aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2016-10-12 17:25:05 +0100
committerChristopher Baines <mail@cbaines.net>2017-12-19 07:27:49 +0000
commit1c5c4b7b30c13b0bfc1ac1e7de90daf72425e599 (patch)
tree5705b2658413e13f0a8ec0c0e5554f30defa2b4e
parent4fad6598c60b48bf956096530c86f6920c72bd1c (diff)
downloadguix-chromium.tar
guix-chromium.tar.gz
gnu: Add chromium.chromium
* gnu/packages/chromium.scm: New file. * gnu/packages/patches/chromium-disable-api-keys-warning.patch, gnu/packages/patches/chromium-disable-third-party-cookies.patch, gnu/packages/patches/chromium-gn-bootstrap.patch, gnu/packages/patches/chromium-system-icu.patch, gnu/packages/patches/chromium-system-libevent.patch, gnu/packages/patches/chromium-system-nspr.patch, gnu/packages/patches/chromium-system-libxml.patch: New files. * gnu/local.mk: Record it.
-rw-r--r--gnu/local.mk8
-rw-r--r--gnu/packages/chromium.scm595
-rw-r--r--gnu/packages/patches/chromium-disable-api-keys-warning.patch17
-rw-r--r--gnu/packages/patches/chromium-disable-third-party-cookies.patch13
-rw-r--r--gnu/packages/patches/chromium-gn-bootstrap.patch13
-rw-r--r--gnu/packages/patches/chromium-system-icu.patch15
-rw-r--r--gnu/packages/patches/chromium-system-libevent.patch84
-rw-r--r--gnu/packages/patches/chromium-system-libxml.patch29
-rw-r--r--gnu/packages/patches/chromium-system-nspr.patch65
9 files changed, 839 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index efb91fd826..b1b0e085bc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -88,6 +88,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/certs.scm \
%D%/packages/check.scm \
%D%/packages/chez.scm \
+ %D%/packages/chromium.scm \
%D%/packages/ci.scm \
%D%/packages/cinnamon.scm \
%D%/packages/cmake.scm \
@@ -573,6 +574,13 @@ dist_patch_DATA = \
%D%/packages/patches/chicken-CVE-2017-6949.patch \
%D%/packages/patches/chicken-CVE-2017-11343.patch \
%D%/packages/patches/chmlib-inttypes.patch \
+ %D%/packages/patches/chromium-disable-api-keys-warning.patch \
+ %D%/packages/patches/chromium-disable-third-party-cookies.patch \
+ %D%/packages/patches/chromium-gn-bootstrap.patch \
+ %D%/packages/patches/chromium-system-libevent.patch \
+ %D%/packages/patches/chromium-system-libxml.patch \
+ %D%/packages/patches/chromium-system-icu.patch \
+ %D%/packages/patches/chromium-system-nspr.patch \
%D%/packages/patches/clang-libc-search-path.patch \
%D%/packages/patches/clang-3.8-libc-search-path.patch \
%D%/packages/patches/clementine-use-openssl.patch \
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..c95f564138
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,595 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages assembly)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages bison)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages fontutils)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages gperf)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages icu4c)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libffi)
+ #:use-module (gnu packages libusb)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages kerberos)
+ #:use-module (gnu packages ninja)
+ #:use-module (gnu packages node)
+ #:use-module (gnu packages pciutils)
+ #:use-module (gnu packages photo)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages protobuf)
+ #:use-module (gnu packages pulseaudio)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages python-web)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages serialization)
+ #:use-module (gnu packages speech)
+ #:use-module (gnu packages tls)
+ #:use-module (gnu packages valgrind)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages video)
+ #:use-module (gnu packages xiph)
+ #:use-module (gnu packages xml)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg))
+
+(define opus+custom
+ (package (inherit opus)
+ (arguments
+ `(;; Opus Custom is an optional extension of the Opus
+ ;; specification that allows for unsupported frame
+ ;; sizes. Chromium requires that this is enabled.
+ #:configure-flags '("--enable-custom-modes")
+ ,@(package-arguments opus)))))
+
+;; Chromium since 58 depends on an unreleased libvpx. So, we
+;; package the latest master branch as of 2017-08-05.
+(define libvpx+experimental
+ (package
+ (inherit libvpx)
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://chromium.googlesource.com/webm/libvpx")
+ (commit "cbb83ba4aa99b40b0b4a2a407bfd6d0d8be87d1f")))
+ (file-name "libvpx-for-chromium-checkout")
+ (sha256
+ (base32
+ "1rj4ag0zg8c7cn4a9q75vslk5wc7vqy119k669286lxy8dvarh86"))))
+ ;; TODO: Make libvpx configure flags overrideable.
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (setenv "CONFIG_SHELL" (which "bash"))
+ (let ((out (assoc-ref outputs "out")))
+ (setenv "LDFLAGS"
+ (string-append "-Wl,-rpath=" out "/lib"))
+ (zero? (system* "./configure"
+ "--enable-shared"
+ "--as=yasm"
+ ;; Limit size to avoid CVE-2015-1258
+ "--size-limit=16384x16384"
+ ;; Spatial SVC is an experimental VP9 encoder
+ ;; used by some packages (i.e. Chromium).
+ "--enable-experimental"
+ "--enable-spatial-svc"
+ (string-append "--prefix=" out)))))))
+ #:tests? #f)))) ; No tests.
+
+(define-public chromium
+ (package
+ (name "chromium")
+ (version "60.0.3112.90")
+ (synopsis "Graphical web browser")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://commondatastorage.googleapis.com/"
+ "chromium-browser-official/chromium-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1rirhwvccidza4q4z1gqdwcd9v1bymh1m9r2cq8jhiabfrjpjbxl"))
+ (patches (search-patches
+ "chromium-gn-bootstrap.patch"
+ "chromium-system-nspr.patch"
+ "chromium-system-icu.patch"
+ "chromium-system-libevent.patch"
+ "chromium-system-libxml.patch"
+ "chromium-disable-api-keys-warning.patch"
+ "chromium-disable-third-party-cookies.patch"))
+ (modules '((srfi srfi-1)
+ (guix build utils)))
+ (snippet
+ '(begin
+ ;; Replace GN files from third_party with shims for building
+ ;; against system libraries. Keep this list in sync with
+ ;; "build/linux/unbundle/replace_gn_files.py".
+ (for-each (lambda (pair)
+ (let ((source (string-append
+ "build/linux/unbundle/" (car pair)))
+ (dest (cdr pair)))
+ (copy-file source dest)))
+ (list
+ '("ffmpeg.gn" . "third_party/ffmpeg/BUILD.gn")
+ '("flac.gn" . "third_party/flac/BUILD.gn")
+ '("freetype.gn" . "third_party/freetype/BUILD.gn")
+ '("harfbuzz-ng.gn" . "third_party/harfbuzz-ng/BUILD.gn")
+ '("icu.gn" . "third_party/icu/BUILD.gn")
+ '("libdrm.gn" . "third_party/libdrm/BUILD.gn")
+ '("libevent.gn" . "base/third_party/libevent/BUILD.gn")
+ '("libjpeg.gn" .
+ "build/secondary/third_party/libjpeg_turbo/BUILD.gn")
+ '("libpng.gn" . "third_party/libpng/BUILD.gn")
+ '("libvpx.gn" . "third_party/libvpx/BUILD.gn")
+ '("libwebp.gn" . "third_party/libwebp/BUILD.gn")
+ '("libxml.gn" . "third_party/libxml/BUILD.gn")
+ '("libxslt.gn" . "third_party/libxslt/BUILD.gn")
+ '("openh264.gn" . "third_party/openh264/BUILD.gn")
+ '("opus.gn" . "third_party/opus/BUILD.gn")
+ '("re2.gn" . "third_party/re2/BUILD.gn")
+ '("snappy.gn" . "third_party/snappy/BUILD.gn")
+ '("yasm.gn" . "third_party/yasm/yasm_assemble.gni")
+ '("zlib.gn" . "third_party/zlib/BUILD.gn")))
+ #t))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; How?
+ ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+ ;; it's not recognized when passed.
+ #:validate-runpath? #f
+ #:modules ((srfi srfi-26)
+ (ice-9 ftw)
+ (ice-9 regex)
+ (guix build gnu-build-system)
+ (guix build utils))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'remove-bundled-software
+ (lambda _
+ (let ((keep-libs
+ (list
+ ;; Third party folders that cannot be deleted yet.
+ "base/third_party/dmg_fp"
+ "base/third_party/dynamic_annotations"
+ "base/third_party/icu"
+ "base/third_party/superfasthash"
+ "base/third_party/symbolize" ; glog
+ "base/third_party/xdg_mime"
+ "base/third_party/xdg_user_dirs"
+ "chrome/third_party/mozilla_security_manager"
+ "courgette/third_party"
+ "net/third_party/mozilla_security_manager"
+ "net/third_party/nss"
+ "third_party/adobe/flash/flapper_version.h"
+ ;; FIXME: This is used in:
+ ;; * ui/webui/resources/js/analytics.js
+ ;; * ui/file_manager/
+ "third_party/analytics"
+ "third_party/angle"
+ "third_party/angle/src/common/third_party/numerics"
+ "third_party/angle/src/third_party/compiler"
+ "third_party/angle/src/third_party/libXNVCtrl"
+ "third_party/angle/src/third_party/murmurhash"
+ "third_party/angle/src/third_party/trace_event"
+ "third_party/boringssl"
+ "third_party/brotli"
+ "third_party/cacheinvalidation"
+ "third_party/catapult"
+ "third_party/catapult/third_party/polymer"
+ "third_party/catapult/third_party/py_vulcanize"
+ "third_party/catapult/third_party/py_vulcanize/third_party/rcssmin"
+ "third_party/catapult/third_party/py_vulcanize/third_party/rjsmin"
+ "third_party/catapult/tracing/third_party/d3"
+ "third_party/catapult/tracing/third_party/gl-matrix"
+ "third_party/catapult/tracing/third_party/jszip"
+ "third_party/catapult/tracing/third_party/mannwhitneyu"
+ "third_party/catapult/tracing/third_party/oboe"
+ "third_party/ced"
+ "third_party/cld_3"
+ "third_party/cros_system_api"
+ "third_party/dom_distiller_js"
+ "third_party/fips181"
+ "third_party/flatbuffers"
+ ;; XXX Needed by pdfium since 59.
+ "third_party/freetype"
+ "third_party/glslang-angle"
+ "third_party/google_input_tools"
+ "third_party/google_input_tools/third_party/closure_library"
+ (string-append "third_party/google_input_tools/third_party"
+ "/closure_library/third_party/closure")
+ "third_party/googletest"
+ "third_party/hunspell"
+ "third_party/iccjpeg"
+ "third_party/inspector_protocol"
+ "third_party/jinja2"
+ "third_party/jstemplate"
+ "third_party/khronos"
+ "third_party/leveldatabase"
+ "third_party/libXNVCtrl"
+ "third_party/libaddressinput"
+ "third_party/libjingle_xmpp"
+ "third_party/libphonenumber"
+ "third_party/libsecret" ;FIXME: needs pkg-config support.
+ "third_party/libsrtp" ;TODO: Requires libsrtp@2.
+ "third_party/libudev"
+ "third_party/libwebm"
+ "third_party/libxml/chromium"
+ "third_party/libyuv"
+ "third_party/lss"
+ "third_party/lzma_sdk"
+ "third_party/markupsafe"
+ "third_party/mesa"
+ "third_party/modp_b64"
+ "third_party/mt19937ar"
+ "third_party/node"
+ "third_party/node/node_modules/vulcanize/third_party/UglifyJS2"
+ "third_party/openmax_dl"
+ "third_party/ots"
+ "third_party/pdfium" ;TODO: can be built standalone.
+ "third_party/pdfium/third_party"
+ "third_party/ply"
+ "third_party/polymer"
+ "third_party/protobuf"
+ "third_party/protobuf/third_party/six"
+ "third_party/qcms"
+ "third_party/sfntly"
+ "third_party/skia"
+ "third_party/skia/third_party/vulkan"
+ "third_party/smhasher"
+ ;; XXX the sources that include this are generated.
+ "third_party/speech-dispatcher"
+ "third_party/spirv-headers"
+ "third_party/spirv-tools-angle"
+ "third_party/sqlite"
+ "third_party/swiftshader"
+ "third_party/swiftshader/third_party"
+ "third_party/usb_ids"
+ "third_party/usrsctp"
+ "third_party/vulkan"
+ "third_party/vulkan-validation-layers"
+ "third_party/WebKit"
+ "third_party/web-animations-js"
+ "third_party/webrtc"
+ "third_party/widevine/cdm/widevine_cdm_version.h"
+ "third_party/widevine/cdm/widevine_cdm_common.h"
+ "third_party/woff2"
+ "third_party/xdg-utils"
+ "third_party/yasm/run_yasm.py"
+ "third_party/zlib/google"
+ "url/third_party/mozilla"
+ "v8/src/third_party/valgrind"
+ "v8/third_party/inspector_protocol")))
+ ;; FIXME: implement as source snippet. This traverses
+ ;; any "third_party" directory and deletes files that are:
+ ;; * not ending with ".gn" or ".gni"; or
+ ;; * not explicitly named as argument (folder or file).
+ (zero? (apply system* "python"
+ "build/linux/unbundle/remove_bundled_libraries.py"
+ "--do-remove" keep-libs)))))
+ (add-after 'remove-bundled-software 'patch-stuff
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "printing/cups_config_helper.py"
+ (("cups_config =.*")
+ (string-append "cups_config = '" (assoc-ref inputs "cups")
+ "/bin/cups-config'\n")))
+
+ (substitute*
+ '("base/process/launch_posix.cc"
+ "base/tracked_objects.cc"
+ "base/third_party/dynamic_annotations/dynamic_annotations.c"
+ "sandbox/linux/seccomp-bpf/sandbox_bpf.cc"
+ "sandbox/linux/services/credentials.cc"
+ "sandbox/linux/services/namespace_utils.cc"
+ "sandbox/linux/services/syscall_wrappers.cc"
+ "sandbox/linux/syscall_broker/broker_host.cc")
+ (("include \"base/third_party/valgrind/") "include \"valgrind/"))
+
+ (for-each (lambda (file)
+ (substitute* file
+ ;; Fix opus include path.
+ ;; Do not substitute opus_private.h.
+ (("#include \"opus\\.h\"")
+ "#include \"opus/opus.h\"")
+ (("#include \"opus_custom\\.h\"")
+ "#include \"opus/opus_custom.h\"")
+ (("#include \"opus_defines\\.h\"")
+ "#include \"opus/opus_defines.h\"")
+ (("#include \"opus_multistream\\.h\"")
+ "#include \"opus/opus_multistream.h\"")
+ (("#include \"opus_types\\.h\"")
+ "#include \"opus/opus_types.h\"")))
+ (append (find-files "third_party/opus/src/celt")
+ (find-files "third_party/opus/src/src")
+ (find-files (string-append "third_party/webrtc/modules"
+ "/audio_coding/codecs/opus"))))
+
+ (substitute* "chrome/common/chrome_paths.cc"
+ (("/usr/share/chromium/extensions")
+ ;; TODO: Add ~/.guix-profile.
+ "/run/current-system/profile/share/chromium/extensions"))
+
+ (substitute* "breakpad/src/common/linux/libcurl_wrapper.h"
+ (("include \"third_party/curl") "include \"curl"))
+ (substitute* "media/base/decode_capabilities.cc"
+ (("third_party/libvpx/source/libvpx/") ""))
+ #t))
+ (replace 'configure
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((gn-flags
+ (list
+ ;; See tools/gn/docs/cookbook.md and
+ ;; https://www.chromium.org/developers/gn-build-configuration
+ ;; for usage. Run "./gn args . --list" in the Release
+ ;; directory for an exhaustive list of supported flags.
+ "is_debug=false"
+ "is_official_build=false"
+ "is_clang=false"
+ "use_gold=false"
+ "linux_use_bundled_binutils=false"
+ "use_sysroot=false"
+ "remove_webcore_debug_symbols=true"
+ "enable_iterator_debugging=false"
+ "override_build_date=\"01 01 2000 05:00:00\""
+ ;; Don't fail when using deprecated ffmpeg features.
+ "treat_warnings_as_errors=false"
+ "enable_nacl=false"
+ "enable_nacl_nonsfi=false"
+ "use_allocator=\"none\"" ; Don't use tcmalloc.
+ ;; Don't add any API keys. End users can set them in the
+ ;; environment if necessary.
+ ;; https://www.chromium.org/developers/how-tos/api-keys
+ "use_official_google_api_keys=false"
+ ;; Disable "field trials".
+ "fieldtrial_testing_like_official_build=true"
+
+ "use_system_libjpeg=true"
+ ;; This is currently not supported on Linux:
+ ;; https://bugs.chromium.org/p/chromium/issues/detail?id=22208
+ ;; "use_system_sqlite=true"
+ "use_gtk3=true"
+ "use_gconf=false" ; deprecated by gsettings
+ "use_gnome_keyring=false" ; deprecated by libsecret
+ "use_xkbcommon=true"
+ "link_pulseaudio=true"
+ "use_openh264=true"
+
+ ;; Don't arbitrarily restrict formats supported by our ffmpeg.
+ "proprietary_codecs=true"
+ "ffmpeg_branding=\"Chrome\""
+
+ ;; WebRTC stuff.
+ "rtc_use_h264=true"
+ ;; Don't use bundled sources.
+ "rtc_build_json=false"
+ "rtc_build_libevent=false"
+ "rtc_build_libjpeg=false"
+ "rtc_build_libvpx=false"
+ "rtc_build_opus=false"
+ "rtc_build_ssl=false"
+ ;; TODO: Package these.
+ "rtc_build_libsrtp=true" ; 2.0
+ "rtc_build_libyuv=true"
+ "rtc_build_openmax_dl=true"
+ "rtc_build_usrsctp=true"
+ (string-append "rtc_jsoncpp_root=\""
+ (assoc-ref inputs "jsoncpp")
+ "/include/jsoncpp/json\"")
+ (string-append "rtc_ssl_root=\""
+ (assoc-ref inputs "openssl")
+ "/include/openssl\""))))
+
+ ;; XXX: How portable is this.
+ (mkdir-p "third_party/node/linux/node-linux-x64")
+ (symlink (string-append (assoc-ref inputs "node") "/bin")
+ "third_party/node/linux/node-linux-x64/bin")
+
+ (setenv "CC" "gcc")
+ (setenv "CXX" "g++")
+ ;; TODO: pre-compile instead. Avoids a race condition.
+ (setenv "PYTHONDONTWRITEBYTECODE" "1")
+ (and
+ ;; Build the "gn" tool.
+ (zero? (system* "python"
+ "tools/gn/bootstrap/bootstrap.py" "-s" "-v"))
+ ;; Generate ninja build files.
+ (zero? (system* "./out/Release/gn" "gen" "out/Release"
+ (string-append "--args="
+ (string-join gn-flags " "))))))))
+ (replace 'build
+ (lambda* (#:key outputs #:allow-other-keys)
+ (zero? (system* "ninja" "-C" "out/Release"
+ "-j" (number->string (parallel-job-count))
+ "chrome"))))
+ (replace 'install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (exe (string-append bin "/chromium"))
+ (lib (string-append out "/lib"))
+ (man (string-append out "/share/man/man1"))
+ (applications (string-append out "/share/applications"))
+ (install-regexp (make-regexp "\\.(so|bin|pak)$"))
+ (locales (string-append lib "/locales"))
+ (resources (string-append lib "/resources"))
+ (gtk+ (assoc-ref inputs "gtk+"))
+ (mesa (assoc-ref inputs "mesa"))
+ (nss (assoc-ref inputs "nss"))
+ (udev (assoc-ref inputs "udev"))
+ (sh (which "sh")))
+
+ (mkdir-p applications)
+ (call-with-output-file (string-append applications
+ "/chromium.desktop")
+ (lambda (port)
+ (format port
+ "[Desktop Entry]~@
+ Name=Chromium~@
+ Comment=~a~@
+ Exec=~a~@
+ Icon=chromium.png~@
+ Type=Application~%" ,synopsis exe)))
+
+ (with-directory-excursion "out/Release"
+ (for-each (lambda (file)
+ (install-file file lib))
+ (scandir "." (cut regexp-exec install-regexp <>)))
+ (copy-file "chrome" (string-append lib "/chromium"))
+
+ ;; TODO: Install icons from "../../chrome/app/themes" into
+ ;; "out/share/icons/hicolor/$size".
+ (install-file
+ "product_logo_48.png"
+ (string-append out "/share/icons/48x48/chromium.png"))
+
+ (copy-recursively "locales" locales)
+ (copy-recursively "resources" resources)
+
+ (mkdir-p man)
+ (copy-file "chrome.1" (string-append man "/chromium.1"))
+
+ (mkdir-p bin)
+ ;; Add a thin wrapper to prevent the user from inadvertently
+ ;; installing non-free software through the Web Store.
+ ;; TODO: Discover extensions from the profile and pass
+ ;; something like "--disable-extensions-except=...".
+ (call-with-output-file exe
+ (lambda (port)
+ (format port
+ "#!~a~@
+ CHROMIUM_FLAGS=\"--disable-background-networking\"~@
+ if [ -z \"$CHROMIUM_ENABLE_WEB_STORE\" ]~@
+ then~@
+ CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS --disable-extensions\"~@
+ fi~@
+ exec ~a $CHROMIUM_FLAGS \"$@\"~%"
+ sh (string-append lib "/chromium"))))
+ (chmod exe #o755)
+
+ (wrap-program exe
+ ;; TODO: Get these in RUNPATH.
+ `("LD_LIBRARY_PATH" ":" prefix
+ (,(string-append lib ":" nss "/lib/nss:" gtk+ "/lib:"
+ mesa "/lib:" udev "/lib")))
+ ;; Avoid file manager crash. See <https://bugs.gnu.org/26593>.
+ `("XDG_DATA_DIRS" ":" prefix (,(string-append gtk+ "/share"))))
+ #t)))))))
+ (native-inputs
+ `(("bison" ,bison)
+ ("git" ,git) ; last_commit_position.py
+ ("gperf" ,gperf)
+ ("ninja" ,ninja)
+ ("node" ,node)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)
+ ("yasm" ,yasm)
+
+ ;; Headers.
+ ("curl" ,curl)
+ ("valgrind" ,valgrind)
+
+ ("python-beautifulsoup4" ,python2-beautifulsoup4)
+ ("python-html5lib" ,python2-html5lib)
+ ("python" ,python-2)))
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("atk" ,atk)
+ ("cups" ,cups)
+ ("dbus" ,dbus)
+ ("dbus-glib" ,dbus-glib)
+ ("udev" ,eudev)
+ ("expat" ,expat)
+ ("flac" ,flac)
+ ("ffmpeg" ,ffmpeg)
+ ("fontconfig" ,fontconfig)
+ ("freetype" ,freetype)
+ ("gdk-pixbuf" ,gdk-pixbuf)
+ ("glib" ,glib)
+ ("gtk+-2" ,gtk+-2)
+ ("gtk+" ,gtk+)
+ ("harfbuzz" ,harfbuzz)
+ ("icu4c" ,icu4c)
+ ("jsoncpp" ,jsoncpp)
+ ("libevent" ,libevent)
+ ("libffi" ,libffi)
+ ("libjpeg-turbo" ,libjpeg-turbo)
+ ("libpng" ,libpng)
+ ("libusb" ,libusb)
+ ("libvpx" ,libvpx+experimental)
+ ("libwebp" ,libwebp)
+ ("libx11" ,libx11)
+ ("libxcb" ,libxcb)
+ ("libxcomposite" ,libxcomposite)
+ ("libxcursor" ,libxcursor)
+ ("libxdamage" ,libxdamage)
+ ("libxext" ,libxext)
+ ("libxfixes" ,libxfixes)
+ ("libxi" ,libxi)
+ ("libxkbcommon" ,libxkbcommon)
+ ("libxml2" ,libxml2)
+ ("libxrandr" ,libxrandr)
+ ("libxrender" ,libxrender)
+ ("libxscrnsaver" ,libxscrnsaver)
+ ("libxslt" ,libxslt)
+ ("libxtst" ,libxtst)
+ ("mesa" ,mesa)
+ ("minizip" ,minizip)
+ ("mit-krb5" ,mit-krb5)
+ ("nss" ,nss)
+ ("openh264" ,openh264)
+ ("openssl" ,openssl)
+ ("opus" ,opus+custom)
+ ("pango" ,pango)
+ ("pciutils" ,pciutils)
+ ("protobuf" ,protobuf)
+ ("pulseaudio" ,pulseaudio)
+ ("re2" ,re2)
+ ("snappy" ,snappy)
+ ("speech-dispatcher" ,speech-dispatcher)
+ ("sqlite" ,sqlite)))
+ (home-page "https://www.chromium.org/")
+ (description
+ "Chromium is a web browser using the @code{Blink} rendering engine.")
+ ;; Chromium is developed as BSD-3, but bundles a large number of third-party
+ ;; software with other licenses. For full information, see chrome://credits.
+ (license (list license:bsd-3
+ license:bsd-2
+ license:expat
+ license:asl2.0
+ license:mpl2.0
+ license:public-domain
+ license:lgpl2.1+))))
diff --git a/gnu/packages/patches/chromium-disable-api-keys-warning.patch b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
new file mode 100644
index 0000000000..c7e219f40e
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-api-keys-warning.patch
@@ -0,0 +1,17 @@
+Disable warning about missing API keys.
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/google-api-warning.patch
+
+--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
++++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+@@ -816,8 +816,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+ !command_line_.HasSwitch(switches::kTestType) &&
+ !command_line_.HasSwitch(switches::kEnableAutomation)) {
+ chrome::ShowBadFlagsPrompt(browser);
+- GoogleApiKeysInfoBarDelegate::Create(InfoBarService::FromWebContents(
+- browser->tab_strip_model()->GetActiveWebContents()));
+ ObsoleteSystemInfoBarDelegate::Create(InfoBarService::FromWebContents(
+ browser->tab_strip_model()->GetActiveWebContents()));
+
diff --git a/gnu/packages/patches/chromium-disable-third-party-cookies.patch b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
new file mode 100644
index 0000000000..0694c35f36
--- /dev/null
+++ b/gnu/packages/patches/chromium-disable-third-party-cookies.patch
@@ -0,0 +1,13 @@
+Disable third party cookies by default.
+
+--- a/components/content_settings/core/browser/cookie_settings.cc
++++ b/components/content_settings/core/browser/cookie_settings.cc
+@@ -101,7 +101,7 @@ void CookieSettings::GetCookieSettings(
+ void CookieSettings::RegisterProfilePrefs(
+ user_prefs::PrefRegistrySyncable* registry) {
+ registry->RegisterBooleanPref(
+- prefs::kBlockThirdPartyCookies, false,
++ prefs::kBlockThirdPartyCookies, true,
+ user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+ }
+
diff --git a/gnu/packages/patches/chromium-gn-bootstrap.patch b/gnu/packages/patches/chromium-gn-bootstrap.patch
new file mode 100644
index 0000000000..6d1dcb1669
--- /dev/null
+++ b/gnu/packages/patches/chromium-gn-bootstrap.patch
@@ -0,0 +1,13 @@
+description: add file needed to build gn
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -490,6 +490,7 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/sys_info.cc',
+ 'base/task_runner.cc',
+ 'base/task_scheduler/delayed_task_manager.cc',
++ 'base/task_scheduler/environment_config.cc',
+ 'base/task_scheduler/post_task.cc',
+ 'base/task_scheduler/priority_queue.cc',
+ 'base/task_scheduler/scheduler_lock_impl.cc',
diff --git a/gnu/packages/patches/chromium-system-icu.patch b/gnu/packages/patches/chromium-system-icu.patch
new file mode 100644
index 0000000000..c35c1b75c7
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-icu.patch
@@ -0,0 +1,15 @@
+description: maintain compatibility with system icu library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -657,8 +657,7 @@ group("gn_all") {
+ }
+ }
+
+- if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfuzz) ||
+- (use_libfuzzer && is_mac)) {
++ if (false) {
+ deps += [
+ "//testing/libfuzzer/fuzzers",
+ "//testing/libfuzzer/tests:libfuzzer_tests",
diff --git a/gnu/packages/patches/chromium-system-libevent.patch b/gnu/packages/patches/chromium-system-libevent.patch
new file mode 100644
index 0000000000..91fc9e3b58
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-libevent.patch
@@ -0,0 +1,84 @@
+description: build using system libevent
+author: Michael Gilbert <mgilbert@debian.org>
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/system/event.patch
+
+--- a/third_party/webrtc/base/task_queue_libevent.cc
++++ b/third_party/webrtc/base/task_queue_libevent.cc
+@@ -15,7 +15,7 @@
+ #include <string.h>
+ #include <unistd.h>
+
+-#include "base/third_party/libevent/event.h"
++#include <event.h>
+ #include "webrtc/base/checks.h"
+ #include "webrtc/base/logging.h"
+ #include "webrtc/base/task_queue_posix.h"
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -609,26 +609,6 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/time/time_now_posix.cc',
+ 'base/trace_event/heap_profiler_allocation_register_posix.cc',
+ ])
+- static_libraries['libevent'] = {
+- 'sources': [
+- 'base/third_party/libevent/buffer.c',
+- 'base/third_party/libevent/evbuffer.c',
+- 'base/third_party/libevent/evdns.c',
+- 'base/third_party/libevent/event.c',
+- 'base/third_party/libevent/event_tagging.c',
+- 'base/third_party/libevent/evrpc.c',
+- 'base/third_party/libevent/evutil.c',
+- 'base/third_party/libevent/http.c',
+- 'base/third_party/libevent/log.c',
+- 'base/third_party/libevent/poll.c',
+- 'base/third_party/libevent/select.c',
+- 'base/third_party/libevent/signal.c',
+- 'base/third_party/libevent/strlcpy.c',
+- ],
+- 'tool': 'cc',
+- 'include_dirs': [],
+- 'cflags': cflags + ['-DHAVE_CONFIG_H'],
+- }
+
+ if is_linux or is_aix:
+ ldflags.extend(['-pthread'])
+@@ -660,13 +640,7 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/allocator/allocator_shim.cc',
+ 'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
+ ])
+- libs.extend(['-lrt', '-latomic', '-lnspr4'])
+- static_libraries['libevent']['include_dirs'].extend([
+- os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linux')
+- ])
+- static_libraries['libevent']['sources'].extend([
+- 'base/third_party/libevent/epoll.c',
+- ])
++ libs.extend(['-lrt', '-latomic', '-lnspr4', '-levent'])
+ else:
+ libs.extend(['-lrt'])
+ static_libraries['base']['sources'].extend([
+@@ -703,12 +677,6 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/time/time_mac.cc',
+ 'base/threading/platform_thread_mac.mm',
+ ])
+- static_libraries['libevent']['include_dirs'].extend([
+- os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'mac')
+- ])
+- static_libraries['libevent']['sources'].extend([
+- 'base/third_party/libevent/kqueue.c',
+- ])
+
+ libs.extend([
+ '-framework', 'AppKit',
+--- a/base/message_loop/message_pump_libevent.cc
++++ b/base/message_loop/message_pump_libevent.cc
+@@ -14,7 +14,7 @@
+ #include "base/files/file_util.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
+-#include "base/third_party/libevent/event.h"
++#include <event.h>
+ #include "base/time/time.h"
+ #include "base/trace_event/trace_event.h"
+ #include "build/build_config.h"
diff --git a/gnu/packages/patches/chromium-system-libxml.patch b/gnu/packages/patches/chromium-system-libxml.patch
new file mode 100644
index 0000000000..23c42d79cb
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-libxml.patch
@@ -0,0 +1,29 @@
+description: system libxml2 2.9.4 does not yet provide XML_PARSE_NOXXE
+author: Michael Gilbert <mgilbert@debian.org>
+
+Copied from:
+
+https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/system/libxml.patch
+
+--- a/third_party/libxml/chromium/libxml_utils.cc
++++ b/third_party/libxml/chromium/libxml_utils.cc
+@@ -24,8 +24,7 @@ XmlReader::~XmlReader() {
+
+ bool XmlReader::Load(const std::string& input) {
+ const int kParseOptions = XML_PARSE_RECOVER | // recover on errors
+- XML_PARSE_NONET | // forbid network access
+- XML_PARSE_NOXXE; // no external entities
++ XML_PARSE_NONET; // forbid network access
+ // TODO(evanm): Verify it's OK to pass NULL for the URL and encoding.
+ // The libxml code allows for these, but it's unclear what effect is has.
+ reader_ = xmlReaderForMemory(input.data(), static_cast<int>(input.size()),
+@@ -35,8 +34,7 @@ bool XmlReader::Load(const std::string&
+
+ bool XmlReader::LoadFile(const std::string& file_path) {
+ const int kParseOptions = XML_PARSE_RECOVER | // recover on errors
+- XML_PARSE_NONET | // forbid network access
+- XML_PARSE_NOXXE; // no external entities
++ XML_PARSE_NONET; // forbid network access
+ reader_ = xmlReaderForFile(file_path.c_str(), NULL, kParseOptions);
+ return reader_ != NULL;
+ }
diff --git a/gnu/packages/patches/chromium-system-nspr.patch b/gnu/packages/patches/chromium-system-nspr.patch
new file mode 100644
index 0000000000..5f2cca0c3b
--- /dev/null
+++ b/gnu/packages/patches/chromium-system-nspr.patch
@@ -0,0 +1,65 @@
+description: use system nspr library
+author: Michael Gilbert <mgilbert@debian.org>
+
+--- a/base/time/pr_time_unittest.cc
++++ b/base/time/pr_time_unittest.cc
+@@ -7,7 +7,7 @@
+
+ #include "base/compiler_specific.h"
+ #include "base/macros.h"
+-#include "base/third_party/nspr/prtime.h"
++#include <nspr/prtime.h>
+ #include "base/time/time.h"
+ #include "build/build_config.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+--- a/base/time/time.cc
++++ b/base/time/time.cc
+@@ -14,7 +14,7 @@
+ #include "base/logging.h"
+ #include "base/macros.h"
+ #include "base/strings/stringprintf.h"
+-#include "base/third_party/nspr/prtime.h"
++#include <nspr/prtime.h>
+ #include "build/build_config.h"
+
+ namespace base {
+--- a/tools/gn/bootstrap/bootstrap.py
++++ b/tools/gn/bootstrap/bootstrap.py
+@@ -510,7 +510,6 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/third_party/dmg_fp/dtoa_wrapper.cc',
+ 'base/third_party/dmg_fp/g_fmt.cc',
+ 'base/third_party/icu/icu_utf.cc',
+- 'base/third_party/nspr/prtime.cc',
+ 'base/threading/non_thread_safe_impl.cc',
+ 'base/threading/post_task_and_reply_impl.cc',
+ 'base/threading/sequenced_task_runner_handle.cc',
+@@ -661,7 +660,7 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/allocator/allocator_shim.cc',
+ 'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
+ ])
+- libs.extend(['-lrt', '-latomic'])
++ libs.extend(['-lrt', '-latomic', '-lnspr4'])
+ static_libraries['libevent']['include_dirs'].extend([
+ os.path.join(SRC_ROOT, 'base', 'third_party', 'libevent', 'linux')
+ ])
+--- a/base/BUILD.gn
++++ b/base/BUILD.gn
+@@ -58,6 +58,9 @@ config("base_flags") {
+ "-Wno-char-subscripts",
+ ]
+ }
++ ldflags = [
++ "-lnspr4",
++ ]
+ }
+
+ config("base_implementation") {
+@@ -868,8 +871,6 @@ component("base") {
+ "third_party/dmg_fp/g_fmt.cc",
+ "third_party/icu/icu_utf.cc",
+ "third_party/icu/icu_utf.h",
+- "third_party/nspr/prtime.cc",
+- "third_party/nspr/prtime.h",
+ "third_party/superfasthash/superfasthash.c",
+ "third_party/valgrind/memcheck.h",
+ "threading/non_thread_safe.h",