public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chromium: Split sandbox off the main output path.

Browse Source 
Now the chromium derivation produces an extra output path for the
sandbox in order to be properly used as a setuid wrapper in <nixos>
without the need to include the full Chromium package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2013-09-25 13:45:13 +02:00
parent c9614d2d05
commit 45b69d6dba
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
2 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -81,11 +81,18 @@ let
libusb1 libexif libusb1 libexif
]; ];
sandbox = import ./sandbox.nix {
inherit stdenv;
src = src.sandbox;
binary = "${packageName}_sandbox";
};
# build paths and release info # build paths and release info
packageName = "chromium"; packageName = "chromium";
buildType = "Release"; buildType = "Release";
buildPath = "out/${buildType}"; buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}"; libExecPath = "$out/libexec/${packageName}";
sandboxPath = "${sandbox}/bin/${packageName}_sandbox";
# user namespace sandbox patch # user namespace sandbox patch
userns_patch = if versionOlder sourceInfo.version "30.0.0.0" userns_patch = if versionOlder sourceInfo.version "30.0.0.0"
@ -137,7 +144,7 @@ in stdenv.mkDerivation rec {
'' + optionalString (!versionOlder sourceInfo.version "30.0.0.0") '' '' + optionalString (!versionOlder sourceInfo.version "30.0.0.0") ''
sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \ sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
sandbox_binary = \ sandbox_binary = \
base::FilePath("'"${libExecPath}/${packageName}_sandbox"'"); base::FilePath("'"${sandboxPath}"'");
' content/browser/browser_main_loop.cc ' content/browser/browser_main_loop.cc
''; '';
@ -153,7 +160,7 @@ in stdenv.mkDerivation rec {
use_openssl = useOpenSSL; use_openssl = useOpenSSL;
selinux = enableSELinux; selinux = enableSELinux;
use_cups = cupsSupport; use_cups = cupsSupport;
linux_sandbox_path="${libExecPath}/${packageName}_sandbox"; linux_sandbox_path="${sandboxPath}";
linux_sandbox_chrome_path="${libExecPath}/${packageName}"; linux_sandbox_chrome_path="${libExecPath}/${packageName}";
werror = ""; werror = "";
@ -185,13 +192,13 @@ in stdenv.mkDerivation rec {
CC="${CC}" CC_host="${CC}" \ CC="${CC}" CC_host="${CC}" \
CXX="${CXX}" CXX_host="${CXX}" \ CXX="${CXX}" CXX_host="${CXX}" \
LINK_host="${CXX}" \ LINK_host="${CXX}" \
"${ninja}/bin/ninja" -C "out/${buildType}" \ "${ninja}/bin/ninja" -C "${buildPath}" \
-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \ -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
chrome ${optionalString (!enableSELinux) "chrome_sandbox"} chrome ${optionalString (!enableSELinux) "chrome_sandbox"}
''; '';
installPhase = '' installPhase = ''
mkdir -vp "${libExecPath}" ensureDir "${libExecPath}"
cp -v "${buildPath}/"*.pak "${libExecPath}/" cp -v "${buildPath}/"*.pak "${libExecPath}/"
cp -vR "${buildPath}/locales" "${buildPath}/resources" "${libExecPath}/" cp -vR "${buildPath}/locales" "${buildPath}/resources" "${libExecPath}/"
cp -v ${buildPath}/libffmpegsumo.so "${libExecPath}/" cp -v ${buildPath}/libffmpegsumo.so "${libExecPath}/"
@ -200,7 +207,6 @@ in stdenv.mkDerivation rec {
mkdir -vp "$out/bin" mkdir -vp "$out/bin"
makeWrapper "${libExecPath}/${packageName}" "$out/bin/${packageName}" makeWrapper "${libExecPath}/${packageName}" "$out/bin/${packageName}"
cp -v "${buildPath}/chrome_sandbox" "${libExecPath}/${packageName}_sandbox"
mkdir -vp "$out/share/man/man1" mkdir -vp "$out/share/man/man1"
cp -v "${buildPath}/chrome.1" "$out/share/man/man1/${packageName}.1" cp -v "${buildPath}/chrome.1" "$out/share/man/man1/${packageName}.1"
@ -216,6 +222,10 @@ in stdenv.mkDerivation rec {
done done
''; '';
passthru = {
inherit sandbox;
};
meta = { meta = {
description = "An open source web browser from Google"; description = "An open source web browser from Google";
homepage = http://www.chromium.org/; homepage = http://www.chromium.org/;

20
pkgs/applications/networking/browsers/chromium/sandbox.nix Normal file
View File

@ -0,0 +1,20 @@
{ stdenv, src, binary }:
stdenv.mkDerivation {
name = "chromium-sandbox-${src.version}";
inherit src;
patchPhase = ''
sed -i -e '/#include.*base_export/c \
#define BASE_EXPORT __attribute__((visibility("default")))
' linux/suid/*.[hc]
'';
buildPhase = ''
gcc -Wall -std=gnu99 -o sandbox linux/suid/*.c
'';
installPhase = ''
install -svD sandbox "$out/bin/${binary}"
'';
}