Chromium

Done

Details

23 participants

Adonay Felipe Nogueira
Amirouche Boubekki
Amin Bandali
bill-auger
Björn Höfling
brettg
Clément Lassieur
Christopher Lemmer Webber
Efraim Flashner
Giovanni Biscuolo
Oleg Pykhalov
Ineiev
Leo Famulari
Ludovic Courtès
Marius Bakke
Tobias Geerinckx-Rice
Mark H Weaver
Mike Gerwitz
ng0
ng0
Julie Marchant
Pjotr Prins
swedebugia

Owner: unassigned

Submitted by: Marius Bakke

Severity: normal

Marius Bakke wrote on 7 Aug 2017 21:58

Recipients:(address . guix-patches@gnu.org)

Message-ID:87y3qvb15k.fsf@fastmail.com

Hello Guix!

Attached is a patch for Chromium, a popular web browser.

It requires the new ld wrapper from 'core-updates' and a very powerful

build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).

Note that I cannot guarantee timely delivery of security updates. Major

version upgrades are hugely painful, and almost always contain many

high-severity fixes. Should we mention that in the description?

Happy for any feedback.

Attachment: 0001-gnu-Add-chromium.patch

ng0 wrote on 7 Aug 2017 22:23

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:20170807202341.5c54jx4mpudor47i@abyayala

Hi Marius,

Marius Bakke transcribed 43K bytes:

Toggle quote (4 lines)

> Hello Guix!

> Attached is a patch for Chromium, a popular web browser.

Nice! I've been using this from your branch for a while now,
works just fine :)
Is this not affected by the chromium discussion which happened
a while back? Can we include this? I'm all for this, because I
mainly use it for websites where firefox/icecat doesn't work so
well, and building it locally takes a very long time.
(Pro-tip: Don't offload from very powerful laptops to 10 year
old computers with 2 cores ;))

Toggle quote (3 lines)

> It requires the new ld wrapper from 'core-updates' and a very powerful

> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).

But to notice: it builds with less than 3GB RAM.

Toggle quote (7 lines)

> Note that I cannot guarantee timely delivery of security updates. Major

> version upgrades are hugely painful, and almost always contain many

> high-severity fixes. Should we mention that in the description?

> Happy for any feedback.

Shouldn't you mention defines in addition to the define-public aswell,
or don't we do that?
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

Marius Bakke wrote on 7 Aug 2017 23:16

Recipients:(name . ng0)(address . ng0@infotropique.org)(address . 28004@debbugs.gnu.org)

Message-ID:87shh3axjf.fsf@fastmail.com

ng0 <ng0@infotropique.org> writes:

Toggle quote (14 lines)> Hi Marius,
>
> Marius Bakke transcribed 43K bytes:
>> Hello Guix!
>> 
>> Attached is a patch for Chromium, a popular web browser.
>
> Nice! I've been using this from your branch for a while now,
> works just fine :)
> Is this not affected by the chromium discussion which happened
> a while back? Can we include this? I'm all for this, because I
> mainly use it for websites where firefox/icecat doesn't work so
> well, and building it locally takes a very long time.

I believe this is within the Free System Distribution Guidelines. DRM

("Widevine") is disabled at build time, and the Web Store is

non-functional without the end user explicitly enabling it.

There are some grey areas though. The browser may interact with certain

non-free APIs (apart from regular browser duties) such as translation or

prediction services. These features are optional, but some are enabled

by default, and difficult to maintain patches for (I've tried).

However, I have verified that it does not send any unsolicited requests

with the current command-line options, apart from the very first launch

which spawns a login prompt (help wanted!). Without either of those

flags the browser "calls home" every time it starts.

Toggle quote (10 lines)>> Note that I cannot guarantee timely delivery of security updates. Major
>> version upgrades are hugely painful, and almost always contain many
>> high-severity fixes. Should we mention that in the description?
>> 
>> Happy for any feedback.
>> 
>
> Shouldn't you mention defines in addition to the define-public aswell,
> or don't we do that?

Not for new files (modules), typically. I don't think Magit can fill out
those variable names (by pressing C on the hunks) either ;-) But it
should probably go in web-browsers.scm anyway.

ng0 wrote on 8 Aug 2017 07:53

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20170808055329.pnlmynfcfpmon3lk@abyayala

Marius Bakke transcribed 2.4K bytes:

Toggle quote (18 lines)> ng0 <ng0@infotropique.org> writes:
> 
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >> 
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
> 
> I believe this is within the Free System Distribution Guidelines.

What I meant was this long discussion about "QTWebengine is nonfree",
but as far as I experienced in being one of the early users of chromium
for a long time, it doesn't depend on anything Qt and doesn't bundle it.
So without having the time this morning to refresh the discussion, I think
it was about Chromium as a part for other software which is provided
through QtWebengine (Or maybe I'm tired and write only almost nonsense).

Toggle quote (28 lines)> DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
> 
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
> 
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
> 
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >> 
> >> Happy for any feedback.
> >> 
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
> 
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.

Isn't web-browsers just for smaller browsers? we have gnuzilla, and I'm
about to add palemoon when I have analysed and cleaned up my build of it.

Of course we coukd add them all to web-browser, the file won't become too large.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

ng0 wrote on 8 Aug 2017 15:18

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20170808131801.snryxiiehczhnibr@abyayala

Marius Bakke transcribed 2.4K bytes:

Toggle quote (44 lines)> ng0 <ng0@infotropique.org> writes:
> 
> > Hi Marius,
> >
> > Marius Bakke transcribed 43K bytes:
> >> Hello Guix!
> >> 
> >> Attached is a patch for Chromium, a popular web browser.
> >
> > Nice! I've been using this from your branch for a while now,
> > works just fine :)
> > Is this not affected by the chromium discussion which happened
> > a while back? Can we include this? I'm all for this, because I
> > mainly use it for websites where firefox/icecat doesn't work so
> > well, and building it locally takes a very long time.
> 
> I believe this is within the Free System Distribution Guidelines. DRM
> ("Widevine") is disabled at build time, and the Web Store is
> non-functional without the end user explicitly enabling it.
> 
> There are some grey areas though. The browser may interact with certain
> non-free APIs (apart from regular browser duties) such as translation or
> prediction services. These features are optional, but some are enabled
> by default, and difficult to maintain patches for (I've tried).
> 
> However, I have verified that it does not send any unsolicited requests
> with the current command-line options, apart from the very first launch
> which spawns a login prompt (help wanted!). Without either of those
> flags the browser "calls home" every time it starts.
> 
> >> Note that I cannot guarantee timely delivery of security updates. Major
> >> version upgrades are hugely painful, and almost always contain many
> >> high-severity fixes. Should we mention that in the description?
> >> 
> >> Happy for any feedback.
> >> 
> >
> > Shouldn't you mention defines in addition to the define-public aswell,
> > or don't we do that?
> 
> Not for new files (modules), typically. I don't think Magit can fill out
> those variable names (by pressing C on the hunks) either ;-) But it
> should probably go in web-browsers.scm anyway.

Unless someone else is already building this, I'm giving it a spin.

I guess you changed some things since the version of yours I have in
here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
so I have to rebuild it.
It might take a while because I'm offloading to something much slower
but which doesn't care about heat as much as a this one ;)
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

ng0 wrote on 8 Aug 2017 16:22

Recipients:

Message-ID:20170808142223.re52odap7y32eten@abyayala

ng0 transcribed 3.4K bytes:

Toggle quote (53 lines)> Marius Bakke transcribed 2.4K bytes:
> > ng0 <ng0@infotropique.org> writes:
> > 
> > > Hi Marius,
> > >
> > > Marius Bakke transcribed 43K bytes:
> > >> Hello Guix!
> > >> 
> > >> Attached is a patch for Chromium, a popular web browser.
> > >
> > > Nice! I've been using this from your branch for a while now,
> > > works just fine :)
> > > Is this not affected by the chromium discussion which happened
> > > a while back? Can we include this? I'm all for this, because I
> > > mainly use it for websites where firefox/icecat doesn't work so
> > > well, and building it locally takes a very long time.
> > 
> > I believe this is within the Free System Distribution Guidelines. DRM
> > ("Widevine") is disabled at build time, and the Web Store is
> > non-functional without the end user explicitly enabling it.
> > 
> > There are some grey areas though. The browser may interact with certain
> > non-free APIs (apart from regular browser duties) such as translation or
> > prediction services. These features are optional, but some are enabled
> > by default, and difficult to maintain patches for (I've tried).
> > 
> > However, I have verified that it does not send any unsolicited requests
> > with the current command-line options, apart from the very first launch
> > which spawns a login prompt (help wanted!). Without either of those
> > flags the browser "calls home" every time it starts.
> > 
> > >> Note that I cannot guarantee timely delivery of security updates. Major
> > >> version upgrades are hugely painful, and almost always contain many
> > >> high-severity fixes. Should we mention that in the description?
> > >> 
> > >> Happy for any feedback.
> > >> 
> > >
> > > Shouldn't you mention defines in addition to the define-public aswell,
> > > or don't we do that?
> > 
> > Not for new files (modules), typically. I don't think Magit can fill out
> > those variable names (by pressing C on the hunks) either ;-) But it
> > should probably go in web-browsers.scm anyway.
> 
> Unless someone else is already building this, I'm giving it a spin.
> 
> I guess you changed some things since the version of yours I have in
> here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> so I have to rebuild it.
> It might take a while because I'm offloading to something much slower
> but which doesn't care about heat as much as a this one ;)

Patch itself LGTM, I'm now waiting on the build to finish in the
next couple of hours.

Thanks for your work on this!
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

ng0 wrote on 8 Aug 2017 17:44

Recipients:

Message-ID:20170808154422.rfmrom3qkgscloyj@abyayala

ng0 transcribed 3.7K bytes:

Toggle quote (57 lines)> ng0 transcribed 3.4K bytes:
> > Marius Bakke transcribed 2.4K bytes:
> > > ng0 <ng0@infotropique.org> writes:
> > > 
> > > > Hi Marius,
> > > >
> > > > Marius Bakke transcribed 43K bytes:
> > > >> Hello Guix!
> > > >> 
> > > >> Attached is a patch for Chromium, a popular web browser.
> > > >
> > > > Nice! I've been using this from your branch for a while now,
> > > > works just fine :)
> > > > Is this not affected by the chromium discussion which happened
> > > > a while back? Can we include this? I'm all for this, because I
> > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > well, and building it locally takes a very long time.
> > > 
> > > I believe this is within the Free System Distribution Guidelines. DRM
> > > ("Widevine") is disabled at build time, and the Web Store is
> > > non-functional without the end user explicitly enabling it.
> > > 
> > > There are some grey areas though. The browser may interact with certain
> > > non-free APIs (apart from regular browser duties) such as translation or
> > > prediction services. These features are optional, but some are enabled
> > > by default, and difficult to maintain patches for (I've tried).
> > > 
> > > However, I have verified that it does not send any unsolicited requests
> > > with the current command-line options, apart from the very first launch
> > > which spawns a login prompt (help wanted!). Without either of those
> > > flags the browser "calls home" every time it starts.
> > > 
> > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > >> version upgrades are hugely painful, and almost always contain many
> > > >> high-severity fixes. Should we mention that in the description?
> > > >> 
> > > >> Happy for any feedback.
> > > >> 
> > > >
> > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > or don't we do that?
> > > 
> > > Not for new files (modules), typically. I don't think Magit can fill out
> > > those variable names (by pressing C on the hunks) either ;-) But it
> > > should probably go in web-browsers.scm anyway.
> > 
> > Unless someone else is already building this, I'm giving it a spin.
> > 
> > I guess you changed some things since the version of yours I have in
> > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > so I have to rebuild it.
> > It might take a while because I'm offloading to something much slower
> > but which doesn't care about heat as much as a this one ;)
> 
> Patch itself LGTM, I'm now waiting on the build to finish in the
> next couple of hours.

x86_64 architecture, builds fails at this point:

[6247/27388] STAMP obj/mojo/common/common.stamp
[6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
FAILED: gen/net/http/transport_security_state_static.h
python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
transport_security_state_generator failed with exit code 127
[6249/27388] AR obj/sandbox/linux/libsandbox_services.a
ninja: build stopped: subcommand failed.
phase `build' failed after 1777.2 seconds
builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
@ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed

Have you experienced this before?

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

ng0 wrote on 8 Aug 2017 20:59

Recipients:

Message-ID:20170808185952.3fduefzgmc4nmrjh@abyayala

ng0 transcribed 5.5K bytes:

Toggle quote (77 lines)> ng0 transcribed 3.7K bytes:
> > ng0 transcribed 3.4K bytes:
> > > Marius Bakke transcribed 2.4K bytes:
> > > > ng0 <ng0@infotropique.org> writes:
> > > > 
> > > > > Hi Marius,
> > > > >
> > > > > Marius Bakke transcribed 43K bytes:
> > > > >> Hello Guix!
> > > > >> 
> > > > >> Attached is a patch for Chromium, a popular web browser.
> > > > >
> > > > > Nice! I've been using this from your branch for a while now,
> > > > > works just fine :)
> > > > > Is this not affected by the chromium discussion which happened
> > > > > a while back? Can we include this? I'm all for this, because I
> > > > > mainly use it for websites where firefox/icecat doesn't work so
> > > > > well, and building it locally takes a very long time.
> > > > 
> > > > I believe this is within the Free System Distribution Guidelines. DRM
> > > > ("Widevine") is disabled at build time, and the Web Store is
> > > > non-functional without the end user explicitly enabling it.
> > > > 
> > > > There are some grey areas though. The browser may interact with certain
> > > > non-free APIs (apart from regular browser duties) such as translation or
> > > > prediction services. These features are optional, but some are enabled
> > > > by default, and difficult to maintain patches for (I've tried).
> > > > 
> > > > However, I have verified that it does not send any unsolicited requests
> > > > with the current command-line options, apart from the very first launch
> > > > which spawns a login prompt (help wanted!). Without either of those
> > > > flags the browser "calls home" every time it starts.
> > > > 
> > > > >> Note that I cannot guarantee timely delivery of security updates. Major
> > > > >> version upgrades are hugely painful, and almost always contain many
> > > > >> high-severity fixes. Should we mention that in the description?
> > > > >> 
> > > > >> Happy for any feedback.
> > > > >> 
> > > > >
> > > > > Shouldn't you mention defines in addition to the define-public aswell,
> > > > > or don't we do that?
> > > > 
> > > > Not for new files (modules), typically. I don't think Magit can fill out
> > > > those variable names (by pressing C on the hunks) either ;-) But it
> > > > should probably go in web-browsers.scm anyway.
> > > 
> > > Unless someone else is already building this, I'm giving it a spin.
> > > 
> > > I guess you changed some things since the version of yours I have in
> > > here: https://gitlab.com/ng0_guix/packages/blob/master/ng0/packages/chromium.scm
> > > so I have to rebuild it.
> > > It might take a while because I'm offloading to something much slower
> > > but which doesn't care about heat as much as a this one ;)
> > 
> > Patch itself LGTM, I'm now waiting on the build to finish in the
> > next couple of hours.
> 
> x86_64 architecture, builds fails at this point:
> 
> [6247/27388] STAMP obj/mojo/common/common.stamp
> [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> FAILED: gen/net/http/transport_security_state_static.h
> python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> transport_security_state_generator failed with exit code 127
> [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> ninja: build stopped: subcommand failed.
> phase `build' failed after 1777.2 seconds
> builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> 
> Have you experienced this before?

As efraim pointed out I missed the part where you wrote that
it is for core-updates. I just assumed it worked like it is
on master because what I had locally (chromium 58) works on
master).

Someone else must test it then.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

Leo Famulari wrote on 8 Aug 2017 21:51

Recipients:

Message-ID:20170808195139.GB32221@jasmine.lan

On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote:

Toggle quote (19 lines)> x86_64 architecture, builds fails at this point:
> 
> [6247/27388] STAMP obj/mojo/common/common.stamp
> [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> FAILED: gen/net/http/transport_security_state_static.h
> python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> transport_security_state_generator failed with exit code 127
> [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> ninja: build stopped: subcommand failed.
> phase `build' failed after 1777.2 seconds
> builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> 
> Have you experienced this before?

Based on discussion on #guix, this package is based on core-updates. Did

you try building it on core-updates?

ng0 wrote on 8 Aug 2017 22:46

Recipients:(name . Leo Famulari)(address . leo@famulari.name)

Message-ID:20170808204633.6imimm5u3fycyb6o@abyayala

Leo Famulari transcribed 3.0K bytes:

Toggle quote (23 lines)> On Tue, Aug 08, 2017 at 03:44:22PM +0000, ng0 wrote:
> > x86_64 architecture, builds fails at this point:
> > 
> > [6247/27388] STAMP obj/mojo/common/common.stamp
> > [6248/27388] ACTION //net/http:generate_transport_security_state(//build/toolchain/linux:x64)
> > FAILED: gen/net/http/transport_security_state_static.h
> > python ../../build/gn_run_binary.py transport_security_state_generator ../../net/http/transport_security_state_static.json ../../net/http/transport_security_state_static.pins ../../net/http/transport_security_state_static.template gen/net/http/transport_security_state_static.h
> > ./transport_security_state_generator: error while loading shared libraries: libglib-2.0.so.0: cannot open shared object file: No such file or directory
> > transport_security_state_generator failed with exit code 127
> > [6249/27388] AR obj/sandbox/linux/libsandbox_services.a
> > ninja: build stopped: subcommand failed.
> > phase `build' failed after 1777.2 seconds
> > builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 1
> > derivation '/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' offloaded to '192.168.1.179' failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> > @ build-failed /gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv - 1 builder for `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed with exit code 100
> > guix build: error: build failed: build of `/gnu/store/2afpy542vywbmk093dd1kzlfx74s2460-chromium-60.0.3112.90.drv' failed
> > 
> > Have you experienced this before?
> 
> Based on discussion on #guix, this package is based on core-updates. Did
> you try building it on core-updates?

No, I have no time for switching a system to core-updates for a moment and dealing with
whatever needs to be dealt with before I can build it there, unless core-updates is
stable.
I don't want to be the roadblock, I could test it at some point in the next 2 - 3 weeks
and this package looks like it is good to go if it builds.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

Efraim Flashner wrote on 10 Aug 2017 07:31

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:20170810053149.GH2458@macbook42.flashner.co.il

This built on aarch64 on core-updates in about 12.5 hours. I did need to

add the following substitution* to the package definition.

Toggle diff (26 lines)diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index 81bcb8f05..855779a11 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -346,6 +346,13 @@
                (("include \"third_party/curl") "include \"curl"))
              (substitute* "media/base/decode_capabilities.cc"
                (("third_party/libvpx/source/libvpx/") ""))
+
+             ;; We don't cross compile most packages, so get rid of the
+             ;; unnecessary ARCH-linux-gnu* prefix.
+             (substitute* "build/toolchain/linux/BUILD.gn"
+               (("aarch64-linux-gnu-") "")
+               (("arm-linux-gnueabihf-") ""))
+
              #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)

With this addition it builds for me.


-- 
Efraim Flashner   <efraim@flashner.co.il>   ????? ?????
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

ng0 wrote on 31 Aug 2017 09:36

Recipients:(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 28004@debbugs.gnu.org)

Message-ID:20170831073649.ln3fhfj6l33kha46@abyayala

Efraim Flashner transcribed 2.2K bytes:

Toggle quote (3 lines)

> This built on aarch64 on core-updates in about 12.5 hours. I did need to

> add the following substitution* to the package definition.

As core-updates has been merged now, is this package good
to go? I could build it on my x86_64 builder this afternoon
if it requires one more check.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.orghttps://krosos.org

ng0 wrote on 10 Oct 2017 15:19

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:20171010131949.y43plpzxbppvrigr@abyayala

Marius Bakke transcribed 43K bytes:

Toggle quote (13 lines)> Hello Guix!
> 
> Attached is a patch for Chromium, a popular web browser.
> 
> It requires the new ld wrapper from 'core-updates' and a very powerful
> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).
> 
> Note that I cannot guarantee timely delivery of security updates. Major
> version upgrades are hugely painful, and almost always contain many
> high-severity fixes. Should we mention that in the description?
> 
> Happy for any feedback.

Hi,

could this patch be merged into master now?
It would be too bad to see this gathering digitial dust.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.orghttps://ng0.infotropique.org

Ludovic Courtès wrote on 11 Oct 2017 21:52

Recipients:

Message-ID:87lgkha2cx.fsf@gnu.org

Hi!

ng0 <ng0@infotropique.org> skribis:

Toggle quote (18 lines)> Marius Bakke transcribed 43K bytes:
>> Hello Guix!
>> 
>> Attached is a patch for Chromium, a popular web browser.
>> 
>> It requires the new ld wrapper from 'core-updates' and a very powerful
>> build machine (a quad-core Sandy Bridge Xeon uses 2-3 hours).
>> 
>> Note that I cannot guarantee timely delivery of security updates. Major
>> version upgrades are hugely painful, and almost always contain many
>> high-severity fixes. Should we mention that in the description?
>> 
>> Happy for any feedback.
>
> Hi,
>
> could this patch be merged into master now?

Probably (I think at the time Marius submitted it the ‘ld’ wrapper

enhancements were not in ‘master’ yet.)

For the security aspect though, given that it’s a fairly critical

component, I’d like to have Leo’s opinion. Thoughts?

Toggle quote (2 lines)

> It would be too bad to see this gathering digitial dust.

Indeed!

Thanks,

Ludo’.

Leo Famulari wrote on 12 Oct 2017 21:56

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20171012195628.GA31843@jasmine.lan

On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:

Toggle quote (9 lines)

> ng0 <ng0@infotropique.org> skribis:

> > could this patch be merged into master now?

> Probably (I think at the time Marius submitted it the ‘ld’ wrapper

> enhancements were not in ‘master’ yet.)

> For the security aspect though, given that it’s a fairly critical

> component, I’d like to have Leo’s opinion. Thoughts?

Any questions in particular?

For me, the primary question is maintenance.

As Marius pointed out when sending the patch, major version upgrades may

be difficult, and timely delivery of security updates cannot be

guaranteed. But these caveats apply to every package. [0] They aren't a

reason to exclude Chromium from Guix.

Now, if we add the Chromium package and then let if fall behind for

weeks or months, that will be a problem, and we will need to remove it.

It's relatively easy to remove packages of end-user applications, since

it's rare that other packages depend on them.

As always, I'm willing to help with security updates as much as my

volunteer schedule allows.

The other issue will be bugs caused by the use of non-bundled libraries.

Presumably, important bugs are fixed in the bundled libraries before

they are released by the upstream library (if ever). But again, this is

an issue with all of our packages. We will address these issues when we

find them.

There was a new release last month, 61.0.3163. I'd like to try updating

to it this weekend if I have the disk (does anyone know how much is

required) and computing power. Then we can push :)

[0] Users who really need to rely on the security of Chromium or Chrome

should use the "official" installation from the Chromium or Google

teams, and turn on auto-updates. Every update can be expected to fix

critical bugs.

ng0 wrote on 12 Oct 2017 22:28

Recipients:(name . Leo Famulari)(address . leo@famulari.name)

Message-ID:20171012202818.kuxrucng2xbvabo3@abyayala

Leo Famulari transcribed 2.9K bytes:

Toggle quote (37 lines)> On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
> > ng0 <ng0@infotropique.org> skribis:
> > > could this patch be merged into master now?
> > 
> > Probably (I think at the time Marius submitted it the ‘ld’ wrapper
> > enhancements were not in ‘master’ yet.)
> > 
> > For the security aspect though, given that it’s a fairly critical
> > component, I’d like to have Leo’s opinion.  Thoughts?
> 
> Any questions in particular?
> 
> For me, the primary question is maintenance.
> 
> As Marius pointed out when sending the patch, major version upgrades may
> be difficult, and timely delivery of security updates cannot be
> guaranteed. But these caveats apply to every package. [0] They aren't a
> reason to exclude Chromium from Guix.
> 
> Now, if we add the Chromium package and then let if fall behind for
> weeks or months, that will be a problem, and we will need to remove it.
> It's relatively easy to remove packages of end-user applications, since
> it's rare that other packages depend on them.
> 
> As always, I'm willing to help with security updates as much as my
> volunteer schedule allows.
> 
> The other issue will be bugs caused by the use of non-bundled libraries.
> Presumably, important bugs are fixed in the bundled libraries before
> they are released by the upstream library (if ever). But again, this is
> an issue with all of our packages. We will address these issues when we
> find them.
> 
> There was a new release last month, 61.0.3163. I'd like to try updating
> to it this weekend if I have the disk (does anyone know how much is
> required) and computing power. Then we can push :)

Around 8 GiB for a full build as far as I know, that is when you include

debbuging symbols. So it's less than 8 GiB.

Toggle quote (4 lines)

> [0] Users who really need to rely on the security of Chromium or Chrome

> should use the "official" installation from the Chromium or Google

> teams, and turn on auto-updates. Every update can be expected to fix

> critical bugs.

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.orghttps://ng0.infotropique.org

Ludovic Courtès wrote on 13 Oct 2017 08:51

Recipients:(name . Leo Famulari)(address . leo@famulari.name)

Message-ID:87shensfq6.fsf@gnu.org

Heya,

Leo Famulari <leo@famulari.name> skribis:

Toggle quote (12 lines)> On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
>> ng0 <ng0@infotropique.org> skribis:
>> > could this patch be merged into master now?
>> 
>> Probably (I think at the time Marius submitted it the ‘ld’ wrapper
>> enhancements were not in ‘master’ yet.)
>> 
>> For the security aspect though, given that it’s a fairly critical
>> component, I’d like to have Leo’s opinion.  Thoughts?
>
> Any questions in particular?

Not really, I was wondering about the Marius’ warning as to the

difficulty of keeping it up-to-date.

Toggle quote (7 lines)

> For me, the primary question is maintenance.

> As Marius pointed out when sending the patch, major version upgrades may

> be difficult, and timely delivery of security updates cannot be

> guaranteed. But these caveats apply to every package. [0] They aren't a

> reason to exclude Chromium from Guix.

Right. A browser is particularly sensitive though.

Toggle quote (14 lines)> Now, if we add the Chromium package and then let if fall behind for
> weeks or months, that will be a problem, and we will need to remove it.
> It's relatively easy to remove packages of end-user applications, since
> it's rare that other packages depend on them.
>
> As always, I'm willing to help with security updates as much as my
> volunteer schedule allows.
>
> The other issue will be bugs caused by the use of non-bundled libraries.
> Presumably, important bugs are fixed in the bundled libraries before
> they are released by the upstream library (if ever). But again, this is
> an issue with all of our packages. We will address these issues when we
> find them.

Yeah.

Toggle quote (4 lines)

> There was a new release last month, 61.0.3163. I'd like to try updating

> to it this weekend if I have the disk (does anyone know how much is

> required) and computing power. Then we can push :)

Sounds like a plan!

Toggle quote (5 lines)

> [0] Users who really need to rely on the security of Chromium or Chrome

> should use the "official" installation from the Chromium or Google

> teams, and turn on auto-updates. Every update can be expected to fix

> critical bugs.

I get your point, but OTOH getting binaries from Google is not something

I feel like recommending. :-)

I think we should make sure that our package does not call home in any

way. That’s what I expect from a security- and privacy-conscious

distro.

WDYT?

Thanks for your feedback!

Ludo’.

Marius Bakke wrote on 19 Oct 2017 00:41

Recipients:

Message-ID:87o9p45bb6.fsf@fastmail.com

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (4 lines)

> I think we should make sure that our package does not call home in any

> way. That’s what I expect from a security- and privacy-conscious

> distro.

Currently, it calls home at first launch, prompting for a login.  But
I've verified that it does not send any unsolicited requests for
subsequent startups, as long as the user does not change the
command-line flags.

Anyway I'm attaching the current iteration of this patch.  Chromium 62
is out today, I'll try to update this weekend and will push it after
that in lieu of other feedback.

I would be very happy if someone managed to complete the 62 upgrade
before me, however!  ;-)

Attachment: 0001-gnu-Add-chromium.patch

ng0 wrote on 19 Oct 2017 07:48

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20171019054822.mka2hpj5bkgiuypd@abyayala

Marius Bakke transcribed 37K bytes:

Toggle quote (11 lines)> Ludovic Courtès <ludo@gnu.org> writes:
> 
> > I think we should make sure that our package does not call home in any
> > way.  That’s what I expect from a security- and privacy-conscious
> > distro.
> 
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.

Could the first launch just be a matter of changing what gets
displayed at first launch? At least that's my current plan
for meissa (my fork of Pale Moon), where the default is to
visit a tracker including homepage.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.orghttps://ng0.infotropique.org

Marius Bakke wrote on 24 Oct 2017 23:11

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 28004@debbugs.gnu.org)

Message-ID:87efpsz1xt.fsf@fastmail.com

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (4 lines)

> Anyway I'm attaching the current iteration of this patch. Chromium 62

> is out today, I'll try to update this weekend and will push it after

> that in lieu of other feedback.

Here is the interdiff for the 62 upgrade.  I mixed in some unrelated
changes after reading through Debians 61 refresh[0] and Archs 62
update[1], but overall it was straightforward (apart from the slow
hack-test-fix cycle).

Attachment: chromium-62.diff

Below is the full patch for convenience.  I plan to commit it on Friday
or Saturday, after a cosmetic check.  Especially the description could
use some work, and the grouping of "configure flags".

One final note for future contributors is that Gentoo[2] is kind-of
upstream for Chromium, as ChromiumOS is based on Portage and I've seen
several Gentoo developers on the Chromium bug tracker.  They often have
early compatibility patches (e.g. when it invariably breaks with GCC).

[0] https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/commit/?id=794aa1820460727711e534ea1042db7eebc1601d
[1] https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/chromium&id=6ebdd8085de0b7c8bbc66e47b937271ab4a85fbd
[2] https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium

Attachment: 0001-gnu-Add-chromium.patch

Marius Bakke wrote on 6 Nov 2017 00:52

Recipients:

Message-ID:87o9og4727.fsf@fastmail.com

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (11 lines)> Ludovic Courtès <ludo@gnu.org> writes:
>
>> I think we should make sure that our package does not call home in any
>> way.  That’s what I expect from a security- and privacy-conscious
>> distro.
>
> Currently, it calls home at first launch, prompting for a login.  But
> I've verified that it does not send any unsolicited requests for
> subsequent startups, as long as the user does not change the
> command-line flags.

I tried picking two other Debian patches[0][1] to see if it helped with

the annoying splash screen and decided to verify whether the browser

still "calls home" from a clean profile. The last time I checked was

many versions ago.

After dismissing the sign-in dialog, the "New Tab Page" loads a regular

Google search bar, and "pre-fills" two of the "most commonly used" slots

with Chrome URLs, (still) downloading a bunch of data in the process.

Not great, but maybe we could live with that if it was just for the

first run (it wasn't; had to change search engine to prevent the New Tab

Page from calling the mothership).

To my great surprise, while watching tcpdump from a different window, it

also called home *when I switched windows*. Every time the Chromium

window was activated, some data was sent to Google servers.

Going into settings and toggling the "Use a prediction service to help

complete searches and URLs typed in the address bar" option (to off)

disabled that behaviour.

Not very confidence-instilling.

I'm going to try to incorporate the "Inox Patchset"[2], which is a set

of patches that attempts to remove all such misfeatures from Chromium.

They seem to have managed to stay on top of recent Chromium development,

unlike two other prominent privacy-focused "forks", so I'm optimistic.

But it might take some weeks before the next update. Stay tuned..

[0] https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch

[1] https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch

[2] https://github.com/gcarq/inox-patchset

Adonay Felipe Nogueira wrote on 10 Nov 2017 12:33

Recipients:(address . guix-patches@gnu.org)

Message-ID:877euy8j2m.fsf@hyperbola.info

As a continuation, directory-discuss started to discuss the Chromium

issue once again ([1]).

[1] https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=%2Bsubject%3A%7BFSF+opinion+on+chromium%2C+QtWebEngine%2C+electron%7D&submit=Search%21&idxname=directory-discuss&max=20&result=normal&sort=date%3Alate.

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (35 lines)> I tried picking two other Debian patches[0][1] to see if it helped with
> the annoying splash screen and decided to verify whether the browser
> still "calls home" from a clean profile.  The last time I checked was
> many versions ago.
>
> After dismissing the sign-in dialog, the "New Tab Page" loads a regular
> Google search bar, and "pre-fills" two of the "most commonly used" slots
> with Chrome URLs, (still) downloading a bunch of data in the process.
>
> Not great, but maybe we could live with that if it was just for the
> first run (it wasn't; had to change search engine to prevent the New Tab
> Page from calling the mothership).
>
> To my great surprise, while watching tcpdump from a different window, it
> also called home *when I switched windows*.  Every time the Chromium
> window was activated, some data was sent to Google servers.
>
> Going into settings and toggling the "Use a prediction service to help
> complete searches and URLs typed in the address bar" option (to off)
> disabled that behaviour.
>
> Not very confidence-instilling.
>
> I'm going to try to incorporate the "Inox Patchset"[2], which is a set
> of patches that attempts to remove all such misfeatures from Chromium.
> They seem to have managed to stay on top of recent Chromium development,
> unlike two other prominent privacy-focused "forks", so I'm optimistic.
>
> But it might take some weeks before the next update.  Stay tuned..
>
> [0]
> <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/promo.patch>
> [1]
> <https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches/disable/external-components.patch>
> [2] <https://github.com/gcarq/inox-patchset>

ng0 wrote on 4 Jan 2018 20:16

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180104191648.custe7w3l57fvbac@abyayala

Attachment: file

Marius Bakke wrote on 8 Jan 2018 22:56

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87wp0s2ewl.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (9 lines)

>> + (substitute* "chrome/common/chrome_paths.cc"

>> + (("/usr/share/chromium/extensions")

>> + ;; TODO: Add ~/.guix-profile.

>> + "/run/current-system/profile/share/chromium/extensions"))

> What's the idea behind this? Did you test it? Do you have any guix build-system

> using Chromium extensions as an example? So far this completely disables the

> installation of any plugins and addons.

The idea is to eventually be able to distribute extensions with Guix.  I
added this path mostly to document it, but don't see how keeping the
default makes a difference.  If you can place an extension in
/usr/share, you can also copy it to the system profile through your
config.scm, or symlink this location on a foreign distribution.

Toggle quote (8 lines)

>> + (mkdir-p bin)

>> + ;; Add a thin wrapper to prevent the user from inadvertently

>> + ;; installing non-free software through the Web Store.

>> + ;; TODO: Discover extensions from the profile and pass

>> + ;; something like "--disable-extensions-except=...".

> Same question here.

The Web Store has serious freedom issues, thus we can not enable it by

default. Enabling it *must* be a conscious choice by the end user.

The TODO here is inspired by Debians wrapper script, which enumerates

the location where apt places extensions, and gives that list to

"--disable-extensions-except".

Toggle quote (4 lines)

> If you need help, there's at least 3 users of Chromium now. I'd like to read

> your ideas on how to solve the TODOs, aswell as: Do you have any unpushed

> progress? Maybe we can team collaborate on this huge browser.

I do maintain this patch, but unfortunately not in a public repository.

I've attached the latest iteration here (sorry for squashed).

New since the last time are some fixes from the "Inox patchset" that

resolves most of the privacy issues. Namely removing the "login

wizard", changing to sensible defaults, and forcing the "classic" New

Tab Page that does not load a search engine.

Also, all patches have been moved to remote origins.

Testing and feedback welcome!

Currently there are two "important" (blocking?) TODOs left:

* Move the 'delete-bundled-software' phase to a source snippet.

Repacking the ~500MiB compressed tarball is *really* expensive. It

should also aid the licensing situation.

* Delete the two default entries from the "most used" list on the New

Tab page. The first run will download thumbnails for these sites,

leaking data. One of them also leads to the disabled-by-default

store, promoting non-free software.

I'm optimistic that fixing the second item will make the browser not

leak *any* data at launch with the default configuration. Which leads

to a third item: writing a system test that verifies that launching

Chromium does indeed not initiate any network traffic.

Anyway, here is the latest patch:

Attachment: 0001-gnu-Add-chromium.patch

ng0 wrote on 9 Jan 2018 00:20

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180108232042.nqjurjr2bcfl2yyc@abyayala

Attachment: file

Marius Bakke wrote on 9 Jan 2018 00:40

Recipients:(name . ng0)(address . ng0@n0.is)(address . 28004@debbugs.gnu.org)

Message-ID:87vagb3oo6.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (7 lines)

> Many thanks for your ongoing work with this (and the patience :))

> As this is 63, you you are keeping track of Debian, right? I tried

> to package 64 a couple of days ago because I wanted the workaround

> for some of the recent security clusterfucks, but Debian is still

> on 63 :/

> I hope they'll update their patchset soon.

I track the upstream stable branch, which is currently 63.

https://www.chromestatus.com/features/schedule

(see also https://chromereleases.googleblog.com/ for updates)

ng0 wrote on 9 Jan 2018 07:58

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180109065800.j2gfid7o6a6db2fv@abyayala

Marius Bakke transcribed 39K bytes:

Toggle quote (28 lines)> Testing and feedback welcome!
> 
> Currently there are two "important" (blocking?) TODOs left:
> 
> * Move the 'delete-bundled-software' phase to a source snippet.
>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
>   should also aid the licensing situation.
> * Delete the two default entries from the "most used" list on the New
>   Tab page.  The first run will download thumbnails for these sites,
>   leaking data.  One of them also leads to the disabled-by-default
>   store, promoting non-free software.
> 
> I'm optimistic that fixing the second item will make the browser not
> leak *any* data at launch with the default configuration.  Which leads
> to a third item: writing a system test that verifies that launching
> Chromium does indeed not initiate any network traffic.
> 
> Anyway, here is the latest patch:
> 

> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 12 Oct 2016 17:25:05 +0100
> Subject: [PATCH] gnu: Add chromium.
> 
> * gnu/packages/chromium.scm: New file.
> * gnu/local.mk: Record it.

I think you forgot a package:

gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable

GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588

GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys

WWW: https://n0.is/a/ :: https://ea.n0.is

Marius Bakke wrote on 12 Jan 2018 01:03

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:876088eyff.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (34 lines)> Marius Bakke transcribed 39K bytes:
>
>> Testing and feedback welcome!
>> 
>> Currently there are two "important" (blocking?) TODOs left:
>> 
>> * Move the 'delete-bundled-software' phase to a source snippet.
>>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
>>   should also aid the licensing situation.
>> * Delete the two default entries from the "most used" list on the New
>>   Tab page.  The first run will download thumbnails for these sites,
>>   leaking data.  One of them also leads to the disabled-by-default
>>   store, promoting non-free software.
>> 
>> I'm optimistic that fixing the second item will make the browser not
>> leak *any* data at launch with the default configuration.  Which leads
>> to a third item: writing a system test that verifies that launching
>> Chromium does indeed not initiate any network traffic.
>> 
>> Anyway, here is the latest patch:
>> 
>
>> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Wed, 12 Oct 2016 17:25:05 +0100
>> Subject: [PATCH] gnu: Add chromium.
>> 
>> * gnu/packages/chromium.scm: New file.
>> * gnu/local.mk: Record it.
>
> I think you forgot a package:
>
> gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable

Indeed. This can now be changed to use the regular "icu4c" package.

Tangentially, these kinds of problems are typical with new Chromium

releases. In 63 or later, system harfbuzz had to be disabled. If we

are going to carry this package, changes like these *will* be normal.

Upstream only tests their releases with Clang, and with the bundled

versions of packages, regardless of the unbundling script. Not great.

Marius Bakke wrote on 12 Jan 2018 01:09

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87373cey5b.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (7 lines)

> Many thanks for your ongoing work with this (and the patience :))

> As this is 63, you you are keeping track of Debian, right? I tried

> to package 64 a couple of days ago because I wanted the workaround

> for some of the recent security clusterfucks, but Debian is still

> on 63 :/

> I hope they'll update their patchset soon.

Indeed Google did not add the Spectre mitigation to Chromium 63, even

though the latest version was released after the fact.

https://xlab.tencent.com/special/spectre/spectre_check.html

For reasons that beat me, they only added it to the proprietary Chrome

browser, which follows the same version number as Chromium.

The attached patch adds Spectre mitigation to the current Chromium

release. The patch was pulled from the Chrome 64 branch:

From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Thu, 11 Jan 2018 14:36:47 +0100
Subject: [PATCH] gnu: chromium: Add spectre mitigation.

* gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chromium.scm (chromium)[source]: Use it.
---
 gnu/local.mk                                           |  1 +
 gnu/packages/chromium.scm                              |  3 ++-
 gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch

Toggle diff (47 lines)diff --git a/gnu/local.mk b/gnu/local.mk
index 513f64043..89dab227c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -575,6 +575,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-spectre-mitigation.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clementine-use-openssl.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index dd040527b..1e9dba42e 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -240,7 +240,8 @@
                              %chromium-system-icu.patch
                              %chromium-system-nspr.patch
                              %chromium-system-libevent.patch
-                             %chromium-disable-api-keys-warning.patch))
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-spectre-mitigation.patch")))
               (modules '((srfi srfi-1)
                          (guix build utils)))
               (snippet
diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
new file mode 100644
index 000000000..a44a3bce4
--- /dev/null
+++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
@@ -0,0 +1,13 @@
+diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
+index 43feb76..33a49b8 100644
+--- a/content/public/common/content_features.cc
++++ b/content/public/common/content_features.cc
+@@ -308,7 +308,7 @@
+ 
+ // http://tc39.github.io/ecmascript_sharedmem/shmem.html
+ const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
+-                                       base::FEATURE_ENABLED_BY_DEFAULT};
++                                       base::FEATURE_DISABLED_BY_DEFAULT};
+ 
+ // An experiment to require process isolation for the sign-in origin,
+ // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
-- 
2.15.1

ng0 wrote on 12 Jan 2018 10:38

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180112093819.763dsyiuxcyreh5z@abyayala

Marius Bakke transcribed 2.3K bytes:

Toggle quote (38 lines)> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 39K bytes:
> >
> >> Testing and feedback welcome!
> >> 
> >> Currently there are two "important" (blocking?) TODOs left:
> >> 
> >> * Move the 'delete-bundled-software' phase to a source snippet.
> >>   Repacking the ~500MiB compressed tarball is *really* expensive.  It
> >>   should also aid the licensing situation.
> >> * Delete the two default entries from the "most used" list on the New
> >>   Tab page.  The first run will download thumbnails for these sites,
> >>   leaking data.  One of them also leads to the disabled-by-default
> >>   store, promoting non-free software.
> >> 
> >> I'm optimistic that fixing the second item will make the browser not
> >> leak *any* data at launch with the default configuration.  Which leads
> >> to a third item: writing a system test that verifies that launching
> >> Chromium does indeed not initiate any network traffic.
> >> 
> >> Anyway, here is the latest patch:
> >> 
> >
> >> From f813b2d7ec0728a906720fa74bf9f442af6ab10d Mon Sep 17 00:00:00 2001
> >> From: Marius Bakke <mbakke@fastmail.com>
> >> Date: Wed, 12 Oct 2016 17:25:05 +0100
> >> Subject: [PATCH] gnu: Add chromium.
> >> 
> >> * gnu/packages/chromium.scm: New file.
> >> * gnu/local.mk: Record it.
> >
> > I think you forgot a package:
> >
> > gnu/packages/chromium.scm:664:5: icu4c-59.1: unbound variable
> 
> Indeed.  This can now be changed to use the regular "icu4c" package.

Okay, will change. Thanks!

Toggle quote (7 lines)

> Tangentially, these kinds of problems are typical with new Chromium

> releases. In 63 or later, system harfbuzz had to be disabled. If we

> are going to carry this package, changes like these *will* be normal.

> Upstream only tests their releases with Clang, and with the bundled

> versions of packages, regardless of the unbundling script. Not great.

Yeah. I've been there, and read the frustration of other packagers
when I worked on getting a basic skeleton of chromium + dependencies
ready one(?) year ago.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/ ::  https://ea.n0.is

ng0 wrote on 13 Jan 2018 20:02

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180113190235.4yhko2v5cxiu7p6f@abyayala

I just got a bug report for the build via:

guix pull --url="https://c.n0.is/git/ng0/guix/guix.git"--branch="pretest/chromium"

guix package --install chromium

Failing with the attached build log excerpt. We are not FreeBSD, but I found

this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935

Maybe it helps to debug this, or maybe you've encountered this before.

I myself have been able to build this without issues on two systems.

All mentioned systems are GuixSD.

This should be a blocker, but maybe a head-up in potential build issues.

Marius Bakke transcribed 4.5K bytes:

Toggle quote (88 lines)> ng0 <ng0@n0.is> writes:
> 
> > Many thanks for your ongoing work with this (and the patience :))
> > As this is 63, you you are keeping track of Debian, right? I tried
> > to package 64 a couple of days ago because I wanted the workaround
> > for some of the recent security clusterfucks, but Debian is still
> > on 63 :/
> > I hope they'll update their patchset soon.
> 
> Indeed Google did not add the Spectre mitigation to Chromium 63, even
> though the latest version was released after the fact.
> 
> https://xlab.tencent.com/special/spectre/spectre_check.html
> 
> For reasons that beat me, they only added it to the proprietary Chrome
> browser, which follows the same version number as Chromium.
> 
> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
> 

> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> 
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.
> ---
>  gnu/local.mk                                           |  1 +
>  gnu/packages/chromium.scm                              |  3 ++-
>  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
>  3 files changed, 16 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 513f64043..89dab227c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -575,6 +575,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
>    %D%/packages/patches/clang-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clementine-use-openssl.patch		\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index dd040527b..1e9dba42e 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -240,7 +240,8 @@
>                               %chromium-system-icu.patch
>                               %chromium-system-nspr.patch
>                               %chromium-system-libevent.patch
> -                             %chromium-disable-api-keys-warning.patch))
> +                             %chromium-disable-api-keys-warning.patch
> +                             (search-patch "chromium-spectre-mitigation.patch")))
>                (modules '((srfi srfi-1)
>                           (guix build utils)))
>                (snippet
> diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> new file mode 100644
> index 000000000..a44a3bce4
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> @@ -0,0 +1,13 @@
> +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> +index 43feb76..33a49b8 100644
> +--- a/content/public/common/content_features.cc
> ++++ b/content/public/common/content_features.cc
> +@@ -308,7 +308,7 @@
> + 
> + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> + 
> + // An experiment to require process isolation for the sign-in origin,
> + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> -- 
> 2.15.1
> 

-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

ng0 wrote on 13 Jan 2018 20:13

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180113191357.lqiwwyw3jxcimaqa@abyayala

ng0 transcribed 5.6K bytes:

Toggle quote (14 lines)> I just got a bug report for the build via:
> 
> guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
> guix package --install chromium
> 
> Failing with the attached build log excerpt. We are not FreeBSD, but I found
> this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> Maybe it helps to debug this, or maybe you've encountered this before.
> 
> I myself have been able to build this without issues on two systems.
> 
> All mentioned systems are GuixSD.
> 

this time with attached file.

Toggle quote (96 lines)> This should be a blocker, but maybe a head-up in potential build issues.
> Marius Bakke transcribed 4.5K bytes:
> > ng0 <ng0@n0.is> writes:
> > 
> > > Many thanks for your ongoing work with this (and the patience :))
> > > As this is 63, you you are keeping track of Debian, right? I tried
> > > to package 64 a couple of days ago because I wanted the workaround
> > > for some of the recent security clusterfucks, but Debian is still
> > > on 63 :/
> > > I hope they'll update their patchset soon.
> > 
> > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > though the latest version was released after the fact.
> > 
> > https://xlab.tencent.com/special/spectre/spectre_check.html
> > 
> > For reasons that beat me, they only added it to the proprietary Chrome
> > browser, which follows the same version number as Chromium.
> > 
> > The attached patch adds Spectre mitigation to the current Chromium
> > release.  The patch was pulled from the Chrome 64 branch:
> > 
> 
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> > 
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > ---
> >  gnu/local.mk                                           |  1 +
> >  gnu/packages/chromium.scm                              |  3 ++-
> >  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> >  3 files changed, 16 insertions(+), 1 deletion(-)
> >  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> > 
> > diff --git a/gnu/local.mk b/gnu/local.mk
> > index 513f64043..89dab227c 100644
> > --- a/gnu/local.mk
> > +++ b/gnu/local.mk
> > @@ -575,6 +575,7 @@ dist_patch_DATA =						\
> >    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
> >    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
> >    %D%/packages/patches/chmlib-inttypes.patch			\
> > +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
> >    %D%/packages/patches/clang-libc-search-path.patch		\
> >    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
> >    %D%/packages/patches/clementine-use-openssl.patch		\
> > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > index dd040527b..1e9dba42e 100644
> > --- a/gnu/packages/chromium.scm
> > +++ b/gnu/packages/chromium.scm
> > @@ -240,7 +240,8 @@
> >                               %chromium-system-icu.patch
> >                               %chromium-system-nspr.patch
> >                               %chromium-system-libevent.patch
> > -                             %chromium-disable-api-keys-warning.patch))
> > +                             %chromium-disable-api-keys-warning.patch
> > +                             (search-patch "chromium-spectre-mitigation.patch")))
> >                (modules '((srfi srfi-1)
> >                           (guix build utils)))
> >                (snippet
> > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > new file mode 100644
> > index 000000000..a44a3bce4
> > --- /dev/null
> > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > @@ -0,0 +1,13 @@
> > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> > +index 43feb76..33a49b8 100644
> > +--- a/content/public/common/content_features.cc
> > ++++ b/content/public/common/content_features.cc
> > +@@ -308,7 +308,7 @@
> > + 
> > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> > ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> > + 
> > + // An experiment to require process isolation for the sign-in origin,
> > + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> > -- 
> > 2.15.1
> > 
> 
> 
> 
> 
> -- 
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

Attachment: chromium.fail

ng0 wrote on 14 Jan 2018 13:10

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180114121021.kjkkfzpvwkepaxsh@abyayala

Attachment: file

Ludovic Courtès wrote on 16 Jan 2018 15:18

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87vag16g5z.fsf@gnu.org

Hi Marius,

Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (12 lines)> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
>
> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.

I didn’t really follow the whole discussion :-), but if what you have is

now OK from the freedom and security viewpoints (including bundling),

perhaps you can go ahead?

Ludo’.

Marius Bakke wrote on 16 Jan 2018 20:01

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87fu75aar5.fsf@fastmail.com

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (20 lines)> Hi Marius,
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> The attached patch adds Spectre mitigation to the current Chromium
>> release.  The patch was pulled from the Chrome 64 branch:
>>
>> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Thu, 11 Jan 2018 14:36:47 +0100
>> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>>
>> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/chromium.scm (chromium)[source]: Use it.
>
> I didn’t really follow the whole discussion :-), but if what you have is
> now OK from the freedom and security viewpoints (including bundling),
> perhaps you can go ahead?

I believe this is pretty much ready. However Chromium 64 is due in one

week, so I'll wait for that. Meanwhile I'll try to get rid of the

default "most used" sites which links to the nonfree Web Store.

Not sure what to put in the description. Can I hire Tobias for this? :P

If there are no objections, expect to see this in 'master' in 1-2 weeks.

ng0 wrote on 16 Jan 2018 21:04

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180116200421.irjxlsumisngpob5@abyayala

Ludovic Courtès transcribed 0.8K bytes:

Toggle quote (23 lines)> Hi Marius,
> 
> Marius Bakke <mbakke@fastmail.com> skribis:
> 
> > The attached patch adds Spectre mitigation to the current Chromium
> > release.  The patch was pulled from the Chrome 64 branch:
> >
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> >
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> 
> I didn’t really follow the whole discussion :-), but if what you have is
> now OK from the freedom and security viewpoints (including bundling),
> perhaps you can go ahead?
> 
> Ludo’.
> 

From a usability point of view it's definitely okay, I've been using this
for a while now, no crashes so far.
Coming up with a way to define extensions is just a matter of placing the
Lego blocks in the right position. Gentoo and other systems (maybe Nix) offer
insights.
I'd say to get to a PoC package for an easy extension, under the assumption
that the general integration works, it could be done in a couple of working
weekends.
-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

Tobias Geerinckx-Rice wrote on 16 Jan 2018 20:09

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:ee73cfd1-e05b-f8e1-0c5c-6a589be176a3@tobias.gr

Marius!

Marius Bakke wrote on 16/01/18 at 20:01:

Toggle quote (2 lines)

> Not sure what to put in the description. Can I hire Tobias for this? :P

You probably don't want me writing what I think of Chromium.

Kind regards,

T G-R

Attachment: signature.asc

Marius Bakke wrote on 16 Jan 2018 20:22

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:87d129a9s7.fsf@fastmail.com

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (7 lines)

> Marius!

> Marius Bakke wrote on 16/01/18 at 20:01:

>> Not sure what to put in the description. Can I hire Tobias for this? :P

> You probably don't want me writing what I think of Chromium.

LOL, fair enough.

I tend to assume zero-knowledge when writing descriptions and have been

playing on spins of "Chromium is a browser designed to spy on the user",

but carrying software with that description does not reflect very well

on us...besides, I've gone great lengths to remove those antifeatures.

I'd like to make it very clear that users concerned about privacy should

prefer GNU IceCat though... Suggestions welcome. :-)

Leo Famulari wrote on 16 Jan 2018 21:41

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180116204115.GA18014@jasmine.lan

On Tue, Jan 16, 2018 at 08:22:32PM +0100, Marius Bakke wrote:

Toggle quote (16 lines)> Tobias Geerinckx-Rice <me@tobias.gr> writes:
> > Marius Bakke wrote on 16/01/18 at 20:01:
> >> Not sure what to put in the description.  Can I hire Tobias for this? :P
> >
> > You probably don't want me writing what I think of Chromium.
> 
> LOL, fair enough.
> 
> I tend to assume zero-knowledge when writing descriptions and have been
> playing on spins of "Chromium is a browser designed to spy on the user",
> but carrying software with that description does not reflect very well
> on us...besides, I've gone great lengths to remove those antifeatures.
> 
> I'd like to make it very clear that users concerned about privacy should
> prefer GNU IceCat though...  Suggestions welcome. :-)

The Synopses and Descriptions section of the manual says "Please avoid

marketing phrases" and "try to be factual, mentioning use cases and

features". I think we should also avoid "anti-marketing" language.

Why not keep it simple and say something like this:

"Chromium is a graphical web browser. This package omits the FOO, BAR,

and BAZ features in order to help protect the user's privacy."

The IceCat description is similarly terse.

Ludovic Courtès wrote on 17 Jan 2018 09:53

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87po687toi.fsf@gnu.org

Hello,

Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (4 lines)

> I believe this is pretty much ready. However Chromium 64 is due in one

> week, so I'll wait for that. Meanwhile I'll try to get rid of the

> default "most used" sites which links to the nonfree Web Store.

Oh yes, we should definitely do that.

Toggle quote (4 lines)

> Not sure what to put in the description. Can I hire Tobias for this? :P

> If there are no objections, expect to see this in 'master' in 1-2 weeks.

Sounds good. Quite an achievement!

Thanks,

Ludo’.

Mike Gerwitz wrote on 17 Jan 2018 15:55

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:874lnkr0vf.fsf@gnu.org

On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:

Toggle quote (2 lines)

> If there are no objections, expect to see this in 'master' in 1-2 weeks.

I want to express gratitude for your hard work on this---given that
IceCat does not contain many of the FF devtool updates, Chromium is very
desirable for web development.  It's also needed for certain Node.js
tools, like node-inspector.

So, thank you!

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

Marius Bakke wrote on 26 Feb 2018 19:18

Recipients:(name . Mike Gerwitz)(address . mtg@gnu.org)(address . 28004@debbugs.gnu.org)

Message-ID:87vaejvclc.fsf@fastmail.com

Mike Gerwitz <mtg@gnu.org> writes:

Toggle quote (10 lines)> On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>
> I want to express gratitude for your hard work on this---given that
> IceCat does not contain many of the FF devtool updates, Chromium is very
> desirable for web development.  It's also needed for certain Node.js
> tools, like node-inspector.
>
> So, thank you!

Thank *you* for the kind words! :-)

Here is the latest iteration of this patch. New in this version:

* Chromium 64 (duh).

* The 'delete-bundled-software' phase has been moved to a snippet,

shaving ~100MiB (~22%) off the compressed tarball size (and

drastically reduces (de)compression time).

* The New Tab page does not show any thumbnails for new profiles.

I've also added more comments about the patches and other flags.

Now, when launching the browser for the first time, it *still* connects

to Google services. After a while it also does a lookup for AdWords...

However subsequent launches are "silent" as long as the Web Store is

disabled and "--disable-background-networking" is passed, like the

wrapper script does.

Incidentally, now that IceCat supports WebRTC (and somehow plugged the

IP address leak[0]!), I no longer *need* this package. However, having

multiple high quality browsers at hand is a huge advantage IMO, so I'd

still like to have it in Guix.

What do y'all think? Feedback on the snippet and description very

welcome.

[0] https://en.wikipedia.org/wiki/WebRTC#Concerns

Marius Bakke wrote on 26 Feb 2018 19:19

[PATCH] gnu: Add chromium.

Recipients:(address . 28004@debbugs.gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180226181914.18955-1-mbakke@fastmail.com

* gnu/packages/chromium.scm: New file.
* gnu/packages/patches/chromium-gcc.patch,
gnu/packages/patches/chromium-remove-default-history.patch: New files.
* gnu/local.mk: Record it.
---
 gnu/local.mk                                       |   3 +
 gnu/packages/chromium.scm                          | 756 +++++++++++++++++++++
 gnu/packages/patches/chromium-gcc5.patch           |  39 ++
 .../patches/chromium-remove-default-history.patch  |  13 +
 4 files changed, 811 insertions(+)
 create mode 100644 gnu/packages/chromium.scm
 create mode 100644 gnu/packages/patches/chromium-gcc5.patch
 create mode 100644 gnu/packages/patches/chromium-remove-default-history.patch

Toggle diff (406 lines)diff --git a/gnu/local.mk b/gnu/local.mk
index fa98810d6..fb1320f7b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -92,6 +92,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/cmake.scm			\
@@ -581,6 +582,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-gcc5.patch			\
+  %D%/packages/patches/chromium-remove-default-history.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clang-runtime-asan-build-fixes.patch	\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 000000000..1dd77b089
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,756 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define (strip-directory-prefix pathspec)
+  "Return everything after the last '/' in PATHSPEC."
+  (let ((index (string-rindex pathspec #\/)))
+    (if index
+        (string-drop pathspec (+ 1 index))
+        pathspec)))
+
+(define (chromium-patch-file-name pathspec)
+  (let ((patch-name (strip-directory-prefix pathspec)))
+    (if (string-prefix? "chromium-" patch-name)
+        patch-name
+        (string-append "chromium-" patch-name))))
+
+;; https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/patches
+(define (debian-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git"
+          "/plain/debian/patches/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files
+(define (gentoo-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append
+          "https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client"
+          "/chromium/files/" pathspec "?id=" revision))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/gcarq/inox-patchset
+(define (inox-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/gcarq/inox-patchset/"
+                        revision "/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/networking/browsers/chromium
+(define (nixos-patch pathspec revision hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://raw.githubusercontent.com/NixOS/nixpkgs/"
+                        revision "/pkgs/applications/networking/browsers"
+                        "/chromium/patches/" pathspec))
+    (sha256 (base32 hash))
+    (file-name (chromium-patch-file-name pathspec))))
+
+;; Fix build for older versions of GCC.
+(define %chromium-angle-gcc-compat.patch
+  (gentoo-patch "chromium-angle-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0izdrqwsyr48117dhvwdsk8c6dkrnq2njida1q4mb1lagvwbz7gc"))
+
+;; https://webrtc-review.googlesource.com/9384
+(define %chromium-webrtc-gcc-compat.patch
+  (gentoo-patch "chromium-webrtc-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "0qj5b4w9kav51ylpdf38vm5w7p2gx4qp8p45vrfggp7miicg9cmw"))
+
+;; https://chromium-review.googlesource.com/813737
+(define %chromium-memcpy.patch
+  (gentoo-patch "chromium-memcpy-r0.patch"
+                "08971011b4d6fa37aa906920fba7564e48b9e60b"
+                "1d3vra59wjg2lva7ddv55ff6l57mk9k50llsplr0b7vxk0lh0ps5"))
+
+(define %chromium-system-nspr.patch
+  (debian-patch "system/nspr.patch"
+                "debian/64.0.3282.119-2"
+                "0pcwk3jsx8hjzd4s1v7p11jd8vpdqfnq82di31222cjx0bl6275r"))
+
+(define %chromium-system-libevent.patch
+  (debian-patch "system/event.patch"
+                "debian/64.0.3282.119-2"
+                "1dxzn1yf05mzf21c25sczj4zhkknf03x9bc3xzznqpvnsf3cjpr0"))
+
+(define %chromium-system-icu.patch
+  (debian-patch "system/icu.patch"
+                "debian/64.0.3282.119-2"
+                "0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv"))
+
+;; Don't show a warning about missing API keys.
+(define %chromium-disable-api-keys-warning.patch
+  (debian-patch "disable/google-api-warning.patch"
+                "debian/64.0.3282.119-2"
+                "1932xkrskm4nnglzj6xfjpycx4chsycj9ay3ipkq5f6xk21a1xm0"))
+
+;; Add DuckDuckGo and set it as the default search engine.
+(define %chromium-duckduckgo.patch
+  (inox-patch "0011-add-duckduckgo-search-engine.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0p8x98g71ngkd3wbl5q36wrl18ff185sfrr5fcwjbgrv3v7r6ra7"))
+
+;; Don't start a "Login Wizard" at first launch.
+(define %chromium-first-run.patch
+  (inox-patch "0018-disable-first-run-behaviour.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "1y4zsqqf2125jkb1phwy9g5hcbd9xhyv5lr4xcaly66rpdzx2ayb"))
+
+;; Use privacy-preserving defaults.
+(define %chromium-default-preferences.patch
+  (inox-patch "0006-modify-default-prefs.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0qpd5l3wiw7325cicjzvdql0gay7jl4afml4nrbmy3w40i1ai2rf"))
+
+;; Recent versions of Chromium may load a remote search engine on the
+;; New Tab Page, causing unnecessary and involuntary network traffic.
+(define %chromium-restore-classic-ntp.patch
+  (inox-patch "0008-restore-classic-ntp.patch"
+              "d655594419af6b82a2a070e4d3eedd926a04fa79"
+              "0lj018q6vd6m43cj8rnraqgi4lp2iq76i1i0078dav4cxnzdryfs"))
+
+(define opus+custom
+  (package (inherit opus)
+           (name "opus+custom")
+           (arguments
+            `(;; Opus Custom is an optional extension of the Opus
+              ;; specification that allows for unsupported frame
+              ;; sizes.  Chromium requires that this is enabled.
+              #:configure-flags '("--enable-custom-modes")
+              ,@(package-arguments opus)))))
+
+(define libvpx+experimental
+  (package
+    (inherit libvpx)
+    (name "libvpx+experimental")
+    (arguments
+     `(,@(substitute-keyword-arguments (package-arguments libvpx)
+           ((#:configure-flags flags ''())
+            ;; Spatial SVC is an experimental VP9 encoder required by Chromium.
+            `(cons* "--enable-experimental" "--enable-spatial-svc"
+                    ,flags)))))))
+
+(define-public chromium
+  (package
+    (name "chromium")
+    (version "64.0.3282.186")
+    (synopsis "Graphical web browser")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://commondatastorage.googleapis.com/"
+                                  "chromium-browser-official/chromium-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0q0q1whspmzyln04gxhgl3jd2vrgb4imh8r9qw6c06i3b63j3l2z"))
+              (patches (list %chromium-duckduckgo.patch
+                             %chromium-default-preferences.patch
+                             %chromium-first-run.patch
+                             %chromium-restore-classic-ntp.patch
+                             %chromium-angle-gcc-compat.patch
+                             %chromium-webrtc-gcc-compat.patch
+                             %chromium-memcpy.patch
+                             %chromium-system-icu.patch
+                             %chromium-system-nspr.patch
+                             %chromium-system-libevent.patch
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-gcc5.patch")
+                             (search-patch "chromium-remove-default-history.patch")))
+              (modules '((srfi srfi-1)
+                         (ice-9 ftw)
+                         (ice-9 regex)
+                         (guix build utils)))
+              (snippet
+               '(begin
+                  (let ((preserved-files
+                         (map
+                          (lambda (path) (string-append "./" path))
+                          (list
+                           "base/third_party/dmg_fp"
+                           "base/third_party/dynamic_annotations"
+                           "base/third_party/icu"
+                           "base/third_party/libevent"
+                           "base/third_party/nspr"
+                           "base/third_party/superfasthash"
+                           "base/third_party/symbolize" ;glog
+                           "base/third_party/xdg_mime"
+                           "base/third_party/xdg_user_dirs"
+                           "buildtools/third_party/libc++"
+                           "chrome/third_party/mozilla_security_manager"
+                           "courgette/third_party"
+                           "net/third_party/mozilla_security_manager"
+                           "net/third_party/nss"
+                           "third_party/adobe/flash/flapper_version.h"
+                           ;; FIXME: This is used in:
+                           ;; * ui/webui/resources/js/analytics.js
+                           ;; * ui/file_manager/
+                           "third_party/analytics"
+                           "third_party/angle"
+                           "third_party/angle/src/common/third_party/base"
+                           "third_party/angle/src/common/third_party/smhasher"
+                           "third_party/angle/src/third_party/compiler"
+                           "third_party/angle/src/third_party/libXNVCtrl"
+                           "third_party/angle/src/third_party/trace_event"
+                           "third_party/blink"
+                           "third_party/boringssl"
+                           "third_party/boringssl/src/third_party/fiat"
+                           "third_party/breakpad"
+                           "third_party/brotli"
+                           "third_party/cacheinvalidation"
+                           "third_party/catapult"
+                           "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
+                           "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
+                           "third_party/catapult/third_party/polymer"
+                           "third_party/catapult/tracing/third_party/d3"
+                           "third_party/catapult/tracing/third_party/gl-matrix"
+                           "third_party/catapult/tracing/third_party/jszip"
+                           "third_party/catapult/tracing/third_party/mannwhitneyu"
+                           "third_party/catapult/tracing/third_party/oboe"
+                           "third_party/catapult/tracing/third_party/pako"
+                           "third_party/ced"
+                           "third_party/cld_3"
+                           "third_party/crc32c"
+                           "third_party/cros_system_api"
+                           "third_party/dom_distiller_js"
+                           "third_party/fips181"
+                           "third_party/flatbuffers"
+                           ;; PDFium requires a private freetype API.
+                           ;; <https://bugs.chromium.org/p/pdfium/issues/detail?id=733>
+                           "third_party/freetype/src/src/psnames/pstables.h"
+                           "third_party/glslang-angle"
+                           "third_party/google_input_tools"
+                           "third_party/google_input_tools/third_party/closure_library"
+                           (string-append "third_party/google_input_tools/third_party"
+                                          "/closure_library/third_party/closure")
+                           "third_party/googletest"
+                           "third_party/harfbuzz-ng"
+                           "third_party/hunspell"
+                           "third_party/iccjpeg"
+                           "third_party/inspector_protocol"
+                           "third_party/jinja2"
+                           "third_party/jstemplate"
+                           "third_party/khronos"
+                           "third_party/leveldatabase"
+                           "third_party/libXNVCtrl"
+                           "third_party/libaddressinput"
+                           "third_party/libjingle_xmpp"
+                           "third_party/libphonenumber"
+                           "third_party/libsecret" ;FIXME: needs pkg-config support.
+                           "third_party/libsrtp"   ;TODO: Requires libsrtp@2.
+                           "third_party/libudev"
+                           "third_party/libwebm"
+                           "third_party/libxml"
+                           "third_party/libyuv"
+                           "third_party/lss"
+                           "third_party/lzma_sdk"
+                           "third_party/markupsafe"
+                           "third_party/mesa"
+                           "third_party/metrics_proto"
+                           "third_party/modp_b64"
+                           "third_party/mt19937ar"
+                           "third_party/node"
+                           (string-append "third_party/node/node_modules/"
+                                          "polymer-bundler/lib/third_party/UglifyJS2")
+                           "third_party/openmax_dl"
+                           "third_party/ots"
+                           "third_party/pdfium"
+                           "third_party/pdfium/third_party"
+                           "third_party/ply"
+                           "third_party/polymer"
+                           "third_party/protobuf"
+                           "third_party/protobuf/third_party/six"
+                           "third_party/qcms"
+                           "third_party/sfntly"
+                           "third_party/skia"
+                           "third_party/skia/third_party/vulkan"
+                           "third_party/skia/third_party/gif"
+                           "third_party/smhasher"
+                           "third_party/speech-dispatcher"
+                           "third_party/spirv-headers"
+                           "third_party/spirv-tools-angle"
+                           "third_party/sqlite"
+                           "third_party/swiftshader"
+                           "third_party/swiftshader/third_party"
+                           "third_party/usb_ids"
+                           "third_party/usrsctp"
+                           "third_party/vulkan"
+                           "third_party/vulkan-validation-layers"
+                           "third_party/WebKit"
+                           "third_party/web-animations-js"
+                           "third_party/webrtc"
+                           "third_party/webrtc_overrides"
+                           "third_party/widevine/cdm/widevine_cdm_version.h"
+                           "third_party/widevine/cdm/widevine_cdm_common.h"
+                           "third_party/woff2"
+                           "third_party/xdg-utils"
+                           "third_party/yasm/run_yasm.py"
+                           "third_party/zlib/google"
+                           "url/third_party/mozilla"
+                           "v8/src/third_party/valgrind"
+                           "v8/third_party/inspector_protocol"))))
+
+                    ;; This is an implementation of
+                    ;; "build/linux/unbundle/remove_bundled_libraries.py".
+                    ;; It traverses any "third_party" directory and deletes
+                    ;; files that are:
+                    ;; * not ending with ".gn" or ".gni"; or
+                    ;; * not explicitly named as argument (folder or file).
+                    ;; TODO: Remove empty directories.
+                    (define (delete-files-except exceptions dir)
+
+                      (define (enter? name stat result)
+                        (not (member name exceptions)))
+
+                      (define (leaf name stat result)
+                        (let ((protected-fil

This message was truncated. Download the full message here.

ng0 wrote on 26 Feb 2018 21:01

Re: [bug#28004] Chromium

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180226200133.zsnahblbgzovrtmu@abyayala

Marius Bakke transcribed 2.1K bytes:

Toggle quote (22 lines)> Mike Gerwitz <mtg@gnu.org> writes:
> 
> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >
> > I want to express gratitude for your hard work on this---given that
> > IceCat does not contain many of the FF devtool updates, Chromium is very
> > desirable for web development.  It's also needed for certain Node.js
> > tools, like node-inspector.
> >
> > So, thank you!
> 
> Thank *you* for the kind words! :-)
> 
> Here is the latest iteration of this patch.  New in this version:
> 
> * Chromium 64 (duh).
> * The 'delete-bundled-software' phase has been moved to a snippet,
>   shaving ~100MiB (~22%) off the compressed tarball size (and
>   drastically reduces (de)compression time).
> * The New Tab page does not show any thumbnails for new profiles.

I think you forgot to attach the patches :)

Toggle quote (16 lines)> I've also added more comments about the patches and other flags.
> 
> Now, when launching the browser for the first time, it *still* connects
> to Google services.  After a while it also does a lookup for AdWords...
> However subsequent launches are "silent" as long as the Web Store is
> disabled and "--disable-background-networking" is passed, like the
> wrapper script does.
> 
> Incidentally, now that IceCat supports WebRTC (and somehow plugged the
> IP address leak[0]!), I no longer *need* this package.  However, having
> multiple high quality browsers at hand is a huge advantage IMO, so I'd
> still like to have it in Guix.
> 
> What do y'all think?  Feedback on the snippet and description very
> welcome.

I still would like to have Chromium in Guix too. Icecat doesn't work

for everyone's needs and requirements. I'd help volunteering time to

building and updating, when it's possible for me.

Toggle quote (4 lines)

> [0] https://en.wikipedia.org/wiki/WebRTC#Concerns

-- 
ng0
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
http://krosos.org | https://n0.is/~ng0/| https://crash.cx

Marius Bakke wrote on 26 Feb 2018 21:06

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87muzvv7ku.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (25 lines)> Marius Bakke transcribed 2.1K bytes:
>> Mike Gerwitz <mtg@gnu.org> writes:
>> 
>> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>> >
>> > I want to express gratitude for your hard work on this---given that
>> > IceCat does not contain many of the FF devtool updates, Chromium is very
>> > desirable for web development.  It's also needed for certain Node.js
>> > tools, like node-inspector.
>> >
>> > So, thank you!
>> 
>> Thank *you* for the kind words! :-)
>> 
>> Here is the latest iteration of this patch.  New in this version:
>> 
>> * Chromium 64 (duh).
>> * The 'delete-bundled-software' phase has been moved to a snippet,
>>   shaving ~100MiB (~22%) off the compressed tarball size (and
>>   drastically reduces (de)compression time).
>> * The New Tab page does not show any thumbnails for new profiles.
>
> I think you forgot to attach the patches :)

Derp. I realized that and just used `git send-email`[0], but have

attached it here for convenience since the debbugs web UI doesn't allow

easy download of a raw message.

[0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131

Attachment: 0001-gnu-Add-chromium.patch

ng0 wrote on 26 Feb 2018 21:34

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180226203434.s4rtbfprzwvziutz@abyayala

Marius Bakke transcribed 43K bytes:

Toggle quote (34 lines)> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 2.1K bytes:
> >> Mike Gerwitz <mtg@gnu.org> writes:
> >> 
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
> >> >
> >> > I want to express gratitude for your hard work on this---given that
> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
> >> > desirable for web development.  It's also needed for certain Node.js
> >> > tools, like node-inspector.
> >> >
> >> > So, thank you!
> >> 
> >> Thank *you* for the kind words! :-)
> >> 
> >> Here is the latest iteration of this patch.  New in this version:
> >> 
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >>   drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.
> >
> > I think you forgot to attach the patches :)
> 
> Derp.  I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't allow
> easy download of a raw message.
> 
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> 

Great, thanks! I'll comment after building (so the usual 3 - 16 hours ;D).

Something I noticed in the past: A succesful build for Chromium depends on
the system libraries we use. The last version broke a while back when icu4c
got updated I think.
So changes need to be adjusted. We can not know when this happens, but we
can act when it happens.
-- 
ng0
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
http://krosos.org | https://n0.is/~ng0/| https://crash.cx

Björn Höfling wrote on 26 Feb 2018 23:41

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:20180226234144.032af030@alma-ubu

Hi Marius,

On Mon, 26 Feb 2018 21:06:57 +0100

Marius Bakke <mbakke@fastmail.com> wrote:

Toggle quote (36 lines)> ng0 <ng0@n0.is> writes:
> 
> > Marius Bakke transcribed 2.1K bytes:  
> >> Mike Gerwitz <mtg@gnu.org> writes:
> >>   
> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> >> >> If there are no objections, expect to see this in 'master' in
> >> >> 1-2 weeks.  
> >> >
> >> > I want to express gratitude for your hard work on this---given
> >> > that IceCat does not contain many of the FF devtool updates,
> >> > Chromium is very desirable for web development.  It's also
> >> > needed for certain Node.js tools, like node-inspector.
> >> >
> >> > So, thank you!  
> >> 
> >> Thank *you* for the kind words! :-)
> >> 
> >> Here is the latest iteration of this patch.  New in this version:
> >> 
> >> * Chromium 64 (duh).
> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >>   drastically reduces (de)compression time).
> >> * The New Tab page does not show any thumbnails for new profiles.  
> >
> > I think you forgot to attach the patches :)  
> 
> Derp.  I realized that and just used `git send-email`[0], but have
> attached it here for convenience since the debbugs web UI doesn't
> allow easy download of a raw message.
> 
> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> 

This looks like a lot of work. Thank you!

I quickly tried to apply and build the patch and have two first remarks:

The file says:

I haven't followed history, have you worked on this since 2016?

One patch has a hash-mismatch:

Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch

From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...

icu.patch 2KiB 1.8MiB/s 00:00 [####################] 100.0%

output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'

@ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'

cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built

@ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2

cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built

guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed

I looked into the file and it looks reasonable, like a patch-file. It has no download errors.

It starts like this:

description: backwards compatibility for older versions of icu

author: Michael Gilbert <mgilbert@debian.org>

--- a/v8/src/runtime/runtime-intl.cc

+++ b/v8/src/runtime/runtime-intl.cc

@@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele

...

Can you check this file again?

Björn

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

iEYEARECAAYFAlqUjSkACgkQvyhstlk+X/3RbACgoiitBCu1qBpIOijeNOOUXK7t

8yUAn1Gu6XXYAOwrG82NpCf0PDWqp3Km

=1Egd

-----END PGP SIGNATURE-----

Mike Gerwitz wrote on 27 Feb 2018 03:00

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:87k1uznqcu.fsf@gnu.org

On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:

Toggle quote (3 lines)

> Now, when launching the browser for the first time, it *still* connects

> to Google services. After a while it also does a lookup for AdWords...

Do you know what code initiates this?  Would it be easy to remove, and
would that harm other functionality?

Saying that it only runs the first time implies to me that there's a
flag, and that perhaps the flag can either be permanently set or the
conditional triggering this behavior removed.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

ng0 wrote on 27 Feb 2018 22:57

Recipients:(name . Björn Höfling)(address . bjoern.hoefling@bjoernhoefling.de)

Message-ID:20180227215717.bie4f2zdrn5s5oyo@abyayala

Björn Höfling transcribed 4.0K bytes:

Toggle quote (51 lines)> Hi Marius,
> 
> On Mon, 26 Feb 2018 21:06:57 +0100
> Marius Bakke <mbakke@fastmail.com> wrote:
> 
> > ng0 <ng0@n0.is> writes:
> > 
> > > Marius Bakke transcribed 2.1K bytes:  
> > >> Mike Gerwitz <mtg@gnu.org> writes:
> > >>   
> > >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> > >> >> If there are no objections, expect to see this in 'master' in
> > >> >> 1-2 weeks.  
> > >> >
> > >> > I want to express gratitude for your hard work on this---given
> > >> > that IceCat does not contain many of the FF devtool updates,
> > >> > Chromium is very desirable for web development.  It's also
> > >> > needed for certain Node.js tools, like node-inspector.
> > >> >
> > >> > So, thank you!  
> > >> 
> > >> Thank *you* for the kind words! :-)
> > >> 
> > >> Here is the latest iteration of this patch.  New in this version:
> > >> 
> > >> * Chromium 64 (duh).
> > >> * The 'delete-bundled-software' phase has been moved to a snippet,
> > >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> > >>   drastically reduces (de)compression time).
> > >> * The New Tab page does not show any thumbnails for new profiles.  
> > >
> > > I think you forgot to attach the patches :)  
> > 
> > Derp.  I realized that and just used `git send-email`[0], but have
> > attached it here for convenience since the debbugs web UI doesn't
> > allow easy download of a raw message.
> > 
> > [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> > 
> 
> 
> This looks like a lot of work. Thank you!
> 
> I quickly tried to apply and build the patch and have two first remarks:
> 
> The file says:
> 
> ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> 
> I haven't followed history, have you worked on this since 2016?

Marius, myself (and others?) have been working on this at least since October 2017.

I did a search, and indeed: Date: Tue, 27 Sep 2016 07:39:10 +0000 ... this is when I

first send the original Inox WIP. Wow.

Toggle quote (27 lines)> One patch has a hash-mismatch:
> 
> Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
>  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
> 
> I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
> 
> It starts like this:
> 
> description: backwards compatibility for older versions of icu
> author: Michael Gilbert <mgilbert@debian.org>
> 
> --- a/v8/src/runtime/runtime-intl.cc
> +++ b/v8/src/runtime/runtime-intl.cc
> @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
> 
> ...
> 
> Can you check this file again?

With the patch Marius send yesterday it works for me.

Toggle quote (6 lines)

> Björn

-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

ng0 wrote on 27 Feb 2018 23:17

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180227221711.omdpbgemrjwinohb@abyayala

Attachment: file

ng0 wrote on 28 Feb 2018 09:17

Recipients:(name . Mike Gerwitz)(address . mtg@gnu.org)

Message-ID:20180228081707.nnjoolzbgwwtcgq5@abyayala

Mike Gerwitz transcribed 1.6K bytes:

Toggle quote (17 lines)> On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:
> > Now, when launching the browser for the first time, it *still* connects
> > to Google services.  After a while it also does a lookup for AdWords...
> 
> Do you know what code initiates this?  Would it be easy to remove, and
> would that harm other functionality?
> 
> Saying that it only runs the first time implies to me that there's a
> flag, and that perhaps the flag can either be permanently set or the
> conditional triggering this behavior removed.
> 
> -- 
> Mike Gerwitz
> Free Software Hacker+Activist | GNU Maintainer & Volunteer
> GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
> https://mikegerwitz.com

Could this be a connectivity check?

switch "--connectivity-check-url" exists:

https://peter.sh/experiments/chromium-command-line-switches/

and there might be a flag here: chrome://flags/

We can also creatre our own settings file as suggested in

this thread:

https://www.jamf.com/jamf-nation/discussions/10331/chrome-master-preferences-file-and-suppressing-first-run-browser

Someone else suggested this file:

http://www.google.com/codesearch/p?hl=ru#HLxzG3ShG8A/trunk/win/lib/lib_values.cc&q=/tools/pso&sa=N&cd=1&ct=rc

404 now.

Adwords query might really be rlz, but I'm just guessing for now. Post from 2010:

https://blog.chromium.org/2010/06/in-open-for-rlz.html

Toggle quote (2 lines)

> When we released a new stable version of Google Chrome last March, we tried to improve the transparency and privacy options of Google Chrome. One area where ve seen a lot of interest and questions is the RLZ library that is built into Google Chrome. RLZ gives us the ability to accurately measure the success of marketing promotions and distribution partnerships in order to meet our contractual and financial obligations. It assigns non-unique, non-personally identifiable promotion tracking labels to client products; these labels sometimes appear in Google search queries in Google Chrome.we

This is the source code view:
https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.cc?view=markup
https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/rlz/rlz.h?view=markup


Different topic. This will help us to integrate packaged extensions once we get there:
https://data.gpo.zugaina.org/gentoo/www-client/chromium/files/chromium-launcher-r3.sh
and probably some more files.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

Marius Bakke wrote on 28 Feb 2018 18:14

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87371lujdr.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (42 lines)> Marius Bakke transcribed 43K bytes:
>> ng0 <ng0@n0.is> writes:
>> 
>> > Marius Bakke transcribed 2.1K bytes:
>> >> Mike Gerwitz <mtg@gnu.org> writes:
>> >> 
>> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:
>> >> >> If there are no objections, expect to see this in 'master' in 1-2 weeks.
>> >> >
>> >> > I want to express gratitude for your hard work on this---given that
>> >> > IceCat does not contain many of the FF devtool updates, Chromium is very
>> >> > desirable for web development.  It's also needed for certain Node.js
>> >> > tools, like node-inspector.
>> >> >
>> >> > So, thank you!
>> >> 
>> >> Thank *you* for the kind words! :-)
>> >> 
>> >> Here is the latest iteration of this patch.  New in this version:
>> >> 
>> >> * Chromium 64 (duh).
>> >> * The 'delete-bundled-software' phase has been moved to a snippet,
>> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
>> >>   drastically reduces (de)compression time).
>> >> * The New Tab page does not show any thumbnails for new profiles.
>> >
>> > I think you forgot to attach the patches :)
>> 
>> Derp.  I realized that and just used `git send-email`[0], but have
>> attached it here for convenience since the debbugs web UI doesn't allow
>> easy download of a raw message.
>> 
>> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>>
>
> Comments inlined, some words ahead.
>
> I think it's good that we will be able to handle extensions via Guix.
> But: We should point it out that you won't be able to install extensions
> manually, via the store or as a file. People who betatested this got
> confused.

I haven't tested installing from a file. Which error are you getting?

You can use extensions from the store by setting the variable

"CHROMIUM_ENABLE_WEB_STORE", as in Debian. But I don't see a need to

document it since it's unsupported territory from a Guix viewpoint.

Toggle quote (8 lines)

>> + (substitute* "chrome/common/chrome_paths.cc"

>> + (("/usr/share/chromium/extensions")

>> + ;; TODO: Add ~/.guix-profile.

>> + "/run/current-system/profile/share/chromium/extensions"))

> I don't know if I asked you about this in the past, but can you explain why you

> picked the run dir? I have to re-read the Gentoo eclass and Nix integration for this.

The plan is to package extensions with Guix and place them in

"out/share/chromium/extensions". Then you would be able to install

extensions through the system profile, until a better solution is in

place (like a search path).

Toggle quote (9 lines)

>> + (mkdir-p bin)

>> + ;; Add a thin wrapper to prevent the user from inadvertently

>> + ;; installing non-free software through the Web Store.

>> + ;; TODO: Discover extensions from the profile and pass

>> + ;; something like "--disable-extensions-except=...".

> To be able to work on this, can you (at least in this bug ticket,

> explain the TODO part a bit more?

This was inspired by Debians wrapper script, which discovers extensions
installed by Apt and composes this command line.  It allows disabling
the web store while still using extensions.  I'll see if I can improve
the comment.

Thanks for the feedback!

Marius Bakke wrote on 28 Feb 2018 18:28

Recipients:(name . Mike Gerwitz)(address . mtg@gnu.org)(address . 28004@debbugs.gnu.org)

Message-ID:87zi3tt44x.fsf@fastmail.com

Mike Gerwitz <mtg@gnu.org> writes:

Toggle quote (7 lines)

> On Mon, Feb 26, 2018 at 19:18:39 +0100, Marius Bakke wrote:

>> Now, when launching the browser for the first time, it *still* connects

>> to Google services. After a while it also does a lookup for AdWords...

> Do you know what code initiates this? Would it be easy to remove, and

> would that harm other functionality?

Unfortunately, I don't know what triggers it. Feel free to try picking

some of the other Inox patches and see if it makes a difference:

https://github.com/gcarq/inox-patchset

Inox goes great lengths to "ungooglify" the browser. I've decided

against picking *all* their patches, for two reasons:

1) I'd like users to be able to use Chromium with their Google account

if they wish to (although I haven't actually tested this), and more

importantly:

2) More patches means more porting work every new release. Usually

major versions bumps come with a plethora of security fixes, so I wish

to minimize maintenance overhead. Just figuring out the changed

dependencies, build flags, and GCC bugs with every release is a lot of

work already.

Toggle quote (4 lines)

> Saying that it only runs the first time implies to me that there's a

> flag, and that perhaps the flag can either be permanently set or the

> conditional triggering this behavior removed.

Indeed. Any help figuring out the offender is very welcome! No external

connectivity in the default configuration is a goal we should strive for.

Marius Bakke wrote on 28 Feb 2018 18:38

Recipients:(name . Björn Höfling)(address . bjoern.hoefling@bjoernhoefling.de)(address . 28004@debbugs.gnu.org)

Message-ID:87woyxt3nz.fsf@fastmail.com

Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:

Toggle quote (51 lines)> Hi Marius,
>
> On Mon, 26 Feb 2018 21:06:57 +0100
> Marius Bakke <mbakke@fastmail.com> wrote:
>
>> ng0 <ng0@n0.is> writes:
>> 
>> > Marius Bakke transcribed 2.1K bytes:  
>> >> Mike Gerwitz <mtg@gnu.org> writes:
>> >>   
>> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
>> >> >> If there are no objections, expect to see this in 'master' in
>> >> >> 1-2 weeks.  
>> >> >
>> >> > I want to express gratitude for your hard work on this---given
>> >> > that IceCat does not contain many of the FF devtool updates,
>> >> > Chromium is very desirable for web development.  It's also
>> >> > needed for certain Node.js tools, like node-inspector.
>> >> >
>> >> > So, thank you!  
>> >> 
>> >> Thank *you* for the kind words! :-)
>> >> 
>> >> Here is the latest iteration of this patch.  New in this version:
>> >> 
>> >> * Chromium 64 (duh).
>> >> * The 'delete-bundled-software' phase has been moved to a snippet,
>> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
>> >>   drastically reduces (de)compression time).
>> >> * The New Tab page does not show any thumbnails for new profiles.  
>> >
>> > I think you forgot to attach the patches :)  
>> 
>> Derp.  I realized that and just used `git send-email`[0], but have
>> attached it here for convenience since the debbugs web UI doesn't
>> allow easy download of a raw message.
>> 
>> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
>> 
>
>
> This looks like a lot of work. Thank you!
>
> I quickly tried to apply and build the patch and have two first remarks:
>
> The file says:
>
> ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
>
> I haven't followed history, have you worked on this since 2016?

Yeah, I started this shortly after going full-GuixSD in October 2016.

But I didn't submit it until now because I didn't think it met Guix's

standards (and still think it's questionable due to privacy concerns).

Toggle quote (27 lines)> One patch has a hash-mismatch:
>
> Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
>  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
>
> I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
>
> It starts like this:
>
> description: backwards compatibility for older versions of icu
> author: Michael Gilbert <mgilbert@debian.org>
>
> --- a/v8/src/runtime/runtime-intl.cc
> +++ b/v8/src/runtime/runtime-intl.cc
> @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
>
> ...
>
> Can you check this file again?

Whoops, indeed. I had an older patch in my store and apparently forgot

to update the hash.

The correct hash for %chromium-system-icu.patch is:

19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59

Thanks for letting me know! I'll send an updated patch later, with some

other minor improvements.

Björn Höfling wrote on 28 Feb 2018 19:09

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:20180228190925.383c1e25@alma-ubu

On Wed, 28 Feb 2018 18:38:56 +0100

Marius Bakke <mbakke@fastmail.com> wrote:

Toggle quote (15 lines)> Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:

> > One patch has a hash-mismatch:
> >
> > Starting download
> > of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> > From
> > https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
> > icu.patch  2KiB                    1.8MiB/s 00:00
> > [####################] 100.0% output path
> > `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch'
> > should have sha256 hash
> > `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has
> > `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59' @

[..]

Toggle quote (11 lines)> 
> Whoops, indeed.  I had an older patch in my store and apparently
> forgot to update the hash.
> 
> The correct hash for %chromium-system-icu.patch is:
> 
> 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59
> 
> Thanks for letting me know!  I'll send an updated patch later, with
> some other minor improvements.

With that confirmation, I could build the source derivation.

Thanks.

Björn

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

iEYEARECAAYFAlqW8FYACgkQvyhstlk+X/2k1QCeJxC3BaMrYTTL6xTdWSBk6ZcG

n8wAnjJTDY0qLaGgcFAYUabAJcXQtxmw

=EDDB

-----END PGP SIGNATURE-----

ng0 wrote on 16 Mar 2018 18:30

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180316173044.dctlydfij7smndxd@abyayala

Marius Bakke transcribed 4.8K bytes:

Toggle quote (95 lines)> Björn Höfling <bjoern.hoefling@bjoernhoefling.de> writes:
> 
> > Hi Marius,
> >
> > On Mon, 26 Feb 2018 21:06:57 +0100
> > Marius Bakke <mbakke@fastmail.com> wrote:
> >
> >> ng0 <ng0@n0.is> writes:
> >> 
> >> > Marius Bakke transcribed 2.1K bytes:  
> >> >> Mike Gerwitz <mtg@gnu.org> writes:
> >> >>   
> >> >> > On Tue, Jan 16, 2018 at 20:01:34 +0100, Marius Bakke wrote:  
> >> >> >> If there are no objections, expect to see this in 'master' in
> >> >> >> 1-2 weeks.  
> >> >> >
> >> >> > I want to express gratitude for your hard work on this---given
> >> >> > that IceCat does not contain many of the FF devtool updates,
> >> >> > Chromium is very desirable for web development.  It's also
> >> >> > needed for certain Node.js tools, like node-inspector.
> >> >> >
> >> >> > So, thank you!  
> >> >> 
> >> >> Thank *you* for the kind words! :-)
> >> >> 
> >> >> Here is the latest iteration of this patch.  New in this version:
> >> >> 
> >> >> * Chromium 64 (duh).
> >> >> * The 'delete-bundled-software' phase has been moved to a snippet,
> >> >>   shaving ~100MiB (~22%) off the compressed tarball size (and
> >> >>   drastically reduces (de)compression time).
> >> >> * The New Tab page does not show any thumbnails for new profiles.  
> >> >
> >> > I think you forgot to attach the patches :)  
> >> 
> >> Derp.  I realized that and just used `git send-email`[0], but have
> >> attached it here for convenience since the debbugs web UI doesn't
> >> allow easy download of a raw message.
> >> 
> >> [0] https://debbugs.gnu.org/cgi/bugreport.cgi?msg=131;bug=28004#131
> >> 
> >
> >
> > This looks like a lot of work. Thank you!
> >
> > I quickly tried to apply and build the patch and have two first remarks:
> >
> > The file says:
> >
> > ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
> >
> > I haven't followed history, have you worked on this since 2016?
> 
> Yeah, I started this shortly after going full-GuixSD in October 2016.
> But I didn't submit it until now because I didn't think it met Guix's
> standards (and still think it's questionable due to privacy concerns).
> 
> > One patch has a hash-mismatch:
> >
> > Starting download of /gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch
> > From https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/plain/debian/patches/system/icu.patch?id=debian/64.0.3282.119-2...
> >  icu.patch  2KiB                    1.8MiB/s 00:00 [####################] 100.0%
> > output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> > @ build-failed /gnu/store/cqdllqn8ig5wnjn0yqvnh4vlzsvnpzv6-chromium-icu.patch.drv - 1 output path `/gnu/store/q8hlws48cjfcmz6i40jrnxn3kp750gy4-chromium-icu.patch' should have sha256 hash `0kf77d8lyma3w0xpgfv2k0c741zp6ii08gzllfja6d5s59c15ylv', instead has `19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59'
> > cannot build derivation `/gnu/store/vacxbwsprcp52vp6q975450zi091dak2-chromium-64.0.3282.186.tar.xz.drv': 1 dependencies couldn't be built
> > @ build-started /gnu/store/7q53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv - x86_64-linux /var/log/guix/drvs/7q//53inn1v32b5fain0h0wcrliclf0ff1-libvpx+experimental-1.7.0.drv.bz2
> > cannot build derivation `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv': 1 dependencies couldn't be built
> > guix build: error: build failed: build of `/gnu/store/5qv7anaaqk4576pma9mhcsz1nhrx1n01-chromium-64.0.3282.186.drv' failed
> >
> > I looked into the file and it looks reasonable, like a patch-file. It has no download errors.
> >
> > It starts like this:
> >
> > description: backwards compatibility for older versions of icu
> > author: Michael Gilbert <mgilbert@debian.org>
> >
> > --- a/v8/src/runtime/runtime-intl.cc
> > +++ b/v8/src/runtime/runtime-intl.cc
> > @@ -627,7 +627,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
> >
> > ...
> >
> > Can you check this file again?
> 
> Whoops, indeed.  I had an older patch in my store and apparently forgot
> to update the hash.
> 
> The correct hash for %chromium-system-icu.patch is:
> 
> 19r0bpv2hapzq5m0m7rlz1dwn3h2ijgkilb2hmhw56qvwpbw0b59
> 
> Thanks for letting me know!  I'll send an updated patch later, with some
> other minor improvements.

I think we found it to be good enough to be included in master, or did I miss anything?

Would be nice if I could drop my local patch (and building). The team around Taler seems
to be interested in it as well as far as I can remember our chats in Leipzig.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

Marius Bakke wrote on 16 Mar 2018 18:45

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87h8pfc3tr.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (5 lines)

> I think we found it to be good enough to be included in master, or did I miss anything?

> Would be nice if I could drop my local patch (and building). The team around Taler seems

> to be interested in it as well as far as I can remember our chats in Leipzig.

Reading up on GNU Taler, Chromium seems like a poor choice for an
anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
becoming stable enough for guaranteed privacy any time soon.  And a full
fork would require a large maintenance team.

Unfortunately I got busy after the latest update, and haven't had time
to work on 65 yet.  I will send an update once I get around to it, and
also try some other Inox patches and see if they help with the "first
launch" issue -- hopefully within a week or two.

ng0 wrote on 16 Mar 2018 18:52

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180316175225.7jf4k2qaciyxnepp@abyayala

Marius Bakke transcribed 1.4K bytes:

Toggle quote (12 lines)> ng0 <ng0@n0.is> writes:
> 
> > I think we found it to be good enough to be included in master, or did I miss anything?
> >
> > Would be nice if I could drop my local patch (and building). The team around Taler seems
> > to be interested in it as well as far as I can remember our chats in Leipzig.
> 
> Reading up on GNU Taler, Chromium seems like a poor choice for an
> anonymous payment system.  Why not GNU IceCat?  I don't see Chromium
> becoming stable enough for guaranteed privacy any time soon.  And a full
> fork would require a large maintenance team.

Why: Ask Taler directly, I'm not involved with them.

And on for what: It is just for the Browser extension. No one is forking

Chromium again.

Toggle quote (5 lines)

> Unfortunately I got busy after the latest update, and haven't had time

> to work on 65 yet. I will send an update once I get around to it, and

> also try some other Inox patches and see if they help with the "first

> launch" issue -- hopefully within a week or two.

Cool, thanks! And thanks for your continued work on this. I'll definitely
try to help out once it is in master.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

Adonay Felipe Nogueira wrote on 16 Mar 2018 20:01

Recipients:(address . guix-patches@gnu.org)

Message-ID:87po43rgip.fsf@hyperbola.info

Toggle quote (5 lines)

> Reading up on GNU Taler, Chromium seems like a poor choice for an

> anonymous payment system. Why not GNU IceCat? I don't see Chromium

> becoming stable enough for guaranteed privacy any time soon. And a full

> fork would require a large maintenance team.

+1 (I agree with you).

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.

ng0 wrote on 16 Mar 2018 20:34

Recipients:(name . Adonay Felipe Nogueira)(address . adfeno@hyperbola.info)(address . 28004@debbugs.gnu.org)

Message-ID:20180316193422.wd6rybkpxpzyvqs7@abyayala

Adonay Felipe Nogueira transcribed 890 bytes:

Toggle quote (7 lines)

> > Reading up on GNU Taler, Chromium seems like a poor choice for an

> > anonymous payment system. Why not GNU IceCat? I don't see Chromium

> > becoming stable enough for guaranteed privacy any time soon. And a full

> > fork would require a large maintenance team.

> +1 (I agree with you).

Read the follow-up emails I've sent.

Also, 1 line emails which basically say "+1" are not really good,
even more so when it goes offtopic (this is about getting Chrmium into
Guix!). As we are already offtopic: Want Cross-Browser support
so that the Browser *extension* (Taler is not *a* Browser) runs
in legacy old cruft Icecat base and newer Firefox (which shares
extension format with Chrome?
Good, there's something to work on in Taler if you want it.

Again, I am not a Taler developer, reach out to them.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

Adonay Felipe Nogueira wrote on 16 Mar 2018 22:20

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:87in9vpvj6.fsf@hyperbola.info

Toggle quote (8 lines)

> Guix!). As we are already offtopic: Want Cross-Browser support

> so that the Browser *extension* (Taler is not *a* Browser) runs

> in legacy old cruft Icecat base and newer Firefox (which shares

> extension format with Chrome?

> Good, there's something to work on in Taler if you want it.

> Again, I am not a Taler developer, reach out to them.

Indeed, sorry for the bother, I tought I was replying to Taler. I guess

I'm somewhat asleep today.

Marius Bakke wrote on 13 Apr 2018 21:10

Chromium 65

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:87po32c47b.fsf@fastmail.com

Hello!

Attached is a patch for Chromium 65.

New in this version:

* Deleting third party files is now done with a single traversal of the

file system, instead of the "shotgun" approach used previously. I

also added a second pass to scrub bundled JARs and tarballs, that will

be incorporated in the "nftw" snippet eventually.

* It's using Clang instead of GCC since the latter is no longer

supported upstream (as in part of their continuous integration). GCC5

in particular is completely broken with this release. Debian and

NixOS are apparently able to build it with GCC 6 and 7 respectively,

but Arch and Gentoo changed to Clang with 65. Unfortunately GCC6 and

later has other problems in Guix: https://bugs.gnu.org/30756.

* Various tweaks to build options after reading the "GN" flags more

closely. In particular, more debugging symbols have been removed.

I haven't done anything on the privacy side since this update was

difficult enough as-is. You'll notice a few hacks around Clang and

libstdc++, and also that currently only x86_64 is supported due to

unconditionally adding the x86_64 triplet to CPLUS_INCLUDE_PATH.

Hopefully future updates will be easier. Any feedback on the

Clang/libstdc++ issues mentioned in the patch are very welcome.

Attachment: 0001-gnu-Add-chromium.patch

Oleg Pykhalov wrote on 17 Apr 2018 21:10

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:877ep5myy5.fsf@gmail.com

Hello Marius,

First of all, thank you for working on this!

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (2 lines)

> Attached is a patch for Chromium 65.

I've built it successfully. Thank you for such a hard work!

I build ‘chromium’ from my first day of using GuixSD (about one year).

Because of I cannot build it constantly, I always use out of date

‘chromium’ closure. It's more worse for privacy and security than

unchecked new ‘chromium’ version in my case (I guess).

Could we have it pushed to ‘origin/master’ for people like me? :-)

Thanks,

Oleg.

Christopher Lemmer Webber wrote on 24 Apr 2018 19:05

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:87po2own4s.fsf@dustycloud.org

Hello!  I'd like to speak up in favor of getting Chromium merged into
Guix master.  As a web developer, sometimes I have to test things
against multiple browsers.  Having Chromium in GuixSD would help me out
a lot.

It looks like a mountain of hard work has been put into this.  Could we
get it merged rather than have that work languish?

Marius Bakke wrote on 24 Apr 2018 20:08

Chromium 66 + status update

Recipients:(name . Christopher Lemmer Webber)(address . cwebber@dustycloud.org)(address . 28004@debbugs.gnu.org)

Message-ID:87woww8ojw.fsf@fastmail.com

Christopher Lemmer Webber <cwebber@dustycloud.org> writes:

Toggle quote (8 lines)

> Hello! I'd like to speak up in favor of getting Chromium merged into

> Guix master. As a web developer, sometimes I have to test things

> against multiple browsers. Having Chromium in GuixSD would help me out

> a lot.

> It looks like a mountain of hard work has been put into this. Could we

> get it merged rather than have that work languish?

Hello!

I use this browser a lot, so it's hardly languishing.

There was a recent discussion[0] about the Pale Moon browser, where it

was pointed out that the FSDG[1] requires that any third-party

repositories must be committed to only free software.

[0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html

[1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules

Unfortunately there are UI links to the Chrome "Web Store" still. It's

not possible to install from it without setting the

CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is

sufficient. It's unfortunate if an unsuspecting user stumbles into the

Web Store and tries to install something (free or not) and only then

finds out that it does not work.

The other remaining issue is that some data is sent to Google whenever

you start the browser for the first time. I don't think that's a

blocker, but it's certainly something we should aim to fix.

Attached are updates for 66. The first is an interdiff from the

previous 65 patch; the other is the full "squashed" patch for

convenience.

New in this version:

* The snippet will now error if a preserved directory is not present.

* Chromium again requires a git revision of libvpx.

* The "safe browsing" feature requires the nonfree "unrar" program(!!),

as such it has been compiled out. Luckily "Inox" already had a patch

to make the thing actually build with that flag disabled.

* Cosmetic rearrangement of patches to follow Debian and Inox patch order.

Attachment: 0001-Chromium-66-update.patch

...and the full thing:

Attachment: 0001-gnu-Add-chromium.patch

Christopher Lemmer Webber wrote on 24 Apr 2018 20:45

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:068e3226d5004773fa3cb007050bd463@dustycloud.org

Marius!

On 2018-04-24 20:08, Marius Bakke wrote:

Toggle quote (3 lines)

> The other remaining issue is that some data is sent to Google whenever

> you start the browser for the first time.

Sounds great! What data, exactly?

Toggle quote (2 lines)

> I don't think that's a blocker

I hope it is.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Tobias Geerinckx-Rice wrote on 24 Apr 2018 20:46

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:b0ebfaeac3dcf2641eda526754899bef@tobias.gr

Marius!

On 2018-04-24 20:08, Marius Bakke wrote:

Toggle quote (3 lines)

> The other remaining issue is that some data is sent to Google whenever

> you start the browser for the first time.

Sounds great! What data, exactly?

Toggle quote (2 lines)

> I don't think that's a blocker

I hope it is.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Tobias Geerinckx-Rice wrote on 24 Apr 2018 20:48

Recipients:(name . Christopher Lemmer Webber)(address . cwebber@dustycloud.org)

Message-ID:e4a4e0814d2152c9ae6f3f9cfedd190e@tobias.gr

Erm

On 2018-04-24 20:45, Christopher Lemmer Webber wrote:

Toggle quote (2 lines)

> some nonsense

My apologies: of course Chris did no such thing.

I really need to get rid of Roundcube, that's what.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Marius Bakke wrote on 24 Apr 2018 21:30

Recipients:(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 28004@debbugs.gnu.org)

Message-ID:87tvs08ks0.fsf@fastmail.com

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (8 lines)

> Marius!

> On 2018-04-24 20:08, Marius Bakke wrote:

>> The other remaining issue is that some data is sent to Google whenever

>> you start the browser for the first time.

> Sounds great! What data, exactly?

I haven't MITM'd it to check, unfortunately.  Help wanted!

The reason I don't think it's a blocking issue, is because Chromium is
a massive project and I cannot guarantee that it will never "call
home".  So while I am intent on fixing the issue, especially since it's
easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many
"call home" scenarios/antifeatures.  And if you enable extensions or log
in all bets are off.  Even Inox, which goes great lengths to de-google
it, admits that they can't guarantee privacy.

Other scenarios include checking for IPv6 availability, testing for
captive portal, etc.  And I think it even falls back to Google DNS if
the system resolver is unresponsive.  :-(

Leo Famulari wrote on 25 Apr 2018 19:00

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180425170006.GA23453@jasmine.lan

On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote:

Toggle quote (8 lines)

> The reason I don't think it's a blocking issue, is because Chromium is

> a massive project and I cannot guarantee that it will never "call

> home". So while I am intent on fixing the issue, especially since it's

> easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many

> "call home" scenarios/antifeatures. And if you enable extensions or log

> in all bets are off. Even Inox, which goes great lengths to de-google

> it, admits that they can't guarantee privacy.

I agree with Marius here.

Toggle quote (4 lines)

> Other scenarios include checking for IPv6 availability, testing for

> captive portal, etc. And I think it even falls back to Google DNS if

> the system resolver is unresponsive. :-(

I think that handling captive portals and falling back to Google DNS (or

any fallback DNS) are *great* features that address common problems that

most internet users can not work around on their own.

I don't believe these features are forbidden by the FSDG:

https://www.gnu.org/distros/free-system-distribution-guidelines.en.html

Finally, there are several packages that automatically send data out,

even in Guix. This is not a reason to exclude the software from Guix, in

my opinion.

Leo Famulari wrote on 25 Apr 2018 19:02

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180425170229.GB23453@jasmine.lan

On Tue, Apr 24, 2018 at 09:30:23PM +0200, Marius Bakke wrote:

Toggle quote (8 lines)

> The reason I don't think it's a blocking issue, is because Chromium is

> a massive project and I cannot guarantee that it will never "call

> home". So while I am intent on fixing the issue, especially since it's

> easy to test (chromium --user-data-dir=/tmp/foo), it's just one of many

> "call home" scenarios/antifeatures. And if you enable extensions or log

> in all bets are off. Even Inox, which goes great lengths to de-google

> it, admits that they can't guarantee privacy.

I'd also like to point out that we cannot and should not try to

guarantee privacy.

Privacy from whom? For whom?

Of course we want to offer a system that is reasonably private, but if

we use words like "guarantee", we are setting an impossible and

undefined goal for ourselves.

Nils Gillmann wrote on 3 May 2018 19:49

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180503174903.asxoaobk6jy2dgk7@abyayala

Marius Bakke transcribed 69K bytes:

Toggle quote (50 lines)> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
> 
> > Hello!  I'd like to speak up in favor of getting Chromium merged into
> > Guix master.  As a web developer, sometimes I have to test things
> > against multiple browsers.  Having Chromium in GuixSD would help me out
> > a lot.
> >
> > It looks like a mountain of hard work has been put into this.  Could we
> > get it merged rather than have that work languish?
> 
> Hello!
> 
> I use this browser a lot, so it's hardly languishing.
> 
> There was a recent discussion[0] about the Pale Moon browser, where it
> was pointed out that the FSDG[1] requires that any third-party
> repositories must be committed to only free software.
> 
> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> 
> Unfortunately there are UI links to the Chrome "Web Store" still.  It's
> not possible to install from it without setting the
> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> sufficient.  It's unfortunate if an unsuspecting user stumbles into the
> Web Store and tries to install something (free or not) and only then
> finds out that it does not work.
> 
> The other remaining issue is that some data is sent to Google whenever
> you start the browser for the first time.  I don't think that's a
> blocker, but it's certainly something we should aim to fix.
> 
> Attached are updates for 66.  The first is an interdiff from the
> previous 65 patch; the other is the full "squashed" patch for
> convenience.
> 
> New in this version:
> 
> * The snippet will now error if a preserved directory is not present.
> * Chromium again requires a git revision of libvpx.
> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
>   as such it has been compiled out.  Luckily "Inox" already had a patch
>   to make the thing actually build with that flag disabled.
> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> 

> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Tue, 17 Apr 2018 03:54:56 +0200
> Subject: [PATCH] Chromium 66 update.

Good progress :)

However, I'm a friend of bundling patches. Patches you have in a known location

don't run away, like "addmissingblinktools":

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch

From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...

download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"404 "Not Found"

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch

From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...

download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"404 "Not Found"

Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch

From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...

download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s"404 "Not Found"

failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"

builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'

cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built

cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built

guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed

Nils Gillmann wrote on 3 May 2018 19:58

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:20180503175845.xxz47o4gzj36udp3@abyayala

Nils Gillmann transcribed 4.4K bytes:

Toggle quote (78 lines)> Marius Bakke transcribed 69K bytes:
> > Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
> > 
> > > Hello!  I'd like to speak up in favor of getting Chromium merged into
> > > Guix master.  As a web developer, sometimes I have to test things
> > > against multiple browsers.  Having Chromium in GuixSD would help me out
> > > a lot.
> > >
> > > It looks like a mountain of hard work has been put into this.  Could we
> > > get it merged rather than have that work languish?
> > 
> > Hello!
> > 
> > I use this browser a lot, so it's hardly languishing.
> > 
> > There was a recent discussion[0] about the Pale Moon browser, where it
> > was pointed out that the FSDG[1] requires that any third-party
> > repositories must be committed to only free software.
> > 
> > [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
> > [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
> > 
> > Unfortunately there are UI links to the Chrome "Web Store" still.  It's
> > not possible to install from it without setting the
> > CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
> > sufficient.  It's unfortunate if an unsuspecting user stumbles into the
> > Web Store and tries to install something (free or not) and only then
> > finds out that it does not work.
> > 
> > The other remaining issue is that some data is sent to Google whenever
> > you start the browser for the first time.  I don't think that's a
> > blocker, but it's certainly something we should aim to fix.
> > 
> > Attached are updates for 66.  The first is an interdiff from the
> > previous 65 patch; the other is the full "squashed" patch for
> > convenience.
> > 
> > New in this version:
> > 
> > * The snippet will now error if a preserved directory is not present.
> > * Chromium again requires a git revision of libvpx.
> > * The "safe browsing" feature requires the nonfree "unrar" program(!!),
> >   as such it has been compiled out.  Luckily "Inox" already had a patch
> >   to make the thing actually build with that flag disabled.
> > * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
> > 
> 
> > From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Tue, 17 Apr 2018 03:54:56 +0200
> > Subject: [PATCH] Chromium 66 update.
>  > 
> 
> Good progress :)
> 
> However, I'm a friend of bundling patches. Patches you have in a known location
> don't run away, like "addmissingblinktools":
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> 
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed
> 
> 
> 

Is this the patch you included?

https://bazaar.launchpad.net/~chromium-team/chromium-browser/artful-beta/view/head:/debian/patches/add-missing-blink-tools.patch

guix hash is 1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s and matches the one the package definition expected.

Marius Bakke wrote on 4 May 2018 14:10

Recipients:(name . Nils Gillmann)(address . ng0@n0.is)

Message-ID:87d0ybhb9g.fsf@fastmail.com

Nils Gillmann <ng0@n0.is> writes:

Toggle quote (75 lines)> Marius Bakke transcribed 69K bytes:
>> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
>> 
>> > Hello!  I'd like to speak up in favor of getting Chromium merged into
>> > Guix master.  As a web developer, sometimes I have to test things
>> > against multiple browsers.  Having Chromium in GuixSD would help me out
>> > a lot.
>> >
>> > It looks like a mountain of hard work has been put into this.  Could we
>> > get it merged rather than have that work languish?
>> 
>> Hello!
>> 
>> I use this browser a lot, so it's hardly languishing.
>> 
>> There was a recent discussion[0] about the Pale Moon browser, where it
>> was pointed out that the FSDG[1] requires that any third-party
>> repositories must be committed to only free software.
>> 
>> [0] https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00319.html
>> [1] https://www.gnu.org/distros/free-system-distribution-guidelines.html#license-rules
>> 
>> Unfortunately there are UI links to the Chrome "Web Store" still.  It's
>> not possible to install from it without setting the
>> CHROMIUM_ENABLE_WEB_STORE variable, but I'm not sure if that is
>> sufficient.  It's unfortunate if an unsuspecting user stumbles into the
>> Web Store and tries to install something (free or not) and only then
>> finds out that it does not work.
>> 
>> The other remaining issue is that some data is sent to Google whenever
>> you start the browser for the first time.  I don't think that's a
>> blocker, but it's certainly something we should aim to fix.
>> 
>> Attached are updates for 66.  The first is an interdiff from the
>> previous 65 patch; the other is the full "squashed" patch for
>> convenience.
>> 
>> New in this version:
>> 
>> * The snippet will now error if a preserved directory is not present.
>> * Chromium again requires a git revision of libvpx.
>> * The "safe browsing" feature requires the nonfree "unrar" program(!!),
>>   as such it has been compiled out.  Luckily "Inox" already had a patch
>>   to make the thing actually build with that flag disabled.
>> * Cosmetic rearrangement of patches to follow Debian and Inox patch order.
>> 
>
>> From a6ce5ebc121f129c3097f1f105b6a4de925b43e9 Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Tue, 17 Apr 2018 03:54:56 +0200
>> Subject: [PATCH] Chromium 66 update.
>  > 
>
> Good progress :)
>
> However, I'm a friend of bundling patches. Patches you have in a known location
> don't run away, like "addmissingblinktools":
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch...
> download failed "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch" 404 "Not Found"
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://mirror.hydra.gnu.org/file/add-missing-blink-tools.patch/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
>
> Starting download of /gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch
> From http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s...
> download failed "http://tarballs.nixos.org/sha256/1im2l1g6g9mangpfphbkg6zxyglbfwbkm5jxv122yxqgm6vxzz6s" 404 "Not Found"
> failed to download "/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch" from "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch"
> builder for `/gnu/store/5hbv5vgnla974qiw6kakc28a4k35h96n-add-missing-blink-tools.patch.drv' failed to produce output path `/gnu/store/1djisy58jqjajbfcrd32vf7hrg9qvzwa-add-missing-blink-tools.patch'
> cannot build derivation `/gnu/store/2z8i7b4l4l0p5b3pj4swdl2pvbdj5q24-chromium-66.0.3359.117.tar.xz.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv': 1 dependencies couldn't be built
> guix package: error: build failed: build of `/gnu/store/4fxkp0aa1vr2b9fbl9kw8l8ijw0zrd25-chromium-66.0.3359.117.drv' failed

Whoops. I'm not used to constructing stable Bazaar URLs.

However this patch is not needed for the latest tarball.

Here's a diff to the 66 patch updating to the latest Chromium. I also

removed some inputs and third party directories that were not needed.

Attachment: chromium.diff

Nils Gillmann wrote on 4 May 2018 15:02

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180504130220.xmw7vu5uchumrfn6@abyayala

Attachment: file

ng0 wrote on 25 Jul 2018 10:08

Re: [bug#28004] Chromium

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180725080800.stqijlny6om6powe@abyayala

Hi Marius,

any chance you had the time to update to a more recent version release

of Chromium?

--ng0

Marius Bakke wrote on 5 Aug 2018 15:04

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87tvo9c6cs.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (5 lines)

> Hi Marius,

> any chance you had the time to update to a more recent version release

> of Chromium?

Good news!  Please find Chromium 68 attached.

There are *a lot* of changes in this version.  Some highlights:

* It's using GCC 8 instead of Clang.
* A bug in the source scrubber has been fixed, so .zip and .jar files
  are now purged even if the parent directory is preserved.  Currently
  we're reducing the uncompressed size from 4.3 GiB to 2.1 GiB.
* External patches are now in an easier to manage format.
* Upstream have discontinued the libvpx "experiment"; but still
  require an unreleased version.
* We're installing a "master_preferences" file, which allows us to
  easily add defaults for new profiles.
* All the various knobs for the build system have been moved to
  #:configure-flags.  This should make it easier to create custom
  Chromium variants based on this package (qtwebkit?).
* The 'configure' phase will now print *all* supported flags for
  convenience (I usually did this manually every now and then).
* I've started cherry-picking patches from Ungoogled-Chromium in the
  quest to reduce data transmission to Google.

TODO:

* There is still some data transmitted when starting the browser for the
  first time.  It seems related to the "domain_reliability" component.
* Remove remaining "Web Store" links.  Currently I've only found it in
  settings, under "accessibility" and "fonts".
* Opening settings transmits a bunch of data, the next version will
  include the 'disable-translation-lang-fetch' patch from Inox.
* PDFium is built, but does not seem to work (the 'install' phase
  probably needs tweaking).  Might just disable it instead.

As always, feedback very welcome.  Enjoy!

Attachment: 0001-gnu-Add-chromium.patch

ng0 wrote on 5 Aug 2018 18:18

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180805161802.bif4ax5feqloxayz@abyayala

Attachment: file

Marius Bakke wrote on 5 Aug 2018 20:25

Recipients:(name . ng0)(address . ng0@n0.is)

Message-ID:87lg9kd61u.fsf@fastmail.com

ng0 <ng0@n0.is> writes:

Toggle quote (6 lines)

> Once we merge this into master, can we document the update procedure?

> Or even better, write an update script if possible? For me it was 40%

> hit everything which doesn't move and take what's left over and 60%

> reading. I understand the code, but some people might want an

> explanation for how it's decided which folder gets to stay.

The "preserved-club" are simply third_party directories that are

necessary for the build. Removing any single one will cause the build

to fail (in theory, there might be outdated entries..).

It's difficult to automate because you don't know what's needed until

the build process starts and fails because of some missing dependency.

Toggle quote (4 lines)

> Not related to this section, but: NixOS has a "sandbox" output for Chromium

> which "contains the sandboxed wrapper" of Chromium. Maybe it requires something

> Nix/NixOS specific, maybe we can add that.

I guess that's for the SUID sandbox binary. I haven't had a reason to

build that because the user namespace sandbox works just fine. Perhaps

it's useful for distributions that don't have user namespaces enabled?

Toggle quote (27 lines)>> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
>> +                 ;; "out/share/icons/hicolor/$size".
>
> I have more icons here in my definition, the whole section looked like...
>
>> +                 (install-file
>> +                  "product_logo_48.png"
>> +                  (string-append out "/share/icons/48x48/chromium.png"))
>
> this:
>
> +                 ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> +                 (for-each
> +                  (lambda (file)
> +                    (let* ((size (string-filter char-numeric? file))
> +                           (icons (string-append out "/share/icons/hicolor/"
> +                                                 size "x" size "/apps")))
> +                      (mkdir-p icons)
> +                      (copy-file file (string-append icons "/chromium.png"))))
> +                  '("../../chrome/app/theme/chromium/product_logo_128.png"
> +                    "../../chrome/app/theme/chromium/product_logo_22.png"
> +                    "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> +                    "../../chrome/app/theme/chromium/product_logo_24.png"
> +                    "../../chrome/app/theme/chromium/product_logo_256.png"
> +                    "../../chrome/app/theme/chromium/product_logo_48.png"
> +                    "../../chrome/app/theme/chromium/product_logo_64.png"))

Nice. Now the next step is to generate the latter list, maybe with

find-files?

Thanks for the feedback!

ng0 wrote on 5 Aug 2018 22:32

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180805203222.iyvpw5wansinz6tb@abyayala

Marius Bakke transcribed 3.2K bytes:

Toggle quote (15 lines)> ng0 <ng0@n0.is> writes:
> 
> > Once we merge this into master, can we document the update procedure?
> > Or even better, write an update script if possible? For me it was 40%
> > hit everything which doesn't move and take what's left over and 60%
> > reading. I understand the code, but some people might want an
> > explanation for how it's decided which folder gets to stay.
> 
> The "preserved-club" are simply third_party directories that are
> necessary for the build.  Removing any single one will cause the build
> to fail (in theory, there might be outdated entries..).
> 
> It's difficult to automate because you don't know what's needed until
> the build process starts and fails because of some missing dependency.

Hm okay.

Yes, I noticed. But they usually fail very early, so it's just 4 - 20

minutes waiting depending on your harddrive and network speed.

Toggle quote (8 lines)

> > Not related to this section, but: NixOS has a "sandbox" output for Chromium

> > which "contains the sandboxed wrapper" of Chromium. Maybe it requires something

> > Nix/NixOS specific, maybe we can add that.

> I guess that's for the SUID sandbox binary. I haven't had a reason to

> build that because the user namespace sandbox works just fine. Perhaps

> it's useful for distributions that don't have user namespaces enabled?

Maybe, it's worth investigating. I haven't looked at it very much.

Toggle quote (33 lines)> 
> >> +                 ;; TODO: Install icons from "../../chrome/app/themes" into
> >> +                 ;; "out/share/icons/hicolor/$size".
> >
> > I have more icons here in my definition, the whole section looked like...
> >
> >> +                 (install-file
> >> +                  "product_logo_48.png"
> >> +                  (string-append out "/share/icons/48x48/chromium.png"))
> >
> > this:
> >
> > +                 ;; XXX: What about ../../chrome/app/theme/chromium/linux/?
> > +                 (for-each
> > +                  (lambda (file)
> > +                    (let* ((size (string-filter char-numeric? file))
> > +                           (icons (string-append out "/share/icons/hicolor/"
> > +                                                 size "x" size "/apps")))
> > +                      (mkdir-p icons)
> > +                      (copy-file file (string-append icons "/chromium.png"))))
> > +                  '("../../chrome/app/theme/chromium/product_logo_128.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_22.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_22_mono.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_24.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_256.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_48.png"
> > +                    "../../chrome/app/theme/chromium/product_logo_64.png"))
> 
> Nice.  Now the next step is to generate the latter list, maybe with
> find-files?
> 
> Thanks for the feedback!

Thanks for your continued work on this monster ;)

ng0 wrote on 6 Aug 2018 01:58

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180805235800.txqdbuawyu5y2i4m@abyayala

It took a while because of the heat, but here's a fail log appended. I'm going to bed,

and I don't know when I have time to look into it. Maybe you get to work on it

earlier than myself.

Thanks

Attachment: chromium68.txt

Oleg Pykhalov wrote on 6 Aug 2018 10:22

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:87tvo7lxa6.fsf@gmail.com

Hello,

compiled successfully on 340ee00bbf91a8e0ea567d00d7ff54dd025abc05

Thanks,

Oleg.

Amirouche Boubekki wrote on 30 Aug 2018 01:31

(no subject)

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:a0ade17eaca10ddeeb94dfb1620fff60@hypermove.net

I would like to work on the TODO items.

* There is still some data transmitted when starting the browser for the

first time. It seems related to the "domain_reliability" component.

* Remove remaining "Web Store" links. Currently I've only found it in

settings, under "accessibility" and "fonts".

Is is taken by anybody?

The build is in progress, I will report later.

Amirouche Boubekki wrote on 30 Aug 2018 08:04

Re: [bug#28004] Chromium

Recipients:(name . Oleg Pykhalov)(address . go.wigust@gmail.com)

Message-ID:867c3ef88a05a8398281df6bd717e24a@hypermove.net

compiled successfully on 256d5c6e339d59287284bb83f35c594f13bd08f9

I have the following messages appear:

Gtk-Message: 07:58:25.671: Failed to load module "canberra-gtk-module"

[3434:3434:0830/075901.665931:ERROR:sandbox_linux.cc(378)]

InitializeSandbox() called with multiple threads in process gpu-process.

libpng warning: iCCP: known incorrect sRGB profile

(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry

existed

I tested http://hyperdev.fr/ and https://zty.pe/

If nobody is working on the remaining TODO items, I will work my way

through it. LMK.

Ludovic Courtès wrote on 30 Aug 2018 11:57

Re: Firefox 52's end of life, packaging Chromium

Recipients:(name . Clément Lassieur)(address . clement@lassieur.org)

Message-ID:87h8jcyy5y.fsf@gnu.org

Hello,

Clément Lassieur <clement@lassieur.org> skribis:

Toggle quote (5 lines)

> So the question is: can we push the Chromium package? I've read it's

> almost ready[2]. It's probably far better than everything we have,

> despite not being totally 'finished'. Maybe we can add what's left to

> do as a TODO and fix the package later?

As long as the freedom issues and phone-home issues are addressed, which

appears to be the case, I’m all for it.

Marius?

Thanks,

Ludo’.

ng0 wrote on 30 Aug 2018 15:25

Re: [bug#28004] Chromium

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180830132541.6kyqgmp4w7f2i2di@abyayala

Build sucessfully on f9e140a243b6d6b5d28bd0813b69604562a39653.

Previously the lack of a swapfile was to blame - when you don't run

headless this really requires a swapfile when you have 8 GB RAM.

Mark H Weaver wrote on 2 Sep 2018 06:37

Re: [bug#28004] Chromium FSDG requirements

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 28004@debbugs.gnu.org)

Message-ID:87lg8kzf8e.fsf@netris.org

Hi Marius,

Does the modified version of Chromium in your draft package support

Encrypted Media Extensions (EME)?

https://en.wikipedia.org/wiki/Encrypted_Media_Extensions

Does it refer to third-party repositories of software that are not

committed to only including free software?

Does it contain spyware?

Thanks,

Mark

Marius Bakke wrote on 2 Sep 2018 15:16

Recipients:(name . Mark H Weaver)(address . mhw@netris.org)(address . 28004@debbugs.gnu.org)

Message-ID:87sh2sjayg.fsf@fastmail.com

Mark H Weaver <mhw@netris.org> writes:

Toggle quote (7 lines)

> Hi Marius,

> Does the modified version of Chromium in your draft package support

> Encrypted Media Extensions (EME)?

> https://en.wikipedia.org/wiki/Encrypted_Media_Extensions

No. EME is called "Widevine" in Chromium lingo and I believe all

components are purged from the source.

Toggle quote (3 lines)

> Does it refer to third-party repositories of software that are not

> committed to only including free software?

Yes. It includes support for the Chromium "Web Store", although it's

not usable in the default configuration.

Toggle quote (2 lines)

> Does it contain spyware?

Not to my knowledge.

Clément Lassieur wrote on 7 Sep 2018 11:29

Re: Firefox 52's end of life, packaging Chromium

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87y3cdlkop.fsf@lassieur.org

Hello :-)

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (14 lines)> Hello,
>
> Clément Lassieur <clement@lassieur.org> skribis:
>
>> So the question is: can we push the Chromium package?  I've read it's
>> almost ready[2].  It's probably far better than everything we have,
>> despite not being totally 'finished'.  Maybe we can add what's left to
>> do as a TODO and fix the package later?
>
> As long as the freedom issues and phone-home issues are addressed, which
> appears to be the case, I’m all for it.
>
> Marius?

Marius, what is the status, can we merge it?

Clément

Clément Lassieur wrote on 15 Sep 2018 12:36

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87sh2bnj22.fsf@lassieur.org

Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (20 lines)> Hello :-)
>
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hello,
>>
>> Clément Lassieur <clement@lassieur.org> skribis:
>>
>>> So the question is: can we push the Chromium package?  I've read it's
>>> almost ready[2].  It's probably far better than everything we have,
>>> despite not being totally 'finished'.  Maybe we can add what's left to
>>> do as a TODO and fix the package later?
>>
>> As long as the freedom issues and phone-home issues are addressed, which
>> appears to be the case, I’m all for it.
>>
>> Marius?
>
> Marius, what is the status, can we merge it?

Ping

Toggle quote (2 lines)

> Clément

Marius Bakke wrote on 17 Sep 2018 15:28

Chromium channel

Recipients:(name . Clément Lassieur)(address . clement@lassieur.org)

Message-ID:87efdsp820.fsf@fastmail.com

Clément Lassieur <clement@lassieur.org> writes:

Toggle quote (24 lines)> Clément Lassieur <clement@lassieur.org> writes:
>
>> Hello :-)
>>
>> Ludovic Courtès <ludo@gnu.org> writes:
>>
>>> Hello,
>>>
>>> Clément Lassieur <clement@lassieur.org> skribis:
>>>
>>>> So the question is: can we push the Chromium package?  I've read it's
>>>> almost ready[2].  It's probably far better than everything we have,
>>>> despite not being totally 'finished'.  Maybe we can add what's left to
>>>> do as a TODO and fix the package later?
>>>
>>> As long as the freedom issues and phone-home issues are addressed, which
>>> appears to be the case, I’m all for it.
>>>
>>> Marius?
>>
>> Marius, what is the status, can we merge it?
>
> Ping

Hello, sorry for the delay.

I've set up a channel for Chromium here:

https://gitlab.com/mbakke/guix-chromium

Chromium has been updated for version 69 as well.

I don't think we can merge as-is due to the tight Web Store integration

(even if it's disabled), but I will start work on packaging the full

"Ungoogled-Chromium" next:

https://github.com/Eloston/ungoogled-chromium

I'll bump this thread once it is ready for testing. Developments will

happen in the Gitlab repository. Pull requests welcome! :-)

Clément Lassieur wrote on 17 Sep 2018 16:16

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87pnxccipg.fsf@lassieur.org

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (43 lines)> Clément Lassieur <clement@lassieur.org> writes:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> Hello :-)
>>>
>>> Ludovic Courtès <ludo@gnu.org> writes:
>>>
>>>> Hello,
>>>>
>>>> Clément Lassieur <clement@lassieur.org> skribis:
>>>>
>>>>> So the question is: can we push the Chromium package?  I've read it's
>>>>> almost ready[2].  It's probably far better than everything we have,
>>>>> despite not being totally 'finished'.  Maybe we can add what's left to
>>>>> do as a TODO and fix the package later?
>>>>
>>>> As long as the freedom issues and phone-home issues are addressed, which
>>>> appears to be the case, I’m all for it.
>>>>
>>>> Marius?
>>>
>>> Marius, what is the status, can we merge it?
>>
>> Ping
>
> Hello, sorry for the delay.
>
> I've set up a channel for Chromium here:
>
> https://gitlab.com/mbakke/guix-chromium
>
> Chromium has been updated for version 69 as well.
>
> I don't think we can merge as-is due to the tight Web Store integration
> (even if it's disabled), but I will start work on packaging the full
> "Ungoogled-Chromium" next:
>
> https://github.com/Eloston/ungoogled-chromium
>
> I'll bump this thread once it is ready for testing.  Developments will
> happen in the Gitlab repository.  Pull requests welcome!  :-)

Great!

Thank you very much Marius, and sorry for insisting. The 'channels'

solution seems to fit very well!

Clément

Pjotr Prins wrote on 17 Sep 2018 19:57

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20180917175707.hfxkyr6r7q6geqdb@thebird.nl

On Mon, Sep 17, 2018 at 03:28:23PM +0200, Marius Bakke wrote:

Toggle quote (4 lines)

> I've set up a channel for Chromium here:

> https://gitlab.com/mbakke/guix-chromium

Too much coolness. I am fainting!

Pj.

Nils Gillmann wrote on 17 Sep 2018 20:08

Recipients:(name . Clément Lassieur)(address . clement@lassieur.org)

Message-ID:20180917180810.4phfdlo34jmu4r4r@abyayala

Clément Lassieur transcribed 1.4K bytes:

Toggle quote (36 lines)> Marius Bakke <mbakke@fastmail.com> writes:
> 
> > Clément Lassieur <clement@lassieur.org> writes:
> >
> >> Clément Lassieur <clement@lassieur.org> writes:
> >>
> >>> Hello :-)
> >>>
> >>> Ludovic Courtès <ludo@gnu.org> writes:
> >>>
> >>>> Hello,
> >>>>
> >>>> Clément Lassieur <clement@lassieur.org> skribis:
> >>>>
> >>>>> So the question is: can we push the Chromium package?  I've read it's
> >>>>> almost ready[2].  It's probably far better than everything we have,
> >>>>> despite not being totally 'finished'.  Maybe we can add what's left to
> >>>>> do as a TODO and fix the package later?
> >>>>
> >>>> As long as the freedom issues and phone-home issues are addressed, which
> >>>> appears to be the case, I’m all for it.
> >>>>
> >>>> Marius?
> >>>
> >>> Marius, what is the status, can we merge it?
> >>
> >> Ping
> >
> > Hello, sorry for the delay.
> >
> > I've set up a channel for Chromium here:
> >
> > https://gitlab.com/mbakke/guix-chromium
> >
> > Chromium has been updated for version 69 as well.

Huh! Did the requirement for building go up by 100% with version 69?

I will test if my 8GB RAM buildmachine can still build it like it

used to up to version 68.x.

Toggle quote (16 lines)> > I don't think we can merge as-is due to the tight Web Store integration
> > (even if it's disabled), but I will start work on packaging the full
> > "Ungoogled-Chromium" next:
> >
> > https://github.com/Eloston/ungoogled-chromium
> >
> > I'll bump this thread once it is ready for testing.  Developments will
> > happen in the Gitlab repository.  Pull requests welcome!  :-)
> 
> Great!
> 
> Thank you very much Marius, and sorry for insisting.  The 'channels'
> solution seems to fit very well!
> 
> Clément
>

Ludovic Courtès wrote on 22 Sep 2018 14:44

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:87r2hlwvl4.fsf@gnu.org

Hello Marius,

Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (4 lines)

> I've set up a channel for Chromium here:

> https://gitlab.com/mbakke/guix-chromium

Nice! Great to see channels put to good use. :-)

Though… let’s make sure this channel doesn’t derail “us” from the goal

of having an FSDG-compliant Chromium in Guix proper!

Ludo’.

Marius Bakke wrote on 2 Feb 2019 20:20

[PATCH] gnu: Add ungoogled-chromium.

Recipients:(address . guix-devel@gnu.org)(address . 28004@debbugs.gnu.org)

Message-ID:20190202192023.22087-1-mbakke@fastmail.com

Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium

is finally ready for inclusion in Guix.

Features:

* Chromium 72.

* No unsolicited network traffic.

* Free software only.

* No DRM.

* Not an April Fools joke.

It's currently using my trivial "fork" of Ungoogled-Chromium[0], which

will be upstreamed once the upstream reorganization[1] is done.

Comments appreciated!

[0]: https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5

[1]: https://github.com/Eloston/ungoogled-chromium/issues/651

* gnu/packages/aux-files/chromium/master-preferences.json,

gnu/packages/chromium.scm: New files.

* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.

---

gnu/local.mk | 1 +

.../chromium/master-preferences.json | 26 +

gnu/packages/chromium.scm | 741 ++++++++++++++++++

3 files changed, 768 insertions(+)

create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json

create mode 100644 gnu/packages/chromium.scm

Toggle diff (439 lines)diff --git a/gnu/local.mk b/gnu/local.mk
index 82db1488d6..b5e937cdd7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/clojure.scm			\
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..0caa7cc4cd
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+  "distribution": {
+     "import_bookmarks": false,
+     "make_chrome_default": false,
+     "make_chrome_default_for_user": false,
+     "verbose_logging": true,
+     "skip_first_run_ui": true,
+     "suppress_first_run_default_browser_prompt": true
+  },
+  "browser": {
+     "has_seen_welcome_page" : true,
+     "check_default_browser" : false
+  },
+  "dns_prefetching": {
+    "enabled": false
+  },
+  "alternate_error_pages": {
+    "enabled": false
+  },
+  "hardware": {
+    "audio_capture_enabled": false
+  },
+  "default_apps": "noinstall",
+  "hide_web_store_icon": true,
+  "homepage": "https://www.gnu.org/software/guix"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..eb404246d3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,741 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages vulkan)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+  '("base/third_party/dmg_fp" ;X11-style
+    "base/third_party/dynamic_annotations" ;BSD-2
+    "base/third_party/icu" ;Unicode, X11-style
+    "base/third_party/superfasthash" ;BSD-3
+    "base/third_party/symbolize" ;BSD-3
+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+    "base/third_party/xdg_user_dirs" ;Expat
+    "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+    "courgette/third_party/divsufsort" ;Expat
+    "net/third_party/http2" ;BSD-3
+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "net/third_party/nss" ;MPL-2.0
+    "net/third_party/quic" ;BSD-3
+    "net/third_party/spdy" ;BSD-3
+    "net/third_party/uri_template" ;ASL2.0
+    "third_party/abseil-cpp" ;ASL2.0
+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+    "third_party/angle" ;BSD-3
+    "third_party/angle/src/common/third_party/base" ;BSD-3
+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+    "third_party/angle/src/third_party/compiler" ;BSD-2
+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+    "third_party/angle/src/third_party/trace_event" ;BSD-3
+    "third_party/angle/third_party/glslang" ;BSD-3
+    "third_party/angle/third_party/spirv-headers" ;Expat
+    "third_party/angle/third_party/spirv-tools" ;Expat
+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+    "third_party/apple_apsl" ;APSL2.0
+    "third_party/blink" ;BSD-3
+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+    "third_party/boringssl/src/third_party/fiat" ;Expat
+    "third_party/breakpad" ;BSD-3
+    "third_party/brotli" ;Expat
+    "third_party/cacheinvalidation" ;ASL2.0
+    "third_party/catapult" ;BSD-3
+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+    "third_party/catapult/third_party/polymer" ;BSD-3
+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+    "third_party/catapult/tracing/third_party/pako" ;Expat
+    "third_party/ced" ;BSD-3
+    "third_party/cld_3" ;ASL2.0
+    "third_party/closure_compiler" ;ASL2.0
+    "third_party/crashpad" ;ASL2.0
+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+    "third_party/crc32c" ;BSD-3
+    "third_party/cros_system_api" ;BSD-3
+    "third_party/dom_distiller_js" ;BSD-3
+    "third_party/fips181" ;BSD-3
+    "third_party/flatbuffers" ;ASL2.0
+    "third_party/google_input_tools" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+    "third_party/googletest" ;BSD-3
+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/iccjpeg" ;IJG
+    "third_party/inspector_protocol" ;BSD-3
+    "third_party/jinja2" ;BSD-3
+    "third_party/jstemplate" ;ASL2.0
+    "third_party/khronos" ;Expat, SGI
+    "third_party/leveldatabase" ;BSD-3
+    "third_party/libXNVCtrl" ;Expat
+    "third_party/libaddressinput" ;ASL2.0
+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+    "third_party/libjingle_xmpp" ;BSD-3
+    "third_party/libphonenumber" ;ASL2.0
+    "third_party/libsecret" ;LGPL2.1+
+    "third_party/libsrtp" ;BSD-3
+    "third_party/libsync" ;ASL2.0
+    "third_party/libudev" ;LGPL2.1+
+    "third_party/libwebm" ;BSD-3
+    "third_party/libxml/chromium" ;BSD-3
+    "third_party/libyuv" ;BSD-3
+    "third_party/lss" ;BSD-3
+    "third_party/markupsafe" ;BSD-3
+    "third_party/mesa_headers" ;Expat, SGI
+    "third_party/metrics_proto" ;BSD-3
+    "third_party/modp_b64" ;BSD-3
+    "third_party/nasm" ;BSD-2
+    "third_party/node" ;Expat
+    "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+    "third_party/ots" ;BSD-3
+    "third_party/pdfium" ;BSD-3
+    "third_party/pdfium/third_party/agg23" ;Expat
+    "third_party/pdfium/third_party/base" ;BSD-3
+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
+    "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+    "third_party/ply" ;BSD-3
+    "third_party/polymer" ;BSD-3
+    "third_party/protobuf" ;BSD-3
+    "third_party/protobuf/third_party/six" ;Expat
+    "third_party/pyjson5" ;ASL2.0
+    "third_party/qcms" ;Expat
+    "third_party/rnnoise" ;BSD-3
+    "third_party/s2cellid" ;ASL2.0
+    "third_party/sfntly" ;ASL2.0
+    "third_party/skia" ;BSD-3
+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/skia/third_party/skcms" ;BSD-3
+    "third_party/skia/third_party/vulkan" ;BSD-3
+    "third_party/smhasher" ;Expat, public domain
+    "third_party/speech-dispatcher" ;GPL2+
+    "third_party/spirv-headers" ;ASL2.0
+    "third_party/SPIRV-Tools" ;ASL2.0
+    "third_party/sqlite" ;Public domain
+    "third_party/ungoogled" ;BSD-3
+    "third_party/usb_ids" ;BSD-3
+    "third_party/usrsctp" ;BSD-2
+    "third_party/web-animations-js" ;ASL2.0
+    "third_party/webdriver" ;ASL2.0
+    "third_party/webrtc" ;BSD-3
+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+    "third_party/webrtc/modules/third_party/g711" ;Public domain
+    "third_party/webrtc/modules/third_party/g722" ;Public domain
+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+    "third_party/woff2" ;ASL2.0
+    "third_party/xdg-utils" ;Expat
+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+    "third_party/zlib/google" ;BSD-3
+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+    "v8/src/third_party/utf8-decoder" ;Expat
+    "v8/src/third_party/valgrind" ;BSD-4
+    "v8/third_party/inspector_protocol" ;BSD-3
+    "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.81")
+(define %ungoogled-revision "f9b9074c322a67b04baf0982797cd7b7e09614b5")
+
+;; This is a computed origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+  (let* ((chromium-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://commondatastorage.googleapis.com"
+                                "/chromium-browser-official/chromium-"
+                                %chromium-version ".tar.xz"))
+            (sha256
+             (base32
+              "01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
+         (ungoogled-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference (url "https://github.com/mbakke/ungoogled-chromium")
+                                (commit %ungoogled-revision)))
+            (file-name (git-file-name "ungoogled-chromium"
+                                      (string-take %ungoogled-revision 7)))
+            (sha256
+             (base32
+              "0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
+
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+           #~(begin
+               (use-modules (guix build utils))
+               (let ((chromium-dir    (string-append "chromium-" #$%chromium-version))
+                     (preserved-files (list #$@%preserved-third-party-files)))
+
+                 (mkdir "/tmp/bin")
+                 (set-path-environment-variable
+                  "PATH" '("bin")
+                  (list "/tmp"
+                        #+(canonical-package patch)
+                        #+(canonical-package xz)
+                        #+(canonical-package tar)
+                        #+python-2
+                        #+python))
+
+                 (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+                 (with-directory-excursion "/tmp/ungoogled"
+
+                   (format #t "Unpacking chromium tarball...~%")
+                   (force-output)
+                   (invoke "tar" "xf" #+chromium-source)
+
+                   (format #t "Ungooglifying...~%")
+                   (force-output)
+                   (invoke "python3" "run_buildkit_cli.py" "prune"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+                           "-b" "config_bundles/linux_rooted"
+                           "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+                   (with-directory-excursion chromium-dir
+                     (format #t "Pruning third party files...~%")
+                     (force-output)
+                     (apply invoke "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" preserved-files)
+
+                     (format #t "Replacing GN files...~%")
+                     (force-output)
+                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+                             "--system-libraries" "ffmpeg" "flac" "fontconfig"
+                             "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+                             "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+                             "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+                             "zlib"))
+
+                   (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+                   (force-output)
+                   (invoke "tar" "cvfa" #$output
+                           ;; Avoid non-determinism in the archive.
+                           "--mtime=@0"
+                           "--owner=root:0"
+                           "--group=root:0"
+                           "--sort=name"
+                           chromium-dir)
+
+                   #t)))))))))
+
+(define opus+custom
+  (package/inherit opus
+    (name "opus+custom")
+    (arguments
+     (substitute-keyword-arguments (package-arguments opus)
+       ((#:configure-flags flags ''())
+        ;; Opus Custom is an optional extension of the Opus
+        ;; specification that allows for unsupported frame
+        ;; sizes.  Chromium requires that this is enabled.
+        `(cons "--enable-custom-modes"
+               ,flags))))))
+
+(define libvpx/chromium
+  ;; Chromium 66 and later requires an unreleased libvpx, so we take the
+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
+  (let ((version (package-version libvpx))
+        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
+        (revision "0"))
+    (package/inherit libvpx
+      (name "libvpx-chromium")
+      (version (git-version version revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://chromium.googlesource.com/webm/libvpx")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
+
+;; Transitional package until HarfBuzz 2.2 is available in Guix master branch.
+(define harfbuzz/chromium
+  (package/inherit harfbuzz
+    (version "2.2.0")
+    (source (origin
+              (inherit (package-source harfbuzz))
+              (uri (string-append "https://www.freedesktop.org/software/harfbuzz"
+                                  "/release/harfbuzz-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
+
+(define-public ungoogled-chromium
+  (package
+    (name "ungoogled-chromium")
+    (version %chromium-version)
+    (synopsis "Graphical web browser")
+    (source ungoogled-chromium-source)
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (srfi srfi-26))
+       #:configure-flags
+       ;; See tools/gn/docs/cookbook.md and
+       ;; https://www.chromium.org/developers/gn-build-configuration
+       ;; for usage.  Run "./gn args . --list" in the Release
+       ;; directory for an exhaustive list of supported flags.
+       ;; (Note: The 'configure' phase will do that for you.)
+       (list "is_debug=false"
+             "use_gold=false"
+             "

This message was truncated. Download the full message here.

Amin Bandali wrote on 3 Feb 2019 21:21

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:878sywsjwr.fsf@aminb.org

Hello Marius,

Thanks for your work patching and packaging ungoogled-chromium!

I haven’t had a chance to have a closer look at your patch, but would

you mind elaborating on the “* Free software only.” part of your stated

feature-set and if/how it addresses licensing concerns raised previously

e.g. by bill-auger here[1] with respect to the FSDG status of Chromium,

as well as maintaining solidarity with other FSDG-complying distros?

[1]: https://lists.gnu.org/r/guix-devel/2018-09/msg00264.html

Best,

amin

bill-auger wrote on 4 Feb 2019 05:52

Recipients:(address . guix-devel@gnu.org)

Message-ID:20190203235204.63970587@parabola

re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html

i would like to remind readers of the guix-devel list that it was
discussed some months ago, why no FSDG distros currently distribute
chromium[1] - it appeared at that time, that most people in that
discussion were in agreement that chromium should not be included in
guix; and marius was instead hosting it in a private repo, as not to
taint the main guix repos with dubious software - has there been a
notable break-through since then?

what is the evidence for this claim that this guix package is "free
software only"? - what does "Marks beautiful computed-origin-method" do
toward that end? - if a procedure for liberating any chromium-derived
software has been discovered, this would be a marvelous accomplishment
and very good news indeed, of which people outside of the guix dev team
would also be interested to learn

if the guix team has discovered some new information or has concocted a
viable liberation recipe for chromium or any of it's offspring, then i
hope that, for the benefit of all fellow Fosstopians, someone would
present that information to the FSDG mailing list for review and
discussion - it would be extra neighborly if that happened *before*
offering this program to guix users, while fully knowing that the other
FSDG distros are still intentionally suppressing it in solidarity

again, i am totally indifferent as to whether anyone uses chromium or
not - my only interest in this is that i would like to strengthen the
FSDG by convincing FSDG distros to communicate and collaborate with each
other, and to achieve consensus about common issues such as this, that
clearly affect all distros equally; so that no one is compelled to ask
"why does guixsd endorse that popular program if other FSDG distros
reject it on principal?" - it is difficult enough to explain to users
why these programs are rejected in the first place; but at least the
way things are now, we can say that all FSDG distros are in agreement to
err on the conservative side until a satisfactory liberation procedure
is found and documented - currently, the documented liberation
procedure is: "Remove program/package. Use GNU IceCat, or
equivalent"[2] - if there is a better candidate procedure now, let us
get it onto the table for discussion

i would like to consider all FSDG distros as being part of a larger
federation, sharing the same primary goals; but we cant all be reading
all of the dev lists - let us communicate whenever applicable, in the
common venue that exists for that purpose[3] - i tried enticing the
folks on the guix team to do that previously - if there is indeed
something new to announce regarding chromium's dubious FSDG status,
please elect someone from guix to do so now - this would be very
interesting news to the readers of that list, and your effort and/or
accomplishment would be sincerely applauded - other FSDG distros would
be happy (and some quite eager) to re-instate any of these
chromium-derived packages if a consensus could be reached that any of
them could be distributed 100% freely; but if all distros are to decide
for themselves what is freely distributable and what is not, without
evidence and without discussing it with the other FSDG distros nor the
FSF, then the FSDG loses its teeth, and we all look wishy-washy and
flakey on that, the main, central FSDG concern: which programs are
freely distributable and which are not


[1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
[2]:
https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
[3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

brettg wrote on 4 Feb 2019 06:52

Recipients:(name . bill-auger)(address . bill-auger@peers.community)

Message-ID:25092084972c94d8c03a0a440465b924@posteo.net

As always, I second Bill here. There is a lot of history behind the 
Chromium project that I think many of us are aware of. There, to my 
knowledge, remains to be a complete audit of the Chromium source. Such 
an audit is crucial for us to even know what is problematic and what is 
not when it comes to FSDG compliance. So, unless the ungoogled chromium 
project has done this audit successfully I remain a kind skeptic.

On 04.02.2019 05:52, bill-auger wrote:

Toggle quote (66 lines)> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn
> 
> if the guix team has discovered some new information or has concocted a
> viable liberation recipe for chromium or any of it's offspring, then i
> hope that, for the benefit of all fellow Fosstopians, someone would
> present that information to the FSDG mailing list for review and
> discussion - it would be extra neighborly if that happened *before*
> offering this program to guix users, while fully knowing that the other
> FSDG distros are still intentionally suppressing it in solidarity
> 
> again, i am totally indifferent as to whether anyone uses chromium or
> not - my only interest in this is that i would like to strengthen the
> FSDG by convincing FSDG distros to communicate and collaborate with 
> each
> other, and to achieve consensus about common issues such as this, that
> clearly affect all distros equally; so that no one is compelled to ask
> "why does guixsd endorse that popular program if other FSDG distros
> reject it on principal?" - it is difficult enough to explain to users
> why these programs are rejected in the first place; but at least the
> way things are now, we can say that all FSDG distros are in agreement 
> to
> err on the conservative side until a satisfactory liberation procedure
> is found and documented - currently, the documented liberation
> procedure is: "Remove program/package. Use GNU IceCat, or
> equivalent"[2] - if there is a better candidate procedure now, let us
> get it onto the table for discussion
> 
> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals; but we cant all be reading
> all of the dev lists - let us communicate whenever applicable, in the
> common venue that exists for that purpose[3] - i tried enticing the
> folks on the guix team to do that previously - if there is indeed
> something new to announce regarding chromium's dubious FSDG status,
> please elect someone from guix to do so now - this would be very
> interesting news to the readers of that list, and your effort and/or
> accomplishment would be sincerely applauded - other FSDG distros would
> be happy (and some quite eager) to re-instate any of these
> chromium-derived packages if a consensus could be reached that any of
> them could be distributed 100% freely; but if all distros are to decide
> for themselves what is freely distributable and what is not, without
> evidence and without discussing it with the other FSDG distros nor the
> FSF, then the FSDG loses its teeth, and we all look wishy-washy and
> flakey on that, the main, central FSDG concern: which programs are
> freely distributable and which are not
> 
> 
> [1]: 
> https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
> [2]:
> https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
> [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

Ineiev wrote on 4 Feb 2019 08:46

Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

Recipients:(name . Workgroup for fully free GNU/Linux distributions)(address . gnu-linux-libre@nongnu.org)

Message-ID:20190204074629.GD14481@gnu.org

On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:

Toggle quote (4 lines)

> FSF, then the FSDG loses its teeth, and we all look wishy-washy and

> flakey on that, the main, central FSDG concern: which programs are

> freely distributable and which are not

I don't think the main FSDG concern is which programs are freely
distributable, and even which programs are free; IMHO it is,
"a free system distribution must not steer users towards obtaining
any nonfree information for practical use."

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEvZ1N7nsv8cvvLuDE4KzT4Mvnh0oFAlxX7dUACgkQ4KzT4Mvn

h0rDJwgAijceNPXVYo3IJs8nnIfuFqlkOFMfY9Y9RuThvZmsrrhLkyvkkaulzSVS

SD789mNKzSffuN/uJnT7Py83NG4PByll1OGeAi5ZgKNW3SlbGDggUfMw/PaiEEYL

fJ4vZ7UKxwZBkEius7YfutUeec1xVJ/M8S3o6GJ7ninqDO2m9M7qpPLev4PWfyML

xGBpTomM4xgnhuqn/Q+FPgX5py6HSv9u+QVxiW4Guor07NNyZcU2vASnSWDrutQD

CVc6V/gCNU1hitqMLd8PhnK8fTvOrEVr6t5R/DBsa+x/pNweEl7BLGX0gdgcS7yA

sTTGUxE+YygvM2uCMoJwfpbwTZfjvw==

=U1og

-----END PGP SIGNATURE-----

Leo Famulari wrote on 4 Feb 2019 14:46

Re: [PATCH] gnu: Add ungoogled-chromium.

Recipients:(name . bill-auger)(address . bill-auger@peers.community)(address . 28004@debbugs.gnu.org)

Message-ID:20190204134638.GA8269@jasmine.lan

On Sun, Feb 03, 2019 at 11:52:04PM -0500, bill-auger wrote:

Toggle quote (7 lines)

> what is the evidence for this claim that this guix package is "free

> software only"? - what does "Marks beautiful computed-origin-method" do

> toward that end? - if a procedure for liberating any chromium-derived

> software has been discovered, this would be a marvelous accomplishment

> and very good news indeed, of which people outside of the guix dev team

> would also be interested to learn

If you have a concrete example of a Chromium component that is not free
software please list it in a reply-all this email.

In general, if upstream developers say their software is released under
a free software license by putting the license header in the repo or in
the files, then we take them at their word.

bill-auger wrote on 4 Feb 2019 15:47

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:20190204094754.449ea14d@parabola

On Mon, 4 Feb 2019 14:46:38 +0100 Leo wrote:

Toggle quote (3 lines)

> If you have a concrete example of a Chromium component that is not

> free software please list it in a reply-all this email.

this is not a discussion list i will apologize in advance for this

length reply - i did not CC this list

if you demand evidence you need look no further than the upstream

itself - the upstream developers can not verify for themselves that

their program is freely licensed; as evidenced by the 10 year old bug

report on this issue that is still open

https://bugs.chromium.org/p/chromium/issues/detail?id=28291

the default copy permissions for every copyrighted work is "none" - in

order for that work be be set free, the author must very explicitly

label it as such, and try their very best to ensure that their formal

statement of permission follows along with any copies of it - because if

that permission is missing, or difficult to locate or to comprehend,

there is no reason to assume the work is freely distributable

i would hope that i would not need to explain that to a member of

GNU

the burden of proof is not upon the one who claims that the default

case applies, it is upon the one who claims that some special case

applies

and anyway - let me please repeat this one more time - i have no desire

to defend nor condemn this particular program - this has been

discussed ad nauseam for many years - all that i intend today is to

entice the guix developers to communicate with the other FSDG distros

and the FSF to reach a uniform consensus on the matter - rather than to

see guix choose to distribute it, while all other FSDG distros are in

agreement not to distribute it

Julie Marchant wrote on 4 Feb 2019 13:26

Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

Recipients:(address . guix-devel@gnu.org)(address . 28004@debbugs.gnu.org)

Message-ID:29af2ef2-0f37-8728-51c9-b861fef4bbc8@riseup.net

On 02/03/2019 11:52 PM, bill-auger wrote:

Toggle quote (64 lines)> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn
> 
> if the guix team has discovered some new information or has concocted a
> viable liberation recipe for chromium or any of it's offspring, then i
> hope that, for the benefit of all fellow Fosstopians, someone would
> present that information to the FSDG mailing list for review and
> discussion - it would be extra neighborly if that happened *before*
> offering this program to guix users, while fully knowing that the other
> FSDG distros are still intentionally suppressing it in solidarity
> 
> again, i am totally indifferent as to whether anyone uses chromium or
> not - my only interest in this is that i would like to strengthen the
> FSDG by convincing FSDG distros to communicate and collaborate with each
> other, and to achieve consensus about common issues such as this, that
> clearly affect all distros equally; so that no one is compelled to ask
> "why does guixsd endorse that popular program if other FSDG distros
> reject it on principal?" - it is difficult enough to explain to users
> why these programs are rejected in the first place; but at least the
> way things are now, we can say that all FSDG distros are in agreement to
> err on the conservative side until a satisfactory liberation procedure
> is found and documented - currently, the documented liberation
> procedure is: "Remove program/package. Use GNU IceCat, or
> equivalent"[2] - if there is a better candidate procedure now, let us
> get it onto the table for discussion
> 
> i would like to consider all FSDG distros as being part of a larger
> federation, sharing the same primary goals; but we cant all be reading
> all of the dev lists - let us communicate whenever applicable, in the
> common venue that exists for that purpose[3] - i tried enticing the
> folks on the guix team to do that previously - if there is indeed
> something new to announce regarding chromium's dubious FSDG status,
> please elect someone from guix to do so now - this would be very
> interesting news to the readers of that list, and your effort and/or
> accomplishment would be sincerely applauded - other FSDG distros would
> be happy (and some quite eager) to re-instate any of these
> chromium-derived packages if a consensus could be reached that any of
> them could be distributed 100% freely; but if all distros are to decide
> for themselves what is freely distributable and what is not, without
> evidence and without discussing it with the other FSDG distros nor the
> FSF, then the FSDG loses its teeth, and we all look wishy-washy and
> flakey on that, the main, central FSDG concern: which programs are
> freely distributable and which are not
> 
> 
> [1]: https://lists.gnu.org/archive/html/guix-devel/2018-09/msg00264.html
> [2]:
> https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
> [3]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

Sorry, I didn't notice that this thread was on multiple lists, so when I
hit "Reply List" it only went to the GNU-linux-libre list. Sending a
copy to the other lists; sorry for the messiness.

I'm not sure if I've mentioned it on the GNU-linux-libre list before,
but I have never seen any actual evidence of the current version of
Chromium containing proprietary components.

It's an unreasonable standard to demand proof that programs are libre.
That's an impossible thing to prove. If someone points out, as I have
many times, "I have looked through Chromium's code and not found a
single proprietary program," someone can simply say that they didn't
look hard enough.

That LibrePlanet page, by the way, is not evidence of Chromium
containing proprietary components. It claims such, but the only evidence
provided is a copyright file that clearly indicates a libre license, and
a bug report about not passing a license checking script, which I might
add is also not proof of any program being proprietary. Not to mention,
this is from over eight years ago. Should distro maintainers also take
the outdated recommendation to remove Project: Starfighter from that
page at face value, despite the fact that I released a completely libre
version almost four years ago? The point is, that's a wiki page
sporadically maintained by volunteers. It's a possible starting point
(though to be honest I'm not so sure it's even useful for that), but not
an indication of the GNU FSDG gold standard, so to speak.

-- 
Julie Marchant
http://onpon4.github.io

Encrypt your emails with GnuPG:
https://emailselfdefense.fsf.org

Ludovic Courtès wrote on 4 Feb 2019 23:34

Re: [PATCH] gnu: Add ungoogled-chromium.

Recipients:(name . bill-auger)(address . bill-auger@peers.community)

Message-ID:87sgx3mbcq.fsf@gnu.org

Hi bill-auger,

bill-auger <bill-auger@peers.community> skribis:

Toggle quote (10 lines)> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?

It’s not entirely clear to me what the problems are, to be honest.

Marius listed specific issues that were addressed by the patches; others

then pointed out at additional issues that ungoogled-chromium fixes,

which Marius took into account; what’s left now?

I understand you’re skeptical about Chromium, but we cannot base

decisions based on vague skepticism. If you know of issues that are

still unaddressed, please do list them.

I’d also like to stress that, if Chromium is eventually included in

Guix, we are committed to fixing it or removing it should someone later

discover that it does not comply with the FSDG (that’s the “Commitment

to Correct Mistakes” section of FSDG.)

Toggle quote (3 lines)

> i would like to consider all FSDG distros as being part of a larger

> federation, sharing the same primary goals;

As you know, several of us have occasionally asked for advice on the
gnu-linux-libre list regarding concrete issues that we encountered (a
recent example was Inferno, which we ended up not adding to the distro
due to unresolved issues.)

I believe Marius and others here made a real effort in understanding and
addressing the ways in which Chromium would not comply with the FSDG.
If you’re aware of issues that are unaddressed, please share!

Thank you,
Ludo’.

swedebugia wrote on 5 Feb 2019 06:22

Re: [bug#28004] [PATCH] gnu: Add ungoogled-chromium.

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:0D2635DB-4B93-4285-A7C2-4BC699EA4D4D@riseup.net

Marius Bakke <mbakke@fastmail.com> skrev: (2 februari 2019 20:20:23 CET)

Toggle quote (502 lines)>Thanks to Marks beautiful "computed-origin-method", Ungoogled-Chromium
>is finally ready for inclusion in Guix.
>
>Features:
>* Chromium 72.
>* No unsolicited network traffic.
>* Free software only.
>* No DRM.
>* Not an April Fools joke.
>
>It's currently using my trivial "fork" of Ungoogled-Chromium[0], which
>will be upstreamed once the upstream reorganization[1] is done.
>
>Comments appreciated!
>
>[0]:
>https://github.com/mbakke/ungoogled-chromium/commit/f9b9074c322a67b04baf0982797cd7b7e09614b5
>[1]: https://github.com/Eloston/ungoogled-chromium/issues/651
>
>* gnu/packages/aux-files/chromium/master-preferences.json,
>gnu/packages/chromium.scm: New files.
>* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
>---
> gnu/local.mk                                  |   1 +
> .../chromium/master-preferences.json          |  26 +
> gnu/packages/chromium.scm                     | 741 ++++++++++++++++++
> 3 files changed, 768 insertions(+)
>create mode 100644
>gnu/packages/aux-files/chromium/master-preferences.json
> create mode 100644 gnu/packages/chromium.scm
>
>diff --git a/gnu/local.mk b/gnu/local.mk
>index 82db1488d6..b5e937cdd7 100644
>--- a/gnu/local.mk
>+++ b/gnu/local.mk
>@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
>   %D%/packages/check.scm			\
>   %D%/packages/chemistry.scm			\
>   %D%/packages/chez.scm				\
>+  %D%/packages/chromium.scm			\
>   %D%/packages/ci.scm				\
>   %D%/packages/cinnamon.scm			\
>   %D%/packages/clojure.scm			\
>diff --git a/gnu/packages/aux-files/chromium/master-preferences.json
>b/gnu/packages/aux-files/chromium/master-preferences.json
>new file mode 100644
>index 0000000000..0caa7cc4cd
>--- /dev/null
>+++ b/gnu/packages/aux-files/chromium/master-preferences.json
>@@ -0,0 +1,26 @@
>+{
>+  "distribution": {
>+     "import_bookmarks": false,
>+     "make_chrome_default": false,
>+     "make_chrome_default_for_user": false,
>+     "verbose_logging": true,
>+     "skip_first_run_ui": true,
>+     "suppress_first_run_default_browser_prompt": true
>+  },
>+  "browser": {
>+     "has_seen_welcome_page" : true,
>+     "check_default_browser" : false
>+  },
>+  "dns_prefetching": {
>+    "enabled": false
>+  },
>+  "alternate_error_pages": {
>+    "enabled": false
>+  },
>+  "hardware": {
>+    "audio_capture_enabled": false
>+  },
>+  "default_apps": "noinstall",
>+  "hide_web_store_icon": true,
>+  "homepage": "https://www.gnu.org/software/guix"
>+}
>diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
>new file mode 100644
>index 0000000000..eb404246d3
>--- /dev/null
>+++ b/gnu/packages/chromium.scm
>@@ -0,0 +1,741 @@
>+;;; GNU Guix --- Functional package management for GNU
>+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
>+;;;
>+;;; GNU Guix is free software; you can redistribute it and/or modify
>it
>+;;; under the terms of the GNU General Public License as published by
>+;;; the Free Software Foundation; either version 3 of the License, or
>(at
>+;;; your option) any later version.
>+;;;
>+;;; GNU Guix is distributed in the hope that it will be useful, but
>+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
>+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+;;; GNU General Public License for more details.
>+;;;
>+;;; You should have received a copy of the GNU General Public License
>+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
>+
>+(define-module (gnu packages chromium)
>+  #:use-module ((guix licenses) #:prefix license:)
>+  #:use-module (guix packages)
>+  #:use-module (guix gexp)
>+  #:use-module (guix store)
>+  #:use-module (guix monads)
>+  #:use-module (guix download)
>+  #:use-module (guix git-download)
>+  #:use-module (guix utils)
>+  #:use-module (guix build-system gnu)
>+  #:use-module (gnu packages)
>+  #:use-module (gnu packages assembly)
>+  #:use-module (gnu packages base)
>+  #:use-module (gnu packages bison)
>+  #:use-module (gnu packages build-tools)
>+  #:use-module (gnu packages compression)
>+  #:use-module (gnu packages cups)
>+  #:use-module (gnu packages curl)
>+  #:use-module (gnu packages fontutils)
>+  #:use-module (gnu packages gcc)
>+  #:use-module (gnu packages ghostscript)
>+  #:use-module (gnu packages gl)
>+  #:use-module (gnu packages glib)
>+  #:use-module (gnu packages gnome)
>+  #:use-module (gnu packages gnuzilla)
>+  #:use-module (gnu packages gperf)
>+  #:use-module (gnu packages gtk)
>+  #:use-module (gnu packages icu4c)
>+  #:use-module (gnu packages image)
>+  #:use-module (gnu packages libevent)
>+  #:use-module (gnu packages libffi)
>+  #:use-module (gnu packages linux)
>+  #:use-module (gnu packages kerberos)
>+  #:use-module (gnu packages ninja)
>+  #:use-module (gnu packages node)
>+  #:use-module (gnu packages pciutils)
>+  #:use-module (gnu packages pkg-config)
>+  #:use-module (gnu packages pulseaudio)
>+  #:use-module (gnu packages python)
>+  #:use-module (gnu packages python-web)
>+  #:use-module (gnu packages python-xyz)
>+  #:use-module (gnu packages regex)
>+  #:use-module (gnu packages serialization)
>+  #:use-module (gnu packages speech)
>+  #:use-module (gnu packages tls)
>+  #:use-module (gnu packages valgrind)
>+  #:use-module (gnu packages vulkan)
>+  #:use-module (gnu packages video)
>+  #:use-module (gnu packages xiph)
>+  #:use-module (gnu packages xml)
>+  #:use-module (gnu packages xdisorg)
>+  #:use-module (gnu packages xorg))
>+
>+(define %preserved-third-party-files
>+  '("base/third_party/dmg_fp" ;X11-style
>+    "base/third_party/dynamic_annotations" ;BSD-2
>+    "base/third_party/icu" ;Unicode, X11-style
>+    "base/third_party/superfasthash" ;BSD-3
>+    "base/third_party/symbolize" ;BSD-3
>+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
>+    "base/third_party/xdg_user_dirs" ;Expat
>+    "chrome/third_party/mozilla_security_manager"
>;MPL-1.1/GPL2+/LGPL2.1+
>+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
>+    "courgette/third_party/divsufsort" ;Expat
>+    "net/third_party/http2" ;BSD-3
>+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
>+    "net/third_party/nss" ;MPL-2.0
>+    "net/third_party/quic" ;BSD-3
>+    "net/third_party/spdy" ;BSD-3
>+    "net/third_party/uri_template" ;ASL2.0
>+    "third_party/abseil-cpp" ;ASL2.0
>+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
>+    "third_party/angle" ;BSD-3
>+    "third_party/angle/src/common/third_party/base" ;BSD-3
>+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
>+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
>+    "third_party/angle/src/third_party/compiler" ;BSD-2
>+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
>+    "third_party/angle/src/third_party/trace_event" ;BSD-3
>+    "third_party/angle/third_party/glslang" ;BSD-3
>+    "third_party/angle/third_party/spirv-headers" ;Expat
>+    "third_party/angle/third_party/spirv-tools" ;Expat
>+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
>+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
>+    "third_party/apple_apsl" ;APSL2.0
>+    "third_party/blink" ;BSD-3
>+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
>+    "third_party/boringssl/src/third_party/fiat" ;Expat
>+    "third_party/breakpad" ;BSD-3
>+    "third_party/brotli" ;Expat
>+    "third_party/cacheinvalidation" ;ASL2.0
>+    "third_party/catapult" ;BSD-3
>+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin"
>;ASL2.0
>+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin"
>;ASL2.0
>+    "third_party/catapult/third_party/polymer" ;BSD-3
>+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
>+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
>+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
>+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
>+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
>+    "third_party/catapult/tracing/third_party/pako" ;Expat
>+    "third_party/ced" ;BSD-3
>+    "third_party/cld_3" ;ASL2.0
>+    "third_party/closure_compiler" ;ASL2.0
>+    "third_party/crashpad" ;ASL2.0
>+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h"
>;Zlib
>+    "third_party/crc32c" ;BSD-3
>+    "third_party/cros_system_api" ;BSD-3
>+    "third_party/dom_distiller_js" ;BSD-3
>+    "third_party/fips181" ;BSD-3
>+    "third_party/flatbuffers" ;ASL2.0
>+    "third_party/google_input_tools" ;ASL2.0
>+    "third_party/google_input_tools/third_party/closure_library"
>;ASL2.0
>+   
>"third_party/google_input_tools/third_party/closure_library/third_party/closure"
>;Expat
>+    "third_party/googletest" ;BSD-3
>+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/iccjpeg" ;IJG
>+    "third_party/inspector_protocol" ;BSD-3
>+    "third_party/jinja2" ;BSD-3
>+    "third_party/jstemplate" ;ASL2.0
>+    "third_party/khronos" ;Expat, SGI
>+    "third_party/leveldatabase" ;BSD-3
>+    "third_party/libXNVCtrl" ;Expat
>+    "third_party/libaddressinput" ;ASL2.0
>+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent
>License 1.0"
>+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
>+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
>+    "third_party/libjingle_xmpp" ;BSD-3
>+    "third_party/libphonenumber" ;ASL2.0
>+    "third_party/libsecret" ;LGPL2.1+
>+    "third_party/libsrtp" ;BSD-3
>+    "third_party/libsync" ;ASL2.0
>+    "third_party/libudev" ;LGPL2.1+
>+    "third_party/libwebm" ;BSD-3
>+    "third_party/libxml/chromium" ;BSD-3
>+    "third_party/libyuv" ;BSD-3
>+    "third_party/lss" ;BSD-3
>+    "third_party/markupsafe" ;BSD-3
>+    "third_party/mesa_headers" ;Expat, SGI
>+    "third_party/metrics_proto" ;BSD-3
>+    "third_party/modp_b64" ;BSD-3
>+    "third_party/nasm" ;BSD-2
>+    "third_party/node" ;Expat
>+   
>"third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2"
>;BSD-2
>+    "third_party/ots" ;BSD-3
>+    "third_party/pdfium" ;BSD-3
>+    "third_party/pdfium/third_party/agg23" ;Expat
>+    "third_party/pdfium/third_party/base" ;BSD-3
>+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
>+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
>+    "third_party/pdfium/third_party/freetype/include/pstables.h"
>;FreeType
>+    "third_party/ply" ;BSD-3
>+    "third_party/polymer" ;BSD-3
>+    "third_party/protobuf" ;BSD-3
>+    "third_party/protobuf/third_party/six" ;Expat
>+    "third_party/pyjson5" ;ASL2.0
>+    "third_party/qcms" ;Expat
>+    "third_party/rnnoise" ;BSD-3
>+    "third_party/s2cellid" ;ASL2.0
>+    "third_party/sfntly" ;ASL2.0
>+    "third_party/skia" ;BSD-3
>+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
>+    "third_party/skia/third_party/skcms" ;BSD-3
>+    "third_party/skia/third_party/vulkan" ;BSD-3
>+    "third_party/smhasher" ;Expat, public domain
>+    "third_party/speech-dispatcher" ;GPL2+
>+    "third_party/spirv-headers" ;ASL2.0
>+    "third_party/SPIRV-Tools" ;ASL2.0
>+    "third_party/sqlite" ;Public domain
>+    "third_party/ungoogled" ;BSD-3
>+    "third_party/usb_ids" ;BSD-3
>+    "third_party/usrsctp" ;BSD-2
>+    "third_party/web-animations-js" ;ASL2.0
>+    "third_party/webdriver" ;ASL2.0
>+    "third_party/webrtc" ;BSD-3
>+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
>+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor"
>;Public domain
>+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
>+    "third_party/webrtc/modules/third_party/g711" ;Public domain
>+    "third_party/webrtc/modules/third_party/g722" ;Public domain
>+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
>+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
>+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
>+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
>+    "third_party/woff2" ;ASL2.0
>+    "third_party/xdg-utils" ;Expat
>+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
>+    "third_party/zlib/google" ;BSD-3
>+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
>+    "v8/src/third_party/utf8-decoder" ;Expat
>+    "v8/src/third_party/valgrind" ;BSD-4
>+    "v8/third_party/inspector_protocol" ;BSD-3
>+    "v8/third_party/v8/builtins")) ;PSFL
>+
>+(define* (computed-origin-method gexp-promise hash-algo hash
>+                                 #:optional (name "source")
>+                                 #:key (system (%current-system))
>+                                 (guile (default-guile)))
>+  "Return a derivation that executes the G-expression that results
>+from forcing GEXP-PROMISE."
>+  (mlet %store-monad ((guile (package->derivation guile system)))
>+    (gexp->derivation (or name "computed-origin")
>+                      (force gexp-promise)
>+                      #:system system
>+                      #:guile-for-build guile)))
>+
>+(define %chromium-version "72.0.3626.81")
>+(define %ungoogled-revision
>"f9b9074c322a67b04baf0982797cd7b7e09614b5")
>+
>+;; This is a computed origin that does the following:
>+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
>+;; 2) Prunes all third_party folders that are not explicitly
>preserved.
>+;; 3) Adjusts "GN" build files such that system libraries are
>preferred.
>+(define ungoogled-chromium-source
>+  (let* ((chromium-source
>+          (origin
>+            (method url-fetch)
>+            (uri (string-append
>"https://commondatastorage.googleapis.com"
>+                                "/chromium-browser-official/chromium-"
>+                                %chromium-version ".tar.xz"))
>+            (sha256
>+             (base32
>+             
>"01l0vlvcckpag376mjld7qprv63l0z8li689k0h6v3h0i7irzs6z"))))
>+         (ungoogled-source
>+          (origin
>+            (method git-fetch)
>+            (uri (git-reference (url
>"https://github.com/mbakke/ungoogled-chromium")
>+                                (commit %ungoogled-revision)))
>+            (file-name (git-file-name "ungoogled-chromium"
>+                                      (string-take %ungoogled-revision
>7)))
>+            (sha256
>+             (base32
>+             
>"0gmk1n3i7lbm7rw8zl4df171yhvrlimj8ksj096bf2dlfhbd44rb")))))
>+
>+    (origin
>+      (method computed-origin-method)
>+      (file-name (string-append "ungoogled-chromium-"
>%chromium-version ".tar.xz"))
>+      (sha256 #f)
>+      (uri
>+       (delay
>+         (with-imported-modules '((guix build utils))
>+           #~(begin
>+               (use-modules (guix build utils))
>+               (let ((chromium-dir    (string-append "chromium-"
>#$%chromium-version))
>+                     (preserved-files (list
>#$@%preserved-third-party-files)))
>+
>+                 (mkdir "/tmp/bin")
>+                 (set-path-environment-variable
>+                  "PATH" '("bin")
>+                  (list "/tmp"
>+                        #+(canonical-package patch)
>+                        #+(canonical-package xz)
>+                        #+(canonical-package tar)
>+                        #+python-2
>+                        #+python))
>+
>+                 (copy-recursively #+ungoogled-source
>"/tmp/ungoogled")
>+
>+                 (with-directory-excursion "/tmp/ungoogled"
>+
>+                   (format #t "Unpacking chromium tarball...~%")
>+                   (force-output)
>+                   (invoke "tar" "xf" #+chromium-source)
>+
>+                   (format #t "Ungooglifying...~%")
>+                   (force-output)
>+                   (invoke "python3" "run_buildkit_cli.py" "prune"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "patches"
>"apply"
>+                           "-b" "config_bundles/guix" chromium-dir)
>+                   (invoke "python3" "run_buildkit_cli.py" "domains"
>"apply"
>+                           "-b" "config_bundles/linux_rooted"
>+                           "-c" "/tmp/domainscache.tar.gz"
>chromium-dir)
>+
>+                   (with-directory-excursion chromium-dir
>+                     (format #t "Pruning third party files...~%")
>+                     (force-output)
>+                     (apply invoke "python"
>+                            
>"build/linux/unbundle/remove_bundled_libraries.py"
>+                             "--do-remove" preserved-files)
>+
>+                     (format #t "Replacing GN files...~%")
>+                     (force-output)
>+                     (invoke "python3"
>"build/linux/unbundle/replace_gn_files.py"
>+                             "--system-libraries" "ffmpeg" "flac"
>"fontconfig"
>+                             "freetype" "harfbuzz-ng" "icu" "libdrm"
>"libevent"
>+                             "libjpeg" "libpng" "libvpx" "libwebp"
>"libxml"
>+                             "libxslt" "openh264" "opus" "re2"
>"snappy" "yasm"
>+                             "zlib"))
>+
>+                   (format #t (string-append "Packing new Ungoogled
>tarball ...~%"))
>+                   (force-output)
>+                   (invoke "tar" "cvfa" #$output
>+                           ;; Avoid non-determinism in the archive.
>+                           "--mtime=@0"
>+                           "--owner=root:0"
>+                           "--group=root:0"
>+                           "--sort=name"
>+                           chromium-dir)
>+
>+                   #t)))))))))
>+
>+(define opus+custom
>+  (package/inherit opus
>+    (name "opus+custom")
>+    (arguments
>+     (substitute-keyword-arguments (package-arguments opus)
>+       ((#:configure-flags flags ''())
>+        ;; Opus Custom is an optional extension of the Opus
>+        ;; specification that allows for unsupported frame
>+        ;; sizes.  Chromium requires that this is enabled.
>+        `(cons "--enable-custom-modes"
>+               ,flags))))))
>+
>+(define libvpx/chromium
>+  ;; Chromium 66 and later requires an unreleased libvpx, so we take
>the
>+  ;; commit from "third_party/libvpx/README.chromium" in the tarball.
>+  (let ((version (package-version libvpx))
>+        (commit "e188b5435de71bcd602c378f1ac0441111f0f915")
>+        (revision "0"))
>+    (package/inherit libvpx
>+      (name "libvpx-chromium")
>+      (version (git-version version revision commit))
>+      (source (origin
>+                (method git-fetch)
>+                (uri (git-reference
>+                      (url
>"https://chromium.googlesource.com/webm/libvpx")
>+                      (commit commit)))
>+                (file-name (git-file-name name version))
>+                (sha256
>+                 (base32
>+                 
>"0v7lzvgy45zh7zwzmmzkvbcqmhs4xa97z0h97hd3j6myrxcfz1n9")))))))
>+
>+;; Transitional package until HarfBuzz 2.2 is available in Guix master
>branch.
>+(define harfbuzz/chromium
>+  (package/inherit harfbuzz
>+    (version "2.2.0")
>+    (source (origin
>+              (inherit (package-source harfbuzz))
>+              (uri (string-append
>"https://www.freedesktop.org/software/harfbuzz"
>+                                  "/release/harfbuzz-" version
>".tar.bz2"))
>+              (sha256
>+               (base32
>+               
>"047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))))
>+
>+(define-public ungoogled-chromium
>+  (package
>+    (name "ungoogled-chromium")
>+    (version %chromium-version)
>+    (synopsis "Graphical web browser")
>+    (source ungoogled-chromium-source)
>+    (build-system gnu-build-system)
>+    (arguments
>+     `(#:tests? #f
>+       ;; FIXME: There is a "gn" option specifically for setting
>-rpath, but
>+       ;; it overrides the RUNPATH set by the linker.
>+       #:validate-runpath? #f
>+       #:modules ((

This message was truncated. Download the full message here.

Attachment: file

Marius Bakke wrote on 6 Feb 2019 22:04

Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

Recipients:

Message-ID:87y36socg4.fsf@fastmail.com

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (19 lines)> Hi bill-auger,
>
> bill-auger <bill-auger@peers.community> skribis:
>
>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>
>> i would like to remind readers of the guix-devel list that it was
>> discussed some months ago, why no FSDG distros currently distribute
>> chromium[1] - it appeared at that time, that most people in that
>> discussion were in agreement that chromium should not be included in
>> guix; and marius was instead hosting it in a private repo, as not to
>> taint the main guix repos with dubious software - has there been a
>> notable break-through since then?
>
> It’s not entirely clear to me what the problems are, to be honest.
> Marius listed specific issues that were addressed by the patches; others
> then pointed out at additional issues that ungoogled-chromium fixes,
> which Marius took into account; what’s left now?

Indeed, the only real breakthrough is that we now have a script to
create an Ungooglified source tarball with all unnecessary third_party
components removed.  The compressed tarball is smaller than that of
IceCat and takes up around 2.1 GiB uncompressed, roughly 1GiB of which
is third_party stuff.

That leaves "just" over 1GiB of source code to audit (assuming my
third_party audit is correct).  I haven't been able to find any
proprietary parts in first party code, and am convinced that the
remaining third_party components are free, hence this patch.

I am of course happy to help other FSDG distributions liberate their
Chromium too.

Christopher Lemmer Webber wrote on 8 Feb 2019 00:52

Re: [PATCH] gnu: Add ungoogled-chromium.

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87tvhf5f8d.fsf@dustycloud.org

Ludovic Courtès writes:

Toggle quote (28 lines)> Hi bill-auger,
>
> bill-auger <bill-auger@peers.community> skribis:
>
>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>
>> i would like to remind readers of the guix-devel list that it was
>> discussed some months ago, why no FSDG distros currently distribute
>> chromium[1] - it appeared at that time, that most people in that
>> discussion were in agreement that chromium should not be included in
>> guix; and marius was instead hosting it in a private repo, as not to
>> taint the main guix repos with dubious software - has there been a
>> notable break-through since then?
>
> It’s not entirely clear to me what the problems are, to be honest.
> Marius listed specific issues that were addressed by the patches; others
> then pointed out at additional issues that ungoogled-chromium fixes,
> which Marius took into account; what’s left now?
>
> I understand you’re skeptical about Chromium, but we cannot base
> decisions based on vague skepticism.  If you know of issues that are
> still unaddressed, please do list them.
>
> I’d also like to stress that, if Chromium is eventually included in
> Guix, we are committed to fixing it or removing it should someone later
> discover that it does not comply with the FSDG (that’s the “Commitment
> to Correct Mistakes” section of FSDG.)

+1 ... If concrete problems are found, by all means those should be
raised and addressed.  Otherwise I really think we ought to merge this
work.

Julie Marchant wrote on 8 Feb 2019 00:59

Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

Recipients:

Message-ID:794ccf8b-cee1-5588-976f-085d37a0bc2a@riseup.net

On 02/07/2019 06:52 PM, Christopher Lemmer Webber wrote:

Toggle quote (34 lines)> Ludovic Courtès writes:
> 
>> Hi bill-auger,
>>
>> bill-auger <bill-auger@peers.community> skribis:
>>
>>> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
>>>
>>> i would like to remind readers of the guix-devel list that it was
>>> discussed some months ago, why no FSDG distros currently distribute
>>> chromium[1] - it appeared at that time, that most people in that
>>> discussion were in agreement that chromium should not be included in
>>> guix; and marius was instead hosting it in a private repo, as not to
>>> taint the main guix repos with dubious software - has there been a
>>> notable break-through since then?
>>
>> It’s not entirely clear to me what the problems are, to be honest.
>> Marius listed specific issues that were addressed by the patches; others
>> then pointed out at additional issues that ungoogled-chromium fixes,
>> which Marius took into account; what’s left now?
>>
>> I understand you’re skeptical about Chromium, but we cannot base
>> decisions based on vague skepticism.  If you know of issues that are
>> still unaddressed, please do list them.
>>
>> I’d also like to stress that, if Chromium is eventually included in
>> Guix, we are committed to fixing it or removing it should someone later
>> discover that it does not comply with the FSDG (that’s the “Commitment
>> to Correct Mistakes” section of FSDG.)
> 
> +1 ... If concrete problems are found, by all means those should be
> raised and addressed.  Otherwise I really think we ought to merge this
> work.

Yes, exactly.

Julie Marchant

http://onpon4.github.io

Encrypt your emails with GnuPG:

https://emailselfdefense.fsf.org

Adonay Felipe Nogueira wrote on 9 Feb 2019 15:04

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:1af79bfb-57f9-da16-8aea-ba6d33bb7eca@hyperbola.info

Em 04/02/2019 02:52, bill-auger escreveu:

Toggle quote (17 lines)> re: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00009.html
> 
> i would like to remind readers of the guix-devel list that it was
> discussed some months ago, why no FSDG distros currently distribute
> chromium[1] - it appeared at that time, that most people in that
> discussion were in agreement that chromium should not be included in
> guix; and marius was instead hosting it in a private repo, as not to
> taint the main guix repos with dubious software - has there been a
> notable break-through since then?
> 
> what is the evidence for this claim that this guix package is "free
> software only"? - what does "Marks beautiful computed-origin-method" do
> toward that end? - if a procedure for liberating any chromium-derived
> software has been discovered, this would be a marvelous accomplishment
> and very good news indeed, of which people outside of the guix dev team
> would also be interested to learn

On this matter, I think this discussion and also the review should be
tracked either in a bug report or in the Free Software Directory wiki
talk page about Chromium package/entry[1], this one also has a partial
review still to be finished. Besides, the last time I read the FSD's
entry inclusion requirements (about June, 2018) I was informed also in
IRC that they have plans to make the FSD mimic the requirements of the
GNU FSDG so that free/libre system distributions would have an easier
time getting a list of reviewed packages for inclusion. That means that
the FSD would also have the requirements from the GNU FSDG regarding not
including malware and not steering towards non-free functional data.
There are optional things to consider, for which the Antifeature Project
Team is working on drafting[2], although these are not requirements for
inclusion in the FSD.

Regarding the review results in the page referenced by [1], please keep
in mind that the torrents have no trackers, so please share/seed with
DHT and PEX enabled so others can discover the shares too.

Another alternative is of course to ditch Chromium and
Ungoogled-Chromium and focus on Iridium Browser[3].

Anyways, if you do want to see progress in the Chromium review, please
contribute by downloading, seeding and also actually reviewing parts of
the reports generated. The last stop is marked with "Continue.". I did
start the review, but I'm not the most experienced person in regards to
all of legal, security and privacy matters. Just remember to remake a
torrent with the modified report and change the old hash in the page to
the new one you're seeding if you do make changes to the report, and
mark/save the change as major so that other people get notified.

Lastly, bill-auger's question of which should be the "assumed value" for
the GNU FSDG compliance status of a unreviewed package, based on various
proofs related to the dangers of non-free software (well, gnu.org has a
page with these reports/news[4]) and also on the reasoning given by
Richard Stallman in his talks[5], the unreviewed entries should be
considered non-free.

[1] https://directory.fsf.org/wiki/Talk:Chromium
[2] https://directory.fsf.org/wiki/Free_Software_Directory:Antifeatures
[3] https://directory.fsf.org/wiki/Iridium_Browser
[4] https://www.gnu.org/proprietary/proprietary.html
[5]
http://audio-video.gnu.org/video/2015-10-24--rms--free-software-and-your-freedom--seagl--speech.ogv

Attachment: signature.asc

Marius Bakke wrote on 12 Feb 2019 16:58

[PATCH v2] gnu: Add ungoogled-chromium.

Recipients:(address . guix-devel@gnu.org)(address . 28004@debbugs.gnu.org)

Message-ID:20190212155815.23817-1-mbakke@fastmail.com

Changes in this version:

* New upstream release.

* No longer using a fork of Ungoogled-Chromium.

* The special HarfBuzz and libvpx variants have been removed due to

obsolesence.

Enjoy (or despair)! Comments appreciated.

* gnu/packages/aux-files/chromium/master-preferences.json,

gnu/packages/chromium.scm: New files.

* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.

---

gnu/local.mk | 1 +

.../chromium/master-preferences.json | 26 +

gnu/packages/chromium.scm | 726 ++++++++++++++++++

3 files changed, 753 insertions(+)

create mode 100644 gnu/packages/aux-files/chromium/master-preferences.json

create mode 100644 gnu/packages/chromium.scm

Toggle diff (444 lines)diff --git a/gnu/local.mk b/gnu/local.mk
index 154b03313a..1496bae066 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -100,6 +100,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/check.scm			\
   %D%/packages/chemistry.scm			\
   %D%/packages/chez.scm				\
+  %D%/packages/chromium.scm			\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
   %D%/packages/clojure.scm			\
diff --git a/gnu/packages/aux-files/chromium/master-preferences.json b/gnu/packages/aux-files/chromium/master-preferences.json
new file mode 100644
index 0000000000..5a2049fa72
--- /dev/null
+++ b/gnu/packages/aux-files/chromium/master-preferences.json
@@ -0,0 +1,26 @@
+{
+    "distribution": {
+        "import_bookmarks": false,
+        "make_chrome_default": false,
+        "make_chrome_default_for_user": false,
+        "verbose_logging": true,
+        "skip_first_run_ui": true,
+        "suppress_first_run_default_browser_prompt": true
+    },
+    "browser": {
+        "has_seen_welcome_page" : true,
+        "check_default_browser" : false
+    },
+    "dns_prefetching": {
+        "enabled": false
+    },
+    "alternate_error_pages": {
+        "enabled": false
+    },
+    "hardware": {
+        "audio_capture_enabled": false
+    },
+    "default_apps": "noinstall",
+    "hide_web_store_icon": true,
+    "homepage": "https://www.gnu.org/software/guix/"
+}
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
new file mode 100644
index 0000000000..85e96131e3
--- /dev/null
+++ b/gnu/packages/chromium.scm
@@ -0,0 +1,726 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages chromium)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages libevent)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu packages ninja)
+  #:use-module (gnu packages node)
+  #:use-module (gnu packages pciutils)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages speech)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages vulkan)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+(define %preserved-third-party-files
+  '("base/third_party/dmg_fp" ;X11-style
+    "base/third_party/dynamic_annotations" ;BSD-2
+    "base/third_party/icu" ;Unicode, X11-style
+    "base/third_party/superfasthash" ;BSD-3
+    "base/third_party/symbolize" ;BSD-3
+    "base/third_party/xdg_mime" ;LGPL2.1+ or Academic 2.0
+    "base/third_party/xdg_user_dirs" ;Expat
+    "chrome/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "courgette/third_party/bsdiff" ;BSD-2, BSD protection license
+    "courgette/third_party/divsufsort" ;Expat
+    "net/third_party/http2" ;BSD-3
+    "net/third_party/mozilla_security_manager" ;MPL-1.1/GPL2+/LGPL2.1+
+    "net/third_party/nss" ;MPL-2.0
+    "net/third_party/quic" ;BSD-3
+    "net/third_party/spdy" ;BSD-3
+    "net/third_party/uri_template" ;ASL2.0
+    "third_party/abseil-cpp" ;ASL2.0
+    "third_party/adobe/flash/flapper_version.h" ;no license, trivial
+    "third_party/angle" ;BSD-3
+    "third_party/angle/src/common/third_party/base" ;BSD-3
+    "third_party/angle/src/common/third_party/smhasher" ;Public domain
+    "third_party/angle/src/common/third_party/xxhash" ;BSD-2
+    "third_party/angle/src/third_party/compiler" ;BSD-2
+    "third_party/angle/src/third_party/libXNVCtrl" ;Expat
+    "third_party/angle/src/third_party/trace_event" ;BSD-3
+    "third_party/angle/third_party/glslang" ;BSD-3
+    "third_party/angle/third_party/spirv-headers" ;Expat
+    "third_party/angle/third_party/spirv-tools" ;Expat
+    "third_party/angle/third_party/vulkan-headers" ;ASL2.0
+    "third_party/angle/third_party/vulkan-loader" ;ASL2.0
+    "third_party/angle/third_party/vulkan-tools" ;ASL2.0
+    "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0
+    "third_party/apple_apsl" ;APSL2.0
+    "third_party/blink" ;BSD-3
+    "third_party/boringssl" ;OpenSSL/ISC (Google additions are ISC)
+    "third_party/boringssl/src/third_party/fiat" ;Expat
+    "third_party/breakpad" ;BSD-3
+    "third_party/brotli" ;Expat
+    "third_party/cacheinvalidation" ;ASL2.0
+    "third_party/catapult" ;BSD-3
+    "third_party/catapult/common/py_vulcanize/third_party/rcssmin" ;ASL2.0
+    "third_party/catapult/common/py_vulcanize/third_party/rjsmin" ;ASL2.0
+    "third_party/catapult/third_party/polymer" ;BSD-3
+    "third_party/catapult/tracing/third_party/d3" ;BSD-3
+    "third_party/catapult/tracing/third_party/gl-matrix" ;Expat
+    "third_party/catapult/tracing/third_party/jszip" ;Expat or GPL3
+    "third_party/catapult/tracing/third_party/mannwhitneyu" ;Expat
+    "third_party/catapult/tracing/third_party/oboe" ;BSD-2
+    "third_party/catapult/tracing/third_party/pako" ;Expat
+    "third_party/ced" ;BSD-3
+    "third_party/cld_3" ;ASL2.0
+    "third_party/crashpad" ;ASL2.0
+    "third_party/crashpad/crashpad/third_party/zlib/zlib_crashpad.h" ;Zlib
+    "third_party/crc32c" ;BSD-3
+    "third_party/cros_system_api" ;BSD-3
+    "third_party/dom_distiller_js" ;BSD-3
+    "third_party/fips181" ;BSD-3
+    "third_party/flatbuffers" ;ASL2.0
+    "third_party/google_input_tools" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library" ;ASL2.0
+    "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat
+    "third_party/googletest" ;BSD-3
+    "third_party/hunspell" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/iccjpeg" ;IJG
+    "third_party/inspector_protocol" ;BSD-3
+    "third_party/jinja2" ;BSD-3
+    "third_party/jstemplate" ;ASL2.0
+    "third_party/khronos" ;Expat, SGI
+    "third_party/leveldatabase" ;BSD-3
+    "third_party/libXNVCtrl" ;Expat
+    "third_party/libaddressinput" ;ASL2.0
+    "third_party/libaom" ;BSD-2 or "Alliance for Open Media Patent License 1.0"
+    "third_party/libaom/source/libaom/third_party/vector" ;Expat
+    "third_party/libaom/source/libaom/third_party/x86inc" ;ISC
+    "third_party/libjingle_xmpp" ;BSD-3
+    "third_party/libphonenumber" ;ASL2.0
+    "third_party/libsecret" ;LGPL2.1+
+    "third_party/libsrtp" ;BSD-3
+    "third_party/libsync" ;ASL2.0
+    "third_party/libudev" ;LGPL2.1+
+    "third_party/libwebm" ;BSD-3
+    "third_party/libxml/chromium" ;BSD-3
+    "third_party/libyuv" ;BSD-3
+    "third_party/lss" ;BSD-3
+    "third_party/markupsafe" ;BSD-3
+    "third_party/mesa_headers" ;Expat, SGI
+    "third_party/metrics_proto" ;BSD-3
+    "third_party/modp_b64" ;BSD-3
+    "third_party/nasm" ;BSD-2
+    "third_party/node" ;Expat
+    "third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2" ;BSD-2
+    "third_party/ots" ;BSD-3
+    "third_party/pdfium" ;BSD-3
+    "third_party/pdfium/third_party/agg23" ;Expat
+    "third_party/pdfium/third_party/base" ;BSD-3
+    "third_party/pdfium/third_party/bigint" ;Public domain, BSD-3
+    "third_party/pdfium/third_party/skia_shared" ;BSD-3
+    "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType
+    "third_party/ply" ;BSD-3
+    "third_party/polymer" ;BSD-3
+    "third_party/protobuf" ;BSD-3
+    "third_party/protobuf/third_party/six" ;Expat
+    "third_party/pyjson5" ;ASL2.0
+    "third_party/qcms" ;Expat
+    "third_party/rnnoise" ;BSD-3
+    "third_party/s2cellid" ;ASL2.0
+    "third_party/sfntly" ;ASL2.0
+    "third_party/skia" ;BSD-3
+    "third_party/skia/third_party/gif" ;MPL1.1/GPL2+/LGPL2.1+
+    "third_party/skia/third_party/skcms" ;BSD-3
+    "third_party/skia/third_party/vulkan" ;BSD-3
+    "third_party/smhasher" ;Expat, public domain
+    "third_party/speech-dispatcher" ;GPL2+
+    "third_party/spirv-headers" ;ASL2.0
+    "third_party/SPIRV-Tools" ;ASL2.0
+    "third_party/sqlite" ;Public domain
+    "third_party/ungoogled" ;BSD-3
+    "third_party/usb_ids" ;BSD-3
+    "third_party/usrsctp" ;BSD-2
+    "third_party/web-animations-js" ;ASL2.0
+    "third_party/webdriver" ;ASL2.0
+    "third_party/webrtc" ;BSD-3
+    "third_party/webrtc/common_audio/third_party/fft4g" ;Non-copyleft
+    "third_party/webrtc/common_audio/third_party/spl_sqrt_floor" ;Public domain
+    "third_party/webrtc/modules/third_party/fft" ;Non-copyleft
+    "third_party/webrtc/modules/third_party/g711" ;Public domain
+    "third_party/webrtc/modules/third_party/g722" ;Public domain
+    "third_party/webrtc/rtc_base/third_party/base64" ;Non-copyleft
+    "third_party/webrtc/rtc_base/third_party/sigslot" ;Public domain
+    "third_party/widevine/cdm/widevine_cdm_version.h" ;BSD-3
+    "third_party/widevine/cdm/widevine_cdm_common.h" ;BSD-3
+    "third_party/woff2" ;ASL2.0
+    "third_party/xdg-utils" ;Expat
+    "third_party/yasm/run_yasm.py" ;BSD-2 or BSD-3
+    "third_party/zlib/google" ;BSD-3
+    "url/third_party/mozilla" ;BSD-3, MPL1.1/GPL2+/LGPL2.1+
+    "v8/src/third_party/utf8-decoder" ;Expat
+    "v8/src/third_party/valgrind" ;BSD-4
+    "v8/third_party/inspector_protocol" ;BSD-3
+    "v8/third_party/v8/builtins")) ;PSFL
+
+(define* (computed-origin-method gexp-promise hash-algo hash
+                                 #:optional (name "source")
+                                 #:key (system (%current-system))
+                                 (guile (default-guile)))
+  "Return a derivation that executes the G-expression that results
+from forcing GEXP-PROMISE."
+  (mlet %store-monad ((guile (package->derivation guile system)))
+    (gexp->derivation (or name "computed-origin")
+                      (force gexp-promise)
+                      #:system system
+                      #:guile-for-build guile)))
+
+(define %chromium-version "72.0.3626.96")
+(define %ungoogled-revision "82b1194615a6542c28edfc5505d357c9dfca88c7")
+
+;; This is a "computed" origin that does the following:
+;; 1) Runs the Ungoogled scripts on a pristine Chromium tarball.
+;; 2) Prunes all third_party folders that are not explicitly preserved.
+;; 3) Adjusts "GN" build files such that system libraries are preferred.
+(define ungoogled-chromium-source
+  (let* ((chromium-source
+          (origin
+            (method url-fetch)
+            (uri (string-append "https://commondatastorage.googleapis.com"
+                                "/chromium-browser-official/chromium-"
+                                %chromium-version ".tar.xz"))
+            (sha256
+             (base32
+              "0fxavi4nwfiyb15lqm02vlq6kb8i4ipxnd7hp45bm7jdmhmgbnmj"))))
+         (ungoogled-source
+          (origin
+            (method git-fetch)
+            (uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium")
+                                (commit %ungoogled-revision)))
+            (file-name (git-file-name "ungoogled-chromium"
+                                      (string-take %ungoogled-revision 7)))
+            (sha256
+             (base32
+              "067bccrv67wh8p0vak0n38gc8mvb9hvx2pz83r0y1iiqkhrglnp3")))))
+
+    (origin
+      (method computed-origin-method)
+      (file-name (string-append "ungoogled-chromium-" %chromium-version ".tar.xz"))
+      (sha256 #f)
+      (uri
+       (delay
+         (with-imported-modules '((guix build utils))
+           #~(begin
+               (use-modules (guix build utils))
+               (let ((chromium-dir    (string-append "chromium-" #$%chromium-version))
+                     (preserved-files (list #$@%preserved-third-party-files)))
+
+                 (mkdir "/tmp/bin")
+                 (set-path-environment-variable
+                  "PATH" '("bin")
+                  (list "/tmp"
+                        #+(canonical-package patch)
+                        #+(canonical-package xz)
+                        #+(canonical-package tar)
+                        #+python-2
+                        #+python))
+
+                 (copy-recursively #+ungoogled-source "/tmp/ungoogled")
+
+                 (with-directory-excursion "/tmp/ungoogled"
+
+                   ;; Create a custom "bundle" that inherits from linux_rooted
+                   ;; and adds an additional patch.
+                   (format #t "Creating Guix config bundle...~%")
+                   (force-output)
+                   (mkdir-p "config_bundles/guix")
+                   (call-with-output-file "config_bundles/guix/bundlemeta.ini"
+                     (lambda (port)
+                       (format port
+                               "[bundle]
+display_name = GNU Guix
+depends = linux_rooted\n")))
+                   (call-with-output-file "config_bundles/guix/patch_order.list"
+                     (lambda (port)
+                       (format port "debian_buster/system/openjpeg.patch\n")))
+
+                   (format #t "Unpacking chromium tarball...~%")
+                   (force-output)
+                   (invoke "tar" "xf" #+chromium-source)
+
+                   (format #t "Ungooglifying...~%")
+                   (force-output)
+                   (invoke "python3" "run_buildkit_cli.py" "prune"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "patches" "apply"
+                           "-b" "config_bundles/guix" chromium-dir)
+                   (invoke "python3" "run_buildkit_cli.py" "domains" "apply"
+                           "-b" "config_bundles/linux_rooted"
+                           "-c" "/tmp/domainscache.tar.gz" chromium-dir)
+
+                   (with-directory-excursion chromium-dir
+                     (format #t "Pruning third party files...~%")
+                     (force-output)
+                     (apply invoke "python"
+                             "build/linux/unbundle/remove_bundled_libraries.py"
+                             "--do-remove" preserved-files)
+
+                     (format #t "Replacing GN files...~%")
+                     (force-output)
+                     (invoke "python3" "build/linux/unbundle/replace_gn_files.py"
+                             "--system-libraries" "ffmpeg" "flac" "fontconfig"
+                             "freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
+                             "libjpeg" "libpng" "libvpx" "libwebp" "libxml"
+                             "libxslt" "openh264" "opus" "re2" "snappy" "yasm"
+                             "zlib"))
+
+                   (format #t (string-append "Packing new Ungoogled tarball ...~%"))
+                   (force-output)
+                   (invoke "tar" "cvfa" #$output
+                           ;; Avoid non-determinism in the archive.
+                           "--mtime=@0"
+                           "--owner=root:0"
+                           "--group=root:0"
+                           "--sort=name"
+                           chromium-dir)
+
+                   #t)))))))))
+
+(define opus+custom
+  (package/inherit opus
+    (name "opus+custom")
+    (arguments
+     (substitute-keyword-arguments (package-arguments opus)
+       ((#:configure-flags flags ''())
+        ;; Opus Custom is an optional extension of the Opus
+        ;; specification that allows for unsupported frame
+        ;; sizes.  Chromium requires that this is enabled.
+        `(cons "--enable-custom-modes"
+               ,flags))))))
+
+(define-public ungoogled-chromium
+  (package
+    (name "ungoogled-chromium")
+    (version %chromium-version)
+    (synopsis "Graphical web browser")
+    (source ungoogled-chromium-source)
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       ;; FIXME: There is a "gn" option specifically for setting -rpath, but
+       ;; it overrides the RUNPATH set by the linker.
+       #:validate-runpath? #f
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 ftw)
+                  (ice-9 regex)
+                  (srfi srfi-26))
+       #:configure-flags
+       ;; See tools/gn/docs/cookbook.md and
+       ;; https://www.chromium.org/developers/gn-build-configuration
+       ;; for usage.  Run "./gn args . --list" in the Release
+       ;; directory for an exhaustive list of supported flags.
+       ;; (Note: The 'configure' phase will do that for you.)
+       (list "is_debug=false"
+             "use_gold=false"
+             "use_lld=false"
+             "linux_use_bundled_binutils=false"
+             "use_custom_libcxx=false"
+             "use_sysroot=false"
+             "enable_precompiled_headers=false"
+             "goma_dir=\"\""
+             "enable_nacl=false"
+             "enable_nacl_nonsfi=false"
+             "use_allocator=\"none\""   ;don't use tcmalloc
+             "use_unofficial_version_number=false"
+
+             ;; Define a custom toolchain that simply looks up CC, AR and
+             ;; friends from the environment.
+             "custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
+             "host_toolchain=\"//build/toolchain/linux/unbundle:default\""
+
+             ;; Don't assume it's clang.
+             "is_clang=false"
+
+             ;; Optimize for building everything at once, as opposed to
+             ;; incrementally

This message was truncated. Download the full message here.

Giovanni Biscuolo wrote on 16 Feb 2019 19:56

Re: [PATCH] gnu: Add ungoogled-chromium.

Recipients:(address . 28004@debbugs.gnu.org)

Message-ID:878syfblzq.fsf@roquette.mug.biscuolo.net

Hi guix-devel!

this is my humble contribution to this discussion...

(I'm not a Guix maintainer)

first and foremost, IMHO guix-devel is not the place to discuss GNU FSDG

criteria; I'm going to subscribe gnu-linux-libre@nongnu.org to send

my comments - and I _have_ some - on the FSDG compliance process

if you are interested please follow this thread:

http://lists.nongnu.org/archive/html/gnu-linux-libre/2019-02/threads.html#00020

:-D

bill-auger <bill-auger@peers.community> writes:

[...]

Toggle quote (11 lines)> about a year ago, the FSDG review process and criteria for endorsement
> of new distros was updated the new FSDG criteria checklist for
> community review that was adopted includes the following essential
> criteria:
>
>   "Programs commonly known to have freedom issues are liberated or
>   excluded"
>
> that criteria is a link to the "software that does not respect the
> FSDG" wiki page,

for reference, this page:

https://libreplanet.org/wiki/Template:FSDG_Checklist

Toggle quote (5 lines)

> which includes an entry for 'chromium-browser' (the

> debian package name) with the liberation procedure being specified as:

> "Remove program/package Use GNU IceCat, or equivalent"

[...]

Toggle quote (3 lines)

> it was also agreed upon at that time, that the FSDG criteria should be

> applicable to all currently endorsed distros in perpetuity, so ...

thank you for the clarification, Bill: you explained us the entire

FSDG_Checklist is *mandatory* for a distro to be GNU FSDG compliant; so

there's **no discussion** here

if Guix System Distribution wants to remain GNU FSDG compliant - as most

if not all Guix contributors would like, I suppose - ungoogled-chromium

should still not be included in Guix System Distribution

so, regarding this bug #28004 the natural resolution should be to

*postpone* the inclusion of this package with a statement like this one:

"ungoogled-chromium cannot be included in Guix System Distribution since

it is listed - as 'chromium-browser' - on the page

<List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser>

that is an integral part of the GNU FSDG Guidelines as extended by the

FSDG_Checklist via https://libreplanet.org/wiki/Incoming_distros#Endorsement_Process"

Happy hacking! :-)

Giovanni

[1] https://www.gnu.org/distros/free-system-distribution-guidelines.en.html

Giovanni Biscuolo

Xelera IT Infrastructures

Adonay Felipe Nogueira wrote on 16 Feb 2019 20:47

Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

Recipients:(address . guix-devel@gnu.org)

Message-ID:ba9ab8f7-f7c7-6757-4585-b6c1f35e3d93@hyperbola.info

Em 16/02/2019 12:18, Julie Marchant escreveu:

Toggle quote (4 lines)

> libre? The only argument I've seen on the matter is the way copyright

> works, but Chromium is under the Modified BSD License according to

> documentation I was able to find. If some files are not actually covered

For what is worth, what I learned with projects that don't follow the
Open Source Definition (I know that I shouldn't support this term here,
but I had to mention it) is that they mask their non-compliance behind a
license. Of course we don't intend to foster open source here, as this
project, having the goal to provide a package manager that is under the
GNU project, also aims to create a system distribution that follows the
GNU FSDG and uses such package manager

If the norm would be to only check the licenses, then we would have for
example, taken ages to figure out that the kernel source files from
upstream of GNU Linux-libre was/is non-free.

Having a requirement for a package to be first throughly reviewed
eliminates some of the possibility of having non-free functional data or
non-distributable non-functional data. It's not a perfect protection
(since the package in review might have implemented things from other
works that one of the reviewers might not be aware of).

As I said in a message to these mailing lists, I already started
reviewing Chromium, although this project is big and I might not have
the time nor all the skills to do it alone. Since today, I moved the
review, which was available at [1], to the appropriate Review namespace
at [2].


[1] https://directory.fsf.org/wiki/Talk:Chromium
[2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1

Attachment: signature.asc

Brett Gilio wrote on 16 Feb 2019 21:01

Recipients:(name . Workgroup for fully free GNU/Linux distributions)(address . gnu-linux-libre@nongnu.org)

Message-ID:87lg2f5wqk.fsf@posteo.net

Adonay Felipe Nogueira writes:

Toggle quote (33 lines)> Em 16/02/2019 12:18, Julie Marchant escreveu:
>> libre? The only argument I've seen on the matter is the way copyright
>> works, but Chromium is under the Modified BSD License according to
>> documentation I was able to find. If some files are not actually covered
>
> For what is worth, what I learned with projects that don't follow the
> Open Source Definition (I know that I shouldn't support this term here,
> but I had to mention it) is that they mask their non-compliance behind a
> license. Of course we don't intend to foster open source here, as this
> project, having the goal to provide a package manager that is under the
> GNU project, also aims to create a system distribution that follows the
> GNU FSDG and uses such package manager
>
> If the norm would be to only check the licenses, then we would have for
> example, taken ages to figure out that the kernel source files from
> upstream of GNU Linux-libre was/is non-free.
>
> Having a requirement for a package to be first throughly reviewed
> eliminates some of the possibility of having non-free functional data or
> non-distributable non-functional data. It's not a perfect protection
> (since the package in review might have implemented things from other
> works that one of the reviewers might not be aware of).
>
> As I said in a message to these mailing lists, I already started
> reviewing Chromium, although this project is big and I might not have
> the time nor all the skills to do it alone. Since today, I moved the
> review, which was available at [1], to the appropriate Review namespace
> at [2].
>
>
> [1] https://directory.fsf.org/wiki/Talk:Chromium
> [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1

Adonay, thank you for taking the initiative here! I think this is a

needed step forward.

Brett Gilio

Brett Gilio wrote on 16 Feb 2019 21:06

Recipients:(name . Workgroup for fully free GNU/Linux distributions)(address . gnu-linux-libre@nongnu.org)

Message-ID:87k1hz5wh8.fsf@posteo.net

Brett Gilio writes:

Toggle quote (40 lines)> Adonay Felipe Nogueira writes:
>
>> Em 16/02/2019 12:18, Julie Marchant escreveu:
>>> libre? The only argument I've seen on the matter is the way copyright
>>> works, but Chromium is under the Modified BSD License according to
>>> documentation I was able to find. If some files are not actually covered
>>
>> For what is worth, what I learned with projects that don't follow the
>> Open Source Definition (I know that I shouldn't support this term here,
>> but I had to mention it) is that they mask their non-compliance behind a
>> license. Of course we don't intend to foster open source here, as this
>> project, having the goal to provide a package manager that is under the
>> GNU project, also aims to create a system distribution that follows the
>> GNU FSDG and uses such package manager
>>
>> If the norm would be to only check the licenses, then we would have for
>> example, taken ages to figure out that the kernel source files from
>> upstream of GNU Linux-libre was/is non-free.
>>
>> Having a requirement for a package to be first throughly reviewed
>> eliminates some of the possibility of having non-free functional data or
>> non-distributable non-functional data. It's not a perfect protection
>> (since the package in review might have implemented things from other
>> works that one of the reviewers might not be aware of).
>>
>> As I said in a message to these mailing lists, I already started
>> reviewing Chromium, although this project is big and I might not have
>> the time nor all the skills to do it alone. Since today, I moved the
>> review, which was available at [1], to the appropriate Review namespace
>> at [2].
>>
>>
>> [1] https://directory.fsf.org/wiki/Talk:Chromium
>> [2] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1
>
> Adonay, thank you for taking the initiative here! I think this is a
> needed step forward.
>
> Brett Gilio

Also, maybe it would be of some help to involve somebody from the FSF to

be a neutral mediator on this process until we come to some reasonable

conclusion?

Marius,

I think you can probably go ahead and push that patch, knowing full well

that Bill warned a bug report will be filed against the Guix source tree

until such time that an audit concludes or Adonay's suggestion is

followed through with.

Bill,

What do you think here?

Brett Gilio

Marius Bakke wrote on 18 Feb 2019 23:43

Re: [bug#28004] [PATCH v2] gnu: Add ungoogled-chromium.

Recipients:(address . guix-devel@gnu.org)(address . 28004-done@debbugs.gnu.org)

Message-ID:87k1hwogyt.fsf@fastmail.com

Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (7 lines)

> Changes in this version:

> * New upstream release.

> * No longer using a fork of Ungoogled-Chromium.

> * The special HarfBuzz and libvpx variants have been removed due to

> obsolesence.

I've pushed this patch now, with minor cosmetic improvements:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=f1e9de4d3aefae420db633a56ba9cd93f7750df3

Thanks to everyone who participated!

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 28004@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 28004

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch