diff options
| author | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
|---|---|---|
| committer | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
| commit | c4625b175f8200f643fd6e11010932ea44c78433 (patch) | |
| tree | bce3f89888c8ac3991fa5569a878a9eab6801ccc /infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium | |
| parent | 49f735974dd103039ddc4cb576bb76555164a9e7 (diff) | |
| parent | d661aa56a8843e991261510c1bb28fdc2f6975ae (diff) | |
Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'
git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium')
8 files changed, 897 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix new file mode 100644 index 000000000000..3d87325984b4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix @@ -0,0 +1,94 @@ +{ stdenv, mkChromiumDerivation, channel, enableWideVine }: + +with stdenv.lib; + +mkChromiumDerivation (base: rec { + name = "chromium-browser"; + packageName = "chromium"; + buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ]; + + outputs = ["out" "sandbox"]; + + sandboxExecutableName = "__chromium-suid-sandbox"; + + installPhase = '' + mkdir -p "$libExecPath" + cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" + cp -v "$buildPath/icudtl.dat" "$libExecPath/" + cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" + cp -v "$buildPath/chrome" "$libExecPath/$packageName" + + # Swiftshader + # See https://stackoverflow.com/a/4264351/263061 for the find invocation. + if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then + echo "Swiftshader files found; installing" + mkdir -p "$libExecPath/swiftshader" + cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/" + else + echo "Swiftshader files not found" + fi + + mkdir -p "$sandbox/bin" + cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" + + mkdir -vp "$out/share/man/man1" + cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" + + for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do + num_and_suffix="''${icon_file##*logo_}" + icon_size="''${num_and_suffix%.*}" + expr "$icon_size" : "^[0-9][0-9]*$" || continue + logo_output_prefix="$out/share/icons/hicolor" + logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" + mkdir -vp "$logo_output_path" + cp -v "$icon_file" "$logo_output_path/$packageName.png" + done + + # Install Desktop Entry + install -D chrome/installer/linux/common/desktop.template \ + $out/share/applications/chromium-browser.desktop + + substituteInPlace $out/share/applications/chromium-browser.desktop \ + --replace "@@MENUNAME@@" "Chromium" \ + --replace "@@PACKAGE@@" "chromium" \ + --replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium" + + # Append more mime types to the end + sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \ + $out/share/applications/chromium-browser.desktop + + # See https://github.com/NixOS/nixpkgs/issues/12433 + sed -i \ + -e '/\[Desktop Entry\]/a\' \ + -e 'StartupWMClass=chromium-browser' \ + $out/share/applications/chromium-browser.desktop + ''; + + passthru = { inherit sandboxExecutableName; }; + + requiredSystemFeatures = [ "big-parallel" ]; + + meta = { + description = "An open source web browser from Google"; + longDescription = '' + Chromium is an open source web browser from Google that aims to build a + safer, faster, and more stable way for all Internet users to experience + the web. It has a minimalist user interface and provides the vast majority + of source code for Google Chrome (which has some additional features). + ''; + homepage = "https://www.chromium.org/"; + maintainers = with maintainers; [ bendlas thefloweringash primeos ]; + # Overview of the maintainer roles: + # nixos-unstable: + # - TODO: Need a new maintainer for x86_64 [0] + # - @thefloweringash: aarch64 + # - @primeos: Provisional maintainer (x86_64) + # Stable channel: + # - TODO (need someone to test backports [0]) + # [0]: https://github.com/NixOS/nixpkgs/issues/78450 + license = if enableWideVine then licenses.unfree else licenses.bsd3; + platforms = platforms.linux; + hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; + timeout = 172800; # 48 hours + }; +}) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix new file mode 100644 index 000000000000..ed5a8a715564 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix @@ -0,0 +1,355 @@ +{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl + +# default dependencies +, gnutar, bzip2, flac, speex, libopus +, libevent, expat, libjpeg, snappy +, libpng, libcap +, xdg_utils, yasm, nasm, minizip, libwebp +, libusb1, pciutils, nss, re2, zlib + +, python2Packages, perl, pkgconfig +, nspr, systemd, kerberos +, utillinux, alsaLib +, bison, gperf +, glib, gtk3, dbus-glib +, glibc +, libXScrnSaver, libXcursor, libXtst, libGLU, libGL +, protobuf, speechd, libXdamage, cups +, ffmpeg, libxslt, libxml2, at-spi2-core +, jre8 +, pipewire_0_2 + +# optional dependencies +, libgcrypt ? null # gnomeSupport || cupsSupport +, libva ? null # useVaapi +, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone + +# package customization +, useOzone ? false +, useVaapi ? !(useOzone || stdenv.isAarch64) # Built if supported, but disabled in the wrapper +# VA-API TODOs: +# - Ozone: M81 fails to build due to "ozone_platform_gbm = false" +# - Possible solutions: Write a patch to fix the build (wrong gn dependencies) +# or build with minigbm +# - AArch64: Causes serious regressions (https://github.com/NixOS/nixpkgs/pull/85253#issuecomment-614405879) +, gnomeSupport ? false, gnome ? null +, gnomeKeyringSupport ? false, libgnome-keyring3 ? null +, proprietaryCodecs ? true +, cupsSupport ? true +, pulseSupport ? false, libpulseaudio ? null + +, channel +, upstream-info +}: + +buildFun: + +with stdenv.lib; + +# see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html + +let + jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 + + # The additional attributes for creating derivations based on the chromium + # source tree. + extraAttrs = buildFun base; + + githubPatch = commit: sha256: fetchpatch { + url = "https://github.com/chromium/chromium/commit/${commit}.patch"; + inherit sha256; + }; + + mkGnFlags = + let + # Serialize Nix types into GN types according to this document: + # https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/language.md + mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\""; + sanitize = value: + if value == true then "true" + else if value == false then "false" + else if isList value then "[${concatMapStringsSep ", " sanitize value}]" + else if isInt value then toString value + else if isString value then mkGnString value + else throw "Unsupported type for GN value `${value}'."; + toFlag = key: value: "${key}=${sanitize value}"; + in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); + + gnSystemLibraries = [ + "ffmpeg" + "flac" + "libjpeg" + "libpng" + "libwebp" + "libxslt" + "opus" + "snappy" + "zlib" + # "re2" # fails with linker errors + # "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together + # so we can't build with one from system and other from source + ]; + + opusWithCustomModes = libopus.override { + withCustomModes = true; + }; + + defaultDependencies = [ + bzip2 flac speex opusWithCustomModes + libevent expat libjpeg snappy + libpng libcap + xdg_utils minizip libwebp + libusb1 re2 zlib + ffmpeg libxslt libxml2 + nasm + # harfbuzz # in versions over 63 harfbuzz and freetype are being built together + # so we can't build with one from system and other from source + ]; + + # build paths and release info + packageName = extraAttrs.packageName or extraAttrs.name; + buildType = "Release"; + buildPath = "out/${buildType}"; + libExecPath = "$out/libexec/${packageName}"; + + versionRange = min-version: upto-version: + let inherit (upstream-info) version; + result = versionAtLeast version min-version && versionOlder version upto-version; + stable-version = (importJSON ./upstream-info.json).stable.version; + in if versionAtLeast stable-version upto-version + then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." + result + else result; + + base = rec { + name = "${packageName}-unwrapped-${version}"; + inherit (upstream-info) version; + inherit channel packageName buildType buildPath; + + src = fetchurl { + url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; + inherit (upstream-info) sha256; + }; + + nativeBuildInputs = [ + ninja which python2Packages.python perl pkgconfig + python2Packages.ply python2Packages.jinja2 nodejs + gnutar python2Packages.setuptools + ]; + + buildInputs = defaultDependencies ++ [ + nspr nss systemd + utillinux alsaLib + bison gperf kerberos + glib gtk3 dbus-glib + libXScrnSaver libXcursor libXtst libGLU libGL + pciutils protobuf speechd libXdamage at-spi2-core + jre + pipewire_0_2 + ] ++ optional useVaapi libva + ++ optional gnomeKeyringSupport libgnome-keyring3 + ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] + ++ optionals cupsSupport [ libgcrypt cups ] + ++ optional pulseSupport libpulseaudio + ++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ]; + + patches = [ + ./patches/no-build-timestamps.patch + ./patches/widevine-79.patch + # Unfortunately, chromium regularly breaks on major updates and + # then needs various patches backported in order to be compiled with GCC. + # Good sources for such patches and other hints: + # - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/ + # - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium + # - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits + # + # ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ] + # ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) + ] ++ optionals (useVaapi) [ + # Check for enable-accelerated-video-decode on Linux: + (githubPatch "54deb9811ca9bd2327def5c05ba6987b8c7a0897" "11jvxjlkzz1hm0pvfyr88j7z3zbwzplyl5idkx92l2lzv4459c8d") + ]; + + postPatch = '' + # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): + substituteInPlace native_client/SConstruct \ + --replace "#! -*- python -*-" "" + substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ + --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" + + # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX + substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ + --replace \ + 'return sandbox_binary;' \ + 'return base::FilePath(GetDevelSandboxPath());' + + substituteInPlace services/audio/audio_sandbox_hook_linux.cc \ + --replace \ + '/usr/share/alsa/' \ + '${alsaLib}/share/alsa/' \ + --replace \ + '/usr/lib/x86_64-linux-gnu/gconv/' \ + '${glibc}/lib/gconv/' \ + --replace \ + '/usr/share/locale/' \ + '${glibc}/share/locale/' + + sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ + chrome/browser/shell_integration_linux.cc + + sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \ + device/udev_linux/udev?_loader.cc + + sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ + gpu/config/gpu_info_collector_linux.cc + + sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \ + chrome/browser/ui/webui/engagement/site_engagement_ui.cc + + sed -i -e '/#include/ { + i #include <algorithm> + :l; n; bl + }' gpu/config/gpu_control_list.cc + + # Allow to put extensions into the system-path. + sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc + + patchShebangs . + # use our own nodejs + mkdir -p third_party/node/linux/node-linux-x64/bin + ln -s $(which node) third_party/node/linux/node-linux-x64/bin/node + + # remove unused third-party + # in third_party/crashpad third_party/zlib contains just a header-adapter + for lib in ${toString gnSystemLibraries}; do + find -type f -path "*third_party/$lib/*" \ + \! -path "*third_party/crashpad/crashpad/third_party/zlib/*" \ + \! -path "*third_party/$lib/chromium/*" \ + \! -path "*third_party/$lib/google/*" \ + \! -path "*base/third_party/icu/*" \ + \! -path "*base/third_party/libevent/*" \ + \! -regex '.*\.\(gn\|gni\|isolate\|py\)' \ + -delete + done + '' + optionalString stdenv.isAarch64 '' + substituteInPlace build/toolchain/linux/BUILD.gn \ + --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' + '' + optionalString stdenv.cc.isClang '' + mkdir -p third_party/llvm-build/Release+Asserts/bin + ln -s ${stdenv.cc}/bin/clang third_party/llvm-build/Release+Asserts/bin/clang + ln -s ${stdenv.cc}/bin/clang++ third_party/llvm-build/Release+Asserts/bin/clang++ + ln -s ${llvmPackages.llvm}/bin/llvm-ar third_party/llvm-build/Release+Asserts/bin/llvm-ar + ''; + + gnFlags = mkGnFlags ({ + use_lld = false; + use_gold = stdenv.buildPlatform.is64bit; # ld.gold outs-of-memory on i686 + gold_path = "${stdenv.cc}/bin"; + is_debug = false; + + proprietary_codecs = false; + use_sysroot = false; + use_gnome_keyring = gnomeKeyringSupport; + use_gio = gnomeSupport; + # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy', + # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it + enable_nacl = false; + # Enabling the Widevine component here doesn't affect whether we can + # redistribute the chromium package; the Widevine component is either + # added later in the wrapped -wv build or downloaded from Google. + enable_widevine = true; + use_cups = cupsSupport; + # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture. + rtc_use_pipewire = true; + + treat_warnings_as_errors = false; + is_clang = stdenv.cc.isClang; + clang_use_chrome_plugins = false; + blink_symbol_level = 0; + symbol_level = 0; + fieldtrial_testing_like_official_build = true; + + # Google API keys, see: + # http://www.chromium.org/developers/how-tos/api-keys + # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, + # please get your own set of keys. + google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; + google_default_client_id = "404761575300.apps.googleusercontent.com"; + google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; + } // optionalAttrs proprietaryCodecs { + # enable support for the H.264 codec + proprietary_codecs = true; + enable_hangout_services_extension = true; + ffmpeg_branding = "Chrome"; + } // optionalAttrs useVaapi { + use_vaapi = true; + } // optionalAttrs pulseSupport { + use_pulseaudio = true; + link_pulseaudio = true; + } // optionalAttrs useOzone { + use_ozone = true; + ozone_platform_gbm = false; + use_xkbcommon = true; + use_glib = true; + use_gtk = true; + use_system_libwayland = true; + use_system_minigbm = true; + use_system_libdrm = true; + system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; + } // (extraAttrs.gnFlags or {})); + + configurePhase = '' + runHook preConfigure + + # This is to ensure expansion of $out. + libExecPath="${libExecPath}" + python build/linux/unbundle/replace_gn_files.py \ + --system-libraries ${toString gnSystemLibraries} + ${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt + + # Fail if `gn gen` contains a WARNING. + grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1 + + runHook postConfigure + ''; + + # Don't spam warnings about unknown warning options. This is useful because + # our Clang is always older than Chromium's and the build logs have a size + # of approx. 25 MB without this option (and this saves e.g. 66 %). + NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option"; + + buildPhase = let + # Build paralelism: on Hydra the build was frequently running into memory + # exhaustion, and even other users might be running into similar issues. + # -j is halved to avoid memory problems, and -l is slightly increased + # so that the build gets slight preference before others + # (it will often be on "critical path" and at risk of timing out) + buildCommand = target: '' + ninja -C "${buildPath}" \ + -j$(( ($NIX_BUILD_CORES+1) / 2 )) -l$(( $NIX_BUILD_CORES+1 )) \ + "${target}" + ( + source chrome/installer/linux/common/installer.include + PACKAGE=$packageName + MENUNAME="Chromium" + process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1" + ) + ''; + targets = extraAttrs.buildTargets or []; + commands = map buildCommand targets; + in concatStringsSep "\n" commands; + + postFixup = '' + # Make sure that libGLESv2 is found by dlopen (if using EGL). + chromiumBinary="$libExecPath/$packageName" + origRpath="$(patchelf --print-rpath "$chromiumBinary")" + patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary" + ''; + + passthru.updateScript = ./update.py; + }; + +# Remove some extraAttrs we supplied to the base attributes already. +in stdenv.mkDerivation (base // removeAttrs extraAttrs [ + "name" "gnFlags" "buildTargets" +] // { passthru = base.passthru // (extraAttrs.passthru or {}); }) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix new file mode 100644 index 000000000000..e4bde5122270 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix @@ -0,0 +1,232 @@ +{ newScope, config, stdenv, fetchurl, makeWrapper +, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils +, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit +, libva ? null +, pipewire_0_2 +, gcc, nspr, nss, runCommand +, lib + +# package customization +# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) +, channel ? "stable" +, gnomeSupport ? false, gnome ? null +, gnomeKeyringSupport ? false +, proprietaryCodecs ? true +, enablePepperFlash ? false +, enableWideVine ? false +, useVaapi ? false # Deprecated, use enableVaapi instead! +, enableVaapi ? false # Disabled by default due to unofficial support +, useOzone ? false +, cupsSupport ? true +, pulseSupport ? config.pulseaudio or stdenv.isLinux +, commandLineArgs ? "" +}: + +let + llvmPackages = llvmPackages_11; + stdenv = llvmPackages.stdenv; + + callPackage = newScope chromium; + + chromium = rec { + inherit stdenv llvmPackages; + + upstream-info = (lib.importJSON ./upstream-info.json).${channel}; + + mkChromiumDerivation = callPackage ./common.nix ({ + inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs + cupsSupport pulseSupport useOzone; + # TODO: Remove after we can update gn for the stable channel (backward incompatible changes): + gnChromium = gn.overrideAttrs (oldAttrs: { + version = "2020-07-20"; + src = fetchgit { + url = "https://gn.googlesource.com/gn"; + rev = "3028c6a426a4aaf6da91c4ebafe716ae370225fe"; + sha256 = "0h3wf4152zdvrbb0jbj49q6814lfl3rcy5mj8b2pl9s0ahvkbc6q"; + }; + }); + } // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") { + useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/ + gnChromium = gn.overrideAttrs (oldAttrs: { + version = "2020-08-17"; + src = fetchgit { + url = "https://gn.googlesource.com/gn"; + rev = "6f13aaac55a977e1948910942675c69f2b4f7a94"; + sha256 = "01hpma1sllpdx09mvr4d6073sg6zmk6iv44kd3r28khymcj4s251"; + }; + }); + }); + + browser = callPackage ./browser.nix { inherit channel enableWideVine; }; + + plugins = callPackage ./plugins.nix { + inherit enablePepperFlash; + }; + }; + + pkgSuffix = if channel == "dev" then "unstable" else channel; + pkgName = "google-chrome-${pkgSuffix}"; + chromeSrc = fetchurl { + urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [ + "https://dl.google.com/linux/chrome/deb/pool/main/g" + "http://95.31.35.30/chrome/pool/main/g" + "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" + "http://repo.fdzh.org/chrome/deb/pool/main/g" + ]; + sha256 = chromium.upstream-info.sha256bin64; + }; + + mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; + widevineCdm = stdenv.mkDerivation { + name = "chrome-widevine-cdm"; + + src = chromeSrc; + + phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; + + unpackCmd = let + widevineCdmPath = + if channel == "stable" then + "./opt/google/chrome/WidevineCdm" + else if channel == "beta" then + "./opt/google/chrome-beta/WidevineCdm" + else if channel == "dev" then + "./opt/google/chrome-unstable/WidevineCdm" + else + throw "Unknown chromium channel."; + in '' + # Extract just WidevineCdm from upstream's .deb file + ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}" + + # Move things around so that we don't have to reference a particular + # chrome-* directory later. + mv "${widevineCdmPath}" ./ + + # unpackCmd wants a single output directory; let it take WidevineCdm/ + rm -rf opt + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; + + patchPhase = '' + patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so + ''; + + installPhase = '' + mkdir -p $out/WidevineCdm + cp -a * $out/WidevineCdm/ + ''; + + meta = { + platforms = [ "x86_64-linux" ]; + license = lib.licenses.unfree; + }; + }; + + suffix = if channel != "stable" then "-" + channel else ""; + + sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; + + version = chromium.browser.version; + + # We want users to be able to enableWideVine without rebuilding all of + # chromium, so we have a separate derivation here that copies chromium + # and adds the unfree WidevineCdm. + chromiumWV = let browser = chromium.browser; in if enableWideVine then + runCommand (browser.name + "-wv") { version = browser.version; } + '' + mkdir -p $out + cp -a ${browser}/* $out/ + chmod u+w $out/libexec/chromium + cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/ + '' + else browser; + + optionalVaapiFlags = if useVaapi # TODO: Remove after 20.09: + then throw '' + Chromium's useVaapi was replaced by enableVaapi and you don't need to pass + "--ignore-gpu-blacklist" anymore (also no rebuilds are required anymore). + '' else lib.optionalString + (enableVaapi) + "--add-flags --enable-accelerated-video-decode"; +in stdenv.mkDerivation { + name = "chromium${suffix}-${version}"; + inherit version; + + buildInputs = [ + makeWrapper ed + + # needed for GSETTINGS_SCHEMAS_PATH + gsettings-desktop-schemas glib gtk3 + + # needed for XDG_ICON_DIRS + gnome3.adwaita-icon-theme + ]; + + outputs = ["out" "sandbox"]; + + buildCommand = let + browserBinary = "${chromiumWV}/libexec/chromium/chromium"; + getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; + libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ]; + + in with stdenv.lib; '' + mkdir -p "$out/bin" + + eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ + --add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \ + ${optionalVaapiFlags} \ + ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} + + ed -v -s "$out/bin/chromium" << EOF + 2i + + if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ] + then + export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}" + else + export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}" + fi + + '' + lib.optionalString (libPath != "") '' + # To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not + # contain an empty section before or after a colon. + export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}" + '' + '' + + # libredirect causes chromium to deadlock on startup + export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')" + + export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS + + # Mainly for xdg-open but also other xdg-* tools: + export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" + + . + w + EOF + + ln -sv "${chromium.browser.sandbox}" "$sandbox" + + ln -s "$out/bin/chromium" "$out/bin/chromium-browser" + + mkdir -p "$out/share" + for f in '${chromium.browser}'/share/*; do # hello emacs */ + ln -s -t "$out/share/" "$f" + done + ''; + + inherit (chromium.browser) packageName; + meta = chromium.browser.meta; + passthru = { + inherit (chromium) upstream-info browser; + mkDerivation = chromium.mkChromiumDerivation; + inherit chromeSrc sandboxExecutableName; + updateScript = ./update.py; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/no-build-timestamps.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/no-build-timestamps.patch new file mode 100644 index 000000000000..6b788f43d29c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/no-build-timestamps.patch @@ -0,0 +1,17 @@ +--- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200 ++++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200 +@@ -94,6 +94,14 @@ + 'build_type', help='The type of build', choices=('official', 'default')) + args = argument_parser.parse_args() + ++ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here ++ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None) ++ if SOURCE_DATE_EPOCH is not None: ++ print(SOURCE_DATE_EPOCH) ++ return 0 ++ else: ++ raise RuntimeError("SOURCE_DATE_EPOCH not set") ++ + # The mtime of the revision in build/util/LASTCHANGE is stored in a file + # next to it. Read it, to get a deterministic time close to "now". + # That date is then modified as described at the top of the file so that diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch new file mode 100644 index 000000000000..32f0ae2fb5e6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn +index ed0e2f5208b..5b431a030d5 100644 +--- a/third_party/widevine/cdm/BUILD.gn ++++ b/third_party/widevine/cdm/BUILD.gn +@@ -14,7 +14,7 @@ buildflag_header("buildflags") { + + flags = [ + "ENABLE_WIDEVINE=$enable_widevine", +- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm", ++ "BUNDLE_WIDEVINE_CDM=true", + "ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component", + ] + } diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/plugins.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/plugins.nix new file mode 100644 index 000000000000..c725f87d3a27 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/plugins.nix @@ -0,0 +1,92 @@ +{ stdenv, gcc +, jshon +, glib +, nspr +, nss +, fetchzip +, enablePepperFlash ? false + +, upstream-info +}: + +with stdenv.lib; + +let + mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}"; + + # Generate a shell fragment that emits flags appended to the + # final makeWrapper call for wrapping the browser's main binary. + # + # Note that this is shell-escaped so that only the variable specified + # by the "output" attribute is substituted. + mkPluginInfo = { output ? "out", allowedVars ? [ output ] + , flags ? [], envVars ? {} + }: let + shSearch = ["'"] ++ map (var: "@${var}@") allowedVars; + shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars; + # We need to triple-escape "val": + # * First because makeWrapper doesn't do any quoting of its arguments by + # itself. + # * Second because it's passed to the makeWrapper call separated by IFS but + # not by the _real_ arguments, for example the Widevine plugin flags + # contain spaces, so they would end up as separate arguments. + # * Third in order to be correctly quoted for the "echo" call below. + shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'"; + mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'"; + mkFlag = flag: ["--add-flags" (shEsc flag)]; + mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)]; + envList = mapAttrsToList mkEnvVar envVars; + quoted = map mkSh (flatten ((map mkFlag flags) ++ envList)); + in '' + mkdir -p "''$${output}/nix-support" + echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" + ''; + + flash = stdenv.mkDerivation rec { + pname = "flashplayer-ppapi"; + version = "32.0.0.445"; + + src = fetchzip { + url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz"; + sha256 = "1r9vd210d2qp501q40pjx60mzah08rg0f8jk5rpp52ddajwggalv"; + stripRoot = false; + }; + + patchPhase = '' + chmod +x libpepflashplayer.so + patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + installPhase = '' + flashVersion="$( + "${jshon}/bin/jshon" -F manifest.json -e version -u + )" + + install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so" + + ${mkPluginInfo { + allowedVars = [ "out" "flashVersion" ]; + flags = [ + "--ppapi-flash-path=@out@/lib/libpepflashplayer.so" + "--ppapi-flash-version=@flashVersion@" + ]; + }} + ''; + + dontStrip = true; + + meta = { + license = stdenv.lib.licenses.unfree; + maintainers = with stdenv.lib.maintainers; [ taku0 ]; + platforms = platforms.x86_64; + }; + }; + +in { + enabled = optional enablePepperFlash flash; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py new file mode 100755 index 000000000000..bfc7f0d2478c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py @@ -0,0 +1,77 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python -p python3 nix + +import csv +import json +import subprocess +import sys + +from codecs import iterdecode +from collections import OrderedDict +from os.path import abspath, dirname +from urllib.request import urlopen + +HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux' +DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' +BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' + +JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json' + +def load_json(path): + with open(path, 'r') as f: + return json.load(f) + +def nix_prefetch_url(url, algo='sha256'): + print(f'nix-prefetch-url {url}') + out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url]) + return out.decode('utf-8').rstrip() + +channels = {} +last_channels = load_json(JSON_PATH) + +print(f'GET {HISTORY_URL}', file=sys.stderr) +with urlopen(HISTORY_URL) as resp: + builds = csv.DictReader(iterdecode(resp, 'utf-8')) + for build in builds: + channel_name = build['channel'] + + # If we've already found a newer build for this channel, we're + # no longer interested in it. + if channel_name in channels: + continue + + # If we're back at the last build we used, we don't need to + # keep going -- there's no new version available, and we can + # just reuse the info from last time. + if build['version'] == last_channels[channel_name]['version']: + channels[channel_name] = last_channels[channel_name] + continue + + channel = {'version': build['version']} + suffix = 'unstable' if channel_name == 'dev' else channel_name + + try: + channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz') + channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb') + except subprocess.CalledProcessError: + # This build isn't actually available yet. Continue to + # the next one. + continue + + channels[channel_name] = channel + +with open(JSON_PATH, 'w') as out: + def get_channel_key(item): + channel_name = item[0] + if channel_name == 'stable': + return 0 + elif channel_name == 'beta': + return 1 + elif channel_name == 'dev': + return 2 + else: + print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) + sys.exit(1) + sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) + json.dump(sorted_channels, out, indent=2) + out.write('\n') diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.json b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.json new file mode 100644 index 000000000000..7523a6653f24 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -0,0 +1,17 @@ +{ + "stable": { + "version": "86.0.4240.75", + "sha256": "1ddw4p9zfdzhi5hrd8x14k4w326znljzprnpfi2f917rlpnl2ynx", + "sha256bin64": "17isxkd80rccqim6izzl08vw4yr52qsk6djp1rmhhijzg9rsvghz" + }, + "beta": { + "version": "87.0.4280.20", + "sha256": "1lqdxy6pm72h8ym5ij713rp055csqn19agy3sp6wnmp3pj688ic8", + "sha256bin64": "0r9wk2kgn7z0jjzpppr799jp5izxvh1ig4mv12iadz4y7dl47kaw" + }, + "dev": { + "version": "88.0.4292.2", + "sha256": "0b8ihgbvdqpbcgw9p9sak8nz599pah94jmysqigs4phl9slvir5d", + "sha256bin64": "13bx19r56m2r1yjy3b84phv96kkckf87n88kpscf867lgwbrc4fc" + } +} |