "0006-modify-default-prefs.patch"
> + "3336bb286ea054271ac2199cf374e96c64ed53cf"
> + "1h8ycmn00yvciq3r5jcdqmsl4grqv8izgwi6a20kijz2baxxr888"))
> +
> +;; Recent versions of Chromium may load a remote search engine on the
> +;; New Tab Page, causing unnecessary and involuntary network traffic.
> +(define %chromium-restore-classic-ntp.patch
> + (inox-patch "0008-restore-classic-ntp.patch"
> + "2f60b788bff89bde11ac802d4c19093661cd23f7"
> + "00icvb0r1p3s7i2xy8kv1lpam96cxgn6c3s9bc6wv3dpi3d722p2"))
> +
> +(define-public chromium
> + (package
> + (name "chromium")
> + (version "63.0.3239.132")
> + (synopsis "Graphical web browser")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://commondatastorage.googleapis.com/"
> + "chromium-browser-official/chromium-"
> + version ".tar.xz"))
> + (sha256
> + (base32
> + "139x3cbc5pa14x69493ic8i2ank12c9fwiq6pqm11aps88n6ri44"))
> + (patches (list ;%chromium-gn-bootstrap.patch
> + %chromium-gcc-compat.patch
> + %chromium-webkit-gcc-compat.patch
> + %chromium-webrtc-gcc-compat.patch
> + %chromium-duckduckgo.patch
> + %chromium-default-preferences.patch
> + %chromium-first-run.patch
> + %chromium-restore-classic-ntp.patch
> + %chromium-system-icu.patch
> + %chromium-system-nspr.patch
> + %chromium-system-libevent.patch
> + %chromium-disable-api-keys-warning.patch))
> + (modules '((srfi srfi-1)
> + (guix build utils)))
> + (snippet
> + '(begin
> + ;; Replace GN files from third_party with shims for building
> + ;; against system libraries. Keep this list in sync with
> + ;; "build/linux/unbundle/replace_gn_files.py".
> + (for-each (lambda (pair)
> + (let ((source (string-append
> + "build/linux/unbundle/" (car pair)))
> + (dest (cdr pair)))
> + (copy-file source dest)))
> + (list
> + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> + '("flac.gn" . "third_party/flac/BUILD.gn")
> + '("freetype.gn" . "third_party/freetype/BUILD.gn")
> + ;; XXX: This broke in 63.
> + ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
> + '("icu.gn" . "third_party/icu/BUILD.gn")
> + '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> + '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> + '("libjpeg.gn" .
> + "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
> + '("libpng.gn" . "third_party/libpng/BUILD.gn")
> + '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> + '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> + ;;'("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
> + '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> + '("openh264.gn" . "third_party/openh264/BUILD.gn")
> + '("opus.gn" . "third_party/opus/BUILD.gn")
> + '("re2.gn" . "third_party/re2/BUILD.gn")
> + '("snappy.gn" . "third_party/snappy/BUILD.gn")
> + '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> + '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> + #t))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:tests? #f
> + ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> + ;; it's not recognized when passed.
> + #:validate-runpath? #f
> + #:modules ((srfi srfi-26)
> + (ice-9 ftw)
> + (ice-9 regex)
> + (guix build gnu-build-system)
> + (guix build utils))
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'remove-bundled-software
> + (lambda _
> + (let ((keep-libs
> + (list
> + ;; Third party folders that cannot be deleted yet.
> + "base/third_party/dmg_fp"
> + "base/third_party/dynamic_annotations"
> + "base/third_party/icu"
> + "base/third_party/libevent"
> + "base/third_party/nspr"
> + "base/third_party/superfasthash"
> + "base/third_party/symbolize" ; glog
> + "base/third_party/xdg_mime"
> + "base/third_party/xdg_user_dirs"
> + "buildtools/third_party/libc++"
> + "chrome/third_party/mozilla_security_manager"
> + "courgette/third_party"
> + "net/third_party/mozilla_security_manager"
> + "net/third_party/nss"
> + "third_party/adobe/flash/flapper_version.h"
> + ;; FIXME: This is used in:
> + ;; * ui/webui/resources/js/analytics.js
> + ;; * ui/file_manager/
> + "third_party/analytics"
> + "third_party/angle"
> + "third_party/angle/src/common/third_party/base"
> + "third_party/angle/src/common/third_party/smhasher"
> + "third_party/angle/src/third_party/compiler"
> + "third_party/angle/src/third_party/libXNVCtrl"
> + "third_party/angle/src/third_party/trace_event"
> + "third_party/blink"
> + "third_party/boringssl"
> + "third_party/breakpad"
> + "third_party/brotli"
> + "third_party/cacheinvalidation"
> + "third_party/catapult"
> + "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> + "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> + "third_party/catapult/third_party/polymer"
> + "third_party/catapult/tracing/third_party/d3"
> + "third_party/catapult/tracing/third_party/gl-matrix"
> + "third_party/catapult/tracing/third_party/jszip"
> + "third_party/catapult/tracing/third_party/mannwhitneyu"
> + "third_party/catapult/tracing/third_party/oboe"
> + "third_party/catapult/tracing/third_party/pako"
> + "third_party/ced"
> + "third_party/cld_3"
> + "third_party/crc32c"
> + "third_party/cros_system_api"
> + "third_party/dom_distiller_js"
> + "third_party/fips181"
> + "third_party/flatbuffers"
> + ;; XXX Needed by pdfium since 59.
> + "third_party/freetype"
> + "third_party/glslang-angle"
> + "third_party/google_input_tools"
> + "third_party/google_input_tools/third_party/closure_library"
> + (string-append "third_party/google_input_tools/third_party"
> + "/closure_library/third_party/closure")
> + "third_party/googletest"
> + "third_party/harfbuzz-ng" ;XXX why is this required in 63+
> + "third_party/hunspell"
> + "third_party/iccjpeg"
> + "third_party/inspector_protocol"
> + "third_party/jinja2"
> + "third_party/jstemplate"
> + "third_party/khronos"
> + "third_party/leveldatabase"
> + "third_party/libXNVCtrl"
> + "third_party/libaddressinput"
> + "third_party/libjingle_xmpp"
> + "third_party/libphonenumber"
> + "third_party/libsecret" ;FIXME: needs pkg-config support.
> + "third_party/libsrtp" ;TODO: Requires libsrtp <at> 2.
> + "third_party/libudev"
> + "third_party/libwebm"
> + "third_party/libxml" ;FIXME: Unbundle (again).
> + "third_party/libyuv"
> + "third_party/lss"
> + "third_party/lzma_sdk"
> + "third_party/markupsafe"
> + "third_party/mesa"
> + "third_party/modp_b64"
> + "third_party/mt19937ar"
> + "third_party/node"
> + "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
> + "third_party/openmax_dl"
> + "third_party/ots"
> + "third_party/pdfium"
> + "third_party/pdfium/third_party"
> + "third_party/ply"
> + "third_party/polymer"
> + "third_party/protobuf"
> + "third_party/protobuf/third_party/six"
> + "third_party/qcms"
> + "third_party/sfntly"
> + "third_party/skia"
> + "third_party/skia/third_party/vulkan"
> + "third_party/skia/third_party/gif"
> + "third_party/smhasher"
> + "third_party/speech-dispatcher"
> + "third_party/spirv-headers"
> + "third_party/spirv-tools-angle"
> + "third_party/sqlite"
> + "third_party/swiftshader"
> + "third_party/swiftshader/third_party"
> + "third_party/usb_ids"
> + "third_party/usrsctp"
> + "third_party/vulkan"
> + "third_party/vulkan-validation-layers"
> + "third_party/WebKit"
> + "third_party/web-animations-js"
> + "third_party/webrtc"
> + "third_party/widevine/cdm/widevine_cdm_version.h"
> + "third_party/widevine/cdm/widevine_cdm_common.h"
> + "third_party/woff2"
> + "third_party/xdg-utils"
> + "third_party/yasm/run_yasm.py"
> + "third_party/zlib/google"
> + "url/third_party/mozilla"
> + "v8/src/third_party/valgrind"
> + "v8/third_party/inspector_protocol")))
> + ;; FIXME: implement as source snippet. This traverses
> + ;; any "third_party" directory and deletes files that are:
> + ;; * not ending with ".gn" or ".gni"; or
> + ;; * not explicitly named as argument (folder or file).
> + (zero? (apply system* "python"
> + "build/linux/unbundle/remove_bundled_libraries.py"
> + "--do-remove" keep-libs)))))
> + (add-after 'remove-bundled-software 'patch-stuff
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "printing/cups_config_helper.py"
> + (("cups_config =.*")
> + (string-append "cups_config = '" (assoc-ref inputs "cups")
> + "/bin/cups-config'\n")))
> +
> + (substitute*
> + '("base/process/launch_posix.cc"
> + "base/third_party/dynamic_annotations/dynamic_annotations.c"
> + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> + "sandbox/linux/services/credentials.cc"
> + "sandbox/linux/services/namespace_utils.cc"
> + "sandbox/linux/services/syscall_wrappers.cc"
> + "sandbox/linux/syscall_broker/broker_host.cc")
> + (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> + (for-each (lambda (file)
> + (substitute* file
> + ;; Fix opus include path.
> + ;; Do not substitute opus_private.h.
> + (("#include \"opus\\.h\"")
> + "#include \"opus/opus.h\"")
> + (("#include \"opus_custom\\.h\"")
> + "#include \"opus/opus_custom.h\"")
> + (("#include \"opus_defines\\.h\"")
> + "#include \"opus/opus_defines.h\"")
> + (("#include \"opus_multistream\\.h\"")
> + "#include \"opus/opus_multistream.h\"")
> + (("#include \"opus_types\\.h\"")
> + "#include \"opus/opus_types.h\"")))
> + (append (find-files "third_party/opus/src/celt")
> + (find-files "third_party/opus/src/src")
> + (find-files (string-append "third_party/webrtc/modules"
> + "/audio_coding/codecs/opus"))))
> +
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
> +
> + (substitute*
> + "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + ;; We don't cross compile most packages, so get rid of the
> + ;; unnecessary ARCH-linux-gnu* prefix.
> + (substitute* "build/toolchain/linux/BUILD.gn"
> + (("aarch64-linux-gnu-") "")
> + (("arm-linux-gnueabihf-") ""))
> + #t))
> + (replace 'configure
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((gn-flags
> + (list
> + ;; See tools/gn/docs/cookbook.md and
> + ;; https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + "is_debug=false"
> + "is_official_build=false"
> + "is_clang=false"
> + "use_gold=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "goma_dir=\"\""
> + "enable_precompiled_headers=false"
> + "use_jumbo_build=true" ;speeds up build
> + ;; Use a deterministic version identifier.
> + "override_build_date=\"01 01 2000 05:00:00\""
> + "use_unofficial_version_number=false"
> + ;; Disable debugging features to save space.
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> + ;; Don't fail when using deprecated ffmpeg features.
> + "treat_warnings_as_errors=false"
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ;don't use tcmalloc
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if necessary.
> + ;; https://www.chromium.org/developers/how-tos/api-keys
> + "use_official_google_api_keys=false"
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + "use_system_freetype=true"
> + ;; FIXME: Try enabling this for 63+.
> + ;;"use_system_harfbuzz=true"
> + "use_system_libjpeg=true"
> + "use_system_lcms2=true"
> + "use_system_zlib=true"
> + ;; This is currently not supported on Linux:
> + ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> + ;; "use_system_sqlite=true"
> + "use_gconf=false" ; deprecated by gsettings
> + "use_gnome_keyring=false" ; deprecated by libsecret
> + "use_gtk3=true"
> + "use_openh264=true"
> + "use_xkbcommon=true"
> + "link_pulseaudio=true"
> +
> + ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> + ;; TODO: Package these.
> + "rtc_build_libsrtp=true" ; 2.0
> + "rtc_build_libyuv=true"
> + "rtc_build_openmax_dl=true"
> + "rtc_build_usrsctp=true"
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref inputs "openssl")
> + "/include/openssl\""))))
> +
> + ;; XXX: How portable is this.
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + (setenv "CC" "gcc")
> + (setenv "CXX" "g++")
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> + (and
> + ;; Build the "gn" tool.
> + (zero? (system* "python"
> + "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
> + ;; Generate ninja build files.
> + (zero? (system* "./out/Release/gn" "gen" "out/Release"
> + (string-append "--args="
> + (string-join gn-flags " "))))))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (zero? (system* "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome"))))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out "/share/applications"))
> + (install-regexp (make-regexp "\\.(bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (substitute* '("chrome/app/resources/manpage.1.in"
> + "chrome/installer/linux/common/desktop.template")
> + (("@@MENUNAME@@") "Chromium")
> + (("@@PACKAGE@@") "chromium")
> + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> + (mkdir-p man)
> + (copy-file "chrome/app/resources/manpage.1.in"
> + (string-append man "/chromium.1"))
> + (mkdir-p applications)
> + (copy-file "chrome/installer/linux/common/desktop.template"
> + (string-append applications "/chromium.desktop"))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\" \\~@
> + --disable-background-networking \\~@
> + --disable-extensions \\~@
> + \"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> + #t)))))))
> + (native-inputs
> + `(("bison" ,bison)
> + ("git" ,git) ;last_commit_position.py
> + ("gperf" ,gperf)
> + ("ninja" ,ninja)
> + ("node" ,node)
> + ("pkg-config" ,pkg-config)
> + ("which" ,which)
> + ("yasm" ,yasm)
> +
> + ("python-beautifulsoup4" ,python2-beautifulsoup4)
> + ("python-html5lib" ,python2-html5lib)
> + ("python" ,python-2)))
> + (inputs
> + `(("alsa-lib" ,alsa-lib)
> + ("atk" ,atk)
> + ("cups" ,cups)
> + ("curl" ,curl)
> + ("dbus" ,dbus)
> + ("dbus-glib" ,dbus-glib)
> + ("expat" ,expat)
> + ("flac" ,flac)
> + ("ffmpeg" ,ffmpeg)
> + ("fontconfig" ,fontconfig)
> + ("freetype" ,freetype)
> + ("gdk-pixbuf" ,gdk-pixbuf)
> + ("glib" ,glib)
> + ("gtk+-2" ,gtk+-2)
> + ("gtk+" ,gtk+)
> + ("harfbuzz" ,harfbuzz)
> + ("icu4c" ,icu4c-59.1)
> + ("jsoncpp" ,jsoncpp)
> + ("lcms" ,lcms)
> + ("libevent" ,libevent)
> + ("libffi" ,libffi)
> + ("libjpeg-turbo" ,libjpeg-turbo)
> + ("libpng" ,libpng)
> + ("libusb" ,libusb)
> + ("libvpx" ,libvpx+experimental)
> + ("libwebp" ,libwebp)
> + ("libx11" ,libx11)
> + ("libxcb" ,libxcb)
> + ("libxcomposite" ,libxcomposite)
> + ("libxcursor" ,libxcursor)
> + ("libxdamage" ,libxdamage)
> + ("libxext" ,libxext)
> + ("libxfixes" ,libxfixes)
> + ("libxi" ,libxi)
> + ("libxkbcommon" ,libxkbcommon)
> + ("libxml2" ,libxml2)
> + ("libxrandr" ,libxrandr)
> + ("libxrender" ,libxrender)
> + ("libxscrnsaver" ,libxscrnsaver)
> + ("libxslt" ,libxslt)
> + ("libxtst" ,libxtst)
> + ("mesa" ,mesa)
> + ("minizip" ,minizip)
> + ("mit-krb5" ,mit-krb5)
> + ("nss" ,nss)
> + ("openh264" ,openh264)
> + ("openssl" ,openssl)
> + ("opus" ,opus+custom)
> + ("pango" ,pango)
> + ("pciutils" ,pciutils)
> + ("protobuf" ,protobuf)
> + ("pulseaudio" ,pulseaudio)
> + ("re2" ,re2)
> + ("snappy" ,snappy)
> + ("speech-dispatcher" ,speech-dispatcher)
> + ("sqlite" ,sqlite)
> + ("udev" ,eudev)
> + ("valgrind" ,valgrind)))
> + (home-page "https://www.chromium.org/")
> + (description
> + "Chromium is a web browser using the @code{Blink} rendering engine.")
> + ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> + ;; software with other licenses. For full information, see chrome://credits.
> + (license (list license:bsd-3
> + license:bsd-2
> + license:expat
> + license:asl2.0
> + license:mpl2.0
> + license:public-domain
> + license:lgpl2.1+))))
> --
> 2.15.1
>
Many thanks for your ongoing work with this (and the patience :))
As this is 63, you you are keeping track of Debian, right? I tried
to package 64 a couple of days ago because I wanted the workaround
for some of the recent security clusterfucks, but Debian is still
on 63 :/
I hope they'll update their patchset soon.
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is/a/ :: https://ea.n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 08 Jan 2018 23:41:01 GMT) Full text and rfc822 format available.Message #80 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 09 Jan 2018 00:40:09 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > Many thanks for your ongoing work with this (and the patience :)) > As this is 63, you you are keeping track of Debian, right? I tried > to package 64 a couple of days ago because I wanted the workaround > for some of the recent security clusterfucks, but Debian is still > on 63 :/ > I hope they'll update their patchset soon. I track the upstream stable branch, which is currently 63. https://www.chromestatus.com/features/schedule (see also <https://chromereleases.googleblog.com/> for updates)
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 09 Jan 2018 06:59:02 GMT) Full text and rfc822 format available.Message #83 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Tue, 9 Jan 2018 06:58:00 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 39K bytes: > Testing and feedback welcome! > > Currently there are two "important" (blocking?) TODOs left: > > * Move the 'delete-bundled-software' phase to a source snippet. > Repacking the ~500MiB compressed tarball is *really* expensive. It > should also aid the licensing situation. > * Delete the two default entries from the "most used" list on the New > Tab page. The first run will download thumbnails for these sites, > leaking data. One of them also leads to the disabled-by-default > store, promoting non-free software. > > I'm optimistic that fixing the second item will make the browser not > leak *any* data at launch with the default configuration. Which leads > to a third item: writing a system test that verifies that launching > Chromium does indeed not initiate any network traffic. > > Anyway, here is the latest patch: > > From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001 > From: Marius Bakke <mbakke <at> fastmail.com> > Date: Wed, 12 Oct 2016 17:25:05 +0100 > Subject: [PATCH] gnu: Add chromium. > > * gnu/packages/chromium.scm: New file. > * gnu/local.mk: Record it. I think you forgot a package: gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable -- GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is/a/ :: https://ea.n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 12 Jan 2018 00:04:02 GMT) Full text and rfc822 format available.Message #86 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Fri, 12 Jan 2018 01:03:00 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > Marius Bakke transcribed 39K bytes: > >> Testing and feedback welcome! >> >> Currently there are two "important" (blocking?) TODOs left: >> >> * Move the 'delete-bundled-software' phase to a source snippet. >> Repacking the ~500MiB compressed tarball is *really* expensive. It >> should also aid the licensing situation. >> * Delete the two default entries from the "most used" list on the New >> Tab page. The first run will download thumbnails for these sites, >> leaking data. One of them also leads to the disabled-by-default >> store, promoting non-free software. >> >> I'm optimistic that fixing the second item will make the browser not >> leak *any* data at launch with the default configuration. Which leads >> to a third item: writing a system test that verifies that launching >> Chromium does indeed not initiate any network traffic. >> >> Anyway, here is the latest patch: >> > >> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001 >> From: Marius Bakke <mbakke <at> fastmail.com> >> Date: Wed, 12 Oct 2016 17:25:05 +0100 >> Subject: [PATCH] gnu: Add chromium. >> >> * gnu/packages/chromium.scm: New file. >> * gnu/local.mk: Record it. > > I think you forgot a package: > > gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable Indeed. This can now be changed to use the regular "icu4c" package. Tangentially, these kinds of problems are typical with new Chromium releases. In 63 or later, system harfbuzz had to be disabled. If we are going to carry this package, changes like these *will* be normal. Upstream only tests their releases with Clang, and with the bundled versions of packages, regardless of the unbundling script. Not great.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 12 Jan 2018 00:10:02 GMT) Full text and rfc822 format available.Message #89 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Fri, 12 Jan 2018 01:09:04 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > Many thanks for your ongoing work with this (and the patience :)) > As this is 63, you you are keeping track of Debian, right? I tried > to package 64 a couple of days ago because I wanted the workaround > for some of the recent security clusterfucks, but Debian is still > on 63 :/ > I hope they'll update their patchset soon. Indeed Google did not add the Spectre mitigation to Chromium 63, even though the latest version was released after the fact. https://xlab.tencent.com/special/spectre/spectre_check.html For reasons that beat me, they only added it to the proprietary Chrome browser, which follows the same version number as Chromium. The attached patch adds Spectre mitigation to the current Chromium release. The patch was pulled from the Chrome 64 branch:
[0001-gnu-chromium-Add-spectre-mitigation.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 12 Jan 2018 08:39:01 GMT) Full text and rfc822 format available.Message #92 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Fri, 12 Jan 2018 09:38:19 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 2.3K bytes: > ng0 <ng0 <at> n0.is> writes: > > > Marius Bakke transcribed 39K bytes: > > > >> Testing and feedback welcome! > >> > >> Currently there are two "important" (blocking?) TODOs left: > >> > >> * Move the 'delete-bundled-software' phase to a source snippet. > >> Repacking the ~500MiB compressed tarball is *really* expensive. It > >> should also aid the licensing situation. > >> * Delete the two default entries from the "most used" list on the New > >> Tab page. The first run will download thumbnails for these sites, > >> leaking data. One of them also leads to the disabled-by-default > >> store, promoting non-free software. > >> > >> I'm optimistic that fixing the second item will make the browser not > >> leak *any* data at launch with the default configuration. Which leads > >> to a third item: writing a system test that verifies that launching > >> Chromium does indeed not initiate any network traffic. > >> > >> Anyway, here is the latest patch: > >> > > > >> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001 > >> From: Marius Bakke <mbakke <at> fastmail.com> > >> Date: Wed, 12 Oct 2016 17:25:05 +0100 > >> Subject: [PATCH] gnu: Add chromium. > >> > >> * gnu/packages/chromium.scm: New file. > >> * gnu/local.mk: Record it. > > > > I think you forgot a package: > > > > gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable > > Indeed. This can now be changed to use the regular "icu4c" package. Okay, will change. Thanks! > Tangentially, these kinds of problems are typical with new Chromium > releases. In 63 or later, system harfbuzz had to be disabled. If we > are going to carry this package, changes like these *will* be normal. > > Upstream only tests their releases with Clang, and with the bundled > versions of packages, regardless of the unbundling script. Not great. Yeah. I've been there, and read the frustration of other packagers when I worked on getting a basic skeleton of chromium + dependencies ready one(?) year ago. -- GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is/a/ :: https://ea.n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 13 Jan 2018 18:03:01 GMT) Full text and rfc822 format available.Message #95 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sat, 13 Jan 2018 19:02:35 +0000
[Message part 1 (text/plain, inline)]
I just got a bug report for the build via:
guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
guix package --install chromium
Failing with the attached build log excerpt. We are not FreeBSD, but I found
this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
Maybe it helps to debug this, or maybe you've encountered this before.
I myself have been able to build this without issues on two systems.
All mentioned systems are GuixSD.
This should be a blocker, but maybe a head-up in potential build issues.
Marius Bakke transcribed 4.5K bytes:
> ng0 <ng0 <at> n0.is> writes:
>
> > Many thanks for your ongoing work with this (and the patience :))
> > As this is 63, you you are keeping track of Debian, right? I tried
> > to package 64 a couple of days ago because I wanted the workaround
> > for some of the recent security clusterfucks, but Debian is still
> > on 63 :/
> > I hope they'll update their patchset soon.
>
> Indeed Google did not add the Spectre mitigation to Chromium 63, even
> though the latest version was released after the fact.
>
> https://xlab.tencent.com/special/spectre/spectre_check.html
>
> For reasons that beat me, they only added it to the proprietary Chrome
> browser, which follows the same version number as Chromium.
>
> The attached patch adds Spectre mitigation to the current Chromium
> release. The patch was pulled from the Chrome 64 branch:
>
> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.
> ---
> gnu/local.mk | 1 +
> gnu/packages/chromium.scm | 3 ++-
> gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> 3 files changed, 16 insertions(+), 1 deletion(-)
> create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 513f64043..89dab227c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -575,6 +575,7 @@ dist_patch_DATA = \
> %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> %D%/packages/patches/chmlib-inttypes.patch \
> + %D%/packages/patches/chromium-spectre-mitigation.patch \
> %D%/packages/patches/clang-libc-search-path.patch \
> %D%/packages/patches/clang-3.8-libc-search-path.patch \
> %D%/packages/patches/clementine-use-openssl.patch \
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index dd040527b..1e9dba42e 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -240,7 +240,8 @@
> %chromium-system-icu.patch
> %chromium-system-nspr.patch
> %chromium-system-libevent.patch
> - %chromium-disable-api-keys-warning.patch))
> + %chromium-disable-api-keys-warning.patch
> + (search-patch "chromium-spectre-mitigation.patch")))
> (modules '((srfi srfi-1)
> (guix build utils)))
> (snippet
> diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> new file mode 100644
> index 000000000..a44a3bce4
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> @@ -0,0 +1,13 @@
> +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> +index 43feb76..33a49b8 100644
> +--- a/content/public/common/content_features.cc
> ++++ b/content/public/common/content_features.cc
> +@@ -308,7 +308,7 @@
> +
> + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> +- base::FEATURE_ENABLED_BY_DEFAULT};
> ++ base::FEATURE_DISABLED_BY_DEFAULT};
> +
> + // An experiment to require process isolation for the sign-in origin,
> + // https://accounts.google.com. Launch bug: https://crbug.com/739418.
> --
> 2.15.1
>
--
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 13 Jan 2018 18:15:04 GMT) Full text and rfc822 format available.Message #98 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sat, 13 Jan 2018 19:13:57 +0000
[Message part 1 (text/plain, inline)]
ng0 transcribed 5.6K bytes:
> I just got a bug report for the build via:
>
> guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
> guix package --install chromium
>
> Failing with the attached build log excerpt. We are not FreeBSD, but I found
> this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> Maybe it helps to debug this, or maybe you've encountered this before.
>
> I myself have been able to build this without issues on two systems.
>
> All mentioned systems are GuixSD.
>
this time with attached file.
> This should be a blocker, but maybe a head-up in potential build issues.
> Marius Bakke transcribed 4.5K bytes:
> > ng0 <ng0 <at> n0.is> writes:
> >
> > > Many thanks for your ongoing work with this (and the patience :))
> > > As this is 63, you you are keeping track of Debian, right? I tried
> > > to package 64 a couple of days ago because I wanted the workaround
> > > for some of the recent security clusterfucks, but Debian is still
> > > on 63 :/
> > > I hope they'll update their patchset soon.
> >
> > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > though the latest version was released after the fact.
> >
> > https://xlab.tencent.com/special/spectre/spectre_check.html
> >
> > For reasons that beat me, they only added it to the proprietary Chrome
> > browser, which follows the same version number as Chromium.
> >
> > The attached patch adds Spectre mitigation to the current Chromium
> > release. The patch was pulled from the Chrome 64 branch:
> >
>
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke <at> fastmail.com>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> >
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > ---
> > gnu/local.mk | 1 +
> > gnu/packages/chromium.scm | 3 ++-
> > gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> > 3 files changed, 16 insertions(+), 1 deletion(-)
> > create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> >
> > diff --git a/gnu/local.mk b/gnu/local.mk
> > index 513f64043..89dab227c 100644
> > --- a/gnu/local.mk
> > +++ b/gnu/local.mk
> > @@ -575,6 +575,7 @@ dist_patch_DATA = \
> > %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> > %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> > %D%/packages/patches/chmlib-inttypes.patch \
> > + %D%/packages/patches/chromium-spectre-mitigation.patch \
> > %D%/packages/patches/clang-libc-search-path.patch \
> > %D%/packages/patches/clang-3.8-libc-search-path.patch \
> > %D%/packages/patches/clementine-use-openssl.patch \
> > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > index dd040527b..1e9dba42e 100644
> > --- a/gnu/packages/chromium.scm
> > +++ b/gnu/packages/chromium.scm
> > @@ -240,7 +240,8 @@
> > %chromium-system-icu.patch
> > %chromium-system-nspr.patch
> > %chromium-system-libevent.patch
> > - %chromium-disable-api-keys-warning.patch))
> > + %chromium-disable-api-keys-warning.patch
> > + (search-patch "chromium-spectre-mitigation.patch")))
> > (modules '((srfi srfi-1)
> > (guix build utils)))
> > (snippet
> > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > new file mode 100644
> > index 000000000..a44a3bce4
> > --- /dev/null
> > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > @@ -0,0 +1,13 @@
> > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> > +index 43feb76..33a49b8 100644
> > +--- a/content/public/common/content_features.cc
> > ++++ b/content/public/common/content_features.cc
> > +@@ -308,7 +308,7 @@
> > +
> > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > +- base::FEATURE_ENABLED_BY_DEFAULT};
> > ++ base::FEATURE_DISABLED_BY_DEFAULT};
> > +
> > + // An experiment to require process isolation for the sign-in origin,
> > + // https://accounts.google.com. Launch bug: https://crbug.com/739418.
> > --
> > 2.15.1
> >
>
>
>
>
> --
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
--
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
[chromium.fail (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 14 Jan 2018 11:11:01 GMT) Full text and rfc822 format available.Message #101 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 14 Jan 2018 12:10:21 +0000
[Message part 1 (text/plain, inline)]
ng0 transcribed 14K bytes:
> ng0 transcribed 5.6K bytes:
> > I just got a bug report for the build via:
> >
> > guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
> > guix package --install chromium
> >
> > Failing with the attached build log excerpt. We are not FreeBSD, but I found
> > this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> > Maybe it helps to debug this, or maybe you've encountered this before.
> >
> > I myself have been able to build this without issues on two systems.
> >
> > All mentioned systems are GuixSD.
> >
>
> this time with attached file.
My guess was "low on RAM or swap", as it turns out this was right. With more
RAM and/or swap space it builds.
> > This should be a blocker, but maybe a head-up in potential build issues.
> > Marius Bakke transcribed 4.5K bytes:
> > > ng0 <ng0 <at> n0.is> writes:
> > >
> > > > Many thanks for your ongoing work with this (and the patience :))
> > > > As this is 63, you you are keeping track of Debian, right? I tried
> > > > to package 64 a couple of days ago because I wanted the workaround
> > > > for some of the recent security clusterfucks, but Debian is still
> > > > on 63 :/
> > > > I hope they'll update their patchset soon.
> > >
> > > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > > though the latest version was released after the fact.
> > >
> > > https://xlab.tencent.com/special/spectre/spectre_check.html
> > >
> > > For reasons that beat me, they only added it to the proprietary Chrome
> > > browser, which follows the same version number as Chromium.
> > >
> > > The attached patch adds Spectre mitigation to the current Chromium
> > > release. The patch was pulled from the Chrome 64 branch:
> > >
> >
> > > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > > From: Marius Bakke <mbakke <at> fastmail.com>
> > > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> > >
> > > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > > * gnu/local.mk (dist_patch_DATA): Register it.
> > > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > > ---
> > > gnu/local.mk | 1 +
> > > gnu/packages/chromium.scm | 3 ++-
> > > gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> > > 3 files changed, 16 insertions(+), 1 deletion(-)
> > > create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> > >
> > > diff --git a/gnu/local.mk b/gnu/local.mk
> > > index 513f64043..89dab227c 100644
> > > --- a/gnu/local.mk
> > > +++ b/gnu/local.mk
> > > @@ -575,6 +575,7 @@ dist_patch_DATA = \
> > > %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> > > %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> > > %D%/packages/patches/chmlib-inttypes.patch \
> > > + %D%/packages/patches/chromium-spectre-mitigation.patch \
> > > %D%/packages/patches/clang-libc-search-path.patch \
> > > %D%/packages/patches/clang-3.8-libc-search-path.patch \
> > > %D%/packages/patches/clementine-use-openssl.patch \
> > > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > > index dd040527b..1e9dba42e 100644
> > > --- a/gnu/packages/chromium.scm
> > > +++ b/gnu/packages/chromium.scm
> > > @@ -240,7 +240,8 @@
> > > %chromium-system-icu.patch
> > > %chromium-system-nspr.patch
> > > %chromium-system-libevent.patch
> > > - %chromium-disable-api-keys-warning.patch))
> > > + %chromium-disable-api-keys-warning.patch
> > > + (search-patch "chromium-spectre-mitigation.patch")))
> > > (modules '((srfi srfi-1)
> > > (guix build utils)))
> > > (snippet
> > > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > > new file mode 100644
> > > index 000000000..a44a3bce4
> > > --- /dev/null
> > > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > > @@ -0,0 +1,13 @@
> > > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> > > +index 43feb76..33a49b8 100644
> > > +--- a/content/public/common/content_features.cc
> > > ++++ b/content/public/common/content_features.cc
> > > +@@ -308,7 +308,7 @@
> > > +
> > > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > > +- base::FEATURE_ENABLED_BY_DEFAULT};
> > > ++ base::FEATURE_DISABLED_BY_DEFAULT};
> > > +
> > > + // An experiment to require process isolation for the sign-in origin,
> > > + // https://accounts.google.com. Launch bug: https://crbug.com/739418.
> > > --
> > > 2.15.1
> > >
> >
> >
> >
> >
> > --
> > ng0 :: https://ea.n0.is
> > A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
>
>
>
> --
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
> [19248/23429] CXX obj/content/browser/browser/web_bluetooth_service_impl.o
> FAILED: obj/content/browser/browser/web_bluetooth_service_impl.o
> g++ -MMD -MF obj/content/browser/browser/web_bluetooth_service_impl.o.d -DENABLE_SCREEN_CAPTURE=1 -DV8_DEPRECATION_WARNINGS
> -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DNO_TCMALLOC -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD
> -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
> -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0
> -DCONTENT_IMPLEMENTATION -DV8_USE_EXTERNAL_STARTUP_DATA
> -DATK_LIB_DIR=\"/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/lib\" -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32
> -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DGL_GLEXT_PROTOTYPES -DUSE_GLX -DUSE_EGL -DGOOGLE_PROTOBUF_NO_RTTI
> -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC
> -DUCHAR_TYPE=uint16_t -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_HAS_JPEG_LIBRARY
> -DSK_SUPPORT_GPU=1 -DLEVELDB_PLATFORM_CHROMIUM=1 -DWEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS=0 -DFEATURE_ENABLE_VOICEMAIL
> -DGTEST_RELATIVE_PATH -DWEBRTC_CHROMIUM_BUILD -DWEBRTC_POSIX -DWEBRTC_LINUX -DWTF_USE_WEBAUDIO_FFMPEG=1
> -DWTF_USE_DEFAULT_RENDER_THEME=1 -DUSE_SYSTEM_ZLIB=1 -DNO_MAIN_THREAD_WRAPPING -I../.. -Igen
> -I/gnu/store/nniszqyslmgllha2cyi9g3pfsmm6sg16-atk-2.24.0/include/atk-1.0
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include
> -I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/include/glib-2.0
> -I/gnu/store/azbfh3i72lbaqvhgg5m7p6ymmqq0ii6q-glib-2.52.3/lib/glib-2.0/include
> -I/gnu/store/3k1y78v6nxjvmivnri5j46wai6ppvyz0-harfbuzz-1.5.1/include/harfbuzz
> -I/gnu/store/b9ww6qv1ii9v6n45kin7543vkf6jfnd3-libpng-1.6.29/include/libpng16
> -I/gnu/store/4b9y9f5fvghk2vmwpbgzncal7z3r4n5y-pango-1.40.12/include/pango-1.0
> -I/gnu/store/c4vl4hw5jccg0b23sfvs0kdnfdbxdlgm-cairo-1.14.10/include/cairo
> -I/gnu/store/w8kii3hjvmh50yxs52gkdywkq9jc7s19-pixman-0.34.0/include/pixman-1 -Igen/shim_headers/libevent_shim
> -Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/re2_shim -Igen/shim_headers/libpng_shim
> -Igen/shim_headers/zlib_shim -Igen/shim_headers/libdrm_shim -I../../third_party/khronos -I../../gpu
> -Igen/shim_headers/ffmpeg_shim -Igen/shim_headers/libvpx_shim -Igen/shim_headers/opus_shim -Igen/shim_headers/snappy_shim
> -Igen/shim_headers/openh264_shim -Igen/shim_headers/minizip_shim -Igen/shim_headers/flac_shim -I../../third_party/protobuf/src
> -I../../third_party/ced/src -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c
> -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects
> -I../../third_party/skia/include/encode -I../../third_party/skia/include/gpu -I../../third_party/skia/include/images
> -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf
> -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils
> -I../../third_party/skia/third_party/vulkan -I../../third_party/skia/src/gpu -I../../third_party/skia/src/sksl
> -I../../third_party/leveldatabase -I../../third_party/leveldatabase/src -I../../third_party/leveldatabase/src/include
> -I../../third_party/webrtc_overrides -I../../testing/gtest/include -I../../third_party/webrtc
> -I../../third_party/webrtc_overrides -I../../third_party/webrtc -I../../third_party/protobuf/src -Igen/protoc_out
> -Igen/components/metrics/proto -I../../third_party/boringssl/src/include
> -I/gnu/store/yk0bk0y3dvz2pa3f56knjhdby16fb62s-nss-3.34/include/nss
> -I/gnu/store/544jcd4141xgg72dk5xxbs4zjzvxvvxi-nspr-4.17/include/nspr -I../../third_party/libwebm/source -Igen
> -I../../third_party/WebKit -Igen/third_party/WebKit -I../../v8/include -Igen/v8/include -I../../third_party/mesa/src/include
> -I../../third_party/WebKit/Source -I../../third_party/WebKit -Igen/blink -Igen/third_party/WebKit
> -I../../third_party/angle/src/common/third_party/base -Igen/angle -I../../third_party/brotli/include
> -I../../third_party/libyuv/include -I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/include/dbus-1.0
> -I/gnu/store/xr0zjan791j0pgvcs770m59za9bsjsr6-dbus-1.10.22/lib/dbus-1.0/include -fno-strict-aliasing --param=ssp-buffer-size=4
> -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread
> -m64 -march=x86-64 -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-missing-field-initializers
> -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -fomit-frame-pointer -g0 -fvisibility=hidden
> -Wno-unused-local-typedef -Wno-unused-function -std=gnu++14 -Wno-narrowing -fno-rtti -fno-exceptions -fvisibility-inlines-hidden
> -c ../../content/browser/bluetooth/web_bluetooth_service_impl.cc -o obj/content/browser/browser/web_bluetooth_service_impl.o
> g++: internal compiler error: Killed (program cc1plus)
> Please submit a full bug report,
> with preprocessed source if appropriate.
> See <http://gcc.gnu.org/bugs.html> for instructions.
> [19249/23429] CXX obj/content/browser/browser/render_frame_host_factory.o
> In file included from ../../content/browser/frame_host/frame_tree_node.h:18:0,
> from ../../content/browser/frame_host/render_frame_host_factory.cc:9:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
> // / | \
> ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
> // / / \ \
> ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> [19250/23429] CXX obj/content/browser/browser/render_frame_host_manager.o
> In file included from ../../content/browser/frame_host/render_frame_host_manager.h:19:0,
> from ../../content/browser/frame_host/render_frame_host_manager.cc:5:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
> // / | \
> ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
> // / / \ \
> ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> [19251/23429] CXX obj/content/browser/browser/render_frame_host_impl.o
> In file included from ../../content/browser/frame_host/render_frame_host_impl.cc:5:0:
> ../../content/browser/frame_host/render_frame_host_impl.h:1001:3: warning: multi-line comment [-Wcomment]
> // / | \
> ^
> ../../content/browser/frame_host/render_frame_host_impl.h:1003:3: warning: multi-line comment [-Wcomment]
> // / / \ \
> ^
> cc1plus: warning: unrecognized command line option ‘-Wno-unused-local-typedef’
> ninja: build stopped: subcommand failed.
> phase `build' failed after 16570.6 seconds
> builder for `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed with exit code 1
> guix package: error: build failed: build of `/gnu/store/9ws2gavs5bjlrfimhdi10pssvy7hwnwl-chromium-63.0.3239.132.drv' failed
--
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 14:19:02 GMT) Full text and rfc822 format available.Message #104 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 15:18:16 +0100
Hi Marius, Marius Bakke <mbakke <at> fastmail.com> skribis: > The attached patch adds Spectre mitigation to the current Chromium > release. The patch was pulled from the Chrome 64 branch: > > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001 > From: Marius Bakke <mbakke <at> fastmail.com> > Date: Thu, 11 Jan 2018 14:36:47 +0100 > Subject: [PATCH] gnu: chromium: Add spectre mitigation. > > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/chromium.scm (chromium)[source]: Use it. I didn’t really follow the whole discussion :-), but if what you have is now OK from the freedom and security viewpoints (including bundling), perhaps you can go ahead? Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 19:02:01 GMT) Full text and rfc822 format available.Message #107 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 20:01:34 +0100
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes: > Hi Marius, > > Marius Bakke <mbakke <at> fastmail.com> skribis: > >> The attached patch adds Spectre mitigation to the current Chromium >> release. The patch was pulled from the Chrome 64 branch: >> >> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001 >> From: Marius Bakke <mbakke <at> fastmail.com> >> Date: Thu, 11 Jan 2018 14:36:47 +0100 >> Subject: [PATCH] gnu: chromium: Add spectre mitigation. >> >> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Register it. >> * gnu/packages/chromium.scm (chromium)[source]: Use it. > > I didn’t really follow the whole discussion :-), but if what you have is > now OK from the freedom and security viewpoints (including bundling), > perhaps you can go ahead? I believe this is pretty much ready. However Chromium 64 is due in one week, so I'll wait for that. Meanwhile I'll try to get rid of the default "most used" sites which links to the nonfree Web Store. Not sure what to put in the description. Can I hire Tobias for this? :P If there are no objections, expect to see this in 'master' in 1-2 weeks.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 19:05:02 GMT) Full text and rfc822 format available.Message #110 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 20:04:21 +0000
[Message part 1 (text/plain, inline)]
Ludovic Courtès transcribed 0.8K bytes: > Hi Marius, > > Marius Bakke <mbakke <at> fastmail.com> skribis: > > > The attached patch adds Spectre mitigation to the current Chromium > > release. The patch was pulled from the Chrome 64 branch: > > > > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001 > > From: Marius Bakke <mbakke <at> fastmail.com> > > Date: Thu, 11 Jan 2018 14:36:47 +0100 > > Subject: [PATCH] gnu: chromium: Add spectre mitigation. > > > > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Register it. > > * gnu/packages/chromium.scm (chromium)[source]: Use it. > > I didn’t really follow the whole discussion :-), but if what you have is > now OK from the freedom and security viewpoints (including bundling), > perhaps you can go ahead? > > Ludo’. > From a usability point of view it's definitely okay, I've been using this for a while now, no crashes so far. Coming up with a way to define extensions is just a matter of placing the Lego blocks in the right position. Gentoo and other systems (maybe Nix) offer insights. I'd say to get to a PoC package for an easy extension, under the assumption that the general integration works, it could be done in a couple of working weekends. -- ng0 :: https://ea.n0.is A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 19:07:01 GMT) Full text and rfc822 format available.Message #113 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: mbakke <at> fastmail.com, ludo <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 20:09:41 +0100
[Message part 1 (text/plain, inline)]
Marius! Marius Bakke wrote on 16/01/18 at 20:01: > Not sure what to put in the description. Can I hire Tobias for this? :P You probably don't want me writing what I think of Chromium. Kind regards, T G-R
[signature.asc (application/pgp-signature, attachment)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 19:23:01 GMT) Full text and rfc822 format available.Message #116 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Tobias Geerinckx-Rice <me <at> tobias.gr>, ludo <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 20:22:32 +0100
[Message part 1 (text/plain, inline)]
Tobias Geerinckx-Rice <me <at> tobias.gr> writes: > Marius! > > Marius Bakke wrote on 16/01/18 at 20:01: >> Not sure what to put in the description. Can I hire Tobias for this? :P > > You probably don't want me writing what I think of Chromium. LOL, fair enough. I tend to assume zero-knowledge when writing descriptions and have been playing on spins of "Chromium is a browser designed to spy on the user", but carrying software with that description does not reflect very well on us...besides, I've gone great lengths to remove those antifeatures. I'd like to make it very clear that users concerned about privacy should prefer GNU IceCat though... Suggestions welcome. :-)
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 16 Jan 2018 20:42:01 GMT) Full text and rfc822 format available.Message #119 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ludo <at> gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#28004] Chromium Date: Tue, 16 Jan 2018 12:41:15 -0800
[Message part 1 (text/plain, inline)]
On Tue, Jan 16, 2018 at 08:22:32PM +0100, Marius Bakke wrote: > Tobias Geerinckx-Rice <me <at> tobias.gr> writes: > > Marius Bakke wrote on 16/01/18 at 20:01: > >> Not sure what to put in the description. Can I hire Tobias for this? :P > > > > You probably don't want me writing what I think of Chromium. > > LOL, fair enough. > > I tend to assume zero-knowledge when writing descriptions and have been > playing on spins of "Chromium is a browser designed to spy on the user", > but carrying software with that description does not reflect very well > on us...besides, I've gone great lengths to remove those antifeatures. > > I'd like to make it very clear that users concerned about privacy should > prefer GNU IceCat though... Suggestions welcome. :-) The Synopses and Descriptions section of the manual says "Please avoid marketing phrases" and "try to be factual, mentioning use cases and features". I think we should also avoid "anti-marketing" language. Why not keep it simple and say something like this: "Chromium is a graphical web browser. This package omits the FOO, BAR, and BAZ features in order to help protect the user's privacy." The IceCat description is similarly terse.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 17 Jan 2018 08:54:02 GMT) Full text and rfc822 format available.Message #122 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name> Subject: Re: [bug#28004] Chromium Date: Wed, 17 Jan 2018 09:53:17 +0100
Hello, Marius Bakke <mbakke <at> fastmail.com> skribis: > I believe this is pretty much ready. However Chromium 64 is due in one > week, so I'll wait for that. Meanwhile I'll try to get rid of the > default "most used" sites which links to the nonfree Web Store. Oh yes, we should definitely do that. > Not sure what to put in the description. Can I hire Tobias for this? :P > > If there are no objections, expect to see this in 'master' in 1-2 weeks. Sounds good. Quite an achievement! Thanks, Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 17 Jan 2018 14:56:01 GMT) Full text and rfc822 format available.Message #125 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Mike Gerwitz <mtg <at> gnu.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Wed, 17 Jan 2018 09:55:16 -0500
[Message part 1 (text/plain, inline)]
On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > If there are no objections, expect to see this in 'master' in 1-2 weeks. I want to express gratitude for your hard work on this---given that IceCat does not contain many of the FF devtool updates, Chromium is very desirable for web development. It's also needed for certain Node.js tools, like node-inspector. So, thank you! -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 18:19:01 GMT) Full text and rfc822 format available.Message #128 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Mike Gerwitz <mtg <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 19:18:39 +0100
[Message part 1 (text/plain, inline)]
Mike Gerwitz <mtg <at> gnu.org> writes: > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: >> If there are no objections, expect to see this in 'master' in 1-2 weeks. > > I want to express gratitude for your hard work on this---given that > IceCat does not contain many of the FF devtool updates, Chromium is very > desirable for web development. It's also needed for certain Node.js > tools, like node-inspector. > > So, thank you! Thank *you* for the kind words! :-) Here is the latest iteration of this patch. New in this version: * Chromium 64 (duh). * The 'delete-bundled-software' phase has been moved to a snippet, shaving ~100MiB (~22%) off the compressed tarball size (and drastically reduces (de)compression time). * The New Tab page does not show any thumbnails for new profiles. I've also added more comments about the patches and other flags. Now, when launching the browser for the first time, it *still* connects to Google services. After a while it also does a lookup for AdWords... However subsequent launches are "silent" as long as the Web Store is disabled and "--disable-background-networking" is passed, like the wrapper script does. Incidentally, now that IceCat supports WebRTC (and somehow plugged the IP address leak[0]!), I no longer *need* this package. However, having multiple high quality browsers at hand is a huge advantage IMO, so I'd still like to have it in Guix. What do y'all think? Feedback on the snippet and description very welcome. [0] https://en.wikipedia.org/wiki/WebRTC#Concerns
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 18:20:02 GMT) Full text and rfc822 format available.Message #131 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: 28004 <at> debbugs.gnu.org Cc: Marius Bakke <mbakke <at> fastmail.com> Subject: [PATCH] gnu: Add chromium. Date: Mon, 26 Feb 2018 19:19:14 +0100
* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-gcc.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
gnu/local.mk | 3 +
gnu/packages/chromium.scm | 756 +++++++++++++++++++++
gnu/packages/patches/chromium-gcc5.patch | 39 ++
.../patches/chromium-remove-default-history.patch | 13 +
4 files changed, 811 insertions(+)
create mode 100644 gnu/packages/chromium.scm
create mode 100644 gnu/packages/patches/chromium-gcc5.patch
create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index fa98810d6..fb1320f7b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/check.scm \
%D%/packages/chemistry.scm \
%D%/packages/chez.scm \
+ %D%/packages/chromium.scm \
%D%/packages/ci.scm \
%D%/packages/cinnamon.scm \
%D%/packages/cmake.scm \
@@ -581,6 +582,8 @@ dist_patch_DATA = \
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
%D%/packages/patches/chmlib-inttypes.patch \
+ %D%/packages/patches/chromium-gcc5.patch \
+ %D%/packages/patches/chromium-remove-default-history.patch \
%D%/packages/patches/clang-libc-search-path.patch \
%D%/packages/patches/clang-3.8-libc-search-path.patch \
%D%/packages/patches/clang-runtime-asan-build-fixes.patch \
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..1dd77b089
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,756 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bison)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages ghostscript)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages gperf)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages libusb)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages ninja)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages photo)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages protobuf)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages python-web)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages serialization)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages tls)
+ #:use-module (gnu packages valgrind)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xml)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+ "Return everything after the last '/' in PATHSPEC."
+ (let ((index (string-rindex pathspec #\/)))
+ (if index
+ (string-drop pathspec (+ 1 index))
+ pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+ (let ((patch-name (strip-directory-prefix pathspec)))
+ (if (string-prefix? "chromium-" patch-name)
+ patch-name
+ (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+ "/plain/debian/patches/" pathspec "?id=" revision))
+ (sha256 (base32 hash))
+ (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+ "/chromium/files/" pathspec "?id=" revision))
+ (sha256 (base32 hash))
+ (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+ revision "/" pathspec))
+ (sha256 (base32 hash))
+ (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+ revision "/pkgs/applications/networking/browsers"
+ "/chromium/patches/" pathspec))
+ (sha256 (base32 hash))
+ (file-name (chromium-patch-file-name pathspec))))
+
+;; Fix build for older versions of GCC.
+(define %chromium-angle-gcc-compat.patch
+ (gentoo-patch "chromium-angle-r0.patch"
+ "08971011b4d6fa37aa906920fba7564e48b9e60b"
+ "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
+
+;; https://webrtc-review.googlesource.com/9384
+(define %chromium-webrtc-gcc-compat.patch
+ (gentoo-patch "chromium-webrtc-r0.patch"
+ "08971011b4d6fa37aa906920fba7564e48b9e60b"
+ "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
+
+;; https://chromium-review.googlesource.com/813737
+(define %chromium-memcpy.patch
+ (gentoo-patch "chromium-memcpy-r0.patch"
+ "08971011b4d6fa37aa906920fba7564e48b9e60b"
+ "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
+
+(define %chromium-system-nspr.patch
+ (debian-patch "system/nspr.patch"
+ "debian/64.0.3282.119-2"
+ "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
+
+(define %chromium-system-libevent.patch
+ (debian-patch "system/event.patch"
+ "debian/64.0.3282.119-2"
+ "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
+
+(define %chromium-system-icu.patch
+ (debian-patch "system/icu.patch"
+ "debian/64.0.3282.119-2"
+ "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+ (debian-patch "disable/google-api-warning.patch"
+ "debian/64.0.3282.119-2"
+ "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+ (inox-patch "0011-add-duckduckgo-search-engine.patch"
+ "d655594419af6b82a2a070e4d3eedd926a04fa79"
+ "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+ (inox-patch "0018-disable-first-run-behaviour.patch"
+ "d655594419af6b82a2a070e4d3eedd926a04fa79"
+ "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+ (inox-patch "0006-modify-default-prefs.patch"
+ "d655594419af6b82a2a070e4d3eedd926a04fa79"
+ "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+ (inox-patch "0008-restore-classic-ntp.patch"
+ "d655594419af6b82a2a070e4d3eedd926a04fa79"
+ "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
+
+(define opus+custom
+ (package (inherit opus)
+ (name "opus+custom")
+ (arguments
+ `(;; Opus Custom is an optional extension of the Opus
+ ;; specification that allows for unsupported frame
+ ;; sizes. Chromium requires that this is enabled.
+ #:configure-flags '("--enable-custom-modes")
+ ,@(package-arguments opus)))))
+
+(define libvpx+experimental
+ (package
+ (inherit libvpx)
+ (name "libvpx+experimental")
+ (arguments
+ `(,@(substitute-keyword-arguments (package-arguments libvpx)
+ ((#:configure-flags flags ''())
+ ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
+ `(cons* "--enable-experimental" "--enable-spatial-svc"
+ ,flags)))))))
+
+(define-public chromium
+ (package
+ (name "chromium")
+ (version "64.0.3282.186")
+ (synopsis "Graphical web browser")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://commondatastorage.googleapis.com/"
+ "chromium-browser-official/chromium-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
+ (patches (list %chromium-duckduckgo.patch
+ %chromium-default-preferences.patch
+ %chromium-first-run.patch
+ %chromium-restore-classic-ntp.patch
+ %chromium-angle-gcc-compat.patch
+ %chromium-webrtc-gcc-compat.patch
+ %chromium-memcpy.patch
+ %chromium-system-icu.patch
+ %chromium-system-nspr.patch
+ %chromium-system-libevent.patch
+ %chromium-disable-api-keys-warning.patch
+ (search-patch "chromium-gcc5.patch")
+ (search-patch "chromium-remove-default-history.patch")))
+ (modules '((srfi srfi-1)
+ (ice-9 ftw)
+ (ice-9 regex)
+ (guix build utils)))
+ (snippet
+ '(begin
+ (let ((preserved-files
+ (map
+ (lambda (path) (string-append "./" path))
+ (list
+ "base/third_party/dmg_fp"
+ "base/third_party/dynamic_annotations"
+ "base/third_party/icu"
+ "base/third_party/libevent"
+ "base/third_party/nspr"
+ "base/third_party/superfasthash"
+ "base/third_party/symbolize" ;glog
+ "base/third_party/xdg_mime"
+ "base/third_party/xdg_user_dirs"
+ "buildtools/third_party/libc++"
+ "chrome/third_party/mozilla_security_manager"
+ "courgette/third_party"
+ "net/third_party/mozilla_security_manager"
+ "net/third_party/nss"
+ "third_party/adobe/flash/flapper_version.h"
+ ;; FIXME: This is used in:
+ ;; * ui/webui/resources/js/analytics.js
+ ;; * ui/file_manager/
+ "third_party/analytics"
+ "third_party/angle"
+ "third_party/angle/src/common/third_party/base"
+ "third_party/angle/src/common/third_party/smhasher"
+ "third_party/angle/src/third_party/compiler"
+ "third_party/angle/src/third_party/libXNVCtrl"
+ "third_party/angle/src/third_party/trace_event"
+ "third_party/blink"
+ "third_party/boringssl"
+ "third_party/boringssl/src/third_party/fiat"
+ "third_party/breakpad"
+ "third_party/brotli"
+ "third_party/cacheinvalidation"
+ "third_party/catapult"
+ "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+ "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+ "third_party/catapult/third_party/polymer"
+ "third_party/catapult/tracing/third_party/d3"
+ "third_party/catapult/tracing/third_party/gl-matrix"
+ "third_party/catapult/tracing/third_party/jszip"
+ "third_party/catapult/tracing/third_party/mannwhitneyu"
+ "third_party/catapult/tracing/third_party/oboe"
+ "third_party/catapult/tracing/third_party/pako"
+ "third_party/ced"
+ "third_party/cld_3"
+ "third_party/crc32c"
+ "third_party/cros_system_api"
+ "third_party/dom_distiller_js"
+ "third_party/fips181"
+ "third_party/flatbuffers"
+ ;; PDFium requires a private freetype API.
+ ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
+ "third_party/freetype/src/src/psnames/pstables.h"
+ "third_party/glslang-angle"
+ "third_party/google_input_tools"
+ "third_party/google_input_tools/third_party/closure_library"
+ (string-append "third_party/google_input_tools/third_party"
+ "/closure_library/third_party/closure")
+ "third_party/googletest"
+ "third_party/harfbuzz-ng"
+ "third_party/hunspell"
+ "third_party/iccjpeg"
+ "third_party/inspector_protocol"
+ "third_party/jinja2"
+ "third_party/jstemplate"
+ "third_party/khronos"
+ "third_party/leveldatabase"
+ "third_party/libXNVCtrl"
+ "third_party/libaddressinput"
+ "third_party/libjingle_xmpp"
+ "third_party/libphonenumber"
+ "third_party/libsecret" ;FIXME: needs pkg-config support.
+ "third_party/libsrtp" ;TODO: Requires libsrtp <at> 2.
+ "third_party/libudev"
+ "third_party/libwebm"
+ "third_party/libxml"
+ "third_party/libyuv"
+ "third_party/lss"
+ "third_party/lzma_sdk"
+ "third_party/markupsafe"
+ "third_party/mesa"
+ "third_party/metrics_proto"
+ "third_party/modp_b64"
+ "third_party/mt19937ar"
+ "third_party/node"
+ (string-append "third_party/node/node_modules/"
+ "polymer-bundler/lib/third_party/UglifyJS2")
+ "third_party/openmax_dl"
+ "third_party/ots"
+ "third_party/pdfium"
+ "third_party/pdfium/third_party"
+ "third_party/ply"
+ "third_party/polymer"
+ "third_party/protobuf"
+ "third_party/protobuf/third_party/six"
+ "third_party/qcms"
+ "third_party/sfntly"
+ "third_party/skia"
+ "third_party/skia/third_party/vulkan"
+ "third_party/skia/third_party/gif"
+ "third_party/smhasher"
+ "third_party/speech-dispatcher"
+ "third_party/spirv-headers"
+ "third_party/spirv-tools-angle"
+ "third_party/sqlite"
+ "third_party/swiftshader"
+ "third_party/swiftshader/third_party"
+ "third_party/usb_ids"
+ "third_party/usrsctp"
+ "third_party/vulkan"
+ "third_party/vulkan-validation-layers"
+ "third_party/WebKit"
+ "third_party/web-animations-js"
+ "third_party/webrtc"
+ "third_party/webrtc_overrides"
+ "third_party/widevine/cdm/widevine_cdm_version.h"
+ "third_party/widevine/cdm/widevine_cdm_common.h"
+ "third_party/woff2"
+ "third_party/xdg-utils"
+ "third_party/yasm/run_yasm.py"
+ "third_party/zlib/google"
+ "url/third_party/mozilla"
+ "v8/src/third_party/valgrind"
+ "v8/third_party/inspector_protocol"))))
+
+ ;; This is an implementation of
+ ;; "build/linux/unbundle/remove_bundled_libraries.py".
+ ;; It traverses any "third_party" directory and deletes
+ ;; files that are:
+ ;; * not ending with ".gn" or ".gni"; or
+ ;; * not explicitly named as argument (folder or file).
+ ;; TODO: Remove empty directories.
+ (define (delete-files-except exceptions dir)
+
+ (define (enter? name stat result)
+ (not (member name exceptions)))
+
+ (define (leaf name stat result)
+ (let ((protected-files (make-regexp "\\.(gn|gyp)i?$"
+ regexp/icase)))
+ (unless (or (member name exceptions)
+ (regexp-exec protected-files name))
+ (delete-file name))))
+
+ (file-system-fold enter?
+ leaf
+ (lambda (dir stat result) result) ;down
+ (lambda (dir stat result) result) ;up
+ (lambda (dir stat result) result) ;skip
+ (lambda (dir stat result) result) ;error
+ #t
+ dir))
+
+ (for-each (lambda (third-party)
+ (delete-files-except preserved-files
+ third-party))
+ (find-files "." "^third_party$" #:directories? #t))
+
+ ;; Replace GN files from third_party with shims for building
+ ;; against system libraries. Keep this list in sync with
+ ;; "build/linux/unbundle/replace_gn_files.py".
+ (for-each (lambda (pair)
+ (let ((source (string-append
+ "build/linux/unbundle/" (car pair)))
+ (dest (cdr pair)))
+ (copy-file source dest)))
+ (list
+ '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+ '("flac.gn" . "third_party/flac/BUILD.gn")
+ '("freetype.gn" . "third_party/freetype/BUILD.gn")
+ ;; FIXME: This is no longer supported since 63.
+ ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+ '("icu.gn" . "third_party/icu/BUILD.gn")
+ '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+ '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+ '("libjpeg.gn" .
+ "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+ '("libpng.gn" . "third_party/libpng/BUILD.gn")
+ '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+ '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+ '("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
+ '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+ '("openh264.gn" . "third_party/openh264/BUILD.gn")
+ '("opus.gn" . "third_party/opus/BUILD.gn")
+ '("re2.gn" . "third_party/re2/BUILD.gn")
+ '("snappy.gn" . "third_party/snappy/BUILD.gn")
+ '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+ '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+ #t)))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f
+ ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+ ;; it's not recognized when passed.
+ #:validate-runpath? #f
+ #:modules ((srfi srfi-26)
+ (ice-9 ftw)
+ (ice-9 regex)
+ (guix build gnu-build-system)
+ (guix build utils))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-stuff
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "printing/cups_config_helper.py"
+ (("cups_config =.*")
+ (string-append "cups_config = '" (assoc-ref inputs "cups")
+ "/bin/cups-config'\n")))
+
+ (substitute*
+ '("base/process/launch_posix.cc"
+ "base/third_party/dynamic_annotations/dynamic_annotations.c"
+ "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+ "sandbox/linux/services/credentials.cc"
+ "sandbox/linux/services/namespace_utils.cc"
+ "sandbox/linux/services/syscall_wrappers.cc"
+ "sandbox/linux/syscall_broker/broker_host.cc")
+ (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+ (for-each (lambda (file)
+ (substitute* file
+ ;; Fix opus include path.
+ ;; Do not substitute opus_private.h.
+ (("#include \"opus\\.h\"")
+ "#include \"opus/opus.h\"")
+ (("#include \"opus_custom\\.h\"")
+ "#include \"opus/opus_custom.h\"")
+ (("#include \"opus_defines\\.h\"")
+ "#include \"opus/opus_defines.h\"")
+ (("#include \"opus_multistream\\.h\"")
+ "#include \"opus/opus_multistream.h\"")
+ (("#include \"opus_types\\.h\"")
+ "#include \"opus/opus_types.h\"")))
+ (append (find-files "third_party/opus/src/celt")
+ (find-files "third_party/opus/src/src")
+ (find-files (string-append "third_party/webrtc/modules"
+ "/audio_coding/codecs/opus"))))
+
+ (substitute* "chrome/common/chrome_paths.cc"
+ (("/usr/share/chromium/extensions")
+ ;; TODO: Add ~/.guix-profile.
+ "/run/current-system/profile/share/chromium/extensions"))
+
+ (substitute*
+ "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+ (("include \"third_party/curl") "include \"curl"))
+ (substitute* "media/base/decode_capabilities.cc"
+ (("third_party/libvpx/source/libvpx/") ""))
+
+ ;; We don't cross compile most packages, so get rid of the
+ ;; unnecessary ARCH-linux-gnu* prefix.
+ (substitute* "build/toolchain/linux/BUILD.gn"
+ (("aarch64-linux-gnu-") "")
+ (("arm-linux-gnueabihf-") ""))
+ #t))
+ (replace 'configure
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((gn-flags
+ (list
+ ;; See tools/gn/docs/cookbook.md and
+ ;; https://www.chromium.org/developers/gn-build-configuration
+ ;; for usage. Run "./gn args . --list" in the Release
+ ;; directory for an exhaustive list of supported flags.
+ "is_debug=false"
+ "is_official_build=false"
+ "is_clang=false"
+ "use_gold=false"
+ "use_lld=false"
+ "linux_use_bundled_binutils=false"
+ "use_custom_libcxx=false"
+ "use_sysroot=false"
+ "goma_dir=\"\""
+ "enable_precompiled_headers=false"
+ "enable_nacl=false"
+ "enable_nacl_nonsfi=false"
+ "use_allocator=\"none\"" ;don't use tcmalloc
+ "override_build_date=\"01 01 2000 05:00:00\""
+ "use_unofficial_version_number=false"
+ ;; Optimize for building everything at once, as opposed
+ ;; to incrementally for development. See "docs/jumbo.md".
+ ;; XXX: On some systems this may trigger a compiler error.
+ ;;"use_jumbo_build=true"
+ ;; Disable debugging features to save space.
+ "remove_webcore_debug_symbols=true"
+ "enable_iterator_debugging=false"
+ ;; Some of the unbundled libraries throws deprecation
+ ;; warnings, etc. Ignore it.
+ "treat_warnings_as_errors=false"
+ ;; Don't add any API keys. End users can set them in the
+ ;; environment if desired. See
+ ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+ "use_official_google_api_keys=false"
+ ;; Disable "field trials".
+ "fieldtrial_testing_like_official_build=true"
+
+ "use_system_freetype=true"
+ "use_system_harfbuzz=true"
+ "use_system_libjpeg=true"
+ "use_system_lcms2=true"
+ "use_system_zlib=true"
+ ;; This is currently not supported on Linux:
+ ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+ ;;"use_system_sqlite=true"
+
+ "use_gconf=false" ;deprecated by gsettings
+ "use_gnome_keyring=false" ;deprecated by libsecret
+ "use_gtk3=true"
+ "use_openh264=true"
+ "use_xkbcommon=true"
+ "link_pulseaudio=true"
+
+ ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+ "proprietary_codecs=true"
+ "ffmpeg_branding=\"Chrome\""
+
+ ;; WebRTC stuff.
+ "rtc_use_h264=true"
+ ;; Don't use bundled sources.
+ "rtc_build_json=false"
+ "rtc_build_libevent=false"
+ "rtc_build_libvpx=false"
+ "rtc_build_opus=false"
+ "rtc_build_ssl=false"
+ ;; TODO: Package these.
+ "rtc_build_libsrtp=true" ;2.0
+ "rtc_build_libyuv=true"
+ "rtc_build_openmax_dl=true"
+ "rtc_build_usrsctp=true"
+ (string-append "rtc_jsoncpp_root=\""
+ (assoc-ref inputs "jsoncpp")
+ "/include/jsoncpp/json\"")
+ (string-append "rtc_ssl_root=\""
+ (assoc-ref inputs "openssl")
+ "/include/openssl\""))))
+
+ ;; XXX: How portable is this.
+ (mkdir-p "third_party/node/linux/node-linux-x64")
+ (symlink (string-append (assoc-ref inputs "node") "/bin")
+ "third_party/node/linux/node-linux-x64/bin")
+
+ (setenv "CC" "gcc")
+ (setenv "CXX" "g++")
+ ;; TODO: pre-compile instead. Avoids a race condition.
+ (setenv "PYTHONDONTWRITEBYTECODE" "1")
+ (and
+ ;; Build the "gn" tool.
+ (invoke "python"
+ "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
+ ;; Generate ninja build files.
+ (invoke "./out/Release/gn" "gen" "out/Release"
+ (string-append "--args="
+ (string-join gn-flags " ")))))))
+ (replace 'build
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "ninja" "-C" "out/Release"
+ "-j" (number->string (parallel-job-count))
+ "chrome")))
+ (replace 'install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (exe (string-append bin "/chromium"))
+ (lib (string-append out "/lib"))
+ (man (string-append out "/share/man/man1"))
+ (applications (string-append out "/share/applications"))
+ (install-regexp (make-regexp "\\.(bin|pak)$"))
+ (locales (string-append lib "/locales"))
+ (resources (string-append lib "/resources"))
+ (gtk+ (assoc-ref inputs "gtk+"))
+ (mesa (assoc-ref inputs "mesa"))
+ (nss (assoc-ref inputs "nss"))
+ (udev (assoc-ref inputs "udev"))
+ (sh (which "sh")))
+
+ (substitute* '("chrome/app/resources/manpage.1.in"
+ "chrome/installer/linux/common/desktop.template")
+ (("@@MENUNAME@@") "Chromium")
+ (("@@PACKAGE@@") "chromium")
+ (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+ (mkdir-p man)
+ (copy-file "chrome/app/resources/manpage.1.in"
+ (string-append man "/chromium.1"))
+ (mkdir-p applications)
+ (copy-file "chrome/installer/linux/common/desktop.template"
+ (string-append applications "/chromium.desktop"))
+
+ (with-directory-excursion "out/Release"
+ (for-each (lambda (file)
+ (install-file file lib))
+ (scandir "." (cut regexp-exec install-regexp <>)))
+ (copy-file "chrome" (string-append lib "/chromium"))
+
+ ;; TODO: Install icons from "../../chrome/app/themes" into
+ ;; "out/share/icons/hicolor/$size".
+ (install-file
+ "product_logo_48.png"
+ (string-append out "/share/icons/48x48/chromium.png"))
+
+ (copy-recursively "locales" locales)
+ (copy-recursively "resources" resources)
+
+ (mkdir-p bin)
+ ;; Add a thin wrapper to prevent the user from inadvertently
+ ;; installing non-free software through the Web Store.
+ ;; TODO: Discover extensions from the profile and pass
+ ;; something like "--disable-extensions-except=...".
+ (call-with-output-file exe
+ (lambda (port)
+ (format port
+ "#!~a~@
+ if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+ then~@
+ CHROMIUM_FLAGS=\" \\~@
+ --disable-background-networking \\~@
+ --disable-extensions \\~@
+ \"~@
+ fi~@
+ exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+ sh (string-append lib "/chromium"))))
+ (chmod exe #o755)
+
+ (wrap-program exe
+ ;; TODO: Get these in RUNPATH.
+ `("LD_LIBRARY_PATH" ":" prefix
+ (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+ mesa "/lib:" udev "/lib")))
+ ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+ `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+ #t)))))))
+ (native-inputs
+ `(("bison" ,bison)
+ ("git" ,git) ;last_commit_position.py
+ ("gperf" ,gperf)
+ ("ninja" ,ninja)
+ ("node" ,node)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)
+ ("yasm" ,yasm)
+
+ ("python-beautifulsoup4" ,python2-beautifulsoup4)
+ ("python-html5lib" ,python2-html5lib)
+ ("python" ,python-2)))
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("atk" ,atk)
+ ("cups" ,cups)
+ ("curl" ,curl)
+ ("dbus" ,dbus)
+ ("dbus-glib" ,dbus-glib)
+ ("expat" ,expat)
+ ("flac" ,flac)
+ ("ffmpeg" ,ffmpeg)
+ ("fontconfig" ,fontconfig)
+ ("freetype" ,freetype)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("glib" ,glib)
+ ("gtk+-2" ,gtk+-2)
+ ("gtk+" ,gtk+)
+ ("harfbuzz" ,harfbuzz)
+ ("icu4c" ,icu4c)
+ ("jsoncpp" ,jsoncpp)
+ ("lcms" ,lcms)
+ ("libevent" ,libevent)
+ ("libffi" ,libffi)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ("libpng" ,libpng)
+ ("libusb" ,libusb)
+ ("libvpx" ,libvpx+experimental)
+ ("libwebp" ,libwebp)
+ ("libx11" ,libx11)
+ ("libxcb" ,libxcb)
+ ("libxcomposite" ,libxcomposite)
+ ("libxcursor" ,libxcursor)
+ ("libxdamage" ,libxdamage)
+ ("libxext" ,libxext)
+ ("libxfixes" ,libxfixes)
+ ("libxi" ,libxi)
+ ("libxkbcommon" ,libxkbcommon)
+ ("libxml2" ,libxml2)
+ ("libxrandr" ,libxrandr)
+ ("libxrender" ,libxrender)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxslt" ,libxslt)
+ ("libxtst" ,libxtst)
+ ("mesa" ,mesa)
+ ("minizip" ,minizip)
+ ("mit-krb5" ,mit-krb5)
+ ("nss" ,nss)
+ ("openh264" ,openh264)
+ ("openssl" ,openssl)
+ ("opus" ,opus+custom)
+ ("pango" ,pango)
+ ("pciutils" ,pciutils)
+ ("protobuf" ,protobuf)
+ ("pulseaudio" ,pulseaudio)
+ ("re2" ,re2)
+ ("snappy" ,snappy)
+ ("speech-dispatcher" ,speech-dispatcher)
+ ("sqlite" ,sqlite)
+ ("udev" ,eudev)
+ ("valgrind" ,valgrind)))
+ (home-page "https://www.chromium.org/")
+ (description
+ "Chromium is a web browser designed for speed and security. This
+version incorporates patches from
+@url{https://github.com/gcarq/inox-patchset,Inox} and
+@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
+ ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+ ;; components with other licenses. For full information, see chrome://credits.
+ (license (list license:bsd-3
+ license:bsd-2
+ license:expat
+ license:asl2.0
+ license:mpl2.0
+ license:public-domain
+ license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-gcc5.patch b/gnu/packages/patches/chromium-gcc5.patch
new file mode 100644
index 000000000..56b2cd6ef
--- /dev/null
+++ b/gnu/packages/patches/chromium-gcc5.patch
@@ -0,0 +1,39 @@
+Work around a GCC5 bug where it fails to choose the correct base::span
+constructor.
+
+Adapted from this commit:
+https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=7843d29ab07411a9c70962fb90b4cd1546910242
+
+--- a/gpu/ipc/common/mailbox_struct_traits.h
++++ b/gpu/ipc/common/mailbox_struct_traits.h
+@@ -15,7 +15,7 @@ namespace mojo {
+ template <>
+ struct StructTraits<gpu::mojom::MailboxDataView, gpu::Mailbox> {
+ static base::span<const int8_t> name(const gpu::Mailbox& mailbox) {
+- return mailbox.name;
++ return base::make_span(mailbox.name);
+ }
+ static bool Read(gpu::mojom::MailboxDataView data, gpu::Mailbox* out);
+ };
+--- a/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
++++ b/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
+@@ -134,7 +134,7 @@ struct StructTraits<viz::mojom::FilterOperationDataView, cc::FilterOperation> {
+ static base::span<const float> matrix(const cc::FilterOperation& operation) {
+ if (operation.type() != cc::FilterOperation::COLOR_MATRIX)
+ return base::span<const float>();
+- return operation.matrix();
++ return base::make_span(operation.matrix());
+ }
+
+ static base::span<const gfx::Rect> shape(
+--- a/services/viz/public/cpp/compositing/quads_struct_traits.h
++++ b/services/viz/public/cpp/compositing/quads_struct_traits.h
+@@ -308,7 +308,7 @@
+ static base::span<const float> vertex_opacity(const viz::DrawQuad& input) {
+ const viz::TextureDrawQuad* quad =
+ viz::TextureDrawQuad::MaterialCast(&input);
+- return quad->vertex_opacity;
++ return base::make_span(quad->vertex_opacity);
+ }
+
+ static bool y_flipped(const viz::DrawQuad& input) {
diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
new file mode 100644
index 000000000..38be10820
--- /dev/null
+++ b/gnu/packages/patches/chromium-remove-default-history.patch
@@ -0,0 +1,13 @@
+Don't pre-populate the New Tab Page for new profiles.
+
+--- a/chrome/browser/history/top_sites_factory.cc
++++ b/chrome/browser/history/top_sites_factory.cc
+@@ -74,7 +74,7 @@
+
+ void InitializePrepopulatedPageList(
+ history::PrepopulatedPageList* prepopulated_pages) {
+-#if !defined(OS_ANDROID)
++#if false
+ DCHECK(prepopulated_pages);
+ prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
+ for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
--
2.16.2
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 20:02:02 GMT) Full text and rfc822 format available.Message #134 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Mike Gerwitz <mtg <at> gnu.org>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 20:01:33 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 2.1K bytes: > Mike Gerwitz <mtg <at> gnu.org> writes: > > > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > >> If there are no objections, expect to see this in 'master' in 1-2 weeks. > > > > I want to express gratitude for your hard work on this---given that > > IceCat does not contain many of the FF devtool updates, Chromium is very > > desirable for web development. It's also needed for certain Node.js > > tools, like node-inspector. > > > > So, thank you! > > Thank *you* for the kind words! :-) > > Here is the latest iteration of this patch. New in this version: > > * Chromium 64 (duh). > * The 'delete-bundled-software' phase has been moved to a snippet, > shaving ~100MiB (~22%) off the compressed tarball size (and > drastically reduces (de)compression time). > * The New Tab page does not show any thumbnails for new profiles. I think you forgot to attach the patches :) > I've also added more comments about the patches and other flags. > > Now, when launching the browser for the first time, it *still* connects > to Google services. After a while it also does a lookup for AdWords... > However subsequent launches are "silent" as long as the Web Store is > disabled and "--disable-background-networking" is passed, like the > wrapper script does. > > Incidentally, now that IceCat supports WebRTC (and somehow plugged the > IP address leak[0]!), I no longer *need* this package. However, having > multiple high quality browsers at hand is a huge advantage IMO, so I'd > still like to have it in Guix. > > What do y'all think? Feedback on the snippet and description very > welcome. I still would like to have Chromium in Guix too. Icecat doesn't work for everyone's needs and requirements. I'd help volunteering time to building and updating, when it's possible for me. > [0] https://en.wikipedia.org/wiki/WebRTC#Concerns -- ng0 A88C8ADD129828D7EAC02E52E22F9BBFEE348588 http://krosos.org | https://n0.is/~ng0/ | https://crash.cx
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 20:08:01 GMT) Full text and rfc822 format available.Message #137 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: Mike Gerwitz <mtg <at> gnu.org>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 21:06:57 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > Marius Bakke transcribed 2.1K bytes: >> Mike Gerwitz <mtg <at> gnu.org> writes: >> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks. >> > >> > I want to express gratitude for your hard work on this---given that >> > IceCat does not contain many of the FF devtool updates, Chromium is very >> > desirable for web development. It's also needed for certain Node.js >> > tools, like node-inspector. >> > >> > So, thank you! >> >> Thank *you* for the kind words! :-) >> >> Here is the latest iteration of this patch. New in this version: >> >> * Chromium 64 (duh). >> * The 'delete-bundled-software' phase has been moved to a snippet, >> shaving ~100MiB (~22%) off the compressed tarball size (and >> drastically reduces (de)compression time). >> * The New Tab page does not show any thumbnails for new profiles. > > I think you forgot to attach the patches :) Derp. I realized that and just used `git send-email`[0], but have attached it here for convenience since the debbugs web UI doesn't allow easy download of a raw message. [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 20:35:01 GMT) Full text and rfc822 format available.Message #140 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Mike Gerwitz <mtg <at> gnu.org>, ng0 <ng0 <at> n0.is>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 20:34:34 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 43K bytes: > ng0 <ng0 <at> n0.is> writes: > > > Marius Bakke transcribed 2.1K bytes: > >> Mike Gerwitz <mtg <at> gnu.org> writes: > >> > >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks. > >> > > >> > I want to express gratitude for your hard work on this---given that > >> > IceCat does not contain many of the FF devtool updates, Chromium is very > >> > desirable for web development. It's also needed for certain Node.js > >> > tools, like node-inspector. > >> > > >> > So, thank you! > >> > >> Thank *you* for the kind words! :-) > >> > >> Here is the latest iteration of this patch. New in this version: > >> > >> * Chromium 64 (duh). > >> * The 'delete-bundled-software' phase has been moved to a snippet, > >> shaving ~100MiB (~22%) off the compressed tarball size (and > >> drastically reduces (de)compression time). > >> * The New Tab page does not show any thumbnails for new profiles. > > > > I think you forgot to attach the patches :) > > Derp. I realized that and just used `git send-email`[0], but have > attached it here for convenience since the debbugs web UI doesn't allow > easy download of a raw message. > > [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131 > Great, thanks! I'll comment after building (so the usual 3 - 16 hours ;D). Something I noticed in the past: A succesful build for Chromium depends on the system libraries we use. The last version broke a while back when icu4c got updated I think. So changes need to be adjusted. We can not know when this happens, but we can act when it happens. -- ng0 A88C8ADD129828D7EAC02E52E22F9BBFEE348588 http://krosos.org | https://n0.is/~ng0/ | https://crash.cx
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 26 Feb 2018 22:42:02 GMT) Full text and rfc822 format available.Message #143 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 23:41:44 +0100
[Message part 1 (text/plain, inline)]
Hi Marius, On Mon, 26 Feb 2018 21:06:57 +0100 Marius Bakke <mbakke <at> fastmail.com> wrote: > ng0 <ng0 <at> n0.is> writes: > > > Marius Bakke transcribed 2.1K bytes: > >> Mike Gerwitz <mtg <at> gnu.org> writes: > >> > >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > >> >> If there are no objections, expect to see this in 'master' in > >> >> 1-2 weeks. > >> > > >> > I want to express gratitude for your hard work on this---given > >> > that IceCat does not contain many of the FF devtool updates, > >> > Chromium is very desirable for web development. It's also > >> > needed for certain Node.js tools, like node-inspector. > >> > > >> > So, thank you! > >> > >> Thank *you* for the kind words! :-) > >> > >> Here is the latest iteration of this patch. New in this version: > >> > >> * Chromium 64 (duh). > >> * The 'delete-bundled-software' phase has been moved to a snippet, > >> shaving ~100MiB (~22%) off the compressed tarball size (and > >> drastically reduces (de)compression time). > >> * The New Tab page does not show any thumbnails for new profiles. > > > > I think you forgot to attach the patches :) > > Derp. I realized that and just used `git send-email`[0], but have > attached it here for convenience since the debbugs web UI doesn't > allow easy download of a raw message. > > [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131 > This looks like a lot of work. Thank you! I quickly tried to apply and build the patch and have two first remarks: The file says: ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com> I haven't followed history, have you worked on this since 2016? One patch has a hash-mismatch: Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2... icu.patch 2KiB 1.8MiB/s 00:00 [####################] 100.0% output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2 cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed I looked into the file and it looks reasonable, like a patch-file. It has no download errors. It starts like this: description: backwards compatibility for older versions of icu author: Michael Gilbert <mgilbert <at> debian.org> --- a/v8/src/runtime/runtime-intl.cc +++ b/v8/src/runtime/runtime-intl.cc @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele ... Can you check this file again? Björn
[Message part 2 (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 27 Feb 2018 02:03:02 GMT) Full text and rfc822 format available.Message #146 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Mike Gerwitz <mtg <at> gnu.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 26 Feb 2018 21:00:49 -0500
[Message part 1 (text/plain, inline)]
On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote: > Now, when launching the browser for the first time, it *still* connects > to Google services. After a while it also does a lookup for AdWords... Do you know what code initiates this? Would it be easy to remove, and would that harm other functionality? Saying that it only runs the first time implies to me that there's a flag, and that perhaps the flag can either be permanently set or the conditional triggering this behavior removed. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 27 Feb 2018 21:58:03 GMT) Full text and rfc822 format available.Message #149 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#28004] Chromium Date: Tue, 27 Feb 2018 21:57:17 +0000
[Message part 1 (text/plain, inline)]
Björn Höfling transcribed 4.0K bytes: > Hi Marius, > > On Mon, 26 Feb 2018 21:06:57 +0100 > Marius Bakke <mbakke <at> fastmail.com> wrote: > > > ng0 <ng0 <at> n0.is> writes: > > > > > Marius Bakke transcribed 2.1K bytes: > > >> Mike Gerwitz <mtg <at> gnu.org> writes: > > >> > > >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > > >> >> If there are no objections, expect to see this in 'master' in > > >> >> 1-2 weeks. > > >> > > > >> > I want to express gratitude for your hard work on this---given > > >> > that IceCat does not contain many of the FF devtool updates, > > >> > Chromium is very desirable for web development. It's also > > >> > needed for certain Node.js tools, like node-inspector. > > >> > > > >> > So, thank you! > > >> > > >> Thank *you* for the kind words! :-) > > >> > > >> Here is the latest iteration of this patch. New in this version: > > >> > > >> * Chromium 64 (duh). > > >> * The 'delete-bundled-software' phase has been moved to a snippet, > > >> shaving ~100MiB (~22%) off the compressed tarball size (and > > >> drastically reduces (de)compression time). > > >> * The New Tab page does not show any thumbnails for new profiles. > > > > > > I think you forgot to attach the patches :) > > > > Derp. I realized that and just used `git send-email`[0], but have > > attached it here for convenience since the debbugs web UI doesn't > > allow easy download of a raw message. > > > > [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131 > > > > > This looks like a lot of work. Thank you! > > I quickly tried to apply and build the patch and have two first remarks: > > The file says: > > ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com> > > I haven't followed history, have you worked on this since 2016? Marius, myself (and others?) have been working on this at least since October 2017. I did a search, and indeed: Date: Tue, 27 Sep 2016 07:39:10 +0000 ... this is when I first send the original Inox WIP. Wow. > One patch has a hash-mismatch: > > Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch > From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2... > icu.patch 2KiB 1.8MiB/s 00:00 [####################] 100.0% > output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built > @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2 > cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built > guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed > > I looked into the file and it looks reasonable, like a patch-file. It has no download errors. > > It starts like this: > > description: backwards compatibility for older versions of icu > author: Michael Gilbert <mgilbert <at> debian.org> > > --- a/v8/src/runtime/runtime-intl.cc > +++ b/v8/src/runtime/runtime-intl.cc > @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele > > ... > > Can you check this file again? With the patch Marius send yesterday it works for me. > Björn > > -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 27 Feb 2018 22:19:02 GMT) Full text and rfc822 format available.Message #152 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Tue, 27 Feb 2018 22:17:11 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 43K bytes:
> ng0 <ng0 <at> n0.is> writes:
>
> > Marius Bakke transcribed 2.1K bytes:
> >> Mike Gerwitz <mtg <at> gnu.org> writes:
> >>
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >> >
> >> > I want to express gratitude for your hard work on this---given that
> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
> >> > desirable for web development. It's also needed for certain Node.js
> >> > tools, like node-inspector.
> >> >
> >> > So, thank you!
> >>
> >> Thank *you* for the kind words! :-)
> >>
> >> Here is the latest iteration of this patch. New in this version:
> >>
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >> shaving ~100MiB (~22%) off the compressed tarball size (and
> >> drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.
> >
> > I think you forgot to attach the patches :)
>
> Derp. I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't allow
> easy download of a raw message.
>
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>
Comments inlined, some words ahead.
I think it's good that we will be able to handle extensions via Guix.
But: We should point it out that you won't be able to install extensions
manually, via the store or as a file. People who betatested this got
confused.
Once we have extensions as packages, we can describe how to get extensions.
Gentoo (and Nix?) have done some work on handling the extensions via system
tools.
> From f00529f4cd9e2e5efef146915d217cbb413d1f1a Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
>
> * gnu/packages/chromium.scm: New file.
> * gnu/packages/patches/chromium-gcc.patch,
> gnu/packages/patches/chromium-remove-default-history.patch: New files.
> * gnu/local.mk: Record it.
> ---
> gnu/local.mk | 3 +
> gnu/packages/chromium.scm | 756 +++++++++++++++++++++
> gnu/packages/patches/chromium-gcc5.patch | 39 ++
> .../patches/chromium-remove-default-history.patch | 13 +
> 4 files changed, 811 insertions(+)
> create mode 100644 gnu/packages/chromium.scm
> create mode 100644 gnu/packages/patches/chromium-gcc5.patch
> create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index fa98810d6..fb1320f7b 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/check.scm \
> %D%/packages/chemistry.scm \
> %D%/packages/chez.scm \
> + %D%/packages/chromium.scm \
> %D%/packages/ci.scm \
> %D%/packages/cinnamon.scm \
> %D%/packages/cmake.scm \
> @@ -581,6 +582,8 @@ dist_patch_DATA = \
> %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> %D%/packages/patches/chmlib-inttypes.patch \
> + %D%/packages/patches/chromium-gcc5.patch \
> + %D%/packages/patches/chromium-remove-default-history.patch \
> %D%/packages/patches/clang-libc-search-path.patch \
> %D%/packages/patches/clang-3.8-libc-search-path.patch \
> %D%/packages/patches/clang-runtime-asan-build-fixes.patch \
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..1dd77b089
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,756 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages)
> + #:use-module (guix download)
> + #:use-module (guix git-download)
> + #:use-module (guix utils)
> + #:use-module (guix build-system gnu)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages assembly)
> + #:use-module (gnu packages base)
> + #:use-module (gnu packages bison)
> + #:use-module (gnu packages compression)
> + #:use-module (gnu packages cups)
> + #:use-module (gnu packages curl)
> + #:use-module (gnu packages databases)
> + #:use-module (gnu packages fontutils)
> + #:use-module (gnu packages ghostscript)
> + #:use-module (gnu packages gl)
> + #:use-module (gnu packages glib)
> + #:use-module (gnu packages gnome)
> + #:use-module (gnu packages gnuzilla)
> + #:use-module (gnu packages gperf)
> + #:use-module (gnu packages gtk)
> + #:use-module (gnu packages icu4c)
> + #:use-module (gnu packages image)
> + #:use-module (gnu packages libevent)
> + #:use-module (gnu packages libffi)
> + #:use-module (gnu packages libusb)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages kerberos)
> + #:use-module (gnu packages ninja)
> + #:use-module (gnu packages node)
> + #:use-module (gnu packages pciutils)
> + #:use-module (gnu packages photo)
> + #:use-module (gnu packages pkg-config)
> + #:use-module (gnu packages protobuf)
> + #:use-module (gnu packages pulseaudio)
> + #:use-module (gnu packages python)
> + #:use-module (gnu packages python-web)
> + #:use-module (gnu packages regex)
> + #:use-module (gnu packages serialization)
> + #:use-module (gnu packages speech)
> + #:use-module (gnu packages tls)
> + #:use-module (gnu packages valgrind)
> + #:use-module (gnu packages version-control)
> + #:use-module (gnu packages video)
> + #:use-module (gnu packages xiph)
> + #:use-module (gnu packages xml)
> + #:use-module (gnu packages xdisorg)
> + #:use-module (gnu packages xorg))
> +
> +(define (strip-directory-prefix pathspec)
> + "Return everything after the last '/' in PATHSPEC."
> + (let ((index (string-rindex pathspec #\/)))
> + (if index
> + (string-drop pathspec (+ 1 index))
> + pathspec)))
> +
> +(define (chromium-patch-file-name pathspec)
> + (let ((patch-name (strip-directory-prefix pathspec)))
> + (if (string-prefix? "chromium-" patch-name)
> + patch-name
> + (string-append "chromium-" patch-name))))
> +
> +;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
> +(define (debian-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
> + "/plain/debian/patches/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> + "/chromium/files/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> + revision "/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
> +(define (nixos-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
> + revision "/pkgs/applications/networking/browsers"
> + "/chromium/patches/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; Fix build for older versions of GCC.
> +(define %chromium-angle-gcc-compat.patch
> + (gentoo-patch "chromium-angle-r0.patch"
> + "08971011b4d6fa37aa906920fba7564e48b9e60b"
> + "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
> +
> +;; https://webrtc-review.googlesource.com/9384
> +(define %chromium-webrtc-gcc-compat.patch
> + (gentoo-patch "chromium-webrtc-r0.patch"
> + "08971011b4d6fa37aa906920fba7564e48b9e60b"
> + "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
> +
> +;; https://chromium-review.googlesource.com/813737
> +(define %chromium-memcpy.patch
> + (gentoo-patch "chromium-memcpy-r0.patch"
> + "08971011b4d6fa37aa906920fba7564e48b9e60b"
> + "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
> +
> +(define %chromium-system-nspr.patch
> + (debian-patch "system/nspr.patch"
> + "debian/64.0.3282.119-2"
> + "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
> +
> +(define %chromium-system-libevent.patch
> + (debian-patch "system/event.patch"
> + "debian/64.0.3282.119-2"
> + "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
> +
> +(define %chromium-system-icu.patch
> + (debian-patch "system/icu.patch"
> + "debian/64.0.3282.119-2"
> + "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
> +
> +;; Don't show a warning about missing API keys.
> +(define %chromium-disable-api-keys-warning.patch
> + (debian-patch "disable/google-api-warning.patch"
> + "debian/64.0.3282.119-2"
> + "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
> +
> +;; Add DuckDuckGo and set it as the default search engine.
> +(define %chromium-duckduckgo.patch
> + (inox-patch "0011-add-duckduckgo-search-engine.patch"
> + "d655594419af6b82a2a070e4d3eedd926a04fa79"
> + "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
> +
> +;; Don't start a "Login Wizard" at first launch.
> +(define %chromium-first-run.patch
> + (inox-patch "0018-disable-first-run-behaviour.patch"
> + "d655594419af6b82a2a070e4d3eedd926a04fa79"
> + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
> +
> +;; Use privacy-preserving defaults.
> +(define %chromium-default-preferences.patch
> + (inox-patch "0006-modify-default-prefs.patch"
> + "d655594419af6b82a2a070e4d3eedd926a04fa79"
> + "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
> +
> +;; Recent versions of Chromium may load a remote search engine on the
> +;; New Tab Page, causing unnecessary and involuntary network traffic.
> +(define %chromium-restore-classic-ntp.patch
> + (inox-patch "0008-restore-classic-ntp.patch"
> + "d655594419af6b82a2a070e4d3eedd926a04fa79"
> + "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
> +
> +(define opus+custom
> + (package (inherit opus)
> + (name "opus+custom")
> + (arguments
> + `(;; Opus Custom is an optional extension of the Opus
> + ;; specification that allows for unsupported frame
> + ;; sizes. Chromium requires that this is enabled.
> + #:configure-flags '("--enable-custom-modes")
> + ,@(package-arguments opus)))))
> +
> +(define libvpx+experimental
> + (package
> + (inherit libvpx)
> + (name "libvpx+experimental")
> + (arguments
> + `(,@(substitute-keyword-arguments (package-arguments libvpx)
> + ((#:configure-flags flags ''())
> + ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
> + `(cons* "--enable-experimental" "--enable-spatial-svc"
> + ,flags)))))))
> +
> +(define-public chromium
> + (package
> + (name "chromium")
> + (version "64.0.3282.186")
> + (synopsis "Graphical web browser")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://commondatastorage.googleapis.com/"
> + "chromium-browser-official/chromium-"
> + version ".tar.xz"))
> + (sha256
> + (base32
> + "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
> + (patches (list %chromium-duckduckgo.patch
> + %chromium-default-preferences.patch
> + %chromium-first-run.patch
> + %chromium-restore-classic-ntp.patch
> + %chromium-angle-gcc-compat.patch
> + %chromium-webrtc-gcc-compat.patch
> + %chromium-memcpy.patch
> + %chromium-system-icu.patch
> + %chromium-system-nspr.patch
> + %chromium-system-libevent.patch
> + %chromium-disable-api-keys-warning.patch
> + (search-patch "chromium-gcc5.patch")
> + (search-patch "chromium-remove-default-history.patch")))
> + (modules '((srfi srfi-1)
> + (ice-9 ftw)
> + (ice-9 regex)
> + (guix build utils)))
> + (snippet
> + '(begin
> + (let ((preserved-files
> + (map
> + (lambda (path) (string-append "./" path))
> + (list
> + "base/third_party/dmg_fp"
> + "base/third_party/dynamic_annotations"
> + "base/third_party/icu"
> + "base/third_party/libevent"
> + "base/third_party/nspr"
> + "base/third_party/superfasthash"
> + "base/third_party/symbolize" ;glog
> + "base/third_party/xdg_mime"
> + "base/third_party/xdg_user_dirs"
> + "buildtools/third_party/libc++"
> + "chrome/third_party/mozilla_security_manager"
> + "courgette/third_party"
> + "net/third_party/mozilla_security_manager"
> + "net/third_party/nss"
> + "third_party/adobe/flash/flapper_version.h"
> + ;; FIXME: This is used in:
> + ;; * ui/webui/resources/js/analytics.js
> + ;; * ui/file_manager/
> + "third_party/analytics"
> + "third_party/angle"
> + "third_party/angle/src/common/third_party/base"
> + "third_party/angle/src/common/third_party/smhasher"
> + "third_party/angle/src/third_party/compiler"
> + "third_party/angle/src/third_party/libXNVCtrl"
> + "third_party/angle/src/third_party/trace_event"
> + "third_party/blink"
> + "third_party/boringssl"
> + "third_party/boringssl/src/third_party/fiat"
> + "third_party/breakpad"
> + "third_party/brotli"
> + "third_party/cacheinvalidation"
> + "third_party/catapult"
> + "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> + "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> + "third_party/catapult/third_party/polymer"
> + "third_party/catapult/tracing/third_party/d3"
> + "third_party/catapult/tracing/third_party/gl-matrix"
> + "third_party/catapult/tracing/third_party/jszip"
> + "third_party/catapult/tracing/third_party/mannwhitneyu"
> + "third_party/catapult/tracing/third_party/oboe"
> + "third_party/catapult/tracing/third_party/pako"
> + "third_party/ced"
> + "third_party/cld_3"
> + "third_party/crc32c"
> + "third_party/cros_system_api"
> + "third_party/dom_distiller_js"
> + "third_party/fips181"
> + "third_party/flatbuffers"
> + ;; PDFium requires a private freetype API.
> + ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
> + "third_party/freetype/src/src/psnames/pstables.h"
> + "third_party/glslang-angle"
> + "third_party/google_input_tools"
> + "third_party/google_input_tools/third_party/closure_library"
> + (string-append "third_party/google_input_tools/third_party"
> + "/closure_library/third_party/closure")
> + "third_party/googletest"
> + "third_party/harfbuzz-ng"
> + "third_party/hunspell"
> + "third_party/iccjpeg"
> + "third_party/inspector_protocol"
> + "third_party/jinja2"
> + "third_party/jstemplate"
> + "third_party/khronos"
> + "third_party/leveldatabase"
> + "third_party/libXNVCtrl"
> + "third_party/libaddressinput"
> + "third_party/libjingle_xmpp"
> + "third_party/libphonenumber"
> + "third_party/libsecret" ;FIXME: needs pkg-config support.
> + "third_party/libsrtp" ;TODO: Requires libsrtp <at> 2.
> + "third_party/libudev"
> + "third_party/libwebm"
> + "third_party/libxml"
> + "third_party/libyuv"
> + "third_party/lss"
> + "third_party/lzma_sdk"
> + "third_party/markupsafe"
> + "third_party/mesa"
> + "third_party/metrics_proto"
> + "third_party/modp_b64"
> + "third_party/mt19937ar"
> + "third_party/node"
> + (string-append "third_party/node/node_modules/"
> + "polymer-bundler/lib/third_party/UglifyJS2")
> + "third_party/openmax_dl"
> + "third_party/ots"
> + "third_party/pdfium"
> + "third_party/pdfium/third_party"
> + "third_party/ply"
> + "third_party/polymer"
> + "third_party/protobuf"
> + "third_party/protobuf/third_party/six"
> + "third_party/qcms"
> + "third_party/sfntly"
> + "third_party/skia"
> + "third_party/skia/third_party/vulkan"
> + "third_party/skia/third_party/gif"
> + "third_party/smhasher"
> + "third_party/speech-dispatcher"
> + "third_party/spirv-headers"
> + "third_party/spirv-tools-angle"
> + "third_party/sqlite"
> + "third_party/swiftshader"
> + "third_party/swiftshader/third_party"
> + "third_party/usb_ids"
> + "third_party/usrsctp"
> + "third_party/vulkan"
> + "third_party/vulkan-validation-layers"
> + "third_party/WebKit"
> + "third_party/web-animations-js"
> + "third_party/webrtc"
> + "third_party/webrtc_overrides"
> + "third_party/widevine/cdm/widevine_cdm_version.h"
> + "third_party/widevine/cdm/widevine_cdm_common.h"
> + "third_party/woff2"
> + "third_party/xdg-utils"
> + "third_party/yasm/run_yasm.py"
> + "third_party/zlib/google"
> + "url/third_party/mozilla"
> + "v8/src/third_party/valgrind"
> + "v8/third_party/inspector_protocol"))))
> +
> + ;; This is an implementation of
> + ;; "build/linux/unbundle/remove_bundled_libraries.py".
> + ;; It traverses any "third_party" directory and deletes
> + ;; files that are:
> + ;; * not ending with ".gn" or ".gni"; or
> + ;; * not explicitly named as argument (folder or file).
> + ;; TODO: Remove empty directories.
> + (define (delete-files-except exceptions dir)
> +
> + (define (enter? name stat result)
> + (not (member name exceptions)))
> +
> + (define (leaf name stat result)
> + (let ((protected-files (make-regexp "\\.(gn|gyp)i?$"
> + regexp/icase)))
> + (unless (or (member name exceptions)
> + (regexp-exec protected-files name))
> + (delete-file name))))
> +
> + (file-system-fold enter?
> + leaf
> + (lambda (dir stat result) result) ;down
> + (lambda (dir stat result) result) ;up
> + (lambda (dir stat result) result) ;skip
> + (lambda (dir stat result) result) ;error
> + #t
> + dir))
> +
> + (for-each (lambda (third-party)
> + (delete-files-except preserved-files
> + third-party))
> + (find-files "." "^third_party$" #:directories? #t))
> +
> + ;; Replace GN files from third_party with shims for building
> + ;; against system libraries. Keep this list in sync with
> + ;; "build/linux/unbundle/replace_gn_files.py".
> + (for-each (lambda (pair)
> + (let ((source (string-append
> + "build/linux/unbundle/" (car pair)))
> + (dest (cdr pair)))
> + (copy-file source dest)))
> + (list
> + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> + '("flac.gn" . "third_party/flac/BUILD.gn")
> + '("freetype.gn" . "third_party/freetype/BUILD.gn")
> + ;; FIXME: This is no longer supported since 63.
> + ;;'("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
> + '("icu.gn" . "third_party/icu/BUILD.gn")
> + '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> + '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> + '("libjpeg.gn" .
> + "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
> + '("libpng.gn" . "third_party/libpng/BUILD.gn")
> + '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> + '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> + '("libxml.gn" . "third_party/libxml/BUILD.gn") ;TODO
> + '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> + '("openh264.gn" . "third_party/openh264/BUILD.gn")
> + '("opus.gn" . "third_party/opus/BUILD.gn")
> + '("re2.gn" . "third_party/re2/BUILD.gn")
> + '("snappy.gn" . "third_party/snappy/BUILD.gn")
> + '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> + '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> + #t)))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:tests? #f
> + ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> + ;; it's not recognized when passed.
> + #:validate-runpath? #f
> + #:modules ((srfi srfi-26)
> + (ice-9 ftw)
> + (ice-9 regex)
> + (guix build gnu-build-system)
> + (guix build utils))
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'patch-stuff
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "printing/cups_config_helper.py"
> + (("cups_config =.*")
> + (string-append "cups_config = '" (assoc-ref inputs "cups")
> + "/bin/cups-config'\n")))
> +
> + (substitute*
> + '("base/process/launch_posix.cc"
> + "base/third_party/dynamic_annotations/dynamic_annotations.c"
> + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> + "sandbox/linux/services/credentials.cc"
> + "sandbox/linux/services/namespace_utils.cc"
> + "sandbox/linux/services/syscall_wrappers.cc"
> + "sandbox/linux/syscall_broker/broker_host.cc")
> + (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> + (for-each (lambda (file)
> + (substitute* file
> + ;; Fix opus include path.
> + ;; Do not substitute opus_private.h.
> + (("#include \"opus\\.h\"")
> + "#include \"opus/opus.h\"")
> + (("#include \"opus_custom\\.h\"")
> + "#include \"opus/opus_custom.h\"")
> + (("#include \"opus_defines\\.h\"")
> + "#include \"opus/opus_defines.h\"")
> + (("#include \"opus_multistream\\.h\"")
> + "#include \"opus/opus_multistream.h\"")
> + (("#include \"opus_types\\.h\"")
> + "#include \"opus/opus_types.h\"")))
> + (append (find-files "third_party/opus/src/celt")
> + (find-files "third_party/opus/src/src")
> + (find-files (string-append "third_party/webrtc/modules"
> + "/audio_coding/codecs/opus"))))
> +
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
I don't know if I asked you about this in the past, but can you explain why you
picked the run dir? I have to re-read the Gentoo eclass and Nix integration for this.
> +
> + (substitute*
> + "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + ;; We don't cross compile most packages, so get rid of the
> + ;; unnecessary ARCH-linux-gnu* prefix.
> + (substitute* "build/toolchain/linux/BUILD.gn"
> + (("aarch64-linux-gnu-") "")
> + (("arm-linux-gnueabihf-") ""))
> + #t))
> + (replace 'configure
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((gn-flags
> + (list
> + ;; See tools/gn/docs/cookbook.md and
> + ;; https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + "is_debug=false"
> + "is_official_build=false"
> + "is_clang=false"
> + "use_gold=false"
> + "use_lld=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "goma_dir=\"\""
> + "enable_precompiled_headers=false"
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ;don't use tcmalloc
> + "override_build_date=\"01 01 2000 05:00:00\""
> + "use_unofficial_version_number=false"
> + ;; Optimize for building everything at once, as opposed
> + ;; to incrementally for development. See "docs/jumbo.md".
> + ;; XXX: On some systems this may trigger a compiler error.
> + ;;"use_jumbo_build=true"
> + ;; Disable debugging features to save space.
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> + ;; Some of the unbundled libraries throws deprecation
> + ;; warnings, etc. Ignore it.
> + "treat_warnings_as_errors=false"
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if desired. See
> + ;; <https://www.chromium.org/developers/how-tos/api-keys>.
> + "use_official_google_api_keys=false"
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + "use_system_freetype=true"
> + "use_system_harfbuzz=true"
> + "use_system_libjpeg=true"
> + "use_system_lcms2=true"
> + "use_system_zlib=true"
> + ;; This is currently not supported on Linux:
> + ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
> + ;;"use_system_sqlite=true"
> +
> + "use_gconf=false" ;deprecated by gsettings
> + "use_gnome_keyring=false" ;deprecated by libsecret
> + "use_gtk3=true"
> + "use_openh264=true"
> + "use_xkbcommon=true"
> + "link_pulseaudio=true"
> +
> + ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> + ;; TODO: Package these.
> + "rtc_build_libsrtp=true" ;2.0
> + "rtc_build_libyuv=true"
> + "rtc_build_openmax_dl=true"
> + "rtc_build_usrsctp=true"
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref inputs "openssl")
> + "/include/openssl\""))))
> +
> + ;; XXX: How portable is this.
Can you extend this comment?
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + (setenv "CC" "gcc")
> + (setenv "CXX" "g++")
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> + (and
> + ;; Build the "gn" tool.
> + (invoke "python"
> + "tools/gn/bootstrap/bootstrap.py" "-s" "-v")
> + ;; Generate ninja build files.
> + (invoke "./out/Release/gn" "gen" "out/Release"
> + (string-append "--args="
> + (string-join gn-flags " ")))))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (invoke "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome")))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out "/share/applications"))
> + (install-regexp (make-regexp "\\.(bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (substitute* '("chrome/app/resources/manpage.1.in"
> + "chrome/installer/linux/common/desktop.template")
> + (("@@MENUNAME@@") "Chromium")
> + (("@@PACKAGE@@") "chromium")
> + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> + (mkdir-p man)
> + (copy-file "chrome/app/resources/manpage.1.in"
> + (string-append man "/chromium.1"))
> + (mkdir-p applications)
> + (copy-file "chrome/installer/linux/common/desktop.template"
> + (string-append applications "/chromium.desktop"))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
To be able to work on this, can you (at least in this bug ticket,
explain the TODO part a bit more?
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\" \\~@
> + --disable-background-networking \\~@
> + --disable-extensions \\~@
> + \"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> + #t)))))))
> + (native-inputs
> + `(("bison" ,bison)
> + ("git" ,git) ;last_commit_position.py
> + ("gperf" ,gperf)
> + ("ninja" ,ninja)
> + ("node" ,node)
> + ("pkg-config" ,pkg-config)
> + ("which" ,which)
> + ("yasm" ,yasm)
> +
> + ("python-beautifulsoup4" ,python2-beautifulsoup4)
> + ("python-html5lib" ,python2-html5lib)
> + ("python" ,python-2)))
> + (inputs
> + `(("alsa-lib" ,alsa-lib)
> + ("atk" ,atk)
> + ("cups" ,cups)
> + ("curl" ,curl)
> + ("dbus" ,dbus)
> + ("dbus-glib" ,dbus-glib)
> + ("expat" ,expat)
> + ("flac" ,flac)
> + ("ffmpeg" ,ffmpeg)
> + ("fontconfig" ,fontconfig)
> + ("freetype" ,freetype)
> + ("gdk-pixbuf" ,gdk-pixbuf)
> + ("glib" ,glib)
> + ("gtk+-2" ,gtk+-2)
> + ("gtk+" ,gtk+)
> + ("harfbuzz" ,harfbuzz)
> + ("icu4c" ,icu4c)
> + ("jsoncpp" ,jsoncpp)
> + ("lcms" ,lcms)
> + ("libevent" ,libevent)
> + ("libffi" ,libffi)
> + ("libjpeg-turbo" ,libjpeg-turbo)
> + ("libpng" ,libpng)
> + ("libusb" ,libusb)
> + ("libvpx" ,libvpx+experimental)
> + ("libwebp" ,libwebp)
> + ("libx11" ,libx11)
> + ("libxcb" ,libxcb)
> + ("libxcomposite" ,libxcomposite)
> + ("libxcursor" ,libxcursor)
> + ("libxdamage" ,libxdamage)
> + ("libxext" ,libxext)
> + ("libxfixes" ,libxfixes)
> + ("libxi" ,libxi)
> + ("libxkbcommon" ,libxkbcommon)
> + ("libxml2" ,libxml2)
> + ("libxrandr" ,libxrandr)
> + ("libxrender" ,libxrender)
> + ("libxscrnsaver" ,libxscrnsaver)
> + ("libxslt" ,libxslt)
> + ("libxtst" ,libxtst)
> + ("mesa" ,mesa)
> + ("minizip" ,minizip)
> + ("mit-krb5" ,mit-krb5)
> + ("nss" ,nss)
> + ("openh264" ,openh264)
> + ("openssl" ,openssl)
> + ("opus" ,opus+custom)
> + ("pango" ,pango)
> + ("pciutils" ,pciutils)
> + ("protobuf" ,protobuf)
> + ("pulseaudio" ,pulseaudio)
> + ("re2" ,re2)
> + ("snappy" ,snappy)
> + ("speech-dispatcher" ,speech-dispatcher)
> + ("sqlite" ,sqlite)
> + ("udev" ,eudev)
> + ("valgrind" ,valgrind)))
> + (home-page "https://www.chromium.org/")
> + (description
> + "Chromium is a web browser designed for speed and security. This
> +version incorporates patches from
> +@url{https://github.com/gcarq/inox-patchset,Inox} and
> +@url{https://www.debian.org/,Debian} in order to protect the users privacy.")
> + ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> + ;; components with other licenses. For full information, see chrome://credits.
> + (license (list license:bsd-3
> + license:bsd-2
> + license:expat
> + license:asl2.0
> + license:mpl2.0
> + license:public-domain
> + license:lgpl2.1+))))
> diff --git a/gnu/packages/patches/chromium-gcc5.patch b/gnu/packages/patches/chromium-gcc5.patch
> new file mode 100644
> index 000000000..56b2cd6ef
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-gcc5.patch
> @@ -0,0 +1,39 @@
> +Work around a GCC5 bug where it fails to choose the correct base::span
> +constructor.
> +
> +Adapted from this commit:
> +https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=7843d29ab07411a9c70962fb90b4cd1546910242
> +
> +--- a/gpu/ipc/common/mailbox_struct_traits.h
> ++++ b/gpu/ipc/common/mailbox_struct_traits.h
> +@@ -15,7 +15,7 @@ namespace mojo {
> + template <>
> + struct StructTraits<gpu::mojom::MailboxDataView, gpu::Mailbox> {
> + static base::span<const int8_t> name(const gpu::Mailbox& mailbox) {
> +- return mailbox.name;
> ++ return base::make_span(mailbox.name);
> + }
> + static bool Read(gpu::mojom::MailboxDataView data, gpu::Mailbox* out);
> + };
> +--- a/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
> ++++ b/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
> +@@ -134,7 +134,7 @@ struct StructTraits<viz::mojom::FilterOperationDataView, cc::FilterOperation> {
> + static base::span<const float> matrix(const cc::FilterOperation& operation) {
> + if (operation.type() != cc::FilterOperation::COLOR_MATRIX)
> + return base::span<const float>();
> +- return operation.matrix();
> ++ return base::make_span(operation.matrix());
> + }
> +
> + static base::span<const gfx::Rect> shape(
> +--- a/services/viz/public/cpp/compositing/quads_struct_traits.h
> ++++ b/services/viz/public/cpp/compositing/quads_struct_traits.h
> +@@ -308,7 +308,7 @@
> + static base::span<const float> vertex_opacity(const viz::DrawQuad& input) {
> + const viz::TextureDrawQuad* quad =
> + viz::TextureDrawQuad::MaterialCast(&input);
> +- return quad->vertex_opacity;
> ++ return base::make_span(quad->vertex_opacity);
> + }
> +
> + static bool y_flipped(const viz::DrawQuad& input) {
> diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
> new file mode 100644
> index 000000000..38be10820
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-remove-default-history.patch
> @@ -0,0 +1,13 @@
> +Don't pre-populate the New Tab Page for new profiles.
> +
> +--- a/chrome/browser/history/top_sites_factory.cc
> ++++ b/chrome/browser/history/top_sites_factory.cc
> +@@ -74,7 +74,7 @@
> +
> + void InitializePrepopulatedPageList(
> + history::PrepopulatedPageList* prepopulated_pages) {
> +-#if !defined(OS_ANDROID)
> ++#if false
> + DCHECK(prepopulated_pages);
> + prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
> + for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
> --
> 2.16.2
>
Otherwise, LGTM.
--
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 28 Feb 2018 08:18:02 GMT) Full text and rfc822 format available.Message #155 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Mike Gerwitz <mtg <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#28004] Chromium Date: Wed, 28 Feb 2018 08:17:07 +0000
[Message part 1 (text/plain, inline)]
Mike Gerwitz transcribed 1.6K bytes: > On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote: > > Now, when launching the browser for the first time, it *still* connects > > to Google services. After a while it also does a lookup for AdWords... > > Do you know what code initiates this? Would it be easy to remove, and > would that harm other functionality? > > Saying that it only runs the first time implies to me that there's a > flag, and that perhaps the flag can either be permanently set or the > conditional triggering this behavior removed. > > -- > Mike Gerwitz > Free Software Hacker+Activist | GNU Maintainer & Volunteer > GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 > https://mikegerwitz.com Could this be a connectivity check? switch "--connectivity-check-url" exists: https://peter.sh/experiments/chromium-command-line-switches/ and there might be a flag here: chrome://flags/ We can also creatre our own settings file as suggested in this thread: https://www.jamf.com/jamf-nation/discussions/10331/chrome-master-preferences-file-and-suppressing-first-run-browser Someone else suggested this file: http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc 404 now. Adwords query might really be rlz, but I'm just guessing for now. Post from 2010: https://blog.chromium.org/2010/06/in-open-for-rlz.html > When we released a new stable version of Google Chrome last March, we tried to improve the transparency and privacy options of Google Chrome. One area where ve seen a lot of interest and questions is the RLZ library that is built into Google Chrome. RLZ gives us the ability to accurately measure the success of marketing promotions and distribution partnerships in order to meet our contractual and financial obligations. It assigns non-unique, non-personally identifiable promotion tracking labels to client products; these labels sometimes appear in Google search queries in Google Chrome.we This is the source code view: https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup Different topic. This will help us to integrate packaged extensions once we get there: https://data.gpo.zugaina.org/gentoo/www-client/chromium/files/chromium-launcher-r3.sh and probably some more files. -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 28 Feb 2018 17:15:01 GMT) Full text and rfc822 format available.Message #158 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Wed, 28 Feb 2018 18:14:08 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes:
> Marius Bakke transcribed 43K bytes:
>> ng0 <ng0 <at> n0.is> writes:
>>
>> > Marius Bakke transcribed 2.1K bytes:
>> >> Mike Gerwitz <mtg <at> gnu.org> writes:
>> >>
>> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>> >> >
>> >> > I want to express gratitude for your hard work on this---given that
>> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
>> >> > desirable for web development. It's also needed for certain Node.js
>> >> > tools, like node-inspector.
>> >> >
>> >> > So, thank you!
>> >>
>> >> Thank *you* for the kind words! :-)
>> >>
>> >> Here is the latest iteration of this patch. New in this version:
>> >>
>> >> * Chromium 64 (duh).
>> >> * The 'delete-bundled-software' phase has been moved to a snippet,
>> >> shaving ~100MiB (~22%) off the compressed tarball size (and
>> >> drastically reduces (de)compression time).
>> >> * The New Tab page does not show any thumbnails for new profiles.
>> >
>> > I think you forgot to attach the patches :)
>>
>> Derp. I realized that and just used `git send-email`[0], but have
>> attached it here for convenience since the debbugs web UI doesn't allow
>> easy download of a raw message.
>>
>> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>>
>
> Comments inlined, some words ahead.
>
> I think it's good that we will be able to handle extensions via Guix.
> But: We should point it out that you won't be able to install extensions
> manually, via the store or as a file. People who betatested this got
> confused.
I haven't tested installing from a file. Which error are you getting?
You can use extensions from the store by setting the variable
"CHROMIUM_ENABLE_WEB_STORE", as in Debian. But I don't see a need to
document it since it's unsupported territory from a Guix viewpoint.
>> + (substitute* "chrome/common/chrome_paths.cc"
>> + (("/usr/share/chromium/extensions")
>> + ;; TODO: Add ~/.guix-profile.
>> + "/run/current-system/profile/share/chromium/extensions"))
>
> I don't know if I asked you about this in the past, but can you explain why you
> picked the run dir? I have to re-read the Gentoo eclass and Nix integration for this.
The plan is to package extensions with Guix and place them in
"out/share/chromium/extensions". Then you would be able to install
extensions through the system profile, until a better solution is in
place (like a search path).
>> + (mkdir-p bin)
>> + ;; Add a thin wrapper to prevent the user from inadvertently
>> + ;; installing non-free software through the Web Store.
>> + ;; TODO: Discover extensions from the profile and pass
>> + ;; something like "--disable-extensions-except=...".
>
> To be able to work on this, can you (at least in this bug ticket,
> explain the TODO part a bit more?
This was inspired by Debians wrapper script, which discovers extensions
installed by Apt and composes this command line. It allows disabling
the web store while still using extensions. I'll see if I can improve
the comment.
Thanks for the feedback!
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 28 Feb 2018 17:29:02 GMT) Full text and rfc822 format available.Message #161 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Mike Gerwitz <mtg <at> gnu.org> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Wed, 28 Feb 2018 18:28:46 +0100
[Message part 1 (text/plain, inline)]
Mike Gerwitz <mtg <at> gnu.org> writes: > On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote: >> Now, when launching the browser for the first time, it *still* connects >> to Google services. After a while it also does a lookup for AdWords... > > Do you know what code initiates this? Would it be easy to remove, and > would that harm other functionality? Unfortunately, I don't know what triggers it. Feel free to try picking some of the other Inox patches and see if it makes a difference: https://github.com/gcarq/inox-patchset Inox goes great lengths to "ungooglify" the browser. I've decided against picking *all* their patches, for two reasons: 1) I'd like users to be able to use Chromium with their Google account if they wish to (although I haven't actually tested this), and more importantly: 2) More patches means more porting work every new release. Usually major versions bumps come with a plethora of security fixes, so I wish to minimize maintenance overhead. Just figuring out the changed dependencies, build flags, and GCC bugs with every release is a lot of work already. > Saying that it only runs the first time implies to me that there's a > flag, and that perhaps the flag can either be permanently set or the > conditional triggering this behavior removed. Indeed. Any help figuring out the offender is very welcome! No external connectivity in the default configuration is a goal we should strive for.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 28 Feb 2018 17:40:02 GMT) Full text and rfc822 format available.Message #164 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Wed, 28 Feb 2018 18:38:56 +0100
[Message part 1 (text/plain, inline)]
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> writes: > Hi Marius, > > On Mon, 26 Feb 2018 21:06:57 +0100 > Marius Bakke <mbakke <at> fastmail.com> wrote: > >> ng0 <ng0 <at> n0.is> writes: >> >> > Marius Bakke transcribed 2.1K bytes: >> >> Mike Gerwitz <mtg <at> gnu.org> writes: >> >> >> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: >> >> >> If there are no objections, expect to see this in 'master' in >> >> >> 1-2 weeks. >> >> > >> >> > I want to express gratitude for your hard work on this---given >> >> > that IceCat does not contain many of the FF devtool updates, >> >> > Chromium is very desirable for web development. It's also >> >> > needed for certain Node.js tools, like node-inspector. >> >> > >> >> > So, thank you! >> >> >> >> Thank *you* for the kind words! :-) >> >> >> >> Here is the latest iteration of this patch. New in this version: >> >> >> >> * Chromium 64 (duh). >> >> * The 'delete-bundled-software' phase has been moved to a snippet, >> >> shaving ~100MiB (~22%) off the compressed tarball size (and >> >> drastically reduces (de)compression time). >> >> * The New Tab page does not show any thumbnails for new profiles. >> > >> > I think you forgot to attach the patches :) >> >> Derp. I realized that and just used `git send-email`[0], but have >> attached it here for convenience since the debbugs web UI doesn't >> allow easy download of a raw message. >> >> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131 >> > > > This looks like a lot of work. Thank you! > > I quickly tried to apply and build the patch and have two first remarks: > > The file says: > > ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com> > > I haven't followed history, have you worked on this since 2016? Yeah, I started this shortly after going full-GuixSD in October 2016. But I didn't submit it until now because I didn't think it met Guix's standards (and still think it's questionable due to privacy concerns). > One patch has a hash-mismatch: > > Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch > From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2... > icu.patch 2KiB 1.8MiB/s 00:00 [####################] 100.0% > output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built > @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2 > cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built > guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed > > I looked into the file and it looks reasonable, like a patch-file. It has no download errors. > > It starts like this: > > description: backwards compatibility for older versions of icu > author: Michael Gilbert <mgilbert <at> debian.org> > > --- a/v8/src/runtime/runtime-intl.cc > +++ b/v8/src/runtime/runtime-intl.cc > @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele > > ... > > Can you check this file again? Whoops, indeed. I had an older patch in my store and apparently forgot to update the hash. The correct hash for %chromium-system-icu.patch is: 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59 Thanks for letting me know! I'll send an updated patch later, with some other minor improvements.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 28 Feb 2018 18:11:02 GMT) Full text and rfc822 format available.Message #167 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Wed, 28 Feb 2018 19:09:25 +0100
[Message part 1 (text/plain, inline)]
On Wed, 28 Feb 2018 18:38:56 +0100 Marius Bakke <mbakke <at> fastmail.com> wrote: > Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> writes: > > One patch has a hash-mismatch: > > > > Starting download > > of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch > > From > > https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2... > > icu.patch 2KiB 1.8MiB/s 00:00 > > [####################] 100.0% output path > > `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' > > should have sha256 hash > > `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has > > `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' @ [..] > > Whoops, indeed. I had an older patch in my store and apparently > forgot to update the hash. > > The correct hash for %chromium-system-icu.patch is: > > 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59 > > Thanks for letting me know! I'll send an updated patch later, with > some other minor improvements. With that confirmation, I could build the source derivation. Thanks. Björn
[Message part 2 (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 17:31:01 GMT) Full text and rfc822 format available.Message #170 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 17:30:44 +0000
Marius Bakke transcribed 4.8K bytes: > Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> writes: > > > Hi Marius, > > > > On Mon, 26 Feb 2018 21:06:57 +0100 > > Marius Bakke <mbakke <at> fastmail.com> wrote: > > > >> ng0 <ng0 <at> n0.is> writes: > >> > >> > Marius Bakke transcribed 2.1K bytes: > >> >> Mike Gerwitz <mtg <at> gnu.org> writes: > >> >> > >> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote: > >> >> >> If there are no objections, expect to see this in 'master' in > >> >> >> 1-2 weeks. > >> >> > > >> >> > I want to express gratitude for your hard work on this---given > >> >> > that IceCat does not contain many of the FF devtool updates, > >> >> > Chromium is very desirable for web development. It's also > >> >> > needed for certain Node.js tools, like node-inspector. > >> >> > > >> >> > So, thank you! > >> >> > >> >> Thank *you* for the kind words! :-) > >> >> > >> >> Here is the latest iteration of this patch. New in this version: > >> >> > >> >> * Chromium 64 (duh). > >> >> * The 'delete-bundled-software' phase has been moved to a snippet, > >> >> shaving ~100MiB (~22%) off the compressed tarball size (and > >> >> drastically reduces (de)compression time). > >> >> * The New Tab page does not show any thumbnails for new profiles. > >> > > >> > I think you forgot to attach the patches :) > >> > >> Derp. I realized that and just used `git send-email`[0], but have > >> attached it here for convenience since the debbugs web UI doesn't > >> allow easy download of a raw message. > >> > >> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131 > >> > > > > > > This looks like a lot of work. Thank you! > > > > I quickly tried to apply and build the patch and have two first remarks: > > > > The file says: > > > > ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com> > > > > I haven't followed history, have you worked on this since 2016? > > Yeah, I started this shortly after going full-GuixSD in October 2016. > But I didn't submit it until now because I didn't think it met Guix's > standards (and still think it's questionable due to privacy concerns). > > > One patch has a hash-mismatch: > > > > Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch > > From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2... > > icu.patch 2KiB 1.8MiB/s 00:00 [####################] 100.0% > > output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > > @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' > > cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built > > @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2 > > cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built > > guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed > > > > I looked into the file and it looks reasonable, like a patch-file. It has no download errors. > > > > It starts like this: > > > > description: backwards compatibility for older versions of icu > > author: Michael Gilbert <mgilbert <at> debian.org> > > > > --- a/v8/src/runtime/runtime-intl.cc > > +++ b/v8/src/runtime/runtime-intl.cc > > @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele > > > > ... > > > > Can you check this file again? > > Whoops, indeed. I had an older patch in my store and apparently forgot > to update the hash. > > The correct hash for %chromium-system-icu.patch is: > > 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59 > > Thanks for letting me know! I'll send an updated patch later, with some > other minor improvements. I think we found it to be good enough to be included in master, or did I miss anything? Would be nice if I could drop my local patch (and building). The team around Taler seems to be interested in it as well as far as I can remember our chats in Leipzig. -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 17:46:02 GMT) Full text and rfc822 format available.Message #173 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 18:45:04 +0100
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > I think we found it to be good enough to be included in master, or did I miss anything? > > Would be nice if I could drop my local patch (and building). The team around Taler seems > to be interested in it as well as far as I can remember our chats in Leipzig. Reading up on GNU Taler, Chromium seems like a poor choice for an anonymous payment system. Why not GNU IceCat? I don't see Chromium becoming stable enough for guaranteed privacy any time soon. And a full fork would require a large maintenance team. Unfortunately I got busy after the latest update, and haven't had time to work on 65 yet. I will send an update once I get around to it, and also try some other Inox patches and see if they help with the "first launch" issue -- hopefully within a week or two.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 17:53:02 GMT) Full text and rfc822 format available.Message #176 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>, 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 17:52:25 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 1.4K bytes: > ng0 <ng0 <at> n0.is> writes: > > > I think we found it to be good enough to be included in master, or did I miss anything? > > > > Would be nice if I could drop my local patch (and building). The team around Taler seems > > to be interested in it as well as far as I can remember our chats in Leipzig. > > Reading up on GNU Taler, Chromium seems like a poor choice for an > anonymous payment system. Why not GNU IceCat? I don't see Chromium > becoming stable enough for guaranteed privacy any time soon. And a full > fork would require a large maintenance team. Why: Ask Taler directly, I'm not involved with them. And on for what: It is just for the Browser extension. No one is forking Chromium again. > Unfortunately I got busy after the latest update, and haven't had time > to work on 65 yet. I will send an update once I get around to it, and > also try some other Inox patches and see if they help with the "first > launch" issue -- hopefully within a week or two. Cool, thanks! And thanks for your continued work on this. I'll definitely try to help out once it is in master. -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 19:03:02 GMT) Full text and rfc822 format available.Message #179 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> To: guix-patches <at> gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 16:01:50 -0300
> Reading up on GNU Taler, Chromium seems like a poor choice for an > anonymous payment system. Why not GNU IceCat? I don't see Chromium > becoming stable enough for guaranteed privacy any time soon. And a full > fork would require a large maintenance team. +1 (I agree with you). -- - https://libreplanet.org/wiki/User:Adfeno - Palestrante e consultor sobre /software/ livre (não confundir com gratis). - "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar instantaneamente comigo no endereço abaixo. - Contato: https://libreplanet.org/wiki/User:Adfeno#vCard - Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft Office, MP3, MP4, WMA, WMV. - Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF (apenas sem DRM), PNG, TXT, WEBM.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 19:35:02 GMT) Full text and rfc822 format available.Message #182 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 19:34:22 +0000
Adonay Felipe Nogueira transcribed 890 bytes: > > Reading up on GNU Taler, Chromium seems like a poor choice for an > > anonymous payment system. Why not GNU IceCat? I don't see Chromium > > becoming stable enough for guaranteed privacy any time soon. And a full > > fork would require a large maintenance team. > > +1 (I agree with you). Read the follow-up emails I've sent. Also, 1 line emails which basically say "+1" are not really good, even more so when it goes offtopic (this is about getting Chrmium into Guix!). As we are already offtopic: Want Cross-Browser support so that the Browser *extension* (Taler is not *a* Browser) runs in legacy old cruft Icecat base and newer Firefox (which shares extension format with Chrome? Good, there's something to work on in Taler if you want it. Again, I am not a Taler developer, reach out to them. -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 16 Mar 2018 21:21:02 GMT) Full text and rfc822 format available.Message #185 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> To: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Fri, 16 Mar 2018 18:20:29 -0300
> Guix!). As we are already offtopic: Want Cross-Browser support > so that the Browser *extension* (Taler is not *a* Browser) runs > in legacy old cruft Icecat base and newer Firefox (which shares > extension format with Chrome? > Good, there's something to work on in Taler if you want it. > > Again, I am not a Taler developer, reach out to them. Indeed, sorry for the bother, I tought I was replying to Taler. I guess I'm somewhat asleep today.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 13 Apr 2018 19:12:01 GMT) Full text and rfc822 format available.Message #188 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: 28004 <at> debbugs.gnu.org Subject: Chromium 65 Date: Fri, 13 Apr 2018 21:10:48 +0200
[Message part 1 (text/plain, inline)]
Hello! Attached is a patch for Chromium 65. New in this version: * Deleting third party files is now done with a single traversal of the file system, instead of the "shotgun" approach used previously. I also added a second pass to scrub bundled JARs and tarballs, that will be incorporated in the "nftw" snippet eventually. * It's using Clang instead of GCC since the latter is no longer supported upstream (as in part of their continuous integration). GCC5 in particular is completely broken with this release. Debian and NixOS are apparently able to build it with GCC 6 and 7 respectively, but Arch and Gentoo changed to Clang with 65. Unfortunately GCC6 and later has other problems in Guix: <https://bugs.gnu.org/30756>. * Various tweaks to build options after reading the "GN" flags more closely. In particular, more debugging symbols have been removed. I haven't done anything on the privacy side since this update was difficult enough as-is. You'll notice a few hacks around Clang and libstdc++, and also that currently only x86_64 is supported due to unconditionally adding the x86_64 triplet to CPLUS_INCLUDE_PATH. Hopefully future updates will be easier. Any feedback on the Clang/libstdc++ issues mentioned in the patch are very welcome.
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 17 Apr 2018 19:11:01 GMT) Full text and rfc822 format available.Message #191 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Oleg Pykhalov <go.wigust <at> gmail.com> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 65 Date: Tue, 17 Apr 2018 22:10:10 +0300
[Message part 1 (text/plain, inline)]
Hello Marius, First of all, thank you for working on this! Marius Bakke <mbakke <at> fastmail.com> writes: > Attached is a patch for Chromium 65. I've built it successfully. Thank you for such a hard work! I build ‘chromium’ from my first day of using GuixSD (about one year). Because of I cannot build it constantly, I always use out of date ‘chromium’ closure. It's more worse for privacy and security than unchecked new ‘chromium’ version in my case (I guess). Could we have it pushed to ‘origin/master’ for people like me? :-) Thanks, Oleg.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 17:06:02 GMT) Full text and rfc822 format available.Message #194 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Christopher Lemmer Webber <cwebber <at> dustycloud.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 65 Date: Tue, 24 Apr 2018 12:05:39 -0500
Hello! I'd like to speak up in favor of getting Chromium merged into Guix master. As a web developer, sometimes I have to test things against multiple browsers. Having Chromium in GuixSD would help me out a lot. It looks like a mountain of hard work has been put into this. Could we get it merged rather than have that work languish?
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 18:10:02 GMT) Full text and rfc822 format available.Message #197 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Christopher Lemmer Webber <cwebber <at> dustycloud.org> Cc: 28004 <at> debbugs.gnu.org Subject: Chromium 66 + status update Date: Tue, 24 Apr 2018 20:08:51 +0200
[Message part 1 (text/plain, inline)]
Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes: > Hello! I'd like to speak up in favor of getting Chromium merged into > Guix master. As a web developer, sometimes I have to test things > against multiple browsers. Having Chromium in GuixSD would help me out > a lot. > > It looks like a mountain of hard work has been put into this. Could we > get it merged rather than have that work languish? Hello! I use this browser a lot, so it's hardly languishing. There was a recent discussion[0] about the Pale Moon browser, where it was pointed out that the FSDG[1] requires that any third-party repositories must be committed to only free software. [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules Unfortunately there are UI links to the Chrome "Web Store" still. It's not possible to install from it without setting the CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is sufficient. It's unfortunate if an unsuspecting user stumbles into the Web Store and tries to install something (free or not) and only then finds out that it does not work. The other remaining issue is that some data is sent to Google whenever you start the browser for the first time. I don't think that's a blocker, but it's certainly something we should aim to fix. Attached are updates for 66. The first is an interdiff from the previous 65 patch; the other is the full "squashed" patch for convenience. New in this version: * The snippet will now error if a preserved directory is not present. * Chromium again requires a git revision of libvpx. * The "safe browsing" feature requires the nonfree "unrar" program(!!), as such it has been compiled out. Luckily "Inox" already had a patch to make the thing actually build with that flag disabled. * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
[0001-Chromium-66-update.patch (text/x-patch, inline)]
From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke <at> fastmail.com>
Date: Tue, 17 Apr 2018 03:54:56 +0200
Subject: [PATCH] Chromium 66 update.
---
gnu/local.mk | 1 -
gnu/packages/chromium.scm | 173 ++++++++++++------
.../patches/chromium-glibc-compat.patch | 38 ----
3 files changed, 115 insertions(+), 97 deletions(-)
delete mode 100644 gnu/packages/patches/chromium-glibc-compat.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index fdb15a074..0bc3220f8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -592,7 +592,6 @@ dist_patch_DATA = \
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
%D%/packages/patches/chmlib-inttypes.patch \
- %D%/packages/patches/chromium-glibc-compat.patch \
%D%/packages/patches/chromium-remove-default-history.patch \
%D%/packages/patches/clang-3.5-libc-search-path.patch \
%D%/packages/patches/clang-3.8-libc-search-path.patch \
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index cecbab7a1..a6f9fec0f 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -122,63 +122,89 @@
(sha256 (base32 hash))
(file-name (chromium-patch-file-name pathspec))))
-;; Fix an assignment bug when using Clang and libstdc++.
-(define %chromium-clang-assignment.patch
- (gentoo-patch "chromium-clang-r3.patch"
- "804a0d7244a06736d01c353b45c20daf324f0722"
- "1d10il3mjzyzwgqi8iifw3aw9jnbqfrzz8v1x7cmvqpwjkykwk2a"))
-
-;; Add missing stdint include.
-(define %chromium-add-missing-stdint.patch
- (gentoo-patch "chromium-stdint.patch"
- "804a0d7244a06736d01c353b45c20daf324f0722"
- "03r16zqi0hm3i00b9bwq2bdn2sp731rllizcxfl3i2q7y432a3f0"))
+(define %debian-revision "debian/66.0.3359.26-1")
+(define %gentoo-revision "599be358f257098e7ba29196f6fce498b0a8d208")
+(define %inox-revision "365a106e298e04b4a7063559b7a0ee16888b928f")
+;; Use system NSPR.
(define %chromium-system-nspr.patch
(debian-patch "system/nspr.patch"
- "debian/65.0.3325.146-4"
- "1ggdrlz94d75ni21rx6ivvajjwhx7zwnl3s5aapysqn9kls4qsr2"))
+ %debian-revision
+ "0x54c8zhwjldlnx4754aaq0xyb24spqia3fgn94kcf686wp61srz"))
+;; And system libevent.
(define %chromium-system-libevent.patch
(debian-patch "system/event.patch"
- "debian/65.0.3325.146-4"
- "1k3zc59vpwc8rzbknxryjzzy99jk666whdablzcvxnyzaqk38kfx"))
+ %debian-revision
+ "18ka0zmfd6g5yxhknh6x94bfm643v1kgczzag5sfndizsaaxrlpc"))
-(define %chromium-system-icu.patch
- (debian-patch "system/icu.patch"
- "debian/65.0.3325.146-4"
- "19wclidx1kyjbi3b3hnmkjs0h34d67p4dp6a48vbjbx9rxmfdk3b"))
+;; Avoid dependency on Chromiums embedded libc++ library for GN.
+(define %chromium-gn-libcxx.patch
+ (debian-patch "gn/libcxx.patch"
+ %debian-revision
+ "14rx16abxv0pz4qyp194cy999z3390hxi80rdbjs3v2lwscx36cl"))
;; Don't show a warning about missing API keys.
(define %chromium-disable-api-keys-warning.patch
(debian-patch "disable/google-api-warning.patch"
- "debian/65.0.3325.146-4"
- "1g5yk51bl7svrqx8wjxsgpz545mnymnpi3bsa62kwdm4qd8bx10x"))
+ %debian-revision
+ "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
-;; Add DuckDuckGo and set it as the default search engine.
-(define %chromium-duckduckgo.patch
- (inox-patch "0011-add-duckduckgo-search-engine.patch"
- "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
- "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+;; Some files were missing in the Chromium 66 release tarball.
+;; See <https://crbug.com/832283>.
+(define %chromium-add-blink-tools.patch
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
+ "/chromium-browser/bionic-stable/download/head:"
+ "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
+ "/add-missing-blink-tools.patch"))
+ (sha256
+ (base32
+ "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
-;; Don't start a "Login Wizard" at first launch.
-(define %chromium-first-run.patch
- (inox-patch "0018-disable-first-run-behaviour.patch"
- "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
- "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+;; Fix an assignment bug when using Clang and libstdc++.
+(define %chromium-clang-assignment.patch
+ (gentoo-patch "chromium-clang-r4.patch"
+ %gentoo-revision
+ "0ip3pzk9is6n7icpml33ryysiq4cfrx8jlr0jkjgdg6mvl8pli3i"))
+
+;; Fix error detecting system ffmpeg.
+(define %chromium-ffmpeg.patch
+ (gentoo-patch "chromium-ffmpeg-r1.patch"
+ %gentoo-revision
+ "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a"))
+
+;; Fix build failure when built with "safe_browsing_mode=0".
+(define %chromium-build-without-safebrowsing.patch
+ (inox-patch "0001-fix-building-without-safebrowsing.patch"
+ %inox-revision
+ "0r1as6vmc6bbc7i54cxbmbm6rrwj33a12hfz6rzj0yxyqnnps00f"))
;; Use privacy-preserving defaults.
(define %chromium-default-preferences.patch
(inox-patch "0006-modify-default-prefs.patch"
- "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
- "0zyshpl1hjssqrfhdfbgxdib4smdszjgf0ac98l978hrn9gwwk03"))
+ %inox-revision
+ "1ncjij9sib7fliafpv37j1zf8zz5hvyxqad669vvadg7vvwr9rza"))
;; Recent versions of Chromium may load a remote search engine on the
;; New Tab Page, causing unnecessary and involuntary network traffic.
(define %chromium-restore-classic-ntp.patch
(inox-patch "0008-restore-classic-ntp.patch"
- "0c55cc9a81634244ad13fbbd6b5c5098b9132162"
- "1h698cbp97g8lgmndfy6kswgwfvss7c3k609xgvyxbfldkzy7pd5"))
+ %inox-revision
+ "1jl978qas2ry9lnq6x42xl4qa6arxxj9a37k9j2wclz2pin8cmzn"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+ (inox-patch "0011-add-duckduckgo-search-engine.patch"
+ %inox-revision
+ "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+ (inox-patch "0018-disable-first-run-behaviour.patch"
+ %inox-revision
+ "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
(define opus+custom
(package (inherit opus)
@@ -194,6 +220,17 @@
(define libvpx+experimental
(package (inherit libvpx)
+ ;; XXX: Chromium 66 relies on unreleased libvpx features.
+ ;; The commit below is the tip of the "m66-3359" branch
+ ;; as of 2018-04-19.
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://chromium.googlesource.com/webm/libvpx")
+ (commit "e9fff8a9dbcd03fbf3e5b7caaa9dc2631a79882a")))
+ (sha256
+ (base32
+ "1b1d89dlbr8ydakvp82cg6xnlnkz5hj7679f4pgxwlgd6x46f4g2"))))
(name "libvpx+experimental")
(arguments
(substitute-keyword-arguments (package-arguments libvpx)
@@ -305,7 +342,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
(define-public chromium
(package
(name "chromium")
- (version "65.0.3325.181")
+ (version "66.0.3359.117")
(synopsis "Graphical web browser")
(source (origin
(method url-fetch)
@@ -314,19 +351,22 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
version ".tar.xz"))
(sha256
(base32
- "11w6wg862ixbgm7dpqag2lmbjknv83zlr9imd8zchvmrqr468rlk"))
- (patches (list %chromium-duckduckgo.patch
- %chromium-default-preferences.patch
- %chromium-first-run.patch
- %chromium-restore-classic-ntp.patch
-
- %chromium-clang-assignment.patch
- %chromium-add-missing-stdint.patch
- %chromium-system-icu.patch
+ "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
+ (patches (list %chromium-gn-libcxx.patch
+ %chromium-disable-api-keys-warning.patch
%chromium-system-nspr.patch
%chromium-system-libevent.patch
- %chromium-disable-api-keys-warning.patch
- (search-patch "chromium-glibc-compat.patch")
+
+ %chromium-add-blink-tools.patch
+
+ %chromium-clang-assignment.patch
+ %chromium-ffmpeg.patch
+
+ %chromium-build-without-safebrowsing.patch
+ %chromium-default-preferences.patch
+ %chromium-restore-classic-ntp.patch
+ %chromium-duckduckgo.patch
+ %chromium-first-run.patch
(search-patch "chromium-remove-default-history.patch")))
(modules '((srfi srfi-1)
(srfi srfi-26)
@@ -351,7 +391,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"base/third_party/symbolize" ;glog
"base/third_party/xdg_mime"
"base/third_party/xdg_user_dirs"
- "buildtools/third_party/libc++"
"chrome/third_party/mozilla_security_manager"
"courgette/third_party"
"net/third_party/mozilla_security_manager"
@@ -367,6 +406,10 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"third_party/angle/src/third_party/compiler"
"third_party/angle/src/third_party/libXNVCtrl"
"third_party/angle/src/third_party/trace_event"
+ "third_party/angle/third_party/glslang"
+ "third_party/angle/third_party/spirv-headers"
+ "third_party/angle/third_party/spirv-tools"
+ "third_party/angle/third_party/vulkan-validation-layers"
"third_party/blink"
"third_party/boringssl"
"third_party/boringssl/src/third_party/fiat"
@@ -406,6 +449,8 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"third_party/leveldatabase"
"third_party/libXNVCtrl"
"third_party/libaddressinput"
+ "third_party/libaom"
+ "third_party/libaom/source/libaom/third_party/x86inc/x86inc.asm"
"third_party/libjingle_xmpp"
"third_party/libphonenumber"
"third_party/libsecret" ;FIXME: needs pkg-config support.
@@ -420,7 +465,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"third_party/mesa"
"third_party/metrics_proto"
"third_party/modp_b64"
- "third_party/mt19937ar"
"third_party/node"
(string-append "third_party/node/node_modules/"
"polymer-bundler/lib/third_party/UglifyJS2")
@@ -430,7 +474,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"third_party/pdfium"
"third_party/pdfium/third_party"
(string-append "third_party/pdfium/third_party/freetype"
- "/include/psnames/pstables.h")
+ "/include/pstables.h")
"third_party/ply"
"third_party/polymer"
"third_party/protobuf"
@@ -442,16 +486,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"third_party/skia/third_party/gif"
"third_party/smhasher"
"third_party/speech-dispatcher"
- "third_party/spirv-headers"
- "third_party/spirv-tools-angle"
"third_party/sqlite"
"third_party/swiftshader"
"third_party/swiftshader/third_party"
"third_party/s2cellid"
"third_party/usb_ids"
"third_party/usrsctp"
- "third_party/vulkan"
- "third_party/vulkan-validation-layers"
"third_party/WebKit"
"third_party/web-animations-js"
"third_party/webrtc"
@@ -475,6 +515,10 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
#t
#f))
+ (define (useless? file)
+ (any (cute string-suffix? <> file)
+ '(".tar.gz" ".zip" ".exe" ".jar")))
+
(define (parents child)
"Return a list of paths up to and including the closest third_party"
(let ((lst (reverse (string-split child #\/))))
@@ -492,11 +536,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
(let ((protected (make-regexp "\\.(gn|gyp)i?$")))
(match flag
((or 'regular 'symlink 'stale-symlink)
- (when (third_party? child)
+ (when (or (third_party? child) (useless? child))
(unless (or (member child preserved-club)
(any (cute member <> preserved-club)
(parents child))
(regexp-exec protected child))
+ (format (current-error-port) "deleting ~s~%" child)
(delete-file child)))
#t)
('directory-processed
@@ -507,9 +552,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
(nftw "." delete-unwanted 'depth 'physical)
- ;; Do a second pass to get rid of various binary archives.
- (for-each delete-file
- (find-files "." "\\.(zip|jar|tar.gz|exe)$"))
+ ;; Assert that each listed item is present to catch removals.
+ (for-each (lambda (third-party)
+ (unless (file-exists? third-party)
+ (error (format #f "~s does not exist!" third-party))))
+ preserved-club)
;; Replace "GN" files from third_party with shims for
;; building against system libraries. Keep this list in
@@ -635,7 +682,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
"override_build_date=\"01 01 2000 05:00:00\""
"use_unofficial_version_number=false"
+ ;; Disable "safe browsing", which pulls in a dependency
+ ;; on the nonfree "unrar" program.
+ "safe_browsing_mode=0"
+
;; GCC is poorly supported, so we use Clang for now.
+ ;;"is_clang=false"
(string-append "clang_base_path=\"" clang-toolchain "\"")
"clang_use_chrome_plugins=false"
@@ -716,6 +768,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
(string-append (getenv "CPLUS_INCLUDE_PATH")
":" clang-toolchain
"/include/x86_64-unknown-linux-gnu"))
+ ;; XXX: For some reason this is needed also for C code (libaom).
+ (setenv "C_INCLUDE_PATH"
+ (string-append (getenv "C_INCLUDE_PATH")
+ ":" clang-toolchain
+ "/include/x86_64-unknown-linux-gnu"))
;; TODO: pre-compile instead. Avoids a race condition.
(setenv "PYTHONDONTWRITEBYTECODE" "1")
diff --git a/gnu/packages/patches/chromium-glibc-compat.patch b/gnu/packages/patches/chromium-glibc-compat.patch
deleted file mode 100644
index 720adbeef..000000000
--- a/gnu/packages/patches/chromium-glibc-compat.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Raphael Kubo da Costa <raphael.kubo.da.costa <at> intel.com>
----
-From 9f63f94a11abc34d40ede8b8712fa15b5844a8c0 Mon Sep 17 00:00:00 2001
-From: Tom Anderson <thomasanderson <at> chromium.org>
-Date: Sat, 27 Jan 2018 20:03:37 +0000
-Subject: [PATCH] Fix build with glibc 2.27
-
-BUG=806340
-TBR=hamelphi <at> chromium.org
-
-Change-Id: Ib4e5091212d874d9ad88f3e9a1fdfee3ed7e0d5e
-Reviewed-on: https://chromium-review.googlesource.com/890059
-Reviewed-by: Thomas Anderson <thomasanderson <at> chromium.org>
-Reviewed-by: Philippe Hamel <hamelphi <at> chromium.org>
-Commit-Queue: Thomas Anderson <thomasanderson <at> chromium.org>
-Cr-Commit-Position: refs/heads/master@{#532249}
----
- components/assist_ranker/ranker_example_util.cc | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/components/assist_ranker/ranker_example_util.cc b/components/assist_ranker/ranker_example_util.cc
-index 54d4dbd58f7d..ceedd8f9b18d 100644
---- a/components/assist_ranker/ranker_example_util.cc
-+++ b/components/assist_ranker/ranker_example_util.cc
-@@ -2,6 +2,8 @@
- // Use of this source code is governed by a BSD-style license that can be
- // found in the LICENSE file.
-
-+#include <math.h>
-+
- #include "components/assist_ranker/ranker_example_util.h"
- #include "base/bit_cast.h"
- #include "base/format_macros.h"
---
-2.14.3
-
--
2.17.0
[Message part 3 (text/plain, inline)]
...and the full thing:
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 18:46:01 GMT) Full text and rfc822 format available.Message #200 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Christopher Lemmer Webber <cwebber <at> dustycloud.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Tue, 24 Apr 2018 20:45:06 +0200
Marius! On 2018-04-24 20:08, Marius Bakke wrote: > The other remaining issue is that some data is sent to Google whenever > you start the browser for the first time. Sounds great! What data, exactly? > I don't think that's a blocker I hope it is. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 18:47:02 GMT) Full text and rfc822 format available.Message #203 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Tue, 24 Apr 2018 20:46:22 +0200
Marius! On 2018-04-24 20:08, Marius Bakke wrote: > The other remaining issue is that some data is sent to Google whenever > you start the browser for the first time. Sounds great! What data, exactly? > I don't think that's a blocker I hope it is. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 18:49:01 GMT) Full text and rfc822 format available.Message #206 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: Christopher Lemmer Webber <cwebber <at> dustycloud.org> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#28004] Chromium 66 + status update Date: Tue, 24 Apr 2018 20:48:38 +0200
Erm On 2018-04-24 20:45, Christopher Lemmer Webber wrote: > some nonsense My apologies: of course Chris did no such thing. I really need to get rid of Roundcube, that's what. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 24 Apr 2018 19:31:01 GMT) Full text and rfc822 format available.Message #209 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Tobias Geerinckx-Rice <me <at> tobias.gr> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Tue, 24 Apr 2018 21:30:23 +0200
[Message part 1 (text/plain, inline)]
Tobias Geerinckx-Rice <me <at> tobias.gr> writes: > Marius! > > On 2018-04-24 20:08, Marius Bakke wrote: >> The other remaining issue is that some data is sent to Google whenever >> you start the browser for the first time. > > Sounds great! What data, exactly? I haven't MITM'd it to check, unfortunately. Help wanted! The reason I don't think it's a blocking issue, is because Chromium is a massive project and I cannot guarantee that it will never "call home". So while I am intent on fixing the issue, especially since it's easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many "call home" scenarios/antifeatures. And if you enable extensions or log in all bets are off. Even Inox, which goes great lengths to de-google it, admits that they can't guarantee privacy. Other scenarios include checking for IPv6 availability, testing for captive portal, etc. And I think it even falls back to Google DNS if the system resolver is unresponsive. :-(
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 25 Apr 2018 17:01:02 GMT) Full text and rfc822 format available.Message #212 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#28004] Chromium 66 + status update Date: Wed, 25 Apr 2018 13:00:06 -0400
[Message part 1 (text/plain, inline)]
On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote: > The reason I don't think it's a blocking issue, is because Chromium is > a massive project and I cannot guarantee that it will never "call > home". So while I am intent on fixing the issue, especially since it's > easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many > "call home" scenarios/antifeatures. And if you enable extensions or log > in all bets are off. Even Inox, which goes great lengths to de-google > it, admits that they can't guarantee privacy. I agree with Marius here. > Other scenarios include checking for IPv6 availability, testing for > captive portal, etc. And I think it even falls back to Google DNS if > the system resolver is unresponsive. :-( I think that handling captive portals and falling back to Google DNS (or any fallback DNS) are *great* features that address common problems that most internet users can not work around on their own. I don't believe these features are forbidden by the FSDG: https://www.gnu.org/distros/free-system-distribution-guidelines.en.html Finally, there are several packages that automatically send data out, even in Guix. This is not a reason to exclude the software from Guix, in my opinion.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 25 Apr 2018 17:03:01 GMT) Full text and rfc822 format available.Message #215 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#28004] Chromium 66 + status update Date: Wed, 25 Apr 2018 13:02:29 -0400
[Message part 1 (text/plain, inline)]
On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote: > The reason I don't think it's a blocking issue, is because Chromium is > a massive project and I cannot guarantee that it will never "call > home". So while I am intent on fixing the issue, especially since it's > easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many > "call home" scenarios/antifeatures. And if you enable extensions or log > in all bets are off. Even Inox, which goes great lengths to de-google > it, admits that they can't guarantee privacy. I'd also like to point out that we cannot and should not try to guarantee privacy. Privacy from whom? For whom? Of course we want to offer a system that is reasonably private, but if we use words like "guarantee", we are setting an impossible and undefined goal for ourselves.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 03 May 2018 17:49:02 GMT) Full text and rfc822 format available.Message #218 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Nils Gillmann <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Christopher Lemmer Webber <cwebber <at> dustycloud.org>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Thu, 3 May 2018 17:49:03 +0000
Marius Bakke transcribed 69K bytes: > Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes: > > > Hello! I'd like to speak up in favor of getting Chromium merged into > > Guix master. As a web developer, sometimes I have to test things > > against multiple browsers. Having Chromium in GuixSD would help me out > > a lot. > > > > It looks like a mountain of hard work has been put into this. Could we > > get it merged rather than have that work languish? > > Hello! > > I use this browser a lot, so it's hardly languishing. > > There was a recent discussion[0] about the Pale Moon browser, where it > was pointed out that the FSDG[1] requires that any third-party > repositories must be committed to only free software. > > [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html > [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules > > Unfortunately there are UI links to the Chrome "Web Store" still. It's > not possible to install from it without setting the > CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is > sufficient. It's unfortunate if an unsuspecting user stumbles into the > Web Store and tries to install something (free or not) and only then > finds out that it does not work. > > The other remaining issue is that some data is sent to Google whenever > you start the browser for the first time. I don't think that's a > blocker, but it's certainly something we should aim to fix. > > Attached are updates for 66. The first is an interdiff from the > previous 65 patch; the other is the full "squashed" patch for > convenience. > > New in this version: > > * The snippet will now error if a preserved directory is not present. > * Chromium again requires a git revision of libvpx. > * The "safe browsing" feature requires the nonfree "unrar" program(!!), > as such it has been compiled out. Luckily "Inox" already had a patch > to make the thing actually build with that flag disabled. > * Cosmetic rearrangement of patches to follow Debian and Inox patch order. > > From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001 > From: Marius Bakke <mbakke <at> fastmail.com> > Date: Tue, 17 Apr 2018 03:54:56 +0200 > Subject: [PATCH] Chromium 66 update. > Good progress :) However, I'm a friend of bundling patches. Patches you have in a known location don't run away, like "addmissingblinktools": Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch... download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found" Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch' cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 03 May 2018 17:59:01 GMT) Full text and rfc822 format available.Message #221 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Nils Gillmann <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Thu, 3 May 2018 17:58:45 +0000
Nils Gillmann transcribed 4.4K bytes: > Marius Bakke transcribed 69K bytes: > > Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes: > > > > > Hello! I'd like to speak up in favor of getting Chromium merged into > > > Guix master. As a web developer, sometimes I have to test things > > > against multiple browsers. Having Chromium in GuixSD would help me out > > > a lot. > > > > > > It looks like a mountain of hard work has been put into this. Could we > > > get it merged rather than have that work languish? > > > > Hello! > > > > I use this browser a lot, so it's hardly languishing. > > > > There was a recent discussion[0] about the Pale Moon browser, where it > > was pointed out that the FSDG[1] requires that any third-party > > repositories must be committed to only free software. > > > > [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html > > [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules > > > > Unfortunately there are UI links to the Chrome "Web Store" still. It's > > not possible to install from it without setting the > > CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is > > sufficient. It's unfortunate if an unsuspecting user stumbles into the > > Web Store and tries to install something (free or not) and only then > > finds out that it does not work. > > > > The other remaining issue is that some data is sent to Google whenever > > you start the browser for the first time. I don't think that's a > > blocker, but it's certainly something we should aim to fix. > > > > Attached are updates for 66. The first is an interdiff from the > > previous 65 patch; the other is the full "squashed" patch for > > convenience. > > > > New in this version: > > > > * The snippet will now error if a preserved directory is not present. > > * Chromium again requires a git revision of libvpx. > > * The "safe browsing" feature requires the nonfree "unrar" program(!!), > > as such it has been compiled out. Luckily "Inox" already had a patch > > to make the thing actually build with that flag disabled. > > * Cosmetic rearrangement of patches to follow Debian and Inox patch order. > > > > > From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001 > > From: Marius Bakke <mbakke <at> fastmail.com> > > Date: Tue, 17 Apr 2018 03:54:56 +0200 > > Subject: [PATCH] Chromium 66 update. > > > > Good progress :) > > However, I'm a friend of bundling patches. Patches you have in a known location > don't run away, like "addmissingblinktools": > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch... > download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found" > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... > download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... > download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" > failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" > builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch' > cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built > cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built > guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed > > > Is this the patch you included? https://bazaar.launchpad.net/~chromium-team/chromium-browser/artful-beta/view/head:/debian/patches/add-missing-blink-tools.patch guix hash is 1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s and matches the one the package definition expected.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 04 May 2018 12:11:02 GMT) Full text and rfc822 format available.Message #224 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Nils Gillmann <ng0 <at> n0.is> Cc: Christopher Lemmer Webber <cwebber <at> dustycloud.org>, 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium 66 + status update Date: Fri, 04 May 2018 14:10:35 +0200
[Message part 1 (text/plain, inline)]
Nils Gillmann <ng0 <at> n0.is> writes: > Marius Bakke transcribed 69K bytes: >> Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes: >> >> > Hello! I'd like to speak up in favor of getting Chromium merged into >> > Guix master. As a web developer, sometimes I have to test things >> > against multiple browsers. Having Chromium in GuixSD would help me out >> > a lot. >> > >> > It looks like a mountain of hard work has been put into this. Could we >> > get it merged rather than have that work languish? >> >> Hello! >> >> I use this browser a lot, so it's hardly languishing. >> >> There was a recent discussion[0] about the Pale Moon browser, where it >> was pointed out that the FSDG[1] requires that any third-party >> repositories must be committed to only free software. >> >> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html >> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules >> >> Unfortunately there are UI links to the Chrome "Web Store" still. It's >> not possible to install from it without setting the >> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is >> sufficient. It's unfortunate if an unsuspecting user stumbles into the >> Web Store and tries to install something (free or not) and only then >> finds out that it does not work. >> >> The other remaining issue is that some data is sent to Google whenever >> you start the browser for the first time. I don't think that's a >> blocker, but it's certainly something we should aim to fix. >> >> Attached are updates for 66. The first is an interdiff from the >> previous 65 patch; the other is the full "squashed" patch for >> convenience. >> >> New in this version: >> >> * The snippet will now error if a preserved directory is not present. >> * Chromium again requires a git revision of libvpx. >> * The "safe browsing" feature requires the nonfree "unrar" program(!!), >> as such it has been compiled out. Luckily "Inox" already had a patch >> to make the thing actually build with that flag disabled. >> * Cosmetic rearrangement of patches to follow Debian and Inox patch order. >> > >> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001 >> From: Marius Bakke <mbakke <at> fastmail.com> >> Date: Tue, 17 Apr 2018 03:54:56 +0200 >> Subject: [PATCH] Chromium 66 update. > > > > Good progress :) > > However, I'm a friend of bundling patches. Patches you have in a known location > don't run away, like "addmissingblinktools": > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch... > download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found" > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... > download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" > > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch > From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s... > download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found" > failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" > builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch' > cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built > cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built > guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed Whoops. I'm not used to constructing stable Bazaar URLs. However this patch is not needed for the latest tarball. Here's a diff to the 66 patch updating to the latest Chromium. I also removed some inputs and third party directories that were not needed.
[chromium.diff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 04 May 2018 13:03:02 GMT) Full text and rfc822 format available.Message #227 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Nils Gillmann <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: Christopher Lemmer Webber <cwebber <at> dustycloud.org>, 28004 <at> debbugs.gnu.org, Nils Gillmann <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium 66 + status update Date: Fri, 4 May 2018 13:02:20 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 13K bytes:
> Nils Gillmann <ng0 <at> n0.is> writes:
>
> > Marius Bakke transcribed 69K bytes:
> >> Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes:
> >>
> >> > Hello! I'd like to speak up in favor of getting Chromium merged into
> >> > Guix master. As a web developer, sometimes I have to test things
> >> > against multiple browsers. Having Chromium in GuixSD would help me out
> >> > a lot.
> >> >
> >> > It looks like a mountain of hard work has been put into this. Could we
> >> > get it merged rather than have that work languish?
> >>
> >> Hello!
> >>
> >> I use this browser a lot, so it's hardly languishing.
> >>
> >> There was a recent discussion[0] about the Pale Moon browser, where it
> >> was pointed out that the FSDG[1] requires that any third-party
> >> repositories must be committed to only free software.
> >>
> >> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> >> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> >>
> >> Unfortunately there are UI links to the Chrome "Web Store" still. It's
> >> not possible to install from it without setting the
> >> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> >> sufficient. It's unfortunate if an unsuspecting user stumbles into the
> >> Web Store and tries to install something (free or not) and only then
> >> finds out that it does not work.
> >>
> >> The other remaining issue is that some data is sent to Google whenever
> >> you start the browser for the first time. I don't think that's a
> >> blocker, but it's certainly something we should aim to fix.
> >>
> >> Attached are updates for 66. The first is an interdiff from the
> >> previous 65 patch; the other is the full "squashed" patch for
> >> convenience.
> >>
> >> New in this version:
> >>
> >> * The snippet will now error if a preserved directory is not present.
> >> * Chromium again requires a git revision of libvpx.
> >> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
> >> as such it has been compiled out. Luckily "Inox" already had a patch
> >> to make the thing actually build with that flag disabled.
> >> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> >>
> >
> >> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> >> From: Marius Bakke <mbakke <at> fastmail.com>
> >> Date: Tue, 17 Apr 2018 03:54:56 +0200
> >> Subject: [PATCH] Chromium 66 update.
> > >
> >
> > Good progress :)
> >
> > However, I'm a friend of bundling patches. Patches you have in a known location
> > don't run away, like "addmissingblinktools":
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> > download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> > download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> >
> > Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> > From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> > download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> > failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> > builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> > cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> > cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> > guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed
>
> Whoops. I'm not used to constructing stable Bazaar URLs.
>
> However this patch is not needed for the latest tarball.
>
> Here's a diff to the 66 patch updating to the latest Chromium. I also
> removed some inputs and third party directories that were not needed.
Nice, thanks.
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index a6f9fec0f..59c90f869 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -31,7 +31,6 @@
> #:use-module (gnu packages compression)
> #:use-module (gnu packages cups)
> #:use-module (gnu packages curl)
> - #:use-module (gnu packages databases)
> #:use-module (gnu packages fontutils)
> #:use-module (gnu packages gcc)
> #:use-module (gnu packages ghostscript)
> @@ -52,7 +51,6 @@
> #:use-module (gnu packages ninja)
> #:use-module (gnu packages node)
> #:use-module (gnu packages pciutils)
> - #:use-module (gnu packages photo)
> #:use-module (gnu packages pkg-config)
> #:use-module (gnu packages protobuf)
> #:use-module (gnu packages pulseaudio)
> @@ -63,7 +61,6 @@
> #:use-module (gnu packages speech)
> #:use-module (gnu packages tls)
> #:use-module (gnu packages valgrind)
> - #:use-module (gnu packages version-control)
> #:use-module (gnu packages video)
> #:use-module (gnu packages xiph)
> #:use-module (gnu packages xml)
> @@ -150,19 +147,6 @@
> %debian-revision
> "1qf2y7jmaya43k9rbsxjjpkp5manzmbkhjj5hvfyqcdylhy30swj"))
>
> -;; Some files were missing in the Chromium 66 release tarball.
> -;; See <https://crbug.com/832283>.
> -(define %chromium-add-blink-tools.patch
> - (origin
> - (method url-fetch)
> - (uri (string-append "https://bazaar.launchpad.net/~chromium-team"
> - "/chromium-browser/bionic-stable/download/head:"
> - "/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1"
> - "/add-missing-blink-tools.patch"))
> - (sha256
> - (base32
> - "1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"))))
> -
> ;; Fix an assignment bug when using Clang and libstdc++.
> (define %chromium-clang-assignment.patch
> (gentoo-patch "chromium-clang-r4.patch"
> @@ -342,7 +326,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> (define-public chromium
> (package
> (name "chromium")
> - (version "66.0.3359.117")
> + (version "66.0.3359.139")
> (synopsis "Graphical web browser")
> (source (origin
> (method url-fetch)
> @@ -351,14 +335,12 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> version ".tar.xz"))
> (sha256
> (base32
> - "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp"))
> + "1ck4wbi28702p1lfs4sz894ysbgm7fj79wrqj8srsy65z2ssaxdy"))
> (patches (list %chromium-gn-libcxx.patch
> %chromium-disable-api-keys-warning.patch
> %chromium-system-nspr.patch
> %chromium-system-libevent.patch
>
> - %chromium-add-blink-tools.patch
> -
> %chromium-clang-assignment.patch
> %chromium-ffmpeg.patch
>
> @@ -385,14 +367,13 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> "base/third_party/dmg_fp"
> "base/third_party/dynamic_annotations"
> "base/third_party/icu"
> - "base/third_party/libevent"
> - "base/third_party/nspr"
> "base/third_party/superfasthash"
> - "base/third_party/symbolize" ;glog
> + "base/third_party/symbolize"
> "base/third_party/xdg_mime"
> "base/third_party/xdg_user_dirs"
> "chrome/third_party/mozilla_security_manager"
> - "courgette/third_party"
> + "courgette/third_party/bsdiff"
> + "courgette/third_party/divsufsort"
> "net/third_party/mozilla_security_manager"
> "net/third_party/nss"
> "third_party/adobe/flash/flapper_version.h"
> @@ -439,7 +420,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> (string-append "third_party/google_input_tools/third_party"
> "/closure_library/third_party/closure")
> "third_party/googletest"
> - "third_party/harfbuzz-ng"
> "third_party/hunspell"
> "third_party/iccjpeg"
> "third_party/inspector_protocol"
> @@ -472,7 +452,11 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> "third_party/ots"
> ;; TODO: Build as extension.
> "third_party/pdfium"
> - "third_party/pdfium/third_party"
> + "third_party/pdfium/third_party/agg23"
> + "third_party/pdfium/third_party/base"
> + "third_party/pdfium/third_party/bigint"
> + "third_party/pdfium/third_party/libopenjpeg20"
> + "third_party/pdfium/third_party/skia_shared"
> (string-append "third_party/pdfium/third_party/freetype"
> "/include/pstables.h")
> "third_party/ply"
> @@ -488,7 +472,8 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> "third_party/speech-dispatcher"
> "third_party/sqlite"
> "third_party/swiftshader"
> - "third_party/swiftshader/third_party"
> + "third_party/swiftshader/third_party/llvm-subzero"
> + "third_party/swiftshader/third_party/subzero"
> "third_party/s2cellid"
> "third_party/usb_ids"
> "third_party/usrsctp"
> @@ -864,7 +849,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> (native-inputs
> `(("bison" ,bison)
> ("clang-toolchain" ,chromium-clang-toolchain)
> - ("git" ,git) ;last_commit_position.py
> ("gperf" ,gperf)
> ("ninja" ,ninja)
> ("node" ,node)
> @@ -889,7 +873,6 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> ("freetype" ,freetype)
> ("gdk-pixbuf" ,gdk-pixbuf)
> ("glib" ,glib)
> - ("gtk+-2" ,gtk+-2)
> ("gtk+" ,gtk+)
> ("harfbuzz" ,harfbuzz)
> ("icu4c" ,icu4c)
> @@ -899,6 +882,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> ("libffi" ,libffi)
> ("libjpeg-turbo" ,libjpeg-turbo)
> ("libpng" ,libpng)
> + ;;("libsecret" ,libsecret)
> ("libusb" ,libusb)
> ("libvpx" ,libvpx+experimental)
> ("libwebp" ,libwebp)
> @@ -931,7 +915,7 @@ includes Clang, the Guix ld wrapper, glibc, a C++ library, and Binutils.")
> ("re2" ,re2)
> ("snappy" ,snappy)
> ("speech-dispatcher" ,speech-dispatcher)
> - ("sqlite" ,sqlite)
> + ;;("sqlite" ,sqlite)
> ("udev" ,eudev)
> ("valgrind" ,valgrind)))
> (home-page "https://www.chromium.org/")
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 25 Jul 2018 08:08:02 GMT) Full text and rfc822 format available.Message #230 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Wed, 25 Jul 2018 08:08:00 +0000
Hi Marius, any chance you had the time to update to a more recent version release of Chromium? --ng0
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Aug 2018 13:05:02 GMT) Full text and rfc822 format available.Message #233 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 05 Aug 2018 15:04:19 +0200
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes: > Hi Marius, > > any chance you had the time to update to a more recent version release > of Chromium? Good news! Please find Chromium 68 attached. There are *a lot* of changes in this version. Some highlights: * It's using GCC 8 instead of Clang. * A bug in the source scrubber has been fixed, so .zip and .jar files are now purged even if the parent directory is preserved. Currently we're reducing the uncompressed size from 4.3 GiB to 2.1 GiB. * External patches are now in an easier to manage format. * Upstream have discontinued the libvpx "experiment"; but still require an unreleased version. * We're installing a "master_preferences" file, which allows us to easily add defaults for new profiles. * All the various knobs for the build system have been moved to #:configure-flags. This should make it easier to create custom Chromium variants based on this package (qtwebkit?). * The 'configure' phase will now print *all* supported flags for convenience (I usually did this manually every now and then). * I've started cherry-picking patches from Ungoogled-Chromium in the quest to reduce data transmission to Google. TODO: * There is still some data transmitted when starting the browser for the first time. It seems related to the "domain_reliability" component. * Remove remaining "Web Store" links. Currently I've only found it in settings, under "accessibility" and "fonts". * Opening settings transmits a bunch of data, the next version will include the 'disable-translation-lang-fetch' patch from Inox. * PDFium is built, but does not seem to work (the 'install' phase probably needs tweaking). Might just disable it instead. As always, feedback very welcome. Enjoy!
[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Aug 2018 16:18:01 GMT) Full text and rfc822 format available.Message #236 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 5 Aug 2018 16:18:02 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 47K bytes:
> ng0 <ng0 <at> n0.is> writes:
>
> > Hi Marius,
> >
> > any chance you had the time to update to a more recent version release
> > of Chromium?
>
> Good news! Please find Chromium 68 attached.
Cool :) I was halfway through updating chromium myself before
you've sent this.
> There are *a lot* of changes in this version. Some highlights:
>
> * It's using GCC 8 instead of Clang.
> * A bug in the source scrubber has been fixed, so .zip and .jar files
> are now purged even if the parent directory is preserved. Currently
> we're reducing the uncompressed size from 4.3 GiB to 2.1 GiB.
> * External patches are now in an easier to manage format.
> * Upstream have discontinued the libvpx "experiment"; but still
> require an unreleased version.
> * We're installing a "master_preferences" file, which allows us to
> easily add defaults for new profiles.
> * All the various knobs for the build system have been moved to
> #:configure-flags. This should make it easier to create custom
> Chromium variants based on this package (qtwebkit?).
> * The 'configure' phase will now print *all* supported flags for
> convenience (I usually did this manually every now and then).
> * I've started cherry-picking patches from Ungoogled-Chromium in the
> quest to reduce data transmission to Google.
>
> TODO:
>
> * There is still some data transmitted when starting the browser for the
> first time. It seems related to the "domain_reliability" component.
> * Remove remaining "Web Store" links. Currently I've only found it in
> settings, under "accessibility" and "fonts".
> * Opening settings transmits a bunch of data, the next version will
> include the 'disable-translation-lang-fetch' patch from Inox.
> * PDFium is built, but does not seem to work (the 'install' phase
> probably needs tweaking). Might just disable it instead.
NixOS' nixpkgs has a patch for making their chromium build to take
packaged extensions and addons. This is not everything which is
required to make it work, but given enough time to think it through it
should be doable.
> As always, feedback very welcome. Enjoy!
>
> From a4e343c57d70344dd4cef51ccd37c2650c746b46 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
>
> * gnu/packages/chromium.scm, gnu/packages/chromium-master-preferences.json,
> gnu/packages/patches/chromium-gcc-unique-ptr.patch,
> gnu/packages/patches/chromium-remove-default-history.patch: New files.
> * gnu/local.mk: Record it.
> ---
> gnu/local.mk | 3 +
> gnu/packages/chromium-master-preferences.json | 26 +
> gnu/packages/chromium.scm | 829 ++++++++++++++++++
> .../patches/chromium-gcc-unique-ptr.patch | 33 +
> .../chromium-remove-default-history.patch | 13 +
> 5 files changed, 904 insertions(+)
> create mode 100644 gnu/packages/chromium-master-preferences.json
> create mode 100644 gnu/packages/chromium.scm
> create mode 100644 gnu/packages/patches/chromium-gcc-unique-ptr.patch
> create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 4ed341df8..320f27c44 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -95,6 +95,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/check.scm \
> %D%/packages/chemistry.scm \
> %D%/packages/chez.scm \
> + %D%/packages/chromium.scm \
> %D%/packages/ci.scm \
> %D%/packages/cinnamon.scm \
> %D%/packages/cluster.scm \
> @@ -603,6 +604,8 @@ dist_patch_DATA = \
> %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> %D%/packages/patches/chmlib-inttypes.patch \
> + %D%/packages/patches/chromium-gcc-unique-ptr.patch \
> + %D%/packages/patches/chromium-remove-default-history.patch \
> %D%/packages/patches/clang-3.5-libc-search-path.patch \
> %D%/packages/patches/clang-3.8-libc-search-path.patch \
> %D%/packages/patches/clang-6.0-libc-search-path.patch \
> diff --git a/gnu/packages/chromium-master-preferences.json b/gnu/packages/chromium-master-preferences.json
> new file mode 100644
> index 000000000..0caa7cc4c
> --- /dev/null
> +++ b/gnu/packages/chromium-master-preferences.json
> @@ -0,0 +1,26 @@
> +{
> + "distribution": {
> + "import_bookmarks": false,
> + "make_chrome_default": false,
> + "make_chrome_default_for_user": false,
> + "verbose_logging": true,
> + "skip_first_run_ui": true,
> + "suppress_first_run_default_browser_prompt": true
> + },
> + "browser": {
> + "has_seen_welcome_page" : true,
> + "check_default_browser" : false
> + },
> + "dns_prefetching": {
> + "enabled": false
> + },
> + "alternate_error_pages": {
> + "enabled": false
> + },
> + "hardware": {
> + "audio_capture_enabled": false
> + },
> + "default_apps": "noinstall",
> + "hide_web_store_icon": true,
> + "homepage": "https://www.gnu.org/software/guix"
> +}
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> new file mode 100644
> index 000000000..2fc40a0d2
> --- /dev/null
> +++ b/gnu/packages/chromium.scm
> @@ -0,0 +1,829 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages chromium)
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages)
> + #:use-module (guix gexp)
> + #:use-module (guix download)
> + #:use-module (guix git-download)
> + #:use-module (guix utils)
> + #:use-module (guix build-system gnu)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages assembly)
> + #:use-module (gnu packages base)
> + #:use-module (gnu packages bison)
> + #:use-module (gnu packages compression)
> + #:use-module (gnu packages cups)
> + #:use-module (gnu packages curl)
> + #:use-module (gnu packages fontutils)
> + #:use-module (gnu packages gcc)
> + #:use-module (gnu packages ghostscript)
> + #:use-module (gnu packages gl)
> + #:use-module (gnu packages glib)
> + #:use-module (gnu packages gnome)
> + #:use-module (gnu packages gnuzilla)
> + #:use-module (gnu packages gperf)
> + #:use-module (gnu packages gtk)
> + #:use-module (gnu packages icu4c)
> + #:use-module (gnu packages image)
> + #:use-module (gnu packages libevent)
> + #:use-module (gnu packages libffi)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages kerberos)
> + #:use-module (gnu packages ninja)
> + #:use-module (gnu packages node)
> + #:use-module (gnu packages pciutils)
> + #:use-module (gnu packages pkg-config)
> + #:use-module (gnu packages pulseaudio)
> + #:use-module (gnu packages python)
> + #:use-module (gnu packages python-web)
> + #:use-module (gnu packages regex)
> + #:use-module (gnu packages serialization)
> + #:use-module (gnu packages speech)
> + #:use-module (gnu packages tls)
> + #:use-module (gnu packages valgrind)
> + #:use-module (gnu packages video)
> + #:use-module (gnu packages xiph)
> + #:use-module (gnu packages xml)
> + #:use-module (gnu packages xdisorg)
> + #:use-module (gnu packages xorg))
> +
> +(define (chromium-patch-file-name pathspec)
> + (let ((patch-name (basename pathspec)))
> + (if (string-prefix? "chromium-" patch-name)
> + patch-name
> + (string-append "chromium-" patch-name))))
> +
> +;; https://salsa.debian.org/chromium-team/chromium/tree/master/debian/patches
> +(define (debian-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://salsa.debian.org/chromium-team/chromium/raw/"
> + revision "/debian/patches/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
> +(define (gentoo-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
> + "/chromium/files/" pathspec "?id=" revision))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/gcarq/inox-patchset
> +(define (inox-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
> + revision "/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; https://github.com/Eloston/ungoogled-chromium
> +(define (ungoogled-patch pathspec revision hash)
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://raw.githubusercontent.com/Eloston"
> + "/ungoogled-chromium/" revision "/resources"
> + "/patches/ungoogled-chromium/" pathspec))
> + (sha256 (base32 hash))
> + (file-name (chromium-patch-file-name pathspec))))
> +
> +;; XXX: It would be great to have (upstream-patch ...), but the API
> +;; at <https://chromium.googlesource.com/chromium/> can only return
> +;; base64-encoded patches.
> +
> +(define %debian-revision "debian/68.0.3440.75-2")
> +(define %gentoo-revision "a79be956bb7bbeaca245564ecb4a350b1203ca98")
> +(define %inox-revision "8afa26a5ffb2e8ff52ac5b7bbdccc9f09290120e")
> +(define %ungoogled-revision "55d1a2442dcd9efc574f6c4fa99804d5b8658e4e")
> +
> +(define %debian-patches
> + (list
> + ;; Bootstrap "GN" using system NSPR.
> + (debian-patch "system/nspr.patch" %debian-revision
> + "0xywgsq14xdpfdf0wb5plv5jy2738zbwj7caj2i5g9s5zpdclhsv")
> + ;; Ditto for system libevent.
> + (debian-patch "system/event.patch" %debian-revision
> + "0cq5kz5yi737vb3k8v67hrr38czqm3mj6g3swh765pmfzvx5inj6")
> + ;; Make PDFium use system OpenJPEG.
> + (debian-patch "system/openjpeg.patch" %debian-revision
> + "0fxvbfvmimg0ykzhsk3l0kyvhz1fgbys51ldh950106yj6dszsmx")
> + ;; Make "Courgette" use system zlib instead of the bundled lzma.
> + (debian-patch "system/zlib.patch" %debian-revision
> + "1fmkiw7xrhwadvjxkzpv8j5iih2ws59l3llsdrpapw1vybfyq9nr")
> + ;; Avoid dependency on Chromiums embedded libc++ when bootstrapping.
> + (debian-patch "gn/libcxx.patch" %debian-revision
> + "02w94h9jd29jyvq09yxl9g31hk8j07qzr7rg23rhibhkn1rvg38x")
> + ;; Avoid dependency on Android tools.
> + (debian-patch "disable/android.patch" %debian-revision
> + "06kxx1fx9yi52h2fka71i9qqp6jh4r3w890k77nihv8arnabc0nq")
> + ;; Do not show a warning about missing API keys.
> + (debian-patch "disable/google-api-warning.patch" %debian-revision
> + "0vqi3n8i1vkp2cxmza7c60fl6d03195sax0ahrk1ksa04xjbkkqv")
> + ;; Don't override the home page set in master_preferences.
> + (debian-patch "disable/welcome-page.patch" %debian-revision
> + "15c6a296mkqnjdqqq90kmapn56rykb7saz4bs16han6by8q07lbx")))
> +
> +(define %gentoo-patches
> + (list
> + ;; Fix error detecting system ffmpeg.
> + (gentoo-patch "chromium-ffmpeg-r1.patch" %gentoo-revision
> + "1pivcdmana4qx8sngcdpr858l0qh6bygv7azj66vg021phq5725a")
> + ;; Add missing <string> #include.
> + (gentoo-patch "chromium-cors-string-r0.patch" %gentoo-revision
> + "075lgl6g8rih21adsr3hf2mm0qm16s4w2h4h1qjh652sl941w57l")))
> +
> +(define %inox-patches
> + (list
> + ;; Fix build without the "safe browsing" feature.
> + (inox-patch "0001-fix-building-without-safebrowsing.patch" %inox-revision
> + "0qchqc3i772drx0c8n44yhkx45fgdvd0h325w0qvaqrakzixbmr4")
> + ;; Use sane defaults. In particular, don't depend on any Google services.
> + (inox-patch "0006-modify-default-prefs.patch" %inox-revision
> + "0sbvs6l80h8ar8na6065ihqnmcsr1b4zc21jcs2wzkrjlxsgspw6")
> + ;; Recent versions of Chromium may load a remote search engine on the "New
> + ;; Tab Page", which causes unnecessary and involuntary network traffic.
> + (inox-patch "0008-restore-classic-ntp.patch" %inox-revision
> + "16z5accrri90s922n1r6nj8rqss3g7f579dwwzkk2hdxbkc9wzyr")
> + ;; Add DuckDuckGo and use it as the default search engine.
> + (inox-patch "0011-add-duckduckgo-search-engine.patch" %inox-revision
> + "0mvw1ax0gw3d252c9b1pwbk0j7ny8z9nsfywcmhj56wm6yksgpkg")
> + ;; Don't start a "Login Wizard" at first launch.
> + (inox-patch "0018-disable-first-run-behaviour.patch" %inox-revision
> + "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb")))
> +
> +(define %ungoogled-patches
> + (list
> + ;; Disable browser sign-in to prevent leaking data at launch.
> + (ungoogled-patch "disable-signin.patch" %ungoogled-revision
> + "0a6akb10bzk6z6nhqa211y8rbj0ibdhhg5n92482q9sikavd8hz0")))
> +
> +(define opus+custom
> + (package (inherit opus)
> + (name "opus+custom")
> + (arguments
> + (substitute-keyword-arguments (package-arguments opus)
> + ((#:configure-flags flags ''())
> + ;; Opus Custom is an optional extension of the Opus
> + ;; specification that allows for unsupported frame
> + ;; sizes. Chromium requires that this is enabled.
> + `(cons "--enable-custom-modes"
> + ,flags))))))
> +
> +(define libvpx/chromium
> + ;; Chromium 66 and later requires an unreleased libvpx, so we take the
> + ;; commit from "third_party/libvpx/README.chromium" in the tarball.
> + ;; XXX: Might as well reuse Chromium source.
> + (let ((version (package-version libvpx))
> + (commit "e27a331778c4c99ec37262ea786a3b4cc2a491ac")
> + (revision "0"))
> + (package
> + (inherit libvpx)
> + (name "libvpx-chromium")
> + (version (git-version version revision commit))
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://chromium.googlesource.com/webm/libvpx")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "03a0443dnfn6l2v19qpw7p7k29v98c5b5hl4br93czgq0wi29m1g")))))))
> +
> +(define-public chromium
> + (package
> + (name "chromium")
> + (version "68.0.3440.84")
> + (synopsis "Graphical web browser")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://commondatastorage.googleapis.com"
> + "/chromium-browser-official/chromium-"
> + version ".tar.xz"))
> + (sha256
> + (base32
> + "1nf9xha7ncnh8g1g4c8hzk03f8ya7nd0xzwij9zs7n0qmrkx2c8h"))
> + (patches (append %debian-patches
> + %gentoo-patches
> + %inox-patches
> + %ungoogled-patches
> + (search-patches "chromium-gcc-unique-ptr.patch"
> + "chromium-remove-default-history.patch")))
> + (modules '((srfi srfi-1)
> + (srfi srfi-26)
> + (ice-9 ftw)
> + (ice-9 match)
> + (ice-9 regex)
> + (guix build utils)))
> + (snippet
> + '(begin
> + (let ((preserved-club
Once we merge this into master, can we document the update procedure?
Or even better, write an update script if possible? For me it was 40%
hit everything which doesn't move and take what's left over and 60%
reading. I understand the code, but some people might want an
explanation for how it's decided which folder gets to stay.
> + (map
> + (lambda (path)
> + ;; Prepend paths with "./" for comparison with ftw.
> + (string-append "./" path))
> + (list
> + "base/third_party/dmg_fp"
> + "base/third_party/dynamic_annotations"
> + "base/third_party/icu"
> + "base/third_party/superfasthash"
> + "base/third_party/symbolize"
> + "base/third_party/xdg_mime"
> + "base/third_party/xdg_user_dirs"
> + "chrome/third_party/mozilla_security_manager"
> + "courgette/third_party/bsdiff"
> + "courgette/third_party/divsufsort"
> + "net/third_party/http2"
> + "net/third_party/mozilla_security_manager"
> + "net/third_party/nss"
> + "net/third_party/spdy"
> + "net/third_party/quic"
> + "third_party/adobe/flash/flapper_version.h"
> + ;; FIXME: This is used in:
> + ;; * ui/webui/resources/js/analytics.js
> + ;; * ui/file_manager/
> + "third_party/analytics"
> + "third_party/angle"
> + "third_party/angle/src/common/third_party/base"
> + "third_party/angle/src/common/third_party/smhasher"
> + "third_party/angle/src/third_party/compiler"
> + "third_party/angle/src/third_party/libXNVCtrl"
> + "third_party/angle/src/third_party/trace_event"
> + "third_party/angle/third_party/glslang"
> + "third_party/angle/third_party/spirv-headers"
> + "third_party/angle/third_party/spirv-tools"
> + "third_party/angle/third_party/vulkan-validation-layers"
> + "third_party/apple_apsl" ;XXX add APSL2.0 license
> + "third_party/blink"
> + "third_party/boringssl"
> + "third_party/boringssl/src/third_party/fiat"
> + "third_party/breakpad"
> + "third_party/brotli"
> + "third_party/cacheinvalidation"
> + "third_party/catapult"
> + "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
> + "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
> + "third_party/catapult/third_party/polymer"
> + "third_party/catapult/tracing/third_party/d3"
> + "third_party/catapult/tracing/third_party/gl-matrix"
> + "third_party/catapult/tracing/third_party/jszip"
> + "third_party/catapult/tracing/third_party/mannwhitneyu"
> + "third_party/catapult/tracing/third_party/oboe"
> + "third_party/catapult/tracing/third_party/pako"
> + "third_party/ced"
> + "third_party/cld_3"
> + "third_party/crashpad"
> + (string-append "third_party/crashpad/crashpad/"
> + "third_party/zlib/zlib_crashpad.h")
> + "third_party/crc32c"
> + "third_party/cros_system_api"
> + "third_party/dom_distiller_js"
> + "third_party/fips181"
> + "third_party/flatbuffers"
> + "third_party/glslang-angle"
> + "third_party/google_input_tools"
> + "third_party/google_input_tools/third_party/closure_library"
> + (string-append "third_party/google_input_tools/third_party"
> + "/closure_library/third_party/closure")
> + "third_party/googletest"
> + "third_party/hunspell"
> + "third_party/iccjpeg"
> + "third_party/inspector_protocol"
> + "third_party/jinja2"
> + "third_party/jstemplate"
> + "third_party/khronos"
> + "third_party/leveldatabase"
> + "third_party/libXNVCtrl"
> + "third_party/libaddressinput"
> + "third_party/libaom"
> + "third_party/libjingle_xmpp"
> + "third_party/libphonenumber"
> + "third_party/libsecret" ;FIXME: needs pkg-config support.
> + "third_party/libsrtp"
> + "third_party/libsync" ;TODO: package
> + "third_party/libudev"
> + "third_party/libwebm"
> + "third_party/libxml"
> + "third_party/libyuv"
> + "third_party/lss"
> + "third_party/markupsafe"
> + "third_party/mesa"
> + "third_party/metrics_proto"
> + "third_party/modp_b64"
> + "third_party/node"
> + (string-append "third_party/node/node_modules/"
> + "polymer-bundler/lib/third_party/UglifyJS2")
> + "third_party/ots"
> + ;; TODO: Build as extension.
> + "third_party/pdfium"
> + "third_party/pdfium/third_party/agg23"
> + "third_party/pdfium/third_party/base"
> + "third_party/pdfium/third_party/bigint"
> + "third_party/pdfium/third_party/skia_shared"
> + (string-append "third_party/pdfium/third_party/freetype"
> + "/include/pstables.h")
> + "third_party/perfetto"
> + "third_party/ply"
> + "third_party/polymer"
> + "third_party/protobuf"
> + "third_party/protobuf/third_party/six"
> + "third_party/pyjson5"
> + "third_party/qcms"
> + "third_party/rnnoise"
> + "third_party/sfntly"
> + "third_party/skia"
> + "third_party/skia/third_party/skcms"
> + "third_party/skia/third_party/vulkan"
> + "third_party/skia/third_party/gif"
> + "third_party/smhasher"
> + "third_party/speech-dispatcher"
> + "third_party/sqlite"
> + "third_party/swiftshader"
> + "third_party/swiftshader/third_party/llvm-subzero"
> + "third_party/swiftshader/third_party/subzero"
> + "third_party/s2cellid"
> + "third_party/usb_ids"
> + "third_party/usrsctp"
> + "third_party/WebKit"
> + "third_party/web-animations-js"
> + "third_party/webrtc"
> + "third_party/webrtc_overrides"
> + "third_party/widevine/cdm/widevine_cdm_version.h"
> + "third_party/widevine/cdm/widevine_cdm_common.h"
> + "third_party/woff2"
> + "third_party/xdg-utils"
> + "third_party/yasm/run_yasm.py"
> + "third_party/zlib/google"
> + "url/third_party/mozilla"
> + "v8/src/third_party/utf8-decoder"
> + "v8/src/third_party/valgrind"
> + "v8/third_party/antlr4"
> + "v8/third_party/inspector_protocol"))))
> +
> + (define (empty? dir)
> + (equal? (scandir dir) '("." "..")))
> +
> + (define (third_party? file)
> + (if (string-contains file "third_party/")
> + #t
> + #f))
> +
> + (define (useless? file)
> + (any (cute string-suffix? <> file)
> + '(".tar.gz" ".zip" ".exe" ".jar")))
> +
> + (define (parents child)
> + (let ((lst (reverse (string-split child #\/))))
> + (let loop ((hierarchy lst)
> + (result '()))
> + (if (or (null? hierarchy)
> + (and (not (null? result))
> + (string-suffix? "third_party" (car result))))
> + result
> + (loop (cdr hierarchy)
> + (cons (string-join (reverse hierarchy) "/")
> + result))))))
> +
> + (define (delete-unwanted-files child stat flag base level)
> + (let ((protected (make-regexp "\\.(gn|gyp)i?$")))
> + (match flag
> + ((or 'regular 'symlink 'stale-symlink)
> + (when (third_party? child)
> + (unless (or (member child preserved-club)
> + (any (cute member <> preserved-club)
> + (parents child))
> + (regexp-exec protected child))
> + (format (current-error-port) "deleting ~s~%" child)
> + (delete-file child)))
> + (when (and (useless? child) (file-exists? child))
> + (delete-file child))
> + #t)
> + ('directory-processed
> + (when (empty? child)
> + (rmdir child))
> + #t)
> + (_ #t))))
> +
> + (nftw "." delete-unwanted-files 'depth 'physical)
> +
> + ;; Assert that each listed item is present to catch removals.
> + (for-each (lambda (third-party)
> + (unless (file-exists? third-party)
> + (error (format #f "~s does not exist!" third-party))))
> + preserved-club)
> +
> + ;; Replace "GN" files from third_party with shims for
> + ;; building against system libraries. Keep this list in
> + ;; sync with "build/linux/unbundle/replace_gn_files.py".
> + (for-each (lambda (pair)
> + (let ((source (string-append
> + "build/linux/unbundle/" (car pair)))
> + (dest (cdr pair)))
> + (copy-file source dest)))
> + (list
> + '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
> + '("flac.gn" . "third_party/flac/BUILD.gn")
> + '("fontconfig.gn" . "third_party/fontconfig/BUILD.gn")
> + '("freetype.gn" . "build/config/freetype/freetype.gni")
> + '("harfbuzz-ng.gn" .
> + "third_party/harfbuzz-ng/harfbuzz.gni")
> + '("icu.gn" . "third_party/icu/BUILD.gn")
> + '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
> + '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
> + '("libjpeg.gn" . "third_party/libjpeg.gni")
> + '("libpng.gn" . "third_party/libpng/BUILD.gn")
> + '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
> + '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
> + '("libxml.gn" . "third_party/libxml/BUILD.gn")
> + '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
> + '("openh264.gn" . "third_party/openh264/BUILD.gn")
> + '("opus.gn" . "third_party/opus/BUILD.gn")
> + '("re2.gn" . "third_party/re2/BUILD.gn")
> + '("snappy.gn" . "third_party/snappy/BUILD.gn")
> + '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
> + '("zlib.gn" . "third_party/zlib/BUILD.gn")))
> + #t)))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:tests? #f
> + ;; FIXME: There is a "gn" option specifically for setting -rpath, but
> + ;; it overrides the RUNPATH set by the linker.
> + #:validate-runpath? #f
> + #:modules ((guix build gnu-build-system)
> + (guix build utils)
> + (ice-9 ftw)
> + (ice-9 regex)
> + (srfi srfi-26))
> + #:configure-flags
> + ;; See tools/gn/docs/cookbook.md and
> + ;; https://www.chromium.org/developers/gn-build-configuration
> + ;; for usage. Run "./gn args . --list" in the Release
> + ;; directory for an exhaustive list of supported flags.
> + ;; (Note: The 'configure' phase will do that for you.)
> + (list "is_debug=false"
> + "use_gold=false"
> + "use_lld=false"
> + "linux_use_bundled_binutils=false"
> + "use_custom_libcxx=false"
> + "use_sysroot=false"
> + "enable_precompiled_headers=false"
> + "goma_dir=\"\""
> + "enable_nacl=false"
> + "enable_nacl_nonsfi=false"
> + "use_allocator=\"none\"" ;don't use tcmalloc
> + "override_build_date=\"01 01 2000 05:00:00\""
> + "use_unofficial_version_number=false"
> +
> + ;; Disable "safe browsing", which pulls in a dependency on
> + ;; the nonfree "unrar" program (as of m66).
> + "safe_browsing_mode=0"
> +
> + ;; Define a custom toolchain that simply looks up CC, AR and
> + ;; friends from the environment.
> + "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
> + "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
> +
> + ;; Don't assume it's clang.
> + "is_clang=false"
> +
> + ;; Optimize for building everything at once, as opposed to
> + ;; incrementally for development. See "docs/jumbo.md".
> + "use_jumbo_build=true"
> +
> + ;; Disable debugging features to save space.
> + "symbol_level=0"
> + "remove_webcore_debug_symbols=true"
> + "enable_iterator_debugging=false"
> +
> + ;; Some of the unbundled libraries throws deprecation
> + ;; warnings, etc. Ignore it.
> + "treat_warnings_as_errors=false"
> +
> + ;; Don't add any API keys. End users can set them in the
> + ;; environment if desired. See
> + ;; <https://www.chromium.org/developers/how-tos/api-keys>.
> + "use_official_google_api_keys=false"
> +
> + ;; Disable "field trials".
> + "fieldtrial_testing_like_official_build=true"
> +
> + ;; Disable Chrome Remote Desktop (aka Chromoting).
> + "enable_remoting=false"
> +
> + ;; Use system libraries where possible.
> + "use_system_freetype=true"
> + "use_system_harfbuzz=true"
> + "use_system_lcms2=true"
> + "use_system_libjpeg=true"
> + "use_system_libpng=true"
> + "use_system_zlib=true"
> +
> + "use_gnome_keyring=false" ;deprecated by libsecret
> + "use_gtk3=true"
> + "use_openh264=true"
> + "use_xkbcommon=true"
> + "use_pulseaudio=true"
> + "link_pulseaudio=true"
> +
> + ;; Don't arbitrarily restrict formats supported by system ffmpeg.
> + "proprietary_codecs=true"
> + "ffmpeg_branding=\"Chrome\""
> +
> + ;; WebRTC stuff.
> + "rtc_use_h264=true"
> + ;; Don't use bundled sources.
> + "rtc_build_json=false"
> + "rtc_build_libevent=false"
> + "rtc_build_libvpx=false"
> + "rtc_build_opus=false"
> + "rtc_build_ssl=false"
> +
> + "rtc_build_libsrtp=true" ;FIXME: fails to find headers
> + "rtc_build_usrsctp=true" ;TODO: package this
> + (string-append "rtc_jsoncpp_root=\""
> + (assoc-ref %build-inputs "jsoncpp")
> + "/include/jsoncpp/json\"")
> + (string-append "rtc_ssl_root=\""
> + (assoc-ref %build-inputs "openssl")
> + "/include/openssl\""))
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'patch-stuff
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "printing/cups_config_helper.py"
> + (("cups_config =.*")
> + (string-append "cups_config = '" (assoc-ref inputs "cups")
> + "/bin/cups-config'\n")))
> +
> + (substitute*
> + '("base/process/launch_posix.cc"
> + "base/third_party/dynamic_annotations/dynamic_annotations.c"
> + "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
> + "sandbox/linux/services/credentials.cc"
> + "sandbox/linux/services/namespace_utils.cc"
> + "sandbox/linux/services/syscall_wrappers.cc"
> + "sandbox/linux/syscall_broker/broker_host.cc")
Not related to this section, but: NixOS has a "sandbox" output for Chromium
which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
Nix/NixOS specific, maybe we can add that.
> + (("include \"base/third_party/valgrind/") "include \"valgrind/"))
> +
> + (for-each (lambda (file)
> + (substitute* file
> + ;; Fix opus include path.
> + ;; Do not substitute opus_private.h.
> + (("#include \"opus\\.h\"")
> + "#include \"opus/opus.h\"")
> + (("#include \"opus_custom\\.h\"")
> + "#include \"opus/opus_custom.h\"")
> + (("#include \"opus_defines\\.h\"")
> + "#include \"opus/opus_defines.h\"")
> + (("#include \"opus_multistream\\.h\"")
> + "#include \"opus/opus_multistream.h\"")
> + (("#include \"opus_types\\.h\"")
> + "#include \"opus/opus_types.h\"")))
> + (find-files (string-append "third_party/webrtc/modules"
> + "/audio_coding/codecs/opus")))
> +
> + (substitute* "chrome/common/chrome_paths.cc"
> + (("/usr/share/chromium/extensions")
> + ;; TODO: Add ~/.guix-profile.
> + "/run/current-system/profile/share/chromium/extensions"))
> +
> + (substitute*
> + ;; XXX: Probably not needed for M69.
> + "third_party/blink/renderer/platform/image-encoders/image_encoder.h"
> + (("#include \"third_party/libjpeg/") "#include \"")
> + (("#include \"third_party/libwebp/src/") "#include \""))
> +
> + (substitute*
> + "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
> + (("include \"third_party/curl") "include \"curl"))
> + (substitute* "media/base/decode_capabilities.cc"
> + (("third_party/libvpx/source/libvpx/") ""))
> +
> + #t))
> + (add-before 'configure 'prepare-build-environment
> + (lambda* (#:key inputs #:allow-other-keys)
> +
> + ;; Make sure the right build tools are used.
> + (setenv "AR" "ar") (setenv "NM" "nm")
> + (setenv "CC" "gcc") (setenv "CXX" "g++")
> +
> + ;; Work around <https://bugs.gnu.org/30756>.
> + (unsetenv "C_INCLUDE_PATH")
> + (unsetenv "CPLUS_INCLUDE_PATH")
> +
> + ;; TODO: pre-compile instead. Avoids a race condition.
> + (setenv "PYTHONDONTWRITEBYTECODE" "1")
> +
> + ;; XXX: How portable is this.
> + (mkdir-p "third_party/node/linux/node-linux-x64")
> + (symlink (string-append (assoc-ref inputs "node") "/bin")
> + "third_party/node/linux/node-linux-x64/bin")
> +
> + #t))
> + (add-after 'prepare-build-environment 'bootstrap-gn
> + (lambda _
> + (invoke "python" "tools/gn/bootstrap/bootstrap.py" "-s" "-v")))
> + (replace 'configure
> + (lambda* (#:key configure-flags #:allow-other-keys)
> + (let ((args (string-join configure-flags " ")))
> + (with-directory-excursion "out/Release"
> + ;; Generate ninja build files.
> + (invoke "./gn" "gen" "."
> + (string-append "--args=" args))
> +
> + ;; Print the full list of supported arguments as well as
> + ;; their current status for convenience.
> + (format #t "Dumping configure flags...\n")
> + (invoke "./gn" "args" "." "--list")))))
> + (replace 'build
> + (lambda* (#:key outputs #:allow-other-keys)
> + (invoke "ninja" "-C" "out/Release"
> + "-j" (number->string (parallel-job-count))
> + "chrome")))
> + (replace 'install
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin"))
> + (exe (string-append bin "/chromium"))
> + (lib (string-append out "/lib"))
> + (man (string-append out "/share/man/man1"))
> + (applications (string-append out "/share/applications"))
> + (install-regexp (make-regexp "\\.(bin|pak)$"))
> + (locales (string-append lib "/locales"))
> + (resources (string-append lib "/resources"))
> + (preferences (assoc-ref inputs "master-preferences"))
> + (gtk+ (assoc-ref inputs "gtk+"))
> + (mesa (assoc-ref inputs "mesa"))
> + (nss (assoc-ref inputs "nss"))
> + (udev (assoc-ref inputs "udev"))
> + (sh (which "sh")))
> +
> + (substitute* '("chrome/app/resources/manpage.1.in"
> + "chrome/installer/linux/common/desktop.template")
> + (("@@MENUNAME@@") "Chromium")
> + (("@@PACKAGE@@") "chromium")
> + (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
> +
> + (mkdir-p man)
> + (copy-file "chrome/app/resources/manpage.1.in"
> + (string-append man "/chromium.1"))
> +
> + (mkdir-p applications)
> + (copy-file "chrome/installer/linux/common/desktop.template"
> + (string-append applications "/chromium.desktop"))
> +
> + (mkdir-p lib)
> + (copy-file preferences (string-append lib "/master_preferences"))
> +
> + (with-directory-excursion "out/Release"
> + (for-each (lambda (file)
> + (install-file file lib))
> + (scandir "." (cut regexp-exec install-regexp <>)))
> + (copy-file "chrome" (string-append lib "/chromium"))
> +
> + ;; TODO: Install icons from "../../chrome/app/themes" into
> + ;; "out/share/icons/hicolor/$size".
I have more icons here in my definition, the whole section looked like...
> + (install-file
> + "product_logo_48.png"
> + (string-append out "/share/icons/48x48/chromium.png"))
this:
+ ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
+ (for-each
+ (lambda (file)
+ (let* ((size (string-filter char-numeric? file))
+ (icons (string-append out "/share/icons/hicolor/"
+ size "x" size "/apps")))
+ (mkdir-p icons)
+ (copy-file file (string-append icons "/chromium.png"))))
+ '("../../chrome/app/theme/chromium/product_logo_128.png"
+ "../../chrome/app/theme/chromium/product_logo_22.png"
+ "../../chrome/app/theme/chromium/product_logo_22_mono.png"
+ "../../chrome/app/theme/chromium/product_logo_24.png"
+ "../../chrome/app/theme/chromium/product_logo_256.png"
+ "../../chrome/app/theme/chromium/product_logo_48.png"
+ "../../chrome/app/theme/chromium/product_logo_64.png"))
> +
> + (copy-recursively "locales" locales)
> + (copy-recursively "resources" resources)
> +
> + (mkdir-p bin)
> + ;; Add a thin wrapper to prevent the user from inadvertently
> + ;; installing non-free software through the Web Store.
> + ;; TODO: Discover extensions from the profile and pass
> + ;; something like "--disable-extensions-except=...".
> + (call-with-output-file exe
> + (lambda (port)
> + (format port
> + "#!~a~@
> + if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
> + then~@
> + CHROMIUM_FLAGS=\" \\~@
> + --disable-background-networking \\~@
> + --disable-extensions \\~@
> + \"~@
> + fi~@
> + exec ~a $CHROMIUM_FLAGS \"$@\"~%"
> + sh (string-append lib "/chromium"))))
> + (chmod exe #o755)
> +
> + (wrap-program exe
> + ;; TODO: Get these in RUNPATH.
> + `("LD_LIBRARY_PATH" ":" prefix
> + (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
> + mesa "/lib:" udev "/lib")))
> + ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
> + `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
> + #t)))))))
> + (native-inputs
> + `(("bison" ,bison)
> + ("gcc" ,gcc-8) ;a recent compiler is required
> + ("gperf" ,gperf)
> + ("ninja" ,ninja)
> + ("node" ,node)
> + ("pkg-config" ,pkg-config)
> + ("master-preferences" ,(local-file "chromium-master-preferences.json"))
> + ("which" ,which)
> + ("yasm" ,yasm)
> +
> + ("python-beautifulsoup4" ,python2-beautifulsoup4)
> + ("python-html5lib" ,python2-html5lib)
> + ("python" ,python-2)))
> + (inputs
> + `(("alsa-lib" ,alsa-lib)
> + ("atk" ,atk)
> + ("cups" ,cups)
> + ("curl" ,curl)
> + ("dbus" ,dbus)
> + ("dbus-glib" ,dbus-glib)
> + ("expat" ,expat)
> + ("flac" ,flac)
> + ("ffmpeg" ,ffmpeg)
> + ("fontconfig" ,fontconfig)
> + ("freetype" ,freetype)
> + ("gdk-pixbuf" ,gdk-pixbuf)
> + ("glib" ,glib)
> + ("gtk+" ,gtk+)
> + ("harfbuzz" ,harfbuzz)
> + ("icu4c" ,icu4c)
> + ("jsoncpp" ,jsoncpp)
> + ("lcms" ,lcms)
> + ("libevent" ,libevent)
> + ("libffi" ,libffi)
> + ("libjpeg-turbo" ,libjpeg-turbo)
> + ("libpng" ,libpng)
> + ;;("libsrtp" ,libsrtp)
> + ("libvpx" ,libvpx/chromium)
> + ("libwebp" ,libwebp)
> + ("libx11" ,libx11)
> + ("libxcb" ,libxcb)
> + ("libxcomposite" ,libxcomposite)
> + ("libxcursor" ,libxcursor)
> + ("libxdamage" ,libxdamage)
> + ("libxext" ,libxext)
> + ("libxfixes" ,libxfixes)
> + ("libxi" ,libxi)
> + ("libxkbcommon" ,libxkbcommon)
> + ("libxml2" ,libxml2)
> + ("libxrandr" ,libxrandr)
> + ("libxrender" ,libxrender)
> + ("libxscrnsaver" ,libxscrnsaver)
> + ("libxslt" ,libxslt)
> + ("libxtst" ,libxtst)
> + ("mesa" ,mesa)
> + ("minizip" ,minizip)
> + ("mit-krb5" ,mit-krb5)
> + ("nss" ,nss)
> + ("openh264" ,openh264)
> + ("openjpeg" ,openjpeg) ;PDFium only
> + ("openssl" ,openssl)
> + ("opus" ,opus+custom)
> + ("pango" ,pango)
> + ("pciutils" ,pciutils)
> + ("pulseaudio" ,pulseaudio)
> + ("re2" ,re2)
> + ("snappy" ,snappy)
> + ("speech-dispatcher" ,speech-dispatcher)
> + ("udev" ,eudev)
> + ("valgrind" ,valgrind)))
> + (home-page "https://www.chromium.org/")
> + (description
> + "Chromium is a web browser designed for speed and security. This
> +version incorporates features from
> +@url{https://github.com/gcarq/inox-patchset,the Inox patchset} and
> +@url{https://github.com/Eloston/ungoogled-chromium,ungoogled-chromium} in
> +order to protect the users privacy.")
> + ;; Chromium is developed as BSD-3, but bundles a large number of third-party
> + ;; components with other licenses. For full information, see chrome://credits.
> + (license (list license:bsd-3
> + license:bsd-2
> + license:expat
> + license:asl2.0
> + license:mpl2.0
> + license:public-domain
> + license:lgpl2.1+))))
> diff --git a/gnu/packages/patches/chromium-gcc-unique-ptr.patch b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
> new file mode 100644
> index 000000000..9c9a9fc09
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-gcc-unique-ptr.patch
> @@ -0,0 +1,33 @@
> +Help GCC resolve <UrlIndex>.
> +
> +Taken from upstream:
> +https://chromium.googlesource.com/chromium/src/+/56cb5f7da1025f6db869e840ed34d3b98b9ab899
> +
> +diff --git a/components/bookmarks/browser/bookmark_storage.cc b/components/bookmarks/browser/bookmark_storage.cc
> +index 1633ba1..3ae0c62 100644
> +--- a/components/bookmarks/browser/bookmark_storage.cc
> ++++ b/components/bookmarks/browser/bookmark_storage.cc
> +@@ -158,6 +158,10 @@
> + url_index_ = std::make_unique<UrlIndex>(std::move(root_node_));
> + }
> +
> ++std::unique_ptr<UrlIndex> BookmarkLoadDetails::owned_url_index() {
> ++ return std::move(url_index_);
> ++}
> ++
> + BookmarkPermanentNode* BookmarkLoadDetails::CreatePermanentNode(
> + BookmarkClient* client,
> + BookmarkNode::Type type) {
> +diff --git a/components/bookmarks/browser/bookmark_storage.h b/components/bookmarks/browser/bookmark_storage.h
> +index 08df5bb..0a1b1a1 100644
> +--- a/components/bookmarks/browser/bookmark_storage.h
> ++++ b/components/bookmarks/browser/bookmark_storage.h
> +@@ -104,7 +104,7 @@
> + bool ids_reassigned() const { return ids_reassigned_; }
> +
> + void CreateUrlIndex();
> +- std::unique_ptr<UrlIndex> owned_url_index() { return std::move(url_index_); }
> ++ std::unique_ptr<UrlIndex> owned_url_index();
> +
> + private:
> + // Creates one of the possible permanent nodes (bookmark bar node, other node
> diff --git a/gnu/packages/patches/chromium-remove-default-history.patch b/gnu/packages/patches/chromium-remove-default-history.patch
> new file mode 100644
> index 000000000..42363805b
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-remove-default-history.patch
> @@ -0,0 +1,13 @@
> +Don't pre-populate the New Tab Page for new profiles.
> +
> +--- a/chrome/browser/history/top_sites_factory.cc
> ++++ b/chrome/browser/history/top_sites_factory.cc
> +@@ -74,7 +74,7 @@
> +
> + void InitializePrepopulatedPageList(
> + history::PrepopulatedPageList* prepopulated_pages) {
> +-#if !defined(OS_ANDROID)
> ++#if 0
> + DCHECK(prepopulated_pages);
> + prepopulated_pages->reserve(arraysize(kRawPrepopulatedPages));
> + for (size_t i = 0; i < arraysize(kRawPrepopulatedPages); ++i) {
> --
> 2.18.0
>
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Aug 2018 18:26:02 GMT) Full text and rfc822 format available.Message #239 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: ng0 <ng0 <at> n0.is> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 05 Aug 2018 20:25:33 +0200
[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes:
> Once we merge this into master, can we document the update procedure?
> Or even better, write an update script if possible? For me it was 40%
> hit everything which doesn't move and take what's left over and 60%
> reading. I understand the code, but some people might want an
> explanation for how it's decided which folder gets to stay.
The "preserved-club" are simply third_party directories that are
necessary for the build. Removing any single one will cause the build
to fail (in theory, there might be outdated entries..).
It's difficult to automate because you don't know what's needed until
the build process starts and fails because of some missing dependency.
> Not related to this section, but: NixOS has a "sandbox" output for Chromium
> which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
> Nix/NixOS specific, maybe we can add that.
I guess that's for the SUID sandbox binary. I haven't had a reason to
build that because the user namespace sandbox works just fine. Perhaps
it's useful for distributions that don't have user namespaces enabled?
>> + ;; TODO: Install icons from "../../chrome/app/themes" into
>> + ;; "out/share/icons/hicolor/$size".
>
> I have more icons here in my definition, the whole section looked like...
>
>> + (install-file
>> + "product_logo_48.png"
>> + (string-append out "/share/icons/48x48/chromium.png"))
>
> this:
>
> + ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> + (for-each
> + (lambda (file)
> + (let* ((size (string-filter char-numeric? file))
> + (icons (string-append out "/share/icons/hicolor/"
> + size "x" size "/apps")))
> + (mkdir-p icons)
> + (copy-file file (string-append icons "/chromium.png"))))
> + '("../../chrome/app/theme/chromium/product_logo_128.png"
> + "../../chrome/app/theme/chromium/product_logo_22.png"
> + "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> + "../../chrome/app/theme/chromium/product_logo_24.png"
> + "../../chrome/app/theme/chromium/product_logo_256.png"
> + "../../chrome/app/theme/chromium/product_logo_48.png"
> + "../../chrome/app/theme/chromium/product_logo_64.png"))
Nice. Now the next step is to generate the latter list, maybe with
find-files?
Thanks for the feedback!
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Aug 2018 20:32:01 GMT) Full text and rfc822 format available.Message #242 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 5 Aug 2018 20:32:22 +0000
[Message part 1 (text/plain, inline)]
Marius Bakke transcribed 3.2K bytes:
> ng0 <ng0 <at> n0.is> writes:
>
> > Once we merge this into master, can we document the update procedure?
> > Or even better, write an update script if possible? For me it was 40%
> > hit everything which doesn't move and take what's left over and 60%
> > reading. I understand the code, but some people might want an
> > explanation for how it's decided which folder gets to stay.
>
> The "preserved-club" are simply third_party directories that are
> necessary for the build. Removing any single one will cause the build
> to fail (in theory, there might be outdated entries..).
>
> It's difficult to automate because you don't know what's needed until
> the build process starts and fails because of some missing dependency.
Hm okay.
Yes, I noticed. But they usually fail very early, so it's just 4 - 20
minutes waiting depending on your harddrive and network speed.
> > Not related to this section, but: NixOS has a "sandbox" output for Chromium
> > which "contains the sandboxed wrapper" of Chromium. Maybe it requires something
> > Nix/NixOS specific, maybe we can add that.
>
> I guess that's for the SUID sandbox binary. I haven't had a reason to
> build that because the user namespace sandbox works just fine. Perhaps
> it's useful for distributions that don't have user namespaces enabled?
Maybe, it's worth investigating. I haven't looked at it very much.
>
> >> + ;; TODO: Install icons from "../../chrome/app/themes" into
> >> + ;; "out/share/icons/hicolor/$size".
> >
> > I have more icons here in my definition, the whole section looked like...
> >
> >> + (install-file
> >> + "product_logo_48.png"
> >> + (string-append out "/share/icons/48x48/chromium.png"))
> >
> > this:
> >
> > + ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> > + (for-each
> > + (lambda (file)
> > + (let* ((size (string-filter char-numeric? file))
> > + (icons (string-append out "/share/icons/hicolor/"
> > + size "x" size "/apps")))
> > + (mkdir-p icons)
> > + (copy-file file (string-append icons "/chromium.png"))))
> > + '("../../chrome/app/theme/chromium/product_logo_128.png"
> > + "../../chrome/app/theme/chromium/product_logo_22.png"
> > + "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> > + "../../chrome/app/theme/chromium/product_logo_24.png"
> > + "../../chrome/app/theme/chromium/product_logo_256.png"
> > + "../../chrome/app/theme/chromium/product_logo_48.png"
> > + "../../chrome/app/theme/chromium/product_logo_64.png"))
>
> Nice. Now the next step is to generate the latter list, maybe with
> find-files?
>
> Thanks for the feedback!
Thanks for your continued work on this monster ;)
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 05 Aug 2018 23:58:01 GMT) Full text and rfc822 format available.Message #245 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Sun, 5 Aug 2018 23:58:00 +0000
[Message part 1 (text/plain, inline)]
It took a while because of the heat, but here's a fail log appended. I'm going to bed, and I don't know when I have time to look into it. Maybe you get to work on it earlier than myself. Thanks
[chromium68.txt (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 06 Aug 2018 08:23:02 GMT) Full text and rfc822 format available.Message #248 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Oleg Pykhalov <go.wigust <at> gmail.com> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium Date: Mon, 06 Aug 2018 11:22:25 +0300
[Message part 1 (text/plain, inline)]
Hello, compiled successfully on 340ee00bbf91a8e0ea567d00d7ff54dd025abc05 Thanks, Oleg.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 29 Aug 2018 23:32:01 GMT) Full text and rfc822 format available.Message #251 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Amirouche Boubekki <amirouche <at> hypermove.net> To: 28004 <at> debbugs.gnu.org Subject: (no subject) Date: Thu, 30 Aug 2018 01:31:46 +0200
I would like to work on the TODO items. * There is still some data transmitted when starting the browser for the first time. It seems related to the "domain_reliability" component. * Remove remaining "Web Store" links. Currently I've only found it in settings, under "accessibility" and "fonts". Is is taken by anybody? The build is in progress, I will report later.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 30 Aug 2018 06:05:01 GMT) Full text and rfc822 format available.Message #254 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Amirouche Boubekki <amirouche <at> hypermove.net> To: Oleg Pykhalov <go.wigust <at> gmail.com> Cc: 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, Guix-patches <guix-patches-bounces+amirouche=hypermove.net <at> gnu.org> Subject: Re: [bug#28004] Chromium Date: Thu, 30 Aug 2018 08:04:18 +0200
compiled successfully on 256d5c6e339d59287284bb83f35c594f13bd08f9 I have the following messages appear: Gtk-Message: 07:58:25.671: Failed to load module "canberra-gtk-module" [3434:3434:0830/075901.665931:ERROR:sandbox_linux.cc(378)] InitializeSandbox() called with multiple threads in process gpu-process. libpng warning: iCCP: known incorrect sRGB profile (pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed I tested http://hyperdev.fr/ and https://zty.pe/ If nobody is working on the remaining TODO items, I will work my way through it. LMK.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 30 Aug 2018 09:58:01 GMT) Full text and rfc822 format available.Message #257 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: Clément Lassieur <clement <at> lassieur.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: Firefox 52's end of life, packaging Chromium Date: Thu, 30 Aug 2018 11:57:29 +0200
Hello, Clément Lassieur <clement <at> lassieur.org> skribis: > So the question is: can we push the Chromium package? I've read it's > almost ready[2]. It's probably far better than everything we have, > despite not being totally 'finished'. Maybe we can add what's left to > do as a TODO and fix the package later? As long as the freedom issues and phone-home issues are addressed, which appears to be the case, I’m all for it. Marius? Thanks, Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 30 Aug 2018 13:25:02 GMT) Full text and rfc822 format available.Message #260 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ng0 <ng0 <at> n0.is> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is> Subject: Re: [bug#28004] Chromium Date: Thu, 30 Aug 2018 13:25:41 +0000
Build sucessfully on f9e140a243b6d6b5d28bd0813b69604562a39653. Previously the lack of a swapfile was to blame - when you don't run headless this really requires a swapfile when you have 8 GB RAM.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 02 Sep 2018 04:40:02 GMT) Full text and rfc822 format available.Message #263 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium FSDG requirements Date: Sun, 02 Sep 2018 00:37:53 -0400
Hi Marius,
Does the modified version of Chromium in your draft package support
Encrypted Media Extensions (EME)?
https://en.wikipedia.org/wiki/Encrypted_Media_Extensions
Does it refer to third-party repositories of software that are not
committed to only including free software?
Does it contain spyware?
Thanks,
Mark
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 02 Sep 2018 13:19:01 GMT) Full text and rfc822 format available.Message #266 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Mark H Weaver <mhw <at> netris.org> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] Chromium FSDG requirements Date: Sun, 02 Sep 2018 15:16:55 +0200
[Message part 1 (text/plain, inline)]
Mark H Weaver <mhw <at> netris.org> writes: > Hi Marius, > > Does the modified version of Chromium in your draft package support > Encrypted Media Extensions (EME)? > > https://en.wikipedia.org/wiki/Encrypted_Media_Extensions No. EME is called "Widevine" in Chromium lingo and I believe all components are purged from the source. > Does it refer to third-party repositories of software that are not > committed to only including free software? Yes. It includes support for the Chromium "Web Store", although it's not usable in the default configuration. > Does it contain spyware? Not to my knowledge.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 07 Sep 2018 09:30:02 GMT) Full text and rfc822 format available.Message #269 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Clément Lassieur <clement <at> lassieur.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org> Subject: Re: Firefox 52's end of life, packaging Chromium Date: Fri, 07 Sep 2018 11:29:42 +0200
Hello :-) Ludovic Courtès <ludo <at> gnu.org> writes: > Hello, > > Clément Lassieur <clement <at> lassieur.org> skribis: > >> So the question is: can we push the Chromium package? I've read it's >> almost ready[2]. It's probably far better than everything we have, >> despite not being totally 'finished'. Maybe we can add what's left to >> do as a TODO and fix the package later? > > As long as the freedom issues and phone-home issues are addressed, which > appears to be the case, I’m all for it. > > Marius? Marius, what is the status, can we merge it? Clément
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 15 Sep 2018 10:37:02 GMT) Full text and rfc822 format available.Message #272 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Clément Lassieur <clement <at> lassieur.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: Firefox 52's end of life, packaging Chromium Date: Sat, 15 Sep 2018 12:36:53 +0200
Clément Lassieur <clement <at> lassieur.org> writes: > Hello :-) > > Ludovic Courtès <ludo <at> gnu.org> writes: > >> Hello, >> >> Clément Lassieur <clement <at> lassieur.org> skribis: >> >>> So the question is: can we push the Chromium package? I've read it's >>> almost ready[2]. It's probably far better than everything we have, >>> despite not being totally 'finished'. Maybe we can add what's left to >>> do as a TODO and fix the package later? >> >> As long as the freedom issues and phone-home issues are addressed, which >> appears to be the case, I’m all for it. >> >> Marius? > > Marius, what is the status, can we merge it? Ping > > Clément
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 17 Sep 2018 13:29:02 GMT) Full text and rfc822 format available.Message #275 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Clément Lassieur <clement <at> lassieur.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Chromium channel Date: Mon, 17 Sep 2018 15:28:23 +0200
[Message part 1 (text/plain, inline)]
Clément Lassieur <clement <at> lassieur.org> writes: > Clément Lassieur <clement <at> lassieur.org> writes: > >> Hello :-) >> >> Ludovic Courtès <ludo <at> gnu.org> writes: >> >>> Hello, >>> >>> Clément Lassieur <clement <at> lassieur.org> skribis: >>> >>>> So the question is: can we push the Chromium package? I've read it's >>>> almost ready[2]. It's probably far better than everything we have, >>>> despite not being totally 'finished'. Maybe we can add what's left to >>>> do as a TODO and fix the package later? >>> >>> As long as the freedom issues and phone-home issues are addressed, which >>> appears to be the case, I’m all for it. >>> >>> Marius? >> >> Marius, what is the status, can we merge it? > > Ping Hello, sorry for the delay. I've set up a channel for Chromium here: https://gitlab.com/mbakke/guix-chromium Chromium has been updated for version 69 as well. I don't think we can merge as-is due to the tight Web Store integration (even if it's disabled), but I will start work on packaging the full "Ungoogled-Chromium" next: https://github.com/Eloston/ungoogled-chromium I'll bump this thread once it is ready for testing. Developments will happen in the Gitlab repository. Pull requests welcome! :-)
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 17 Sep 2018 14:17:01 GMT) Full text and rfc822 format available.Message #278 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Clément Lassieur <clement <at> lassieur.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: Chromium channel Date: Mon, 17 Sep 2018 16:16:43 +0200
Marius Bakke <mbakke <at> fastmail.com> writes: > Clément Lassieur <clement <at> lassieur.org> writes: > >> Clément Lassieur <clement <at> lassieur.org> writes: >> >>> Hello :-) >>> >>> Ludovic Courtès <ludo <at> gnu.org> writes: >>> >>>> Hello, >>>> >>>> Clément Lassieur <clement <at> lassieur.org> skribis: >>>> >>>>> So the question is: can we push the Chromium package? I've read it's >>>>> almost ready[2]. It's probably far better than everything we have, >>>>> despite not being totally 'finished'. Maybe we can add what's left to >>>>> do as a TODO and fix the package later? >>>> >>>> As long as the freedom issues and phone-home issues are addressed, which >>>> appears to be the case, I’m all for it. >>>> >>>> Marius? >>> >>> Marius, what is the status, can we merge it? >> >> Ping > > Hello, sorry for the delay. > > I've set up a channel for Chromium here: > > https://gitlab.com/mbakke/guix-chromium > > Chromium has been updated for version 69 as well. > > I don't think we can merge as-is due to the tight Web Store integration > (even if it's disabled), but I will start work on packaging the full > "Ungoogled-Chromium" next: > > https://github.com/Eloston/ungoogled-chromium > > I'll bump this thread once it is ready for testing. Developments will > happen in the Gitlab repository. Pull requests welcome! :-) Great! Thank you very much Marius, and sorry for insisting. The 'channels' solution seems to fit very well! Clément
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 17 Sep 2018 17:58:02 GMT) Full text and rfc822 format available.Message #281 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Pjotr Prins <pjotr.public12 <at> thebird.nl> To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Clément Lassieur <clement <at> lassieur.org> Subject: Re: Chromium channel Date: Mon, 17 Sep 2018 19:57:07 +0200
On Mon, Sep 17, 2018 at 03:28:23PM +0200, Marius Bakke wrote: > I've set up a channel for Chromium here: > > https://gitlab.com/mbakke/guix-chromium Too much coolness. I am fainting! Pj.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 17 Sep 2018 18:08:02 GMT) Full text and rfc822 format available.Message #284 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Nils Gillmann <ng0 <at> n0.is> To: Clément Lassieur <clement <at> lassieur.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: Chromium channel Date: Mon, 17 Sep 2018 18:08:10 +0000
Clément Lassieur transcribed 1.4K bytes: > Marius Bakke <mbakke <at> fastmail.com> writes: > > > Clément Lassieur <clement <at> lassieur.org> writes: > > > >> Clément Lassieur <clement <at> lassieur.org> writes: > >> > >>> Hello :-) > >>> > >>> Ludovic Courtès <ludo <at> gnu.org> writes: > >>> > >>>> Hello, > >>>> > >>>> Clément Lassieur <clement <at> lassieur.org> skribis: > >>>> > >>>>> So the question is: can we push the Chromium package? I've read it's > >>>>> almost ready[2]. It's probably far better than everything we have, > >>>>> despite not being totally 'finished'. Maybe we can add what's left to > >>>>> do as a TODO and fix the package later? > >>>> > >>>> As long as the freedom issues and phone-home issues are addressed, which > >>>> appears to be the case, I’m all for it. > >>>> > >>>> Marius? > >>> > >>> Marius, what is the status, can we merge it? > >> > >> Ping > > > > Hello, sorry for the delay. > > > > I've set up a channel for Chromium here: > > > > https://gitlab.com/mbakke/guix-chromium > > > > Chromium has been updated for version 69 as well. Huh! Did the requirement for building go up by 100% with version 69? I will test if my 8GB RAM buildmachine can still build it like it used to up to version 68.x. > > I don't think we can merge as-is due to the tight Web Store integration > > (even if it's disabled), but I will start work on packaging the full > > "Ungoogled-Chromium" next: > > > > https://github.com/Eloston/ungoogled-chromium > > > > I'll bump this thread once it is ready for testing. Developments will > > happen in the Gitlab repository. Pull requests welcome! :-) > > Great! > > Thank you very much Marius, and sorry for insisting. The 'channels' > solution seems to fit very well! > > Clément >
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 22 Sep 2018 12:45:02 GMT) Full text and rfc822 format available.Message #287 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: ludo <at> gnu.org (Ludovic Courtès) To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Clément Lassieur <clement <at> lassieur.org> Subject: Re: Chromium channel Date: Sat, 22 Sep 2018 14:44:07 +0200
Hello Marius, Marius Bakke <mbakke <at> fastmail.com> skribis: > I've set up a channel for Chromium here: > > https://gitlab.com/mbakke/guix-chromium Nice! Great to see channels put to good use. :-) Though… let’s make sure this channel doesn’t derail “us” from the goal of having an FSDG-compliant Chromium in Guix proper! Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 02 Feb 2019 19:21:02 GMT) Full text and rfc822 format available.Message #290 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 2 Feb 2019 20:20:23 +0100
Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
is finally ready for inclusion in Guix.
Features:
* Chromium 72.
* No unsolicited network traffic.
* Free software only.
* No DRM.
* Not an April Fools joke.
It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
will be upstreamed once the upstream reorganization[1] is done.
Comments appreciated!
[0]: https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
[1]: https://github.com/Eloston/ungoogled-chromium/issues/651
* gnu/packages/aux-files/chromium/master-preferences.json,
gnu/packages/chromium.scm: New files.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
---
gnu/local.mk | 1 +
.../chromium/master-preferences.json | 26 +
gnu/packages/chromium.scm | 741 ++++++++++++++++++
3 files changed, 768 insertions(+)
create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json
create mode 100644 gnu/packages/chromium.scm
diff --git a/gnu/local.mk b/gnu/local.mk
index 82db1488d6..b5e937cdd7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/check.scm \
%D%/packages/chemistry.scm \
%D%/packages/chez.scm \
+ %D%/packages/chromium.scm \
%D%/packages/ci.scm \
%D%/packages/cinnamon.scm \
%D%/packages/clojure.scm \
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..0caa7cc4cd
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+ "distribution": {
+ "import_bookmarks": false,
+ "make_chrome_default": false,
+ "make_chrome_default_for_user": false,
+ "verbose_logging": true,
+ "skip_first_run_ui": true,
+ "suppress_first_run_default_browser_prompt": true
+ },
+ "browser": {
+ "has_seen_welcome_page" : true,
+ "check_default_browser" : false
+ },
+ "dns_prefetching": {
+ "enabled": false
+ },
+ "alternate_error_pages": {
+ "enabled": false
+ },
+ "hardware": {
+ "audio_capture_enabled": false
+ },
+ "default_apps": "noinstall",
+ "hide_web_store_icon": true,
+ "homepage": "https://www.gnu.org/software/guix"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..eb404246d3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,741 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke <at> fastmail.com>
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix gexp)
+ #:use-module (guix store)
+ #:use-module (guix monads)
+ #:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bison)
+ #:use-module (gnu packages build-tools)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gcc)
+ #:use-module (gnu packages ghostscript)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages gperf)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages ninja)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages python-web)
+ #:use-module (gnu packages python-xyz)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages serialization)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages tls)
+ #:use-module (gnu packages valgrind)
+ #:use-module (gnu packages vulkan)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xml)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+ '("base/third_party/dmg_fp" ;X11-style
+ "base/third_party/dynamic_annotations" ;BSD-2
+ "base/third_party/icu" ;Unicode, X11-style
+ "base/third_party/superfasthash" ;BSD-3
+ "base/third_party/symbolize" ;BSD-3
+ "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+ "base/third_party/xdg_user_dirs" ;Expat
+ "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+ "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+ "courgette/third_party/divsufsort" ;Expat
+ "net/third_party/http2" ;BSD-3
+ "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+ "net/third_party/nss" ;MPL-2.0
+ "net/third_party/quic" ;BSD-3
+ "net/third_party/spdy" ;BSD-3
+ "net/third_party/uri_template" ;ASL2.0
+ "third_party/abseil-cpp" ;ASL2.0
+ "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+ "third_party/angle" ;BSD-3
+ "third_party/angle/src/common/third_party/base" ;BSD-3
+ "third_party/angle/src/common/third_party/smhasher" ;Public domain
+ "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+ "third_party/angle/src/third_party/compiler" ;BSD-2
+ "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+ "third_party/angle/src/third_party/trace_event" ;BSD-3
+ "third_party/angle/third_party/glslang" ;BSD-3
+ "third_party/angle/third_party/spirv-headers" ;Expat
+ "third_party/angle/third_party/spirv-tools" ;Expat
+ "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+ "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+ "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+ "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+ "third_party/apple_apsl" ;APSL2.0
+ "third_party/blink" ;BSD-3
+ "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+ "third_party/boringssl/src/third_party/fiat" ;Expat
+ "third_party/breakpad" ;BSD-3
+ "third_party/brotli" ;Expat
+ "third_party/cacheinvalidation" ;ASL2.0
+ "third_party/catapult" ;BSD-3
+ "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+ "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+ "third_party/catapult/third_party/polymer" ;BSD-3
+ "third_party/catapult/tracing/third_party/d3" ;BSD-3
+ "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+ "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+ "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+ "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+ "third_party/catapult/tracing/third_party/pako" ;Expat
+ "third_party/ced" ;BSD-3
+ "third_party/cld_3" ;ASL2.0
+ "third_party/closure_compiler" ;ASL2.0
+ "third_party/crashpad" ;ASL2.0
+ "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+ "third_party/crc32c" ;BSD-3
+ "third_party/cros_system_api" ;BSD-3
+ "third_party/dom_distiller_js" ;BSD-3
+ "third_party/fips181" ;BSD-3
+ "third_party/flatbuffers" ;ASL2.0
+ "third_party/google_input_tools" ;ASL2.0
+ "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+ "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+ "third_party/googletest" ;BSD-3
+ "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+ "third_party/iccjpeg" ;IJG
+ "third_party/inspector_protocol" ;BSD-3
+ "third_party/jinja2" ;BSD-3
+ "third_party/jstemplate" ;ASL2.0
+ "third_party/khronos" ;Expat, SGI
+ "third_party/leveldatabase" ;BSD-3
+ "third_party/libXNVCtrl" ;Expat
+ "third_party/libaddressinput" ;ASL2.0
+ "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+ "third_party/libaom/source/libaom/third_party/vector" ;Expat
+ "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+ "third_party/libjingle_xmpp" ;BSD-3
+ "third_party/libphonenumber" ;ASL2.0
+ "third_party/libsecret" ;LGPL2.1+
+ "third_party/libsrtp" ;BSD-3
+ "third_party/libsync" ;ASL2.0
+ "third_party/libudev" ;LGPL2.1+
+ "third_party/libwebm" ;BSD-3
+ "third_party/libxml/chromium" ;BSD-3
+ "third_party/libyuv" ;BSD-3
+ "third_party/lss" ;BSD-3
+ "third_party/markupsafe" ;BSD-3
+ "third_party/mesa_headers" ;Expat, SGI
+ "third_party/metrics_proto" ;BSD-3
+ "third_party/modp_b64" ;BSD-3
+ "third_party/nasm" ;BSD-2
+ "third_party/node" ;Expat
+ "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+ "third_party/ots" ;BSD-3
+ "third_party/pdfium" ;BSD-3
+ "third_party/pdfium/third_party/agg23" ;Expat
+ "third_party/pdfium/third_party/base" ;BSD-3
+ "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+ "third_party/pdfium/third_party/skia_shared" ;BSD-3
+ "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+ "third_party/ply" ;BSD-3
+ "third_party/polymer" ;BSD-3
+ "third_party/protobuf" ;BSD-3
+ "third_party/protobuf/third_party/six" ;Expat
+ "third_party/pyjson5" ;ASL2.0
+ "third_party/qcms" ;Expat
+ "third_party/rnnoise" ;BSD-3
+ "third_party/s2cellid" ;ASL2.0
+ "third_party/sfntly" ;ASL2.0
+ "third_party/skia" ;BSD-3
+ "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+ "third_party/skia/third_party/skcms" ;BSD-3
+ "third_party/skia/third_party/vulkan" ;BSD-3
+ "third_party/smhasher" ;Expat, public domain
+ "third_party/speech-dispatcher" ;GPL2+
+ "third_party/spirv-headers" ;ASL2.0
+ "third_party/SPIRV-Tools" ;ASL2.0
+ "third_party/sqlite" ;Public domain
+ "third_party/ungoogled" ;BSD-3
+ "third_party/usb_ids" ;BSD-3
+ "third_party/usrsctp" ;BSD-2
+ "third_party/web-animations-js" ;ASL2.0
+ "third_party/webdriver" ;ASL2.0
+ "third_party/webrtc" ;BSD-3
+ "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+ "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+ "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+ "third_party/webrtc/modules/third_party/g711" ;Public domain
+ "third_party/webrtc/modules/third_party/g722" ;Public domain
+ "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+ "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+ "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+ "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+ "third_party/woff2" ;ASL2.0
+ "third_party/xdg-utils" ;Expat
+ "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+ "third_party/zlib/google" ;BSD-3
+ "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+ "v8/src/third_party/utf8-decoder" ;Expat
+ "v8/src/third_party/valgrind" ;BSD-4
+ "v8/third_party/inspector_protocol" ;BSD-3
+ "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+ #:optional (name "source")
+ #:key (system (%current-system))
+ (guile (default-guile)))
+ "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+ (mlet %store-monad ((guile (package->derivation guile system)))
+ (gexp->derivation (or name "computed-origin")
+ (force gexp-promise)
+ #:system system
+ #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.81")
+(define %ungoogled-revision "f9b9074c322a67b04baf0982797cd7b7e09614b5")
+
+;; This is a computed origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+ (let* ((chromium-source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://commondatastorage.googleapis.com"
+ "/chromium-browser-official/chromium-"
+ %chromium-version ".tar.xz"))
+ (sha256
+ (base32
+ "01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
+ (ungoogled-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/mbakke/ungoogled-chromium")
+ (commit %ungoogled-revision)))
+ (file-name (git-file-name "ungoogled-chromium"
+ (string-take %ungoogled-revision 7)))
+ (sha256
+ (base32
+ "0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
+
+ (origin
+ (method computed-origin-method)
+ (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+ (sha256 #f)
+ (uri
+ (delay
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((chromium-dir (string-append "chromium-" #$%chromium-version))
+ (preserved-files (list #$@%preserved-third-party-files)))
+
+ (mkdir "/tmp/bin")
+ (set-path-environment-variable
+ "PATH" '("bin")
+ (list "/tmp"
+ #+(canonical-package patch)
+ #+(canonical-package xz)
+ #+(canonical-package tar)
+ #+python-2
+ #+python))
+
+ (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+ (with-directory-excursion "/tmp/ungoogled"
+
+ (format #t "Unpacking chromium tarball...~%")
+ (force-output)
+ (invoke "tar" "xf" #+chromium-source)
+
+ (format #t "Ungooglifying...~%")
+ (force-output)
+ (invoke "python3" "run_buildkit_cli.py" "prune"
+ "-b" "config_bundles/guix" chromium-dir)
+ (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+ "-b" "config_bundles/guix" chromium-dir)
+ (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+ "-b" "config_bundles/linux_rooted"
+ "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+ (with-directory-excursion chromium-dir
+ (format #t "Pruning third party files...~%")
+ (force-output)
+ (apply invoke "python"
+ "build/linux/unbundle/remove_bundled_libraries.py"
+ "--do-remove" preserved-files)
+
+ (format #t "Replacing GN files...~%")
+ (force-output)
+ (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+ "--system-libraries" "ffmpeg" "flac" "fontconfig"
+ "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+ "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+ "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+ "zlib"))
+
+ (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+ (force-output)
+ (invoke "tar" "cvfa" #$output
+ ;; Avoid non-determinism in the archive.
+ "--mtime=@0"
+ "--owner=root:0"
+ "--group=root:0"
+ "--sort=name"
+ chromium-dir)
+
+ #t)))))))))
+
+(define opus+custom
+ (package/inherit opus
+ (name "opus+custom")
+ (arguments
+ (substitute-keyword-arguments (package-arguments opus)
+ ((#:configure-flags flags ''())
+ ;; Opus Custom is an optional extension of the Opus
+ ;; specification that allows for unsupported frame
+ ;; sizes. Chromium requires that this is enabled.
+ `(cons "--enable-custom-modes"
+ ,flags))))))
+
+(define libvpx/chromium
+ ;; Chromium 66 and later requires an unreleased libvpx, so we take the
+ ;; commit from "third_party/libvpx/README.chromium" in the tarball.
+ (let ((version (package-version libvpx))
+ (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
+ (revision "0"))
+ (package/inherit libvpx
+ (name "libvpx-chromium")
+ (version (git-version version revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://chromium.googlesource.com/webm/libvpx")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
+
+;; Transitional package until HarfBuzz 2.2 is available in Guix master branch.
+(define harfbuzz/chromium
+ (package/inherit harfbuzz
+ (version "2.2.0")
+ (source (origin
+ (inherit (package-source harfbuzz))
+ (uri (string-append "https://www.freedesktop.org/software/harfbuzz"
+ "/release/harfbuzz-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
+
+(define-public ungoogled-chromium
+ (package
+ (name "ungoogled-chromium")
+ (version %chromium-version)
+ (synopsis "Graphical web browser")
+ (source ungoogled-chromium-source)
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f
+ ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+ ;; it overrides the RUNPATH set by the linker.
+ #:validate-runpath? #f
+ #:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (ice-9 ftw)
+ (ice-9 regex)
+ (srfi srfi-26))
+ #:configure-flags
+ ;; See tools/gn/docs/cookbook.md and
+ ;; https://www.chromium.org/developers/gn-build-configuration
+ ;; for usage. Run "./gn args . --list" in the Release
+ ;; directory for an exhaustive list of supported flags.
+ ;; (Note: The 'configure' phase will do that for you.)
+ (list "is_debug=false"
+ "use_gold=false"
+ "use_lld=false"
+ "linux_use_bundled_binutils=false"
+ "use_custom_libcxx=false"
+ "use_sysroot=false"
+ "enable_precompiled_headers=false"
+ "goma_dir=\"\""
+ "enable_nacl=false"
+ "enable_nacl_nonsfi=false"
+ "use_allocator=\"none\"" ;don't use tcmalloc
+ "use_unofficial_version_number=false"
+
+ ;; Define a custom toolchain that simply looks up CC, AR and
+ ;; friends from the environment.
+ "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+ "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+ ;; Don't assume it's clang.
+ "is_clang=false"
+
+ ;; Optimize for building everything at once, as opposed to
+ ;; incrementally for development. See "docs/jumbo.md".
+ "use_jumbo_build=true"
+
+ ;; Disable type-checking for the Web UI to avoid a Java dependency.
+ "closure_compile=false"
+
+ ;; Disable debugging features to save space.
+ "blink_symbol_level=0"
+ "enable_iterator_debugging=false"
+
+ ;; Some of the unbundled libraries throws deprecation
+ ;; warnings, etc. Ignore it.
+ "treat_warnings_as_errors=false"
+
+ ;; Don't add any API keys. End users can set them in the
+ ;; environment if desired. See
+ ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+ "use_official_google_api_keys=false"
+
+ ;; Disable "safe browsing", which pulls in a dependency on
+ ;; the nonfree "unrar" program (as of m66).
+ "safe_browsing_mode=0"
+
+ ;; Disable "field trials".
+ "fieldtrial_testing_like_official_build=true"
+
+ ;; Ungoogled components.
+ "enable_mdns=false"
+ "enable_one_click_signin=false"
+ "enable_reading_list=false"
+ "enable_remoting=false"
+ "enable_reporting=false"
+ "enable_service_discovery=false"
+ "enable_swiftshader=false"
+ "use_vaapi=true"
+
+ ;; Use system libraries where possible.
+ "use_system_freetype=true"
+ "use_system_harfbuzz=true"
+ "use_system_lcms2=true"
+ "use_system_libdrm=true"
+ "use_system_libjpeg=true"
+ "use_system_libpng=true"
+ ;;"use_system_libsync=true"
+ "use_system_zlib=true"
+
+ "use_gnome_keyring=false" ;deprecated by libsecret
+ "use_openh264=true"
+ "use_pulseaudio=true"
+ "link_pulseaudio=true"
+
+ ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+ "proprietary_codecs=true"
+ "ffmpeg_branding=\"Chrome\""
+
+ ;; WebRTC stuff.
+ "rtc_use_h264=true"
+ ;; Don't use bundled sources.
+ "rtc_build_json=false"
+ "rtc_build_libevent=false"
+ "rtc_build_libvpx=false"
+ "rtc_build_opus=false"
+ "rtc_build_ssl=false"
+
+ "rtc_build_libsrtp=true" ;FIXME: fails to find headers
+ "rtc_build_usrsctp=true" ;TODO: package this
+ (string-append "rtc_jsoncpp_root=\""
+ (assoc-ref %build-inputs "jsoncpp")
+ "/include/jsoncpp/json\"")
+ (string-append "rtc_ssl_root=\""
+ (assoc-ref %build-inputs "openssl")
+ "/include/openssl\""))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-stuff
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "printing/cups_config_helper.py"
+ (("cups_config =.*")
+ (string-append "cups_config = '" (assoc-ref inputs "cups")
+ "/bin/cups-config'\n")))
+
+ (substitute*
+ '("base/process/launch_posix.cc"
+ "base/third_party/dynamic_annotations/dynamic_annotations.c"
+ "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+ "sandbox/linux/services/credentials.cc"
+ "sandbox/linux/services/namespace_utils.cc"
+ "sandbox/linux/services/syscall_wrappers.cc"
+ "sandbox/linux/syscall_broker/broker_host.cc")
+ (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+ (for-each (lambda (file)
+ (substitute* file
+ ;; Fix opus include path.
+ ;; Do not substitute opus_private.h.
+ (("#include \"opus\\.h\"")
+ "#include \"opus/opus.h\"")
+ (("#include \"opus_custom\\.h\"")
+ "#include \"opus/opus_custom.h\"")
+ (("#include \"opus_defines\\.h\"")
+ "#include \"opus/opus_defines.h\"")
+ (("#include \"opus_multistream\\.h\"")
+ "#include \"opus/opus_multistream.h\"")
+ (("#include \"opus_types\\.h\"")
+ "#include \"opus/opus_types.h\"")))
+ (find-files (string-append "third_party/webrtc/modules"
+ "/audio_coding/codecs/opus")))
+
+ (substitute* "chrome/common/chrome_paths.cc"
+ (("/usr/share/chromium/extensions")
+ ;; TODO: Add ~/.guix-profile.
+ "/run/current-system/profile/share/chromium/extensions"))
+
+ ;; XXX: Should be unnecessary when use_system_lcms2=true.
+ (substitute* "third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
+ (("include \"third_party/lcms/include/lcms2\\.h\"")
+ "include \"lcms2.h\""))
+
+ (substitute*
+ "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+ (("include \"third_party/curl") "include \"curl"))
+
+ (substitute* "third_party/webrtc/rtc_base/strings/json.h"
+ (("#include \"third_party/jsoncpp/") "#include \"json/"))
+
+ (substitute* "media/base/decode_capabilities.cc"
+ (("third_party/libvpx/source/libvpx/") ""))
+
+ (substitute* "ui/gfx/skia_util.h"
+ (("third_party/vulkan/include/") ""))
+
+ ;; Building chromedriver embeds some files using the ZIP
+ ;; format which doesn't support timestamps before
+ ;; 1980. Therefore, advance the timestamps of the files
+ ;; which are included so that building chromedriver
+ ;; works.
+ (let ((circa-1980 (* 10 366 24 60 60)))
+ (for-each (lambda (file)
+ (utime file circa-1980 circa-1980))
+ '("chrome/test/chromedriver/extension/background.js"
+ "chrome/test/chromedriver/extension/manifest.json")))
+
+ #t))
+ (add-before 'configure 'prepare-build-environment
+ (lambda* (#:key inputs #:allow-other-keys)
+
+ ;; Make sure the right build tools are used.
+ (setenv "AR" "ar") (setenv "NM" "nm")
+ (setenv "CC" "gcc") (setenv "CXX" "g++")
+
+ ;; Work around <https://bugs.gnu.org/30756>.
+ (unsetenv "C_INCLUDE_PATH")
+ (unsetenv "CPLUS_INCLUDE_PATH")
+
+ ;; TODO: pre-compile instead. Avoids a race condition.
+ (setenv "PYTHONDONTWRITEBYTECODE" "1")
+
+ ;; XXX: How portable is this.
+ (mkdir-p "third_party/node/linux/node-linux-x64")
+ (symlink (string-append (assoc-ref inputs "node") "/bin")
+ "third_party/node/linux/node-linux-x64/bin")
+
+ #t))
+ (replace 'configure
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (let ((args (string-join configure-flags " ")))
+ ;; Generate ninja build files.
+ (invoke "gn" "gen" "out/Release"
+ (string-append "--args=" args))
+
+ ;; Print the full list of supported arguments as well as
+ ;; their current status for convenience.
+ (format #t "Dumping configure flags...\n")
+ (invoke "gn" "args" "out/Release" "--list"))))
+ (replace 'build
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "ninja" "-C" "out/Release"
+ "-j" (number->string (parallel-job-count))
+ "chrome"
+ "chromedriver")))
+ (replace 'install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (exe (string-append bin "/chromium"))
+ (lib (string-append out "/lib"))
+ (man (string-append out "/share/man/man1"))
+ (applications (string-append out "/share/applications"))
+ (install-regexp (make-regexp "\\.(bin|pak)$"))
+ (locales (string-append lib "/locales"))
+ (resources (string-append lib "/resources"))
+ (preferences (assoc-ref inputs "master-preferences"))
+ (gtk+ (assoc-ref inputs "gtk+"))
+ (mesa (assoc-ref inputs "mesa"))
+ (nss (assoc-ref inputs "nss"))
+ (udev (assoc-ref inputs "udev"))
+ (sh (which "sh")))
+
+ (substitute* '("chrome/app/resources/manpage.1.in"
+ "chrome/installer/linux/common/desktop.template")
+ (("@@MENUNAME@@") "Chromium")
+ (("@@PACKAGE@@") "chromium")
+ (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+
+ (mkdir-p man)
+ (copy-file "chrome/app/resources/manpage.1.in"
+ (string-append man "/chromium.1"))
+
+ (mkdir-p applications)
+ (copy-file "chrome/installer/linux/common/desktop.template"
+ (string-append applications "/chromium.desktop"))
+
+ (mkdir-p lib)
+ (copy-file preferences (string-append lib "/master_preferences"))
+
+ (with-directory-excursion "out/Release"
+ (for-each (lambda (file)
+ (install-file file lib))
+ (scandir "." (cut regexp-exec install-regexp <>)))
+ (copy-file "chrome" (string-append lib "/chromium"))
+
+ ;; TODO: Install icons from "../../chrome/app/themes" into
+ ;; "out/share/icons/hicolor/$size".
+ (install-file
+ "product_logo_48.png"
+ (string-append out "/share/icons/48x48/chromium.png"))
+
+ (copy-recursively "locales" locales)
+ (copy-recursively "resources" resources)
+
+ (mkdir-p bin)
+ (symlink "../lib/chromium" exe)
+ (install-file "chromedriver" bin)
+
+ (wrap-program exe
+ ;; TODO: Get these in RUNPATH.
+ `("LD_LIBRARY_PATH" ":" prefix
+ (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+ mesa "/lib:" udev "/lib")))
+ ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+ `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+ #t)))))))
+ (native-inputs
+ `(("bison" ,bison)
+ ("gcc" ,gcc-8)
+ ("gn" ,gn)
+ ("gperf" ,gperf)
+ ("ninja" ,ninja)
+ ("node" ,node)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)
+ ("yasm" ,yasm)
+
+ ;; This file contains defaults for new user profiles.
+ ("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
+
+ ("python-beautifulsoup4" ,python2-beautifulsoup4)
+ ("python-html5lib" ,python2-html5lib)
+ ("python" ,python-2)))
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("atk" ,atk)
+ ("cups" ,cups)
+ ("curl" ,curl)
+ ("dbus" ,dbus)
+ ("dbus-glib" ,dbus-glib)
+ ("expat" ,expat)
+ ("flac" ,flac)
+ ("ffmpeg" ,ffmpeg)
+ ("fontconfig" ,fontconfig)
+ ("freetype" ,freetype)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("glib" ,glib)
+ ("gtk+" ,gtk+)
+ ("harfbuzz" ,harfbuzz/chromium)
+ ("icu4c" ,icu4c)
+ ("jsoncpp" ,jsoncpp)
+ ("lcms" ,lcms)
+ ("libevent" ,libevent)
+ ("libffi" ,libffi)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ("libpng" ,libpng)
+ ("libva" ,libva)
+ ("libvpx" ,libvpx/chromium)
+ ("libwebp" ,libwebp)
+ ("libx11" ,libx11)
+ ("libxcb" ,libxcb)
+ ("libxcomposite" ,libxcomposite)
+ ("libxcursor" ,libxcursor)
+ ("libxdamage" ,libxdamage)
+ ("libxext" ,libxext)
+ ("libxfixes" ,libxfixes)
+ ("libxi" ,libxi)
+ ("libxml2" ,libxml2)
+ ("libxrandr" ,libxrandr)
+ ("libxrender" ,libxrender)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxslt" ,libxslt)
+ ("libxtst" ,libxtst)
+ ("mesa" ,mesa)
+ ("minizip" ,minizip)
+ ("mit-krb5" ,mit-krb5)
+ ("nss" ,nss)
+ ("openh264" ,openh264)
+ ("openjpeg" ,openjpeg) ;PDFium only
+ ("openssl" ,openssl)
+ ("opus" ,opus+custom)
+ ("pango" ,pango)
+ ("pciutils" ,pciutils)
+ ("pulseaudio" ,pulseaudio)
+ ("re2" ,re2)
+ ("snappy" ,snappy)
+ ("speech-dispatcher" ,speech-dispatcher)
+ ("udev" ,eudev)
+ ("valgrind" ,valgrind)
+ ("vulkan-headers" ,vulkan-headers)))
+ (home-page "https://www.chromium.org/")
+ (description
+ "Ungoogled-Chromium is the Chromium web browser, sans integration with
+Google web services.")
+ ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+ ;; components with other licenses. For full information, see chrome://credits.
+ (license (list license:bsd-3
+ license:bsd-2
+ license:expat
+ license:asl2.0
+ license:mpl1.1
+ license:mpl2.0
+ license:public-domain
+ license:isc
+ (license:non-copyleft "chrome://credits"
+ "See chrome://credits for more information.")
+ license:lgpl2.1+))))
--
2.20.1
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sun, 03 Feb 2019 20:22:02 GMT) Full text and rfc822 format available.Message #293 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Amin Bandali <bandali <at> gnu.org> To: Marius Bakke <mbakke <at> fastmail.com> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, bill-auger <bill-auger <at> peers.community> Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Sun, 03 Feb 2019 15:21:08 -0500
Hello Marius, Thanks for your work patching and packaging ungoogled-chromium! I haven’t had a chance to have a closer look at your patch, but would you mind elaborating on the “* Free software only.” part of your stated feature-set and if/how it addresses licensing concerns raised previously e.g. by bill-auger here[1] with respect to the FSDG status of Chromium, as well as maintaining solidarity with other FSDG-complying distros? [1]: https://lists.gnu.org/r/guix-devel/2018-09/msg00264.html Best, amin
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 04:53:02 GMT) Full text and rfc822 format available.Message #296 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: bill-auger <bill-auger <at> peers.community> To: guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org, gnu-linux-libre <at> nongnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Sun, 3 Feb 2019 23:52:04 -0500
re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html i would like to remind readers of the guix-devel list that it was discussed some months ago, why no FSDG distros currently distribute chromium[1] - it appeared at that time, that most people in that discussion were in agreement that chromium should not be included in guix; and marius was instead hosting it in a private repo, as not to taint the main guix repos with dubious software - has there been a notable break-through since then? what is the evidence for this claim that this guix package is "free software only"? - what does "Marks beautiful computed-origin-method" do toward that end? - if a procedure for liberating any chromium-derived software has been discovered, this would be a marvelous accomplishment and very good news indeed, of which people outside of the guix dev team would also be interested to learn if the guix team has discovered some new information or has concocted a viable liberation recipe for chromium or any of it's offspring, then i hope that, for the benefit of all fellow Fosstopians, someone would present that information to the FSDG mailing list for review and discussion - it would be extra neighborly if that happened *before* offering this program to guix users, while fully knowing that the other FSDG distros are still intentionally suppressing it in solidarity again, i am totally indifferent as to whether anyone uses chromium or not - my only interest in this is that i would like to strengthen the FSDG by convincing FSDG distros to communicate and collaborate with each other, and to achieve consensus about common issues such as this, that clearly affect all distros equally; so that no one is compelled to ask "why does guixsd endorse that popular program if other FSDG distros reject it on principal?" - it is difficult enough to explain to users why these programs are rejected in the first place; but at least the way things are now, we can say that all FSDG distros are in agreement to err on the conservative side until a satisfactory liberation procedure is found and documented - currently, the documented liberation procedure is: "Remove program/package. Use GNU IceCat, or equivalent"[2] - if there is a better candidate procedure now, let us get it onto the table for discussion i would like to consider all FSDG distros as being part of a larger federation, sharing the same primary goals; but we cant all be reading all of the dev lists - let us communicate whenever applicable, in the common venue that exists for that purpose[3] - i tried enticing the folks on the guix team to do that previously - if there is indeed something new to announce regarding chromium's dubious FSDG status, please elect someone from guix to do so now - this would be very interesting news to the readers of that list, and your effort and/or accomplishment would be sincerely applauded - other FSDG distros would be happy (and some quite eager) to re-instate any of these chromium-derived packages if a consensus could be reached that any of them could be distributed 100% freely; but if all distros are to decide for themselves what is freely distributable and what is not, without evidence and without discussing it with the other FSDG distros nor the FSF, then the FSDG loses its teeth, and we all look wishy-washy and flakey on that, the main, central FSDG concern: which programs are freely distributable and which are not [1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html [2]: https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 05:53:01 GMT) Full text and rfc822 format available.Message #299 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: brettg <at> posteo.net To: bill-auger <bill-auger <at> peers.community> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, Guix-devel <guix-devel-bounces+brettg=posteo.net <at> gnu.org>, gnu-linux-libre <at> nongnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 04 Feb 2019 06:52:30 +0100
As always, I second Bill here. There is a lot of history behind the Chromium project that I think many of us are aware of. There, to my knowledge, remains to be a complete audit of the Chromium source. Such an audit is crucial for us to even know what is problematic and what is not when it comes to FSDG compliance. So, unless the ungoogled chromium project has done this audit successfully I remain a kind skeptic. On 04.02.2019 05:52, bill-auger wrote: > re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html > > i would like to remind readers of the guix-devel list that it was > discussed some months ago, why no FSDG distros currently distribute > chromium[1] - it appeared at that time, that most people in that > discussion were in agreement that chromium should not be included in > guix; and marius was instead hosting it in a private repo, as not to > taint the main guix repos with dubious software - has there been a > notable break-through since then? > > what is the evidence for this claim that this guix package is "free > software only"? - what does "Marks beautiful computed-origin-method" do > toward that end? - if a procedure for liberating any chromium-derived > software has been discovered, this would be a marvelous accomplishment > and very good news indeed, of which people outside of the guix dev team > would also be interested to learn > > if the guix team has discovered some new information or has concocted a > viable liberation recipe for chromium or any of it's offspring, then i > hope that, for the benefit of all fellow Fosstopians, someone would > present that information to the FSDG mailing list for review and > discussion - it would be extra neighborly if that happened *before* > offering this program to guix users, while fully knowing that the other > FSDG distros are still intentionally suppressing it in solidarity > > again, i am totally indifferent as to whether anyone uses chromium or > not - my only interest in this is that i would like to strengthen the > FSDG by convincing FSDG distros to communicate and collaborate with > each > other, and to achieve consensus about common issues such as this, that > clearly affect all distros equally; so that no one is compelled to ask > "why does guixsd endorse that popular program if other FSDG distros > reject it on principal?" - it is difficult enough to explain to users > why these programs are rejected in the first place; but at least the > way things are now, we can say that all FSDG distros are in agreement > to > err on the conservative side until a satisfactory liberation procedure > is found and documented - currently, the documented liberation > procedure is: "Remove program/package. Use GNU IceCat, or > equivalent"[2] - if there is a better candidate procedure now, let us > get it onto the table for discussion > > i would like to consider all FSDG distros as being part of a larger > federation, sharing the same primary goals; but we cant all be reading > all of the dev lists - let us communicate whenever applicable, in the > common venue that exists for that purpose[3] - i tried enticing the > folks on the guix team to do that previously - if there is indeed > something new to announce regarding chromium's dubious FSDG status, > please elect someone from guix to do so now - this would be very > interesting news to the readers of that list, and your effort and/or > accomplishment would be sincerely applauded - other FSDG distros would > be happy (and some quite eager) to re-instate any of these > chromium-derived packages if a consensus could be reached that any of > them could be distributed 100% freely; but if all distros are to decide > for themselves what is freely distributable and what is not, without > evidence and without discussing it with the other FSDG distros nor the > FSF, then the FSDG loses its teeth, and we all look wishy-washy and > flakey on that, the main, central FSDG concern: which programs are > freely distributable and which are not > > > [1]: > https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html > [2]: > https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser > [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 07:47:01 GMT) Full text and rfc822 format available.Message #302 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Ineiev <ineiev <at> gnu.org> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 4 Feb 2019 02:46:30 -0500
[Message part 1 (text/plain, inline)]
On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote: > FSF, then the FSDG loses its teeth, and we all look wishy-washy and > flakey on that, the main, central FSDG concern: which programs are > freely distributable and which are not I don't think the main FSDG concern is which programs are freely distributable, and even which programs are free; IMHO it is, "a free system distribution must not steer users towards obtaining any nonfree information for practical use."
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 13:47:02 GMT) Full text and rfc822 format available.Message #305 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: bill-auger <bill-auger <at> peers.community> Cc: 28004 <at> debbugs.gnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 4 Feb 2019 14:46:38 +0100
[Message part 1 (text/plain, inline)]
On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote: > what is the evidence for this claim that this guix package is "free > software only"? - what does "Marks beautiful computed-origin-method" do > toward that end? - if a procedure for liberating any chromium-derived > software has been discovered, this would be a marvelous accomplishment > and very good news indeed, of which people outside of the guix dev team > would also be interested to learn If you have a concrete example of a Chromium component that is not free software please list it in a reply-all this email. In general, if upstream developers say their software is released under a free software license by putting the license header in the repo or in the files, then we take them at their word.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 14:49:01 GMT) Full text and rfc822 format available.Message #308 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: bill-auger <bill-auger <at> peers.community> To: 28004 <at> debbugs.gnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 4 Feb 2019 09:47:54 -0500
On Mon, 4 Feb 2019 14:46:38 +0100 Leo wrote: > If you have a concrete example of a Chromium component that is not > free software please list it in a reply-all this email. this is not a discussion list i will apologize in advance for this length reply - i did not CC this list if you demand evidence you need look no further than the upstream itself - the upstream developers can not verify for themselves that their program is freely licensed; as evidenced by the 10 year old bug report on this issue that is still open https://bugs.chromium.org/p/chromium/issues/detail?id=28291 the default copy permissions for every copyrighted work is "none" - in order for that work be be set free, the author must very explicitly label it as such, and try their very best to ensure that their formal statement of permission follows along with any copies of it - because if that permission is missing, or difficult to locate or to comprehend, there is no reason to assume the work is freely distributable i would hope that i would not need to explain that to a member of GNU the burden of proof is not upon the one who claims that the default case applies, it is upon the one who claims that some special case applies and anyway - let me please repeat this one more time - i have no desire to defend nor condemn this particular program - this has been discussed ad nauseam for many years - all that i intend today is to entice the guix developers to communicate with the other FSDG distros and the FSF to reach a uniform consensus on the matter - rather than to see guix choose to distribute it, while all other FSDG distros are in agreement not to distribute it
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 15:35:07 GMT) Full text and rfc822 format available.Message #311 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Julie Marchant <onpon4 <at> riseup.net> To: guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 4 Feb 2019 07:26:59 -0500
On 02/03/2019 11:52 PM, bill-auger wrote: > re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html > > i would like to remind readers of the guix-devel list that it was > discussed some months ago, why no FSDG distros currently distribute > chromium[1] - it appeared at that time, that most people in that > discussion were in agreement that chromium should not be included in > guix; and marius was instead hosting it in a private repo, as not to > taint the main guix repos with dubious software - has there been a > notable break-through since then? > > what is the evidence for this claim that this guix package is "free > software only"? - what does "Marks beautiful computed-origin-method" do > toward that end? - if a procedure for liberating any chromium-derived > software has been discovered, this would be a marvelous accomplishment > and very good news indeed, of which people outside of the guix dev team > would also be interested to learn > > if the guix team has discovered some new information or has concocted a > viable liberation recipe for chromium or any of it's offspring, then i > hope that, for the benefit of all fellow Fosstopians, someone would > present that information to the FSDG mailing list for review and > discussion - it would be extra neighborly if that happened *before* > offering this program to guix users, while fully knowing that the other > FSDG distros are still intentionally suppressing it in solidarity > > again, i am totally indifferent as to whether anyone uses chromium or > not - my only interest in this is that i would like to strengthen the > FSDG by convincing FSDG distros to communicate and collaborate with each > other, and to achieve consensus about common issues such as this, that > clearly affect all distros equally; so that no one is compelled to ask > "why does guixsd endorse that popular program if other FSDG distros > reject it on principal?" - it is difficult enough to explain to users > why these programs are rejected in the first place; but at least the > way things are now, we can say that all FSDG distros are in agreement to > err on the conservative side until a satisfactory liberation procedure > is found and documented - currently, the documented liberation > procedure is: "Remove program/package. Use GNU IceCat, or > equivalent"[2] - if there is a better candidate procedure now, let us > get it onto the table for discussion > > i would like to consider all FSDG distros as being part of a larger > federation, sharing the same primary goals; but we cant all be reading > all of the dev lists - let us communicate whenever applicable, in the > common venue that exists for that purpose[3] - i tried enticing the > folks on the guix team to do that previously - if there is indeed > something new to announce regarding chromium's dubious FSDG status, > please elect someone from guix to do so now - this would be very > interesting news to the readers of that list, and your effort and/or > accomplishment would be sincerely applauded - other FSDG distros would > be happy (and some quite eager) to re-instate any of these > chromium-derived packages if a consensus could be reached that any of > them could be distributed 100% freely; but if all distros are to decide > for themselves what is freely distributable and what is not, without > evidence and without discussing it with the other FSDG distros nor the > FSF, then the FSDG loses its teeth, and we all look wishy-washy and > flakey on that, the main, central FSDG concern: which programs are > freely distributable and which are not > > > [1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html > [2]: > https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser > [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre Sorry, I didn't notice that this thread was on multiple lists, so when I hit "Reply List" it only went to the GNU-linux-libre list. Sending a copy to the other lists; sorry for the messiness. I'm not sure if I've mentioned it on the GNU-linux-libre list before, but I have never seen any actual evidence of the current version of Chromium containing proprietary components. It's an unreasonable standard to demand proof that programs are libre. That's an impossible thing to prove. If someone points out, as I have many times, "I have looked through Chromium's code and not found a single proprietary program," someone can simply say that they didn't look hard enough. That LibrePlanet page, by the way, is not evidence of Chromium containing proprietary components. It claims such, but the only evidence provided is a copyright file that clearly indicates a libre license, and a bug report about not passing a license checking script, which I might add is also not proof of any program being proprietary. Not to mention, this is from over eight years ago. Should distro maintainers also take the outdated recommendation to remove Project: Starfighter from that page at face value, despite the fact that I released a completely libre version almost four years ago? The point is, that's a wiki page sporadically maintained by volunteers. It's a possible starting point (though to be honest I'm not so sure it's even useful for that), but not an indication of the GNU FSDG gold standard, so to speak. -- Julie Marchant http://onpon4.github.io Encrypt your emails with GnuPG: https://emailselfdefense.fsf.org
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Mon, 04 Feb 2019 22:35:02 GMT) Full text and rfc822 format available.Message #314 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: bill-auger <bill-auger <at> peers.community> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, gnu-linux-libre <at> nongnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Mon, 04 Feb 2019 23:34:45 +0100
Hi bill-auger, bill-auger <bill-auger <at> peers.community> skribis: > re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html > > i would like to remind readers of the guix-devel list that it was > discussed some months ago, why no FSDG distros currently distribute > chromium[1] - it appeared at that time, that most people in that > discussion were in agreement that chromium should not be included in > guix; and marius was instead hosting it in a private repo, as not to > taint the main guix repos with dubious software - has there been a > notable break-through since then? It’s not entirely clear to me what the problems are, to be honest. Marius listed specific issues that were addressed by the patches; others then pointed out at additional issues that ungoogled-chromium fixes, which Marius took into account; what’s left now? I understand you’re skeptical about Chromium, but we cannot base decisions based on vague skepticism. If you know of issues that are still unaddressed, please do list them. I’d also like to stress that, if Chromium is eventually included in Guix, we are committed to fixing it or removing it should someone later discover that it does not comply with the FSDG (that’s the “Commitment to Correct Mistakes” section of FSDG.) > i would like to consider all FSDG distros as being part of a larger > federation, sharing the same primary goals; As you know, several of us have occasionally asked for advice on the gnu-linux-libre list regarding concrete issues that we encountered (a recent example was Inferno, which we ended up not adding to the distro due to unresolved issues.) I believe Marius and others here made a real effort in understanding and addressing the ways in which Chromium would not comply with the FSDG. If you’re aware of issues that are unaddressed, please share! Thank you, Ludo’.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 05 Feb 2019 05:24:01 GMT) Full text and rfc822 format available.Message #317 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: swedebugia <swedebugia <at> riseup.net> To: guix-patches <at> gnu.org, Marius Bakke <mbakke <at> fastmail.com>, guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [bug#28004] [PATCH] gnu: Add ungoogled-chromium. Date: Tue, 05 Feb 2019 06:22:44 +0100
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> skrev: (2 februari 2019 20:20:23 CET)
>Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
>is finally ready for inclusion in Guix.
>
>Features:
>* Chromium 72.
>* No unsolicited network traffic.
>* Free software only.
>* No DRM.
>* Not an April Fools joke.
>
>It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
>will be upstreamed once the upstream reorganization[1] is done.
>
>Comments appreciated!
>
>[0]:
>https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
>[1]: https://github.com/Eloston/ungoogled-chromium/issues/651
>
>* gnu/packages/aux-files/chromium/master-preferences.json,
>gnu/packages/chromium.scm: New files.
>* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
>---
> gnu/local.mk | 1 +
> .../chromium/master-preferences.json | 26 +
> gnu/packages/chromium.scm | 741 ++++++++++++++++++
> 3 files changed, 768 insertions(+)
>create mode 100644
>gnu/packages/aux-files/chromium/master-preferences.json
> create mode 100644 gnu/packages/chromium.scm
>
>diff --git a/gnu/local.mk b/gnu/local.mk
>index 82db1488d6..b5e937cdd7 100644
>--- a/gnu/local.mk
>+++ b/gnu/local.mk
>@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/check.scm \
> %D%/packages/chemistry.scm \
> %D%/packages/chez.scm \
>+ %D%/packages/chromium.scm \
> %D%/packages/ci.scm \
> %D%/packages/cinnamon.scm \
> %D%/packages/clojure.scm \
>diff --git a/gnu/packages/aux-files/chromium/master-preferences.json
>b/gnu/packages/aux-files/chromium/master-preferences.json
>new file mode 100644
>index 0000000000..0caa7cc4cd
>--- /dev/null
>+++ b/gnu/packages/aux-files/chromium/master-preferences.json
>@@ -0,0 +1,26 @@
>+{
>+ "distribution": {
>+ "import_bookmarks": false,
>+ "make_chrome_default": false,
>+ "make_chrome_default_for_user": false,
>+ "verbose_logging": true,
>+ "skip_first_run_ui": true,
>+ "suppress_first_run_default_browser_prompt": true
>+ },
>+ "browser": {
>+ "has_seen_welcome_page" : true,
>+ "check_default_browser" : false
>+ },
>+ "dns_prefetching": {
>+ "enabled": false
>+ },
>+ "alternate_error_pages": {
>+ "enabled": false
>+ },
>+ "hardware": {
>+ "audio_capture_enabled": false
>+ },
>+ "default_apps": "noinstall",
>+ "hide_web_store_icon": true,
>+ "homepage": "https://www.gnu.org/software/guix"
>+}
>diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
>new file mode 100644
>index 0000000000..eb404246d3
>--- /dev/null
>+++ b/gnu/packages/chromium.scm
>@@ -0,0 +1,741 @@
>+;;; GNU Guix --- Functional package management for GNU
>+;;; Copyright © 2019 Marius Bakke <mbakke <at> fastmail.com>
>+;;;
>+;;; GNU Guix is free software; you can redistribute it and/or modify
>it
>+;;; under the terms of the GNU General Public License as published by
>+;;; the Free Software Foundation; either version 3 of the License, or
>(at
>+;;; your option) any later version.
>+;;;
>+;;; GNU Guix is distributed in the hope that it will be useful, but
>+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
>+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>+;;; GNU General Public License for more details.
>+;;;
>+;;; You should have received a copy of the GNU General Public License
>+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
>+
>+(define-module (gnu packages chromium)
>+ #:use-module ((guix licenses) #:prefix license:)
>+ #:use-module (guix packages)
>+ #:use-module (guix gexp)
>+ #:use-module (guix store)
>+ #:use-module (guix monads)
>+ #:use-module (guix download)
>+ #:use-module (guix git-download)
>+ #:use-module (guix utils)
>+ #:use-module (guix build-system gnu)
>+ #:use-module (gnu packages)
>+ #:use-module (gnu packages assembly)
>+ #:use-module (gnu packages base)
>+ #:use-module (gnu packages bison)
>+ #:use-module (gnu packages build-tools)
>+ #:use-module (gnu packages compression)
>+ #:use-module (gnu packages cups)
>+ #:use-module (gnu packages curl)
>+ #:use-module (gnu packages fontutils)
>+ #:use-module (gnu packages gcc)
>+ #:use-module (gnu packages ghostscript)
>+ #:use-module (gnu packages gl)
>+ #:use-module (gnu packages glib)
>+ #:use-module (gnu packages gnome)
>+ #:use-module (gnu packages gnuzilla)
>+ #:use-module (gnu packages gperf)
>+ #:use-module (gnu packages gtk)
>+ #:use-module (gnu packages icu4c)
>+ #:use-module (gnu packages image)
>+ #:use-module (gnu packages libevent)
>+ #:use-module (gnu packages libffi)
>+ #:use-module (gnu packages linux)
>+ #:use-module (gnu packages kerberos)
>+ #:use-module (gnu packages ninja)
>+ #:use-module (gnu packages node)
>+ #:use-module (gnu packages pciutils)
>+ #:use-module (gnu packages pkg-config)
>+ #:use-module (gnu packages pulseaudio)
>+ #:use-module (gnu packages python)
>+ #:use-module (gnu packages python-web)
>+ #:use-module (gnu packages python-xyz)
>+ #:use-module (gnu packages regex)
>+ #:use-module (gnu packages serialization)
>+ #:use-module (gnu packages speech)
>+ #:use-module (gnu packages tls)
>+ #:use-module (gnu packages valgrind)
>+ #:use-module (gnu packages vulkan)
>+ #:use-module (gnu packages video)
>+ #:use-module (gnu packages xiph)
>+ #:use-module (gnu packages xml)
>+ #:use-module (gnu packages xdisorg)
>+ #:use-module (gnu packages xorg))
>+
>+(define %preserved-third-party-files
>+ '("base/third_party/dmg_fp" ;X11-style
>+ "base/third_party/dynamic_annotations" ;BSD-2
>+ "base/third_party/icu" ;Unicode, X11-style
>+ "base/third_party/superfasthash" ;BSD-3
>+ "base/third_party/symbolize" ;BSD-3
>+ "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
>+ "base/third_party/xdg_user_dirs" ;Expat
>+ "chrome/third_party/mozilla_security_manager"
>;MPL-1.1/GPL2+/LGPL2.1+
>+ "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
>+ "courgette/third_party/divsufsort" ;Expat
>+ "net/third_party/http2" ;BSD-3
>+ "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
>+ "net/third_party/nss" ;MPL-2.0
>+ "net/third_party/quic" ;BSD-3
>+ "net/third_party/spdy" ;BSD-3
>+ "net/third_party/uri_template" ;ASL2.0
>+ "third_party/abseil-cpp" ;ASL2.0
>+ "third_party/adobe/flash/flapper_version.h" ;no license, trivial
>+ "third_party/angle" ;BSD-3
>+ "third_party/angle/src/common/third_party/base" ;BSD-3
>+ "third_party/angle/src/common/third_party/smhasher" ;Public domain
>+ "third_party/angle/src/common/third_party/xxhash" ;BSD-2
>+ "third_party/angle/src/third_party/compiler" ;BSD-2
>+ "third_party/angle/src/third_party/libXNVCtrl" ;Expat
>+ "third_party/angle/src/third_party/trace_event" ;BSD-3
>+ "third_party/angle/third_party/glslang" ;BSD-3
>+ "third_party/angle/third_party/spirv-headers" ;Expat
>+ "third_party/angle/third_party/spirv-tools" ;Expat
>+ "third_party/angle/third_party/vulkan-headers" ;ASL2.0
>+ "third_party/angle/third_party/vulkan-loader" ;ASL2.0
>+ "third_party/angle/third_party/vulkan-tools" ;ASL2.0
>+ "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
>+ "third_party/apple_apsl" ;APSL2.0
>+ "third_party/blink" ;BSD-3
>+ "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
>+ "third_party/boringssl/src/third_party/fiat" ;Expat
>+ "third_party/breakpad" ;BSD-3
>+ "third_party/brotli" ;Expat
>+ "third_party/cacheinvalidation" ;ASL2.0
>+ "third_party/catapult" ;BSD-3
>+ "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
>;ASL2.0
>+ "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
>;ASL2.0
>+ "third_party/catapult/third_party/polymer" ;BSD-3
>+ "third_party/catapult/tracing/third_party/d3" ;BSD-3
>+ "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
>+ "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
>+ "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
>+ "third_party/catapult/tracing/third_party/oboe" ;BSD-2
>+ "third_party/catapult/tracing/third_party/pako" ;Expat
>+ "third_party/ced" ;BSD-3
>+ "third_party/cld_3" ;ASL2.0
>+ "third_party/closure_compiler" ;ASL2.0
>+ "third_party/crashpad" ;ASL2.0
>+ "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h"
>;Zlib
>+ "third_party/crc32c" ;BSD-3
>+ "third_party/cros_system_api" ;BSD-3
>+ "third_party/dom_distiller_js" ;BSD-3
>+ "third_party/fips181" ;BSD-3
>+ "third_party/flatbuffers" ;ASL2.0
>+ "third_party/google_input_tools" ;ASL2.0
>+ "third_party/google_input_tools/third_party/closure_library"
>;ASL2.0
>+
>"third_party/google_input_tools/third_party/closure_library/third_party/closure"
>;Expat
>+ "third_party/googletest" ;BSD-3
>+ "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
>+ "third_party/iccjpeg" ;IJG
>+ "third_party/inspector_protocol" ;BSD-3
>+ "third_party/jinja2" ;BSD-3
>+ "third_party/jstemplate" ;ASL2.0
>+ "third_party/khronos" ;Expat, SGI
>+ "third_party/leveldatabase" ;BSD-3
>+ "third_party/libXNVCtrl" ;Expat
>+ "third_party/libaddressinput" ;ASL2.0
>+ "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent
>License 1.0"
>+ "third_party/libaom/source/libaom/third_party/vector" ;Expat
>+ "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
>+ "third_party/libjingle_xmpp" ;BSD-3
>+ "third_party/libphonenumber" ;ASL2.0
>+ "third_party/libsecret" ;LGPL2.1+
>+ "third_party/libsrtp" ;BSD-3
>+ "third_party/libsync" ;ASL2.0
>+ "third_party/libudev" ;LGPL2.1+
>+ "third_party/libwebm" ;BSD-3
>+ "third_party/libxml/chromium" ;BSD-3
>+ "third_party/libyuv" ;BSD-3
>+ "third_party/lss" ;BSD-3
>+ "third_party/markupsafe" ;BSD-3
>+ "third_party/mesa_headers" ;Expat, SGI
>+ "third_party/metrics_proto" ;BSD-3
>+ "third_party/modp_b64" ;BSD-3
>+ "third_party/nasm" ;BSD-2
>+ "third_party/node" ;Expat
>+
>"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
>;BSD-2
>+ "third_party/ots" ;BSD-3
>+ "third_party/pdfium" ;BSD-3
>+ "third_party/pdfium/third_party/agg23" ;Expat
>+ "third_party/pdfium/third_party/base" ;BSD-3
>+ "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
>+ "third_party/pdfium/third_party/skia_shared" ;BSD-3
>+ "third_party/pdfium/third_party/freetype/include/pstables.h"
>;FreeType
>+ "third_party/ply" ;BSD-3
>+ "third_party/polymer" ;BSD-3
>+ "third_party/protobuf" ;BSD-3
>+ "third_party/protobuf/third_party/six" ;Expat
>+ "third_party/pyjson5" ;ASL2.0
>+ "third_party/qcms" ;Expat
>+ "third_party/rnnoise" ;BSD-3
>+ "third_party/s2cellid" ;ASL2.0
>+ "third_party/sfntly" ;ASL2.0
>+ "third_party/skia" ;BSD-3
>+ "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
>+ "third_party/skia/third_party/skcms" ;BSD-3
>+ "third_party/skia/third_party/vulkan" ;BSD-3
>+ "third_party/smhasher" ;Expat, public domain
>+ "third_party/speech-dispatcher" ;GPL2+
>+ "third_party/spirv-headers" ;ASL2.0
>+ "third_party/SPIRV-Tools" ;ASL2.0
>+ "third_party/sqlite" ;Public domain
>+ "third_party/ungoogled" ;BSD-3
>+ "third_party/usb_ids" ;BSD-3
>+ "third_party/usrsctp" ;BSD-2
>+ "third_party/web-animations-js" ;ASL2.0
>+ "third_party/webdriver" ;ASL2.0
>+ "third_party/webrtc" ;BSD-3
>+ "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
>+ "third_party/webrtc/common_audio/third_party/spl_sqrt_floor"
>;Public domain
>+ "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
>+ "third_party/webrtc/modules/third_party/g711" ;Public domain
>+ "third_party/webrtc/modules/third_party/g722" ;Public domain
>+ "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
>+ "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
>+ "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
>+ "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
>+ "third_party/woff2" ;ASL2.0
>+ "third_party/xdg-utils" ;Expat
>+ "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
>+ "third_party/zlib/google" ;BSD-3
>+ "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
>+ "v8/src/third_party/utf8-decoder" ;Expat
>+ "v8/src/third_party/valgrind" ;BSD-4
>+ "v8/third_party/inspector_protocol" ;BSD-3
>+ "v8/third_party/v8/builtins")) ;PSFL
>+
>+(define* (computed-origin-method gexp-promise hash-algo hash
>+ #:optional (name "source")
>+ #:key (system (%current-system))
>+ (guile (default-guile)))
>+ "Return a derivation that executes the G-expression that results
>+from forcing GEXP-PROMISE."
>+ (mlet %store-monad ((guile (package->derivation guile system)))
>+ (gexp->derivation (or name "computed-origin")
>+ (force gexp-promise)
>+ #:system system
>+ #:guile-for-build guile)))
>+
>+(define %chromium-version "72.0.3626.81")
>+(define %ungoogled-revision
>"f9b9074c322a67b04baf0982797cd7b7e09614b5")
>+
>+;; This is a computed origin that does the following:
>+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
>+;; 2) Prunes all third_party folders that are not explicitly
>preserved.
>+;; 3) Adjusts "GN" build files such that system libraries are
>preferred.
>+(define ungoogled-chromium-source
>+ (let* ((chromium-source
>+ (origin
>+ (method url-fetch)
>+ (uri (string-append
>"https://commondatastorage.googleapis.com"
>+ "/chromium-browser-official/chromium-"
>+ %chromium-version ".tar.xz"))
>+ (sha256
>+ (base32
>+
>"01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
>+ (ungoogled-source
>+ (origin
>+ (method git-fetch)
>+ (uri (git-reference (url
>"https://github.com/mbakke/ungoogled-chromium")
>+ (commit %ungoogled-revision)))
>+ (file-name (git-file-name "ungoogled-chromium"
>+ (string-take %ungoogled-revision
>7)))
>+ (sha256
>+ (base32
>+
>"0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
>+
>+ (origin
>+ (method computed-origin-method)
>+ (file-name (string-append "ungoogled-chromium-"
>%chromium-version ".tar.xz"))
>+ (sha256 #f)
>+ (uri
>+ (delay
>+ (with-imported-modules '((guix build utils))
>+ #~(begin
>+ (use-modules (guix build utils))
>+ (let ((chromium-dir (string-append "chromium-"
>#$%chromium-version))
>+ (preserved-files (list
>#$@%preserved-third-party-files)))
>+
>+ (mkdir "/tmp/bin")
>+ (set-path-environment-variable
>+ "PATH" '("bin")
>+ (list "/tmp"
>+ #+(canonical-package patch)
>+ #+(canonical-package xz)
>+ #+(canonical-package tar)
>+ #+python-2
>+ #+python))
>+
>+ (copy-recursively #+ungoogled-source
>"/tmp/ungoogled")
>+
>+ (with-directory-excursion "/tmp/ungoogled"
>+
>+ (format #t "Unpacking chromium tarball...~%")
>+ (force-output)
>+ (invoke "tar" "xf" #+chromium-source)
>+
>+ (format #t "Ungooglifying...~%")
>+ (force-output)
>+ (invoke "python3" "run_buildkit_cli.py" "prune"
>+ "-b" "config_bundles/guix" chromium-dir)
>+ (invoke "python3" "run_buildkit_cli.py" "patches"
>"apply"
>+ "-b" "config_bundles/guix" chromium-dir)
>+ (invoke "python3" "run_buildkit_cli.py" "domains"
>"apply"
>+ "-b" "config_bundles/linux_rooted"
>+ "-c" "/tmp/domainscache.tar.gz"
>chromium-dir)
>+
>+ (with-directory-excursion chromium-dir
>+ (format #t "Pruning third party files...~%")
>+ (force-output)
>+ (apply invoke "python"
>+
>"build/linux/unbundle/remove_bundled_libraries.py"
>+ "--do-remove" preserved-files)
>+
>+ (format #t "Replacing GN files...~%")
>+ (force-output)
>+ (invoke "python3"
>"build/linux/unbundle/replace_gn_files.py"
>+ "--system-libraries" "ffmpeg" "flac"
>"fontconfig"
>+ "freetype" "harfbuzz-ng" "icu" "libdrm"
>"libevent"
>+ "libjpeg" "libpng" "libvpx" "libwebp"
>"libxml"
>+ "libxslt" "openh264" "opus" "re2"
>"snappy" "yasm"
>+ "zlib"))
>+
>+ (format #t (string-append "Packing new Ungoogled
>tarball ...~%"))
>+ (force-output)
>+ (invoke "tar" "cvfa" #$output
>+ ;; Avoid non-determinism in the archive.
>+ "--mtime=@0"
>+ "--owner=root:0"
>+ "--group=root:0"
>+ "--sort=name"
>+ chromium-dir)
>+
>+ #t)))))))))
>+
>+(define opus+custom
>+ (package/inherit opus
>+ (name "opus+custom")
>+ (arguments
>+ (substitute-keyword-arguments (package-arguments opus)
>+ ((#:configure-flags flags ''())
>+ ;; Opus Custom is an optional extension of the Opus
>+ ;; specification that allows for unsupported frame
>+ ;; sizes. Chromium requires that this is enabled.
>+ `(cons "--enable-custom-modes"
>+ ,flags))))))
>+
>+(define libvpx/chromium
>+ ;; Chromium 66 and later requires an unreleased libvpx, so we take
>the
>+ ;; commit from "third_party/libvpx/README.chromium" in the tarball.
>+ (let ((version (package-version libvpx))
>+ (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
>+ (revision "0"))
>+ (package/inherit libvpx
>+ (name "libvpx-chromium")
>+ (version (git-version version revision commit))
>+ (source (origin
>+ (method git-fetch)
>+ (uri (git-reference
>+ (url
>"https://chromium.googlesource.com/webm/libvpx")
>+ (commit commit)))
>+ (file-name (git-file-name name version))
>+ (sha256
>+ (base32
>+
>"0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
>+
>+;; Transitional package until HarfBuzz 2.2 is available in Guix master
>branch.
>+(define harfbuzz/chromium
>+ (package/inherit harfbuzz
>+ (version "2.2.0")
>+ (source (origin
>+ (inherit (package-source harfbuzz))
>+ (uri (string-append
>"https://www.freedesktop.org/software/harfbuzz"
>+ "/release/harfbuzz-" version
>".tar.bz2"))
>+ (sha256
>+ (base32
>+
>"047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
>+
>+(define-public ungoogled-chromium
>+ (package
>+ (name "ungoogled-chromium")
>+ (version %chromium-version)
>+ (synopsis "Graphical web browser")
>+ (source ungoogled-chromium-source)
>+ (build-system gnu-build-system)
>+ (arguments
>+ `(#:tests? #f
>+ ;; FIXME: There is a "gn" option specifically for setting
>-rpath, but
>+ ;; it overrides the RUNPATH set by the linker.
>+ #:validate-runpath? #f
>+ #:modules ((guix build gnu-build-system)
>+ (guix build utils)
>+ (ice-9 ftw)
>+ (ice-9 regex)
>+ (srfi srfi-26))
>+ #:configure-flags
>+ ;; See tools/gn/docs/cookbook.md and
>+ ;; https://www.chromium.org/developers/gn-build-configuration
>+ ;; for usage. Run "./gn args . --list" in the Release
>+ ;; directory for an exhaustive list of supported flags.
>+ ;; (Note: The 'configure' phase will do that for you.)
>+ (list "is_debug=false"
>+ "use_gold=false"
>+ "use_lld=false"
>+ "linux_use_bundled_binutils=false"
>+ "use_custom_libcxx=false"
>+ "use_sysroot=false"
>+ "enable_precompiled_headers=false"
>+ "goma_dir=\"\""
>+ "enable_nacl=false"
>+ "enable_nacl_nonsfi=false"
>+ "use_allocator=\"none\"" ;don't use tcmalloc
>+ "use_unofficial_version_number=false"
>+
>+ ;; Define a custom toolchain that simply looks up CC, AR
>and
>+ ;; friends from the environment.
>+
>"custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+
>"host_toolchain=\"//build/toolchain/linux/unbundle:default\""
>+
>+ ;; Don't assume it's clang.
>+ "is_clang=false"
>+
>+ ;; Optimize for building everything at once, as opposed
>to
>+ ;; incrementally for development. See "docs/jumbo.md".
>+ "use_jumbo_build=true"
>+
>+ ;; Disable type-checking for the Web UI to avoid a Java
>dependency.
>+ "closure_compile=false"
>+
>+ ;; Disable debugging features to save space.
>+ "blink_symbol_level=0"
>+ "enable_iterator_debugging=false"
>+
>+ ;; Some of the unbundled libraries throws deprecation
>+ ;; warnings, etc. Ignore it.
>+ "treat_warnings_as_errors=false"
>+
>+ ;; Don't add any API keys. End users can set them in the
>+ ;; environment if desired. See
>+ ;;
><https://www.chromium.org/developers/how-tos/api-keys>.
>+ "use_official_google_api_keys=false"
>+
>+ ;; Disable "safe browsing", which pulls in a dependency
>on
>+ ;; the nonfree "unrar" program (as of m66).
>+ "safe_browsing_mode=0"
>+
>+ ;; Disable "field trials".
>+ "fieldtrial_testing_like_official_build=true"
>+
>+ ;; Ungoogled components.
>+ "enable_mdns=false"
>+ "enable_one_click_signin=false"
>+ "enable_reading_list=false"
>+ "enable_remoting=false"
>+ "enable_reporting=false"
>+ "enable_service_discovery=false"
>+ "enable_swiftshader=false"
>+ "use_vaapi=true"
>+
>+ ;; Use system libraries where possible.
>+ "use_system_freetype=true"
>+ "use_system_harfbuzz=true"
>+ "use_system_lcms2=true"
>+ "use_system_libdrm=true"
>+ "use_system_libjpeg=true"
>+ "use_system_libpng=true"
>+ ;;"use_system_libsync=true"
>+ "use_system_zlib=true"
>+
>+ "use_gnome_keyring=false" ;deprecated by libsecret
>+ "use_openh264=true"
>+ "use_pulseaudio=true"
>+ "link_pulseaudio=true"
>+
>+ ;; Don't arbitrarily restrict formats supported by system
>ffmpeg.
>+ "proprietary_codecs=true"
>+ "ffmpeg_branding=\"Chrome\""
>+
>+ ;; WebRTC stuff.
>+ "rtc_use_h264=true"
>+ ;; Don't use bundled sources.
>+ "rtc_build_json=false"
>+ "rtc_build_libevent=false"
>+ "rtc_build_libvpx=false"
>+ "rtc_build_opus=false"
>+ "rtc_build_ssl=false"
>+
>+ "rtc_build_libsrtp=true" ;FIXME: fails to find headers
>+ "rtc_build_usrsctp=true" ;TODO: package this
>+ (string-append "rtc_jsoncpp_root=\""
>+ (assoc-ref %build-inputs "jsoncpp")
>+ "/include/jsoncpp/json\"")
>+ (string-append "rtc_ssl_root=\""
>+ (assoc-ref %build-inputs "openssl")
>+ "/include/openssl\""))
>+ #:phases
>+ (modify-phases %standard-phases
>+ (add-after 'unpack 'patch-stuff
>+ (lambda* (#:key inputs #:allow-other-keys)
>+ (substitute* "printing/cups_config_helper.py"
>+ (("cups_config =.*")
>+ (string-append "cups_config = '" (assoc-ref inputs
>"cups")
>+ "/bin/cups-config'\n")))
>+
>+ (substitute*
>+ '("base/process/launch_posix.cc"
>+
>"base/third_party/dynamic_annotations/dynamic_annotations.c"
>+ "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
>+ "sandbox/linux/services/credentials.cc"
>+ "sandbox/linux/services/namespace_utils.cc"
>+ "sandbox/linux/services/syscall_wrappers.cc"
>+ "sandbox/linux/syscall_broker/broker_host.cc")
>+ (("include \"base/third_party/valgrind/") "include
>\"valgrind/"))
>+
>+ (for-each (lambda (file)
>+ (substitute* file
>+ ;; Fix opus include path.
>+ ;; Do not substitute opus_private.h.
>+ (("#include \"opus\\.h\"")
>+ "#include \"opus/opus.h\"")
>+ (("#include \"opus_custom\\.h\"")
>+ "#include \"opus/opus_custom.h\"")
>+ (("#include \"opus_defines\\.h\"")
>+ "#include \"opus/opus_defines.h\"")
>+ (("#include \"opus_multistream\\.h\"")
>+ "#include \"opus/opus_multistream.h\"")
>+ (("#include \"opus_types\\.h\"")
>+ "#include \"opus/opus_types.h\"")))
>+ (find-files (string-append
>"third_party/webrtc/modules"
>+
>"/audio_coding/codecs/opus")))
>+
>+ (substitute* "chrome/common/chrome_paths.cc"
>+ (("/usr/share/chromium/extensions")
>+ ;; TODO: Add ~/.guix-profile.
>+
>"/run/current-system/profile/share/chromium/extensions"))
>+
>+ ;; XXX: Should be unnecessary when use_system_lcms2=true.
>+ (substitute*
>"third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
>+ (("include \"third_party/lcms/include/lcms2\\.h\"")
>+ "include \"lcms2.h\""))
>+
>+ (substitute*
>+
>"third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
>+ (("include \"third_party/curl") "include \"curl"))
>+
>+ (substitute* "third_party/webrtc/rtc_base/strings/json.h"
>+ (("#include \"third_party/jsoncpp/") "#include
>\"json/"))
>+
>+ (substitute* "media/base/decode_capabilities.cc"
>+ (("third_party/libvpx/source/libvpx/") ""))
>+
>+ (substitute* "ui/gfx/skia_util.h"
>+ (("third_party/vulkan/include/") ""))
>+
>+ ;; Building chromedriver embeds some files using the ZIP
>+ ;; format which doesn't support timestamps before
>+ ;; 1980. Therefore, advance the timestamps of the files
>+ ;; which are included so that building chromedriver
>+ ;; works.
>+ (let ((circa-1980 (* 10 366 24 60 60)))
>+ (for-each (lambda (file)
>+ (utime file circa-1980 circa-1980))
>+
>'("chrome/test/chromedriver/extension/background.js"
>+
>"chrome/test/chromedriver/extension/manifest.json")))
>+
>+ #t))
>+ (add-before 'configure 'prepare-build-environment
>+ (lambda* (#:key inputs #:allow-other-keys)
>+
>+ ;; Make sure the right build tools are used.
>+ (setenv "AR" "ar") (setenv "NM" "nm")
>+ (setenv "CC" "gcc") (setenv "CXX" "g++")
>+
>+ ;; Work around <https://bugs.gnu.org/30756>.
>+ (unsetenv "C_INCLUDE_PATH")
>+ (unsetenv "CPLUS_INCLUDE_PATH")
>+
>+ ;; TODO: pre-compile instead. Avoids a race condition.
>+ (setenv "PYTHONDONTWRITEBYTECODE" "1")
>+
>+ ;; XXX: How portable is this.
>+ (mkdir-p "third_party/node/linux/node-linux-x64")
>+ (symlink (string-append (assoc-ref inputs "node") "/bin")
>+ "third_party/node/linux/node-linux-x64/bin")
>+
>+ #t))
>+ (replace 'configure
>+ (lambda* (#:key configure-flags #:allow-other-keys)
>+ (let ((args (string-join configure-flags " ")))
>+ ;; Generate ninja build files.
>+ (invoke "gn" "gen" "out/Release"
>+ (string-append "--args=" args))
>+
>+ ;; Print the full list of supported arguments as well
>as
>+ ;; their current status for convenience.
>+ (format #t "Dumping configure flags...\n")
>+ (invoke "gn" "args" "out/Release" "--list"))))
>+ (replace 'build
>+ (lambda* (#:key outputs #:allow-other-keys)
>+ (invoke "ninja" "-C" "out/Release"
>+ "-j" (number->string (parallel-job-count))
>+ "chrome"
>+ "chromedriver")))
>+ (replace 'install
>+ (lambda* (#:key inputs outputs #:allow-other-keys)
>+ (let* ((out (assoc-ref outputs "out"))
>+ (bin (string-append out "/bin"))
>+ (exe (string-append bin "/chromium"))
>+ (lib (string-append out "/lib"))
>+ (man (string-append out
>"/share/man/man1"))
>+ (applications (string-append out
>"/share/applications"))
>+ (install-regexp (make-regexp "\\.(bin|pak)$"))
>+ (locales (string-append lib "/locales"))
>+ (resources (string-append lib "/resources"))
>+ (preferences (assoc-ref inputs
>"master-preferences"))
>+ (gtk+ (assoc-ref inputs "gtk+"))
>+ (mesa (assoc-ref inputs "mesa"))
>+ (nss (assoc-ref inputs "nss"))
>+ (udev (assoc-ref inputs "udev"))
>+ (sh (which "sh")))
>+
>+ (substitute* '("chrome/app/resources/manpage.1.in"
>+
>"chrome/installer/linux/common/desktop.template")
>+ (("@@MENUNAME@@") "Chromium")
>+ (("@@PACKAGE@@") "chromium")
>+ (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
>+
>+ (mkdir-p man)
>+ (copy-file "chrome/app/resources/manpage.1.in"
>+ (string-append man "/chromium.1"))
>+
>+ (mkdir-p applications)
>+ (copy-file
>"chrome/installer/linux/common/desktop.template"
>+ (string-append applications
>"/chromium.desktop"))
>+
>+ (mkdir-p lib)
>+ (copy-file preferences (string-append lib
>"/master_preferences"))
>+
>+ (with-directory-excursion "out/Release"
>+ (for-each (lambda (file)
>+ (install-file file lib))
>+ (scandir "." (cut regexp-exec
>install-regexp <>)))
>+ (copy-file "chrome" (string-append lib "/chromium"))
>+
>+ ;; TODO: Install icons from "../../chrome/app/themes"
>into
>+ ;; "out/share/icons/hicolor/$size".
>+ (install-file
>+ "product_logo_48.png"
>+ (string-append out
>"/share/icons/48x48/chromium.png"))
>+
>+ (copy-recursively "locales" locales)
>+ (copy-recursively "resources" resources)
>+
>+ (mkdir-p bin)
>+ (symlink "../lib/chromium" exe)
>+ (install-file "chromedriver" bin)
>+
>+ (wrap-program exe
>+ ;; TODO: Get these in RUNPATH.
>+ `("LD_LIBRARY_PATH" ":" prefix
>+ (,(string-append lib ":" nss "/lib/nss:" gtk+
>"/lib:"
>+ mesa "/lib:" udev "/lib")))
>+ ;; Avoid file manager crash. See
><https://bugs.gnu.org/26593>.
>+ `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+
>"/share"))))
>+ #t)))))))
>+ (native-inputs
>+ `(("bison" ,bison)
>+ ("gcc" ,gcc-8)
>+ ("gn" ,gn)
>+ ("gperf" ,gperf)
>+ ("ninja" ,ninja)
>+ ("node" ,node)
>+ ("pkg-config" ,pkg-config)
>+ ("which" ,which)
>+ ("yasm" ,yasm)
>+
>+ ;; This file contains defaults for new user profiles.
>+ ("master-preferences" ,(local-file
>"aux-files/chromium/master-preferences.json"))
>+
>+ ("python-beautifulsoup4" ,python2-beautifulsoup4)
>+ ("python-html5lib" ,python2-html5lib)
>+ ("python" ,python-2)))
>+ (inputs
>+ `(("alsa-lib" ,alsa-lib)
>+ ("atk" ,atk)
>+ ("cups" ,cups)
>+ ("curl" ,curl)
>+ ("dbus" ,dbus)
>+ ("dbus-glib" ,dbus-glib)
>+ ("expat" ,expat)
>+ ("flac" ,flac)
>+ ("ffmpeg" ,ffmpeg)
>+ ("fontconfig" ,fontconfig)
>+ ("freetype" ,freetype)
>+ ("gdk-pixbuf" ,gdk-pixbuf)
>+ ("glib" ,glib)
>+ ("gtk+" ,gtk+)
>+ ("harfbuzz" ,harfbuzz/chromium)
>+ ("icu4c" ,icu4c)
>+ ("jsoncpp" ,jsoncpp)
>+ ("lcms" ,lcms)
>+ ("libevent" ,libevent)
>+ ("libffi" ,libffi)
>+ ("libjpeg-turbo" ,libjpeg-turbo)
>+ ("libpng" ,libpng)
>+ ("libva" ,libva)
>+ ("libvpx" ,libvpx/chromium)
>+ ("libwebp" ,libwebp)
>+ ("libx11" ,libx11)
>+ ("libxcb" ,libxcb)
>+ ("libxcomposite" ,libxcomposite)
>+ ("libxcursor" ,libxcursor)
>+ ("libxdamage" ,libxdamage)
>+ ("libxext" ,libxext)
>+ ("libxfixes" ,libxfixes)
>+ ("libxi" ,libxi)
>+ ("libxml2" ,libxml2)
>+ ("libxrandr" ,libxrandr)
>+ ("libxrender" ,libxrender)
>+ ("libxscrnsaver" ,libxscrnsaver)
>+ ("libxslt" ,libxslt)
>+ ("libxtst" ,libxtst)
>+ ("mesa" ,mesa)
>+ ("minizip" ,minizip)
>+ ("mit-krb5" ,mit-krb5)
>+ ("nss" ,nss)
>+ ("openh264" ,openh264)
>+ ("openjpeg" ,openjpeg) ;PDFium only
>+ ("openssl" ,openssl)
>+ ("opus" ,opus+custom)
>+ ("pango" ,pango)
>+ ("pciutils" ,pciutils)
>+ ("pulseaudio" ,pulseaudio)
>+ ("re2" ,re2)
>+ ("snappy" ,snappy)
>+ ("speech-dispatcher" ,speech-dispatcher)
>+ ("udev" ,eudev)
>+ ("valgrind" ,valgrind)
>+ ("vulkan-headers" ,vulkan-headers)))
>+ (home-page "https://www.chromium.org/")
>+ (description
>+ "Ungoogled-Chromium is the Chromium web browser, sans integration
>with
>+Google web services.")
>+ ;; Chromium is developed as BSD-3, but bundles a large number of
>third-party
>+ ;; components with other licenses. For full information, see
>chrome://credits.
>+ (license (list license:bsd-3
>+ license:bsd-2
>+ license:expat
>+ license:asl2.0
>+ license:mpl1.1
>+ license:mpl2.0
>+ license:public-domain
>+ license:isc
>+ (license:non-copyleft "chrome://credits"
>+ "See chrome://credits for
>more information.")
>+ license:lgpl2.1+))))
>--
>2.20.1
Wow.
Nice work! 😃
--
Sent from my k-9 mail for Android.
[Message part 2 (text/html, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 05 Feb 2019 05:35:01 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Wed, 06 Feb 2019 21:06:01 GMT) Full text and rfc822 format available.Message #323 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: Ludovic Courtès <ludo <at> gnu.org>, bill-auger <bill-auger <at> peers.community> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org, gnu-linux-libre <at> nongnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Wed, 06 Feb 2019 22:04:59 +0100
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes: > Hi bill-auger, > > bill-auger <bill-auger <at> peers.community> skribis: > >> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html >> >> i would like to remind readers of the guix-devel list that it was >> discussed some months ago, why no FSDG distros currently distribute >> chromium[1] - it appeared at that time, that most people in that >> discussion were in agreement that chromium should not be included in >> guix; and marius was instead hosting it in a private repo, as not to >> taint the main guix repos with dubious software - has there been a >> notable break-through since then? > > It’s not entirely clear to me what the problems are, to be honest. > Marius listed specific issues that were addressed by the patches; others > then pointed out at additional issues that ungoogled-chromium fixes, > which Marius took into account; what’s left now? Indeed, the only real breakthrough is that we now have a script to create an Ungooglified source tarball with all unnecessary third_party components removed. The compressed tarball is smaller than that of IceCat and takes up around 2.1 GiB uncompressed, roughly 1GiB of which is third_party stuff. That leaves "just" over 1GiB of source code to audit (assuming my third_party audit is correct). I haven't been able to find any proprietary parts in first party code, and am convinced that the remaining third_party components are free, hence this patch. I am of course happy to help other FSDG distributions liberate their Chromium too.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Thu, 07 Feb 2019 23:53:02 GMT) Full text and rfc822 format available.Message #326 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Christopher Lemmer Webber <cwebber <at> dustycloud.org> To: Ludovic Courtès <ludo <at> gnu.org> Cc: bill-auger <bill-auger <at> peers.community>, guix-devel <at> gnu.org, gnu-linux-libre <at> nongnu.org, 28004 <at> debbugs.gnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Thu, 07 Feb 2019 18:52:02 -0500
Ludovic Courtès writes: > Hi bill-auger, > > bill-auger <bill-auger <at> peers.community> skribis: > >> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html >> >> i would like to remind readers of the guix-devel list that it was >> discussed some months ago, why no FSDG distros currently distribute >> chromium[1] - it appeared at that time, that most people in that >> discussion were in agreement that chromium should not be included in >> guix; and marius was instead hosting it in a private repo, as not to >> taint the main guix repos with dubious software - has there been a >> notable break-through since then? > > It’s not entirely clear to me what the problems are, to be honest. > Marius listed specific issues that were addressed by the patches; others > then pointed out at additional issues that ungoogled-chromium fixes, > which Marius took into account; what’s left now? > > I understand you’re skeptical about Chromium, but we cannot base > decisions based on vague skepticism. If you know of issues that are > still unaddressed, please do list them. > > I’d also like to stress that, if Chromium is eventually included in > Guix, we are committed to fixing it or removing it should someone later > discover that it does not comply with the FSDG (that’s the “Commitment > to Correct Mistakes” section of FSDG.) +1 ... If concrete problems are found, by all means those should be raised and addressed. Otherwise I really think we ought to merge this work.
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Fri, 08 Feb 2019 00:00:02 GMT) Full text and rfc822 format available.Message #329 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Julie Marchant <onpon4 <at> riseup.net> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org>, Christopher Lemmer Webber <cwebber <at> dustycloud.org>, Ludovic Courtès <ludo <at> gnu.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Thu, 7 Feb 2019 18:59:02 -0500
On 02/07/2019 06:52 PM, Christopher Lemmer Webber wrote: > Ludovic Courtès writes: > >> Hi bill-auger, >> >> bill-auger <bill-auger <at> peers.community> skribis: >> >>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html >>> >>> i would like to remind readers of the guix-devel list that it was >>> discussed some months ago, why no FSDG distros currently distribute >>> chromium[1] - it appeared at that time, that most people in that >>> discussion were in agreement that chromium should not be included in >>> guix; and marius was instead hosting it in a private repo, as not to >>> taint the main guix repos with dubious software - has there been a >>> notable break-through since then? >> >> It’s not entirely clear to me what the problems are, to be honest. >> Marius listed specific issues that were addressed by the patches; others >> then pointed out at additional issues that ungoogled-chromium fixes, >> which Marius took into account; what’s left now? >> >> I understand you’re skeptical about Chromium, but we cannot base >> decisions based on vague skepticism. If you know of issues that are >> still unaddressed, please do list them. >> >> I’d also like to stress that, if Chromium is eventually included in >> Guix, we are committed to fixing it or removing it should someone later >> discover that it does not comply with the FSDG (that’s the “Commitment >> to Correct Mistakes” section of FSDG.) > > +1 ... If concrete problems are found, by all means those should be > raised and addressed. Otherwise I really think we ought to merge this > work. Yes, exactly. -- Julie Marchant http://onpon4.github.io Encrypt your emails with GnuPG: https://emailselfdefense.fsf.org
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 09 Feb 2019 14:05:02 GMT) Full text and rfc822 format available.Message #332 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org>, guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 9 Feb 2019 12:04:04 -0200
[Message part 1 (text/plain, inline)]
Em 04/02/2019 02:52, bill-auger escreveu: > re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html > > i would like to remind readers of the guix-devel list that it was > discussed some months ago, why no FSDG distros currently distribute > chromium[1] - it appeared at that time, that most people in that > discussion were in agreement that chromium should not be included in > guix; and marius was instead hosting it in a private repo, as not to > taint the main guix repos with dubious software - has there been a > notable break-through since then? > > what is the evidence for this claim that this guix package is "free > software only"? - what does "Marks beautiful computed-origin-method" do > toward that end? - if a procedure for liberating any chromium-derived > software has been discovered, this would be a marvelous accomplishment > and very good news indeed, of which people outside of the guix dev team > would also be interested to learn On this matter, I think this discussion and also the review should be tracked either in a bug report or in the Free Software Directory wiki talk page about Chromium package/entry[1], this one also has a partial review still to be finished. Besides, the last time I read the FSD's entry inclusion requirements (about June, 2018) I was informed also in IRC that they have plans to make the FSD mimic the requirements of the GNU FSDG so that free/libre system distributions would have an easier time getting a list of reviewed packages for inclusion. That means that the FSD would also have the requirements from the GNU FSDG regarding not including malware and not steering towards non-free functional data. There are optional things to consider, for which the Antifeature Project Team is working on drafting[2], although these are not requirements for inclusion in the FSD. Regarding the review results in the page referenced by [1], please keep in mind that the torrents have no trackers, so please share/seed with DHT and PEX enabled so others can discover the shares too. Another alternative is of course to ditch Chromium and Ungoogled-Chromium and focus on Iridium Browser[3]. Anyways, if you do want to see progress in the Chromium review, please contribute by downloading, seeding and also actually reviewing parts of the reports generated. The last stop is marked with "Continue.". I did start the review, but I'm not the most experienced person in regards to all of legal, security and privacy matters. Just remember to remake a torrent with the modified report and change the old hash in the page to the new one you're seeding if you do make changes to the report, and mark/save the change as major so that other people get notified. Lastly, bill-auger's question of which should be the "assumed value" for the GNU FSDG compliance status of a unreviewed package, based on various proofs related to the dangers of non-free software (well, gnu.org has a page with these reports/news[4]) and also on the reasoning given by Richard Stallman in his talks[5], the unreviewed entries should be considered non-free. [1] https://directory.fsf.org/wiki/Talk:Chromium [2] https://directory.fsf.org/wiki/Free_Software_Directory:Antifeatures [3] https://directory.fsf.org/wiki/Iridium_Browser [4] https://www.gnu.org/proprietary/proprietary.html [5] http://audio-video.gnu.org/video/2015-10-24--rms--free-software-and-your-freedom--seagl--speech.ogv
[signature.asc (application/pgp-signature, attachment)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Tue, 12 Feb 2019 15:59:02 GMT) Full text and rfc822 format available.Message #335 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: [PATCH v2] gnu: Add ungoogled-chromium. Date: Tue, 12 Feb 2019 16:58:15 +0100
Changes in this version:
* New upstream release.
* No longer using a fork of Ungoogled-Chromium.
* The special HarfBuzz and libvpx variants have been removed due to
obsolesence.
Enjoy (or despair)! Comments appreciated.
* gnu/packages/aux-files/chromium/master-preferences.json,
gnu/packages/chromium.scm: New files.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
---
gnu/local.mk | 1 +
.../chromium/master-preferences.json | 26 +
gnu/packages/chromium.scm | 726 ++++++++++++++++++
3 files changed, 753 insertions(+)
create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json
create mode 100644 gnu/packages/chromium.scm
diff --git a/gnu/local.mk b/gnu/local.mk
index 154b03313a..1496bae066 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/check.scm \
%D%/packages/chemistry.scm \
%D%/packages/chez.scm \
+ %D%/packages/chromium.scm \
%D%/packages/ci.scm \
%D%/packages/cinnamon.scm \
%D%/packages/clojure.scm \
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..5a2049fa72
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+ "distribution": {
+ "import_bookmarks": false,
+ "make_chrome_default": false,
+ "make_chrome_default_for_user": false,
+ "verbose_logging": true,
+ "skip_first_run_ui": true,
+ "suppress_first_run_default_browser_prompt": true
+ },
+ "browser": {
+ "has_seen_welcome_page" : true,
+ "check_default_browser" : false
+ },
+ "dns_prefetching": {
+ "enabled": false
+ },
+ "alternate_error_pages": {
+ "enabled": false
+ },
+ "hardware": {
+ "audio_capture_enabled": false
+ },
+ "default_apps": "noinstall",
+ "hide_web_store_icon": true,
+ "homepage": "https://www.gnu.org/software/guix/"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..85e96131e3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,726 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke <at> fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix gexp)
+ #:use-module (guix store)
+ #:use-module (guix monads)
+ #:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bison)
+ #:use-module (gnu packages build-tools)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gcc)
+ #:use-module (gnu packages ghostscript)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages gperf)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages ninja)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages python-web)
+ #:use-module (gnu packages python-xyz)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages serialization)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages tls)
+ #:use-module (gnu packages valgrind)
+ #:use-module (gnu packages vulkan)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xml)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+ '("base/third_party/dmg_fp" ;X11-style
+ "base/third_party/dynamic_annotations" ;BSD-2
+ "base/third_party/icu" ;Unicode, X11-style
+ "base/third_party/superfasthash" ;BSD-3
+ "base/third_party/symbolize" ;BSD-3
+ "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+ "base/third_party/xdg_user_dirs" ;Expat
+ "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+ "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+ "courgette/third_party/divsufsort" ;Expat
+ "net/third_party/http2" ;BSD-3
+ "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+ "net/third_party/nss" ;MPL-2.0
+ "net/third_party/quic" ;BSD-3
+ "net/third_party/spdy" ;BSD-3
+ "net/third_party/uri_template" ;ASL2.0
+ "third_party/abseil-cpp" ;ASL2.0
+ "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+ "third_party/angle" ;BSD-3
+ "third_party/angle/src/common/third_party/base" ;BSD-3
+ "third_party/angle/src/common/third_party/smhasher" ;Public domain
+ "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+ "third_party/angle/src/third_party/compiler" ;BSD-2
+ "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+ "third_party/angle/src/third_party/trace_event" ;BSD-3
+ "third_party/angle/third_party/glslang" ;BSD-3
+ "third_party/angle/third_party/spirv-headers" ;Expat
+ "third_party/angle/third_party/spirv-tools" ;Expat
+ "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+ "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+ "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+ "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+ "third_party/apple_apsl" ;APSL2.0
+ "third_party/blink" ;BSD-3
+ "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+ "third_party/boringssl/src/third_party/fiat" ;Expat
+ "third_party/breakpad" ;BSD-3
+ "third_party/brotli" ;Expat
+ "third_party/cacheinvalidation" ;ASL2.0
+ "third_party/catapult" ;BSD-3
+ "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+ "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+ "third_party/catapult/third_party/polymer" ;BSD-3
+ "third_party/catapult/tracing/third_party/d3" ;BSD-3
+ "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+ "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+ "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+ "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+ "third_party/catapult/tracing/third_party/pako" ;Expat
+ "third_party/ced" ;BSD-3
+ "third_party/cld_3" ;ASL2.0
+ "third_party/crashpad" ;ASL2.0
+ "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+ "third_party/crc32c" ;BSD-3
+ "third_party/cros_system_api" ;BSD-3
+ "third_party/dom_distiller_js" ;BSD-3
+ "third_party/fips181" ;BSD-3
+ "third_party/flatbuffers" ;ASL2.0
+ "third_party/google_input_tools" ;ASL2.0
+ "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+ "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+ "third_party/googletest" ;BSD-3
+ "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+ "third_party/iccjpeg" ;IJG
+ "third_party/inspector_protocol" ;BSD-3
+ "third_party/jinja2" ;BSD-3
+ "third_party/jstemplate" ;ASL2.0
+ "third_party/khronos" ;Expat, SGI
+ "third_party/leveldatabase" ;BSD-3
+ "third_party/libXNVCtrl" ;Expat
+ "third_party/libaddressinput" ;ASL2.0
+ "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+ "third_party/libaom/source/libaom/third_party/vector" ;Expat
+ "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+ "third_party/libjingle_xmpp" ;BSD-3
+ "third_party/libphonenumber" ;ASL2.0
+ "third_party/libsecret" ;LGPL2.1+
+ "third_party/libsrtp" ;BSD-3
+ "third_party/libsync" ;ASL2.0
+ "third_party/libudev" ;LGPL2.1+
+ "third_party/libwebm" ;BSD-3
+ "third_party/libxml/chromium" ;BSD-3
+ "third_party/libyuv" ;BSD-3
+ "third_party/lss" ;BSD-3
+ "third_party/markupsafe" ;BSD-3
+ "third_party/mesa_headers" ;Expat, SGI
+ "third_party/metrics_proto" ;BSD-3
+ "third_party/modp_b64" ;BSD-3
+ "third_party/nasm" ;BSD-2
+ "third_party/node" ;Expat
+ "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+ "third_party/ots" ;BSD-3
+ "third_party/pdfium" ;BSD-3
+ "third_party/pdfium/third_party/agg23" ;Expat
+ "third_party/pdfium/third_party/base" ;BSD-3
+ "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+ "third_party/pdfium/third_party/skia_shared" ;BSD-3
+ "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+ "third_party/ply" ;BSD-3
+ "third_party/polymer" ;BSD-3
+ "third_party/protobuf" ;BSD-3
+ "third_party/protobuf/third_party/six" ;Expat
+ "third_party/pyjson5" ;ASL2.0
+ "third_party/qcms" ;Expat
+ "third_party/rnnoise" ;BSD-3
+ "third_party/s2cellid" ;ASL2.0
+ "third_party/sfntly" ;ASL2.0
+ "third_party/skia" ;BSD-3
+ "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+ "third_party/skia/third_party/skcms" ;BSD-3
+ "third_party/skia/third_party/vulkan" ;BSD-3
+ "third_party/smhasher" ;Expat, public domain
+ "third_party/speech-dispatcher" ;GPL2+
+ "third_party/spirv-headers" ;ASL2.0
+ "third_party/SPIRV-Tools" ;ASL2.0
+ "third_party/sqlite" ;Public domain
+ "third_party/ungoogled" ;BSD-3
+ "third_party/usb_ids" ;BSD-3
+ "third_party/usrsctp" ;BSD-2
+ "third_party/web-animations-js" ;ASL2.0
+ "third_party/webdriver" ;ASL2.0
+ "third_party/webrtc" ;BSD-3
+ "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+ "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+ "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+ "third_party/webrtc/modules/third_party/g711" ;Public domain
+ "third_party/webrtc/modules/third_party/g722" ;Public domain
+ "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+ "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+ "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+ "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+ "third_party/woff2" ;ASL2.0
+ "third_party/xdg-utils" ;Expat
+ "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+ "third_party/zlib/google" ;BSD-3
+ "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+ "v8/src/third_party/utf8-decoder" ;Expat
+ "v8/src/third_party/valgrind" ;BSD-4
+ "v8/third_party/inspector_protocol" ;BSD-3
+ "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+ #:optional (name "source")
+ #:key (system (%current-system))
+ (guile (default-guile)))
+ "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+ (mlet %store-monad ((guile (package->derivation guile system)))
+ (gexp->derivation (or name "computed-origin")
+ (force gexp-promise)
+ #:system system
+ #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.96")
+(define %ungoogled-revision "82b1194615a6542c28edfc5505d357c9dfca88c7")
+
+;; This is a "computed" origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+ (let* ((chromium-source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://commondatastorage.googleapis.com"
+ "/chromium-browser-official/chromium-"
+ %chromium-version ".tar.xz"))
+ (sha256
+ (base32
+ "0fxavi4nwfiyb15lqm02vlq6kb8i4ipxnd7hp45bm7jdmhmgbnmj"))))
+ (ungoogled-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
+ (commit %ungoogled-revision)))
+ (file-name (git-file-name "ungoogled-chromium"
+ (string-take %ungoogled-revision 7)))
+ (sha256
+ (base32
+ "067bccrv67wh8p0vak0n38gc8mvb9hvx2pz83r0y1iiqkhrglnp3")))))
+
+ (origin
+ (method computed-origin-method)
+ (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+ (sha256 #f)
+ (uri
+ (delay
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((chromium-dir (string-append "chromium-" #$%chromium-version))
+ (preserved-files (list #$@%preserved-third-party-files)))
+
+ (mkdir "/tmp/bin")
+ (set-path-environment-variable
+ "PATH" '("bin")
+ (list "/tmp"
+ #+(canonical-package patch)
+ #+(canonical-package xz)
+ #+(canonical-package tar)
+ #+python-2
+ #+python))
+
+ (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+ (with-directory-excursion "/tmp/ungoogled"
+
+ ;; Create a custom "bundle" that inherits from linux_rooted
+ ;; and adds an additional patch.
+ (format #t "Creating Guix config bundle...~%")
+ (force-output)
+ (mkdir-p "config_bundles/guix")
+ (call-with-output-file "config_bundles/guix/bundlemeta.ini"
+ (lambda (port)
+ (format port
+ "[bundle]
+display_name = GNU Guix
+depends = linux_rooted\n")))
+ (call-with-output-file "config_bundles/guix/patch_order.list"
+ (lambda (port)
+ (format port "debian_buster/system/openjpeg.patch\n")))
+
+ (format #t "Unpacking chromium tarball...~%")
+ (force-output)
+ (invoke "tar" "xf" #+chromium-source)
+
+ (format #t "Ungooglifying...~%")
+ (force-output)
+ (invoke "python3" "run_buildkit_cli.py" "prune"
+ "-b" "config_bundles/guix" chromium-dir)
+ (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+ "-b" "config_bundles/guix" chromium-dir)
+ (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+ "-b" "config_bundles/linux_rooted"
+ "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+ (with-directory-excursion chromium-dir
+ (format #t "Pruning third party files...~%")
+ (force-output)
+ (apply invoke "python"
+ "build/linux/unbundle/remove_bundled_libraries.py"
+ "--do-remove" preserved-files)
+
+ (format #t "Replacing GN files...~%")
+ (force-output)
+ (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+ "--system-libraries" "ffmpeg" "flac" "fontconfig"
+ "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+ "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+ "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+ "zlib"))
+
+ (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+ (force-output)
+ (invoke "tar" "cvfa" #$output
+ ;; Avoid non-determinism in the archive.
+ "--mtime=@0"
+ "--owner=root:0"
+ "--group=root:0"
+ "--sort=name"
+ chromium-dir)
+
+ #t)))))))))
+
+(define opus+custom
+ (package/inherit opus
+ (name "opus+custom")
+ (arguments
+ (substitute-keyword-arguments (package-arguments opus)
+ ((#:configure-flags flags ''())
+ ;; Opus Custom is an optional extension of the Opus
+ ;; specification that allows for unsupported frame
+ ;; sizes. Chromium requires that this is enabled.
+ `(cons "--enable-custom-modes"
+ ,flags))))))
+
+(define-public ungoogled-chromium
+ (package
+ (name "ungoogled-chromium")
+ (version %chromium-version)
+ (synopsis "Graphical web browser")
+ (source ungoogled-chromium-source)
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f
+ ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+ ;; it overrides the RUNPATH set by the linker.
+ #:validate-runpath? #f
+ #:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (ice-9 ftw)
+ (ice-9 regex)
+ (srfi srfi-26))
+ #:configure-flags
+ ;; See tools/gn/docs/cookbook.md and
+ ;; https://www.chromium.org/developers/gn-build-configuration
+ ;; for usage. Run "./gn args . --list" in the Release
+ ;; directory for an exhaustive list of supported flags.
+ ;; (Note: The 'configure' phase will do that for you.)
+ (list "is_debug=false"
+ "use_gold=false"
+ "use_lld=false"
+ "linux_use_bundled_binutils=false"
+ "use_custom_libcxx=false"
+ "use_sysroot=false"
+ "enable_precompiled_headers=false"
+ "goma_dir=\"\""
+ "enable_nacl=false"
+ "enable_nacl_nonsfi=false"
+ "use_allocator=\"none\"" ;don't use tcmalloc
+ "use_unofficial_version_number=false"
+
+ ;; Define a custom toolchain that simply looks up CC, AR and
+ ;; friends from the environment.
+ "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+ "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+ ;; Don't assume it's clang.
+ "is_clang=false"
+
+ ;; Optimize for building everything at once, as opposed to
+ ;; incrementally for development. See "docs/jumbo.md".
+ "use_jumbo_build=true"
+
+ ;; Disable type-checking for the Web UI to avoid a Java dependency.
+ "closure_compile=false"
+
+ ;; Disable debugging features to save space.
+ "blink_symbol_level=0"
+ "enable_iterator_debugging=false"
+
+ ;; Some of the unbundled libraries throws deprecation
+ ;; warnings, etc. Ignore it.
+ "treat_warnings_as_errors=false"
+
+ ;; Don't add any API keys. End users can set them in the
+ ;; environment if desired. See
+ ;; <https://www.chromium.org/developers/how-tos/api-keys>.
+ "use_official_google_api_keys=false"
+
+ ;; Disable "safe browsing", which pulls in a dependency on
+ ;; the nonfree "unrar" program (as of m66).
+ "safe_browsing_mode=0"
+
+ ;; Disable "field trials".
+ "fieldtrial_testing_like_official_build=true"
+
+ ;; Ungoogled components.
+ "enable_mdns=false"
+ "enable_one_click_signin=false"
+ "enable_reading_list=false"
+ "enable_remoting=false"
+ "enable_reporting=false"
+ "enable_service_discovery=false"
+ "enable_swiftshader=false"
+ "use_vaapi=true"
+
+ ;; Use system libraries where possible.
+ "use_system_freetype=true"
+ "use_system_harfbuzz=true"
+ "use_system_lcms2=true"
+ "use_system_libdrm=true"
+ "use_system_libjpeg=true"
+ "use_system_libpng=true"
+ ;;"use_system_libsync=true"
+ "use_system_zlib=true"
+
+ "use_gnome_keyring=false" ;deprecated by libsecret
+ "use_openh264=true"
+ "use_pulseaudio=true"
+ "link_pulseaudio=true"
+
+ ;; Don't arbitrarily restrict formats supported by system ffmpeg.
+ "proprietary_codecs=true"
+ "ffmpeg_branding=\"Chrome\""
+
+ ;; WebRTC stuff.
+ "rtc_use_h264=true"
+ ;; Don't use bundled sources.
+ "rtc_build_json=false"
+ "rtc_build_libevent=false"
+ "rtc_build_libvpx=false"
+ "rtc_build_opus=false"
+ "rtc_build_ssl=false"
+
+ "rtc_build_libsrtp=true" ;FIXME: fails to find headers
+ "rtc_build_usrsctp=true" ;TODO: package this
+ (string-append "rtc_jsoncpp_root=\""
+ (assoc-ref %build-inputs "jsoncpp")
+ "/include/jsoncpp/json\"")
+ (string-append "rtc_ssl_root=\""
+ (assoc-ref %build-inputs "openssl")
+ "/include/openssl\""))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-stuff
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "printing/cups_config_helper.py"
+ (("cups_config =.*")
+ (string-append "cups_config = '" (assoc-ref inputs "cups")
+ "/bin/cups-config'\n")))
+
+ (substitute*
+ '("base/process/launch_posix.cc"
+ "base/third_party/dynamic_annotations/dynamic_annotations.c"
+ "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+ "sandbox/linux/services/credentials.cc"
+ "sandbox/linux/services/namespace_utils.cc"
+ "sandbox/linux/services/syscall_wrappers.cc"
+ "sandbox/linux/syscall_broker/broker_host.cc")
+ (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+ (for-each (lambda (file)
+ (substitute* file
+ ;; Fix opus include path.
+ ;; Do not substitute opus_private.h.
+ (("#include \"opus\\.h\"")
+ "#include \"opus/opus.h\"")
+ (("#include \"opus_custom\\.h\"")
+ "#include \"opus/opus_custom.h\"")
+ (("#include \"opus_defines\\.h\"")
+ "#include \"opus/opus_defines.h\"")
+ (("#include \"opus_multistream\\.h\"")
+ "#include \"opus/opus_multistream.h\"")
+ (("#include \"opus_types\\.h\"")
+ "#include \"opus/opus_types.h\"")))
+ (find-files (string-append "third_party/webrtc/modules"
+ "/audio_coding/codecs/opus")))
+
+ (substitute* "chrome/common/chrome_paths.cc"
+ (("/usr/share/chromium/extensions")
+ ;; TODO: Add ~/.guix-profile.
+ "/run/current-system/profile/share/chromium/extensions"))
+
+ ;; XXX: Should be unnecessary when use_system_lcms2=true.
+ (substitute* "third_party/pdfium/core/fxcodec/codec/ccodec_iccmodule.h"
+ (("include \"third_party/lcms/include/lcms2\\.h\"")
+ "include \"lcms2.h\""))
+
+ (substitute*
+ "third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
+ (("include \"third_party/curl") "include \"curl"))
+
+ (substitute* "third_party/webrtc/rtc_base/strings/json.h"
+ (("#include \"third_party/jsoncpp/") "#include \"json/"))
+
+ (substitute* "media/base/decode_capabilities.cc"
+ (("third_party/libvpx/source/libvpx/") ""))
+
+ (substitute* "ui/gfx/skia_util.h"
+ (("third_party/vulkan/include/") ""))
+
+ ;; Building chromedriver embeds some files using the ZIP
+ ;; format which doesn't support timestamps before
+ ;; 1980. Therefore, advance the timestamps of the files
+ ;; which are included so that building chromedriver
+ ;; works.
+ (let ((circa-1980 (* 10 366 24 60 60)))
+ (for-each (lambda (file)
+ (utime file circa-1980 circa-1980))
+ '("chrome/test/chromedriver/extension/background.js"
+ "chrome/test/chromedriver/extension/manifest.json")))
+
+ #t))
+ (add-before 'configure 'prepare-build-environment
+ (lambda* (#:key inputs #:allow-other-keys)
+
+ ;; Make sure the right build tools are used.
+ (setenv "AR" "ar") (setenv "NM" "nm")
+ (setenv "CC" "gcc") (setenv "CXX" "g++")
+
+ ;; Work around <https://bugs.gnu.org/30756>.
+ (unsetenv "C_INCLUDE_PATH")
+ (unsetenv "CPLUS_INCLUDE_PATH")
+
+ ;; TODO: pre-compile instead. Avoids a race condition.
+ (setenv "PYTHONDONTWRITEBYTECODE" "1")
+
+ ;; XXX: How portable is this.
+ (mkdir-p "third_party/node/linux/node-linux-x64")
+ (symlink (string-append (assoc-ref inputs "node") "/bin")
+ "third_party/node/linux/node-linux-x64/bin")
+
+ #t))
+ (replace 'configure
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (let ((args (string-join configure-flags " ")))
+ ;; Generate ninja build files.
+ (invoke "gn" "gen" "out/Release"
+ (string-append "--args=" args))
+
+ ;; Print the full list of supported arguments as well as
+ ;; their current status for convenience.
+ (format #t "Dumping configure flags...\n")
+ (invoke "gn" "args" "out/Release" "--list"))))
+ (replace 'build
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "ninja" "-C" "out/Release"
+ "-j" (number->string (parallel-job-count))
+ "chrome"
+ "chromedriver")))
+ (replace 'install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (exe (string-append bin "/chromium"))
+ (lib (string-append out "/lib"))
+ (man (string-append out "/share/man/man1"))
+ (applications (string-append out "/share/applications"))
+ (install-regexp (make-regexp "\\.(bin|pak)$"))
+ (locales (string-append lib "/locales"))
+ (resources (string-append lib "/resources"))
+ (preferences (assoc-ref inputs "master-preferences"))
+ (gtk+ (assoc-ref inputs "gtk+"))
+ (mesa (assoc-ref inputs "mesa"))
+ (nss (assoc-ref inputs "nss"))
+ (udev (assoc-ref inputs "udev"))
+ (sh (which "sh")))
+
+ (substitute* '("chrome/app/resources/manpage.1.in"
+ "chrome/installer/linux/common/desktop.template")
+ (("@@MENUNAME@@") "Chromium")
+ (("@@PACKAGE@@") "chromium")
+ (("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
+
+ (mkdir-p man)
+ (copy-file "chrome/app/resources/manpage.1.in"
+ (string-append man "/chromium.1"))
+
+ (mkdir-p applications)
+ (copy-file "chrome/installer/linux/common/desktop.template"
+ (string-append applications "/chromium.desktop"))
+
+ (mkdir-p lib)
+ (copy-file preferences (string-append lib "/master_preferences"))
+
+ (with-directory-excursion "out/Release"
+ (for-each (lambda (file)
+ (install-file file lib))
+ (scandir "." (cut regexp-exec install-regexp <>)))
+ (copy-file "chrome" (string-append lib "/chromium"))
+
+ ;; TODO: Install icons from "../../chrome/app/themes" into
+ ;; "out/share/icons/hicolor/$size".
+ (install-file
+ "product_logo_48.png"
+ (string-append out "/share/icons/48x48/chromium.png"))
+
+ (copy-recursively "locales" locales)
+ (copy-recursively "resources" resources)
+
+ (mkdir-p bin)
+ (symlink "../lib/chromium" exe)
+ (install-file "chromedriver" bin)
+
+ (wrap-program exe
+ ;; TODO: Get these in RUNPATH.
+ `("LD_LIBRARY_PATH" ":" prefix
+ (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+ mesa "/lib:" udev "/lib")))
+ ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+ `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+ #t)))))))
+ (native-inputs
+ `(("bison" ,bison)
+ ("gcc" ,gcc-8)
+ ("gn" ,gn)
+ ("gperf" ,gperf)
+ ("ninja" ,ninja)
+ ("node" ,node)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)
+ ("yasm" ,yasm)
+
+ ;; This file contains defaults for new user profiles.
+ ("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
+
+ ("python-beautifulsoup4" ,python2-beautifulsoup4)
+ ("python-html5lib" ,python2-html5lib)
+ ("python" ,python-2)))
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("atk" ,atk)
+ ("cups" ,cups)
+ ("curl" ,curl)
+ ("dbus" ,dbus)
+ ("dbus-glib" ,dbus-glib)
+ ("expat" ,expat)
+ ("flac" ,flac)
+ ("ffmpeg" ,ffmpeg)
+ ("fontconfig" ,fontconfig)
+ ("freetype" ,freetype)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("glib" ,glib)
+ ("gtk+" ,gtk+)
+ ("harfbuzz" ,harfbuzz)
+ ("icu4c" ,icu4c)
+ ("jsoncpp" ,jsoncpp)
+ ("lcms" ,lcms)
+ ("libevent" ,libevent)
+ ("libffi" ,libffi)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ("libpng" ,libpng)
+ ("libva" ,libva)
+ ("libvpx" ,libvpx)
+ ("libwebp" ,libwebp)
+ ("libx11" ,libx11)
+ ("libxcb" ,libxcb)
+ ("libxcomposite" ,libxcomposite)
+ ("libxcursor" ,libxcursor)
+ ("libxdamage" ,libxdamage)
+ ("libxext" ,libxext)
+ ("libxfixes" ,libxfixes)
+ ("libxi" ,libxi)
+ ("libxml2" ,libxml2)
+ ("libxrandr" ,libxrandr)
+ ("libxrender" ,libxrender)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxslt" ,libxslt)
+ ("libxtst" ,libxtst)
+ ("mesa" ,mesa)
+ ("minizip" ,minizip)
+ ("mit-krb5" ,mit-krb5)
+ ("nss" ,nss)
+ ("openh264" ,openh264)
+ ("openjpeg" ,openjpeg) ;PDFium only
+ ("openssl" ,openssl)
+ ("opus" ,opus+custom)
+ ("pango" ,pango)
+ ("pciutils" ,pciutils)
+ ("pulseaudio" ,pulseaudio)
+ ("re2" ,re2)
+ ("snappy" ,snappy)
+ ("speech-dispatcher" ,speech-dispatcher)
+ ("udev" ,eudev)
+ ("valgrind" ,valgrind)
+ ("vulkan-headers" ,vulkan-headers)))
+ (home-page "https://www.chromium.org/")
+ (description
+ "Ungoogled-Chromium is the Chromium web browser, sans integration with
+Google web services.")
+ ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+ ;; components with other licenses. For full information, see chrome://credits.
+ (license (list license:bsd-3
+ license:bsd-2
+ license:expat
+ license:asl2.0
+ license:mpl1.1
+ license:mpl2.0
+ license:public-domain
+ license:isc
+ (license:non-copyleft "chrome://credits"
+ "See chrome://credits for more information.")
+ license:lgpl2.1+))))
--
2.20.1
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 16 Feb 2019 18:58:02 GMT) Full text and rfc822 format available.Message #338 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Giovanni Biscuolo <g <at> xelera.eu> To: bill-auger <bill-auger <at> peers.community>, guix-devel <at> gnu.org Cc: 28004 <at> debbugs.gnu.org Subject: Re: [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 16 Feb 2019 19:56:41 +0100
[Message part 1 (text/plain, inline)]
Hi guix-devel! this is my humble contribution to this discussion... (I'm not a Guix maintainer) first and foremost, IMHO guix-devel is not the place to discuss GNU FSDG criteria; I'm going to subscribe gnu-linux-libre <at> nongnu.org to send my comments - and I _have_ some - on the FSDG compliance process if you are interested please follow this thread: http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/threads.html#00020 :-D bill-auger <bill-auger <at> peers.community> writes: [...] > about a year ago, the FSDG review process and criteria for endorsement > of new distros was updated the new FSDG criteria checklist for > community review that was adopted includes the following essential > criteria: > > "Programs commonly known to have freedom issues are liberated or > excluded" > > that criteria is a link to the "software that does not respect the > FSDG" wiki page, for reference, this page: https://libreplanet.org/wiki/Template:FSDG_Checklist > which includes an entry for 'chromium-browser' (the > debian package name) with the liberation procedure being specified as: > > "Remove program/package Use GNU IceCat, or equivalent" [...] > it was also agreed upon at that time, that the FSDG criteria should be > applicable to all currently endorsed distros in perpetuity, so ... thank you for the clarification, Bill: you explained us the entire FSDG_Checklist is *mandatory* for a distro to be GNU FSDG compliant; so there's **no discussion** here if Guix System Distribution wants to remain GNU FSDG compliant - as most if not all Guix contributors would like, I suppose - ungoogled-chromium should still not be included in Guix System Distribution so, regarding this bug #28004 the natural resolution should be to *postpone* the inclusion of this package with a statement like this one: "ungoogled-chromium cannot be included in Guix System Distribution since it is listed - as 'chromium-browser' - on the page <List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser> that is an integral part of the GNU FSDG Guidelines as extended by the FSDG_Checklist via https://libreplanet.org/wiki/Incoming_distros#Endorsement_Process" Happy hacking! :-) Giovanni [1] https://www.gnu.org/distros/free-system-distribution-guidelines.en.html -- Giovanni Biscuolo Xelera IT Infrastructures
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 16 Feb 2019 19:49:02 GMT) Full text and rfc822 format available.Message #341 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org>, 28004 <at> debbugs.gnu.org Cc: guix-devel <at> gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 16 Feb 2019 17:47:57 -0200
[Message part 1 (text/plain, inline)]
Em 16/02/2019 12:18, Julie Marchant escreveu: > libre? The only argument I've seen on the matter is the way copyright > works, but Chromium is under the Modified BSD License according to > documentation I was able to find. If some files are not actually covered For what is worth, what I learned with projects that don't follow the Open Source Definition (I know that I shouldn't support this term here, but I had to mention it) is that they mask their non-compliance behind a license. Of course we don't intend to foster open source here, as this project, having the goal to provide a package manager that is under the GNU project, also aims to create a system distribution that follows the GNU FSDG and uses such package manager If the norm would be to only check the licenses, then we would have for example, taken ages to figure out that the kernel source files from upstream of GNU Linux-libre was/is non-free. Having a requirement for a package to be first throughly reviewed eliminates some of the possibility of having non-free functional data or non-distributable non-functional data. It's not a perfect protection (since the package in review might have implemented things from other works that one of the reviewers might not be aware of). As I said in a message to these mailing lists, I already started reviewing Chromium, although this project is big and I might not have the time nor all the skills to do it alone. Since today, I moved the review, which was available at [1], to the appropriate Review namespace at [2]. [1] https://directory.fsf.org/wiki/Talk:Chromium [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1
[signature.asc (application/pgp-signature, attachment)]
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 16 Feb 2019 20:02:03 GMT) Full text and rfc822 format available.Message #344 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Brett Gilio <brettg <at> posteo.net> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 16 Feb 2019 14:01:07 -0600
Adonay Felipe Nogueira writes: > Em 16/02/2019 12:18, Julie Marchant escreveu: >> libre? The only argument I've seen on the matter is the way copyright >> works, but Chromium is under the Modified BSD License according to >> documentation I was able to find. If some files are not actually covered > > For what is worth, what I learned with projects that don't follow the > Open Source Definition (I know that I shouldn't support this term here, > but I had to mention it) is that they mask their non-compliance behind a > license. Of course we don't intend to foster open source here, as this > project, having the goal to provide a package manager that is under the > GNU project, also aims to create a system distribution that follows the > GNU FSDG and uses such package manager > > If the norm would be to only check the licenses, then we would have for > example, taken ages to figure out that the kernel source files from > upstream of GNU Linux-libre was/is non-free. > > Having a requirement for a package to be first throughly reviewed > eliminates some of the possibility of having non-free functional data or > non-distributable non-functional data. It's not a perfect protection > (since the package in review might have implemented things from other > works that one of the reviewers might not be aware of). > > As I said in a message to these mailing lists, I already started > reviewing Chromium, although this project is big and I might not have > the time nor all the skills to do it alone. Since today, I moved the > review, which was available at [1], to the appropriate Review namespace > at [2]. > > > [1] https://directory.fsf.org/wiki/Talk:Chromium > [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1 Adonay, thank you for taking the initiative here! I think this is a needed step forward. Brett Gilio
guix-patches <at> gnu.org:bug#28004; Package guix-patches.
(Sat, 16 Feb 2019 20:07:02 GMT) Full text and rfc822 format available.Message #347 received at 28004 <at> debbugs.gnu.org (full text, mbox):
From: Brett Gilio <brettg <at> posteo.net> To: Workgroup for fully free GNU/Linux distributions <gnu-linux-libre <at> nongnu.org> Cc: guix-devel <at> gnu.org, 28004 <at> debbugs.gnu.org Subject: Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium. Date: Sat, 16 Feb 2019 14:06:43 -0600
Brett Gilio writes: > Adonay Felipe Nogueira writes: > >> Em 16/02/2019 12:18, Julie Marchant escreveu: >>> libre? The only argument I've seen on the matter is the way copyright >>> works, but Chromium is under the Modified BSD License according to >>> documentation I was able to find. If some files are not actually covered >> >> For what is worth, what I learned with projects that don't follow the >> Open Source Definition (I know that I shouldn't support this term here, >> but I had to mention it) is that they mask their non-compliance behind a >> license. Of course we don't intend to foster open source here, as this >> project, having the goal to provide a package manager that is under the >> GNU project, also aims to create a system distribution that follows the >> GNU FSDG and uses such package manager >> >> If the norm would be to only check the licenses, then we would have for >> example, taken ages to figure out that the kernel source files from >> upstream of GNU Linux-libre was/is non-free. >> >> Having a requirement for a package to be first throughly reviewed >> eliminates some of the possibility of having non-free functional data or >> non-distributable non-functional data. It's not a perfect protection >> (since the package in review might have implemented things from other >> works that one of the reviewers might not be aware of). >> >> As I said in a message to these mailing lists, I already started >> reviewing Chromium, although this project is big and I might not have >> the time nor all the skills to do it alone. Since today, I moved the >> review, which was available at [1], to the appropriate Review namespace >> at [2]. >> >> >> [1] https://directory.fsf.org/wiki/Talk:Chromium >> [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1 > > Adonay, thank you for taking the initiative here! I think this is a > needed step forward. > > Brett Gilio Also, maybe it would be of some help to involve somebody from the FSF to be a neutral mediator on this process until we come to some reasonable conclusion? Marius, I think you can probably go ahead and push that patch, knowing full well that Bill warned a bug report will be filed against the Guix source tree until such time that an audit concludes or Adonay's suggestion is followed through with. Bill, What do you think here? Brett Gilio
Marius Bakke <mbakke <at> fastmail.com>:Marius Bakke <mbakke <at> fastmail.com>:Message #352 received at 28004-done <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: guix-devel <at> gnu.org Cc: 28004-done <at> debbugs.gnu.org Subject: Re: [bug#28004] [PATCH v2] gnu: Add ungoogled-chromium. Date: Mon, 18 Feb 2019 23:43:38 +0100
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes: > Changes in this version: > > * New upstream release. > * No longer using a fork of Ungoogled-Chromium. > * The special HarfBuzz and libvpx variants have been removed due to > obsolesence. I've pushed this patch now, with minor cosmetic improvements: <https://git.savannah.gnu.org/cgit/guix.git/commit/?id=f1e9de4d3aefae420db633a56ba9cd93f7750df3> Thanks to everyone who participated!
[signature.asc (application/pgp-signature, inline)]
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Tue, 19 Mar 2019 11:24:04 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.