Commit Graph

215 Commits

Author SHA1 Message Date
Michael Weiss
2b6b434477
ungoogled-chromium: Merge back into chromium
I used nix-instantiate to verify that the derivations for chromium and
ungoogled-chromium remain unchanged (only the meta attributes change
slightly as I added myself as ungoogled-chromium to receive
notifications for PRs/issues).
2020-12-10 17:41:11 +01:00
Michael Weiss
f09799441f
chromium: Drop gn build arguments that match the default 2020-11-28 17:48:16 +01:00
Michael Weiss
fb0239c654
chromium: Set use_vaapi=!stdenv.isAarch64 for M87
I've removed that option in 063b369908 but forgot that M87 still
defaults to use_vaapi=false.
2020-11-28 17:38:28 +01:00
Michael Weiss
063b369908
chromium: Cleanup useOzone and useVaapi
But since Ozone is still experimental I'll keep useOzone in common.nix
for some time.
2020-11-27 23:03:48 +01:00
Frederik Rietdijk
ce9c513856 Merge staging-next into staging 2020-11-27 15:09:41 +01:00
Michael Weiss
2d5bb88418
chromium: Enable Ozone's DRM/GBM platform [0]
We've only set ozone_platform_gbm=false to fix the build with Mesa's
libgbm (vs. Google's own minigbm). However, since this issue has
resolved itself we can now drop it. Building with the recommended
settings should also avoid some issues (e.g. #104885).

[0]: https://chromium.googlesource.com/chromium/src.git/+/master/docs/ozone_overview.md#drm_gbm
2020-11-27 12:56:54 +01:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Michael Weiss
54673b1f3b
chromium: 86.0.4240.198 -> 87.0.4280.66
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This update includes 33 security fixes.

CVEs:
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021
CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027
CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2019-8075
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16012 CVE-2020-16036

Note: We'll finally build with use_ozone=true on Hydra now :) \o/
2020-11-17 22:53:12 +01:00
Michael Weiss
197ddbced2
mesa: Replace all usages of old aliases 2020-11-08 22:56:55 +01:00
Michael Weiss
d7f5386474
chromium: Extend update.py to automatically update gn
The gn version depends on the channel and new gn versions aren't always
backward compatible. Therefore we should also include it in
upstream-info.json (I've scoped it under "deps" as we'll likely have to
add more like this in the future).
2020-11-03 20:00:25 +01:00
TredwellGit
2bb011032c
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.

LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.

PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.

CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.

Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 12:27:40 +02:00
Michael Weiss
50a2f50acb
chromiumDev: 88.0.4292.2 -> 88.0.4298.4
This should also fix VA-API for chromiumBeta (though that part needs
some cleanup). However, chromiumDev likely still fails due to the
absence of dirmd (not included in the tarball so far, we might have to
package and add it as a dependency).
2020-10-23 17:49:46 +02:00
Michael Weiss
b36db49ae7
chromium: Add some brief documentation
Wanted to do this for a long time to collect important knowledge and
make it easier to pass maintainership.
Only time will tell if this'll be useful or become outdated instead.
2020-10-23 11:39:05 +02:00
Vladimír Čunát
65d6adcf3e
Merge #100713: chromium: build on all cores 2020-10-20 20:58:16 +02:00
conferno
c557c27ac3
chromium: fix build on i686 (#100512)
ld.gold runs out of memory on i686.
2020-10-16 19:37:28 +02:00
volth
8e861c07ce chromium: build on $NIX_BUILD_CORES 2020-10-16 13:09:54 +00:00
volth
5742fcdfa9 chromium: build on all cores 2020-10-16 11:22:28 +00:00
Michael Weiss
015c5a2be6
chromium: Drop the libwebp include patch
Chromium 86.0.4240.75 builds fine without this patch. And since
WEBP_MAX_DIMENSION is the same in the system libwebp this patch should
not be required anymore (it was introduced in 06ec2a9f19, apparently to
fix the build).
2020-10-15 14:33:15 +02:00
Michael Weiss
89003c67a1
Merge pull request #100110 from TredwellGit/chromium
chromium: speed up build and enable system ffmpeg, libjpeg, and zlib
2020-10-13 15:07:30 +02:00
TredwellGit
eb74717477 chromium: enable system ffmpeg, libjpeg, and zlib 2020-10-09 21:29:16 +00:00
TredwellGit
a7cbf67a24 chromium: disable symbols
By default GN produces a build with all of the debug assertions enabled (is_debug=true) and including full debug info (symbol_level=2). Setting symbol_level=1 will produce enough information for stack traces, but not line-by-line debugging. Setting symbol_level=0 will include no debug symbols at all. Either will speed up the build compared to full symbols.
2020-10-09 21:24:20 +00:00
Michael Weiss
73b67da169
chromium: Disable VA-API by default
This is done to avoid driver specific issues and restores the previous
behaviour. Like before video acceleration can be enabled without having
to rebuild Chromium.
2020-10-09 21:59:48 +02:00
TredwellGit
757bbdd948
chromium: Fix and enable our ANGLE support
This will additionally install the following files:
libEGL.so libGLESv2.so
libVkICD_mock_icd.so libvk_swiftshader.so libvulkan.so

libEGL.so and libGLESv2.so are required to fix our ANGLE support.
The rest should help with the Vulkan support (currently an experimental
feature that is disabled by default).
2020-10-07 20:37:35 +02:00
Michael Weiss
f79703e50c
chromium: 85.0.4183.121 -> 86.0.4240.75
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

This update includes 35 security fixes.

CVEs:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989
2020-10-07 20:37:35 +02:00
Gabriel Ebner
705ecdc192 chromium: use jre8 2020-09-19 14:06:14 +02:00
Alyssa Ross
de69b705d2 chromium: replace update.nix with Python impl
update.nix was a huuuuge hack, abusing checksum collisions, etc., and
was extremely difficult to read and maintain, especially because
values from update.nix were also used in the derivations themselves!

I've replaced this with an implementation in Python, which I chose for
readability.  Rather than generating Nix, I chose to
generate JSON, since Python can do that in the standard library and
Nix can read it.

I also set update.py as an updateScript, so Chromium can now
automatically be updated!

Fixes: https://github.com/NixOS/nixpkgs/issues/89635
2020-09-05 11:20:13 +02:00
Matthew Bauer
25ac498482
Merge pull request #96404 from matthewbauer/gcc-cross
Fix cycle detected in Darwin->Linux cross GCC
2020-08-26 16:17:14 -05:00
Michael Weiss
8815c9e186
chromiumDev: Fix "patchShebangs ."
Note: The following might also need to be updated:
substituteStream(): WARNING: pattern '/usr/share/xcb' doesn't match anything in file 'ui/gfx/x/BUILD.gn'
2020-08-26 14:33:18 +02:00
Michael Weiss
bf0e13a322
chromiumDev: Drop the optional VA-API patches
I didn't look into this yet but IIRC M86 will finally have a flag for
Linux to enable VA-API. So we shouldn't need
enable-video-acceleration-on-linux.patch anymore.

But we likely need to update enable-vdpau-support-for-nvidia.patch
when/before M86 hits the stable channel if we want to keep VDPAU
support.
2020-08-26 14:30:49 +02:00
Michael Weiss
2213c464f6
chromiumDev: Drop nix_plugin_paths_68.patch
Ok, so I was about to update the patch (didn't apply anymore) when I
also started looking at it's usage and realized that
NIX_CHROMIUM_PLUGIN_PATH_ (and other substrings) only appears in the
patch itself (i.e. it seemed like we don't need this patch anymore).

Turns out that we have this patch since 2014 (1b84fbf0ca) and it was
only ever used for NIX_CHROMIUM_PLUGIN_PATH_WIDEVINE (and from the log
it isn't clear if/when or how well that worked). But in 2019 that last
usage got removed (545d58a1ef) so we should be able to safely drop this
patch now :) \o/

(I just wanted to note that as it seemed somewhat of a funny story :D
But there is of course nothing wrong with it.)
Git history (git log --oneline -S NIX_CHROMIUM_PLUGIN_PATH_):
7205bd64a3 ungoogled-chromium: init at 81.0.4044.92-2
545d58a1ef chromium: fix widevine
cd3283f921 chromium: 67.0.3396.99 -> 68.0.3440.75
72d7b5ddb1 chromium: fix nix_plugin_paths for 68+
7a3a16dd80 chromium: Remove plugin paths patch for version 50
79d18eb604 chromium: Update dev channel to v52.0.2743.10
c7a3645e7b chromium: Remove stuff for versions <= v51
8b97ca270e chromium: Update all channels to latest versions
b9093f1c64 chromium: Updates, fixes #11492
471cdd15e2 chromium: Update beta and dev channels.
5c6aa391fc chromium: Cleanup old patch and update stable
af54ddf8b6 chromium: Drop plugin_paths patch for old versions.
6a8afa4bb3 chromium: Fix plugin_paths patch for version 44.
0aad4b7ee4 chromium: Update all channels to latest versions.
1b84fbf0ca chromium: Allow env vars for passing plugin paths.
2020-08-26 14:30:49 +02:00
Florian Klink
c56e961acd chromium: use lib.getLib systemd instead of systemd.lib
This will pick the `lib` output if it exists, otherwise default to `out`.
2020-08-13 20:51:40 +02:00
Michael Weiss
8427eb7044
chromium: 83.0.4103.116 -> 84.0.4147.89
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

This update includes 38 security fixes.

CVEs:
CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514
CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519
CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529
CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535
CVE-2020-6536
2020-07-14 23:10:31 +02:00
Doron Behar
01d4e2fe33 treewide: use ffmpeg_3 explicitly if not wanted otherwise
After making `ffmpeg` point to the latest `ffmpeg_4`, all packages that
used `ffmpeg` without requiring a specific version now use ffmpeg_3
explicitly so they shouldn't change.
2020-06-12 11:55:31 -07:00
Michael Weiss
e466ea721c
chromium{Beta,Dev}: Fix the builds
Fix #89615.
2020-06-10 11:23:14 +02:00
Michael Weiss
1d38f6bcb2
chromiumBeta: Fix the configuration phase
The changes from chromiumDev (see 029a5de083) are required for
chromiumBeta as well.
2020-06-09 13:53:47 +02:00
Florian Klink
495cf5fd17
Merge pull request #89565 from jsravn/enable-chromium-rtc-use-pipewire
chromium: add rtc_use_pipewire
2020-06-07 21:13:28 +02:00
Michael Weiss
029a5de083
chromiumDev: Fix the configuration phase
Relevant changes in M85:
- Upstream switched from YASM to NASM [0].
- third_party/binutils was removed [1].

Note: The gn and dev channel updates are optional.
cc #89615.

[0]: https://bugs.chromium.org/p/chromium/issues/detail?id=766721
[1]: 9869e86fd9
2020-06-06 19:38:53 +02:00
James Ravn
fae468b3ce
chromium: add rtc_use_pipewire
This provides the browser flag #enable-webrtc-pipewire-capturer, which
adds support for screensharing on Wayland via xdg-desktop-portal.

The browser flag is disabled by default until a user enables it. At
least one other major distribution (Arch) enables this compile time
option, and so I believe it should be safe to enable by default.

This is also needed to support xdg-desktop-portal-wlr which was added in
https://github.com/NixOS/nixpkgs/pull/83485.
2020-06-05 21:05:43 +01:00
Michael Weiss
cdd95a9625
chromium: 81.0.4044.138 -> 83.0.4103.61
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html

This update includes 38 security fixes.

CVEs:
CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469
CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474
CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491
2020-05-19 23:55:32 +02:00
Michael Weiss
267eefcdb7
chromium: Build with VA-API but disable it by default
This makes it possible to enable VA-API without having to rebuild
Chromium: `chromium.override { enableVaapi = true; }`
2020-04-18 13:46:22 +02:00
Michael Weiss
b533f10345
chromium: Fix the VA-API build 2020-04-10 23:28:35 +02:00
Michael Weiss
da832dd7d4
chromium: 80.0.3987.163 -> 81.0.4044.92
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html

This update includes 32 security fixes.

CVEs:
CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435
CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445
CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
2020-04-08 00:08:46 +02:00
Michael Weiss
d782c440ae
chromiumDev: Add the missing setuptools dependency
The build was failing with:
```
[1625/39505] ACTION //components/schema_org:generate_schema_org_code(//build/toolchain/linux:clang_x64)
FAILED: gen/components/schema_org/schema_org_entity_names.h gen/components/schema_org/schema_org_entity_names.cc gen/components/schema_org/schema_org_property_configurations.h gen/components/schema_org/schema_org_property_configurations.cc gen/components/schema_org/schema_org_property_names.h gen/components/schema_org/schema_org_property_names.cc
python ../../components/schema_org/generate_schema_org_code.py --schema-file ../../third_party/schema_org/schema.jsonld --output-dir gen/components/schema_org --templates templates/schema_org_entity_names.cc.tmpl templates/schema_org_entity_names.h.tmpl templates/schema_org_property_configurations.cc.tmpl templates/schema_org_property_configurations.h.tmpl templates/schema_org_property_names.cc.tmpl templates/schema_org_property_names.h.tmpl
Traceback (most recent call last):
  File "../../components/schema_org/generate_schema_org_code.py", line 22, in <module>
    env = Environment(loader=PackageLoader('generate_schema_org_code', ''))
  File "/build/chromium-83.0.4100.3/components/schema_org/../../third_party/jinja2/loaders.py", line 222, in __init__
    from pkg_resources import DefaultProvider, ResourceManager, \
ImportError: No module named pkg_resources
```
2020-04-07 23:21:28 +02:00
Michael Weiss
ff3bc51d2b
chromiumBeta: Fix the build
This patch was also backported to M81 [0][1].

[0]: https://chromium-review.googlesource.com/c/chromium/src/+/2091896
[1]: bbf0fad592
2020-04-07 12:32:33 +02:00
Michael Weiss
ad3220f9ff
chromiumDev: Override gn to fix the configuration phase
The configuration phase was failing due to:
```
configuring
ERROR at //BUILD.gn:1376:5: Unknown function.
    filter_exclude([ "$root_build_dir/foo" ],
    ^-------------
```
2020-04-06 12:52:52 +02:00
Michael Weiss
9f3914824d
chromium: Ignore unknown warning options
This can e.g. save around 150k lines of unnecessary log messages which
take up around 66% of the total lines (based on a log of 80.0.3987.100):
29527 warning: unknown warning option '-Wno-bitwise-conditional-parentheses'; did you mean '-Wno-bitwise-op-parentheses'? [-Wunknown-warning-option]
29527 warning: unknown warning option '-Wno-builtin-assume-aligned-alignment' [-Wunknown-warning-option]
29527 warning: unknown warning option '-Wno-deprecated-copy'; did you mean '-Wno-deprecated'? [-Wunknown-warning-option]
29527 warning: unknown warning option '-Wno-final-dtor-non-final-class'; did you mean '-Wno-abstract-final-class'? [-Wunknown-warning-option]
29527 warning: unknown warning option '-Wno-implicit-int-float-conversion'; did you mean '-Wno-implicit-float-conversion'? [-Wunknown-warning-option]
2020-04-03 12:40:46 +02:00
Michael Weiss
36c7123709
chromiumDev: Remove a patch that is already applied
This fixes the patch phase.
I missed this problem in #83956.
2020-04-02 13:01:39 +02:00
Artemis Tosini
b3e1a1bbbb
chromium: Add option to enable ozone (for Wayland) 2020-03-27 21:16:38 +00:00
Michael Weiss
29becfcf19
Merge pull request #83304 from nh2/issue-41918-chromium-swiftshader-by-default
chromium: Enable swiftshader by default.
2020-03-25 13:42:30 +01:00
Niklas Hambüchen
015bb28ae1 chromium: Enable swiftshader by default.
This makes it possible to use chromium headless with WebGL
(e.g. for webdriver tests) without having to rebuild from source.

The upstram default is to enable, thus simply removing our disabling switch.

Also fixes #41918.
2020-03-24 22:50:49 +01:00