electron_32-bin: mark as insecure because it's EOL,...

        # Rebased variant of patch to build M126+ with LLVM 17.

        # staging-next will bump LLVM to 18, so we will be able to drop this soon.

        ./patches/chromium-126-llvm-17.patch

      ]

      ++ lib.optionals (versionRange "126" "129") [

        # Partial revert of https://github.com/chromium/chromium/commit/3687976b0c6d36cf4157419a24a39f6770098d61

        # allowing us to use our rustc and our clang.

        # Rebased variant of patch right above to build M126+ with our rust and our clang.

        ./patches/chromium-126-rust.patch

      ]

      ++ lib.optionals (chromiumVersionAtLeast "129") [

        # Rebased variant of patch right above to build M129+ with our rust and our clang.

        ./patches/chromium-129-rust.patch

      ]

      ++ lib.optionals (chromiumVersionAtLeast "130" && !ungoogled) [

      ++ lib.optionals (!ungoogled) [

        # Our rustc.llvmPackages is too old for std::hardware_destructive_interference_size

        # and std::hardware_constructive_interference_size.

        # So let's revert the change for now and hope that our rustc.llvmPackages and

        pulseSupport

        ungoogled

        ;

      gnChromium = buildPackages.gn.overrideAttrs (

        oldAttrs:

        {

      gnChromium = buildPackages.gn.overrideAttrs (oldAttrs: {

        version = if (upstream-info.deps.gn ? "version") then upstream-info.deps.gn.version else "0";

        src = fetchgit {

          url = "https://gn.googlesource.com/gn";

        # Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:

        # cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]

        hardeningDisable = [ "format" ];

        }

        // lib.optionalAttrs (chromiumVersionAtLeast "130") {

        # At the time of writing, gn is at v2024-05-13 and has a backported patch.

        # This patch appears to be already present in v2024-09-09 (from M130), which

        # results in the patch not applying and thus failing the build.

        # As a work around until gn is updated again, we filter specifically that patch out.

        patches = lib.filter (e: lib.getName e != "LFS64.patch") oldAttrs.patches;

        }

      );

      });

    });

    browser = callPackage ./browser.nix {

diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn

index 6efe967eb0a1c..2ddae4efacbfa 100644

--- a/build/config/compiler/BUILD.gn

+++ b/build/config/compiler/BUILD.gn

@@ -1653,16 +1653,6 @@ config("runtime_library") {

     configs += [ "//build/config/c++:runtime_library" ]

   }

-  # Rust and C++ both provide intrinsics for LLVM to call for math operations. We

-  # want to use the C++ intrinsics, not the ones in the Rust compiler_builtins

-  # library. The Rust symbols are marked as weak, so that they can be replaced by

-  # the C++ symbols. This config ensures the C++ symbols exist and are strong in

-  # order to cause that replacement to occur by explicitly linking in clang's

-  # compiler-rt library.

-  if (is_clang && toolchain_has_rust) {

-    configs += [ "//build/config/clang:compiler_builtins" ]

-  }

-

   # TODO(crbug.com/40570904): Come up with a better name for is POSIX + Fuchsia

   # configuration.

   if (is_posix || is_fuchsia) {

    ];

    sourceProvenance = with sourceTypes; [ binaryNativeCode ];

    # https://www.electronjs.org/docs/latest/tutorial/electron-timelines

    knownVulnerabilities = optional (versionOlder version "32.0.0") "Electron version ${version} is EOL";

    knownVulnerabilities = optional (versionOlder version "33.0.0") "Electron version ${version} is EOL";

  };

  fetcher =

    ''

    + base.postPatch;

  env =

    base.env

    // lib.optionalAttrs (lib.versionOlder info.version "33") {

      # Hydra fails to build electron_32.aarch64-linux as of 2025-01-05 due to

      # clang spamming deprecation warnings mid-build, causing the build log to

      # grow beyond the limit of 64mb and then getting killed by Hydra. This

      # renders our clang both too old for the latest chromium without the use

      # of -Wno-unknown-warning-option and also too new for electron_32 (M128).

      # For some reason, the log size limit appears to only be enforced on

      # aarch64-linux. x86_64-linux happily succeeds to build with ~180mb. To

      # unbreak the build on h.n.o, we simply disable those warnings for now.

      # https://hydra.nixos.org/build/283952243

      NIX_CFLAGS_COMPILE = base.env.NIX_CFLAGS_COMPILE + " -Wno-deprecated";

    };

  preConfigure =

    ''

      (

    ''

    + (base.preConfigure or "");

  gnFlags =

    rec {

  gnFlags = rec {

    # build/args/release.gn

    is_component_build = false;

    is_official_build = true;

    enable_dangling_raw_ptr_feature_flag = false;

    clang_unsafe_buffers_paths = "";

    enterprise_cloud_content_analysis = false;

    }

    // lib.optionalAttrs (lib.versionAtLeast info.version "33") {

    content_enable_legacy_ipc = true;

    }

    // {

    # other

    enable_widevine = false;