document limited Chromium support level

README.md

@@ -17,7 +17,8 @@ Currently supported packages:
 | **curl**         | [Github: oqs-demos/curl](curl)         | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl)                             |
 | **Apache httpd** | [Github: oqs-demos/httpd](httpd)       | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd)                           |
 | **nginx**        | [Github: oqs-demos/nginx](nginx)       | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx)                           |
-| **Chromium** | [Github: oqs-demos/chromium](chromium) | [Binary for Ubuntu 20](https://github.com/open-quantum-safe/oqs-demos/releases/download/0.7.2/chromium-ubuntu-0.7.2.tgz) |
+<!--- | **Chromium** | [Github: oqs-demos/chromium](chromium) | [Binary for Ubuntu 20](https://github.com/open-quantum-safe/oqs-demos/releases/download/0.7.2/chromium-ubuntu-0.7.2.tgz) |-->
+
 | **OpenSSH**      | [Github: oqs-demos/openssh](openssh)   | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh)                       |
 | **Wireshark**    | [Github: oqs-demos/wireshark](wireshark)   | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark)                       |
 | **Epiphany**     | [Github: oqs-demos/epiphany](epiphany)   | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany)                       |
@@ -32,7 +33,8 @@ Currently supported packages:
 
 <!---| **HAproxy**      | [Github: oqs-demos/haproxy](haproxy)   | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy)                       | -->
 
-You can use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.5.0` and `liboqs v0.8.0`). Chromium and `oqs-boringssl` are no longer maintained to the same set of algorithms, so are not to be expected to (inter)operate fully with the test server.
+You can use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.5.0` and `liboqs v0.8.0`).
+<!--Chromium and `oqs-boringssl` are no longer maintained to the same standards (algorithms, operating systems), so are not to be expected to (inter)operate fully with the test server.-->
 
 ## Contributing
 

chromium/README-Linux.md

@@ -1,3 +1,5 @@
+** WARNING: THESE INSTRUCTIONS ARE OUTDATED. CONTRIBUTIONS WELCOME TO BRING THIS TO THE LATEST UP- AND DOWNSTREAM CODE LEVEL **
+
 Note that both cloning the source code as well as building Chromium can take several hours if you do not have excellent network connectivity and serious multicore CPUs at your disposal: The download has a size of over 40GB and even a size-and-performance optimized build (see note below) takes 1143 CPU user minutes on a 2.6GHz i7 CPU, i.e. something like 300 minutes or 5 hours on a quad-core system.
 
 0. Ensure the system requirements listed [here](https://chromium.googlesource.com/chromium/src/+/master/docs/linux/build_instructions.md#System-requirements) are met.
@@ -64,4 +66,4 @@ If all steps outlined above have been successfully executed, one can extract a s
 
 ### Automated build scripts
 As the instructions above are complex and hard to get right the first time, a set of build scripts is included in the 
-scripts subdirectory. Please read scripts/README for more information on how to use them.
+scripts subdirectory. Please read scripts/README for more information on how to use them.

chromium/README.md

@@ -1,7 +1,9 @@
-This directory contains instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. Note that these instructions have been tested only on Windows 10, Ubuntu 18, 19, and 20 (x86_64) installations and apply at present only to a subset of quantum-safe key-exchanges as [documented here](https://github.com/open-quantum-safe/boringssl#key-exchange).
+This directory contains no longer fully maintained instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. Note that these instructions have been tested only on Windows 10 installations and apply at present only to a subset of quantum-safe key-exchanges as [documented here](https://github.com/open-quantum-safe/boringssl#key-exchange).
+
+Please note that the Linux instructions are outdated and do not allow proper operation of a PQ-Chromium variant. The information is solely retained for people accepting this limitation. This limitation by no means should be understood as a preference for proprietary operating systems by the OQS team: Our focus remains on the support of open source software -- but we do not have the bandwidth to keep supporting the Chromium and BoringSSL PQ software stack at the same level as we did in the past. We welcome contributions and contributors allowing us to change this; most welcome would be contributions to bring up the Linux instructions and [patch](oqs-changes.patch) to the latest up- and downstream code level. 
 
 ---
 
-[Build Instructions for Linux](README-Linux.md)
+[Outdated Build Instructions for Linux](README-Linux.md)
 
 [Build Instructions for Windows](README-Windows.md)

chromium/scripts/README

@@ -1,5 +1,5 @@
 These scripts help facilitate a build of PQC-enabled Chromium.
-They have been tested on Ubuntu 20.04 .
+They had been tested on Ubuntu 20.04 **BUT NO LONGER ARE MAINTAINED**.
 
 How to use :
 

nginx/fulltest-provider/genconfig.py

@@ -117,23 +117,27 @@ def write_nginx_config(f, i, cf, port, _sig, k):
 
            # deactivate if you don't like tables:
            i.write("<tr><td>"+sig+"</td><td>"+k+"</td><td>"+str(port)+"</td><td><a href=https://"+TESTFQDN+":"+str(port)+">"+sig+"/"+k+"</a></td></tr>\n")
-           if k in chromium_algs and not ("_" in sig and (sig.startswith("p") or (sig.startswith("rsa")))):
-               cf.write("<tr><td>"+sig+"</td><td>"+k+"</td><td>"+str(port)+"</td><td><a href=https://"+TESTFQDN+":"+str(port)+">"+sig+"/"+k+"</a></td></tr>\n")
+           # chromium support discontinued
+           #if k in chromium_algs and not ("_" in sig and (sig.startswith("p") or (sig.startswith("rsa")))):
+           #    cf.write("<tr><td>"+sig+"</td><td>"+k+"</td><td>"+str(port)+"</td><td><a href=https://"+TESTFQDN+":"+str(port)+">"+sig+"/"+k+"</a></td></tr>\n")
 
 
 # generates nginx config
 def gen_conf(filename, indexbasefilename, chromiumfilename):
    port = STARTPORT
    assignments={}
    i = open(indexbasefilename, "w")
-   cf = open(chromiumfilename, "w")
+   # chromium support discontinued
+   cf = None
+   #cf = open(chromiumfilename, "w")
    # copy baseline templates
    with open(TEMPLATE_FILE, "r") as tf:
      for line in tf:
        i.write(line)
-   with open(CHROMIUM_TEMPLATE_FILE, "r") as ctf:
-     for line in ctf:
-       cf.write(line)
+   #chromium support discontinued
+   #with open(CHROMIUM_TEMPLATE_FILE, "r") as ctf:
+   #  for line in ctf:
+   #    cf.write(line)
 
    with open(filename, "w") as f:
      # baseline config
@@ -193,9 +197,9 @@ def gen_conf(filename, indexbasefilename, chromiumfilename):
    i.write("</table>\n")
    i.write("</body></html>\n")
    i.close()
-   cf.write("</table>\n")
-   cf.write("</body></html>\n")
-   cf.close()
+   #cf.write("</table>\n")
+   #cf.write("</body></html>\n")
+   #cf.close()
    with open(ASSIGNMENT_FILE, 'w') as outfile:
       json.dump(assignments, outfile)