Unverified Commit e2523b4c authored by networkException's avatar networkException
Browse files

chromium,chromedriver,electron: use hash instead of sha256 everywhere 

this patch updates the packaging of chromium and chromedriver to use
sri hashes in `upstream-info.nix` instead of sha256 as well as
the packaging of electron to use sri hashes in `info.json` instead
of sha256 (just gn).

this patch also updates the previous `sha256` values in
`upstream-info.nix` and `info.json` to sri hashes in `hash`.
parent 6e4796d6

pkgs/applications/networking/browsers/chromium/common.nix

+8 −8
Original line number Diff line number Diff line
@@ -67,16 +67,16 @@ let 
  ]);

  clangFormatPython3 = fetchurl {

    url = "https://chromium.googlesource.com/chromium/tools/build/+/e77882e0dde52c2ccf33c5570929b75b4a2a2522/recipes/recipe_modules/chromium/resources/clang-format?format=TEXT";

    sha256 = "0ic3hn65dimgfhakli1cyf9j3cxcqsf1qib706ihfhmlzxf7256l";

    hash = "sha256-1BRxXP+0QgejAWdFHJzGrLMhk/MsRDoVdK/GVoyFg0U=";

  };



  # The additional attributes for creating derivations based on the chromium

  # source tree.

  extraAttrs = buildFun base;



  githubPatch = { commit, sha256, revert ? false }: fetchpatch {

  githubPatch = { commit, hash, revert ? false }: fetchpatch {

    url = "https://github.com/chromium/chromium/commit/${commit}.patch";

    inherit sha256 revert;

    inherit hash revert;

  };



  mkGnFlags =
@@ -118,7 +118,7 @@ let 
  libExecPath = "$out/libexec/${packageName}";



  ungoogler = ungoogled-chromium {

    inherit (upstream-info.deps.ungoogled-patches) rev sha256;

    inherit (upstream-info.deps.ungoogled-patches) rev hash;

  };



  # There currently isn't a (much) more concise way to get a stdenv
@@ -148,10 +148,10 @@ let 
      else throw "no chromium Rosetta Stone entry for os: ${platform.config}";

  };



  recompressTarball = { version, sha256 ? "" }: fetchzip {

  recompressTarball = { version, hash ? "" }: fetchzip {

    name = "chromium-${version}.tar.zstd";

    url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";

    inherit sha256;

    inherit hash;



    nativeBuildInputs = [ zstd ];
@@ -180,7 +180,7 @@ let 
    inherit (upstream-info) version;

    inherit packageName buildType buildPath;



    src = recompressTarball { inherit version; inherit (upstream-info) sha256; };

    src = recompressTarball { inherit version; inherit (upstream-info) hash; };



    nativeBuildInputs = [

      ninja pkg-config
@@ -250,7 +250,7 @@ let 
      (githubPatch {

        # Reland [clang] Disable autoupgrading debug info in ThinLTO builds

        commit = "54969766fd2029c506befc46e9ce14d67c7ed02a";

        sha256 = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";

        hash = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";

        revert = true;

      })

    ];

pkgs/applications/networking/browsers/chromium/default.nix

+6 −6
Original line number Diff line number Diff line
@@ -57,7 +57,7 @@ let 
      gnChromium = buildPackages.gn.overrideAttrs (oldAttrs: {

        inherit (upstream-info.deps.gn) version;

        src = fetchgit {

          inherit (upstream-info.deps.gn) url rev sha256;

          inherit (upstream-info.deps.gn) url rev hash;

        };

      });

    });
@@ -80,12 +80,12 @@ let 
  chromeSrc =

    let

      # Use the latest stable Chrome version if necessary:

      version = if chromium.upstream-info.sha256bin64 != null

      version = if chromium.upstream-info.hash_deb_amd64 != null

        then chromium.upstream-info.version

        else (import ./upstream-info.nix).stable.version;

      sha256 = if chromium.upstream-info.sha256bin64 != null

        then chromium.upstream-info.sha256bin64

        else (import ./upstream-info.nix).stable.sha256bin64;

      hash = if chromium.upstream-info.hash_deb_amd64 != null

        then chromium.upstream-info.hash_deb_amd64

        else (import ./upstream-info.nix).stable.hash_deb_amd64;

    in fetchurl {

      urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [

        "https://dl.google.com/linux/chrome/deb/pool/main/g"
@@ -93,7 +93,7 @@ let 
        "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"

        "http://repo.fdzh.org/chrome/deb/pool/main/g"

      ];

      inherit sha256;

      inherit hash;

  };



  mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";

pkgs/applications/networking/browsers/chromium/ungoogled.nix

+3 −3
Original line number Diff line number Diff line
@@ -6,10 +6,10 @@ 
}:



{ rev

, sha256

, hash

}:



stdenv.mkDerivation rec {

stdenv.mkDerivation {

  pname = "ungoogled-chromium";



  version = rev;
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec { 
  src = fetchFromGitHub {

    owner = "ungoogled-software";

    repo = "ungoogled-chromium";

    inherit rev sha256;

    inherit rev hash;

  };



  dontBuild = true;

pkgs/applications/networking/browsers/chromium/upstream-info.nix

+17 −17
Original line number Diff line number Diff line
@@ -3,63 +3,63 @@ 
    deps = {

      gn = {

        rev = "811d332bd90551342c5cbd39e133aa276022d7f8";

        sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";

        hash = "sha256-WCq+PNkWxWpssUOQyQbAZ5l6k+hg+qGMsoaMG0Ybj0o=";

        url = "https://gn.googlesource.com/gn";

        version = "2023-08-01";

      };

    };

    sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j";

    sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr";

    hash = "sha256-spzY2u5Wk52BrKCk9aQOEp/gbppaGVLCQxXa+3JuajA=";

    hash_deb_amd64 = "sha256-eTeEeNa4JuCW81+SUAyrKi3S0/TJNTAoTktWQ0JsgYc=";

    version = "117.0.5938.22";

  };

  dev = {

    deps = {

      gn = {

        rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";

        sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";

        hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";

        url = "https://gn.googlesource.com/gn";

        version = "2023-08-10";

      };

    };

    sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv";

    sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x";

    hash = "sha256-W0fZuvv9jz03ibQqB6MG45aw2zPklfxoFzZzr+kRuJk=";

    hash_deb_amd64 = "sha256-XWxRFLFxBqnvKcoB5HErwVbtHCGYRteLeTv44zVMwIc=";

    version = "118.0.5966.0";

  };

  stable = {

    chromedriver = {

      sha256_darwin = "0y973bs4dbdrl152bfiq5avsp6h27j3v1kwgcgxk1d0g293322xs";

      sha256_darwin_aarch64 =

        "04qrhr52qc9rhmslgsh2yymsix9cv32g39xbpf8576scihfdngv8";

      sha256_linux = "1hy3s6j20h03ria033kfxd3rq259davvpjny4gpvznzklns71vi1";

      hash_darwin = "sha256-ugsxRhIPtDD7Y4/PsIc8Apqrtyo4uiVKoLmtRvQaJ3k=";

      hash_darwin_aarch64 =

        "sha256-aD/bHIxMm1OQu6un8cTYLPWoq/cC6kd1hTkxLEqGGRM=";

      hash_linux = "sha256-Ie5wtKXz27/vI97Ku7dqqQicR+tujgFUzANAIKTRw8M=";

      version = "118.0.5993.70";

    };

    deps = {

      gn = {

        rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";

        sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";

        hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";

        url = "https://gn.googlesource.com/gn";

        version = "2023-08-10";

      };

    };

    sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";

    sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";

    hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";

    hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";

    version = "118.0.5993.88";

  };

  ungoogled-chromium = {

    deps = {

      gn = {

        rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";

        sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";

        hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";

        url = "https://gn.googlesource.com/gn";

        version = "2023-08-10";

      };

      ungoogled-patches = {

        rev = "118.0.5993.88-1";

        sha256 = "17j47d64l97ascp85h8cnfnr5wr4va3bdk95wmagqss7ym5c7zsf";

        hash = "sha256-Tv/DSvVHa/xU5SXNtobaJPOSrbMMwYIu0+okSkw7RJ4=";

      };

    };

    sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";

    sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";

    hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";

    hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";

    version = "118.0.5993.88";

  };

}

pkgs/development/tools/electron/info.json

+4 −4
Original line number Diff line number Diff line
@@ -884,7 +884,7 @@ 
                    "version": "2023-09-12",

                    "url": "https://gn.googlesource.com/gn",

                    "rev": "991530ce394efb58fcd848195469022fa17ae126",

                    "sha256": "1zpbaspb2mncbsabps8n1iwzc67nhr79ndc9dnqxx1w1qfvaldg2"

                    "hash": "sha256-4jWqtsOBh96xbYk1m06G9hj2eQwW6buUXsxWsa5W6/4="

                }

            }

        },
@@ -1776,7 +1776,7 @@ 
                    "version": "2023-08-10",

                    "url": "https://gn.googlesource.com/gn",

                    "rev": "cc56a0f98bb34accd5323316e0292575ff17a5d4",

                    "sha256": "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab"

                    "hash": "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M="

                }

            }

        },
@@ -2620,7 +2620,7 @@ 
                    "version": "2023-06-09",

                    "url": "https://gn.googlesource.com/gn",

                    "rev": "4bd1a77e67958fb7f6739bd4542641646f264e5d",

                    "sha256": "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw"

                    "hash": "sha256-XP+NQG8kjzXPzQ25YaZiPymexZwAGwhpodqgdTWWCZI="

                }

            }

        },
@@ -3440,7 +3440,7 @@ 
                    "version": "2023-04-19",

                    "url": "https://gn.googlesource.com/gn",

                    "rev": "5a004f9427a050c6c393c07ddb85cba8ff3849fa",

                    "sha256": "01xrh9m9m6x8lz0vxwdw2mrhrvnw93zpg09hwdhqakj06agf4jjk"

                    "hash": "sha256-U0rinjJAToVh4zCBd/9I3O4McxW88b7Bp6ibmmqCuQc="

                }

            }

        },