gnu: ungoogled-chromium: Update to 73.0.3683.86-0.4c7fb6d [security fixes].
The update to Chromium 73 includes more than 60 security fixes. See the release announcement for more information: <https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html>. * gnu/packages/chromium.scm (%preserved-third-party-files): Drop "net/third_party/http2" and "net/third_party/spdy". Add "v8/src/third_party/siphash". (%chromium-version): Update to 73.0.3683.86. (%ungoogled-revision): Update to 4c7fb6d1a86602999f30b58ef8b331b2115c5ad8. (%debian-revision): New variable. (ungoogled-chromium-source): Add an origin for Debians packaging scripts. Adjust for Ungoogled refactoring and add a procedure for applying Debian patches. Replace unneeded LET* for LET and reindent. (ungoogled-chromium)[arguments]: Remove one obsolete substitution, add two others.master
Marius Bakke
parent
799aebd71f
commit
105fa9fcf7
|
|
@ -80,11 +80,9 @@
|
|||
"chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
|
||||
"courgette/third_party/bsdiff" ;BSD-2, BSD protection license
|
||||
"courgette/third_party/divsufsort" ;Expat
|
||||
"net/third_party/http2" ;BSD-3
|
||||
"net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
|
||||
"net/third_party/nss" ;MPL-2.0
|
||||
"net/third_party/quic" ;BSD-3
|
||||
"net/third_party/spdy" ;BSD-3
|
||||
"net/third_party/uri_template" ;ASL2.0
|
||||
"third_party/abseil-cpp" ;ASL2.0
|
||||
"third_party/adobe/flash/flapper_version.h" ;no license, trivial
|
||||
|
|
@ -206,6 +204,7 @@
|
|||
"third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
|
||||
"third_party/zlib/google" ;BSD-3
|
||||
"url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
|
||||
"v8/src/third_party/siphash" ;Public domain
|
||||
"v8/src/third_party/utf8-decoder" ;Expat
|
||||
"v8/src/third_party/valgrind" ;BSD-4
|
||||
"v8/third_party/inspector_protocol" ;BSD-3
|
||||
|
|
@ -224,8 +223,9 @@ from forcing GEXP-PROMISE."
|
|||
#:system system
|
||||
#:guile-for-build guile)))
|
||||
|
||||
(define %chromium-version "72.0.3626.121")
|
||||
(define %ungoogled-revision "a80839c418de8843dfcd6c13a557f12d26a0a17a")
|
||||
(define %chromium-version "73.0.3683.86")
|
||||
(define %ungoogled-revision "4c7fb6d1a86602999f30b58ef8b331b2115c5ad8")
|
||||
(define %debian-revision "debian/73.0.3683.75-1")
|
||||
(define package-revision "0")
|
||||
|
||||
(define %package-version (string-append %chromium-version "-"
|
||||
|
|
@ -233,29 +233,43 @@ from forcing GEXP-PROMISE."
|
|||
(string-take %ungoogled-revision 7)))
|
||||
|
||||
;; This is a "computed" origin that does the following:
|
||||
;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
|
||||
;; 2) Prunes all third_party folders that are not explicitly preserved.
|
||||
;; 3) Adjusts "GN" build files such that system libraries are preferred.
|
||||
;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
|
||||
;; *) Applies Debians Chromium patches, for their unbundling and GCC work.
|
||||
;; *) Prunes all third_party directories that are not explicitly preserved.
|
||||
;; *) Adjusts "GN" build files such that system libraries are preferred.
|
||||
(define ungoogled-chromium-source
|
||||
(let* ((chromium-source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://commondatastorage.googleapis.com"
|
||||
"/chromium-browser-official/chromium-"
|
||||
%chromium-version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"07xwmlvmzfga61nrimqmzl7s29jb4kc94nkzwwlb7sh6nr55a7jc"))))
|
||||
(ungoogled-source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
|
||||
(commit %ungoogled-revision)))
|
||||
(file-name (git-file-name "ungoogled-chromium"
|
||||
(string-take %ungoogled-revision 7)))
|
||||
(sha256
|
||||
(base32
|
||||
"0rgirbxbgjdm3s2kzgj101rjq0clr7x2a7b37kfx2q629z4qlrpc")))))
|
||||
(let ((chromium-source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://commondatastorage.googleapis.com"
|
||||
"/chromium-browser-official/chromium-"
|
||||
%chromium-version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"18xzddqi8rgng5vksx23jaiv103prxc38pshwp702nfjfqap7fwy"))))
|
||||
(ungoogled-source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
|
||||
(commit %ungoogled-revision)))
|
||||
(file-name (git-file-name "ungoogled-chromium"
|
||||
(string-take %ungoogled-revision 7)))
|
||||
(sha256
|
||||
(base32
|
||||
"0njx505il07d237fzgbhciy78rz7h77r2ai5crbnsx2gdr9kpvd1"))))
|
||||
(debian-source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://salsa.debian.org/chromium-team/chromium.git")
|
||||
(commit %debian-revision)))
|
||||
(file-name (git-file-name "debian-chromium-packaging"
|
||||
(if (string-prefix? "debian/" %debian-revision)
|
||||
(cadr (string-split %debian-revision #\/))
|
||||
(string-take %debian-revision 7))))
|
||||
(sha256
|
||||
(base32
|
||||
"1pq0l3m7frf9ygxc1gva1191fxf3d1phaaqp7g3b70mgbabp0mxi")))))
|
||||
|
||||
(origin
|
||||
(method computed-origin-method)
|
||||
|
|
@ -265,7 +279,10 @@ from forcing GEXP-PROMISE."
|
|||
(delay
|
||||
(with-imported-modules '((guix build utils))
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
(use-modules (guix build utils)
|
||||
(ice-9 rdelim)
|
||||
(srfi srfi-1)
|
||||
(srfi srfi-26))
|
||||
(let ((chromium-dir (string-append "chromium-" #$%chromium-version))
|
||||
(preserved-files (list #$@%preserved-third-party-files)))
|
||||
|
||||
|
|
@ -281,41 +298,61 @@ from forcing GEXP-PROMISE."
|
|||
|
||||
(with-directory-excursion "/tmp/ungoogled"
|
||||
|
||||
;; Create a custom "bundle" that inherits from linux_rooted
|
||||
;; and adds an additional patch.
|
||||
(format #t "Creating Guix config bundle...~%")
|
||||
(force-output)
|
||||
(mkdir-p "config_bundles/guix")
|
||||
(call-with-output-file "config_bundles/guix/bundlemeta.ini"
|
||||
(lambda (port)
|
||||
(format port
|
||||
"[bundle]
|
||||
display_name = GNU Guix
|
||||
depends = linux_rooted\n")))
|
||||
(call-with-output-file "config_bundles/guix/patch_order.list"
|
||||
(lambda (port)
|
||||
(format port "debian_buster/system/openjpeg.patch\n")))
|
||||
|
||||
(format #t "Unpacking chromium tarball...~%")
|
||||
(force-output)
|
||||
(invoke "tar" "xf" #+chromium-source)
|
||||
|
||||
(format #t "Ungooglifying...~%")
|
||||
(force-output)
|
||||
(invoke "python3" "run_buildkit_cli.py" "prune"
|
||||
"-b" "config_bundles/guix" chromium-dir)
|
||||
(invoke "python3" "run_buildkit_cli.py" "patches" "apply"
|
||||
"-b" "config_bundles/guix" chromium-dir)
|
||||
(invoke "python3" "run_buildkit_cli.py" "domains" "apply"
|
||||
"-b" "config_bundles/linux_rooted"
|
||||
(invoke "python3" "utils/prune_binaries.py" chromium-dir
|
||||
"pruning.list")
|
||||
(invoke "python3" "utils/patches.py" "apply"
|
||||
chromium-dir "patches")
|
||||
(invoke "python3" "utils/domain_substitution.py" "apply" "-r"
|
||||
"domain_regex.list" "-f" "domain_substitution.list"
|
||||
"-c" "/tmp/domainscache.tar.gz" chromium-dir)
|
||||
|
||||
(with-directory-excursion chromium-dir
|
||||
|
||||
(format #t "applying Debian patches...~%")
|
||||
(force-output)
|
||||
(let* ((debian #+debian-source)
|
||||
(patches (string-append debian "/debian/patches"))
|
||||
(series (string-append patches "/series"))
|
||||
(grep-q (lambda (query file)
|
||||
(with-input-from-file file
|
||||
(lambda ()
|
||||
(let loop ((line (read-line))
|
||||
(match #f))
|
||||
(if (or match (eof-object? line))
|
||||
(if match #t #f)
|
||||
(loop (read-line)
|
||||
(string-contains line query)))))))))
|
||||
(with-input-from-file series
|
||||
(lambda ()
|
||||
(let loop ((line (read-line)))
|
||||
(unless (eof-object? line)
|
||||
(when (and (> (string-length line) 1)
|
||||
;; Skip the Debian-specific ones.
|
||||
(not (string-prefix? "debianization/" line))
|
||||
;; And those that conflict with Ungoogled.
|
||||
(not (any (cute string-suffix? <> line)
|
||||
'("widevine-buildflag.patch"
|
||||
"signin.patch"
|
||||
"third-party-cookies.patch")))
|
||||
;; Ungoogled includes a subset of the Debian
|
||||
;; patches. Exclude those already present.
|
||||
(not (grep-q line "../patches/series")))
|
||||
(invoke "patch" "--force" "-p1" "--input"
|
||||
(string-append patches "/" line)
|
||||
"--no-backup-if-mismatch"))
|
||||
(loop (read-line)))))))
|
||||
|
||||
(format #t "Pruning third party files...~%")
|
||||
(force-output)
|
||||
(apply invoke "python"
|
||||
"build/linux/unbundle/remove_bundled_libraries.py"
|
||||
"--do-remove" preserved-files)
|
||||
"build/linux/unbundle/remove_bundled_libraries.py"
|
||||
"--do-remove" preserved-files)
|
||||
|
||||
(format #t "Replacing GN files...~%")
|
||||
(force-output)
|
||||
|
|
@ -507,12 +544,13 @@ depends = linux_rooted\n")))
|
|||
(substitute* "third_party/webrtc/rtc_base/strings/json.h"
|
||||
(("#include \"third_party/jsoncpp/") "#include \"json/"))
|
||||
|
||||
(substitute* "media/base/decode_capabilities.cc"
|
||||
(("third_party/libvpx/source/libvpx/") ""))
|
||||
|
||||
(substitute* "ui/gfx/skia_util.h"
|
||||
(substitute* '("ui/gfx/skia_util.h"
|
||||
"components/viz/common/resources/resource_format_utils.h")
|
||||
(("third_party/vulkan/include/") ""))
|
||||
|
||||
(substitute* "third_party/skia/include/gpu/vk/GrVkVulkan.h"
|
||||
(("\\.\\./\\.\\./include/third_party/vulkan/") ""))
|
||||
|
||||
;; Building chromedriver embeds some files using the ZIP
|
||||
;; format which doesn't support timestamps before
|
||||
;; 1980. Therefore, advance the timestamps of the files
|
||||
|
|
|
|||
Loading…
Reference in New Issue