nixpkgs/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
Thomas Tuegel db215a62b7
qtwebengine: fix build failure due to -Wformat-security
ninja builds some components with -Wno-format, which is not compatible with the
default hardening setting of -Wformat-security in Nixpkgs.
2018-05-25 20:14:05 -05:00

192 lines
5.8 KiB
Nix

{ qtModule, qtCompatVersion,
qtdeclarative, qtquickcontrols, qtlocation, qtwebchannel
, bison, coreutils, flex, git, gperf, ninja, pkgconfig, python2, which
, xorg, libXcursor, libXScrnSaver, libXrandr, libXtst
, fontconfig, freetype, harfbuzz, icu, dbus, libdrm
, zlib, minizip, libjpeg, libpng, libtiff, libwebp, libopus
, jsoncpp, protobuf, libvpx, srtp, snappy, nss, libevent
, alsaLib
, libcap
, pciutils
, systemd
, enableProprietaryCodecs ? true
, gn, darwin, openbsm
, lib, stdenv # lib.optional, needsPax
}:
with stdenv.lib;
let qt56 = qtCompatVersion == "5.6"; in
qtModule {
name = "qtwebengine";
qtInputs = [ qtdeclarative qtquickcontrols qtlocation qtwebchannel ];
nativeBuildInputs = [
bison coreutils flex git gperf ninja pkgconfig python2 which gn
];
doCheck = true;
outputs = [ "bin" "dev" "out" ];
enableParallelBuilding = true;
# ninja builds some components with -Wno-format,
# which cannot be set at the same time as -Wformat-security
hardeningDisable = [ "format" ];
postPatch =
# Patch Chromium build tools
''
( cd src/3rdparty/chromium; patchShebangs . )
''
# Patch Chromium build files
+ ''
substituteInPlace ./src/3rdparty/chromium/build/common.gypi \
--replace /bin/echo ${coreutils}/bin/echo
substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/toolchain.gypi \
--replace /bin/echo ${coreutils}/bin/echo
substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/standalone.gypi \
--replace /bin/echo ${coreutils}/bin/echo
''
# Patch library paths in Qt sources
+ ''
sed -i \
-e "s,QLibraryInfo::location(QLibraryInfo::DataPath),QLatin1String(\"$out\"),g" \
-e "s,QLibraryInfo::location(QLibraryInfo::TranslationsPath),QLatin1String(\"$out/translations\"),g" \
-e "s,QLibraryInfo::location(QLibraryInfo::LibraryExecutablesPath),QLatin1String(\"$out/libexec\"),g" \
src/core/web_engine_library_info.cpp
''
# Patch library paths in Chromium sources
+ optionalString (!stdenv.isDarwin) ''
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${systemd.lib}/lib/\1!' \
src/3rdparty/chromium/device/udev_linux/udev?_loader.cc
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
src/3rdparty/chromium/gpu/config/gpu_info_collector_linux.cc
''
+ optionalString stdenv.isDarwin ''
# Remove annoying xcode check
substituteInPlace mkspecs/features/platform.prf \
--replace "lessThan(QMAKE_XCODE_VERSION, 7.3)" false
substituteInPlace src/core/config/mac_osx.pri \
--replace /usr ${stdenv.cc} \
--replace "isEmpty(QMAKE_MAC_SDK_VERSION)" false
# FIXME Needed with old Apple SDKs
# Abandon all hope ye who try to make sense of this.
substituteInPlace src/3rdparty/chromium/base/mac/foundation_util.mm \
--replace "NSArray<NSString*>*" "NSArray*"
substituteInPlace src/3rdparty/chromium/base/mac/sdk_forward_declarations.h \
--replace "NSDictionary<VNImageOption, id>*" "NSDictionary*" \
--replace "NSArray<VNRequest*>*" "NSArray*" \
--replace "typedef NSString* VNImageOption NS_STRING_ENUM" "typedef NSString* VNImageOption"
cat <<EOF > src/3rdparty/chromium/build/mac/find_sdk.py
#!/usr/bin/env python
print("10.10.0")
print("")
EOF
cat <<EOF > src/3rdparty/chromium/build/config/mac/sdk_info.py
#!/usr/bin/env python
print('xcode_version="9.1"')
print('xcode_version_int=9')
print('xcode_build="9B55"')
print('machine_os_build="17E199"')
print('sdk_path=""')
print('sdk_version="10.10"')
print('sdk_platform_path=""')
print('sdk_build="17B41"')
EOF
# Apple has some secret stuff they don't share with OpenBSM
substituteInPlace src/3rdparty/chromium/base/mac/mach_port_broker.mm \
--replace "audit_token_to_pid(msg.trailer.msgh_audit)" "msg.trailer.msgh_audit.val[5]"
substituteInPlace src/3rdparty/chromium/sandbox/mac/bootstrap_sandbox.cc \
--replace "audit_token_to_pid(msg.trailer.msgh_audit)" "msg.trailer.msgh_audit.val[5]"
'';
NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-DMAC_OS_X_VERSION_MAX_ALLOWED=MAC_OS_X_VERSION_10_10 -DMAC_OS_X_VERSION_MIN_REQUIRED=MAC_OS_X_VERSION_10_10";
preConfigure = ''
export NINJAFLAGS=-j$NIX_BUILD_CORES
if [ -d "$PWD/tools/qmake" ]; then
QMAKEPATH="$PWD/tools/qmake''${QMAKEPATH:+:}$QMAKEPATH"
fi
'';
qmakeFlags = optional enableProprietaryCodecs "-- -proprietary-codecs";
propagatedBuildInputs = [
# Image formats
libjpeg libpng libtiff libwebp
# Video formats
srtp libvpx
# Audio formats
libopus
# Text rendering
harfbuzz icu
libevent
] ++ optionals (!stdenv.isDarwin) [
dbus zlib minizip snappy nss protobuf jsoncpp
# Audio formats
alsaLib
# Text rendering
fontconfig freetype
libcap
pciutils
# X11 libs
xorg.xrandr libXScrnSaver libXcursor libXrandr xorg.libpciaccess libXtst
xorg.libXcomposite xorg.libXdamage libdrm
]
# FIXME These dependencies shouldn't be needed but can't find a way
# around it. Chromium pulls this in while bootstrapping GN.
++ lib.optionals stdenv.isDarwin (with darwin; with apple_sdk.frameworks; [
libobjc
cctools
# frameworks
ApplicationServices
Foundation
AppKit
ImageCaptureCore
CoreBluetooth
IOBluetooth
CoreWLAN
Quartz
Cocoa
openbsm
libunwind
]);
dontUseNinjaBuild = true;
dontUseNinjaInstall = true;
postInstall = lib.optionalString stdenv.isLinux ''
cat > $out/libexec/qt.conf <<EOF
[Paths]
Prefix = ..
EOF
paxmark m $out/libexec/QtWebEngineProcess
'';
meta = with lib; {
description = "A web engine based on the Chromium web browser";
maintainers = with maintainers; [ matthewbauer ];
platforms = platforms.unix;
};
}