summary refs log tree commit diff
path: root/pkgs/applications/networking/browsers/chromium/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/networking/browsers/chromium/default.nix')
-rw-r--r--pkgs/applications/networking/browsers/chromium/default.nix34
1 files changed, 31 insertions, 3 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index a7447db7c220..8b4cb00a7786 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,4 +1,4 @@
-{ newScope, stdenv, makeWrapper, makeDesktopItem
+{ newScope, stdenv, makeWrapper, makeDesktopItem, writeScript
 
 # package customization
 , channel ? "stable"
@@ -61,22 +61,49 @@ let
 
   suffix = if channel != "stable" then "-" + channel else "";
 
+  sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName;
+
 in stdenv.mkDerivation {
   name = "chromium${suffix}-${chromium.browser.version}";
 
   buildInputs = [ makeWrapper ];
 
+  outputs = ["out" "sandbox"];
+
   buildCommand = let
     browserBinary = "${chromium.browser}/libexec/chromium/chromium";
     getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
+    sandboxExecutableSourcePath = "${chromium.browser}/libexec/chromium/chrome-sandbox";
+    launchScript = writeScript "chromium" ''
+      #! ${stdenv.shell}
+
+      if [ -x "/var/setuid-wrappers/${sandboxExecutableName}" ]
+      then
+        export CHROME_DEVEL_SANDBOX="/var/setuid-wrappers/${sandboxExecutableName}"
+      else
+        export CHROME_DEVEL_SANDBOX="@sandbox@/bin/${sandboxExecutableName}"
+      fi
+
+      # libredirect causes chromium to deadlock on startup
+      export LD_PRELOAD="$(echo -n "$LD_PRELOAD" | tr ':' '\n' | grep -v /lib/libredirect\\.so$ | tr '\n' ':')"
+
+      exec @out@/bin/.chromium-wrapped "''${extraFlagsArray[@]}" "$@"
+    '';
   in with stdenv.lib; ''
     mkdir -p "$out/bin" "$out/share/applications"
 
     ln -s "${chromium.browser}/share" "$out/share"
-    eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
-      --set CHROME_DEVEL_SANDBOX "${chromium.browser}/libexec/chromium/chrome-sandbox" \
+    eval makeWrapper "${browserBinary}" "$out/bin/.chromium-wrapped" \
       ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled}
 
+    cp -v "${launchScript}" "$out/bin/chromium"
+    substituteInPlace $out/bin/chromium --replace @out@ $out --replace @sandbox@ $sandbox
+    chmod 755 "$out/bin/chromium"
+
+    mkdir -p "$sandbox/bin"
+    [ -x "${sandboxExecutableSourcePath}" ] || exit 1
+    ln -sv "${sandboxExecutableSourcePath}" "$sandbox/bin/${sandboxExecutableName}"
+
     ln -s "$out/bin/chromium" "$out/bin/chromium-browser"
     ln -s "${chromium.browser}/share/icons" "$out/share/icons"
     cp -v "${desktopItem}/share/applications/"* "$out/share/applications"
@@ -87,5 +114,6 @@ in stdenv.mkDerivation {
   passthru = {
     inherit (chromium) upstream-info;
     mkDerivation = chromium.mkChromiumDerivation;
+    inherit sandboxExecutableName;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 23:46:00 +0000