diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium')
10 files changed, 979 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix new file mode 100644 index 000000000000..c5cbee196521 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix @@ -0,0 +1,87 @@ +{ stdenv, mkChromiumDerivation, channel, enableWideVine }: + +with stdenv.lib; + +mkChromiumDerivation (base: rec { + name = "chromium-browser"; + packageName = "chromium"; + buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ]; + + outputs = ["out" "sandbox"]; + + sandboxExecutableName = "__chromium-suid-sandbox"; + + installPhase = '' + mkdir -p "$libExecPath" + cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" + cp -v "$buildPath/icudtl.dat" "$libExecPath/" + cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" + cp -v "$buildPath/chrome" "$libExecPath/$packageName" + + # Swiftshader + # See https://stackoverflow.com/a/4264351/263061 for the find invocation. + if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then + echo "Swiftshader files found; installing" + mkdir -p "$libExecPath/swiftshader" + cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/" + else + echo "Swiftshader files not found" + fi + + mkdir -p "$sandbox/bin" + cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" + + mkdir -vp "$out/share/man/man1" + cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" + + for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do + num_and_suffix="''${icon_file##*logo_}" + icon_size="''${num_and_suffix%.*}" + expr "$icon_size" : "^[0-9][0-9]*$" || continue + logo_output_prefix="$out/share/icons/hicolor" + logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" + mkdir -vp "$logo_output_path" + cp -v "$icon_file" "$logo_output_path/$packageName.png" + done + + # Install Desktop Entry + install -D chrome/installer/linux/common/desktop.template \ + $out/share/applications/chromium-browser.desktop + + substituteInPlace $out/share/applications/chromium-browser.desktop \ + --replace "@@MENUNAME@@" "Chromium" \ + --replace "@@PACKAGE@@" "chromium" \ + --replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium" + + # Append more mime types to the end + sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \ + $out/share/applications/chromium-browser.desktop + + # See https://github.com/NixOS/nixpkgs/issues/12433 + sed -i \ + -e '/\[Desktop Entry\]/a\' \ + -e 'StartupWMClass=chromium-browser' \ + $out/share/applications/chromium-browser.desktop + ''; + + passthru = { inherit sandboxExecutableName; }; + + requiredSystemFeatures = [ "big-parallel" ]; + + meta = { + description = "An open source web browser from Google, with dependencies on Google web services removed"; + longDescription = '' + Chromium is an open source web browser from Google that aims to build a + safer, faster, and more stable way for all Internet users to experience + the web. It has a minimalist user interface and provides the vast majority + of source code for Google Chrome (which has some additional features). + ''; + homepage = "https://github.com/Eloston/ungoogled-chromium"; + maintainers = with maintainers; [ squalus ]; + license = if enableWideVine then licenses.unfree else licenses.bsd3; + platforms = platforms.linux; + hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; + timeout = 172800; # 48 hours (increased from the Hydra default of 10h) + broken = channel == "dev"; # Blocked on https://bugs.chromium.org/p/chromium/issues/detail?id=1141896 + }; +}) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix new file mode 100644 index 000000000000..2accb1a7ab21 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix @@ -0,0 +1,358 @@ +{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl + +# default dependencies +, gnutar, bzip2, flac, speex, libopus +, libevent, expat, libjpeg, snappy +, libpng, libcap +, xdg_utils, yasm, nasm, minizip, libwebp +, libusb1, pciutils, nss, re2 + +, python2Packages, perl, pkgconfig +, nspr, systemd, kerberos +, util-linux, alsaLib +, bison, gperf +, glib, gtk3, dbus-glib +, glibc +, libXScrnSaver, libXcursor, libXtst, libGLU, libGL +, protobuf, speechd, libXdamage, cups +, ffmpeg, libxslt, libxml2, at-spi2-core +, jre8 +, pipewire_0_2 + +# optional dependencies +, libgcrypt ? null # gnomeSupport || cupsSupport +, libva ? null # useVaapi +, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone + +# package customization +, useOzone ? false +, useVaapi ? !(useOzone || stdenv.isAarch64) # Built if supported, but disabled in the wrapper +# VA-API TODOs: +# - Ozone: M81 fails to build due to "ozone_platform_gbm = false" +# - Possible solutions: Write a patch to fix the build (wrong gn dependencies) +# or build with minigbm +# - AArch64: Causes serious regressions (https://github.com/NixOS/nixpkgs/pull/85253#issuecomment-614405879) +, gnomeSupport ? false, gnome ? null +, gnomeKeyringSupport ? false, libgnome-keyring3 ? null +, proprietaryCodecs ? true +, cupsSupport ? true +, pulseSupport ? false, libpulseaudio ? null +, ungoogled-chromium +, ungoogled ? false + +, channel +, upstream-info +}: + +buildFun: + +with stdenv.lib; + +let + jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 + + # The additional attributes for creating derivations based on the chromium + # source tree. + extraAttrs = buildFun base; + + githubPatch = commit: sha256: fetchpatch { + url = "https://github.com/chromium/chromium/commit/${commit}.patch"; + inherit sha256; + }; + + mkGnFlags = + let + # Serialize Nix types into GN types according to this document: + # https://source.chromium.org/gn/gn/+/master:docs/language.md + mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\""; + sanitize = value: + if value == true then "true" + else if value == false then "false" + else if isList value then "[${concatMapStringsSep ", " sanitize value}]" + else if isInt value then toString value + else if isString value then mkGnString value + else throw "Unsupported type for GN value `${value}'."; + toFlag = key: value: "${key}=${sanitize value}"; + in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); + + # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py + gnSystemLibraries = [ + "ffmpeg" + "flac" + "libjpeg" + "libpng" + "libwebp" + "libxslt" + "opus" + "snappy" + "zlib" + ]; + + opusWithCustomModes = libopus.override { + withCustomModes = true; + }; + + defaultDependencies = [ + bzip2 flac speex opusWithCustomModes + libevent expat libjpeg snappy + libpng libcap + xdg_utils minizip libwebp + libusb1 re2 + ffmpeg libxslt libxml2 + nasm + ]; + + # build paths and release info + packageName = extraAttrs.packageName or extraAttrs.name; + buildType = "Release"; + buildPath = "out/${buildType}"; + libExecPath = "$out/libexec/${packageName}"; + + versionRange = min-version: upto-version: + let inherit (upstream-info) version; + result = versionAtLeast version min-version && versionOlder version upto-version; + stable-version = (importJSON ./upstream-info.json).stable.version; + in if versionAtLeast stable-version upto-version + then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." + result + else result; + + ungoogler = + let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; + in ungoogled-chromium { + inherit (versionEntry) rev sha256; + }; + base = rec { + name = "${packageName}-unwrapped-${version}"; + inherit (upstream-info) version; + inherit channel packageName buildType buildPath; + + src = fetchurl { + url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; + inherit (upstream-info) sha256; + }; + + nativeBuildInputs = [ + llvmPackages.lldClang.bintools + ninja which python2Packages.python perl pkgconfig + python2Packages.ply python2Packages.jinja2 nodejs + gnutar python2Packages.setuptools + ]; + + buildInputs = defaultDependencies ++ [ + nspr nss systemd + util-linux alsaLib + bison gperf kerberos + glib gtk3 dbus-glib + libXScrnSaver libXcursor libXtst libGLU libGL + pciutils protobuf speechd libXdamage at-spi2-core + jre + pipewire_0_2 + ] ++ optional useVaapi libva + ++ optional gnomeKeyringSupport libgnome-keyring3 + ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] + ++ optionals cupsSupport [ libgcrypt cups ] + ++ optional pulseSupport libpulseaudio + ++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ]; + + patches = [ + ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) + ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags + # ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) + ] ++ optionals (useVaapi && versionRange "86" "87") [ + # Check for enable-accelerated-video-decode on Linux: + (githubPatch "54deb9811ca9bd2327def5c05ba6987b8c7a0897" "11jvxjlkzz1hm0pvfyr88j7z3zbwzplyl5idkx92l2lzv4459c8d") + ]; + + postPatch = '' + # remove unused third-party + for lib in ${toString gnSystemLibraries}; do + if [ -d "third_party/$lib" ]; then + find "third_party/$lib" -type f \ + \! -path "third_party/$lib/chromium/*" \ + \! -path "third_party/$lib/google/*" \ + \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \ + \! -regex '.*\.\(gn\|gni\|isolate\)' \ + -delete + fi + done + + # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): + substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" + if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then + substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ + --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" + fi + + # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX + substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ + --replace \ + 'return sandbox_binary;' \ + 'return base::FilePath(GetDevelSandboxPath());' + + substituteInPlace services/audio/audio_sandbox_hook_linux.cc \ + --replace \ + '/usr/share/alsa/' \ + '${alsaLib}/share/alsa/' \ + --replace \ + '/usr/lib/x86_64-linux-gnu/gconv/' \ + '${glibc}/lib/gconv/' \ + --replace \ + '/usr/share/locale/' \ + '${glibc}/share/locale/' + + sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ + chrome/browser/shell_integration_linux.cc + + sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \ + device/udev_linux/udev?_loader.cc + + sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ + gpu/config/gpu_info_collector_linux.cc + + # Allow to put extensions into the system-path. + sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc + + patchShebangs . + # use our own nodejs + mkdir -p third_party/node/linux/node-linux-x64/bin + ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node + + # Allow building against system libraries in official builds + sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py + + '' + optionalString stdenv.isAarch64 '' + substituteInPlace build/toolchain/linux/BUILD.gn \ + --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' + '' + optionalString ungoogled '' + ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" + ${ungoogler}/utils/patches.py . ${ungoogler}/patches + ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . + ''; + + gnFlags = mkGnFlags ({ + custom_toolchain = "//build/toolchain/linux/unbundle:default"; + host_toolchain = "//build/toolchain/linux/unbundle:default"; + is_official_build = true; + is_debug = false; + + proprietary_codecs = false; + use_sysroot = false; + use_gnome_keyring = gnomeKeyringSupport; + use_gio = gnomeSupport; + # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy', + # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it + enable_nacl = false; + # Enabling the Widevine component here doesn't affect whether we can + # redistribute the chromium package; the Widevine component is either + # added later in the wrapped -wv build or downloaded from Google. + enable_widevine = true; + use_cups = cupsSupport; + # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture. + rtc_use_pipewire = true; + + treat_warnings_as_errors = false; + is_clang = stdenv.cc.isClang; + clang_use_chrome_plugins = false; + blink_symbol_level = 0; + symbol_level = 0; + fieldtrial_testing_like_official_build = true; + + # Google API keys, see: + # http://www.chromium.org/developers/how-tos/api-keys + # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, + # please get your own set of keys. + google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; + google_default_client_id = "404761575300.apps.googleusercontent.com"; + google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; + } // optionalAttrs proprietaryCodecs { + # enable support for the H.264 codec + proprietary_codecs = true; + enable_hangout_services_extension = true; + ffmpeg_branding = "Chrome"; + } // optionalAttrs useVaapi { + use_vaapi = true; + } // optionalAttrs pulseSupport { + use_pulseaudio = true; + link_pulseaudio = true; + } // optionalAttrs useOzone { + use_ozone = true; + ozone_platform_gbm = false; + use_xkbcommon = true; + use_glib = true; + use_gtk = true; + use_system_libwayland = true; + use_system_minigbm = true; + use_system_libdrm = true; + system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; + } // optionalAttrs ungoogled { + enable_hangout_services_extension = false; + enable_js_type_check = false; + enable_mdns = false; + enable_nacl_nonsfi = false; + enable_one_click_signin = false; + enable_reading_list = false; + enable_remoting = false; + enable_reporting = false; + enable_service_discovery = false; + exclude_unwind_tables = true; + google_api_key = ""; + google_default_client_id = ""; + google_default_client_secret = ""; + safe_browsing_mode = 0; + use_official_google_api_keys = false; + use_unofficial_version_number = false; + } // (extraAttrs.gnFlags or {})); + + configurePhase = '' + runHook preConfigure + + # This is to ensure expansion of $out. + libExecPath="${libExecPath}" + python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries} + ${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt + + # Fail if `gn gen` contains a WARNING. + grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1 + + runHook postConfigure + ''; + + # Don't spam warnings about unknown warning options. This is useful because + # our Clang is always older than Chromium's and the build logs have a size + # of approx. 25 MB without this option (and this saves e.g. 66 %). + NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option"; + + buildPhase = let + buildCommand = target: '' + ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}" + ( + source chrome/installer/linux/common/installer.include + PACKAGE=$packageName + MENUNAME="Chromium" + process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1" + ) + ''; + targets = extraAttrs.buildTargets or []; + commands = map buildCommand targets; + in concatStringsSep "\n" commands; + + postFixup = '' + # Make sure that libGLESv2 is found by dlopen (if using EGL). + chromiumBinary="$libExecPath/$packageName" + origRpath="$(patchelf --print-rpath "$chromiumBinary")" + patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary" + ''; + + passthru = { + updateScript = ./update.py; + chromiumDeps = { + gn = gnChromium; + }; + }; + }; + +# Remove some extraAttrs we supplied to the base attributes already. +in stdenv.mkDerivation (base // removeAttrs extraAttrs [ + "name" "gnFlags" "buildTargets" +] // { passthru = base.passthru // (extraAttrs.passthru or {}); }) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix new file mode 100644 index 000000000000..b02c91c6e230 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix @@ -0,0 +1,218 @@ +{ newScope, config, stdenv, fetchurl, makeWrapper +, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils +, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit +, libva ? null +, pipewire_0_2 +, gcc, nspr, nss, runCommand +, lib + +# package customization +# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) +, channel ? "stable" +, gnomeSupport ? false, gnome ? null +, gnomeKeyringSupport ? false +, proprietaryCodecs ? true +, enablePepperFlash ? false +, enableWideVine ? false +, enableVaapi ? false # Disabled by default due to unofficial support +, ungoogled ? true +, useOzone ? false +, cupsSupport ? true +, pulseSupport ? config.pulseaudio or stdenv.isLinux +, commandLineArgs ? "" +}: + +let + llvmPackages = llvmPackages_11; + stdenv = llvmPackages.stdenv; + + callPackage = newScope chromium; + + chromium = rec { + inherit stdenv llvmPackages; + + upstream-info = (lib.importJSON ./upstream-info.json).${channel}; + + mkChromiumDerivation = callPackage ./common.nix ({ + inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs + cupsSupport pulseSupport useOzone; + inherit ungoogled; + gnChromium = gn.overrideAttrs (oldAttrs: { + inherit (upstream-info.deps.gn) version; + src = fetchgit { + inherit (upstream-info.deps.gn) url rev sha256; + }; + }); + } // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") { + useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/ + useVaapi = !stdenv.isAarch64; # TODO: Might be best to not set use_vaapi anymore (default is fine) + }); + + browser = callPackage ./browser.nix { inherit channel enableWideVine; }; + + plugins = callPackage ./plugins.nix { + inherit enablePepperFlash; + }; + + ungoogled-chromium = callPackage ./ungoogled.nix {}; + }; + + pkgSuffix = if channel == "dev" then "unstable" else channel; + pkgName = "google-chrome-${pkgSuffix}"; + chromeSrc = fetchurl { + urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [ + "https://dl.google.com/linux/chrome/deb/pool/main/g" + "http://95.31.35.30/chrome/pool/main/g" + "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" + "http://repo.fdzh.org/chrome/deb/pool/main/g" + ]; + sha256 = chromium.upstream-info.sha256bin64; + }; + + mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; + widevineCdm = stdenv.mkDerivation { + name = "chrome-widevine-cdm"; + + src = chromeSrc; + + phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; + + unpackCmd = let + widevineCdmPath = + if channel == "stable" then + "./opt/google/chrome/WidevineCdm" + else if channel == "beta" then + "./opt/google/chrome-beta/WidevineCdm" + else if channel == "dev" then + "./opt/google/chrome-unstable/WidevineCdm" + else + throw "Unknown chromium channel."; + in '' + # Extract just WidevineCdm from upstream's .deb file + ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}" + + # Move things around so that we don't have to reference a particular + # chrome-* directory later. + mv "${widevineCdmPath}" ./ + + # unpackCmd wants a single output directory; let it take WidevineCdm/ + rm -rf opt + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; + + patchPhase = '' + patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so + ''; + + installPhase = '' + mkdir -p $out/WidevineCdm + cp -a * $out/WidevineCdm/ + ''; + + meta = { + platforms = [ "x86_64-linux" ]; + license = lib.licenses.unfree; + }; + }; + + suffix = if channel != "stable" then "-" + channel else ""; + + sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; + + version = chromium.browser.version; + + # We want users to be able to enableWideVine without rebuilding all of + # chromium, so we have a separate derivation here that copies chromium + # and adds the unfree WidevineCdm. + chromiumWV = let browser = chromium.browser; in if enableWideVine then + runCommand (browser.name + "-wv") { version = browser.version; } + '' + mkdir -p $out + cp -a ${browser}/* $out/ + chmod u+w $out/libexec/chromium + cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/ + '' + else browser; + +in stdenv.mkDerivation { + name = "ungoogled-chromium${suffix}-${version}"; + inherit version; + + buildInputs = [ + makeWrapper ed + + # needed for GSETTINGS_SCHEMAS_PATH + gsettings-desktop-schemas glib gtk3 + + # needed for XDG_ICON_DIRS + gnome3.adwaita-icon-theme + ]; + + outputs = ["out" "sandbox"]; + + buildCommand = let + browserBinary = "${chromiumWV}/libexec/chromium/chromium"; + getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; + libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ]; + + in with stdenv.lib; '' + mkdir -p "$out/bin" + + eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ + --add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \ + ${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \ + ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} + + ed -v -s "$out/bin/chromium" << EOF + 2i + + if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ] + then + export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}" + else + export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}" + fi + + '' + lib.optionalString (libPath != "") '' + # To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not + # contain an empty section before or after a colon. + export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}" + '' + '' + + # libredirect causes chromium to deadlock on startup + export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')" + + export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS + + # Mainly for xdg-open but also other xdg-* tools: + export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" + + . + w + EOF + + ln -sv "${chromium.browser.sandbox}" "$sandbox" + + ln -s "$out/bin/chromium" "$out/bin/chromium-browser" + + mkdir -p "$out/share" + for f in '${chromium.browser}'/share/*; do # hello emacs */ + ln -s -t "$out/share/" "$f" + done + ''; + + inherit (chromium.browser) packageName; + meta = chromium.browser.meta; + passthru = { + inherit (chromium) upstream-info browser; + mkDerivation = chromium.mkChromiumDerivation; + inherit chromeSrc sandboxExecutableName; + updateScript = ./update.py; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch new file mode 100644 index 000000000000..6b788f43d29c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch @@ -0,0 +1,17 @@ +--- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200 ++++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200 +@@ -94,6 +94,14 @@ + 'build_type', help='The type of build', choices=('official', 'default')) + args = argument_parser.parse_args() + ++ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here ++ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None) ++ if SOURCE_DATE_EPOCH is not None: ++ print(SOURCE_DATE_EPOCH) ++ return 0 ++ else: ++ raise RuntimeError("SOURCE_DATE_EPOCH not set") ++ + # The mtime of the revision in build/util/LASTCHANGE is stored in a file + # next to it. Read it, to get a deterministic time close to "now". + # That date is then modified as described at the top of the file so that diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch new file mode 100644 index 000000000000..32f0ae2fb5e6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn +index ed0e2f5208b..5b431a030d5 100644 +--- a/third_party/widevine/cdm/BUILD.gn ++++ b/third_party/widevine/cdm/BUILD.gn +@@ -14,7 +14,7 @@ buildflag_header("buildflags") { + + flags = [ + "ENABLE_WIDEVINE=$enable_widevine", +- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm", ++ "BUNDLE_WIDEVINE_CDM=true", + "ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component", + ] + } diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix new file mode 100644 index 000000000000..c725f87d3a27 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix @@ -0,0 +1,92 @@ +{ stdenv, gcc +, jshon +, glib +, nspr +, nss +, fetchzip +, enablePepperFlash ? false + +, upstream-info +}: + +with stdenv.lib; + +let + mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}"; + + # Generate a shell fragment that emits flags appended to the + # final makeWrapper call for wrapping the browser's main binary. + # + # Note that this is shell-escaped so that only the variable specified + # by the "output" attribute is substituted. + mkPluginInfo = { output ? "out", allowedVars ? [ output ] + , flags ? [], envVars ? {} + }: let + shSearch = ["'"] ++ map (var: "@${var}@") allowedVars; + shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars; + # We need to triple-escape "val": + # * First because makeWrapper doesn't do any quoting of its arguments by + # itself. + # * Second because it's passed to the makeWrapper call separated by IFS but + # not by the _real_ arguments, for example the Widevine plugin flags + # contain spaces, so they would end up as separate arguments. + # * Third in order to be correctly quoted for the "echo" call below. + shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'"; + mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'"; + mkFlag = flag: ["--add-flags" (shEsc flag)]; + mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)]; + envList = mapAttrsToList mkEnvVar envVars; + quoted = map mkSh (flatten ((map mkFlag flags) ++ envList)); + in '' + mkdir -p "''$${output}/nix-support" + echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" + ''; + + flash = stdenv.mkDerivation rec { + pname = "flashplayer-ppapi"; + version = "32.0.0.445"; + + src = fetchzip { + url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz"; + sha256 = "1r9vd210d2qp501q40pjx60mzah08rg0f8jk5rpp52ddajwggalv"; + stripRoot = false; + }; + + patchPhase = '' + chmod +x libpepflashplayer.so + patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + installPhase = '' + flashVersion="$( + "${jshon}/bin/jshon" -F manifest.json -e version -u + )" + + install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so" + + ${mkPluginInfo { + allowedVars = [ "out" "flashVersion" ]; + flags = [ + "--ppapi-flash-path=@out@/lib/libpepflashplayer.so" + "--ppapi-flash-version=@flashVersion@" + ]; + }} + ''; + + dontStrip = true; + + meta = { + license = stdenv.lib.licenses.unfree; + maintainers = with stdenv.lib.maintainers; [ taku0 ]; + platforms = platforms.x86_64; + }; + }; + +in { + enabled = optional enablePepperFlash flash; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix new file mode 100644 index 000000000000..73c9796aaa96 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix @@ -0,0 +1,6 @@ +{ + "86.0.4240.183" = { + rev = "86.0.4240.183-1"; + sha256 = "0528l2wr5bpl1cwsxzl5zxz1gw91kffkh5j1kzmc5n7m4mscqxyc"; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix new file mode 100644 index 000000000000..17418c90af49 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix @@ -0,0 +1,42 @@ +{ stdenv +, fetchFromGitHub +, python3Packages +, makeWrapper +, patch +}: +{ rev +, sha256 +}: + +stdenv.mkDerivation rec { + name = "ungoogled-chromium-${version}"; + + version = rev; + + src = fetchFromGitHub { + owner = "Eloston"; + repo = "ungoogled-chromium"; + inherit rev sha256; + }; + + dontBuild = true; + + buildInputs = [ + python3Packages.python + patch + ]; + + nativeBuildInputs = [ + makeWrapper + ]; + + patchPhase = '' + sed -i '/chromium-widevine/d' patches/series + ''; + + installPhase = '' + mkdir $out + cp -R * $out/ + wrapProgram $out/utils/patches.py --add-flags "apply" --prefix PATH : "${patch}/bin" + ''; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/update.py b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/update.py new file mode 100755 index 000000000000..b404ca555bff --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/update.py @@ -0,0 +1,105 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python -p python3 nix nix-prefetch-git + +import csv +import json +import re +import subprocess +import sys + +from codecs import iterdecode +from collections import OrderedDict +from datetime import datetime +from os.path import abspath, dirname +from urllib.request import urlopen + +HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux' +DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' +BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' + +JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json' + +def load_json(path): + with open(path, 'r') as f: + return json.load(f) + +def nix_prefetch_url(url, algo='sha256'): + print(f'nix-prefetch-url {url}') + out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url]) + return out.decode('utf-8').rstrip() + +def nix_prefetch_git(url, rev): + print(f'nix-prefetch-git {url} {rev}') + out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev]) + return json.loads(out) + +def get_file_revision(revision, file_path): + url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}' + with urlopen(url) as http_response: + return http_response.read() + +def get_channel_dependencies(channel): + deps = get_file_revision(channel['version'], 'DEPS') + gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'" + gn_commit = re.search(gn_pattern, deps).group(1).decode() + gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit) + return { + 'gn': { + 'version': datetime.fromisoformat(gn['date']).date().isoformat(), + 'url': gn['url'], + 'rev': gn['rev'], + 'sha256': gn['sha256'] + } + } + +channels = {} +last_channels = load_json(JSON_PATH) + +print(f'GET {HISTORY_URL}', file=sys.stderr) +with urlopen(HISTORY_URL) as resp: + builds = csv.DictReader(iterdecode(resp, 'utf-8')) + for build in builds: + channel_name = build['channel'] + + # If we've already found a newer build for this channel, we're + # no longer interested in it. + if channel_name in channels: + continue + + # If we're back at the last build we used, we don't need to + # keep going -- there's no new version available, and we can + # just reuse the info from last time. + if build['version'] == last_channels[channel_name]['version']: + channels[channel_name] = last_channels[channel_name] + continue + + channel = {'version': build['version']} + suffix = 'unstable' if channel_name == 'dev' else channel_name + + try: + channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz') + channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb') + except subprocess.CalledProcessError: + # This build isn't actually available yet. Continue to + # the next one. + continue + + channel['deps'] = get_channel_dependencies(channel) + + channels[channel_name] = channel + +with open(JSON_PATH, 'w') as out: + def get_channel_key(item): + channel_name = item[0] + if channel_name == 'stable': + return 0 + elif channel_name == 'beta': + return 1 + elif channel_name == 'dev': + return 2 + else: + print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) + sys.exit(1) + sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) + json.dump(sorted_channels, out, indent=2) + out.write('\n') diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json new file mode 100644 index 000000000000..565f884c5102 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json @@ -0,0 +1,41 @@ +{ + "stable": { + "version": "86.0.4240.183", + "sha256": "1g39i82js7fm4fqb8i66d6xs0kzqjxzi4vzvvwz5y9rkbikcc4ma", + "sha256bin64": "1r0dxqsx6j19hgwr3v2sdlb2vd7gb961c4wba4ymd8wy8j8pzly9", + "deps": { + "gn": { + "version": "2020-08-07", + "url": "https://gn.googlesource.com/gn", + "rev": "e327ffdc503815916db2543ec000226a8df45163", + "sha256": "0kvlfj3www84zp1vmxh76x8fdjm9hyk8lkh2vdsidafpmm75fphr" + } + } + }, + "beta": { + "version": "87.0.4280.40", + "sha256": "07xh76fl257np68way6i5rf64qbvirkfddy7m5gvqb0fzcqd7dp3", + "sha256bin64": "1b2z0aqlh28pqrk6dmabxp1d4mvp9iyfmi4kqmns4cdpg0qgaf41", + "deps": { + "gn": { + "version": "2020-09-09", + "url": "https://gn.googlesource.com/gn", + "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", + "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" + } + } + }, + "dev": { + "version": "88.0.4300.0", + "sha256": "00cfs2rp4h8ybn2snr1d8ygg635hx7q5gv2aqriy1j6f8a1pgh1b", + "sha256bin64": "110r1m14h91212nx6pfhn8wkics7wlwx1608l5cqsxxcpvpzl3pv", + "deps": { + "gn": { + "version": "2020-09-09", + "url": "https://gn.googlesource.com/gn", + "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", + "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" + } + } + } +} |