1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
nixpkgs/pkgs/applications/networking/browsers/chromium/default.nix
aszlig af8f08d638
chromium: Drop obsolete pre-v23 seccomp patch.
The patch is no longer needed, as we are now using the BPF seccomp sandbox.
Unfortunately this is not marked "adequately sandboxed" in chrome://sandbox, as
it awaits security review on http://crbug.com/26528.

Unfortunately this gets us into a position where we can't be sure if the sandbox
is working correctly, especially because the non-BPF seccomp sandbox has a bunch
of stability issues and is marked legacy. And we definitely don't want to add
support for the setuid sandbox, do we?

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-20 04:55:45 +01:00

211 lines
5.7 KiB
Nix

{ stdenv, config, fetchurl, makeWrapper, which
# default dependencies
, bzip2, flac, speex
, libevent, expat, libjpeg
, libpng, libxml2, libxslt
, xdg_utils, yasm, zlib
, libusb1, libexif
, python, perl, pkgconfig
, nspr, udev, krb5
, utillinux, alsaLib
, gcc, bison, gperf
, glib, gtk, dbus_glib
, libXScrnSaver, libXcursor, mesa
# optional dependencies
, libgnome_keyring # config.gnomeKeyring
, gconf # config.gnome
, libgcrypt # config.gnome || config.cups
, nss, openssl # config.openssl
, pulseaudio # config.pulseaudio
, libselinux # config.selinux
}:
with stdenv.lib;
let
mkConfigurable = mapAttrs (flag: default: attrByPath ["chromium" flag] default config);
cfg = mkConfigurable {
channel = "stable";
selinux = false;
nacl = false;
openssl = false;
gnome = false;
gnomeKeyring = false;
proprietaryCodecs = true;
cups = false;
pulseaudio = config.pulseaudio or true;
};
sourceInfo = builtins.getAttr cfg.channel (import ./sources.nix);
mkGypFlags =
let
sanitize = value:
if value == true then "1"
else if value == false then "0"
else "${value}";
toFlag = key: value: "-D${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
gypFlagsUseSystemLibs = {
use_system_bzip2 = true;
use_system_flac = true;
use_system_libevent = true;
use_system_libexpat = true;
use_system_libexif = true;
use_system_libjpeg = true;
use_system_libpng = true;
use_system_libusb = true;
use_system_libxml = true;
use_system_speex = true;
use_system_ssl = cfg.openssl;
use_system_stlport = true;
use_system_xdg_utils = true;
use_system_yasm = true;
use_system_zlib = false; # http://crbug.com/143623
use_system_harfbuzz = false;
use_system_icu = false;
use_system_libwebp = false; # http://crbug.com/133161
use_system_skia = false;
use_system_sqlite = false; # http://crbug.com/22208
use_system_v8 = false;
};
defaultDependencies = [
bzip2 flac speex
libevent expat libjpeg
libpng libxml2 libxslt
xdg_utils yasm zlib
libusb1 libexif
];
maybeFixPulseAudioBuild = let
post23 = !versionOlder sourceInfo.version "24.0.0.0";
in optional (post23 && cfg.pulseaudio) (fetchurl {
url = http://archrepo.jeago.com/sources/chromium-dev/pulse_audio_fix.patch;
sha256 = "1w91mirrkqigdhsj892mqxlc0nlv1dsp5shc46w9xf8nl96jxgfb";
});
in stdenv.mkDerivation rec {
name = "${packageName}-${version}";
packageName = "chromium";
version = sourceInfo.version;
src = fetchurl {
url = sourceInfo.url;
sha256 = sourceInfo.sha256;
};
buildInputs = defaultDependencies ++ [
which makeWrapper
python perl pkgconfig
nspr udev
(if cfg.openssl then openssl else nss)
utillinux alsaLib
gcc bison gperf
krb5
glib gtk dbus_glib
libXScrnSaver libXcursor mesa
] ++ optional cfg.gnomeKeyring libgnome_keyring
++ optionals cfg.gnome [ gconf libgcrypt ]
++ optional cfg.selinux libselinux
++ optional cfg.cups libgcrypt
++ optional cfg.pulseaudio pulseaudio;
opensslPatches = optional cfg.openssl openssl.patches;
prePatch = "patchShebangs .";
patches = optional cfg.cups ./cups_allow_deprecated.patch
++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
++ maybeFixPulseAudioBuild;
postPatch = optionalString cfg.openssl ''
cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
'';
gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
linux_use_gold_binary = false;
linux_use_gold_flags = false;
proprietary_codecs = false;
use_gnome_keyring = cfg.gnomeKeyring;
use_gconf = cfg.gnome;
use_gio = cfg.gnome;
use_pulseaudio = cfg.pulseaudio;
disable_nacl = !cfg.nacl;
use_openssl = cfg.openssl;
selinux = cfg.selinux;
use_cups = cfg.cups;
} // optionalAttrs cfg.proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;
ffmpeg_branding = "Chrome";
} // optionalAttrs (stdenv.system == "x86_64-linux") {
target_arch = "x64";
} // optionalAttrs (stdenv.system == "i686-linux") {
target_arch = "ia32";
});
buildType = "Release";
enableParallelBuilding = true;
configurePhase = ''
python build/gyp_chromium --depth "$(pwd)" ${gypFlags}
'';
makeFlags = let
CC = "${gcc}/bin/gcc";
CXX = "${gcc}/bin/g++";
in [
"CC=${CC}"
"CXX=${CXX}"
"CC.host=${CC}"
"CXX.host=${CXX}"
"LINK.host=${CXX}"
];
buildFlags = [
"BUILDTYPE=${buildType}"
"library=shared_library"
"chrome"
];
installPhase = ''
mkdir -vp "$out/libexec/${packageName}"
cp -v "out/${buildType}/"*.pak "$out/libexec/${packageName}/"
cp -vR "out/${buildType}/locales" "out/${buildType}/resources" "$out/libexec/${packageName}/"
cp -v out/${buildType}/libffmpegsumo.so "$out/libexec/${packageName}/"
cp -v "out/${buildType}/chrome" "$out/libexec/${packageName}/${packageName}"
mkdir -vp "$out/bin"
makeWrapper "$out/libexec/${packageName}/${packageName}" "$out/bin/${packageName}"
mkdir -vp "$out/share/man/man1"
cp -v "out/${buildType}/chrome.1" "$out/share/man/man1/${packageName}.1"
for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
num_and_suffix="''${icon_file##*logo_}"
icon_size="''${num_and_suffix%.*}"
logo_output_path="$out/share/icons/hicolor/''${icon_size}x''${icon_size}/apps"
mkdir -vp "$logo_output_path"
cp -v "$icon_file" "$logo_output_path/${packageName}.png"
done
'';
meta = {
description = "Chromium, an open source web browser";
homepage = http://www.chromium.org/;
maintainers = with maintainers; [ goibhniu chaoflow ];
license = licenses.bsd3;
platforms = platforms.linux;
};
}