summary refs log tree commit diff
path: root/pkgs/applications/networking/browsers/chromium/update.py
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/networking/browsers/chromium/update.py')
-rwxr-xr-xpkgs/applications/networking/browsers/chromium/update.py51
1 files changed, 35 insertions, 16 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/update.py b/pkgs/applications/networking/browsers/chromium/update.py
index f8dae959360..a241ee0dd7c 100755
--- a/pkgs/applications/networking/browsers/chromium/update.py
+++ b/pkgs/applications/networking/browsers/chromium/update.py
@@ -21,12 +21,11 @@ from urllib.request import urlopen
 
 RELEASES_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms/linux/channels/all/versions/all/releases'
 DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
-BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'
 
 PIN_PATH = dirname(abspath(__file__)) + '/upstream-info.nix'
 UNGOOGLED_FLAGS_PATH = dirname(abspath(__file__)) + '/ungoogled-flags.toml'
 COMMIT_MESSAGE_SCRIPT = dirname(abspath(__file__)) + '/get-commit-message.py'
-
+NIXPKGS_PATH = subprocess.check_output(["git", "rev-parse", "--show-toplevel"], cwd=dirname(PIN_PATH)).strip()
 
 def load_as_json(path):
     """Loads the given nix file as JSON."""
@@ -41,11 +40,28 @@ def save_dict_as_nix(path, input):
     with open(path, 'w') as out:
         out.write(formatted.decode())
 
+def prefetch_src_sri_hash(attr_path, version):
+    """Prefetches the fixed-output-derivation source tarball and returns its SRI-Hash."""
+    print(f'nix-build (FOD prefetch) {attr_path} {version}')
+    out = subprocess.run(
+        ["nix-build", "--expr", f'(import ./. {{}}).{attr_path}.browser.passthru.recompressTarball {{ version = "{version}"; }}'],
+        cwd=NIXPKGS_PATH,
+        stderr=subprocess.PIPE
+    ).stderr.decode()
+
+    for line in iter(out.split("\n")):
+        match = re.match(r"\s+got:\s+(.+)$", line)
+        if match:
+            print(f'Hash: {match.group(1)}')
+            return match.group(1)
+    print(f'{out}\n\nError: Expected hash in nix-build stderr output.', file=sys.stderr)
+    sys.exit(1)
+
 def nix_prefetch_url(url, algo='sha256'):
     """Prefetches the content of the given URL."""
-    print(f'nix-prefetch-url {url}')
-    out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
-    return out.decode('utf-8').rstrip()
+    print(f'nix store prefetch-file {url}')
+    out = subprocess.check_output(['nix', 'store', 'prefetch-file', '--json', '--hash-type', algo, url])
+    return json.loads(out)['hash']
 
 
 def nix_prefetch_git(url, rev):
@@ -80,9 +96,9 @@ def get_chromedriver(channel):
 
         return {
             'version': channel['version'],
-            'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
-            'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac-x64')),
-            'sha256_darwin_aarch64': nix_prefetch_url(get_chromedriver_url('mac-arm64'))
+            'hash_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
+            'hash_darwin': nix_prefetch_url(get_chromedriver_url('mac-x64')),
+            'hash_darwin_aarch64': nix_prefetch_url(get_chromedriver_url('mac-arm64'))
         }
 
 
@@ -97,7 +113,7 @@ def get_channel_dependencies(version):
             'version': datetime.fromisoformat(gn['date']).date().isoformat(),
             'url': gn['url'],
             'rev': gn['rev'],
-            'sha256': gn['sha256']
+            'hash': gn['hash']
         }
     }
 
@@ -135,10 +151,6 @@ def channel_name_to_attr_name(channel_name):
     """Maps a channel name to the corresponding main Nixpkgs attribute name."""
     if channel_name == 'stable':
         return 'chromium'
-    if channel_name == 'beta':
-        return 'chromiumBeta'
-    if channel_name == 'dev':
-        return 'chromiumDev'
     if channel_name == 'ungoogled-chromium':
         return 'ungoogled-chromium'
     print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
@@ -190,6 +202,10 @@ with urlopen(RELEASES_URL) as resp:
         if channel_name in channels:
             continue
 
+        # We only look for channels that are listed in our version pin file.
+        if channel_name not in last_channels:
+            continue
+
         # If we're back at the last release we used, we don't need to
         # keep going -- there's no new version available, and we can
         # just reuse the info from last time.
@@ -206,8 +222,11 @@ with urlopen(RELEASES_URL) as resp:
             google_chrome_suffix = channel_name
 
         try:
-            channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{release["version"]}.tar.xz')
-            channel['sha256bin64'] = nix_prefetch_url(
+            channel['hash'] = prefetch_src_sri_hash(
+                channel_name_to_attr_name(channel_name),
+                release["version"]
+            )
+            channel['hash_deb_amd64'] = nix_prefetch_url(
                 f'{DEB_URL}/google-chrome-{google_chrome_suffix}/' +
                 f'google-chrome-{google_chrome_suffix}_{release["version"]}-1_amd64.deb')
         except subprocess.CalledProcessError:
@@ -222,7 +241,7 @@ with urlopen(RELEASES_URL) as resp:
             ungoogled_repo_url = 'https://github.com/ungoogled-software/ungoogled-chromium.git'
             channel['deps']['ungoogled-patches'] = {
                 'rev': release['ungoogled_tag'],
-                'sha256': nix_prefetch_git(ungoogled_repo_url, release['ungoogled_tag'])['sha256']
+                'hash': nix_prefetch_git(ungoogled_repo_url, release['ungoogled_tag'])['hash']
             }
             with open(UNGOOGLED_FLAGS_PATH, 'w') as out:
                 out.write(get_ungoogled_chromium_gn_flags(release['ungoogled_tag']))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-13 19:10:31 +0000