Commit graph

583 commits

Author SHA1 Message Date
aszlig d5c2b35b82
chromium: Re-enable legacy sandbox for version 22.
This enables legacy seccomp sandbox by default even on chromium 22, because the
BPF sandbox is still work in progress, please see:

http://crbug.com/139872
http://crbug.com/130662

Because the BPF seccomp sandbox is used in case the legacy seccomp mode
initialization fails, we might need to patch this again, as soon as the BPF
sandbox is fully implemented to fall back to legacy seccomp and use BPF by
default.

We now have two patches for "default to seccomp" - one for Chromium 21 and one
for 22 or higher.
2012-08-27 06:50:35 +02:00
aszlig c67d8bcabe
chromium: Don't use the sandbox patch on v21.
The patch doesn't apply in version 22 and newer, because mode 1 sandboxes are
connsidered "legacy" (well, apart from the fact that I'd personally prefer BPF
anyway), for reasons I wasn't able to find, yet. But let's proceed on BPF
integration and thus gain more insight on the exact reasons.
2012-08-26 07:36:57 +02:00
aszlig b1a6a98139
chromium: Drop dependency on subversion.
Versions older than 21 needed subversion in order to build. As the oldest
version we support is 21, we no longer need this dependency.
2012-08-26 03:03:24 +02:00
aszlig 819ee63851
chromium: Update to new release channels.
If you look at what changed, you'll surely notice that version 22 is now in
beta, so we have to expect things to break. And one thing that will break for
sure is the seccomp patch, because beginning with 22 the new BPF seccomp sandbox
is going to replace the mode 1 seccomp sandbox.
2012-08-26 02:56:59 +02:00
aszlig 224098757f
chromium/update.sh: Fix spacing in cache messages.
This commit doesn't add any feature and just fixes a small annoyance which
result in messages like this:

Checking if xxx applies...no.

See that there is no whitespace between "..." and "no"? Well, the world cares
for more important things, but for me personally those minor annoyances can turn
into major annoyances.
2012-08-26 02:52:33 +02:00
Shea Levy f34225c440 Merge branch 'chromium-updater' of https://github.com/aszlig/nixpkgs
chromium: Improve update script and update to latest versions.

Previously, we had a single hash of the whole version response from
omahaproxy.

Unfortunately the dev version is released quite frequently, so the hash
is of no use at all (we could rather directly fetch rather than
executing the script, because it will fetch all channels anyway).

This pull request adds two methods of caching:

* First of all, if a perticular version/channel is already in the
previous version of the sources.nix file, don't download it again.

* And the second method is to check if the current sha256 is already
downloaded and reads the corresponding sha256 from the lookup table.

So, this should really help to avoid flooding the download servers and
to not stress impatient users too much.
2012-08-22 06:36:33 -04:00
aszlig 5df4e12c92 firefox: Build against system NSS.
So, now even Firefox can be built with our shiny new fixed up NSS derivation,
and as this is desired (especially if we want to support certificates from the
CA bundle), let's make it the default.
2012-08-22 08:29:10 +02:00
aszlig 8b4fae76b3 chromium: Build with NSS by default.
Hurray! This is the first time chromium is working with NSS _and_ is able to
verify certificates using the root certificates built in into NSS.

Optimally it would use certs from OPENSSL_X509_CERT_FILE, but at least it's
working, so let's add that at some later point.
2012-08-22 08:29:10 +02:00
aszlig 4393fffcce chromium: Update channels to latest versions.
This removes the now obsolete VHASH line in sources.nix aswell.
2012-08-17 12:57:35 +02:00
aszlig 6968400a34 chromium: Check sha256 per channel in update.sh.
Until this commit we had a single hash of the whole version response from
omahaproxy. This worked well for not updating unnecessarily but only until one
single channel has a new version available.

Unfortunately the dev version is released quite frequently, so the hash is of no
use at all (we could rather directly fetch everything everytime we execute the
script).

This led to this commit, which adds two methods of caching:

First of all, if a perticular version/channel is already in the previous version
of the sources.nix file, don't download it again.

And the second method is to check if the current sha256 is already downloaded
and reads the corresponding sha256 from the lookup table.

So, this should really help to avoid flooding the download servers and to not
stress impatient users too much.
2012-08-17 12:57:34 +02:00
aszlig cb9b55a197 google-talk-plugin: Prefer Debian package.
The reason is because unpacking debian packages requires fewer dependencies (ar,
gzip and tar, nothing more), and in addition we can explicitly reference a
version number from the apt repository.
2012-08-08 19:06:46 +02:00
aszlig fbfd84f816 chromium: Install libffmpegsumo.so.
This caused HTML5 video to not work because this shared library is loaded at
runtime.

Unfortunately we can't use system ffmpeg yet, because upgrading would break
builds of other packages, and it would result in a copy of ffmpeg laying around
aswell, so we can defer this until we have fixed ffmpeg.

Thanks to @bluescreen303 for the bug report.
2012-08-07 19:11:58 +02:00
Rob Vermaas 19ce2dd9de Merge pull request #82 from aszlig/chromium-update
chromium: Update channels for stable version 21.
2012-08-04 03:17:42 -07:00
Mathijs Kwik c736b59d2a google-talkplugin: upgrade to 3.2.4.0 2012-08-04 12:12:38 +02:00
aszlig a898f9ce8f chromium: Update channels for stable version 21.
Version 20 doesn't seem to build with a newer version of pulse audio and as 21
is stable now anyway, let's update the channels.
2012-08-04 09:53:53 +02:00
Laszlo Nagy ed8c4b0585 Fix w3m configure problem on non-chroot build env.
The configure script picks up libbsd.so from the host machine.
It uses simple find command to locate the file, but the linker
can not use it.

The fix replace the search path to /no-such-path
2012-07-31 23:34:52 +02:00
Rob Vermaas 35be2b54d1 Merge pull request #52 from aszlig/master
Chromium updates
2012-07-17 04:33:33 -07:00
Rickard Nilsson 83d63ea910 opera: Update to 12.0 2012-07-17 12:46:39 +02:00
aszlig 96b5e9795a chromium: Update to the latest release channels. 2012-07-17 12:03:13 +02:00
Mathijs Kwik b659b026c5 google-talk-plugin: updated upstream, changing hashes 2012-07-05 12:01:23 +02:00
aszlig 950c73271a chromium: Remove obsolete source.nix.
As already promised, the old single-channel source.nix is now obsolete as we're
using Omahaproxy now and the build of the stable version finishes successful and
the browser runs fine.
2012-07-04 14:47:02 +02:00
aszlig 834d8be46e chromium: Fix build for versions older than 21.x.
The current stable version won't build if gyp can't use svnversion from the
subversion package, so let's provide it for versions below 21.x.
2012-07-04 14:47:02 +02:00
aszlig f6e063e7fc chromium: Use new channel based sources.
Switch to channel based sources and default to the "stable" channel.
2012-07-04 14:47:02 +02:00
aszlig a65ba9e083 chromium: Generate new sources.nix.
This means that we now have hashes and URLs for the latest versions of chromium
and can now work on integrating the changes into default.nix.
2012-07-04 14:47:02 +02:00
aszlig ec395a78ee chromium: Extend update script to use channels.
The previos update script just used the last version of chromium that showed up
at the bucket list at:

http://commondatastorage.googleapis.com/chromium-browser-official/

I'm not sure which channel this list actually holds, so I'm going to switch now
using the official release channels grabbed by omahaproxy. This also has the
advantage that we can provide different versions/flavors of chromium.

We now also write our data to sources.nix instead of source.nix, as we have more
than one source.
2012-07-04 14:47:02 +02:00
Peter Simons fb4df48329 firefox-12.0: update download URL
releases.mozilla.org doesn't seem to carry old release archive anymore.

Patch submitted by Jan Malakhovski <oxij@oxij.org>.
2012-07-02 16:53:51 +02:00
Lluís Batlle i Rossell c05fcf6a2b chromium: Making hydra build chromium for linux.
I think it will save quite a lot of users build time.
2012-06-28 12:56:51 +02:00
Lluís Batlle fc8fb52341 Merge branch 'master' of https://github.com/viric/nixpkgs 2012-06-24 19:12:50 +02:00
aszlig d23dcbb9a5 chromium: Enable parallel building.
Always did this manually by putting -j8 into make flags, which i didn't commit,
as it obviously doesn't make sense to hardcode. However, this flag makes more
sense and obviously we need to avoid overriding buildPhase.
2012-06-22 15:53:30 -04:00
aszlig 59f8de864f chromium: Add support for pulseaudio.
Which is enabled by default if neither pulseaudio or chromium.pulseaudio is
explicitly set. The reason is that chromium falls back to ALSA in case no
pulseaudio is available.

In addition it was necessary to patch media.gyp to ignore the array-out-of-
bounds warning.
2012-06-22 15:53:30 -04:00
aszlig a2984e3d82 chromium: Simplify names of getConfig options.
This makes it easier to remember, as so far the naming wasn't quite consistent,
sometimes "use*", sometimes "enable*". So in using just use the feature name
itself, it should be pretty clear.
2012-06-22 15:53:30 -04:00
aszlig fc24f460f1 chromium: Use bundled versions of some libraries.
These libraries are heavily patched by the chromium project itself, so let's use
the bundled versions as those won't build anyway and also don't break functional
purity.
2012-06-22 15:53:30 -04:00
aszlig d8e9536498 chromium: Cleanup dependencies.
This mostly is a code structure change, but also involves deleting some unused
dependencies and adding a few constraints on existing ones.
2012-06-22 15:53:30 -04:00
aszlig c7db5ff34d chromium: Add dependency for libselinux.
This doesn't really work at the current state of NixOS and SELinux support, but
will make it easier in case we someday support SELinux altogether.
2012-06-22 15:53:30 -04:00
aszlig a88eb35ff1 chromium: Enable proprietary codecs by default.
We now switch to using bundled ffmpeg, as this adds stuff such as support for
the H.264 codec.
2012-06-22 15:53:30 -04:00
aszlig 04ae9f288d chromium: Implement handling of enableCUPS.
We also need to patch the compilation process, so it allows deprecated
declarations when building support for the cups backend. In addition, we also
need to add libgcrypt to dependencies as it's needed by the cups implementation.
2012-06-22 15:53:29 -04:00
aszlig 8371d50836 chromium: Update source to version 21.0.1179.1. 2012-06-22 15:53:29 -04:00
aszlig 70c0af9a37 chromium: Add mesa to build dependencies.
This finally enables support for WebGL and accelerated rendering.
2012-06-22 15:53:29 -04:00
aszlig 57e127099b chromium: Add flag to disable Gnome support.
This also separates gcrypt and gconf from the basic dependencies.
Unfortunately we cannot get rid of dbus_glib altogether, but maybe we want to
work on a patch to get rid of it? On the other hand it seems to be a TODO of the
chromium project itself, so let's wait and see.
2012-06-22 15:53:29 -04:00
aszlig c2b145c32f chromium: Allow to switch off openssl support.
Currently building fails with NSS, so we're using OpenSSL by default. And that's
why we want to make this configurable so if we manage to fix that build failure,
we could switch to using NSS by default.
2012-06-22 15:53:29 -04:00
aszlig f0cdea2e99 chromium: Use patches from system OpenSSL.
This is mainly because of the patch to use OPENSSL_X509_CERT_FILE as a way to
specify the CA bundle. A browser which isn't able to verify SSL certificates
might be somewhat useless.
2012-06-22 15:53:29 -04:00
aszlig b1fdecc460 chromium: Rename "chrome" binary to "chromium".
This is to make it more consistent with the naming of the package file and also
consistent with the build, as we're not using the Google branded version.

In addition the derivation attribute set now has a packageName value which can
be used to easily switch the binary names and paths, just in case we want to
switch to using "chrome" (or something entirely different) again.
2012-06-22 15:53:29 -04:00
aszlig 22f5045bde chromium: Use system libraries whenever possible.
There are still some libraries left, which we either need to patch or provide
more recent versions. Plus we're going to use openssl, as libnss doesn't want to
do proper SSL (let's debug this later).
2012-06-22 15:53:28 -04:00
aszlig 6350706c0d chromium: Add "which" to build dependencies.
This is needed by a lot of scripts within chromium, so we're not going to patch
them using type, which is shell-specific anyway.
2012-06-22 15:53:28 -04:00
aszlig ef45195126 chromium: Enable seccomp by default.
If useSELinux is not set, enable seccomp mode by default and avoid building the
SUID helper sandbox at all. This involves a small patch which causes the
commandline arguments to be swapped: --disable-seccomp-sandbox to disable it,
while the option is active by default.
2012-06-22 15:53:28 -04:00
aszlig 2571488e6a chromium: Clean up build flags.
This also includes setting compiler architectures and paths.
2012-06-22 15:53:28 -04:00
aszlig dc32b4caef chromium: Generate the latest source.nix. 2012-06-22 15:53:28 -04:00
aszlig d342672f5a chromium: Add an update script.
It fetches the latest version based on the bucketlist XML from
commondatastorage and generates a "source.nix" which contains an attribute set
about where to fetch the latest version.

The XML is parsed in a somewhat hackish way using sed, but as this is just an
updater, its okay and we don't want to break a fly on the wheel by employing a
full XML parser.
2012-06-22 15:53:28 -04:00
aszlig b5956ec179 chromium: Add an install phase.
This tries to put pathes unte the same directory as the previous prebuilt
version of Chromium.
2012-06-22 15:53:28 -04:00
aszlig a31301dab4 chromium: Minimal build (no install) from source.
This only gets chromium to build so far, installation is missing by upstream, so
we need to manually copy the corresponding files. And I guess with nix, we also
need to patch a few paths on installation.

Another issue is that at the moment, a lot of dependencies are used from the
source tree, rather than from the system.

Also, it would be nice to build using LLVM, as it really speeds up compilation a
*LOT* and also has the side effect of resulting in smaller binaries.

Working unit tests would be nice, too. Unfortunately they're quite heavyweight
and take hours to run, so I guess "someday" would be the most appropriate time
to integrate.

Further todo's:

- Allow to disable GConf, GIO and CUPS.
- Option to disable the sandbox (for whatever reason the user might have).
- Integrate gold binutils.
- Pulseaudio support.
- Clearly separate Linux specific stuff.
2012-06-22 15:53:27 -04:00