Merge branch 'chromium-update-with-gn'

This brings in the new stable version 54 which also introduces a lot of security fixes: CVE-2016-5198: Out of bounds memory access in V8 CVE-2016-5181: Universal XSS in Blink CVE-2016-5182: Heap overflow in Blink CVE-2016-5183: Use after free in PDFium CVE-2016-5184: Use after free in PDFium CVE-2016-5185: Use after free in Blink CVE-2016-5187: URL spoofing CVE-2016-5188: UI spoofing CVE-2016-5192: Cross-origin bypass in Blink CVE-2016-5189: URL spoofing CVE-2016-5186: Out of bounds read in DevTools CVE-2016-5191: Universal XSS in Bookmarks CVE-2016-5190: Use after free in Internals CVE-2016-5193: Scheme bypass Detailed announcements about these changes can be found here (latest to oldest): https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.html https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html The update process of Chromium has been a bit bumpy on our side, because version 54 also did the switch from GYP to GN so it wasn't just a matter of updating the upstream-info file. I've tested the Flash plugin (which runs fine) and WideVine manually, although I couldn't get WideVine to work (I was running this within a VM though). So if people want to use WideVine they need to use Chrome instead until we got this sorted out. VM test results along with builds for all platforms can be found here: https://headcounter.org/hydra/eval/339328 I'm going to backport these changes to stable as soon as the tests/builds succeed there as well. Closes: #19565 Closes: #20120
2016-11-09 09:55:31 +01:00 · 2016-11-09 09:55:31 +01:00 · c67a7ee731
parent cef68b475e 4e7eb75a79
commit c67a7ee731
10 changed files with 216 additions and 215 deletions
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@ -118,7 +118,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
      "ulimit -c unlimited; ".
      "chromium $args \"$url\" & disown"
    );
-    $machine->waitForText(qr/Type to search or enter a URL to navigate/);
+    $machine->waitForText(qr/startup done/);
    $machine->waitUntilSucceeds("${xdo "check-startup" ''
      search --sync --onlyvisible --name "startup done"
      # close first start help popup
--- a/pkgs/applications/networking/browsers/chromium/browser.nix
+++ b/pkgs/applications/networking/browsers/chromium/browser.nix
@ -18,6 +18,11 @@ mkChromiumDerivation (base: rec {
    cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
    cp -v "$buildPath/chrome" "$libExecPath/$packageName"
    if [ -e "$buildPath/libwidevinecdmadapter.so" ]; then
      cp -v "$buildPath/libwidevinecdmadapter.so" \
            "$libExecPath/libwidevinecdmadapter.so"
    fi
    mkdir -p "$sandbox/bin"
    cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}"
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@ -1,17 +1,17 @@
-{ stdenv, ninja, which
+{ stdenv, gn, ninja, which
 # default dependencies
 , bzip2, flac, speex, libopus
 , libevent, expat, libjpeg, snappy
 , libpng, libxml2, libxslt, libcap
 , xdg_utils, yasm, minizip, libwebp
-, libusb1, pciutils, nss
+, libusb1, pciutils, nss, re2, zlib, libvpx
-, python2Packages, perl, pkgconfig
+, python, pythonPackages, perl, pkgconfig
 , nspr, systemd, kerberos
 , utillinux, alsaLib
 , bison, gperf
-, glib, gtk2, dbus_glib
+, glib, gtk2, gtk3, dbus_glib
 , libXScrnSaver, libXcursor, libXtst, mesa
 , protobuf, speechd, libXdamage, cups
@ -23,12 +23,12 @@
 , enableSELinux ? false, libselinux ? null
 , enableNaCl ? false
 , enableHotwording ? false
 , enableWideVine ? false
 , gnomeSupport ? false, gnome ? null
 , gnomeKeyringSupport ? false, libgnome_keyring3 ? null
 , proprietaryCodecs ? true
 , cupsSupport ? true
 , pulseSupport ? false, libpulseaudio ? null
 , hiDPISupport ? false
 , upstream-info
 }:
@ -38,47 +38,28 @@ buildFun:
 with stdenv.lib;
 let
  inherit (python2Packages) python gyp ply jinja2;
  # The additional attributes for creating derivations based on the chromium
  # source tree.
  extraAttrs = buildFun base;
-  mkGypFlags =
+  mkGnFlags =
    let
      # Serialize Nix types into GN types according to this document:
      # https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/language.md
      mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
      sanitize = value:
-        if value == true then "1"
+        if value == true then "true"
-        else if value == false then "0"
+        else if value == false then "false"
-        else "${value}";
+        else if isList value then "[${concatMapStringsSep ", " sanitize value}]"
-      toFlag = key: value: "-D${key}=${sanitize value}";
+        else if isInt value then toString value
        else if isString value then mkGnString value
        else throw "Unsupported type for GN value `${value}'.";
      toFlag = key: value: "${key}=${sanitize value}";
    in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
-  gypFlagsUseSystemLibs = {
+  gnSystemLibraries = [
-    use_system_bzip2 = true;
+    "flac" "libwebp" "libxml" "libxslt" "snappy" "yasm"
-    use_system_flac = true;
+  ];
    use_system_libevent = true;
    use_system_libexpat = true;
    # XXX: System libjpeg fails to link for version 52.0.2743.10
    use_system_libjpeg = versionOlder upstream-info.version "52.0.2743.10";
    use_system_libpng = false;
    use_system_libwebp = true;
    use_system_libxml = true;
    use_system_opus = true;
    use_system_snappy = true;
    use_system_speex = true;
    use_system_stlport = true;
    use_system_xdg_utils = true;
    use_system_yasm = true;
    use_system_zlib = false;
    use_system_protobuf = false; # needs newer protobuf
    use_system_harfbuzz = false;
    use_system_icu = false; # Doesn't support ICU 52 yet.
    use_system_libusb = false; # http://crbug.com/266149
    use_system_skia = false;
    use_system_sqlite = false; # http://crbug.com/22208
    use_system_v8 = false;
  };
  opusWithCustomModes = libopus.override {
    withCustomModes = true;
@ -89,7 +70,7 @@ let
    libevent expat libjpeg snappy
    libpng libxml2 libxslt libcap
    xdg_utils yasm minizip libwebp
-    libusb1
+    libusb1 re2 zlib
  ];
  # build paths and release info
@ -105,36 +86,27 @@ let
    src = upstream-info.main;
-    unpackCmd = ''
+    nativeBuildInputs = [ gn which python perl pkgconfig ];
      tar xf "$src" \
        --anchored \
        --no-wildcards-match-slash \
        --exclude='*/tools/gyp'
    '';
    buildInputs = defaultDependencies ++ [
      which
      python perl pkgconfig
      nspr nss systemd
      utillinux alsaLib
      bison gperf kerberos
      glib gtk2 dbus_glib
      libXScrnSaver libXcursor libXtst mesa
      pciutils protobuf speechd libXdamage
-      gyp ply jinja2
+      pythonPackages.ply pythonPackages.jinja2
    ] ++ optional gnomeKeyringSupport libgnome_keyring3
      ++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
      ++ optional enableSELinux libselinux
      ++ optionals cupsSupport [ libgcrypt cups ]
-      ++ optional pulseSupport libpulseaudio;
+      ++ optional pulseSupport libpulseaudio
      ++ optional (versionAtLeast version "56.0.0.0") gtk3;
    patches = [
      ./patches/widevine.patch
      ./patches/glibc-2.24.patch
-      (if versionOlder version "52.0.0.0"
+      ./patches/nix_plugin_paths_52.patch
-       then ./patches/nix_plugin_paths_50.patch
+    ] ++ optional enableWideVine ./patches/widevine.patch;
       else ./patches/nix_plugin_paths_52.patch)
    ];
    postPatch = ''
      # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
@ -143,12 +115,6 @@ let
          'return sandbox_binary;' \
          'return base::FilePath(GetDevelSandboxPath());'
      sed -i -r \
        -e 's/-f(stack-protector)(-all)?/-fno-\1/' \
        -e 's|/bin/echo|echo|' \
        -e "/python_arch/s/: *'[^']*'/: '""'/" \
        build/common.gypi chrome/chrome_tests.gypi
      sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${systemd.lib}/lib/\1!' \
        device/udev_linux/udev?_loader.cc
@ -157,31 +123,37 @@ let
      sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
        chrome/browser/ui/webui/engagement/site_engagement_ui.cc
      sed -i -e '/#include/ {
        i #include <algorithm>
        :l; n; bl
      }' gpu/config/gpu_control_list.cc
      patchShebangs .
    '' + optionalString (versionAtLeast version "52.0.0.0") ''
      sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
        third_party/pdfium/xfa/fxbarcode/utils.h
    '';
-    gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
+    gnFlags = mkGnFlags ({
      linux_use_bundled_binutils = false;
      linux_use_bundled_gold = false;
      linux_use_gold_flags = true;
      is_debug = false;
      proprietary_codecs = false;
      use_sysroot = false;
      use_gnome_keyring = gnomeKeyringSupport;
      use_gconf = gnomeSupport;
      use_gio = gnomeSupport;
-      use_pulseaudio = pulseSupport;
+      enable_nacl = enableNaCl;
      linux_link_pulseaudio = pulseSupport;
      disable_nacl = !enableNaCl;
      enable_hotwording = enableHotwording;
      enable_widevine = enableWideVine;
      selinux = enableSELinux;
      use_cups = cupsSupport;
    } // {
-      werror = "";
+      treat_warnings_as_errors = false;
-      clang = false;
+      is_clang = false;
      enable_hidpi = hiDPISupport;
      # Google API keys, see:
      #   http://www.chromium.org/developers/how-tos/api-keys
@ -195,22 +167,17 @@ let
      proprietary_codecs = true;
      enable_hangout_services_extension = true;
      ffmpeg_branding = "Chrome";
-    } // optionalAttrs (stdenv.system == "x86_64-linux") {
+    } // optionalAttrs pulseSupport {
-      target_arch = "x64";
+      use_pulseaudio = true;
-      python_arch = "x86-64";
+      link_pulseaudio = true;
-    } // optionalAttrs (stdenv.system == "i686-linux") {
+    } // (extraAttrs.gnFlags or {}));
      target_arch = "ia32";
      python_arch = "ia32";
    } // (extraAttrs.gypFlags or {}));
    configurePhase = ''
      echo "Precompiling .py files to prevent race conditions..." >&2
      python -m compileall -q -f . > /dev/null 2>&1 || : # ignore errors
      # This is to ensure expansion of $out.
      libExecPath="${libExecPath}"
-      python build/linux/unbundle/replace_gyp_files.py ${gypFlags}
+      python build/linux/unbundle/replace_gn_files.py \
-      python build/gyp_chromium -f ninja --depth . ${gypFlags}
+        --system-libraries ${toString gnSystemLibraries}
      gn gen --args=${escapeShellArg gnFlags} out/Release
    '';
    buildPhase = let
@ -228,5 +195,5 @@ let
 # Remove some extraAttrs we supplied to the base attributes already.
 in stdenv.mkDerivation (base // removeAttrs extraAttrs [
-  "name" "gypFlags" "buildTargets"
+  "name" "gnFlags" "buildTargets"
 ])
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@ -12,7 +12,6 @@
 , enableWideVine ? false
 , cupsSupport ? true
 , pulseSupport ? false
 , hiDPISupport ? false
 }:
 let
@ -24,7 +23,7 @@ let
    mkChromiumDerivation = callPackage ./common.nix {
      inherit enableSELinux enableNaCl enableHotwording gnomeSupport gnome
              gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport
-              hiDPISupport;
+              enableWideVine;
    };
    browser = callPackage ./browser.nix { inherit channel; };
--- a/pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_50.patch
+++ b/pkgs/applications/networking/browsers/chromium/patches/nix_plugin_paths_50.patch
@ -1,75 +0,0 @@
 diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
 index 74bf041..5f34198 100644
 --- a/chrome/common/chrome_paths.cc
 +++ b/chrome/common/chrome_paths.cc
@@ -66,21 +66,14 @@ static base::LazyInstance<base::FilePath>
     g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
 // Gets the path for internal plugins.
 -bool GetInternalPluginsDirectory(base::FilePath* result) {
 -#if defined(OS_MACOSX)
 -  // If called from Chrome, get internal plugins from a subdirectory of the
 -  // framework.
 -  if (base::mac::AmIBundled()) {
 -    *result = chrome::GetFrameworkBundlePath();
 -    DCHECK(!result->empty());
 -    *result = result->Append("Internet Plug-Ins");
 -    return true;
 -  }
 -  // In tests, just look in the module directory (below).
 -#endif
 -
 -  // The rest of the world expects plugins in the module directory.
 -  return PathService::Get(base::DIR_MODULE, result);
 +bool GetInternalPluginsDirectory(base::FilePath* result,
 +                                 const std::string& ident) {
 +  std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
 +  const char* value = getenv(full_env.c_str());
 +  if (value == NULL)
 +      return PathService::Get(base::DIR_MODULE, result);
 +  else
 +      *result = base::FilePath(value);
 }
 #if defined(OS_WIN)
@@ -253,11 +246,11 @@ bool PathProvider(int key, base::FilePath* result) {
       create_dir = true;
       break;
     case chrome::DIR_INTERNAL_PLUGINS:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "ALL"))
         return false;
       break;
     case chrome::DIR_PEPPER_FLASH_PLUGIN:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
         return false;
       cur = cur.Append(kPepperFlashBaseDirectory);
       break;
@@ -314,7 +307,7 @@ bool PathProvider(int key, base::FilePath* result) {
     // We currently need a path here to look up whether the plugin is disabled
     // and what its permissions are.
     case chrome::FILE_NACL_PLUGIN:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "NACL"))
         return false;
       cur = cur.Append(kInternalNaClPluginFileName);
       break;
@@ -349,7 +342,7 @@ bool PathProvider(int key, base::FilePath* result) {
         cur = cur.DirName();
       }
 #else
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "PNACL"))
         return false;
 #endif
       cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
@@ -366,7 +359,7 @@ bool PathProvider(int key, base::FilePath* result) {
     // In the component case, this is the source adapter. Otherwise, it is the
     // actual Pepper module that gets loaded.
     case chrome::FILE_WIDEVINE_CDM_ADAPTER:
 -      if (!GetInternalPluginsDirectory(&cur))
 +      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
         return false;
       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
       break;
--- a/pkgs/applications/networking/browsers/chromium/patches/widevine.patch
+++ b/pkgs/applications/networking/browsers/chromium/patches/widevine.patch
@ -1,12 +1,16 @@
-diff -upr chromium-42.0.2311.90.orig/third_party/widevine/cdm/widevine_cdm_version.h chromium-42.0.2311.90/third_party/widevine/cdm/widevine_cdm_version.h
+Minimal WideVine patch from Gentoo:
--- chromium-42.0.2311.90.orig/third_party/widevine/cdm/widevine_cdm_version.h	2015-04-15 01:18:59.000000000 +0300
+
-+++ chromium-42.0.2311.90/third_party/widevine/cdm/widevine_cdm_version.h	2015-04-15 09:09:49.157260050 +0300
+https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files/chromium-widevine-r1.patch
-@@ -14,4 +14,8 @@
+
- //  - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
+BTS: https://bugs.gentoo.org/show_bug.cgi?id=547630
- //    as a string, e.g., "1.0.123.456").
+
 --- a/third_party/widevine/cdm/stub/widevine_cdm_version.h
 +++ b/third_party/widevine/cdm/stub/widevine_cdm_version.h
@@ -10,6 +10,7 @@
 #include "third_party/widevine/cdm/widevine_cdm_common.h"
 +#define WIDEVINE_CDM_VERSION_STRING "unknown"
 #define WIDEVINE_CDM_AVAILABLE
 +#include "third_party/widevine/cdm/widevine_cdm_common.h"
 +#define WIDEVINE_CDM_AVAILABLE
 +#define WIDEVINE_CDM_VERSION_STRING "@WIDEVINE_VERSION@"
 +
 #endif  // WIDEVINE_CDM_VERSION_H_
--- a/pkgs/applications/networking/browsers/chromium/plugins.nix
+++ b/pkgs/applications/networking/browsers/chromium/plugins.nix
@ -1,5 +1,6 @@
 { stdenv
 , jshon
 , fetchzip
 , enablePepperFlash ? false
 , enableWideVine ? false
@ -9,6 +10,8 @@
 with stdenv.lib;
 let
  mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}";
  # Generate a shell fragment that emits flags appended to the
  # final makeWrapper call for wrapping the browser's main binary.
  #
@ -37,14 +40,12 @@ let
    echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags"
  '';
-  plugins = stdenv.mkDerivation {
+  widevine = stdenv.mkDerivation {
-    name = "chromium-binary-plugins";
+    name = "chromium-binary-plugin-widevine";
    src = upstream-info.binary;
    phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
    outputs = [ "flash" "widevine" ];
    out = "flash"; # outputs TODO: is this a hack?
    unpackCmd = let
      chan = if upstream-info.channel == "dev"    then "chrome-unstable"
@ -53,7 +54,6 @@ let
    in ''
      mkdir -p plugins
      ar p "$src" data.tar.xz | tar xJ -C plugins --strip-components=4 \
        ./opt/google/${chan}/PepperFlash \
        ./opt/google/${chan}/libwidevinecdm.so \
        ./opt/google/${chan}/libwidevinecdmadapter.so
    '';
@ -63,17 +63,13 @@ let
      ! find -iname '*.so' -exec ldd {} + | grep 'not found'
    '';
-    patchPhase = let
+    patchPhase = ''
-      rpaths = [ stdenv.cc.cc ];
+      for sofile in libwidevinecdm.so libwidevinecdmadapter.so; do
      mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}";
    in ''
      for sofile in PepperFlash/libpepflashplayer.so \
                    libwidevinecdm.so libwidevinecdmadapter.so; do
        chmod +x "$sofile"
-        patchelf --set-rpath "${mkrpath rpaths}" "$sofile"
+        patchelf --set-rpath "${mkrpath [ stdenv.cc.cc ]}" "$sofile"
      done
-      patchelf --set-rpath "$widevine/lib:${mkrpath rpaths}" \
+      patchelf --set-rpath "$out/lib:${mkrpath [ stdenv.cc.cc ]}" \
        libwidevinecdmadapter.so
    '';
@ -81,38 +77,62 @@ let
      wvName = "Widevine Content Decryption Module";
      wvDescription = "Playback of encrypted HTML audio/video content";
      wvMimeTypes = "application/x-ppapi-widevine-cdm";
-      wvModule = "@widevine@/lib/libwidevinecdmadapter.so";
+      wvModule = "@out@/lib/libwidevinecdmadapter.so";
      wvInfo = "#${wvName}#${wvDescription};${wvMimeTypes}";
    in ''
-      flashVersion="$(
+      install -vD libwidevinecdm.so \
-        "${jshon}/bin/jshon" -F PepperFlash/manifest.json -e version -u
+        "$out/lib/libwidevinecdm.so"
-      )"
+      install -vD libwidevinecdmadapter.so \
-
+        "$out/lib/libwidevinecdmadapter.so"
      install -vD PepperFlash/libpepflashplayer.so \
        "$flash/lib/libpepflashplayer.so"
      ${mkPluginInfo {
-        output = "flash";
+        flags = [ "--register-pepper-plugins=${wvModule}${wvInfo}" ];
-        allowedVars = [ "flash" "flashVersion" ];
+        envVars.NIX_CHROMIUM_PLUGIN_PATH_WIDEVINE = "@out@/lib";
      }}
    '';
  };
  flash = stdenv.mkDerivation rec {
    name = "flashplayer-ppapi-${version}";
    version = "23.0.0.205";
    src = fetchzip {
      url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/"
          + "${version}/flash_player_ppapi_linux.x86_64.tar.gz";
      sha256 = "0gj5d8475qcplm3iqs3hkq0i6qkmbhci1zp3ljnhafc6xz0avyhj";
      stripRoot = false;
    };
    patchPhase = ''
      chmod +x libpepflashplayer.so
      patchelf --set-rpath "${mkrpath [ stdenv.cc.cc ]}" libpepflashplayer.so
    '';
    doCheck = true;
    checkPhase = ''
      ! find -iname '*.so' -exec ldd {} + | grep 'not found'
    '';
    installPhase = ''
      flashVersion="$(
        "${jshon}/bin/jshon" -F manifest.json -e version -u
      )"
      install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so"
      ${mkPluginInfo {
        allowedVars = [ "out" "flashVersion" ];
        flags = [
-          "--ppapi-flash-path=@flash@/lib/libpepflashplayer.so"
+          "--ppapi-flash-path=@out@/lib/libpepflashplayer.so"
          "--ppapi-flash-version=@flashVersion@"
        ];
      }}
      install -vD libwidevinecdm.so \
        "$widevine/lib/libwidevinecdm.so"
      install -vD libwidevinecdmadapter.so \
        "$widevine/lib/libwidevinecdmadapter.so"
      ${mkPluginInfo {
        output = "widevine";
        flags = [ "--register-pepper-plugins=${wvModule}${wvInfo}" ];
        envVars.NIX_CHROMIUM_PLUGIN_PATH_WIDEVINE = "@widevine@/lib";
      }}
    '';
-    passthru.enabled = optional enablePepperFlash plugins.flash
+    dontStrip = true;
                    ++ optional enableWideVine    plugins.widevine;
  };
-in plugins
+
 in {
  enabled = optional enableWideVine widevine
         ++ optional enablePepperFlash flash;
 }
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
  beta = {
-    sha256 = "0f6cqvhlg06lrf4bzaiwzm9yi3fi1dk5jrzvjcg7alw3mzrmh2wv";
+    sha256 = "11a98nknz7lh5jmjslznccg11nr0wla4c9l40fvxqxjm2gs6qags";
-    sha256bin64 = "02cv9vc1l2nlwa4a0lc7cj9c9czrwp1jd8d024bq16a5fvmhl01l";
+    sha256bin64 = "0qdydj0i9ll72f5m9r48gc3dyc22q6qas5nq8h0mbnrxrwd9dnyj";
-    version = "54.0.2840.50";
+    version = "55.0.2883.35";
  };
  dev = {
-    sha256 = "06kcymwi0wfir7w10g8viayk2h0b5a66dav76mlia4lm30p502kz";
+    sha256 = "1pfgb5dnygyxiwfq6ini5s159c178zz7235npaag7k8gcc10ybnz";
-    sha256bin64 = "0mgamiffnnkaw8c68b5kyna84x7hlhrzmqfc36kzf434fmm8v5d6";
+    sha256bin64 = "14s185361inkqh8ykl94xhgv01z68gxqh7j6gyb4jbr0rhcsd9pl";
-    version = "55.0.2873.0";
+    version = "56.0.2906.0";
  };
  stable = {
-    sha256 = "1hyw0z7dsfaxyy8b4mvnfjy5yj0160hzz9m0wj3vn9zvkfvmhan5";
+    sha256 = "01h1qkdw5dpwz61dybpf4bhag198j082lzwpkdx2nj55k2j3lawl";
-    sha256bin64 = "0n0px7yi94gdxq7p6pjqfdz04bnh3mcvbaccjaglj6h5p0jc8abq";
+    sha256bin64 = "18mxgzi79qhi07wgyyx6bb0lqm9pzkw85ypg6vmqv8gh0abn7dn1";
-    version = "53.0.2785.143";
+    version = "54.0.2840.90";
  };
 }
--- a/pkgs/development/tools/build-managers/gn/default.nix
+++ b/pkgs/development/tools/build-managers/gn/default.nix
@ -0,0 +1,80 @@
 { stdenv, fetchgit, fetchurl, python, ninja, libevent, xdg-user-dirs }:
 let
  date = "20161008";
  sourceTree = {
    "src/base" = {
      rev = "e71a514e60b085cc92bf6ef951ec329f52c79f9f";
      sha256 = "0zycbssmd2za0zij8czcs1fr66fi12f1g5ysc8fzkf8khbs5h6a9";
    };
    "src/build" = {
      rev = "17093d45bf738e9ae4b6294492860ee65218a657";
      sha256 = "0i9py78c3f46sc789qvdhmgjgyrghysbqjgr67iypwphw52jv2dz";
    };
    "src/tools/gn" = {
      rev = "9ff32cf3f1f4ad0212ac674b6303e7aa68f44f3f";
      sha256 = "14jr45k5fgcqk9d18fd77sijlqavvnv0knndh74zyb0b60464hz1";
    };
    "testing/gtest" = {
      rev = "585ec31ea716f08233a815e680fc0d4699843938";
      sha256 = "0csn1cza66851nmxxiw42smsm3422mx67vcyykwn0a71lcjng6rc";
    };
  };
  mkDepend = path: attrs: fetchgit {
    url = "https://chromium.googlesource.com/chromium/${path}";
    inherit (attrs) rev sha256;
  };
 in stdenv.mkDerivation rec {
  name = "gn-${version}";
  version = "0.0.0.${date}";
  unpackPhase = ''
    ${with stdenv.lib; concatStrings (mapAttrsToList (path: sha256: ''
      dest=source/${escapeShellArg (removePrefix "src/" path)}
      mkdir -p "$(dirname "$dest")"
      cp --no-preserve=all -rT ${escapeShellArg (mkDepend path sha256)} "$dest"
    '') sourceTree)}
    ( mkdir -p source/third_party
      cd source/third_party
      unpackFile ${xdg-user-dirs.src}
      mv * xdg_user
    )
  '';
  sourceRoot = "source";
  postPatch = ''
    # GN's bootstrap script relies on shebangs (which are relying on FHS paths),
    # except when on Windows. So instead of patchShebang-ing it, let's just
    # force the same behaviour as on Windows.
    sed -i -e '/^def  *check_call/,/^[^ ]/ {
      s/is_win/True/
    }' tools/gn/bootstrap/bootstrap.py
    # Patch out Chromium-bundled libevent and xdg_user_dirs
    sed -i -e '/static_libraries.*libevent/,/^ *\]\?[})]$/d' \
      tools/gn/bootstrap/bootstrap.py
  '';
  NIX_LDFLAGS = "-levent";
  nativeBuildInputs = [ python ninja ];
  buildInputs = [ libevent ];
  buildPhase = ''
    python tools/gn/bootstrap/bootstrap.py -v -s --no-clean
  '';
  installPhase = ''
    install -vD out_bootstrap/gn "$out/bin/gn"
  '';
  meta = {
    description = "A meta-build system that generates NinjaBuild files";
    homepage = "https://chromium.googlesource.com/chromium/src/tools/gn/";
    license = stdenv.lib.licenses.bsd3;
  };
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -6079,6 +6079,8 @@ in
  global = callPackage ../development/tools/misc/global { };
  gn = callPackage ../development/tools/build-managers/gn { };
  gnome_doc_utils = callPackage ../development/tools/documentation/gnome-doc-utils {};
  gnum4 = callPackage ../development/tools/misc/gnum4 { };
@ -12275,7 +12277,6 @@ in
    pulseSupport = config.pulseaudio or true;
    enablePepperFlash = config.chromium.enablePepperFlash or false;
    enableWideVine = config.chromium.enableWideVine or false;
    hiDPISupport = config.chromium.hiDPISupport or false;
    gnome = gnome2;
  };