Merge pull request #76082 from squalus/ungoogled

ungoogled-chromium: init at 81.0.4044.92-2
This commit is contained in:
worldofpeace 2020-04-23 21:03:18 -04:00 committed by GitHub
commit b4d7725cfe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 1304 additions and 0 deletions

View File

@ -7184,6 +7184,12 @@
githubId = 1414088;
name = "Spencer Whitt";
};
squalus = {
email = "squalus@tuta.io";
github = "squalus";
githubId = 36899624;
name = "squalus";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";

View File

@ -0,0 +1,94 @@
{ stdenv, mkChromiumDerivation, channel, enableWideVine }:
with stdenv.lib;
mkChromiumDerivation (base: rec {
name = "chromium-browser";
packageName = "chromium";
buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ];
outputs = ["out" "sandbox"];
sandboxExecutableName = "__chromium-suid-sandbox";
installPhase = ''
mkdir -p "$libExecPath"
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
# Swiftshader
# See https://stackoverflow.com/a/4264351/263061 for the find invocation.
if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then
echo "Swiftshader files found; installing"
mkdir -p "$libExecPath/swiftshader"
cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/"
else
echo "Swiftshader files not found"
fi
mkdir -p "$sandbox/bin"
cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}"
mkdir -vp "$out/share/man/man1"
cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1"
for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
num_and_suffix="''${icon_file##*logo_}"
icon_size="''${num_and_suffix%.*}"
expr "$icon_size" : "^[0-9][0-9]*$" || continue
logo_output_prefix="$out/share/icons/hicolor"
logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps"
mkdir -vp "$logo_output_path"
cp -v "$icon_file" "$logo_output_path/$packageName.png"
done
# Install Desktop Entry
install -D chrome/installer/linux/common/desktop.template \
$out/share/applications/chromium-browser.desktop
substituteInPlace $out/share/applications/chromium-browser.desktop \
--replace "@@MENUNAME@@" "Chromium" \
--replace "@@PACKAGE@@" "chromium" \
--replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium"
# Append more mime types to the end
sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \
$out/share/applications/chromium-browser.desktop
# See https://github.com/NixOS/nixpkgs/issues/12433
sed -i \
-e '/\[Desktop Entry\]/a\' \
-e 'StartupWMClass=chromium-browser' \
$out/share/applications/chromium-browser.desktop
'';
passthru = { inherit sandboxExecutableName; };
requiredSystemFeatures = [ "big-parallel" ];
meta = {
description = "An open source web browser from Google, with dependencies on Google web services removed";
longDescription = ''
Chromium is an open source web browser from Google that aims to build a
safer, faster, and more stable way for all Internet users to experience
the web. It has a minimalist user interface and provides the vast majority
of source code for Google Chrome (which has some additional features).
'';
homepage = https://github.com/Eloston/ungoogled-chromium;
maintainers = with maintainers; [ squalus ];
# Overview of the maintainer roles:
# nixos-unstable:
# - TODO: Need a new maintainer for x86_64 [0]
# - @thefloweringash: aarch64
# - @primeos: Provisional maintainer (x86_64)
# Stable channel:
# - TODO (need someone to test backports [0])
# [0]: https://github.com/NixOS/nixpkgs/issues/78450
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
timeout = 172800; # 48 hours
};
})

View File

@ -0,0 +1,361 @@
{ stdenv, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, gnutar
# default dependencies
, bzip2, flac, speex, libopus
, libevent, expat, libjpeg, snappy
, libpng, libcap
, xdg_utils, yasm, minizip, libwebp
, libusb1, pciutils, nss, re2, zlib
, python2Packages, perl, pkgconfig
, nspr, systemd, kerberos
, utillinux, alsaLib
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg, libxslt, libxml2, at-spi2-core
, jre
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
, libva ? null # useVaapi
, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone
# package customization
, useVaapi ? false
, useOzone ? false
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false, libgnome-keyring3 ? null
, proprietaryCodecs ? true
, cupsSupport ? true
, pulseSupport ? false, libpulseaudio ? null
, ungoogled-chromium
, ungoogled ? false
, upstream-info
}:
buildFun:
with stdenv.lib;
# see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html
let
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base;
githubPatch = commit: sha256: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit sha256;
};
mkGnFlags =
let
# Serialize Nix types into GN types according to this document:
# https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/language.md
mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
sanitize = value:
if value == true then "true"
else if value == false then "false"
else if isList value then "[${concatMapStringsSep ", " sanitize value}]"
else if isInt value then toString value
else if isString value then mkGnString value
else throw "Unsupported type for GN value `${value}'.";
toFlag = key: value: "${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
gnSystemLibraries = [
"flac" "libwebp" "libxslt" "yasm" "opus" "snappy" "libpng"
# "zlib" # version 77 reports unresolved dependency on //third_party/zlib:zlib_config
# "libjpeg" # fails with multiple undefined references to chromium_jpeg_*
# "re2" # fails with linker errors
# "ffmpeg" # https://crbug.com/731766
# "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
opusWithCustomModes = libopus.override {
withCustomModes = true;
};
defaultDependencies = [
bzip2 flac speex opusWithCustomModes
libevent expat libjpeg snappy
libpng libcap
xdg_utils yasm minizip libwebp
libusb1 re2 zlib
ffmpeg libxslt libxml2
# harfbuzz # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
# build paths and release info
packageName = extraAttrs.packageName or extraAttrs.name;
buildType = "Release";
buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}";
versionRange = min-version: upto-version:
let inherit (upstream-info) version;
result = versionAtLeast version min-version && versionOlder version upto-version;
stable-version = (import ./upstream-info.nix).stable.version;
in if versionAtLeast stable-version upto-version
then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
result
else result;
ungoogler =
let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}";
in ungoogled-chromium {
inherit (versionEntry) rev sha256;
};
base = rec {
name = "${packageName}-unwrapped-${version}";
inherit (upstream-info) channel version;
inherit packageName buildType buildPath;
src = upstream-info.main;
nativeBuildInputs = [
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar
] ++ optional (versionAtLeast version "83") python2Packages.setuptools;
buildInputs = defaultDependencies ++ [
nspr nss systemd
utillinux alsaLib
bison gperf kerberos
glib gtk3 dbus-glib
libXScrnSaver libXcursor libXtst libGLU libGL
pciutils protobuf speechd libXdamage at-spi2-core
jre
] ++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional useVaapi libva
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
patches = [
./patches/nix_plugin_paths_68.patch
./patches/remove-webp-include-69.patch
./patches/no-build-timestamps.patch
./patches/widevine-79.patch
./patches/dont-use-ANGLE-by-default.patch
# Unfortunately, chromium regularly breaks on major updates and
# then needs various patches backported in order to be compiled with GCC.
# Good sources for such patches and other hints:
# - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) ([
# source: https://aur.archlinux.org/cgit/aur.git/tree/vaapi-fix.patch?h=chromium-vaapi
./patches/vaapi-fix.patch
] ++ optionals (versionRange "81" "82") [
(githubPatch "5b2ff215473e0526b5b24aeff4ad90d369b21c75" "0n00vh8wfpn2ay5fqsxcsx0zadnv7mihm72bcvnrfzh75nzbg902")
(githubPatch "98e343ab369e4262511b5fce547728e3e5eefba8" "00wwp653jk0k0yvix00vr7ymgck9dj7fxjwx4nc67ynn84dh6064")
]);
postPatch = ''
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
'return sandbox_binary;' \
'return base::FilePath(GetDevelSandboxPath());'
substituteInPlace services/audio/audio_sandbox_hook_linux.cc \
--replace \
'/usr/share/alsa/' \
'${alsaLib}/share/alsa/' \
--replace \
'/usr/lib/x86_64-linux-gnu/gconv/' \
'${glibc}/lib/gconv/' \
--replace \
'/usr/share/locale/' \
'${glibc}/share/locale/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${systemd.lib}/lib/\1!' \
device/udev_linux/udev?_loader.cc
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
gpu/config/gpu_info_collector_linux.cc
sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
chrome/browser/ui/webui/engagement/site_engagement_ui.cc
sed -i -e '/#include/ {
i #include <algorithm>
:l; n; bl
}' gpu/config/gpu_control_list.cc
# Allow to put extensions into the system-path.
sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
patchShebangs .
# use our own nodejs
mkdir -p third_party/node/linux/node-linux-x64/bin
ln -s $(which node) third_party/node/linux/node-linux-x64/bin/node
# remove unused third-party
# in third_party/crashpad third_party/zlib contains just a header-adapter
for lib in ${toString gnSystemLibraries}; do
find -type f -path "*third_party/$lib/*" \
\! -path "*third_party/crashpad/crashpad/third_party/zlib/*" \
\! -path "*third_party/$lib/chromium/*" \
\! -path "*third_party/$lib/google/*" \
\! -path "*base/third_party/icu/*" \
\! -path "*base/third_party/libevent/*" \
\! -regex '.*\.\(gn\|gni\|isolate\|py\)' \
-delete
done
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString stdenv.cc.isClang ''
mkdir -p third_party/llvm-build/Release+Asserts/bin
ln -s ${stdenv.cc}/bin/clang third_party/llvm-build/Release+Asserts/bin/clang
ln -s ${stdenv.cc}/bin/clang++ third_party/llvm-build/Release+Asserts/bin/clang++
ln -s ${llvmPackages.llvm}/bin/llvm-ar third_party/llvm-build/Release+Asserts/bin/llvm-ar
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz .
'';
gnFlags = mkGnFlags ({
linux_use_bundled_binutils = false;
use_lld = false;
use_gold = true;
gold_path = "${stdenv.cc}/bin";
is_debug = false;
proprietary_codecs = false;
use_sysroot = false;
use_gnome_keyring = gnomeKeyringSupport;
use_gio = gnomeSupport;
# ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy',
# needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it
enable_nacl = false;
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google.
enable_widevine = true;
use_cups = cupsSupport;
treat_warnings_as_errors = false;
is_clang = stdenv.cc.isClang;
clang_use_chrome_plugins = false;
blink_symbol_level = 0;
fieldtrial_testing_like_official_build = true;
# Google API keys, see:
# http://www.chromium.org/developers/how-tos/api-keys
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI";
google_default_client_id = "404761575300.apps.googleusercontent.com";
google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D";
} // optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;
enable_hangout_services_extension = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs useVaapi {
use_vaapi = true;
} // optionalAttrs pulseSupport {
use_pulseaudio = true;
link_pulseaudio = true;
} // optionalAttrs useOzone {
use_ozone = true;
ozone_platform_gbm = false;
use_xkbcommon = true;
use_glib = true;
use_gtk = true;
use_system_libwayland = true;
use_system_minigbm = true;
use_system_libdrm = true;
system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
} // optionalAttrs ungoogled {
closure_compile = false;
enable_hangout_services_extension = false;
enable_mdns = false;
enable_nacl_nonsfi = false;
enable_one_click_signin = false;
enable_reading_list = false;
enable_remoting = false;
enable_reporting = false;
enable_service_discovery = false;
exclude_unwind_tables = true;
google_api_key = "";
google_default_client_id = "";
google_default_client_secret = "";
optimize_webui = false;
safe_browsing_mode = 0;
use_official_google_api_keys = false;
use_unofficial_version_number = false;
} // (extraAttrs.gnFlags or {}));
configurePhase = ''
runHook preConfigure
# This is to ensure expansion of $out.
libExecPath="${libExecPath}"
python build/linux/unbundle/replace_gn_files.py \
--system-libraries ${toString gnSystemLibraries}
${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt
# Fail if `gn gen` contains a WARNING.
grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1
runHook postConfigure
'';
# Don't spam warnings about unknown warning options. This is useful because
# our Clang is always older than Chromium's and the build logs have a size
# of approx. 25 MB without this option (and this saves e.g. 66 %).
NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option";
buildPhase = let
# Build paralelism: on Hydra the build was frequently running into memory
# exhaustion, and even other users might be running into similar issues.
# -j is halved to avoid memory problems, and -l is slightly increased
# so that the build gets slight preference before others
# (it will often be on "critical path" and at risk of timing out)
buildCommand = target: ''
ninja -C "${buildPath}" \
-j$(( ($NIX_BUILD_CORES+1) / 2 )) -l$(( $NIX_BUILD_CORES+1 )) \
"${target}"
(
source chrome/installer/linux/common/installer.include
PACKAGE=$packageName
MENUNAME="Chromium"
process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1"
)
'';
targets = extraAttrs.buildTargets or [];
commands = map buildCommand targets;
in concatStringsSep "\n" commands;
postFixup = ''
# Make sure that libGLESv2 is found by dlopen (if using EGL).
chromiumBinary="$libExecPath/$packageName"
origRpath="$(patchelf --print-rpath "$chromiumBinary")"
patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
'';
};
# Remove some extraAttrs we supplied to the base attributes already.
in stdenv.mkDerivation (base // removeAttrs extraAttrs [
"name" "gnFlags" "buildTargets"
])

View File

@ -0,0 +1,205 @@
{ newScope, config, stdenv, llvmPackages_9, llvmPackages_10
, makeWrapper, ed
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
, libva ? null
, gcc, nspr, nss, patchelfUnstable, runCommand
, lib
# package customization
, channel ? "stable"
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false
, proprietaryCodecs ? true
, enablePepperFlash ? false
, enableWideVine ? false
, ungoogled ? true
, useVaapi ? false # test video on radeon, before enabling this
, useOzone ? false
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
, commandLineArgs ? ""
}:
let
llvmPackages = if channel == "dev"
then llvmPackages_10
else llvmPackages_9;
stdenv = llvmPackages.stdenv;
callPackage = newScope chromium;
chromium = {
inherit stdenv llvmPackages;
upstream-info = (callPackage ./update.nix {}).getChannel channel;
mkChromiumDerivation = callPackage ./common.nix ({
inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useVaapi useOzone ungoogled;
gnChromium = gn;
} // lib.optionalAttrs (channel == "dev") {
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-03-23";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "5ed3c9cc67b090d5e311e4bd2aba072173e82db9";
sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
};
});
});
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
plugins = callPackage ./plugins.nix {
inherit enablePepperFlash;
};
ungoogled-chromium = callPackage ./ungoogled.nix {};
};
mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";
widevineCdm = let upstream-info = chromium.upstream-info; in stdenv.mkDerivation {
name = "chrome-widevine-cdm";
# The .deb file for Google Chrome
src = upstream-info.binary;
nativeBuildInputs = [ patchelfUnstable ];
phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
unpackCmd = let
widevineCdmPath =
if upstream-info.channel == "stable" then
"./opt/google/chrome/WidevineCdm"
else if upstream-info.channel == "beta" then
"./opt/google/chrome-beta/WidevineCdm"
else if upstream-info.channel == "dev" then
"./opt/google/chrome-unstable/WidevineCdm"
else
throw "Unknown chromium channel.";
in ''
# Extract just WidevineCdm from upstream's .deb file
ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}"
# Move things around so that we don't have to reference a particular
# chrome-* directory later.
mv "${widevineCdmPath}" ./
# unpackCmd wants a single output directory; let it take WidevineCdm/
rm -rf opt
'';
doCheck = true;
checkPhase = ''
! find -iname '*.so' -exec ldd {} + | grep 'not found'
'';
PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ];
patchPhase = ''
patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so
'';
installPhase = ''
mkdir -p $out/WidevineCdm
cp -a * $out/WidevineCdm/
'';
meta = {
platforms = [ "x86_64-linux" ];
license = lib.licenses.unfree;
};
};
suffix = if channel != "stable" then "-" + channel else "";
sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
version = chromium.browser.version;
# We want users to be able to enableWideVine without rebuilding all of
# chromium, so we have a separate derivation here that copies chromium
# and adds the unfree WidevineCdm.
chromiumWV = let browser = chromium.browser; in if enableWideVine then
runCommand (browser.name + "-wv") { version = browser.version; }
''
mkdir -p $out
cp -a ${browser}/* $out/
chmod u+w $out/libexec/chromium
cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/
''
else browser;
in stdenv.mkDerivation {
name = "chromium${suffix}-${version}";
inherit version;
buildInputs = [
makeWrapper ed
# needed for GSETTINGS_SCHEMAS_PATH
gsettings-desktop-schemas glib gtk3
# needed for XDG_ICON_DIRS
gnome3.adwaita-icon-theme
];
outputs = ["out" "sandbox"];
buildCommand = let
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
libPath = stdenv.lib.makeLibraryPath ([]
++ stdenv.lib.optional useVaapi libva
);
in with stdenv.lib; ''
mkdir -p "$out/bin"
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled}
ed -v -s "$out/bin/chromium" << EOF
2i
if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ]
then
export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}"
else
export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}"
fi
'' + lib.optionalString (libPath != "") ''
# To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not
# contain an empty section before or after a colon.
export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}"
'' + ''
# libredirect causes chromium to deadlock on startup
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | tr ':' '\n' | grep -v /lib/libredirect\\\\.so$ | tr '\n' ':')"
export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
.
w
EOF
ln -sv "${chromium.browser.sandbox}" "$sandbox"
ln -s "$out/bin/chromium" "$out/bin/chromium-browser"
mkdir -p "$out/share"
for f in '${chromium.browser}'/share/*; do # hello emacs */
ln -s -t "$out/share/" "$f"
done
'';
inherit (chromium.browser) packageName;
meta = chromium.browser.meta;
passthru = {
inherit (chromium) upstream-info browser;
mkDerivation = chromium.mkChromiumDerivation;
inherit sandboxExecutableName;
};
}

View File

@ -0,0 +1,26 @@
A field trial currently enables the passthrough command decoder, which causes
gl_factory.cc to try kGLImplementationEGLANGLE first, which causes Chromium to fail
to load libGLESv2.so on NixOS. It somehow does not try kGLImplementationDesktopGL,
and so there is no GL support at all.
Revert to using the validating command decoder, which prevents gl_factory.cc
from touching allowed_impls, allowing it to successfully use kGLImplementationDesktopGL.
diff --git a/ui/gl/gl_utils.cc b/ui/gl/gl_utils.cc
index 697cbed5fe2d..8419bdb21a2f 100644
--- a/ui/gl/gl_utils.cc
+++ b/ui/gl/gl_utils.cc
@@ -71,9 +71,10 @@ bool UsePassthroughCommandDecoder(const base::CommandLine* command_line) {
} else if (switch_value == kCmdDecoderValidatingName) {
return false;
} else {
- // Unrecognized or missing switch, use the default.
- return base::FeatureList::IsEnabled(
- features::kDefaultPassthroughCommandDecoder);
+ // Ignore the field trial that enables it; disable it until
+ // gl_factory.cc kGLImplementationEGLANGLE issues are sorted
+ // out on NixOS.
+ return false;
}
}
}

View File

@ -0,0 +1,61 @@
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
index f4e119d..d9775bd 100644
--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
@@ -68,21 +68,14 @@ static base::LazyInstance<base::FilePath>
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
// Gets the path for internal plugins.
-bool GetInternalPluginsDirectory(base::FilePath* result) {
-#if defined(OS_MACOSX)
- // If called from Chrome, get internal plugins from a subdirectory of the
- // framework.
- if (base::mac::AmIBundled()) {
- *result = chrome::GetFrameworkBundlePath();
- DCHECK(!result->empty());
- *result = result->Append("Internet Plug-Ins");
- return true;
- }
- // In tests, just look in the module directory (below).
-#endif
-
- // The rest of the world expects plugins in the module directory.
- return base::PathService::Get(base::DIR_MODULE, result);
+bool GetInternalPluginsDirectory(base::FilePath* result,
+ const std::string& ident) {
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
+ const char* value = getenv(full_env.c_str());
+ if (value == NULL)
+ return base::PathService::Get(base::DIR_MODULE, result);
+ else
+ *result = base::FilePath(value);
}
// Gets the path for bundled implementations of components. Note that these
@@ -272,7 +265,7 @@ bool PathProvider(int key, base::FilePath* result) {
create_dir = true;
break;
case chrome::DIR_INTERNAL_PLUGINS:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
return false;
break;
case chrome::DIR_COMPONENTS:
@@ -280,7 +273,7 @@ bool PathProvider(int key, base::FilePath* result) {
return false;
break;
case chrome::DIR_PEPPER_FLASH_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
return false;
cur = cur.Append(kPepperFlashBaseDirectory);
break;
@@ -358,7 +351,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.DirName();
}
#else
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
return false;
#endif
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));

View File

@ -0,0 +1,17 @@
--- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200
+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200
@@ -94,6 +94,14 @@
'build_type', help='The type of build', choices=('official', 'default'))
args = argument_parser.parse_args()
+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here
+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None)
+ if SOURCE_DATE_EPOCH is not None:
+ print(SOURCE_DATE_EPOCH)
+ return 0
+ else:
+ raise RuntimeError("SOURCE_DATE_EPOCH not set")
+
# The mtime of the revision in build/util/LASTCHANGE is stored in a file
# next to it. Read it, to get a deterministic time close to "now".
# That date is then modified as described at the top of the file so that

View File

@ -0,0 +1,11 @@
--- a/third_party/blink/renderer/platform/image-encoders/image_encoder.cc
+++ b/third_party/blink/renderer/platform/image-encoders/image_encoder.cc
@@ -13,7 +13,7 @@
#include "jpeglib.h" // for JPEG_MAX_DIMENSION
-#include "third_party/libwebp/src/webp/encode.h" // for WEBP_MAX_DIMENSION
+#define WEBP_MAX_DIMENSION 16383
namespace blink {

View File

@ -0,0 +1,74 @@
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
@@ -641,6 +641,7 @@ void VaapiVideoDecodeAccelerator::AssignPictureBuffers(
// |vpp_vaapi_wrapper_| for VaapiPicture to DownloadFromSurface() the VA's
// internal decoded frame.
if (buffer_allocation_mode_ != BufferAllocationMode::kNone &&
+ buffer_allocation_mode_ != BufferAllocationMode::kWrapVdpau &&
!vpp_vaapi_wrapper_) {
vpp_vaapi_wrapper_ = VaapiWrapper::Create(
VaapiWrapper::kVideoProcess, VAProfileNone,
@@ -665,7 +666,8 @@ void VaapiVideoDecodeAccelerator::AssignPictureBuffers(
PictureBuffer buffer = buffers[i];
buffer.set_size(requested_pic_size_);
std::unique_ptr<VaapiPicture> picture = vaapi_picture_factory_->Create(
- (buffer_allocation_mode_ == BufferAllocationMode::kNone)
+ ((buffer_allocation_mode_ == BufferAllocationMode::kNone) ||
+ (buffer_allocation_mode_ == BufferAllocationMode::kWrapVdpau))
? vaapi_wrapper_
: vpp_vaapi_wrapper_,
make_context_current_cb_, bind_image_cb_, buffer);
@@ -1093,6 +1095,12 @@ VaapiVideoDecodeAccelerator::GetSupportedProfiles() {
VaapiVideoDecodeAccelerator::BufferAllocationMode
VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
+ // NVIDIA blobs use VDPAU
+ if (VaapiWrapper::GetImplementationType() == VAImplementation::kNVIDIAVDPAU) {
+ LOG(INFO) << "VA-API driver on VDPAU backend";
+ return BufferAllocationMode::kWrapVdpau;
+ }
+
// TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
// |output_mode_| as well.
if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
@@ -1105,7 +1113,7 @@ VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
// depends on the bitstream and sometimes it's not enough to cover the amount
// of frames needed by the client pipeline (see b/133733739).
// TODO(crbug.com/911754): Enable for VP9 Profile 2.
- if (IsGeminiLakeOrLater() &&
+ if (false && IsGeminiLakeOrLater() &&
(profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) {
// Add one to the reference frames for the one being currently egressed, and
// an extra allocation for both |client_| and |decoder_|, see
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
@@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator
// Using |client_|s provided PictureBuffers and as many internally
// allocated.
kNormal,
+ kWrapVdpau,
};
// Decides the concrete buffer allocation mode, depending on the hardware
--- a/media/gpu/vaapi/vaapi_wrapper.cc
+++ b/media/gpu/vaapi/vaapi_wrapper.cc
@@ -131,6 +131,9 @@ media::VAImplementation VendorStringToImplementationType(
} else if (base::StartsWith(va_vendor_string, "Intel iHD driver",
base::CompareCase::SENSITIVE)) {
return media::VAImplementation::kIntelIHD;
+ } else if (base::StartsWith(va_vendor_string, "Splitted-Desktop Systems VDPAU",
+ base::CompareCase::SENSITIVE)) {
+ return media::VAImplementation::kNVIDIAVDPAU;
}
return media::VAImplementation::kOther;
}
--- a/media/gpu/vaapi/vaapi_wrapper.h
+++ b/media/gpu/vaapi/vaapi_wrapper.h
@@ -79,6 +79,7 @@ enum class VAImplementation {
kIntelIHD,
kOther,
kInvalid,
+ kNVIDIAVDPAU,
};
// This class handles VA-API calls and ensures proper locking of VA-API calls

View File

@ -0,0 +1,13 @@
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
index ed0e2f5208b..5b431a030d5 100644
--- a/third_party/widevine/cdm/BUILD.gn
+++ b/third_party/widevine/cdm/BUILD.gn
@@ -14,7 +14,7 @@ buildflag_header("buildflags") {
flags = [
"ENABLE_WIDEVINE=$enable_widevine",
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
+ "BUNDLE_WIDEVINE_CDM=true",
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
]
}

View File

@ -0,0 +1,93 @@
{ stdenv, gcc
, jshon
, glib
, nspr
, nss
, fetchzip
, patchelfUnstable
, enablePepperFlash ? false
, upstream-info
}:
with stdenv.lib;
let
mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}";
# Generate a shell fragment that emits flags appended to the
# final makeWrapper call for wrapping the browser's main binary.
#
# Note that this is shell-escaped so that only the variable specified
# by the "output" attribute is substituted.
mkPluginInfo = { output ? "out", allowedVars ? [ output ]
, flags ? [], envVars ? {}
}: let
shSearch = ["'"] ++ map (var: "@${var}@") allowedVars;
shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars;
# We need to triple-escape "val":
# * First because makeWrapper doesn't do any quoting of its arguments by
# itself.
# * Second because it's passed to the makeWrapper call separated by IFS but
# not by the _real_ arguments, for example the Widevine plugin flags
# contain spaces, so they would end up as separate arguments.
# * Third in order to be correctly quoted for the "echo" call below.
shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'";
mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'";
mkFlag = flag: ["--add-flags" (shEsc flag)];
mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)];
envList = mapAttrsToList mkEnvVar envVars;
quoted = map mkSh (flatten ((map mkFlag flags) ++ envList));
in ''
mkdir -p "''$${output}/nix-support"
echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags"
'';
flash = stdenv.mkDerivation rec {
pname = "flashplayer-ppapi";
version = "32.0.0.344";
src = fetchzip {
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz";
sha256 = "05ijlgsby9zxx0qs6f3vav1z0p6xr1cg6idl4akxvfmsl6hn6hkq";
stripRoot = false;
};
patchPhase = ''
chmod +x libpepflashplayer.so
patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so
'';
doCheck = true;
checkPhase = ''
! find -iname '*.so' -exec ldd {} + | grep 'not found'
'';
installPhase = ''
flashVersion="$(
"${jshon}/bin/jshon" -F manifest.json -e version -u
)"
install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so"
${mkPluginInfo {
allowedVars = [ "out" "flashVersion" ];
flags = [
"--ppapi-flash-path=@out@/lib/libpepflashplayer.so"
"--ppapi-flash-version=@flashVersion@"
];
}}
'';
dontStrip = true;
meta = {
license = stdenv.lib.licenses.unfree;
maintainers = with stdenv.lib.maintainers; [ taku0 ];
platforms = platforms.x86_64;
};
};
in {
enabled = optional enablePepperFlash flash;
}

View File

@ -0,0 +1,6 @@
{
"81.0.4044.92" = {
rev = "81.0.4044.92-2";
sha256 = "071a33idn2zcix6z8skn7y85mhb9w5s0bh0fvrjm269y7cmjrh3l";
};
}

View File

@ -0,0 +1,42 @@
{ stdenv
, fetchFromGitHub
, python3Packages
, makeWrapper
, patch
}:
{ rev
, sha256
}:
stdenv.mkDerivation rec {
name = "ungoogled-chromium-${version}";
version = rev;
src = fetchFromGitHub {
owner = "Eloston";
repo = "ungoogled-chromium";
inherit rev sha256;
};
dontBuild = true;
buildInputs = [
python3Packages.python
patch
];
nativeBuildInputs = [
makeWrapper
];
patchPhase = ''
sed -i '/chromium-widevine/d' patches/series
'';
installPhase = ''
mkdir $out
cp -R * $out/
wrapProgram $out/utils/patches.py --add-flags "apply" --prefix PATH : "${patch}/bin"
'';
}

View File

@ -0,0 +1,271 @@
let maybePkgs = import ../../../../../. {}; in
{ stdenv ? maybePkgs.stdenv
, runCommand ? maybePkgs.runCommand
, fetchurl ? maybePkgs.fetchurl
, writeText ? maybePkgs.writeText
, curl ? maybePkgs.curl
, cacert ? maybePkgs.cacert
, nix ? maybePkgs.nix
}:
let
inherit (stdenv) lib;
sources = if builtins.pathExists ./upstream-info.nix
then import ./upstream-info.nix
else {};
bucketURL = "https://commondatastorage.googleapis.com/"
+ "chromium-browser-official";
mkVerURL = version: "${bucketURL}/chromium-${version}.tar.xz";
debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g";
getDebURL = channelName: version: arch: mirror: let
packageSuffix = if channelName == "dev" then "unstable" else channelName;
packageName = "google-chrome-${packageSuffix}";
in "${mirror}/${packageName}/${packageName}_${version}-1_${arch}.deb";
# Untrusted mirrors, don't try to update from them!
debMirrors = [
"http://95.31.35.30/chrome/pool/main/g"
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
"http://repo.fdzh.org/chrome/deb/pool/main/g"
];
in {
getChannel = channel: let
chanAttrs = builtins.getAttr channel sources;
in {
inherit channel;
inherit (chanAttrs) version;
main = fetchurl {
url = mkVerURL chanAttrs.version;
inherit (chanAttrs) sha256;
};
binary = fetchurl (let
mkUrls = arch: let
mkURLForMirror = getDebURL channel chanAttrs.version arch;
in map mkURLForMirror ([ debURL ] ++ debMirrors);
in if stdenv.is64bit && chanAttrs ? sha256bin64 then {
urls = mkUrls "amd64";
sha256 = chanAttrs.sha256bin64;
} else if !stdenv.is64bit && chanAttrs ? sha256bin32 then {
urls = mkUrls "i386";
sha256 = chanAttrs.sha256bin32;
} else throw "No Chrome plugins are available for your architecture.");
};
update = let
csv2nix = name: src: import (runCommand "${name}.nix" {
src = builtins.fetchurl src;
} ''
esc() { echo "\"$(echo "$1" | sed -e 's/"\\$/\\&/')\""; } # ohai emacs "
IFS=, read -r -a headings <<< "$(head -n1 "$src")"
echo "[" > "$out"
tail -n +2 "$src" | while IFS=, read -r -a line; do
echo " {"
for idx in "''${!headings[@]}"; do
echo " $(esc "''${headings[idx]}") = $(esc ''${line[$idx]});"
done
echo " }"
done >> "$out"
echo "]" >> "$out"
'');
channels = lib.fold lib.recursiveUpdate {} (map (attrs: {
${attrs.os}.${attrs.channel} = attrs // {
history = let
drvName = "omahaproxy-${attrs.os}.${attrs.channel}-info";
history = csv2nix drvName "http://omahaproxy.appspot.com/history";
cond = h: attrs.os == h.os && attrs.channel == h.channel
&& lib.versionOlder h.version attrs.current_version;
# Note that this is a *reverse* sort!
sorter = a: b: lib.versionOlder b.version a.version;
sorted = builtins.sort sorter (lib.filter cond history);
in map (lib.flip removeAttrs ["os" "channel"]) sorted;
version = attrs.current_version;
};
}) (csv2nix "omahaproxy-info" "http://omahaproxy.appspot.com/all?csv=1"));
/*
XXX: This is essentially the same as:
builtins.tryEval (builtins.fetchurl url)
... except that tryEval on fetchurl isn't working and doesn't catch
errors for fetchurl, so we go for a different approach.
We only have fixed-output derivations that can have networking access, so
we abuse SHA1 and its weaknesses to forge a fixed-output derivation which
is not so fixed, because it emits different contents that have the same
SHA1 hash.
Using this method, we can distinguish whether the URL is available or
whether it's not based on the actual content.
So let's use tryEval as soon as it's working with fetchurl in Nix.
*/
tryFetch = url: let
# SHA1 hash collisions from https://shattered.io/static/shattered.pdf:
collisions = runCommand "sha1-collisions" {
outputs = [ "out" "good" "bad" ];
base64 = ''
QlpoOTFBWSZTWbL5V5MABl///////9Pv///v////+/////HDdK739/677r+W3/75rUNr4
Aa/AAAAAAACgEVTRtQDQAaA0AAyGmjTQGmgAAANGgAaMIAYgGgAABo0AAAAAADQAIAGQ0
MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk
0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIAN
GgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRp
o0GIGgBoGQAABVTUExEZATTICnkxNR+p6E09JppoyamjGhkm0ammIyaekbUejU9JiGnqZ
qaaDxJ6m0JkZMQ2oaYmJ6gxqMyE2TUzJqfItligtJQJfYbl9Zy9QjQuB5mHQRdSSXCCTH
MgmSDYmdOoOmLTBJWiCpOhMQYpQlOYpJjn+wQUJSTCEpOMekaFaaNB6glCC0hKEJdHr6B
mUIHeph7YxS8WJYyGwgWnMTFJBDFSxSCCYljiEk7HZgJzJVDHJxMgY6tCEIIWgsKSlSZ0
S8GckoIIF+551Ro4RCw260VCEpWJSlpWx/PMrLyVoyhWMAneDilBcUIeZ1j6NCkus0qUC
Wnahhk5KT4GpWMh3vm2nJWjTL9Qg+84iExBJhNKpbV9tvEN265t3fu/TKkt4rXFTsV+Nc
upJXhOhOhJMQQktrqt4K8mSh9M2DAO2X7uXGVL9YQxUtzQmS7uBndL7M6R7vX869VxqPu
renSuHYNq1yTXOfNWLwgvKlRlFYqLCs6OChDp0HuTzCWscmGudLyqUuwVGG75nmyZhKpJ
yOE/pOZyHyrZxGM51DYIN+Jc8yVJgAykxKCEtW55MlfudLg3KG6TtozalunXrroSxUpVL
StWrWLFihMnVpkyZOrQnUrE6xq1CGtJlbAb5ShMbV1CZgqlKC0wCFCpMmUKSEkvFLaZC8
wHOCVAlvzaJQ/T+XLb5Dh5TNM67p6KZ4e4ZSGyVENx2O27LzrTIteAreTkMZpW95GS0CE
JYhMc4nToTJ0wQhKEyddaLb/rTqmgJSlkpnALxMhlNmuKEpkEkqhKUoEq3SoKUpIQcDgW
lC0rYahMmLuPQ0fHqZaF4v2W8IoJ2EhMhYmSw7qql27WJS+G4rUplToFi2rSv0NSrVvDU
pltQ8Lv6F8pXyxmFBSxiLSxglNC4uvXVKmAtusXy4YXGX1ixedEvXF1aX6t8adYnYCpC6
rW1ZzdZYlCCxKEv8vpbqdSsXl8v1jCQv0KEPxPTa/5rtWSF1dSgg4z4KjfIMNtgwWoWLE
sRhKxsSA9ji7V5LRPwtumeQ8V57UtFSPIUmtQdOQfseI2Ly1DMtk4Jl8n927w34zrWG6P
i4jzC82js/46Rt2IZoadWxOtMInS2xYmcu8mOw9PLYxQ4bdfFw3ZPf/g2pzSwZDhGrZAl
9lqky0W+yeanadC037xk496t0Dq3ctfmqmjgie8ln9k6Q0K1krb3dK9el4Xsu44LpGcen
r2eQZ1s1IhOhnE56WnXf0BLWn9Xz15fMkzi4kpVxiTKGEpffErEEMvEeMZhUl6yD1SdeJ
YbxzGNM3ak2TAaglLZlDCVnoM6wV5DRrycwF8Zh/fRsdmhkMfAO1duwknrsFwrzePWeMw
l107DWzymxdQwiSXx/lncnn75jL9mUzw2bUDqj20LTgtawxK2SlQg1CCZDQMgSpEqLjRM
sykM9zbSIUqil0zNk7Nu+b5J0DKZlhl9CtpGKgX5uyp0idoJ3we9bSrY7PupnUL5eWiDp
V5mmnNUhOnYi8xyClkLbNmAXyoWk7GaVrM2umkbpqHDzDymiKjetgzTocWNsJ2E0zPcfh
t46J4ipaXGCfF7fuO0a70c82bvqo3HceIcRlshgu73seO8BqlLIap2z5jTOY+T2ucCnBt
Atva3aHdchJg9AJ5YdKHz7LoA3VKmeqxAlFyEnQLBxB2PAhAZ8KvmuR6ELXws1Qr13Nd1
i4nsp189jqvaNzt+0nEnIaniuP1+/UOZdyfoZh57ku8sYHKdvfW/jYSUks+0rK+qtte+p
y8jWL9cOJ0fV8rrH/t+85/p1z2N67p/ZsZ3JmdyliL7lrNxZUlx0MVIl6PxXOUuGOeArW
3vuEvJ2beoh7SGyZKHKbR2bBWO1d49JDIcVM6lQtu9UO8ec8pOnXmkcponBPLNM2CwZ9k
NC/4ct6rQkPkQHMcV/8XckU4UJCy+VeTA==
'';
} ''
echo "$base64" | base64 -d | tar xj
mv good.pdf "$good"
mv bad.pdf "$bad"
touch "$out"
'';
cacheVal = let
urlHash = builtins.hashString "sha256" url;
timeSlice = builtins.currentTime / 600;
in "${urlHash}-${toString timeSlice}";
in {
success = import (runCommand "check-success" {
result = stdenv.mkDerivation {
name = "tryfetch-${cacheVal}";
inherit url;
outputHash = "d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a";
outputHashMode = "flat";
outputHashAlgo = "sha1";
nativeBuildInputs = [ curl ];
preferLocalBuild = true;
inherit (collisions) good bad;
buildCommand = ''
if SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" \
curl -s -L -f -I "$url" > /dev/null; then
cp "$good" "$out"
else
cp "$bad" "$out"
fi
'';
impureEnvVars = lib.fetchers.proxyImpureEnvVars;
};
inherit (collisions) good;
} ''
if cmp -s "$result" "$good"; then
echo true > "$out"
else
echo false > "$out"
fi
'');
value = builtins.fetchurl url;
};
fetchLatest = channel: let
result = tryFetch (mkVerURL channel.version);
in if result.success then result.value else fetchLatest (channel // {
version = if channel.history != []
then (lib.head channel.history).version
else throw "Unfortunately there's no older version than " +
"${channel.version} available for channel " +
"${channel.channel} on ${channel.os}.";
history = lib.tail channel.history;
});
getHash = path: import (runCommand "gethash.nix" {
inherit path;
nativeBuildInputs = [ nix ];
} ''
sha256="$(nix-hash --flat --base32 --type sha256 "$path")"
echo "\"$sha256\"" > "$out"
'');
isLatest = channel: version: let
ourVersion = sources.${channel}.version or null;
in if ourVersion == null then false
else lib.versionOlder version sources.${channel}.version
|| version == sources.${channel}.version;
# We only support GNU/Linux right now.
linuxChannels = let
genLatest = channelName: channel: let
newUpstream = {
inherit (channel) version;
sha256 = getHash (fetchLatest channel);
};
keepOld = let
oldChannel = sources.${channelName};
in {
inherit (oldChannel) version sha256;
} // lib.optionalAttrs (oldChannel ? sha256bin32) {
inherit (oldChannel) sha256bin32;
} // lib.optionalAttrs (oldChannel ? sha256bin64) {
inherit (oldChannel) sha256bin64;
};
in if isLatest channelName channel.version then keepOld else newUpstream;
in lib.mapAttrs genLatest channels.linux;
getLinuxFlash = channelName: channel: let
inherit (channel) version;
fetchArch = arch: tryFetch (getDebURL channelName version arch debURL);
packages = lib.genAttrs ["i386" "amd64"] fetchArch;
isNew = arch: attr: !(builtins.hasAttr attr channel)
&& packages.${arch}.success;
in channel // lib.optionalAttrs (isNew "i386" "sha256bin32") {
sha256bin32 = getHash (packages.i386.value);
} // lib.optionalAttrs (isNew "amd64" "sha256bin64") {
sha256bin64 = getHash (packages.amd64.value);
};
newChannels = lib.mapAttrs getLinuxFlash linuxChannels;
dumpAttrs = indent: attrs: let
mkVal = val: if lib.isAttrs val then dumpAttrs (indent + 1) val
else "\"${lib.escape ["$" "\\" "\""] (toString val)}\"";
mkIndent = level: lib.concatStrings (builtins.genList (_: " ") level);
mkAttr = key: val: "${mkIndent (indent + 1)}${key} = ${mkVal val};\n";
attrLines = lib.mapAttrsToList mkAttr attrs;
in "{\n" + (lib.concatStrings attrLines) + (mkIndent indent) + "}";
in writeText "chromium-new-upstream-info.nix" ''
# This file is autogenerated from update.sh in the same directory.
${dumpAttrs 0 newChannels}
'';
}

View File

@ -0,0 +1,4 @@
#!/bin/sh -e
cd "$(dirname "$0")"
sp="$(nix-build --builders "" -Q --no-out-link update.nix -A update)"
cat "$sp" > upstream-info.nix

View File

@ -0,0 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "0i0szd749ihb08rxnsmsbxq75b6x952wpk94jwc0ncv6gb83zkx2";
sha256bin64 = "1y70kmfz9nv507b0zdda7zfk2ac9qh9m2gq00aphdmzd0al7skj8";
version = "81.0.4044.92";
};
dev = {
sha256 = "1rydvjmv62zj95sf0fgsyipqz2hphbxm60y8q0813wq9ym35d4yy";
sha256bin64 = "1m6740lw7xjjp1lplwp9ii4d3l7dfa9jrv5bysm4ar5pb9kywrai";
version = "83.0.4100.3";
};
stable = {
sha256 = "0i0szd749ihb08rxnsmsbxq75b6x952wpk94jwc0ncv6gb83zkx2";
sha256bin64 = "1ig899cpahw1xfhdff5xj6w4k8jja5smxvrcbw6b0jcjmawdrf72";
version = "81.0.4044.92";
};
}

View File

@ -22276,6 +22276,8 @@ in
uefitoolPackages = recurseIntoAttrs (callPackage ../tools/system/uefitool/variants.nix {});
uefitool = uefitoolPackages.new-engine;
ungoogled-chromium = callPackage ../applications/networking/browsers/ungoogled-chromium (config.chromium or {});
unigine-valley = callPackage ../applications/graphics/unigine-valley { };
unison = callPackage ../applications/networking/sync/unison {