chromium: Update all channels to latest versions.

Overview of the updated versions:

stable: 40.0.2214.91 -> 40.0.2214.115
beta:   41.0.2272.16 -> 41.0.2272.64
dev:    41.0.2272.16 -> 42.0.2305.3

Introduces 42.0.2305.3 as the new dev version, which no longer requires
our user namespaces sandbox patch. Thanks to everyone participating in
https://crbug.com/312380 for finally having this upstream.

In the course of supporting the official namespace sandbox (that's what
the user namespace sandbox is called), a few things needed to be fixed
for version 42:

 * Add an updated nix_plugin_paths.patch, because the old
   one tries to patch the path for libpdf, which is now natively included
   in Chromium.

 * Don't copy libpdf.so to libexec path for version 42, it's no longer
   needed as it's completely built-in now.

 * Disable SUID sandbox directly in the source instead of going the easy
   route of passing --disable-setuid-sandbox. The reason is that with
   the command line flag a nasty nagbar will appear.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2015-01-28 08:12:51 +01:00
parent d15d0bebc3
commit 0aad4b7ee4
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
6 changed files with 127 additions and 19 deletions

View File

@ -12,8 +12,10 @@ mkChromiumDerivation (base: rec {
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/"
cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"
${optionalString (versionOlder base.version "42.0.0.0") ''
cp -v "$buildPath/libpdf.so" "$libExecPath/"
''}
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
mkdir -vp "$out/share/man/man1"

View File

@ -135,11 +135,11 @@ let
-exec chmod u+w {} +
'';
postPatch = ''
postPatch = optionalString (versionOlder version "42.0.0.0") ''
sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));
' sandbox/linux/suid/client/setuid_sandbox_client.cc
'' + ''
sed -i -e '/module_path *=.*libexif.so/ {
s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
}' chrome/utility/media_galleries/image_metadata_extractor.cc
@ -166,7 +166,9 @@ let
use_openssl = useOpenSSL;
selinux = enableSELinux;
use_cups = cupsSupport;
} // optionalAttrs (versionOlder version "42.0.0.0") {
linux_sandbox_chrome_path="${libExecPath}/${packageName}";
} // {
werror = "";
clang = false;
enable_hidpi = hiDPISupport;

View File

@ -73,13 +73,15 @@ in stdenv.mkDerivation {
sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
mkEnvVar = key: val: "--set '${key}' '${val}'";
envVars = chromium.plugins.settings.envVars or {};
isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0";
flags = chromium.plugins.settings.flags or [];
setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\"";
in with stdenv.lib; ''
mkdir -p "$out/bin" "$out/share/applications"
ln -s "${chromium.browser}/share" "$out/share"
makeWrapper "${browserBinary}" "$out/bin/chromium" \
--set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \
${optionalString (!isVer42) setBinPath} \
${concatStrings (mapAttrsToList mkEnvVar envVars)} \
--add-flags "${concatStringsSep " " flags}"

View File

@ -9,7 +9,9 @@ with (import ./update.nix {
inherit (stdenv) system;
}).getChannel channel;
stdenv.mkDerivation {
let
pre42 = versionOlder version "42.0.0.0";
in stdenv.mkDerivation {
name = "chromium-source-${version}";
src = fetchurl main;
@ -22,7 +24,11 @@ stdenv.mkDerivation {
prePatch = "patchShebangs .";
patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ];
patches = if pre42 then [
./sandbox_userns_36.patch ./nix_plugin_paths.patch
] else [
./nix_plugin_paths_42.patch
];
postPatch = ''
sed -i -r \
@ -32,6 +38,9 @@ stdenv.mkDerivation {
build/common.gypi chrome/chrome_tests.gypi
'' + optionalString useOpenSSL ''
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
'' + optionalString (!pre42) ''
sed -i -e '/LOG.*no_suid_error/d' \
"$main/content/browser/browser_main_loop.cc"
'';
outputs = [ "out" "sandbox" "bundled" "main" ];

View File

@ -0,0 +1,93 @@
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
index 8a205a6..d5c24e1 100644
--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
// Gets the path for internal plugins.
-bool GetInternalPluginsDirectory(base::FilePath* result) {
-#if defined(OS_MACOSX) && !defined(OS_IOS)
- // If called from Chrome, get internal plugins from a subdirectory of the
- // framework.
- if (base::mac::AmIBundled()) {
- *result = chrome::GetFrameworkBundlePath();
- DCHECK(!result->empty());
- *result = result->Append("Internet Plug-Ins");
- return true;
- }
- // In tests, just look in the module directory (below).
-#endif
-
- // The rest of the world expects plugins in the module directory.
- return PathService::Get(base::DIR_MODULE, result);
+bool GetInternalPluginsDirectory(base::FilePath* result,
+ const std::string& ident) {
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
+ const char* value = getenv(full_env.c_str());
+ if (value == NULL)
+ return PathService::Get(base::DIR_MODULE, result);
+ else
+ *result = base::FilePath(value);
}
} // namespace
@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {
create_dir = true;
break;
case chrome::DIR_INTERNAL_PLUGINS:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
return false;
break;
case chrome::DIR_PEPPER_FLASH_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
return false;
cur = cur.Append(kPepperFlashBaseDirectory);
break;
@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.Append(FILE_PATH_LITERAL("script.log"));
break;
case chrome::FILE_FLASH_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))
return false;
cur = cur.Append(kInternalFlashPluginFileName);
break;
@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.Append(chrome::kPepperFlashPluginFilename);
break;
case chrome::FILE_EFFECTS_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS"))
return false;
cur = cur.Append(kEffectsPluginFileName);
break;
@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {
// We currently need a path here to look up whether the plugin is disabled
// and what its permissions are.
case chrome::FILE_NACL_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "NACL"))
return false;
cur = cur.Append(kInternalNaClPluginFileName);
break;
@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.DirName();
}
#else
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
return false;
#endif
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {
// In the component case, this is the source adapter. Otherwise, it is the
// actual Pepper module that gets loaded.
case chrome::FILE_WIDEVINE_CDM_ADAPTER:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
return false;
cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
break;

View File

@ -1,21 +1,21 @@
# This file is autogenerated from update.sh in the parent directory.
{
dev = {
version = "41.0.2272.16";
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
version = "42.0.2305.3";
sha256 = "00338x1x78wcvaxcnnq5cng30450gsyqnlwplgyq7zjsrpqpprvn";
sha256bin32 = "1xxmyfmdksqpwwf3wxhxrxvqnvjxlwkhkrdzkmra7d74hz7mqjz7";
sha256bin64 = "0q4hvvkjzy46x9hfhchywakzrd0jfwhxxsv96cz3yfcqwasf42x7";
};
beta = {
version = "41.0.2272.16";
sha256 = "14l3l5gcjqszqjb3zmwxsyfci495fi315sznvm2n2ark24mf03yq";
sha256bin32 = "0xqhzlmbyh5w678j7iwssd81z1bpggpzxni1y79xn5lhc26c50jd";
sha256bin64 = "0c9j75xqv4jx57asiaadarz714h1adscvb4h5ng7mbmr268qp6f2";
version = "41.0.2272.64";
sha256 = "0jq864636527fpnrkdaalp73hjcd581imdk13bxfi6g4ic0sizkg";
sha256bin32 = "12sisp6bk6qvgikzxi616d8cnrrgs2593kyq7sv3276wjz34a07m";
sha256bin64 = "1vz89r43byd0shjvr6bvmwlsh97fx281hlzfv49q9k49piyfylgp";
};
stable = {
version = "40.0.2214.91";
sha256 = "0ja1wvjn0g8xs20j87s3gl9h70yzx8rfa3k126wnl9gay6gxlbzp";
sha256bin32 = "0mfg66s7fqx6v8n0hilsw40i5ximasbqhrmw4fpnpa0x0i77bphj";
sha256bin64 = "14lqm8m937b9sl5k7sc939aar76ij9790c807yahk6q36mfyd269";
version = "40.0.2214.115";
sha256 = "19d6zd71w3zvqwb0ncdapfwkckjgqmb1jfg228jvaispp9nvjq92";
sha256bin32 = "1sv8sj0xp14q5693jcwwipinx539d5rgvhqcxm6b030024jjh8sr";
sha256bin64 = "1zgb9g6fr29i7f9s1s1dcih1qjiz62ir90k0fsam9df99gzmmyc0";
};
}