Putting Updates of Chromium in Qt WebEngine on a Timeline
July 17, 2023 by Vladimir Minenko | Comments
2023年7月17日 弗拉基米尔·米年科|评论
One of the most frequent questions about Qt WebEngine is about the pace of updates of Chromium. The shortest one would be just like "When do we get the next Chromium in Qt?". Well, there are a few elements in this which make this question a matter of perspective. I once thought, I should put all elements on a timeline to sort that for me and hopefully for you in a more explanatory form.
关于Qt WebEngine,最常见的问题之一是Chromium的更新速度。最短的一个就像“我们什么时候能在Qt中获得下一个Chromium?”。好吧,这里面有几个因素使这个问题成为一个视角问题。我曾经想,我应该把所有的元素都放在一个时间线上,为我和你以一种更具解释性的形式进行排序。
I said "a more explanatory form", because the Qt documentation of the Qt WebEngine actually describes the pace of these updates since the Qt 6.5 release in a brief form:
我说的是“一个更具解释性的形式”,因为Qt WebEngine的Qt文档实际上以简短的形式描述了自Qt 6.5发布以来这些更新的速度:
"The Chromium version used is the one used by the latest stable Chrome version at the time of Qt feature freeze for the current version of Qt WebEngine. Additional security patches are cherry picked from newer Chrome releases on every patch release, security patches released in time for the Qt patch release freeze will be included. If Chrome releases critical fixes outside our release window, the next patch release is sped up to ensure a patched Qt WebEngine is released before the patch details goes public.
“所使用的Chromium版本是当前版本的Qt WebEngine在Qt功能冻结时最新稳定的Chrome版本所使用的版本。在每个补丁发布时,都会从较新的Chrome版本中精心挑选额外的安全补丁,在Qt补丁发布冻结前及时发布的安全补丁也将包括在内。如果Chrome在我们的发布窗口之外发布关键修复程序下一个补丁的发布速度将加快,以确保在补丁细节公开之前发布一个修补过的QtWebEngine。
If you need a newer Qt WebEngine beyond security fixes, and can not update all of Qt, Qt WebEngine supports building with older version of Qt back to the last Qt LTS. For instance Qt WebEngine 6.3, 6.4, and 6.5 can all be built with Qt 6.2. In Qt LTS releases, Qt WebEngine may be fully replaced with such a newer version to make security patching easier".如果在安全修复之外需要更新的Qt WebEngine,并且无法更新所有Qt,则Qt Web引擎支持使用旧版本的Qt构建回上一个Qt LTS。例如,Qt WebEngine 6.3、6.4和6.5都可以使用Qt 6.2构建。在Qt LTS版本中,Qt WebEngine可能会被这样一个更新的版本完全取代,以使安全补丁更容易”。
You can find this in "Qt WebEngine" -> "Qt WebEngine Overview" , and then the section "Qt WebEngine Core Module".
可以在“Qt WebEngine”->“Qt Web Engine概述”中找到这一点,然后在“Qt-WebEngine核心模块”部分找到
I thought I better make a picture with a timeline, use Qt 6.5 as a reference, and see what is going on. Before we have a look at this, lets see what the pulse of releases in the Chromium project is.
我想我最好拍一张有时间线的照片,用Qt 6.5作为参考,看看发生了什么。在我们看这之前,让我们看看Chromium项目中发布的脉冲是什么。
Here, it is important to keep mind that "Chromium" is the open source project which develops and releases "Chromium" as a core browser technology. It is not the same as "Chrome" which if often used as a short name of "Google Chrome" browser. Chromium provides a large part of the Google Chrome browser, but some features are only available in Chrome. Chromium is also used in other projects and products, including the Qt Project with Qt WebEngine in Qt 5.2 and later. Due to the tight historical relationship between "Chromium" and "Chrome", these names are still intermixed on many various places in the online documentation of "Chromium" and in other information sources.
在这里,重要的是要记住,“Chromium”是一个开源项目,它开发并发布了“Chromium”作为核心浏览器技术。它与“Chrome”不同,后者通常被用作“谷歌Chrome”浏览器的简称。Chromium提供了谷歌Chrome浏览器的很大一部分,但仅部分功能在Chrome中可用。Chromium还用于其他项目和产品,包括Qt 5.2及更高版本中的Qt WebEngine的Qt项目。由于“Chromium”和“Chrome”之间的紧密历史关系,这些名称仍然混杂在“Chromium”的在线文档和其他信息来源的许多不同地方。
The release cycle of Chromium is defined in the Chromium documentation under "Chrome Release Cycle" and can be followed on the page "Schedule". The Chromium project releases a new version of Chrome all four weeks. Each second release is an "LTS" release and it lasts twice as long: eight weeks. There are no "feature releases", "bug fix releases", nor any sort of "security hot fixes" published separately. It is a single stream of constant updates coming on a fast pace. The Qt WebEngine uses the regular release cycle of Chromium, since the "LTS" cycle of eight weeks does not bring any additional value in context of Qt releases. Still, in addition, the Qt WebEngine development team watches the ongoing works in Chromium including its security mailing list. The team selects a specific Chromium release to be taken into Qt WebEngine as next. We believe that this brings more value to Qt users.
Chromium的发布周期在Chromium文档中的“Chrome发布周期”下进行了定义,可以在“时间表”页面上遵循。Chromium项目将在四周内发布新版Chrome。每二次发布都是一次“LTS”发布,持续时间是原来的两倍:八周。没有单独发布“功能发布”、“bug修复发布”或任何类型的“安全热修复”。这是一个以快速的速度不断更新的单一流。Qt WebEngine使用Chromium的常规发布周期,因为八周的“LTS”周期在Qt发布的上下文中不会带来任何额外的价值。此外,Qt WebEngine开发团队还关注Chromium中正在进行的工作,包括其安全邮件列表。该团队选择了一个特定的Chromium版本作为下一个版本加入Qt WebEngine。我们相信这将为Qt用户带来更多价值
The picture below outlines a series of Qt and Qt WebEngine releases placed on a timeline. It has additional marks for some specific events. The text below is split into (a-f) sections related to that event marks on the picture. See the legend for other details.
下面的图片概述了一系列放置在时间线上的Qt和Qt WebEngine发布。它有一些特定事件的额外标记。下面的文本分为与图片上的事件标记相关的(a-f)部分。有关其他详细信息,请参见图例。
Lets walk along the timeline and review what happens at a given event mark.
让我们沿着时间线走一走,回顾在给定的事件标记处发生了什么。
(a) Qt Releases
(a) Qt发布
Lets take the Qt 6.5 as a base. Qt 6.5.0 was released in the Spring of 2023. It will become LTS sometime in the future. In this picture, the green boxes stand for releases shipped in the Qt Installer as pre-built binary packages. Qt WebEngine is listed in Qt Installer as an entry in the "Additional Libraries" section under a given Qt version section.
让我们以Qt 6.5为基础。Qt 6.5.0于2023年春季发布。它将在未来某个时候成为LTS。在这张图片中,绿色框代表Qt安装程序中作为预构建二进制包提供的版本。Qt WebEngine列在Qt安装程序中,作为给定Qt版本部分下“附加库”部分的一个条目。
(b) Qt WebEngine and intakes from Chromium
(b) Qt WebEngine和Chromium的摄入量
The Qt WebEngine is integrated as a git sub-module in the Qt git repository. This repository follows the pulse of Qt branching and naming. When Qt starts a release branch, lets say, 6.5.0, the same happens for Qt WebEngine. Most lines of code in the Qt WebEngine repository are actually from Chromium
Qt-WebEngine作为一个子模块集成在Qt-git存储库中。这个存储库遵循Qt分支和命名的脉搏。当Qt启动一个发布分支时,比如说6.5.0,Qt-WebEngine也会发生同样的情况。Qt WebEngine存储库中的大多数代码行实际上都来自Chromium
Integration of new Chromium versions is an important and complex work for Qt WebEngine. A new major version of Chromium is always used and set at the time of Feature Freeze in Qt. The blue arrows mark this on the picture. Additionally, the team follows the security mailing list in the Chromium project and back-ports security patches if required for a given Chromium baseline used the Qt WebEngine baseline. The intakes of these security patches are shown as red arrows. They happen on an irregular basis, depedending on security assessments in the Chromium project.
新Chromium版本的集成对于QtWebEngine来说是一项重要而复杂的工作。Chromium的新主要版本总是在Qt中的功能冻结时使用和设置。蓝色箭头在图片上标明了这一点。此外,该团队遵循Chromium项目中的安全邮件列表,如果给定Chromium基线需要,则使用Qt WebEngine基线返回端口安全补丁。这些安全补丁的入口显示为红色箭头。它们是不定期发生的,取决于Chromium项目的安全评估。
As mentioned in the Qt documentation, the used main version of Chromium as well as the reference to latest security patches can be looked up either programmatically, via API, or in the file CHROMIUM_VERSION file in the top-level folder of the Qt WebEngine repository. In Qt 6.5.0, it is Chromium 108.0.5359.181 with security patches from Chromium 110.0.5481.104:
如Qt文档中所述,使用的Chromium主版本以及对最新安全补丁的引用可以通过API以编程方式查找,也可以在Qt WebEngine存储库顶层文件夹中的文件CHROMIUM_VERSION中查找。在Qt 6.5.0中,它是Chromium 108.0.5359.181,带有Chromium 110.05481.104的安全补丁:
➜ qtwebengine git:(6.5.0) ✗ cat CHROMIUM_VERSION Based on Chromium version: 108.0.5359.181 Patched with security patches up to Chromium version: 110.0.5481.104
In Qt 6.5.1, it is Chromium 108.0.5359.181 (the same; continue reading to learn why) with security patches from Chromium 112.0.5615.138 (upgraded). Now, you could ask, why those numbers are so different if Qt 6.5.1 is just a patch release of Qt 6.5. This is because Chromium 108.0.5359.181 was integrated at the time point of Qt 6.5 feature freeze and so long before 6.5.0. At the release time of 6.5.0, the security patches from Chromium 110.0.5481.104 were used to update the Chromium for the release of Qt 6.5.0. Later, with Qt 6.5.1, the security patches as of 112.0.5615.138 were taken in. So, they basically include all other eventual security patches between 110.0.5481.104 (in 6.5.0) and 112.0.5615.138 (in 6.5.1). So, if the IT-Security folks from your company or from your customer ask you which version of Chromium is running in your app, you can refer to this number.
在Qt 6.5.1中,它是Chromium 108.0.5359.181(相同;继续阅读以了解原因),带有Chromium 112.0.5615.138(升级版)的安全补丁。现在,你可能会问,如果Qt 6.5.1只是Qt 6.5的补丁版本,为什么这些数字如此不同。这是因为Chromium 108.0.5359.181是在Qt 6.5功能冻结的时间点集成的,而且早在6.5.0之前。在6.5.0发布时,Chromium 110.05481.104中的安全补丁用于更新Chromium以发布Qt 6.5.0。后来,在Qt 6.5.1中,112.0.5615.138的安全补丁被接受。因此,它们基本上包括110.05481.104(在6.5.0中)和112.0.5615.138(在6.5.1中)之间的所有其他最终安全补丁。因此,如果您公司或客户的IT安全人员问您的应用程序中运行的是哪个版本的Chromium,您可以参考这个数字。
(c) Update of the Qt WebEngine
(c) Qt WebEngine的更新
This point marks the feature freeze of Qt 6.6 and, certainly, of Qt WebEngine as well. Like in any other minor release, Qt WebEngine will move onto a new Chromium release. The exact Chromium version will be updated by the time of the release of 6.6.0. This will form the Qt WebEngine 6.6 which will be provided with the Qt 6.5.x releases. For the first time, this will be with the next bug fix release Qt 6.5. With this, a Qt 6.5 installation from the Qt Installer would also get a newer Chromium baseline version as well as all recent security patches, making it at the same level as the Chromium in Qt WebEngine in Qt 6.6.x. With this, if you keep updating updating Qt 6.5 in your application to its newer bug fix releases, your application will also get all Chromium security fixes from the Qt WebEngine 6.6.x.
这一点标志着Qt 6.6的功能冻结,当然,Qt WebEngine也是如此。与任何其他小版本一样,Qt WebEngine将进入新的Chromium版本。Chromium的确切版本将在6.6.0发布时进行更新。这将形成Qt WebEngine 6.6,它将与Qt 6.5.x版本一起提供。这将是第一次出现在下一个bug修复版本Qt 6.5中。有了这一点,Qt安装程序安装的Qt 6.5也将获得更新的Chromium基线版本以及所有最新的安全补丁,使其与Qt 6.6.x中Qt WebEngine中的Chromium处于同一级别。这样,如果继续更新应用程序中的Qt 6.5-更新到其更新的错误修复版本,应用程序还将从Qt WebEngine 6.6.x获得所有Chromium安全修复。
(d) Updates continue
(d) 更新继续
This point is comparable to the point (c) in general. Updates continue with Qt 6.7 and Qt WebEngine 6.7. Notably, as the picture shows, the builds of Qt WebEngine 6.7 are not provided with the Qt 6.6.x in the Qt Installer, but they are provided with the Qt 6.5.x since it is an LTS release. Nevertheless, the Qt WebEngine 6.7 should build and run well with Qt 6.6.x, but this is not tested on Qt CI. The Qt 6.5 LTS provides a baseline with ongoing Chromium updates, including the security-relates ones.
这一点大体上与(c)点相当。Qt 6.7和Qt WebEngine 6.7继续更新。值得注意的是,如图所示,Qt WebEngine 6.7的构建在Qt安装程序中没有提供Qt 6.6.x,但它们提供了Qt 6.5.x,因为它是一个LTS版本。尽管如此,Qt WebEngine 6.7应该与Qt 6.6.x一起构建并运行良好,但这并没有在Qt CI上进行测试。Qt 6.5 LTS为正在进行的Chromium更新提供了基线,包括与安全相关的更新。
(e) The next Qt release which will be LTS some time in the future
(e) 下一个Qt版本将是未来某个时间的LTS
Qt 6.8 will be the next LTS release after Qt 6.5. At this stage, the process remains the same as described above, but then the (f) comes...
Qt 6.8将是继Qt 6.5之后的下一个LTS版本。在这个阶段,过程与上述相同,但随后(f)出现。。。
(f) The new regular release comes
(f) 新的定期发布
This point brings differences, since it marks the start of a new cycle of upgrades of Qt WebEngine, which basically would repeat all the principles of the process shown on the picture. Since Qt 6.9 corresponds to Qt 6.8 in terms of our process in the same way as Qt 6.6 did to 6.5, the new Chromium from Qt WebEngine 6.9 would only go to Qt 6.8 but not to Qt 6.5 on a regular basis. Still, in case of very important security fixes, we will update Qt 6.5 LTS as well. This was not needed in the past, thought. The pricinples of intakes of Chromium and its versioning remain the same in general.
这一点带来了不同,因为它标志着Qt WebEngine新一轮升级的开始,基本上会重复图片上显示的所有过程原理。由于在我们的流程中,Qt 6.9与Qt 6.8对应,与Qt 6.6与6.5对应的方式相同,因此Qt WebEngine 6.9中的新Chromium将仅定期进入Qt 6.8,而不会进入Qt 6.5。尽管如此,在非常重要的安全修复的情况下,我们也将更新Qt 6.5 LTS。我想,这在过去是不需要的。Chromium的投入及其版本通常保持不变。
Summary
总结
The update cycle for Qt WebEngine is outlined in the Qt Docs and discussed in this blog post to explain how Qt ships updated Chromium and its security fixes with updated Qt WebEngine for the lifetime of Qt LTS releases. Qt users can build a newer Qt WebEngine on top of a Qt build. Not all technically possible combinations are not provided via the Qt Installer, nor tested in CI. Due to this, the scope of formal Support is limited to versions which are provided in the Qt Installer. Each next cycle of this update process starts with first Qt release after an LTS release. Qt users should plan to update to a new Qt LTS releases promptly. This ensures continuity in updates of Chromium over a longer period of time.
Qt文档中概述了Qt WebEngine的更新周期,并在本博客文章中进行了讨论,以解释Qt如何在Qt LTS版本的整个生命周期内通过更新的Qt Web引擎提供更新的Chromium及其安全修复。Qt用户可以在Qt构建的基础上构建一个更新的Qt WebEngine。并非所有技术上可能的组合都不是通过Qt安装程序提供的,也不是在CI中测试的。因此,正式支持的范围仅限于Qt安装工具中提供的版本。这个更新过程的每个下一个周期都从LTS发布之后的第一个Qt发布开始。Qt用户应该计划立即更新到新的Qt LTS版本。这确保了Chromium在较长时间内的连续更新。
748
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
