mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-11-14 15:36:47 +03:00
Merge pull request #310209 from emilylange/chromium-disable-drm-auto-download
chromium: prevent automatic Widevine DRM download
This commit is contained in:
commit
3a8dd0415a
@ -459,6 +459,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||||||
|
|
||||||
- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
|
- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
|
||||||
|
|
||||||
|
- `chromium` and `ungoogled-chromium` had a long stanging issue regarding Widevine DRM handling in nixpkgs fixed.
|
||||||
|
`chromium` now no longer automatically downloads Widevine when encountering DRM protected content.
|
||||||
|
To be able to play DRM protected content in `chromium` now, you have to explicitly opt-in as originally intended using `chromium.override { enableWideVine = true; }`.
|
||||||
|
This override has been added almost 10 years ago.
|
||||||
|
|
||||||
- switch-to-configuration does not directly call systemd-tmpfiles anymore.
|
- switch-to-configuration does not directly call systemd-tmpfiles anymore.
|
||||||
Instead, the new artificial sysinit-reactivation.target is introduced which
|
Instead, the new artificial sysinit-reactivation.target is introduced which
|
||||||
allows to restart multiple services that are ordered before sysinit.target
|
allows to restart multiple services that are ordered before sysinit.target
|
||||||
|
@ -241,8 +241,26 @@ let
|
|||||||
./patches/cross-compile.patch
|
./patches/cross-compile.patch
|
||||||
# Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed):
|
# Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed):
|
||||||
./patches/no-build-timestamps.patch
|
./patches/no-build-timestamps.patch
|
||||||
# For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags:
|
] ++ lib.optionals (packageName == "chromium") [
|
||||||
./patches/widevine-79.patch
|
# This patch is limited to chromium and ungoogled-chromium because electron-source sets
|
||||||
|
# enable_widevine to false.
|
||||||
|
#
|
||||||
|
# The patch disables the automatic Widevine download (component) that happens at runtime
|
||||||
|
# completely (~/.config/chromium/WidevineCdm/). This would happen if chromium encounters DRM
|
||||||
|
# protected content or when manually opening chrome://components.
|
||||||
|
#
|
||||||
|
# It also prevents previously downloaded Widevine blobs in that location from being loaded and
|
||||||
|
# used at all, while still allowing the use of our -wv wrapper. This is because those old
|
||||||
|
# versions are out of out our control and may be vulnerable, given we literally disable their
|
||||||
|
# auto updater.
|
||||||
|
#
|
||||||
|
# bundle_widevine_cdm is available as gn flag, but we cannot use it, as it expects a bunch of
|
||||||
|
# files Widevine files at configure/compile phase that we don't have. Changing the value of the
|
||||||
|
# BUNDLE_WIDEVINE_CDM build flag does work in the way we want though.
|
||||||
|
# We also need enable_widevine_cdm_component to be false. Unfortunately it isn't exposed as gn
|
||||||
|
# flag (declare_args) so we simply hardcode it to false.
|
||||||
|
./patches/widevine-disable-auto-download-allow-bundle.patch
|
||||||
|
] ++ [
|
||||||
# Required to fix the build with a more recent wayland-protocols version
|
# Required to fix the build with a more recent wayland-protocols version
|
||||||
# (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21):
|
# (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21):
|
||||||
# Source: https://bugs.chromium.org/p/angleproject/issues/detail?id=7582#c1
|
# Source: https://bugs.chromium.org/p/angleproject/issues/detail?id=7582#c1
|
||||||
@ -418,10 +436,11 @@ let
|
|||||||
# Feature overrides:
|
# Feature overrides:
|
||||||
# Native Client support was deprecated in 2020 and support will end in June 2021:
|
# Native Client support was deprecated in 2020 and support will end in June 2021:
|
||||||
enable_nacl = false;
|
enable_nacl = false;
|
||||||
# Enabling the Widevine component here doesn't affect whether we can
|
} // lib.optionalAttrs (packageName == "chromium") {
|
||||||
# redistribute the chromium package; the Widevine component is either
|
# Enabling the Widevine here doesn't affect whether we can redistribute the chromium package.
|
||||||
# added later in the wrapped -wv build or downloaded from Google:
|
# Widevine in this drv is a bit more complex than just that. See Widevine patch somewhere above.
|
||||||
enable_widevine = true;
|
enable_widevine = true;
|
||||||
|
} // {
|
||||||
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
|
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
|
||||||
rtc_use_pipewire = true;
|
rtc_use_pipewire = true;
|
||||||
# Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient):
|
# Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient):
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
|
|
||||||
index ed0e2f5208b..5b431a030d5 100644
|
|
||||||
--- a/third_party/widevine/cdm/BUILD.gn
|
|
||||||
+++ b/third_party/widevine/cdm/BUILD.gn
|
|
||||||
@@ -14,7 +14,7 @@ buildflag_header("buildflags") {
|
|
||||||
|
|
||||||
flags = [
|
|
||||||
"ENABLE_WIDEVINE=$enable_widevine",
|
|
||||||
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
|
|
||||||
+ "BUNDLE_WIDEVINE_CDM=true",
|
|
||||||
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
|
|
||||||
]
|
|
||||||
}
|
|
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
|
||||||
|
index 525693b6c10ab..245491e137d39 100644
|
||||||
|
--- a/third_party/widevine/cdm/BUILD.gn
|
||||||
|
+++ b/third_party/widevine/cdm/BUILD.gn
|
||||||
|
@@ -22,7 +22,7 @@ buildflag_header("buildflags") {
|
||||||
|
|
||||||
|
flags = [
|
||||||
|
"ENABLE_WIDEVINE=$enable_widevine",
|
||||||
|
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
|
||||||
|
+ "BUNDLE_WIDEVINE_CDM=true",
|
||||||
|
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
|
||||||
|
"ENABLE_MEDIA_FOUNDATION_WIDEVINE_CDM=$enable_media_foundation_widevine_cdm",
|
||||||
|
]
|
||||||
|
diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni
|
||||||
|
index 58f073ca562ca..4b242c2618dfb 100644
|
||||||
|
--- a/third_party/widevine/cdm/widevine.gni
|
||||||
|
+++ b/third_party/widevine/cdm/widevine.gni
|
||||||
|
@@ -41,8 +41,7 @@ enable_library_widevine_cdm =
|
||||||
|
# Widevine CDM can be deployed as a component. Currently only supported on
|
||||||
|
# desktop platforms. The CDM can be bundled regardless whether
|
||||||
|
# it's a component. See below.
|
||||||
|
-enable_widevine_cdm_component =
|
||||||
|
- enable_library_widevine_cdm && (is_win || is_mac || is_linux || is_chromeos)
|
||||||
|
+enable_widevine_cdm_component = false
|
||||||
|
|
||||||
|
# Enable (Windows) Media Foundation Widevine CDM component.
|
||||||
|
declare_args() {
|
Loading…
Reference in New Issue
Block a user