From bc4318dca3a0ef9eebcf80551836dc94890787b1 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Mon, 19 Nov 2012 21:29:27 +0100
Subject: [PATCH 1/4] chromium: Fix omahaproxy URL in updater.

Omahaproxy got an overhaul and thus doesn't give CSV output on the main URL
anymoare. We're switching to /all for now and may want to refine this to only
what we're exactly looking for, but for now it fixes the updater.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 pkgs/applications/networking/browsers/chromium/update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/browsers/chromium/update.sh b/pkgs/applications/networking/browsers/chromium/update.sh
index c978ee4adf3..2d95d466b2a 100755
--- a/pkgs/applications/networking/browsers/chromium/update.sh
+++ b/pkgs/applications/networking/browsers/chromium/update.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-channels_url="http://omahaproxy.appspot.com/";
+channels_url="http://omahaproxy.appspot.com/all?csv=1";
 bucket_url="http://commondatastorage.googleapis.com/chromium-browser-official/";
 output_file="$(cd "$(dirname "$0")" && pwd)/sources.nix";
 

From d5c639cb558ee290f8107cece4334824df91a6c0 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 20 Nov 2012 00:25:14 +0100
Subject: [PATCH 2/4] chromium: Update channels to stable v23.0.1271.64.

This updates all release channels to the latest versions:

stable: 22.0.1229.94 -> 23.0.1271.64 (builds fine, tested)
beta: 23.0.1271.60 -> 24.0.1312.14 (builds fine, tested)
dev: 24.0.1312.2 -> 25.0.1323.1 (build failed, requires pciutils)

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 .../networking/browsers/chromium/sources.nix   | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix
index e829f00471c..9b6616ec63c 100644
--- a/pkgs/applications/networking/browsers/chromium/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/sources.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "24.0.1312.2";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-24.0.1312.2.tar.bz2";
-    sha256 = "155l6sm76cp2vzmm673dnb0vcz7akrz6xfp6jsmaa1175h0yal6h";
+    version = "25.0.1323.1";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-25.0.1323.1.tar.bz2";
+    sha256 = "1i7ga1qhnjvnw2gynmpmsvvl5pxcb5z9sgldp87d9yalim5sra6s";
   };
   beta = {
-    version = "23.0.1271.60";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.60.tar.bz2";
-    sha256 = "1xsa27ay37jls9jiwqn7wfsc4ag02qd316gszb226hp2vhfv6pf2";
+    version = "24.0.1312.14";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-24.0.1312.14.tar.bz2";
+    sha256 = "03w8cg4kqmpj82976ax9x6y275y9gcri4vc11cvfjp6r1issxzk8";
   };
   stable = {
-    version = "22.0.1229.94";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-22.0.1229.94.tar.bz2";
-    sha256 = "1bqwlgmn0dm1xvd6v52zf9gjmykgq4fnw7rancbplfpl3rl7xbx0";
+    version = "23.0.1271.64";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.64.tar.bz2";
+    sha256 = "1rzz08sgw07nkmvhhgyrkrcxj3z24lxbx0di6ky6jz3lshibp578";
   };
 }

From af8f08d63862d686697555b3759c9125956e97e6 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 20 Nov 2012 00:32:45 +0100
Subject: [PATCH 3/4] chromium: Drop obsolete pre-v23 seccomp patch.

The patch is no longer needed, as we are now using the BPF seccomp sandbox.
Unfortunately this is not marked "adequately sandboxed" in chrome://sandbox, as
it awaits security review on http://crbug.com/26528.

Unfortunately this gets us into a position where we can't be sure if the sandbox
is working correctly, especially because the non-BPF seccomp sandbox has a bunch
of stability issues and is marked legacy. And we definitely don't want to add
support for the setuid sandbox, do we?

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 .../networking/browsers/chromium/default.nix  |  5 -----
 .../browsers/chromium/enable_seccomp.patch    | 20 -------------------
 2 files changed, 25 deletions(-)
 delete mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp.patch

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index c8a470ce9da..ec431108011 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -84,10 +84,6 @@ let
     libusb1 libexif
   ];
 
-  maybeSeccompPatch = let
-    pre23 = versionOlder sourceInfo.version "23.0.0.0";
-  in optional pre23 ./enable_seccomp.patch;
-
   maybeFixPulseAudioBuild = let
     post23 = !versionOlder sourceInfo.version "24.0.0.0";
   in optional (post23 && cfg.pulseaudio) (fetchurl {
@@ -128,7 +124,6 @@ in stdenv.mkDerivation rec {
 
   patches = optional cfg.cups ./cups_allow_deprecated.patch
          ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
-         ++ maybeSeccompPatch
          ++ maybeFixPulseAudioBuild;
 
   postPatch = optionalString cfg.openssl ''
diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
deleted file mode 100644
index f947d796f18..00000000000
--- a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
-index d4618e5..108f846 100644
---- a/content/common/sandbox_linux.cc
-+++ b/content/common/sandbox_linux.cc
-@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) {
- // Implement the command line enabling logic for seccomp-legacy.
- bool IsSeccompLegacyDesired() {
- #if defined(SECCOMP_SANDBOX)
--#if defined(NDEBUG)
--  // Off by default; allow turning on with a switch.
--  return CommandLine::ForCurrentProcess()->HasSwitch(
--      switches::kEnableSeccompSandbox);
--#else
-   // On by default; allow turning off with a switch.
-   return !CommandLine::ForCurrentProcess()->HasSwitch(
-       switches::kDisableSeccompSandbox);
--#endif  // NDEBUG
- #endif  // SECCOMP_SANDBOX
-   return false;
- }

From a76e28b54c6a9d7c6600e3e0259070257a018700 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 20 Nov 2012 04:49:49 +0100
Subject: [PATCH 4/4] chromium: Add dependency on pciutils for v25.

This fixes the build for latest development version 25.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 .../networking/browsers/chromium/default.nix         | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index ec431108011..7d41f72df20 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -5,7 +5,7 @@
 , libevent, expat, libjpeg
 , libpng, libxml2, libxslt
 , xdg_utils, yasm, zlib
-, libusb1, libexif
+, libusb1, libexif, pciutils
 
 , python, perl, pkgconfig
 , nspr, udev, krb5
@@ -84,9 +84,10 @@ let
     libusb1 libexif
   ];
 
-  maybeFixPulseAudioBuild = let
-    post23 = !versionOlder sourceInfo.version "24.0.0.0";
-  in optional (post23 && cfg.pulseaudio) (fetchurl {
+  post23 = !versionOlder sourceInfo.version "24.0.0.0";
+  post24 = !versionOlder sourceInfo.version "25.0.0.0";
+
+  maybeFixPulseAudioBuild = optional (post23 && cfg.pulseaudio) (fetchurl {
     url = http://archrepo.jeago.com/sources/chromium-dev/pulse_audio_fix.patch;
     sha256 = "1w91mirrkqigdhsj892mqxlc0nlv1dsp5shc46w9xf8nl96jxgfb";
   });
@@ -116,7 +117,8 @@ in stdenv.mkDerivation rec {
     ++ optionals cfg.gnome [ gconf libgcrypt ]
     ++ optional cfg.selinux libselinux
     ++ optional cfg.cups libgcrypt
-    ++ optional cfg.pulseaudio pulseaudio;
+    ++ optional cfg.pulseaudio pulseaudio
+    ++ optional post24 pciutils;
 
   opensslPatches = optional cfg.openssl openssl.patches;