diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/chromium')
5 files changed, 91 insertions, 41 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix index 1e203fc12e75..909b506457e5 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix @@ -85,8 +85,8 @@ mkChromiumDerivation (base: rec { then "https://github.com/ungoogled-software/ungoogled-chromium" else "https://www.chromium.org/"; maintainers = with lib.maintainers; if ungoogled - then [ squalus primeos michaeladler networkexception ] - else [ primeos thefloweringash networkexception ]; + then [ squalus primeos michaeladler networkexception emilylange ] + else [ primeos thefloweringash networkexception emilylange ]; license = if enableWideVine then lib.licenses.unfree else lib.licenses.bsd3; platforms = lib.platforms.linux; mainProgram = "chromium"; diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix index 3825849aac3a..22d71e8975f8 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix @@ -1,4 +1,5 @@ { stdenv, lib, fetchurl, fetchpatch +, fetchzip, zstd , buildPackages , pkgsBuildBuild , pkgsBuildTarget @@ -12,7 +13,6 @@ , python3, perl , which , llvmPackages_attrName -, rustc , libuuid , overrideCC # postPatch: @@ -148,15 +148,39 @@ let else throw "no chromium Rosetta Stone entry for os: ${platform.config}"; }; + recompressTarball = { version, sha256 ? "" }: fetchzip { + name = "chromium-${version}.tar.zstd"; + url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; + inherit sha256; + + nativeBuildInputs = [ zstd ]; + + postFetch = '' + echo removing unused code from tarball to stay under hydra limit + rm -r $out/third_party/{rust-src,llvm} + + echo moving remains out of \$out + mv $out source + + echo recompressing final contents into new tarball + # try to make a deterministic tarball + tar \ + --use-compress-program "zstd -T$NIX_BUILD_CORES" \ + --sort name \ + --mtime 1970-01-01 \ + --owner=root --group=root \ + --numeric-owner --mode=go=rX,u+rw,a-s \ + -cf $out source + ''; + }; + + base = rec { pname = "${packageName}-unwrapped"; inherit (upstream-info) version; inherit packageName buildType buildPath; - src = fetchurl { - url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; - inherit (upstream-info) sha256; - }; + src = recompressTarball { inherit version; inherit (upstream-info) sha256; }; nativeBuildInputs = [ ninja pkg-config @@ -251,14 +275,20 @@ let fi done - # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): - substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" + if [[ -e native_client/SConstruct ]]; then + # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): + substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" + fi if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" fi - chmod -x third_party/webgpu-cts/src/tools/run_deno - chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno + if [ -e third_party/webgpu-cts/src/tools/run_deno ]; then + chmod -x third_party/webgpu-cts/src/tools/run_deno + fi + if [ -e third_party/dawn/third_party/webgpu-cts/tools/run_deno ]; then + chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno + fi # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ @@ -304,7 +334,7 @@ let # Link to our own Node.js and Java (required during the build): mkdir -p third_party/node/linux/node-linux-x64/bin ln -s "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node - ln -s "${pkgsBuildHost.jre8_headless}/bin/java" third_party/jdk/current/bin/ + ln -s "${pkgsBuildHost.jdk17_headless}/bin/java" third_party/jdk/current/bin/ # Allow building against system libraries in official builds sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py @@ -388,7 +418,7 @@ let # Use nixpkgs Rust compiler instead of the one shipped by Chromium. # We do intentionally not set rustc_version as nixpkgs will never do incremental # rebuilds, thus leaving this empty is fine. - rust_sysroot_absolute = "${rustc}"; + rust_sysroot_absolute = "${buildPackages.rustc}"; # Building with rust is disabled for now - this matches the flags in other major distributions. enable_rust = false; } // lib.optionalAttrs (!(stdenv.buildPlatform.canExecute stdenv.hostPlatform)) { @@ -459,6 +489,7 @@ let chromiumDeps = { gn = gnChromium; }; + inherit recompressTarball; }; } # overwrite `version` with the exact same `version` from the same source, diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix index 6419fa6a14fd..5677bc37e844 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix @@ -6,10 +6,12 @@ , libva, pipewire, wayland , gcc, nspr, nss, runCommand , lib, libkrb5 +, electron-source # for warnObsoleteVersionConditional # package customization # Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) , channel ? "stable" +, upstream-info ? (import ./upstream-info.nix).${channel} , proprietaryCodecs ? true , enableWideVine ? false , ungoogled ? false # Whether to build chromium or ungoogled-chromium @@ -28,14 +30,12 @@ let llvmPackages_attrName = "llvmPackages_16"; stdenv = pkgs.${llvmPackages_attrName}.stdenv; - upstream-info = (import ./upstream-info.nix).${channel}; - # Helper functions for changes that depend on specific versions: warnObsoleteVersionConditional = min-version: result: - let ungoogled-version = (import ./upstream-info.nix).ungoogled-chromium.version; + let min-supported-version = (lib.head (lib.attrValues electron-source)).unwrapped.info.chromium.version; in lib.warnIf - (lib.versionAtLeast ungoogled-version min-version) - "chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." + (lib.versionAtLeast min-supported-version min-version) + "chromium: min-supported-version ${min-supported-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." result; chromiumVersionAtLeast = min-version: let result = lib.versionAtLeast upstream-info.version min-version; diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py b/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py index f8dae9593601..fd8f36778405 100755 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py +++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py @@ -21,12 +21,11 @@ from urllib.request import urlopen RELEASES_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms/linux/channels/all/versions/all/releases' DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' -BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' PIN_PATH = dirname(abspath(__file__)) + '/upstream-info.nix' UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml' COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py' - +NIXPKGS_PATH = subprocess.check_output(["git", "rev-parse", "--show-toplevel"], cwd=dirname(PIN_PATH)).strip() def load_as_json(path): """Loads the given nix file as JSON.""" @@ -41,6 +40,23 @@ def save_dict_as_nix(path, input): with open(path, 'w') as out: out.write(formatted.decode()) +def prefetch_src_sri_hash(attr_path, version): + """Prefetches the fixed-output-derivation source tarball and returns its SRI-Hash.""" + print(f'nix-build (FOD prefetch) {attr_path} {version}') + out = subprocess.run( + ["nix-build", "--expr", f'(import ./. {{}}).{attr_path}.browser.passthru.recompressTarball {{ version = "{version}"; }}'], + cwd=NIXPKGS_PATH, + stderr=subprocess.PIPE + ).stderr.decode() + + for line in iter(out.split("\n")): + match = re.match(r"\s+got:\s+(.+)$", line) + if match: + print(f'Hash: {match.group(1)}') + return match.group(1) + print(f'{out}\n\nError: Expected hash in nix-build stderr output.', file=sys.stderr) + sys.exit(1) + def nix_prefetch_url(url, algo='sha256'): """Prefetches the content of the given URL.""" print(f'nix-prefetch-url {url}') @@ -206,7 +222,10 @@ with urlopen(RELEASES_URL) as resp: google_chrome_suffix = channel_name try: - channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{release["version"]}.tar.xz') + channel['sha256'] = prefetch_src_sri_hash( + channel_name_to_attr_name(channel_name), + release["version"] + ) channel['sha256bin64'] = nix_prefetch_url( f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' + f'google-chrome-{google_chrome_suffix}_{release["version"]}-1_amd64.deb') diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix index e67e3c114468..b8004a7d4b39 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -8,7 +8,7 @@ version = "2023-08-01"; }; }; - sha256 = "1wf0j189cxpayy6ffmj5j6h5yg3amivryilimjc2ap0jkyj4xrbi"; + sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j"; sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr"; version = "117.0.5938.22"; }; @@ -21,45 +21,45 @@ version = "2023-08-10"; }; }; - sha256 = "1z01b6w4sgndrlcd26jgimk3rhv3wzpn67nv1fd5ln7dwfwkyq20"; + sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv"; sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x"; version = "118.0.5966.0"; }; stable = { chromedriver = { - sha256_darwin = "0phhcqid7wjw923qdi65zql3fid25swwszksgnw3b8fgz67jn955"; + sha256_darwin = "0y973bs4dbdrl152bfiq5avsp6h27j3v1kwgcgxk1d0g293322xs"; sha256_darwin_aarch64 = - "00fwq8slvjm6c7krgwjd4mxhkkrp23n4icb63qlvi2hy06gfj4l6"; - sha256_linux = "0ws8ch1j2hzp483vr0acvam1zxmzg9d37x6gqdwiqwgrk6x5pvkh"; - version = "117.0.5938.88"; + "04qrhr52qc9rhmslgsh2yymsix9cv32g39xbpf8576scihfdngv8"; + sha256_linux = "1hy3s6j20h03ria033kfxd3rq259davvpjny4gpvznzklns71vi1"; + version = "118.0.5993.70"; }; deps = { gn = { - rev = "811d332bd90551342c5cbd39e133aa276022d7f8"; - sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq"; + rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4"; + sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab"; url = "https://gn.googlesource.com/gn"; - version = "2023-08-01"; + version = "2023-08-10"; }; }; - sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6"; - sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi"; - version = "117.0.5938.88"; + sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8="; + sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3"; + version = "118.0.5993.88"; }; ungoogled-chromium = { deps = { gn = { - rev = "811d332bd90551342c5cbd39e133aa276022d7f8"; - sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq"; + rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4"; + sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab"; url = "https://gn.googlesource.com/gn"; - version = "2023-08-01"; + version = "2023-08-10"; }; ungoogled-patches = { - rev = "117.0.5938.88-1"; - sha256 = "1wz15ib56j8c84bgrbf0djk5wli49b1lvaqbg18pdclkp1mqy5w9"; + rev = "118.0.5993.88-1"; + sha256 = "17j47d64l97ascp85h8cnfnr5wr4va3bdk95wmagqss7ym5c7zsf"; }; }; - sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6"; - sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi"; - version = "117.0.5938.88"; + sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8="; + sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3"; + version = "118.0.5993.88"; }; } |