02/08: gnu: webkitgtk: Patch to share store via Bubblewrap.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/08: gnu: webkitgtk: Patch to share store via Bubblewrap.

From:	guix-commits
Subject:	02/08: gnu: webkitgtk: Patch to share store via Bubblewrap.
Date:	Wed, 6 May 2020 16:51:44 -0400 (EDT)

mbakke pushed a commit to branch master
in repository guix.

commit a6919866b07e9ed3986abde7ae48d0c69ff3deed
Author: Jack Hill <address@hidden>
AuthorDate: Sat Apr 25 22:03:48 2020 -0400

    gnu: webkitgtk: Patch to share store via Bubblewrap.
    
    Fixes <https://bugs.gnu.org/40837>.
    
    * gnu/packages/patches/webkitgtk-share-store.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/webkit.scm (webkitgtk)[source](patches): Use it.
    
    Co-authored-by: Marius Bakke <address@hidden>
---
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/webkitgtk-share-store.patch | 19 +++++++++++++++++++
 gnu/packages/webkit.scm                          | 12 +++++++++++-
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 62eeb39..5c06415 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1542,6 +1542,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch                     \
   %D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch       \
   %D%/packages/patches/weasyprint-library-paths.patch          \
+  %D%/packages/patches/webkitgtk-share-store.patch             \
   %D%/packages/patches/websocketpp-fix-for-boost-1.70.patch    \
   %D%/packages/patches/wicd-bitrate-none-fix.patch             \
   %D%/packages/patches/wicd-get-selected-profile-fix.patch     \
diff --git a/gnu/packages/patches/webkitgtk-share-store.patch 
b/gnu/packages/patches/webkitgtk-share-store.patch
new file mode 100644
index 0000000..053d86f
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-share-store.patch
@@ -0,0 +1,19 @@
+Tell bubblewrap to share the store.  Required for programs that use the
+sandboxing features such as Epiphany.
+
+See <https://bugs.gnu.org/40837>.
+Author: Jack Hill <address@hidden>
+---
+diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 
b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+@@ -737,6 +737,9 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* 
launcher, const Proces
+         "--ro-bind-try", "/usr/local/share", "/usr/local/share",
+         "--ro-bind-try", DATADIR, DATADIR,
+ 
++       // Bind mount the store inside the WebKitGTK sandbox.
++       "--ro-bind", "@storedir@", "@storedir@",
++
+         // We only grant access to the libdirs webkit is built with and
+         // guess system libdirs. This will always have some edge cases.
+         "--ro-bind-try", "/lib", "/lib",
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index e52536c..6035d6c 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -128,7 +128,8 @@ engine that uses Wayland for graphics output.")
                                   "webkitgtk-" version ".tar.xz"))
               (sha256
                (base32
-                "1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr"))))
+                "1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr"))
+              (patches (search-patches "webkitgtk-share-store.patch"))))
     (build-system cmake-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -156,6 +157,15 @@ engine that uses Wayland for graphics output.")
                           "-DUSE_WOFF2=OFF")
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'configure-bubblewrap-store-directory
+           (lambda _
+             ;; This phase is a corollary to 'webkitgtk-share-store.patch' to
+             ;; avoid hard coding /gnu/store, for users with other prefixes.
+             (let ((store-directory (%store-directory)))
+               (substitute*
+                   
"Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
+                 (("@storedir@") store-directory))
+               #t)))
          (add-after 'unpack 'patch-gtk-doc-scan
            (lambda* (#:key inputs #:allow-other-keys)
              (for-each (lambda (file)

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (e3bf2a6 -> 13c18af), guix-commits, 2020/05/06
- 01/08: services: Do not use symbolic links in PulseAudio variables., guix-commits, 2020/05/06
- 02/08: gnu: webkitgtk: Patch to share store via Bubblewrap., guix-commits <=
- 03/08: gnu: Add makepasswd., guix-commits, 2020/05/06
- 05/08: gnu: Add ableton-link., guix-commits, 2020/05/06
- 06/08: gnu: supercollider: Update to 3.11.0., guix-commits, 2020/05/06
- 07/08: gnu: Add editline., guix-commits, 2020/05/06
- 04/08: gnu: Add gnome-shell-extension-clipboard-indicator., guix-commits, 2020/05/06
- 08/08: gnu: nix: Update to 2.3.4., guix-commits, 2020/05/06

Prev by Date: 01/08: services: Do not use symbolic links in PulseAudio variables.
Next by Date: 03/08: gnu: Add makepasswd.
Previous by thread: 01/08: services: Do not use symbolic links in PulseAudio variables.
Next by thread: 03/08: gnu: Add makepasswd.
Index(es):
- Date
- Thread