From patchwork Tue Apr  8 19:58:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Eure <ian@retrospec.tv>
X-Patchwork-Id: 41463
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id CBCAA27BC4B; Tue,  8 Apr 2025 20:59:27 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 01B4227BC4A
	for <patchwork@mira.cbaines.net>; Tue,  8 Apr 2025 20:59:27 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1u2F6C-0007Je-Cd; Tue, 08 Apr 2025 15:59:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1u2F68-0007Ew-RJ
 for guix-patches@gnu.org; Tue, 08 Apr 2025 15:59:05 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1u2F68-0003S9-BA
 for guix-patches@gnu.org; Tue, 08 Apr 2025 15:59:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:References:In-Reply-To:Date:From:To:Subject;
 bh=axPxyrcA3IFm2qsUi1txOzWzKJGTYicABlSjwl9psfk=;
 b=pcIxx+Xsm8X6Zmgum7sny8XbCuKt3fzNRyazoJXwfL2p4y6BCnAP80tlvFTY8g24gX59KS2qjr8dsqHbYKufThtE0o2vtBsP+HcOy7Z6A8XNSN3mexZGFG1IiyvESSivIWqD1KeR82SVDn7sKID3NKn8DzWZ/aam7sys/UIR0+OMXx2TP/8DL/ayDyCV0uFS90OIuYtvMqkh75Wd2ou+tHxE6See/jUUftues0GcxlZO0Bbmajh1zplvsKV3lt/TDDY64WgTk6Q5wsdXp+TlOZ0JTZ0v63Id6AGrk309UnK4L6Q5QiYSs4mF14ZGc+hfkUzshFOYF2uAJKFRr3BRFQ==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1u2F68-0000NF-4b
 for guix-patches@gnu.org; Tue, 08 Apr 2025 15:59:04 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#77653] [PATCH 4/4] gnu: Add wasm-sandboxed.
Resent-From: Ian Eure <ian@retrospec.tv>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 08 Apr 2025 19:59:04 +0000
Resent-Message-ID: <handler.77653.B77653.17441423321390@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 77653
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 77653@debbugs.gnu.org
Cc: Ian Eure <ian@retrospec.tv>
Received: via spool by 77653-submit@debbugs.gnu.org id=B77653.17441423321390
 (code B ref 77653); Tue, 08 Apr 2025 19:59:04 +0000
Received: (at 77653) by debbugs.gnu.org; 8 Apr 2025 19:58:52 +0000
Received: from localhost ([127.0.0.1]:35621 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1u2F5w-0000ME-7d
 for submit@debbugs.gnu.org; Tue, 08 Apr 2025 15:58:52 -0400
Received: from fout-a4-smtp.messagingengine.com ([103.168.172.147]:42867)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ian@retrospec.tv>) id 1u2F5m-0000LE-Ep
 for 77653@debbugs.gnu.org; Tue, 08 Apr 2025 15:58:42 -0400
Received: from phl-compute-12.internal (phl-compute-12.phl.internal
 [10.202.2.52])
 by mailfout.phl.internal (Postfix) with ESMTP id 348D4138016D;
 Tue,  8 Apr 2025 15:58:37 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-12.internal (MEProxy); Tue, 08 Apr 2025 15:58:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to; s=fm1; t=1744142317; x=
 1744228717; bh=axPxyrcA3IFm2qsUi1txOzWzKJGTYicABlSjwl9psfk=; b=P
 m66cwuk6efvD/19OdfKprayNgmJVvQ/L81WfFOl6hKbJuZOo0SAW2jJb8pFaP9W0
 jnsgMFtCLFQ1tWM3nmb8Jq4SJv1kmTZ+7+70T6eKdxy4+XNiFcyPK4+DChSM2gVD
 Ruvn5MUNB+sWJcpmKVdytUVtDVg2caOwIdRms3RtaH18WV6uvoKQxnnsrX3ov8UT
 Z8MVTFtphh8qHbqBI8FMGxy3G2xKBtEFdIqEDx6adG9s1hb+KW//0fuzy9Uj4YUa
 k49geWEWMaAccgRPg4vYhKxH5s9+cCQhdBoAjojzHP5TYyMLe4NMYmE9ejVOg+Zr
 ghgonkZR+QqgNJh2HIAxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm2; t=1744142317; x=1744228717; bh=a
 xPxyrcA3IFm2qsUi1txOzWzKJGTYicABlSjwl9psfk=; b=O/7bQh7Anx35n3or+
 3TqimCaq0KfamSsa5KDKPpTaPSQ65LkJs/2qO6eOAavpSyZQlXaUCO+dwdupHnQQ
 wF78MewHzdUthtY6S1N3QLJxImvTaquW7Q9a4vig72K9yW0Yx1f4EUepqvOl1vqZ
 pL5UMKap155cEO6IRxzpVI/bBB9np/LWdzQwNdTrmC5Ohum141XOaYFa+5tyPD6X
 ykohCjRpVebKJTF4FcJORSWNrrooZTB/yBjghAuJeeAjrox5XjrcQzvpAsgn2/6P
 aWP82jXgDjFhvn6EfWXHABbLKGlDr47Pp4a1kS5J6YdTV8wqHFvK1j/rDLoYd/Z9
 rhq+Q==
X-ME-Sender: <xms:7H_1Z_ITA5ZkEZX_xFnvW9VeEtKCl7fuoCnqs6TePHAdAKFJxg8tfw>
 <xme:7H_1ZzIGSSpghCXBtm-Ba1zthKncV4JonYgryAo2tMIFO2kGaBXiGer0j38Ffifym
 vIQSLg4n5wB29iiYQ>
X-ME-Received: 
 <xmr:7H_1Z3vnIKZDsXM6fetTouYsd-OuxWRCtvfY_0CJqyT-YLiWaSmOUtC_JBNdJfRcBHEIZ3OTzdsqyB7kJWVVzoLyf3y-i-Ist_KXuP_FZEpU-EcMIKdlDg>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvtdefleelucetufdoteggodetrf
 dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
 pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf
 evufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehi
 rghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnhepveevjeffuddvte
 eiueetgfeukedvfeeiuedvveelfeeghfduleeftedvgfefgeejnecuvehluhhsthgvrhfu
 ihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtg
 drthhvpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthho
 peejjeeiheefseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrh
 gvthhrohhsphgvtgdrthhv
X-ME-Proxy: <xmx:7X_1Z4Z9QqDaukcML2yjxdwsqE2R6S4PPVDVs7LgScVCTDmePHpa3Q>
 <xmx:7X_1Z2aa4SA1kc5pVKJiVBA17paHdSZC10V9kirfGcMwfMNi6LudeA>
 <xmx:7X_1Z8D9tPvwRP-m946B8eu02VwfI0JGjAv6ykhs-9VwSoa3ABTsqA>
 <xmx:7X_1Z0YcqKcIpUPXS6N2SIZPMsvpgB51ie5gHAs1JB-t_fx97Wd_nA>
 <xmx:7X_1Z4bty8UfhRbSJ_nyYCdONM1QjiQ3QL88csCfnsn2qDgBnFe-UQGE>
Feedback-ID: id9014242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 8 Apr 2025 15:58:36 -0400 (EDT)
From: Ian Eure <ian@retrospec.tv>
Date: Tue,  8 Apr 2025 12:58:29 -0700
Message-ID: <20250408195830.2084-4-ian@retrospec.tv>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <20250408195830.2084-1-ian@retrospec.tv>
References: <20250408195830.2084-1-ian@retrospec.tv>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/packages/gnuzilla.scm (wasm-sandboxed): New variable.

Change-Id: I568e6cb9aca43122a06f46fd3a8d9a462754c36a
---
 gnu/packages/gnuzilla.scm | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index f4a912d8d5..32b2d13de5 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -99,8 +99,38 @@ (define-module (gnu packages gnuzilla)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages sqlite)
+  #:use-module (gnu packages wasm)
   #:autoload (json parser) (json->scm))
 
+(define-public (wasm-sandboxed orig-package)
+  "Given a Firefox or Firefox-derived package ORIG-PACKAGE, return a
+variant package which enables WASM sandboxing."
+  (package
+    (inherit orig-package)
+    (name (string-append (package-name orig-package) "-wasm-sandboxed"))
+    (arguments
+     (substitute-keyword-arguments (package-arguments orig-package)
+       ((#:configure-flags flags)
+        #~(let ((wasi-sysroot #$(this-package-native-input "wasm32-wasi-clang-toolchain")))
+            (append (delq "--without-wasm-sandboxed-libraries" #$flags)
+                    (list
+                     (string-append "--with-wasi-sysroot=" wasi-sysroot "/wasm32-wasi")))))
+       ((#:phases phases)
+        #~(modify-phases #$phases
+            (add-before 'configure 'set-wasm-env
+              (lambda* (#:key inputs #:allow-other-keys)
+                (setenv "WASM_CC"
+                        (string-append (assoc-ref inputs
+                                                  "wasm32-wasi-clang-toolchain")
+                                       "/bin/clang"))
+                (setenv "WASM_CXX"
+                        (string-append (assoc-ref inputs
+                                                  "wasm32-wasi-clang-toolchain")
+                                       "/bin/clang++"))))))))
+    (native-inputs
+     (modify-inputs (package-native-inputs orig-package)
+       (append wasm32-wasi-clang-toolchain)))))
+
 (define-public mozjs
   (package
     (name "mozjs")