diff options
Diffstat (limited to 'pkgs/applications/networking/browsers/chromium/common.nix')
-rw-r--r-- | pkgs/applications/networking/browsers/chromium/common.nix | 49 |
1 files changed, 34 insertions, 15 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index d78943a5c5c26..e7597249acdb5 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -20,6 +20,7 @@ , pkgsBuildHost # configurePhase: , gnChromium +, symlinkJoin # Build inputs: , libpng @@ -241,8 +242,26 @@ let ./patches/cross-compile.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed): ./patches/no-build-timestamps.patch - # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags: - ./patches/widevine-79.patch + ] ++ lib.optionals (packageName == "chromium") [ + # This patch is limited to chromium and ungoogled-chromium because electron-source sets + # enable_widevine to false. + # + # The patch disables the automatic Widevine download (component) that happens at runtime + # completely (~/.config/chromium/WidevineCdm/). This would happen if chromium encounters DRM + # protected content or when manually opening chrome://components. + # + # It also prevents previously downloaded Widevine blobs in that location from being loaded and + # used at all, while still allowing the use of our -wv wrapper. This is because those old + # versions are out of out our control and may be vulnerable, given we literally disable their + # auto updater. + # + # bundle_widevine_cdm is available as gn flag, but we cannot use it, as it expects a bunch of + # files Widevine files at configure/compile phase that we don't have. Changing the value of the + # BUNDLE_WIDEVINE_CDM build flag does work in the way we want though. + # We also need enable_widevine_cdm_component to be false. Unfortunately it isn't exposed as gn + # flag (declare_args) so we simply hardcode it to false. + ./patches/widevine-disable-auto-download-allow-bundle.patch + ] ++ [ # Required to fix the build with a more recent wayland-protocols version # (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21): # Source: https://bugs.chromium.org/p/angleproject/issues/detail?id=7582#c1 @@ -272,15 +291,6 @@ let # Partial revert of https://github.com/chromium/chromium/commit/3687976b0c6d36cf4157419a24a39f6770098d61 # allowing us to use our rustc and our clang. ./patches/chromium-121-rust.patch - ] ++ lib.optionals (chromiumVersionAtLeast "124" && !chromiumVersionAtLeast "124.0.6367.118") [ - # M124 < 124.0.6367.118 shipped with broken --ozone-platform-hint flag handling, which we rely on - # for our NIXOS_OZONE_WL (wayland) environment variable. - # See <https://issues.chromium.org/issues/329678163>. - # This is the commit for the fix that landed in M125, which applies clean on M124. - (githubPatch { - commit = "c7f4c58f896a651eba80ad805ebdb49d19ebdbd4"; - hash = "sha256-6nYWT2zN+j73xAIXLdGYT2eC71vGnGfiLCB0OwT0CAI="; - }) ]; postPatch = '' @@ -369,6 +379,14 @@ let ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; + llvmCcAndBintools = symlinkJoin { + name = "llvmCcAndBintools"; + paths = [ + pkgsBuildTarget.${llvmPackages_attrName}.llvm + pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc + ]; + }; + gnFlags = mkGnFlags ({ # Main build and toolchain settings: # Create an official and optimized release build (only official builds @@ -427,15 +445,16 @@ let # Feature overrides: # Native Client support was deprecated in 2020 and support will end in June 2021: enable_nacl = false; - # Enabling the Widevine component here doesn't affect whether we can - # redistribute the chromium package; the Widevine component is either - # added later in the wrapped -wv build or downloaded from Google: + } // lib.optionalAttrs (packageName == "chromium") { + # Enabling the Widevine here doesn't affect whether we can redistribute the chromium package. + # Widevine in this drv is a bit more complex than just that. See Widevine patch somewhere above. enable_widevine = true; + } // { # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture: rtc_use_pipewire = true; # Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient): chrome_pgo_phase = 0; - clang_base_path = "${pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc}"; + clang_base_path = "${llvmCcAndBintools}"; use_qt = false; # To fix the build as we don't provide libffi_pic.a # (ld.lld: error: unable to find library -l:libffi_pic.a): |