From 5021717099d7482ba4e68bb497b0a0868d0a185b Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Sat, 22 Mar 2014 17:05:14 +0100
Subject: [PATCH] chromium: Split off sandbox from the browser.

Now, we no longer tie the sandbox directly to the browser derivation but
wrap everything together into one derivation at the entry point at
default.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 .../networking/browsers/chromium/browser.nix  | 27 ++++---------------
 .../networking/browsers/chromium/default.nix  | 21 +++++++++++++--
 .../networking/browsers/chromium/sandbox.nix  |  8 +++---
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix
index 1954b392d17a..558054bba412 100644
--- a/pkgs/applications/networking/browsers/chromium/browser.nix
+++ b/pkgs/applications/networking/browsers/chromium/browser.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, makeWrapper, ninja, which
+{ stdenv, fetchurl, ninja, which
 
 # default dependencies
 , bzip2, flac, speex, icu, libopus
@@ -81,26 +81,19 @@ let
     libusb1 libexif
   ];
 
-  sandbox = import ./sandbox.nix {
-    inherit stdenv;
-    src = source.sandbox;
-    binary = "${packageName}_sandbox";
-  };
-
   # build paths and release info
   packageName = "chromium";
   buildType = "Release";
   buildPath = "out/${buildType}";
   libExecPath = "$out/libexec/${packageName}";
-  sandboxPath = "${sandbox}/bin/${packageName}_sandbox";
 
 in stdenv.mkDerivation rec {
-  name = "${packageName}-${source.version}";
+  name = "${packageName}-browser-${source.version}";
   inherit packageName;
   src = source;
 
   buildInputs = defaultDependencies ++ [
-    which makeWrapper
+    which
     python perl pkgconfig
     nspr udev
     (if useOpenSSL then openssl else nss)
@@ -228,8 +221,7 @@ in stdenv.mkDerivation rec {
 
   postPatch = ''
     sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
-      sandbox_binary = \
-        base::FilePath("'"${sandboxPath}"'");
+      sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));
     ' content/browser/browser_main_loop.cc
   '';
 
@@ -245,7 +237,6 @@ in stdenv.mkDerivation rec {
     use_openssl = useOpenSSL;
     selinux = enableSELinux;
     use_cups = cupsSupport;
-    linux_sandbox_path="${sandboxPath}";
     linux_sandbox_chrome_path="${libExecPath}/${packageName}";
     werror = "";
 
@@ -281,7 +272,7 @@ in stdenv.mkDerivation rec {
     LINK_host="${CXX}"             \
       "${ninja}/bin/ninja" -C "${buildPath}"  \
         -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
-        chrome ${optionalString (!enableSELinux) "chrome_sandbox"}
+        chrome
   '';
 
   installPhase = ''
@@ -295,10 +286,6 @@ in stdenv.mkDerivation rec {
 
     cp -v "${buildPath}/chrome" "${libExecPath}/${packageName}"
 
-    mkdir -vp "$out/bin"
-    makeWrapper "${libExecPath}/${packageName}" "$out/bin/${packageName}" \
-      --add-flags "${plugins.flagsEnabled}"
-
     mkdir -vp "$out/share/man/man1"
     cp -v "${buildPath}/chrome.1" "$out/share/man/man1/${packageName}.1"
 
@@ -313,10 +300,6 @@ in stdenv.mkDerivation rec {
     done
   '';
 
-  passthru = {
-    inherit sandbox;
-  };
-
   meta = {
     description = "An open source web browser from Google";
     homepage = http://www.chromium.org/;
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index be525aa3c8eb..ca802770b6b9 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,4 +1,4 @@
-{ newScope
+{ newScope, stdenv, makeWrapper
 
 # package customization
 , channel ? "stable"
@@ -30,9 +30,26 @@ let
               pulseSupport;
     };
 
+    sandbox = callPackage ./sandbox.nix { };
+
     plugins = callPackage ./plugins.nix {
       inherit enablePepperFlash enablePepperPDF;
     };
   };
 
-in chromium.browser
+in stdenv.mkDerivation {
+  name = "chromium-${channel}-${chromium.source.version}";
+
+  buildInputs = [ makeWrapper ];
+
+  buildCommand = let
+    browserBinary = "${chromium.browser}/libexec/chromium/chromium";
+    sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
+  in ''
+    ensureDir "$out/bin"
+    ln -s "${chromium.browser}/share" "$out/share"
+    makeWrapper "${browserBinary}" "$out/bin/chromium" \
+      --set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \
+      --add-flags "${chromium.plugins.flagsEnabled}"
+  '';
+}
diff --git a/pkgs/applications/networking/browsers/chromium/sandbox.nix b/pkgs/applications/networking/browsers/chromium/sandbox.nix
index b43385e86338..81ae49ebbb82 100644
--- a/pkgs/applications/networking/browsers/chromium/sandbox.nix
+++ b/pkgs/applications/networking/browsers/chromium/sandbox.nix
@@ -1,8 +1,8 @@
-{ stdenv, src, binary }:
+{ stdenv, source }:
 
 stdenv.mkDerivation {
-  name = "chromium-sandbox-${src.version}";
-  inherit src;
+  name = "chromium-sandbox-${source.version}";
+  src = source.sandbox;
 
   patchPhase = ''
     sed -i -e '/#include.*base_export/c \
@@ -15,6 +15,6 @@ stdenv.mkDerivation {
   '';
 
   installPhase = ''
-    install -svD sandbox "$out/bin/${binary}"
+    install -svD sandbox "$out/bin/chromium-sandbox"
   '';
 }