aland/nixpkgs-odroid-hc4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

Browse source 
https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>
This commit is contained in:
Anton Arapov 2021-04-03 12:58:10 +02:00 committed by Alan Daniels
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

99
pkgs/applications/networking/browsers/chromium/README.md Normal file
View file

@ -0,0 +1,99 @@
# Maintainers
- Note: We could always use more contributors, testers, etc. E.g.:
- A dedicated maintainer for the NixOS stable channel
- PRs with cleanups, improvements, fixes, etc. (but please try to make reviews
as easy as possible)
- People who handle stale issues/PRs
- Primary maintainer (responsible for all updates): @primeos
- Testers (test all stable channel updates)
- `nixos-unstable`:
- `x86_64`: @danielfullmer
- `aarch64`: @thefloweringash
- Stable channel:
- `x86_64`: @Frostman
- Other relevant packages:
- `chromiumBeta` and `chromiumDev`: For testing purposes only (not build on
Hydra). We use these channels for testing and to fix build errors in advance
so that `chromium` updates are trivial and can be merged fast.
- `google-chrome`, `google-chrome-beta`, `google-chrome-dev`: Updated via
Chromium's `upstream-info.json`
- `ungoogled-chromium`: @squalus
- `chromedriver`: Updated via Chromium's `upstream-info.json` and not built
from source.
# Upstream links
- Source code: https://source.chromium.org/chromium/chromium/src
- Bugs: https://bugs.chromium.org/p/chromium/issues/list
- Release updates: https://chromereleases.googleblog.com/
- Available as Atom or RSS feed (filter for
"Stable Channel Update for Desktop")
- Channel overview: https://omahaproxy.appspot.com/
- Release schedule: https://chromiumdash.appspot.com/schedule
# Updating Chromium
Simply run `./pkgs/applications/networking/browsers/chromium/update.py` to
update `upstream-info.json`. After updates it is important to test at least
`nixosTests.chromium` (or basic manual testing) and `google-chrome` (which
reuses `upstream-info.json`).
Note: The source tarball is often only available a few hours after the release
was announced. The CI/CD status can be tracked here:
- https://ci.chromium.org/p/infra/builders/cron/publish_tarball
- https://ci.chromium.org/p/infra/builders/cron/publish_tarball_dispatcher
To run all automated NixOS VM tests for Chromium, ungoogled-chromium,
and Google Chrome (not recommended, currently 6x tests!):
```
nix-build nixos/tests/chromium.nix
```
A single test can be selected, e.g. to test `ungoogled-chromium` (see
`channelMap` in `nixos/tests/chromium.nix` for all available options):
```
nix-build nixos/tests/chromium.nix -A ungoogled
```
(Note: Testing Google Chrome requires `export NIXPKGS_ALLOW_UNFREE=1`.)
For custom builds it's possible to "override" `channelMap`.
## Backports
All updates are considered security critical and should be ported to the stable
channel ASAP. When there is a new stable release the old one should receive
security updates for roughly one month. After that it is important to mark
Chromium as insecure (see 69e4ae56c4b for an example; it is important that the
tested job still succeeds and that all browsers that use `upstream-info.json`
are marked as insecure).
## Major version updates
Unfortunately, Chromium regularly breaks on major updates and might need
various patches. Either due to issues with the Nix build sandbox (e.g. we cannot
fetch dependencies via the network and do not use standard FHS paths) or due to
missing upstream fixes that need to be backported.
Good sources for such patches and other hints:
- https://github.com/archlinux/svntogit-packages/tree/packages/chromium/trunk
- https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium
- https://src.fedoraproject.org/rpms/chromium/tree/master
If the build fails immediately due to unknown compiler flags this usually means
that a new major release of LLVM is required.
## Beta and Dev channels
Those channels are only used to test and fix builds in advance. They may be
broken at times and must not delay stable channel updates.
# Testing
Useful tests:
- Version: chrome://version/
- GPU acceleration: chrome://gpu/
- Essential functionality: Browsing, extensions, video+audio, JS, ...
- WebGL: https://get.webgl.org/
- VA-API: https://wiki.archlinux.org/index.php/chromium#Hardware_video_acceleration
- Optional: Widevine CDM (proprietary), Benchmarks, Ozone, etc.

100
pkgs/applications/networking/browsers/chromium/browser.nix Normal file
View file

@ -0,0 +1,100 @@
{ lib, mkChromiumDerivation
, channel, chromiumVersionAtLeast
, enableWideVine, ungoogled
}:
with lib;
mkChromiumDerivation (base: rec {
name = "chromium-browser";
packageName = "chromium";
buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ];
outputs = ["out" "sandbox"];
sandboxExecutableName = "__chromium-suid-sandbox";
installPhase = ''
mkdir -p "$libExecPath"
cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/libvulkan.so.1" "$libExecPath/"
cp -v "$buildPath/vk_swiftshader_icd.json" "$libExecPath/"
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
cp -v "$buildPath/chrome_crashpad_handler" "$libExecPath/"
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
# Swiftshader
# See https://stackoverflow.com/a/4264351/263061 for the find invocation.
if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then
echo "Swiftshader files found; installing"
mkdir -p "$libExecPath/swiftshader"
cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/"
else
echo "Swiftshader files not found"
fi
mkdir -p "$sandbox/bin"
cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}"
mkdir -vp "$out/share/man/man1"
cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1"
for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
num_and_suffix="''${icon_file##*logo_}"
icon_size="''${num_and_suffix%.*}"
expr "$icon_size" : "^[0-9][0-9]*$" || continue
logo_output_prefix="$out/share/icons/hicolor"
logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps"
mkdir -vp "$logo_output_path"
cp -v "$icon_file" "$logo_output_path/$packageName.png"
done
# Install Desktop Entry
install -D chrome/installer/linux/common/desktop.template \
$out/share/applications/chromium-browser.desktop
substituteInPlace $out/share/applications/chromium-browser.desktop \
--replace "@@MENUNAME@@" "Chromium" \
--replace "@@PACKAGE@@" "chromium" \
--replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium"
# Append more mime types to the end
sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \
$out/share/applications/chromium-browser.desktop
# See https://github.com/NixOS/nixpkgs/issues/12433
sed -i \
-e '/\[Desktop Entry\]/a\' \
-e 'StartupWMClass=chromium-browser' \
$out/share/applications/chromium-browser.desktop
'';
passthru = { inherit sandboxExecutableName; };
requiredSystemFeatures = [ "big-parallel" ];
meta = {
description = "An open source web browser from Google"
+ optionalString ungoogled ", with dependencies on Google web services removed";
longDescription = ''
Chromium is an open source web browser from Google that aims to build a
safer, faster, and more stable way for all Internet users to experience
the web. It has a minimalist user interface and provides the vast majority
of source code for Google Chrome (which has some additional features).
'';
homepage = if ungoogled
then "https://github.com/Eloston/ungoogled-chromium"
else "https://www.chromium.org/";
maintainers = with maintainers; if ungoogled
then [ squalus primeos michaeladler ]
else [ primeos thefloweringash ];
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
mainProgram = "chromium";
hydraPlatforms = if (channel == "stable" || channel == "ungoogled-chromium")
then ["aarch64-linux" "x86_64-linux"]
else [];
timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
};
})

358
pkgs/applications/networking/browsers/chromium/common.nix Normal file
View file

@ -0,0 +1,358 @@
{ stdenv, lib, fetchurl, fetchpatch
# Channel data:
, channel, upstream-info
# Helper functions:
, chromiumVersionAtLeast, versionRange
# Native build inputs:
, ninja, pkg-config
, python3, perl
, which
, llvmPackages
# postPatch:
, pkgsBuildHost
# configurePhase:
, gnChromium
# Build inputs:
, libpng
, bzip2, flac, speex, libopus
, libevent, expat, libjpeg, snappy
, libcap
, xdg-utils, minizip, libwebp
, libusb1, re2
, ffmpeg, libxslt, libxml2
, nasm
, nspr, nss
, util-linux, alsa-lib
, bison, gperf, libkrb5
, glib, gtk3, dbus-glib
, libXScrnSaver, libXcursor, libXtst, libxshmfence, libGLU, libGL
, mesa
, pciutils, protobuf, speechd, libXdamage, at-spi2-core
, pipewire
, libva
, libdrm, wayland, libxkbcommon # Ozone
, curl
, libepoxy
# postPatch:
, glibc # gconv + locale
# Package customization:
, cupsSupport ? true, cups ? null
, proprietaryCodecs ? true
, pulseSupport ? false, libpulseaudio ? null
, ungoogled ? false, ungoogled-chromium
# Optional dependencies:
, libgcrypt ? null # cupsSupport
, systemdSupport ? stdenv.isLinux
, systemd
}:
buildFun:
with lib;
let
python3WithPackages = python3.withPackages(ps: with ps; [
ply jinja2 setuptools
]);
clangFormatPython3 = fetchurl {
url = "https://chromium.googlesource.com/chromium/tools/build/+/e77882e0dde52c2ccf33c5570929b75b4a2a2522/recipes/recipe_modules/chromium/resources/clang-format?format=TEXT";
sha256 = "0ic3hn65dimgfhakli1cyf9j3cxcqsf1qib706ihfhmlzxf7256l";
};
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base;
githubPatch = { commit, sha256, revert ? false }: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit sha256 revert;
};
mkGnFlags =
let
# Serialize Nix types into GN types according to this document:
# https://source.chromium.org/gn/gn/+/master:docs/language.md
mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
sanitize = value:
if value == true then "true"
else if value == false then "false"
else if isList value then "[${concatMapStringsSep ", " sanitize value}]"
else if isInt value then toString value
else if isString value then mkGnString value
else throw "Unsupported type for GN value `${value}'.";
toFlag = key: value: "${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
# https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
gnSystemLibraries = [
# TODO:
# "ffmpeg"
# "snappy"
"flac"
"libjpeg"
"libpng"
"libwebp"
"libxslt"
# "opus"
];
opusWithCustomModes = libopus.override {
withCustomModes = true;
};
# build paths and release info
packageName = extraAttrs.packageName or extraAttrs.name;
buildType = "Release";
buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}";
ungoogler = ungoogled-chromium {
inherit (upstream-info.deps.ungoogled-patches) rev sha256;
};
base = rec {
pname = "${packageName}-unwrapped";
inherit (upstream-info) version;
inherit packageName buildType buildPath;
src = fetchurl {
url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
inherit (upstream-info) sha256;
};
nativeBuildInputs = [
ninja pkg-config
python3WithPackages perl
which
llvmPackages.bintools
];
buildInputs = [
(libpng.override { apngSupport = false; }) # https://bugs.chromium.org/p/chromium/issues/detail?id=752403
bzip2 flac speex opusWithCustomModes
libevent expat libjpeg snappy
libcap
xdg-utils minizip libwebp
libusb1 re2
ffmpeg libxslt libxml2
nasm
nspr nss
util-linux alsa-lib
bison gperf libkrb5
glib gtk3 dbus-glib
libXScrnSaver libXcursor libXtst libxshmfence libGLU libGL
mesa # required for libgbm
pciutils protobuf speechd libXdamage at-spi2-core
pipewire
libva
libdrm wayland mesa.drivers libxkbcommon
curl
libepoxy
] ++ optional systemdSupport systemd
++ optionals cupsSupport [ libgcrypt cups ]
++ optional pulseSupport libpulseaudio;
patches = [
# Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed):
./patches/no-build-timestamps.patch
# For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags:
./patches/widevine-79.patch
] ++ optionals (versionRange "102" "103") [
# https://dawn-review.googlesource.com/c/dawn/+/88582
# Wrap get_gitHash in try-catch to prevent failures in tarball builds.
./patches/m102-fix-dawn_version_generator-failure.patch
];
postPatch = ''
# Workaround/fix for https://bugs.chromium.org/p/chromium/issues/detail?id=1313361:
substituteInPlace BUILD.gn \
--replace '"//infra/orchestrator:orchestrator_all",' ""
# Disable build flags that require LLVM 15:
substituteInPlace build/config/compiler/BUILD.gn \
--replace '"-Xclang",' "" \
--replace '"-no-opaque-pointers",' ""
# remove unused third-party
for lib in ${toString gnSystemLibraries}; do
if [ -d "third_party/$lib" ]; then
find "third_party/$lib" -type f \
\! -path "third_party/$lib/chromium/*" \
\! -path "third_party/$lib/google/*" \
\! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \
\! -regex '.*\.\(gn\|gni\|isolate\)' \
-delete
fi
done
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" ""
if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
fi
chmod -x third_party/webgpu-cts/src/tools/run_deno
chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
'return sandbox_binary;' \
'return base::FilePath(GetDevelSandboxPath());'
substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
--replace \
'/usr/share/alsa/' \
'${alsa-lib}/share/alsa/' \
--replace \
'/usr/lib/x86_64-linux-gnu/gconv/' \
'${glibc}/lib/gconv/' \
--replace \
'/usr/share/locale/' \
'${glibc}/share/locale/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg-utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
'' + lib.optionalString systemdSupport ''
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \
device/udev_linux/udev?_loader.cc
'' + ''
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
gpu/config/gpu_info_collector_linux.cc
# Allow to put extensions into the system-path.
sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
# We need the fix for https://bugs.chromium.org/p/chromium/issues/detail?id=1254408:
base64 --decode ${clangFormatPython3} > buildtools/linux64/clang-format
patchShebangs .
# Link to our own Node.js and Java (required during the build):
mkdir -p third_party/node/linux/node-linux-x64/bin
ln -s "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
ln -s "${pkgsBuildHost.jre8_headless}/bin/java" third_party/jdk/current/bin/
# Allow building against system libraries in official builds
sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
'';
gnFlags = mkGnFlags ({
# Main build and toolchain settings:
# Create an official and optimized release build (only official builds
# should be distributed to users, as non-official builds are intended for
# development and may not be configured appropriately for production,
# e.g. unsafe developer builds have developer-friendly features that may
# weaken or disable security measures like sandboxing or ASLR):
is_official_build = true;
disable_fieldtrial_testing_config = true;
# Build Chromium using the system toolchain (for Linux distributions):
custom_toolchain = "//build/toolchain/linux/unbundle:default";
host_toolchain = "//build/toolchain/linux/unbundle:default";
# Don't build against a sysroot image downloaded from Cloud Storage:
use_sysroot = false;
# The default value is hardcoded instead of using pkg-config:
system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
# Because we use a different toolchain / compiler version:
treat_warnings_as_errors = false;
# We aren't compiling with Chrome's Clang (would enable Chrome-specific
# plugins for enforcing coding guidelines, etc.):
clang_use_chrome_plugins = false;
# Disable symbols (they would negatively affect the performance of the
# build since the symbols are large and dealing with them is slow):
symbol_level = 0;
blink_symbol_level = 0;
# Google API key, see: https://www.chromium.org/developers/how-tos/api-keys
# Note: The API key is for NixOS/nixpkgs use ONLY.
# For your own distribution, please get your own set of keys.
google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
# Optional features:
use_gio = true;
use_gnome_keyring = false; # Superseded by libsecret
use_cups = cupsSupport;
# Feature overrides:
# Native Client support was deprecated in 2020 and support will end in June 2021:
enable_nacl = false;
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google:
enable_widevine = true;
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
rtc_use_pipewire = true;
# Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient):
chrome_pgo_phase = 0;
} // optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;
enable_hangout_services_extension = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs pulseSupport {
use_pulseaudio = true;
link_pulseaudio = true;
} // optionalAttrs ungoogled (importTOML ./ungoogled-flags.toml)
// (extraAttrs.gnFlags or {}));
configurePhase = ''
runHook preConfigure
# This is to ensure expansion of $out.
libExecPath="${libExecPath}"
${python3}/bin/python3 build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries}
${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt
# Fail if `gn gen` contains a WARNING.
grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1
runHook postConfigure
'';
# Don't spam warnings about unknown warning options. This is useful because
# our Clang is always older than Chromium's and the build logs have a size
# of approx. 25 MB without this option (and this saves e.g. 66 %).
NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option";
buildPhase = let
buildCommand = target: ''
ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}"
(
source chrome/installer/linux/common/installer.include
PACKAGE=$packageName
MENUNAME="Chromium"
process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1"
)
'';
targets = extraAttrs.buildTargets or [];
commands = map buildCommand targets;
in concatStringsSep "\n" commands;
postFixup = ''
# Make sure that libGLESv2 is found by dlopen (if using EGL).
chromiumBinary="$libExecPath/$packageName"
origRpath="$(patchelf --print-rpath "$chromiumBinary")"
patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
'';
passthru = {
updateScript = ./update.py;
chromiumDeps = {
gn = gnChromium;
};
};
};
# Remove some extraAttrs we supplied to the base attributes already.
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
"name" "gnFlags" "buildTargets"
] // { passthru = base.passthru // (extraAttrs.passthru or {}); })

233
pkgs/applications/networking/browsers/chromium/default.nix Normal file
View file

@ -0,0 +1,233 @@
{ newScope, config, stdenv, fetchurl, makeWrapper
, llvmPackages_14, ed, gnugrep, coreutils, xdg-utils
, glib, gtk3, gnome, gsettings-desktop-schemas, gn, fetchgit
, libva, pipewire, wayland
, gcc, nspr, nss, runCommand
, lib
# package customization
# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper)
, channel ? "stable"
, proprietaryCodecs ? true
, enableWideVine ? false
, ungoogled ? false # Whether to build chromium or ungoogled-chromium
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
, commandLineArgs ? ""
}:
let
llvmPackages = llvmPackages_14;
stdenv = llvmPackages.stdenv;
upstream-info = (lib.importJSON ./upstream-info.json).${channel};
# Helper functions for changes that depend on specific versions:
warnObsoleteVersionConditional = min-version: result:
let ungoogled-version = (lib.importJSON ./upstream-info.json).ungoogled-chromium.version;
in lib.warnIf
(lib.versionAtLeast ungoogled-version min-version)
"chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it."
result;
chromiumVersionAtLeast = min-version:
let result = lib.versionAtLeast upstream-info.version min-version;
in warnObsoleteVersionConditional min-version result;
versionRange = min-version: upto-version:
let inherit (upstream-info) version;
result = lib.versionAtLeast version min-version && lib.versionOlder version upto-version;
in warnObsoleteVersionConditional upto-version result;
callPackage = newScope chromium;
chromium = rec {
inherit stdenv llvmPackages upstream-info;
mkChromiumDerivation = callPackage ./common.nix ({
inherit channel chromiumVersionAtLeast versionRange;
inherit proprietaryCodecs
cupsSupport pulseSupport ungoogled;
gnChromium = gn.overrideAttrs (oldAttrs: {
inherit (upstream-info.deps.gn) version;
src = fetchgit {
inherit (upstream-info.deps.gn) url rev sha256;
};
});
});
browser = callPackage ./browser.nix {
inherit channel chromiumVersionAtLeast enableWideVine ungoogled;
};
ungoogled-chromium = callPackage ./ungoogled.nix {};
};
pkgSuffix = if channel == "dev" then "unstable" else
(if channel == "ungoogled-chromium" then "stable" else channel);
pkgName = "google-chrome-${pkgSuffix}";
chromeSrc =
let
# Use the latest stable Chrome version if necessary:
version = if chromium.upstream-info.sha256bin64 != null
then chromium.upstream-info.version
else (lib.importJSON ./upstream-info.json).stable.version;
sha256 = if chromium.upstream-info.sha256bin64 != null
then chromium.upstream-info.sha256bin64
else (lib.importJSON ./upstream-info.json).stable.sha256bin64;
in fetchurl {
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
"https://dl.google.com/linux/chrome/deb/pool/main/g"
"http://95.31.35.30/chrome/pool/main/g"
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
"http://repo.fdzh.org/chrome/deb/pool/main/g"
];
inherit sha256;
};
mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";
widevineCdm = stdenv.mkDerivation {
name = "chrome-widevine-cdm";
src = chromeSrc;
unpackCmd = let
widevineCdmPath =
if (channel == "stable" || channel == "ungoogled-chromium") then
"./opt/google/chrome/WidevineCdm"
else if channel == "beta" then
"./opt/google/chrome-beta/WidevineCdm"
else if channel == "dev" then
"./opt/google/chrome-unstable/WidevineCdm"
else
throw "Unknown chromium channel.";
in ''
# Extract just WidevineCdm from upstream's .deb file
ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}"
# Move things around so that we don't have to reference a particular
# chrome-* directory later.
mv "${widevineCdmPath}" ./
# unpackCmd wants a single output directory; let it take WidevineCdm/
rm -rf opt
'';
doCheck = true;
checkPhase = ''
! find -iname '*.so' -exec ldd {} + | grep 'not found'
'';
PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ];
patchPhase = ''
patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so
'';
installPhase = ''
mkdir -p $out/WidevineCdm
cp -a * $out/WidevineCdm/
'';
meta = {
platforms = [ "x86_64-linux" ];
license = lib.licenses.unfree;
};
};
suffix = if (channel == "stable" || channel == "ungoogled-chromium")
then ""
else "-" + channel;
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
version = chromium.browser.version;
# We want users to be able to enableWideVine without rebuilding all of
# chromium, so we have a separate derivation here that copies chromium
# and adds the unfree WidevineCdm.
chromiumWV = let browser = chromium.browser; in if enableWideVine then
runCommand (browser.name + "-wv") { version = browser.version; }
''
mkdir -p $out
cp -a ${browser}/* $out/
chmod u+w $out/libexec/chromium
cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/
''
else browser;
in stdenv.mkDerivation {
pname = lib.optionalString ungoogled "ungoogled-"
+ "chromium${suffix}";
inherit version;
nativeBuildInputs = [
makeWrapper ed
];
buildInputs = [
# needed for GSETTINGS_SCHEMAS_PATH
gsettings-desktop-schemas glib gtk3
# needed for XDG_ICON_DIRS
gnome.adwaita-icon-theme
];
outputs = ["out" "sandbox"];
buildCommand = let
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
libPath = lib.makeLibraryPath [ libva pipewire wayland gtk3 ];
in with lib; ''
mkdir -p "$out/bin"
makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg commandLineArgs} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
ed -v -s "$out/bin/chromium" << EOF
2i
if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ]
then
export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}"
else
export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}"
fi
'' + lib.optionalString (libPath != "") ''
# To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not
# contain an empty section before or after a colon.
export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}"
'' + ''
# libredirect causes chromium to deadlock on startup
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')"
export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
# Mainly for xdg-open but also other xdg-* tools (this is only a fallback; \$PATH is suffixed so that other implementations can be used):
export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
.
w
EOF
ln -sv "${chromium.browser.sandbox}" "$sandbox"
ln -s "$out/bin/chromium" "$out/bin/chromium-browser"
mkdir -p "$out/share"
for f in '${chromium.browser}'/share/*; do # hello emacs */
ln -s -t "$out/share/" "$f"
done
'';
inherit (chromium.browser) packageName;
meta = chromium.browser.meta;
passthru = {
inherit (chromium) upstream-info browser;
mkDerivation = chromium.mkChromiumDerivation;
inherit chromeSrc sandboxExecutableName;
updateScript = ./update.py;
};
}

53
pkgs/applications/networking/browsers/chromium/get-commit-message.py Executable file
View file

@ -0,0 +1,53 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3Packages.feedparser python3Packages.requests
# This script prints the Git commit message for stable channel updates.
# Usage: ./get-commit-message.py [version]
import re
import sys
import textwrap
from collections import OrderedDict
import feedparser
import requests
feed = feedparser.parse('https://chromereleases.googleblog.com/feeds/posts/default')
html_tags = re.compile(r'<[^>]+>')
target_version = sys.argv[1] if len(sys.argv) == 2 else None
for entry in feed.entries:
url = requests.get(entry.link).url.split('?')[0]
if entry.title != 'Stable Channel Update for Desktop':
if target_version and entry.title == '':
# Workaround for a special case (Chrome Releases bug?):
if not 'the-stable-channel-has-been-updated-to' in url:
continue
else:
continue
content = entry.content[0].value
content = html_tags.sub('', content) # Remove any HTML tags
if re.search(r'Linux', content) is None:
continue
#print(url) # For debugging purposes
version = re.search(r'\d+(\.\d+){3}', content).group(0)
if target_version:
if version != target_version:
continue
else:
print('chromium: TODO -> ' + version + '\n')
print(url)
if fixes := re.search(r'This update includes .+ security fix(es)?\.', content):
fixes = fixes.group(0)
if zero_days := re.search(r'Google is aware( of reports)? th(e|at) .+ in the wild\.', content):
fixes += " " + zero_days.group(0)
print('\n' + '\n'.join(textwrap.wrap(fixes, width=72)))
if cve_list := re.findall(r'CVE-[^: ]+', content):
cve_list = list(OrderedDict.fromkeys(cve_list)) # Remove duplicates but preserve the order
cve_string = ' '.join(cve_list)
print("\nCVEs:\n" + '\n'.join(textwrap.wrap(cve_string, width=72)))
sys.exit(0) # We only care about the most recent stable channel update
print("Error: No match.")
sys.exit(1)

43
pkgs/applications/networking/browsers/chromium/patches/m102-fix-dawn_version_generator-failure.patch Normal file
View file

@ -0,0 +1,43 @@
From e9ffd084ec1ff9f7bfc86879732953dc58256958 Mon Sep 17 00:00:00 2001
From: Loko Kung <lokokung@google.com>
Date: Tue, 3 May 2022 00:28:53 +0000
Subject: [PATCH] Wrap get_gitHash in try-catch to prevent failures in tarball
builds.
Bug: chromium:1321370
Change-Id: If39d2236d1b4d965f7bd189f6bd1cdc70436c41d
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/88582
Commit-Queue: Loko Kung <lokokung@google.com>
Reviewed-by: Austin Eng <enga@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
(cherry picked from commit 03ddfbb81fb4127ca37ea53e70fcb34fe851e24e)
---
third_party/dawn/generator/dawn_version_generator.py | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/third_party/dawn/generator/dawn_version_generator.py b/third_party/dawn/generator/dawn_version_generator.py
index 1907e88da..3c1927bee 100644
--- a/third_party/dawn/generator/dawn_version_generator.py
+++ b/third_party/dawn/generator/dawn_version_generator.py
@@ -23,11 +23,14 @@ def get_git():
def get_gitHash(dawnDir):
- result = subprocess.run([get_git(), 'rev-parse', 'HEAD'],
- stdout=subprocess.PIPE,
- cwd=dawnDir)
- if result.returncode == 0:
- return result.stdout.decode('utf-8').strip()
+ try:
+ result = subprocess.run([get_git(), "rev-parse", "HEAD"],
+ stdout=subprocess.PIPE,
+ cwd=dawnDir)
+ if result.returncode == 0:
+ return result.stdout.decode("utf-8").strip()
+ except Exception:
+ return ""
# No hash was available (possibly) because the directory was not a git checkout. Dawn should
# explicitly handle its absenece and disable features relying on the hash, i.e. caching.
return ''
--
2.36.0

17
pkgs/applications/networking/browsers/chromium/patches/no-build-timestamps.patch Normal file
View file

@ -0,0 +1,17 @@
--- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200
+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200
@@ -94,6 +94,14 @@
'build_type', help='The type of build', choices=('official', 'default'))
args = argument_parser.parse_args()
+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here
+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None)
+ if SOURCE_DATE_EPOCH is not None:
+ print(SOURCE_DATE_EPOCH)
+ return 0
+ else:
+ raise RuntimeError("SOURCE_DATE_EPOCH not set")
+
# The mtime of the revision in build/util/LASTCHANGE is stored in a file
# next to it. Read it, to get a deterministic time close to "now".
# That date is then modified as described at the top of the file so that

13
pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
index ed0e2f5208b..5b431a030d5 100644
--- a/third_party/widevine/cdm/BUILD.gn
+++ b/third_party/widevine/cdm/BUILD.gn
@@ -14,7 +14,7 @@ buildflag_header("buildflags") {
flags = [
"ENABLE_WIDEVINE=$enable_widevine",
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
+ "BUNDLE_WIDEVINE_CDM=true",
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
]
}

23
pkgs/applications/networking/browsers/chromium/ungoogled-flags.toml Normal file
View file

@ -0,0 +1,23 @@
build_with_tflite_lib=false
chrome_pgo_phase=0
clang_use_chrome_plugins=false
disable_fieldtrial_testing_config=true
enable_hangout_services_extension=false
enable_js_type_check=false
enable_mdns=false
enable_mse_mpeg2ts_stream_parser=true
enable_nacl=false
enable_one_click_signin=false
enable_reading_list=false
enable_remoting=false
enable_reporting=false
enable_service_discovery=false
enable_widevine=true
exclude_unwind_tables=true
google_api_key=""
google_default_client_id=""
google_default_client_secret=""
safe_browsing_mode=0
treat_warnings_as_errors=false
use_official_google_api_keys=false
use_unofficial_version_number=false

43
pkgs/applications/networking/browsers/chromium/ungoogled.nix Normal file
View file

@ -0,0 +1,43 @@
{ stdenv
, fetchFromGitHub
, python3Packages
, makeWrapper
, patch
}:
{ rev
, sha256
}:
stdenv.mkDerivation rec {
pname = "ungoogled-chromium";
version = rev;
src = fetchFromGitHub {
owner = "Eloston";
repo = "ungoogled-chromium";
inherit rev sha256;
};
dontBuild = true;
buildInputs = [
python3Packages.python
patch
];
nativeBuildInputs = [
makeWrapper
];
patchPhase = ''
sed -i '/chromium-widevine/d' patches/series
'';
installPhase = ''
mkdir $out
cp -R * $out/
wrapProgram $out/utils/patches.py --add-flags "apply" --prefix PATH : "${patch}/bin"
'';
}

247
pkgs/applications/networking/browsers/chromium/update.py Executable file
View file

@ -0,0 +1,247 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python -p python3 nix nix-prefetch-git
"""This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
via upstream-info.json."""
# Usage: ./update.py [--commit]
import base64
import csv
import json
import re
import subprocess
import sys
from codecs import iterdecode
from collections import OrderedDict
from datetime import datetime
from distutils.version import LooseVersion
from os.path import abspath, dirname
from urllib.request import urlopen
HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux'
DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'
UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml'
COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
def load_json(path):
"""Loads the given JSON file."""
with open(path, 'r') as f:
return json.load(f)
def nix_prefetch_url(url, algo='sha256'):
"""Prefetches the content of the given URL."""
print(f'nix-prefetch-url {url}')
out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
return out.decode('utf-8').rstrip()
def nix_prefetch_git(url, rev):
"""Prefetches the requested Git revision of the given repository URL."""
print(f'nix-prefetch-git {url} {rev}')
out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev])
return json.loads(out)
def get_file_revision(revision, file_path):
"""Fetches the requested Git revision of the given Chromium file."""
url = f'https://chromium.googlesource.com/chromium/src/+/refs/tags/{revision}/{file_path}?format=TEXT'
with urlopen(url) as http_response:
resp = http_response.read()
return base64.b64decode(resp)
def get_matching_chromedriver(version):
"""Gets the matching chromedriver version for the given Chromium version."""
# See https://chromedriver.chromium.org/downloads/version-selection
build = re.sub('.[0-9]+$', '', version)
chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}'
with urlopen(chromedriver_version_url) as http_response:
chromedriver_version = http_response.read().decode()
def get_chromedriver_url(system):
return ('https://chromedriver.storage.googleapis.com/' +
f'{chromedriver_version}/chromedriver_{system}.zip')
return {
'version': chromedriver_version,
'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64')),
'sha256_darwin_aarch64': nix_prefetch_url(get_chromedriver_url('mac64_m1'))
}
def get_channel_dependencies(version):
"""Gets all dependencies for the given Chromium version."""
deps = get_file_revision(version, 'DEPS')
gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'"
gn_commit = re.search(gn_pattern, deps).group(1).decode()
gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit)
return {
'gn': {
'version': datetime.fromisoformat(gn['date']).date().isoformat(),
'url': gn['url'],
'rev': gn['rev'],
'sha256': gn['sha256']
}
}
def get_latest_ungoogled_chromium_tag():
"""Returns the latest ungoogled-chromium tag using the GitHub API."""
api_tag_url = 'https://api.github.com/repos/Eloston/ungoogled-chromium/tags?per_page=1'
with urlopen(api_tag_url) as http_response:
tag_data = json.load(http_response)
return tag_data[0]['name']
def get_latest_ungoogled_chromium_build():
"""Returns a dictionary for the latest ungoogled-chromium build."""
tag = get_latest_ungoogled_chromium_tag()
version = tag.split('-')[0]
return {
'channel': 'ungoogled-chromium',
'version': version,
'ungoogled_tag': tag
}
def get_ungoogled_chromium_gn_flags(revision):
"""Returns ungoogled-chromium's GN build flags for the given revision."""
gn_flags_url = f'https://raw.githubusercontent.com/Eloston/ungoogled-chromium/{revision}/flags.gn'
return urlopen(gn_flags_url).read().decode()
def channel_name_to_attr_name(channel_name):
"""Maps a channel name to the corresponding main Nixpkgs attribute name."""
if channel_name == 'stable':
return 'chromium'
if channel_name == 'beta':
return 'chromiumBeta'
if channel_name == 'dev':
return 'chromiumDev'
if channel_name == 'ungoogled-chromium':
return 'ungoogled-chromium'
print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
sys.exit(1)
def get_channel_key(item):
"""Orders Chromium channels by their name."""
channel_name = item[0]
if channel_name == 'stable':
return 0
if channel_name == 'beta':
return 1
if channel_name == 'dev':
return 2
if channel_name == 'ungoogled-chromium':
return 3
print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
sys.exit(1)
def print_updates(channels_old, channels_new):
"""Print a summary of the updates."""
print('Updates:')
for channel_name in channels_old:
version_old = channels_old[channel_name]["version"]
version_new = channels_new[channel_name]["version"]
if LooseVersion(version_old) < LooseVersion(version_new):
attr_name = channel_name_to_attr_name(channel_name)
print(f'- {attr_name}: {version_old} -> {version_new}')
channels = {}
last_channels = load_json(JSON_PATH)
print(f'GET {HISTORY_URL}', file=sys.stderr)
with urlopen(HISTORY_URL) as resp:
builds = csv.DictReader(iterdecode(resp, 'utf-8'))
builds = list(builds)
builds.append(get_latest_ungoogled_chromium_build())
for build in builds:
channel_name = build['channel']
# If we've already found a newer build for this channel, we're
# no longer interested in it.
if channel_name in channels:
continue
# If we're back at the last build we used, we don't need to
# keep going -- there's no new version available, and we can
# just reuse the info from last time.
if build['version'] == last_channels[channel_name]['version']:
channels[channel_name] = last_channels[channel_name]
continue
channel = {'version': build['version']}
if channel_name == 'dev':
google_chrome_suffix = 'unstable'
elif channel_name == 'ungoogled-chromium':
google_chrome_suffix = 'stable'
else:
google_chrome_suffix = channel_name
try:
channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz')
channel['sha256bin64'] = nix_prefetch_url(
f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' +
f'google-chrome-{google_chrome_suffix}_{build["version"]}-1_amd64.deb')
except subprocess.CalledProcessError:
if (channel_name == 'ungoogled-chromium' and 'sha256' in channel and
build['version'].split('.')[0] == last_channels['stable']['version'].split('.')[0]):
# Sometimes ungoogled-chromium is updated to a newer tag than
# the latest stable Chromium version. In this case we'll set
# sha256bin64 to null and the Nixpkgs code will fall back to
# the latest stable Google Chrome (only required for
# Widevine/DRM which is disabled by default):
channel['sha256bin64'] = None
else:
# This build isn't actually available yet. Continue to
# the next one.
continue
channel['deps'] = get_channel_dependencies(channel['version'])
if channel_name == 'stable':
channel['chromedriver'] = get_matching_chromedriver(channel['version'])
elif channel_name == 'ungoogled-chromium':
ungoogled_repo_url = 'https://github.com/Eloston/ungoogled-chromium.git'
channel['deps']['ungoogled-patches'] = {
'rev': build['ungoogled_tag'],
'sha256': nix_prefetch_git(ungoogled_repo_url, build['ungoogled_tag'])['sha256']
}
with open(UNGOOGLED_FLAGS_PATH, 'w') as out:
out.write(get_ungoogled_chromium_gn_flags(build['ungoogled_tag']))
channels[channel_name] = channel
sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
if len(sys.argv) == 2 and sys.argv[1] == '--commit':
for channel_name in sorted_channels.keys():
version_old = last_channels[channel_name]['version']
version_new = sorted_channels[channel_name]['version']
if LooseVersion(version_old) < LooseVersion(version_new):
last_channels[channel_name] = sorted_channels[channel_name]
with open(JSON_PATH, 'w') as out:
json.dump(last_channels, out, indent=2)
out.write('\n')
attr_name = channel_name_to_attr_name(channel_name)
commit_message = f'{attr_name}: {version_old} -> {version_new}'
if channel_name == 'stable':
body = subprocess.check_output([COMMIT_MESSAGE_SCRIPT, version_new]).decode('utf-8')
commit_message += '\n\n' + body
elif channel_name == 'ungoogled-chromium':
subprocess.run(['git', 'add', UNGOOGLED_FLAGS_PATH], check=True)
subprocess.run(['git', 'add', JSON_PATH], check=True)
subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True)
else:
with open(JSON_PATH, 'w') as out:
json.dump(sorted_channels, out, indent=2)
out.write('\n')
print_updates(last_channels, sorted_channels)

64
pkgs/applications/networking/browsers/chromium/upstream-info.json Normal file
View file

@ -0,0 +1,64 @@
{
"stable": {
"version": "102.0.5005.61",
"sha256": "07vbi3gn9g4n04b2qi2hm34r122snrqaifa46yk3pyh1d79rfdqs",
"sha256bin64": "100n8k3d9k5bq58irc36ig6m5m0lxggffyk4crqqqcib2anqd0zv",
"deps": {
"gn": {
"version": "2022-04-14",
"url": "https://gn.googlesource.com/gn",
"rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167",
"sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h"
}
},
"chromedriver": {
"version": "102.0.5005.27",
"sha256_linux": "1978xwj9kf8nihgakmnzgibizq6wp74qp2d2fxgrsgggjy1clmbv",
"sha256_darwin": "0abnqpdm5hgirzj9g2zwkjcc7cwnnr3va4qn09g5yqndlbvi9nqd",
"sha256_darwin_aarch64": "0mw7vypghnw3qdci8g11hgfwbfln471dq1mymxn4bi7691xxb6a2"
}
},
"beta": {
"version": "103.0.5060.33",
"sha256": "00s9nwy5y2vik08snqxv1wbajllb7d81bryl5v4miyihjs511zjb",
"sha256bin64": "1l1fmfsl6ms4ps6sixp6chq3p6spik2fsvz5njvj1zf84p90mx4l",
"deps": {
"gn": {
"version": "2022-05-11",
"url": "https://gn.googlesource.com/gn",
"rev": "578a7fe4c3c6b0bc2ae1fd2e37f14857d09895bf",
"sha256": "03dqfrdpf5xxl64dby3qmbwpzdq2gsa8g7xl438py3a629rgxg63"
}
}
},
"dev": {
"version": "104.0.5098.0",
"sha256": "1h5szy6jp2n55m0fs2czdlldgkgyrqsnkfhhpwxzl8fyanlpw1hj",
"sha256bin64": "1w97mkdz3ab9wxw7fj5fpm8cjazdpb0s715c85hd3h0wrvwm1g8p",
"deps": {
"gn": {
"version": "2022-05-31",
"url": "https://gn.googlesource.com/gn",
"rev": "37baefb026b199605affa7bcb24810d1724ce373",
"sha256": "166ciclcp77vn7k4k8nvb7xn1clddbrk35am4hqiayfya57yal3c"
}
}
},
"ungoogled-chromium": {
"version": "102.0.5005.61",
"sha256": "07vbi3gn9g4n04b2qi2hm34r122snrqaifa46yk3pyh1d79rfdqs",
"sha256bin64": "100n8k3d9k5bq58irc36ig6m5m0lxggffyk4crqqqcib2anqd0zv",
"deps": {
"gn": {
"version": "2022-04-14",
"url": "https://gn.googlesource.com/gn",
"rev": "fd9f2036f26d83f9fcfe93042fb952e5a7fe2167",
"sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h"
},
"ungoogled-patches": {
"rev": "102.0.5005.61-1",
"sha256": "1hlyi6k894blkkqmqsizx72bag2vj6wlpza0fvi8db5wp6i5b58g"
}
}
}
}