amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: webkitgtk: Patch to share store via Bubblewrap.

Browse source 
Fixes <https://bugs.gnu.org/40837>.

* gnu/packages/patches/webkitgtk-share-store.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/webkit.scm (webkitgtk)[source](patches): Use it.

Co-authored-by: Marius Bakke <mbakke@fastmail.com>
This commit is contained in:
Jack Hill 2020-04-25 22:03:48 -04:00 committed by Marius Bakke
parent 3ed94ed8c2
commit a6919866b0
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 31 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1542,6 +1542,7 @@ dist_patch_DATA = \
%D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \
%D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch \ %D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch \
%D%/packages/patches/weasyprint-library-paths.patch \ %D%/packages/patches/weasyprint-library-paths.patch \
%D%/packages/patches/webkitgtk-share-store.patch \
%D%/packages/patches/websocketpp-fix-for-boost-1.70.patch \ %D%/packages/patches/websocketpp-fix-for-boost-1.70.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \

19
gnu/packages/patches/webkitgtk-share-store.patch Normal file
View file

@ -0,0 +1,19 @@
Tell bubblewrap to share the store. Required for programs that use the
sandboxing features such as Epiphany.
See <https://bugs.gnu.org/40837>.
Author: Jack Hill <jackhill@jackhill.us>
---
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
@@ -737,6 +737,9 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
"--ro-bind-try", "/usr/local/share", "/usr/local/share",
"--ro-bind-try", DATADIR, DATADIR,
+ // Bind mount the store inside the WebKitGTK sandbox.
+ "--ro-bind", "@storedir@", "@storedir@",
+
// We only grant access to the libdirs webkit is built with and
// guess system libdirs. This will always have some edge cases.
"--ro-bind-try", "/lib", "/lib",

12
gnu/packages/webkit.scm
View file

@ -128,7 +128,8 @@ engine that uses Wayland for graphics output.")
"webkitgtk-" version ".tar.xz")) "webkitgtk-" version ".tar.xz"))
(sha256 (sha256
(base32 (base32
"1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr")))) "1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr"))
(patches (search-patches "webkitgtk-share-store.patch"))))
(build-system cmake-build-system) (build-system cmake-build-system)
(outputs '("out" "doc")) (outputs '("out" "doc"))
(arguments (arguments
@ -156,6 +157,15 @@ engine that uses Wayland for graphics output.")
"-DUSE_WOFF2=OFF") "-DUSE_WOFF2=OFF")
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
(add-after 'unpack 'configure-bubblewrap-store-directory
(lambda _
;; This phase is a corollary to 'webkitgtk-share-store.patch' to
;; avoid hard coding /gnu/store, for users with other prefixes.
(let ((store-directory (%store-directory)))
(substitute*
"Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
(("@storedir@") store-directory))
#t)))
(add-after 'unpack 'patch-gtk-doc-scan (add-after 'unpack 'patch-gtk-doc-scan
(lambda* (#:key inputs #:allow-other-keys) (lambda* (#:key inputs #:allow-other-keys)
(for-each (lambda (file) (for-each (lambda (file)