diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/webkitgtk-share-store.patch | 19 | ||||
-rw-r--r-- | gnu/packages/webkit.scm | 12 |
3 files changed, 31 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 62eeb39ece..5c06415205 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1542,6 +1542,7 @@ dist_patch_DATA = \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ %D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch \ %D%/packages/patches/weasyprint-library-paths.patch \ + %D%/packages/patches/webkitgtk-share-store.patch \ %D%/packages/patches/websocketpp-fix-for-boost-1.70.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-share-store.patch b/gnu/packages/patches/webkitgtk-share-store.patch new file mode 100644 index 0000000000..053d86fcf4 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-share-store.patch @@ -0,0 +1,19 @@ +Tell bubblewrap to share the store. Required for programs that use the +sandboxing features such as Epiphany. + +See <https://bugs.gnu.org/40837>. +Author: Jack Hill <jackhill@jackhill.us> +--- +diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp ++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +@@ -737,6 +737,9 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + "--ro-bind-try", "/usr/local/share", "/usr/local/share", + "--ro-bind-try", DATADIR, DATADIR, + ++ // Bind mount the store inside the WebKitGTK sandbox. ++ "--ro-bind", "@storedir@", "@storedir@", ++ + // We only grant access to the libdirs webkit is built with and + // guess system libdirs. This will always have some edge cases. + "--ro-bind-try", "/lib", "/lib", diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index e52536c279..6035d6c59d 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -128,7 +128,8 @@ engine that uses Wayland for graphics output.") "webkitgtk-" version ".tar.xz")) (sha256 (base32 - "1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr")))) + "1g9hik3bprki5s9d7y5288q5irwckbzajr6rnlvjrlnqrwjkblmr")) + (patches (search-patches "webkitgtk-share-store.patch")))) (build-system cmake-build-system) (outputs '("out" "doc")) (arguments @@ -156,6 +157,15 @@ engine that uses Wayland for graphics output.") "-DUSE_WOFF2=OFF") #:phases (modify-phases %standard-phases + (add-after 'unpack 'configure-bubblewrap-store-directory + (lambda _ + ;; This phase is a corollary to 'webkitgtk-share-store.patch' to + ;; avoid hard coding /gnu/store, for users with other prefixes. + (let ((store-directory (%store-directory))) + (substitute* + "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" + (("@storedir@") store-directory)) + #t))) (add-after 'unpack 'patch-gtk-doc-scan (lambda* (#:key inputs #:allow-other-keys) (for-each (lambda (file) |