During d6d4228b39 I failed to notice that the current chromiumDev
version is older than the first one that contained the commit to fix the
dependency on opus in webcodecs.
This should hopefully fix build of chromiumDev (if there are no
additional issues).
Unfortunately this requires a crazy hack to support building with
Google's proprietary Widevine DRM technology as that requires fetching
the Google Chrome sources (see also 86ff1e45ce).
The hack is required because ungoogled-chromium doesn't always use tags
that correspond to a Google Chrome release.
The build was failing with:
In file included from ../../third_party/blink/renderer/modules/webcodecs/audio_encoder.cc:7:
In file included from ../../media/audio/audio_opus_encoder.h:16:
gen/shim_headers/opus_shim/third_party/opus/src/include/opus.h:5:10: error: 'opus.h' file not found with <angled> include; use "quotes" instead
#include <opus.h>
^~~~~~~~
"opus.h"
[...]
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
[42272/44233] CXX obj/third_party/blink/renderer/modules/webcodecs/webcodecs/decoder_template.oo[K
Note: This also fixes the ungoogled-chromium channel name in versionRange.
I forgot that string comparison isn't enough because e.g.:
>>> "89.0.4389.9" < "89.0.4389.23"
False
distutils.version.LooseVersion is undocumented but it works and is
already available so why not use it:
>>> LooseVersion("89.0.4389.9") < LooseVersion("89.0.4389.23")
True
The "channel" variable shouldn't be part of the final derivation. This
also makes it possible to avoid unnecessary rebuilds for identical
channels (e.g. major updates are tested via the "beta" channel first and
usually neither the source-code archive nor the dependencies change when
the update makes it into the "stable" channel - this means we could
better use chromiumBeta to test major updates in advance).
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
This is required to launch newer versions of Google Chrome:
/nix/store/XXX-google-chrome-dev-89.0.4385.0/share/google/chrome-unstable/google-chrome-unstable:
error while loading shared libraries: libxshmfence.so.1: cannot open
shared object file: No such file or directory
Enable LTO support on Linux by default again.
Add patch to fix dependentlibs.list generation under LTO. This is
necessary for fixing firefox-wayland crashing when built with LTO.
Add makeFlags which set ar, ranlib, and nm to be llvm-ar, llvm-ranlib
and llvm-nm when building with llvm-based LTO. (bmo#1480005)
This was required to solve the XPCOMGlueLoad error when building with
LTO. However, it turns out libxul.so is supposed to have some libraries
that are reported as not found by ldd. Setting the RPATH worked around
the error as it forced dependency resolution but failed to fix the real
issue of broken generation of dependentlibs.list.
The libraries that are reported as not found by ldd are supposed to be
dlopened through the logic found in nsXPCOMGlue.cpp. However since the
generation of dependentlibs.list is broken under LTO this did not
happen. Instead of pulling libwayland-client.so from the GTK libraries
it found the stub library first (libmozwayland.so). The stub library
causes (as it should) wl_display_connect to always return NULL which is
the cause of the segmentation fault and LTO breaking wayland support.
Remove the hardcoded path used for the XPCOMGlueLoad error workaround
in NIX_LDFLAGS. libunwind is still unfortunately needed. Once the issue
of the generation of dependentlibs.list being borked is fixed it should
remedy the wayland crash issue on LTO.
Firefox has a number of optional dependencies that get dlopened.
Instead of using patchelf to set the RPATH use LD_LIBRARY_PATH.
The motivation for this is we already set LD_LIBRARY_PATH in the
wrapper on Linux.
It only affected FF80 so place an upper bound restriction. See
bmo#1661096 for details.
This fixes substituteStream() warnings about missing patterns which
appeared in the logs.
It was added for nspr and nss back in the 55.0.3 to 56.0 upgrade. It
also served as a workaround for an undeclared gio-unix-2.0 dependency.
Sometime afterwards nspr was removed, leaving just the two. Since then,
upstream has added a declaration for gio-unix-2.0 (in FF62). As for the
nss include it seemingly has no purpose since current firefox builds
with it removed.
For in NixOS it is beneficial if both plasma5 and pam use the same Qt5
version. Because the plasma5 desktop may use a different version as the
default Qt5 version, we introduce plasma5Packages.
This check helps with making sure that we provide all the required
shared libraries to brave. If something is missing, the command will get
ENOENT, otherwise it should terminate normally.
The Brave package often seems to get very outdated. This is bad for a
browser, where vulnerabilities are high impact.
This change adds an update script, so that r-ryantm will suggest
updates. We find the latest version using their Debian package
database (since we are using the Debian package anyway).
After the fedora patches for screen sharing using pipewire got updated
for Firefox 83 (pipewire was inlined there), the nixpkgs buildInput
pipewire got stripped from the resulting firefox binary and so firefox
was unable to actually get the shared stream from the running pipewire
service.
Adding pipewire to the firefox binary with `patchelf --add-needed`
makes it atually get the stream from the service.
Fixes: #106812
This also adds a dedicated channel for ungoogled-chromium that enables
us to update ungoogled-chromium independently of chromium.
TODO: Automate ungoogled-chromium updates via update.py (currently it
needs to be updated manually).
Note: Unfortunately this changes the ungoogled-chromium derivation
because common.nix passes the channel as an argument to
stdenv.mkDerivation (this makes it more difficult to verify this commit
but the result should remain the same).
I used nix-instantiate to verify that the derivations for chromium and
ungoogled-chromium remain unchanged (only the meta attributes change
slightly as I added myself as ungoogled-chromium to receive
notifications for PRs/issues).