2014-03-27 07:20:20 +01:00
|
|
|
{ system ? builtins.currentSystem }:
|
|
|
|
|
|
|
|
let
|
2016-03-20 16:53:08 +01:00
|
|
|
inherit (import ../../../../../. {
|
2014-05-04 15:01:06 +02:00
|
|
|
inherit system;
|
2016-02-26 20:02:41 +01:00
|
|
|
}) lib runCommand writeText stdenv curl cacert nix;
|
2014-03-27 07:20:20 +01:00
|
|
|
|
2016-03-20 16:53:08 +01:00
|
|
|
sources = if builtins.pathExists ./upstream-info.nix
|
|
|
|
then import ./upstream-info.nix
|
2016-02-26 20:02:41 +01:00
|
|
|
else {};
|
2014-03-27 07:20:20 +01:00
|
|
|
|
2015-06-11 18:23:58 +02:00
|
|
|
bucketURL = "https://commondatastorage.googleapis.com/"
|
2014-03-27 07:20:20 +01:00
|
|
|
+ "chromium-browser-official";
|
|
|
|
|
2016-02-26 20:02:41 +01:00
|
|
|
mkVerURL = version: "${bucketURL}/chromium-${version}.tar.xz";
|
|
|
|
|
2014-03-27 09:40:21 +01:00
|
|
|
debURL = "https://dl.google.com/linux/chrome/deb/pool/main/g";
|
|
|
|
|
2016-02-26 20:02:41 +01:00
|
|
|
getDebURL = channelName: version: arch: mirror: let
|
|
|
|
packageSuffix = if channelName == "dev" then "unstable" else channelName;
|
|
|
|
packageName = "google-chrome-${packageSuffix}";
|
|
|
|
in "${mirror}/${packageName}/${packageName}_${version}-1_${arch}.deb";
|
|
|
|
|
2014-03-27 09:40:21 +01:00
|
|
|
# Untrusted mirrors, don't try to update from them!
|
|
|
|
debMirrors = [
|
|
|
|
"http://95.31.35.30/chrome/pool/main/g"
|
|
|
|
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
|
2015-07-30 19:57:38 +02:00
|
|
|
"http://repo.fdzh.org/chrome/deb/pool/main/g"
|
2014-03-27 09:40:21 +01:00
|
|
|
];
|
|
|
|
|
2014-03-27 07:20:20 +01:00
|
|
|
in rec {
|
|
|
|
getChannel = channel: let
|
|
|
|
chanAttrs = builtins.getAttr channel sources;
|
|
|
|
in {
|
2014-03-27 09:49:46 +01:00
|
|
|
inherit (chanAttrs) version;
|
|
|
|
|
2014-03-27 09:40:21 +01:00
|
|
|
main = {
|
2016-02-26 20:02:41 +01:00
|
|
|
url = mkVerURL chanAttrs.version;
|
2014-03-27 09:49:46 +01:00
|
|
|
inherit (chanAttrs) sha256;
|
2014-03-27 09:40:21 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
binary = let
|
2016-02-26 10:47:04 +01:00
|
|
|
mkUrls = arch: let
|
2016-02-26 20:02:41 +01:00
|
|
|
mkURLForMirror = getDebURL channel chanAttrs.version arch;
|
|
|
|
in map mkURLForMirror ([ debURL ] ++ debMirrors);
|
2016-02-26 10:47:04 +01:00
|
|
|
in if stdenv.is64bit && chanAttrs ? sha256bin64 then {
|
|
|
|
urls = mkUrls "amd64";
|
|
|
|
sha256 = chanAttrs.sha256bin64;
|
2016-03-05 03:10:53 +01:00
|
|
|
} else if !stdenv.is64bit && chanAttrs ? sha256bin32 then {
|
2016-02-26 10:47:04 +01:00
|
|
|
urls = mkUrls "i386";
|
2016-02-26 20:02:41 +01:00
|
|
|
sha256 = chanAttrs.sha256bin32;
|
2016-02-26 10:47:04 +01:00
|
|
|
} else throw "No Chrome plugins are available for your architecture.";
|
2014-03-27 07:20:20 +01:00
|
|
|
};
|
|
|
|
|
2016-02-26 20:02:41 +01:00
|
|
|
update = let
|
|
|
|
csv2nix = name: src: import (runCommand "${name}.nix" {
|
|
|
|
src = builtins.fetchurl src;
|
|
|
|
} ''
|
|
|
|
esc() { echo "\"$(echo "$1" | sed -e 's/"\\$/\\&/')\""; }
|
|
|
|
IFS=, read -r -a headings <<< "$(head -n1 "$src")"
|
|
|
|
echo "[" > "$out"
|
|
|
|
tail -n +2 "$src" | while IFS=, read -r -a line; do
|
|
|
|
echo " {"
|
|
|
|
for idx in "''${!headings[@]}"; do
|
|
|
|
echo " $(esc "''${headings[idx]}") = $(esc ''${line[$idx]});"
|
|
|
|
done
|
|
|
|
echo " }"
|
|
|
|
done >> "$out"
|
|
|
|
echo "]" >> "$out"
|
|
|
|
'');
|
|
|
|
|
|
|
|
channels = lib.fold lib.recursiveUpdate {} (map (attrs: {
|
|
|
|
${attrs.os}.${attrs.channel} = attrs // {
|
|
|
|
history = let
|
|
|
|
drvName = "omahaproxy-${attrs.os}.${attrs.channel}-info";
|
|
|
|
history = csv2nix drvName "http://omahaproxy.appspot.com/history";
|
|
|
|
cond = h: attrs.os == h.os && attrs.channel == h.channel
|
|
|
|
&& lib.versionOlder h.version attrs.current_version;
|
|
|
|
# Note that this is a *reverse* sort!
|
|
|
|
sorter = a: b: lib.versionOlder b.version a.version;
|
|
|
|
sorted = builtins.sort sorter (lib.filter cond history);
|
|
|
|
in map (lib.flip removeAttrs ["os" "channel"]) sorted;
|
|
|
|
version = attrs.current_version;
|
|
|
|
};
|
|
|
|
}) (csv2nix "omahaproxy-info" "http://omahaproxy.appspot.com/all?csv=1"));
|
|
|
|
|
|
|
|
/*
|
|
|
|
XXX: This is essentially the same as:
|
|
|
|
|
|
|
|
builtins.tryEval (builtins.fetchurl url)
|
|
|
|
|
|
|
|
... except that tryEval on fetchurl isn't working and doesn't catch errors
|
|
|
|
for fetchurl, so we go for a different approach.
|
|
|
|
|
|
|
|
We only have fixed-output derivations that can have networking access, so
|
|
|
|
we abuse MD5 and its weaknesses to forge a fixed-output derivation which
|
|
|
|
is not so fixed, because it emits different contents that have the same
|
|
|
|
MD5 hash.
|
|
|
|
|
|
|
|
Using this method, we can distinguish whether the URL is available or
|
|
|
|
whether it's not based on the actual content.
|
|
|
|
|
|
|
|
So let's use tryEval as soon as it's working with fetchurl in Nix.
|
|
|
|
*/
|
|
|
|
tryFetch = url: let
|
|
|
|
mkBin = b: runCommand "binary-blurb" { inherit b; } ''
|
|
|
|
h="$(echo "$b" | sed -e ':r;N;$!br;s/[^ \n][^ \n]/\\x&/g;s/[ \n]//g')"
|
|
|
|
echo -ne "$h" > "$out"
|
|
|
|
'';
|
|
|
|
|
|
|
|
# Both MD5 hash collision examples are from:
|
|
|
|
# https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities
|
|
|
|
hashCollTrue = mkBin ''
|
|
|
|
d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89
|
|
|
|
55ad340609f4b302 83e488832571415a 085125e8f7cdc99f d91dbdf280373c5b
|
|
|
|
d8823e3156348f5b ae6dacd436c919c6 dd53e2b487da03fd 02396306d248cda0
|
|
|
|
e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a88393 96f9652b6ff72a70
|
|
|
|
'';
|
|
|
|
|
|
|
|
hashCollFalse = mkBin ''
|
|
|
|
d131dd02c5e6eec4 693d9a0698aff95c 2fcab50712467eab 4004583eb8fb7f89
|
|
|
|
55ad340609f4b302 83e4888325f1415a 085125e8f7cdc99f d91dbd7280373c5b
|
|
|
|
d8823e3156348f5b ae6dacd436c919c6 dd53e23487da03fd 02396306d248cda0
|
|
|
|
e99f33420f577ee8 ce54b67080280d1e c69821bcb6a88393 96f965ab6ff72a70
|
|
|
|
'';
|
|
|
|
|
|
|
|
cacheVal = let
|
|
|
|
urlHash = builtins.hashString "sha256" url;
|
|
|
|
timeSlice = builtins.currentTime / 600;
|
|
|
|
in "${urlHash}-${toString timeSlice}";
|
|
|
|
|
|
|
|
successBin = stdenv.mkDerivation {
|
|
|
|
name = "tryfetch-${cacheVal}";
|
|
|
|
inherit url;
|
|
|
|
|
|
|
|
outputHash = "79054025255fb1a26e4bc422aef54eb4";
|
|
|
|
outputHashMode = "flat";
|
|
|
|
outputHashAlgo = "md5";
|
|
|
|
|
|
|
|
buildInputs = [ curl ];
|
|
|
|
preferLocalBuild = true;
|
|
|
|
|
|
|
|
buildCommand = ''
|
|
|
|
if SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" \
|
|
|
|
curl -s -L -f -I "$url" > /dev/null; then
|
|
|
|
cat "${hashCollTrue}" > "$out"
|
|
|
|
else
|
|
|
|
cat "${hashCollFalse}" > "$out"
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
|
|
|
|
impureEnvVars = [
|
|
|
|
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
in {
|
|
|
|
success = builtins.readFile successBin == builtins.readFile hashCollTrue;
|
|
|
|
value = builtins.fetchurl url;
|
|
|
|
};
|
|
|
|
|
|
|
|
fetchLatest = channel: let
|
|
|
|
result = tryFetch (mkVerURL channel.version);
|
|
|
|
in if result.success then result.value else fetchLatest (channel // {
|
|
|
|
version = if channel.history != []
|
|
|
|
then (lib.head channel.history).version
|
|
|
|
else throw "Unfortunately there's no older version than " +
|
|
|
|
"${channel.version} available for channel " +
|
|
|
|
"${channel.channel} on ${channel.os}.";
|
|
|
|
history = lib.tail channel.history;
|
|
|
|
});
|
|
|
|
|
|
|
|
getHash = path: import (runCommand "gethash.nix" {
|
|
|
|
inherit path;
|
|
|
|
buildInputs = [ nix ];
|
|
|
|
} ''
|
|
|
|
sha256="$(nix-hash --flat --base32 --type sha256 "$path")"
|
|
|
|
echo "\"$sha256\"" > "$out"
|
|
|
|
'');
|
|
|
|
|
|
|
|
isLatest = channel: version: let
|
|
|
|
ourVersion = sources.${channel}.version or null;
|
|
|
|
in if ourVersion == null then false
|
2016-03-05 02:55:00 +01:00
|
|
|
else lib.versionOlder version sources.${channel}.version
|
|
|
|
|| version == sources.${channel}.version;
|
2016-02-26 20:02:41 +01:00
|
|
|
|
|
|
|
# We only support GNU/Linux right now.
|
|
|
|
linuxChannels = let
|
|
|
|
genLatest = channelName: channel: let
|
|
|
|
newUpstream = {
|
|
|
|
inherit (channel) version;
|
|
|
|
sha256 = getHash (fetchLatest channel);
|
|
|
|
};
|
|
|
|
keepOld = let
|
|
|
|
oldChannel = sources.${channelName};
|
|
|
|
in {
|
|
|
|
inherit (oldChannel) version sha256;
|
|
|
|
} // lib.optionalAttrs (oldChannel ? sha256bin32) {
|
|
|
|
inherit (oldChannel) sha256bin32;
|
|
|
|
} // lib.optionalAttrs (oldChannel ? sha256bin64) {
|
|
|
|
inherit (oldChannel) sha256bin64;
|
|
|
|
};
|
|
|
|
in if isLatest channelName channel.version then keepOld else newUpstream;
|
|
|
|
in lib.mapAttrs genLatest channels.linux;
|
|
|
|
|
|
|
|
getLinuxFlash = channelName: channel: let
|
|
|
|
inherit (channel) version;
|
|
|
|
fetchArch = arch: tryFetch (getDebURL channelName version arch debURL);
|
|
|
|
packages = lib.genAttrs ["i386" "amd64"] fetchArch;
|
|
|
|
isNew = arch: attr: !(builtins.hasAttr attr channel)
|
|
|
|
&& packages.${arch}.success;
|
|
|
|
in channel // lib.optionalAttrs (isNew "i386" "sha256bin32") {
|
|
|
|
sha256bin32 = getHash (packages.i386.value);
|
|
|
|
} // lib.optionalAttrs (isNew "amd64" "sha256bin64") {
|
|
|
|
sha256bin64 = getHash (packages.amd64.value);
|
|
|
|
};
|
|
|
|
|
|
|
|
newChannels = lib.mapAttrs getLinuxFlash linuxChannels;
|
|
|
|
|
|
|
|
dumpAttrs = indent: attrs: let
|
|
|
|
mkVal = val: if lib.isAttrs val then dumpAttrs (indent + 1) val
|
|
|
|
else "\"${lib.escape ["$" "\\" "\""] (toString val)}\"";
|
|
|
|
mkIndent = level: lib.concatStrings (builtins.genList (_: " ") level);
|
|
|
|
mkAttr = key: val: "${mkIndent (indent + 1)}${key} = ${mkVal val};\n";
|
|
|
|
attrLines = lib.mapAttrsToList mkAttr attrs;
|
|
|
|
in "{\n" + (lib.concatStrings attrLines) + (mkIndent indent) + "}";
|
2016-03-20 16:48:54 +01:00
|
|
|
in writeText "chromium-new-upstream-info.nix" ''
|
|
|
|
# This file is autogenerated from update.sh in the same directory.
|
2016-02-26 20:02:41 +01:00
|
|
|
${dumpAttrs 0 newChannels}
|
2014-03-27 07:20:20 +01:00
|
|
|
'';
|
|
|
|
}
|