After refactoring the updater we no longer did properly propagate the
exit code from the nix-prefetch-url call to the main script. So if the
newest version could not be fetched it didn't even bother to try the
previous release and we would end up with an empty hash.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The system attribute was already there in the function head of the
shared update helper but it actually wasn't used and thus later the
import of <nixpkgs> was done using builtins.currentSystem instead of the
system attribute inherited from the source derivation.
Now we correctly propagate the attribute, so that even when running a
64bit kernel you can run a 32bit Chromium with binary plugins.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This now uses the Debian package from the sources derivation instead of
hardcoding it, so we finally should have proper PepperAPI plugin support
without crashing plugins and whatnot.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This cases the Debian binaries to be fetched from Google's official APT
repository. If we aren't able to find a package from the APT repository,
it's very likely that it already got deleted upstream and we need to
fallback to mirrors instead.
Unfortunately, we can't use mirrors for updating, because Google doesn't
sign the Debian packages themselves and only the release files.
We're going to hook it into a Chromium updater soon, making the sha256
hashes publicly available, so if it is missing, we can still put the
sha256 manually into sources.nix, without risking anything by blindly
fetching from one of the provided mirrors.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The updater is now splitted between a shellscript and a Nix expression
file which contains helpers and lookup functions to reconstruct all
information needed in order to fetch the source tarballs.
This means, that the sources.nix now doesn't contain URLs and only
versions and the corresponding SHA256 hashes. Of course, right now this
sounds like it's unnecessary, but we're going to fetch binaries soon so
it's a good idea to not unnecessarily clutter up sources.nix.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
