GNU bug report logs - #28004
Chromium

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Mon, 7 Aug 2017 20:00:01 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Marius Bakke <mbakke <at> fastmail.com>
To: ng0 <ng0 <at> n0.is>
Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, ng0 <ng0 <at> n0.is>, Leo Famulari <leo <at> famulari.name>
Subject: [bug#28004] Chromium
Date: Mon, 08 Jan 2018 22:56:26 +0100

[Message part 1 (text/plain, inline)]
ng0 <ng0 <at> n0.is> writes:

>> +             (substitute* "chrome/common/chrome_paths.cc"
>> +               (("/usr/share/chromium/extensions")
>> +                ;; TODO: Add ~/.guix-profile.
>> +                "/run/current-system/profile/share/chromium/extensions"))
>
> What's the idea behind this? Did you test it? Do you have any guix build-system
> using Chromium extensions as an example? So far this completely disables the
> installation of any plugins and addons.

The idea is to eventually be able to distribute extensions with Guix.  I
added this path mostly to document it, but don't see how keeping the
default makes a difference.  If you can place an extension in
/usr/share, you can also copy it to the system profile through your
config.scm, or symlink this location on a foreign distribution.

>> +                 (mkdir-p bin)
>> +                 ;; Add a thin wrapper to prevent the user from inadvertently
>> +                 ;; installing non-free software through the Web Store.
>> +                 ;; TODO: Discover extensions from the profile and pass
>> +                 ;; something like "--disable-extensions-except=...".
>
> Same question here.

The Web Store has serious freedom issues, thus we can not enable it by
default.  Enabling it *must* be a conscious choice by the end user.

The TODO here is inspired by Debians wrapper script, which enumerates
the location where apt places extensions, and gives that list to
"--disable-extensions-except".

> If you need help, there's at least 3 users of Chromium now. I'd like to read
> your ideas on how to solve the TODOs, aswell as: Do you have any unpushed
> progress? Maybe we can team collaborate on this huge browser.

I do maintain this patch, but unfortunately not in a public repository.
I've attached the latest iteration here (sorry for squashed).

New since the last time are some fixes from the "Inox patchset" that
resolves most of the privacy issues.  Namely removing the "login
wizard", changing to sensible defaults, and forcing the "classic" New
Tab Page that does not load a search engine.

Also, all patches have been moved to remote origins.

Testing and feedback welcome!

Currently there are two "important" (blocking?) TODOs left:

* Move the 'delete-bundled-software' phase to a source snippet.
  Repacking the ~500MiB compressed tarball is *really* expensive.  It
  should also aid the licensing situation.
* Delete the two default entries from the "most used" list on the New
  Tab page.  The first run will download thumbnails for these sites,
  leaking data.  One of them also leads to the disabled-by-default
  store, promoting non-free software.

I'm optimistic that fixing the second item will make the browser not
leak *any* data at launch with the default configuration.  Which leads
to a third item: writing a system test that verifies that launching
Chromium does indeed not initiate any network traffic.

Anyway, here is the latest patch:


[0001-gnu-Add-chromium.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.