This reverts commit cd52c04456 and
others.
Managing certificates (including revoking certificates and adding
custom certificates) becomes extremely painful if every package in the
system potentially depends on a different copy of cacert. Also, it
makes updating cacert rather expensive.
The only mirror left which still has the .deb for 44.0.2403.89 is
http://mirror.pcbeta.com/, but that one doesn't seem to be reachable
from certain contries.
And according to @CestDiego, it doesn't seem to be reachable from within
the US.
Closes#9021, thanks to @CestDiego for reporting.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: Diego Berrocal <cestdiego@gmail.com>
Tested-by: Diego Berrocal <cestdiego@gmail.com>
Overview of the updated versions:
stable: 43.0.2357.125 -> 43.0.2357.130
beta: 44.0.2403.52 -> 44.0.2403.61
For the beta channel the following changes were necessary:
* Drop all patches which were added in c290595 because they apply to
44.0.2403.52 only. The shipped version of Blink was older than the
one used for Chromium itself and thus contained just the
cherry-picked patches from upstream Blink.
* The ffmpegsumo library is now statically linked the same way as in
the dev version, so let's not try to put it into the output store
path.
All channels were built successfully on my Hydra at:
https://headcounter.org/hydra/eval/187176
VM tests did also pass and can be found at:
x86: https://headcounter.org/hydra/build/707636
x86_64: https://headcounter.org/hydra/build/707637
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Just silencing the error will not prevent Chromium from trying to start
up the SUID sandbox anyway, thus flooding stderr with:
LaunchProcess: failed to execvp:
After digging a bit in the source code I found out that the SUID sandbox
binary is indeed used, but only for setting oom_score_adj within the
user namespace (as "root"). So let's build the sandbox binary and of
course don't set setuid bit.
These annoying error messages were originally introduced by 0aad4b7 and
I'm deeply sorry for annoying you guys out there with them.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Since 0aad4b7, we no longer need to have an external sandbox binary,
because the upstream implementation of the user namespace sandbox no
longer needs an external sandbox binary.
In our implementation of the user namespace sandbox, we (ab)used the
setuid sandbox to run non-setuid and set up user namespaces instead.
Because our implementation is no longer needed, we can safely drop the
external binary entirely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
There has been some recent news about that component extension on hacker
news:
https://news.ycombinator.com/item?id=9724409
Even though on our side it won't work, because we don't have NaCl
enabled by default or even working (I honestly haven't tested if it even
builds if enabled), we might get to the point where we can build with
NaCl enabled.
But until and even after that day, we want to have explicit control on
whether this extension is enabled.
Please also have a look at these two issues explaining the details
(about component extensions and the hotwording extension in particular):
https://crbug.com/491435https://crbug.com/500922
Fixes issue #8358.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
There was the usual crashing and a few icons missing.
@lethalman: I think it's best to start putting $XDG_ICON_DIRS into suffix
instead of prefix (as here), so user-installed icons take precedence.
/cc #7743.
This also merges pull request #8290 plus a few other fixes from
@ambrop72 and me.
The summary of changes is:
* Update all channels to latest upstream.
* Update GYP package and drop gyp_svn1977.
* Remove ICU from buildInputs to prevent build failure.
* Switch back to using --depth . to GYP instead of patching in the
absolute store paths.
* Don't symlink source code anymore, which might introduce a
regression on high I/O load on Hydra. As this is only a temporary
build fix, let's cross fingers and hope we don't hit it. See
c92dbffeac for an explanation.
* Use HTTPS for the bucket URL.
* Fix nix_plugin_paths patch for version 44 and higher.
Tested at: https://headcounter.org/hydra/eval/169134
The pepper effects plugin has been removed and migrated to NaCl, so I'm
just dropping the hunk of that patch.
Upstream reviow URL: https://codereview.chromium.org/1085393003
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Changes included:
- Update versions.
- Use gyp package not gyp_svn1977.
- Remove icu from buildInputs, since this causes a build error due to inferference with use_system_icu=false.
- Remove the hack that inserts the absolute path into gyp files, and pass `--depth .` to gyp. This resolves the `third_party/angle` gyp error.
- Do a normal copy of the source code not a symlink copy. This resolves some link error where the symlinks interfere with relative paths (seems like because gyp resolves symlinks first). Note, this used to be worked around with the absolute path insertion hack.
- Change the bucketURL in update.nix to https (for more secure updates).