From patchwork Fri Apr 19 21:55:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Abhishek Cherath X-Patchwork-Id: 63166 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1534027BBEB; Fri, 19 Apr 2024 22:58:15 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 09A2927BBE9 for ; Fri, 19 Apr 2024 22:58:12 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxwF8-0003hl-W2; Fri, 19 Apr 2024 17:58:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxwF7-0003hc-Cu for guix-patches@gnu.org; Fri, 19 Apr 2024 17:58:01 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxwF7-00005E-20 for guix-patches@gnu.org; Fri, 19 Apr 2024 17:58:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxwFK-0002T1-39; Fri, 19 Apr 2024 17:58:14 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 21:58:12 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17135638769317 (code B ref 70446); Fri, 19 Apr 2024 21:58:12 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 21:57:56 +0000 Received: from localhost ([127.0.0.1]:60594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEu-0002PM-Us for submit@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:55 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:11482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEp-0002NG-2o for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:46 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id 757FE1800144; Fri, 19 Apr 2024 17:57:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713563842; bh=AHNzBdNsSR1jjvIk8kUT73LD40mHndjeoLTzwPwlhms=; h=From:To:Cc:Subject:Date:From; b=OtQUhi6/4G5aGfTjlEqR4+Ykw58TKOT3CrhnHL13WqqmrDOTdPKQOJhGoo9Fqr2z+ OtE4Bw02mTh4YbU+FV6bI/7mQSNV96PLMjH7x1ZFqh5XvZLGhiDuZvspA7+gfDEasb xa4zf1cv9yNgyrsBjf92I8ejCIcZ19s12aQdEXiG9Oqbnp+tY2HDkV3MqQDVf+iYbL PmjNbhdbkOZVAcom+xxFvl23i/GIAOMV26KOX+SCqXutBXLEAosbnfn2I6L/chsNtN O8y+iWW2fjoQqO0q7EN8EMgyhTD06p6YMjcTfQe12QmCQJ0kPX5zI8FEeCCKW+63zV DB95vxyZM15MQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 17:57:20 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id fe1c0342; Fri, 19 Apr 2024 21:57:19 +0000 (UTC) From: Abhishek Cherath Date: Fri, 19 Apr 2024 17:55:11 -0400 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile/lib/dri and ~/.guix-profile/share/locale to bubblewrap gtk sandbox. * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f --- Only shares user profile locale and dri folders. .../webkitgtk-adjust-bubblewrap-paths.patch | 33 +++++++++++++++++-- gnu/packages/webkit.scm | 11 ++++++- 2 files changed, 40 insertions(+), 4 deletions(-) base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..0cf1498b92 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,22 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share locale and dri directories (user and system.) This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,6 +765,9 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* userDriDir = g_strconcat(homeDir, "/.guix-profile/lib/dri", NULL); ++ char* userLocaleDir = g_strconcat(homeDir, "/.guix-profile/share/locale", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,28 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +44,22 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the locales in profile ++ "--ro-bind-try", userLocaleDir, userLocaleDir, ++ ++ // Bind mount the dri dir in profile ++ "--ro-bind-try", userDriDir, userDriDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(userLocaleDir); ++ free(userDriDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase.