ungoogled-chromium: 84.0.4147.89-1 -> 85.0.4183.102-1 (54a0a400) · Commits · nix / nixpkgs

pkgs/applications/networking/browsers/ungoogled-chromium/common.nix

+24 −12

Original line number	Diff line number	Diff line
		{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, gnutar
		{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl

		# default dependencies
		, bzip2, flac, speex, libopus
		, gnutar, bzip2, flac, speex, libopus
		, libevent, expat, libjpeg, snappy
		, libpng, libcap
		, xdg_utils, yasm, nasm, minizip, libwebp
		@@ -41,6 +41,7 @@
		, ungoogled-chromium
		, ungoogled ? false

		, channel
		, upstream-info
		}:

		@@ -110,7 +111,7 @@ let
		versionRange = min-version: upto-version:
		let inherit (upstream-info) version;
		result = versionAtLeast version min-version && versionOlder version upto-version;
		stable-version = (import ./upstream-info.nix).stable.version;
		stable-version = (importJSON ./upstream-info.json).stable.version;
		in if versionAtLeast stable-version upto-version
		then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
		result
		@@ -123,10 +124,13 @@ let
		};
		base = rec {
		name = "${packageName}-unwrapped-${version}";
		inherit (upstream-info) channel version;
		inherit packageName buildType buildPath;
		inherit (upstream-info) version;
		inherit channel packageName buildType buildPath;

		src = upstream-info.main;
		src = fetchurl {
		url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
		inherit (upstream-info) sha256;
		};

		nativeBuildInputs = [
		ninja which python2Packages.python perl pkgconfig
		@@ -151,8 +155,9 @@ let
		++ optional pulseSupport libpulseaudio
		++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];

		patches = [
		patches = optionals (versionRange "68" "86") [
		./patches/nix_plugin_paths_68.patch
		] ++ [
		./patches/remove-webp-include-69.patch
		./patches/no-build-timestamps.patch
		./patches/widevine-79.patch
		@@ -166,12 +171,18 @@ let
		#
		# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
		# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
		] ++ optionals (useVaapi) [ # Improvements for the VA-API build:
		] ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
		./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
		./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
		];

		postPatch = ''
		postPatch = optionalString (!versionRange "0" "86") ''
		# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
		substituteInPlace native_client/SConstruct \
		--replace "#! -- python --" ""
		substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
		--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
		'' + ''
		# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
		substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
		--replace \
		@@ -300,8 +311,8 @@ let
		use_system_libdrm = true;
		system_wayland_scanner_path = "${wayland}/bin/wayland-scanner";
		} // optionalAttrs ungoogled {
		closure_compile = false;
		enable_hangout_services_extension = false;
		enable_js_type_check = false;
		enable_mdns = false;
		enable_nacl_nonsfi = false;
		enable_one_click_signin = false;
		@@ -313,7 +324,6 @@ let
		google_api_key = "";
		google_default_client_id = "";
		google_default_client_secret = "";
		optimize_webui = false;
		safe_browsing_mode = 0;
		use_official_google_api_keys = false;
		use_unofficial_version_number = false;
		@@ -366,9 +376,11 @@ let
		origRpath="$(patchelf --print-rpath "$chromiumBinary")"
		patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary"
		'';

		passthru.updateScript = ./update.py;
		};

		# Remove some extraAttrs we supplied to the base attributes already.
		in stdenv.mkDerivation (base // removeAttrs extraAttrs [
		"name" "gnFlags" "buildTargets"
		])
		] // { passthru = base.passthru // (extraAttrs.passthru or {}); })

pkgs/applications/networking/browsers/ungoogled-chromium/default.nix

+48 −20

Original line number	Diff line number	Diff line
		{ newScope, config, stdenv, llvmPackages_9, llvmPackages_10
		, makeWrapper, ed, gnugrep
		{ newScope, config, stdenv, fetchurl, makeWrapper
		, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
		, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
		, libva ? null
		, pipewire_0_2
		@@ -29,30 +29,43 @@ let

		callPackage = newScope chromium;

		chromium = {
		chromium = rec {
		inherit stdenv llvmPackages;

		upstream-info = (callPackage ./update.nix {}).getChannel channel;
		upstream-info = (lib.importJSON ./upstream-info.json).${channel};

		mkChromiumDerivation = callPackage ./common.nix ({
		inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useOzone;
		inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs
		cupsSupport pulseSupport useOzone;
		inherit ungoogled;
		# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
		gnChromium = gn.overrideAttrs (oldAttrs: {
		version = "2020-03-23";
		version = "2020-05-19";
		src = fetchgit {
		url = "https://gn.googlesource.com/gn";
		rev = "5ed3c9cc67b090d5e311e4bd2aba072173e82db9";
		sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
		rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
		sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
		};
		});
		} // lib.optionalAttrs (channel == "dev") {
		} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "86") {
		llvmPackages = llvmPackages_11;
		gnChromium = gn.overrideAttrs (oldAttrs: {
		version = "2020-05-19";
		version = "2020-07-20";
		src = fetchgit {
		url = "https://gn.googlesource.com/gn";
		rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
		sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
		rev = "3028c6a426a4aaf6da91c4ebafe716ae370225fe";
		sha256 = "0h3wf4152zdvrbb0jbj49q6814lfl3rcy5mj8b2pl9s0ahvkbc6q";
		};
		});
		} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") {
		llvmPackages = llvmPackages_11;
		useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/
		gnChromium = gn.overrideAttrs (oldAttrs: {
		version = "2020-08-17";
		src = fetchgit {
		url = "https://gn.googlesource.com/gn";
		rev = "6f13aaac55a977e1948910942675c69f2b4f7a94";
		sha256 = "01hpma1sllpdx09mvr4d6073sg6zmk6iv44kd3r28khymcj4s251";
		};
		});
		});
		@@ -66,22 +79,33 @@ let
		ungoogled-chromium = callPackage ./ungoogled.nix {};
		};

		pkgSuffix = if channel == "dev" then "unstable" else channel;
		pkgName = "google-chrome-${pkgSuffix}";
		chromeSrc = fetchurl {
		urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
		"https://dl.google.com/linux/chrome/deb/pool/main/g"
		"http://95.31.35.30/chrome/pool/main/g"
		"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
		"http://repo.fdzh.org/chrome/deb/pool/main/g"
		];
		sha256 = chromium.upstream-info.sha256bin64;
		};

		mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";
		widevineCdm = let upstream-info = chromium.upstream-info; in stdenv.mkDerivation {
		widevineCdm = stdenv.mkDerivation {
		name = "chrome-widevine-cdm";

		# The .deb file for Google Chrome
		src = upstream-info.binary;
		src = chromeSrc;

		phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];

		unpackCmd = let
		widevineCdmPath =
		if upstream-info.channel == "stable" then
		if channel == "stable" then
		"./opt/google/chrome/WidevineCdm"
		else if upstream-info.channel == "beta" then
		else if channel == "beta" then
		"./opt/google/chrome-beta/WidevineCdm"
		else if upstream-info.channel == "dev" then
		else if channel == "dev" then
		"./opt/google/chrome-unstable/WidevineCdm"
		else
		throw "Unknown chromium channel.";
		@@ -191,10 +215,13 @@ in stdenv.mkDerivation {
		'' + ''

		# libredirect causes chromium to deadlock on startup
		export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" \| tr ':' '\n' \| ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ \| tr '\n' ':')"
		export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" \| ${coreutils}/bin/tr ':' '\n' \| ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ \| ${coreutils}/bin/tr '\n' ':')"

		export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS

		# Mainly for xdg-open but also other xdg-* tools:
		export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH"

		.
		w
		EOF
		@@ -214,6 +241,7 @@ in stdenv.mkDerivation {
		passthru = {
		inherit (chromium) upstream-info browser;
		mkDerivation = chromium.mkChromiumDerivation;
		inherit sandboxExecutableName;
		inherit chromeSrc sandboxExecutableName;
		updateScript = ./update.py;
		};
		}

pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix

+3 −3

Original line number	Diff line number	Diff line
		{
		"84.0.4147.89" = {
		rev = "84.0.4147.89-1";
		sha256 = "1bqvcq3dj6615198j7cz3ylyyic5zpis06capvl6ybl1na3ainb0";
		"85.0.4183.102" = {
		rev = "85.0.4183.102-1";
		sha256 = "1mdx4a5zcs3an9yx1jxx4amq8p9rcj0hv76r8y7nz6cpsfgd9n3y";
		};
		}

pkgs/applications/networking/browsers/ungoogled-chromium/update.nix

deleted100644 → 0

+0 −271

Original line number	Diff line number	Diff line
		let maybePkgs = import ../../../../../. {}; in

		{ stdenv ? maybePkgs.stdenv
		, runCommand ? maybePkgs.runCommand
		, fetchurl ? maybePkgs.fetchurl
		, writeText ? maybePkgs.writeText
		, curl ? maybePkgs.curl
		, cacert ? maybePkgs.cacert
		, nix ? maybePkgs.nix
		}:

		let
		inherit (stdenv) lib;

		sources = if builtins.pathExists ./upstream-info.nix
		then import ./upstream-info.nix
		else {};

		bucketURL = "https://commondatastorage.googleapis.com/"
		+ "chromium-browser-official";

		mkVerURL = version: "${bucketURL}/chromium-${version}.tar.xz";

		debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g";

		getDebURL = channelName: version: arch: mirror: let
		packageSuffix = if channelName == "dev" then "unstable" else channelName;
		packageName = "google-chrome-${packageSuffix}";
		in "${mirror}/${packageName}/${packageName}_${version}-1_${arch}.deb";

		# Untrusted mirrors, don't try to update from them!
		debMirrors = [
		"http://95.31.35.30/chrome/pool/main/g"
		"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
		"http://repo.fdzh.org/chrome/deb/pool/main/g"
		];

		in {
		getChannel = channel: let
		chanAttrs = builtins.getAttr channel sources;
		in {
		inherit channel;
		inherit (chanAttrs) version;

		main = fetchurl {
		url = mkVerURL chanAttrs.version;
		inherit (chanAttrs) sha256;
		};

		binary = fetchurl (let
		mkUrls = arch: let
		mkURLForMirror = getDebURL channel chanAttrs.version arch;
		in map mkURLForMirror ([ debURL ] ++ debMirrors);
		in if stdenv.is64bit && chanAttrs ? sha256bin64 then {
		urls = mkUrls "amd64";
		sha256 = chanAttrs.sha256bin64;
		} else if !stdenv.is64bit && chanAttrs ? sha256bin32 then {
		urls = mkUrls "i386";
		sha256 = chanAttrs.sha256bin32;
		} else throw "No Chrome plugins are available for your architecture.");
		};

		update = let
		csv2nix = name: src: import (runCommand "${name}.nix" {
		src = builtins.fetchurl src;
		} ''
		esc() { echo "\"$(echo "$1" \| sed -e 's/"\\$/\\&/')\""; } # ohai emacs "
		IFS=, read -r -a headings <<< "$(head -n1 "$src")"
		echo "[" > "$out"
		tail -n +2 "$src" \| while IFS=, read -r -a line; do
		echo " {"
		for idx in "''${!headings[@]}"; do
		echo " $(esc "''${headings[idx]}") = $(esc ''${line[$idx]});"
		done
		echo " }"
		done >> "$out"
		echo "]" >> "$out"
		'');

		channels = lib.fold lib.recursiveUpdate {} (map (attrs: {
		${attrs.os}.${attrs.channel} = attrs // {
		history = let
		drvName = "omahaproxy-${attrs.os}.${attrs.channel}-info";
		history = csv2nix drvName "http://omahaproxy.appspot.com/history";
		cond = h: attrs.os == h.os && attrs.channel == h.channel
		&& lib.versionOlder h.version attrs.current_version;
		# Note that this is a reverse sort!
		sorter = a: b: lib.versionOlder b.version a.version;
		sorted = builtins.sort sorter (lib.filter cond history);
		in map (lib.flip removeAttrs ["os" "channel"]) sorted;
		version = attrs.current_version;
		};
		}) (csv2nix "omahaproxy-info" "http://omahaproxy.appspot.com/all?csv=1"));

		/*
		XXX: This is essentially the same as:

		builtins.tryEval (builtins.fetchurl url)

		... except that tryEval on fetchurl isn't working and doesn't catch
		errors for fetchurl, so we go for a different approach.

		We only have fixed-output derivations that can have networking access, so
		we abuse SHA1 and its weaknesses to forge a fixed-output derivation which
		is not so fixed, because it emits different contents that have the same
		SHA1 hash.

		Using this method, we can distinguish whether the URL is available or
		whether it's not based on the actual content.

		So let's use tryEval as soon as it's working with fetchurl in Nix.
		*/
		tryFetch = url: let
		# SHA1 hash collisions from https://shattered.io/static/shattered.pdf:
		collisions = runCommand "sha1-collisions" {
		outputs = [ "out" "good" "bad" ];
		base64 = ''
		QlpoOTFBWSZTWbL5V5MABl///////9Pv///v////+/////HDdK739/677r+W3/75rUNr4
		Aa/AAAAAAACgEVTRtQDQAaA0AAyGmjTQGmgAAANGgAaMIAYgGgAABo0AAAAAADQAIAGQ0
		MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk
		0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIAN
		GgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRp
		o0GIGgBoGQAABVTUExEZATTICnkxNR+p6E09JppoyamjGhkm0ammIyaekbUejU9JiGnqZ
		qaaDxJ6m0JkZMQ2oaYmJ6gxqMyE2TUzJqfItligtJQJfYbl9Zy9QjQuB5mHQRdSSXCCTH
		MgmSDYmdOoOmLTBJWiCpOhMQYpQlOYpJjn+wQUJSTCEpOMekaFaaNB6glCC0hKEJdHr6B
		mUIHeph7YxS8WJYyGwgWnMTFJBDFSxSCCYljiEk7HZgJzJVDHJxMgY6tCEIIWgsKSlSZ0
		S8GckoIIF+551Ro4RCw260VCEpWJSlpWx/PMrLyVoyhWMAneDilBcUIeZ1j6NCkus0qUC
		Wnahhk5KT4GpWMh3vm2nJWjTL9Qg+84iExBJhNKpbV9tvEN265t3fu/TKkt4rXFTsV+Nc
		upJXhOhOhJMQQktrqt4K8mSh9M2DAO2X7uXGVL9YQxUtzQmS7uBndL7M6R7vX869VxqPu
		renSuHYNq1yTXOfNWLwgvKlRlFYqLCs6OChDp0HuTzCWscmGudLyqUuwVGG75nmyZhKpJ
		yOE/pOZyHyrZxGM51DYIN+Jc8yVJgAykxKCEtW55MlfudLg3KG6TtozalunXrroSxUpVL
		StWrWLFihMnVpkyZOrQnUrE6xq1CGtJlbAb5ShMbV1CZgqlKC0wCFCpMmUKSEkvFLaZC8
		wHOCVAlvzaJQ/T+XLb5Dh5TNM67p6KZ4e4ZSGyVENx2O27LzrTIteAreTkMZpW95GS0CE
		JYhMc4nToTJ0wQhKEyddaLb/rTqmgJSlkpnALxMhlNmuKEpkEkqhKUoEq3SoKUpIQcDgW
		lC0rYahMmLuPQ0fHqZaF4v2W8IoJ2EhMhYmSw7qql27WJS+G4rUplToFi2rSv0NSrVvDU
		pltQ8Lv6F8pXyxmFBSxiLSxglNC4uvXVKmAtusXy4YXGX1ixedEvXF1aX6t8adYnYCpC6
		rW1ZzdZYlCCxKEv8vpbqdSsXl8v1jCQv0KEPxPTa/5rtWSF1dSgg4z4KjfIMNtgwWoWLE
		sRhKxsSA9ji7V5LRPwtumeQ8V57UtFSPIUmtQdOQfseI2Ly1DMtk4Jl8n927w34zrWG6P
		i4jzC82js/46Rt2IZoadWxOtMInS2xYmcu8mOw9PLYxQ4bdfFw3ZPf/g2pzSwZDhGrZAl
		9lqky0W+yeanadC037xk496t0Dq3ctfmqmjgie8ln9k6Q0K1krb3dK9el4Xsu44LpGcen
		r2eQZ1s1IhOhnE56WnXf0BLWn9Xz15fMkzi4kpVxiTKGEpffErEEMvEeMZhUl6yD1SdeJ
		YbxzGNM3ak2TAaglLZlDCVnoM6wV5DRrycwF8Zh/fRsdmhkMfAO1duwknrsFwrzePWeMw
		l107DWzymxdQwiSXx/lncnn75jL9mUzw2bUDqj20LTgtawxK2SlQg1CCZDQMgSpEqLjRM
		sykM9zbSIUqil0zNk7Nu+b5J0DKZlhl9CtpGKgX5uyp0idoJ3we9bSrY7PupnUL5eWiDp
		V5mmnNUhOnYi8xyClkLbNmAXyoWk7GaVrM2umkbpqHDzDymiKjetgzTocWNsJ2E0zPcfh
		t46J4ipaXGCfF7fuO0a70c82bvqo3HceIcRlshgu73seO8BqlLIap2z5jTOY+T2ucCnBt
		Atva3aHdchJg9AJ5YdKHz7LoA3VKmeqxAlFyEnQLBxB2PAhAZ8KvmuR6ELXws1Qr13Nd1
		i4nsp189jqvaNzt+0nEnIaniuP1+/UOZdyfoZh57ku8sYHKdvfW/jYSUks+0rK+qtte+p
		y8jWL9cOJ0fV8rrH/t+85/p1z2N67p/ZsZ3JmdyliL7lrNxZUlx0MVIl6PxXOUuGOeArW
		3vuEvJ2beoh7SGyZKHKbR2bBWO1d49JDIcVM6lQtu9UO8ec8pOnXmkcponBPLNM2CwZ9k
		NC/4ct6rQkPkQHMcV/8XckU4UJCy+VeTA==
		'';
		} ''
		echo "$base64" \| base64 -d \| tar xj
		mv good.pdf "$good"
		mv bad.pdf "$bad"
		touch "$out"
		'';

		cacheVal = let
		urlHash = builtins.hashString "sha256" url;
		timeSlice = builtins.currentTime / 600;
		in "${urlHash}-${toString timeSlice}";

		in {
		success = import (runCommand "check-success" {
		result = stdenv.mkDerivation {
		name = "tryfetch-${cacheVal}";
		inherit url;

		outputHash = "d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a";
		outputHashMode = "flat";
		outputHashAlgo = "sha1";

		nativeBuildInputs = [ curl ];
		preferLocalBuild = true;

		inherit (collisions) good bad;

		buildCommand = ''
		if SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" \
		curl -s -L -f -I "$url" > /dev/null; then
		cp "$good" "$out"
		else
		cp "$bad" "$out"
		fi
		'';

		impureEnvVars = lib.fetchers.proxyImpureEnvVars;
		};
		inherit (collisions) good;
		} ''
		if cmp -s "$result" "$good"; then
		echo true > "$out"
		else
		echo false > "$out"
		fi
		'');
		value = builtins.fetchurl url;
		};

		fetchLatest = channel: let
		result = tryFetch (mkVerURL channel.version);
		in if result.success then result.value else fetchLatest (channel // {
		version = if channel.history != []
		then (lib.head channel.history).version
		else throw "Unfortunately there's no older version than " +
		"${channel.version} available for channel " +
		"${channel.channel} on ${channel.os}.";
		history = lib.tail channel.history;
		});

		getHash = path: import (runCommand "gethash.nix" {
		inherit path;
		nativeBuildInputs = [ nix ];
		} ''
		sha256="$(nix-hash --flat --base32 --type sha256 "$path")"
		echo "\"$sha256\"" > "$out"
		'');

		isLatest = channel: version: let
		ourVersion = sources.${channel}.version or null;
		in if ourVersion == null then false
		else lib.versionOlder version sources.${channel}.version
		\|\| version == sources.${channel}.version;

		# We only support GNU/Linux right now.
		linuxChannels = let
		genLatest = channelName: channel: let
		newUpstream = {
		inherit (channel) version;
		sha256 = getHash (fetchLatest channel);
		};
		keepOld = let
		oldChannel = sources.${channelName};
		in {
		inherit (oldChannel) version sha256;
		} // lib.optionalAttrs (oldChannel ? sha256bin32) {
		inherit (oldChannel) sha256bin32;
		} // lib.optionalAttrs (oldChannel ? sha256bin64) {
		inherit (oldChannel) sha256bin64;
		};
		in if isLatest channelName channel.version then keepOld else newUpstream;
		in lib.mapAttrs genLatest channels.linux;

		getLinuxFlash = channelName: channel: let
		inherit (channel) version;
		fetchArch = arch: tryFetch (getDebURL channelName version arch debURL);
		packages = lib.genAttrs ["i386" "amd64"] fetchArch;
		isNew = arch: attr: !(builtins.hasAttr attr channel)
		&& packages.${arch}.success;
		in channel // lib.optionalAttrs (isNew "i386" "sha256bin32") {
		sha256bin32 = getHash (packages.i386.value);
		} // lib.optionalAttrs (isNew "amd64" "sha256bin64") {
		sha256bin64 = getHash (packages.amd64.value);
		};

		newChannels = lib.mapAttrs getLinuxFlash linuxChannels;

		dumpAttrs = indent: attrs: let
		mkVal = val: if lib.isAttrs val then dumpAttrs (indent + 1) val
		else "\"${lib.escape ["$" "\\" "\""] (toString val)}\"";
		mkIndent = level: lib.concatStrings (builtins.genList (_: " ") level);
		mkAttr = key: val: "${mkIndent (indent + 1)}${key} = ${mkVal val};\n";
		attrLines = lib.mapAttrsToList mkAttr attrs;
		in "{\n" + (lib.concatStrings attrLines) + (mkIndent indent) + "}";
		in writeText "chromium-new-upstream-info.nix" ''
		# This file is autogenerated from update.sh in the same directory.
		${dumpAttrs 0 newChannels}
		'';
		}

pkgs/applications/networking/browsers/ungoogled-chromium/update.py

0 → 100755

+77 −0

Original line number	Diff line number	Diff line
		#! /usr/bin/env nix-shell
		#! nix-shell -i python -p python3 nix

		import csv
		import json
		import subprocess
		import sys

		from codecs import iterdecode
		from collections import OrderedDict
		from os.path import abspath, dirname
		from urllib.request import urlopen

		HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux'
		DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g'
		BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official'

		JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json'

		def load_json(path):
		with open(path, 'r') as f:
		return json.load(f)

		def nix_prefetch_url(url, algo='sha256'):
		print(f'nix-prefetch-url {url}')
		out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url])
		return out.decode('utf-8').rstrip()

		channels = {}
		last_channels = load_json(JSON_PATH)

		print(f'GET {HISTORY_URL}', file=sys.stderr)
		with urlopen(HISTORY_URL) as resp:
		builds = csv.DictReader(iterdecode(resp, 'utf-8'))
		for build in builds:
		channel_name = build['channel']

		# If we've already found a newer build for this channel, we're
		# no longer interested in it.
		if channel_name in channels:
		continue

		# If we're back at the last build we used, we don't need to
		# keep going -- there's no new version available, and we can
		# just reuse the info from last time.
		if build['version'] == last_channels[channel_name]['version']:
		channels[channel_name] = last_channels[channel_name]
		continue

		channel = {'version': build['version']}
		suffix = 'unstable' if channel_name == 'dev' else channel_name

		try:
		channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz')
		channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb')
		except subprocess.CalledProcessError:
		# This build isn't actually available yet. Continue to
		# the next one.
		continue

		channels[channel_name] = channel

		with open(JSON_PATH, 'w') as out:
		def get_channel_key(item):
		channel_name = item[0]
		if channel_name == 'stable':
		return 0
		elif channel_name == 'beta':
		return 1
		elif channel_name == 'dev':
		return 2
		else:
		print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr)
		sys.exit(1)
		sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key))
		json.dump(sorted_channels, out, indent=2)
		out.write('\n')

Admin message