f709a74fa3
Setting `clang_base_path` [0] does skip [1] a clang version check [2] that would fail in our case: ``` configuring ERROR at //build/config/compiler/BUILD.gn:1314:22: Script returned non-zero exit code. clang_revision = exec_script("//tools/clang/scripts/update.py", ^---------- Current dir: /tmp/nix-build-chromium-unwrapped-107.0.5304.29.drv-0/chromium-107.0.5304.29/out/Release/ Command: python3 /tmp/nix-build-chromium-unwrapped-107.0.5304.29.drv-0/chromium-107.0.5304.29/tools/clang/scripts/update.py --print-revision --verify-version=16.0.0 Returned 1 and printed out: The expected clang version is llvmorg-16-init-4609-g025a5b22-2 but the actual version is Did you run "gclient sync"? See //build/config/BUILDCONFIG.gn:329:3: which caused the file to be included. "//build/config/compiler:afdo", ^----------------------------- error: builder for '/nix/store/02riyhzvrgn2vaab29d3gipxzkx6nb44-chromium-unwrapped-107.0.5304.29.drv' failed with exit code 1 ``` I also chose to disable the Qt support for now. The Qt support is enabled by default on Linux [3] but we need to add the required dependencies first to fix the build (and my current priority is to get a basic build working for the security critical stable channel update): ``` configuring ERROR at //build/config/linux/pkg_config.gni:104:17: Script returned non-zero exit code. pkgresult = exec_script(pkg_config_script, args, "value") ^---------- Current dir: /tmp/nix-build-chromium-unwrapped-107.0.5304.62.drv-0/chromium-107.0.5304.62/out/Release/ Command: python3 /tmp/nix-build-chromium-unwrapped-107.0.5304.62.drv-0/chromium-107.0.5304.62/build/config/linux/pkg-config.py Qt5Core Qt5Widgets Returned 1. stderr: Package Qt5Core was not found in the pkg-config search path. Perhaps you should add the directory containing `Qt5Core.pc' to the PKG_CONFIG_PATH environment variable No package 'Qt5Core' found Package Qt5Widgets was not found in the pkg-config search path. Perhaps you should add the directory containing `Qt5Widgets.pc' to the PKG_CONFIG_PATH environment variable No package 'Qt5Widgets' found Could not run pkg-config. See //ui/qt/BUILD.gn:13:1: whence it was called. pkg_config("qt5_config") { ^------------------------- See //ui/linux/BUILD.gn:54:15: which caused the file to be included. deps += [ "//ui/qt" ] ^-------- error: builder for '/nix/store/3zzddkh74cnhvq6nql32y9pnbvzf2jv9-chromium-unwrapped-107.0.5304.62.drv' failed with exit code 1 ``` [0]: https://source.chromium.org/chromium/chromium/src/+/refs/tags/107.0.5304.62:docs/clang.md [1]: https://source.chromium.org/chromium/chromium/src/+/refs/tags/107.0.5304.62:build/config/compiler/BUILD.gn;l=1306 [2]: https://source.chromium.org/chromium/chromium/src/+/refs/tags/107.0.5304.62:tools/clang/scripts/update.py;l=358 [3]: https://source.chromium.org/chromium/chromium/src/+/refs/tags/107.0.5304.62:ui/qt/qt.gni;l=8 |
||
---|---|---|
.. | ||
patches | ||
browser.nix | ||
common.nix | ||
default.nix | ||
get-commit-message.py | ||
README.md | ||
ungoogled-flags.toml | ||
ungoogled.nix | ||
update.py | ||
upstream-info.json |
Maintainers
- Note: We could always use more contributors, testers, etc. E.g.:
- A dedicated maintainer for the NixOS stable channel
- PRs with cleanups, improvements, fixes, etc. (but please try to make reviews as easy as possible)
- People who handle stale issues/PRs
- Primary maintainer (responsible for all updates): @primeos
- Testers (test all stable channel updates)
nixos-unstable
:x86_64
: @danielfullmeraarch64
: @thefloweringash
- Stable channel:
x86_64
: @Frostman
- Other relevant packages:
chromiumBeta
andchromiumDev
: For testing purposes only (not build on Hydra). We use these channels for testing and to fix build errors in advance so thatchromium
updates are trivial and can be merged fast.google-chrome
,google-chrome-beta
,google-chrome-dev
: Updated via Chromium'supstream-info.json
ungoogled-chromium
: @squaluschromedriver
: Updated via Chromium'supstream-info.json
and not built from source.
Upstream links
- Source code: https://source.chromium.org/chromium/chromium/src
- Bugs: https://bugs.chromium.org/p/chromium/issues/list
- Release updates: https://chromereleases.googleblog.com/
- Available as Atom or RSS feed (filter for "Stable Channel Update for Desktop")
- Channel overview: https://omahaproxy.appspot.com/
- Release schedule: https://chromiumdash.appspot.com/schedule
Updating Chromium
Simply run ./pkgs/applications/networking/browsers/chromium/update.py
to
update upstream-info.json
. After updates it is important to test at least
nixosTests.chromium
(or basic manual testing) and google-chrome
(which
reuses upstream-info.json
).
Note: The source tarball is often only available a few hours after the release was announced. The CI/CD status can be tracked here:
- https://ci.chromium.org/p/infra/builders/cron/publish_tarball
- https://ci.chromium.org/p/infra/builders/cron/publish_tarball_dispatcher
To run all automated NixOS VM tests for Chromium, ungoogled-chromium, and Google Chrome (not recommended, currently 6x tests!):
nix-build nixos/tests/chromium.nix
A single test can be selected, e.g. to test ungoogled-chromium
(see
channelMap
in nixos/tests/chromium.nix
for all available options):
nix-build nixos/tests/chromium.nix -A ungoogled
(Note: Testing Google Chrome requires export NIXPKGS_ALLOW_UNFREE=1
.)
For custom builds it's possible to "override" channelMap
.
Backports
All updates are considered security critical and should be ported to the stable
channel ASAP. When there is a new stable release the old one should receive
security updates for roughly one month. After that it is important to mark
Chromium as insecure (see 69e4ae56c4
for an example; it is important that the
tested job still succeeds and that all browsers that use upstream-info.json
are marked as insecure).
Major version updates
Unfortunately, Chromium regularly breaks on major updates and might need various patches. Either due to issues with the Nix build sandbox (e.g. we cannot fetch dependencies via the network and do not use standard FHS paths) or due to missing upstream fixes that need to be backported.
Good sources for such patches and other hints:
- https://github.com/archlinux/svntogit-packages/tree/packages/chromium/trunk
- https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium
- https://src.fedoraproject.org/rpms/chromium/tree/master
If the build fails immediately due to unknown compiler flags this usually means that a new major release of LLVM is required.
Beta and Dev channels
Those channels are only used to test and fix builds in advance. They may be broken at times and must not delay stable channel updates.
Testing
Useful tests:
- Version: chrome://version/
- GPU acceleration: chrome://gpu/
- Essential functionality: Browsing, extensions, video+audio, JS, ...
- WebGL: https://get.webgl.org/
- VA-API: https://wiki.archlinux.org/index.php/chromium#Hardware_video_acceleration
- Optional: Widevine CDM (proprietary), Benchmarks, Ozone, etc.