To improve compilation times it is possible to use Jumbo builds,
in Chromium.
The idea is to merge many source files and compile them together.
Since a large portion of Chromium's code is in shared header files
that dramatically reduces the total amount of work needed.
fix an internal build dependency while here
This is now possible due to the libcxx update and pmap changes in the kernel.
Since swiftshader is not supported on aarch64 (amd64), create a PFRAG to be
included on anything else besides arm64.
I am commiting this so that work can continue in tree because the diff
is starting to get really big. This commit includes several changes
required for unveil(2) described below:
- overhaul of the sandboxing code for pledge(2) to match what is being
done on other platforms
- avoid using /dev/urandom and switch to arc4random(3) or arc4random_buf(3)
- start using pledge(2) for the main browser process as well, disabled by
default for now as the list changes rapidly. The list of pledges are read
from the /etc/chromium/pledge.main file if available. When this is complete
the list of pledges will be hardcoded just as it is for the other process
types.
- add the --enable-unveil flag to use unveil(2) in all of the browser processes
by reading the list of unveil'd paths from files located in /etc/chromium,
e.g.: /etc/chromium/unveil.main or /etc/chromium/unveil.gpu.
These files are not included in the package by default as they are work in
progress. If you want to help please visit: https://github.com/rnagy/chromium
- if unveil(2) is used, chromium will not be able to access most of the filesystem
so for example if you would like to download or upload something, only the unveil'd
paths are going to be available, which is by default include ~/Downloads.
