me/guix
Archived
1
0
Fork 0
Code Activity

gnu: ungoogled-chromium: Update to 73.0.3683.86-0.4c7fb6d [security fixes].

Browse source 
The update to Chromium 73 includes more than 60 security fixes.  See the
release announcement for more information:
<https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html>.

* gnu/packages/chromium.scm (%preserved-third-party-files): Drop
"net/third_party/http2" and "net/third_party/spdy".  Add "v8/src/third_party/siphash".
(%chromium-version): Update to 73.0.3683.86.
(%ungoogled-revision): Update to 4c7fb6d1a86602999f30b58ef8b331b2115c5ad8.
(%debian-revision): New variable.
(ungoogled-chromium-source): Add an origin for Debians packaging scripts.
Adjust for Ungoogled refactoring and add a procedure for applying Debian
patches.  Replace unneeded LET* for LET and reindent.
(ungoogled-chromium)[arguments]: Remove one obsolete substitution, add two others.
This commit is contained in:
Marius Bakke 2019-03-31 20:55:47 +02:00
parent 799aebd71f
commit 105fa9fcf7
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
1 changed files with 92 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
gnu/packages/chromium.scm
View file

@ -80,11 +80,9 @@
"chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+ "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
"courgette/third_party/bsdiff" ;BSD-2, BSD protection license "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
"courgette/third_party/divsufsort" ;Expat "courgette/third_party/divsufsort" ;Expat
"net/third_party/http2" ;BSD-3
"net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+ "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
"net/third_party/nss" ;MPL-2.0 "net/third_party/nss" ;MPL-2.0
"net/third_party/quic" ;BSD-3 "net/third_party/quic" ;BSD-3
"net/third_party/spdy" ;BSD-3
"net/third_party/uri_template" ;ASL2.0 "net/third_party/uri_template" ;ASL2.0
"third_party/abseil-cpp" ;ASL2.0 "third_party/abseil-cpp" ;ASL2.0
"third_party/adobe/flash/flapper_version.h" ;no license, trivial "third_party/adobe/flash/flapper_version.h" ;no license, trivial
@ -206,6 +204,7 @@
"third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3 "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
"third_party/zlib/google" ;BSD-3 "third_party/zlib/google" ;BSD-3
"url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+ "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
"v8/src/third_party/siphash" ;Public domain
"v8/src/third_party/utf8-decoder" ;Expat "v8/src/third_party/utf8-decoder" ;Expat
"v8/src/third_party/valgrind" ;BSD-4 "v8/src/third_party/valgrind" ;BSD-4
"v8/third_party/inspector_protocol" ;BSD-3 "v8/third_party/inspector_protocol" ;BSD-3
@ -224,8 +223,9 @@ from forcing GEXP-PROMISE."
#:system system #:system system
#:guile-for-build guile))) #:guile-for-build guile)))
(define %chromium-version "72.0.3626.121") (define %chromium-version "73.0.3683.86")
(define %ungoogled-revision "a80839c418de8843dfcd6c13a557f12d26a0a17a") (define %ungoogled-revision "4c7fb6d1a86602999f30b58ef8b331b2115c5ad8")
(define %debian-revision "debian/73.0.3683.75-1")
(define package-revision "0") (define package-revision "0")
(define %package-version (string-append %chromium-version "-" (define %package-version (string-append %chromium-version "-"
@ -233,11 +233,12 @@ from forcing GEXP-PROMISE."
(string-take %ungoogled-revision 7))) (string-take %ungoogled-revision 7)))
;; This is a "computed" origin that does the following: ;; This is a "computed" origin that does the following:
;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball. ;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
;; 2) Prunes all third_party folders that are not explicitly preserved. ;; *) Applies Debians Chromium patches, for their unbundling and GCC work.
;; 3) Adjusts "GN" build files such that system libraries are preferred. ;; *) Prunes all third_party directories that are not explicitly preserved.
;; *) Adjusts "GN" build files such that system libraries are preferred.
(define ungoogled-chromium-source (define ungoogled-chromium-source
(let* ((chromium-source (let ((chromium-source
(origin (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://commondatastorage.googleapis.com" (uri (string-append "https://commondatastorage.googleapis.com"
@ -245,7 +246,7 @@ from forcing GEXP-PROMISE."
%chromium-version ".tar.xz")) %chromium-version ".tar.xz"))
(sha256 (sha256
(base32 (base32
"07xwmlvmzfga61nrimqmzl7s29jb4kc94nkzwwlb7sh6nr55a7jc")))) "18xzddqi8rgng5vksx23jaiv103prxc38pshwp702nfjfqap7fwy"))))
(ungoogled-source (ungoogled-source
(origin (origin
(method git-fetch) (method git-fetch)
@ -255,7 +256,20 @@ from forcing GEXP-PROMISE."
(string-take %ungoogled-revision 7))) (string-take %ungoogled-revision 7)))
(sha256 (sha256
(base32 (base32
"0rgirbxbgjdm3s2kzgj101rjq0clr7x2a7b37kfx2q629z4qlrpc"))))) "0njx505il07d237fzgbhciy78rz7h77r2ai5crbnsx2gdr9kpvd1"))))
(debian-source
(origin
(method git-fetch)
(uri (git-reference
(url "https://salsa.debian.org/chromium-team/chromium.git")
(commit %debian-revision)))
(file-name (git-file-name "debian-chromium-packaging"
(if (string-prefix? "debian/" %debian-revision)
(cadr (string-split %debian-revision #\/))
(string-take %debian-revision 7))))
(sha256
(base32
"1pq0l3m7frf9ygxc1gva1191fxf3d1phaaqp7g3b70mgbabp0mxi")))))
(origin (origin
(method computed-origin-method) (method computed-origin-method)
@ -265,7 +279,10 @@ from forcing GEXP-PROMISE."
(delay (delay
(with-imported-modules '((guix build utils)) (with-imported-modules '((guix build utils))
#~(begin #~(begin
(use-modules (guix build utils)) (use-modules (guix build utils)
(ice-9 rdelim)
(srfi srfi-1)
(srfi srfi-26))
(let ((chromium-dir (string-append "chromium-" #$%chromium-version)) (let ((chromium-dir (string-append "chromium-" #$%chromium-version))
(preserved-files (list #$@%preserved-third-party-files))) (preserved-files (list #$@%preserved-third-party-files)))
@ -281,36 +298,56 @@ from forcing GEXP-PROMISE."
(with-directory-excursion "/tmp/ungoogled" (with-directory-excursion "/tmp/ungoogled"
;; Create a custom "bundle" that inherits from linux_rooted
;; and adds an additional patch.
(format #t "Creating Guix config bundle...~%")
(force-output)
(mkdir-p "config_bundles/guix")
(call-with-output-file "config_bundles/guix/bundlemeta.ini"
(lambda (port)
(format port
"[bundle]
display_name = GNU Guix
depends = linux_rooted\n")))
(call-with-output-file "config_bundles/guix/patch_order.list"
(lambda (port)
(format port "debian_buster/system/openjpeg.patch\n")))
(format #t "Unpacking chromium tarball...~%") (format #t "Unpacking chromium tarball...~%")
(force-output) (force-output)
(invoke "tar" "xf" #+chromium-source) (invoke "tar" "xf" #+chromium-source)
(format #t "Ungooglifying...~%") (format #t "Ungooglifying...~%")
(force-output) (force-output)
(invoke "python3" "run_buildkit_cli.py" "prune" (invoke "python3" "utils/prune_binaries.py" chromium-dir
"-b" "config_bundles/guix" chromium-dir) "pruning.list")
(invoke "python3" "run_buildkit_cli.py" "patches" "apply" (invoke "python3" "utils/patches.py" "apply"
"-b" "config_bundles/guix" chromium-dir) chromium-dir "patches")
(invoke "python3" "run_buildkit_cli.py" "domains" "apply" (invoke "python3" "utils/domain_substitution.py" "apply" "-r"
"-b" "config_bundles/linux_rooted" "domain_regex.list" "-f" "domain_substitution.list"
"-c" "/tmp/domainscache.tar.gz" chromium-dir) "-c" "/tmp/domainscache.tar.gz" chromium-dir)
(with-directory-excursion chromium-dir (with-directory-excursion chromium-dir
(format #t "applying Debian patches...~%")
(force-output)
(let* ((debian #+debian-source)
(patches (string-append debian "/debian/patches"))
(series (string-append patches "/series"))
(grep-q (lambda (query file)
(with-input-from-file file
(lambda ()
(let loop ((line (read-line))
(match #f))
(if (or match (eof-object? line))
(if match #t #f)
(loop (read-line)
(string-contains line query)))))))))
(with-input-from-file series
(lambda ()
(let loop ((line (read-line)))
(unless (eof-object? line)
(when (and (> (string-length line) 1)
;; Skip the Debian-specific ones.
(not (string-prefix? "debianization/" line))
;; And those that conflict with Ungoogled.
(not (any (cute string-suffix? <> line)
'("widevine-buildflag.patch"
"signin.patch"
"third-party-cookies.patch")))
;; Ungoogled includes a subset of the Debian
;; patches. Exclude those already present.
(not (grep-q line "../patches/series")))
(invoke "patch" "--force" "-p1" "--input"
(string-append patches "/" line)
"--no-backup-if-mismatch"))
(loop (read-line)))))))
(format #t "Pruning third party files...~%") (format #t "Pruning third party files...~%")
(force-output) (force-output)
(apply invoke "python" (apply invoke "python"
@ -507,12 +544,13 @@ depends = linux_rooted\n")))
(substitute* "third_party/webrtc/rtc_base/strings/json.h" (substitute* "third_party/webrtc/rtc_base/strings/json.h"
(("#include \"third_party/jsoncpp/") "#include \"json/")) (("#include \"third_party/jsoncpp/") "#include \"json/"))
(substitute* "media/base/decode_capabilities.cc" (substitute* '("ui/gfx/skia_util.h"
(("third_party/libvpx/source/libvpx/") "")) "components/viz/common/resources/resource_format_utils.h")
(substitute* "ui/gfx/skia_util.h"
(("third_party/vulkan/include/") "")) (("third_party/vulkan/include/") ""))
(substitute* "third_party/skia/include/gpu/vk/GrVkVulkan.h"
(("\\.\\./\\.\\./include/third_party/vulkan/") ""))
;; Building chromedriver embeds some files using the ZIP ;; Building chromedriver embeds some files using the ZIP
;; format which doesn't support timestamps before ;; format which doesn't support timestamps before
;; 1980. Therefore, advance the timestamps of the files ;; 1980. Therefore, advance the timestamps of the files