diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2014-04-21 09:50:50 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2014-04-21 09:50:50 +0200 |
| commit | cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d (patch) | |
| tree | 3a81976601f130f824a65fc66a6f724dbe3dd855 | |
| parent | 5701e4e15aa5876e0dcfa5079f76a80d9a5afac8 (diff) | |
| parent | 18234b676821db85f6d94777c90303e513f2f110 (diff) | |
| download | nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar.gz nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar.bz2 nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar.lz nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar.xz nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.tar.zst nixlib-cdd1c9caa5d2a6eb184ec159bcfde3ac9745c56d.zip | |
Merge branch 'chromium-refactor', closes #1798.
This implements some longstanding work of getting the Chromium derivation more modular. Unfortunately, I didn't manage to decrease the compile time, which was one of the primary goal for doing the refactor. A main reason this didn't work out well was the fact that most bundled libraries are so heavily patched that it's not possible within a limited time frame to decouple it from the main derivation. However, it should now be easier to build other derivations that build upon Chromium, like libcef. Also, it finally adds support for the non-free PepperAPI Flash and PDF plugins and support for fetching the corresponding versions through the updater.
22 files changed, 1073 insertions, 402 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix new file mode 100644 index 000000000000..a4b99bc58023 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -0,0 +1,40 @@ +{ stdenv, mkChromiumDerivation }: + +with stdenv.lib; + +mkChromiumDerivation (base: rec { + name = "chromium-browser"; + packageName = "chromium"; + buildTargets = [ "chrome" ]; + + installPhase = '' + ensureDir "$libExecPath" + cp -v "$buildPath/"*.pak "$libExecPath/" + cp -v "$buildPath/icudtl.dat" "$libExecPath/" + cp -vR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" + cp -v $buildPath/libffmpegsumo.so "$libExecPath/" + + cp -v "$buildPath/chrome" "$libExecPath/$packageName" + + mkdir -vp "$out/share/man/man1" + cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" + + for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do + num_and_suffix="''${icon_file##*logo_}" + icon_size="''${num_and_suffix%.*}" + expr "$icon_size" : "^[0-9][0-9]*$" || continue + logo_output_prefix="$out/share/icons/hicolor" + logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" + mkdir -vp "$logo_output_path" + cp -v "$icon_file" "$logo_output_path/$packageName.png" + done + ''; + + meta = { + description = "An open source web browser from Google"; + homepage = http://www.chromium.org/; + maintainers = with maintainers; [ goibhniu chaoflow aszlig wizeman ]; + license = licenses.bsd3; + platforms = platforms.linux; + }; +}) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix new file mode 100644 index 000000000000..7bed83ac4c6d --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -0,0 +1,201 @@ +{ stdenv, fetchurl, ninja, which + +# default dependencies +, bzip2, flac, speex, icu, libopus +, libevent, expat, libjpeg, snappy +, libpng, libxml2, libxslt +, xdg_utils, yasm, minizip, libwebp +, libusb1, libexif, pciutils + +, python, pythonPackages, perl, pkgconfig +, nspr, udev, krb5 +, utillinux, alsaLib +, gcc, bison, gperf +, glib, gtk, dbus_glib +, libXScrnSaver, libXcursor, libXtst, mesa +, protobuf, speechd, libXdamage + +# optional dependencies +, libgcrypt ? null # gnomeSupport || cupsSupport + +# package customization +, enableSELinux ? false, libselinux ? null +, enableNaCl ? false +, useOpenSSL ? false, nss ? null, openssl ? null +, gnomeSupport ? false, gnome ? null +, gnomeKeyringSupport ? false, libgnome_keyring3 ? null +, proprietaryCodecs ? true +, cupsSupport ? false +, pulseSupport ? false, pulseaudio ? null + +, source +, plugins +}: + +buildFun: + +with stdenv.lib; + +let + # The additional attributes for creating derivations based on the chromium + # source tree. + extraAttrs = buildFun base; + + mkGypFlags = + let + sanitize = value: + if value == true then "1" + else if value == false then "0" + else "${value}"; + toFlag = key: value: "-D${key}=${sanitize value}"; + in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); + + gypFlagsUseSystemLibs = { + use_system_bzip2 = true; + use_system_flac = true; + use_system_libevent = true; + use_system_libexpat = true; + use_system_libexif = true; + use_system_libjpeg = true; + use_system_libpng = true; + use_system_libwebp = true; + use_system_libxml = true; + use_system_opus = true; + use_system_snappy = true; + use_system_speex = true; + use_system_ssl = useOpenSSL; + use_system_stlport = true; + use_system_xdg_utils = true; + use_system_yasm = true; + use_system_zlib = false; + use_system_protobuf = true; + + use_system_harfbuzz = false; + use_system_icu = false; # Doesn't support ICU 52 yet. + use_system_libusb = false; # http://crbug.com/266149 + use_system_skia = false; + use_system_sqlite = false; # http://crbug.com/22208 + use_system_v8 = false; + }; + + opusWithCustomModes = libopus.override { + withCustomModes = !versionOlder source.version "35.0.0.0"; + }; + + defaultDependencies = [ + bzip2 flac speex icu opusWithCustomModes + libevent expat libjpeg snappy + libpng libxml2 libxslt + xdg_utils yasm minizip libwebp + libusb1 libexif + ]; + + # build paths and release info + packageName = extraAttrs.packageName or extraAttrs.name; + buildType = "Release"; + buildPath = "out/${buildType}"; + libExecPath = "$out/libexec/${packageName}"; + + base = rec { + name = "${packageName}-${version}"; + inherit (source) version; + inherit packageName buildType buildPath; + src = source; + + buildInputs = defaultDependencies ++ [ + which + python perl pkgconfig + nspr udev + (if useOpenSSL then openssl else nss) + utillinux alsaLib + gcc bison gperf krb5 + glib gtk dbus_glib + libXScrnSaver libXcursor libXtst mesa + pciutils protobuf speechd libXdamage + pythonPackages.gyp pythonPackages.ply pythonPackages.jinja2 + ] ++ optional gnomeKeyringSupport libgnome_keyring3 + ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] + ++ optional enableSELinux libselinux + ++ optional cupsSupport libgcrypt + ++ optional pulseSupport pulseaudio; + + # XXX: Wait for https://crbug.com/239107 and https://crbug.com/239181 to + # be fixed, then try again to unbundle everything into separate + # derivations. + prePatch = '' + cp -dsr --no-preserve=mode "${source.main}"/* . + cp -dsr --no-preserve=mode "${source.sandbox}" sandbox + cp -dr "${source.bundled}" third_party + chmod -R u+w third_party + + # Hardcode source tree root in all gyp files + find -iname '*.gyp*' \( -type f -o -type l \) \ + -exec sed -i -e 's|<(DEPTH)|'"$(pwd)"'|g' {} + \ + -exec chmod u+w {} + + ''; + + postPatch = '' + sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \ + sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH")); + ' content/browser/browser_main_loop.cc + ''; + + gypFlags = mkGypFlags (gypFlagsUseSystemLibs // { + linux_use_gold_binary = false; + linux_use_gold_flags = false; + proprietary_codecs = false; + use_gnome_keyring = gnomeKeyringSupport; + use_gconf = gnomeSupport; + use_gio = gnomeSupport; + use_pulseaudio = pulseSupport; + disable_nacl = !enableNaCl; + use_openssl = useOpenSSL; + selinux = enableSELinux; + use_cups = cupsSupport; + linux_sandbox_chrome_path="${libExecPath}/${packageName}"; + werror = ""; + + # Google API keys, see: + # http://www.chromium.org/developers/how-tos/api-keys + # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, + # please get your own set of keys. + google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; + google_default_client_id = "404761575300.apps.googleusercontent.com"; + google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; + + } // optionalAttrs proprietaryCodecs { + # enable support for the H.264 codec + proprietary_codecs = true; + ffmpeg_branding = "Chrome"; + } // optionalAttrs (stdenv.system == "x86_64-linux") { + target_arch = "x64"; + python_arch = "x86-64"; + } // optionalAttrs (stdenv.system == "i686-linux") { + target_arch = "ia32"; + python_arch = "ia32"; + } // (extraAttrs.gypFlags or {})); + + configurePhase = '' + # This is to ensure expansion of $out. + libExecPath="${libExecPath}" + python build/linux/unbundle/replace_gyp_files.py ${gypFlags} + python build/gyp_chromium -f ninja --depth "$(pwd)" ${gypFlags} + ''; + + buildPhase = let + CC = "${gcc}/bin/gcc"; + CXX = "${gcc}/bin/g++"; + in '' + CC="${CC}" CC_host="${CC}" \ + CXX="${CXX}" CXX_host="${CXX}" \ + LINK_host="${CXX}" \ + "${ninja}/bin/ninja" -C "${buildPath}" \ + -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \ + ${concatStringsSep " " (extraAttrs.buildTargets or [])} + ''; + }; + +# Remove some extraAttrs we supplied to the base attributes already. +in stdenv.mkDerivation (base // removeAttrs extraAttrs [ + "name" "gypFlags" "buildTargets" +]) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 213e75ee6efa..9e906191afe4 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -1,287 +1,85 @@ -{ stdenv, fetchurl, makeWrapper, ninja, which - -# default dependencies -, bzip2, flac, speex -, libevent, expat, libjpeg -, libpng, libxml2, libxslt -, xdg_utils, yasm, zlib -, libusb1, libexif, pciutils - -, python, pythonPackages, perl, pkgconfig -, nspr, udev, krb5 -, utillinux, alsaLib -, gcc, bison, gperf -, glib, gtk, dbus_glib -, libXScrnSaver, libXcursor, libXtst, mesa -, protobuf, speechd, libXdamage - -# optional dependencies -, libgcrypt ? null # gnomeSupport || cupsSupport +{ newScope, stdenv, makeWrapper, makeDesktopItem # package customization , channel ? "stable" -, enableSELinux ? false, libselinux ? null +, enableSELinux ? false , enableNaCl ? false -, useOpenSSL ? false, nss ? null, openssl ? null -, gnomeSupport ? false, gconf ? null -, gnomeKeyringSupport ? false, libgnome_keyring ? null +, useOpenSSL ? false +, gnomeSupport ? false +, gnomeKeyringSupport ? false , proprietaryCodecs ? true +, enablePepperFlash ? false +, enablePepperPDF ? false , cupsSupport ? false -, pulseSupport ? false, pulseaudio ? null +, pulseSupport ? false }: -with stdenv.lib; - let - src = with getAttr channel (import ./sources.nix); stdenv.mkDerivation { - name = "chromium-source-${version}"; + callPackage = newScope chromium; - src = fetchurl { - inherit url sha256; + chromium = { + source = callPackage ./source { + inherit channel; + # XXX: common config + inherit useOpenSSL; }; - buildInputs = [ python ]; # cannot patch shebangs otherwise - - phases = [ "unpackPhase" "patchPhase" "installPhase" ]; - - opensslPatches = optional useOpenSSL openssl.patches; - - prePatch = "patchShebangs ."; - - patches = singleton ./sandbox_userns_31.patch; - - postPatch = '' - sed -i -r \ - -e 's/-f(stack-protector)(-all)?/-fno-\1/' \ - -e 's|/bin/echo|echo|' \ - -e "/python_arch/s/: *'[^']*'/: '""'/" \ - build/common.gypi chrome/chrome_tests.gypi - sed -i '/not RunGN/,+1d' build/gyp_chromium - sed -i -e 's|/usr/bin/gcc|gcc|' \ - third_party/WebKit/Source/build/scripts/scripts.gypi \ - third_party/WebKit/Source/build/scripts/preprocessor.pm - '' + optionalString useOpenSSL '' - cat $opensslPatches | patch -p1 -d third_party/openssl/openssl - '' + optionalString (!versionOlder version "34.0.0.0") '' - sed -i '/import.*depot/d' build/gyp_chromium - ''; - - outputs = [ "out" "sandbox" "bundled" "main" ]; - installPhase = '' - ensureDir "$out" "$sandbox" "$bundled" "$main" - - header "copying browser main sources to $main" - find . -mindepth 1 -maxdepth 1 \ - \! -path ./sandbox \ - \! -path ./third_party \ - \! -path ./build \ - \! -path ./tools \ - \! -name '.*' \ - -print | xargs cp -rt "$main" - stopNest - - header "copying sandbox components to $sandbox" - cp -rt "$sandbox" sandbox/* - stopNest - - header "copying third party sources to $bundled" - cp -rt "$bundled" third_party/* - stopNest - - header "copying build requisites to $out" - cp -rt "$out" build tools - stopNest + mkChromiumDerivation = callPackage ./common.nix { + inherit enableSELinux enableNaCl useOpenSSL gnomeSupport + gnomeKeyringSupport proprietaryCodecs cupsSupport + pulseSupport; + }; - rm -rf "$out/tools/gyp" # XXX: Don't even copy it in the first place. - ''; + browser = callPackage ./browser.nix { }; + sandbox = callPackage ./sandbox.nix { }; - passthru = { - inherit version; + plugins = callPackage ./plugins.nix { + inherit enablePepperFlash enablePepperPDF; }; }; - mkGypFlags = - let - sanitize = value: - if value == true then "1" - else if value == false then "0" - else "${value}"; - toFlag = key: value: "-D${key}=${sanitize value}"; - in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); - - gypFlagsUseSystemLibs = { - use_system_bzip2 = true; - use_system_flac = true; - use_system_libevent = true; - use_system_libexpat = true; - use_system_libexif = true; - use_system_libjpeg = true; - use_system_libpng = false; # PNG dlopen() version conflict - use_system_libusb = true; - use_system_libxml = true; - use_system_speex = true; - use_system_ssl = useOpenSSL; - use_system_stlport = true; - use_system_xdg_utils = true; - use_system_yasm = true; - use_system_zlib = false; # http://crbug.com/143623 - use_system_protobuf = true; - - use_system_harfbuzz = false; - use_system_icu = false; - use_system_libwebp = false; # http://crbug.com/133161 - use_system_skia = false; - use_system_sqlite = false; # http://crbug.com/22208 - use_system_v8 = false; + desktopItem = makeDesktopItem { + name = "Chromium"; + exec = "chromium"; + icon = "chromium"; + comment = "An open source web browser from Google"; + desktopName = "Chromium"; + genericName = "Web browser"; + mimeType = stdenv.lib.concatStringsSep ";" [ + "text/html" + "text/xml" + "application/xhtml+xml" + "x-scheme-handler/http" + "x-scheme-handler/https" + "x-scheme-handler/ftp" + "x-scheme-handler/mailto" + "x-scheme-handler/webcal" + ]; + categories = "Network;WebBrowser"; }; - defaultDependencies = [ - bzip2 flac speex - libevent expat libjpeg - libpng libxml2 libxslt - xdg_utils yasm zlib - libusb1 libexif - ]; - - sandbox = import ./sandbox.nix { - inherit stdenv; - src = src.sandbox; - binary = "${packageName}_sandbox"; - }; +in stdenv.mkDerivation { + name = "chromium-${channel}-${chromium.browser.version}"; - # build paths and release info - packageName = "chromium"; - buildType = "Release"; - buildPath = "out/${buildType}"; - libExecPath = "$out/libexec/${packageName}"; - sandboxPath = "${sandbox}/bin/${packageName}_sandbox"; + buildInputs = [ makeWrapper ]; -in stdenv.mkDerivation rec { - name = "${packageName}-${src.version}"; - inherit packageName src; - - buildInputs = defaultDependencies ++ [ - which makeWrapper - python perl pkgconfig - nspr udev - (if useOpenSSL then openssl else nss) - utillinux alsaLib - gcc bison gperf krb5 - glib gtk dbus_glib - libXScrnSaver libXcursor libXtst mesa - pciutils protobuf speechd libXdamage - pythonPackages.gyp - ] ++ optional gnomeKeyringSupport libgnome_keyring - ++ optionals gnomeSupport [ gconf libgcrypt ] - ++ optional enableSELinux libselinux - ++ optional cupsSupport libgcrypt - ++ optional pulseSupport pulseaudio; - - prePatch = '' - # XXX: Figure out a way how to split these properly. - #cpflags="-dsr --no-preserve=mode" - cpflags="-dr" - cp $cpflags "${src.main}"/* . - cp $cpflags "${src.bundled}" third_party - cp $cpflags "${src.sandbox}" sandbox - chmod -R u+w . # XXX! - ''; - - postPatch = '' - sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \ - sandbox_binary = \ - base::FilePath("'"${sandboxPath}"'"); - ' content/browser/browser_main_loop.cc - ''; - - gypFlags = mkGypFlags (gypFlagsUseSystemLibs // { - linux_use_gold_binary = false; - linux_use_gold_flags = false; - proprietary_codecs = false; - use_gnome_keyring = gnomeKeyringSupport; - use_gconf = gnomeSupport; - use_gio = gnomeSupport; - use_pulseaudio = pulseSupport; - disable_nacl = !enableNaCl; - use_openssl = useOpenSSL; - selinux = enableSELinux; - use_cups = cupsSupport; - linux_sandbox_path="${sandboxPath}"; - linux_sandbox_chrome_path="${libExecPath}/${packageName}"; - werror = ""; - - # Google API keys, see http://www.chromium.org/developers/how-tos/api-keys. - # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, - # please get your own set of keys. - google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; - google_default_client_id = "404761575300.apps.googleusercontent.com"; - google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; - - } // optionalAttrs proprietaryCodecs { - # enable support for the H.264 codec - proprietary_codecs = true; - ffmpeg_branding = "Chrome"; - } // optionalAttrs (stdenv.system == "x86_64-linux") { - target_arch = "x64"; - python_arch = "x86-64"; - } // optionalAttrs (stdenv.system == "i686-linux") { - target_arch = "ia32"; - python_arch = "ia32"; - }); - - configurePhase = '' - python build/gyp_chromium -f ninja --depth "$(pwd)" ${gypFlags} - ''; - - buildPhase = let - CC = "${gcc}/bin/gcc"; - CXX = "${gcc}/bin/g++"; + buildCommand = let + browserBinary = "${chromium.browser}/libexec/chromium/chromium"; + sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox"; in '' - CC="${CC}" CC_host="${CC}" \ - CXX="${CXX}" CXX_host="${CXX}" \ - LINK_host="${CXX}" \ - "${ninja}/bin/ninja" -C "${buildPath}" \ - -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \ - chrome ${optionalString (!enableSELinux) "chrome_sandbox"} - ''; - - installPhase = '' - ensureDir "${libExecPath}" - cp -v "${buildPath}/"*.pak "${libExecPath}/" - ${optionalString (!versionOlder src.version "34.0.0.0") '' - cp -v "${buildPath}/icudtl.dat" "${libExecPath}/" - ''} - cp -vR "${buildPath}/locales" "${buildPath}/resources" "${libExecPath}/" - cp -v ${buildPath}/libffmpegsumo.so "${libExecPath}/" - - cp -v "${buildPath}/chrome" "${libExecPath}/${packageName}" + ensureDir "$out/bin" "$out/share/applications" - mkdir -vp "$out/bin" - makeWrapper "${libExecPath}/${packageName}" "$out/bin/${packageName}" + ln -s "${chromium.browser}/share" "$out/share" + makeWrapper "${browserBinary}" "$out/bin/chromium" \ + --set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \ + --add-flags "${chromium.plugins.flagsEnabled}" - mkdir -vp "$out/share/man/man1" - cp -v "${buildPath}/chrome.1" "$out/share/man/man1/${packageName}.1" - - for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do - num_and_suffix="''${icon_file##*logo_}" - icon_size="''${num_and_suffix%.*}" - expr "$icon_size" : "^[0-9][0-9]*$" || continue - logo_output_prefix="$out/share/icons/hicolor" - logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" - mkdir -vp "$logo_output_path" - cp -v "$icon_file" "$logo_output_path/${packageName}.png" - done + cp -v "${desktopItem}/share/applications/"* "$out/share/applications" ''; - passthru = { - inherit sandbox; - }; + inherit (chromium.browser) meta packageName; - meta = { - description = "An open source web browser from Google"; - homepage = http://www.chromium.org/; - maintainers = with maintainers; [ goibhniu chaoflow aszlig wizeman ]; - license = licenses.bsd3; - platforms = platforms.linux; + passthru = { + mkDerivation = chromium.mkChromiumDerivation; }; } diff --git a/pkgs/applications/networking/browsers/chromium/plugins.nix b/pkgs/applications/networking/browsers/chromium/plugins.nix new file mode 100644 index 000000000000..f760b06fe24b --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/plugins.nix @@ -0,0 +1,78 @@ +{ stdenv +, enablePepperFlash ? false +, enablePepperPDF ? false + +, source +}: + +with stdenv.lib; + +let + plugins = stdenv.mkDerivation { + name = "chromium-binary-plugins"; + + # XXX: Only temporary and has to be version-specific + src = source.plugins; + + phases = [ "unpackPhase" "patchPhase" "checkPhase" "installPhase" ]; + outputs = [ "pdf" "flash" ]; + + unpackCmd = let + chan = if source.channel == "dev" then "chrome-unstable" + else if source.channel == "stable" then "chrome" + else "chrome-${source.channel}"; + in '' + ensureDir plugins + ar p "$src" data.tar.lzma | tar xJ -C plugins --strip-components=4 \ + ./opt/google/${chan}/PepperFlash \ + ./opt/google/${chan}/libpdf.so + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + patchPhase = let + rpaths = [ stdenv.gcc.gcc ]; + mkrpath = p: "${makeSearchPath "lib64" p}:${makeSearchPath "lib" p}"; + in '' + for sofile in PepperFlash/libpepflashplayer.so libpdf.so; do + chmod +x "$sofile" + patchelf --set-rpath "${mkrpath rpaths}" "$sofile" + done + ''; + + installPhase = let + pdfName = "Chrome PDF Viewer"; + pdfDescription = "Portable Document Format"; + pdfMimeTypes = concatStringsSep ";" [ + "application/pdf" + "application/x-google-chrome-print-preview-pdf" + ]; + pdfInfo = "#${pdfName}#${pdfDescription};${pdfMimeTypes}"; + in '' + install -vD libpdf.so "$pdf/lib/libpdf.so" + ensureDir "$pdf/nix-support" + echo "--register-pepper-plugins='$pdf/lib/libpdf.so${pdfInfo}'" \ + > "$pdf/nix-support/chromium-flags" + + flashVersion="$( + sed -n -r 's/.*"version": "([^"]+)",.*/\1/p' PepperFlash/manifest.json + )" + + install -vD PepperFlash/libpepflashplayer.so \ + "$flash/lib/libpepflashplayer.so" + ensureDir "$flash/nix-support" + echo "--ppapi-flash-path='$flash/lib/libpepflashplayer.so'" \ + "--ppapi-flash-version=$flashVersion" \ + > "$flash/nix-support/chromium-flags" + ''; + + passthru.flagsEnabled = let + enabledPlugins = optional enablePepperFlash plugins.flash + ++ optional enablePepperPDF plugins.pdf; + getFlags = plugin: "$(< ${plugin}/nix-support/chromium-flags)"; + in concatStringsSep " " (map getFlags enabledPlugins); + }; +in plugins diff --git a/pkgs/applications/networking/browsers/chromium/sandbox.nix b/pkgs/applications/networking/browsers/chromium/sandbox.nix index b43385e86338..b470ed633253 100644 --- a/pkgs/applications/networking/browsers/chromium/sandbox.nix +++ b/pkgs/applications/networking/browsers/chromium/sandbox.nix @@ -1,12 +1,13 @@ -{ stdenv, src, binary }: +{ stdenv, source }: stdenv.mkDerivation { - name = "chromium-sandbox-${src.version}"; - inherit src; + name = "chromium-sandbox-${source.version}"; + src = source.sandbox; patchPhase = '' sed -i -e '/#include.*base_export/c \ #define BASE_EXPORT __attribute__((visibility("default"))) + /#include/s|sandbox/linux|'"$(pwd)"'/linux| ' linux/suid/*.[hc] ''; @@ -15,6 +16,6 @@ stdenv.mkDerivation { ''; installPhase = '' - install -svD sandbox "$out/bin/${binary}" + install -svD sandbox "$out/bin/chromium-sandbox" ''; } diff --git a/pkgs/applications/networking/browsers/chromium/source/default.nix b/pkgs/applications/networking/browsers/chromium/source/default.nix new file mode 100644 index 000000000000..2c7e7277b814 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/default.nix @@ -0,0 +1,79 @@ +{ stdenv, fetchurl, python +, channel ? "stable" +, useOpenSSL # XXX +}: + +with stdenv.lib; + +with (import ./update.nix { + inherit (stdenv) system; +}).getChannel channel; + +stdenv.mkDerivation { + name = "chromium-source-${version}"; + + src = fetchurl main; + + buildInputs = [ python ]; # cannot patch shebangs otherwise + + phases = [ "unpackPhase" "patchPhase" "installPhase" ]; + + opensslPatches = optional useOpenSSL openssl.patches; + + prePatch = "patchShebangs ."; + + patches = if (versionOlder version "36.0.0.0") + then singleton ./sandbox_userns_31.patch + else singleton ./sandbox_userns_36.patch; + + postPatch = '' + sed -i -r \ + -e 's/-f(stack-protector)(-all)?/-fno-\1/' \ + -e 's|/bin/echo|echo|' \ + -e "/python_arch/s/: *'[^']*'/: '""'/" \ + build/common.gypi chrome/chrome_tests.gypi + sed -i -e '/not RunGN/,+1d' -e '/import.*depot/d' build/gyp_chromium + sed -i -e 's|/usr/bin/gcc|gcc|' \ + third_party/WebKit/Source/build/scripts/scripts.gypi \ + third_party/WebKit/Source/build/scripts/preprocessor.pm + '' + optionalString useOpenSSL '' + cat $opensslPatches | patch -p1 -d third_party/openssl/openssl + '' + optionalString (!versionOlder version "34.0.0.0") '' + ''; + + outputs = [ "out" "sandbox" "bundled" "main" ]; + installPhase = '' + ensureDir "$out" "$sandbox" "$bundled" "$main" + + header "copying browser main sources to $main" + find . -mindepth 1 -maxdepth 1 \ + \! -path ./sandbox \ + \! -path ./third_party \ + \! -path ./build \ + \! -path ./tools \ + \! -name '.*' \ + -print | xargs cp -rt "$main" + stopNest + + header "copying sandbox components to $sandbox" + cp -rt "$sandbox" sandbox/* + stopNest + + header "copying third party sources to $bundled" + cp -rt "$bundled" third_party/* + stopNest + + header "copying build requisites to $out" + cp -rt "$out" build tools + stopNest + + rm -rf "$out/tools/gyp" # XXX: Don't even copy it in the first place. + ''; + + preferLocalBuild = true; + + passthru = { + inherit version channel; + plugins = fetchurl binary; + }; +} diff --git a/pkgs/applications/networking/browsers/chromium/sandbox_userns_31.patch b/pkgs/applications/networking/browsers/chromium/source/sandbox_userns_31.patch index 490c1a9cebe9..490c1a9cebe9 100644 --- a/pkgs/applications/networking/browsers/chromium/sandbox_userns_31.patch +++ b/pkgs/applications/networking/browsers/chromium/source/sandbox_userns_31.patch diff --git a/pkgs/applications/networking/browsers/chromium/source/sandbox_userns_36.patch b/pkgs/applications/networking/browsers/chromium/source/sandbox_userns_36.patch new file mode 100644 index 000000000000..a8f3ed0befd4 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/sandbox_userns_36.patch @@ -0,0 +1,293 @@ +commit 3c80951744293441c2e66345ef7d82c199f4600e +Author: aszlig <aszlig@redmoonstudios.org> +Date: Thu May 16 14:17:56 2013 +0200 + + zygote: Add support for user namespaces on Linux. + + The implementation is done by patching the Zygote host to execute the sandbox + binary with CLONE_NEWUSER and setting the uid and gid mapping so that the child + process is using uid 0 and gid 0 which map to the current user of the parent. + Afterwards, the sandbox will continue as if it was called as a setuid binary. + + In addition, this adds new_user_namespace as an option in process_util in order + to set the UID and GID mapping correctly. The reason for this is that just + passing CLONE_NEWUSER to clone_flags doesn't help in LaunchProcess(), because + without setting the mappings exec*() will clear the process's capability sets. + + If the kernel doesn't support unprivileged user namespaces and the sandbox + binary doesn't have the setuid flag, the Zygote main process will run without a + sandbox. This is to mimic the behaviour if no SUID sandbox binary path is set. + + Signed-off-by: aszlig <aszlig@redmoonstudios.org> + +diff --git a/base/process/launch.cc b/base/process/launch.cc +index 81748f5..930f20f 100644 +--- a/base/process/launch.cc ++++ b/base/process/launch.cc +@@ -26,6 +26,7 @@ LaunchOptions::LaunchOptions() + #if defined(OS_LINUX) + , clone_flags(0) + , allow_new_privs(false) ++ , new_user_namespace(false) + #endif // OS_LINUX + #if defined(OS_CHROMEOS) + , ctrl_terminal_fd(-1) +diff --git a/base/process/launch.h b/base/process/launch.h +index 9e39fba..00e4c79 100644 +--- a/base/process/launch.h ++++ b/base/process/launch.h +@@ -115,6 +115,9 @@ struct BASE_EXPORT LaunchOptions { + // By default, child processes will have the PR_SET_NO_NEW_PRIVS bit set. If + // true, then this bit will not be set in the new child process. + bool allow_new_privs; ++ ++ // If true, start the process in a new user namespace. ++ bool new_user_namespace; + #endif // defined(OS_LINUX) + + #if defined(OS_CHROMEOS) +diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc +index fe4da1a..7f118b8 100644 +--- a/base/process/launch_posix.cc ++++ b/base/process/launch_posix.cc +@@ -40,6 +40,10 @@ + + #if defined(OS_LINUX) + #include <sys/prctl.h> ++#include <sched.h> ++#if !defined(CLONE_NEWUSER) ++#define CLONE_NEWUSER 0x10000000 ++#endif + #endif + + #if defined(OS_CHROMEOS) +@@ -301,13 +305,23 @@ bool LaunchProcess(const std::vector<std::string>& argv, + + pid_t pid; + #if defined(OS_LINUX) +- if (options.clone_flags) { ++ int map_pipe_fd[2]; ++ int flags = options.clone_flags; ++ ++ if (options.new_user_namespace) { ++ flags |= CLONE_NEWUSER; ++ if (pipe(map_pipe_fd) < 0) { ++ DPLOG(ERROR) << "user namespace pipe"; ++ return false; ++ } ++ } ++ ++ if (options.clone_flags || options.new_user_namespace) { + // Signal handling in this function assumes the creation of a new + // process, so we check that a thread is not being created by mistake + // and that signal handling follows the process-creation rules. +- RAW_CHECK( +- !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM))); +- pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0); ++ RAW_CHECK(!(flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM))); ++ pid = syscall(__NR_clone, flags, 0, 0, 0); + } else + #endif + { +@@ -328,6 +342,21 @@ bool LaunchProcess(const std::vector<std::string>& argv, + // DANGER: no calls to malloc or locks are allowed from now on: + // http://crbug.com/36678 + ++#if defined(OS_LINUX) ++ if (options.new_user_namespace) { ++ // Close the write end of the pipe so we get an EOF when the parent closes ++ // the FD. This is to avoid race conditions when the UID/GID mappings are ++ // written _after_ execvp(). ++ close(map_pipe_fd[1]); ++ ++ char dummy; ++ if (HANDLE_EINTR(read(map_pipe_fd[0], &dummy, 1)) != 0) { ++ RAW_LOG(ERROR, "Unexpected input in uid/gid mapping pipe."); ++ _exit(127); ++ } ++ } ++#endif ++ + // DANGER: fork() rule: in the child, if you don't end up doing exec*(), + // you call _exit() instead of exit(). This is because _exit() does not + // call any previously-registered (in the parent) exit handlers, which +@@ -451,6 +480,40 @@ bool LaunchProcess(const std::vector<std::string>& argv, + _exit(127); + } else { + // Parent process ++#if defined(OS_LINUX) ++ if (options.new_user_namespace) { ++ // We need to write UID/GID mapping here to map the current user outside ++ // the namespace to the root user inside the namespace in order to ++ // correctly "fool" the child process. ++ char buf[256]; ++ int map_fd, map_len; ++ ++ snprintf(buf, sizeof(buf), "/proc/%d/uid_map", pid); ++ map_fd = open(buf, O_RDWR); ++ DPCHECK(map_fd >= 0); ++ snprintf(buf, sizeof(buf), "0 %d 1", geteuid()); ++ map_len = strlen(buf); ++ if (write(map_fd, buf, map_len) != map_len) { ++ RAW_LOG(WARNING, "Can't write to uid_map."); ++ } ++ close(map_fd); ++ ++ snprintf(buf, sizeof(buf), "/proc/%d/gid_map", pid); ++ map_fd = open(buf, O_RDWR); ++ DPCHECK(map_fd >= 0); ++ snprintf(buf, sizeof(buf), "0 %d 1", getegid()); ++ map_len = strlen(buf); ++ if (write(map_fd, buf, map_len) != map_len) { ++ RAW_LOG(WARNING, "Can't write to gid_map."); ++ } ++ close(map_fd); ++ ++ // Close the pipe on the parent, so the child can continue doing the ++ // execvp() call. ++ close(map_pipe_fd[1]); ++ } ++#endif ++ + if (options.wait) { + // While this isn't strictly disk IO, waiting for another process to + // finish is the sort of thing ThreadRestrictions is trying to prevent. +diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc +index 0106a7a..a0465af 100644 +--- a/content/browser/zygote_host/zygote_host_impl_linux.cc ++++ b/content/browser/zygote_host/zygote_host_impl_linux.cc +@@ -124,25 +124,31 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) { + + sandbox_binary_ = sandbox_cmd.c_str(); + +- // A non empty sandbox_cmd means we want a SUID sandbox. +- using_suid_sandbox_ = !sandbox_cmd.empty(); ++ bool userns_sandbox = false; ++ const std::vector<std::string> cmd_line_unwrapped(cmd_line.argv()); + +- if (using_suid_sandbox_) { ++ if (!sandbox_cmd.empty()) { + struct stat st; + if (stat(sandbox_binary_.c_str(), &st) != 0) { + LOG(FATAL) << "The SUID sandbox helper binary is missing: " + << sandbox_binary_ << " Aborting now."; + } + +- if (access(sandbox_binary_.c_str(), X_OK) == 0 && +- (st.st_uid == 0) && +- (st.st_mode & S_ISUID) && +- (st.st_mode & S_IXOTH)) { ++ if (access(sandbox_binary_.c_str(), X_OK) == 0) { ++ using_suid_sandbox_ = true; ++ + cmd_line.PrependWrapper(sandbox_binary_); + + scoped_ptr<sandbox::SetuidSandboxClient> + sandbox_client(sandbox::SetuidSandboxClient::Create()); + sandbox_client->SetupLaunchEnvironment(); ++ ++ if (!((st.st_uid == 0) && ++ (st.st_mode & S_ISUID) && ++ (st.st_mode & S_IXOTH))) { ++ userns_sandbox = true; ++ sandbox_client->SetNoSuid(); ++ } + } else { + LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " + "configured correctly. Rather than run without sandboxing " +@@ -167,7 +173,19 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) { + base::LaunchOptions options; + options.fds_to_remap = &fds_to_map; + options.allow_new_privs = using_suid_sandbox_; // Don't PR_SET_NO_NEW_PRIVS. ++ if (userns_sandbox) ++ options.new_user_namespace = true; + base::LaunchProcess(cmd_line.argv(), options, &process); ++ ++ if (process == -1 && userns_sandbox) { ++ LOG(ERROR) << "User namespace sandbox failed to start, running without " ++ << "sandbox! You need at least kernel 3.8.0 with CONFIG_USER_NS " ++ << "enabled in order to use the sandbox without setuid bit."; ++ using_suid_sandbox_ = false; ++ options.new_user_namespace = false; ++ base::LaunchProcess(cmd_line_unwrapped, options, &process); ++ } ++ + CHECK(process != -1) << "Failed to launch zygote process"; + + if (using_suid_sandbox_) { +diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc +index 5dc09fa..4e09bc4 100644 +--- a/content/zygote/zygote_main_linux.cc ++++ b/content/zygote/zygote_main_linux.cc +@@ -397,6 +397,13 @@ static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox) { + CHECK(CreateInitProcessReaper()); + } + ++ // Don't set non-dumpable, as it causes trouble when the host tries to find ++ // the zygote process (XXX: Not quite sure why this happens with user ++ // namespaces). Fortunately, we also have the seccomp filter sandbox which ++ // should disallow the use of ptrace. ++ if (setuid_sandbox->IsNoSuid()) ++ return true; ++ + #if !defined(OS_OPENBSD) + // Previously, we required that the binary be non-readable. This causes the + // kernel to mark the process as non-dumpable at startup. The thinking was +diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc +index 8ed1a97..cbdfadc 100644 +--- a/sandbox/linux/suid/client/setuid_sandbox_client.cc ++++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc +@@ -173,6 +173,10 @@ bool SetuidSandboxClient::IsInNewNETNamespace() const { + return env_->HasVar(kSandboxNETNSEnvironmentVarName); + } + ++bool SetuidSandboxClient::IsNoSuid() const { ++ return env_->HasVar(kSandboxNoSuidVarName); ++} ++ + bool SetuidSandboxClient::IsSandboxed() const { + return sandboxed_; + } +@@ -182,4 +186,8 @@ void SetuidSandboxClient::SetupLaunchEnvironment() { + SetSandboxAPIEnvironmentVariable(env_); + } + ++void SetuidSandboxClient::SetNoSuid() { ++ env_->SetVar(kSandboxNoSuidVarName, "1"); ++} ++ + } // namespace sandbox +diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_client.h +index 0f6db7a..c629391 100644 +--- a/sandbox/linux/suid/client/setuid_sandbox_client.h ++++ b/sandbox/linux/suid/client/setuid_sandbox_client.h +@@ -46,6 +46,8 @@ class SANDBOX_EXPORT SetuidSandboxClient { + bool IsInNewPIDNamespace() const; + // Did the setuid helper create a new network namespace ? + bool IsInNewNETNamespace() const; ++ // Is sandboxed without SUID binary ? ++ bool IsNoSuid() const; + // Are we done and fully sandboxed ? + bool IsSandboxed() const; + +@@ -53,6 +55,8 @@ class SANDBOX_EXPORT SetuidSandboxClient { + // helper. + void SetupLaunchEnvironment(); + ++ void SetNoSuid(); ++ + private: + // Holds the environment. Will never be NULL. + base::Environment* env_; +diff --git a/sandbox/linux/suid/common/sandbox.h b/sandbox/linux/suid/common/sandbox.h +index 9345287..2db659e 100644 +--- a/sandbox/linux/suid/common/sandbox.h ++++ b/sandbox/linux/suid/common/sandbox.h +@@ -15,6 +15,7 @@ static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score"; + + static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; + static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID"; ++static const char kSandboxNoSuidVarName[] = "SBX_NO_SUID"; + + static const long kSUIDSandboxApiNumber = 1; + static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ"; diff --git a/pkgs/applications/networking/browsers/chromium/source/sources.nix b/pkgs/applications/networking/browsers/chromium/source/sources.nix new file mode 100644 index 000000000000..6881b8d44e84 --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix @@ -0,0 +1,21 @@ +# This file is autogenerated from update.sh in the parent directory. +{ + dev = { + version = "36.0.1941.0"; + sha256 = "12rhyq8hliwc8b3371h2axzlzabg99c06d02kl9ldag2kxfpsfps"; + sha256bin32 = "1rbl5x0pjid5lypdplbqvcx4lgvr2rlbiv83ivvqb5dbg6p7886g"; + sha256bin64 = "18440spj541w4bqjblb2wpf94slg4if176gprccbxw9sy6b7z38w"; + }; + beta = { + version = "35.0.1916.47"; + sha256 = "0pq87aybfna4pgsf02v97lprj5kbsrzim7c44nqarmcvlj4l65ch"; + sha256bin32 = "057l59any3hiqdg1gh4nxry542083lxdaychhljbrfkipq1gy4yv"; + sha256bin64 = "07n8sqv234dg959id023w3mz5n9ascwrcmxq3px96bqgqim2vf8s"; + }; + stable = { + version = "34.0.1847.116"; + sha256 = "04cpfav5rqa117igvzmrw0045r2ljxg5fqb46qgqvkgff30pjrfx"; + sha256bin32 = "1k24j80xgc91p8ssynql9ifjdhpz6w7vl3pk9lvkr0sdhg16hlrf"; + sha256bin64 = "16gidav4ilc95fr1d6832xzpyynfwnglbz7b33gq62vp8bj77da4"; + }; +} diff --git a/pkgs/applications/networking/browsers/chromium/source/update.nix b/pkgs/applications/networking/browsers/chromium/source/update.nix new file mode 100644 index 000000000000..09f834a90c6f --- /dev/null +++ b/pkgs/applications/networking/browsers/chromium/source/update.nix @@ -0,0 +1,118 @@ +{ system ? builtins.currentSystem }: + +let + inherit (import <nixpkgs> {}) lib writeText stdenv; + + sources = if builtins.pathExists ./sources.nix + then import ./sources.nix + else null; + + bucketURL = "http://commondatastorage.googleapis.com/" + + "chromium-browser-official"; + + debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g"; + + # Untrusted mirrors, don't try to update from them! + debMirrors = [ + "http://95.31.35.30/chrome/pool/main/g" + "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" + ]; + + tryChannel = channel: let + chan = builtins.getAttr channel sources; + in if sources != null then '' + oldver="${chan.version}"; + echo -n "Checking if $oldver ($channel) is up to date..." >&2; + if [ "x$(get_newest_ver "$version" "$oldver")" != "x$oldver" ]; + then + echo " no, getting sha256 for new version $version:" >&2; + sha256="$(prefetch_sha "$channel" "$version")" || return 1; + else + echo " yes, keeping old sha256." >&2; + sha256="${chan.sha256}"; + ${if (chan ? sha256bin32 && chan ? sha256bin64) then '' + sha256="$sha256.${chan.sha256bin32}.${chan.sha256bin64}"; + '' else '' + sha256="$sha256.$(prefetch_deb_sha "$channel" "$version")"; + ''} + fi; + '' else '' + sha256="$(prefetch_sha "$channel" "$version")" || return 1; + ''; + + caseChannel = channel: '' + ${channel}) ${tryChannel channel};; + ''; + +in rec { + getChannel = channel: let + chanAttrs = builtins.getAttr channel sources; + in { + inherit (chanAttrs) version; + + main = { + url = "${bucketURL}/chromium-${chanAttrs.version}.tar.xz"; + inherit (chanAttrs) sha256; + }; + + binary = let + pname = if channel == "dev" + then "google-chrome-unstable" + else "google-chrome-${channel}"; + arch = if stdenv.is64bit then "amd64" else "i386"; + relpath = "${pname}/${pname}_${chanAttrs.version}-1_${arch}.deb"; + in lib.optionalAttrs (chanAttrs ? sha256bin64) { + urls = map (url: "${url}/${relpath}") ([ debURL ] ++ debMirrors); + sha256 = if stdenv.is64bit + then chanAttrs.sha256bin64 + else chanAttrs.sha256bin32; + }; + }; + + updateHelpers = writeText "update-helpers.sh" '' + + prefetch_main_sha() + { + nix-prefetch-url "${bucketURL}/chromium-$2.tar.xz"; + } + + prefetch_deb_sha() + { + channel="$1"; + version="$2"; + + case "$1" in + dev) pname="google-chrome-unstable";; + *) pname="google-chrome-$channel";; + esac; + + deb_pre="${debURL}/$pname/$pname"; + + deb32=$(nix-prefetch-url "''${deb_pre}_$version-1_i386.deb"); + deb64=$(nix-prefetch-url "''${deb_pre}_$version-1_amd64.deb"); + + echo "$deb32.$deb64"; + return 0; + } + + prefetch_sha() + { + echo "$(prefetch_main_sha "$@").$(prefetch_deb_sha "$@")"; + return 0; + } + + get_sha256() + { + channel="$1"; + version="$2"; + + case "$channel" in + ${lib.concatMapStrings caseChannel [ "stable" "dev" "beta" ]} + esac; + + sha_insert "$version" "$sha256"; + echo "$sha256"; + return 0; + } + ''; +} diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix deleted file mode 100644 index 49b5e2b42215..000000000000 --- a/pkgs/applications/networking/browsers/chromium/sources.nix +++ /dev/null @@ -1,18 +0,0 @@ -# This file is autogenerated from update.sh in the same directory. -{ - dev = { - version = "35.0.1883.0"; - url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-35.0.1883.0.tar.xz"; - sha256 = "0qbv6prxl18y5824pfd13ng9798g561gzb6nypwp502hqr45jvb6"; - }; - beta = { - version = "34.0.1847.60"; - url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-34.0.1847.60.tar.xz"; - sha256 = "1na5d6z4a0wkabn7cj62vyiv3mmvcb6qdvrkyy6fj79h7gk2hb7k"; - }; - stable = { - version = "34.0.1847.116"; - url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-34.0.1847.116.tar.xz"; - sha256 = "04cpfav5rqa117igvzmrw0045r2ljxg5fqb46qgqvkgff30pjrfx"; - }; -} diff --git a/pkgs/applications/networking/browsers/chromium/update.sh b/pkgs/applications/networking/browsers/chromium/update.sh index 0c4881bb3962..e82d22f34fd0 100755 --- a/pkgs/applications/networking/browsers/chromium/update.sh +++ b/pkgs/applications/networking/browsers/chromium/update.sh @@ -3,16 +3,9 @@ channels_url="http://omahaproxy.appspot.com/all?csv=1"; history_url="http://omahaproxy.appspot.com/history"; bucket_url="http://commondatastorage.googleapis.com/chromium-browser-official/"; -output_file="$(cd "$(dirname "$0")" && pwd)/sources.nix"; +base_path="$(cd "$(dirname "$0")" && pwd)/source"; -nix_getattr() -{ - input_file="$1"; - attr="$2"; - - var="$(nix-instantiate --eval-only -A "$attr" "$output_file")"; - echo "$var" | tr -d '\\"'; -} +source "$(nix-build --no-out-link "$base_path/update.nix" -A updateHelpers)"; ### poor mans key/value-store :-) ### @@ -53,39 +46,6 @@ get_newest_ver() fi; } -if [ -e "$output_file" ]; -then - get_sha256() - { - channel="$1"; - version="$2"; - url="$3"; - - oldver="$(nix_getattr "$output_file" "$channel.version")"; - - echo -n "Checking if $oldver ($channel) is up to date..." >&2; - - if [ "x$(get_newest_ver "$version" "$oldver")" != "x$oldver" ]; - then - echo " no, getting sha256 for new version $version:" >&2; - sha256="$(nix-prefetch-url "$url")" || return 1; - else - echo " yes, keeping old sha256." >&2; - sha256="$(nix_getattr "$output_file" "$channel.sha256")" \ - || return 1; - fi; - - sha_insert "$version" "$sha256"; - echo "$sha256"; - return 0; - } -else - get_sha256() - { - nix-prefetch-url "$3"; - } -fi; - fetch_filtered_history() { curl -s "$history_url" | sed -nr 's/^'"linux,$1"',([^,]+).*$/\1/p'; @@ -99,9 +59,8 @@ get_prev_sha256() for version in $(fetch_filtered_history "$channel"); do [ "x$version" = "x$current_version" ] && continue; - url="${bucket_url%/}/chromium-$version.tar.xz"; - sha256="$(get_sha256 "$channel" "$version" "$url")" || continue; - echo "$sha256:$version:$url"; + sha256="$(get_sha256 "$channel" "$version")" || continue; + echo "$sha256:$version"; return 0; done; } @@ -113,34 +72,39 @@ get_channel_exprs() channel="${chline%%,*}"; version="${chline##*,}"; - url="${bucket_url%/}/chromium-$version.tar.xz"; - echo -n "Checking if sha256 of version $version is cached..." >&2; if sha256="$(sha_lookup "$version")"; then echo " yes: $sha256" >&2; else echo " no." >&2; - sha256="$(get_sha256 "$channel" "$version" "$url")"; + sha256="$(get_sha256 "$channel" "$version")"; if [ $? -ne 0 ]; then echo "Whoops, failed to fetch $version, trying previous" \ "versions:" >&2; - sha_ver_url="$(get_prev_sha256 "$channel" "$version")"; - sha256="${sha_ver_url%%:*}"; - ver_url="${sha_ver_url#*:}"; - version="${ver_url%%:*}"; - url="${ver_url#*:}"; + sha_ver="$(get_prev_sha256 "$channel" "$version")"; + sha256="${sha_ver%:*}"; + version="${sha_ver#*:}"; fi; fi; sha_insert "$version" "$sha256"; + main="${sha256%%.*}"; + deb="${sha256#*.}"; + deb32="${deb%.*}"; + deb64="${deb#*.}"; + echo " $channel = {"; echo " version = \"$version\";"; - echo " url = \"$url\";"; - echo " sha256 = \"$sha256\";"; + echo " sha256 = \"$main\";"; + if [ "x${deb#*[a-z0-9].[a-z0-9]}" != "x$deb" ]; + then + echo " sha256bin32 = \"$deb32\";"; + echo " sha256bin64 = \"$deb64\";"; + fi; echo " };"; done; } @@ -151,8 +115,8 @@ omaha="$(curl -s "$channels_url")"; versions="$(echo "$omaha" | sed -nr -e 's/^linux,([^,]+,[^,]+).*$/\1/p')"; channel_exprs="$(get_channel_exprs "$versions")"; -cat > "$output_file" <<-EOF -# This file is autogenerated from update.sh in the same directory. +cat > "$base_path/sources.nix" <<-EOF +# This file is autogenerated from update.sh in the parent directory. { $channel_exprs } diff --git a/pkgs/development/libraries/libopus/default.nix b/pkgs/development/libraries/libopus/default.nix index b1bf65d0fe67..78b264506f01 100644 --- a/pkgs/development/libraries/libopus/default.nix +++ b/pkgs/development/libraries/libopus/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fixedPoint ? false }: +{ stdenv, fetchurl, fixedPoint ? false, withCustomModes ? false }: let version = "1.1"; @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { sha256 = "158xprn2086arvdib3vbbygz7z6jqkw2nci7nlywzzwallap0wmr"; }; - configureFlags = stdenv.lib.optionalString fixedPoint "--enable-fixed-point"; + configureFlags = stdenv.lib.optional fixedPoint "--enable-fixed-point" + ++ stdenv.lib.optional withCustomModes "--enable-custom-modes"; doCheck = true; diff --git a/pkgs/development/libraries/libwebp/default.nix b/pkgs/development/libraries/libwebp/default.nix index 854af5942f90..6800541d923f 100644 --- a/pkgs/development/libraries/libwebp/default.nix +++ b/pkgs/development/libraries/libwebp/default.nix @@ -1,14 +1,20 @@ -{stdenv, fetchurl, libpng, libjpeg}: +{ stdenv, fetchurl, libpng, libjpeg, giflib, libtiff }: stdenv.mkDerivation rec { - name = "libwebp-0.1.3"; - + name = "libwebp-0.4.0"; + src = fetchurl { url = "http://webp.googlecode.com/files/${name}.tar.gz"; - sha256 = "1fkssvg99s9ypswh4ywkirgcy1wmy3b6388f3cqj4a4vwdb89ca0"; + sha256 = "0sadjkx8m6sf064r5gngjvz4b5246q3j27dlaml5b1k3x5vkb49i"; }; - buildInputs = [ libpng libjpeg ]; + buildInputs = [ libpng libjpeg giflib libtiff ]; + + configureFlags = [ + "--enable-libwebpmux" + "--enable-libwebpdemux" + "--enable-libwebpdecoder" + ]; meta = { homepage = http://code.google.com/p/webp/; diff --git a/pkgs/development/libraries/minizip/default.nix b/pkgs/development/libraries/minizip/default.nix new file mode 100644 index 000000000000..b71920446e4c --- /dev/null +++ b/pkgs/development/libraries/minizip/default.nix @@ -0,0 +1,14 @@ +{ stdenv, zlib, autoconf, automake, libtool }: + +stdenv.mkDerivation { + name = "minizip-${zlib.version}"; + inherit (zlib) src; + + nativeBuildInputs = [ autoconf automake libtool ]; + buildInputs = [ zlib ]; + + preConfigure = '' + cd contrib/minizip + autoreconf -vfi + ''; +} diff --git a/pkgs/development/libraries/v8/3.14.nix b/pkgs/development/libraries/v8/3.14.nix new file mode 100644 index 000000000000..0564e6887957 --- /dev/null +++ b/pkgs/development/libraries/v8/3.14.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchsvn, gyp, readline, python, which }: + +assert readline != null; + +let + system = stdenv.system; + arch = if system == "i686-linux" then "ia32" else if system == "x86_64-linux" || system == "x86_64-darwin" then "x64" else ""; + version = "3.14.5.9"; +in + +assert arch != ""; + +stdenv.mkDerivation { + name = "v8-${version}"; + + src = fetchsvn { + url = "http://v8.googlecode.com/svn/tags/${version}"; + sha256 = "18qp5qp5xrb6f00w01cklz358yrl54pks963f5rwvwz82d8sfyqr"; + name = "v8-${version}-src"; + }; + + patches = [ ./fix-GetLocalizedMessage-usage.patch ]; + + configurePhase = '' + mkdir build/gyp + ln -sv ${gyp}/bin/gyp build/gyp/gyp + ''; + + nativeBuildInputs = [ which ]; + buildInputs = [ readline python ]; + + buildFlags = [ + "library=shared" + "console=readline" + "${arch}.release" + ]; + + # http://code.google.com/p/v8/issues/detail?id=2149 + NIX_CFLAGS_COMPILE = "-Wno-unused-local-typedefs -Wno-aggressive-loop-optimizations"; + + enableParallelBuilding = true; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/lib + mv -v out/${arch}.release/d8 $out/bin + + ${if stdenv.system == "x86_64-darwin" then + "mv -v out/${arch}.release/libv8.dylib $out/lib" + else + "mv -v out/${arch}.release/lib.target/libv8.so $out/lib"} + mv -v include $out/ + ''; + + postFixup = if stdenv.isDarwin then '' + install_name_tool -change /usr/local/lib/libv8.dylib $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/bin/d8 + install_name_tool -id $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/lib/libv8.dylib + '' else null; + + meta = with stdenv.lib; { + description = "V8 is Google's open source JavaScript engine"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.bsd3; + }; +} diff --git a/pkgs/development/libraries/v8/default.nix b/pkgs/development/libraries/v8/default.nix index 0564e6887957..db8e491caae3 100644 --- a/pkgs/development/libraries/v8/default.nix +++ b/pkgs/development/libraries/v8/default.nix @@ -1,65 +1,66 @@ -{ stdenv, fetchsvn, gyp, readline, python, which }: +{ stdenv, fetchurl, gyp, readline, python, which, icu }: assert readline != null; let - system = stdenv.system; - arch = if system == "i686-linux" then "ia32" else if system == "x86_64-linux" || system == "x86_64-darwin" then "x64" else ""; - version = "3.14.5.9"; + arch = if stdenv.is64bit then "x64" else "ia32"; in -assert arch != ""; +stdenv.mkDerivation rec { + name = "v8-${version}"; + version = "3.25.9"; -stdenv.mkDerivation { - name = "v8-${version}"; + src = fetchurl { + url = "https://commondatastorage.googleapis.com/chromium-browser-official/" + + "${name}.tar.bz2"; + sha256 = "0x6czv99dr701vljyb4ghyhhc5rmv7vfkpvigcnrqz2an9q1pc28"; + }; - src = fetchsvn { - url = "http://v8.googlecode.com/svn/tags/${version}"; - sha256 = "18qp5qp5xrb6f00w01cklz358yrl54pks963f5rwvwz82d8sfyqr"; - name = "v8-${version}-src"; - }; + configurePhase = '' + PYTHONPATH="tools/generate_shim_headers:$PYTHONPATH" \ + ${gyp}/bin/gyp \ + -f make \ + --generator-output="out" \ + -Dflock_index=0 \ + -Dv8_enable_i18n_support=1 \ + -Duse_system_icu=1 \ + -Dconsole=readline \ + -Dcomponent=shared_library \ + -Dv8_target_arch=${arch} \ + --depth=. -Ibuild/standalone.gypi \ + build/all.gyp + ''; - patches = [ ./fix-GetLocalizedMessage-usage.patch ]; + nativeBuildInputs = [ which ]; + buildInputs = [ readline python icu ]; - configurePhase = '' - mkdir build/gyp - ln -sv ${gyp}/bin/gyp build/gyp/gyp - ''; + buildFlags = [ + "LINK=g++" + "-C out" + "builddir=$(CURDIR)/Release" + "BUILDTYPE=Release" + ]; - nativeBuildInputs = [ which ]; - buildInputs = [ readline python ]; + enableParallelBuilding = true; - buildFlags = [ - "library=shared" - "console=readline" - "${arch}.release" - ]; + installPhase = '' + install -vD out/Release/d8 "$out/bin/d8" + ${if stdenv.system == "x86_64-darwin" then '' + install -vD out/Release/lib.target/libv8.dylib "$out/lib/libv8.dylib" + '' else '' + install -vD out/Release/lib.target/libv8.so "$out/lib/libv8.so" + ''} + cp -vr include "$out/" + ''; - # http://code.google.com/p/v8/issues/detail?id=2149 - NIX_CFLAGS_COMPILE = "-Wno-unused-local-typedefs -Wno-aggressive-loop-optimizations"; + postFixup = if stdenv.isDarwin then '' + install_name_tool -change /usr/local/lib/libv8.dylib $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/bin/d8 + install_name_tool -id $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/lib/libv8.dylib + '' else null; - enableParallelBuilding = true; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/lib - mv -v out/${arch}.release/d8 $out/bin - - ${if stdenv.system == "x86_64-darwin" then - "mv -v out/${arch}.release/libv8.dylib $out/lib" - else - "mv -v out/${arch}.release/lib.target/libv8.so $out/lib"} - mv -v include $out/ - ''; - - postFixup = if stdenv.isDarwin then '' - install_name_tool -change /usr/local/lib/libv8.dylib $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/bin/d8 - install_name_tool -id $out/lib/libv8.dylib -change /usr/lib/libgcc_s.1.dylib ${stdenv.gcc.gcc}/lib/libgcc_s.1.dylib $out/lib/libv8.dylib - '' else null; - - meta = with stdenv.lib; { - description = "V8 is Google's open source JavaScript engine"; - platforms = platforms.linux ++ platforms.darwin; - license = licenses.bsd3; - }; + meta = with stdenv.lib; { + description = "V8 is Google's open source JavaScript engine"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.bsd3; + }; } diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 0d4abaf25e0a..f1eea80ab7a3 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -40,4 +40,6 @@ stdenv.mkDerivation rec { # zlib doesn't like the automatic --disable-shared from the Cygwin stdenv. cygwinConfigureEnableShared = true; + + passthru.version = version; } diff --git a/pkgs/development/web/nodejs/default.nix b/pkgs/development/web/nodejs/default.nix index 062d7f4ec066..3b1b64679722 100644 --- a/pkgs/development/web/nodejs/default.nix +++ b/pkgs/development/web/nodejs/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, openssl, python, zlib, v8, utillinux, http-parser, c-ares, pkgconfig, runCommand }: +{ stdenv, fetchurl, openssl, python, zlib, v8_3_14, utillinux, http-parser, c-ares, pkgconfig, runCommand }: let dtrace = runCommand "dtrace-native" {} '' @@ -10,7 +10,7 @@ let # !!! Should we also do shared libuv? deps = { - inherit v8 openssl zlib http-parser; + inherit v8_3_14 openssl zlib http-parser; cares = c-ares; }; diff --git a/pkgs/servers/nosql/mongodb/default.nix b/pkgs/servers/nosql/mongodb/default.nix index 6956271e992c..a5a021b93545 100644 --- a/pkgs/servers/nosql/mongodb/default.nix +++ b/pkgs/servers/nosql/mongodb/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, scons, boost, v8, gperftools, pcre, snappy }: +{ stdenv, fetchurl, scons, boost, v8_3_14, gperftools, pcre, snappy }: let version = "2.4.8"; in stdenv.mkDerivation rec { name = "mongodb-${version}"; @@ -8,7 +8,7 @@ let version = "2.4.8"; in stdenv.mkDerivation rec { sha256 = "1p6gnharypglfp39halp72fig96fqjhakyy7m76a1prxwpjkqw7x"; }; - nativeBuildInputs = [ scons boost v8 gperftools pcre snappy ]; + nativeBuildInputs = [ scons boost v8_3_14 gperftools pcre snappy ]; postPatch = '' substituteInPlace SConstruct \ diff --git a/pkgs/servers/nosql/rethinkdb/default.nix b/pkgs/servers/nosql/rethinkdb/default.nix index e81ccb396322..ec1dbd763646 100644 --- a/pkgs/servers/nosql/rethinkdb/default.nix +++ b/pkgs/servers/nosql/rethinkdb/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, which, protobuf, v8, ncurses, gperftools, boost, m4 }: +{ stdenv, fetchurl, which, protobuf, v8_3_14, ncurses, gperftools, boost, m4 }: stdenv.mkDerivation rec { name = "rethinkdb-1.11.2"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { configureFlags = "--lib-path ${gperftools}/lib"; - buildInputs = [ protobuf v8 ncurses boost ]; + buildInputs = [ protobuf v8_3_14 ncurses boost ]; nativeBuildInputs = [ which m4 ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1475b3f4ed71..9f9b15920b67 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5409,6 +5409,8 @@ let ming = callPackage ../development/libraries/ming { }; + minizip = callPackage ../development/libraries/minizip { }; + minmay = callPackage ../development/libraries/minmay { }; miro = callPackage ../applications/video/miro { @@ -6156,7 +6158,13 @@ let inherit (gnome) libsoup; }; - v8 = callPackage ../development/libraries/v8 { inherit (pythonPackages) gyp; }; + v8 = callPackage ../development/libraries/v8 { + inherit (pythonPackages) gyp; + }; + + v8_3_14 = callPackage ../development/libraries/v8/3.14.nix { + inherit (pythonPackages) gyp; + }; xmlsec = callPackage ../development/libraries/xmlsec { }; @@ -7750,7 +7758,6 @@ let chromium = lowPrio (callPackage ../applications/networking/browsers/chromium { channel = "stable"; - gconf = gnome.GConf; pulseSupport = config.pulseaudio or true; }); |