guix-play/gnu/packages/chromium.scm
Marius Bakke 75527eb1cb
gnu: ungoogled-chromium: Update to 83.0.4103.106-0.f08ce8b [security fixes].
This fixes CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468,
CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473,
CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478,
CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483,
CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488,
CVE-2020-6489, CVE-2020-6490, CVE-2020-6491, CVE-2020-6493, CVE-2020-6494,
CVE-2020-6495, CVE-2020-6496, CVE-2020-6497, and CVE-2020-6498.

* gnu/packages/patches/ungoogled-chromium-system-jsoncpp.patch,
gnu/packages/patches/ungoogled-chromium-system-zlib.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 83.
(%chromium-version): Set to 83.0.4103.106.
(%ungoogled-revision): Set to f08ce8b3f1300ef0750b5d6bf967b9cbbfd9a56d.
(%gentoo-revision, %gentoo-patches, %debian-patches): New variables.
(gentoo-patch, debian-patch): New procedures.
(%chromium-origin, %ungoogled-origin): Update hashes.
(ungoogled-chromium-source): Don't apply patches from %DEBIAN-ORIGIN, but take
%GENTOO-PATCHES, %DEBIAN-PATCHES, and the local patch files.
(ungoogled-chromium)[arguments]: Remove "enable_swiftshader=false" from
 #:configure-flags.  Add "icu_use_data_file=false".  Set CFLAGS in phase.
Remove obsolete substitution.  Adjust install phase to install .so files for
ANGLE and Swiftshader.
[native-inputs]: Change from CLANG-9 to CLANG-10.
[inputs]: Replace ICU4C with ICU4C-67.
(ungoogled-chromium/wayland): Remove obsolete substitution.  Add
"ozone_platform_x11=true" in #:configure-flags.
2020-06-22 17:16:39 +02:00

913 lines
41 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2020 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages chromium)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module (guix store)
#:use-module (guix monads)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages assembly)
#:use-module (gnu packages base)
#:use-module (gnu packages bison)
#:use-module (gnu packages build-tools)
#:use-module (gnu packages compression)
#:use-module (gnu packages cups)
#:use-module (gnu packages curl)
#:use-module (gnu packages fontutils)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages ghostscript)
#:use-module (gnu packages gl)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gperf)
#:use-module (gnu packages gtk)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages image)
#:use-module (gnu packages libevent)
#:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
#:use-module (gnu packages llvm)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages ninja)
#:use-module (gnu packages node)
#:use-module (gnu packages nss)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages regex)
#:use-module (gnu packages serialization)
#:use-module (gnu packages speech)
#:use-module (gnu packages tls)
#:use-module (gnu packages valgrind)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages video)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
#:use-module (gnu packages xorg)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
(define %preserved-third-party-files
'("base/third_party/cityhash" ;Expat
"base/third_party/double_conversion" ;BSD-3
"base/third_party/dynamic_annotations" ;BSD-2
"base/third_party/icu" ;Unicode, X11-style
"base/third_party/superfasthash" ;BSD-3
"base/third_party/symbolize" ;BSD-3
"base/third_party/xdg_mime" ;LGPL2.0+ or Academic 2.0
"base/third_party/xdg_user_dirs" ;Expat
"chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
"courgette/third_party/bsdiff" ;BSD-2, BSD protection license
"courgette/third_party/divsufsort" ;Expat
"net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
"net/third_party/nss" ;MPL-2.0
"net/third_party/quiche" ;BSD-3
"net/third_party/uri_template" ;ASL2.0
"third_party/abseil-cpp" ;ASL2.0
"third_party/adobe/flash/flapper_version.h" ;no license, trivial
"third_party/angle" ;BSD-3
"third_party/angle/src/common/third_party/base" ;BSD-3
"third_party/angle/src/common/third_party/smhasher" ;Public domain
"third_party/angle/src/common/third_party/xxhash" ;BSD-2
"third_party/angle/src/third_party/compiler" ;BSD-2
"third_party/angle/src/third_party/libXNVCtrl" ;Expat
"third_party/angle/src/third_party/trace_event" ;BSD-3
"third_party/angle/src/third_party/volk" ;Expat
"third_party/angle/third_party/vulkan-headers" ;ASL2.0
"third_party/angle/third_party/vulkan-loader" ;ASL2.0
"third_party/angle/third_party/vulkan-tools" ;ASL2.0
"third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
"third_party/apple_apsl" ;APSL2.0
"third_party/axe-core" ;MPL2.0
"third_party/blink" ;BSD-3, LGPL2+
"third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
"third_party/boringssl/src/third_party/fiat" ;Expat
"third_party/breakpad" ;BSD-3
"third_party/brotli" ;Expat
"third_party/cacheinvalidation" ;ASL2.0
"third_party/catapult" ;BSD-3
"third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
"third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
"third_party/catapult/third_party/polymer" ;BSD-3
;; XXX: This is a minified version of <https://d3js.org/>.
"third_party/catapult/tracing/third_party/d3" ;BSD-3
"third_party/catapult/tracing/third_party/gl-matrix" ;Expat
"third_party/catapult/tracing/third_party/jpeg-js" ;ASL2.0
;; XXX: Minified version of <https://github.com/Stuk/jszip>.
"third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
"third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
"third_party/catapult/tracing/third_party/oboe" ;BSD-2
;; XXX: Minified version of <https://github.com/nodeca/pako>.
"third_party/catapult/tracing/third_party/pako" ;Expat
"third_party/ced" ;BSD-3
"third_party/cld_3" ;ASL2.0
"third_party/closure_compiler" ;ASL2.0
"third_party/crashpad" ;ASL2.0
"third_party/crashpad/crashpad/third_party/lss" ;ASL2.0
"third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
"third_party/crc32c" ;BSD-3
"third_party/cros_system_api" ;BSD-3
"third_party/dav1d" ;BSD-2
"third_party/dawn" ;ASL2.0
"third_party/depot_tools/owners.py" ;BSD-3
"third_party/devtools-frontend" ;BSD-3
"third_party/devtools-frontend/src/front_end/third_party/fabricjs" ;Expat
"third_party/devtools-frontend/src/front_end/third_party/lighthouse" ;ASL2.0
"third_party/devtools-frontend/src/front_end/third_party/wasmparser" ;ASL2.0
"third_party/devtools-frontend/src/third_party/axe-core" ;MPL2.0
"third_party/devtools-frontend/src/third_party/pyjson5" ;ASL2.0
"third_party/devtools-frontend/src/third_party/typescript" ;ASL2.0
"third_party/dom_distiller_js" ;BSD-3
"third_party/emoji-segmenter" ;ASL2.0
"third_party/flatbuffers" ;ASL2.0
"third_party/glslang" ;BSD-3, Expat, ASL2.0
"third_party/google_input_tools" ;ASL2.0
"third_party/google_input_tools/third_party/closure_library" ;ASL2.0
"third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
"third_party/googletest" ;BSD-3
"third_party/harfbuzz-ng" ;Expat
"third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
"third_party/iccjpeg" ;IJG
"third_party/inspector_protocol" ;BSD-3
"third_party/jinja2" ;BSD-3
"third_party/jstemplate" ;ASL2.0
"third_party/khronos" ;Expat, SGI
"third_party/leveldatabase" ;BSD-3
"third_party/libXNVCtrl" ;Expat
"third_party/libaddressinput" ;ASL2.0
"third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
"third_party/libaom/source/libaom/third_party/vector" ;Expat
"third_party/libaom/source/libaom/third_party/x86inc" ;ISC
"third_party/libgifcodec" ;MPL1.1/GPL2+/LGPL2.1+, BSD-3, BSD-2
"third_party/libjingle_xmpp" ;BSD-3
"third_party/libphonenumber" ;ASL2.0
"third_party/libsecret" ;LGPL2.1+
"third_party/libsrtp" ;BSD-3
"third_party/libsync" ;ASL2.0
"third_party/libudev" ;LGPL2.1+
"third_party/libwebm" ;BSD-3
"third_party/libxml/chromium" ;BSD-3
"third_party/libyuv" ;BSD-3
"third_party/lss" ;BSD-3
"third_party/mako" ;Expat
"third_party/markupsafe" ;BSD-3
"third_party/mesa_headers" ;Expat, SGI
"third_party/metrics_proto" ;BSD-3
"third_party/modp_b64" ;BSD-3
"third_party/nasm" ;BSD-2
"third_party/node" ;Expat
"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
"third_party/one_euro_filter" ;BSD-3
"third_party/openscreen" ;BSD-3
"third_party/openscreen/src/third_party/tinycbor" ;Expat
"third_party/ots" ;BSD-3
"third_party/pdfium" ;BSD-3
"third_party/pdfium/third_party/agg23" ;Expat
"third_party/pdfium/third_party/base" ;BSD-3
"third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
"third_party/pdfium/third_party/skia_shared" ;BSD-3
"third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
"third_party/perfetto" ;ASL2.0
"third_party/pffft" ;the "FFTPACK" license, similar to BSD-3
"third_party/ply" ;BSD-3
"third_party/polymer" ;BSD-3
"third_party/private-join-and-compute" ;ASL2.0
"third_party/protobuf" ;BSD-3
"third_party/protobuf/third_party/six" ;Expat
"third_party/pyjson5" ;ASL2.0
"third_party/qcms" ;Expat
"third_party/rnnoise" ;BSD-3
"third_party/s2cellid" ;ASL2.0
"third_party/schema_org" ;CC-BY-SA3.0
"third_party/skia" ;BSD-3
"third_party/skia/include/third_party/skcms" ;BSD-3
"third_party/skia/third_party/skcms" ;BSD-3
"third_party/skia/third_party/vulkanmemoryallocator" ;BSD-3, Expat
"third_party/smhasher" ;Expat, public domain
"third_party/speech-dispatcher" ;GPL2+
"third_party/spirv-headers" ;ASL2.0
"third_party/SPIRV-Tools" ;ASL2.0
"third_party/sqlite" ;Public domain
"third_party/swiftshader" ;ASL2.0
"third_party/swiftshader/third_party/astc-encoder" ;ASL2.0
"third_party/swiftshader/third_party/llvm-7.0" ;NCSA
"third_party/swiftshader/third_party/llvm-subzero" ;NCSA
"third_party/swiftshader/third_party/marl" ;ASL2.0
"third_party/swiftshader/third_party/subzero" ;NCSA
"third_party/swiftshader/third_party/SPIRV-Headers" ;X11-style
"third_party/usb_ids" ;BSD-3
"third_party/usrsctp" ;BSD-2
"third_party/wayland/wayland_scanner_wrapper.py" ;BSD-3
"third_party/wayland-protocols" ;Expat
"third_party/web-animations-js" ;ASL2.0
"third_party/webdriver" ;ASL2.0
"third_party/webrtc" ;BSD-3
"third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
"third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
"third_party/webrtc/modules/third_party/fft" ;Non-copyleft
"third_party/webrtc/modules/third_party/g711" ;Public domain
"third_party/webrtc/modules/third_party/g722" ;Public domain
"third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
"third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
"third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
"third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
"third_party/woff2" ;ASL2.0
"third_party/xdg-utils" ;Expat
"third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
"third_party/zlib/google" ;BSD-3
"url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
"v8/src/third_party/siphash" ;Public domain
"v8/src/third_party/utf8-decoder" ;Expat
"v8/src/third_party/valgrind" ;BSD-4
"v8/third_party/inspector_protocol" ;BSD-3
"v8/third_party/v8/builtins")) ;PSFL
(define* (computed-origin-method gexp-promise hash-algo hash
#:optional (name "source")
#:key (system (%current-system))
(guile (default-guile)))
"Return a derivation that executes the G-expression that results
from forcing GEXP-PROMISE."
(mlet %store-monad ((guile (package->derivation guile system)))
(gexp->derivation (or name "computed-origin")
(force gexp-promise)
#:graft? #f ;nothing to graft
#:system system
#:guile-for-build guile)))
(define %chromium-version "83.0.4103.106")
(define %ungoogled-revision "f08ce8b3f1300ef0750b5d6bf967b9cbbfd9a56d")
(define %debian-revision "debian/81.0.4044.92-1")
(define %gentoo-revision "55ef09d6709f4e4cbe23418e4ade0f219fa2fa1f")
(define package-revision "0")
(define %package-version (string-append %chromium-version "-"
package-revision "."
(string-take %ungoogled-revision 7)))
(define (gentoo-patch name revision hash)
(origin
(method url-fetch)
(uri (string-append "https://gitweb.gentoo.org/repo/gentoo.git/plain"
"/www-client/chromium/files/" name "?id=" revision))
(file-name (string-append "ungoogled-" name))
(sha256 (base32 hash))))
(define %gentoo-patches
(list (gentoo-patch "chromium-fix-char_traits.patch" %gentoo-revision
"1zr9wj2rj5phwdiffykd8w3srmzn0xxgmznz762qp7rs7amnp8ns")
(gentoo-patch "chromium-blink-style_format.patch" %gentoo-revision
"098akk5l01m0n3zz08ycz1kp3xmjnbng6d399z1fnb2zigbf0b0z")
(gentoo-patch "chromium-78-protobuf-export.patch" %gentoo-revision
"1wbw29daqwyrnij4991v84955ydqfvvjpz4s2p40agnzmgdzwnsx")
(gentoo-patch "chromium-79-gcc-alignas.patch" %gentoo-revision
"1a6l4i9cicy8dpxxjamyw8cl2nmqfv3x9gbffrsr8571my6fh17s")
(gentoo-patch "chromium-80-gcc-quiche.patch" %gentoo-revision
"0rdlsymw6h8i6yhysiq4la53pwivzv1i9lh0gprh5cl367r1haww")
(gentoo-patch "chromium-82-gcc-noexcept.patch" %gentoo-revision
"0pljnysjvbv2ck0s159qssjhv1pfr32i0nb66smmfmfix2yaizqc")
(gentoo-patch "chromium-82-gcc-incomplete-type.patch" %gentoo-revision
"04751dnpmiasifhq29a1kyxlnq6f2fmd2qbkv7hxdlsxbzg3lhsv")
(gentoo-patch "chromium-82-gcc-template.patch" %gentoo-revision
"1ilmx9wmzyrwmfvr2mwc7m5z6lnbhjkms5k40i8yavqah6kcdbw2")
(gentoo-patch "chromium-82-gcc-iterator.patch" %gentoo-revision
"1xljai9cj99pf4q3l8hz90i8mhdbd8v6h1vj8y37v6j8p78n3zvj")
(gentoo-patch "chromium-83-gcc-template.patch" %gentoo-revision
"1bb1anqdrimza7d0gg4fmxij00563jd9k1azy8sz1ybd8gvrphqi")
(gentoo-patch "chromium-83-gcc-include.patch" %gentoo-revision
"0rs9jj71ridplndi967m0z47vqd8ryykg36gjx8iyf3580vr2hlw")
(gentoo-patch "chromium-83-gcc-permissive.patch" %gentoo-revision
"04mrmrg3pbwl3gph2n1dkbv4miz80xww1gysd39six028nxacjpg")
(gentoo-patch "chromium-83-gcc-iterator.patch" %gentoo-revision
"0q66399va607kjnk8n9xlcr740q7c522p2z7abyd2hgq2bxgglnv")
(gentoo-patch "chromium-83-gcc-serviceworker.patch" %gentoo-revision
"0klvcqqzldfhvqr3plja64qamgff1m2z1zcn325bj32gmpypqjx9")
(gentoo-patch "chromium-83-gcc-10.patch" %gentoo-revision
"0vfvh1jypqcb274bggacg165mw2q5gmn237cvrrwcjqalz0ahnry")
(gentoo-patch "chromium-83-icu67.patch" %gentoo-revision
"05spmjhg5f56mkq3f96vm4s2d9h6vqdxz5g8ibd9pf8ddnh4blnx")))
(define (debian-patch name revision hash)
(origin
(method url-fetch)
(uri (string-append "https://salsa.debian.org/chromium-team/chromium/-/raw/"
revision "/debian/patches/" name))
(file-name (match (string-split name #\/)
((category name)
(string-append "ungoogled-chromium-" category "-" name))))
(sha256 (base32 hash))))
(define %debian-patches
(list (debian-patch "system/nspr.patch" %debian-revision
"1x6ydc8pfks2c1dlwf0c58par6znjknvs9815576ycx27jl633dy")
(debian-patch "system/openjpeg.patch" %debian-revision
"0zd6v5njx1pc7i0y6mslxvpx5j4cq01mmyx55qcqx8qzkm0gm48j")))
(define %chromium-origin
(origin
(method url-fetch)
(uri (string-append "https://commondatastorage.googleapis.com"
"/chromium-browser-official/chromium-"
%chromium-version ".tar.xz"))
(sha256
(base32
"0bvy17ymlih87n4ymnzvyn0m34ghmr1yasvy7gxv02qbw6i57lfg"))))
(define %ungoogled-origin
(origin
(method git-fetch)
(uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
(commit %ungoogled-revision)))
(file-name (git-file-name "ungoogled-chromium"
(string-take %ungoogled-revision 7)))
(sha256
(base32
"0kc40p8f7cls696gh6ign37l8j4x1pyyz32jkkli9cmrpbsjsadl"))))
;; This is a "computed" origin that does the following:
;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
;; *) Applies Debians Chromium patches, for their unbundling and GCC work.
;; *) Prunes all third_party directories that are not explicitly preserved.
;; *) Adjusts "GN" build files such that system libraries are preferred.
(define ungoogled-chromium-source
(let ((chromium-source %chromium-origin)
(ungoogled-source %ungoogled-origin))
(origin
(method computed-origin-method)
(file-name (string-append "ungoogled-chromium-" %package-version ".tar.xz"))
(sha256 #f)
(uri
(delay
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim)
(srfi srfi-1)
(srfi srfi-26))
(let ((chromium-dir (string-append "chromium-" #$%chromium-version))
(preserved-files '#$%preserved-third-party-files))
(set-path-environment-variable
"PATH" '("bin")
(list #+(canonical-package patch)
#+(canonical-package xz)
#+(canonical-package tar)
#+python-wrapper))
(copy-recursively #+ungoogled-source "/tmp/ungoogled")
(with-directory-excursion "/tmp/ungoogled"
(format #t "Unpacking chromium tarball...~%")
(force-output)
(invoke "tar" "xf" #+chromium-source)
(with-directory-excursion chromium-dir
(format #t "Removing non-free file...~%")
(force-output)
;; This file has a CC-BY-NC clause according to LICENSES from
;; the same directory, making it non-free.
(delete-file
"third_party/blink/perf_tests/svg/resources/HarveyRayner.svg")
;; Apply patches before running the ungoogled scripts because
;; domain substitution may break some of the patches.
(format #t "Applying assorted build fixes...~%")
(force-output)
(for-each
(lambda (patch)
(invoke "patch" "-p1" "--force" "--input"
patch "--no-backup-if-mismatch"))
(append
'#+%gentoo-patches '#+%debian-patches
'#+(list (local-file
(search-patch
"ungoogled-chromium-system-jsoncpp.patch"))
(local-file
(search-patch
"ungoogled-chromium-system-zlib.patch"))))))
(format #t "Ungooglifying...~%")
(force-output)
(invoke "python" "utils/prune_binaries.py" chromium-dir
"pruning.list")
(invoke "python" "utils/patches.py" "apply"
chromium-dir "patches")
(invoke "python" "utils/domain_substitution.py" "apply" "-r"
"domain_regex.list" "-f" "domain_substitution.list"
"-c" "/tmp/domainscache.tar.gz" chromium-dir)
(with-directory-excursion chromium-dir
(format #t "Pruning third party files...~%")
(force-output)
(apply invoke (string-append #+python-2 "/bin/python")
"build/linux/unbundle/remove_bundled_libraries.py"
"--do-remove" preserved-files)
(format #t "Replacing GN files...~%")
(force-output)
(invoke "python" "build/linux/unbundle/replace_gn_files.py"
"--system-libraries" "ffmpeg" "flac" "fontconfig"
"freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
"libjpeg" "libpng" "libvpx" "libwebp" "libxml"
"libxslt" "openh264" "opus" "re2" "snappy" "yasm"
"zlib"))
(format #t "Packing new ungoogled tarball ...~%")
(force-output)
(invoke "tar" "cvfa" #$output
;; Avoid non-determinism in the archive.
"--mtime=@0"
"--owner=root:0"
"--group=root:0"
"--sort=name"
chromium-dir)
#t)))))))))
(define opus+custom
(package/inherit opus
(name "opus+custom")
(arguments
(substitute-keyword-arguments (package-arguments opus)
((#:configure-flags flags ''())
;; Opus Custom is an optional extension of the Opus
;; specification that allows for unsupported frame
;; sizes. Chromium requires that this is enabled.
`(cons "--enable-custom-modes"
,flags))))))
(define-public ungoogled-chromium
(package
(name "ungoogled-chromium")
(version %package-version)
(synopsis "Graphical web browser")
(source ungoogled-chromium-source)
(build-system gnu-build-system)
(arguments
`(#:tests? #f
;; FIXME: Chromiums RUNPATH lacks entries for some libraries.
#:validate-runpath? #f
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)
(ice-9 regex)
(srfi srfi-26))
#:configure-flags
;; See tools/gn/docs/cookbook.md and
;; https://www.chromium.org/developers/gn-build-configuration
;; for usage. Run "./gn args . --list" in the Release
;; directory for an exhaustive list of supported flags.
;; (Note: The 'configure' phase will do that for you.)
(list "is_debug=false"
"use_gold=false"
"use_lld=false"
"clang_use_chrome_plugins=false"
"linux_use_bundled_binutils=false"
"use_custom_libcxx=false"
"use_sysroot=false"
"enable_precompiled_headers=false"
"goma_dir=\"\""
"enable_nacl=false"
"enable_nacl_nonsfi=false"
"use_allocator=\"none\""
"use_unofficial_version_number=false"
"treat_warnings_as_errors=false"
"use_official_google_api_keys=false"
"fieldtrial_testing_like_official_build=true"
"safe_browsing_mode=0"
"enable_mdns=false"
"enable_one_click_signin=false"
"enable_reading_list=false"
"enable_remoting=false"
"enable_reporting=false"
"enable_service_discovery=false"
"enable_vr=false"
"enable_widevine=false"
;; Disable type-checking for the Web UI to avoid a Java dependency.
"closure_compile=false"
;; Define a custom toolchain that simply looks up CC, AR and
;; friends from the environment.
"custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
"host_toolchain=\"//build/toolchain/linux/unbundle:default\""
;; Prefer system libraries.
"use_system_freetype=true"
"use_system_harfbuzz=true"
"use_system_lcms2=true"
"use_system_libdrm=true"
"use_system_libjpeg=true"
"use_system_libopenjpeg2=true"
"use_system_libpng=true"
"use_system_zlib=true"
"use_gnome_keyring=false" ;deprecated by libsecret
"use_openh264=true"
"use_pulseaudio=true"
"link_pulseaudio=true"
"icu_use_data_file=false"
;; VA-API acceleration is currently only supported on x86_64-linux.
,@(if (string-prefix? "x86_64" (or (%current-target-system)
(%current-system)))
'("use_vaapi=true")
'())
;; Do not artifically restrict formats supported by system ffmpeg.
"proprietary_codecs=true"
"ffmpeg_branding=\"Chrome\""
;; WebRTC stuff.
"rtc_use_h264=true"
;; Don't use bundled sources.
"rtc_build_json=false"
"rtc_build_libevent=false"
"rtc_build_libvpx=false"
"rtc_build_opus=false"
"rtc_build_ssl=false"
"rtc_build_libsrtp=true" ;FIXME: fails to find headers
"rtc_build_usrsctp=true" ;TODO: package this
(string-append "rtc_jsoncpp_root=\""
(assoc-ref %build-inputs "jsoncpp")
"/include/jsoncpp/json\"")
(string-append "rtc_ssl_root=\""
(assoc-ref %build-inputs "openssl")
"/include/openssl\""))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'patch-stuff
(lambda _
;; Fix build with newer re2. Taken from:
;; https://chromium-review.googlesource.com/c/chromium/src/+/2145261
(substitute* "components/autofill/core/browser/address_rewriter.cc"
(("options\\.set_utf8\\(true\\)")
"options.set_encoding(RE2::Options::EncodingUTF8)"))
(substitute*
'("base/process/launch_posix.cc"
"base/third_party/dynamic_annotations/dynamic_annotations.c"
"sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
"sandbox/linux/services/credentials.cc"
"sandbox/linux/services/namespace_utils.cc"
"sandbox/linux/services/syscall_wrappers.cc"
"sandbox/linux/syscall_broker/broker_host.cc")
(("include \"base/third_party/valgrind/") "include \"valgrind/"))
(for-each (lambda (file)
(substitute* file
;; Fix opus include path.
;; Do not substitute opus_private.h.
(("#include \"opus\\.h\"")
"#include \"opus/opus.h\"")
(("#include \"opus_custom\\.h\"")
"#include \"opus/opus_custom.h\"")
(("#include \"opus_defines\\.h\"")
"#include \"opus/opus_defines.h\"")
(("#include \"opus_multistream\\.h\"")
"#include \"opus/opus_multistream.h\"")
(("#include \"opus_types\\.h\"")
"#include \"opus/opus_types.h\"")))
(find-files (string-append "third_party/webrtc/modules"
"/audio_coding/codecs/opus")))
(substitute* "chrome/common/chrome_paths.cc"
(("/usr/share/chromium/extensions")
;; TODO: Add ~/.guix-profile.
"/run/current-system/profile/share/chromium/extensions"))
;; Many files try to include ICU headers from "third_party/icu/...".
;; Remove the "third_party/" prefix to use system headers instead.
(substitute* (find-files "chrome" "\\.cc$")
(("third_party/icu/source/(common|i18n)/")
""))
;; XXX: Should be unnecessary when use_system_lcms2=true.
(substitute* "third_party/pdfium/core/fxcodec/icc/iccmodule.h"
(("include \"third_party/lcms/include/lcms2\\.h\"")
"include \"lcms2.h\""))
(substitute*
"third_party/breakpad/breakpad/src/common/linux/libcurl_wrapper.h"
(("include \"third_party/curl") "include \"curl"))
(substitute* "third_party/webrtc/rtc_base/strings/json.h"
(("#include \"third_party/jsoncpp/") "#include \"json/"))
(substitute* "gpu/config/gpu_util.cc"
(("third_party/vulkan/include/")
""))
(substitute* '("components/viz/common/gpu/vulkan_context_provider.h"
"components/viz/common/resources/resource_format_utils.h")
(("third_party/vulkan/include/") ""))
(substitute* "third_party/skia/include/gpu/vk/GrVkVulkan.h"
(("include/third_party/vulkan/") ""))
;; Building chromedriver embeds some files using the ZIP
;; format which doesn't support timestamps before
;; 1980. Therefore, advance the timestamps of the files
;; which are included so that building chromedriver
;; works.
(let ((circa-1980 (* 10 366 24 60 60)))
(for-each (lambda (file)
(utime file circa-1980 circa-1980))
'("chrome/test/chromedriver/extension/background.js"
"chrome/test/chromedriver/extension/manifest.json")))
#t))
(add-after 'patch-stuff 'add-absolute-references
(lambda* (#:key inputs #:allow-other-keys)
(let ((cups (assoc-ref inputs "cups"))
(nss (assoc-ref inputs "nss"))
(mesa (assoc-ref inputs "mesa"))
(udev (assoc-ref inputs "udev")))
(substitute* "printing/cups_config_helper.py"
(("cups_config =.*")
(string-append "cups_config = '" cups
"/bin/cups-config'\n")))
(substitute* "crypto/nss_util.cc"
(("libnssckbi\\.so")
(string-append nss "/lib/nss/libnssckbi.so")))
(substitute* "device/udev_linux/udev1_loader.cc"
(("libudev\\.so\\.1")
(string-append udev "/lib/libudev.so.1")))
#t)))
(add-before 'configure 'prepare-build-environment
(lambda* (#:key inputs #:allow-other-keys)
;; Make sure the right build tools are used.
(setenv "AR" "ar") (setenv "NM" "nm")
(setenv "CC" "clang") (setenv "CXX" "clang++")
(setenv "CXXFLAGS"
(string-join
'(;; Do not optimize away null pointer safety checks.
"-fno-delete-null-pointer-checks"
;; Disable warnings about unknown warnings that require
;; Clang plugins or newer versions.
"-Wno-unknown-warning-option")))
(setenv "CFLAGS" "-Wno-unknown-warning-option")
;; TODO: pre-compile instead. Avoids a race condition.
(setenv "PYTHONDONTWRITEBYTECODE" "1")
;; XXX: How portable is this.
(mkdir-p "third_party/node/linux/node-linux-x64")
(symlink (string-append (assoc-ref inputs "node") "/bin")
"third_party/node/linux/node-linux-x64/bin")
#t))
(replace 'configure
(lambda* (#:key configure-flags #:allow-other-keys)
(let ((args (string-join configure-flags " ")))
;; Generate ninja build files.
(invoke "gn" "gen" "out/Release"
(string-append "--args=" args))
;; Print the full list of supported arguments as well as
;; their current status for convenience.
(format #t "Dumping configure flags...\n")
(invoke "gn" "args" "out/Release" "--list"))))
(add-before 'build 'increase-resource-limits
(lambda _
;; XXX: Chromiums linking step requires a lot of simultaneous file
;; accesses. Having a too low ulimit will result in bogus linker
;; errors such as "foo.a: error adding symbols: malformed archive".
;; Try increasing the soft resource limit of max open files to 2048,
;; or equal to the hard limit, whichever is lower.
(call-with-values (lambda () (getrlimit 'nofile))
(lambda (soft hard)
(when (and soft (< soft 2048))
(if hard
(setrlimit 'nofile (min hard 2048) hard)
(setrlimit 'nofile 2048 #f))
(format #t
"increased maximum number of open files from ~d to ~d~%"
soft (if hard (min hard 2048) 2048)))))
#t))
(replace 'build
(lambda* (#:key (parallel-build? #t) #:allow-other-keys)
(invoke "ninja" "-C" "out/Release"
"-j" (if parallel-build?
(number->string (parallel-job-count))
"1")
"chrome"
"chromedriver")))
(replace 'install
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(exe (string-append bin "/chromium"))
(lib (string-append out "/lib"))
(man (string-append out "/share/man/man1"))
(applications (string-append out "/share/applications"))
(install-regexp (make-regexp "\\.(bin|pak|so)$"))
(locales (string-append lib "/locales"))
(resources (string-append lib "/resources"))
(preferences (assoc-ref inputs "master-preferences"))
(gtk+ (assoc-ref inputs "gtk+"))
(sh (which "sh")))
(substitute* '("chrome/app/resources/manpage.1.in"
"chrome/installer/linux/common/desktop.template")
(("@@MENUNAME@@") "Chromium")
(("@@PACKAGE@@") "chromium")
(("/usr/bin/@@USR_BIN_SYMLINK_NAME@@") exe))
(mkdir-p man)
(copy-file "chrome/app/resources/manpage.1.in"
(string-append man "/chromium.1"))
(mkdir-p applications)
(copy-file "chrome/installer/linux/common/desktop.template"
(string-append applications "/chromium.desktop"))
(mkdir-p lib)
(copy-file preferences (string-append lib "/master_preferences"))
(with-directory-excursion "out/Release"
(for-each (lambda (file)
(install-file file lib))
(scandir "." (cut regexp-exec install-regexp <>)))
(copy-file "chrome" (string-append lib "/chromium"))
(copy-recursively "locales" locales)
(copy-recursively "resources" resources)
(mkdir-p bin)
(symlink "../lib/chromium" exe)
(install-file "chromedriver" bin)
(for-each (lambda (so)
(install-file so (string-append lib "/swiftshader")))
(find-files "swiftshader" "\\.so$"))
(wrap-program exe
;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
`("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share")))))
(with-directory-excursion "chrome/app/theme/chromium"
(for-each
(lambda (size)
(let ((icons (string-append out "/share/icons/hicolor/"
size "x" size "/apps")))
(mkdir-p icons)
(copy-file (string-append "product_logo_" size ".png")
(string-append icons "/chromium.png"))))
'("24" "48" "64" "128" "256")))
#t))))))
(native-inputs
`(("bison" ,bison)
("clang" ,clang-10)
("gn" ,gn)
("gperf" ,gperf)
("ninja" ,ninja)
("node" ,node)
("pkg-config" ,pkg-config)
("which" ,which)
("yasm" ,yasm)
;; This file contains defaults for new user profiles.
("master-preferences" ,(local-file "aux-files/chromium/master-preferences.json"))
("python-beautifulsoup4" ,python2-beautifulsoup4)
("python-html5lib" ,python2-html5lib)
("python" ,python-2)))
(inputs
`(("alsa-lib" ,alsa-lib)
("atk" ,atk)
("cups" ,cups)
("curl" ,curl)
("dbus" ,dbus)
("dbus-glib" ,dbus-glib)
("expat" ,expat)
("flac" ,flac)
;; FIXME: Change to ffmpeg 4.3 when supported, see
;; <https://bugs.chromium.org/p/chromium/issues/detail?id=1095962>.
("ffmpeg" ,ffmpeg-4.2)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("gdk-pixbuf" ,gdk-pixbuf)
("glib" ,glib)
("gtk+" ,gtk+)
("harfbuzz" ,harfbuzz)
("icu4c" ,icu4c-67)
("jsoncpp" ,jsoncpp)
("lcms" ,lcms)
("libevent" ,libevent)
("libffi" ,libffi)
("libjpeg-turbo" ,libjpeg-turbo)
("libpng" ,libpng)
("libva" ,libva)
("libvpx" ,libvpx)
("libwebp" ,libwebp)
("libx11" ,libx11)
("libxcb" ,libxcb)
("libxcomposite" ,libxcomposite)
("libxcursor" ,libxcursor)
("libxdamage" ,libxdamage)
("libxext" ,libxext)
("libxfixes" ,libxfixes)
("libxi" ,libxi)
("libxml2" ,libxml2)
("libxrandr" ,libxrandr)
("libxrender" ,libxrender)
("libxscrnsaver" ,libxscrnsaver)
("libxslt" ,libxslt)
("libxtst" ,libxtst)
("mesa" ,mesa)
("minizip" ,minizip)
("mit-krb5" ,mit-krb5)
("nss" ,nss)
("openh264" ,openh264)
("openjpeg" ,openjpeg) ;PDFium only
("openssl" ,openssl)
("opus" ,opus+custom)
("pango" ,pango)
("pciutils" ,pciutils)
("pulseaudio" ,pulseaudio)
("re2" ,re2)
("snappy" ,snappy)
("speech-dispatcher" ,speech-dispatcher)
("udev" ,eudev)
("valgrind" ,valgrind)
("vulkan-headers" ,vulkan-headers)))
;; Building Chromium takes ... a very long time. On a single core, a busy
;; mid-end x86 system may need more than 24 hours to complete the build.
(properties '((timeout . 144000) ;40 hours
;; The linking step may take more than an hour on some hardware.
(max-silent-time . 7200)
(cpe-name . "chrome")))
(home-page "https://github.com/Eloston/ungoogled-chromium")
(description
"Ungoogled-Chromium is the Chromium web browser, with some functionality
disabled in order to protect the users privacy.")
;; Chromium is developed as BSD-3, but bundles a large number of third-party
;; components with other licenses. For full information, see chrome://credits.
(license (list license:bsd-3
license:bsd-2
license:expat
license:asl2.0
license:mpl1.1
license:mpl2.0
license:public-domain
license:isc
(license:non-copyleft "chrome://credits"
"See chrome://credits for more information.")
license:lgpl2.1+))))
(define-public ungoogled-chromium/wayland
(package/inherit ungoogled-chromium
(name "ungoogled-chromium-wayland")
(inputs
`(("wayland" ,wayland)
("wayland-protocols" ,wayland-protocols)
,@(package-inputs ungoogled-chromium)))
(arguments
(substitute-keyword-arguments (package-arguments ungoogled-chromium)
((#:configure-flags flags)
`(append (list "use_ozone=true"
"ozone_platform_wayland=true"
"ozone_platform_x11=true"
"ozone_auto_platforms=false"
"ozone_platform=\"wayland\""
"use_xkbcommon=true"
"use_system_minigbm=true"
"use_system_libwayland=true"
(string-append "system_wayland_scanner_path=\""
(assoc-ref %build-inputs "wayland")
"/bin/wayland-scanner\""))
(delete "use_vaapi=true" ,flags)))))))