Merge pull request #136561 from primeos/chromium-backport

[21.05] Backport the first batch of Chromium patches

pkgs/applications/networking/browsers/chromium/browser.nix

@@ -16,6 +16,7 @@ mkChromiumDerivation (base: rec {
     cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
     cp -v "$buildPath/icudtl.dat" "$libExecPath/"
     cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
+    cp -v "$buildPath/crashpad_handler" "$libExecPath/"
     cp -v "$buildPath/chrome" "$libExecPath/$packageName"
 
     # Swiftshader
@@ -62,9 +63,7 @@ mkChromiumDerivation (base: rec {
       -e '/\[Desktop Entry\]/a\' \
       -e 'StartupWMClass=chromium-browser' \
       $out/share/applications/chromium-browser.desktop
-  '' + ''
+  '';
-    cp -v "$buildPath/crashpad_handler" "$libExecPath/"
-  ''; # TODO: Merge
 
   passthru = { inherit sandboxExecutableName; };
 

pkgs/applications/networking/browsers/chromium/common.nix

@@ -9,7 +9,7 @@
 
 , python2, python3, perl, pkg-config
 , nspr, systemd, libkrb5
-, util-linux, alsaLib
+, util-linux, alsa-lib
 , bison, gperf
 , glib, gtk3, dbus-glib
 , glibc
@@ -42,7 +42,6 @@ buildFun:
 with lib;
 
 let
-  jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
   python2WithPackages = python2.withPackages(ps: with ps; [
     ply jinja2 setuptools
   ]);
@@ -75,15 +74,16 @@ let
     in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
 
   # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
-  gnSystemLibraries = [
+  gnSystemLibraries = lib.optionals (!chromiumVersionAtLeast "93") [
     "ffmpeg"
+    "snappy"
+  ] ++ [
     "flac"
     "libjpeg"
     "libpng"
     "libwebp"
     "libxslt"
     "opus"
-    "snappy"
     "zlib"
   ];
 
@@ -143,13 +143,12 @@ let
 
     buildInputs = defaultDependencies ++ [
       nspr nss systemd
-      util-linux alsaLib
+      util-linux alsa-lib
       bison gperf libkrb5
       glib gtk3 dbus-glib
       libXScrnSaver libXcursor libXtst libxshmfence libGLU libGL
       mesa # required for libgbm
       pciutils protobuf speechd libXdamage at-spi2-core
-      jre
       pipewire
       libva
       libdrm wayland mesa.drivers libxkbcommon
@@ -164,7 +163,6 @@ let
       ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
       # Fix the build by adding a missing dependency (s. https://crbug.com/1197837):
       ./patches/fix-missing-atspi2-dependency.patch
-      ./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
     ] ++ lib.optionals (chromiumVersionAtLeast "93") [
       # We need to revert this patch to build M93 with LLVM 12.
       (githubPatch {
@@ -205,7 +203,7 @@ let
       substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
         --replace \
           '/usr/share/alsa/' \
-          '${alsaLib}/share/alsa/' \
+          '${alsa-lib}/share/alsa/' \
         --replace \
           '/usr/lib/x86_64-linux-gnu/gconv/' \
           '${glibc}/lib/gconv/' \
@@ -226,9 +224,10 @@ let
       sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
 
       patchShebangs .
-      # use our own nodejs
+      # Link to our own Node.js and Java (required during the build):
       mkdir -p third_party/node/linux/node-linux-x64/bin
       ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node
+      ln -s "${jre8}/bin/java" third_party/jdk/current/bin/
 
       # Allow building against system libraries in official builds
       sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
@@ -243,25 +242,12 @@ let
     '';
 
     gnFlags = mkGnFlags ({
+      # Main build and toolchain settings:
       is_official_build = true;
       custom_toolchain = "//build/toolchain/linux/unbundle:default";
       host_toolchain = "//build/toolchain/linux/unbundle:default";
-      system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
-
       use_sysroot = false;
-      use_gnome_keyring = gnomeKeyringSupport;
+      system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
-      use_gio = gnomeSupport;
-      # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
-      # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
-      enable_nacl = false;
-      # Enabling the Widevine component here doesn't affect whether we can
-      # redistribute the chromium package; the Widevine component is either
-      # added later in the wrapped -wv build or downloaded from Google.
-      enable_widevine = true;
-      use_cups = cupsSupport;
-      # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
-      rtc_use_pipewire = true;
-
       treat_warnings_as_errors = false;
       clang_use_chrome_plugins = false;
       blink_symbol_level = 0;
@@ -272,6 +258,21 @@ let
       # Note: The API key is for NixOS/nixpkgs use ONLY.
       # For your own distribution, please get your own set of keys.
       google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
+
+      # Optional features:
+      use_cups = cupsSupport;
+      use_gio = gnomeSupport;
+      use_gnome_keyring = gnomeKeyringSupport;
+
+      # Feature overrides:
+      # Native Client support was deprecated in 2020 and support will end in June 2021:
+      enable_nacl = false;
+      # Enabling the Widevine component here doesn't affect whether we can
+      # redistribute the chromium package; the Widevine component is either
+      # added later in the wrapped -wv build or downloaded from Google:
+      enable_widevine = true;
+      # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
+      rtc_use_pipewire = true;
     } // optionalAttrs proprietaryCodecs {
       # enable support for the H.264 codec
       proprietary_codecs = true;
@@ -280,14 +281,6 @@ let
     } // optionalAttrs pulseSupport {
       use_pulseaudio = true;
       link_pulseaudio = true;
-      # Disable PGO (defaults to 2 since M89) because it fails without additional changes:
-      # error: Could not read profile ../../chrome/build/pgo_profiles/chrome-linux-master-1610647094-405a32bcf15e5a84949640f99f84a5b9f61e2f2e.profdata: Unsupported instrumentation profile format version
-      chrome_pgo_phase = 0;
-      # Disable build with TFLite library because it fails without additional changes:
-      # ninja: error: '../../chrome/test/data/simple_test.tflite', needed by 'test_data/simple_test.tflite', missing and no known rule to make it
-      # Note: chrome/test/data/simple_test.tflite is in the Git repository but not in chromium-90.0.4400.8.tar.xz
-      # See also chrome/services/machine_learning/README.md
-      build_with_tflite_lib = false;
     } // optionalAttrs ungoogled {
       chrome_pgo_phase = 0;
       enable_hangout_services_extension = false;

pkgs/applications/networking/browsers/chromium/default.nix

@@ -76,8 +76,6 @@ let
 
     src = chromeSrc;
 
-    phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
-
     unpackCmd = let
       widevineCdmPath =
         if (channel == "stable" || channel == "ungoogled-chromium") then

pkgs/applications/networking/browsers/chromium/get-commit-message.py

@@ -2,8 +2,10 @@
 #!nix-shell -i python3 -p python3Packages.feedparser python3Packages.requests
 
 # This script prints the Git commit message for stable channel updates.
+# Usage: ./get-commit-message.py [version]
 
 import re
+import sys
 import textwrap
 
 from collections import OrderedDict
@@ -13,19 +15,29 @@ import requests
 
 feed = feedparser.parse('https://chromereleases.googleblog.com/feeds/posts/default')
 html_tags = re.compile(r'<[^>]+>')
+target_version = sys.argv[1] if len(sys.argv) == 2 else None
 
 for entry in feed.entries:
-    if entry.title != 'Stable Channel Update for Desktop':
-        continue
     url = requests.get(entry.link).url.split('?')[0]
+    if entry.title != 'Stable Channel Update for Desktop':
+        if target_version and entry.title == '':
+            # Workaround for a special case (Chrome Releases bug?):
+            if not 'the-stable-channel-has-been-updated-to' in url:
+                continue
+        else:
+            continue
     content = entry.content[0].value
     content = html_tags.sub('', content)  # Remove any HTML tags
     if re.search(r'Linux', content) is None:
         continue
     #print(url)  # For debugging purposes
     version = re.search(r'\d+(\.\d+){3}', content).group(0)
-    print('chromium: TODO -> ' + version)
+    if target_version:
-    print('\n' + url)
+        if version != target_version:
+            continue
+    else:
+        print('chromium: TODO -> ' + version + '\n')
+    print(url)
     if fixes := re.search(r'This update includes .+ security fixes\.', content).group(0):
         zero_days = re.search(r'Google is aware( of reports)? that .+ in the wild\.', content)
         if zero_days:
@@ -35,4 +47,7 @@ for entry in feed.entries:
         cve_list = list(OrderedDict.fromkeys(cve_list))  # Remove duplicates but preserve the order
         cve_string = ' '.join(cve_list)
         print("\nCVEs:\n" + '\n'.join(textwrap.wrap(cve_string, width=72)))
-    break  # We only care about the most recent stable channel update
+    sys.exit(0)  # We only care about the most recent stable channel update
+
+print("Error: No match.")
+sys.exit(1)

pkgs/applications/networking/browsers/chromium/patches/closure_compiler-Use-the-Java-binary-from-the-system.patch

@@ -1,31 +0,0 @@
-From e031b8be0fb2a22f953c034cdf08ca9befe130d2 Mon Sep 17 00:00:00 2001
-From: Michael Weiss <dev.primeos@gmail.com>
-Date: Sun, 11 Apr 2021 18:05:12 +0200
-Subject: [PATCH] closure_compiler: Use the Java binary from the system
-
-The bundled Java binary (third_party/jdk/current/bin/java) is missing in
-the tarball and we want to use the one from the system anyway.
-This reverts part of [0].
-
-[0]: https://chromium-review.googlesource.com/c/chromium/src/+/2778794
----
- third_party/closure_compiler/compiler.py | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/third_party/closure_compiler/compiler.py b/third_party/closure_compiler/compiler.py
-index 75690ceb9749..7b9c76f74290 100755
---- a/third_party/closure_compiler/compiler.py
-+++ b/third_party/closure_compiler/compiler.py
-@@ -13,8 +13,7 @@ import subprocess
- 
- 
- _CURRENT_DIR = os.path.join(os.path.dirname(__file__))
--_JAVA_PATH = os.path.join(_CURRENT_DIR, "..", "jdk", "current", "bin", "java")
--assert os.path.isfile(_JAVA_PATH), "java only allowed in android builds"
-+_JAVA_PATH = "java"
- 
- class Compiler(object):
-   """Runs the Closure compiler on given source files to typecheck them
--- 
-2.20.1
-

pkgs/applications/networking/browsers/chromium/update.py

@@ -3,6 +3,7 @@
 
 """This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
 via upstream-info.json."""
+# Usage: ./update.py [--commit]
 
 import csv
 import json
@@ -22,6 +23,7 @@ DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
 BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
 
 JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
+COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
 
 
 def load_json(path):
@@ -117,6 +119,21 @@ def channel_name_to_attr_name(channel_name):
     sys.exit(1)
 
 
+def get_channel_key(item):
+    """Orders Chromium channels by their name."""
+    channel_name = item[0]
+    if channel_name == 'stable':
+        return 0
+    if channel_name == 'beta':
+        return 1
+    if channel_name == 'dev':
+        return 2
+    if channel_name == 'ungoogled-chromium':
+        return 3
+    print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
+    sys.exit(1)
+
+
 def print_updates(channels_old, channels_new):
     """Print a summary of the updates."""
     print('Updates:')
@@ -192,21 +209,25 @@ with urlopen(HISTORY_URL) as resp:
         channels[channel_name] = channel
 
 
-with open(JSON_PATH, 'w') as out:
+sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
-    def get_channel_key(item):
+if len(sys.argv) == 2 and sys.argv[1] == '--commit':
-        """Orders Chromium channels by their name."""
+    for channel_name in sorted_channels.keys():
-        channel_name = item[0]
+        version_old = last_channels[channel_name]['version']
-        if channel_name == 'stable':
+        version_new = sorted_channels[channel_name]['version']
-            return 0
+        if LooseVersion(version_old) < LooseVersion(version_new):
-        if channel_name == 'beta':
+            last_channels[channel_name] = sorted_channels[channel_name]
-            return 1
+            with open(JSON_PATH, 'w') as out:
-        if channel_name == 'dev':
+                json.dump(last_channels, out, indent=2)
-            return 2
+                out.write('\n')
-        if channel_name == 'ungoogled-chromium':
+            attr_name = channel_name_to_attr_name(channel_name)
-            return 3
+            commit_message = f'{attr_name}: {version_old} -> {version_new}'
-        print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
+            if channel_name == 'stable':
-        sys.exit(1)
+                body = subprocess.check_output([COMMIT_MESSAGE_SCRIPT, version_new]).decode('utf-8')
-    sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
+                commit_message += '\n\n' + body
-    json.dump(sorted_channels, out, indent=2)
+            subprocess.run(['git', 'add', JSON_PATH], check=True)
-    out.write('\n')
+            subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True)
+else:
+    with open(JSON_PATH, 'w') as out:
+        json.dump(sorted_channels, out, indent=2)
+        out.write('\n')
     print_updates(last_channels, sorted_channels)

pkgs/applications/networking/browsers/chromium/upstream-info.json

@@ -18,22 +18,9 @@
     }
   },
   "beta": {
-    "version": "92.0.4515.107",
+    "version": "93.0.4577.18",
-    "sha256": "04khamgxwzgbm2rn7is53j5g55vm5qfyz7zwxqc51sd429jsqlbf",
+    "sha256": "1h1ppyizj5vbnrv11iy9vlcpcv8mgb9r8m2zmz6vp7q1ch6w0w4x",
-    "sha256bin64": "179i18lckd85i6cc60mqpvv2jqdshc338m686yackdgz9qjrrlwd",
+    "sha256bin64": "1s5qj0pd79qbchq3awhxc86l9vmi6304z7sd9ls9f8q138789cha",
-    "deps": {
-      "gn": {
-        "version": "2021-05-07",
-        "url": "https://gn.googlesource.com/gn",
-        "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810",
-        "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4"
-      }
-    }
-  },
-  "dev": {
-    "version": "93.0.4577.8",
-    "sha256": "1x6i5bmcnj8bkpcb9gcyd1m9nzpq206yyprxrnpak117k7abr2b1",
-    "sha256bin64": "0qjfb9jxr2gmwb1dsvl6yzz06vsjny2l3icrsdcm0pl6r6davk2w",
     "deps": {
       "gn": {
         "version": "2021-07-08",
@@ -43,6 +30,19 @@
       }
     }
   },
+  "dev": {
+    "version": "94.0.4595.0",
+    "sha256": "0ksd7vqpbiplbg2xpm566z7p7qp57r27a3pk6ss1qz8v18490092",
+    "sha256bin64": "1kibyhgwcgby3hnhjdg2vrgbj4dvvbicqlcj4id9761zw1jhz8r4",
+    "deps": {
+      "gn": {
+        "version": "2021-07-31",
+        "url": "https://gn.googlesource.com/gn",
+        "rev": "eea3906f0e2a8d3622080127d2005ff214d51383",
+        "sha256": "1wc969jrivb502c45wdcbgh0c5888nqxla05is9bimkrk9rqppw3"
+      }
+    }
+  },
   "ungoogled-chromium": {
     "version": "92.0.4515.159",
     "sha256": "04gxgimg5ygzx6nvfws5y9dppdfjg1fhyl8zbykmksbh1myk6zfr",

pkgs/applications/networking/browsers/google-chrome/default.nix

@@ -3,7 +3,7 @@
 # Linked dynamic libraries.
 , glib, fontconfig, freetype, pango, cairo, libX11, libXi, atk, gconf, nss, nspr
 , libXcursor, libXext, libXfixes, libXrender, libXScrnSaver, libXcomposite, libxcb
-, alsaLib, libXdamage, libXtst, libXrandr, libxshmfence, expat, cups
+, alsa-lib, libXdamage, libXtst, libXrandr, libxshmfence, expat, cups
 , dbus, gtk3, gdk-pixbuf, gcc-unwrapped, at-spi2-atk, at-spi2-core
 , libkrb5, libdrm, mesa
 , libxkbcommon, wayland # ozone/wayland
@@ -59,7 +59,7 @@ let
   deps = [
     glib fontconfig freetype pango cairo libX11 libXi atk gconf nss nspr
     libXcursor libXext libXfixes libXrender libXScrnSaver libXcomposite libxcb
-    alsaLib libXdamage libXtst libXrandr libxshmfence expat cups
+    alsa-lib libXdamage libXtst libXrandr libxshmfence expat cups
     dbus gdk-pixbuf gcc-unwrapped.lib
     systemd
     libexif pciutils

pkgs/top-level/all-packages.nix

@@ -19970,6 +19970,7 @@ in
   alsa-firmware = callPackage ../os-specific/linux/alsa-firmware { };
 
   alsaLib = callPackage ../os-specific/linux/alsa-lib { };
+  alsa-lib = alsaLib; # New name on nixos-unstable
 
   alsaPlugins = callPackage ../os-specific/linux/alsa-plugins { };