chromium: Updates, fixes #11492

Built and run Beta and Stable locally. Dev is surrently superseded by Stable so
it doesn't matter much.

- Dev: 47.0.2508.0 -> 48.0.2564.22
- Beta: 46.0.2490.64 -> 48.0.2564.23
- Stable: 45.0.2454.101 -> 47.0.2526.73

Changed the SSL dependencies to the supported configuration on Linux (according
to Torne @Freenode/#chromium-support).

- NSS is a dependency since it is used to access the ceritiface store.
- Dropped system OpenSSL support, the bundled BoringSSL is used.

This probably fixes issue #10555. Note that without this adjustment the build
fails even.

Dropped uneeded old patches.

pkgs/applications/networking/browsers/chromium/browser.nix

@@ -12,9 +12,6 @@ mkChromiumDerivation (base: rec {
     cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
     cp -v "$buildPath/icudtl.dat" "$libExecPath/"
     cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
-    ${optionalString (versionOlder base.version "44.0.0.0") ''
-      cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"
-    ''}
     cp -v "$buildPath/chrome" "$libExecPath/$packageName"
     cp -v "$buildPath/chrome_sandbox" "$libExecPath/chrome-sandbox"
 

pkgs/applications/networking/browsers/chromium/common.nix

@@ -5,7 +5,7 @@
 , libevent, expat, libjpeg, snappy
 , libpng, libxml2, libxslt, libcap
 , xdg_utils, yasm, minizip, libwebp
-, libusb1, libexif, pciutils
+, libusb1, libexif, pciutils, nss
 
 , python, pythonPackages, perl, pkgconfig
 , nspr, udev, kerberos
@@ -22,7 +22,6 @@
 , enableSELinux ? false, libselinux ? null
 , enableNaCl ? false
 , enableHotwording ? false
-, useOpenSSL ? false, nss ? null, openssl ? null
 , gnomeSupport ? false, gnome ? null
 , gnomeKeyringSupport ? false, libgnome_keyring3 ? null
 , proprietaryCodecs ? true
@@ -65,7 +64,6 @@ let
     use_system_opus = true;
     use_system_snappy = true;
     use_system_speex = true;
-    use_system_ssl = useOpenSSL;
     use_system_stlport = true;
     use_system_xdg_utils = true;
     use_system_yasm = true;
@@ -107,8 +105,7 @@ let
     buildInputs = defaultDependencies ++ [
       which
       python perl pkgconfig
-      nspr udev
-      (if useOpenSSL then openssl else nss)
+      nspr nss udev
       utillinux alsaLib
       bison gperf kerberos
       glib gtk dbus_glib
@@ -155,7 +152,6 @@ let
       linux_link_pulseaudio = pulseSupport;
       disable_nacl = !enableNaCl;
       enable_hotwording = enableHotwording;
-      use_openssl = useOpenSSL;
       selinux = enableSELinux;
       use_cups = cupsSupport;
     } // {

pkgs/applications/networking/browsers/chromium/default.nix

@@ -5,7 +5,6 @@
 , enableSELinux ? false
 , enableNaCl ? false
 , enableHotwording ? false
-, useOpenSSL ? false
 , gnomeSupport ? false
 , gnomeKeyringSupport ? false
 , proprietaryCodecs ? true
@@ -23,11 +22,10 @@ let
     source = callPackage ./source {
       inherit channel;
       # XXX: common config
-      inherit useOpenSSL;
     };
 
     mkChromiumDerivation = callPackage ./common.nix {
-      inherit enableSELinux enableNaCl enableHotwording useOpenSSL gnomeSupport
+      inherit enableSELinux enableNaCl enableHotwording gnomeSupport
               gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport
               hiDPISupport;
     };

pkgs/applications/networking/browsers/chromium/source/default.nix

@@ -1,6 +1,5 @@
 { stdenv, fetchurl, fetchpatch, patchutils, python
 , channel ? "stable"
-, useOpenSSL # XXX
 }:
 
 with stdenv.lib;
@@ -36,8 +35,6 @@ in stdenv.mkDerivation {
       --exclude='*/.*'
   '';
 
-  opensslPatches = optional useOpenSSL openssl.patches;
-
   prePatch = ''
     for i in $outputs; do
       eval patchShebangs "\$$i"
@@ -45,10 +42,8 @@ in stdenv.mkDerivation {
   '';
 
   patches =
-    (if versionOlder version "45.0.0.0"
-     then singleton ./nix_plugin_paths_44.patch
-     else singleton ./nix_plugin_paths_46.patch ++
-          optional (!versionOlder version "46.0.0.0") ./build_fixes_46.patch) ++
+    singleton ./nix_plugin_paths_46.patch ++
+    singleton ./build_fixes_46.patch ++
     singleton ./widevine.patch;
 
   patchPhase = let
@@ -71,8 +66,6 @@ in stdenv.mkDerivation {
       -e 's|/bin/echo|echo|' \
       -e "/python_arch/s/: *'[^']*'/: '""'/" \
       "$out/build/common.gypi" "$main/chrome/chrome_tests.gypi"
-  '' + optionalString useOpenSSL ''
-    cat $opensslPatches | patch -p1 -d "$bundled/openssl/openssl"
   '';
 
   passthru = {

pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_44.patch

@@ -1,84 +0,0 @@
-diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
-index 8a205a6..d5c24e1 100644
---- a/chrome/common/chrome_paths.cc
-+++ b/chrome/common/chrome_paths.cc
-@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>
-     g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
- 
- // Gets the path for internal plugins.
--bool GetInternalPluginsDirectory(base::FilePath* result) {
--#if defined(OS_MACOSX) && !defined(OS_IOS)
--  // If called from Chrome, get internal plugins from a subdirectory of the
--  // framework.
--  if (base::mac::AmIBundled()) {
--    *result = chrome::GetFrameworkBundlePath();
--    DCHECK(!result->empty());
--    *result = result->Append("Internet Plug-Ins");
--    return true;
--  }
--  // In tests, just look in the module directory (below).
--#endif
--
--  // The rest of the world expects plugins in the module directory.
--  return PathService::Get(base::DIR_MODULE, result);
-+bool GetInternalPluginsDirectory(base::FilePath* result,
-+                                 const std::string& ident) {
-+  std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
-+  const char* value = getenv(full_env.c_str());
-+  if (value == NULL)
-+      return PathService::Get(base::DIR_MODULE, result);
-+  else
-+      *result = base::FilePath(value);
- }
- 
- }  // namespace
-@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {
-       create_dir = true;
-       break;
-     case chrome::DIR_INTERNAL_PLUGINS:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "ALL"))
-         return false;
-       break;
-     case chrome::DIR_PEPPER_FLASH_PLUGIN:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
-         return false;
-       cur = cur.Append(kPepperFlashBaseDirectory);
-       break;
-@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {
-       cur = cur.Append(FILE_PATH_LITERAL("script.log"));
-       break;
-     case chrome::FILE_FLASH_PLUGIN:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))
-         return false;
-       cur = cur.Append(kInternalFlashPluginFileName);
-       break;
-@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {
-     // We currently need a path here to look up whether the plugin is disabled
-     // and what its permissions are.
-     case chrome::FILE_NACL_PLUGIN:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "NACL"))
-         return false;
-       cur = cur.Append(kInternalNaClPluginFileName);
-       break;
-@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {
-         cur = cur.DirName();
-       }
- #else
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "PNACL"))
-         return false;
- #endif
-       cur = cur.Append(FILE_PATH_LITERAL("pnacl"));
-@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {
-     // In the component case, this is the source adapter. Otherwise, it is the
-     // actual Pepper module that gets loaded.
-     case chrome::FILE_WIDEVINE_CDM_ADAPTER:
--      if (!GetInternalPluginsDirectory(&cur))
-+      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))
-         return false;
-       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);
-       break;

pkgs/applications/networking/browsers/chromium/source/sources.nix

@@ -1,21 +1,21 @@
 # This file is autogenerated from update.sh in the parent directory.
 {
   dev = {
-    version = "47.0.2508.0";
-    sha256 = "1jmcvbimj3x91czvclnqbp8w2nfqhk2bd7bw9yd37c576md1wnw2";
-    sha256bin32 = "10spq63yfyzw419bz22r2g5rmnaxy5861715mkrcbpfm8cylzmzh";
-    sha256bin64 = "1ycdp37ikdc9w4hp9qgpzjp47zh37g01ax8x4ack202vrv0dxhsh";
+    version = "48.0.2564.22";
+    sha256 = "18kk8vmv7c8dsxdghvrjl90davm0gc4wdvs5zmsgiymlw1c6qpaj";
+    sha256bin32 = "1b10bb83npnn24fxl7jqkrhjzhk211cgf1f2ykx50z3cc41v4rvp";
+    sha256bin64 = "0a3w22blkpnk1wdg201ixm8jm7lrn4md64wcllmm69z433flrg1b";
   };
   beta = {
-    version = "46.0.2490.64";
-    sha256 = "1k2zir4rbs7hwdasbjpwyjr4ibis2vm6lx45bfm2r2f469mf3y2g";
-    sha256bin32 = "0j1xncws0r5z2rvvjsi0gxxmnslfcbiasaxr6bjhbxnzjv7chrd4";
-    sha256bin64 = "1m8vv3qh79an3719afz7n2ijqanf4cyxz2q4bzm512x52z5zipl7";
+    version = "48.0.2564.23";
+    sha256 = "0rhjrvxsxv84jahnph26lbivfa6g48qmv1mw6wysjx8rvfpfx9g9";
+    sha256bin32 = "17330cv6zv25z5y6pbfc9hb7vk77yggvcdggknkvvbfd0p6mrf4z";
+    sha256bin64 = "0d3r64ipgigjqgnr57lklk5icv2snd2gq9w6aw7apfx61qlbnxly";
   };
   stable = {
-    version = "45.0.2454.101";
-    sha256 = "1yw5xlgy5hd3iwcyf0sillq5p367fcpvp4mizpmv52cwmv52ss0v";
-    sha256bin32 = "1ll8lmkmx7v74naz1vcnrwk5ighh0skfcb66jkq4kgxrb5fjgwm5";
-    sha256bin64 = "1cwbd3n77dnbfnrfr8g0qng9xkgvz6y7mx489gpx1wsamgi42bzj";
+    version = "47.0.2526.73";
+    sha256 = "1xgl2pmvfxnm2pk4p4p4v642ip0cxxjysc1xy4pmdxnzilfd0rkd";
+    sha256bin32 = "1y9g14s81xanp70l0s6grszn4q0acn4rgm46i5kigf37s1cbwagy";
+    sha256bin64 = "1y00znk5cfd1nvh4dx92b0m8q38849i25a18zg2lhvjqrpq097za";
   };
 }