From: "Jason A. Donenfeld" <zx2c4@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: www-client/chromium/files/, www-client/chromium/
Date: Sun, 8 Aug 2021 11:50:14 +0000 (UTC) [thread overview]
Message-ID: <1628423405.fce48ef271bbcaee9afdf0481294da167e665a9b.zx2c4@gentoo> (raw)
commit: fce48ef271bbcaee9afdf0481294da167e665a9b
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 7 21:53:29 2021 +0000
Commit: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Sun Aug 8 11:50:05 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fce48ef2
www-client/chromium: work around dead oauth2 credentials
Google doesn't let us bake in OAuth2 credentials, and for some time,
Google sign-in has been broken. Arch dealt with this in March, and so
did we to some degree, but in the last few months, our sign-in
credentials have been broken. It appears that we actually did remove API
credentials in March around Chrome 89, but they got added back, perhaps
when rotating newer versions to replace older versions. Work around this
by following Arch's lead: we remove the predefined credentials, as
before, but also we patch Chromium so that people can use their own
easily, using Arch's patch for that.
For more info, see:
https://archlinux.org/news/chromium-losing-sync-support-in-early-march/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-48866282e5
https://hackaday.com/2021/01/26/whats-the-deal-with-chromium-on-linux-google-at-odds-with-package-maintainers/
Closes: https://bugs.gentoo.org/791871
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Jason A. Donenfeld <zx2c4 <AT> gentoo.org>
www-client/chromium/chromium-92.0.4515.107.ebuild | 12 +++++++-----
www-client/chromium/chromium-92.0.4515.131.ebuild | 12 +++++++-----
www-client/chromium/chromium-93.0.4577.25.ebuild | 12 +++++++-----
www-client/chromium/chromium-94.0.4595.0.ebuild | 12 +++++++-----
...chromium-use-oauth2-client-switches-as-default.patch | 17 +++++++++++++++++
5 files changed, 45 insertions(+), 20 deletions(-)
diff --git a/www-client/chromium/chromium-92.0.4515.107.ebuild b/www-client/chromium/chromium-92.0.4515.107.ebuild
index 2403aa0bddb..e4cd7506c21 100644
--- a/www-client/chromium/chromium-92.0.4515.107.ebuild
+++ b/www-client/chromium/chromium-92.0.4515.107.ebuild
@@ -236,6 +236,7 @@ src_prepare() {
"${FILESDIR}/chromium-92-EnumTable-crash.patch"
"${FILESDIR}/chromium-92-GetUsableSize-nullptr.patch"
"${FILESDIR}/chromium-freetype-2.11.patch"
+ "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch"
"${FILESDIR}/chromium-shim_headers.patch"
)
@@ -660,13 +661,14 @@ src_configure() {
# Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys .
# Note: these are for Gentoo use ONLY. For your own distribution,
# please get your own set of keys. Feel free to contact chromium@gentoo.org
- # for more info.
+ # for more info. The OAuth2 credentials, however, have been left out.
+ # Those OAuth2 credentials have been broken for quite some time anyway.
+ # Instead we apply a patch to use the --oauth2-client-id= and
+ # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and
+ # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into
+ # Chromium without baked-in values.
local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc"
- local google_default_client_id="329227923882.apps.googleusercontent.com"
- local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu"
myconf_gn+=" google_api_key=\"${google_api_key}\""
- myconf_gn+=" google_default_client_id=\"${google_default_client_id}\""
- myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\""
local myarch="$(tc-arch)"
# Avoid CFLAGS problems, bug #352457, bug #390147.
diff --git a/www-client/chromium/chromium-92.0.4515.131.ebuild b/www-client/chromium/chromium-92.0.4515.131.ebuild
index 63504fa0cd2..54af6f3e069 100644
--- a/www-client/chromium/chromium-92.0.4515.131.ebuild
+++ b/www-client/chromium/chromium-92.0.4515.131.ebuild
@@ -236,6 +236,7 @@ src_prepare() {
"${FILESDIR}/chromium-92-EnumTable-crash.patch"
"${FILESDIR}/chromium-92-crashpad-consent.patch"
"${FILESDIR}/chromium-freetype-2.11.patch"
+ "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch"
"${FILESDIR}/chromium-shim_headers.patch"
)
@@ -660,13 +661,14 @@ src_configure() {
# Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys .
# Note: these are for Gentoo use ONLY. For your own distribution,
# please get your own set of keys. Feel free to contact chromium@gentoo.org
- # for more info.
+ # for more info. The OAuth2 credentials, however, have been left out.
+ # Those OAuth2 credentials have been broken for quite some time anyway.
+ # Instead we apply a patch to use the --oauth2-client-id= and
+ # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and
+ # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into
+ # Chromium without baked-in values.
local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc"
- local google_default_client_id="329227923882.apps.googleusercontent.com"
- local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu"
myconf_gn+=" google_api_key=\"${google_api_key}\""
- myconf_gn+=" google_default_client_id=\"${google_default_client_id}\""
- myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\""
local myarch="$(tc-arch)"
# Avoid CFLAGS problems, bug #352457, bug #390147.
diff --git a/www-client/chromium/chromium-93.0.4577.25.ebuild b/www-client/chromium/chromium-93.0.4577.25.ebuild
index 6fa93f8f78b..770da01d614 100644
--- a/www-client/chromium/chromium-93.0.4577.25.ebuild
+++ b/www-client/chromium/chromium-93.0.4577.25.ebuild
@@ -237,6 +237,7 @@ src_prepare() {
"${WORKDIR}/sandbox-patches/chromium-fstatat-crash.patch"
"${FILESDIR}/chromium-93-EnumTable-crash.patch"
"${FILESDIR}/chromium-93-InkDropHost-crash.patch"
+ "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch"
"${FILESDIR}/chromium-shim_headers.patch"
)
@@ -653,13 +654,14 @@ src_configure() {
# Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys .
# Note: these are for Gentoo use ONLY. For your own distribution,
# please get your own set of keys. Feel free to contact chromium@gentoo.org
- # for more info.
+ # for more info. The OAuth2 credentials, however, have been left out.
+ # Those OAuth2 credentials have been broken for quite some time anyway.
+ # Instead we apply a patch to use the --oauth2-client-id= and
+ # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and
+ # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into
+ # Chromium without baked-in values.
local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc"
- local google_default_client_id="329227923882.apps.googleusercontent.com"
- local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu"
myconf_gn+=" google_api_key=\"${google_api_key}\""
- myconf_gn+=" google_default_client_id=\"${google_default_client_id}\""
- myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\""
local myarch="$(tc-arch)"
# Avoid CFLAGS problems, bug #352457, bug #390147.
diff --git a/www-client/chromium/chromium-94.0.4595.0.ebuild b/www-client/chromium/chromium-94.0.4595.0.ebuild
index e74922587b5..1e16bca46d8 100644
--- a/www-client/chromium/chromium-94.0.4595.0.ebuild
+++ b/www-client/chromium/chromium-94.0.4595.0.ebuild
@@ -234,6 +234,7 @@ src_prepare() {
"${WORKDIR}/patches"
"${FILESDIR}/chromium-93-EnumTable-crash.patch"
"${FILESDIR}/chromium-93-InkDropHost-crash.patch"
+ "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch"
"${FILESDIR}/chromium-shim_headers.patch"
)
@@ -651,13 +652,14 @@ src_configure() {
# Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys .
# Note: these are for Gentoo use ONLY. For your own distribution,
# please get your own set of keys. Feel free to contact chromium@gentoo.org
- # for more info.
+ # for more info. The OAuth2 credentials, however, have been left out.
+ # Those OAuth2 credentials have been broken for quite some time anyway.
+ # Instead we apply a patch to use the --oauth2-client-id= and
+ # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and
+ # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into
+ # Chromium without baked-in values.
local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc"
- local google_default_client_id="329227923882.apps.googleusercontent.com"
- local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu"
myconf_gn+=" google_api_key=\"${google_api_key}\""
- myconf_gn+=" google_default_client_id=\"${google_default_client_id}\""
- myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\""
local myarch="$(tc-arch)"
# Avoid CFLAGS problems, bug #352457, bug #390147.
diff --git a/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch
new file mode 100644
index 00000000000..9d9c57bfb0d
--- /dev/null
+++ b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch
@@ -0,0 +1,17 @@
+diff -upr chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc chromium-89.0.4389.58/google_apis/google_api_keys.cc
+--- chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc 2021-02-24 22:37:18.494007649 +0000
++++ chromium-89.0.4389.58/google_apis/google_api_keys.cc 2021-02-24 22:35:00.865777600 +0000
+@@ -154,11 +154,11 @@ class APIKeyCache {
+
+ std::string default_client_id = CalculateKeyValue(
+ GOOGLE_DEFAULT_CLIENT_ID,
+- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), nullptr,
++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), ::switches::kOAuth2ClientID,
+ std::string(), environment.get(), command_line, gaia_config);
+ std::string default_client_secret = CalculateKeyValue(
+ GOOGLE_DEFAULT_CLIENT_SECRET,
+- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), nullptr,
++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), ::switches::kOAuth2ClientSecret,
+ std::string(), environment.get(), command_line, gaia_config);
+
+ // We currently only allow overriding the baked-in values for the
next reply other threads:[~2021-08-08 11:50 UTC|newest]
Thread overview: 155+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-08 11:50 Jason A. Donenfeld [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-04-13 21:50 [gentoo-commits] repo/gentoo:master commit in: www-client/chromium/files/, www-client/chromium/ Matt Jolly
2025-04-09 3:45 Matt Jolly
2025-03-04 13:28 Matt Jolly
2025-02-13 10:59 Matt Jolly
2025-01-28 23:28 Matt Jolly
2025-01-19 1:36 Matt Jolly
2024-11-12 14:43 Matt Jolly
2024-10-12 11:05 Matt Jolly
2024-07-07 9:46 Matt Jolly
2024-05-21 5:59 Matt Jolly
2024-04-26 1:54 Matt Jolly
2024-04-18 15:30 Matt Jolly
2024-01-31 9:42 Sam James
2024-01-31 9:42 Sam James
2023-11-24 22:48 Sam James
2023-08-15 8:02 Stephan Hartmann
2023-08-14 7:12 Stephan Hartmann
2023-08-04 6:57 Stephan Hartmann
2023-08-03 18:31 Stephan Hartmann
2023-06-30 13:11 Stephan Hartmann
2023-06-29 14:49 Stephan Hartmann
2023-06-14 15:09 Mike Gilbert
2023-06-10 5:09 Sam James
2023-05-05 14:17 Mike Gilbert
2023-04-22 23:29 Mike Gilbert
2023-04-14 15:57 Mike Gilbert
2023-04-03 17:32 Mike Gilbert
2023-03-28 15:29 Mike Gilbert
2023-03-13 2:01 Mike Gilbert
2023-01-14 8:38 Stephan Hartmann
2022-12-04 23:40 Sam James
2022-10-01 9:58 Stephan Hartmann
2022-09-26 20:33 Stephan Hartmann
2022-08-20 18:07 Stephan Hartmann
2022-08-20 8:18 Stephan Hartmann
2022-03-11 17:10 Stephan Hartmann
2022-03-03 18:09 Stephan Hartmann
2022-02-20 14:12 Stephan Hartmann
2022-01-30 8:37 Stephan Hartmann
2022-01-24 9:33 Stephan Hartmann
2022-01-23 18:05 Stephan Hartmann
2022-01-23 18:03 Stephan Hartmann
2022-01-12 18:53 Stephan Hartmann
2022-01-03 18:20 Stephan Hartmann
2021-11-22 16:03 Stephan Hartmann
2021-11-13 20:08 Stephan Hartmann
2021-11-04 20:16 Stephan Hartmann
2021-10-30 17:30 Stephan Hartmann
2021-10-24 7:30 Stephan Hartmann
2021-10-10 17:45 Stephan Hartmann
2021-10-04 20:58 Stephan Hartmann
2021-09-14 11:27 Stephan Hartmann
2021-09-11 7:47 Stephan Hartmann
2021-09-08 20:00 Stephan Hartmann
2021-07-27 17:39 Stephan Hartmann
2021-07-26 21:17 Stephan Hartmann
2021-07-24 9:48 Stephan Hartmann
2021-06-16 21:28 Stephan Hartmann
2021-05-22 8:37 Stephan Hartmann
2021-04-19 13:07 Stephan Hartmann
2021-04-13 17:01 Stephan Hartmann
2021-02-28 9:16 Stephan Hartmann
2021-02-18 22:08 Stephan Hartmann
2021-02-14 8:43 Stephan Hartmann
2020-11-22 8:18 Stephan Hartmann
2020-10-22 17:24 Mike Gilbert
2020-10-03 7:25 Stephan Hartmann
2020-09-12 9:16 Stephan Hartmann
2020-09-07 5:27 Stephan Hartmann
2020-07-29 18:02 Mike Gilbert
2020-07-26 16:42 Mike Gilbert
2020-06-20 4:09 Aaron Bauman
2020-06-04 14:47 Mike Gilbert
2020-05-30 0:19 Mike Gilbert
2020-05-08 16:23 Mike Gilbert
2020-05-03 19:57 Mike Gilbert
2020-04-11 16:43 Mike Gilbert
2020-04-09 17:20 Mike Gilbert
2020-04-08 15:30 Mike Gilbert
2020-03-30 18:55 Mike Gilbert
2020-03-15 18:35 Mike Gilbert
2020-03-10 15:06 Mike Gilbert
2020-02-14 20:12 Mike Gilbert
2020-02-06 20:48 Mike Gilbert
2020-02-06 20:24 Mike Gilbert
2020-01-20 17:04 Mike Gilbert
2019-12-23 16:22 Mike Gilbert
2019-12-18 17:31 Mike Gilbert
2019-11-11 21:04 Mike Gilbert
2019-11-06 18:56 Mike Gilbert
2019-10-29 20:11 Mike Gilbert
2019-10-27 14:40 Mike Gilbert
2019-08-27 17:25 Mike Gilbert
2019-08-22 15:00 Mike Gilbert
2019-08-08 15:46 Mike Gilbert
2019-08-02 20:42 Mike Gilbert
2019-07-29 17:32 Mike Gilbert
2019-07-25 14:34 Mike Gilbert
2019-06-25 14:58 Mike Gilbert
2019-06-19 21:24 Mike Gilbert
2019-06-18 13:52 Mike Gilbert
2019-02-17 17:53 Mike Gilbert
2019-02-15 20:26 Mike Gilbert
2019-02-10 15:44 Mike Gilbert
2018-11-05 0:22 Mike Gilbert
2018-11-05 0:22 Mike Gilbert
2018-10-21 15:17 Mike Gilbert
2018-09-22 17:38 Mike Gilbert
2018-07-22 0:41 Mike Gilbert
2018-06-20 14:00 Mike Gilbert
2018-06-16 19:34 Mike Gilbert
2018-05-29 19:36 Mike Gilbert
2018-04-30 23:26 Mike Gilbert
2018-03-04 23:02 Mike Gilbert
2018-02-21 20:31 Mike Gilbert
2018-01-14 2:32 Mike Gilbert
2017-12-09 16:00 Mike Gilbert
2017-11-04 22:17 Mike Gilbert
2017-11-04 14:53 Mike Gilbert
2017-10-04 13:50 Paweł Hajdan
2017-09-27 12:32 Paweł Hajdan
2017-09-04 21:07 Paweł Hajdan
2017-08-16 19:35 Paweł Hajdan
2017-08-02 21:28 Mike Gilbert
2017-07-27 8:22 Paweł Hajdan
2017-07-17 12:41 Paweł Hajdan
2017-06-28 15:18 Paweł Hajdan
2017-06-26 7:09 Paweł Hajdan
2017-06-11 17:35 Mike Gilbert
2017-06-11 16:39 Paweł Hajdan
2017-05-31 20:19 Paweł Hajdan
2017-05-17 14:22 Paweł Hajdan
2017-04-28 15:09 Paweł Hajdan
2017-04-13 19:18 Paweł Hajdan
2017-03-22 2:39 Mike Gilbert
2017-03-20 12:12 Paweł Hajdan
2017-03-12 1:00 Mike Gilbert
2017-01-29 22:27 Mike Gilbert
2017-01-22 5:24 Mike Gilbert
2017-01-05 21:47 Paweł Hajdan
2016-11-08 19:14 Mike Gilbert
2016-10-17 15:35 Mike Gilbert
2016-09-01 17:11 Mike Gilbert
2016-08-01 17:37 Paweł Hajdan
2016-06-13 20:38 Paweł Hajdan
2016-06-03 18:58 Paweł Hajdan
2016-06-01 20:22 Paweł Hajdan
2016-05-08 20:06 Paweł Hajdan
2016-03-25 21:29 Paweł Hajdan
2016-03-09 4:33 Mike Gilbert
2015-12-07 21:19 Paweł Hajdan
2015-11-29 21:44 Paweł Hajdan
2015-11-19 7:19 Paweł Hajdan
2015-09-08 21:01 Paweł Hajdan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1628423405.fce48ef271bbcaee9afdf0481294da167e665a9b.zx2c4@gentoo \
--to=zx2c4@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox