發佈於： Fri, 26 Aug 2022 +0800
Mirrors in Chuanghua ():
Yngve Pettersen is a Senior Developer and Security Expert who has been with Vivaldi from the beginning. With his extensive background and careful eye - and a great way with words - he’s able to explain even complex information clearly, even for those who might not see themselves as very technical.
Maintainer of Vivaldi’s chromium code, Yngve recently documented his process for maintaining a Chromium fork over on his Vivaldi.net blog. We’re sharing it here, in case you missed it.
Tree branches towering above Innovation House in Magnolia, Massachusetts. (Photo by Ari Greve.)
Soooo … you say you want to maintain a Chromium fork?
(Note: this article assumes you have some familiarity with Git terminology, building Chromium, and related topics)
Building your own Chromium-based browser is a lot of work, unless you want to just ship the basic Chromium version without any changes.
If you are going to work on and release a Chromium-derived browser, on the technical side you will need a few things when you start with the serious work:
- A Git source code repository for your changes
- One or more developer machines, configured for each OS you want to release on
- Test machines and devices to test your builds
- Build machines for each platform. These should be connected to a system that will automatically build new test builds for each source update, and your work branches, as well as build production (official) builds. These should be much more powerful than your developer machines. Official builds will take several hours even on a powerful machine, and requires a lot of memory and disk space. There are various cloud solutions available, but you should weigh time and (especially) cost carefully. Frankly, having your own on-premises build server rack may cost “a bit” up front, but it lets you have better control of the system.
- A web site where you can post your Official builds so that your users can download and install them
Now you are good to go, and you can start developing and releasing your browser.
Then … the Chromium team releases a new major version (which they do every 4 or 8 weeks, depending on the track) with lots of security fixes. Now your browser is buggy and unsecure. How do you get your fixes to the new version?
This process can get very involved and messy, especially if you have a lot of patches on the Chromium code. These will frequently introduce merge conflicts when updating the source code to a newer Chromium version because the upstream project have updated the code you patched, or just nearby, but there are a few things you can do about that to reduce the problems.
There are at least two major ways to maintain updates for a code base: A git branch, and diff patches to be applied on a clean checkout. Both have benefits and challenges, but both will have to be updated regularly to match the upstream code. The process described below is for a git branch.
The major rule is to put all (or as much as practical) of your additional independent code that is whole classes and functions (even extra functions in Chromium classes) in a separate repository module that have the Chromium code as a submodule. Vivaldi uses special extensions to the GN project language to update the relevant targets with the new files and dependencies.
Other rules for patches are:
- Put all added include/imports after the upstream includes/import declaration.
- Similarly, group all new functions and members in classes at the end of the section. Do the same for other declarations.
- Any functions you have to add in a source file should always be put at the end of the file, or at the end of an internal namespace.
- Generally, try to put an empty line above and below your patch.
- Identify all of your patches’ start and end.
- Don’t change indentation of unmodified original code lines, unless you have to (e.g. in Python files).
- Repetitive patching of the same lines should be fixuped or squashed. Such repetitions have the potential to trigger multiple merge conflicts during the update, which could easily cause errors and bugs to be introduced.
- NEVER (repeat: NEVER!!!) modify the Chromium string and translation files (GRD and XTB). You will be in for a world of hurt when strings change (and some tools can mess up these files under certain conditions). If you need to override strings add the overrides via scripts, e.g. in the grit system merging your own changes with with the upstream ones (Vivaldi is using such a modified system; if there is enough interest from embedders we may upstream it; you can find the scripts in the Vivaldi source bundle if you want to investigate).
Vivaldi uses (mostly) Git submodules to manage submodules, rather than the DEPS file system used by Chromium (some parts of Vivaldi’s upstream source code and tools are downloaded using this system, though). Our process for updating Chromium will work whichever system is used, with some modifications.
The first step of the process is identifying which upstream commit (U) you are going to move the code to, and what is the first (F) and last (L, which you create a work branch W for) commit you are going to move on top of that commit. If you have updated submodules you do this for those as well.
(There are different ways to organize the work branch. We use a branch that is rebased for each update. A different way is to merge the upstream updates into the branch you are using, however this quickly gets even messier than rebasing branches, especially when doing major updates, and after two years of that we started rebasing branches instead.)
The second step is to check out the upstream U commit, including submodules. If you are using Git submodules you configure these at this stage. This commit should be handled as a separate commit, and not included in the F to L commits.
Then you update the submodules with any patches, and update the commit references.
The resulting Chromium checkout can be called W_0
Now we can start moving patches on top of W_0. The git command for this is deceptively simple:
git rebase -onto W_0 F1 W
This applies each commit F through to L (inclusive) in sequence onto the W_0 commit and names the resulting branch W.
A number of these commits (about 10% of patched files in Vivaldi’s source base) will encounter merge conflicts when they are applied, and the process will pause while you repair the conflicts.
It is important to carefully consider the conflicts and whether they may cause functionality to break, and register such possibilities in your bug tracking system.
Once the rebase has completed (a process that can take several workdays) it is time for the next step: Get the code to build again.
This is done the same way as you normally build your browser, fixing compile errors as they are encountered, and yet again registering any that could potentially break the product. This is also a step that can take several work days. A frequent source of build problems are API changes and retired/renamed header files.
Once you have it built and running on your machine, it is time to (finally) commit all your changes and update the work branch in the top module and push everything into your repository. My suggestion is that patches in Chromium are mostly committed as “fixups” of the original patch; this will reduce the merge conflict potential, and keeps your patch in one piece.
Then you should try compiling it on your other delivery platforms, and fix any compile errors there.
Once you have it built and preferably have it running of the other platforms, you can have your autobuilders build the product for each platform, and start more detailed testing, fixing the outstanding issues and regressions that might have been introduced by the update. Depending on your project’s complexity, this can take several weeks to complete.
This entire sequence can be partially automated; you still have to manually fix merge conflicts and compile errors, as well as testing and fixing the resulting executable.
At the time of writing, Vivaldi has just integrated Chromium 104 into our code base, a process that took just over two weeks (the process may take longer at times). Vivaldi is only using the 8-week-cycle Extended Stable releases of Chromium due to the time needed to update the code base and stabilize the product afterwards. In our opinion, if you have a significant number of patches, the only way you can follow the 4 week cycle is to have at least two full teams for upgrades and development, and very likely the upgrade process will have to update weekly to the most recent dev or canary release.
Once you get your browser into production every couple of weeks you are going to encounter a slightly different problem: keeping the browser up to date with the (security) patches applied to the upstream version you are basing your fork on. This means, again, that you have to update the code base, but these changes are usually not as major as they are for a major version upgrade. A slightly modified, less complicated variant of the above process can be used to perform such minor version updates, and in our case this smaller process usually takes just a few hours.
Good luck with your brand new browser fork!
For more information and insights from Yngve, you can follow his blog, Yngve’s corner, on Vivaldi.net.
Have a question or something to add? Let us know in the comments!