diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index d3953da71d28..eab88297e68d 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -1,4 +1,4 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: +{ stdenv, mkChromiumDerivation, channel, enableWideVine, ungoogled }: with stdenv.lib; @@ -69,15 +69,20 @@ mkChromiumDerivation (base: rec { requiredSystemFeatures = [ "big-parallel" ]; meta = { - description = "An open source web browser from Google"; + description = "An open source web browser from Google" + + optionalString ungoogled ", with dependencies on Google web services removed"; longDescription = '' Chromium is an open source web browser from Google that aims to build a safer, faster, and more stable way for all Internet users to experience the web. It has a minimalist user interface and provides the vast majority of source code for Google Chrome (which has some additional features). ''; - homepage = "https://www.chromium.org/"; - maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md + homepage = if ungoogled + then "https://github.com/Eloston/ungoogled-chromium" + else "https://www.chromium.org/"; + maintainers = with maintainers; if ungoogled + then [ squalus primeos ] + else [ primeos thefloweringash bendlas ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 0c16d0c9ec60..c396e5996de7 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -31,6 +31,7 @@ , proprietaryCodecs ? true , cupsSupport ? true , pulseSupport ? false, libpulseaudio ? null +, ungoogled ? false, ungoogled-chromium , channel , upstream-info @@ -109,6 +110,11 @@ let result else result; + ungoogler = + let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; + in ungoogled-chromium { + inherit (versionEntry) rev sha256; + }; base = rec { name = "${packageName}-unwrapped-${version}"; inherit (upstream-info) version; @@ -208,6 +214,10 @@ let '' + optionalString stdenv.isAarch64 '' substituteInPlace build/toolchain/linux/BUILD.gn \ --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' + '' + optionalString ungoogled '' + ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" + ${ungoogler}/utils/patches.py . ${ungoogler}/patches + ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; gnFlags = mkGnFlags ({ @@ -260,6 +270,24 @@ let use_system_minigbm = true; use_system_libdrm = true; system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; + } // optionalAttrs ungoogled { + chrome_pgo_phase = 0; + enable_hangout_services_extension = false; + enable_js_type_check = false; + enable_mdns = false; + enable_nacl_nonsfi = false; + enable_one_click_signin = false; + enable_reading_list = false; + enable_remoting = false; + enable_reporting = false; + enable_service_discovery = false; + exclude_unwind_tables = true; + google_api_key = ""; + google_default_client_id = ""; + google_default_client_secret = ""; + safe_browsing_mode = 0; + use_official_google_api_keys = false; + use_unofficial_version_number = false; } // (extraAttrs.gnFlags or {})); configurePhase = '' diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index e35e4d945dde..adf967251f29 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -15,6 +15,7 @@ , enablePepperFlash ? false , enableWideVine ? false , enableVaapi ? false # Disabled by default due to unofficial support +, ungoogled ? false # Whether to build chromium or ungoogled-chromium , cupsSupport ? true , pulseSupport ? config.pulseaudio or stdenv.isLinux , commandLineArgs ? "" @@ -33,7 +34,7 @@ let mkChromiumDerivation = callPackage ./common.nix ({ inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; + cupsSupport pulseSupport ungoogled; gnChromium = gn.overrideAttrs (oldAttrs: { inherit (upstream-info.deps.gn) version; src = fetchgit { @@ -42,11 +43,13 @@ let }); }); - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; + browser = callPackage ./browser.nix { inherit channel enableWideVine ungoogled; }; plugins = callPackage ./plugins.nix { inherit enablePepperFlash; }; + + ungoogled-chromium = callPackage ./ungoogled.nix {}; }; pkgSuffix = if channel == "dev" then "unstable" else channel; @@ -133,7 +136,8 @@ let else browser; in stdenv.mkDerivation { - name = "chromium${suffix}-${version}"; + name = lib.optionalString ungoogled "ungoogled-" + + "chromium${suffix}-${version}"; inherit version; buildInputs = [ diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix b/pkgs/applications/networking/browsers/chromium/ungoogled-src.nix similarity index 100% rename from pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix rename to pkgs/applications/networking/browsers/chromium/ungoogled-src.nix diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix b/pkgs/applications/networking/browsers/chromium/ungoogled.nix similarity index 99% rename from pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix rename to pkgs/applications/networking/browsers/chromium/ungoogled.nix index 17418c90af49..299b19f2f4f6 100644 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix +++ b/pkgs/applications/networking/browsers/chromium/ungoogled.nix @@ -4,6 +4,7 @@ , makeWrapper , patch }: + { rev , sha256 }: diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix deleted file mode 100644 index c23a8cead3a7..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: - -with stdenv.lib; - -mkChromiumDerivation (base: rec { - name = "chromium-browser"; - packageName = "chromium"; - buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ]; - - outputs = ["out" "sandbox"]; - - sandboxExecutableName = "__chromium-suid-sandbox"; - - installPhase = '' - mkdir -p "$libExecPath" - cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" - cp -v "$buildPath/icudtl.dat" "$libExecPath/" - cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" - cp -v "$buildPath/chrome" "$libExecPath/$packageName" - - # Swiftshader - # See https://stackoverflow.com/a/4264351/263061 for the find invocation. - if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then - echo "Swiftshader files found; installing" - mkdir -p "$libExecPath/swiftshader" - cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/" - else - echo "Swiftshader files not found" - fi - - mkdir -p "$sandbox/bin" - cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" - - mkdir -vp "$out/share/man/man1" - cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" - - for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do - num_and_suffix="''${icon_file##*logo_}" - icon_size="''${num_and_suffix%.*}" - expr "$icon_size" : "^[0-9][0-9]*$" || continue - logo_output_prefix="$out/share/icons/hicolor" - logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" - mkdir -vp "$logo_output_path" - cp -v "$icon_file" "$logo_output_path/$packageName.png" - done - - # Install Desktop Entry - install -D chrome/installer/linux/common/desktop.template \ - $out/share/applications/chromium-browser.desktop - - substituteInPlace $out/share/applications/chromium-browser.desktop \ - --replace "@@MENUNAME@@" "Chromium" \ - --replace "@@PACKAGE@@" "chromium" \ - --replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium" - - # Append more mime types to the end - sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \ - $out/share/applications/chromium-browser.desktop - - # See https://github.com/NixOS/nixpkgs/issues/12433 - sed -i \ - -e '/\[Desktop Entry\]/a\' \ - -e 'StartupWMClass=chromium-browser' \ - $out/share/applications/chromium-browser.desktop - ''; - - passthru = { inherit sandboxExecutableName; }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = "An open source web browser from Google, with dependencies on Google web services removed"; - longDescription = '' - Chromium is an open source web browser from Google that aims to build a - safer, faster, and more stable way for all Internet users to experience - the web. It has a minimalist user interface and provides the vast majority - of source code for Google Chrome (which has some additional features). - ''; - homepage = "https://github.com/Eloston/ungoogled-chromium"; - maintainers = with maintainers; [ squalus ]; - license = if enableWideVine then licenses.unfree else licenses.bsd3; - platforms = platforms.linux; - hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; - timeout = 172800; # 48 hours (increased from the Hydra default of 10h) - }; -}) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix deleted file mode 100644 index 17814c26caa4..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix +++ /dev/null @@ -1,345 +0,0 @@ -{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl - -# default dependencies -, gnutar, bzip2, flac, speex, libopus -, libevent, expat, libjpeg, snappy -, libpng, libcap -, xdg_utils, yasm, nasm, minizip, libwebp -, libusb1, pciutils, nss, re2 - -, python2Packages, perl, pkgconfig -, nspr, systemd, kerberos -, util-linux, alsaLib -, bison, gperf -, glib, gtk3, dbus-glib -, glibc -, libXScrnSaver, libXcursor, libXtst, libGLU, libGL -, protobuf, speechd, libXdamage, cups -, ffmpeg, libxslt, libxml2, at-spi2-core -, jre8 -, pipewire_0_2 -, libva - -# optional dependencies -, libgcrypt ? null # gnomeSupport || cupsSupport -, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone - -# package customization -, useOzone ? true -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false, libgnome-keyring3 ? null -, proprietaryCodecs ? true -, cupsSupport ? true -, pulseSupport ? false, libpulseaudio ? null -, ungoogled-chromium -, ungoogled ? false - -, channel -, upstream-info -}: - -buildFun: - -with stdenv.lib; - -let - jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 - - # The additional attributes for creating derivations based on the chromium - # source tree. - extraAttrs = buildFun base; - - githubPatch = commit: sha256: fetchpatch { - url = "https://github.com/chromium/chromium/commit/${commit}.patch"; - inherit sha256; - }; - - mkGnFlags = - let - # Serialize Nix types into GN types according to this document: - # https://source.chromium.org/gn/gn/+/master:docs/language.md - mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\""; - sanitize = value: - if value == true then "true" - else if value == false then "false" - else if isList value then "[${concatMapStringsSep ", " sanitize value}]" - else if isInt value then toString value - else if isString value then mkGnString value - else throw "Unsupported type for GN value `${value}'."; - toFlag = key: value: "${key}=${sanitize value}"; - in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); - - # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py - gnSystemLibraries = [ - "ffmpeg" - "flac" - "libjpeg" - "libpng" - "libwebp" - "libxslt" - "opus" - "snappy" - "zlib" - ]; - - opusWithCustomModes = libopus.override { - withCustomModes = true; - }; - - defaultDependencies = [ - bzip2 flac speex opusWithCustomModes - libevent expat libjpeg snappy - libpng libcap - xdg_utils minizip libwebp - libusb1 re2 - ffmpeg libxslt libxml2 - nasm - ]; - - # build paths and release info - packageName = extraAttrs.packageName or extraAttrs.name; - buildType = "Release"; - buildPath = "out/${buildType}"; - libExecPath = "$out/libexec/${packageName}"; - - versionRange = min-version: upto-version: - let inherit (upstream-info) version; - result = versionAtLeast version min-version && versionOlder version upto-version; - stable-version = (importJSON ./upstream-info.json).stable.version; - in if versionAtLeast stable-version upto-version - then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." - result - else result; - - ungoogler = - let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; - in ungoogled-chromium { - inherit (versionEntry) rev sha256; - }; - base = rec { - name = "${packageName}-unwrapped-${version}"; - inherit (upstream-info) version; - inherit channel packageName buildType buildPath; - - src = fetchurl { - url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; - inherit (upstream-info) sha256; - }; - - nativeBuildInputs = [ - llvmPackages.lldClang.bintools - ninja which python2Packages.python perl pkgconfig - python2Packages.ply python2Packages.jinja2 nodejs - gnutar python2Packages.setuptools - ]; - - buildInputs = defaultDependencies ++ [ - nspr nss systemd - util-linux alsaLib - bison gperf kerberos - glib gtk3 dbus-glib - libXScrnSaver libXcursor libXtst libGLU libGL - pciutils protobuf speechd libXdamage at-spi2-core - jre - pipewire_0_2 - libva - ] ++ optional gnomeKeyringSupport libgnome-keyring3 - ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] - ++ optionals cupsSupport [ libgcrypt cups ] - ++ optional pulseSupport libpulseaudio - ++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ]; - - patches = [ - ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) - ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags - # ++ optional (versionRange "68" "72") ( githubPatch "" "0000000000000000000000000000000000000000000000000000000000000000" ) - ]; - - postPatch = '' - # remove unused third-party - for lib in ${toString gnSystemLibraries}; do - if [ -d "third_party/$lib" ]; then - find "third_party/$lib" -type f \ - \! -path "third_party/$lib/chromium/*" \ - \! -path "third_party/$lib/google/*" \ - \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \ - \! -regex '.*\.\(gn\|gni\|isolate\)' \ - -delete - fi - done - - # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): - substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" - if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then - substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ - --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" - fi - - # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX - substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ - --replace \ - 'return sandbox_binary;' \ - 'return base::FilePath(GetDevelSandboxPath());' - - substituteInPlace services/audio/audio_sandbox_hook_linux.cc \ - --replace \ - '/usr/share/alsa/' \ - '${alsaLib}/share/alsa/' \ - --replace \ - '/usr/lib/x86_64-linux-gnu/gconv/' \ - '${glibc}/lib/gconv/' \ - --replace \ - '/usr/share/locale/' \ - '${glibc}/share/locale/' - - sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ - chrome/browser/shell_integration_linux.cc - - sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \ - device/udev_linux/udev?_loader.cc - - sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ - gpu/config/gpu_info_collector_linux.cc - - # Allow to put extensions into the system-path. - sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc - - patchShebangs . - # use our own nodejs - mkdir -p third_party/node/linux/node-linux-x64/bin - ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node - - # Allow building against system libraries in official builds - sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py - - '' + optionalString stdenv.isAarch64 '' - substituteInPlace build/toolchain/linux/BUILD.gn \ - --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' - '' + optionalString ungoogled '' - ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" - ${ungoogler}/utils/patches.py . ${ungoogler}/patches - ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . - ''; - - gnFlags = mkGnFlags ({ - custom_toolchain = "//build/toolchain/linux/unbundle:default"; - host_toolchain = "//build/toolchain/linux/unbundle:default"; - is_official_build = true; - - use_vaapi = !stdenv.isAarch64; # TODO: Remove once M88 is released - use_sysroot = false; - use_gnome_keyring = gnomeKeyringSupport; - use_gio = gnomeSupport; - # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy', - # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it - enable_nacl = false; - # Enabling the Widevine component here doesn't affect whether we can - # redistribute the chromium package; the Widevine component is either - # added later in the wrapped -wv build or downloaded from Google. - enable_widevine = true; - use_cups = cupsSupport; - # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture. - rtc_use_pipewire = true; - - treat_warnings_as_errors = false; - clang_use_chrome_plugins = false; - blink_symbol_level = 0; - symbol_level = 0; - fieldtrial_testing_like_official_build = true; - - # Google API keys, see: - # http://www.chromium.org/developers/how-tos/api-keys - # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, - # please get your own set of keys. - google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; - google_default_client_id = "404761575300.apps.googleusercontent.com"; - google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; - } // optionalAttrs proprietaryCodecs { - # enable support for the H.264 codec - proprietary_codecs = true; - enable_hangout_services_extension = true; - ffmpeg_branding = "Chrome"; - } // optionalAttrs pulseSupport { - use_pulseaudio = true; - link_pulseaudio = true; - } // optionalAttrs useOzone { - use_ozone = true; - use_xkbcommon = true; - use_glib = true; - use_gtk = true; - use_system_libwayland = true; - use_system_minigbm = true; - use_system_libdrm = true; - system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; - } // optionalAttrs ungoogled { - chrome_pgo_phase = 0; - enable_hangout_services_extension = false; - enable_js_type_check = false; - enable_mdns = false; - enable_nacl_nonsfi = false; - enable_one_click_signin = false; - enable_reading_list = false; - enable_remoting = false; - enable_reporting = false; - enable_service_discovery = false; - exclude_unwind_tables = true; - google_api_key = ""; - google_default_client_id = ""; - google_default_client_secret = ""; - safe_browsing_mode = 0; - use_official_google_api_keys = false; - use_unofficial_version_number = false; - } // (extraAttrs.gnFlags or {})); - - configurePhase = '' - runHook preConfigure - - # This is to ensure expansion of $out. - libExecPath="${libExecPath}" - python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries} - ${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt - - # Fail if `gn gen` contains a WARNING. - grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1 - - runHook postConfigure - ''; - - # Don't spam warnings about unknown warning options. This is useful because - # our Clang is always older than Chromium's and the build logs have a size - # of approx. 25 MB without this option (and this saves e.g. 66 %). - NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option"; - - buildPhase = let - buildCommand = target: '' - ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}" - ( - source chrome/installer/linux/common/installer.include - PACKAGE=$packageName - MENUNAME="Chromium" - process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1" - ) - ''; - targets = extraAttrs.buildTargets or []; - commands = map buildCommand targets; - in concatStringsSep "\n" commands; - - postFixup = '' - # Make sure that libGLESv2 is found by dlopen (if using EGL). - chromiumBinary="$libExecPath/$packageName" - origRpath="$(patchelf --print-rpath "$chromiumBinary")" - patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary" - ''; - - passthru = { - updateScript = ./update.py; - chromiumDeps = { - gn = gnChromium; - }; - }; - }; - -# Remove some extraAttrs we supplied to the base attributes already. -in stdenv.mkDerivation (base // removeAttrs extraAttrs [ - "name" "gnFlags" "buildTargets" -] // { passthru = base.passthru // (extraAttrs.passthru or {}); }) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix deleted file mode 100644 index b75d271ace55..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix +++ /dev/null @@ -1,214 +0,0 @@ -{ newScope, config, stdenv, fetchurl, makeWrapper -, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils -, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit -, libva ? null -, pipewire_0_2 -, gcc, nspr, nss, runCommand -, lib - -# package customization -# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) -, channel ? "stable" -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false -, proprietaryCodecs ? true -, enablePepperFlash ? false -, enableWideVine ? false -, enableVaapi ? false # Disabled by default due to unofficial support -, ungoogled ? true -, cupsSupport ? true -, pulseSupport ? config.pulseaudio or stdenv.isLinux -, commandLineArgs ? "" -}: - -let - llvmPackages = llvmPackages_11; - stdenv = llvmPackages.stdenv; - - callPackage = newScope chromium; - - chromium = rec { - inherit stdenv llvmPackages; - - upstream-info = (lib.importJSON ./upstream-info.json).${channel}; - - mkChromiumDerivation = callPackage ./common.nix ({ - inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; - inherit ungoogled; - gnChromium = gn.overrideAttrs (oldAttrs: { - inherit (upstream-info.deps.gn) version; - src = fetchgit { - inherit (upstream-info.deps.gn) url rev sha256; - }; - }); - }); - - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; - - plugins = callPackage ./plugins.nix { - inherit enablePepperFlash; - }; - - ungoogled-chromium = callPackage ./ungoogled.nix {}; - }; - - pkgSuffix = if channel == "dev" then "unstable" else channel; - pkgName = "google-chrome-${pkgSuffix}"; - chromeSrc = fetchurl { - urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [ - "https://dl.google.com/linux/chrome/deb/pool/main/g" - "http://95.31.35.30/chrome/pool/main/g" - "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" - "http://repo.fdzh.org/chrome/deb/pool/main/g" - ]; - sha256 = chromium.upstream-info.sha256bin64; - }; - - mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; - widevineCdm = stdenv.mkDerivation { - name = "chrome-widevine-cdm"; - - src = chromeSrc; - - phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; - - unpackCmd = let - widevineCdmPath = - if channel == "stable" then - "./opt/google/chrome/WidevineCdm" - else if channel == "beta" then - "./opt/google/chrome-beta/WidevineCdm" - else if channel == "dev" then - "./opt/google/chrome-unstable/WidevineCdm" - else - throw "Unknown chromium channel."; - in '' - # Extract just WidevineCdm from upstream's .deb file - ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}" - - # Move things around so that we don't have to reference a particular - # chrome-* directory later. - mv "${widevineCdmPath}" ./ - - # unpackCmd wants a single output directory; let it take WidevineCdm/ - rm -rf opt - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; - - patchPhase = '' - patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so - ''; - - installPhase = '' - mkdir -p $out/WidevineCdm - cp -a * $out/WidevineCdm/ - ''; - - meta = { - platforms = [ "x86_64-linux" ]; - license = lib.licenses.unfree; - }; - }; - - suffix = if channel != "stable" then "-" + channel else ""; - - sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; - - version = chromium.browser.version; - - # We want users to be able to enableWideVine without rebuilding all of - # chromium, so we have a separate derivation here that copies chromium - # and adds the unfree WidevineCdm. - chromiumWV = let browser = chromium.browser; in if enableWideVine then - runCommand (browser.name + "-wv") { version = browser.version; } - '' - mkdir -p $out - cp -a ${browser}/* $out/ - chmod u+w $out/libexec/chromium - cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/ - '' - else browser; - -in stdenv.mkDerivation { - name = "ungoogled-chromium${suffix}-${version}"; - inherit version; - - buildInputs = [ - makeWrapper ed - - # needed for GSETTINGS_SCHEMAS_PATH - gsettings-desktop-schemas glib gtk3 - - # needed for XDG_ICON_DIRS - gnome3.adwaita-icon-theme - ]; - - outputs = ["out" "sandbox"]; - - buildCommand = let - browserBinary = "${chromiumWV}/libexec/chromium/chromium"; - getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; - libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ]; - - in with stdenv.lib; '' - mkdir -p "$out/bin" - - eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ - --add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \ - ${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \ - ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} - - ed -v -s "$out/bin/chromium" << EOF - 2i - - if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ] - then - export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}" - else - export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}" - fi - - '' + lib.optionalString (libPath != "") '' - # To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not - # contain an empty section before or after a colon. - export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}" - '' + '' - - # libredirect causes chromium to deadlock on startup - export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')" - - export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS - - # Mainly for xdg-open but also other xdg-* tools: - export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" - - . - w - EOF - - ln -sv "${chromium.browser.sandbox}" "$sandbox" - - ln -s "$out/bin/chromium" "$out/bin/chromium-browser" - - mkdir -p "$out/share" - for f in '${chromium.browser}'/share/*; do # hello emacs */ - ln -s -t "$out/share/" "$f" - done - ''; - - inherit (chromium.browser) packageName; - meta = chromium.browser.meta; - passthru = { - inherit (chromium) upstream-info browser; - mkDerivation = chromium.mkChromiumDerivation; - inherit chromeSrc sandboxExecutableName; - updateScript = ./update.py; - }; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch deleted file mode 100644 index 6b788f43d29c..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200 -+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200 -@@ -94,6 +94,14 @@ - 'build_type', help='The type of build', choices=('official', 'default')) - args = argument_parser.parse_args() - -+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here -+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None) -+ if SOURCE_DATE_EPOCH is not None: -+ print(SOURCE_DATE_EPOCH) -+ return 0 -+ else: -+ raise RuntimeError("SOURCE_DATE_EPOCH not set") -+ - # The mtime of the revision in build/util/LASTCHANGE is stored in a file - # next to it. Read it, to get a deterministic time close to "now". - # That date is then modified as described at the top of the file so that diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch deleted file mode 100644 index 32f0ae2fb5e6..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn -index ed0e2f5208b..5b431a030d5 100644 ---- a/third_party/widevine/cdm/BUILD.gn -+++ b/third_party/widevine/cdm/BUILD.gn -@@ -14,7 +14,7 @@ buildflag_header("buildflags") { - - flags = [ - "ENABLE_WIDEVINE=$enable_widevine", -- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm", -+ "BUNDLE_WIDEVINE_CDM=true", - "ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component", - ] - } diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix deleted file mode 100644 index eef1c5ef38c2..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ stdenv, gcc -, jshon -, glib -, nspr -, nss -, fetchzip -, enablePepperFlash ? false - -, upstream-info -}: - -with stdenv.lib; - -let - mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}"; - - # Generate a shell fragment that emits flags appended to the - # final makeWrapper call for wrapping the browser's main binary. - # - # Note that this is shell-escaped so that only the variable specified - # by the "output" attribute is substituted. - mkPluginInfo = { output ? "out", allowedVars ? [ output ] - , flags ? [], envVars ? {} - }: let - shSearch = ["'"] ++ map (var: "@${var}@") allowedVars; - shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars; - # We need to triple-escape "val": - # * First because makeWrapper doesn't do any quoting of its arguments by - # itself. - # * Second because it's passed to the makeWrapper call separated by IFS but - # not by the _real_ arguments, for example the Widevine plugin flags - # contain spaces, so they would end up as separate arguments. - # * Third in order to be correctly quoted for the "echo" call below. - shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'"; - mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'"; - mkFlag = flag: ["--add-flags" (shEsc flag)]; - mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)]; - envList = mapAttrsToList mkEnvVar envVars; - quoted = map mkSh (flatten ((map mkFlag flags) ++ envList)); - in '' - mkdir -p "''$${output}/nix-support" - echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" - ''; - - flash = stdenv.mkDerivation rec { - pname = "flashplayer-ppapi"; - version = "32.0.0.465"; - - src = fetchzip { - url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz"; - sha256 = "16qbc2s8dg2rwggphf8f5665iccc6lrvgz45bdwskg9pwg87hlj1"; - stripRoot = false; - }; - - patchPhase = '' - chmod +x libpepflashplayer.so - patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - installPhase = '' - flashVersion="$( - "${jshon}/bin/jshon" -F manifest.json -e version -u - )" - - install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so" - - ${mkPluginInfo { - allowedVars = [ "out" "flashVersion" ]; - flags = [ - "--ppapi-flash-path=@out@/lib/libpepflashplayer.so" - "--ppapi-flash-version=@flashVersion@" - ]; - }} - ''; - - dontStrip = true; - - meta = { - license = stdenv.lib.licenses.unfree; - maintainers = with stdenv.lib.maintainers; [ taku0 ]; - platforms = platforms.x86_64; - }; - }; - -in { - enabled = optional enablePepperFlash flash; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py b/pkgs/applications/networking/browsers/ungoogled-chromium/update.py deleted file mode 100755 index 9e1f0aec598d..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py +++ /dev/null @@ -1,121 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python -p python3 nix nix-prefetch-git - -import csv -import json -import re -import subprocess -import sys - -from codecs import iterdecode -from collections import OrderedDict -from datetime import datetime -from os.path import abspath, dirname -from urllib.request import urlopen - -HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux' -DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' -BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' - -JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json' - -def load_json(path): - with open(path, 'r') as f: - return json.load(f) - -def nix_prefetch_url(url, algo='sha256'): - print(f'nix-prefetch-url {url}') - out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url]) - return out.decode('utf-8').rstrip() - -def nix_prefetch_git(url, rev): - print(f'nix-prefetch-git {url} {rev}') - out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev]) - return json.loads(out) - -def get_file_revision(revision, file_path): - url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}' - with urlopen(url) as http_response: - return http_response.read() - -def get_matching_chromedriver(version): - # See https://chromedriver.chromium.org/downloads/version-selection - build = re.sub('.[0-9]+$', '', version) - chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}' - with urlopen(chromedriver_version_url) as http_response: - chromedriver_version = http_response.read().decode() - def get_chromedriver_url(system): - return f'https://chromedriver.storage.googleapis.com/{chromedriver_version}/chromedriver_{system}.zip' - return { - 'version': chromedriver_version, - 'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')), - 'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64')) - } - -def get_channel_dependencies(channel): - deps = get_file_revision(channel['version'], 'DEPS') - gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'" - gn_commit = re.search(gn_pattern, deps).group(1).decode() - gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit) - return { - 'gn': { - 'version': datetime.fromisoformat(gn['date']).date().isoformat(), - 'url': gn['url'], - 'rev': gn['rev'], - 'sha256': gn['sha256'] - } - } - -channels = {} -last_channels = load_json(JSON_PATH) - -print(f'GET {HISTORY_URL}', file=sys.stderr) -with urlopen(HISTORY_URL) as resp: - builds = csv.DictReader(iterdecode(resp, 'utf-8')) - for build in builds: - channel_name = build['channel'] - - # If we've already found a newer build for this channel, we're - # no longer interested in it. - if channel_name in channels: - continue - - # If we're back at the last build we used, we don't need to - # keep going -- there's no new version available, and we can - # just reuse the info from last time. - if build['version'] == last_channels[channel_name]['version']: - channels[channel_name] = last_channels[channel_name] - continue - - channel = {'version': build['version']} - suffix = 'unstable' if channel_name == 'dev' else channel_name - - try: - channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz') - channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb') - except subprocess.CalledProcessError: - # This build isn't actually available yet. Continue to - # the next one. - continue - - channel['deps'] = get_channel_dependencies(channel) - if channel_name == 'stable': - channel['chromedriver'] = get_matching_chromedriver(channel['version']) - - channels[channel_name] = channel - -with open(JSON_PATH, 'w') as out: - def get_channel_key(item): - channel_name = item[0] - if channel_name == 'stable': - return 0 - elif channel_name == 'beta': - return 1 - elif channel_name == 'dev': - return 2 - else: - print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) - sys.exit(1) - sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) - json.dump(sorted_channels, out, indent=2) - out.write('\n') diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json b/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json deleted file mode 100644 index 6343dd4b2468..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "stable": { - "version": "87.0.4280.88", - "sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy", - "sha256bin64": "0n3fm6wf8zfkv135d50xl8xxrnng3q55vyxkck1da8jyvh18bijb", - "deps": { - "gn": { - "version": "2020-09-09", - "url": "https://gn.googlesource.com/gn", - "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", - "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" - } - }, - "chromedriver": { - "version": "87.0.4280.88", - "sha256_linux": "141mr2jiy3nslwd3s43m4i6plkv9wv5fgi78cn7mz0ac9x6fpcgx", - "sha256_darwin": "048hsqp6575r980m769lzznvxypmfcwn89f1d3ik751ymzmb5r78" - } - }, - "beta": { - "version": "88.0.4324.27", - "sha256": "0mciiyh3sn2zrl8g6znylc2pm9sb0wzsclgavf7mmlknri5sjblc", - "sha256bin64": "0qf2j1j3p94s724rwh8fydpjn88cs9yxxhjf5axvqwi7q3h35cfx", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - }, - "dev": { - "version": "89.0.4343.0", - "sha256": "0jmc1l0lysl5zax98fjhzsfq3c1sqh3n3xscidafflx362wcfpwa", - "sha256bin64": "1v6xik8kf531y0g5xj0c8szjmak0qvh77kwkw7p7hqxqmnwwp06d", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - } -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 816a4657a252..6623af0e4594 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24414,7 +24414,9 @@ in uefitoolPackages = recurseIntoAttrs (callPackage ../tools/system/uefitool/variants.nix {}); uefitool = uefitoolPackages.new-engine; - ungoogled-chromium = callPackage ../applications/networking/browsers/ungoogled-chromium (config.chromium or {}); + ungoogled-chromium = callPackage ../applications/networking/browsers/chromium ((config.chromium or {}) // { + ungoogled = true; + }); unigine-valley = callPackage ../applications/graphics/unigine-valley { };