Merge pull request #108336 from primeos/chromium-backport

[20.09] chromium: 87.0.4280.66 -> 87.0.4280.88

pkgs/applications/networking/browsers/chromium/browser.nix

@@ -1,4 +1,4 @@
-{ stdenv, mkChromiumDerivation, channel, enableWideVine }:
+{ stdenv, mkChromiumDerivation, channel, enableWideVine, ungoogled }:
 
 with stdenv.lib;
 
@@ -69,18 +69,25 @@ mkChromiumDerivation (base: rec {
   requiredSystemFeatures = [ "big-parallel" ];
 
   meta = {
-    description = "An open source web browser from Google";
+    description = "An open source web browser from Google"
+      + optionalString ungoogled ", with dependencies on Google web services removed";
     longDescription = ''
       Chromium is an open source web browser from Google that aims to build a
       safer, faster, and more stable way for all Internet users to experience
       the web. It has a minimalist user interface and provides the vast majority
       of source code for Google Chrome (which has some additional features).
     '';
-    homepage = "https://www.chromium.org/";
-    maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md
+    homepage = if ungoogled
+      then "https://github.com/Eloston/ungoogled-chromium"
+      else "https://www.chromium.org/";
+    maintainers = with maintainers; if ungoogled
+      then [ squalus primeos ]
+      else [ primeos thefloweringash bendlas ];
     license = if enableWideVine then licenses.unfree else licenses.bsd3;
     platforms = platforms.linux;
-    hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
+    hydraPlatforms = if (channel == "stable" || channel == "ungoogled-chromium")
+      then ["aarch64-linux" "x86_64-linux"]
+      else [];
     timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
   };
 })

pkgs/applications/networking/browsers/chromium/common.nix

@@ -13,7 +13,7 @@
 , bison, gperf
 , glib, gtk3, dbus-glib
 , glibc
-, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
+, libXScrnSaver, libXcursor, libXtst, libxshmfence, libGLU, libGL
 , protobuf, speechd, libXdamage, cups
 , ffmpeg, libxslt, libxml2, at-spi2-core
 , jre8
@@ -31,6 +31,7 @@
 , proprietaryCodecs ? true
 , cupsSupport ? true
 , pulseSupport ? false, libpulseaudio ? null
+, ungoogled ? false, ungoogled-chromium
 
 , channel
 , upstream-info
@@ -109,6 +110,10 @@ let
             result
        else result;
 
+  ungoogler = ungoogled-chromium {
+    inherit (upstream-info.deps.ungoogled-patches) rev sha256;
+  };
+
   base = rec {
     name = "${packageName}-unwrapped-${version}";
     inherit (upstream-info) version;
@@ -131,7 +136,7 @@ let
       utillinux alsaLib
       bison gperf kerberos
       glib gtk3 dbus-glib
-      libXScrnSaver libXcursor libXtst libGLU libGL
+      libXScrnSaver libXcursor libXtst libxshmfence libGLU libGL
       pciutils protobuf speechd libXdamage at-spi2-core
       jre
       pipewire_0_2
@@ -208,6 +213,10 @@ let
     '' + optionalString stdenv.isAarch64 ''
       substituteInPlace build/toolchain/linux/BUILD.gn \
         --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
+    '' + optionalString ungoogled ''
+      ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
+      ${ungoogler}/utils/patches.py . ${ungoogler}/patches
+      ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
     '';
 
     gnFlags = mkGnFlags ({
@@ -260,6 +269,24 @@ let
       use_system_minigbm = true;
       use_system_libdrm = true;
       system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
+    } // optionalAttrs ungoogled {
+      chrome_pgo_phase = 0;
+      enable_hangout_services_extension = false;
+      enable_js_type_check = false;
+      enable_mdns = false;
+      enable_nacl_nonsfi = false;
+      enable_one_click_signin = false;
+      enable_reading_list = false;
+      enable_remoting = false;
+      enable_reporting = false;
+      enable_service_discovery = false;
+      exclude_unwind_tables = true;
+      google_api_key = "";
+      google_default_client_id = "";
+      google_default_client_secret = "";
+      safe_browsing_mode = 0;
+      use_official_google_api_keys = false;
+      use_unofficial_version_number = false;
     } // (extraAttrs.gnFlags or {}));
 
     configurePhase = ''

pkgs/applications/networking/browsers/chromium/default.nix

@@ -16,6 +16,7 @@
 , enableWideVine ? false
 , useVaapi ? false # Deprecated, use enableVaapi instead!
 , enableVaapi ? false # Disabled by default due to unofficial support
+, ungoogled ? false # Whether to build chromium or ungoogled-chromium
 , cupsSupport ? true
 , pulseSupport ? config.pulseaudio or stdenv.isLinux
 , commandLineArgs ? ""
@@ -34,7 +35,7 @@ let
 
     mkChromiumDerivation = callPackage ./common.nix ({
       inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
-              cupsSupport pulseSupport;
+              cupsSupport pulseSupport ungoogled;
       gnChromium = gn.overrideAttrs (oldAttrs: {
         inherit (upstream-info.deps.gn) version;
         src = fetchgit {
@@ -43,14 +44,17 @@ let
       });
     });
 
-    browser = callPackage ./browser.nix { inherit channel enableWideVine; };
+    browser = callPackage ./browser.nix { inherit channel enableWideVine ungoogled; };
 
     plugins = callPackage ./plugins.nix {
       inherit enablePepperFlash;
     };
+
+    ungoogled-chromium = callPackage ./ungoogled.nix {};
   };
 
-  pkgSuffix = if channel == "dev" then "unstable" else channel;
+  pkgSuffix = if channel == "dev" then "unstable" else
+    (if channel == "ungoogled-chromium" then "stable" else channel);
   pkgName = "google-chrome-${pkgSuffix}";
   chromeSrc = fetchurl {
     urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
@@ -72,7 +76,7 @@ let
 
     unpackCmd = let
       widevineCdmPath =
-        if channel == "stable" then
+        if (channel == "stable" || channel == "ungoogled-chromium") then
           "./opt/google/chrome/WidevineCdm"
         else if channel == "beta" then
           "./opt/google/chrome-beta/WidevineCdm"
@@ -114,7 +118,9 @@ let
     };
   };
 
-  suffix = if channel != "stable" then "-" + channel else "";
+  suffix = if (channel == "stable" || channel == "ungoogled-chromium")
+    then ""
+    else "-" + channel;
 
   sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
 
@@ -141,7 +147,8 @@ let
       (enableVaapi)
       "--add-flags --enable-accelerated-video-decode";
 in stdenv.mkDerivation {
-  name = "chromium${suffix}-${version}";
+  name = lib.optionalString ungoogled "ungoogled-"
+    + "chromium${suffix}-${version}";
   inherit version;
 
   buildInputs = [

pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix → pkgs/applications/networking/browsers/chromium/ungoogled.nix

@@ -4,6 +4,7 @@
 , makeWrapper
 , patch
 }:
+
 { rev
 , sha256
 }:

pkgs/applications/networking/browsers/chromium/update.py

@@ -1,6 +1,9 @@
 #! /usr/bin/env nix-shell
 #! nix-shell -i python -p python3 nix nix-prefetch-git
 
+"""This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
+via upstream-info.json."""
+
 import csv
 import json
 import re
@@ -19,41 +22,54 @@
 
 JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
 
+
 def load_json(path):
+    """Loads the given JSON file."""
     with open(path, 'r') as f:
         return json.load(f)
 
+
 def nix_prefetch_url(url, algo='sha256'):
+    """Prefetches the content of the given URL."""
     print(f'nix-prefetch-url {url}')
     out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
     return out.decode('utf-8').rstrip()
 
+
 def nix_prefetch_git(url, rev):
+    """Prefetches the requested Git revision of the given repository URL."""
     print(f'nix-prefetch-git {url} {rev}')
     out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev])
     return json.loads(out)
 
+
 def get_file_revision(revision, file_path):
+    """Fetches the requested Git revision of the given Chromium file."""
     url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}'
     with urlopen(url) as http_response:
         return http_response.read()
 
+
 def get_matching_chromedriver(version):
+    """Gets the matching chromedriver version for the given Chromium version."""
     # See https://chromedriver.chromium.org/downloads/version-selection
     build = re.sub('.[0-9]+$', '', version)
     chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}'
     with urlopen(chromedriver_version_url) as http_response:
         chromedriver_version = http_response.read().decode()
         def get_chromedriver_url(system):
-            return f'https://chromedriver.storage.googleapis.com/{chromedriver_version}/chromedriver_{system}.zip'
+            return ('https://chromedriver.storage.googleapis.com/' +
+                    f'{chromedriver_version}/chromedriver_{system}.zip')
         return {
             'version': chromedriver_version,
             'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
             'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64'))
         }
 
-def get_channel_dependencies(channel):
-    deps = get_file_revision(channel['version'], 'DEPS')
+
+def get_channel_dependencies(version):
+    """Gets all dependencies for the given Chromium version."""
+    deps = get_file_revision(version, 'DEPS')
     gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'"
     gn_commit = re.search(gn_pattern, deps).group(1).decode()
     gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit)
@@ -66,12 +82,35 @@ def get_channel_dependencies(channel):
         }
     }
 
+
+def get_latest_ungoogled_chromium_tag():
+    """Returns the latest ungoogled-chromium tag using the GitHub API."""
+    api_tag_url = 'https://api.github.com/repos/Eloston/ungoogled-chromium/tags?per_page=1'
+    with urlopen(api_tag_url) as http_response:
+        tag_data = json.load(http_response)
+        return tag_data[0]['name']
+
+
+def get_latest_ungoogled_chromium_build():
+    """Returns a dictionary for the latest ungoogled-chromium build."""
+    tag = get_latest_ungoogled_chromium_tag()
+    version = tag.split('-')[0]
+    return {
+        'channel': 'ungoogled-chromium',
+        'version': version,
+        'ungoogled_tag': tag
+    }
+
+
 channels = {}
 last_channels = load_json(JSON_PATH)
 
+
 print(f'GET {HISTORY_URL}', file=sys.stderr)
 with urlopen(HISTORY_URL) as resp:
     builds = csv.DictReader(iterdecode(resp, 'utf-8'))
+    builds = list(builds)
+    builds.append(get_latest_ungoogled_chromium_build())
     for build in builds:
         channel_name = build['channel']
 
@@ -88,34 +127,50 @@ def get_channel_dependencies(channel):
             continue
 
         channel = {'version': build['version']}
-        suffix = 'unstable' if channel_name == 'dev' else channel_name
+        if channel_name == 'dev':
+            google_chrome_suffix = 'unstable'
+        elif channel_name == 'ungoogled-chromium':
+            google_chrome_suffix = 'stable'
+        else:
+            google_chrome_suffix = channel_name
 
         try:
             channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz')
-            channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb')
+            channel['sha256bin64'] = nix_prefetch_url(
+                f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' +
+                f'google-chrome-{google_chrome_suffix}_{build["version"]}-1_amd64.deb')
         except subprocess.CalledProcessError:
             # This build isn't actually available yet.  Continue to
             # the next one.
             continue
 
-        channel['deps'] = get_channel_dependencies(channel)
+        channel['deps'] = get_channel_dependencies(channel['version'])
         if channel_name == 'stable':
             channel['chromedriver'] = get_matching_chromedriver(channel['version'])
+        elif channel_name == 'ungoogled-chromium':
+            ungoogled_repo_url = 'https://github.com/Eloston/ungoogled-chromium.git'
+            channel['deps']['ungoogled-patches'] = {
+                'rev': build['ungoogled_tag'],
+                'sha256': nix_prefetch_git(ungoogled_repo_url, build['ungoogled_tag'])['sha256']
+            }
 
         channels[channel_name] = channel
 
+
 with open(JSON_PATH, 'w') as out:
     def get_channel_key(item):
+        """Orders Chromium channels by their name."""
         channel_name = item[0]
         if channel_name == 'stable':
             return 0
-        elif channel_name == 'beta':
+        if channel_name == 'beta':
             return 1
-        elif channel_name == 'dev':
+        if channel_name == 'dev':
             return 2
-        else:
-            print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
-            sys.exit(1)
+        if channel_name == 'ungoogled-chromium':
+            return 3
+        print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
+        sys.exit(1)
     sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
     json.dump(sorted_channels, out, indent=2)
     out.write('\n')