1
0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-07-05 16:54:07 +02:00
Files
guix/gnu/packages/patches/ungoogled-chromium-custom-compiler.patch
André Batista 10ea4f874e gnu: ungoogled-chromium: Update to 147.0.7727.55.
Fixes various CVEs, too many to list.

* gnu/packages/chromium.scm (%preserved-third-party-files): Add
  base/third_party/nspr,
  buildtools/third_party/libc++,
  buildtools/third_party/libc++abi,
  third_party/catapult/third_party/beautifulsoup4-4.9.3,
  third_party/catapult/third_party/html5lib-1.1,
  third_party/catapult/third_party/typ,
  third_party/dawn/third_party/renderdoc,
  third_party/dawn/third_party/webgpu-headers,
  third_party/devscripts,
  third_party/devtools-frontend/src/front_end/third_party/csp_evaluator,
  third_party/devtools-frontend/src/front_end/third_party/legacy-javascript,
  third_party/devtools-frontend/src/front_end/third_party/source-map-scopes-codec,
  third_party/federated_compute/chromium/fcp/confidentialcompute,
  third_party/freetype,
  third_party/fxdiv,
  third_party/hyphenation-patterns,
  third_party/icu,
  third_party/libc++,
  third_party/libpfm4,
  third_party/libpng,
  third_party/libx11,
  third_party/libxcb-keysyms,
  third_party/llvm-libc,
  third_party/neon_2_sse,
  third_party/opus,
  third_party/pdfium/third_party/lcms,
  third_party/pdfium/third_party/libopenjpeg,
  third_party/perfetto/protos/third_party/pprof,
  third_party/perfetto/protos/third_party/primes,
  third_party/perfetto/protos/third_party/simpleperf,
  third_party/pyyaml,
  third_party/sentencepiece,
  third_party/sentencepiece/src/third_party/darts_clone,
  third_party/six and
  third_party/skia/include/third_party/vulkan.
Remove:
  net/third_party/nss,
  third_party/compiler-rt/src/lib,
  third_party/libaom/source/libaom/third_party/SVT-AV1,
  third_party/skia/third_party/vulkanmemoryallocator and
  third_party/webrtc/rtc_base/third_party/sigslot.

(%chromium-version): Update to 147.0.7727.55.
(%ungoogled-origin, %debian-origin): Update hashes.
(%debian-patches): Add debianization/safe-libcxx.patch,
  disable/enterprise-tests.patch,
  disable/rustc-allow-features.patch,
  fixes/bytemuck.patch,
  fixes/libpng-testonly.patch,
  llvm-19/clang19.patch (move from bookwork),
  llvm-19/clone-traits.patch,
  llvm-19/keyfactory.patch,
  llvm-19/value-or.patch,
  llvm-22/ignore-for-ubsan.patch,
  trixie/cookie-string-view.patch and
  trixie/nodejs-main.patch.
Remove trixie/rust-no-alloc-shim.patch.

(%guix-patches): Add ungoogled-chromium-custom-compiler.patch and
ungoogled-chromium-empty-parsed-rustc-args.patch.  Remove
ungoogled-chromium-unbundle-icu-target.patch which was merged upstream.
(ungoogled-chromium-snippet): Remove icu from replace_gn_files args.  Our
icu does not have ucmndata.h, umapfile.h and putilimp.h which are required
to build now.
(ungoogled-chromium) [arguments] <#:configure-flags>: Add is_component_build,
webnn_use_tflite, fatal_linker_warnings, enable_perfetto_unittests,
skia_enable_skshapper_tests, tint_build_unittests, enable_nocompile_tests,
enable_screen_ai_browsertests flags and set them to false.  Set
use_system_icu to false.  Remove enable_glic, enable_js_type_check and
removed_rust_stdlib_libs.  The first two were removed and the last one is
not necessary any longer.  Add blink_symbol_level and v8_symbol_level and
set them to zero.
[arguments] <#:phases> {patch-stuff}: Remove compiler substitution which
is not needed anymore.  Adjust rustfmt_path to guix.
{include-pthreadpool}: New phase.
{adjust-CPLUS_INCLUDE_PATH}: Help clang find gcc's bits/c++config.h.
[inputs]: icu-77 is required now, even though we're not using it this time.

* gnu/packages/patches/ungoogled-chromium-custom-compiler.patch: Add it.
* gnu/packages/patches/ungoogled-chromium-empty-parsed-rustc-args.patch: Same.
* gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch: Remove it.
* gnu/local.mk: (Un)register the above patches.

Change-Id: I597b69b15368e9b410fa3d29342700d9ea0b0d82
Signed-off-by: Andreas Enge <andreas@enge.fr>
2026-04-15 13:10:02 +02:00

300 lines
11 KiB
Diff

From 7a372a6914e9d9d6f0c914a1ca8cdff592c40593 Mon Sep 17 00:00:00 2001
From: Matt Jolly <kangie@gentoo.org>
Date: Thu, 12 Mar 2026 11:57:11 +1000
Subject: [PATCH] Update compiler patch for M147 beta
Signed-off-by: Matt Jolly <kangie@gentoo.org>
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
@@ -367,9 +367,6 @@ config("compiler") {
configs += [
# See the definitions below.
- ":clang_revision",
- ":rustc_revision",
- ":compiler_cpu_abi",
":compiler_codegen",
":compiler_deterministic",
":clang_warning_suppression",
@@ -1690,43 +1687,6 @@ config("compiler_deterministic") {
}
}
- # Makes builds independent of absolute file path.
- if (is_clang && strip_absolute_paths_from_debug_symbols) {
- # If debug option is given, clang includes $cwd in debug info by default.
- # For such build, this flag generates reproducible obj files even we use
- # different build directory like "out/feature_a" and "out/feature_b" if
- # we build same files with same compile flag.
- # Other paths are already given in relative, no need to normalize them.
-
- # -ffile-compilation-dir is an alias for both -fdebug-compilation-dir=
- # and -fcoverage-compilation-dir=.
- cflags += [ "-ffile-compilation-dir=." ]
-
- # Convert absolute paths to relative paths. Expands to, for example:
- # -file-prefix-map /path/to/chromium/src=../..
- swiftflags += [
- "-file-prefix-map",
- rebase_path("//.", "") + "=" + rebase_path("//.", root_build_dir),
- ]
- if (!is_win) {
- # We don't use clang -cc1as on Windows (yet? https://crbug.com/762167)
- asmflags = [ "-Wa,-fdebug-compilation-dir,." ]
- }
-
- if (is_win && use_lld) {
- if (symbol_level == 2 || (is_clang && using_sanitizer)) {
- # Absolutize source file paths for PDB. Pass the real build directory
- # if the pdb contains source-level debug information and if linker
- # reproducibility is not critical.
- ldflags += [ "/PDBSourcePath:" + rebase_path(root_build_dir) ]
- } else {
- # Use a fake fixed base directory for paths in the pdb to make the pdb
- # output fully deterministic and independent of the build directory.
- ldflags += [ "/PDBSourcePath:o:\fake\prefix" ]
- }
- }
- }
-
# Tells the compiler not to use absolute paths when passing the default
# paths to the tools it invokes. We don't want this because we don't
# really need it and it can mess up the RBE cache entries.
@@ -1759,88 +1719,6 @@ config("compiler_deterministic") {
}
}
-config("clang_revision") {
- if (is_clang && clang_base_path == default_clang_base_path &&
- current_os != "zos") {
- _perform_consistency_checks = current_toolchain == default_toolchain
- if (llvm_force_head_revision) {
- _head_revision_stamp_path = "//third_party/llvm-build/force_head_revision"
- _head_revision = ""
- if (path_exists(_head_revision_stamp_path)) {
- _head_revision = read_file(_head_revision_stamp_path, "trim string")
- }
- assert(
- _head_revision != "",
- "llvm_force_head_revision=true, but no locally built version was detected.")
- _clang_revision = _head_revision
- } else {
- _clang_revision = read_file(
- "//third_party/llvm-build/Release+Asserts/cr_build_revision",
- "trim string")
-
- # Ensure that the synced clang version matches what's in git.
- if (_perform_consistency_checks) {
- # Parse the clang version from the Python script.
- _clang_version_lines = filter_include(
- read_file("//tools/clang/scripts/update.py", "list lines"),
- [ "CLANG_*REVISION = *" ])
- _py_revision =
- string_replace(_clang_version_lines[0], "CLANG_REVISION = '", "")
- _py_revision = string_replace(_py_revision, "'", "")
- _py_subrevision =
- string_replace(_clang_version_lines[1], "CLANG_SUB_REVISION = ", "")
- _expected_clang_revision = "$_py_revision-$_py_subrevision"
-
- # TODO(agrieve): Change filter_include to _clang_revision ==
- # _expected_clang_revision once angle & webrtc use a GCS DEPS entry
- # rather than a update.py runhook.
- assert(
- filter_include([ _clang_revision ],
- [
- _expected_clang_revision,
- "$_expected_clang_revision,*",
- ]) != [],
- "clang_revision=\"$_clang_revision\" but update.py expected \"$_expected_clang_revision\". Did you forget to gclient sync?")
- }
- }
-
- if (_perform_consistency_checks) {
- # Ensure that the revision matches the version major expected by GN.
- _versions_match = filter_include([ _clang_revision ],
- [ "llvmorg-$clang_version-*" ]) != []
- assert(
- _versions_match,
- "clang_revision=\"$_clang_revision\" but clang_version=\"$clang_version\". clang_version in build/toolchain/toolchain.gni is likely outdated.")
- }
-
- if (toolchain_has_rust && _perform_consistency_checks &&
- !rust_force_head_revision) {
- # Ensure that the synced rust version matches what's in git.
- _rust_revision_lines =
- filter_include(read_file("//tools/rust/update_rust.py", "list lines"),
- [ "RUST_*REVISION = *" ])
- _py_revision =
- string_replace(_rust_revision_lines[0], "RUST_REVISION = '", "")
- _py_revision = string_replace(_py_revision, "'", "")
- _py_subrevision =
- string_replace(_rust_revision_lines[1], "RUST_SUB_REVISION = ", "")
- _expected_rust_revision = "$_py_revision-$_py_subrevision"
-
- # Ensure the rust version matches the clang version.
- assert(
- filter_include([ rustc_revision ],
- [ "*-$_expected_rust_revision-*" ]) != [],
- "rustc_revision=\"$rustc_revision\" but update_rust.py expected \"$_expected_rust_revision\". Run \"gclient sync\"?")
- }
-
- # This is here so that all files get recompiled after a clang roll and
- # when turning clang on or off. (defines are passed via the command line,
- # and build system rebuild things when their commandline changes). Nothing
- # should ever read this define.
- defines = [ "CR_CLANG_REVISION=\"$_clang_revision\"" ]
- }
-}
-
# Controls the usage of a warning suppression mapping (WSM) file to suppress
# warnings based on the path of the file they come from. It's controlled by the
# `clang_warning_suppression_file` gn argument , which points to a text file
@@ -1896,18 +1774,6 @@ config("sanitize_c_array_bounds") {
}
}
-config("rustc_revision") {
- if (rustc_revision != "") {
- # Similar to the `clang_revision` config, this is here so that all `.rs`
- # sources get recompiled after a rustc roll. Nothing should ever read this
- # cfg. This will not be set if a custom toolchain is used.
- rustflags = [
- "--cfg",
- "cr_rustc_revision=\"$rustc_revision\"",
- ]
- }
-}
-
config("compiler_arm_fpu") {
if (current_cpu == "arm" && !is_ios) {
cflags = [ "-mfpu=neon" ]
@@ -2386,11 +2252,7 @@ config("chromium_code") {
defines = [ "_HAS_NODISCARD" ]
}
} else {
- cflags = [ "-Wall" ]
- if (is_clang) {
- # Enable extra warnings for chromium_code when we control the compiler.
- cflags += [ "-Wextra" ]
- }
+ cflags = []
# In Chromium code, we define __STDC_foo_MACROS in order to get the
# C99 macros on Mac and Linux.
@@ -2399,32 +2261,6 @@ config("chromium_code") {
"__STDC_FORMAT_MACROS",
]
- if (!is_debug && !using_sanitizer && current_cpu != "s390x" &&
- current_cpu != "ppc64" && current_cpu != "mips" &&
- current_cpu != "mips64" && current_cpu != "riscv64" &&
- current_cpu != "loong64") {
- # Non-chromium code is not guaranteed to compile cleanly with
- # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are
- # disabled, so only do that for Release build.
- fortify_level = "2"
-
- # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3
- # implementation with a few custom glibc patches. Use that if it's
- # available.
- if (is_chromeos_device) {
- fortify_level = "3"
- }
-
- # _FORTIFY_SOURCE=3 is available in glibc 2.34+. Enable it when building
- # with the sysroot where support is guaranteed. Clang is also required since
- # the system gcc is often patched to add _FORTIFY_SOURCE=2 which would conflict
- # with our definition.
- if (use_sysroot && is_clang) {
- fortify_level = "3"
- }
- defines += [ "_FORTIFY_SOURCE=" + fortify_level ]
- }
-
if (is_apple) {
cflags_objc = [ "-Wimplicit-retain-self" ]
cflags_objcc = [ "-Wimplicit-retain-self" ]
@@ -2848,7 +2684,8 @@ config("default_stack_frames") {
# [0]: https://pinpoint-dot-chromeperf.appspot.com/job/147634a8be0000
# [1]: https://pinpoint-dot-chromeperf.appspot.com/job/132bc772be0000
# [2]: https://crrev.com/c/5447532
-config("optimize") {
+config("optimize") { }
+config("xoptimize") {
if (is_win) {
# clang-cl's /O2 corresponds to clang's -O3, and really want -O2 for
# consistency with the other platforms.
@@ -2897,7 +2734,8 @@ config("optimize") {
}
# Turn off optimizations.
-config("no_optimize") {
+config("no_optimize") { }
+config("xno_optimize") {
if (is_win) {
cflags = [
"/Od", # Disable optimization.
@@ -2932,7 +2770,8 @@ config("no_optimize") {
# Turns up the optimization level. Used to explicitly enable -O2 instead of
# -Os for select targets on platforms that use optimize_for_size. No-op
# elsewhere.
-config("optimize_max") {
+config("optimize_max") { }
+config("xoptimize_max") {
ldflags = common_optimize_on_ldflags
if (is_win) {
# Favor speed over size, /O2 must be before the common flags.
@@ -2953,7 +2792,8 @@ config("optimize_max") {
#
# TODO(crbug.com/41259697) - rework how all of these configs are related
# so that we don't need this disclaimer.
-config("optimize_speed") {
+config("optimize_speed") { }
+config("xoptimize_speed") {
ldflags = common_optimize_on_ldflags
if (is_win) {
# Favor speed over size, /O2 must be before the common flags.
@@ -2970,7 +2810,8 @@ config("optimize_speed") {
rustflags = [ "-Copt-level=3" ]
}
-config("optimize_fuzzing") {
+config("optimize_fuzzing") { }
+config("xoptimize_fuzzing") {
cflags = [ "-O1" ] + common_optimize_on_cflags
rustflags = [ "-Copt-level=1" ]
ldflags = common_optimize_on_ldflags
@@ -3115,7 +2956,8 @@ config("split_dwarf") {
}
# Full symbols.
-config("symbols") {
+config("symbols") { }
+config("xsymbols") {
rustflags = []
configs = []
if (is_win) {
@@ -3275,7 +3117,8 @@ config("symbols") {
# Minimal symbols.
# This config guarantees to hold symbol for stack trace which are shown to user
# when crash happens in unittests running on buildbot.
-config("minimal_symbols") {
+config("minimal_symbols") { }
+config("xminimal_symbols") {
configs = []
rustflags = []
if (is_win) {
@@ -3355,7 +3198,8 @@ config("minimal_symbols") {
# This configuration contains function names only. That is, the compiler is
# told to not generate debug information and the linker then just puts function
# names in the final debug information.
-config("no_symbols") {
+config("no_symbols") { }
+config("xno_symbols") {
if (is_win) {
ldflags = [ "/DEBUG" ]
--
2.52.0