2019-11-06 19:37:25 +00:00
{ stdenv , lib , llvmPackages , gnChromium , ninja , which , nodejs , fetchpatch , fetchurl
2014-04-01 06:36:26 +01:00
# default dependencies
2019-11-06 19:37:25 +00:00
, gnutar , bzip2 , flac , speex , libopus
2014-04-01 06:36:26 +01:00
, libevent , expat , libjpeg , snappy
2017-06-11 09:10:56 +01:00
, libpng , libcap
2021-02-01 08:05:09 +00:00
, xdg-utils , yasm , nasm , minizip , libwebp
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
, libusb1 , pciutils , nss , re2
2014-04-01 06:36:26 +01:00
2021-01-19 06:50:56 +00:00
, python2Packages , perl , pkg-config
2016-09-05 17:59:00 +01:00
, nspr , systemd , kerberos
2020-11-24 15:29:28 +00:00
, util-linux , alsaLib
2014-08-13 03:53:31 +01:00
, bison , gperf
2018-10-04 19:01:26 +01:00
, glib , gtk3 , dbus-glib
2019-01-30 22:55:20 +00:00
, glibc
2020-12-24 11:17:35 +00:00
, libXScrnSaver , libXcursor , libXtst , libxshmfence , libGLU , libGL
2014-12-07 13:52:36 +00:00
, protobuf , speechd , libXdamage , cups
2020-10-09 22:29:16 +01:00
, ffmpeg , libxslt , libxml2 , at-spi2-core
2020-09-19 12:41:44 +01:00
, jre8
2020-06-05 20:52:41 +01:00
, pipewire_0_2
2020-11-27 12:49:04 +00:00
, libva
2021-02-05 13:29:47 +00:00
, libdrm , wayland , mesa , libxkbcommon # Ozone
2014-04-01 06:36:26 +01:00
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
# package customization
, gnomeSupport ? false , gnome ? null
2018-02-25 02:23:58 +00:00
, gnomeKeyringSupport ? false , libgnome-keyring3 ? null
2014-04-01 06:36:26 +01:00
, proprietaryCodecs ? true
2014-12-07 13:52:36 +00:00
, cupsSupport ? true
2015-05-27 20:42:15 +01:00
, pulseSupport ? false , libpulseaudio ? null
2020-12-09 18:13:26 +00:00
, ungoogled ? false , ungoogled-chromium
2014-04-01 06:36:26 +01:00
2019-11-06 19:37:25 +00:00
, channel
2016-03-20 16:50:17 +00:00
, upstream-info
2014-04-01 06:36:26 +01:00
} :
buildFun :
2021-01-15 13:21:58 +00:00
with lib ;
2014-04-01 06:36:26 +01:00
let
2020-09-19 12:41:44 +01:00
jre = jre8 ; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
2014-04-01 06:36:26 +01:00
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base ;
2018-02-26 23:04:33 +00:00
githubPatch = commit : sha256 : fetchpatch {
url = " h t t p s : / / g i t h u b . c o m / c h r o m i u m / c h r o m i u m / c o m m i t / ${ commit } . p a t c h " ;
inherit sha256 ;
} ;
2018-01-09 01:11:02 +00:00
2016-10-29 03:05:53 +01:00
mkGnFlags =
2014-04-01 06:36:26 +01:00
let
2016-10-29 03:05:53 +01:00
# Serialize Nix types into GN types according to this document:
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
# https://source.chromium.org/gn/gn/+/master:docs/language.md
2016-10-29 03:05:53 +01:00
mkGnString = value : " \" ${ escape [ " \" " " $ " " \\ " ] value } \" " ;
2014-04-01 06:36:26 +01:00
sanitize = value :
2016-10-29 03:05:53 +01:00
if value == true then " t r u e "
else if value == false then " f a l s e "
else if isList value then " [ ${ concatMapStringsSep " , " sanitize value } ] "
else if isInt value then toString value
else if isString value then mkGnString value
else throw " U n s u p p o r t e d t y p e f o r G N v a l u e ` ${ value } ' . " ;
toFlag = key : value : " ${ key } = ${ sanitize value } " ;
2014-04-01 06:36:26 +01:00
in attrs : concatStringsSep " " ( attrValues ( mapAttrs toFlag attrs ) ) ;
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
# https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
2016-10-29 03:05:53 +01:00
gnSystemLibraries = [
2020-10-09 22:29:16 +01:00
" f f m p e g "
" f l a c "
" l i b j p e g "
" l i b p n g "
" l i b w e b p "
" l i b x s l t "
" o p u s "
" s n a p p y "
" z l i b "
2020-07-14 21:52:15 +01:00
] ;
2014-04-01 06:36:26 +01:00
opusWithCustomModes = libopus . override {
2014-07-28 04:05:01 +01:00
withCustomModes = true ;
2014-04-01 06:36:26 +01:00
} ;
defaultDependencies = [
2015-06-11 17:23:58 +01:00
bzip2 flac speex opusWithCustomModes
2014-04-01 06:36:26 +01:00
libevent expat libjpeg snappy
2017-06-11 09:10:56 +01:00
libpng libcap
2021-02-01 08:05:09 +00:00
xdg-utils minizip libwebp
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
libusb1 re2
2020-10-09 22:29:16 +01:00
ffmpeg libxslt libxml2
2020-07-14 21:52:15 +01:00
nasm
] ;
2014-04-01 06:36:26 +01:00
# build paths and release info
2014-04-20 07:39:40 +01:00
packageName = extraAttrs . packageName or extraAttrs . name ;
2014-04-01 06:36:26 +01:00
buildType = " R e l e a s e " ;
buildPath = " o u t / ${ buildType } " ;
libExecPath = " $ o u t / l i b e x e c / ${ packageName } " ;
2021-01-28 21:06:23 +00:00
chromiumVersionAtLeast = min-version :
versionAtLeast upstream-info . version min-version ;
2019-10-11 21:55:11 +01:00
versionRange = min-version : upto-version :
let inherit ( upstream-info ) version ;
result = versionAtLeast version min-version && versionOlder version upto-version ;
2021-01-29 12:14:37 +00:00
ungoogled-version = ( importJSON ./upstream-info.json ) . ungoogled-chromium . version ;
2021-01-28 21:06:23 +00:00
in if versionAtLeast ungoogled-version upto-version
then warn " c h r o m i u m : u n g o o g l e d v e r s i o n ${ ungoogled-version } i s n e w e r t h a n a p a t c h s e t b o u n d e d a t ${ upto-version } . Y o u c a n s a f e l y d e l e t e i t . "
2019-10-11 21:55:11 +01:00
result
else result ;
2020-12-09 18:29:31 +00:00
ungoogler = ungoogled-chromium {
inherit ( upstream-info . deps . ungoogled-patches ) rev sha256 ;
} ;
2014-04-01 06:36:26 +01:00
base = rec {
2018-11-18 00:51:12 +00:00
name = " ${ packageName } - u n w r a p p e d - ${ version } " ;
2019-11-06 19:37:25 +00:00
inherit ( upstream-info ) version ;
2021-01-22 11:19:27 +00:00
inherit packageName buildType buildPath ;
2016-03-20 16:50:17 +00:00
2019-11-06 19:37:25 +00:00
src = fetchurl {
url = " h t t p s : / / c o m m o n d a t a s t o r a g e . g o o g l e a p i s . c o m / c h r o m i u m - b r o w s e r - o f f i c i a l / c h r o m i u m - ${ version } . t a r . x z " ;
inherit ( upstream-info ) sha256 ;
} ;
2016-03-20 16:50:17 +00:00
2017-02-08 19:47:07 +00:00
nativeBuildInputs = [
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
llvmPackages . lldClang . bintools
2021-01-19 06:50:56 +00:00
ninja which python2Packages . python perl pkg-config
2017-05-14 14:03:21 +01:00
python2Packages . ply python2Packages . jinja2 nodejs
2020-07-14 21:52:15 +01:00
gnutar python2Packages . setuptools
] ;
2017-02-08 19:47:07 +00:00
2014-04-01 06:36:26 +01:00
buildInputs = defaultDependencies ++ [
2016-09-05 17:59:00 +01:00
nspr nss systemd
2020-11-24 15:29:28 +00:00
util-linux alsaLib
2014-12-30 08:05:12 +00:00
bison gperf kerberos
2018-10-04 19:01:26 +01:00
glib gtk3 dbus-glib
2020-12-24 11:17:35 +00:00
libXScrnSaver libXcursor libXtst libxshmfence libGLU libGL
2018-12-09 03:00:42 +00:00
pciutils protobuf speechd libXdamage at-spi2-core
2019-12-10 12:12:58 +00:00
jre
2020-06-05 20:52:41 +01:00
pipewire_0_2
2020-11-27 12:49:04 +00:00
libva
2021-02-05 13:29:47 +00:00
libdrm wayland mesa . drivers libxkbcommon
2020-11-27 12:49:04 +00:00
] ++ optional gnomeKeyringSupport libgnome-keyring3
2014-04-01 06:36:26 +01:00
++ optionals gnomeSupport [ gnome . GConf libgcrypt ]
2014-12-07 13:52:36 +00:00
++ optionals cupsSupport [ libgcrypt cups ]
2021-02-05 13:29:47 +00:00
++ optional pulseSupport libpulseaudio ;
2014-04-01 06:36:26 +01:00
2020-10-07 12:39:57 +01:00
patches = [
2020-10-20 11:59:55 +01:00
./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed)
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
2021-01-29 12:14:37 +00:00
# ++ optional (versionRange "68" "72") (githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000")
2021-02-01 00:25:53 +00:00
] ++ optional ( versionRange " 8 9 " " 9 0 . 0 . 4 4 0 2 . 0 " ) ( githubPatch
# To fix the build of chromiumBeta and chromiumDev:
2021-01-29 12:14:37 +00:00
" b 5 b 8 0 d f 7 d a f b a 8 c a f a 4 c 6 c 0 b a 2 1 5 3 d f d a 4 6 7 d f c 9 " # add dependency on opus in webcodecs
" 1 r 4 w m w a x z 5 x b f f m j 5 w s p v 2 x j 8 s 3 2 j 9 p 6 j n w i m j m a l q g 3 a l 2 b a 6 4 x "
) ;
2018-10-24 22:25:36 +01:00
2020-10-07 12:39:57 +01:00
postPatch = ''
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
# remove unused third-party
for lib in $ { toString gnSystemLibraries } ; do
if [ - d " t h i r d _ p a r t y / $ l i b " ] ; then
find " t h i r d _ p a r t y / $ l i b " - type f \
\ ! - path " t h i r d _ p a r t y / $ l i b / c h r o m i u m / * " \
\ ! - path " t h i r d _ p a r t y / $ l i b / g o o g l e / * " \
\ ! - path " t h i r d _ p a r t y / h a r f b u z z - n g / u t i l s / h b _ s c o p e d . h " \
\ ! - regex ' . * \ . \ ( gn \ | gni \ | isolate \ ) ' \
- delete
fi
done
2020-08-26 13:22:31 +01:00
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
substituteInPlace native_client/SConstruct - - replace " # ! - * - p y t h o n - * - " " "
if [ - e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ] ; then
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
- - replace " / u s r / b i n / e n v - S m a k e - f " " / u s r / b i n / m a k e - f "
fi
2020-10-07 12:39:57 +01:00
2016-08-04 20:26:05 +01:00
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
- - replace \
2016-08-05 10:55:48 +01:00
' return sandbox_binary ; ' \
' return base::FilePath ( GetDevelSandboxPath ( ) ) ; '
2016-08-04 20:26:05 +01:00
2019-01-30 22:55:20 +00:00
substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
- - replace \
' /usr/share/alsa / ' \
' $ { alsaLib } /share/alsa / ' \
- - replace \
' /usr/lib/x86_64-linux-gnu/gconv / ' \
' $ { glibc } /lib/gconv / ' \
- - replace \
' /usr/share/locale / ' \
' $ { glibc } /share/locale / '
2021-02-01 08:05:09 +00:00
sed - i - e ' s @ " \( # ! \) \? . * x d g - @ " \ 1 $ { xdg-utils } /bin/xdg- @ ' \
2017-03-07 10:10:58 +00:00
chrome/browser/shell_integration_linux.cc
2020-08-12 19:12:16 +01:00
sed - i - e ' /lib_loader. * Load/s ! " \( l i b u d e v \. s o \) ! " $ { lib . getLib systemd } /lib / \ 1 ! ' \
2015-01-23 00:48:56 +00:00
device/udev_linux/udev ? _loader . cc
sed - i - e ' /libpci_loader. * Load/s ! " \( l i b p c i \. s o \) ! " $ { pciutils } /lib / \ 1 ! ' \
gpu/config/gpu_info_collector_linux.cc
2016-05-28 18:04:22 +01:00
2017-06-18 03:29:22 +01:00
# Allow to put extensions into the system-path.
sed - i - e ' s , /usr , /run/current-system/sw , ' chrome/common/chrome_paths.cc
2016-10-29 03:05:53 +01:00
patchShebangs .
2017-05-14 14:03:21 +01:00
# use our own nodejs
mkdir - p third_party/node/linux/node-linux-x64/bin
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
ln - s " $ ( c o m m a n d - v n o d e ) " third_party/node/linux/node-linux-x64/bin/node
# Allow building against system libraries in official builds
sed - i ' s/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD / ' tools/generate_shim_headers/generate_shim_headers.py
2017-07-06 23:54:10 +01:00
2018-01-21 13:31:54 +00:00
'' + o p t i o n a l S t r i n g s t d e n v . i s A a r c h 6 4 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
- - replace ' toolprefix = " a a r c h 6 4 - l i n u x - g n u - " ' ' toolprefix = " " '
2020-12-09 18:13:26 +00:00
'' + o p t i o n a l S t r i n g u n g o o g l e d ''
$ { ungoogler } /utils/prune_binaries.py . $ { ungoogler } /pruning.list || echo " s o m e e r r o r s "
$ { ungoogler } /utils/patches.py . $ { ungoogler } /patches
$ { ungoogler } /utils/domain_substitution.py apply - r $ { ungoogler } /domain_regex.list - f $ { ungoogler } /domain_substitution.list - c ./ungoogled-domsubcache.tar.gz .
2014-04-01 06:36:26 +01:00
'' ;
2020-07-14 21:52:15 +01:00
gnFlags = mkGnFlags ( {
2021-02-05 13:29:47 +00:00
is_official_build = true ;
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
custom_toolchain = " / / b u i l d / t o o l c h a i n / l i n u x / u n b u n d l e : d e f a u l t " ;
host_toolchain = " / / b u i l d / t o o l c h a i n / l i n u x / u n b u n d l e : d e f a u l t " ;
2021-02-05 13:29:47 +00:00
system_wayland_scanner_path = " ${ wayland } / b i n / w a y l a n d - s c a n n e r " ;
2016-03-28 10:31:21 +01:00
2015-12-29 18:32:30 +00:00
use_sysroot = false ;
2014-04-01 06:36:26 +01:00
use_gnome_keyring = gnomeKeyringSupport ;
use_gio = gnomeSupport ;
2019-12-14 18:07:28 +00:00
# ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
# needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
enable_nacl = false ;
2019-12-14 18:52:43 +00:00
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google.
2019-08-11 00:09:55 +01:00
enable_widevine = true ;
2014-04-01 06:36:26 +01:00
use_cups = cupsSupport ;
2020-06-05 20:52:41 +01:00
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
rtc_use_pipewire = true ;
2017-07-31 09:01:15 +01:00
2016-10-29 03:05:53 +01:00
treat_warnings_as_errors = false ;
2017-07-31 09:01:15 +01:00
clang_use_chrome_plugins = false ;
2019-06-05 10:06:03 +01:00
blink_symbol_level = 0 ;
2020-10-09 22:24:20 +01:00
symbol_level = 0 ;
2017-07-31 09:01:15 +01:00
fieldtrial_testing_like_official_build = true ;
2014-04-01 06:36:26 +01:00
2014-04-19 14:25:21 +01:00
# Google API keys, see:
# http://www.chromium.org/developers/how-tos/api-keys
2014-04-01 06:36:26 +01:00
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
google_api_key = " A I z a S y D G i 1 5 Z w l 1 1 U N e 6 Y - 5 X W _ u p s f y w 3 1 q w Z P I " ;
google_default_client_id = " 4 0 4 7 6 1 5 7 5 3 0 0 . a p p s . g o o g l e u s e r c o n t e n t . c o m " ;
google_default_client_secret = " 9 r I F Q j f n k y k E m q b 6 F f j J Q D 1 D " ;
} // optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true ;
2015-10-07 17:42:24 +01:00
enable_hangout_services_extension = true ;
2014-04-01 06:36:26 +01:00
ffmpeg_branding = " C h r o m e " ;
2016-10-29 03:05:53 +01:00
} // optionalAttrs pulseSupport {
use_pulseaudio = true ;
link_pulseaudio = true ;
2021-01-28 21:06:23 +00:00
} // optionalAttrs ( chromiumVersionAtLeast " 8 9 " ) {
# Disable PGO (defaults to 2 since M89) because it fails without additional changes:
# error: Could not read profile ../../chrome/build/pgo_profiles/chrome-linux-master-1610647094-405a32bcf15e5a84949640f99f84a5b9f61e2f2e.profdata: Unsupported instrumentation profile format version
chrome_pgo_phase = 0 ;
2021-02-01 00:25:53 +00:00
} // optionalAttrs ( chromiumVersionAtLeast " 9 0 " ) {
# Disable build with TFLite library because it fails without additional changes:
# ninja: error: '../../chrome/test/data/simple_test.tflite', needed by 'test_data/simple_test.tflite', missing and no known rule to make it
# Note: chrome/test/data/simple_test.tflite is in the Git repository but not in chromium-90.0.4400.8.tar.xz
# See also chrome/services/machine_learning/README.md
build_with_tflite_lib = false ;
2020-12-09 18:13:26 +00:00
} // optionalAttrs ungoogled {
chrome_pgo_phase = 0 ;
enable_hangout_services_extension = false ;
enable_js_type_check = false ;
enable_mdns = false ;
enable_nacl_nonsfi = false ;
enable_one_click_signin = false ;
enable_reading_list = false ;
enable_remoting = false ;
enable_reporting = false ;
enable_service_discovery = false ;
exclude_unwind_tables = true ;
google_api_key = " " ;
google_default_client_id = " " ;
google_default_client_secret = " " ;
safe_browsing_mode = 0 ;
use_official_google_api_keys = false ;
use_unofficial_version_number = false ;
2016-10-29 03:05:53 +01:00
} // ( extraAttrs . gnFlags or { } ) ) ;
2014-04-01 06:36:26 +01:00
configurePhase = ''
2017-02-08 19:48:05 +00:00
runHook preConfigure
2014-04-01 06:36:26 +01:00
# This is to ensure expansion of $out.
libExecPath = " ${ libExecPath } "
chromium: use official build settings (#101467)
LLD: https://lld.llvm.org/
When you link a large program on a multicore machine, you can expect that LLD runs more than twice as fast as the GNU gold linker. Your mileage may vary, though.
Link-time optimization (LTO) is supported by default.
Some default settings have been tuned for the 21st century. For example, the stack is marked as non-executable by default to tighten security.
LTO & ThinLTO: https://clang.llvm.org/docs/ThinLTO.html
LTO (Link Time Optimization) achieves better runtime performance through whole-program analysis and cross-module optimization. However, monolithic LTO implements this by merging all input into a single module, which is not scalable in time or memory, and also prevents fast incremental compiles. ThinLTO is a new approach that is designed to scale like a non-LTO build, while retaining most of the performance achievement of full LTO.
PGO: https://llvm.org/docs/HowToBuildWithPGO.html https://blog.chromium.org/2020/08/chrome-just-got-faster-with-profile.html
Allows your compiler to better optimize code for how it actually runs. Users report that applying this to Clang and LLVM can decrease overall compile time by 20%.
Because PGO uses real usage scenarios that match the workflows of Chrome users around the world, the most common tasks get prioritized and made faster. Delivers up to 10% faster page loads.
CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html https://www.chromium.org/developers/testing/control-flow-integrity
Aborts the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow. These schemes have been optimized for performance, allowing developers to enable them in release builds.
By default, a program compiled with CFI will crash with SIGILL if it detects a CFI violation.
Additionally:
Use minizip instead of zlib. Chromium says zlib but actually uses minizip.
Remove old unused workarounds.
Make shell scripts POSIX compliant.
Update documentation URLs.
Prepare for using system libraries.
2020-10-24 11:27:40 +01:00
python build/linux/unbundle/replace_gn_files.py - - system-libraries $ { toString gnSystemLibraries }
2020-04-03 18:17:57 +01:00
$ { gnChromium } /bin/gn gen - - args = $ { escapeShellArg gnFlags } out/Release | tee gn-gen-outputs . txt
2018-06-19 01:48:42 +01:00
# Fail if `gn gen` contains a WARNING.
grep - o WARNING gn-gen-outputs . txt && echo " F o u n d g n W A R N I N G , e x i t i n g n i x b u i l d " && exit 1
2017-02-08 19:48:05 +00:00
runHook postConfigure
2014-04-01 06:36:26 +01:00
'' ;
2020-04-02 23:02:23 +01:00
# Don't spam warnings about unknown warning options. This is useful because
# our Clang is always older than Chromium's and the build logs have a size
# of approx. 25 MB without this option (and this saves e.g. 66 %).
NIX_CFLAGS_COMPILE = " - W n o - u n k n o w n - w a r n i n g - o p t i o n " ;
2014-04-01 06:36:26 +01:00
buildPhase = let
2014-08-13 03:49:53 +01:00
buildCommand = target : ''
2020-10-16 13:54:34 +01:00
ninja - C " ${ buildPath } " - j $ NIX_BUILD_CORES - l $ NIX_BUILD_CORES " ${ target } "
2017-11-08 22:44:20 +00:00
(
source chrome/installer/linux/common/installer.include
PACKAGE = $ packageName
MENUNAME = " C h r o m i u m "
process_template chrome/app/resources/manpage.1.in " ${ buildPath } / c h r o m e . 1 "
)
2014-04-25 02:58:33 +01:00
'' ;
targets = extraAttrs . buildTargets or [ ] ;
commands = map buildCommand targets ;
in concatStringsSep " \n " commands ;
2019-07-15 07:35:03 +01:00
postFixup = ''
# Make sure that libGLESv2 is found by dlopen (if using EGL).
chromiumBinary = " $ l i b E x e c P a t h / $ p a c k a g e N a m e "
origRpath = " $ ( p a t c h e l f - - p r i n t - r p a t h " $ chromiumBinary " ) "
patchelf - - set-rpath " ${ libGL } / l i b : $ o r i g R p a t h " " $ c h r o m i u m B i n a r y "
'' ;
2019-11-06 19:37:25 +00:00
2020-11-03 12:08:09 +00:00
passthru = {
updateScript = ./update.py ;
chromiumDeps = {
gn = gnChromium ;
} ;
} ;
2014-04-01 06:36:26 +01:00
} ;
# Remove some extraAttrs we supplied to the base attributes already.
in stdenv . mkDerivation ( base // removeAttrs extraAttrs [
2016-10-29 03:05:53 +01:00
" n a m e " " g n F l a g s " " b u i l d T a r g e t s "
2019-11-06 19:37:25 +00:00
] // { passthru = base . passthru // ( extraAttrs . passthru or { } ) ; } )
