chromium: Update all channels to latest versions.
Overview of the updated versions: stable: 40.0.2214.91 -> 40.0.2214.115 beta: 41.0.2272.16 -> 41.0.2272.64 dev: 41.0.2272.16 -> 42.0.2305.3 Introduces 42.0.2305.3 as the new dev version, which no longer requires our user namespaces sandbox patch. Thanks to everyone participating in https://crbug.com/312380 for finally having this upstream. In the course of supporting the official namespace sandbox (that's what the user namespace sandbox is called), a few things needed to be fixed for version 42: * Add an updated nix_plugin_paths.patch, because the old one tries to patch the path for libpdf, which is now natively included in Chromium. * Don't copy libpdf.so to libexec path for version 42, it's no longer needed as it's completely built-in now. * Disable SUID sandbox directly in the source instead of going the easy route of passing --disable-setuid-sandbox. The reason is that with the command line flag a nasty nagbar will appear. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
d15d0bebc3
commit
0aad4b7ee4
|
@ -12,8 +12,10 @@ mkChromiumDerivation (base: rec {
|
||||||
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
|
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
|
||||||
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
|
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
|
||||||
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
|
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
|
||||||
cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/"
|
cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"
|
||||||
|
${optionalString (versionOlder base.version "42.0.0.0") ''
|
||||||
|
cp -v "$buildPath/libpdf.so" "$libExecPath/"
|
||||||
|
''}
|
||||||
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
|
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
|
||||||
|
|
||||||
mkdir -vp "$out/share/man/man1"
|
mkdir -vp "$out/share/man/man1"
|
||||||
|
|
|
@ -135,11 +135,11 @@ let
|
||||||
-exec chmod u+w {} +
|
-exec chmod u+w {} +
|
||||||
'';
|
'';
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = optionalString (versionOlder version "42.0.0.0") ''
|
||||||
sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
|
sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
|
||||||
sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));
|
sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));
|
||||||
' sandbox/linux/suid/client/setuid_sandbox_client.cc
|
' sandbox/linux/suid/client/setuid_sandbox_client.cc
|
||||||
|
'' + ''
|
||||||
sed -i -e '/module_path *=.*libexif.so/ {
|
sed -i -e '/module_path *=.*libexif.so/ {
|
||||||
s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
|
s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
|
||||||
}' chrome/utility/media_galleries/image_metadata_extractor.cc
|
}' chrome/utility/media_galleries/image_metadata_extractor.cc
|
||||||
|
@ -166,7 +166,9 @@ let
|
||||||
use_openssl = useOpenSSL;
|
use_openssl = useOpenSSL;
|
||||||
selinux = enableSELinux;
|
selinux = enableSELinux;
|
||||||
use_cups = cupsSupport;
|
use_cups = cupsSupport;
|
||||||
|
} // optionalAttrs (versionOlder version "42.0.0.0") {
|
||||||
linux_sandbox_chrome_path="${libExecPath}/${packageName}";
|
linux_sandbox_chrome_path="${libExecPath}/${packageName}";
|
||||||
|
} // {
|
||||||
werror = "";
|
werror = "";
|
||||||
clang = false;
|
clang = false;
|
||||||
enable_hidpi = hiDPISupport;
|
enable_hidpi = hiDPISupport;
|
||||||
|
|
|
@ -73,13 +73,15 @@ in stdenv.mkDerivation {
|
||||||
sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
|
sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
|
||||||
mkEnvVar = key: val: "--set '${key}' '${val}'";
|
mkEnvVar = key: val: "--set '${key}' '${val}'";
|
||||||
envVars = chromium.plugins.settings.envVars or {};
|
envVars = chromium.plugins.settings.envVars or {};
|
||||||
|
isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0";
|
||||||
flags = chromium.plugins.settings.flags or [];
|
flags = chromium.plugins.settings.flags or [];
|
||||||
|
setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\"";
|
||||||
in with stdenv.lib; ''
|
in with stdenv.lib; ''
|
||||||
mkdir -p "$out/bin" "$out/share/applications"
|
mkdir -p "$out/bin" "$out/share/applications"
|
||||||
|
|
||||||
ln -s "${chromium.browser}/share" "$out/share"
|
ln -s "${chromium.browser}/share" "$out/share"
|
||||||
makeWrapper "${browserBinary}" "$out/bin/chromium" \
|
makeWrapper "${browserBinary}" "$out/bin/chromium" \
|
||||||
--set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \
|
${optionalString (!isVer42) setBinPath} \
|
||||||
${concatStrings (mapAttrsToList mkEnvVar envVars)} \
|
${concatStrings (mapAttrsToList mkEnvVar envVars)} \
|
||||||
--add-flags "${concatStringsSep " " flags}"
|
--add-flags "${concatStringsSep " " flags}"
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,9 @@ with (import ./update.nix {
|
||||||
inherit (stdenv) system;
|
inherit (stdenv) system;
|
||||||
}).getChannel channel;
|
}).getChannel channel;
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
let
|
||||||
|
pre42 = versionOlder version "42.0.0.0";
|
||||||
|
in stdenv.mkDerivation {
|
||||||
name = "chromium-source-${version}";
|
name = "chromium-source-${version}";
|
||||||
|
|
||||||
src = fetchurl main;
|
src = fetchurl main;
|
||||||
|
@ -22,7 +24,11 @@ stdenv.mkDerivation {
|
||||||
|
|
||||||
prePatch = "patchShebangs .";
|
prePatch = "patchShebangs .";
|
||||||
|
|
||||||
patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ];
|
patches = if pre42 then [
|
||||||
|
./sandbox_userns_36.patch ./nix_plugin_paths.patch
|
||||||
|
] else [
|
||||||
|
./nix_plugin_paths_42.patch
|
||||||
|
];
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
sed -i -r \
|
sed -i -r \
|
||||||
|
@ -32,6 +38,9 @@ stdenv.mkDerivation {
|
||||||
build/common.gypi chrome/chrome_tests.gypi
|
build/common.gypi chrome/chrome_tests.gypi
|
||||||
'' + optionalString useOpenSSL ''
|
'' + optionalString useOpenSSL ''
|
||||||
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
|
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
|
||||||
|
'' + optionalString (!pre42) ''
|
||||||
|
sed -i -e '/LOG.*no_suid_error/d' \
|
||||||
|
"$main/content/browser/browser_main_loop.cc"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
outputs = [ "out" "sandbox" "bundled" "main" ];
|
outputs = [ "out" "sandbox" "bundled" "main" ];
|
||||||
|
|
|
@ -0,0 +1,93 @@
|
||||||
|
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
|
||||||
|
index 8a205a6..d5c24e1 100644
|
||||||
|
--- a/chrome/common/chrome_paths.cc
|
||||||
|
+++ b/chrome/common/chrome_paths.cc
|
||||||
|
@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>
|
||||||
|
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
|
||||||
|
|
||||||
|
// Gets the path for internal plugins.
|
||||||
|
-bool GetInternalPluginsDirectory(base::FilePath* result) {
|
||||||
|
-#if defined(OS_MACOSX) && !defined(OS_IOS)
|
||||||
|
- // If called from Chrome, get internal plugins from a subdirectory of the
|
||||||
|
- // framework.
|
||||||
|
- if (base::mac::AmIBundled()) {
|
||||||
|
- *result = chrome::GetFrameworkBundlePath();
|
||||||
|
- DCHECK(!result->empty());
|
||||||
|
- *result = result->Append("Internet Plug-Ins");
|
||||||
|
- return true;
|
||||||
|
- }
|
||||||
|
- // In tests, just look in the module directory (below).
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
- // The rest of the world expects plugins in the module directory.
|
||||||
|
- return PathService::Get(base::DIR_MODULE, result);
|
||||||
|
+bool GetInternalPluginsDirectory(base::FilePath* result,
|
||||||
|
+ const std::string& ident) {
|
||||||
|
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
|
||||||
|
+ const char* value = getenv(full_env.c_str());
|
||||||
|
+ if (value == NULL)
|
||||||
|
+ return PathService::Get(base::DIR_MODULE, result);
|
||||||
|
+ else
|
||||||
|
+ *result = base::FilePath(value);
|
||||||
|
}
|
||||||
|
|
||||||
|
} // namespace
|
||||||
|
@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
create_dir = true;
|
||||||
|
break;
|
||||||
|
case chrome::DIR_INTERNAL_PLUGINS:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
|
||||||
|
return false;
|
||||||
|
break;
|
||||||
|
case chrome::DIR_PEPPER_FLASH_PLUGIN:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
|
||||||
|
return false;
|
||||||
|
cur = cur.Append(kPepperFlashBaseDirectory);
|
||||||
|
break;
|
||||||
|
@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
cur = cur.Append(FILE_PATH_LITERAL("script.log"));
|
||||||
|
break;
|
||||||
|
case chrome::FILE_FLASH_PLUGIN:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))
|
||||||
|
return false;
|
||||||
|
cur = cur.Append(kInternalFlashPluginFileName);
|
||||||
|
break;
|
||||||
|
@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
cur = cur.Append(chrome::kPepperFlashPluginFilename);
|
||||||
|
break;
|
||||||
|
case chrome::FILE_EFFECTS_PLUGIN:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS"))
|
||||||
|
return false;
|
||||||
|
cur = cur.Append(kEffectsPluginFileName);
|
||||||
|
break;
|
||||||
|
@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
// We currently need a path here to look up whether the plugin is disabled
|
||||||
|
// and what its permissions are.
|
||||||
|
case chrome::FILE_NACL_PLUGIN:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "NACL"))
|
||||||
|
return false;
|
||||||
|
cur = cur.Append(kInternalNaClPluginFileName);
|
||||||
|
break;
|
||||||
|
@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
cur = cur.DirName();
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
|
||||||
|
return false;
|
||||||
|
#endif
|
||||||
|
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
|
||||||
|
@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {
|
||||||
|
// In the component case, this is the source adapter. Otherwise, it is the
|
||||||
|
// actual Pepper module that gets loaded.
|
||||||
|
case chrome::FILE_WIDEVINE_CDM_ADAPTER:
|
||||||
|
- if (!GetInternalPluginsDirectory(&cur))
|
||||||
|
+ if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
|
||||||
|
return false;
|
||||||
|
cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
|
||||||
|
break;
|
|
@ -1,21 +1,21 @@
|
||||||
# This file is autogenerated from update.sh in the parent directory.
|
# This file is autogenerated from update.sh in the parent directory.
|
||||||
{
|
{
|
||||||
dev = {
|
dev = {
|
||||||
version = "41.0.2272.16";
|
version = "42.0.2305.3";
|
||||||
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
|
sha256 = "00338x1x78wcvaxcnnq5cng30450gsyqnlwplgyq7zjsrpqpprvn";
|
||||||
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
|
sha256bin32 = "1xxmyfmdksqpwwf3wxhxrxvqnvjxlwkhkrdzkmra7d74hz7mqjz7";
|
||||||
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
|
sha256bin64 = "0q4hvvkjzy46x9hfhchywakzrd0jfwhxxsv96cz3yfcqwasf42x7";
|
||||||
};
|
};
|
||||||
beta = {
|
beta = {
|
||||||
version = "41.0.2272.16";
|
version = "41.0.2272.64";
|
||||||
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
|
sha256 = "0jq864636527fpnrkdaalp73hjcd581imdk13bxfi6g4ic0sizkg";
|
||||||
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
|
sha256bin32 = "12sisp6bk6qvgikzxi616d8cnrrgs2593kyq7sv3276wjz34a07m";
|
||||||
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
|
sha256bin64 = "1vz89r43byd0shjvr6bvmwlsh97fx281hlzfv49q9k49piyfylgp";
|
||||||
};
|
};
|
||||||
stable = {
|
stable = {
|
||||||
version = "40.0.2214.91";
|
version = "40.0.2214.115";
|
||||||
sha256 = "0ja1wvjn0g8xs20j87s3gl9h70yzx8rfa3k126wnl9gay6gxlbzp";
|
sha256 = "19d6zd71w3zvqwb0ncdapfwkckjgqmb1jfg228jvaispp9nvjq92";
|
||||||
sha256bin32 = "0mfg66s7fqx6v8n0hilsw40i5ximasbqhrmw4fpnpa0x0i77bphj";
|
sha256bin32 = "1sv8sj0xp14q5693jcwwipinx539d5rgvhqcxm6b030024jjh8sr";
|
||||||
sha256bin64 = "14lqm8m937b9sl5k7sc939aar76ij9790c807yahk6q36mfyd269";
|
sha256bin64 = "1zgb9g6fr29i7f9s1s1dcih1qjiz62ir90k0fsam9df99gzmmyc0";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue