pyrox.dev / nixpkgs
lol
fork atom

chromium: Update all channels to latest versions.

Overview of the updated versions:

stable: 40.0.2214.91 -> 40.0.2214.115
beta: 41.0.2272.16 -> 41.0.2272.64
dev: 41.0.2272.16 -> 42.0.2305.3

Introduces 42.0.2305.3 as the new dev version, which no longer requires
our user namespaces sandbox patch. Thanks to everyone participating in
https://crbug.com/312380 for finally having this upstream.

In the course of supporting the official namespace sandbox (that's what
the user namespace sandbox is called), a few things needed to be fixed
for version 42:

* Add an updated nix_plugin_paths.patch, because the old
one tries to patch the path for libpdf, which is now natively included
in Chromium.

* Don't copy libpdf.so to libexec path for version 42, it's no longer
needed as it's completely built-in now.

* Disable SUID sandbox directly in the source instead of going the easy
route of passing --disable-setuid-sandbox. The reason is that with
the command line flag a nasty nagbar will appear.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

aszlig 0aad4b7e d15d0beb

options
unified split
Changed files
+127 -19
pkgs
applications
networking
browsers
chromium
browser.nix
common.nix
default.nix
source
default.nix
nix_plugin_paths_42.patch
sources.nix
+4 -2
pkgs/applications/networking/browsers/chromium/browser.nix 
···

       
12

       
12

       
 

       
    cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"


     

       
13

       
13

       
 

       
    cp -v "$buildPath/icudtl.dat" "$libExecPath/"


     

       
14

       
14

       
 

       
    cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"


     

       
15

       

       
-

       
    cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/"


     

       
16

       

       
-

       



     

       

       
15

       
+

       
    cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"


     

       

       
16

       
+

       
    ${optionalString (versionOlder base.version "42.0.0.0") ''


     

       

       
17

       
+

       
      cp -v "$buildPath/libpdf.so" "$libExecPath/"


     

       

       
18

       
+

       
    ''}


     

       
17

       
19

       
 

       
    cp -v "$buildPath/chrome" "$libExecPath/$packageName"


     

       
18

       
20

       
 

       



     

       
19

       
21

       
 

       
    mkdir -vp "$out/share/man/man1"
+4 -2
pkgs/applications/networking/browsers/chromium/common.nix 
···

       
135

       
135

       
 

       
        -exec chmod u+w {} +


     

       
136

       
136

       
 

       
    '';


     

       
137

       
137

       
 

       



     

       
138

       

       
-

       
    postPatch = ''


     

       

       
138

       
+

       
    postPatch = optionalString (versionOlder version "42.0.0.0") ''


     

       
139

       
139

       
 

       
      sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \


     

       
140

       
140

       
 

       
        sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));


     

       
141

       
141

       
 

       
      ' sandbox/linux/suid/client/setuid_sandbox_client.cc


     

       
142

       

       
-

       



     

       

       
142

       
+

       
    '' + ''


     

       
143

       
143

       
 

       
      sed -i -e '/module_path *=.*libexif.so/ {


     

       
144

       
144

       
 

       
        s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|


     

       
145

       
145

       
 

       
      }' chrome/utility/media_galleries/image_metadata_extractor.cc


     
···

       
166

       
166

       
 

       
      use_openssl = useOpenSSL;


     

       
167

       
167

       
 

       
      selinux = enableSELinux;


     

       
168

       
168

       
 

       
      use_cups = cupsSupport;


     

       

       
169

       
+

       
    } // optionalAttrs (versionOlder version "42.0.0.0") {


     

       
169

       
170

       
 

       
      linux_sandbox_chrome_path="${libExecPath}/${packageName}";


     

       

       
171

       
+

       
    } // {


     

       
170

       
172

       
 

       
      werror = "";


     

       
171

       
173

       
 

       
      clang = false;


     

       
172

       
174

       
 

       
      enable_hidpi = hiDPISupport;
+3 -1
pkgs/applications/networking/browsers/chromium/default.nix 
···

       
73

       
73

       
 

       
    sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";


     

       
74

       
74

       
 

       
    mkEnvVar = key: val: "--set '${key}' '${val}'";


     

       
75

       
75

       
 

       
    envVars = chromium.plugins.settings.envVars or {};


     

       

       
76

       
+

       
    isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0";


     

       
76

       
77

       
 

       
    flags = chromium.plugins.settings.flags or [];


     

       

       
78

       
+

       
    setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\"";


     

       
77

       
79

       
 

       
  in with stdenv.lib; ''


     

       
78

       
80

       
 

       
    mkdir -p "$out/bin" "$out/share/applications"


     

       
79

       
81

       
 

       



     

       
80

       
82

       
 

       
    ln -s "${chromium.browser}/share" "$out/share"


     

       
81

       
83

       
 

       
    makeWrapper "${browserBinary}" "$out/bin/chromium" \


     

       
82

       

       
-

       
      --set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \


     

       

       
84

       
+

       
      ${optionalString (!isVer42) setBinPath} \


     

       
83

       
85

       
 

       
      ${concatStrings (mapAttrsToList mkEnvVar envVars)} \


     

       
84

       
86

       
 

       
      --add-flags "${concatStringsSep " " flags}"


     

       
85

       
87
+11 -2
pkgs/applications/networking/browsers/chromium/source/default.nix 
···

       
9

       
9

       
 

       
  inherit (stdenv) system;


     

       
10

       
10

       
 

       
}).getChannel channel;


     

       
11

       
11

       
 

       



     

       
12

       

       
-

       
stdenv.mkDerivation {


     

       

       
12

       
+

       
let


     

       

       
13

       
+

       
  pre42 = versionOlder version "42.0.0.0";


     

       

       
14

       
+

       
in stdenv.mkDerivation {


     

       
13

       
15

       
 

       
  name = "chromium-source-${version}";


     

       
14

       
16

       
 

       



     

       
15

       
17

       
 

       
  src = fetchurl main;


     
···

       
22

       
24

       
 

       



     

       
23

       
25

       
 

       
  prePatch = "patchShebangs .";


     

       
24

       
26

       
 

       



     

       
25

       

       
-

       
  patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ];


     

       

       
27

       
+

       
  patches = if pre42 then [


     

       

       
28

       
+

       
    ./sandbox_userns_36.patch ./nix_plugin_paths.patch


     

       

       
29

       
+

       
  ] else [


     

       

       
30

       
+

       
    ./nix_plugin_paths_42.patch


     

       

       
31

       
+

       
  ];


     

       
26

       
32

       
 

       



     

       
27

       
33

       
 

       
  postPatch = ''


     

       
28

       
34

       
 

       
    sed -i -r \


     
···

       
32

       
38

       
 

       
      build/common.gypi chrome/chrome_tests.gypi


     

       
33

       
39

       
 

       
  '' + optionalString useOpenSSL ''


     

       
34

       
40

       
 

       
    cat $opensslPatches | patch -p1 -d third_party/openssl/openssl


     

       

       
41

       
+

       
  '' + optionalString (!pre42) ''


     

       

       
42

       
+

       
    sed -i -e '/LOG.*no_suid_error/d' \


     

       

       
43

       
+

       
      "$main/content/browser/browser_main_loop.cc"


     

       
35

       
44

       
 

       
  '';


     

       
36

       
45

       
 

       



     

       
37

       
46

       
 

       
  outputs = [ "out" "sandbox" "bundled" "main" ];
+93
pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch 
···

       

       
1

       
+

       
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc


     

       

       
2

       
+

       
index 8a205a6..d5c24e1 100644


     

       

       
3

       
+

       
--- a/chrome/common/chrome_paths.cc


     

       

       
4

       
+

       
+++ b/chrome/common/chrome_paths.cc


     

       

       
5

       
+

       
@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>


     

       

       
6

       
+

       
     g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;


     

       

       
7

       
+

       
 


     

       

       
8

       
+

       
 // Gets the path for internal plugins.


     

       

       
9

       
+

       
-bool GetInternalPluginsDirectory(base::FilePath* result) {


     

       

       
10

       
+

       
-#if defined(OS_MACOSX) && !defined(OS_IOS)


     

       

       
11

       
+

       
-  // If called from Chrome, get internal plugins from a subdirectory of the


     

       

       
12

       
+

       
-  // framework.


     

       

       
13

       
+

       
-  if (base::mac::AmIBundled()) {


     

       

       
14

       
+

       
-    *result = chrome::GetFrameworkBundlePath();


     

       

       
15

       
+

       
-    DCHECK(!result->empty());


     

       

       
16

       
+

       
-    *result = result->Append("Internet Plug-Ins");


     

       

       
17

       
+

       
-    return true;


     

       

       
18

       
+

       
-  }


     

       

       
19

       
+

       
-  // In tests, just look in the module directory (below).


     

       

       
20

       
+

       
-#endif


     

       

       
21

       
+

       
-


     

       

       
22

       
+

       
-  // The rest of the world expects plugins in the module directory.


     

       

       
23

       
+

       
-  return PathService::Get(base::DIR_MODULE, result);


     

       

       
24

       
+

       
+bool GetInternalPluginsDirectory(base::FilePath* result,


     

       

       
25

       
+

       
+                                 const std::string& ident) {


     

       

       
26

       
+

       
+  std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;


     

       

       
27

       
+

       
+  const char* value = getenv(full_env.c_str());


     

       

       
28

       
+

       
+  if (value == NULL)


     

       

       
29

       
+

       
+      return PathService::Get(base::DIR_MODULE, result);


     

       

       
30

       
+

       
+  else


     

       

       
31

       
+

       
+      *result = base::FilePath(value);


     

       

       
32

       
+

       
 }


     

       

       
33

       
+

       
 


     

       

       
34

       
+

       
 }  // namespace


     

       

       
35

       
+

       
@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
36

       
+

       
       create_dir = true;


     

       

       
37

       
+

       
       break;


     

       

       
38

       
+

       
     case chrome::DIR_INTERNAL_PLUGINS:


     

       

       
39

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
40

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "ALL"))


     

       

       
41

       
+

       
         return false;


     

       

       
42

       
+

       
       break;


     

       

       
43

       
+

       
     case chrome::DIR_PEPPER_FLASH_PLUGIN:


     

       

       
44

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
45

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))


     

       

       
46

       
+

       
         return false;


     

       

       
47

       
+

       
       cur = cur.Append(kPepperFlashBaseDirectory);


     

       

       
48

       
+

       
       break;


     

       

       
49

       
+

       
@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
50

       
+

       
       cur = cur.Append(FILE_PATH_LITERAL("script.log"));


     

       

       
51

       
+

       
       break;


     

       

       
52

       
+

       
     case chrome::FILE_FLASH_PLUGIN:


     

       

       
53

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
54

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))


     

       

       
55

       
+

       
         return false;


     

       

       
56

       
+

       
       cur = cur.Append(kInternalFlashPluginFileName);


     

       

       
57

       
+

       
       break;


     

       

       
58

       
+

       
@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
59

       
+

       
       cur = cur.Append(chrome::kPepperFlashPluginFilename);


     

       

       
60

       
+

       
       break;


     

       

       
61

       
+

       
     case chrome::FILE_EFFECTS_PLUGIN:


     

       

       
62

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
63

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS"))


     

       

       
64

       
+

       
         return false;


     

       

       
65

       
+

       
       cur = cur.Append(kEffectsPluginFileName);


     

       

       
66

       
+

       
       break;


     

       

       
67

       
+

       
@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
68

       
+

       
     // We currently need a path here to look up whether the plugin is disabled


     

       

       
69

       
+

       
     // and what its permissions are.


     

       

       
70

       
+

       
     case chrome::FILE_NACL_PLUGIN:


     

       

       
71

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
72

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "NACL"))


     

       

       
73

       
+

       
         return false;


     

       

       
74

       
+

       
       cur = cur.Append(kInternalNaClPluginFileName);


     

       

       
75

       
+

       
       break;


     

       

       
76

       
+

       
@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
77

       
+

       
         cur = cur.DirName();


     

       

       
78

       
+

       
       }


     

       

       
79

       
+

       
 #else


     

       

       
80

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
81

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "PNACL"))


     

       

       
82

       
+

       
         return false;


     

       

       
83

       
+

       
 #endif


     

       

       
84

       
+

       
       cur = cur.Append(FILE_PATH_LITERAL("pnacl"));


     

       

       
85

       
+

       
@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {


     

       

       
86

       
+

       
     // In the component case, this is the source adapter. Otherwise, it is the


     

       

       
87

       
+

       
     // actual Pepper module that gets loaded.


     

       

       
88

       
+

       
     case chrome::FILE_WIDEVINE_CDM_ADAPTER:


     

       

       
89

       
+

       
-      if (!GetInternalPluginsDirectory(&cur))


     

       

       
90

       
+

       
+      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))


     

       

       
91

       
+

       
         return false;


     

       

       
92

       
+

       
       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);


     

       

       
93

       
+

       
       break;
+12 -12
pkgs/applications/networking/browsers/chromium/source/sources.nix 
···

       
1

       
1

       
 

       
# This file is autogenerated from update.sh in the parent directory.


     

       
2

       
2

       
 

       
{


     

       
3

       
3

       
 

       
  dev = {


     

       
4

       

       
-

       
    version = "41.0.2272.16";


     

       
5

       

       
-

       
    sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";


     

       
6

       

       
-

       
    sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";


     

       
7

       

       
-

       
    sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";


     

       

       
4

       
+

       
    version = "42.0.2305.3";


     

       

       
5

       
+

       
    sha256 = "00338x1x78wcvaxcnnq5cng30450gsyqnlwplgyq7zjsrpqpprvn";


     

       

       
6

       
+

       
    sha256bin32 = "1xxmyfmdksqpwwf3wxhxrxvqnvjxlwkhkrdzkmra7d74hz7mqjz7";


     

       

       
7

       
+

       
    sha256bin64 = "0q4hvvkjzy46x9hfhchywakzrd0jfwhxxsv96cz3yfcqwasf42x7";


     

       
8

       
8

       
 

       
  };


     

       
9

       
9

       
 

       
  beta = {


     

       
10

       

       
-

       
    version = "41.0.2272.16";


     

       
11

       

       
-

       
    sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";


     

       
12

       

       
-

       
    sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";


     

       
13

       

       
-

       
    sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";


     

       

       
10

       
+

       
    version = "41.0.2272.64";


     

       

       
11

       
+

       
    sha256 = "0jq864636527fpnrkdaalp73hjcd581imdk13bxfi6g4ic0sizkg";


     

       

       
12

       
+

       
    sha256bin32 = "12sisp6bk6qvgikzxi616d8cnrrgs2593kyq7sv3276wjz34a07m";


     

       

       
13

       
+

       
    sha256bin64 = "1vz89r43byd0shjvr6bvmwlsh97fx281hlzfv49q9k49piyfylgp";


     

       
14

       
14

       
 

       
  };


     

       
15

       
15

       
 

       
  stable = {


     

       
16

       

       
-

       
    version = "40.0.2214.91";


     

       
17

       

       
-

       
    sha256 = "0ja1wvjn0g8xs20j87s3gl9h70yzx8rfa3k126wnl9gay6gxlbzp";


     

       
18

       

       
-

       
    sha256bin32 = "0mfg66s7fqx6v8n0hilsw40i5ximasbqhrmw4fpnpa0x0i77bphj";


     

       
19

       

       
-

       
    sha256bin64 = "14lqm8m937b9sl5k7sc939aar76ij9790c807yahk6q36mfyd269";


     

       

       
16

       
+

       
    version = "40.0.2214.115";


     

       

       
17

       
+

       
    sha256 = "19d6zd71w3zvqwb0ncdapfwkckjgqmb1jfg228jvaispp9nvjq92";


     

       

       
18

       
+

       
    sha256bin32 = "1sv8sj0xp14q5693jcwwipinx539d5rgvhqcxm6b030024jjh8sr";


     

       

       
19

       
+

       
    sha256bin64 = "1zgb9g6fr29i7f9s1s1dcih1qjiz62ir90k0fsam9df99gzmmyc0";


     

       
20

       
20

       
 

       
  };


     

       
21

       
21

       
 

       
}