diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/chromium/update.nix')
-rw-r--r-- | nixpkgs/pkgs/applications/networking/browsers/chromium/update.nix | 271 |
1 files changed, 0 insertions, 271 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.nix b/nixpkgs/pkgs/applications/networking/browsers/chromium/update.nix deleted file mode 100644 index 6dff17c69dd..00000000000 --- a/nixpkgs/pkgs/applications/networking/browsers/chromium/update.nix +++ /dev/null @@ -1,271 +0,0 @@ -let maybePkgs = import ../../../../../. {}; in - -{ stdenv ? maybePkgs.stdenv -, runCommand ? maybePkgs.runCommand -, fetchurl ? maybePkgs.fetchurl -, writeText ? maybePkgs.writeText -, curl ? maybePkgs.curl -, cacert ? maybePkgs.cacert -, nix ? maybePkgs.nix -}: - -let - inherit (stdenv) lib; - - sources = if builtins.pathExists ./upstream-info.nix - then import ./upstream-info.nix - else {}; - - bucketURL = "https://commondatastorage.googleapis.com/" - + "chromium-browser-official"; - - mkVerURL = version: "${bucketURL}/chromium-${version}.tar.xz"; - - debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g"; - - getDebURL = channelName: version: arch: mirror: let - packageSuffix = if channelName == "dev" then "unstable" else channelName; - packageName = "google-chrome-${packageSuffix}"; - in "${mirror}/${packageName}/${packageName}_${version}-1_${arch}.deb"; - - # Untrusted mirrors, don't try to update from them! - debMirrors = [ - "http://95.31.35.30/chrome/pool/main/g" - "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" - "http://repo.fdzh.org/chrome/deb/pool/main/g" - ]; - -in { - getChannel = channel: let - chanAttrs = builtins.getAttr channel sources; - in { - inherit channel; - inherit (chanAttrs) version; - - main = fetchurl { - url = mkVerURL chanAttrs.version; - inherit (chanAttrs) sha256; - }; - - binary = fetchurl (let - mkUrls = arch: let - mkURLForMirror = getDebURL channel chanAttrs.version arch; - in map mkURLForMirror ([ debURL ] ++ debMirrors); - in if stdenv.is64bit && chanAttrs ? sha256bin64 then { - urls = mkUrls "amd64"; - sha256 = chanAttrs.sha256bin64; - } else if !stdenv.is64bit && chanAttrs ? sha256bin32 then { - urls = mkUrls "i386"; - sha256 = chanAttrs.sha256bin32; - } else throw "No Chrome plugins are available for your architecture."); - }; - - update = let - csv2nix = name: src: import (runCommand "${name}.nix" { - src = builtins.fetchurl src; - } '' - esc() { echo "\"$(echo "$1" | sed -e 's/"\\$/\\&/')\""; } # ohai emacs " - IFS=, read -r -a headings <<< "$(head -n1 "$src")" - echo "[" > "$out" - tail -n +2 "$src" | while IFS=, read -r -a line; do - echo " {" - for idx in "''${!headings[@]}"; do - echo " $(esc "''${headings[idx]}") = $(esc ''${line[$idx]});" - done - echo " }" - done >> "$out" - echo "]" >> "$out" - ''); - - channels = lib.fold lib.recursiveUpdate {} (map (attrs: { - ${attrs.os}.${attrs.channel} = attrs // { - history = let - drvName = "omahaproxy-${attrs.os}.${attrs.channel}-info"; - history = csv2nix drvName "http://omahaproxy.appspot.com/history"; - cond = h: attrs.os == h.os && attrs.channel == h.channel - && lib.versionOlder h.version attrs.current_version; - # Note that this is a *reverse* sort! - sorter = a: b: lib.versionOlder b.version a.version; - sorted = builtins.sort sorter (lib.filter cond history); - in map (lib.flip removeAttrs ["os" "channel"]) sorted; - version = attrs.current_version; - }; - }) (csv2nix "omahaproxy-info" "http://omahaproxy.appspot.com/all?csv=1")); - - /* - XXX: This is essentially the same as: - - builtins.tryEval (builtins.fetchurl url) - - ... except that tryEval on fetchurl isn't working and doesn't catch - errors for fetchurl, so we go for a different approach. - - We only have fixed-output derivations that can have networking access, so - we abuse SHA1 and its weaknesses to forge a fixed-output derivation which - is not so fixed, because it emits different contents that have the same - SHA1 hash. - - Using this method, we can distinguish whether the URL is available or - whether it's not based on the actual content. - - So let's use tryEval as soon as it's working with fetchurl in Nix. - */ - tryFetch = url: let - # SHA1 hash collisions from https://shattered.io/static/shattered.pdf: - collisions = runCommand "sha1-collisions" { - outputs = [ "out" "good" "bad" ]; - base64 = '' - QlpoOTFBWSZTWbL5V5MABl///////9Pv///v////+/////HDdK739/677r+W3/75rUNr4 - Aa/AAAAAAACgEVTRtQDQAaA0AAyGmjTQGmgAAANGgAaMIAYgGgAABo0AAAAAADQAIAGQ0 - MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk - 0AaMQ0DQAGIANGgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIAN - GgAAGRoNGQMRpo0GIGgBoGQAAIAGQ0MgDIGmjQA0DRk0AaMQ0DQAGIANGgAAGRoNGQMRp - o0GIGgBoGQAABVTUExEZATTICnkxNR+p6E09JppoyamjGhkm0ammIyaekbUejU9JiGnqZ - qaaDxJ6m0JkZMQ2oaYmJ6gxqMyE2TUzJqfItligtJQJfYbl9Zy9QjQuB5mHQRdSSXCCTH - MgmSDYmdOoOmLTBJWiCpOhMQYpQlOYpJjn+wQUJSTCEpOMekaFaaNB6glCC0hKEJdHr6B - mUIHeph7YxS8WJYyGwgWnMTFJBDFSxSCCYljiEk7HZgJzJVDHJxMgY6tCEIIWgsKSlSZ0 - S8GckoIIF+551Ro4RCw260VCEpWJSlpWx/PMrLyVoyhWMAneDilBcUIeZ1j6NCkus0qUC - Wnahhk5KT4GpWMh3vm2nJWjTL9Qg+84iExBJhNKpbV9tvEN265t3fu/TKkt4rXFTsV+Nc - upJXhOhOhJMQQktrqt4K8mSh9M2DAO2X7uXGVL9YQxUtzQmS7uBndL7M6R7vX869VxqPu - renSuHYNq1yTXOfNWLwgvKlRlFYqLCs6OChDp0HuTzCWscmGudLyqUuwVGG75nmyZhKpJ - yOE/pOZyHyrZxGM51DYIN+Jc8yVJgAykxKCEtW55MlfudLg3KG6TtozalunXrroSxUpVL - StWrWLFihMnVpkyZOrQnUrE6xq1CGtJlbAb5ShMbV1CZgqlKC0wCFCpMmUKSEkvFLaZC8 - wHOCVAlvzaJQ/T+XLb5Dh5TNM67p6KZ4e4ZSGyVENx2O27LzrTIteAreTkMZpW95GS0CE - JYhMc4nToTJ0wQhKEyddaLb/rTqmgJSlkpnALxMhlNmuKEpkEkqhKUoEq3SoKUpIQcDgW - lC0rYahMmLuPQ0fHqZaF4v2W8IoJ2EhMhYmSw7qql27WJS+G4rUplToFi2rSv0NSrVvDU - pltQ8Lv6F8pXyxmFBSxiLSxglNC4uvXVKmAtusXy4YXGX1ixedEvXF1aX6t8adYnYCpC6 - rW1ZzdZYlCCxKEv8vpbqdSsXl8v1jCQv0KEPxPTa/5rtWSF1dSgg4z4KjfIMNtgwWoWLE - sRhKxsSA9ji7V5LRPwtumeQ8V57UtFSPIUmtQdOQfseI2Ly1DMtk4Jl8n927w34zrWG6P - i4jzC82js/46Rt2IZoadWxOtMInS2xYmcu8mOw9PLYxQ4bdfFw3ZPf/g2pzSwZDhGrZAl - 9lqky0W+yeanadC037xk496t0Dq3ctfmqmjgie8ln9k6Q0K1krb3dK9el4Xsu44LpGcen - r2eQZ1s1IhOhnE56WnXf0BLWn9Xz15fMkzi4kpVxiTKGEpffErEEMvEeMZhUl6yD1SdeJ - YbxzGNM3ak2TAaglLZlDCVnoM6wV5DRrycwF8Zh/fRsdmhkMfAO1duwknrsFwrzePWeMw - l107DWzymxdQwiSXx/lncnn75jL9mUzw2bUDqj20LTgtawxK2SlQg1CCZDQMgSpEqLjRM - sykM9zbSIUqil0zNk7Nu+b5J0DKZlhl9CtpGKgX5uyp0idoJ3we9bSrY7PupnUL5eWiDp - V5mmnNUhOnYi8xyClkLbNmAXyoWk7GaVrM2umkbpqHDzDymiKjetgzTocWNsJ2E0zPcfh - t46J4ipaXGCfF7fuO0a70c82bvqo3HceIcRlshgu73seO8BqlLIap2z5jTOY+T2ucCnBt - Atva3aHdchJg9AJ5YdKHz7LoA3VKmeqxAlFyEnQLBxB2PAhAZ8KvmuR6ELXws1Qr13Nd1 - i4nsp189jqvaNzt+0nEnIaniuP1+/UOZdyfoZh57ku8sYHKdvfW/jYSUks+0rK+qtte+p - y8jWL9cOJ0fV8rrH/t+85/p1z2N67p/ZsZ3JmdyliL7lrNxZUlx0MVIl6PxXOUuGOeArW - 3vuEvJ2beoh7SGyZKHKbR2bBWO1d49JDIcVM6lQtu9UO8ec8pOnXmkcponBPLNM2CwZ9k - NC/4ct6rQkPkQHMcV/8XckU4UJCy+VeTA== - ''; - } '' - echo "$base64" | base64 -d | tar xj - mv good.pdf "$good" - mv bad.pdf "$bad" - touch "$out" - ''; - - cacheVal = let - urlHash = builtins.hashString "sha256" url; - timeSlice = builtins.currentTime / 600; - in "${urlHash}-${toString timeSlice}"; - - in { - success = import (runCommand "check-success" { - result = stdenv.mkDerivation { - name = "tryfetch-${cacheVal}"; - inherit url; - - outputHash = "d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a"; - outputHashMode = "flat"; - outputHashAlgo = "sha1"; - - nativeBuildInputs = [ curl ]; - preferLocalBuild = true; - - inherit (collisions) good bad; - - buildCommand = '' - if SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" \ - curl -s -L -f -I "$url" > /dev/null; then - cp "$good" "$out" - else - cp "$bad" "$out" - fi - ''; - - impureEnvVars = lib.fetchers.proxyImpureEnvVars; - }; - inherit (collisions) good; - } '' - if cmp -s "$result" "$good"; then - echo true > "$out" - else - echo false > "$out" - fi - ''); - value = builtins.fetchurl url; - }; - - fetchLatest = channel: let - result = tryFetch (mkVerURL channel.version); - in if result.success then result.value else fetchLatest (channel // { - version = if channel.history != [] - then (lib.head channel.history).version - else throw "Unfortunately there's no older version than " + - "${channel.version} available for channel " + - "${channel.channel} on ${channel.os}."; - history = lib.tail channel.history; - }); - - getHash = path: import (runCommand "gethash.nix" { - inherit path; - nativeBuildInputs = [ nix ]; - } '' - sha256="$(nix-hash --flat --base32 --type sha256 "$path")" - echo "\"$sha256\"" > "$out" - ''); - - isLatest = channel: version: let - ourVersion = sources.${channel}.version or null; - in if ourVersion == null then false - else lib.versionOlder version sources.${channel}.version - || version == sources.${channel}.version; - - # We only support GNU/Linux right now. - linuxChannels = let - genLatest = channelName: channel: let - newUpstream = { - inherit (channel) version; - sha256 = getHash (fetchLatest channel); - }; - keepOld = let - oldChannel = sources.${channelName}; - in { - inherit (oldChannel) version sha256; - } // lib.optionalAttrs (oldChannel ? sha256bin32) { - inherit (oldChannel) sha256bin32; - } // lib.optionalAttrs (oldChannel ? sha256bin64) { - inherit (oldChannel) sha256bin64; - }; - in if isLatest channelName channel.version then keepOld else newUpstream; - in lib.mapAttrs genLatest channels.linux; - - getLinuxFlash = channelName: channel: let - inherit (channel) version; - fetchArch = arch: tryFetch (getDebURL channelName version arch debURL); - packages = lib.genAttrs ["i386" "amd64"] fetchArch; - isNew = arch: attr: !(builtins.hasAttr attr channel) - && packages.${arch}.success; - in channel // lib.optionalAttrs (isNew "i386" "sha256bin32") { - sha256bin32 = getHash (packages.i386.value); - } // lib.optionalAttrs (isNew "amd64" "sha256bin64") { - sha256bin64 = getHash (packages.amd64.value); - }; - - newChannels = lib.mapAttrs getLinuxFlash linuxChannels; - - dumpAttrs = indent: attrs: let - mkVal = val: if lib.isAttrs val then dumpAttrs (indent + 1) val - else "\"${lib.escape ["$" "\\" "\""] (toString val)}\""; - mkIndent = level: lib.concatStrings (builtins.genList (_: " ") level); - mkAttr = key: val: "${mkIndent (indent + 1)}${key} = ${mkVal val};\n"; - attrLines = lib.mapAttrsToList mkAttr attrs; - in "{\n" + (lib.concatStrings attrLines) + (mkIndent indent) + "}"; - in writeText "chromium-new-upstream-info.nix" '' - # This file is autogenerated from update.sh in the same directory. - ${dumpAttrs 0 newChannels} - ''; -} |