#!/bin/sh # # Copyright 2009 The Chromium Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. set -e # System-wide package configuration. DEFAULTS_FILE="/etc/default/google-chrome" # Add icons to the system icons XDG_ICON_RESOURCE="`command -v xdg-icon-resource 2> /dev/null || true`" if [ ! -x "$XDG_ICON_RESOURCE" ]; then echo "Error: Could not find xdg-icon-resource" >&2 exit 1 fi for icon in product_logo_16.png product_logo_24.png product_logo_32.png product_logo_48.png product_logo_64.png product_logo_128.png product_logo_256.png; do size="$(echo ${icon} | sed 's/[^0-9]//g')" "$XDG_ICON_RESOURCE" install --size "${size}" "/opt/google/chrome/${icon}" \ "google-chrome" done # Update cache of .desktop file MIME types. Non-fatal since it's just a cache. update-desktop-database > /dev/null 2>&1 || true # Updates defaults.list file if present. update_defaults_list() { # $1: name of the .desktop file local DEFAULTS_LIST="/usr/share/applications/defaults.list" if [ ! -f "${DEFAULTS_LIST}" ]; then return fi # Split key-value pair out of MimeType= line from the .desktop file, # then split semicolon-separated list of mime types (they should not contain # spaces). mime_types="$(grep MimeType= /usr/share/applications/${1} | cut -d '=' -f 2- | tr ';' ' ')" for mime_type in ${mime_types}; do if egrep -q "^${mime_type}=" "${DEFAULTS_LIST}"; then if ! egrep -q "^${mime_type}=.*${1}" "${DEFAULTS_LIST}"; then default_apps="$(grep ${mime_type}= "${DEFAULTS_LIST}" | cut -d '=' -f 2-)" egrep -v "^${mime_type}=" "${DEFAULTS_LIST}" > "${DEFAULTS_LIST}.new" echo "${mime_type}=${default_apps};${1}" >> "${DEFAULTS_LIST}.new" mv "${DEFAULTS_LIST}.new" "${DEFAULTS_LIST}" fi else # If there's no mention of the mime type in the file, add it. echo "${mime_type}=${1};" >> "${DEFAULTS_LIST}" fi done } update_defaults_list "google-chrome.desktop" # This function uses sed to insert the contents of one file into another file, # after the first line matching a given regular expression. If there is no # matching line, then the file is unchanged. insert_after_first_match() { # $1: file to update # $2: regular expression # $3: file to insert sed -i -e "1,/$2/ { /$2/ r $3 }" "$1" } # If /usr/share/gnome-control-center/default-apps/gnome-default-applications.xml # exists, it may need to be updated to add ourselves to the default applications # list. If we find the file and it does not seem to contain our patch already # (the patch is safe to leave even after uninstall), update it. GNOME_DFL_APPS=/usr/share/gnome-control-center/default-apps/gnome-default-applications.xml if [ -f "$GNOME_DFL_APPS" ]; then # Conditionally insert the contents of the file "default-app-block" after the # first "" line we find in gnome-default-applications.xml fgrep -q "Google Chrome" "$GNOME_DFL_APPS" || insert_after_first_match \ "$GNOME_DFL_APPS" \ "^[ ]*[ ]*$" \ "/opt/google/chrome/default-app-block" fi # This function performs the setup for the chrome management service process. # It creates a new chromemgmt group, creates the signing key file, and updates # permissions for both the signing key file and the binary. chrome_management_service_setup() { if [ ! -f "$DEFAULTS_FILE" ]; then return fi if ! grep -q "install_device_trust_key_management_command=true" \ "$DEFAULTS_FILE"; then return fi getent group chromemgmt > /dev/null || groupadd chromemgmt chgrp chromemgmt "/opt/google/chrome/chrome-management-service" chmod 2755 "/opt/google/chrome/chrome-management-service" mkdir -p "/etc/opt/chrome/policies/enrollment" SIGNING_KEY_FILE="/etc/opt/chrome/policies/enrollment/DeviceTrustSigningKey" if [ ! -e "$SIGNING_KEY_FILE" ]; then touch "$SIGNING_KEY_FILE" fi chgrp chromemgmt "$SIGNING_KEY_FILE" chmod 664 "$SIGNING_KEY_FILE" } chrome_management_service_setup # Add to the alternatives system # # On Ubuntu 12.04, we have the following priorities # (which can be obtain be installing browsers and running # update-alternatives --query x-www-browser): # # /usr/bin/epiphany-browser 85 # /usr/bin/firefox 40 # /usr/bin/konqueror 30 # # While we would expect these values to be keyed off the most popular # browser (Firefox), in practice, we treat Epiphany as the lower bound, # resulting in the following scheme: CHANNEL=stable case $CHANNEL in stable ) # Good enough to be the default. PRIORITY=200 ;; beta ) # Almost good enough to be the default. (Firefox stable should arguably be # higher than this, but since that's below the "Epiphany threshold", we're # not setting our priority below it. Anyone want to poke Firefox to raise # their priority?) PRIORITY=150 ;; unstable ) # Unstable, give it the "lowest" priority. PRIORITY=120 ;; * ) PRIORITY=0 ;; esac update-alternatives --install /usr/bin/x-www-browser x-www-browser \ /usr/bin/google-chrome-stable $PRIORITY update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser \ /usr/bin/google-chrome-stable $PRIORITY update-alternatives --install /usr/bin/google-chrome google-chrome \ /usr/bin/google-chrome-stable $PRIORITY # sources.list setting for google-chrome updates. REPOCONFIG="deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" REPOCONFIGREGEX="deb (\[arch=[^]]*\bamd64\b[^]]*\][[:space:]]*) https?://dl.google.com/linux/chrome/deb/ stable main" APT_GET="`command -v apt-get 2> /dev/null`" APT_CONFIG="`command -v apt-config 2> /dev/null`" SOURCES_PREAMBLE="### THIS FILE IS AUTOMATICALLY CONFIGURED ### # You may comment out this entry, but any other modifications may be lost.\n" # Set variables for the locations of the apt trusted keyrings. find_apt_trusted() { eval $("$APT_CONFIG" shell APT_TRUSTEDDIR 'Dir::Etc::trustedparts/d') } # Install the repository/package signing keys. # (see also: https://www.google.com/linuxrepositories/) install_key() { find_apt_trusted # ASCII-armored keyrings are only supported in apt 1.4 and later, but we must # continue supporting Trusty and Xenial which have older versions of apt, so # the keyring is installed as a binary blob. base64 is used to decode the # ASCII keyring, which should always be available since it comes from the # coreutils. (base64 -d > "$APT_TRUSTEDDIR/google-chrome.gpg") </dev/null) # Check if the correct repository configuration is in there. REPOMATCH=$(grep -E "^[[:space:]#]*\b$REPOCONFIGREGEX\b" "$SOURCELIST" \ 2>/dev/null) # Check if the correct repository is disabled. MATCH_DISABLED=$(echo "$REPOMATCH" | grep "^[[:space:]]*#" 2>/dev/null) # Now figure out if we need to fix things. BADCONFIG=1 if [ "$REPOMATCH" ]; then # If it's there and active, that's ideal, so nothing to do. if [ ! "$MATCH_DISABLED" ]; then BADCONFIG=0 else # If it's not active, but neither is anything else, that's fine too. if [ ! "$ACTIVECONFIGS" ]; then BADCONFIG=0 fi fi fi if [ $BADCONFIG -eq 0 ]; then return 0 fi # At this point, either the correct configuration is completely missing, or # the wrong configuration is active. In that case, just abandon the mess and # recreate the file with the correct configuration. If there were no active # configurations before, create the new configuration disabled. DISABLE="" if [ ! "$ACTIVECONFIGS" ]; then DISABLE="#" fi printf "$SOURCES_PREAMBLE" > "$SOURCELIST" printf "$DISABLE$REPOCONFIG\n" >> "$SOURCELIST" if [ $? -eq 0 ]; then return 0 fi return 2 } # Add the Google repository to the apt sources. # Returns: # 0 - sources list was created # 2 - error create_sources_lists() { if [ ! "$REPOCONFIG" ]; then return 0 fi find_apt_sources SOURCELIST="$APT_SOURCESDIR/google-chrome.list" if [ -d "$APT_SOURCESDIR" ]; then printf "$SOURCES_PREAMBLE" > "$SOURCELIST" printf "$REPOCONFIG\n" >> "$SOURCELIST" if [ $? -eq 0 ]; then return 0 fi fi return 2 } # Remove our custom sources list file. # Returns: # 0 - successfully removed, or not configured # !0 - failed to remove clean_sources_lists() { if [ ! "$REPOCONFIG" ]; then return 0 fi find_apt_sources rm -f "$APT_SOURCESDIR/google-chrome.list" } # Detect if the repo config was disabled by distro upgrade and enable if # necessary. handle_distro_upgrade() { if [ ! "$REPOCONFIG" ]; then return 0 fi find_apt_sources SOURCELIST="$APT_SOURCESDIR/google-chrome.list" if [ -r "$SOURCELIST" ]; then REPOLINE=$(grep -E "^[[:space:]]*#[[:space:]]*$REPOCONFIGREGEX[[:space:]]*# disabled on upgrade to .*" "$SOURCELIST") if [ $? -eq 0 ]; then sed -i -e "s,^[[:space:]]*#[[:space:]]*$.*$[[:space:]]*# disabled on upgrade to .*,\1," \ "$SOURCELIST" LOGGER=$(command -v logger 2> /dev/null) if [ "$LOGGER" ]; then "$LOGGER" -t "$0" "Reverted repository modification: $REPOLINE." fi fi fi } DEFAULT_ARCH="amd64" get_lib_dir() { if [ "$DEFAULT_ARCH" = "i386" ]; then LIBDIR=lib/i386-linux-gnu elif [ "$DEFAULT_ARCH" = "amd64" ]; then LIBDIR=lib/x86_64-linux-gnu elif [ "$DEFAULT_ARCH" = "armhf" ]; then LIBDIR=lib/arm-linux-gnueabihf elif [ "$DEFAULT_ARCH" = "arm64" ]; then LIBDIR=lib/aarch64-linux-gnu elif [ "$DEFAULT_ARCH" = "mipsel" ]; then LIBDIR=lib/mipsel-linux-gnu elif [ "$DEFAULT_ARCH" = "mips64el" ]; then LIBDIR=lib/mips64el-linux-gnuabi64 else echo Unknown CPU Architecture: "$DEFAULT_ARCH" exit 1 fi } NSS_FILES="libnspr4.so.0d libplds4.so.0d libplc4.so.0d libssl3.so.1d \ libnss3.so.1d libsmime3.so.1d libnssutil3.so.1d" add_nss_symlinks() { get_lib_dir for f in $NSS_FILES do target=$(echo $f | sed 's/\.[01]d$//') if [ -f "/$LIBDIR/$target" ]; then ln -snf "/$LIBDIR/$target" "/opt/google/chrome/$f" elif [ -f "/usr/$LIBDIR/$target" ]; then ln -snf "/usr/$LIBDIR/$target" "/opt/google/chrome/$f" else echo $f not found in "/$LIBDIR/$target" or "/usr/$LIBDIR/$target". exit 1 fi done } remove_nss_symlinks() { for f in $NSS_FILES do rm -rf "/opt/google/chrome/$f" done } remove_udev_symlinks() { rm -rf "/opt/google/chrome/libudev.so.0" } remove_udev_symlinks ## MAIN ## if [ ! -e "$DEFAULTS_FILE" ]; then echo 'repo_add_once="true"' > "$DEFAULTS_FILE" echo 'repo_reenable_on_distupgrade="true"' >> "$DEFAULTS_FILE" fi # Run the cron job immediately to perform repository configuration. nohup sh /etc/cron.daily/google-chrome > /dev/null 2>&1 &