From patchwork Thu Apr 18 02:52:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Abhishek Cherath X-Patchwork-Id: 63113 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8FAC327BBEA; Thu, 18 Apr 2024 04:00:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 6370827BBEB for ; Thu, 18 Apr 2024 04:00:05 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxI07-0003bB-W0; Wed, 17 Apr 2024 22:59:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxI05-0003aU-Se for guix-patches@gnu.org; Wed, 17 Apr 2024 22:59:49 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxI05-0007ou-Kt for guix-patches@gnu.org; Wed, 17 Apr 2024 22:59:49 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxI0I-0005Zt-I2; Wed, 17 Apr 2024 23:00:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 03:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by submit@debbugs.gnu.org id=B.171340914721052 (code B ref -1); Thu, 18 Apr 2024 03:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 Apr 2024 02:59:07 +0000 Received: from localhost ([127.0.0.1]:49595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzO-0005TU-Mx for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:07 -0400 Received: from lists.gnu.org ([2001:470:142::17]:45844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzK-0005RZ-90 for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHz1-0003SR-4N for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:43 -0400 Received: from mta-15-3.privateemail.com ([198.54.122.111]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHyz-0007fi-3I for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:42 -0400 Received: from mta-15.privateemail.com (localhost [127.0.0.1]) by mta-15.privateemail.com (Postfix) with ESMTP id 99F7618000B1; Wed, 17 Apr 2024 22:58:32 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713409112; bh=mbkBT6dHBiEk2Ct3BwIXT62NGWjgJFfTN54E1mfe6+E=; h=From:To:Cc:Subject:Date:From; b=JwKSA5FjcuuO+OhbniVoDXVhxKsigGDD/jcQdHeD6eyKuUqObbkzIq+s1TrkF61QY q+Szrt5B4mSx07Nuh/ZWOguKrUkzE3CwBqBzkoV4vw4WEw2ilRox+6qeGp4vKML/oo HsFUZRhUjThPvx1U/MQ1rGUH7ydO4kl0LxDG6ctI0elp8mZwKVDN0SCJ8Yusq6+zm2 u75BfvLteJBQmxrrozGH4OjIuN2jcVp7ZKz0vIPal89HdyRmSJcF39d63AESH+Un7B zHYFKtlUgHo0wYsS37Xsii8vp77CLgeS4NO4tIZlf3cMfl3v5/dkzQhy6tFEceYYPS BpjyTMh0hqaRQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-15.privateemail.com (Postfix) with ESMTPA; Wed, 17 Apr 2024 22:58:30 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 6431f5a0; Thu, 18 Apr 2024 02:58:28 +0000 (UTC) From: Abhishek Cherath Date: Wed, 17 Apr 2024 22:52:04 -0400 Message-ID: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Received-SPF: pass client-ip=198.54.122.111; envelope-from=abhi@quic.us; helo=MTA-15-3.privateemail.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile to bubblewrap gtk sandbox * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. --- .../webkitgtk-adjust-bubblewrap-paths.patch | 28 +++++++++++++++++-- gnu/packages/webkit.scm | 11 +++++++- 2 files changed, 35 insertions(+), 4 deletions(-) base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..2b6f54c912 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,21 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share user profile directory. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,1 +765,1 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* profileDir = g_strconcat(homeDir, "/.guix-profile", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,24 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +43,18 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the guix profile directory ++ "--ro-bind", profileDir, profileDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(profileDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase.