diff options
Diffstat (limited to 'pkgs/applications/networking/browsers')
8 files changed, 98 insertions, 108 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index 8bdb33ed5d2..ad7fa78527c 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -1,4 +1,4 @@ -{ stdenv, mkChromiumDerivation, channel }: +{ stdenv, mkChromiumDerivation, channel, enableWideVine }: with stdenv.lib; @@ -18,11 +18,6 @@ mkChromiumDerivation (base: rec { cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" cp -v "$buildPath/chrome" "$libExecPath/$packageName" - if [ -e "$buildPath/libwidevinecdmadapter.so" ]; then - cp -v "$buildPath/libwidevinecdmadapter.so" \ - "$libExecPath/libwidevinecdmadapter.so" - fi - mkdir -p "$sandbox/bin" cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" @@ -67,7 +62,7 @@ mkChromiumDerivation (base: rec { description = "An open source web browser from Google"; homepage = http://www.chromium.org/; maintainers = with maintainers; [ bendlas ivan ]; - license = licenses.bsd3; + license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; timeout = 172800; # 48 hours diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index a3645e97e25..6d43c313cc0 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -24,7 +24,6 @@ # package customization , enableNaCl ? false -, enableWideVine ? false , useVaapi ? false , gnomeSupport ? false, gnome ? null , gnomeKeyringSupport ? false, libgnome-keyring3 ? null @@ -133,11 +132,12 @@ let ++ optional pulseSupport libpulseaudio ++ optional (versionAtLeast version "72") jdk.jre; - patches = optional enableWideVine ./patches/widevine.patch ++ [ + patches = [ ./patches/nix_plugin_paths_68.patch ./patches/remove-webp-include-69.patch ./patches/jumbo-sorted.patch ./patches/no-build-timestamps.patch + ./patches/widevine.patch # Unfortunately, chromium regularly breaks on major updates and # then needs various patches backported in order to be compiled with GCC. @@ -235,7 +235,7 @@ let use_gnome_keyring = gnomeKeyringSupport; use_gio = gnomeSupport; enable_nacl = enableNaCl; - enable_widevine = enableWideVine; + enable_widevine = true; use_cups = cupsSupport; treat_warnings_as_errors = false; diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 3178e2595fc..f099ddbff73 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -2,6 +2,8 @@ , makeWrapper, ed , glib, gtk3, gnome3, gsettings-desktop-schemas , libva ? null +, gcc, nspr, nss, patchelfUnstable, runCommand +, lib # package customization , channel ? "stable" @@ -34,23 +36,76 @@ in let mkChromiumDerivation = callPackage ./common.nix { inherit enableNaCl gnomeSupport gnome gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport - useVaapi - enableWideVine; + useVaapi; }; - browser = callPackage ./browser.nix { inherit channel; }; + browser = callPackage ./browser.nix { inherit channel enableWideVine; }; plugins = callPackage ./plugins.nix { - inherit enablePepperFlash enableWideVine; + inherit enablePepperFlash; }; }; + mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; + widevine = let upstream-info = chromium.upstream-info; in stdenv.mkDerivation { + name = "chromium-binary-plugin-widevine"; + + src = upstream-info.binary; + + nativeBuildInputs = [ patchelfUnstable ]; + + phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; + + unpackCmd = let + chan = if upstream-info.channel == "dev" then "chrome-unstable" + else if upstream-info.channel == "stable" then "chrome" + else if upstream-info.channel == "beta" then "chrome-beta" + else throw "Unknown chromium channel."; + in '' + mkdir -p plugins + ar p "$src" data.tar.xz | tar xJ -C plugins --strip-components=4 \ + ./opt/google/${chan}/libwidevinecdm.so + ''; + + doCheck = true; + checkPhase = '' + ! find -iname '*.so' -exec ldd {} + | grep 'not found' + ''; + + PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; + + patchPhase = '' + patchelf --set-rpath "$PATCH_RPATH" libwidevinecdm.so + ''; + + installPhase = '' + install -vD libwidevinecdm.so \ + "$out/lib/libwidevinecdm.so" + ''; + + meta.platforms = lib.platforms.x86_64; + }; + suffix = if channel != "stable" then "-" + channel else ""; sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; version = chromium.browser.version; + # This is here because we want to add the widevine shared object at the last + # minute in order to avoid a full rebuild of chromium. Additionally, this + # isn't in `browser.nix` so we can avoid having to re-expose attributes of + # the chromium derivation (see above: we introspect `sandboxExecutableName`). + chromiumWV = let browser = chromium.browser; in if enableWideVine then + runCommand (browser.name + "-wv") { version = browser.version; } + '' + mkdir -p $out + cp -R ${browser}/* $out/ + chmod u+w $out/libexec/chromium* + cp ${widevine}/lib/libwidevinecdm.so $out/libexec/chromium/ + # patchelf? + '' + else browser; in stdenv.mkDerivation { name = "chromium${suffix}-${version}"; inherit version; @@ -68,7 +123,7 @@ in stdenv.mkDerivation { outputs = ["out" "sandbox"]; buildCommand = let - browserBinary = "${chromium.browser}/libexec/chromium/chromium"; + browserBinary = "${chromiumWV}/libexec/chromium/chromium"; getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; libPath = stdenv.lib.makeLibraryPath ([] ++ stdenv.lib.optional useVaapi libva @@ -113,13 +168,7 @@ in stdenv.mkDerivation { ''; inherit (chromium.browser) packageName; - meta = chromium.browser.meta // { - broken = if enableWideVine then - builtins.trace "WARNING: WideVine is not functional, please only use for testing" - true - else false; - }; - + meta = chromium.browser.meta; passthru = { inherit (chromium) upstream-info browser; mkDerivation = chromium.mkChromiumDerivation; diff --git a/pkgs/applications/networking/browsers/chromium/patches/widevine.patch b/pkgs/applications/networking/browsers/chromium/patches/widevine.patch index 90a13928e3b..2de6024141d 100644 --- a/pkgs/applications/networking/browsers/chromium/patches/widevine.patch +++ b/pkgs/applications/networking/browsers/chromium/patches/widevine.patch @@ -1,16 +1,24 @@ -Minimal WideVine patch from Gentoo: +Description: enable widevine and set its version string to "undefined" +Author: Michael Gilbert <mgilbert@debian.org> +Author: Olivier Tilloy <olivier.tilloy@canonical.com> -https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/files/chromium-widevine-r1.patch - -BTS: https://bugs.gentoo.org/show_bug.cgi?id=547630 - ---- a/third_party/widevine/cdm/stub/widevine_cdm_version.h -+++ b/third_party/widevine/cdm/stub/widevine_cdm_version.h -@@ -10,6 +10,7 @@ - - #include "third_party/widevine/cdm/widevine_cdm_common.h" - -+#define WIDEVINE_CDM_VERSION_STRING "unknown" - #define WIDEVINE_CDM_AVAILABLE +--- a/third_party/widevine/cdm/widevine_cdm_version.h ++++ b/third_party/widevine/cdm/widevine_cdm_version.h +@@ -11,5 +11,6 @@ + // If the Widevine CDM is available define the following: + // - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available + // as a string, e.g., "1.0.123.456"). ++#define WIDEVINE_CDM_VERSION_STRING "undefined" #endif // WIDEVINE_CDM_VERSION_H_ +--- a/chrome/common/chrome_content_client.cc ++++ b/chrome/common/chrome_content_client.cc +@@ -99,7 +99,7 @@ + // Registers Widevine CDM if Widevine is enabled, the Widevine CDM is + // bundled and not a component. When the Widevine CDM is a component, it is + // registered in widevine_cdm_component_installer.cc. +-#if BUILDFLAG(BUNDLE_WIDEVINE_CDM) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT) ++#if !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT) + #define REGISTER_BUNDLED_WIDEVINE_CDM + #include "third_party/widevine/cdm/widevine_cdm_common.h" // nogncheck + // TODO(crbug.com/663554): Needed for WIDEVINE_CDM_VERSION_STRING. Support diff --git a/pkgs/applications/networking/browsers/chromium/plugins.nix b/pkgs/applications/networking/browsers/chromium/plugins.nix index b356f809f03..a80210542c5 100644 --- a/pkgs/applications/networking/browsers/chromium/plugins.nix +++ b/pkgs/applications/networking/browsers/chromium/plugins.nix @@ -6,7 +6,6 @@ , fetchzip , patchelfUnstable , enablePepperFlash ? false -, enableWideVine ? false , upstream-info }: @@ -44,60 +43,6 @@ let echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" ''; - widevine = stdenv.mkDerivation { - name = "chromium-binary-plugin-widevine"; - - src = upstream-info.binary; - - nativeBuildInputs = [ patchelfUnstable ]; - - phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; - - unpackCmd = let - chan = if upstream-info.channel == "dev" then "chrome-unstable" - else if upstream-info.channel == "stable" then "chrome" - else "chrome-${upstream-info.channel}"; - in '' - mkdir -p plugins - ar p "$src" data.tar.xz | tar xJ -C plugins --strip-components=4 \ - ./opt/google/${chan}/libwidevinecdm.so \ - ./opt/google/${chan}/libwidevinecdmadapter.so - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; - - patchPhase = '' - chmod +x libwidevinecdm.so libwidevinecdmadapter.so - patchelf --set-rpath "$PATCH_RPATH" libwidevinecdm.so - patchelf --set-rpath "$out/lib:$PATCH_RPATH" libwidevinecdmadapter.so - ''; - - installPhase = let - wvName = "Widevine Content Decryption Module"; - wvDescription = "Playback of encrypted HTML audio/video content"; - wvMimeTypes = "application/x-ppapi-widevine-cdm"; - wvModule = "@out@/lib/libwidevinecdmadapter.so"; - wvInfo = "#${wvName}#${wvDescription};${wvMimeTypes}"; - in '' - install -vD libwidevinecdm.so \ - "$out/lib/libwidevinecdm.so" - install -vD libwidevinecdmadapter.so \ - "$out/lib/libwidevinecdmadapter.so" - - ${mkPluginInfo { - flags = [ "--register-pepper-plugins=${wvModule}${wvInfo}" ]; - envVars.NIX_CHROMIUM_PLUGIN_PATH_WIDEVINE = "@out@/lib"; - }} - ''; - - meta.platforms = platforms.x86_64; - }; - flash = stdenv.mkDerivation rec { pname = "flashplayer-ppapi"; version = "32.0.0.255"; @@ -140,6 +85,5 @@ let }; in { - enabled = optional enableWideVine widevine - ++ optional enablePepperFlash flash; + enabled = optional enablePepperFlash flash; } diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 14799e9f96c..df2ce798f1f 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,9 +1,9 @@ # This file is autogenerated from update.sh in the same directory. { beta = { - sha256 = "0m7xdpi1f2a33csd7bsp91g5klz0hmr83ksfwsd2fki3iipvfs4w"; - sha256bin64 = "1b4cyf4v55sy52mxxl8d70abg5ck5k45jaqdjsjw7dvh3s2x4bwp"; - version = "77.0.3865.42"; + sha256 = "12cp24h93b48pwfywf5b6qvjdlhxrhp87qdaqbfcn6g787r2z5gb"; + sha256bin64 = "0d9w869qqwbmw3qjvxkfm37i7dvrgmrwm5y96sm1dg2jnxqj4bdz"; + version = "77.0.3865.75"; }; dev = { sha256 = "0x5r6xqwiggwyzbinm252xc1n3f9r7cmmzj6assi4v1nsispdh2k"; @@ -11,8 +11,8 @@ version = "78.0.3887.7"; }; stable = { - sha256 = "0hajwjf7swlgh1flpf8ljfrb2zhmcpzvrigvvxqd36g3nm04cknm"; - sha256bin64 = "0hdsla8i3q0zbczia64ghqsf420alcc31xdishx1sv48x3rlrxkk"; - version = "76.0.3809.132"; + sha256 = "12cp24h93b48pwfywf5b6qvjdlhxrhp87qdaqbfcn6g787r2z5gb"; + sha256bin64 = "1wp5g09czyslkkhw3nhbp39fxfcz0pprsgj8h0aggghpdbvzph3d"; + version = "77.0.3865.75"; }; } diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index e1d4014c83b..3e8cf4d66b9 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -70,11 +70,11 @@ rec { firefox-esr-60 = common rec { pname = "firefox-esr"; - ffversion = "60.8.0esr"; + ffversion = "60.9.0esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "0332b6049b97e488e55a3b9540baad3bd159e297084e9a625b8492497c73f86eb3e144219dabc5e9f2c2e4a27630d83d243c919cd4f86b7f59f47133ed3afc54"; + sha512 = "4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf"; }; patches = [ diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix index 739315917d4..563c0e751c8 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix @@ -95,18 +95,12 @@ let srcs = { x86_64-linux = fetchurl { - urls = [ - "https://github.com/TheTorProject/gettorbrowser/releases/download/v${version}/tor-browser-linux64-${version}_${lang}.tar.xz" - "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz" - ]; + url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz"; sha256 = "00r5k9bbfpv3s6shxqypl13psr1zz51xiyz3vmm4flhr2qa4ycsz"; }; i686-linux = fetchurl { - urls = [ - "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz" - "https://github.com/TheTorProject/gettorbrowser/releases/download/v${version}/tor-browser-linux32-${version}_${lang}.tar.xz" - ]; + url = "https://github.com/TheTorProject/gettorbrowser/releases/download/v${version}/tor-browser-linux32-${version}_${lang}.tar.xz"; sha256 = "1nxvw5kiggfr4n5an436ass84cvwjviaa894kfm72yf2ls149f29"; }; }; |