chromium: Remove out-of-tree sandbox derivation.
Since 0aad4b7
, we no longer need to have an external sandbox binary,
because the upstream implementation of the user namespace sandbox no
longer needs an external sandbox binary.
In our implementation of the user namespace sandbox, we (ab)used the
setuid sandbox to run non-setuid and set up user namespaces instead.
Because our implementation is no longer needed, we can safely drop the
external binary entirely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
97ddd04ca9
commit
a80437e236
@ -126,7 +126,6 @@ let
|
||||
# derivations.
|
||||
prePatch = ''
|
||||
cp -dr --no-preserve=mode "${source.main}"/* .
|
||||
cp -dr --no-preserve=mode "${source.sandbox}" sandbox
|
||||
cp -dr "${source.bundled}" third_party
|
||||
chmod -R u+w third_party
|
||||
'';
|
||||
|
@ -33,7 +33,6 @@ let
|
||||
};
|
||||
|
||||
browser = callPackage ./browser.nix { };
|
||||
sandbox = callPackage ./sandbox.nix { };
|
||||
|
||||
plugins = callPackage ./plugins.nix {
|
||||
inherit enablePepperFlash enableWideVine;
|
||||
@ -71,7 +70,6 @@ in stdenv.mkDerivation {
|
||||
|
||||
buildCommand = let
|
||||
browserBinary = "${chromium.browser}/libexec/chromium/chromium";
|
||||
sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
|
||||
mkEnvVar = key: val: "--set '${key}' '${val}'";
|
||||
envVars = chromium.plugins.settings.envVars or {};
|
||||
flags = chromium.plugins.settings.flags or [];
|
||||
|
@ -1,21 +0,0 @@
|
||||
{ stdenv, source }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "chromium-sandbox-${source.version}";
|
||||
src = source.sandbox;
|
||||
|
||||
patchPhase = ''
|
||||
sed -i -e '/#include.*base_export/c \
|
||||
#define BASE_EXPORT __attribute__((visibility("default")))
|
||||
/#include/s|sandbox/linux|'"$(pwd)"'/linux|
|
||||
' linux/suid/*.[hc]
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
gcc -Wall -std=gnu99 -o sandbox linux/suid/*.c
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -svD sandbox "$out/bin/chromium-sandbox"
|
||||
'';
|
||||
}
|
@ -14,7 +14,6 @@ let
|
||||
"s,^[^/]+(.*)$,$main\\1,"
|
||||
"s,$main/(build|tools)(/.*)?$,$out/\\1\\2,"
|
||||
"s,$main/third_party(/.*)?$,$bundled\\1,"
|
||||
"s,$main/sandbox(/.*)?$,$sandbox\\1,"
|
||||
"s,^/,,"
|
||||
]);
|
||||
|
||||
@ -29,7 +28,7 @@ in stdenv.mkDerivation {
|
||||
buildInputs = [ python ]; # cannot patch shebangs otherwise
|
||||
|
||||
phases = [ "unpackPhase" "patchPhase" ];
|
||||
outputs = [ "out" "sandbox" "bundled" "main" ];
|
||||
outputs = [ "out" "bundled" "main" ];
|
||||
|
||||
unpackPhase = ''
|
||||
tar xf "$src" -C / \
|
||||
|
Loading…
Reference in New Issue
Block a user