From f7ac65aa0a6886db70daedc24ece82d0a5c62dde Mon Sep 17 00:00:00 2001 From: tigro Date: Mon, 27 Nov 2023 14:14:53 +0300 Subject: [PATCH] Reapply "Apply GOST patches" This reverts commit 44c5503854c60715c286fc618bfdcdf09a9c990d. --- .chromium.metadata | 2 ++ .gitignore | 2 ++ SPECS/chromium.spec | 67 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 69 insertions(+), 2 deletions(-) diff --git a/.chromium.metadata b/.chromium.metadata index 6b156475..b87f6d7f 100644 --- a/.chromium.metadata +++ b/.chromium.metadata @@ -3,3 +3,5 @@ dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz 7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz 769196d081c6a0ad37f1c63dec56febfff3370de SOURCES/node-v20.6.1-linux-x64.tar.xz 3e94bb4f999c636293bc745b02d98e7925da5616 SOURCES/node-v20.6.1-linux-arm64.tar.xz +0c4c4f30f072ddca7762f6fb9a1a0b414cf471da SOURCES/chromium-gost-2c81b2fed144086340d5220ef707350b7fb18ec9.tar.gz +36abebc8fd96cdcb5bf8ecd598055586ec434380 SOURCES/msspi-3c50c2d33a4bdf4effb01aaeb9ff5d5b67635a18.tar.gz diff --git a/.gitignore b/.gitignore index bd2837b0..54527c80 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ SOURCES/linux-x64-0.19.2.tgz SOURCES/linux-arm64-0.19.2.tgz SOURCES/node-v20.6.1-linux-x64.tar.xz SOURCES/node-v20.6.1-linux-arm64.tar.xz +SOURCES/chromium-gost-2c81b2fed144086340d5220ef707350b7fb18ec9.tar.gz +SOURCES/msspi-3c50c2d33a4bdf4effb01aaeb9ff5d5b67635a18.tar.gz diff --git a/SPECS/chromium.spec b/SPECS/chromium.spec index 2ab3188c..bc93532a 100644 --- a/SPECS/chromium.spec +++ b/SPECS/chromium.spec @@ -232,6 +232,13 @@ %endif %endif +# Build with GOST patches +# https://github.com/deemru/chromium-gost/ +%global gost 1 +%define chromium_gost_commit 2c81b2fed144086340d5220ef707350b7fb18ec9 +%define msspi_commit 3c50c2d33a4bdf4effb01aaeb9ff5d5b67635a18 +%define chromium_path_gost %{_builddir}/chromium-gost + ### From 2013 until early 2021, Google permitted distribution builds of ### Chromium to access Google APIs that added significant features to ### Chromium including, but not limited to, Sync and geolocation. @@ -267,7 +274,7 @@ Name: chromium%{chromium_channel} Version: 119.0.6045.159 -Release: 1%{?dist}.inferit +Release: 1%{?dist}.inferit.gost Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -468,6 +475,10 @@ BuildRequires: golang-github-evanw-esbuild # Yandex logo Source50: https://upload.wikimedia.org/wikipedia/commons/f/f1/Yandex_logo_2021_Russian.svg +# GOST +Source101: https://github.com/deemru/chromium-gost/archive/%{chromium_gost_commit}.tar.gz?/chromium-gost-%{chromium_gost_commit}.tar.gz +Source102: https://github.com/deemru/msspi/archive/%{msspi_commit}.tar.gz?/msspi-%{msspi_commit}.tar.gz + %if %{clang} %if 0%{?rhel} == 7 BuildRequires: llvm-toolset-%{llvm_toolset_version} @@ -881,8 +892,16 @@ Provides: bundled(xdg-user-dirs) Requires(post): /usr/sbin/semanage Requires(post): /usr/sbin/restorecon +%if %{gost} +Provides: %{name}-gost-lib = %{version}-%{release} +%endif + %description Chromium is an open-source web browser, powered by WebKit (Blink). +%if %{gost} +chromium-gost patches are integrated, this Chromium supports GOST TLS +if proprietary CryptoPro is installed. +%endif %package common Summary: Files needed for both the headless_shell and full Chromium @@ -936,6 +955,47 @@ udev. %prep %setup -q -n chromium-%{version} +%if %{gost} +rm -rf %{chromium_path_gost} +mkdir -p %{chromium_path_gost} +tar -C %{chromium_path_gost} --strip 1 -xf %{SOURCE101} +sed -i \ + -e "s,^#include <../ssl/internal.h>,#include \"${PWD}/third_party/boringssl/src/ssl/internal.h\",g" \ + %{chromium_path_gost}/src/gostssl.cpp +tar -C %{chromium_path_gost}/src/msspi --strip 1 -xf %{SOURCE102} +sed -i'' %{chromium_path_gost}/patch/chromium.patch \ + -e 's/ (Chromium GOST)//g' \ + -e 's/Chromium GOST/Chromium/g' \ + -e 's/Chromium-Gost/Chromium/g' \ + -e 's/"chromium-gost"/"chromium-browser"/g' \ + -e 's/"chromium-gost.desktop"/"chromium-browser.desktop"/g' \ + -e 's/(%s; Chromium GOST)/(%s)/' \ + -- +# make backups before GOST patching +for i in \ + components/search_engines/prepopulated_engines.json \ + components/search_engines/search_terms_data.cc \ + components/search_engines/template_url_prepopulate_data.cc +do + cp $i $i.saved +done +patch -p1 < %{chromium_path_gost}/patch/chromium.patch +( cd ./third_party/boringssl/src +patch -p1 < %{chromium_path_gost}/patch/boringssl.patch ) +# rollback backups after GOST patching +for i in \ + components/search_engines/prepopulated_engines.json \ + components/search_engines/search_terms_data.cc \ + components/search_engines/template_url_prepopulate_data.cc +do + mv $i.saved $i +done + +cp -f %{chromium_path_gost}/src/gostssl.cpp third_party/boringssl/gostssl.cpp +cp -f %{chromium_path_gost}/src/msspi/src/* third_party/boringssl +cp -f %{chromium_path_gost}/src/msspi/third_party/cprocsp/include/* third_party/boringssl/src/include +%endif + ### Chromium Fedora Patches ### %patch -P0 -p1 -b .sandboxpie %patch -P1 -p1 -b .etc @@ -1106,7 +1166,7 @@ cp -a %{_includedir}/libusb-1.0/libusb.h third_party/libusb/src/libusb/libusb.h %endif # Hard code extra version -sed -i 's/getenv("CHROME_VERSION_EXTRA")/""/' chrome/common/channel_info_posix.cc +sed -i 's/getenv("CHROME_VERSION_EXTRA")/"%{?gost: GOST TLS via CryptoPro}"/' chrome/common/channel_info_posix.cc # Fix hardcoded path in remoting code sed -i 's|/opt/google/chrome-remote-desktop|%{crd_path}|g' remoting/host/setup/daemon_controller_delegate_linux.cc @@ -1733,6 +1793,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Sat Nov 25 2023 Arkady L. Shane - 119.0.6045.159-1.inferit.gost +- Apply GOST patches + * Mon Nov 20 2023 Arkady L. Shane - 119.0.6045.159-1.inferit - update to 119.0.6045.159 - add Requires/Conflicts for ABI break in fmpeg-free 6.0.1