chromium: Remove out-of-tree sandbox derivation.

Since 0aad4b7, we no longer need to have an external sandbox binary,
because the upstream implementation of the user namespace sandbox no
longer needs an external sandbox binary.

In our implementation of the user namespace sandbox, we (ab)used the
setuid sandbox to run non-setuid and set up user namespaces instead.

Because our implementation is no longer needed, we can safely drop the
external binary entirely.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

4 files changed, 1 insertions, 26 deletions

diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index 714058d81e0..7c55b06a3c4 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -126,7 +126,6 @@ let
     #      derivations.
     prePatch = ''
       cp -dr --no-preserve=mode "${source.main}"/* .
-      cp -dr --no-preserve=mode "${source.sandbox}" sandbox
       cp -dr "${source.bundled}" third_party
       chmod -R u+w third_party
     '';
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 7a355cbf59a..1b5da0763e7 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -33,7 +33,6 @@ let
     };
 
     browser = callPackage ./browser.nix { };
-    sandbox = callPackage ./sandbox.nix { };
 
     plugins = callPackage ./plugins.nix {
       inherit enablePepperFlash enableWideVine;
@@ -71,7 +70,6 @@ in stdenv.mkDerivation {
 
   buildCommand = let
     browserBinary = "${chromium.browser}/libexec/chromium/chromium";
-    sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";
     mkEnvVar = key: val: "--set '${key}' '${val}'";
     envVars = chromium.plugins.settings.envVars or {};
     flags = chromium.plugins.settings.flags or [];
diff --git a/pkgs/applications/networking/browsers/chromium/sandbox.nix b/pkgs/applications/networking/browsers/chromium/sandbox.nix
deleted file mode 100644
index b470ed63325..00000000000
--- a/pkgs/applications/networking/browsers/chromium/sandbox.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ stdenv, source }:
-
-stdenv.mkDerivation {
-  name = "chromium-sandbox-${source.version}";
-  src = source.sandbox;
-
-  patchPhase = ''
-    sed -i -e '/#include.*base_export/c \
-      #define BASE_EXPORT __attribute__((visibility("default")))
-    /#include/s|sandbox/linux|'"$(pwd)"'/linux|
-    ' linux/suid/*.[hc]
-  '';
-
-  buildPhase = ''
-    gcc -Wall -std=gnu99 -o sandbox linux/suid/*.c
-  '';
-
-  installPhase = ''
-    install -svD sandbox "$out/bin/chromium-sandbox"
-  '';
-}
diff --git a/pkgs/applications/networking/browsers/chromium/source/default.nix b/pkgs/applications/networking/browsers/chromium/source/default.nix
index f9c5c6e0265..68573d0c6af 100644
--- a/pkgs/applications/networking/browsers/chromium/source/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/source/default.nix
@@ -14,7 +14,6 @@ let
     "s,^[^/]+(.*)$,$main\\1,"
     "s,$main/(build|tools)(/.*)?$,$out/\\1\\2,"
     "s,$main/third_party(/.*)?$,$bundled\\1,"
-    "s,$main/sandbox(/.*)?$,$sandbox\\1,"
     "s,^/,,"
   ]);
 
@@ -29,7 +28,7 @@ in stdenv.mkDerivation {
   buildInputs = [ python ]; # cannot patch shebangs otherwise
 
   phases = [ "unpackPhase" "patchPhase" ];
-  outputs = [ "out" "sandbox" "bundled" "main" ];
+  outputs = [ "out" "bundled" "main" ];
 
   unpackPhase = ''
     tar xf "$src" -C / \