956123 – www-client/chromium: consider adding USE flag(s) to disable unrar (and/or "safe download checking" as a whole)

Bug 956123 - www-client/chromium: consider adding USE flag(s) to disable unrar (and/or "safe download checking" as a whole)

Summary: www-client/chromium: consider adding USE flag(s) to disable unrar (and/or "sa...

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Chromium Project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-05-18 04:37 UTC by Osmo
Modified:	2025-05-18 21:20 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Osmo 2025-05-18 04:37:25 UTC

It seems that in all of the currently available chromium versions started requiring the unrar license.
I will never need any sort of rar support, and even if I did, such a license is still unacceptable. I would very much appreciate a USE flag for removing any functionality depending on that license.
From what I've gathered, such functionality is only related to detecting "unsafe downloads" specifically inside rar files downloaded through the browser. I don't think I've ever performed such an action, nor would I.
Also, it would seem like determining what I'm downloading is safe or not would require informing a 3rd party about everything I download. If that's true, I think it would be prudent to add a USE flag for disabling all such functionality as I'd find my browser doing that quite shocking in its own right and would never want any such functionality.

Comment 1 Osmo 2025-05-18 05:06:40 UTC

It seems like mentions of unrar's exports are limited to the path third_party/unrar in chromium's sources:
    grep -rlE 'RAROpenArchive|RAROpenArchiveEx|RARCloseArchive|RARReadHeader|RARReadHeaderEx|RARProcessFile|RARProcessFileW|RARSetCallback|RARSetChangeVolProc|RARSetProcessDataProc|RARSetPassword|RARGetDllVersion' /var/tmp/portage/www-client/chromium-136.0.7103.92/
    /var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.cpp
    /var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.def
    /var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.hpp
    /var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll_nocrypt.def

Comment 2 Sam James archtester

2025-05-18 07:21:42 UTC

https://build.opensuse.org/projects/openSUSE:Factory/packages/chromium/files/chromium-norar.patch?expand=1

Comment 3 Osmo 2025-05-18 09:01:14 UTC

In www-client/chromium-137.0.7151.27
There's this in components/safe_browsing/buildflags.gni

```
declare_args() {
  # Variable safe_browsing is used to control the build time configuration for
  # safe browsing feature. Safe browsing can be compiled in 3 different levels:
  # 0 disables it, 1 enables it fully, and 2 enables mobile protection via an
  # external API.
  if (is_ios || is_castos || is_cast_android || is_fuchsia) {
    safe_browsing_mode = 0
  } else if (is_android) {
    safe_browsing_mode = 2
  } else {
    safe_browsing_mode = 1
  }

  # Allows building without //third_party/unrar included, for license reasons
  safe_browsing_use_unrar = true
}
```

After replacing that with this:
```
declare_args() {
  # Variable safe_browsing is used to control the build time configuration for
  # safe browsing feature. Safe browsing can be compiled in 3 different levels:
  # 0 disables it, 1 enables it fully, and 2 enables mobile protection via an
  # external API.
  safe_browsing_mode = 0

  # Allows building without //third_party/unrar included, for license reasons
  safe_browsing_use_unrar = false
}
```

chromium still seems to compile (but it's not finished yet, it's going on for ~2h53m and just by interpolating from the number 28690/51201 it seems it'll take over 5 hours on my system)

Comment 4 Osmo 2025-05-18 11:54:30 UTC

With my changes from above (safe_browsing_mode = 0; safe_browsing_use_unrar = false) in components/safe_browsing/buildflags.gni
The compilation of chromium-137.0.7151.27 failed in 4h45m, at [44260/51201] with these errors:

```
In file included from ../../chrome/browser/ui/views/download/download_item_view.cc:33:
../../chrome/browser/download/chrome_download_manager_delegate.h:314:28: error: use of undeclared identifier 'enterprise_obfuscation'
  314 |       base::expected<void, enterprise_obfuscation::Error> deobfuscation_result);
      |                            ^
In file included from ../../chrome/browser/ui/views/download/download_item_view.cc:36:
../../chrome/browser/enterprise/connectors/common.h:127:20: error: no member named 'BinaryUploadService' in namespace 'safe_browsing'
  127 |     safe_browsing::BinaryUploadService::Result upload_result,
      |     ~~~~~~~~~~~~~~~^
2 errors generated.
```

It seems like the flag ENTERPRISE_CONTENT_ANALYSIS=false needs to also be set if using safe_browsing_mode = 0, since the block with the latter error depends on that and contains things that depend on safe browsing features.
It seems this can be done in components/enterprise/buildflags/buildflags.gni by doing this modification:

```
+++ a/var/tmp/portage/www-client/chromium-137.0.7151.27/work/chromium-137.0.7151.27/components/enterprise/buildflags/buildflags.gni
+++ b/var/tmp/portage/www-client/chromium-137.0.7151.27/work/chromium-137.0.7151.27/components/enterprise/buildflags/buildflags.gni
@@ -9,12 +9,11 @@ import("//build/config/ui.gni")
 declare_args() {
   # Indicates support for content analysis against a cloud agent for Enterprise
   # Connector policies.
-  enterprise_cloud_content_analysis =
-      is_win || is_mac || is_linux || is_chromeos
+  enterprise_cloud_content_analysis = false
 
   # Indicates support for content analysis against a cloud agent for Enterprise
   # Connector policies.
-  enterprise_local_content_analysis = is_win || is_mac || is_linux
+  enterprise_local_content_analysis = false
 
   # Indicates support for Data Control rules.
   enterprise_data_controls =
```

I'll test if it now compiles after doing that in addition.
This probably isn't the correct way to do that, but the compilation seems to have picked up from where it left off when I just did that modification and ran this again without cleaning after the error where it stopped the last time:
ebuild /var/db/repos/gentoo/www-client/chromium/chromium-137.0.7151.27.ebuild compile
It currently says [1224/6945] after running for 12 minutes, so far so good.

Comment 5 Osmo 2025-05-18 12:59:53 UTC

The above failed in 46 minutes, at [4942/6945] with this error:
```
../../chrome/browser/ui/safety_hub/revoked_permissions_service.cc:346:7: error: incomplete type 'Profile' named in nested name specifier
  346 |       Profile::FromBrowserContext(web_contents()->GetBrowserContext());
      |       ^~~~~~~~~
../../chrome/browser/profiles/profile_selections.h:10:7: note: forward declaration of 'Profile'
   10 | class Profile;
      |       ^
1 error generated.
```

I don't understand this error. I'm retrying with both of the changes with www-client/chromium-136.0.7103.92 instead, as it doesn't have the source file indicated by the error above.

Comment 6 Osmo 2025-05-18 21:20:20 UTC

With those changes, the compilation of =www-client/chromium-136.0.7103.92 failed on the very last step, after 7 hours, at [51093/51093]

```
FAILED: chrome 
"python3.13" "../../build/toolchain/gcc_link_wrapper.py" --output="./chrome" -- x86_64-pc-linux-gnu-clang++-19 -Wl,--version-script=../../build/linux/chrome.map -fuse-ld=lld -Wl,--build-id=fast -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--icf=all -Wl,--color-diagnostics -Wl,--undefined-version -Wl,--no-call-graph-profile-sort -no-canonical-prefixes -Wl,-z,defs -Wl,--as-needed -nostdlib++ -rdynamic -pie -Wl,--disable-new-dtags prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgetopts.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_abort.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_demangle.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_detect.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libtest.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunicode_width.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libaddr2line.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libadler.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgimli.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libmemchr.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libminiz_oxide.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libobject.rlib -Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,--undefined-version -o "./chrome" -Wl,--start-group @"./chrome.rsp" -Wl,--end-group   -ldl -lpthread -lrt -lgmodule-2.0 -lgobject-2.0 -lgthread-2.0 -lglib-2.0 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -ldbus-1 -latk-bridge-2.0 -latk-1.0 -lfontconfig -latomic -lz -lresolv -lgio-2.0 -lzstd -lexpat -lwebpdemux -lwebpmux -lwebp -lfreetype -ljpeg -lharfbuzz-subset -lharfbuzz -lxcb -lxkbcommon -latspi -lX11 -lXcomposite -lXdamage -lXext -lXfixes -lXrandr -lXrender -lXtst -lgbm -lXi -lpci -ludev -lpangocairo-1.0 -lpango-1.0 -lcairo -lasound -lpulse -lFLAC -lm -lminizip -lxml2 -lxslt -lxshmfence -Wl,--start-group obj/third_party/rust/cxx/v1/lib/libcxx_lib.rlib obj/third_party/rust/foldhash/v0_1/lib/libfoldhash_lib.rlib obj/base/libbase_crust_ulogger.rlib obj/base/libbase_clogging_ulog_useverity_ubindgen.rlib obj/build/rust/chromium_prelude/libchromium.rlib obj/third_party/rust/log/v0_4/lib/liblog_lib.rlib obj/third_party/rust/serde_json_lenient/v0_2/wrapper/libthird_uparty_srust_sserde_ujson_ulenient_sv0_u2_swrapper_cwrapper.rlib obj/third_party/rust/serde/v1/lib/libserde_lib.rlib obj/third_party/rust/serde_json_lenient/v0_2/lib/libserde_json_lenient_lib.rlib obj/third_party/rust/itoa/v1/lib/libitoa_lib.rlib obj/third_party/rust/memchr/v2/lib/libmemchr_lib.rlib obj/third_party/rust/ryu/v1/lib/libryu_lib.rlib obj/skia/libskia_cbridge_urust_uside.rlib obj/third_party/rust/font_types/v0_8/lib/libfont_types_lib.rlib obj/third_party/rust/bytemuck/v1/lib/libbytemuck_lib.rlib obj/third_party/rust/read_fonts/v0_27/lib/libread_fonts_lib.rlib obj/third_party/rust/skrifa/v0_29/lib/libskrifa_lib.rlib obj/skia/libskia_crust_upng_uffi.rlib obj/third_party/rust/png/v0_18/lib/libpng_lib.rlib obj/third_party/rust/bitflags/v2/lib/libbitflags_lib.rlib obj/third_party/rust/crc32fast/v1/lib/libcrc32fast_lib.rlib obj/third_party/rust/cfg_if/v1/lib/libcfg_if_lib.rlib obj/third_party/rust/fdeflate/v0_3/lib/libfdeflate_lib.rlib obj/third_party/rust/simd_adler32/v0_3/lib/libsimd_adler32_lib.rlib obj/third_party/rust/flate2/v1/lib/libflate2_lib.rlib obj/third_party/rust/miniz_oxide/v0_8/lib/libminiz_oxide_lib.rlib obj/third_party/rust/adler2/v2/lib/libadler2_lib.rlib obj/third_party/blink/common/rust_crash/libthird_uparty_sblink_scommon_srust_ucrash_crs.rlib obj/third_party/crabbyavif/libthird_uparty_scrabbyavif_ccrabbyavif.rlib obj/third_party/crabbyavif/libdav1d_sys.rlib obj/third_party/crabbyavif/liblibyuv_sys.rlib obj/third_party/rust/libc/v0_2/lib/liblibc_lib.rlib obj/components/qr_code_generator/libcomponents_sqr_ucode_ugenerator_cqr_ucode_ugenerator_uffi_uglue.rlib obj/third_party/rust/qr_code/v2/lib/libqr_code_lib.rlib -Wl,--end-group 
ld.lld: error: undefined symbol: enterprise_connectors::ReportingEventRouterFactory::GetInstance()
>>> referenced by chrome_browser_main_extra_parts_profiles.cc
>>>               obj/chrome/browser/profiles/profiles_extra_parts_impl/chrome_browser_main_extra_parts_profiles.o:(ChromeBrowserMainExtraPartsProfiles::EnsureBrowserContextKeyedServiceFactoriesBuilt())
x86_64-pc-linux-gnu-clang++-19: error: linker command failed with exit code 1 (use -v to see invocation)
```

With also this third and final modification, =www-browser/chromium-136.0.7103.92 compiled without both unrar and safe browsing:

```
--- a/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc
+++ b/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc
@@ -841,7 +841,7 @@ void ChromeBrowserMainExtraPartsProfiles::
   enterprise_connectors::ExtensionTelemetryEventRouterFactory::GetInstance();
 #endif
   enterprise_connectors::ConnectorsServiceFactory::GetInstance();
-  enterprise_connectors::ReportingEventRouterFactory::GetInstance();
+  //enterprise_connectors::ReportingEventRouterFactory::GetInstance();
 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
     BUILDFLAG(IS_WIN)
   enterprise_connectors::DeviceTrustConnectorServiceFactory::GetInstance();
```