From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id YLR6AvToImYMfwAAe85BDQ:P1 (envelope-from ) for ; Fri, 19 Apr 2024 23:58:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id YLR6AvToImYMfwAAe85BDQ (envelope-from ) for ; Fri, 19 Apr 2024 23:58:12 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=quic.us header.s=default header.b="OtQUhi6/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713563891; a=rsa-sha256; cv=none; b=fEfkiVQQyfVG7P5/5pZ1l8aDkayoESEzGrjexjsZ7eVEnC2ZPhH1Fbq5V2n5CdJAWZZA1n hyUGsN6cqJY/LsMiStBBYcSmt1wZPIPg7n1A1m0zWgRH6M4kRQBDmFPIr39dGa24v8Zs56 zSckD53Dj9xfJYhX0AvAqxJFvlB1LHluwtVjWvU+1SnCY31pvq1D5Jmiz1d1/jf0ERY+AN rYWLs4Jxb8MF6ZsQurIw+k8UE0ApaljcK7lnEPxa7MyXllGm+HwMupH7F7lERNPiHxuh/d csX9G50u6k4r/akyhtLAbijcW6xvD4kB1n1M7mL6KcEUdb7lByy5JA9eCPGqEA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=quic.us header.s=default header.b="OtQUhi6/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713563891; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=uGOd09bb9hqRgNQtw2HnfUPQmwLMb1M84GT6PIiVBBE=; b=oIsbnRj+uPP4Dg/5X8l30zod3LChRgrC3mdN3ui3wW/b+Bkp+ca7DD2Zy3F3y91ZfU2E55 Cb5S8L+pZ2Wtvz+zIFgTW4+9Z2lABCJrdSqQ6vCA/iQqeNDf1foNOSuj4rqrjqLZfSVQip oCT+/MUM9uCVi+QbR3raR83qAqaBOz1AuRv6L1PBW9PJMLFR24vJfq6alxoPVklDI6jJ4q i3yru0tbt6zlXuoYAxMveXvmUwRB67R7mFaCyabCgpzTM8OrAtVU6t6jRSWZrYuygKfxEK kAw9B05XIpIHmM6iZltUtI76IRauFjPwF0jWZ3v+gQNkxtrcGz6IiCs+yK99lQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 727446F9AF for ; Fri, 19 Apr 2024 23:58:11 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxwF8-0003hl-W2; Fri, 19 Apr 2024 17:58:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxwF7-0003hc-Cu for guix-patches@gnu.org; Fri, 19 Apr 2024 17:58:01 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxwF7-00005E-20 for guix-patches@gnu.org; Fri, 19 Apr 2024 17:58:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxwFK-0002T1-39; Fri, 19 Apr 2024 17:58:14 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 21:58:12 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17135638769317 (code B ref 70446); Fri, 19 Apr 2024 21:58:12 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 21:57:56 +0000 Received: from localhost ([127.0.0.1]:60594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEu-0002PM-Us for submit@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:55 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:11482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEp-0002NG-2o for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:46 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id 757FE1800144; Fri, 19 Apr 2024 17:57:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713563842; bh=AHNzBdNsSR1jjvIk8kUT73LD40mHndjeoLTzwPwlhms=; h=From:To:Cc:Subject:Date:From; b=OtQUhi6/4G5aGfTjlEqR4+Ykw58TKOT3CrhnHL13WqqmrDOTdPKQOJhGoo9Fqr2z+ OtE4Bw02mTh4YbU+FV6bI/7mQSNV96PLMjH7x1ZFqh5XvZLGhiDuZvspA7+gfDEasb xa4zf1cv9yNgyrsBjf92I8ejCIcZ19s12aQdEXiG9Oqbnp+tY2HDkV3MqQDVf+iYbL PmjNbhdbkOZVAcom+xxFvl23i/GIAOMV26KOX+SCqXutBXLEAosbnfn2I6L/chsNtN O8y+iWW2fjoQqO0q7EN8EMgyhTD06p6YMjcTfQe12QmCQJ0kPX5zI8FEeCCKW+63zV DB95vxyZM15MQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 17:57:20 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id fe1c0342; Fri, 19 Apr 2024 21:57:19 +0000 (UTC) From: Abhishek Cherath Date: Fri, 19 Apr 2024 17:55:11 -0400 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -1.04 X-Migadu-Queue-Id: 727446F9AF X-Migadu-Spam-Score: -1.04 X-Migadu-Scanner: mx10.migadu.com X-TUID: 4vI3hQ2neMjy * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile/lib/dri and ~/.guix-profile/share/locale to bubblewrap gtk sandbox. * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f --- Only shares user profile locale and dri folders. .../webkitgtk-adjust-bubblewrap-paths.patch | 33 +++++++++++++++++-- gnu/packages/webkit.scm | 11 ++++++- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..0cf1498b92 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,22 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share locale and dri directories (user and system.) This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,6 +765,9 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* userDriDir = g_strconcat(homeDir, "/.guix-profile/lib/dri", NULL); ++ char* userLocaleDir = g_strconcat(homeDir, "/.guix-profile/share/locale", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,28 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +44,22 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the locales in profile ++ "--ro-bind-try", userLocaleDir, userLocaleDir, ++ ++ // Bind mount the dri dir in profile ++ "--ro-bind-try", userDriDir, userDriDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(userLocaleDir); ++ free(userDriDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0