chromium: add widevine support on aarch64 #251085
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
I packaged the arm64 build of widevine for chromium. The main weirdness here is widevine is built with DT_RELR relocations, which our version of glibc does support, but it checks for a particular symbol GLIBC_ABI_DT_RELR as a sort of compatibility flag. This widevine build doesn't have that flag, for what I understand to be ChromeOS reasons, so chromium fails to load the lib at startup. The fix I went with was to disable that check, as boldly copied from here. Another possibility would be to hand-patch that compatibility symbol into the widevine .so's, but I'm not sure where to start with that or how we'd carry that as a patch.
The main issue with this patch as it stands is by my understanding Hydra won't build/cache the patched glibc since it's not exposed anywhere, so users are stuck building glibc on their raspis or whatever. Alternatives that I know of would be to either expose the patched glibc as a package, or to just pull that patch into our glibc everywhere. My understanding is that wouldn't break anything (DT_RELR works the same way whether GLIBC_ABI_DT_RELR is present or not), but it's probably still more invasive than this warrants. I'd like to hear folks' thoughts on the best approach there.
The other issue is the widevine version/hash being inline when the other downloads are updateable through upstream-info.nix. I'm open to suggestions there.
Fixes #220828
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)