diff options
| author |   Jason A. Donenfeld <zx2c4@gentoo.org> | 2021-08-07 23:53:29 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <zx2c4@gentoo.org> | 2021-08-08 13:50:05 +0200 |
| commit | fce48ef271bbcaee9afdf0481294da167e665a9b (patch) | |
| tree | a481b489bae090bf2d81cfede2799fdff2eb93e1 | |
| parent | dev-libs/libmemcached: fix musl (diff) | |
| download | gentoo-fce48ef271bbcaee9afdf0481294da167e665a9b.tar.gz gentoo-fce48ef271bbcaee9afdf0481294da167e665a9b.tar.bz2 gentoo-fce48ef271bbcaee9afdf0481294da167e665a9b.zip | |
www-client/chromium: work around dead oauth2 credentials
Google doesn't let us bake in OAuth2 credentials, and for some time,
Google sign-in has been broken. Arch dealt with this in March, and so
did we to some degree, but in the last few months, our sign-in
credentials have been broken. It appears that we actually did remove API
credentials in March around Chrome 89, but they got added back, perhaps
when rotating newer versions to replace older versions. Work around this
by following Arch's lead: we remove the predefined credentials, as
before, but also we patch Chromium so that people can use their own
easily, using Arch's patch for that.
For more info, see:
https://archlinux.org/news/chromium-losing-sync-support-in-early-march/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-48866282e5
https://hackaday.com/2021/01/26/whats-the-deal-with-chromium-on-linux-google-at-odds-with-package-maintainers/
Closes: https://bugs.gentoo.org/791871
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org>
5 files changed, 45 insertions, 20 deletions
diff --git a/www-client/chromium/chromium-92.0.4515.107.ebuild b/www-client/chromium/chromium-92.0.4515.107.ebuild index 2403aa0bddb2..e4cd7506c21f 100644 --- a/www-client/chromium/chromium-92.0.4515.107.ebuild +++ b/www-client/chromium/chromium-92.0.4515.107.ebuild @@ -236,6 +236,7 @@ src_prepare() { "${FILESDIR}/chromium-92-EnumTable-crash.patch" "${FILESDIR}/chromium-92-GetUsableSize-nullptr.patch" "${FILESDIR}/chromium-freetype-2.11.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -660,13 +661,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chromium@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-92.0.4515.131.ebuild b/www-client/chromium/chromium-92.0.4515.131.ebuild index 63504fa0cd28..54af6f3e069d 100644 --- a/www-client/chromium/chromium-92.0.4515.131.ebuild +++ b/www-client/chromium/chromium-92.0.4515.131.ebuild @@ -236,6 +236,7 @@ src_prepare() { "${FILESDIR}/chromium-92-EnumTable-crash.patch" "${FILESDIR}/chromium-92-crashpad-consent.patch" "${FILESDIR}/chromium-freetype-2.11.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -660,13 +661,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chromium@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-93.0.4577.25.ebuild b/www-client/chromium/chromium-93.0.4577.25.ebuild index 6fa93f8f78bb..770da01d6141 100644 --- a/www-client/chromium/chromium-93.0.4577.25.ebuild +++ b/www-client/chromium/chromium-93.0.4577.25.ebuild @@ -237,6 +237,7 @@ src_prepare() { "${WORKDIR}/sandbox-patches/chromium-fstatat-crash.patch" "${FILESDIR}/chromium-93-EnumTable-crash.patch" "${FILESDIR}/chromium-93-InkDropHost-crash.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -653,13 +654,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chromium@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-94.0.4595.0.ebuild b/www-client/chromium/chromium-94.0.4595.0.ebuild index e74922587b5f..1e16bca46d88 100644 --- a/www-client/chromium/chromium-94.0.4595.0.ebuild +++ b/www-client/chromium/chromium-94.0.4595.0.ebuild @@ -234,6 +234,7 @@ src_prepare() { "${WORKDIR}/patches" "${FILESDIR}/chromium-93-EnumTable-crash.patch" "${FILESDIR}/chromium-93-InkDropHost-crash.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -651,13 +652,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chromium@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch new file mode 100644 index 000000000000..9d9c57bfb0d2 --- /dev/null +++ b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch @@ -0,0 +1,17 @@ +diff -upr chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc chromium-89.0.4389.58/google_apis/google_api_keys.cc +--- chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc 2021-02-24 22:37:18.494007649 +0000 ++++ chromium-89.0.4389.58/google_apis/google_api_keys.cc 2021-02-24 22:35:00.865777600 +0000 +@@ -154,11 +154,11 @@ class APIKeyCache { + + std::string default_client_id = CalculateKeyValue( + GOOGLE_DEFAULT_CLIENT_ID, +- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), nullptr, ++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), ::switches::kOAuth2ClientID, + std::string(), environment.get(), command_line, gaia_config); + std::string default_client_secret = CalculateKeyValue( + GOOGLE_DEFAULT_CLIENT_SECRET, +- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), nullptr, ++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), ::switches::kOAuth2ClientSecret, + std::string(), environment.get(), command_line, gaia_config); + + // We currently only allow overriding the baked-in values for the |