#!/bin/bash # -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- DESC="This is a bash script to apply the ungoogled_chromium patches to qtwebengine on Gentoo. You should be able to modify it for other source distributions in an obvious way, but as Gentoo builds from sources, its most straightforward on it. The patches have been edited to exclude the patches that dont apply to qtwebengine - the browser parts - and remove a lot of privacy outrages committed by google. You can select and add to the list below. These patches are specific to this release of qtwebengine as it is specific to a given release of chromium. In general the patches apply cleanly, but sometimes with a little fuzz. " [ `id -u` -ne 0 ] && ERROR $prog must be run as root && exit 1 prog=`basename $0 .bash` # we build into /var/local - adjust to suit PREFIX=/var/local ROLE=privacy DEBUG=1 # run them first with --dryrun to check PATCH="patch -b -z.dst -p 1" # --dry-run # we define some local extensions ols_* which can be ignored if [ -f /var/local/src/var_local_src.bash ] ; then # color logging . /var/local/src/var_local_src.bash || exit 1 else debug () { [ -z "$DEBUG" -o "$DEBUG" -eq 0 ] || echo DBUG: "$prog $*"; return 0 ; } DBUG () { debug $* ; } error() { echo ERROR: "$prog " $* 1>&2 ; return $1 ; } ERROR () { error $* ; } panic () { retval=$1 shift echo "PANIC: $prog " $* 1>&2 exit $retval } PANIC () { panic "$@" ; } FATAL () { panic "$@" ; } warn () { echo WARN: "$prog " $* 1>&2; return 0; } WARN () { warn $* ; } info () {echo INFO: "$prog " $* 1>&2; return 0 ; } INFO () { info $* ; } fi # PORTAGE_TMPDIR MUST NOT be a symlink! - get this from make.conf PORTAGE_TMPDIR='/mnt/linuxKick150154' QTWE_CAT=dev-qt QTWE_PKG=qtwebengine QTWE_VER=6.6.3 # you can run into sandbox problems depending on your sysctl settings # Try with FEATURES="" and if it works great - if not we trust the ebuild FEATURES="-ipc-sandbox -mount-sandbox -network-sandbox -pid-sandbox -sandbox -usersandbox" # chromium looks for dictionaries in an absurd place in /usr/bin # or in the users ~/.config/Chrome/Dictionaries so we build the dicts # there, which has to be repeated for each user. # It doesnt seem to respect the environment variable QTWE_USER=vagrant # These patches are specific to this release of qtwebengine and a # specific tag of ungoogled_chromium UGC_TAG="112.0.5615.165-1" UGC_EBUILD=ungoogled-chromium-112.0.5615.165_p1.ebuild # The chromium tar that the ebuild uses can be found at: # http:/distfiles.alpinelinux.org/distfiles/v3.17/chromium-112.0.5615.165.tar.xz PKG=ungoogled-chromium DIR=ungoogled_qtwebengine-${QTWE_VER} GIT_HUB=github.com GIT_USER=ungoogled-software GIT_DIR=$PKG cd $PREFIX/src || exit 2 WD=$PWD if [ -d /etc/portage ] ; then # these are the prereqs in order ols_funtoo_requires \ dev-qt/qtbase:6 \ dev-qt/qtserialport:6 \ dev-qt/qtdeclarative:6 \ dev-qt/qtpositioning:6 \ dev-qt/qtlocation:6 \ dev-qt/qtmultimedia:6 \ dev-qt/qttools:6 \ dev-qt/qtwebchannel:6 \ dev-qt/qtsvg:6 \ dev-qt/qtwebengine:6 \ dev-qt/qtimageformats:6 \ dev-python/PyQt6-WebEngine else ERROR this is Gentoo specific and youll have to adapt it otherwise exit 2 fi WD=$PWD if [ ! -d "$DIR" ] ; then if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" route | grep ^default || { DEBUG not connected ; exit 0 ; } cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" git clone https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 3 cd $WD fi cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR fi cd "$DIR" git log | head -1 | grep "HEAD, tag: $UGC_TAG" || { ERROR The first time you must: git checkout $UGC_TAG iNFO well make you do this manually so you dont overwrite things exit 4 } [ -d /home/${QTWE_USER}/.config/chromium/Default/Dictionaries ] || \ mkdir -p /home/${QTWE_USER}/.config/chromium/Default/Dictionaries # per user - ignore failures ols_chromium_dicts /home/${QTWE_USER}/.config/chromium/Default/Dictionaries PV_DIR=$PORTAGE_TMPDIR/portage/$QTWE_CAT/${QTWE_PKG}-${QTWE_VER} WORK=$PV_DIR/work/${QTWE_PKG}-everywhere-src-${QTWE_VER}/src/3rdparty/chromium/ # configure the qtwe sources first [ -e $PV_DIR/.configured ] || \ FEATURES="$FEATURES" \ ebuild /usr/portage/$QTWE_CAT/${QTWE_PKG}/${QTWE_PKG}-${QTWE_VER}.ebuild \ prepare configure >> ${QTWE_PKG}-${QTWE_VER}.log 2>&1 || \ { ERROR .configured $? ; exit 4 ; } # compile the qtwe sources second [ -e $PV_DIR/.complied ] || \ FEATURES="$FEATURES" \ ebuild /usr/portage/$QTWE_CAT/${QTWE_PKG}/${QTWE_PKG}-${QTWE_VER}.ebuild \ prepare compile >> ${QTWE_PKG}-${QTWE_VER}.log 2>&1 || \ { ERROR .configured $? ; exit 5 ; } WD=$PWD # The ungoogled_chromium patches need patching to remove some # parts that work on files not in qtwebengine. It you dont apply # these patches youll get some .rej files that are harmless # you can check the source for .rej files before patching if [ really = careful ] ; then L=`find $WORK -name \*.rej | tee .rej | wc -l | sed -e 's/ .*//'` [ $L -gt 0 ] && ERROR still $L .rej && exit 6 fi # You can apply the patches one at a time by setting this to 1 and incrementing iMAX=28 declare -a PATCHES # This patches have been selected to exclude ones irrelevant to qtwebengine PATCHES=( patches/core/inox-patchset/0009-disable-google-ipv6-probes.patch patches/core/iridium-browser/safe_browsing-disable-reporting-of-safebrowsing-over.patch patches/core/ungoogled-chromium/block-trk-and-subdomains.patch # decided not to do this for qutebrowser - should work if you want it #? patches/core/ungoogled-chromium/disable-crash-reporter.patch patches/core/ungoogled-chromium/disable-domain-reliability.patch patches/core/ungoogled-chromium/disable-fonts-googleapis-references.patch patches/core/ungoogled-chromium/disable-gcm.patch patches/core/ungoogled-chromium/disable-mei-preload.patch patches/core/ungoogled-chromium/disable-network-time-tracker.patch patches/core/ungoogled-chromium/doh-changes.patch patches/core/ungoogled-chromium/disable-webstore-urls.patch patches/core/ungoogled-chromium/fix-building-with-prunned-binaries.patch patches/core/ungoogled-chromium/fix-learn-doubleclick-hsts.patch # decided not to do this for qutebrowser - should work if you want it # patches/core/ungoogled-chromium/replace-google-search-engine-with-nosearch.patch patches/extra/inox-patchset/0016-chromium-sandbox-pie.patch patches/extra/inox-patchset/0019-disable-battery-status-service.patch patches/extra/iridium-browser/Remove-EV-certificates.patch patches/extra/iridium-browser/mime_util-force-text-x-suse-ymp-to-be-downloaded.patch patches/extra/iridium-browser/net-cert-increase-default-key-length-for-newly-gener.patch patches/extra/iridium-browser/prefs-only-keep-cookies-until-exit.patch patches/extra/ungoogled-chromium/add-components-ungoogled.patch patches/extra/ungoogled-chromium/add-extra-channel-info.patch patches/extra/ungoogled-chromium/disable-download-quarantine.patch patches/extra/ungoogled-chromium/disable-formatting-in-omnibox.patch patches/extra/ungoogled-chromium/disable-remote-optimization-guide.patch patches/extra/ungoogled-chromium/disable-webgl-renderer-info.patch patches/extra/ungoogled-chromium/enable-default-prefetch-privacy-changes.patch patches/extra/ungoogled-chromium/fix-distilled-icons.patch #! missing file from source and patches: unexpire_flags.h #! patches/extra/ungoogled-chromium/keep-expired-flags.patch patches/extra/ungoogled-chromium/prepopulated-search-engines.patch ) # The ungoogled_chromium patches need patching to remove some # parts that work on files not in qtwebengine. It you dont apply # these patches youll get some .rej files that are harmless if [ -f ../$DIR.diff ] ; then ls patches/*/*/*.diff >/dev/null || \ patch -b -z.dst -p 0 < ../$DIR.diff || { ERROR ../$DIR.diff should have applied cleanly - YMMV exit 7 } fi declare -a CHROME_DIRS # Patches to these dirs are not be selected and are irrelevant to qtwebengine CHROME_DIRS=( chrome/updater chrome/browser ) i=0 # find patches -name \*.patch ls -1 "${PATCHES[@]}" | while read file ; do [ -s "$file" ] || { WARN empty $file continue } # a/chrome/browser is not in qtwebengine for elt in "${CHROME_DIRS[@]}" ; do grep "^--- a/$elt" $file && WARN $file && continue 2 done i=`expr $i + 1` [ $i -gt $iMAX ] && break grep '^--- a/' $file | sed -e 's/^--- a\///' | \ while read target ; do DST=$WORK/$target.dst DBUG looking for $DST [ -f $DST ] && WARN $DST already exists && continue done if [ -s $WD/$file.log ] ; then # remove the log to reapply a patch DBUG "skipping $WD/$file.log" continue else DBUG $i patching from $file "to $WD/$file.log" fi cd $WORK # we keep a log of each patch applied and skip the patch if theres a log # remove the log to reapply a patch $PATCH < $WD/$file 2>&1|tee $WD/$file.log cd $WD # we check the log of each patch applied for .rej and exit if there are any grep '\.rej' $WD/$file.log && ERROR still .rej after $file.log && exit 8 echo $WD/$file.log >> ${DIR}.log # if you want to be careful rebuild qtwebengine every patch if [ really = slow ] ; then # we are talking about weeks to build here... [ ! -f /usr/portage/$QTWE_CAT/${QTWE_PKG}/${QTWE_PKG}-${QTWE_VER}.ebuild ] && \ ERROR /usr/portage/$QTWE_CAT/${QTWE_PKG}/${QTWE_PKG}-${QTWE_VER}.ebuild && \ exit 7 # remove .../portage/dev-qt/qtwebengine-6.6.3/.compiled rm -f $PV_DIR/.complied $PV_DIR/.installed EBUILD=/usr/portage/$QTWE_CAT/${QTWE_PKG}/${QTWE_PKG}-${QTWE_VER}.ebuild env FEATURES="$FEATURES" ebuild $EBUILD compile install qmerge >> ${DIR}.log 2>&1 || \ { ERROR compiling $file $? ; exit 9 ; } fi INFO patched from $file done