From a80437e2360197aaf89a54a97f5aa2ee1c89eb44 Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 2 Jul 2015 10:24:19 +0200 Subject: [PATCH] chromium: Remove out-of-tree sandbox derivation. Since 0aad4b7, we no longer need to have an external sandbox binary, because the upstream implementation of the user namespace sandbox no longer needs an external sandbox binary. In our implementation of the user namespace sandbox, we (ab)used the setuid sandbox to run non-setuid and set up user namespaces instead. Because our implementation is no longer needed, we can safely drop the external binary entirely. Signed-off-by: aszlig --- .../networking/browsers/chromium/common.nix | 1 - .../networking/browsers/chromium/default.nix | 2 -- .../networking/browsers/chromium/sandbox.nix | 21 ------------------- .../browsers/chromium/source/default.nix | 3 +-- 4 files changed, 1 insertion(+), 26 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/chromium/sandbox.nix diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 714058d81e0b..7c55b06a3c45 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -126,7 +126,6 @@ let # derivations. prePatch = '' cp -dr --no-preserve=mode "${source.main}"/* . - cp -dr --no-preserve=mode "${source.sandbox}" sandbox cp -dr "${source.bundled}" third_party chmod -R u+w third_party ''; diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 7a355cbf59ac..1b5da0763e70 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -33,7 +33,6 @@ let }; browser = callPackage ./browser.nix { }; - sandbox = callPackage ./sandbox.nix { }; plugins = callPackage ./plugins.nix { inherit enablePepperFlash enableWideVine; @@ -71,7 +70,6 @@ in stdenv.mkDerivation { buildCommand = let browserBinary = "${chromium.browser}/libexec/chromium/chromium"; - sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox"; mkEnvVar = key: val: "--set '${key}' '${val}'"; envVars = chromium.plugins.settings.envVars or {}; flags = chromium.plugins.settings.flags or []; diff --git a/pkgs/applications/networking/browsers/chromium/sandbox.nix b/pkgs/applications/networking/browsers/chromium/sandbox.nix deleted file mode 100644 index b470ed633253..000000000000 --- a/pkgs/applications/networking/browsers/chromium/sandbox.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ stdenv, source }: - -stdenv.mkDerivation { - name = "chromium-sandbox-${source.version}"; - src = source.sandbox; - - patchPhase = '' - sed -i -e '/#include.*base_export/c \ - #define BASE_EXPORT __attribute__((visibility("default"))) - /#include/s|sandbox/linux|'"$(pwd)"'/linux| - ' linux/suid/*.[hc] - ''; - - buildPhase = '' - gcc -Wall -std=gnu99 -o sandbox linux/suid/*.c - ''; - - installPhase = '' - install -svD sandbox "$out/bin/chromium-sandbox" - ''; -} diff --git a/pkgs/applications/networking/browsers/chromium/source/default.nix b/pkgs/applications/networking/browsers/chromium/source/default.nix index f9c5c6e02654..68573d0c6af5 100644 --- a/pkgs/applications/networking/browsers/chromium/source/default.nix +++ b/pkgs/applications/networking/browsers/chromium/source/default.nix @@ -14,7 +14,6 @@ let "s,^[^/]+(.*)$,$main\\1," "s,$main/(build|tools)(/.*)?$,$out/\\1\\2," "s,$main/third_party(/.*)?$,$bundled\\1," - "s,$main/sandbox(/.*)?$,$sandbox\\1," "s,^/,," ]); @@ -29,7 +28,7 @@ in stdenv.mkDerivation { buildInputs = [ python ]; # cannot patch shebangs otherwise phases = [ "unpackPhase" "patchPhase" ]; - outputs = [ "out" "sandbox" "bundled" "main" ]; + outputs = [ "out" "bundled" "main" ]; unpackPhase = '' tar xf "$src" -C / \