From 75edcc38e88413fd44730d0575412ace5a1e9f4c Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 12 Jun 2012 10:19:22 +0200
Subject: [PATCH 01/22] chromium: Minimal build (no install) from source.

This only gets chromium to build so far, installation is missing by upstream, so
we need to manually copy the corresponding files. And I guess with nix, we also
need to patch a few paths on installation.

Another issue is that at the moment, a lot of dependencies are used from the
source tree, rather than from the system.

Also, it would be nice to build using LLVM, as it really speeds up compilation a
*LOT* and also has the side effect of resulting in smaller binaries.

Working unit tests would be nice, too. Unfortunately they're quite heavyweight
and take hours to run, so I guess "someday" would be the most appropriate time
to integrate.

Further todo's:

- Allow to disable GConf, GIO and CUPS.
- Option to disable the sandbox (for whatever reason the user might have).
- Integrate gold binutils.
- Pulseaudio support.
- Clearly separate Linux specific stuff.
---
 .../networking/browsers/chromium/default.nix  | 123 +++++++++++-------
 pkgs/top-level/all-packages.nix               |   3 +-
 2 files changed, 75 insertions(+), 51 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 2ea5bac0600e1..3fb29081b5f7c 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,62 +1,87 @@
-{ GConf, alsaLib, bzip2, cairo, cups, dbus, dbus_glib, expat
-, fetchurl, ffmpeg, fontconfig, freetype, libX11, libXfixes
-, glib, gtk, gdk_pixbuf, pango
-, libXScrnSaver, libXdamage, libXext, libXrender, libXt, libXtst, libXcomposite
-, libgcrypt, libjpeg, libpng, makeWrapper, nspr, nss, patchelf
-, stdenv, unzip, zlib, pam, pcre, udev }:
+{ stdenv, fetchurl, fetchsvn
+, python, perl, pkgconfig
+, nspr, nss, udev, bzip2
+, utillinux, alsaLib
+, gcc, bison, gperf
+, krb5
+, glib, gtk, gconf, libgcrypt, libgnome_keyring, dbus_glib
+, libXScrnSaver, libXcursor
 
-assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux" ;
+, useSELinux ? false
+, naclSupport ? false
+, gnomeKeyringSupport ? false
+, useProprietaryCodecs ? false
+}:
 
-stdenv.mkDerivation rec {
-  name = "chromium-19.0.1061.0-pre${version}";
+let
+  mkGypFlags = with stdenv.lib; let
+    sanitize = value:
+      if value == true then "1"
+      else if value == false then "0"
+      else "${value}";
+    toFlag = key: value: "-D${key}=${sanitize value}";
+  in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
 
-  # To determine the latest revision, get
-  # ‘http://commondatastorage.googleapis.com/chromium-browser-continuous/Linux/LAST_CHANGE’.
-  # For the version number, see ‘about:version’.
-  version = "124950";
-  
-  src =
-    if stdenv.system == "x86_64-linux" then
-      fetchurl {
-        url = "http://commondatastorage.googleapis.com/chromium-browser-continuous/Linux_x64/${version}/chrome-linux.zip";
-        sha256 = "4472bf584a96e477e2c17f96d4452dd41f4f34ac3d6a9bb4c845cf15d8db0c73";
-      }
-    else if stdenv.system == "i686-linux" then
-      fetchurl {
-        url = "http://commondatastorage.googleapis.com/chromium-browser-continuous/Linux/${version}/chrome-linux.zip";
-        sha256 = "6e8a49d9917ee26b67d14cd10b85711c3b9382864197ba02b3cfe8e636d3d69c";
-      }
-    else throw "Chromium is not supported on this platform.";
+in stdenv.mkDerivation rec {
+  name = "chromium-${version}";
 
-  phases = "unpackPhase installPhase";
+  version = "21.0.1171.0";
 
-  buildInputs = [ makeWrapper unzip ];
+  src = fetchurl {
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.bz2";
+    sha256 = "3fd9b2d8895750a4435a585b9c2dc7d34b583c6470ba67eb6ea6c2579f126377";
+  };
+
+  buildInputs = [
+    python perl pkgconfig
+    nspr nss udev bzip2
+    utillinux alsaLib
+    gcc bison gperf
+    krb5
+    glib gtk gconf libgcrypt dbus_glib
+    libXScrnSaver libXcursor
+  ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring;
 
-  libPath =
-    stdenv.lib.makeLibraryPath
-       [ GConf alsaLib bzip2 cairo cups dbus dbus_glib expat
-         ffmpeg fontconfig freetype libX11 libXScrnSaver libXfixes libXcomposite
-         libXdamage libXext libXrender libXt libXtst libgcrypt libjpeg
-         libpng nspr stdenv.gcc.gcc zlib stdenv.gcc.libc
-         glib gtk gdk_pixbuf pango
-         pam udev
-       ];
+  prePatch = "patchShebangs .";
 
-  installPhase = ''
-    mkdir -p $out/bin
-    mkdir -p $out/libexec/chrome
+  gypFlags = mkGypFlags {
+    linux_use_gold_binary = false;
+    linux_use_gold_flags = false;
+    proprietary_codecs = false;
+    use_gnome_keyring = gnomeKeyringSupport;
+    disable_nacl = !naclSupport;
+    use_cups = false;
+  };
 
-    cp -R * $out/libexec/chrome
+  /* TODO:
+  use_system_bzip2 = true;
+  use_system_ffmpeg = true;
+  use_system_flac = true;
+  use_system_harfbuzz = true;
+  use_system_icu = true;
+  use_system_libevent = true;
+  use_system_libexpat = true;
+  use_system_libjpeg = true;
+  use_system_libpng = true;
+  use_system_libwebp = true;
+  use_system_libxml = true;
+  use_system_skia = true;
+  use_system_speex = true;
+  use_system_sqlite = true;
+  use_system_ssl = true;
+  use_system_stlport = true;
+  use_system_v8 = true;
+  use_system_xdg_utils = true;
+  use_system_yasm = true;
+  use_system_zlib = true;
+  */
 
-    strip $out/libexec/chrome/chrome
-    
-    ${patchelf}/bin/patchelf \
-      --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
-      --set-rpath ${libPath}:$out/lib:${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib \
-      $out/libexec/chrome/chrome
+  configurePhase = ''
+    python build/gyp_chromium --depth $(pwd) ${gypFlags}
+  '';
 
-    makeWrapper $out/libexec/chrome/chrome $out/bin/chrome \
-      --prefix LD_LIBRARY_PATH : "${pcre}/lib:${nss}/lib"
+  buildPhase = ''
+    make CC=${gcc}/bin/gcc BUILDTYPE=Release library=shared_library chrome chrome_sandbox
   '';
 
   meta =  with stdenv.lib; {
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9fde8edf4faf9..aff5b2cdf3456 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6329,8 +6329,7 @@ let
   };
 
   chrome = lowPrio (callPackage ../applications/networking/browsers/chromium {
-    inherit (gnome) GConf;
-    libpng = libpng12;
+    gconf = gnome.GConf;
   });
 
   chromeWrapper = wrapFirefox

From 38ddc6cef237b6f0ed1532c0d506d60419e3a85f Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 15 Jun 2012 10:19:26 +0200
Subject: [PATCH 02/22] chromium: Add an install phase.

This tries to put pathes unte the same directory as the previous prebuilt
version of Chromium.
---
 .../networking/browsers/chromium/default.nix  | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 3fb29081b5f7c..af2e23a54071b 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchsvn
+{ stdenv, fetchurl, fetchsvn, makeWrapper
 , python, perl, pkgconfig
 , nspr, nss, udev, bzip2
 , utillinux, alsaLib
@@ -33,6 +33,7 @@ in stdenv.mkDerivation rec {
   };
 
   buildInputs = [
+    makeWrapper
     python perl pkgconfig
     nspr nss udev bzip2
     utillinux alsaLib
@@ -84,6 +85,28 @@ in stdenv.mkDerivation rec {
     make CC=${gcc}/bin/gcc BUILDTYPE=Release library=shared_library chrome chrome_sandbox
   '';
 
+  installPhase = ''
+    mkdir -vp "$out/libexec/chrome"
+    cp -v "out/${buildType}/"*.pak "$out/libexec/chrome/"
+    cp -vR "out/${buildType}/locales" "out/${buildType}/resources" "$out/libexec/chrome/"
+
+    cp -v "out/${buildType}/chrome" "$out/libexec/chrome/chrome"
+
+    mkdir -vp "$out/bin"
+    makeWrapper "$out/libexec/chrome/chrome" "$out/bin/chrome"
+
+    mkdir -vp "$out/share/man/man1"
+    cp -v "out/${buildType}/chrome.1" "$out/share/man/man1/chrome.1"
+
+    for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
+      num_and_suffix="''${icon_file##*logo_}"
+      icon_size="''${num_and_suffix%.*}"
+      logo_output_path="$out/share/icons/hicolor/''${icon_size}x''${icon_size}/apps"
+      mkdir -vp "$logo_output_path"
+      cp -v "$icon_file" "$logo_output_path/chrome.png"
+    done
+  '';
+
   meta =  with stdenv.lib; {
     description = "Chromium, an open source web browser";
     homepage = http://www.chromium.org/;

From 35f7534e36bdb2c2b96917a6109917330ffcc963 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 15 Jun 2012 10:23:33 +0200
Subject: [PATCH 03/22] chromium: Add an update script.

It fetches the latest version based on the bucketlist XML from
commondatastorage and generates a "source.nix" which contains an attribute set
about where to fetch the latest version.

The XML is parsed in a somewhat hackish way using sed, but as this is just an
updater, its okay and we don't want to break a fly on the wheel by employing a
full XML parser.
---
 .../networking/browsers/chromium/default.nix  |  8 +++--
 .../networking/browsers/chromium/update.sh    | 34 +++++++++++++++++++
 2 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100755 pkgs/applications/networking/browsers/chromium/update.sh

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index af2e23a54071b..f5aea5903697e 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -14,6 +14,8 @@
 }:
 
 let
+  sourceInfo = import ./source.nix;
+
   mkGypFlags = with stdenv.lib; let
     sanitize = value:
       if value == true then "1"
@@ -25,11 +27,11 @@ let
 in stdenv.mkDerivation rec {
   name = "chromium-${version}";
 
-  version = "21.0.1171.0";
+  version = sourceInfo.version;
 
   src = fetchurl {
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.bz2";
-    sha256 = "3fd9b2d8895750a4435a585b9c2dc7d34b583c6470ba67eb6ea6c2579f126377";
+    url = sourceInfo.url;
+    sha256 = sourceInfo.sha256;
   };
 
   buildInputs = [
diff --git a/pkgs/applications/networking/browsers/chromium/update.sh b/pkgs/applications/networking/browsers/chromium/update.sh
new file mode 100755
index 0000000000000..066cd1c147f72
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/update.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+bucket_url="http://commondatastorage.googleapis.com/chromium-browser-official/";
+
+get_newest_version()
+{
+    curl -s "$bucket_url" | sed -ne ' H;/<[Kk][Ee][Yy]>chromium-[^<]*</h;${
+    g;s/^.*<Key>chromium-\([^<.]\+\(\.[^<.]\+\)\+\)\.tar\.bz2<.*$/\1/p
+    }';
+}
+
+cd "$(dirname "$0")";
+
+version="$(get_newest_version)";
+
+if [ -e source.nix ]; then
+    oldver="$(sed -n 's/^ *version *= *"\([^"]\+\)".*$/\1/p' source.nix)";
+    if [ "x$oldver" = "x$version" ]; then
+        echo "Already the newest version: $version" >&2;
+        exit 1;
+    fi;
+fi;
+
+url="${bucket_url%/}/chromium-$version.tar.bz2";
+
+sha256="$(nix-prefetch-url "$url")";
+
+cat > source.nix <<EOF
+{
+  version = "$version";
+  url = "$url";
+  sha256 = "$sha256";
+}
+EOF

From 41fecca0dc4c8b29108354d2f29a8af8c94c5ae0 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 15 Jun 2012 10:27:14 +0200
Subject: [PATCH 04/22] chromium: Generate the latest source.nix.

---
 pkgs/applications/networking/browsers/chromium/source.nix | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 pkgs/applications/networking/browsers/chromium/source.nix

diff --git a/pkgs/applications/networking/browsers/chromium/source.nix b/pkgs/applications/networking/browsers/chromium/source.nix
new file mode 100644
index 0000000000000..ce7ef056ba96f
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/source.nix
@@ -0,0 +1,5 @@
+{
+  version = "21.0.1174.1";
+  url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-21.0.1174.1.tar.bz2";
+  sha256 = "00jd3lzdbxm4rlqvxf0wfz9pvsza85rhlb0pzdzrdjy45kn06a75";
+}

From 7bba9f246ffc809ef2fea691213e84002099e185 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 15 Jun 2012 11:06:07 +0200
Subject: [PATCH 05/22] chromium: Clean up build flags.

This also includes setting compiler architectures and paths.
---
 .../networking/browsers/chromium/default.nix  | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index f5aea5903697e..87dce9841e2cb 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -47,14 +47,20 @@ in stdenv.mkDerivation rec {
 
   prePatch = "patchShebangs .";
 
-  gypFlags = mkGypFlags {
+  gypFlags = mkGypFlags ({
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;
     proprietary_codecs = false;
     use_gnome_keyring = gnomeKeyringSupport;
     disable_nacl = !naclSupport;
     use_cups = false;
-  };
+  } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
+    target_arch = "x64";
+  } // stdenv.lib.optionalAttrs (stdenv.system == "i686-linux") {
+    target_arch = "ia32";
+  });
+
+  buildType = "Release";
 
   /* TODO:
   use_system_bzip2 = true;
@@ -80,11 +86,16 @@ in stdenv.mkDerivation rec {
   */
 
   configurePhase = ''
-    python build/gyp_chromium --depth $(pwd) ${gypFlags}
+    python build/gyp_chromium --depth "$(pwd)" ${gypFlags}
   '';
 
+  extraBuildFlags = let
+    CC = "${gcc}/bin/gcc";
+    CXX = "${gcc}/bin/g++";
+  in "CC=\"${CC}\" CXX=\"${CXX}\" CC.host=\"${CC}\" CXX.host=\"${CXX}\" LINK.host=\"${CXX}\"";
+
   buildPhase = ''
-    make CC=${gcc}/bin/gcc BUILDTYPE=Release library=shared_library chrome chrome_sandbox
+    make ${extraBuildFlags} BUILDTYPE=${buildType} library=shared_library chrome chrome_sandbox
   '';
 
   installPhase = ''

From d422878cc978649cda5b2e67489d9c443062d5b1 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 15 Jun 2012 11:07:30 +0200
Subject: [PATCH 06/22] chromium: Enable seccomp by default.

If useSELinux is not set, enable seccomp mode by default and avoid building the
SUID helper sandbox at all. This involves a small patch which causes the
commandline arguments to be swapped: --disable-seccomp-sandbox to disable it,
while the option is active by default.
---
 .../networking/browsers/chromium/default.nix  |  5 ++++-
 .../browsers/chromium/enable_seccomp.patch    | 20 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp.patch

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 87dce9841e2cb..2e96eb5738137 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -47,12 +47,15 @@ in stdenv.mkDerivation rec {
 
   prePatch = "patchShebangs .";
 
+  patches = stdenv.lib.optional (!useSELinux) ./enable_seccomp.patch;
+
   gypFlags = mkGypFlags ({
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;
     proprietary_codecs = false;
     use_gnome_keyring = gnomeKeyringSupport;
     disable_nacl = !naclSupport;
+    selinux = useSELinux;
     use_cups = false;
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
     target_arch = "x64";
@@ -95,7 +98,7 @@ in stdenv.mkDerivation rec {
   in "CC=\"${CC}\" CXX=\"${CXX}\" CC.host=\"${CC}\" CXX.host=\"${CXX}\" LINK.host=\"${CXX}\"";
 
   buildPhase = ''
-    make ${extraBuildFlags} BUILDTYPE=${buildType} library=shared_library chrome chrome_sandbox
+    make ${extraBuildFlags} BUILDTYPE=${buildType} library=shared_library chrome
   '';
 
   installPhase = ''
diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
new file mode 100644
index 0000000000000..edeee37f19cab
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
@@ -0,0 +1,20 @@
+diff --git a/content/common/seccomp_sandbox.h b/content/common/seccomp_sandbox.h
+index a07d6f3..a622a35 100644
+--- a/content/common/seccomp_sandbox.h
++++ b/content/common/seccomp_sandbox.h
+@@ -29,15 +29,9 @@ static bool SeccompSandboxEnabled() {
+   // TODO(evan): turn on for release too once we've flushed out all the bugs,
+   // allowing us to delete this file entirely and just rely on the "disabled"
+   // switch.
+-#ifdef NDEBUG
+-  // Off by default; allow turning on with a switch.
+-  return CommandLine::ForCurrentProcess()->HasSwitch(
+-      switches::kEnableSeccompSandbox);
+-#else
+   // On by default; allow turning off with a switch.
+   return !CommandLine::ForCurrentProcess()->HasSwitch(
+       switches::kDisableSeccompSandbox);
+-#endif  // NDEBUG
+ }
+ #endif  // SECCOMP_SANDBOX
+ 

From 38a52c802c4c5e763c4041a80184b95793530f18 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 06:53:00 +0200
Subject: [PATCH 07/22] chromium: Add "which" to build dependencies.

This is needed by a lot of scripts within chromium, so we're not going to patch
them using type, which is shell-specific anyway.
---
 pkgs/applications/networking/browsers/chromium/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 2e96eb5738137..24de7bc2e91d7 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchsvn, makeWrapper
+{ stdenv, fetchurl, fetchsvn, makeWrapper, which
 , python, perl, pkgconfig
 , nspr, nss, udev, bzip2
 , utillinux, alsaLib
@@ -35,7 +35,7 @@ in stdenv.mkDerivation rec {
   };
 
   buildInputs = [
-    makeWrapper
+    which makeWrapper
     python perl pkgconfig
     nspr nss udev bzip2
     utillinux alsaLib

From 8df530cfb54450beac2234c9d71733dd8f45f34d Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 06:56:50 +0200
Subject: [PATCH 08/22] chromium: Use system libraries whenever possible.

There are still some libraries left, which we either need to patch or provide
more recent versions. Plus we're going to use openssl, as libnss doesn't want to
do proper SSL (let's debug this later).
---
 .../networking/browsers/chromium/default.nix  | 71 ++++++++++++-------
 1 file changed, 44 insertions(+), 27 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 24de7bc2e91d7..872c2230acdf3 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,6 +1,14 @@
 { stdenv, fetchurl, fetchsvn, makeWrapper, which
+
+# default dependencies
+, bzip2, ffmpeg, flac #, harfbuzz
+, icu, libevent, expat, libjpeg
+, libpng, libwebp, libxml2, libxslt #, skia
+, speex, sqlite, openssl #, stlport
+, v8, xdg_utils, yasm, zlib
+
 , python, perl, pkgconfig
-, nspr, nss, udev, bzip2
+, nspr, udev
 , utillinux, alsaLib
 , gcc, bison, gperf
 , krb5
@@ -24,6 +32,37 @@ let
     toFlag = key: value: "-D${key}=${sanitize value}";
   in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
 
+  gypFlagsUseSystemLibs = {
+    use_system_bzip2 = true;
+    use_system_ffmpeg = false; # FIXME: libavformat...
+    use_system_flac = true;
+    use_system_harfbuzz = false; # TODO
+    use_system_icu = false; # FIXME: wrong version!
+    use_system_libevent = true;
+    use_system_libexpat = true;
+    use_system_libjpeg = true;
+    use_system_libpng = true;
+    use_system_libwebp = false; # See chromium issue #133161
+    use_system_libxml = true;
+    use_system_skia = false; # TODO
+    use_system_speex = true;
+    use_system_sqlite = false; # FIXME
+    use_system_ssl = true;
+    use_system_stlport = true;
+    use_system_v8 = false; # TODO...
+    use_system_xdg_utils = true;
+    use_system_yasm = true;
+    use_system_zlib = true;
+  };
+
+  defaultDependencies = [
+    bzip2 ffmpeg flac # harfbuzz
+    icu libevent expat libjpeg
+    libpng libwebp libxml2 libxslt # skia
+    speex sqlite openssl # stlport
+    v8 xdg_utils yasm zlib
+  ];
+
 in stdenv.mkDerivation rec {
   name = "chromium-${version}";
 
@@ -34,10 +73,10 @@ in stdenv.mkDerivation rec {
     sha256 = sourceInfo.sha256;
   };
 
-  buildInputs = [
+  buildInputs = defaultDependencies ++ [
     which makeWrapper
     python perl pkgconfig
-    nspr nss udev bzip2
+    nspr udev
     utillinux alsaLib
     gcc bison gperf
     krb5
@@ -49,12 +88,13 @@ in stdenv.mkDerivation rec {
 
   patches = stdenv.lib.optional (!useSELinux) ./enable_seccomp.patch;
 
-  gypFlags = mkGypFlags ({
+  gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;
     proprietary_codecs = false;
     use_gnome_keyring = gnomeKeyringSupport;
     disable_nacl = !naclSupport;
+    use_openssl = true;
     selinux = useSELinux;
     use_cups = false;
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
@@ -65,29 +105,6 @@ in stdenv.mkDerivation rec {
 
   buildType = "Release";
 
-  /* TODO:
-  use_system_bzip2 = true;
-  use_system_ffmpeg = true;
-  use_system_flac = true;
-  use_system_harfbuzz = true;
-  use_system_icu = true;
-  use_system_libevent = true;
-  use_system_libexpat = true;
-  use_system_libjpeg = true;
-  use_system_libpng = true;
-  use_system_libwebp = true;
-  use_system_libxml = true;
-  use_system_skia = true;
-  use_system_speex = true;
-  use_system_sqlite = true;
-  use_system_ssl = true;
-  use_system_stlport = true;
-  use_system_v8 = true;
-  use_system_xdg_utils = true;
-  use_system_yasm = true;
-  use_system_zlib = true;
-  */
-
   configurePhase = ''
     python build/gyp_chromium --depth "$(pwd)" ${gypFlags}
   '';

From 82cb39f7d5a39e2c6b31f201ba7590ddfb2ce6b3 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 17:56:44 +0200
Subject: [PATCH 09/22] chromium: Rename "chrome" binary to "chromium".

This is to make it more consistent with the naming of the package file and also
consistent with the build, as we're not using the Google branded version.

In addition the derivation attribute set now has a packageName value which can
be used to easily switch the binary names and paths, just in case we want to
switch to using "chrome" (or something entirely different) again.
---
 .../networking/browsers/chromium/default.nix    | 17 +++++++++--------
 pkgs/top-level/all-packages.nix                 |  6 +++---
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 872c2230acdf3..fe7f62d157bac 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -64,7 +64,8 @@ let
   ];
 
 in stdenv.mkDerivation rec {
-  name = "chromium-${version}";
+  name = "${packageName}-${version}";
+  packageName = "chromium";
 
   version = sourceInfo.version;
 
@@ -119,24 +120,24 @@ in stdenv.mkDerivation rec {
   '';
 
   installPhase = ''
-    mkdir -vp "$out/libexec/chrome"
-    cp -v "out/${buildType}/"*.pak "$out/libexec/chrome/"
-    cp -vR "out/${buildType}/locales" "out/${buildType}/resources" "$out/libexec/chrome/"
+    mkdir -vp "$out/libexec/${packageName}"
+    cp -v "out/${buildType}/"*.pak "$out/libexec/${packageName}/"
+    cp -vR "out/${buildType}/locales" "out/${buildType}/resources" "$out/libexec/${packageName}/"
 
-    cp -v "out/${buildType}/chrome" "$out/libexec/chrome/chrome"
+    cp -v "out/${buildType}/chrome" "$out/libexec/${packageName}/${packageName}"
 
     mkdir -vp "$out/bin"
-    makeWrapper "$out/libexec/chrome/chrome" "$out/bin/chrome"
+    makeWrapper "$out/libexec/${packageName}/${packageName}" "$out/bin/${packageName}"
 
     mkdir -vp "$out/share/man/man1"
-    cp -v "out/${buildType}/chrome.1" "$out/share/man/man1/chrome.1"
+    cp -v "out/${buildType}/chrome.1" "$out/share/man/man1/${packageName}.1"
 
     for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do
       num_and_suffix="''${icon_file##*logo_}"
       icon_size="''${num_and_suffix%.*}"
       logo_output_path="$out/share/icons/hicolor/''${icon_size}x''${icon_size}/apps"
       mkdir -vp "$logo_output_path"
-      cp -v "$icon_file" "$logo_output_path/chrome.png"
+      cp -v "$icon_file" "$logo_output_path/${packageName}.png"
     done
   '';
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index aff5b2cdf3456..d5f113076f668 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6328,13 +6328,13 @@ let
     xulrunner = firefox36Pkgs.xulrunner;
   };
 
-  chrome = lowPrio (callPackage ../applications/networking/browsers/chromium {
+  chromium = lowPrio (callPackage ../applications/networking/browsers/chromium {
     gconf = gnome.GConf;
   });
 
   chromeWrapper = wrapFirefox
-    { browser = chrome; browserName = "chrome"; desktopName = "Chrome";
-      icon = "${chrome}/libexec/chrome/product_logo_48.png";
+    { browser = chromium; browserName = chromium.packageName; desktopName = "Chromium";
+      icon = "${chromium}/share/icons/hicolor/48x48/apps/${chromium.packageName}.png";
     };
 
   cinelerra = callPackage ../applications/video/cinelerra { };

From 67ea99934f9d5a325f238032cec8d7608c90b2b8 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 18:05:38 +0200
Subject: [PATCH 10/22] chromium: Use patches from system OpenSSL.

This is mainly because of the patch to use OPENSSL_X509_CERT_FILE as a way to
specify the CA bundle. A browser which isn't able to verify SSL certificates
might be somewhat useless.
---
 pkgs/applications/networking/browsers/chromium/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index fe7f62d157bac..7b71df6f715f2 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -85,10 +85,16 @@ in stdenv.mkDerivation rec {
     libXScrnSaver libXcursor
   ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring;
 
+  opensslPatches = openssl.patches;
+
   prePatch = "patchShebangs .";
 
   patches = stdenv.lib.optional (!useSELinux) ./enable_seccomp.patch;
 
+  postPatch = stdenv.lib.optionalString useOpenSSL ''
+    cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
+  '';
+
   gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;

From 498f59821d2f65e09542c127ad8210963454f954 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 18:11:59 +0200
Subject: [PATCH 11/22] chromium: Allow to switch off openssl support.

Currently building fails with NSS, so we're using OpenSSL by default. And that's
why we want to make this configurable so if we manage to fix that build failure,
we could switch to using NSS by default.
---
 .../networking/browsers/chromium/default.nix           | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 7b71df6f715f2..57f07385df37e 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -8,7 +8,7 @@
 , v8, xdg_utils, yasm, zlib
 
 , python, perl, pkgconfig
-, nspr, udev
+, nspr, nss, udev
 , utillinux, alsaLib
 , gcc, bison, gperf
 , krb5
@@ -17,6 +17,7 @@
 
 , useSELinux ? false
 , naclSupport ? false
+, useOpenSSL ? true
 , gnomeKeyringSupport ? false
 , useProprietaryCodecs ? false
 }:
@@ -59,7 +60,7 @@ let
     bzip2 ffmpeg flac # harfbuzz
     icu libevent expat libjpeg
     libpng libwebp libxml2 libxslt # skia
-    speex sqlite openssl # stlport
+    speex sqlite # stlport
     v8 xdg_utils yasm zlib
   ];
 
@@ -78,6 +79,7 @@ in stdenv.mkDerivation rec {
     which makeWrapper
     python perl pkgconfig
     nspr udev
+    (if useOpenSSL then openssl else nss)
     utillinux alsaLib
     gcc bison gperf
     krb5
@@ -85,7 +87,7 @@ in stdenv.mkDerivation rec {
     libXScrnSaver libXcursor
   ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring;
 
-  opensslPatches = openssl.patches;
+  opensslPatches = stdenv.lib.optional useOpenSSL openssl.patches;
 
   prePatch = "patchShebangs .";
 
@@ -101,7 +103,7 @@ in stdenv.mkDerivation rec {
     proprietary_codecs = false;
     use_gnome_keyring = gnomeKeyringSupport;
     disable_nacl = !naclSupport;
-    use_openssl = true;
+    use_openssl = useOpenSSL;
     selinux = useSELinux;
     use_cups = false;
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {

From 93abd07c0c46fab76362c9c37bfe73f012170700 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 19 Jun 2012 20:21:31 +0200
Subject: [PATCH 12/22] chromium: Add flag to disable Gnome support.

This also separates gcrypt and gconf from the basic dependencies.
Unfortunately we cannot get rid of dbus_glib altogether, but maybe we want to
work on a patch to get rid of it? On the other hand it seems to be a TODO of the
chromium project itself, so let's wait and see.
---
 .../applications/networking/browsers/chromium/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 57f07385df37e..90c146f8e3b6f 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -18,6 +18,7 @@
 , useSELinux ? false
 , naclSupport ? false
 , useOpenSSL ? true
+, enableGnomeSupport ? false
 , gnomeKeyringSupport ? false
 , useProprietaryCodecs ? false
 }:
@@ -83,9 +84,10 @@ in stdenv.mkDerivation rec {
     utillinux alsaLib
     gcc bison gperf
     krb5
-    glib gtk gconf libgcrypt dbus_glib
+    glib gtk dbus_glib
     libXScrnSaver libXcursor
-  ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring;
+  ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring
+    ++ stdenv.lib.optionals enableGnomeSupport [ gconf libgcrypt ];
 
   opensslPatches = stdenv.lib.optional useOpenSSL openssl.patches;
 
@@ -102,6 +104,8 @@ in stdenv.mkDerivation rec {
     linux_use_gold_flags = false;
     proprietary_codecs = false;
     use_gnome_keyring = gnomeKeyringSupport;
+    use_gconf = enableGnomeSupport;
+    use_gio = enableGnomeSupport;
     disable_nacl = !naclSupport;
     use_openssl = useOpenSSL;
     selinux = useSELinux;

From 637924570a59ba17d35bdffab0b507b8352b9b0b Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 06:57:25 +0200
Subject: [PATCH 13/22] chromium: Add mesa to build dependencies.

This finally enables support for WebGL and accelerated rendering.
---
 .../networking/browsers/chromium/default.nix  | 48 ++++++++++---------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 90c146f8e3b6f..5a04731bc0edd 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchsvn, makeWrapper, which
+{ stdenv, getConfig, fetchurl, fetchsvn, makeWrapper, which
 
 # default dependencies
 , bzip2, ffmpeg, flac #, harfbuzz
@@ -13,17 +13,21 @@
 , gcc, bison, gperf
 , krb5
 , glib, gtk, gconf, libgcrypt, libgnome_keyring, dbus_glib
-, libXScrnSaver, libXcursor
-
-, useSELinux ? false
-, naclSupport ? false
-, useOpenSSL ? true
-, enableGnomeSupport ? false
-, gnomeKeyringSupport ? false
-, useProprietaryCodecs ? false
+, libXScrnSaver, libXcursor, mesa
 }:
 
 let
+  mkConfigurable = stdenv.lib.mapAttrs (flag: default: getConfig ["chromium" flag] default);
+
+  config = mkConfigurable {
+    useSELinux = false;
+    naclSupport = false;
+    useOpenSSL = true;
+    enableGnomeSupport = false;
+    gnomeKeyringSupport = false;
+    useProprietaryCodecs = false;
+  };
+
   sourceInfo = import ./source.nix;
 
   mkGypFlags = with stdenv.lib; let
@@ -80,22 +84,22 @@ in stdenv.mkDerivation rec {
     which makeWrapper
     python perl pkgconfig
     nspr udev
-    (if useOpenSSL then openssl else nss)
+    (if config.useOpenSSL then openssl else nss)
     utillinux alsaLib
     gcc bison gperf
     krb5
     glib gtk dbus_glib
-    libXScrnSaver libXcursor
-  ] ++ stdenv.lib.optional gnomeKeyringSupport libgnome_keyring
-    ++ stdenv.lib.optionals enableGnomeSupport [ gconf libgcrypt ];
+    libXScrnSaver libXcursor mesa
+  ] ++ stdenv.lib.optional config.gnomeKeyringSupport libgnome_keyring
+    ++ stdenv.lib.optionals config.enableGnomeSupport [ gconf libgcrypt ];
 
-  opensslPatches = stdenv.lib.optional useOpenSSL openssl.patches;
+  opensslPatches = stdenv.lib.optional config.useOpenSSL openssl.patches;
 
   prePatch = "patchShebangs .";
 
-  patches = stdenv.lib.optional (!useSELinux) ./enable_seccomp.patch;
+  patches = stdenv.lib.optional (!config.useSELinux) ./enable_seccomp.patch;
 
-  postPatch = stdenv.lib.optionalString useOpenSSL ''
+  postPatch = stdenv.lib.optionalString config.useOpenSSL ''
     cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
   '';
 
@@ -103,12 +107,12 @@ in stdenv.mkDerivation rec {
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;
     proprietary_codecs = false;
-    use_gnome_keyring = gnomeKeyringSupport;
-    use_gconf = enableGnomeSupport;
-    use_gio = enableGnomeSupport;
-    disable_nacl = !naclSupport;
-    use_openssl = useOpenSSL;
-    selinux = useSELinux;
+    use_gnome_keyring = config.gnomeKeyringSupport;
+    use_gconf = config.enableGnomeSupport;
+    use_gio = config.enableGnomeSupport;
+    disable_nacl = !config.naclSupport;
+    use_openssl = config.useOpenSSL;
+    selinux = config.useSELinux;
     use_cups = false;
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
     target_arch = "x64";

From e6b64fbadd086b527e9f30700a7ead1baf25960b Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 07:38:10 +0200
Subject: [PATCH 14/22] chromium: Update source to version 21.0.1179.1.

---
 pkgs/applications/networking/browsers/chromium/source.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/source.nix b/pkgs/applications/networking/browsers/chromium/source.nix
index ce7ef056ba96f..2dc94ea294363 100644
--- a/pkgs/applications/networking/browsers/chromium/source.nix
+++ b/pkgs/applications/networking/browsers/chromium/source.nix
@@ -1,5 +1,5 @@
 {
-  version = "21.0.1174.1";
-  url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-21.0.1174.1.tar.bz2";
-  sha256 = "00jd3lzdbxm4rlqvxf0wfz9pvsza85rhlb0pzdzrdjy45kn06a75";
+  version = "21.0.1179.1";
+  url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-21.0.1179.1.tar.bz2";
+  sha256 = "1ynm1dv8nwjg6a0absid1g3r62y0mpb74pmal8g9nmqb92rlkdnc";
 }

From d44d4c6c19b67a9aa6fe71ffcb4a69028cc0ac9a Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 10:31:54 +0200
Subject: [PATCH 15/22] chromium: Implement handling of enableCUPS.

We also need to patch the compilation process, so it allows deprecated
declarations when building support for the cups backend. In addition, we also
need to add libgcrypt to dependencies as it's needed by the cups implementation.
---
 .../browsers/chromium/cups_allow_deprecated.patch  | 14 ++++++++++++++
 .../networking/browsers/chromium/default.nix       |  9 ++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 pkgs/applications/networking/browsers/chromium/cups_allow_deprecated.patch

diff --git a/pkgs/applications/networking/browsers/chromium/cups_allow_deprecated.patch b/pkgs/applications/networking/browsers/chromium/cups_allow_deprecated.patch
new file mode 100644
index 0000000000000..4fd6a24cc1430
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/cups_allow_deprecated.patch
@@ -0,0 +1,14 @@
+diff --git a/printing/printing.gyp b/printing/printing.gyp
+index 19fa1b2..f11d76e 100644
+--- a/printing/printing.gyp
++++ b/printing/printing.gyp
+@@ -26,6 +26,9 @@
+       'include_dirs': [
+         '..',
+       ],
++      'cflags': [
++        '-Wno-deprecated-declarations',
++      ],
+       'sources': [
+         'backend/print_backend.cc',
+         'backend/print_backend.h',
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 5a04731bc0edd..f0f443d15d64f 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -26,6 +26,7 @@ let
     enableGnomeSupport = false;
     gnomeKeyringSupport = false;
     useProprietaryCodecs = false;
+    enableCUPS = false;
   };
 
   sourceInfo = import ./source.nix;
@@ -91,13 +92,15 @@ in stdenv.mkDerivation rec {
     glib gtk dbus_glib
     libXScrnSaver libXcursor mesa
   ] ++ stdenv.lib.optional config.gnomeKeyringSupport libgnome_keyring
-    ++ stdenv.lib.optionals config.enableGnomeSupport [ gconf libgcrypt ];
+    ++ stdenv.lib.optionals config.enableGnomeSupport [ gconf libgcrypt ]
+    ++ stdenv.lib.optional config.enableCUPS libgcrypt;
 
   opensslPatches = stdenv.lib.optional config.useOpenSSL openssl.patches;
 
   prePatch = "patchShebangs .";
 
-  patches = stdenv.lib.optional (!config.useSELinux) ./enable_seccomp.patch;
+  patches = stdenv.lib.optional (!config.useSELinux) ./enable_seccomp.patch
+         ++ stdenv.lib.optional config.enableCUPS ./cups_allow_deprecated.patch;
 
   postPatch = stdenv.lib.optionalString config.useOpenSSL ''
     cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
@@ -113,7 +116,7 @@ in stdenv.mkDerivation rec {
     disable_nacl = !config.naclSupport;
     use_openssl = config.useOpenSSL;
     selinux = config.useSELinux;
-    use_cups = false;
+    use_cups = config.enableCUPS;
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
     target_arch = "x64";
   } // stdenv.lib.optionalAttrs (stdenv.system == "i686-linux") {

From c53c0efc6a0c49748fb663f0354581e5f3f346a0 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 10:36:26 +0200
Subject: [PATCH 16/22] chromium: Enable proprietary codecs by default.

We now switch to using bundled ffmpeg, as this adds stuff such as support for
the H.264 codec.
---
 .../networking/browsers/chromium/default.nix             | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index f0f443d15d64f..4818bac54525e 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -25,7 +25,7 @@ let
     useOpenSSL = true;
     enableGnomeSupport = false;
     gnomeKeyringSupport = false;
-    useProprietaryCodecs = false;
+    useProprietaryCodecs = true;
     enableCUPS = false;
   };
 
@@ -41,7 +41,6 @@ let
 
   gypFlagsUseSystemLibs = {
     use_system_bzip2 = true;
-    use_system_ffmpeg = false; # FIXME: libavformat...
     use_system_flac = true;
     use_system_harfbuzz = false; # TODO
     use_system_icu = false; # FIXME: wrong version!
@@ -63,7 +62,7 @@ let
   };
 
   defaultDependencies = [
-    bzip2 ffmpeg flac # harfbuzz
+    bzip2 flac # harfbuzz
     icu libevent expat libjpeg
     libpng libwebp libxml2 libxslt # skia
     speex sqlite # stlport
@@ -117,6 +116,10 @@ in stdenv.mkDerivation rec {
     use_openssl = config.useOpenSSL;
     selinux = config.useSELinux;
     use_cups = config.enableCUPS;
+  } // stdenv.lib.optionalAttrs config.useProprietaryCodecs {
+    # enable support for the H.264 codec
+    proprietary_codecs = true;
+    ffmpeg_branding = "Chrome";
   } // stdenv.lib.optionalAttrs (stdenv.system == "x86_64-linux") {
     target_arch = "x64";
   } // stdenv.lib.optionalAttrs (stdenv.system == "i686-linux") {

From e60ba92882f35201776a5cbb15b9fadcc4d6f1a1 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 10:39:48 +0200
Subject: [PATCH 17/22] chromium: Add dependency for libselinux.

This doesn't really work at the current state of NixOS and SELinux support, but
will make it easier in case we someday support SELinux altogether.
---
 pkgs/applications/networking/browsers/chromium/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 4818bac54525e..c8574f3269985 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -14,6 +14,7 @@
 , krb5
 , glib, gtk, gconf, libgcrypt, libgnome_keyring, dbus_glib
 , libXScrnSaver, libXcursor, mesa
+, libselinux
 }:
 
 let
@@ -92,6 +93,7 @@ in stdenv.mkDerivation rec {
     libXScrnSaver libXcursor mesa
   ] ++ stdenv.lib.optional config.gnomeKeyringSupport libgnome_keyring
     ++ stdenv.lib.optionals config.enableGnomeSupport [ gconf libgcrypt ]
+    ++ stdenv.lib.optional config.useSELinux libselinux
     ++ stdenv.lib.optional config.enableCUPS libgcrypt;
 
   opensslPatches = stdenv.lib.optional config.useOpenSSL openssl.patches;

From 301fe5d5b6f64d30df3f21e21302931e40c3d2bf Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 10:41:49 +0200
Subject: [PATCH 18/22] chromium: Cleanup dependencies.

This mostly is a code structure change, but also involves deleting some unused
dependencies and adding a few constraints on existing ones.
---
 .../networking/browsers/chromium/default.nix  | 41 +++++++++++--------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index c8574f3269985..6413957239489 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,20 +1,26 @@
 { stdenv, getConfig, fetchurl, fetchsvn, makeWrapper, which
 
 # default dependencies
-, bzip2, ffmpeg, flac #, harfbuzz
-, icu, libevent, expat, libjpeg
-, libpng, libwebp, libxml2, libxslt #, skia
-, speex, sqlite, openssl #, stlport
+, bzip2, ffmpeg, flac
+, libevent, expat, libjpeg
+, libpng, libxml2, libxslt
+, speex, sqlite
 , v8, xdg_utils, yasm, zlib
 
 , python, perl, pkgconfig
-, nspr, nss, udev
+, nspr, udev
 , utillinux, alsaLib
 , gcc, bison, gperf
 , krb5
-, glib, gtk, gconf, libgcrypt, libgnome_keyring, dbus_glib
+, glib, gtk, dbus_glib
 , libXScrnSaver, libXcursor, mesa
-, libselinux
+
+# optional dependencies
+, libgnome_keyring # gnomeKeyringSupport
+, gconf # enableGnomeSupport
+, libgcrypt # enableGnomeSupport || enableCUPS
+, nss, openssl # useOpenSSL
+, libselinux # useSELinux
 }:
 
 let
@@ -43,30 +49,31 @@ let
   gypFlagsUseSystemLibs = {
     use_system_bzip2 = true;
     use_system_flac = true;
-    use_system_harfbuzz = false; # TODO
-    use_system_icu = false; # FIXME: wrong version!
     use_system_libevent = true;
     use_system_libexpat = true;
     use_system_libjpeg = true;
     use_system_libpng = true;
-    use_system_libwebp = false; # See chromium issue #133161
     use_system_libxml = true;
-    use_system_skia = false; # TODO
     use_system_speex = true;
-    use_system_sqlite = false; # FIXME
     use_system_ssl = true;
     use_system_stlport = true;
-    use_system_v8 = false; # TODO...
     use_system_xdg_utils = true;
     use_system_yasm = true;
     use_system_zlib = true;
+
+    use_system_harfbuzz = false; # TODO
+    use_system_icu = false; # FIXME: wrong version!
+    use_system_libwebp = false; # See chromium issue #133161
+    use_system_skia = false; # TODO
+    use_system_sqlite = false; # FIXME
+    use_system_v8 = false; # TODO...
   };
 
   defaultDependencies = [
-    bzip2 flac # harfbuzz
-    icu libevent expat libjpeg
-    libpng libwebp libxml2 libxslt # skia
-    speex sqlite # stlport
+    bzip2 flac
+    libevent expat libjpeg
+    libpng libxml2 libxslt
+    speex sqlite
     v8 xdg_utils yasm zlib
   ];
 

From 8e3be3790d4da45a3bea87dc182ddd676f3be638 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 11:19:01 +0200
Subject: [PATCH 19/22] chromium: Use bundled versions of some libraries.

These libraries are heavily patched by the chromium project itself, so let's use
the bundled versions as those won't build anyway and also don't break functional
purity.
---
 .../networking/browsers/chromium/default.nix  | 25 ++++++++-----------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 6413957239489..b297a3a257f21 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -1,17 +1,15 @@
-{ stdenv, getConfig, fetchurl, fetchsvn, makeWrapper, which
+{ stdenv, getConfig, fetchurl, makeWrapper, which
 
 # default dependencies
-, bzip2, ffmpeg, flac
+, bzip2, flac, speex
 , libevent, expat, libjpeg
 , libpng, libxml2, libxslt
-, speex, sqlite
-, v8, xdg_utils, yasm, zlib
+, xdg_utils, yasm, zlib
 
 , python, perl, pkgconfig
-, nspr, udev
+, nspr, udev, krb5
 , utillinux, alsaLib
 , gcc, bison, gperf
-, krb5
 , glib, gtk, dbus_glib
 , libXScrnSaver, libXcursor, mesa
 
@@ -61,20 +59,19 @@ let
     use_system_yasm = true;
     use_system_zlib = true;
 
-    use_system_harfbuzz = false; # TODO
-    use_system_icu = false; # FIXME: wrong version!
+    use_system_harfbuzz = false;
+    use_system_icu = false;
     use_system_libwebp = false; # See chromium issue #133161
-    use_system_skia = false; # TODO
-    use_system_sqlite = false; # FIXME
-    use_system_v8 = false; # TODO...
+    use_system_skia = false;
+    use_system_sqlite = false; # See chromium issue #22208
+    use_system_v8 = false;
   };
 
   defaultDependencies = [
-    bzip2 flac
+    bzip2 flac speex
     libevent expat libjpeg
     libpng libxml2 libxslt
-    speex sqlite
-    v8 xdg_utils yasm zlib
+    xdg_utils yasm zlib
   ];
 
 in stdenv.mkDerivation rec {

From 3ca9701a9723a5b4e3739a6c01ce9d6b18a094d0 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 11:33:36 +0200
Subject: [PATCH 20/22] chromium: Simplify names of getConfig options.

This makes it easier to remember, as so far the naming wasn't quite consistent,
sometimes "use*", sometimes "enable*". So in using just use the feature name
itself, it should be pretty clear.
---
 .../networking/browsers/chromium/default.nix  | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index b297a3a257f21..1b5b6a54f0f6b 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -14,24 +14,24 @@
 , libXScrnSaver, libXcursor, mesa
 
 # optional dependencies
-, libgnome_keyring # gnomeKeyringSupport
-, gconf # enableGnomeSupport
-, libgcrypt # enableGnomeSupport || enableCUPS
-, nss, openssl # useOpenSSL
-, libselinux # useSELinux
+, libgnome_keyring # config.gnomeKeyring
+, gconf # config.gnome
+, libgcrypt # config.gnome || config.cups
+, nss, openssl # config.openssl
+, libselinux # config.selinux
 }:
 
 let
   mkConfigurable = stdenv.lib.mapAttrs (flag: default: getConfig ["chromium" flag] default);
 
   config = mkConfigurable {
-    useSELinux = false;
-    naclSupport = false;
-    useOpenSSL = true;
-    enableGnomeSupport = false;
-    gnomeKeyringSupport = false;
-    useProprietaryCodecs = true;
-    enableCUPS = false;
+    selinux = false;
+    nacl = false;
+    openssl = true;
+    gnome = false;
+    gnomeKeyring = false;
+    proprietaryCodecs = true;
+    cups = false;
   };
 
   sourceInfo = import ./source.nix;
@@ -89,25 +89,25 @@ in stdenv.mkDerivation rec {
     which makeWrapper
     python perl pkgconfig
     nspr udev
-    (if config.useOpenSSL then openssl else nss)
+    (if config.openssl then openssl else nss)
     utillinux alsaLib
     gcc bison gperf
     krb5
     glib gtk dbus_glib
     libXScrnSaver libXcursor mesa
-  ] ++ stdenv.lib.optional config.gnomeKeyringSupport libgnome_keyring
-    ++ stdenv.lib.optionals config.enableGnomeSupport [ gconf libgcrypt ]
-    ++ stdenv.lib.optional config.useSELinux libselinux
-    ++ stdenv.lib.optional config.enableCUPS libgcrypt;
+  ] ++ stdenv.lib.optional config.gnomeKeyring libgnome_keyring
+    ++ stdenv.lib.optionals config.gnome [ gconf libgcrypt ]
+    ++ stdenv.lib.optional config.selinux libselinux
+    ++ stdenv.lib.optional config.cups libgcrypt;
 
-  opensslPatches = stdenv.lib.optional config.useOpenSSL openssl.patches;
+  opensslPatches = stdenv.lib.optional config.openssl openssl.patches;
 
   prePatch = "patchShebangs .";
 
-  patches = stdenv.lib.optional (!config.useSELinux) ./enable_seccomp.patch
-         ++ stdenv.lib.optional config.enableCUPS ./cups_allow_deprecated.patch;
+  patches = stdenv.lib.optional (!config.selinux) ./enable_seccomp.patch
+         ++ stdenv.lib.optional config.cups ./cups_allow_deprecated.patch;
 
-  postPatch = stdenv.lib.optionalString config.useOpenSSL ''
+  postPatch = stdenv.lib.optionalString config.openssl ''
     cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
   '';
 
@@ -115,14 +115,14 @@ in stdenv.mkDerivation rec {
     linux_use_gold_binary = false;
     linux_use_gold_flags = false;
     proprietary_codecs = false;
-    use_gnome_keyring = config.gnomeKeyringSupport;
-    use_gconf = config.enableGnomeSupport;
-    use_gio = config.enableGnomeSupport;
-    disable_nacl = !config.naclSupport;
-    use_openssl = config.useOpenSSL;
-    selinux = config.useSELinux;
-    use_cups = config.enableCUPS;
-  } // stdenv.lib.optionalAttrs config.useProprietaryCodecs {
+    use_gnome_keyring = config.gnomeKeyring;
+    use_gconf = config.gnome;
+    use_gio = config.gnome;
+    disable_nacl = !config.nacl;
+    use_openssl = config.openssl;
+    selinux = config.selinux;
+    use_cups = config.cups;
+  } // stdenv.lib.optionalAttrs config.proprietaryCodecs {
     # enable support for the H.264 codec
     proprietary_codecs = true;
     ffmpeg_branding = "Chrome";

From 652b887f22694751255835bcd195483f07ee704c Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 20 Jun 2012 12:45:14 +0200
Subject: [PATCH 21/22] chromium: Add support for pulseaudio.

Which is enabled by default if neither pulseaudio or chromium.pulseaudio is
explicitly set. The reason is that chromium falls back to ALSA in case no
pulseaudio is available.

In addition it was necessary to patch media.gyp to ignore the array-out-of-
bounds warning.
---
 .../networking/browsers/chromium/default.nix         |  9 +++++++--
 .../browsers/chromium/pulseaudio_array_bounds.patch  | 12 ++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/applications/networking/browsers/chromium/pulseaudio_array_bounds.patch

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 1b5b6a54f0f6b..308547673cef2 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -18,6 +18,7 @@
 , gconf # config.gnome
 , libgcrypt # config.gnome || config.cups
 , nss, openssl # config.openssl
+, pulseaudio # config.pulseaudio
 , libselinux # config.selinux
 }:
 
@@ -32,6 +33,7 @@ let
     gnomeKeyring = false;
     proprietaryCodecs = true;
     cups = false;
+    pulseaudio = getConfig ["pulseaudio"] true;
   };
 
   sourceInfo = import ./source.nix;
@@ -98,14 +100,16 @@ in stdenv.mkDerivation rec {
   ] ++ stdenv.lib.optional config.gnomeKeyring libgnome_keyring
     ++ stdenv.lib.optionals config.gnome [ gconf libgcrypt ]
     ++ stdenv.lib.optional config.selinux libselinux
-    ++ stdenv.lib.optional config.cups libgcrypt;
+    ++ stdenv.lib.optional config.cups libgcrypt
+    ++ stdenv.lib.optional config.pulseaudio pulseaudio;
 
   opensslPatches = stdenv.lib.optional config.openssl openssl.patches;
 
   prePatch = "patchShebangs .";
 
   patches = stdenv.lib.optional (!config.selinux) ./enable_seccomp.patch
-         ++ stdenv.lib.optional config.cups ./cups_allow_deprecated.patch;
+         ++ stdenv.lib.optional config.cups ./cups_allow_deprecated.patch
+         ++ stdenv.lib.optional config.pulseaudio ./pulseaudio_array_bounds.patch;
 
   postPatch = stdenv.lib.optionalString config.openssl ''
     cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
@@ -118,6 +122,7 @@ in stdenv.mkDerivation rec {
     use_gnome_keyring = config.gnomeKeyring;
     use_gconf = config.gnome;
     use_gio = config.gnome;
+    use_pulseaudio = config.pulseaudio;
     disable_nacl = !config.nacl;
     use_openssl = config.openssl;
     selinux = config.selinux;
diff --git a/pkgs/applications/networking/browsers/chromium/pulseaudio_array_bounds.patch b/pkgs/applications/networking/browsers/chromium/pulseaudio_array_bounds.patch
new file mode 100644
index 0000000000000..ca78b6959c058
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/pulseaudio_array_bounds.patch
@@ -0,0 +1,12 @@
+diff --git a/media/media.gyp b/media/media.gyp
+index 2a8c6c6..66ca767 100644
+--- a/media/media.gyp
++++ b/media/media.gyp
+@@ -399,6 +399,7 @@
+             ['use_pulseaudio == 1', {
+               'cflags': [
+                 '<!@(pkg-config --cflags libpulse)',
++                '-Wno-array-bounds',
+               ],
+               'link_settings': {
+                 'libraries': [

From a8befd784eb5f1b90f54eb6616acd92de445b2e6 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Thu, 21 Jun 2012 17:27:36 +0200
Subject: [PATCH 22/22] chromium: Enable parallel building.

Always did this manually by putting -j8 into make flags, which i didn't commit,
as it obviously doesn't make sense to hardcode. However, this flag makes more
sense and obviously we need to avoid overriding buildPhase.
---
 .../networking/browsers/chromium/default.nix  | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 308547673cef2..a486c80e185d3 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -139,18 +139,28 @@ in stdenv.mkDerivation rec {
 
   buildType = "Release";
 
+  enableParallelBuilding = true;
+
   configurePhase = ''
     python build/gyp_chromium --depth "$(pwd)" ${gypFlags}
   '';
 
-  extraBuildFlags = let
+  makeFlags = let
     CC = "${gcc}/bin/gcc";
     CXX = "${gcc}/bin/g++";
-  in "CC=\"${CC}\" CXX=\"${CXX}\" CC.host=\"${CC}\" CXX.host=\"${CXX}\" LINK.host=\"${CXX}\"";
+  in [
+    "CC=${CC}"
+    "CXX=${CXX}"
+    "CC.host=${CC}"
+    "CXX.host=${CXX}"
+    "LINK.host=${CXX}"
+  ];
 
-  buildPhase = ''
-    make ${extraBuildFlags} BUILDTYPE=${buildType} library=shared_library chrome
-  '';
+  buildFlags = [
+    "BUILDTYPE=${buildType}"
+    "library=shared_library"
+    "chrome"
+  ];
 
   installPhase = ''
     mkdir -vp "$out/libexec/${packageName}"