nixpkgs/pkgs/applications/networking/browsers/chromium
emilylange 2a765dfbad
chromium: resolve ref to rev for blink version string
This allows us to match the version the binaries use more closely.

For example, chromedriver darwin (binary) reports the following:

~~~bash
chromedriver --version
ChromeDriver 131.0.6778.85 (3d81e41b6f3ac8bcae63b32e8145c9eb0cd60a2d-refs/branch-heads/6778@{#2285})
~~~

while on Linux, where we build chromedriver based on the chromium
derivation from source and control the string ourselves:

~~~bash
chromedriver --version
ChromeDriver 131.0.6778.85 (131.0.6778.85-refs/heads/master@{#0})
~~~

With this commit, the version string now reports:

~~~bash
chromedriver --version
ChromeDriver 131.0.6778.85 (3d81e41b6f3ac8bcae63b32e8145c9eb0cd60a2d-refs/tags/131.0.6778.85@{#0})
~~~

This may seem like a small and unimportant detail, but turns out an
internal function within chromedriver depends on the git hash.

See https://chromium.googlesource.com/chromium/src/+/131.0.6778.85/chrome/test/chromedriver/chrome/browser_info.cc#172

This caused the tests of one package (single-file-cli) that use
selenium with chromium and chromedriver to fail in 24.05.

Only in 24.05, because 24.11 and unstable removed their test dependency
on chromedriver because it wasn't available for aarch64-linux at that
time.

~~~
Running phase: checkPhase
Serving HTTP on 127.0.0.1 port 8000 (http://127.0.0.1:8000/) ...
session not created
from unknown error: unrecognized Blink revision: 131.0.6778.85 URL: http://127.0.0.1:8000
Stack: SessionNotCreatedError: session not created
from unknown error: unrecognized Blink revision: 131.0.6778.85
    at Object.throwDecodedError (/build/source/node_modules/selenium-webdriver/lib/error.js:524:15)
    at parseHttpResponse (/build/source/node_modules/selenium-webdriver/lib/http.js:601:13)
    at Executor.execute (/build/source/node_modules/selenium-webdriver/lib/http.js:529:28)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
~~~
2024-11-25 14:44:52 +01:00
..
files chromium: fetch src from git instead of using release tarball 2024-11-19 20:43:03 +01:00
patches electron-source.electron_30: remove as it's EOL 2024-10-22 21:23:33 +02:00
browser.nix chromium: remove "channel" argument 2024-11-19 20:35:51 +01:00
common.nix chromium: resolve ref to rev for blink version string 2024-11-25 14:44:52 +01:00
default.nix chromium: fetch src from git instead of using release tarball 2024-11-19 20:43:03 +01:00
depot_tools.py chromium: fetch src from git instead of using release tarball 2024-11-19 20:43:03 +01:00
get-commit-message.py chromium: match release blog entry titles case-insensitive in get-commit-message.py 2024-09-03 19:55:57 +02:00
info.json chromium: resolve ref to rev for blink version string 2024-11-25 14:44:52 +01:00
README.md
ungoogled-flags.toml
ungoogled.nix
update.mjs chromium: resolve ref to rev for blink version string 2024-11-25 14:44:52 +01:00

Maintainers

  • Note: We could always use more contributors, testers, etc. E.g.:

    • Dedicated maintainers for the NixOS stable channel
    • PRs with cleanups, improvements, fixes, etc. (but please try to make reviews as easy as possible)
    • People who handle stale issues/PRs
  • Other relevant packages:

    • google-chrome: Updated via Chromium's upstream-info.nix.
    • ungoogled-chromium: A patch set for Chromium, that has its own entry in Chromium's upstream-info.nix.
    • chromedriver: Updated via Chromium's upstream-info.nix and not built from source. Must match Chromium's major version.
    • electron-source: Various version of electron that are built from source using Chromium's -unwrapped derivation, due to electron being based on Chromium.

Upstream links

Updating Chromium

Simply run ./pkgs/applications/networking/browsers/chromium/update.py to update upstream-info.nix. After updates it is important to test at least nixosTests.chromium (or basic manual testing) and google-chrome (which reuses upstream-info.nix).

Note: The source tarball is often only available a few hours after the release was announced. The CI/CD status can be tracked here:

To run all automated NixOS VM tests for Chromium, ungoogled-chromium, and Google Chrome (not recommended, currently 6x tests!):

nix-build nixos/tests/chromium.nix

A single test can be selected, e.g. to test ungoogled-chromium (see channelMap in nixos/tests/chromium.nix for all available options):

nix-build nixos/tests/chromium.nix -A ungoogled

(Note: Testing Google Chrome requires export NIXPKGS_ALLOW_UNFREE=1.)

For custom builds it's possible to "override" channelMap.

Backports

All updates are considered security critical and should be ported to the stable channel ASAP. When there is a new stable release the old one should receive security updates for roughly one month. After that it is important to mark Chromium as insecure (see 69e4ae56c4b for an example; it is important that the tested job still succeeds and that all browsers that use upstream-info.nix are marked as insecure).

Major version updates

Unfortunately, Chromium regularly breaks on major updates and might need various patches. Either due to issues with the Nix build sandbox (e.g. we cannot fetch dependencies via the network and do not use standard FHS paths) or due to missing upstream fixes that need to be backported.

Good sources for such patches and other hints:

If the build fails immediately due to unknown compiler flags this usually means that a new major release of LLVM is required.

Beta and Dev channels

Those channels are only used to test and fix builds in advance. They may be broken at times and must not delay stable channel updates.

Testing

Useful tests: