From 0aad4b7ee418a5a4a6aa0c2da8a590480a63562a Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 28 Jan 2015 08:12:51 +0100 Subject: [PATCH] chromium: Update all channels to latest versions. Overview of the updated versions: stable: 40.0.2214.91 -> 40.0.2214.115 beta: 41.0.2272.16 -> 41.0.2272.64 dev: 41.0.2272.16 -> 42.0.2305.3 Introduces 42.0.2305.3 as the new dev version, which no longer requires our user namespaces sandbox patch. Thanks to everyone participating in https://crbug.com/312380 for finally having this upstream. In the course of supporting the official namespace sandbox (that's what the user namespace sandbox is called), a few things needed to be fixed for version 42: * Add an updated nix_plugin_paths.patch, because the old one tries to patch the path for libpdf, which is now natively included in Chromium. * Don't copy libpdf.so to libexec path for version 42, it's no longer needed as it's completely built-in now. * Disable SUID sandbox directly in the source instead of going the easy route of passing --disable-setuid-sandbox. The reason is that with the command line flag a nasty nagbar will appear. Signed-off-by: aszlig --- .../networking/browsers/chromium/browser.nix | 6 +- .../networking/browsers/chromium/common.nix | 6 +- .../networking/browsers/chromium/default.nix | 4 +- .../browsers/chromium/source/default.nix | 13 ++- .../chromium/source/nix_plugin_paths_42.patch | 93 +++++++++++++++++++ .../browsers/chromium/source/sources.nix | 24 ++--- 6 files changed, 127 insertions(+), 19 deletions(-) create mode 100644 pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index 6dcc1dbf860..41617d0182a 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -12,8 +12,10 @@ mkChromiumDerivation (base: rec { cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" cp -v "$buildPath/icudtl.dat" "$libExecPath/" cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" - cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/" - + cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/" + ${optionalString (versionOlder base.version "42.0.0.0") '' + cp -v "$buildPath/libpdf.so" "$libExecPath/" + ''} cp -v "$buildPath/chrome" "$libExecPath/$packageName" mkdir -vp "$out/share/man/man1" diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 9c8e7d08382..14d53357b89 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -135,11 +135,11 @@ let -exec chmod u+w {} + ''; - postPatch = '' + postPatch = optionalString (versionOlder version "42.0.0.0") '' sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \ sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH")); ' sandbox/linux/suid/client/setuid_sandbox_client.cc - + '' + '' sed -i -e '/module_path *=.*libexif.so/ { s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")| }' chrome/utility/media_galleries/image_metadata_extractor.cc @@ -166,7 +166,9 @@ let use_openssl = useOpenSSL; selinux = enableSELinux; use_cups = cupsSupport; + } // optionalAttrs (versionOlder version "42.0.0.0") { linux_sandbox_chrome_path="${libExecPath}/${packageName}"; + } // { werror = ""; clang = false; enable_hidpi = hiDPISupport; diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index c41b2e2c4e7..85b2e9b8051 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -73,13 +73,15 @@ in stdenv.mkDerivation { sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox"; mkEnvVar = key: val: "--set '${key}' '${val}'"; envVars = chromium.plugins.settings.envVars or {}; + isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0"; flags = chromium.plugins.settings.flags or []; + setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\""; in with stdenv.lib; '' mkdir -p "$out/bin" "$out/share/applications" ln -s "${chromium.browser}/share" "$out/share" makeWrapper "${browserBinary}" "$out/bin/chromium" \ - --set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \ + ${optionalString (!isVer42) setBinPath} \ ${concatStrings (mapAttrsToList mkEnvVar envVars)} \ --add-flags "${concatStringsSep " " flags}" diff --git a/pkgs/applications/networking/browsers/chromium/source/default.nix b/pkgs/applications/networking/browsers/chromium/source/default.nix index 15f2feb5a43..1a48c2d037c 100644 --- a/pkgs/applications/networking/browsers/chromium/source/default.nix +++ b/pkgs/applications/networking/browsers/chromium/source/default.nix @@ -9,7 +9,9 @@ with (import ./update.nix { inherit (stdenv) system; }).getChannel channel; -stdenv.mkDerivation { +let + pre42 = versionOlder version "42.0.0.0"; +in stdenv.mkDerivation { name = "chromium-source-${version}"; src = fetchurl main; @@ -22,7 +24,11 @@ stdenv.mkDerivation { prePatch = "patchShebangs ."; - patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ]; + patches = if pre42 then [ + ./sandbox_userns_36.patch ./nix_plugin_paths.patch + ] else [ + ./nix_plugin_paths_42.patch + ]; postPatch = '' sed -i -r \ @@ -32,6 +38,9 @@ stdenv.mkDerivation { build/common.gypi chrome/chrome_tests.gypi '' + optionalString useOpenSSL '' cat $opensslPatches | patch -p1 -d third_party/openssl/openssl + '' + optionalString (!pre42) '' + sed -i -e '/LOG.*no_suid_error/d' \ + "$main/content/browser/browser_main_loop.cc" ''; outputs = [ "out" "sandbox" "bundled" "main" ]; diff --git a/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch b/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch new file mode 100644 index 00000000000..fb09763c997 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch @@ -0,0 +1,93 @@ +diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc +index 8a205a6..d5c24e1 100644 +--- a/chrome/common/chrome_paths.cc ++++ b/chrome/common/chrome_paths.cc +@@ -97,21 +97,14 @@ static base::LazyInstance + g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER; + + // Gets the path for internal plugins. +-bool GetInternalPluginsDirectory(base::FilePath* result) { +-#if defined(OS_MACOSX) && !defined(OS_IOS) +- // If called from Chrome, get internal plugins from a subdirectory of the +- // framework. +- if (base::mac::AmIBundled()) { +- *result = chrome::GetFrameworkBundlePath(); +- DCHECK(!result->empty()); +- *result = result->Append("Internet Plug-Ins"); +- return true; +- } +- // In tests, just look in the module directory (below). +-#endif +- +- // The rest of the world expects plugins in the module directory. +- return PathService::Get(base::DIR_MODULE, result); ++bool GetInternalPluginsDirectory(base::FilePath* result, ++ const std::string& ident) { ++ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident; ++ const char* value = getenv(full_env.c_str()); ++ if (value == NULL) ++ return PathService::Get(base::DIR_MODULE, result); ++ else ++ *result = base::FilePath(value); + } + + } // namespace +@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) { + create_dir = true; + break; + case chrome::DIR_INTERNAL_PLUGINS: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "ALL")) + return false; + break; + case chrome::DIR_PEPPER_FLASH_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH")) + return false; + cur = cur.Append(kPepperFlashBaseDirectory); + break; +@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) { + cur = cur.Append(FILE_PATH_LITERAL("script.log")); + break; + case chrome::FILE_FLASH_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "FILEFLASH")) + return false; + cur = cur.Append(kInternalFlashPluginFileName); + break; +@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) { + cur = cur.Append(chrome::kPepperFlashPluginFilename); + break; + case chrome::FILE_EFFECTS_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS")) + return false; + cur = cur.Append(kEffectsPluginFileName); + break; +@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) { + // We currently need a path here to look up whether the plugin is disabled + // and what its permissions are. + case chrome::FILE_NACL_PLUGIN: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "NACL")) + return false; + cur = cur.Append(kInternalNaClPluginFileName); + break; +@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) { + cur = cur.DirName(); + } + #else +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "PNACL")) + return false; + #endif + cur = cur.Append(FILE_PATH_LITERAL("pnacl")); +@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) { + // In the component case, this is the source adapter. Otherwise, it is the + // actual Pepper module that gets loaded. + case chrome::FILE_WIDEVINE_CDM_ADAPTER: +- if (!GetInternalPluginsDirectory(&cur)) ++ if (!GetInternalPluginsDirectory(&cur, "WIDEVINE")) + return false; + cur = cur.AppendASCII(kWidevineCdmAdapterFileName); + break; diff --git a/pkgs/applications/networking/browsers/chromium/source/sources.nix b/pkgs/applications/networking/browsers/chromium/source/sources.nix index 5f40e63125d..daefa263510 100644 --- a/pkgs/applications/networking/browsers/chromium/source/sources.nix +++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix @@ -1,21 +1,21 @@ # This file is autogenerated from update.sh in the parent directory. { dev = { - version = "41.0.2272.16"; - sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq"; - sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd"; - sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2"; + version = "42.0.2305.3"; + sha256 = "00338x1x78wcvaxcnnq5cng30450gsyqnlwplgyq7zjsrpqpprvn"; + sha256bin32 = "1xxmyfmdksqpwwf3wxhxrxvqnvjxlwkhkrdzkmra7d74hz7mqjz7"; + sha256bin64 = "0q4hvvkjzy46x9hfhchywakzrd0jfwhxxsv96cz3yfcqwasf42x7"; }; beta = { - version = "41.0.2272.16"; - sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq"; - sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd"; - sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2"; + version = "41.0.2272.64"; + sha256 = "0jq864636527fpnrkdaalp73hjcd581imdk13bxfi6g4ic0sizkg"; + sha256bin32 = "12sisp6bk6qvgikzxi616d8cnrrgs2593kyq7sv3276wjz34a07m"; + sha256bin64 = "1vz89r43byd0shjvr6bvmwlsh97fx281hlzfv49q9k49piyfylgp"; }; stable = { - version = "40.0.2214.91"; - sha256 = "0ja1wvjn0g8xs20j87s3gl9h70yzx8rfa3k126wnl9gay6gxlbzp"; - sha256bin32 = "0mfg66s7fqx6v8n0hilsw40i5ximasbqhrmw4fpnpa0x0i77bphj"; - sha256bin64 = "14lqm8m937b9sl5k7sc939aar76ij9790c807yahk6q36mfyd269"; + version = "40.0.2214.115"; + sha256 = "19d6zd71w3zvqwb0ncdapfwkckjgqmb1jfg228jvaispp9nvjq92"; + sha256bin32 = "1sv8sj0xp14q5693jcwwipinx539d5rgvhqcxm6b030024jjh8sr"; + sha256bin64 = "1zgb9g6fr29i7f9s1s1dcih1qjiz62ir90k0fsam9df99gzmmyc0"; }; }