Registration is now invite-only. Any user can make an invite, you need to create it here and give resulting link to someone to register.
avatar
mikhailnov has added 8b4fc265c2
Build with support of GOST TLS via CryptoPro

Thanks to ALT Linux team for the initial idea how to build it without
proprietary libcapi libraries from CryptoPro.

raw diff | patch
view file @ 8b4fc265c2
... ... --- a/.abf.yml
... ... +++ b/.abf.yml
... ... @@ -3,3 +3,5 @@ sources:
3 3 
  depot_tools.tar.xz: 082b7f9a4dfa7eb03900755b4866aef2d73543a5
4 4 
  icons.tar.bz2: a835954af164bf38f8ea4ea80608839bed7800a3
5 5 
  new-system-icons.tar.xz: 89339b8b3b05359a8745ed7968fe148902a2fa28
6 
  chromium-gost-e3818b44e5b738666df02a4faa30025e8f70e4a9.tar.gz: 2928eaf224fb3da4c4a66fac59b2e795afd879fc374464a7513400ccb44bcd70
7 
  msspi-11be3c144405ac712432d172bca2863545f81fea.tar.gz: cfdb39e5c0ccef14901ed01300cc7cf17fb7c60c6794cf2fc2d54c297bb48b9a
view file @ 8b4fc265c2
... ... --- /dev/null
... ... +++ b/Makefile.gost
... ... @@ -0,0 +1,30 @@
1 
# Put https://github.com/deemru/chromium-gost with msspi submodule to %{_gostsourcedir}
2 
# Run this as:
3 
# make -C Makefile.gost SDIR=%{_gostsourcedir} CC=%{__cc} CXX=%{__cxx} CFLAGS=%{optflags}
4 
# Idea how to build this originates from ALT Linux
5
6 
SDIR ?= chromium-gost
7 
OUTDIR ?= .
8 
TMPDIR ?= $(shell mktemp -d)
9 
CC ?= gcc
10 
CXX ?= g++
11 
CRYPTOPRO_MAJOR_VERSION ?= 4
12 
CFLAGS ?= -O2 -g
13 
GOSTCFLAGS ?=
14
15 
make:
16 
	cd $(TMPDIR) ; \
17 
	ar r empty.a ; \
18 
	$(CC) -shared empty.a -Wl,-soname=libcapi20.so.$(CRYPTOPRO_MAJOR_VERSION) -o libcapi20.so ; \
19 
	$(CC) -shared empty.a -Wl,-soname=libcapi10.so.$(CRYPTOPRO_MAJOR_VERSION) -o libcapi10.so
20
21 
	$(CXX) $(CFLAGS) $(GOSTCFLAGS) \
22 
		-Wall -Wl,--no-as-needed -std=c++11 -fPIC -shared -s -Werror -Wno-unused-function -ldl \
23 
		$(SDIR)/src/gostssl.cpp \
24 
		$(SDIR)/src/msspi/src/msspi.cpp \
25 
		-I $(SDIR)/src/msspi/src \
26 
		-I $(SDIR)/src/msspi/third_party/cprocsp/include \
27 
		-I third_party/boringssl/src/include \
28 
		-lcapi10 -lcapi20 \
29 
		-L$(TMPDIR) \
30 
		-o $(OUTDIR)/libgostssl.so
view file @ 8b4fc265c2
... ... --- a/chromium-browser-stable.spec
... ... +++ b/chromium-browser-stable.spec
... ... @@ -4,17 +4,25 @@
4 4 
#  [3] https://www.archlinux.org/packages/extra/x86_64/chromium/
5 5 
#  [4] https://src.fedoraproject.org/rpms/chromium/
6 6 
#  [5] https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/
7 
#  [6] https://packages.altlinux.org/ru/sisyphus/specfiles/chromium-gost
7 8
8 9 
# Get the version number of latest stable version
9 10 
# $ curl -s 'https://omahaproxy.appspot.com/all?os=linux&channel=stable' | sed 1d | cut -d , -f 3
10 11
11 12 
%global _build_pkgcheck_set %{nil}
13 
%bcond_without gost
12 14
13 15 
# eol 'fix' corrupts some .bin
14 16 
%define dont_fix_eol 1
15 17 
%define _disable_lto 1
16 18
19 
%if %{with gost}
20 
%define crname chromium-gost
21 
%define chromedriver chromedriver-gost
22 
%else
17 23 
%define crname chromium-browser
24 
%define chromedriver chromedriver
25 
%endif
18 26 
%define _crdir %{_libdir}/%{crname}
19 27 
%define _src %{_topdir}/SOURCES
20 28
... ... @@ -32,16 +40,28 @@
40 40 
%define google_default_client_id 1039996407057-q599ngv7i6ni4sbkd2fsns30246r9s9v.apps.googleusercontent.com
41 41 
%define google_default_client_secret mRHXPjlS4cLpp1beCiXoYbLZ
42 42
43 
# GOST patches and sources
44 
%define chromium_gost_commit e3818b44e5b738666df02a4faa30025e8f70e4a9
45 
%define msspi_commit 11be3c144405ac712432d172bca2863545f81fea
46 
%define _gostsourcedir %{_builddir}/chromium-gost
47
48 
%if ! %{with gost}
43 49 
Summary:	A fast web browser based on the Blink engine
44 50 
Name:		chromium-browser-stable
45 51 
Version:	77.0.3865.90
46 52 
Release:	1
53 
%else
54 
Summary:	Chromium web-browser with patches to make GOST TLS work via CryptoPro
55 
Name:		chromium-gost
56 
Version:	77.0.3865.90
57 
Release:	1
58 
%endif
47 59 
License:	BSD, LGPL
48 60 
Group:		Networking/WWW
49 61 
Url:		https://www.chromium.org/Home
50 62 
Source0:	https://commondatastorage.googleapis.com/chromium-browser-official/chromium-%{version}.tar.xz
51 63 
Source1:	chromium-wrapper
52 
Source2:	chromium-browser.desktop
64 
Source2:	%{crname}.desktop
53 65 
# Setup toolchain for rosa builds, from gentoo
54 66 
# https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/files/toolchain/BUILD.gn
55 67 
Source5:	BUILD.gn
... ... @@ -52,6 +72,13 @@ Source32: chromium.default
72 72 
Source100:	icons.tar.bz2
73 73 
Source997:	depot_tools.tar.xz
74 74 
Source999:	new-system-icons.tar.xz
75
76 
%if %{with gost}
77 
Source1100:	Makefile.gost
78 
Source1101:	https://github.com/deemru/chromium-gost/archive/%{chromium_gost_commit}/chromium-gost-%{chromium_gost_commit}.tar.gz
79 
Source1102:	https://github.com/deemru/msspi/archive/%{msspi_commit}/msspi-%{msspi_commit}.tar.gz
80 
%endif
81
75 82 
Patch4:		chromium-30.0.1599.66-master-prefs-path.patch
76 83 
# (cjw) Recognize mimetypes for matroska (.mkv) and AVI (.avi) formats (video/x-matroska and audio/x-matroska, video/x-msvideo) + handle A52 "AC3" and DTS compressed audio.
77 84 
Patch6:		chromium-55-extra-media.patch
... ... @@ -116,9 +143,8 @@ Patch700: chromium-70.0.3538.77-no-system-nodejs.patch
143 143 
Patch717:	chromium-70.0.3538.67-disable-fontconfig-cache-magic.patch
144 144
145 145 
Provides:	%{crname} = %{EVRD}
146 
Conflicts:	chromium-browser-unstable
147 
Conflicts:	chromium-browser-beta
148 
Obsoletes:	chromium-browser < 1:9.0.597.94
146 
Conflicts:	%{crname}-unstable
147 
Conflicts:	%{crname}-beta
149 148 
BuildRequires:	bison
150 149 
%if 0%{?clang}
151 150 
BuildRequires:	clang
... ... @@ -201,19 +227,17 @@ BuildRequires: pkgconfig(xtst)
227 227 
BuildRequires:	pkgconfig(zlib)
228 228 
BuildRequires:	pythonegg(beautifulsoup4)
229 229 
BuildRequires:	pythonegg(html5lib)
230 
%if %{with gost}
231 
BuildRequires:	chrpath
232 
%endif
230 233
231 234 
Suggests:	chromium-browser-pepper-flash
232 235 
Conflicts:	chromium-widevinecdm-plugin < 54
233 236 
Obsoletes:	chromium-widevinecdm-plugin < 54
234 
Conflicts:	chromium-browser-beta
235 
Conflicts:	chromium-browser-unstable
236 
Obsoletes:	chromium-browser < 1:9.0.597.94
237 
Obsoletes:	chromium-browser-pdf-plugin < 17.0.0.169
238
237 
Conflicts:	%{crname}-beta
238 
Conflicts:	%{crname}-unstable
239 239 
Provides:	%{crname} = %{EVRD}
240 240
241 
ExclusiveArch:	%{ix86} x86_64 armv7l
242
243 241 
%description
244 242 
Chromium is a browser that combines a minimal design with sophisticated
245 243 
technology to make the web faster, safer, and easier.
... ... @@ -242,19 +266,23 @@ your profile before changing channels.
266 266 
%{_crdir}/themes
267 267 
%{_crdir}/default_apps
268 268 
%{_crdir}/swiftshader
269 
%if %{with gost}
270 
%{_crdir}/libgostssl.so
271 
%{_crdir}/gostssl.so
272 
%endif
269 273 
%dir %{_crdir}/pepper
270 274 
%{_datadir}/applications/*.desktop
271 275 
%{_iconsdir}/hicolor/*/apps/chromium*
272 276
273 277 
%post
274 278 
# Remove chromium-browser-install package if we have it installed
275 
if [ `rpm -q chromium-browser-install | wc -w` == 1 ]
279 
if [ "$(rpm -q %{crname}-install | wc -w)" = 1 ]
276 280 
then
277 
	rpm -e chromium-browser-install
281 
	rpm -e %{crname}-install
278 282 
fi
279 283
280 284 
#----------------------------------------------------------------------------
281
285 
%if ! %{with gost}
282 286 
%package -n chromium-browser
283 287 
Summary:	A fast web browser based on the Blink engine
284 288 
Epoch:		1
... ... @@ -271,25 +299,25 @@ browser. If you prefer the dev channel browser, install the
299 299 
chromium-browser-unstable package instead.
300 300
301 301 
%files -n chromium-browser
302
302 
%endif
303 303 
#----------------------------------------------------------------------------
304 304
305 
%package -n chromedriver
305 
%package -n %{chromedriver}
306 306 
Summary:	WebDriver for Google Chrome/Chromium
307 307 
Group:		Development/Other
308 308 
# No %%{EVRD}
309 309 
Requires:	%{name} = %{version}-%{release}
310 310
311 
%description -n chromedriver
311 
%description -n %{chromedriver}
312 312 
WebDriver is an open source tool for automated testing of webapps across many
313 313 
browsers. It provides capabilities for navigating to web pages, user input,
314 314 
JavaScript execution, and more. ChromeDriver is a standalone server which
315 315 
implements WebDriver's wire protocol for Chromium. It is being developed by
316 316 
members of the Chromium and WebDriver teams.
317 317
318 
%files -n chromedriver
318 
%files -n %{chromedriver}
319 319 
%doc LICENSE AUTHORS
320 
%{_bindir}/chromedriver
320 
%{_bindir}/%{chromedriver}
321 321 
%{_crdir}/chromedriver
322 322
323 323 
#----------------------------------------------------------------------------
... ... @@ -297,6 +325,22 @@ members of the Chromium and WebDriver teams.
325 325 
%prep
326 326 
%setup -qn chromium-%{version} -a 997 -a 999
327 327
328 
%if %{with gost}
329 
mkdir -p %{_gostsourcedir}
330 
tar -C %{_gostsourcedir} --strip 1 -xf %{SOURCE1101}
331 
sed -i \
332 
	-e "s,^#include <../ssl/internal.h>,#include \"${PWD}/third_party/boringssl/src/ssl/internal.h\",g" \
333 
	%{_gostsourcedir}/src/gostssl.cpp
334 
tar -C %{_gostsourcedir}/src/msspi --strip 1 -xf %{SOURCE1102}
335 
patch -p1 < %{_gostsourcedir}/patch/chromium.patch
336 
( cd ./third_party/boringssl/src
337 
patch -p1 < %{_gostsourcedir}/patch/boringssl.patch )
338 
( cd %{_gostsourcedir}
339 
# Canonical library naming requires to prefix their names with "lib"
340 
# We make a symlink later
341 
grep -rIl gostssl.so . | xargs sed -i 's/gostssl.so/libgostssl.so/g' )
342 
%endif
343
328 344 
%patch4 -p1 -b .prefs
329 345 
%patch6 -p1
330 346 
%patch7 -p1
... ... @@ -590,6 +634,16 @@ third_party/node/update_npm_deps
634 634 
%endif
635 635
636 636 
%build
637
638 
%if %{with gost}
639 
make --file %{SOURCE1100} \
640 
	SDIR="%{_gostsourcedir}" \
641 
	OUTDIR="%{_gostsourcedir}" \
642 
	CC="%{__cc}" \
643 
	CXX="%{__cxx}" \
644 
	CFLAGS="%{optflags}"
645 
%endif
646
637 647 
%define system_gn_list ffmpeg
638 648 
# flac libxslt snappy yasm libpng zlib
639 649 
# opus
... ... @@ -764,4 +818,27 @@ mkdir -p %{buildroot}%{_sysconfdir}/%{crname}
818 818 
install -m 0644 %{SOURCE30} %{buildroot}%{_sysconfdir}/%{crname}/
819 819 
install -m 0644 %{SOURCE31} %{buildroot}%{_sysconfdir}/%{crname}/
820 820
821 
%if %{with gost}
822 
install -m0644 %{_gostsourcedir}/libgostssl.so %{buildroot}%{_crdir}/libgostssl.so
823 
# Compatibility symlink: it is named gostssl.so in other builds of Chromium-GOST
824 
# but it is common to prefix libraries with "lib"
825 
( cd %{buildroot}%{_crdir}/ ; ln -s libgostssl.so gostssl.so )
826 
mv %{buildroot}%{_bindir}/chromedriver %{buildroot}%{_bindir}/%{chromedriver}
827
828 
# find all files
829 
find %{buildroot}%{_crdir} -type f |
830 
while read f; do
831 
# resolve symlinks
832 
t="$(readlink -ev "$f")"
833 
file "$t" | fgrep -qs ELF || continue
834 
# Add real RPATH. We need RPATH in GOST builds because 'dlopen(libgostssl.so)'
835 
# is performed, but libgostssl.so will not be found without RPATH.
836 
# Here we could change chromium.path from chromium-gost so that it has
837 
# an absolute path to "gostssl.so" instead of a relative one
838 
# but it is strange to hardcode absolute paths to libraries and will
839 
# break running our Chromium somewhere outside of standard locations.
840 
chrpath -r '%{_crdir}' "$t" ||:
841 
done
842 
%endif
843
821 844 
find %{buildroot} -name "*.nexe" -exec strip {} \;
view file @ 8b4fc265c2
... ... --- a/chromium-browser.desktop
... ... +++ b/chromium-browser.desktop
... ... @@ -242,7 +242,7 @@ Name[uk]=Нове вікно
242 242 
Name[vi]=Cửa sổ Mới
243 243 
Name[zh_CN]=新建窗口
244 244 
Name[zh_TW]=開新視窗
245 
Exec=chromium-browser
245 
Exec=chromium-browser --new-window
246 246
247 247 
[Desktop Action new-private-window]
248 248 
Name=New Incognito Window
view file @ 8b4fc265c2
... ... --- /dev/null
... ... +++ b/chromium-gost.desktop
... ... @@ -0,0 +1,27 @@
1 
[Desktop Entry]
2 
Version=1.0
3 
Name=Chromium-GOST Web Browser
4 
Name[ru]=Браузер Chromium-ГОСТ
5 
GenericName=Chromium-GOST Web Browser
6 
GenericName[ru]=Браузер Chromium-ГОСТ
7 
Comment=Web Browser with support of GOST cryptography
8 
Comment[ru]=Веб-браузер Chromium с поддержкой ГОСТ-шифрования
9 
Exec=chromium-gost %u
10 
Icon=chromium-gost
11 
Terminal=false
12 
Type=Application
13 
StartupWMClass=Chromium-browser
14 
MimeType=application/x-extension-htm;application/x-extension-html;application/x-extension-shtml;application/x-extension-xht;application/x-extension-xhtml;application/xhtml+xml;text/html;x-scheme-handler/chrome;x-scheme-handler/ftp;x-scheme-handler/http;x-scheme-handler/https;
15 
Categories=GTK;Network;WebBrowser;X-MandrivaLinux-Internet-WebBrowsers;X-MandrivaLinux-CrossDesktop;
16 
Actions=new-window;new-private-window;
17
18 
[Desktop Action new-window]
19 
Name=New Window
20 
Name[ru]=Новое окно
21 
Exec=chromium-gost --new-window
22
23 
[Desktop Action new-private-window]
24 
Name=New Incognito Window
25 
Name[ru]=Новое окно в режиме инкогнито
26 
Exec=chromium-gost --incognito
27

Comments