chromium: Add support for grsecurity

2014-04-25 03:58:33 +02:00 · 2014-04-25 03:58:33 +02:00 · 8d54dc6d13
commit 8d54dc6d13
parent 255d86ea99
3 changed files with 32 additions and 19 deletions
--- a/pkgs/applications/networking/browsers/chromium/browser.nix
+++ b/pkgs/applications/networking/browsers/chromium/browser.nix
@ -1,11 +1,11 @@
-{ stdenv, mkChromiumDerivation }:
+{ stdenv, mkChromiumDerivation, arch }:

 with stdenv.lib;

 mkChromiumDerivation (base: rec {
  name = "chromium-browser";
  packageName = "chromium";
-  buildTargets = [ "chrome" ];
+  buildTargets = [ "mksnapshot.${arch}" "chrome" ];

  installPhase = ''
    ensureDir "$libExecPath"
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@ -30,6 +30,7 @@

 , source
 , plugins
+, archInfo
 }:

 buildFun:
@ -172,13 +173,7 @@ let
      # enable support for the H.264 codec
      proprietary_codecs = true;
      ffmpeg_branding = "Chrome";
-    } // optionalAttrs (stdenv.system == "x86_64-linux") {
-      target_arch = "x64";
-      python_arch = "x86-64";
-    } // optionalAttrs (stdenv.system == "i686-linux") {
-      target_arch = "ia32";
-      python_arch = "ia32";
-    } // (extraAttrs.gypFlags or {}));
+    } // archInfo // (extraAttrs.gypFlags or {}));

    configurePhase = ''
      # This is to ensure expansion of $out.
@ -190,14 +185,21 @@ let
    buildPhase = let
      CC = "${gcc}/bin/gcc";
      CXX = "${gcc}/bin/g++";
-    in ''
-      CC="${CC}" CC_host="${CC}"     \
-      CXX="${CXX}" CXX_host="${CXX}" \
-      LINK_host="${CXX}"             \
-        "${ninja}/bin/ninja" -C "${buildPath}"  \
-          -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
-          ${concatStringsSep " " (extraAttrs.buildTargets or [])}
-    '';
+      buildCommand = target: ''
+        CC="${CC}" CC_host="${CC}"     \
+        CXX="${CXX}" CXX_host="${CXX}" \
+        LINK_host="${CXX}"             \
+          "${ninja}/bin/ninja" -C "${buildPath}"  \
+            -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
+            ${target}
+
+        if [[ "${target}" == mksnapshot.* || "${target}" == "chrome" ]]; then
+          paxmark m "${buildPath}/${target}"
+        fi
+      '';
+      targets = extraAttrs.buildTargets or [];
+      commands = map buildCommand targets;
+    in concatStringsSep "\n" commands;
  };

 # Remove some extraAttrs we supplied to the base attributes already.
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@ -15,6 +15,14 @@
 }:

 let
+  archInfo = with stdenv.lib; optionalAttrs (stdenv.system == "i686-linux") {
+    target_arch = "ia32";
+    python_arch = "ia32";
+  } // optionalAttrs (stdenv.system == "x86_64-linux") {
+    target_arch = "x64";
+    python_arch = "x86-64";
+  };
+
  callPackage = newScope chromium;

  chromium = {
@ -27,10 +35,13 @@ let
    mkChromiumDerivation = callPackage ./common.nix {
      inherit enableSELinux enableNaCl useOpenSSL gnomeSupport
              gnomeKeyringSupport proprietaryCodecs cupsSupport
-              pulseSupport;
+              pulseSupport archInfo;
+    };
+
+    browser = callPackage ./browser.nix {
+      arch = archInfo.target_arch;
    };

-    browser = callPackage ./browser.nix { };
    sandbox = callPackage ./sandbox.nix { };

    plugins = callPackage ./plugins.nix {