chromium: Support building with NaCl

This commits adds a new 'config.chromium.enableNaCl' option that makes it possible to build chromium with native client support enabled. The NaCl and PNaCl toolchains are required to build chromium with NaCl support. These are not part of the downloaded tarball, and must be built as a separate derivation. 'common.nix' linkes the toolchains into place if 'enableNaCl' is true. It's also been changed to do stripping manually, to avoid stripping the nacl_irt_*.nexe file, as this results in a segfault when trying to run NaCl apps.
NixOS · Jul 30, 2016 · 5dd1af4 · 5dd1af4
1 parent e63e5ef
commit 5dd1af4
Show file tree

Hide file tree

Showing 14 changed files with 588 additions and 2 deletions.
diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix
@@ -1,4 +1,4 @@
-{ stdenv, mkChromiumDerivation, channel }:
+{ stdenv, mkChromiumDerivation, channel, enableNaCl }:
 
 with stdenv.lib;
 
@@ -7,13 +7,28 @@ mkChromiumDerivation (base: rec {
   packageName = "chromium";
   buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ];
 
+  # Trying to run NaCl apps with a stripped nacl_irt_*.nexe file results in a
+  # segfault. We therefore disable stripping here and manually strip the
+  # binaries when they're copied.
+  dontStrip = true;
+
   installPhase = ''
     mkdir -p "$libExecPath"
     cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
     cp -v "$buildPath/icudtl.dat" "$libExecPath/"
     cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
     cp -v "$buildPath/chrome" "$libExecPath/$packageName"
+    strip -S "$libExecPath/$packageName"
     cp -v "$buildPath/chrome_sandbox" "$libExecPath/chrome-sandbox"
+    strip -S "$libExecPath/chrome-sandbox"
+
+    ${optionalString enableNaCl ''
+      cp -v "$buildPath/nacl_helper" "$libExecPath/"
+      strip -S "$libExecPath/nacl_helper"
+      cp -v "$buildPath/nacl_helper_bootstrap" "$libExecPath/"
+      strip -S "$libExecPath/nacl_helper_bootstrap"
+      cp -v "$buildPath/"nacl_irt_*.nexe "$libExecPath/"
+    ''}
 
     mkdir -vp "$out/share/man/man1"
     cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1"

diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -31,6 +31,7 @@
 , hiDPISupport ? false
 
 , upstream-info
+, nacl-toolchain
 }:
 
 buildFun:
@@ -128,6 +129,8 @@ let
 
     patches = [
       ./patches/widevine.patch
+      ./patches/translator_permission.patch
+      ./patches/remove_libgcc_eh.patch
       (if versionOlder version "52.0.0.0"
        then ./patches/nix_plugin_paths_50.patch
        else ./patches/nix_plugin_paths_52.patch)
@@ -151,6 +154,8 @@ let
     '' + optionalString (versionAtLeast version "52.0.0.0") ''
       sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
         third_party/pdfium/xfa/fxbarcode/utils.h
+    '' + optionalString enableNaCl ''
+      ln -s ${nacl-toolchain} native_client/toolchain
     '';
 
     gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
@@ -192,6 +197,8 @@ let
     } // optionalAttrs (stdenv.system == "i686-linux") {
       target_arch = "ia32";
       python_arch = "ia32";
+    } // optionalAttrs enableNaCl {
+      disable_glibc = true;
     } // (extraAttrs.gypFlags or {}));
 
     configurePhase = ''

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -21,13 +21,15 @@ let
   chromium = {
     upstream-info = (callPackage ./update.nix {}).getChannel channel;
 
+    nacl-toolchain = callPackage ./native-client {};
+
     mkChromiumDerivation = callPackage ./common.nix {
       inherit enableSELinux enableNaCl enableHotwording gnomeSupport
               gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport
               hiDPISupport;
     };
 
-    browser = callPackage ./browser.nix { inherit channel; };
+    browser = callPackage ./browser.nix { inherit channel enableNaCl; };
 
     plugins = callPackage ./plugins.nix {
       inherit enablePepperFlash enableWideVine;

diff --git a/.../applications/networking/browsers/chromium/native-client/0001-Do-not-write-REV-file.patch b/.../applications/networking/browsers/chromium/native-client/0001-Do-not-write-REV-file.patch
@@ -0,0 +1,28 @@
+From 5d085bffea9be1045580bf58edb70322767ddc00 Mon Sep 17 00:00:00 2001
+From: Sivert Berg <code@trev.is>
+Date: Tue, 24 May 2016 16:40:21 +0200
+Subject: [PATCH 1/4] Do not write REV file
+
+---
+ toolchain_build/toolchain_build_pnacl.py | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/toolchain_build/toolchain_build_pnacl.py b/toolchain_build/toolchain_build_pnacl.py
+index 83358d1..89f7567 100755
+--- a/toolchain_build/toolchain_build_pnacl.py
++++ b/toolchain_build/toolchain_build_pnacl.py
+@@ -1037,11 +1037,6 @@ def Metadata(revisions, is_canonical):
+               command.Copy('%(readme)s', os.path.join('%(output)s', 'README')),
+               command.WriteData(str(FEATURE_VERSION),
+                                 os.path.join('%(output)s', 'FEATURE_VERSION')),
+-              command.Runnable(None, pnacl_commands.WriteREVFile,
+-                               os.path.join('%(output)s', 'REV'),
+-                               GIT_BASE_URL,
+-                               GIT_REPOS,
+-                               revisions),
+           ],
+       }
+   }
+-- 
+2.4.0
+
diff --git a/...ns/networking/browsers/chromium/native-client/0002-Do-not-build-unsandboxed-runtime.patch b/...ns/networking/browsers/chromium/native-client/0002-Do-not-build-unsandboxed-runtime.patch
@@ -0,0 +1,49 @@
+From 8ad16768970867de7d1a0080844f7afbb6967c8d Mon Sep 17 00:00:00 2001
+From: Sivert Berg <code@trev.is>
+Date: Tue, 24 May 2016 16:41:16 +0200
+Subject: [PATCH 2/4] Do not build unsandboxed runtime
+
+---
+ toolchain_build/toolchain_build_pnacl.py | 19 -------------------
+ 1 file changed, 19 deletions(-)
+
+diff --git a/toolchain_build/toolchain_build_pnacl.py b/toolchain_build/toolchain_build_pnacl.py
+index 89f7567..c4acd5d 100755
+--- a/toolchain_build/toolchain_build_pnacl.py
++++ b/toolchain_build/toolchain_build_pnacl.py
+@@ -1270,17 +1270,6 @@ def GetUploadPackageTargets():
+     if os_name != 'win':
+       host_packages[os_name].append('libcxx_%s' % legal_triple)
+
+-  # Unsandboxed target IRT libraries
+-  for os_name in ['linux', 'mac']:
+-    legal_triple = pynacl.gsd_storage.LegalizeName('x86-32-' + os_name)
+-    host_packages[os_name].append('unsandboxed_runtime_%s' % legal_triple)
+-  for os_name in ['linux']:
+-    legal_triple = pynacl.gsd_storage.LegalizeName('arm-' + os_name)
+-    host_packages[os_name].append('unsandboxed_runtime_%s' % legal_triple)
+-  for os_name in ['linux']:
+-    legal_triple = pynacl.gsd_storage.LegalizeName('x86-64-' + os_name)
+-    host_packages[os_name].append('unsandboxed_runtime_%s' % legal_triple)
+-
+   for os_name, os_packages in host_packages.iteritems():
+     package_target = '%s_x86' % pynacl.platform.GetOS(os_name)
+     package_targets[package_target] = {}
+@@ -1422,14 +1411,6 @@ def main():
+                     ['le32'] + DIRECT_TO_NACL_ARCHES))
+     packages.update(pnacl_targetlibs.SDKLibs('le32', is_canonical,
+         ['pnacl_native_clang_driver=1'] if args.native_clang_driver else []))
+-    unsandboxed_runtime_canonical = is_canonical or pynacl.platform.IsMac()
+-    packages.update(pnacl_targetlibs.UnsandboxedRuntime(
+-        'x86-32-%s' % pynacl.platform.GetOS(), unsandboxed_runtime_canonical))
+-    if pynacl.platform.IsLinux():
+-      packages.update(pnacl_targetlibs.UnsandboxedRuntime(
+-          'arm-%s' % pynacl.platform.GetOS(), unsandboxed_runtime_canonical))
+-      packages.update(pnacl_targetlibs.UnsandboxedRuntime(
+-          'x86-64-%s' % pynacl.platform.GetOS(), unsandboxed_runtime_canonical))
+
+   if args.build_sbtc and not args.pnacl_in_pnacl:
+     packages.update(pnacl_sandboxed_translator.SandboxedTranslators(
+-- 
+2.4.0
+
diff --git a/...ng/browsers/chromium/native-client/0003-Make-pnacl-build.sh-work-with-host-compiler.patch b/...ng/browsers/chromium/native-client/0003-Make-pnacl-build.sh-work-with-host-compiler.patch
@@ -0,0 +1,119 @@
+From 5990e31bd232ae7da9dbe2bb8dc0357907362105 Mon Sep 17 00:00:00 2001
+From: Sivert Berg <code@trev.is>
+Date: Tue, 24 May 2016 16:45:17 +0200
+Subject: [PATCH 3/4] Make pnacl/build.sh work with host compiler
+
+---
+ pnacl/build.sh | 29 ++++++++++++-----------------
+ 1 file changed, 12 insertions(+), 17 deletions(-)
+
+diff --git a/pnacl/build.sh b/pnacl/build.sh
+index fecf1f8..634b0a8 100755
+--- a/pnacl/build.sh
++++ b/pnacl/build.sh
+@@ -111,12 +111,12 @@ readonly PNACL_CXXFILT="${BINUTILS_INSTALL_DIR}/bin/${REAL_CROSS_TARGET}-c++filt
+ readonly ILLEGAL_TOOL="${INSTALL_BIN}"/pnacl-illegal
+
+ # Tools for building the LLVM BuildTools in the translator build
+-readonly HOST_CLANG_PATH="${GCLIENT_ROOT}/third_party/llvm-build/Release+Asserts/bin"
+-readonly HOST_CLANG="${HOST_CLANG_PATH}/clang"
++readonly HOST_CLANG_PATH="${NIX_CC}/bin"
++readonly HOST_CLANG="${HOST_CLANG_PATH}/gcc"
+ # Use toolchain_build's libcxx install directory instead of ${INSTALL_ROOT}/lib
+ # because the latter also has the LLVM shared libs in it, and given how stupid
+ # the LLVM BuildTools build is, who knows what would happen if it found those.
+-readonly HOST_LIBCXX="${NACL_ROOT}/toolchain_build/out/libcxx_x86_64_linux_install"
++readonly HOST_LIBCXX="${NACL_ROOT}/toolchain_build/out/libcxx_x86_64_install"
+
+ # For a production (release) build, we want the sandboxed
+ # translator to only contain the code needed to handle
+@@ -253,7 +253,7 @@ llvm-sb-setup() {
+     NM="${PNACL_NM}" \
+     RANLIB="${PNACL_RANLIB}" \
+     BUILD_CC="${HOST_CLANG}" \
+-    BUILD_CXX="${HOST_CLANG}++")
++    BUILD_CXX="${HOST_CLANG_PATH}/g++")
+ }
+
+ #+-------------------------------------------------------------------------
+@@ -335,8 +335,6 @@ llvm-sb-configure() {
+   # Similar with getrlimit/setrlimit where struct rlimit isn't defined.
+   RunWithLog \
+       ${LLVM_SB_LOG_PREFIX}.configure \
+-      env -i \
+-      PATH="/usr/bin:/bin" \
+       ${srcdir}/configure \
+         "${LLVM_SB_CONFIGURE_ENV[@]}" \
+         --prefix=${installdir} \
+@@ -350,7 +348,7 @@ llvm-sb-configure() {
+         --enable-shared=no \
+         --disable-jit \
+         --enable-optimized \
+-        --enable-libcpp \
++        --disable-compiler-version-checks \
+         --target=${CROSS_TARGET_ARM} \
+         llvm_cv_link_use_export_dynamic=no \
+         ac_cv_func_getrusage=no \
+@@ -374,7 +372,7 @@ llvm-sb-make() {
+   # The LLVM sandboxed build uses the normally-disallowed external
+   # function __nacl_get_arch().  Allow that for now.
+   RunWithLog ${LLVM_SB_LOG_PREFIX}.make \
+-      env -i PATH="/usr/bin:/bin:${HOST_CLANG_PATH}" \
++      env \
+       LDFLAGS="-Wl,-plugin-opt=no-finalize -Wl,-plugin-opt=no-abi-verify" \
+       LD_LIBRARY_PATH="${HOST_LIBCXX}/lib" \
+       ONLY_TOOLS="${tools_to_build}" \
+@@ -383,9 +381,10 @@ llvm-sb-make() {
+       NO_DEAD_STRIP=1 \
+       VERBOSE=1 \
+       SUBZERO_SRC_ROOT="${TC_SRC_SUBZERO}" \
++      CXXFLAGS="-I${INSTALL_ROOT}/le32-nacl/include/c++/v1" \
+       BUILD_CC="${HOST_CLANG}" \
+-      BUILD_CXX="${HOST_CLANG}++" \
+-      BUILD_CXXFLAGS="-stdlib=libc++ -I${HOST_LIBCXX}/include/c++/v1" \
++      BUILD_CXX="${HOST_CLANG_PATH}/g++" \
++      BUILD_CXXFLAGS="" \
+       BUILD_LDFLAGS="-L${HOST_LIBCXX}/lib" \
+       ${export_dyn_env} \
+       make ${MAKE_OPTS} tools-only
+@@ -605,8 +604,7 @@ binutils-gold-sb-configure() {
+   StepBanner "GOLD-NATIVE-SB" "Dir [$(pwd)]"
+   local log_prefix="binutils-gold.sb.${arch}"
+   RunWithLog "${log_prefix}".configure \
+-    env -i \
+-    PATH="/usr/bin:/bin" \
++    env \
+     "${configure_env[@]}" \
+     ${srcdir}/libiberty/configure --prefix="${installbin}" \
+     --host=${target} \
+@@ -623,10 +621,9 @@ binutils-gold-sb-configure() {
+   # Disable readv. We have a stub for it, but not the accompanying headers
+   # in newlib, like sys/uio.h to actually compile with it.
+   RunWithLog "${log_prefix}".configure \
+-    env -i \
+-    PATH="/usr/bin:/bin" \
++    env \
+     "${configure_env[@]}" \
+-    CXXFLAGS="" \
++    CXXFLAGS="-I${INSTALL_ROOT}/le32-nacl/include/c++/v1" \
+     CFLAGS="" \
+     LDFLAGS="-Wl,-plugin-opt=no-finalize -Wl,-plugin-opt=no-abi-verify" \
+     ac_cv_search_zlibVersion=no \
+@@ -671,14 +668,12 @@ binutils-gold-sb-make() {
+   spushd "${objdir}/libiberty"
+
+   RunWithLog "binutils-gold.liberty.sb.${arch}".make \
+-      env -i PATH="/usr/bin:/bin" \
+       make ${MAKE_OPTS}
+   spopd
+
+   StepBanner "GOLD-NATIVE-SB" "Make (gold) ${arch}"
+   spushd "${objdir}/gold"
+   RunWithLog "binutils-gold.sb.${arch}".make \
+-      env -i PATH="/usr/bin:/bin" \
+       make ${MAKE_OPTS} ld-new
+   spopd
+
+-- 
+2.4.0
+
diff --git a/pkgs/applications/networking/browsers/chromium/native-client/0004-Do-not-get-GDB.patch b/pkgs/applications/networking/browsers/chromium/native-client/0004-Do-not-get-GDB.patch
@@ -0,0 +1,38 @@
+From dba1c06bf430b88c216c2a58afe0bd71189ab6ea Mon Sep 17 00:00:00 2001
+From: Sivert Berg <code@trev.is>
+Date: Tue, 24 May 2016 20:06:01 +0200
+Subject: [PATCH 4/4] Do not get GDB
+
+While building the x86 sdb libs it tries to copy the GDB from the glibc
+toolchains. We do not have these toolchains, so skip that step.
+---
+ site_scons/site_tools/naclsdk.py | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/site_scons/site_tools/naclsdk.py b/site_scons/site_tools/naclsdk.py
+index 587a183..9fd0188 100755
+--- a/site_scons/site_tools/naclsdk.py
++++ b/site_scons/site_tools/naclsdk.py
+@@ -683,19 +683,6 @@ def generate(env):
+   else:
+     _SetEnvForNativeSdk(env, root)
+
+-  if (env.Bit('bitcode') or env.Bit('nacl_clang')) and env.Bit('build_x86'):
+-    # Get GDB from the nacl-gcc glibc toolchain even when using PNaCl.
+-    # TODO(mseaborn): We really want the nacl-gdb binary to be in a
+-    # separate tarball from the nacl-gcc toolchain, then this step
+-    # will not be necessary.
+-    # See http://code.google.com/p/nativeclient/issues/detail?id=2773
+-    temp_env = env.Clone()
+-    temp_env.ClearBits('bitcode', 'nacl_clang')
+-    temp_env.SetBits('nacl_glibc')
+-    temp_root = temp_env.GetToolchainDir()
+-    _SetEnvForNativeSdk(temp_env, temp_root)
+-    env.Replace(GDB=temp_env['GDB'])
+-
+   env.Prepend(LIBPATH='${NACL_SDK_LIB}')
+
+   # Install our scanner for (potential) linker scripts.
+-- 
+2.4.0
+
diff --git a/pkgs/applications/networking/browsers/chromium/native-client/default.nix b/pkgs/applications/networking/browsers/chromium/native-client/default.nix
@@ -0,0 +1,58 @@
+{ stdenv
+, callPackage
+, python
+, texinfo
+, flex
+, bison
+, perl
+, groff
+, cmake
+, git
+}:
+let
+  sources = callPackage ./sources.nix {};
+  src = sources.sources.native_client;
+  patches = [
+    ./0001-Do-not-write-REV-file.patch
+    ./0002-Do-not-build-unsandboxed-runtime.patch
+    ./0003-Make-pnacl-build.sh-work-with-host-compiler.patch
+    ./0004-Do-not-get-GDB.patch
+  ];
+in stdenv.mkDerivation {
+  name = "nacl-toolchain-${sources.revision}";
+
+  buildInputs = [ python texinfo flex bison perl groff cmake git ];
+
+  buildCommand = sources.copySources +
+  ''
+    cd native_client
+
+    ${stdenv.lib.concatStringsSep "\n" (map (patch: "patch -p1 < ${patch}") patches)}
+
+    env PNACL_CONCURRENCY=$NIX_BUILD_CORES \
+    toolchain_build/toolchain_build_pnacl.py \
+      --verbose \
+      --clobber \
+      --gcc \
+      --no-use-cached-results \
+      --no-use-remote-cache \
+      --no-nacl-gcc \
+      --build-sbtc
+
+    mkdir $out
+
+    build/package_version/package_version.py \
+      --packages pnacl_newlib \
+      --tar-dir toolchain_build/out/packages \
+      --dest-dir $out \
+      extract \
+      --skip-missing
+
+    build/package_version/package_version.py \
+      --packages pnacl_translator \
+      --tar-dir toolchain_build/out/packages \
+      --dest-dir $out \
+      extract \
+      --skip-missing
+  '';
+}
diff --git a/pkgs/applications/networking/browsers/chromium/native-client/repos b/pkgs/applications/networking/browsers/chromium/native-client/repos
@@ -0,0 +1,13 @@
+<url>                                                                 <type>      <name>          <src-dir>
+https://chromium.googlesource.com/breakpad/breakpad.git               deps        breakpad        breakpad
+https://chromium.googlesource.com/native_client/src/third_party.git   deps        third_party     third_party
+https://chromium.googlesource.com/native_client/nacl-binutils.git     component   binutils        binutils
+https://chromium.googlesource.com/native_client/nacl-binutils.git     component   binutils_x86    binutils-x86
+https://chromium.googlesource.com/native_client/pnacl-clang.git       component   clang           clang
+https://chromium.googlesource.com/native_client/pnacl-llvm.git        component   llvm            llvm
+https://chromium.googlesource.com/native_client/pnacl-gcc.git         component   gcc             pnacl-gcc
+https://chromium.googlesource.com/native_client/pnacl-libcxx.git      component   libcxx          libcxx
+https://chromium.googlesource.com/native_client/pnacl-libcxxabi.git   component   libcxxabi       libcxxabi
+https://chromium.googlesource.com/native_client/nacl-newlib.git       component   nacl_newlib     pnacl-newlib
+https://chromium.googlesource.com/native_client/pnacl-compiler-rt.git component   compiler_rt     compiler-rt
+https://chromium.googlesource.com/native_client/pnacl-subzero.git     component   subzero         subzero