With this change, java packages will build with openjdk by default. The
primary driver for this is legal: The build farm is not allowed to
distribute the proprietary Oracle jdk6, and so it is not allowed to
distribute any packages that depend on it. In my view, this is a purely
beneficial change: from the perspective of the build farm, packages will
go from undistributable due to licensing to either distributable or
undistributable due to failed build (if the package doesn't build
properly with openjdk), and from the perspective of the end user it is
very easy to override the jdk on a package-by-package basis or for all
of nixpkgs in the nixpkgs configuration.
This updates the stable version from 21.0.1180.79 to 21.0.1180.81 and introduces
version 22/23 for the beta/dev channels respectively. This needed quite a bit of
patching because beginning in version 22, the seccomp sandbox is considered
legacy (though BPF is still unfinished) and in order to successfully build, we
need to update the patches as well.
I'm merging this right into master for two reasons:
- There are no changes to the derivation if you're building the stable version
(which is the default), except for the upgrade to version 21.0.1180.81.
- Chromium currently has no reverse dependencies that may break due to this
update.
This originally was one single commit (just an update of all channels) until I
discovered the seccomp BPF build failure.
This enables legacy seccomp sandbox by default even on chromium 22, because the
BPF sandbox is still work in progress, please see:
http://crbug.com/139872http://crbug.com/130662
Because the BPF seccomp sandbox is used in case the legacy seccomp mode
initialization fails, we might need to patch this again, as soon as the BPF
sandbox is fully implemented to fall back to legacy seccomp and use BPF by
default.
We now have two patches for "default to seccomp" - one for Chromium 21 and one
for 22 or higher.
Users might want to override the 'src' and 'name' of go from 'hg'.
I make the expression compatible with that.
Aside, I also set GOARM in the wrapper for it to build programs fine on
armv5tel by default.
The patch doesn't apply in version 22 and newer, because mode 1 sandboxes are
connsidered "legacy" (well, apart from the fact that I'd personally prefer BPF
anyway), for reasons I wasn't able to find, yet. But let's proceed on BPF
integration and thus gain more insight on the exact reasons.
If you look at what changed, you'll surely notice that version 22 is now in
beta, so we have to expect things to break. And one thing that will break for
sure is the seccomp patch, because beginning with 22 the new BPF seccomp sandbox
is going to replace the mode 1 seccomp sandbox.