nixpkgs/pkgs/applications/networking/browsers/chromium/source/update.nix
aszlig 6184ee89fe
chromium/update: Update Debian binaries as well.
This cases the Debian binaries to be fetched from Google's official APT
repository. If we aren't able to find a package from the APT repository,
it's very likely that it already got deleted upstream and we need to
fallback to mirrors instead.

Unfortunately, we can't use mirrors for updating, because Google doesn't
sign the Debian packages themselves and only the release files.

We're going to hook it into a Chromium updater soon, making the sha256
hashes publicly available, so if it is missing, we can still put the
sha256 manually into sources.nix, without risking anything by blindly
fetching from one of the provided mirrors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-04-19 03:58:45 +02:00

118 lines
3.1 KiB
Nix

{ system ? builtins.currentSystem }:
let
inherit (import <nixpkgs> {}) lib writeText stdenv;
sources = if builtins.pathExists ./sources.nix
then import ./sources.nix
else null;
bucketURL = "http://commondatastorage.googleapis.com/"
+ "chromium-browser-official";
debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g";
# Untrusted mirrors, don't try to update from them!
debMirrors = [
"http://95.31.35.30/chrome/pool/main/g"
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
];
tryChannel = channel: let
chan = builtins.getAttr channel sources;
in if sources != null then ''
oldver="${chan.version}";
echo -n "Checking if $oldver ($channel) is up to date..." >&2;
if [ "x$(get_newest_ver "$version" "$oldver")" != "x$oldver" ];
then
echo " no, getting sha256 for new version $version:" >&2;
sha256="$(prefetch_sha "$channel" "$version")" || return 1;
else
echo " yes, keeping old sha256." >&2;
sha256="${chan.sha256}";
${if (chan ? sha256bin32 && chan ? sha256bin64) then ''
sha256="$sha256.${chan.sha256bin32}.${chan.sha256bin64}";
'' else ''
sha256="$sha256.$(prefetch_deb_sha "$channel" "$version")";
''}
fi;
'' else ''
sha256="$(prefetch_sha "$channel" "$version")" || return 1;
'';
caseChannel = channel: ''
${channel}) ${tryChannel channel};;
'';
in rec {
getChannel = channel: let
chanAttrs = builtins.getAttr channel sources;
in {
main = {
url = "${bucketURL}/chromium-${chanAttrs.version}.tar.xz";
inherit (chanAttrs) version sha256;
};
binary = let
pname = if channel == "dev"
then "google-chrome-unstable"
else "google-chrome-${channel}";
arch = if stdenv.is64bit then "amd64" else "i386";
relpath = "${pname}/${pname}_${chanAttrs.version}-1_${arch}.deb";
in lib.optionalAttrs (chanAttrs ? sha256bin64) {
urls = map (url: "${url}/${relpath}") ([ debURL ] ++ debMirrors);
sha256 = if stdenv.is64bit
then chanAttrs.sha256bin64
else chanAttrs.sha256bin32;
inherit (chanAttrs) version;
};
};
updateHelpers = writeText "update-helpers.sh" ''
prefetch_main_sha()
{
nix-prefetch-url "${bucketURL}/chromium-$2.tar.xz";
}
prefetch_deb_sha()
{
channel="$1";
version="$2";
case "$1" in
dev) pname="google-chrome-unstable";;
*) pname="google-chrome-$channel";;
esac;
deb_pre="${debURL}/$pname/$pname";
deb32=$(nix-prefetch-url "''${deb_pre}_$version-1_i386.deb");
deb64=$(nix-prefetch-url "''${deb_pre}_$version-1_amd64.deb");
echo "$deb32.$deb64";
return 0;
}
prefetch_sha()
{
echo "$(prefetch_main_sha "$@").$(prefetch_deb_sha "$@")";
return 0;
}
get_sha256()
{
channel="$1";
version="$2";
case "$channel" in
${lib.concatMapStrings caseChannel [ "stable" "dev" "beta" ]}
esac;
sha_insert "$version" "$sha256";
echo "$sha256";
return 0;
}
'';
}