chromium/update: Update Debian binaries as well.

This cases the Debian binaries to be fetched from Google's official APT repository. If we aren't able to find a package from the APT repository, it's very likely that it already got deleted upstream and we need to fallback to mirrors instead. Unfortunately, we can't use mirrors for updating, because Google doesn't sign the Debian packages themselves and only the release files. We're going to hook it into a Chromium updater soon, making the sha256 hashes publicly available, so if it is missing, we can still put the sha256 manually into sources.nix, without risking anything by blindly fetching from one of the provided mirrors. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-27 09:40:21 +01:00 · 2014-03-27 09:40:21 +01:00 · 6184ee89fe
commit 6184ee89fe
parent 2741523926
2 changed files with 79 additions and 10 deletions
--- a/pkgs/applications/networking/browsers/chromium/source/update.nix
+++ b/pkgs/applications/networking/browsers/chromium/source/update.nix
@ -1,7 +1,7 @@
 { system ? builtins.currentSystem }:

 let
-  inherit (import <nixpkgs> {}) lib writeText;
+  inherit (import <nixpkgs> {}) lib writeText stdenv;

  sources = if builtins.pathExists ./sources.nix
            then import ./sources.nix
@ -10,21 +10,34 @@ let
  bucketURL = "http://commondatastorage.googleapis.com/"
            + "chromium-browser-official";

+  debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g";
+
+  # Untrusted mirrors, don't try to update from them!
+  debMirrors = [
+    "http://95.31.35.30/chrome/pool/main/g"
+    "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
+  ];
+
  tryChannel = channel: let
-    chanAttrs = builtins.getAttr channel sources;
+    chan = builtins.getAttr channel sources;
  in if sources != null then ''
-    oldver="${chanAttrs.version}";
+    oldver="${chan.version}";
    echo -n "Checking if $oldver ($channel) is up to date..." >&2;
    if [ "x$(get_newest_ver "$version" "$oldver")" != "x$oldver" ];
    then
      echo " no, getting sha256 for new version $version:" >&2;
-      sha256="$(nix-prefetch-url "$url")" || return 1;
+      sha256="$(prefetch_sha "$channel" "$version")" || return 1;
    else
      echo " yes, keeping old sha256." >&2;
-      sha256="${chanAttrs.sha256}";
+      sha256="${chan.sha256}";
+      ${if (chan ? sha256bin32 && chan ? sha256bin64) then ''
+        sha256="$sha256.${chan.sha256bin32}.${chan.sha256bin64}";
+      '' else ''
+        sha256="$sha256.$(prefetch_deb_sha "$channel" "$version")";
+      ''}
    fi;
  '' else ''
-    sha256="$(nix-prefetch-url "$url")" || return 1;
+    sha256="$(prefetch_sha "$channel" "$version")" || return 1;
  '';

  caseChannel = channel: ''
@ -35,16 +48,62 @@ in rec {
  getChannel = channel: let
    chanAttrs = builtins.getAttr channel sources;
  in {
-    url = "${bucketURL}/chromium-${chanAttrs.version}.tar.xz";
-    inherit (chanAttrs) version sha256;
+    main = {
+      url = "${bucketURL}/chromium-${chanAttrs.version}.tar.xz";
+      inherit (chanAttrs) version sha256;
+    };
+
+    binary = let
+      pname = if channel == "dev"
+              then "google-chrome-unstable"
+              else "google-chrome-${channel}";
+      arch = if stdenv.is64bit then "amd64" else "i386";
+      relpath = "${pname}/${pname}_${chanAttrs.version}-1_${arch}.deb";
+    in lib.optionalAttrs (chanAttrs ? sha256bin64) {
+      urls = map (url: "${url}/${relpath}") ([ debURL ] ++ debMirrors);
+      sha256 = if stdenv.is64bit
+               then chanAttrs.sha256bin64
+               else chanAttrs.sha256bin32;
+      inherit (chanAttrs) version;
+    };
  };

  updateHelpers = writeText "update-helpers.sh" ''
+
+    prefetch_main_sha()
+    {
+      nix-prefetch-url "${bucketURL}/chromium-$2.tar.xz";
+    }
+
+    prefetch_deb_sha()
+    {
+      channel="$1";
+      version="$2";
+
+      case "$1" in
+        dev) pname="google-chrome-unstable";;
+        *)   pname="google-chrome-$channel";;
+      esac;
+
+      deb_pre="${debURL}/$pname/$pname";
+
+      deb32=$(nix-prefetch-url "''${deb_pre}_$version-1_i386.deb");
+      deb64=$(nix-prefetch-url "''${deb_pre}_$version-1_amd64.deb");
+
+      echo "$deb32.$deb64";
+      return 0;
+    }
+
+    prefetch_sha()
+    {
+      echo "$(prefetch_main_sha "$@").$(prefetch_deb_sha "$@")";
+      return 0;
+    }
+
    get_sha256()
    {
      channel="$1";
      version="$2";
-      url="${bucketURL}/chromium-$version.tar.xz";

      case "$channel" in
        ${lib.concatMapStrings caseChannel [ "stable" "dev" "beta" ]}
--- a/pkgs/applications/networking/browsers/chromium/source/update.sh
+++ b/pkgs/applications/networking/browsers/chromium/source/update.sh
@ -92,9 +92,19 @@ get_channel_exprs()

        sha_insert "$version" "$sha256";

+        main="${sha256%%.*}";
+        deb="${sha256#*.}";
+        deb32="${deb%.*}";
+        deb64="${deb#*.}";
+
        echo "  $channel = {";
        echo "    version = \"$version\";";
-        echo "    sha256 = \"$sha256\";";
+        echo "    sha256 = \"$main\";";
+        if [ "x${deb#*[a-z0-9].[a-z0-9]}" != "x$deb" ];
+        then
+            echo "    sha256bin32 = \"$deb32\";";
+            echo "    sha256bin64 = \"$deb64\";";
+        fi;
        echo "  };";
    done;
 }