lilyp pushed a commit to branch gnome-team
in repository guix.
commit 7cf15e20fc1c4c66b212ccee1d859d3984751e61
Author: Abhishek Cherath <[email protected]>
AuthorDate: Sat Apr 20 09:44:03 2024 -0400
gnu: webkitgtk: Expose more paths to bubblewrap sandbox.
Provide access to system locale path and to paths from GUIX_LOCPATH,
LOCPATH,
and LIBVA_DRIVERS_PATH to the Bubblewrap sandbox in order to silence GTK
locale warnings and enable hardware accelerated video.
* gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@
and @localedir@ to bubblewrap gtk sandbox. Add paths from GUIX_LOCPATH,
LOCPATH, and LIBVA_DRIVERS_PATH to bubblewrap gtk sandbox.
* gnu/packages/webkit.scm (webkitgtk) [arguments]: In the
'configure-bubblewrap-store-directory' phase, also supply system locale to
webkitgtk-adjust-bubblewrap-paths.patch template.
Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f
Signed-off-by: Maxim Cournoyer <[email protected]>
---
.../patches/webkitgtk-adjust-bubblewrap-paths.patch | 13 ++++++++++++-
gnu/packages/webkit.scm | 8 +++++++-
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
index 18ddb645ad..eb2f9e2b68 100644
--- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
+++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
@@ -1,11 +1,13 @@
Share /gnu/store in the BubbleWrap container and remove FHS mounts.
+Also share system locale directory and paths in LOCPATH, GUIX_LOCPATH,
+and LIBVA_DRIVERS_PATH.
This is a Guix-specific patch not meant to be upstreamed.
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
index f0a5e4b05dff..88b11f806968 100644
--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-@@ -854,27 +854,12 @@ GRefPtr<GSubprocess>
bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
+@@ -854,27 +854,21 @@ GRefPtr<GSubprocess>
bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
"--ro-bind", "/sys/dev", "/sys/dev",
"--ro-bind", "/sys/devices", "/sys/devices",
@@ -33,6 +35,15 @@ index f0a5e4b05dff..88b11f806968 100644
+
+ // Bind mount the store inside the WebKitGTK sandbox.
+ "--ro-bind", "@storedir@", "@storedir@",
++
++ // This is needed for system locales.
++ "--ro-bind-try", "@localedir@", "@localedir@",
};
++ // User specified locale directory.
++ bindPathVar(sandboxArgs, "LOCPATH");
++ // Locales in case of foreign system.
++ bindPathVar(sandboxArgs, "GUIX_LOCPATH");
++ // Drivers for video hardware acceleration (va-api).
++ bindPathVar(sandboxArgs, "LIBVA_DRIVERS_PATH");
if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy)
{
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 4593528e62..d5b0801a7b 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2019 Marius Bakke <[email protected]>
;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <[email protected]>
;;; Copyright © 2022, 2023 Efraim Flashner <[email protected]>
+;;; Copyright © 2024 Abhishek Cherath <[email protected]>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -191,7 +192,12 @@ engine that uses Wayland for graphics output.")
(let ((store-directory (%store-directory)))
(substitute*
"Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
- (("@storedir@") store-directory)))))
+ (("@storedir@") store-directory)
+ ;; This silences GTK locale errors.
+ ;; Unfortunately, simply bind mounting /run/current-system
+ ;; does not work since it leads to weird issues
+ ;; with symlinks that confuse bubblewrap.
+ (("@localedir@") "/run/current-system/locale")))))
(add-after 'unpack 'do-not-disable-new-dtags
;; Ensure the linker uses new dynamic tags as this is what Guix
;; uses and validates in the validate-runpath phase.
