commit b36db49ae73db879fe00f73f2777077f33a68745

pyrox.dev / nixpkgs

lol

chromium: Add some brief documentation

Wanted to do this for a long time to collect important knowledge and
make it easier to pass maintainership.
Only time will tell if this'll be useful or become outdated instead.

Michael Weiss 5 years ago b36db49a 4b8f3aee

+60 -20

3 changed files

expand all

unified split

pkgs

applications

networking

browsers

chromium

README.md

browser.nix

common.nix

+56

pkgs/applications/networking/browsers/chromium/README.md

··· 1 + # Maintainers 2 + 3 + - TODO: We need more maintainers: 4 + - https://github.com/NixOS/nixpkgs/issues/78450 5 + - If you just want to help out without becoming a maintainer: 6 + - Look for open Nixpkgs issues or PRs related to Chromium 7 + - Make your own PRs (but please try to make reviews as easy as possible) 8 + - Primary maintainer (responsible for updating Chromium): @primeos 9 + - Testers (test all stable channel updates) 10 + - `nixos-unstable`: 11 + - `x86_64`: @danielfullmer 12 + - `aarch64`: @thefloweringash 13 + - Stable channel: 14 + - `x86_64`: @Frostman 15 + - Other relevant packages: 16 + - `chromiumBeta` and `chromiumDev`: For testing purposes (not build on Hydra) 17 + - `google-chrome`, `google-chrome-beta`, `google-chrome-dev`: Updated via 18 + Chromium's `upstream-info.json` 19 + - `ungoogled-chromium`: Based on `chromium` (the expressions are regularly 20 + copied over and patched accordingly) 21 + 22 + # Updating Chromium 23 + 24 + Simply run `./pkgs/applications/networking/browsers/chromium/update.py` to 25 + update `upstream-info.json`. After updates it is important to test at least 26 + `nixosTests.chromium` (or basic manual testing) and `google-chrome` (which 27 + reuses `upstream-info.json`). 28 + 29 + ## Backports 30 + 31 + All updates are considered security critical and should be ported to the stable 32 + channel ASAP. When there is a new stable release the old one should receive 33 + security updates for roughly one month. After that it is important to mark 34 + Chromium as insecure (see 69e4ae56c4b for an example; it is important that the 35 + tested job still succeeds and that all browsers that use `upstream-info.json` 36 + are marked as insecure). 37 + 38 + ## Major version updates 39 + 40 + Unfortunately, Chromium regularly breaks on major updates and might need 41 + various patches. Either due to issues with the Nix build sandbox (e.g. we cannot 42 + fetch dependencies via the network and do not use standard FHS paths) or due to 43 + missing upstream fixes that need to be backported. 44 + 45 + Good sources for such patches and other hints: 46 + - https://github.com/archlinux/svntogit-packages/tree/packages/chromium/trunk 47 + - https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium 48 + - https://src.fedoraproject.org/rpms/chromium/tree/master 49 + 50 + If the build fails immediately due to unknown compiler flags this usually means 51 + that a new major release of LLVM is required. 52 + 53 + ## Beta and Dev channels 54 + 55 + Those channels are only used to test and fix builds in advance. They may be 56 + broken at times and must not delay stable channel updates.

+2 -10

pkgs/applications/networking/browsers/chromium/browser.nix

··· 77 77 of source code for Google Chrome (which has some additional features). 78 78 ''; 79 79 homepage = "https://www.chromium.org/"; 80 - maintainers = with maintainers; [ bendlas thefloweringash primeos ]; 81 - # Overview of the maintainer roles: 82 - # nixos-unstable: 83 - # - TODO: Need a new maintainer for x86_64 [0] 84 - # - @thefloweringash: aarch64 85 - # - @primeos: Provisional maintainer (x86_64) 86 - # Stable channel: 87 - # - TODO (need someone to test backports [0]) 88 - # [0]: https://github.com/NixOS/nixpkgs/issues/78450 80 + maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md 89 81 license = if enableWideVine then licenses.unfree else licenses.bsd3; 90 82 platforms = platforms.linux; 91 83 hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; 92 - timeout = 172800; # 48 hours 84 + timeout = 172800; # 48 hours (increased from the Hydra default of 10h) 93 85 }; 94 86 })

+2 -10

pkgs/applications/networking/browsers/chromium/common.nix

··· 154 154 ++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ]; 155 155 156 156 patches = [ 157 - ./patches/no-build-timestamps.patch 158 - ./patches/widevine-79.patch 159 - # Unfortunately, chromium regularly breaks on major updates and 160 - # then needs various patches backported in order to be compiled with GCC. 161 - # Good sources for such patches and other hints: 162 - # - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/ 163 - # - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium 164 - # - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits 165 - # 166 - # ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ] 157 + ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) 158 + ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags 167 159 # ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) 168 160 ] ++ optionals (useVaapi) [ 169 161 # Check for enable-accelerated-video-decode on Linux: