chromium: Add some brief documentation

Wanted to do this for a long time to collect important knowledge and
make it easier to pass maintainership.
Only time will tell if this'll be useful or become outdated instead.
This commit is contained in:
Michael Weiss 2020-10-20 12:59:55 +02:00
parent 4b8f3aee6f
commit b36db49ae7
No known key found for this signature in database
GPG key ID: 5BE487C4D4771D83
3 changed files with 60 additions and 20 deletions

View file

@ -0,0 +1,56 @@
# Maintainers
- TODO: We need more maintainers:
- https://github.com/NixOS/nixpkgs/issues/78450
- If you just want to help out without becoming a maintainer:
- Look for open Nixpkgs issues or PRs related to Chromium
- Make your own PRs (but please try to make reviews as easy as possible)
- Primary maintainer (responsible for updating Chromium): @primeos
- Testers (test all stable channel updates)
- `nixos-unstable`:
- `x86_64`: @danielfullmer
- `aarch64`: @thefloweringash
- Stable channel:
- `x86_64`: @Frostman
- Other relevant packages:
- `chromiumBeta` and `chromiumDev`: For testing purposes (not build on Hydra)
- `google-chrome`, `google-chrome-beta`, `google-chrome-dev`: Updated via
Chromium's `upstream-info.json`
- `ungoogled-chromium`: Based on `chromium` (the expressions are regularly
copied over and patched accordingly)
# Updating Chromium
Simply run `./pkgs/applications/networking/browsers/chromium/update.py` to
update `upstream-info.json`. After updates it is important to test at least
`nixosTests.chromium` (or basic manual testing) and `google-chrome` (which
reuses `upstream-info.json`).
## Backports
All updates are considered security critical and should be ported to the stable
channel ASAP. When there is a new stable release the old one should receive
security updates for roughly one month. After that it is important to mark
Chromium as insecure (see 69e4ae56c4b for an example; it is important that the
tested job still succeeds and that all browsers that use `upstream-info.json`
are marked as insecure).
## Major version updates
Unfortunately, Chromium regularly breaks on major updates and might need
various patches. Either due to issues with the Nix build sandbox (e.g. we cannot
fetch dependencies via the network and do not use standard FHS paths) or due to
missing upstream fixes that need to be backported.
Good sources for such patches and other hints:
- https://github.com/archlinux/svntogit-packages/tree/packages/chromium/trunk
- https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium
- https://src.fedoraproject.org/rpms/chromium/tree/master
If the build fails immediately due to unknown compiler flags this usually means
that a new major release of LLVM is required.
## Beta and Dev channels
Those channels are only used to test and fix builds in advance. They may be
broken at times and must not delay stable channel updates.

View file

@ -77,18 +77,10 @@ mkChromiumDerivation (base: rec {
of source code for Google Chrome (which has some additional features).
'';
homepage = "https://www.chromium.org/";
maintainers = with maintainers; [ bendlas thefloweringash primeos ];
# Overview of the maintainer roles:
# nixos-unstable:
# - TODO: Need a new maintainer for x86_64 [0]
# - @thefloweringash: aarch64
# - @primeos: Provisional maintainer (x86_64)
# Stable channel:
# - TODO (need someone to test backports [0])
# [0]: https://github.com/NixOS/nixpkgs/issues/78450
maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
timeout = 172800; # 48 hours
timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
};
})

View file

@ -154,16 +154,8 @@ let
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
patches = [
./patches/no-build-timestamps.patch
./patches/widevine-79.patch
# Unfortunately, chromium regularly breaks on major updates and
# then needs various patches backported in order to be compiled with GCC.
# Good sources for such patches and other hints:
# - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed)
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) [
# Check for enable-accelerated-video-decode on Linux: