chromium: Update all channels to latest versions.
Overview of the updated versions: stable: 40.0.2214.91 -> 40.0.2214.115 beta: 41.0.2272.16 -> 41.0.2272.64 dev: 41.0.2272.16 -> 42.0.2305.3 Introduces 42.0.2305.3 as the new dev version, which no longer requires our user namespaces sandbox patch. Thanks to everyone participating in https://crbug.com/312380 for finally having this upstream. In the course of supporting the official namespace sandbox (that's what the user namespace sandbox is called), a few things needed to be fixed for version 42: * Add an updated nix_plugin_paths.patch, because the old one tries to patch the path for libpdf, which is now natively included in Chromium. * Don't copy libpdf.so to libexec path for version 42, it's no longer needed as it's completely built-in now. * Disable SUID sandbox directly in the source instead of going the easy route of passing --disable-setuid-sandbox. The reason is that with the command line flag a nasty nagbar will appear. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
d15d0bebc3
commit
0aad4b7ee4
@ -12,8 +12,10 @@ mkChromiumDerivation (base: rec {
|
||||
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
|
||||
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
|
||||
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
|
||||
cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/"
|
||||
|
||||
cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"
|
||||
${optionalString (versionOlder base.version "42.0.0.0") ''
|
||||
cp -v "$buildPath/libpdf.so" "$libExecPath/"
|
||||
''}
|
||||
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
|
||||
|
||||
mkdir -vp "$out/share/man/man1"
|
||||
|
@ -135,11 +135,11 @@ let
|
||||
-exec chmod u+w {} +
|
||||
'';
|
||||
|
||||
postPatch = ''
|
||||
postPatch = optionalString (versionOlder version "42.0.0.0") ''
|
||||
sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
|
||||
sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));
|
||||
' sandbox/linux/suid/client/setuid_sandbox_client.cc
|
||||
|
||||
'' + ''
|
||||
sed -i -e '/module_path *=.*libexif.so/ {
|
||||
s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
|
||||
}' chrome/utility/media_galleries/image_metadata_extractor.cc
|
||||
@ -166,7 +166,9 @@ let
|
||||
use_openssl = useOpenSSL;
|
||||
selinux = enableSELinux;
|
||||
use_cups = cupsSupport;
|
||||
} // optionalAttrs (versionOlder version "42.0.0.0") {
|
||||
linux_sandbox_chrome_path="${libExecPath}/${packageName}";
|
||||
} // {
|
||||
werror = "";
|
||||
clang = false;
|
||||
enable_hidpi = hiDPISupport;
|
||||
|
@ -73,13 +73,15 @@ in stdenv.mkDerivation {
|
||||
sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
|
||||
mkEnvVar = key: val: "--set '${key}' '${val}'";
|
||||
envVars = chromium.plugins.settings.envVars or {};
|
||||
isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0";
|
||||
flags = chromium.plugins.settings.flags or [];
|
||||
setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\"";
|
||||
in with stdenv.lib; ''
|
||||
mkdir -p "$out/bin" "$out/share/applications"
|
||||
|
||||
ln -s "${chromium.browser}/share" "$out/share"
|
||||
makeWrapper "${browserBinary}" "$out/bin/chromium" \
|
||||
--set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \
|
||||
${optionalString (!isVer42) setBinPath} \
|
||||
${concatStrings (mapAttrsToList mkEnvVar envVars)} \
|
||||
--add-flags "${concatStringsSep " " flags}"
|
||||
|
||||
|
@ -9,7 +9,9 @@ with (import ./update.nix {
|
||||
inherit (stdenv) system;
|
||||
}).getChannel channel;
|
||||
|
||||
stdenv.mkDerivation {
|
||||
let
|
||||
pre42 = versionOlder version "42.0.0.0";
|
||||
in stdenv.mkDerivation {
|
||||
name = "chromium-source-${version}";
|
||||
|
||||
src = fetchurl main;
|
||||
@ -22,7 +24,11 @@ stdenv.mkDerivation {
|
||||
|
||||
prePatch = "patchShebangs .";
|
||||
|
||||
patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ];
|
||||
patches = if pre42 then [
|
||||
./sandbox_userns_36.patch ./nix_plugin_paths.patch
|
||||
] else [
|
||||
./nix_plugin_paths_42.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
sed -i -r \
|
||||
@ -32,6 +38,9 @@ stdenv.mkDerivation {
|
||||
build/common.gypi chrome/chrome_tests.gypi
|
||||
'' + optionalString useOpenSSL ''
|
||||
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
|
||||
'' + optionalString (!pre42) ''
|
||||
sed -i -e '/LOG.*no_suid_error/d' \
|
||||
"$main/content/browser/browser_main_loop.cc"
|
||||
'';
|
||||
|
||||
outputs = [ "out" "sandbox" "bundled" "main" ];
|
||||
|
@ -0,0 +1,93 @@
|
||||
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
|
||||
index 8a205a6..d5c24e1 100644
|
||||
--- a/chrome/common/chrome_paths.cc
|
||||
+++ b/chrome/common/chrome_paths.cc
|
||||
@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>
|
||||
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
|
||||
|
||||
// Gets the path for internal plugins.
|
||||
-bool GetInternalPluginsDirectory(base::FilePath* result) {
|
||||
-#if defined(OS_MACOSX) && !defined(OS_IOS)
|
||||
- // If called from Chrome, get internal plugins from a subdirectory of the
|
||||
- // framework.
|
||||
- if (base::mac::AmIBundled()) {
|
||||
- *result = chrome::GetFrameworkBundlePath();
|
||||
- DCHECK(!result->empty());
|
||||
- *result = result->Append("Internet Plug-Ins");
|
||||
- return true;
|
||||
- }
|
||||
- // In tests, just look in the module directory (below).
|
||||
-#endif
|
||||
-
|
||||
- // The rest of the world expects plugins in the module directory.
|
||||
- return PathService::Get(base::DIR_MODULE, result);
|
||||
+bool GetInternalPluginsDirectory(base::FilePath* result,
|
||||
+ const std::string& ident) {
|
||||
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
|
||||
+ const char* value = getenv(full_env.c_str());
|
||||
+ if (value == NULL)
|
||||
+ return PathService::Get(base::DIR_MODULE, result);
|
||||
+ else
|
||||
+ *result = base::FilePath(value);
|
||||
}
|
||||
|
||||
} // namespace
|
||||
@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
create_dir = true;
|
||||
break;
|
||||
case chrome::DIR_INTERNAL_PLUGINS:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
|
||||
return false;
|
||||
break;
|
||||
case chrome::DIR_PEPPER_FLASH_PLUGIN:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
|
||||
return false;
|
||||
cur = cur.Append(kPepperFlashBaseDirectory);
|
||||
break;
|
||||
@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
cur = cur.Append(FILE_PATH_LITERAL("script.log"));
|
||||
break;
|
||||
case chrome::FILE_FLASH_PLUGIN:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))
|
||||
return false;
|
||||
cur = cur.Append(kInternalFlashPluginFileName);
|
||||
break;
|
||||
@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
cur = cur.Append(chrome::kPepperFlashPluginFilename);
|
||||
break;
|
||||
case chrome::FILE_EFFECTS_PLUGIN:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS"))
|
||||
return false;
|
||||
cur = cur.Append(kEffectsPluginFileName);
|
||||
break;
|
||||
@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
// We currently need a path here to look up whether the plugin is disabled
|
||||
// and what its permissions are.
|
||||
case chrome::FILE_NACL_PLUGIN:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "NACL"))
|
||||
return false;
|
||||
cur = cur.Append(kInternalNaClPluginFileName);
|
||||
break;
|
||||
@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
cur = cur.DirName();
|
||||
}
|
||||
#else
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
|
||||
return false;
|
||||
#endif
|
||||
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
|
||||
@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||
// In the component case, this is the source adapter. Otherwise, it is the
|
||||
// actual Pepper module that gets loaded.
|
||||
case chrome::FILE_WIDEVINE_CDM_ADAPTER:
|
||||
- if (!GetInternalPluginsDirectory(&cur))
|
||||
+ if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
|
||||
return false;
|
||||
cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
|
||||
break;
|
@ -1,21 +1,21 @@
|
||||
# This file is autogenerated from update.sh in the parent directory.
|
||||
{
|
||||
dev = {
|
||||
version = "41.0.2272.16";
|
||||
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
|
||||
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
|
||||
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
|
||||
version = "42.0.2305.3";
|
||||
sha256 = "00338x1x78wcvaxcnnq5cng30450gsyqnlwplgyq7zjsrpqpprvn";
|
||||
sha256bin32 = "1xxmyfmdksqpwwf3wxhxrxvqnvjxlwkhkrdzkmra7d74hz7mqjz7";
|
||||
sha256bin64 = "0q4hvvkjzy46x9hfhchywakzrd0jfwhxxsv96cz3yfcqwasf42x7";
|
||||
};
|
||||
beta = {
|
||||
version = "41.0.2272.16";
|
||||
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
|
||||
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
|
||||
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
|
||||
version = "41.0.2272.64";
|
||||
sha256 = "0jq864636527fpnrkdaalp73hjcd581imdk13bxfi6g4ic0sizkg";
|
||||
sha256bin32 = "12sisp6bk6qvgikzxi616d8cnrrgs2593kyq7sv3276wjz34a07m";
|
||||
sha256bin64 = "1vz89r43byd0shjvr6bvmwlsh97fx281hlzfv49q9k49piyfylgp";
|
||||
};
|
||||
stable = {
|
||||
version = "40.0.2214.91";
|
||||
sha256 = "0ja1wvjn0g8xs20j87s3gl9h70yzx8rfa3k126wnl9gay6gxlbzp";
|
||||
sha256bin32 = "0mfg66s7fqx6v8n0hilsw40i5ximasbqhrmw4fpnpa0x0i77bphj";
|
||||
sha256bin64 = "14lqm8m937b9sl5k7sc939aar76ij9790c807yahk6q36mfyd269";
|
||||
version = "40.0.2214.115";
|
||||
sha256 = "19d6zd71w3zvqwb0ncdapfwkckjgqmb1jfg228jvaispp9nvjq92";
|
||||
sha256bin32 = "1sv8sj0xp14q5693jcwwipinx539d5rgvhqcxm6b030024jjh8sr";
|
||||
sha256bin64 = "1zgb9g6fr29i7f9s1s1dcih1qjiz62ir90k0fsam9df99gzmmyc0";
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user