1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
|
{ stdenv, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, gnutar
# default dependencies
, bzip2, flac, speex, libopus
, libevent, expat, libjpeg, snappy
, libpng, libcap
, xdg_utils, yasm, minizip, libwebp
, libusb1, pciutils, nss, re2, zlib
, python2Packages, perl, pkgconfig
, nspr, systemd, kerberos
, utillinux, alsaLib
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg, libxslt, libxml2, at-spi2-core
, jre
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
, libva ? null # useVaapi
, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone
# package customization
, useOzone ? false
, useVaapi ? !(useOzone || stdenv.isAarch64) # Built if supported, but disabled in the wrapper
# VA-API TODOs:
# - Ozone: M81 fails to build due to "ozone_platform_gbm = false"
# - Possible solutions: Write a patch to fix the build (wrong gn dependencies)
# or build with minigbm
# - AArch64: Causes serious regressions (https://github.com/NixOS/nixpkgs/pull/85253#issuecomment-614405879)
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false, libgnome-keyring3 ? null
, proprietaryCodecs ? true
, cupsSupport ? true
, pulseSupport ? false, libpulseaudio ? null
, ungoogled-chromium
, ungoogled ? false
, upstream-info
}:
buildFun:
with stdenv.lib;
# see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html
let
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base;
githubPatch = commit: sha256: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit sha256;
};
mkGnFlags =
let
# Serialize Nix types into GN types according to this document:
# https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/language.md
mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
sanitize = value:
if value == true then "true"
else if value == false then "false"
else if isList value then "[${concatMapStringsSep ", " sanitize value}]"
else if isInt value then toString value
else if isString value then mkGnString value
else throw "Unsupported type for GN value `${value}'.";
toFlag = key: value: "${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
gnSystemLibraries = [
"flac" "libwebp" "libxslt" "yasm" "opus" "snappy" "libpng"
# "zlib" # version 77 reports unresolved dependency on //third_party/zlib:zlib_config
# "libjpeg" # fails with multiple undefined references to chromium_jpeg_*
# "re2" # fails with linker errors
# "ffmpeg" # https://crbug.com/731766
# "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
opusWithCustomModes = libopus.override {
withCustomModes = true;
};
defaultDependencies = [
bzip2 flac speex opusWithCustomModes
libevent expat libjpeg snappy
libpng libcap
xdg_utils yasm minizip libwebp
libusb1 re2 zlib
ffmpeg libxslt libxml2
# harfbuzz # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
# build paths and release info
packageName = extraAttrs.packageName or extraAttrs.name;
buildType = "Release";
buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}";
versionRange = min-version: upto-version:
let inherit (upstream-info) version;
result = versionAtLeast version min-version && versionOlder version upto-version;
stable-version = (import ./upstream-info.nix).stable.version;
in if versionAtLeast stable-version upto-version
then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
result
else result;
ungoogler =
let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}";
in ungoogled-chromium {
inherit (versionEntry) rev sha256;
};
base = rec {
name = "${packageName}-unwrapped-${version}";
inherit (upstream-info) channel version;
inherit packageName buildType buildPath;
src = upstream-info.main;
nativeBuildInputs = [
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar
] ++ optional (versionAtLeast version "83") python2Packages.setuptools;
buildInputs = defaultDependencies ++ [
nspr nss systemd
utillinux alsaLib
bison gperf kerberos
glib gtk3 dbus-glib
libXScrnSaver libXcursor libXtst libGLU libGL
pciutils protobuf speechd libXdamage at-spi2-core
jre
] ++ optional useVaapi libva
++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
patches = [
./patches/nix_plugin_paths_68.patch
./patches/remove-webp-include-69.patch
./patches/no-build-timestamps.patch
./patches/widevine-79.patch
./patches/dont-use-ANGLE-by-default.patch
# Unfortunately, chromium regularly breaks on major updates and
# then needs various patches backported in order to be compiled with GCC.
# Good sources for such patches and other hints:
# - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) ([ # Fixes for the VA-API build:
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
] ++ optionals (versionRange "81" "82") [
(githubPatch "5b2ff215473e0526b5b24aeff4ad90d369b21c75" "0n00vh8wfpn2ay5fqsxcsx0zadnv7mihm72bcvnrfzh75nzbg902")
(githubPatch "98e343ab369e4262511b5fce547728e3e5eefba8" "00wwp653jk0k0yvix00vr7ymgck9dj7fxjwx4nc67ynn84dh6064")
]);
postPatch = ''
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
'return sandbox_binary;' \
'return base::FilePath(GetDevelSandboxPath());'
substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
--replace \
'/usr/share/alsa/' \
'${alsaLib}/share/alsa/' \
--replace \
'/usr/lib/x86_64-linux-gnu/gconv/' \
'${glibc}/lib/gconv/' \
--replace \
'/usr/share/locale/' \
'${glibc}/share/locale/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${systemd.lib}/lib/\1!' \
device/udev_linux/udev?_loader.cc
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
gpu/config/gpu_info_collector_linux.cc
sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
chrome/browser/ui/webui/engagement/site_engagement_ui.cc
sed -i -e '/#include/ {
i #include <algorithm>
:l; n; bl
}' gpu/config/gpu_control_list.cc
# Allow to put extensions into the system-path.
sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
patchShebangs .
# use our own nodejs
mkdir -p third_party/node/linux/node-linux-x64/bin
ln -s $(which node) third_party/node/linux/node-linux-x64/bin/node
# remove unused third-party
# in third_party/crashpad third_party/zlib contains just a header-adapter
for lib in ${toString gnSystemLibraries}; do
find -type f -path "*third_party/$lib/*" \
\! -path "*third_party/crashpad/crashpad/third_party/zlib/*" \
\! -path "*third_party/$lib/chromium/*" \
\! -path "*third_party/$lib/google/*" \
\! -path "*base/third_party/icu/*" \
\! -path "*base/third_party/libevent/*" \
\! -regex '.*\.\(gn\|gni\|isolate\|py\)' \
-delete
done
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString stdenv.cc.isClang ''
mkdir -p third_party/llvm-build/Release+Asserts/bin
ln -s ${stdenv.cc}/bin/clang third_party/llvm-build/Release+Asserts/bin/clang
ln -s ${stdenv.cc}/bin/clang++ third_party/llvm-build/Release+Asserts/bin/clang++
ln -s ${llvmPackages.llvm}/bin/llvm-ar third_party/llvm-build/Release+Asserts/bin/llvm-ar
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
'';
gnFlags = mkGnFlags ({
linux_use_bundled_binutils = false;
use_lld = false;
use_gold = true;
gold_path = "${stdenv.cc}/bin";
is_debug = false;
proprietary_codecs = false;
use_sysroot = false;
use_gnome_keyring = gnomeKeyringSupport;
use_gio = gnomeSupport;
# ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
# needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
enable_nacl = false;
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google.
enable_widevine = true;
use_cups = cupsSupport;
treat_warnings_as_errors = false;
is_clang = stdenv.cc.isClang;
clang_use_chrome_plugins = false;
blink_symbol_level = 0;
fieldtrial_testing_like_official_build = true;
# Google API keys, see:
# http://www.chromium.org/developers/how-tos/api-keys
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
google_default_client_id = "404761575300.apps.googleusercontent.com";
google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D";
} // optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;
enable_hangout_services_extension = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs useVaapi {
use_vaapi = true;
} // optionalAttrs pulseSupport {
use_pulseaudio = true;
link_pulseaudio = true;
} // optionalAttrs useOzone {
use_ozone = true;
ozone_platform_gbm = false;
use_xkbcommon = true;
use_glib = true;
use_gtk = true;
use_system_libwayland = true;
use_system_minigbm = true;
use_system_libdrm = true;
system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
} // optionalAttrs ungoogled {
closure_compile = false;
enable_hangout_services_extension = false;
enable_mdns = false;
enable_nacl_nonsfi = false;
enable_one_click_signin = false;
enable_reading_list = false;
enable_remoting = false;
enable_reporting = false;
enable_service_discovery = false;
exclude_unwind_tables = true;
google_api_key = "";
google_default_client_id = "";
google_default_client_secret = "";
optimize_webui = false;
safe_browsing_mode = 0;
use_official_google_api_keys = false;
use_unofficial_version_number = false;
} // (extraAttrs.gnFlags or {}));
configurePhase = ''
runHook preConfigure
# This is to ensure expansion of $out.
libExecPath="${libExecPath}"
python build/linux/unbundle/replace_gn_files.py \
--system-libraries ${toString gnSystemLibraries}
${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt
# Fail if `gn gen` contains a WARNING.
grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1
runHook postConfigure
'';
# Don't spam warnings about unknown warning options. This is useful because
# our Clang is always older than Chromium's and the build logs have a size
# of approx. 25 MB without this option (and this saves e.g. 66 %).
NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option";
buildPhase = let
# Build paralelism: on Hydra the build was frequently running into memory
# exhaustion, and even other users might be running into similar issues.
# -j is halved to avoid memory problems, and -l is slightly increased
# so that the build gets slight preference before others
# (it will often be on "critical path" and at risk of timing out)
buildCommand = target: ''
ninja -C "${buildPath}" \
-j$(( ($NIX_BUILD_CORES+1) / 2 )) -l$(( $NIX_BUILD_CORES+1 )) \
"${target}"
(
source chrome/installer/linux/common/installer.include
PACKAGE=$packageName
MENUNAME="Chromium"
process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1"
)
'';
targets = extraAttrs.buildTargets or [];
commands = map buildCommand targets;
in concatStringsSep "\n" commands;
postFixup = ''
# Make sure that libGLESv2 is found by dlopen (if using EGL).
chromiumBinary="$libExecPath/$packageName"
origRpath="$(patchelf --print-rpath "$chromiumBinary")"
patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
'';
};
# Remove some extraAttrs we supplied to the base attributes already.
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
"name" "gnFlags" "buildTargets"
])
|