about summary refs log tree commit diff
path: root/nixpkgs/pkgs/applications/networking/browsers/chromium
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/chromium')
-rw-r--r--nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix4
-rw-r--r--nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix53
-rw-r--r--nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix10
-rwxr-xr-xnixpkgs/pkgs/applications/networking/browsers/chromium/update.py25
-rw-r--r--nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix40
5 files changed, 91 insertions, 41 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix
index 1e203fc12e75..909b506457e5 100644
--- a/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix
+++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/browser.nix
@@ -85,8 +85,8 @@ mkChromiumDerivation (base: rec {
       then "https://github.com/ungoogled-software/ungoogled-chromium"
       else "https://www.chromium.org/";
     maintainers = with lib.maintainers; if ungoogled
-      then [ squalus primeos michaeladler networkexception ]
-      else [ primeos thefloweringash networkexception ];
+      then [ squalus primeos michaeladler networkexception emilylange ]
+      else [ primeos thefloweringash networkexception emilylange ];
     license = if enableWideVine then lib.licenses.unfree else lib.licenses.bsd3;
     platforms = lib.platforms.linux;
     mainProgram = "chromium";
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix
index 3825849aac3a..22d71e8975f8 100644
--- a/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/common.nix
@@ -1,4 +1,5 @@
 { stdenv, lib, fetchurl, fetchpatch
+, fetchzip, zstd
 , buildPackages
 , pkgsBuildBuild
 , pkgsBuildTarget
@@ -12,7 +13,6 @@
 , python3, perl
 , which
 , llvmPackages_attrName
-, rustc
 , libuuid
 , overrideCC
 # postPatch:
@@ -148,15 +148,39 @@ let
       else throw "no chromium Rosetta Stone entry for os: ${platform.config}";
   };
 
+  recompressTarball = { version, sha256 ? "" }: fetchzip {
+    name = "chromium-${version}.tar.zstd";
+    url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
+    inherit sha256;
+
+    nativeBuildInputs = [ zstd ];
+
+    postFetch = ''
+      echo removing unused code from tarball to stay under hydra limit
+      rm -r $out/third_party/{rust-src,llvm}
+
+      echo moving remains out of \$out
+      mv $out source
+
+      echo recompressing final contents into new tarball
+      # try to make a deterministic tarball
+      tar \
+        --use-compress-program "zstd -T$NIX_BUILD_CORES" \
+        --sort name \
+        --mtime 1970-01-01 \
+        --owner=root --group=root \
+        --numeric-owner --mode=go=rX,u+rw,a-s \
+        -cf $out source
+    '';
+  };
+
+
   base = rec {
     pname = "${packageName}-unwrapped";
     inherit (upstream-info) version;
     inherit packageName buildType buildPath;
 
-    src = fetchurl {
-      url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
-      inherit (upstream-info) sha256;
-    };
+    src = recompressTarball { inherit version; inherit (upstream-info) sha256; };
 
     nativeBuildInputs = [
       ninja pkg-config
@@ -251,14 +275,20 @@ let
         fi
       done
 
-      # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
-      substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" ""
+      if [[ -e native_client/SConstruct ]]; then
+        # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
+        substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" ""
+      fi
       if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then
         substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
           --replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
       fi
-      chmod -x third_party/webgpu-cts/src/tools/run_deno
-      chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno
+      if [ -e third_party/webgpu-cts/src/tools/run_deno ]; then
+        chmod -x third_party/webgpu-cts/src/tools/run_deno
+      fi
+      if [ -e third_party/dawn/third_party/webgpu-cts/tools/run_deno ]; then
+        chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno
+      fi
 
       # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
       substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
@@ -304,7 +334,7 @@ let
       # Link to our own Node.js and Java (required during the build):
       mkdir -p third_party/node/linux/node-linux-x64/bin
       ln -s "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
-      ln -s "${pkgsBuildHost.jre8_headless}/bin/java" third_party/jdk/current/bin/
+      ln -s "${pkgsBuildHost.jdk17_headless}/bin/java" third_party/jdk/current/bin/
 
       # Allow building against system libraries in official builds
       sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
@@ -388,7 +418,7 @@ let
       # Use nixpkgs Rust compiler instead of the one shipped by Chromium.
       # We do intentionally not set rustc_version as nixpkgs will never do incremental
       # rebuilds, thus leaving this empty is fine.
-      rust_sysroot_absolute = "${rustc}";
+      rust_sysroot_absolute = "${buildPackages.rustc}";
       # Building with rust is disabled for now - this matches the flags in other major distributions.
       enable_rust = false;
     } // lib.optionalAttrs (!(stdenv.buildPlatform.canExecute stdenv.hostPlatform)) {
@@ -459,6 +489,7 @@ let
       chromiumDeps = {
         gn = gnChromium;
       };
+      inherit recompressTarball;
     };
   }
   # overwrite `version` with the exact same `version` from the same source,
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix
index 6419fa6a14fd..5677bc37e844 100644
--- a/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix
@@ -6,10 +6,12 @@
 , libva, pipewire, wayland
 , gcc, nspr, nss, runCommand
 , lib, libkrb5
+, electron-source # for warnObsoleteVersionConditional
 
 # package customization
 # Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper)
 , channel ? "stable"
+, upstream-info ? (import ./upstream-info.nix).${channel}
 , proprietaryCodecs ? true
 , enableWideVine ? false
 , ungoogled ? false # Whether to build chromium or ungoogled-chromium
@@ -28,14 +30,12 @@ let
   llvmPackages_attrName = "llvmPackages_16";
   stdenv = pkgs.${llvmPackages_attrName}.stdenv;
 
-  upstream-info = (import ./upstream-info.nix).${channel};
-
   # Helper functions for changes that depend on specific versions:
   warnObsoleteVersionConditional = min-version: result:
-    let ungoogled-version = (import ./upstream-info.nix).ungoogled-chromium.version;
+    let min-supported-version = (lib.head (lib.attrValues electron-source)).unwrapped.info.chromium.version;
     in lib.warnIf
-         (lib.versionAtLeast ungoogled-version min-version)
-         "chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it."
+         (lib.versionAtLeast min-supported-version min-version)
+         "chromium: min-supported-version ${min-supported-version} is newer than a conditional bounded at ${min-version}. You can safely delete it."
          result;
   chromiumVersionAtLeast = min-version:
     let result = lib.versionAtLeast upstream-info.version min-version;
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py b/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py
index f8dae9593601..fd8f36778405 100755
--- a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py
+++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/update.py
@@ -21,12 +21,11 @@ from urllib.request import urlopen
 
 RELEASES_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms/linux/channels/all/versions/all/releases'
 DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
-BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
 
 PIN_PATH = dirname(abspath(__file__)) + '/upstream-info.nix'
 UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml'
 COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
-
+NIXPKGS_PATH = subprocess.check_output(["git", "rev-parse", "--show-toplevel"], cwd=dirname(PIN_PATH)).strip()
 
 def load_as_json(path):
     """Loads the given nix file as JSON."""
@@ -41,6 +40,23 @@ def save_dict_as_nix(path, input):
     with open(path, 'w') as out:
         out.write(formatted.decode())
 
+def prefetch_src_sri_hash(attr_path, version):
+    """Prefetches the fixed-output-derivation source tarball and returns its SRI-Hash."""
+    print(f'nix-build (FOD prefetch) {attr_path} {version}')
+    out = subprocess.run(
+        ["nix-build", "--expr", f'(import ./. {{}}).{attr_path}.browser.passthru.recompressTarball {{ version = "{version}"; }}'],
+        cwd=NIXPKGS_PATH,
+        stderr=subprocess.PIPE
+    ).stderr.decode()
+
+    for line in iter(out.split("\n")):
+        match = re.match(r"\s+got:\s+(.+)$", line)
+        if match:
+            print(f'Hash: {match.group(1)}')
+            return match.group(1)
+    print(f'{out}\n\nError: Expected hash in nix-build stderr output.', file=sys.stderr)
+    sys.exit(1)
+
 def nix_prefetch_url(url, algo='sha256'):
     """Prefetches the content of the given URL."""
     print(f'nix-prefetch-url {url}')
@@ -206,7 +222,10 @@ with urlopen(RELEASES_URL) as resp:
             google_chrome_suffix = channel_name
 
         try:
-            channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{release["version"]}.tar.xz')
+            channel['sha256'] = prefetch_src_sri_hash(
+                channel_name_to_attr_name(channel_name),
+                release["version"]
+            )
             channel['sha256bin64'] = nix_prefetch_url(
                 f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' +
                 f'google-chrome-{google_chrome_suffix}_{release["version"]}-1_amd64.deb')
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index e67e3c114468..b8004a7d4b39 100644
--- a/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/nixpkgs/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -8,7 +8,7 @@
         version = "2023-08-01";
       };
     };
-    sha256 = "1wf0j189cxpayy6ffmj5j6h5yg3amivryilimjc2ap0jkyj4xrbi";
+    sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j";
     sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr";
     version = "117.0.5938.22";
   };
@@ -21,45 +21,45 @@
         version = "2023-08-10";
       };
     };
-    sha256 = "1z01b6w4sgndrlcd26jgimk3rhv3wzpn67nv1fd5ln7dwfwkyq20";
+    sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv";
     sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x";
     version = "118.0.5966.0";
   };
   stable = {
     chromedriver = {
-      sha256_darwin = "0phhcqid7wjw923qdi65zql3fid25swwszksgnw3b8fgz67jn955";
+      sha256_darwin = "0y973bs4dbdrl152bfiq5avsp6h27j3v1kwgcgxk1d0g293322xs";
       sha256_darwin_aarch64 =
-        "00fwq8slvjm6c7krgwjd4mxhkkrp23n4icb63qlvi2hy06gfj4l6";
-      sha256_linux = "0ws8ch1j2hzp483vr0acvam1zxmzg9d37x6gqdwiqwgrk6x5pvkh";
-      version = "117.0.5938.88";
+        "04qrhr52qc9rhmslgsh2yymsix9cv32g39xbpf8576scihfdngv8";
+      sha256_linux = "1hy3s6j20h03ria033kfxd3rq259davvpjny4gpvznzklns71vi1";
+      version = "118.0.5993.70";
     };
     deps = {
       gn = {
-        rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
-        sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
+        rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
+        sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
         url = "https://gn.googlesource.com/gn";
-        version = "2023-08-01";
+        version = "2023-08-10";
       };
     };
-    sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6";
-    sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi";
-    version = "117.0.5938.88";
+    sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
+    sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
+    version = "118.0.5993.88";
   };
   ungoogled-chromium = {
     deps = {
       gn = {
-        rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
-        sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
+        rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
+        sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
         url = "https://gn.googlesource.com/gn";
-        version = "2023-08-01";
+        version = "2023-08-10";
       };
       ungoogled-patches = {
-        rev = "117.0.5938.88-1";
-        sha256 = "1wz15ib56j8c84bgrbf0djk5wli49b1lvaqbg18pdclkp1mqy5w9";
+        rev = "118.0.5993.88-1";
+        sha256 = "17j47d64l97ascp85h8cnfnr5wr4va3bdk95wmagqss7ym5c7zsf";
       };
     };
-    sha256 = "01n9aqnilsjrbpv5kkx3c6nxs9p5l5lfwxj67hd5s5g4740di4a6";
-    sha256bin64 = "1dhgagphdzbd19gkc7vpl1hxc9vn0l7sxny346qjlmrwafqlhbgi";
-    version = "117.0.5938.88";
+    sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
+    sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
+    version = "118.0.5993.88";
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-11 01:52:38 +0000