Merge pull request #136561 from primeos/chromium-backport

[21.05] Backport the first batch of Chromium patches
2021-09-03 11:52:51 +02:00 · 2021-09-03 11:52:51 +02:00 · 7055f658d9
parent 0950b449b5 7ab6adf608
commit 7055f658d9
9 changed files with 104 additions and 108 deletions
--- a/pkgs/applications/networking/browsers/chromium/browser.nix
+++ b/pkgs/applications/networking/browsers/chromium/browser.nix
@ -16,6 +16,7 @@ mkChromiumDerivation (base: rec {
    cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
    cp -v "$buildPath/icudtl.dat" "$libExecPath/"
    cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
+    cp -v "$buildPath/crashpad_handler" "$libExecPath/"
    cp -v "$buildPath/chrome" "$libExecPath/$packageName"

    # Swiftshader
@ -62,9 +63,7 @@ mkChromiumDerivation (base: rec {
      -e '/\[Desktop Entry\]/a\' \
      -e 'StartupWMClass=chromium-browser' \
      $out/share/applications/chromium-browser.desktop
-  '' + ''
-    cp -v "$buildPath/crashpad_handler" "$libExecPath/"
-  ''; # TODO: Merge
+  '';

  passthru = { inherit sandboxExecutableName; };

--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@ -9,7 +9,7 @@

 , python2, python3, perl, pkg-config
 , nspr, systemd, libkrb5
-, util-linux, alsaLib
+, util-linux, alsa-lib
 , bison, gperf
 , glib, gtk3, dbus-glib
 , glibc
@ -42,7 +42,6 @@ buildFun:
 with lib;

 let
-  jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
  python2WithPackages = python2.withPackages(ps: with ps; [
    ply jinja2 setuptools
  ]);
@ -75,15 +74,16 @@ let
    in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));

  # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
-  gnSystemLibraries = [
+  gnSystemLibraries = lib.optionals (!chromiumVersionAtLeast "93") [
    "ffmpeg"
+    "snappy"
+  ] ++ [
    "flac"
    "libjpeg"
    "libpng"
    "libwebp"
    "libxslt"
    "opus"
-    "snappy"
    "zlib"
  ];

@ -143,13 +143,12 @@ let

    buildInputs = defaultDependencies ++ [
      nspr nss systemd
-      util-linux alsaLib
+      util-linux alsa-lib
      bison gperf libkrb5
      glib gtk3 dbus-glib
      libXScrnSaver libXcursor libXtst libxshmfence libGLU libGL
      mesa # required for libgbm
      pciutils protobuf speechd libXdamage at-spi2-core
-      jre
      pipewire
      libva
      libdrm wayland mesa.drivers libxkbcommon
@ -164,7 +163,6 @@ let
      ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
      # Fix the build by adding a missing dependency (s. https://crbug.com/1197837):
      ./patches/fix-missing-atspi2-dependency.patch
-      ./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
    ] ++ lib.optionals (chromiumVersionAtLeast "93") [
      # We need to revert this patch to build M93 with LLVM 12.
      (githubPatch {
@ -205,7 +203,7 @@ let
      substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
        --replace \
          '/usr/share/alsa/' \
-          '${alsaLib}/share/alsa/' \
+          '${alsa-lib}/share/alsa/' \
        --replace \
          '/usr/lib/x86_64-linux-gnu/gconv/' \
          '${glibc}/lib/gconv/' \
@ -226,9 +224,10 @@ let
      sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc

      patchShebangs .
-      # use our own nodejs
+      # Link to our own Node.js and Java (required during the build):
      mkdir -p third_party/node/linux/node-linux-x64/bin
      ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node
+      ln -s "${jre8}/bin/java" third_party/jdk/current/bin/

      # Allow building against system libraries in official builds
      sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
@ -243,25 +242,12 @@ let
    '';

    gnFlags = mkGnFlags ({
+      # Main build and toolchain settings:
      is_official_build = true;
      custom_toolchain = "//build/toolchain/linux/unbundle:default";
      host_toolchain = "//build/toolchain/linux/unbundle:default";
-      system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
-
      use_sysroot = false;
-      use_gnome_keyring = gnomeKeyringSupport;
-      use_gio = gnomeSupport;
-      # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
-      # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
-      enable_nacl = false;
-      # Enabling the Widevine component here doesn't affect whether we can
-      # redistribute the chromium package; the Widevine component is either
-      # added later in the wrapped -wv build or downloaded from Google.
-      enable_widevine = true;
-      use_cups = cupsSupport;
-      # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
-      rtc_use_pipewire = true;
-
+      system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
      treat_warnings_as_errors = false;
      clang_use_chrome_plugins = false;
      blink_symbol_level = 0;
@ -272,6 +258,21 @@ let
      # Note: The API key is for NixOS/nixpkgs use ONLY.
      # For your own distribution, please get your own set of keys.
      google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
+
+      # Optional features:
+      use_cups = cupsSupport;
+      use_gio = gnomeSupport;
+      use_gnome_keyring = gnomeKeyringSupport;
+
+      # Feature overrides:
+      # Native Client support was deprecated in 2020 and support will end in June 2021:
+      enable_nacl = false;
+      # Enabling the Widevine component here doesn't affect whether we can
+      # redistribute the chromium package; the Widevine component is either
+      # added later in the wrapped -wv build or downloaded from Google:
+      enable_widevine = true;
+      # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
+      rtc_use_pipewire = true;
    } // optionalAttrs proprietaryCodecs {
      # enable support for the H.264 codec
      proprietary_codecs = true;
@ -280,14 +281,6 @@ let
    } // optionalAttrs pulseSupport {
      use_pulseaudio = true;
      link_pulseaudio = true;
-      # Disable PGO (defaults to 2 since M89) because it fails without additional changes:
-      # error: Could not read profile ../../chrome/build/pgo_profiles/chrome-linux-master-1610647094-405a32bcf15e5a84949640f99f84a5b9f61e2f2e.profdata: Unsupported instrumentation profile format version
-      chrome_pgo_phase = 0;
-      # Disable build with TFLite library because it fails without additional changes:
-      # ninja: error: '../../chrome/test/data/simple_test.tflite', needed by 'test_data/simple_test.tflite', missing and no known rule to make it
-      # Note: chrome/test/data/simple_test.tflite is in the Git repository but not in chromium-90.0.4400.8.tar.xz
-      # See also chrome/services/machine_learning/README.md
-      build_with_tflite_lib = false;
    } // optionalAttrs ungoogled {
      chrome_pgo_phase = 0;
      enable_hangout_services_extension = false;
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@ -76,8 +76,6 @@ let

    src = chromeSrc;

-    phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
-
    unpackCmd = let
      widevineCdmPath =
        if (channel == "stable" || channel == "ungoogled-chromium") then
--- a/pkgs/applications/networking/browsers/chromium/get-commit-message.py
+++ b/pkgs/applications/networking/browsers/chromium/get-commit-message.py
@ -2,8 +2,10 @@
 #!nix-shell -i python3 -p python3Packages.feedparser python3Packages.requests

 # This script prints the Git commit message for stable channel updates.
+# Usage: ./get-commit-message.py [version]

 import re
+import sys
 import textwrap

 from collections import OrderedDict
@ -13,19 +15,29 @@ import requests

 feed = feedparser.parse('https://chromereleases.googleblog.com/feeds/posts/default')
 html_tags = re.compile(r'<[^>]+>')
+target_version = sys.argv[1] if len(sys.argv) == 2 else None

 for entry in feed.entries:
-    if entry.title != 'Stable Channel Update for Desktop':
-        continue
    url = requests.get(entry.link).url.split('?')[0]
+    if entry.title != 'Stable Channel Update for Desktop':
+        if target_version and entry.title == '':
+            # Workaround for a special case (Chrome Releases bug?):
+            if not 'the-stable-channel-has-been-updated-to' in url:
+                continue
+        else:
+            continue
    content = entry.content[0].value
    content = html_tags.sub('', content)  # Remove any HTML tags
    if re.search(r'Linux', content) is None:
        continue
    #print(url)  # For debugging purposes
    version = re.search(r'\d+(\.\d+){3}', content).group(0)
-    print('chromium: TODO -> ' + version)
-    print('\n' + url)
+    if target_version:
+        if version != target_version:
+            continue
+    else:
+        print('chromium: TODO -> ' + version + '\n')
+    print(url)
    if fixes := re.search(r'This update includes .+ security fixes\.', content).group(0):
        zero_days = re.search(r'Google is aware( of reports)? that .+ in the wild\.', content)
        if zero_days:
@ -35,4 +47,7 @@ for entry in feed.entries:
        cve_list = list(OrderedDict.fromkeys(cve_list))  # Remove duplicates but preserve the order
        cve_string = ' '.join(cve_list)
        print("\nCVEs:\n" + '\n'.join(textwrap.wrap(cve_string, width=72)))
-    break  # We only care about the most recent stable channel update
+    sys.exit(0)  # We only care about the most recent stable channel update
+
+print("Error: No match.")
+sys.exit(1)
--- a/pkgs/applications/networking/browsers/chromium/patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
+++ b/pkgs/applications/networking/browsers/chromium/patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
@ -1,31 +0,0 @@
-From e031b8be0fb2a22f953c034cdf08ca9befe130d2 Mon Sep 17 00:00:00 2001
-From: Michael Weiss <dev.primeos@gmail.com>
-Date: Sun, 11 Apr 2021 18:05:12 +0200
-Subject: [PATCH] closure_compiler: Use the Java binary from the system
-
-The bundled Java binary (third_party/jdk/current/bin/java) is missing in
-the tarball and we want to use the one from the system anyway.
-This reverts part of [0].
-
-[0]: https://chromium-review.googlesource.com/c/chromium/src/+/2778794
---
- third_party/closure_compiler/compiler.py | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/third_party/closure_compiler/compiler.py b/third_party/closure_compiler/compiler.py
-index 75690ceb9749..7b9c76f74290 100755
--- a/third_party/closure_compiler/compiler.py
-+++ b/third_party/closure_compiler/compiler.py
-@@ -13,8 +13,7 @@ import subprocess
- 
- 
- _CURRENT_DIR = os.path.join(os.path.dirname(__file__))
-_JAVA_PATH = os.path.join(_CURRENT_DIR, "..", "jdk", "current", "bin", "java")
-assert os.path.isfile(_JAVA_PATH), "java only allowed in android builds"
-+_JAVA_PATH = "java"
- 
- class Compiler(object):
-   """Runs the Closure compiler on given source files to typecheck them
-- 
-2.20.1
-
--- a/pkgs/applications/networking/browsers/chromium/update.py
+++ b/pkgs/applications/networking/browsers/chromium/update.py
@ -3,6 +3,7 @@

 """This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
 via upstream-info.json."""
+# Usage: ./update.py [--commit]

 import csv
 import json
@ -22,6 +23,7 @@ DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
 BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'

 JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
+COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'


 def load_json(path):
@ -117,6 +119,21 @@ def channel_name_to_attr_name(channel_name):
    sys.exit(1)


+def get_channel_key(item):
+    """Orders Chromium channels by their name."""
+    channel_name = item[0]
+    if channel_name == 'stable':
+        return 0
+    if channel_name == 'beta':
+        return 1
+    if channel_name == 'dev':
+        return 2
+    if channel_name == 'ungoogled-chromium':
+        return 3
+    print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
+    sys.exit(1)
+
+
 def print_updates(channels_old, channels_new):
    """Print a summary of the updates."""
    print('Updates:')
@ -192,21 +209,25 @@ with urlopen(HISTORY_URL) as resp:
        channels[channel_name] = channel


-with open(JSON_PATH, 'w') as out:
-    def get_channel_key(item):
-        """Orders Chromium channels by their name."""
-        channel_name = item[0]
-        if channel_name == 'stable':
-            return 0
-        if channel_name == 'beta':
-            return 1
-        if channel_name == 'dev':
-            return 2
-        if channel_name == 'ungoogled-chromium':
-            return 3
-        print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
-        sys.exit(1)
-    sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
-    json.dump(sorted_channels, out, indent=2)
-    out.write('\n')
+sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
+if len(sys.argv) == 2 and sys.argv[1] == '--commit':
+    for channel_name in sorted_channels.keys():
+        version_old = last_channels[channel_name]['version']
+        version_new = sorted_channels[channel_name]['version']
+        if LooseVersion(version_old) < LooseVersion(version_new):
+            last_channels[channel_name] = sorted_channels[channel_name]
+            with open(JSON_PATH, 'w') as out:
+                json.dump(last_channels, out, indent=2)
+                out.write('\n')
+            attr_name = channel_name_to_attr_name(channel_name)
+            commit_message = f'{attr_name}: {version_old} -> {version_new}'
+            if channel_name == 'stable':
+                body = subprocess.check_output([COMMIT_MESSAGE_SCRIPT, version_new]).decode('utf-8')
+                commit_message += '\n\n' + body
+            subprocess.run(['git', 'add', JSON_PATH], check=True)
+            subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True)
+else:
+    with open(JSON_PATH, 'w') as out:
+        json.dump(sorted_channels, out, indent=2)
+        out.write('\n')
    print_updates(last_channels, sorted_channels)
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@ -18,22 +18,9 @@
    }
  },
  "beta": {
-    "version": "92.0.4515.107",
-    "sha256": "04khamgxwzgbm2rn7is53j5g55vm5qfyz7zwxqc51sd429jsqlbf",
-    "sha256bin64": "179i18lckd85i6cc60mqpvv2jqdshc338m686yackdgz9qjrrlwd",
-    "deps": {
-      "gn": {
-        "version": "2021-05-07",
-        "url": "https://gn.googlesource.com/gn",
-        "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810",
-        "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4"
-      }
-    }
-  },
-  "dev": {
-    "version": "93.0.4577.8",
-    "sha256": "1x6i5bmcnj8bkpcb9gcyd1m9nzpq206yyprxrnpak117k7abr2b1",
-    "sha256bin64": "0qjfb9jxr2gmwb1dsvl6yzz06vsjny2l3icrsdcm0pl6r6davk2w",
+    "version": "93.0.4577.18",
+    "sha256": "1h1ppyizj5vbnrv11iy9vlcpcv8mgb9r8m2zmz6vp7q1ch6w0w4x",
+    "sha256bin64": "1s5qj0pd79qbchq3awhxc86l9vmi6304z7sd9ls9f8q138789cha",
    "deps": {
      "gn": {
        "version": "2021-07-08",
@ -43,6 +30,19 @@
      }
    }
  },
+  "dev": {
+    "version": "94.0.4595.0",
+    "sha256": "0ksd7vqpbiplbg2xpm566z7p7qp57r27a3pk6ss1qz8v18490092",
+    "sha256bin64": "1kibyhgwcgby3hnhjdg2vrgbj4dvvbicqlcj4id9761zw1jhz8r4",
+    "deps": {
+      "gn": {
+        "version": "2021-07-31",
+        "url": "https://gn.googlesource.com/gn",
+        "rev": "eea3906f0e2a8d3622080127d2005ff214d51383",
+        "sha256": "1wc969jrivb502c45wdcbgh0c5888nqxla05is9bimkrk9rqppw3"
+      }
+    }
+  },
  "ungoogled-chromium": {
    "version": "92.0.4515.159",
    "sha256": "04gxgimg5ygzx6nvfws5y9dppdfjg1fhyl8zbykmksbh1myk6zfr",
--- a/pkgs/applications/networking/browsers/google-chrome/default.nix
+++ b/pkgs/applications/networking/browsers/google-chrome/default.nix
@ -3,7 +3,7 @@
 # Linked dynamic libraries.
 , glib, fontconfig, freetype, pango, cairo, libX11, libXi, atk, gconf, nss, nspr
 , libXcursor, libXext, libXfixes, libXrender, libXScrnSaver, libXcomposite, libxcb
-, alsaLib, libXdamage, libXtst, libXrandr, libxshmfence, expat, cups
+, alsa-lib, libXdamage, libXtst, libXrandr, libxshmfence, expat, cups
 , dbus, gtk3, gdk-pixbuf, gcc-unwrapped, at-spi2-atk, at-spi2-core
 , libkrb5, libdrm, mesa
 , libxkbcommon, wayland # ozone/wayland
@ -59,7 +59,7 @@ let
  deps = [
    glib fontconfig freetype pango cairo libX11 libXi atk gconf nss nspr
    libXcursor libXext libXfixes libXrender libXScrnSaver libXcomposite libxcb
-    alsaLib libXdamage libXtst libXrandr libxshmfence expat cups
+    alsa-lib libXdamage libXtst libXrandr libxshmfence expat cups
    dbus gdk-pixbuf gcc-unwrapped.lib
    systemd
    libexif pciutils
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -19970,6 +19970,7 @@ in
  alsa-firmware = callPackage ../os-specific/linux/alsa-firmware { };

  alsaLib = callPackage ../os-specific/linux/alsa-lib { };
+  alsa-lib = alsaLib; # New name on nixos-unstable

  alsaPlugins = callPackage ../os-specific/linux/alsa-plugins { };