commit: fce48ef271bbcaee9afdf0481294da167e665a9b Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org> AuthorDate: Sat Aug 7 21:53:29 2021 +0000 Commit: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org> CommitDate: Sun Aug 8 11:50:05 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fce48ef2
www-client/chromium: work around dead oauth2 credentials Google doesn't let us bake in OAuth2 credentials, and for some time, Google sign-in has been broken. Arch dealt with this in March, and so did we to some degree, but in the last few months, our sign-in credentials have been broken. It appears that we actually did remove API credentials in March around Chrome 89, but they got added back, perhaps when rotating newer versions to replace older versions. Work around this by following Arch's lead: we remove the predefined credentials, as before, but also we patch Chromium so that people can use their own easily, using Arch's patch for that. For more info, see: https://archlinux.org/news/chromium-losing-sync-support-in-early-march/ https://bodhi.fedoraproject.org/updates/FEDORA-2021-48866282e5 https://hackaday.com/2021/01/26/whats-the-deal-with-chromium-on-linux-google-at-odds-with-package-maintainers/ Closes: https://bugs.gentoo.org/791871 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Jason A. Donenfeld <zx2c4 <AT> gentoo.org> www-client/chromium/chromium-92.0.4515.107.ebuild | 12 +++++++----- www-client/chromium/chromium-92.0.4515.131.ebuild | 12 +++++++----- www-client/chromium/chromium-93.0.4577.25.ebuild | 12 +++++++----- www-client/chromium/chromium-94.0.4595.0.ebuild | 12 +++++++----- ...chromium-use-oauth2-client-switches-as-default.patch | 17 +++++++++++++++++ 5 files changed, 45 insertions(+), 20 deletions(-) diff --git a/www-client/chromium/chromium-92.0.4515.107.ebuild b/www-client/chromium/chromium-92.0.4515.107.ebuild index 2403aa0bddb..e4cd7506c21 100644 --- a/www-client/chromium/chromium-92.0.4515.107.ebuild +++ b/www-client/chromium/chromium-92.0.4515.107.ebuild @@ -236,6 +236,7 @@ src_prepare() { "${FILESDIR}/chromium-92-EnumTable-crash.patch" "${FILESDIR}/chromium-92-GetUsableSize-nullptr.patch" "${FILESDIR}/chromium-freetype-2.11.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -660,13 +661,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chrom...@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-92.0.4515.131.ebuild b/www-client/chromium/chromium-92.0.4515.131.ebuild index 63504fa0cd2..54af6f3e069 100644 --- a/www-client/chromium/chromium-92.0.4515.131.ebuild +++ b/www-client/chromium/chromium-92.0.4515.131.ebuild @@ -236,6 +236,7 @@ src_prepare() { "${FILESDIR}/chromium-92-EnumTable-crash.patch" "${FILESDIR}/chromium-92-crashpad-consent.patch" "${FILESDIR}/chromium-freetype-2.11.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -660,13 +661,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chrom...@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-93.0.4577.25.ebuild b/www-client/chromium/chromium-93.0.4577.25.ebuild index 6fa93f8f78b..770da01d614 100644 --- a/www-client/chromium/chromium-93.0.4577.25.ebuild +++ b/www-client/chromium/chromium-93.0.4577.25.ebuild @@ -237,6 +237,7 @@ src_prepare() { "${WORKDIR}/sandbox-patches/chromium-fstatat-crash.patch" "${FILESDIR}/chromium-93-EnumTable-crash.patch" "${FILESDIR}/chromium-93-InkDropHost-crash.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -653,13 +654,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chrom...@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/chromium-94.0.4595.0.ebuild b/www-client/chromium/chromium-94.0.4595.0.ebuild index e74922587b5..1e16bca46d8 100644 --- a/www-client/chromium/chromium-94.0.4595.0.ebuild +++ b/www-client/chromium/chromium-94.0.4595.0.ebuild @@ -234,6 +234,7 @@ src_prepare() { "${WORKDIR}/patches" "${FILESDIR}/chromium-93-EnumTable-crash.patch" "${FILESDIR}/chromium-93-InkDropHost-crash.patch" + "${FILESDIR}/chromium-use-oauth2-client-switches-as-default.patch" "${FILESDIR}/chromium-shim_headers.patch" ) @@ -651,13 +652,14 @@ src_configure() { # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for Gentoo use ONLY. For your own distribution, # please get your own set of keys. Feel free to contact chrom...@gentoo.org - # for more info. + # for more info. The OAuth2 credentials, however, have been left out. + # Those OAuth2 credentials have been broken for quite some time anyway. + # Instead we apply a patch to use the --oauth2-client-id= and + # --oauth2-client-secret= switches for setting GOOGLE_DEFAULT_CLIENT_ID and + # GOOGLE_DEFAULT_CLIENT_SECRET at runtime. This allows signing into + # Chromium without baked-in values. local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" - local google_default_client_id="329227923882.apps.googleusercontent.com" - local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu" myconf_gn+=" google_api_key=\"${google_api_key}\"" - myconf_gn+=" google_default_client_id=\"${google_default_client_id}\"" - myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\"" local myarch="$(tc-arch)" # Avoid CFLAGS problems, bug #352457, bug #390147. diff --git a/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch new file mode 100644 index 00000000000..9d9c57bfb0d --- /dev/null +++ b/www-client/chromium/files/chromium-use-oauth2-client-switches-as-default.patch @@ -0,0 +1,17 @@ +diff -upr chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc chromium-89.0.4389.58/google_apis/google_api_keys.cc +--- chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc 2021-02-24 22:37:18.494007649 +0000 ++++ chromium-89.0.4389.58/google_apis/google_api_keys.cc 2021-02-24 22:35:00.865777600 +0000 +@@ -154,11 +154,11 @@ class APIKeyCache { + + std::string default_client_id = CalculateKeyValue( + GOOGLE_DEFAULT_CLIENT_ID, +- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), nullptr, ++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), ::switches::kOAuth2ClientID, + std::string(), environment.get(), command_line, gaia_config); + std::string default_client_secret = CalculateKeyValue( + GOOGLE_DEFAULT_CLIENT_SECRET, +- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), nullptr, ++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), ::switches::kOAuth2ClientSecret, + std::string(), environment.get(), command_line, gaia_config); + + // We currently only allow overriding the baked-in values for the