As already promised, the old single-channel source.nix is now obsolete as we're
using Omahaproxy now and the build of the stable version finishes successful and
the browser runs fine.
The previos update script just used the last version of chromium that showed up
at the bucket list at:
http://commondatastorage.googleapis.com/chromium-browser-official/
I'm not sure which channel this list actually holds, so I'm going to switch now
using the official release channels grabbed by omahaproxy. This also has the
advantage that we can provide different versions/flavors of chromium.
We now also write our data to sources.nix instead of source.nix, as we have more
than one source.
Always did this manually by putting -j8 into make flags, which i didn't commit,
as it obviously doesn't make sense to hardcode. However, this flag makes more
sense and obviously we need to avoid overriding buildPhase.
Which is enabled by default if neither pulseaudio or chromium.pulseaudio is
explicitly set. The reason is that chromium falls back to ALSA in case no
pulseaudio is available.
In addition it was necessary to patch media.gyp to ignore the array-out-of-
bounds warning.
This makes it easier to remember, as so far the naming wasn't quite consistent,
sometimes "use*", sometimes "enable*". So in using just use the feature name
itself, it should be pretty clear.
These libraries are heavily patched by the chromium project itself, so let's use
the bundled versions as those won't build anyway and also don't break functional
purity.
We also need to patch the compilation process, so it allows deprecated
declarations when building support for the cups backend. In addition, we also
need to add libgcrypt to dependencies as it's needed by the cups implementation.
This also separates gcrypt and gconf from the basic dependencies.
Unfortunately we cannot get rid of dbus_glib altogether, but maybe we want to
work on a patch to get rid of it? On the other hand it seems to be a TODO of the
chromium project itself, so let's wait and see.
Currently building fails with NSS, so we're using OpenSSL by default. And that's
why we want to make this configurable so if we manage to fix that build failure,
we could switch to using NSS by default.
This is mainly because of the patch to use OPENSSL_X509_CERT_FILE as a way to
specify the CA bundle. A browser which isn't able to verify SSL certificates
might be somewhat useless.
This is to make it more consistent with the naming of the package file and also
consistent with the build, as we're not using the Google branded version.
In addition the derivation attribute set now has a packageName value which can
be used to easily switch the binary names and paths, just in case we want to
switch to using "chrome" (or something entirely different) again.
There are still some libraries left, which we either need to patch or provide
more recent versions. Plus we're going to use openssl, as libnss doesn't want to
do proper SSL (let's debug this later).
If useSELinux is not set, enable seccomp mode by default and avoid building the
SUID helper sandbox at all. This involves a small patch which causes the
commandline arguments to be swapped: --disable-seccomp-sandbox to disable it,
while the option is active by default.