Commit graph

111 commits

Author SHA1 Message Date
aszlig
b7cbb4da11
chromium: Force -fno-stack-protector for v25.
So, this is our sledgehammer, forcing -fno-stack-protector for every gcc/g++ in
the univ... Chromium build. Of course this is a somewhat nasty fix and there
should be a real fix somewhere in Chromium 26. But instead of wandering around
and picking cherries, we now go out for the slaughter until someone brings us
the damn cherries because we are FUURRRIII... no well... time for sleep :-)

May the mighty Hydra be with us!

Thanks to our great fellow @cillianderoiste, for joining the battle with his
almighty battle axe, crushing and burning some CPUs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Cillian de Róiste <cillian.deroiste@gmail.com>
2013-02-21 15:23:03 +01:00
aszlig
857135c59a
chromium: Use system protobuf for versien 25.
This should at least mitigate our build error to only occur in v8 anymore.
Unfortunately we can't use v8 from nixpkgs right now, so we're going to put out
our sledgehammer in the next commit. Meanwhile, it doesn't hurt to get rid of
the bundled protobuf library, so let's do it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-21 15:23:03 +01:00
aszlig
3a23e63dbf
chromium: Use system libvpx for version 25.
Unfortunately, we have build errors for version 25 in the bundled libvpx:

http://hydra.nixos.org/build/4173075
http://hydra.nixos.org/build/4173066

As I can't reproduce this on my local system (I've disabled the option
CONFIG_CC_STACKPROTECTOR here), let's just hope that libvpx is the only part
that fails during build because of this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-21 08:51:38 +01:00
aszlig
7e5109a541
chromium: Update dev channel to v26.0.1410.5.
The upgrade currently doesn't involve the -lite package, as we need to use a few
more dependencies from nixpkgs first before we can finally fully switch over to
the lite package, even though the update script will try to fetch it anyway.

In this update, one particular problem that arises in conjuction with the
seccomp BPF sandbox is caused by this commit:

https://chromiumcodereview.appspot.com/12209029

Which particularily filters flags to the clone() syscall. I've spent (wasted?) a
few hours figuring out the troublesome flag, eventually figuring it out and -
just by curiousity ("Do other distributions have the same problem?") - searched
the web for "chromium CLONE_DETACHED" and BEHOLD...

A post from our OWN mailinglist pops up with the same patch I intended to do:

http://article.gmane.org/gmane.linux.distributions.nixos/10356

So shame on me for not being subscribed to the mailing list, and big thanks to
Ian Farmer for the patch.

As a consequence I'm now subscribed.

So, back to chromium itself, version 26 builds fine and works so far without
much (more to come in later commits) trouble.

We also had to introduce three more dependencies:

 * protobuf: This one is because we don't need to use the bundled one anymore,
             so we can use the version in nixpkgs.
 * speechd: Not sure whether this was bundled or not, but let's use nixpkgs
            version as well to keep down build time.
 * libXdamage: Needed for screen capturing support.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-20 23:40:45 +01:00
aszlig
073c797444
chromium: Update stable and beta channels.
stable: 24.0.1312.69 -> 24.0.1312.70 (builds fine, tested)
beta: 25.0.1364.68 -> 25.0.1364.84 (builds fine, tested)

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-20 23:40:45 +01:00
aszlig
dd832a3e8f
chromium: Update beta channel to v25.0.1364.68.
This update is a bit more problematic, as the bundled version of libpng is
version 1.2.45 and the version in nixpkgs is 1.5.13. Even if trying to run with
libpng12 from nixpkgs, it seems to collide with parts of the bundled version.

So, until this is either fixed upstream or we have a good solution, we're using
bundled libpng for chromium version 25 and higher.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-08 07:03:36 +01:00
aszlig
9b726e94a8
chromium: Update stable channel to v24.0.1312.69.
Let's begin with the most trivial one: The stable version.
This version just contains a few bug fixes and builds fine so far.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-08 07:03:36 +01:00
aszlig
01cbb17c12
chromium: Fix updater to handle versions > 26.
Starting with version 26, there is a chromium-$version-lite package and it is an
LZMA archive as well, so download size is reduced by about 44%.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-02-08 07:03:36 +01:00
Florian Friesdorf
ddba22fa2e chromiumBeta and Dev update
dev should be 26.0.1386.0, but its link is broken
2013-01-19 19:34:52 +01:00
aszlig
72b248b932
chromium: Update stable and beta to v24.0.1312.52.
The current beta version of chromium just became stable, which means that we are
now exactly in par with the beta channel.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-14 11:34:03 +01:00
aszlig
4f8314fb92
chromium: Update dev channel to 25.0.1364.29.
For this update we needed to fix a bunch of things:

 * Limit pulse_audio_fix.patch to version 24 only (fixed upstream in 25).
 * Avoid the use of -fstack-protector for version 25.

The -fstack-protector option seems to be passed to libvpx now by default, so
simply use -fno-stack-protector in every occurence of -fstack-protector in
common.gypi. At least for now this will do it, but ultimately and for the future
we may want to have support for that in general.

And if we need that support in chromium directly depends on some of the next
updates to this package, as it seems that we now can switch to quite a lot of
nixpkgs dependencies instead of bundled dependencies.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-14 11:34:02 +01:00
aszlig
abe2993c4b
chromium: Add myself to maintainers.
Might come in handy to actually know when things going to break.

In case you're wondering: Yes, "aszlig" is the name everyone uses in real life
(even my family uses it) and is my pending stage name (not _yet_ officially).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-10 03:33:04 +01:00
aszlig
e2a4295844
chromium: Add pulse_audio_fix.patch to nixpkgs.
The patch previously was fetched from an Arch Linux contributor but is no longer
available there anymore. So, this is only an intermediate fix until channels get
updated (very soon I hope, even though chromium 25 could get quite messy).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-10 03:29:44 +01:00
aszlig
9337078fde
chromium: Update stable and beta channel.
stable: 23.0.1271.95 -> 23.0.1271.97 (tested and works)
beta: 24.0.1312.27 -> 24.0.1312.35 (tested and works)

The dev version doesn't build in its newest incarnation, so we will need to fix
and/or patch it before pushing upstream.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-12-12 12:36:19 +01:00
aszlig
8fd4b80bc7
chromium: Don't use the config attrset anymore.
We can still use the config attribute set from within all-packages to pass it to
the package expression, which we do in case of PulseAudio. In order to override
other stuff you can now conveniently use chromium.override without passing a
fake config attribute set.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-12-05 14:05:18 +01:00
aszlig
caabb8ee47
chromium: Allow package override on channels.
This allows for more flexible overrides instead of just passing a custom
configuration attrset like:

chromium.override { config.chromium.channel = "beta"; }

So you can now simply do:

chromium.override { channel = "beta"; }

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-12-05 14:05:18 +01:00
aszlig
e504299f94
chromium: Update channels to stable v23.0.1271.95.
This updates the beta channel as well:

stable: 23.0.1271.91 -> 23.0.1271.95
beta: 24.0.1312.25 -> 24.0.1312.27

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-12-05 14:05:17 +01:00
Florian Friesdorf
781d9aa84c chromium 24.0.1312.25 and 23.0.1271.91 2012-11-28 17:01:52 +01:00
aszlig
a76e28b54c
chromium: Add dependency on pciutils for v25.
This fixes the build for latest development version 25.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-20 04:55:45 +01:00
aszlig
af8f08d638
chromium: Drop obsolete pre-v23 seccomp patch.
The patch is no longer needed, as we are now using the BPF seccomp sandbox.
Unfortunately this is not marked "adequately sandboxed" in chrome://sandbox, as
it awaits security review on http://crbug.com/26528.

Unfortunately this gets us into a position where we can't be sure if the sandbox
is working correctly, especially because the non-BPF seccomp sandbox has a bunch
of stability issues and is marked legacy. And we definitely don't want to add
support for the setuid sandbox, do we?

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-20 04:55:45 +01:00
aszlig
d5c639cb55
chromium: Update channels to stable v23.0.1271.64.
This updates all release channels to the latest versions:

stable: 22.0.1229.94 -> 23.0.1271.64 (builds fine, tested)
beta: 23.0.1271.60 -> 24.0.1312.14 (builds fine, tested)
dev: 24.0.1312.2 -> 25.0.1323.1 (build failed, requires pciutils)

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-20 04:55:45 +01:00
aszlig
bc4318dca3
chromium: Fix omahaproxy URL in updater.
Omahaproxy got an overhaul and thus doesn't give CSV output on the main URL
anymoare. We're switching to /all for now and may want to refine this to only
what we're exactly looking for, but for now it fixes the updater.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-20 04:55:28 +01:00
aszlig
a28fe19203
chromium: Update dev and beta channels.
beta: 23.0.1271.60 (build successful)
dev: 24.0.1312.2 (build successful after patching)

The development version needs a patch in order to build properly against
PulseAudio. Issue and origin of the patch can be found here:

http://crbug.com/157876

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-03 12:44:47 +01:00
aszlig
737eff7166
chromium: Update beta and dev releases.
beta: 23.0.1271.26 -> 23.0.1271.40
dev: 24.0.1284.2 -> 24.0.1297.0

Both are building successful and the BPF seccomp sandbox fix has been dropped as
it has finally been applied upstream.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-23 06:08:01 +02:00
aszlig
50faa2cbef
chromium: Update stable and beta channels.
stable: 22.0.1229.79 (build tested)
beta: 22.0.1229.94 (build and usage tested)

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-11 12:44:33 +02:00
aszlig
702aec1881
chromium: Use final implementation of BPF patch.
The new version is the one already committed in trunk as revision 160697.
In order to get into beta and stable this could take some while so we're going
need to carry around that patch for some time.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-11 12:44:13 +02:00
aszlig
1983d4fdfc
chromium: Build using libusb (1.0) from nixpkgs.
This dependency has recently been added to chromium while we didn't notice it,
so let's avoid to use the bundled version.

It might make sense to remove the unneeded files in third_party/ based on a
whitelist, so that we notice future changes like this earlier.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 15:06:15 +02:00
aszlig
692ad8059a
chromium: Build using libexif from nixpkgs.
While libexif has been bundled with chromium for some months already, they only
recently added the GYP option to switch to using the system library. So, let's
enable it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 15:05:00 +02:00
aszlig
58a4edd294
chromium: Drop seccomp patch for version 21.
Version 22 is the current version of the stable channel, so we don't need to
carry around a patch for earlier versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:35:57 +02:00
aszlig
17fe198695
chromium: Disable legacy seccomp sandbox in v23.
This removes the patch introduced in 949afcc0f2.
The reason behind this is because even though we patch in the legacy seccomp
sandbox by default, it won't be used anyway as both cannot coexist anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:35:57 +02:00
aszlig
10679a7ba6
chromium: Fix chromium bug 149834 for version 23.
This is just a temporary fix and will only thrown away as soon as a proper fix
is included upstream, see http://crbug.com/149834 for more details about this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:33:52 +02:00
aszlig
df64adc2df
chromium: Update dev and beta channels.
dev: 23.0.1271.10 -> 24.0.1284.2 (not tested, probably won't build?)
beta: 22.0.1229.91 -> 23.0.1271.17 (issues, see below)

While testing the beta release, I've been bitten by http://crbug.com/149834, so
as this is a beta release, I'm not sure if we should patch again to disable the
BPF seccomp sandbox.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:33:51 +02:00
aszlig
949afcc0f2
chromium: New seccomp patch for versions >= 23.
The BPF renderer sandbox is now the default in 23. But still, it is not regarded
as "adequately sandboxed" from Google so we still need the legacy seccomp
sandbox.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:33:51 +02:00
aszlig
77d424875c
chromium: Temporarily use bundled zlib.
Well, after looking a bit more thoroughly through the zlib patch from the
Chromium team, it seams, that this really fix an issue that hasn't yet been
applied upstream. Unfortunately neither Chromium nor Zlib give more information
about that issue. Maybe they're waiting until its resolved upstream and thus the
temporary patch?

The bad news is, that the fix for the vulnerability is incomplete in Chromium
and covers only the use cases of Chromium itself, so we can't include that
patched version in nixpkgs zlib derivation.

Until the issue is fixed upstream we're hereby safer off turning it off in
Chromium and thus use the bundled and patched version.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:33:51 +02:00
aszlig
d2df1ada27
chromium: Update channels to stable v22.0.1229.79.
dev: 23.0.1271.10
beta: 22.0.1229.91
stable: 22.0.1229.79

The revert for SVN revision 151720 is now obsolete in the current beta release
and is only needed for the stable version. So let's hope that >= 22.0.1229.91
will get stable soon.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-02 03:46:42 +02:00
Eelco Dolstra
e6077fbc46 Remove getConfig helper function
An expression like ‘getConfig [ "cabal" "libraryProfiling" ] false’
can be written more concisely as ‘config.cabal.libraryProfiling or false’.
2012-09-19 13:56:56 -04:00
aszlig
6667ee858b
chromium: Update dev/beta channels.
beta: 22.0.1229.56
dev: 23.0.1262.0

Patch for http://crbug.com/143623 still applies and is still not fixed upstream.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-09-15 07:44:21 +02:00
aszlig
2347cfa4f9
chromium: Revert zlib changes for v22 and higher.
SVN revision 151720 breaks the build with system zlib, see:

http://src.chromium.org/viewvc/chrome?view=rev&revision=151720

The issue here is, that r151720 introduces changes directly in zlib, which
aren't upstream and unfortunately there is no more information stating the exact
reasons for this change, as all references to it are not publicly available:

http://crbug.com/139744
https://chromiumcodereview.appspot.com/10837057

So for the moment, we're going to add a patch, which applies to v22 and higher,
which essentially reverts r151720, until either more information on the issue is
available or it is resolved upstream.

As someone has already reported the issue, we just need to track the following
issue:

http://crbug.com/143623

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-09-11 04:54:26 +02:00
aszlig
20f883179e
chromium: Update channels to latest versions.
stable: 21.0.1180.89
beta: 22.0.1229.39
dev: 23.0.1255.0

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-09-11 04:54:25 +02:00
aszlig
d5c2b35b82
chromium: Re-enable legacy sandbox for version 22.
This enables legacy seccomp sandbox by default even on chromium 22, because the
BPF sandbox is still work in progress, please see:

http://crbug.com/139872
http://crbug.com/130662

Because the BPF seccomp sandbox is used in case the legacy seccomp mode
initialization fails, we might need to patch this again, as soon as the BPF
sandbox is fully implemented to fall back to legacy seccomp and use BPF by
default.

We now have two patches for "default to seccomp" - one for Chromium 21 and one
for 22 or higher.
2012-08-27 06:50:35 +02:00
aszlig
c67d8bcabe
chromium: Don't use the sandbox patch on v21.
The patch doesn't apply in version 22 and newer, because mode 1 sandboxes are
connsidered "legacy" (well, apart from the fact that I'd personally prefer BPF
anyway), for reasons I wasn't able to find, yet. But let's proceed on BPF
integration and thus gain more insight on the exact reasons.
2012-08-26 07:36:57 +02:00
aszlig
b1a6a98139
chromium: Drop dependency on subversion.
Versions older than 21 needed subversion in order to build. As the oldest
version we support is 21, we no longer need this dependency.
2012-08-26 03:03:24 +02:00
aszlig
819ee63851
chromium: Update to new release channels.
If you look at what changed, you'll surely notice that version 22 is now in
beta, so we have to expect things to break. And one thing that will break for
sure is the seccomp patch, because beginning with 22 the new BPF seccomp sandbox
is going to replace the mode 1 seccomp sandbox.
2012-08-26 02:56:59 +02:00
aszlig
224098757f
chromium/update.sh: Fix spacing in cache messages.
This commit doesn't add any feature and just fixes a small annoyance which
result in messages like this:

Checking if xxx applies...no.

See that there is no whitespace between "..." and "no"? Well, the world cares
for more important things, but for me personally those minor annoyances can turn
into major annoyances.
2012-08-26 02:52:33 +02:00
Shea Levy
f34225c440 Merge branch 'chromium-updater' of https://github.com/aszlig/nixpkgs
chromium: Improve update script and update to latest versions.

Previously, we had a single hash of the whole version response from
omahaproxy.

Unfortunately the dev version is released quite frequently, so the hash
is of no use at all (we could rather directly fetch rather than
executing the script, because it will fetch all channels anyway).

This pull request adds two methods of caching:

* First of all, if a perticular version/channel is already in the
previous version of the sources.nix file, don't download it again.

* And the second method is to check if the current sha256 is already
downloaded and reads the corresponding sha256 from the lookup table.

So, this should really help to avoid flooding the download servers and
to not stress impatient users too much.
2012-08-22 06:36:33 -04:00
aszlig
8b4fae76b3 chromium: Build with NSS by default.
Hurray! This is the first time chromium is working with NSS _and_ is able to
verify certificates using the root certificates built in into NSS.

Optimally it would use certs from OPENSSL_X509_CERT_FILE, but at least it's
working, so let's add that at some later point.
2012-08-22 08:29:10 +02:00
aszlig
4393fffcce chromium: Update channels to latest versions.
This removes the now obsolete VHASH line in sources.nix aswell.
2012-08-17 12:57:35 +02:00
aszlig
6968400a34 chromium: Check sha256 per channel in update.sh.
Until this commit we had a single hash of the whole version response from
omahaproxy. This worked well for not updating unnecessarily but only until one
single channel has a new version available.

Unfortunately the dev version is released quite frequently, so the hash is of no
use at all (we could rather directly fetch everything everytime we execute the
script).

This led to this commit, which adds two methods of caching:

First of all, if a perticular version/channel is already in the previous version
of the sources.nix file, don't download it again.

And the second method is to check if the current sha256 is already downloaded
and reads the corresponding sha256 from the lookup table.

So, this should really help to avoid flooding the download servers and to not
stress impatient users too much.
2012-08-17 12:57:34 +02:00
aszlig
fbfd84f816 chromium: Install libffmpegsumo.so.
This caused HTML5 video to not work because this shared library is loaded at
runtime.

Unfortunately we can't use system ffmpeg yet, because upgrading would break
builds of other packages, and it would result in a copy of ffmpeg laying around
aswell, so we can defer this until we have fixed ffmpeg.

Thanks to @bluescreen303 for the bug report.
2012-08-07 19:11:58 +02:00
aszlig
a898f9ce8f chromium: Update channels for stable version 21.
Version 20 doesn't seem to build with a newer version of pulse audio and as 21
is stable now anyway, let's update the channels.
2012-08-04 09:53:53 +02:00