| Summary: | www-client/chromium: consider adding USE flag(s) to disable unrar (and/or "safe download checking" as a whole) | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Osmo <osmo.hyttinen> |
| Component: | Current packages | Assignee: | Chromium Project <chromium> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | kangie, osmo.hyttinen |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | disable safe browsing in chromium 136 | ||
|
Description
Osmo
2025-05-18 04:37:25 UTC
It seems like mentions of unrar's exports are limited to the path third_party/unrar in chromium's sources:
grep -rlE 'RAROpenArchive|RAROpenArchiveEx|RARCloseArchive|RARReadHeader|RARReadHeaderEx|RARProcessFile|RARProcessFileW|RARSetCallback|RARSetChangeVolProc|RARSetProcessDataProc|RARSetPassword|RARGetDllVersion' /var/tmp/portage/www-client/chromium-136.0.7103.92/
/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.cpp
/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.def
/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll.hpp
/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/third_party/unrar/src/dll_nocrypt.def
In www-client/chromium-137.0.7151.27
There's this in components/safe_browsing/buildflags.gni
```
declare_args() {
# Variable safe_browsing is used to control the build time configuration for
# safe browsing feature. Safe browsing can be compiled in 3 different levels:
# 0 disables it, 1 enables it fully, and 2 enables mobile protection via an
# external API.
if (is_ios || is_castos || is_cast_android || is_fuchsia) {
safe_browsing_mode = 0
} else if (is_android) {
safe_browsing_mode = 2
} else {
safe_browsing_mode = 1
}
# Allows building without //third_party/unrar included, for license reasons
safe_browsing_use_unrar = true
}
```
After replacing that with this:
```
declare_args() {
# Variable safe_browsing is used to control the build time configuration for
# safe browsing feature. Safe browsing can be compiled in 3 different levels:
# 0 disables it, 1 enables it fully, and 2 enables mobile protection via an
# external API.
safe_browsing_mode = 0
# Allows building without //third_party/unrar included, for license reasons
safe_browsing_use_unrar = false
}
```
chromium still seems to compile (but it's not finished yet, it's going on for ~2h53m and just by interpolating from the number 28690/51201 it seems it'll take over 5 hours on my system)
With my changes from above (safe_browsing_mode = 0; safe_browsing_use_unrar = false) in components/safe_browsing/buildflags.gni
The compilation of chromium-137.0.7151.27 failed in 4h45m, at [44260/51201] with these errors:
```
In file included from ../../chrome/browser/ui/views/download/download_item_view.cc:33:
../../chrome/browser/download/chrome_download_manager_delegate.h:314:28: error: use of undeclared identifier 'enterprise_obfuscation'
314 | base::expected<void, enterprise_obfuscation::Error> deobfuscation_result);
| ^
In file included from ../../chrome/browser/ui/views/download/download_item_view.cc:36:
../../chrome/browser/enterprise/connectors/common.h:127:20: error: no member named 'BinaryUploadService' in namespace 'safe_browsing'
127 | safe_browsing::BinaryUploadService::Result upload_result,
| ~~~~~~~~~~~~~~~^
2 errors generated.
```
It seems like the flag ENTERPRISE_CONTENT_ANALYSIS=false needs to also be set if using safe_browsing_mode = 0, since the block with the latter error depends on that and contains things that depend on safe browsing features.
It seems this can be done in components/enterprise/buildflags/buildflags.gni by doing this modification:
```
+++ a/var/tmp/portage/www-client/chromium-137.0.7151.27/work/chromium-137.0.7151.27/components/enterprise/buildflags/buildflags.gni
+++ b/var/tmp/portage/www-client/chromium-137.0.7151.27/work/chromium-137.0.7151.27/components/enterprise/buildflags/buildflags.gni
@@ -9,12 +9,11 @@ import("//build/config/ui.gni")
declare_args() {
# Indicates support for content analysis against a cloud agent for Enterprise
# Connector policies.
- enterprise_cloud_content_analysis =
- is_win || is_mac || is_linux || is_chromeos
+ enterprise_cloud_content_analysis = false
# Indicates support for content analysis against a cloud agent for Enterprise
# Connector policies.
- enterprise_local_content_analysis = is_win || is_mac || is_linux
+ enterprise_local_content_analysis = false
# Indicates support for Data Control rules.
enterprise_data_controls =
```
I'll test if it now compiles after doing that in addition.
This probably isn't the correct way to do that, but the compilation seems to have picked up from where it left off when I just did that modification and ran this again without cleaning after the error where it stopped the last time:
ebuild /var/db/repos/gentoo/www-client/chromium/chromium-137.0.7151.27.ebuild compile
It currently says [1224/6945] after running for 12 minutes, so far so good.
The above failed in 46 minutes, at [4942/6945] with this error:
```
../../chrome/browser/ui/safety_hub/revoked_permissions_service.cc:346:7: error: incomplete type 'Profile' named in nested name specifier
346 | Profile::FromBrowserContext(web_contents()->GetBrowserContext());
| ^~~~~~~~~
../../chrome/browser/profiles/profile_selections.h:10:7: note: forward declaration of 'Profile'
10 | class Profile;
| ^
1 error generated.
```
I don't understand this error. I'm retrying with both of the changes with www-client/chromium-136.0.7103.92 instead, as it doesn't have the source file indicated by the error above.
With those changes, the compilation of =www-client/chromium-136.0.7103.92 failed on the very last step, after 7 hours, at [51093/51093]
```
FAILED: chrome
"python3.13" "../../build/toolchain/gcc_link_wrapper.py" --output="./chrome" -- x86_64-pc-linux-gnu-clang++-19 -Wl,--version-script=../../build/linux/chrome.map -fuse-ld=lld -Wl,--build-id=fast -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--icf=all -Wl,--color-diagnostics -Wl,--undefined-version -Wl,--no-call-graph-profile-sort -no-canonical-prefixes -Wl,-z,defs -Wl,--as-needed -nostdlib++ -rdynamic -pie -Wl,--disable-new-dtags prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgetopts.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_abort.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_demangle.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_detect.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libtest.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunicode_width.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libaddr2line.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libadler.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgimli.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libmemchr.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libminiz_oxide.rlib prebuilt_rustc_sysroot/lib/rustlib/x86_64-unknown-linux-gnu/lib/libobject.rlib -Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,--undefined-version -o "./chrome" -Wl,--start-group @"./chrome.rsp" -Wl,--end-group -ldl -lpthread -lrt -lgmodule-2.0 -lgobject-2.0 -lgthread-2.0 -lglib-2.0 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -ldbus-1 -latk-bridge-2.0 -latk-1.0 -lfontconfig -latomic -lz -lresolv -lgio-2.0 -lzstd -lexpat -lwebpdemux -lwebpmux -lwebp -lfreetype -ljpeg -lharfbuzz-subset -lharfbuzz -lxcb -lxkbcommon -latspi -lX11 -lXcomposite -lXdamage -lXext -lXfixes -lXrandr -lXrender -lXtst -lgbm -lXi -lpci -ludev -lpangocairo-1.0 -lpango-1.0 -lcairo -lasound -lpulse -lFLAC -lm -lminizip -lxml2 -lxslt -lxshmfence -Wl,--start-group obj/third_party/rust/cxx/v1/lib/libcxx_lib.rlib obj/third_party/rust/foldhash/v0_1/lib/libfoldhash_lib.rlib obj/base/libbase_crust_ulogger.rlib obj/base/libbase_clogging_ulog_useverity_ubindgen.rlib obj/build/rust/chromium_prelude/libchromium.rlib obj/third_party/rust/log/v0_4/lib/liblog_lib.rlib obj/third_party/rust/serde_json_lenient/v0_2/wrapper/libthird_uparty_srust_sserde_ujson_ulenient_sv0_u2_swrapper_cwrapper.rlib obj/third_party/rust/serde/v1/lib/libserde_lib.rlib obj/third_party/rust/serde_json_lenient/v0_2/lib/libserde_json_lenient_lib.rlib obj/third_party/rust/itoa/v1/lib/libitoa_lib.rlib obj/third_party/rust/memchr/v2/lib/libmemchr_lib.rlib obj/third_party/rust/ryu/v1/lib/libryu_lib.rlib obj/skia/libskia_cbridge_urust_uside.rlib obj/third_party/rust/font_types/v0_8/lib/libfont_types_lib.rlib obj/third_party/rust/bytemuck/v1/lib/libbytemuck_lib.rlib obj/third_party/rust/read_fonts/v0_27/lib/libread_fonts_lib.rlib obj/third_party/rust/skrifa/v0_29/lib/libskrifa_lib.rlib obj/skia/libskia_crust_upng_uffi.rlib obj/third_party/rust/png/v0_18/lib/libpng_lib.rlib obj/third_party/rust/bitflags/v2/lib/libbitflags_lib.rlib obj/third_party/rust/crc32fast/v1/lib/libcrc32fast_lib.rlib obj/third_party/rust/cfg_if/v1/lib/libcfg_if_lib.rlib obj/third_party/rust/fdeflate/v0_3/lib/libfdeflate_lib.rlib obj/third_party/rust/simd_adler32/v0_3/lib/libsimd_adler32_lib.rlib obj/third_party/rust/flate2/v1/lib/libflate2_lib.rlib obj/third_party/rust/miniz_oxide/v0_8/lib/libminiz_oxide_lib.rlib obj/third_party/rust/adler2/v2/lib/libadler2_lib.rlib obj/third_party/blink/common/rust_crash/libthird_uparty_sblink_scommon_srust_ucrash_crs.rlib obj/third_party/crabbyavif/libthird_uparty_scrabbyavif_ccrabbyavif.rlib obj/third_party/crabbyavif/libdav1d_sys.rlib obj/third_party/crabbyavif/liblibyuv_sys.rlib obj/third_party/rust/libc/v0_2/lib/liblibc_lib.rlib obj/components/qr_code_generator/libcomponents_sqr_ucode_ugenerator_cqr_ucode_ugenerator_uffi_uglue.rlib obj/third_party/rust/qr_code/v2/lib/libqr_code_lib.rlib -Wl,--end-group
ld.lld: error: undefined symbol: enterprise_connectors::ReportingEventRouterFactory::GetInstance()
>>> referenced by chrome_browser_main_extra_parts_profiles.cc
>>> obj/chrome/browser/profiles/profiles_extra_parts_impl/chrome_browser_main_extra_parts_profiles.o:(ChromeBrowserMainExtraPartsProfiles::EnsureBrowserContextKeyedServiceFactoriesBuilt())
x86_64-pc-linux-gnu-clang++-19: error: linker command failed with exit code 1 (use -v to see invocation)
```
With also this third and final modification, =www-browser/chromium-136.0.7103.92 compiled without both unrar and safe browsing:
```
--- a/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc
+++ b/var/tmp/portage/www-client/chromium-136.0.7103.92/work/chromium-136.0.7103.92/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc
@@ -841,7 +841,7 @@ void ChromeBrowserMainExtraPartsProfiles::
enterprise_connectors::ExtensionTelemetryEventRouterFactory::GetInstance();
#endif
enterprise_connectors::ConnectorsServiceFactory::GetInstance();
- enterprise_connectors::ReportingEventRouterFactory::GetInstance();
+ //enterprise_connectors::ReportingEventRouterFactory::GetInstance();
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
enterprise_connectors::DeviceTrustConnectorServiceFactory::GetInstance();
```
Created attachment 929077 [details, diff]
disable safe browsing in chromium 136
This disables safe browsing (and unrar which should be only needed by that anyway).
It additionally disables enterprise content analysis that seems to depend on safe browsing, and seems very much related to similar functionality in any case (analysing downloads or something like that, I don't want any such functionality in my browser).
I got this to work with =www-client/chromium-136.0.7103.92
I got this to work with =www-client/chromium-136.0.7103.113
I FAILED to get this to work with =www-client/chromium-137.0.7151.27 (compile error)
Hi Osmo, Thanks for your investigation so far and for the potential patches. Unfortunately I'm not in a position to carry additional patchsets that will need to be rebased regularly; I'm barely able to keep up with the maintenance of Chromium as it stands. > It seems that in all of the currently available chromium versions started requiring the unrar license. You have _always_ had unRAR code in Chromium, it's just that our licence spec was previously defective, see https://bugs.gentoo.org/492424 WRT your concerns about unRAR, licensing, and privacy (including potential third-party reporting), I strongly suggest you try the `ungoogled-chromium` package. It's available from the P4FPublic repository: https://github.com/PF4Public/gentoo-overlay This package is specifically designed to address concerns like yours by removing Google integrations and enhancing privacy, and it likely already applies these changes (and more). Feel free to raise the idea of proxying the `ungoogled-chromium` package into the main ::gentoo repository with its upstream maintainers. I'm happy to consider proxying it if they are agreeable, but my previous offers haven't received a response. |
