From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 03:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by submit@debbugs.gnu.org id=B.171340914721052 (code B ref -1); Thu, 18 Apr 2024 03:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 Apr 2024 02:59:07 +0000 Received: from localhost ([127.0.0.1]:49595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzO-0005TU-Mx for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:07 -0400 Received: from lists.gnu.org ([2001:470:142::17]:45844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzK-0005RZ-90 for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHz1-0003SR-4N for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:43 -0400 Received: from mta-15-3.privateemail.com ([198.54.122.111]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHyz-0007fi-3I for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:42 -0400 Received: from mta-15.privateemail.com (localhost [127.0.0.1]) by mta-15.privateemail.com (Postfix) with ESMTP id 99F7618000B1; Wed, 17 Apr 2024 22:58:32 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713409112; bh=mbkBT6dHBiEk2Ct3BwIXT62NGWjgJFfTN54E1mfe6+E=; h=From:To:Cc:Subject:Date:From; b=JwKSA5FjcuuO+OhbniVoDXVhxKsigGDD/jcQdHeD6eyKuUqObbkzIq+s1TrkF61QY q+Szrt5B4mSx07Nuh/ZWOguKrUkzE3CwBqBzkoV4vw4WEw2ilRox+6qeGp4vKML/oo HsFUZRhUjThPvx1U/MQ1rGUH7ydO4kl0LxDG6ctI0elp8mZwKVDN0SCJ8Yusq6+zm2 u75BfvLteJBQmxrrozGH4OjIuN2jcVp7ZKz0vIPal89HdyRmSJcF39d63AESH+Un7B zHYFKtlUgHo0wYsS37Xsii8vp77CLgeS4NO4tIZlf3cMfl3v5/dkzQhy6tFEceYYPS BpjyTMh0hqaRQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-15.privateemail.com (Postfix) with ESMTPA; Wed, 17 Apr 2024 22:58:30 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 6431f5a0; Thu, 18 Apr 2024 02:58:28 +0000 (UTC) From: Abhishek Cherath Date: Wed, 17 Apr 2024 22:52:04 -0400 Message-ID: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP Received-SPF: pass client-ip=198.54.122.111; envelope-from=abhi@quic.us; helo=MTA-15-3.privateemail.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile to bubblewrap gtk sandbox * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. --- .../webkitgtk-adjust-bubblewrap-paths.patch | 28 +++++++++++++++++-- gnu/packages/webkit.scm | 11 +++++++- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..2b6f54c912 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,21 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share user profile directory. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,1 +765,1 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* profileDir = g_strconcat(homeDir, "/.guix-profile", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,24 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +43,18 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the guix profile directory ++ "--ro-bind", profileDir, profileDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(profileDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] Explanation References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 03:15:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171341007626407 (code B ref 70446); Thu, 18 Apr 2024 03:15:04 +0000 Received: (at 70446) by debbugs.gnu.org; 18 Apr 2024 03:14:36 +0000 Received: from localhost ([127.0.0.1]:49664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxIEM-0006rc-EE for submit@debbugs.gnu.org; Wed, 17 Apr 2024 23:14:35 -0400 Received: from mta-15-3.privateemail.com ([198.54.122.111]:22810) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxIEJ-0006rH-SF for 70446@debbugs.gnu.org; Wed, 17 Apr 2024 23:14:33 -0400 Received: from mta-15.privateemail.com (localhost [127.0.0.1]) by mta-15.privateemail.com (Postfix) with ESMTP id AC69718000AD for <70446@debbugs.gnu.org>; Wed, 17 Apr 2024 23:14:12 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713410052; bh=+f3c3LYbZBdyQqXWccBRt+G/Ka0vjD5pw0372MV39TE=; h=From:To:Subject:Date:From; b=S/PH2QmajjwUyRkBMFNSL9ry2Jm5qADDCVUPxQMv5iZVQ5qUe6OxaL1omOQZrgMKQ 2nP4SNJeW17iNHeSNDA8khqukEERlsgvPdlb1J7P7yQSB3GCtiD3yTvceKaH9uTGTi BKwQivKtglbw1iP0psZmxL8G/FNfFhYYSu1P78N4DLpgrR74QLBROeUM2+pJGQro3w 8A10B8fJ9rbrSIx2ZZ/B1pglB3rF4UmbkamM3e/0QX0VipD9Jw/z3H7oDHYNqYtEv0 lydEtfavhPDPVeysfmwcTl3DY6lPMsMZCTmzaV836nuo6c1eIXYief7MnuIqHsoJIP bHa4T9n4bMBIg== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-15.privateemail.com (Postfix) with ESMTPA for <70446@debbugs.gnu.org>; Wed, 17 Apr 2024 23:14:12 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 5bd7e461 for <70446@debbugs.gnu.org>; Thu, 18 Apr 2024 03:14:11 +0000 (UTC) From: Abhishek Cherath Date: Wed, 17 Apr 2024 23:14:11 -0400 Message-ID: <87h6fzpdks.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is to resubmit to gnome-team, along with adding the profile dir, as recommended in https://issues.guix.gnu.org/69971 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 04:09:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171341333728637 (code B ref 70446); Thu, 18 Apr 2024 04:09:03 +0000 Received: (at 70446) by debbugs.gnu.org; 18 Apr 2024 04:08:57 +0000 Received: from localhost ([127.0.0.1]:49883 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxJ4v-0007RF-AJ for submit@debbugs.gnu.org; Thu, 18 Apr 2024 00:08:56 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:1560) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxJ4o-0007Pz-QV for 70446@debbugs.gnu.org; Thu, 18 Apr 2024 00:08:50 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id 36D461800149; Thu, 18 Apr 2024 00:08:27 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713413307; bh=32rV/RBec9PxNpazsTkv6ZTBSOofmFt9DFb6EXq6ErU=; h=From:To:Cc:Subject:Date:From; b=P49sLaFzUv1T3UPDBNJV1XmwAOqS1ml+iABWdaOzZ2MAgcDtUnCgqibb9JmrjaN0N 4IiK4mCoxCb388nxS4aF4Vltg2ivYYDFSkfxoN5UmUieRXMtW3mgka8tSqDwqKiod6 JadEtZMEzoV3PTADyYxavm96Lq9Ujh2Dh6WNw0Jr/mTyjybWI2m7UujuMuVo6hirbP wJwIQ7Qrm5G+l8YOyecm0DLTWgcwzkZOpp/j0JZvVjCAdvW69562QvOzOHdDQQIw5W 2RN2kh43/aAz0PnbysUJjpr1b/wdBI1DZnacLMmEaaokEvEoYqeX5LEuHPHT2DD1n/ fNp4IwLeIlyUA== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Thu, 18 Apr 2024 00:08:25 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 85949ec3; Thu, 18 Apr 2024 04:08:24 +0000 (UTC) From: Abhishek Cherath Date: Thu, 18 Apr 2024 00:06:12 -0400 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile to bubblewrap gtk sandbox * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f --- apparently the space on the second line of the patch is significant, doesn't apply otherwise .../webkitgtk-adjust-bubblewrap-paths.patch | 28 +++++++++++++++++-- gnu/packages/webkit.scm | 11 +++++++- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..c81916279e 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,21 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share user profile directory. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,6 +765,8 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* profileDir = g_strconcat(homeDir, "/.guix-profile", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,24 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +43,18 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the guix profile directory ++ "--ro-bind", profileDir, profileDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(profileDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: John Kehayias Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 05:03:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: Vivien Kraus , Maxim Cournoyer , Liliana Marie Prikler , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171341655520082 (code B ref 70446); Thu, 18 Apr 2024 05:03:04 +0000 Received: (at 70446) by debbugs.gnu.org; 18 Apr 2024 05:02:35 +0000 Received: from localhost ([127.0.0.1]:50159 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxJus-0005Dq-88 for submit@debbugs.gnu.org; Thu, 18 Apr 2024 01:02:34 -0400 Received: from mail-4316.protonmail.ch ([185.70.43.16]:47285) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxJum-0005C4-2p for 70446@debbugs.gnu.org; Thu, 18 Apr 2024 01:02:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1713416528; x=1713675728; bh=T7z4UsQ9/l6cpDqlEyAVOWtDdMUdT65QyGGRXjN8+n8=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=JY134ffkIhFniBogRQJV0MncqiowHg+9MEAUiHY1KHeC42IBZnDgDVp9jJNQU/NK+ Pnsy13Si7uoU7pRw/mAMlvmtCWvJaF4ewRuRD+k5WjfVJXaEIsNFdriwFXMmBTMgys nk7O/uq0jsmcJ32Nr1YXEJ8o9mWCHUgLwXz0+yqYwYIRPYyR57LETwNDIyltty7pBg AdEjaUydrlFK1j1FZAgt6GU2flcy4XFVmjUq3QO3slG5cFUyz1DDTd45+xIFKPPEcG iPZqWkZLon+DIlNo1L3QVnQUr10RV/efkZfIAj5TIe9nrlxwt0g9n8Qq4BDxxQn1gH 2ebzOe56Ivm1A== Date: Thu, 18 Apr 2024 05:02:02 +0000 From: John Kehayias Message-ID: <87cyqn1cxm.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, Apr 17, 2024 at 10:52 PM, Abhishek Cherath wrote: > * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: > Add @dridir@ and @localedir@ to bubblewrap gtk sandbox > Add ~/.guix-profile to bubblewrap gtk sandbox > * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the > 'configure-bubblewrap-store-directory' phase, also supply locale > and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch > template. > --- Perhaps combine with update for security issues as in https://issues.guix.gnu.org/70404 ? From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 13:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: John Kehayias Cc: Vivien Kraus , Maxim Cournoyer , Liliana Marie Prikler , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17134482587892 (code B ref 70446); Thu, 18 Apr 2024 13:51:02 +0000 Received: (at 70446) by debbugs.gnu.org; 18 Apr 2024 13:50:58 +0000 Received: from localhost ([127.0.0.1]:52550 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxSAC-000237-J0 for submit@debbugs.gnu.org; Thu, 18 Apr 2024 09:50:57 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:22289) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxSA7-00021J-Db for 70446@debbugs.gnu.org; Thu, 18 Apr 2024 09:50:53 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id F341018000A7; Thu, 18 Apr 2024 09:50:30 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713448231; bh=o598HED4UfA80lJw3Di+1SJC/OK49u8iaUZ/7+1SFio=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=IPXnU32wXs5hmE2oQNPGoDCXj4aTtCApWTMnyUg32mmG8Z+3jBsesaegjt9Orv6qn Y9sy/vp6cpfKK3B2XDPmc2VSbKxO3Fw8HK1YwhOEYbqC7bJXeqlubneBHgGPcGzD8m acAET0g7ZLAhgNZtDwiYjRKHyNfzStHdN+LBkU52g4czv/KBbovk+NndOrEcUF+XBY 0WhKrq9ww4xMc68lLO/ByEEK+VAEp4ho9um18pFhagwe+ulSvZ4qZ+44IkczD4WWHG ri0xrSILALE8qm5/dFKA5zJFAV83VyR0Fe5vfCQBnMeUqZA0ho6mQIqBe8WbZYyLnB prS0kE7PNUdJw== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Thu, 18 Apr 2024 09:50:25 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 9c00dba8; Thu, 18 Apr 2024 13:50:22 +0000 (UTC) From: Abhishek Cherath In-Reply-To: <87cyqn1cxm.fsf@protonmail.com> (John Kehayias's message of "Thu, 18 Apr 2024 05:02:02 +0000") References: <87cyqn1cxm.fsf@protonmail.com> Date: Thu, 18 Apr 2024 09:50:22 -0400 Message-ID: <87frviok4h.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > Perhaps combine with update for security issues as in > https://issues.guix.gnu.org/70404 ? In this patch? From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 15:25:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: John Kehayias , Vivien Kraus , Liliana Marie Prikler , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171354026923812 (code B ref 70446); Fri, 19 Apr 2024 15:25:03 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 15:24:29 +0000 Received: from localhost ([127.0.0.1]:58753 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxq6G-0006C0-U1 for submit@debbugs.gnu.org; Fri, 19 Apr 2024 11:24:29 -0400 Received: from mail-qv1-xf2f.google.com ([2607:f8b0:4864:20::f2f]:59835) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxq6C-0006Ai-Uh for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 11:24:26 -0400 Received: by mail-qv1-xf2f.google.com with SMTP id 6a1803df08f44-69b6d36b71cso10536586d6.3 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 08:24:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713540245; x=1714145045; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=PUitHPfNd+iXSWHbdNFQvH6b5ZrcpCvsBIlMloJ2T9Q=; b=DWW/tlc43zzzZA4IGbcSB/x8rk4Tw7n39LAHRjYmFUrpgLjteiudz1ylVJyUw/1XRa sS8UvyuGGkJ6j160GLiYfl0oTuYoCl/3Er8Tqdjx2qQGvqyXAXcH7frDzYuPtijlfYJv /Rj4RnpBsdL8vn559JuAP3XXpnaLreBbZ1aL+uaSZxAqMtiY24JGwOh0Lk3WG+WG5l+K XQogn+xzvNKj/M+kIKXkmXW6UqEDyA/GGWubOwZKFF+ucz9ZwjDW33QgvX9I+QTZplZO 4Bdvi+8tgakDAKUQkyNIUn1PhWq+rmfC5zjwj0NEOXdNjyEYiQu4yQM3gTDDnjv2lJh0 vvuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713540245; x=1714145045; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PUitHPfNd+iXSWHbdNFQvH6b5ZrcpCvsBIlMloJ2T9Q=; b=v0+20Umsjac1B6Lx/ZErW645ByiVMAjjwbg7e+75Fod7LK0E3yni1n/Oig/5Cb0x8p gEjWih8vVak59Qb5+Hzl4sMvoU6BZzLzZkjEs2zVo2cx1fnQQ9hLE/GNweZWeL9wfgjy +YCsGgLyVVHOTZxipbIv03WeOCHZh2DpZTDHdzHAw6z3Ss9iFO2+HBqXwmJLluyD2g3u L+Mo++HhuGGclc7abTdP5NwMVKTRKXl9hSW8HFMByIK6vZo6IX2ceIq8iIdlVPdSZ2jn 9DCUjIsaQtExSbZ8zKOSEnZ2pw6UJ7luD6kSEYB/O4d+YFIP/HWsgzy1bymHfog0f6Lb bcbw== X-Forwarded-Encrypted: i=1; AJvYcCWlW3NE2Wf22xBHrMKF3APkIFkWO006ywKqoz0cSbR9d5yT+I1KRqW3qSmUQg5FmQP4mLgBBXkQRXhU4zbuVglD+lj3gAY= X-Gm-Message-State: AOJu0YxzPs3edCcA51z5pjfpu4GtgjIwAevULU9PTK9iyGDnNllJjARc 9nx4ghCXmpA7Wgu0IjbhCAwzb6eZ6YWDNNbavC2kpX39fAXpZVtR X-Google-Smtp-Source: AGHT+IFDki+tnh9udPKZkcXgrnLZCts7+geF2NVQ+TAcNUN2DPXpg9j8GaNZv0k9moWgTJM4Bh+GRg== X-Received: by 2002:a05:6214:17c8:b0:69b:3aef:c08 with SMTP id cu8-20020a05621417c800b0069b3aef0c08mr2519830qvb.27.1713540245082; Fri, 19 Apr 2024 08:24:05 -0700 (PDT) Received: from hurd (dsl-10-134-76.b2b2c.ca. [72.10.134.76]) by smtp.gmail.com with ESMTPSA id a7-20020a0cca87000000b006969f5d3159sm1632583qvk.50.2024.04.19.08.24.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:24:04 -0700 (PDT) From: Maxim Cournoyer In-Reply-To: <87frviok4h.fsf@quic.us> (Abhishek Cherath's message of "Thu, 18 Apr 2024 09:50:22 -0400") References: <87cyqn1cxm.fsf@protonmail.com> <87frviok4h.fsf@quic.us> Date: Fri, 19 Apr 2024 11:24:03 -0400 Message-ID: <87il0dl6jw.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Abhishek Cherath writes: >> Perhaps combine with update for security issues as in >> https://issues.guix.gnu.org/70404 ? > > In this patch? No, patches should remain separated, but I think John meant combining as in merging at the same time, to avoid large rebuilds twice. -- Thanks, Maxim From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 18:54:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171355282521834 (code B ref 70446); Fri, 19 Apr 2024 18:54:04 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 18:53:45 +0000 Received: from localhost ([127.0.0.1]:59772 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxtMm-0005ft-2Z for submit@debbugs.gnu.org; Fri, 19 Apr 2024 14:53:45 -0400 Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135]:51350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxtMk-0005en-G0 for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 14:53:42 -0400 Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-516d487659bso2826529e87.2 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 11:53:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713552802; x=1714157602; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=e2ZOzbs0LTTwu4Re4KyMj1WwJEqH89O6MUwcGtJ7AP8=; b=kLqiqhAWQjn8PGVVocL37zz7wzB3koOgGHBYYSaAo64mzm4yVc1LeBGp8IhVmsqPdQ k/TQMTQEkkZhWf3iJiG3gKLyo6+64UmtoBjUh7sKUu6So+9y2+nL0/B28vWB6lZqt2MQ LX2PmeLXQWbwAT4fzstyOXgDluRkBYnxkZe0C5gTpqYJP22Co4haLpKxySFLOhal088C MyJVrjWMlga80dlJV+AQXfVxcr+K4m6e+0pp3rLmBi1F2hA8Nk9kiMhDl8qU6pjLBCrC jN5JZci/fnAK2QpYEb45sTUI9TlUozBfSCQTkV81ZZkmK6akojYI/E04lQo5iWmYingE NjCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713552802; x=1714157602; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=e2ZOzbs0LTTwu4Re4KyMj1WwJEqH89O6MUwcGtJ7AP8=; b=Hk1m7u5R+t1/ORUU4rldIf6Ds0r4qi8wk5xhGxe7JIKcThbYpUMcdLFb+C4G/ur6ex 6qK3IbQjlSYjwhkMuliL8EwWyFBLNgVAbQBiB/V1oEq+ShXX7HK1iigeM2oH6tfJ2vhX b0UfS5ovGR59dpwXX6roJQOHsr+UbOm+KpNBBqpEIaUA3SLbC/pm7VrPftDZK1drbBDl VhvVb7gNowhBvdlAeve/1Nnbvo3Y2Wt9MT7rKElwoAySG51mQBmSzd6EpRD1JJBaV1eo 485mQq/NWW0ia3p6BJFeGsldIO6RrKBFlh8PcosoeMTlJqmdmr6LuoGyEkhGKjifZypi RdHQ== X-Forwarded-Encrypted: i=1; AJvYcCUi2ctZfor4neg4eyR/ziYLV2owZKOfhEh1QyKpUubQ1xB1dftKHEyixkvKTc1nbCmnyPt4R0bGfAgEJwYhh0SBFtvgTaQ= X-Gm-Message-State: AOJu0Yw64t112flpY4aNQC+NH0rWp9K81naqer/EgM2hezjhxSDVhgr2 8/GGiLa9m9Zrgt+vREp1qcZgwK/2SyuRuQf4h1Vvxof30xE9BctW X-Google-Smtp-Source: AGHT+IF+U+6/0HsUsuDsR4fkG6AFPCJUa+y0UIM8d07jbwDCwaatsc2Rr7vskukvOwCqdaEArne6Aw== X-Received: by 2002:ac2:520a:0:b0:513:5a38:f545 with SMTP id a10-20020ac2520a000000b005135a38f545mr1857369lfl.62.1713552801898; Fri, 19 Apr 2024 11:53:21 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id b9-20020a0565120b8900b0051898448680sm814371lfv.261.2024.04.19.11.53.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 11:53:20 -0700 (PDT) Message-ID: From: Liliana Marie Prikler Date: Fri, 19 Apr 2024 20:53:19 +0200 In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Donnerstag, dem 18.04.2024 um 00:06 -0400 schrieb Abhishek Cherath: > * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: > Add @dridir@ and @localedir@ to bubblewrap gtk sandbox > Add ~/.guix-profile to bubblewrap gtk sandbox > * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the > 'configure-bubblewrap-store-directory' phase, also supply locale > and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch > template. >=20 > Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f > --- > apparently the space on the second line of the patch is significant, > doesn't apply otherwise Wrapping the entire user profile looks evil. Why? From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 20:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171355832531685 (code B ref 70446); Fri, 19 Apr 2024 20:26:01 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 20:25:25 +0000 Received: from localhost ([127.0.0.1]:60203 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxunV-0008Ex-EM for submit@debbugs.gnu.org; Fri, 19 Apr 2024 16:25:25 -0400 Received: from mta-08-4.privateemail.com ([198.54.122.147]:23661) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxunT-0008EZ-87 for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 16:25:24 -0400 Received: from mta-08.privateemail.com (localhost [127.0.0.1]) by mta-08.privateemail.com (Postfix) with ESMTP id 8FA6F18000A5; Fri, 19 Apr 2024 16:25:02 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713558302; bh=oqSXheGhNrMxY1OwpaQ9umwP2BPngVQbIVrJkZtQB3M=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=Jzly+wTYMxkNMB7yvDIJLk3oD/cvgbTjeSPDI5M5NRkYWOplParS8KKdKMr3rB3hz jJWZ6OSPGmv5v5v5NmmyCh2HlN6n6qT1kydFx2GQAS6ZK74gLDbGR58EEuVI4QjvhO pNMjMdfuiC1SjG1gceBHemn7lagTm9FNMKINogP2rlpXVR1sFp7GjTk1lr80PVd6uO WVAaZjlAJhkcvrh6ap9fpwXfa07wMNg9/+F0/3ycf5DPYbECp2d/O173ZLZWwzKAQk ekaLWS4MJ8XQRDcq4jDvuxpQwMpfE2GnT1SzkCoANyCnLwl6t0pWyw6YvjRt0AGATm 1KHyzsvd3Hhlw== Received: from [127.0.0.1] (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-08.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 16:24:58 -0400 (EDT) Date: Fri, 19 Apr 2024 16:24:56 -0400 From: Abhishek Cherath User-Agent: K-9 Mail for Android In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Could just add the locale and dri dir, but afaik the user profile is just s= tuff in the store, right? And the thing has access to the whole store anyho= w, so no change, right? From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 20:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17135589724020 (code B ref 70446); Fri, 19 Apr 2024 20:37:01 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 20:36:12 +0000 Received: from localhost ([127.0.0.1]:60251 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxuxv-00012j-Qc for submit@debbugs.gnu.org; Fri, 19 Apr 2024 16:36:12 -0400 Received: from mta-08-4.privateemail.com ([198.54.122.147]:28122) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxuxs-00011Q-Iz for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 16:36:10 -0400 Received: from mta-08.privateemail.com (localhost [127.0.0.1]) by mta-08.privateemail.com (Postfix) with ESMTP id 47D9D18000BB; Fri, 19 Apr 2024 16:35:48 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713558948; bh=Yo5YkkxWt4mhhhBzwTqDpym/B/hFiTet17szFjPK10M=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=EhS55yZt3wJodOaIuru7qi1HvHG4VZhDs51511ugt3e1YwsR00fZ6yyqv4cas8ZQs s3/Qex/Oc89yTq+ofGoxYpT3y7uARe0UTc8bJi1siYBur6JtsOCmi4kg/1xHmWDucn ko7I4cut+DEpaHLs8FtPtexkkQsBsIRjvCLeHECE0liGTMF+9Ul1qD8PPpd75WAGgo peAjlDMlwHZlXPhxujH2aHgOjpVirnR63qurzjCm0jfU/kzaO5fAysthYPGxyHwdut uw6zHa+jo2TFRxmc7MRHb2kQ7SnktPBCor/8w9CtoW7ruDiK4dxxc7vRP1sElyTMVr 7cl4eZnKgiuNA== Received: from [127.0.0.1] (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-08.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 16:35:44 -0400 (EDT) Date: Fri, 19 Apr 2024 16:33:11 -0400 From: Abhishek Cherath User-Agent: K-9 Mail for Android In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Message-ID: <3D95DA38-C7EE-4D2B-85C0-1E1BB9DBA42D@quic.us> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Will say, I thought it was kinda odd to begin with that it has access to th= e whole store, though=2E=20 On 19 April 2024 4:24:56=E2=80=AFpm GMT-04:00, Abhishek Cherath wrote: >Could just add the locale and dri dir, but afaik the user profile is just= stuff in the store, right? And the thing has access to the whole store any= how, so no change, right? From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 21:20:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171356159624582 (code B ref 70446); Fri, 19 Apr 2024 21:20:05 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 21:19:56 +0000 Received: from localhost ([127.0.0.1]:60436 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxveE-0006O2-D0 for submit@debbugs.gnu.org; Fri, 19 Apr 2024 17:19:55 -0400 Received: from mail-ej1-x641.google.com ([2a00:1450:4864:20::641]:59624) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxveD-0006N8-1k for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 17:19:53 -0400 Received: by mail-ej1-x641.google.com with SMTP id a640c23a62f3a-a52223e004dso236337066b.2 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 14:19:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713561572; x=1714166372; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=zINkMptG1MCQPHZ9d7mJFVjqmLVC+91ktJEO7RObAik=; b=V2HACdY1fDWAfCb1w97ZSDj9Ps0ow+EVFqkZ/F6sf4HpuHREl+yR0iv+4aVTT+nKHg pAshUFMainBV7wv6uT1BRExmIJooRsb7NJCjjQrFPet0NqpYHdXQGwTpMZb2IY9W2e+x spW+/SgiOfR5M6WEUqV1QCz+Dztvda9n5JbIzoh1MZh2FQzp7Xsd/zMyVuDlk6VSVwyY 0Dy1fCGpInbtvHMvCeebFGO9dhiAxok8pSyiR0AVRFubauCB0Oyl1Fiz8wf2PFxnhBZU ICjxnZbCock6g+nZerFR5wqx8l7YxeOVFqbT99SnnYCOFijbiIfr8dn3ZygPl4CzwngL mn9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713561572; x=1714166372; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=zINkMptG1MCQPHZ9d7mJFVjqmLVC+91ktJEO7RObAik=; b=NQ9+MR354GY6HhViM1nch0oCKWy1ey0OINwRixwdM583DvDmmR9cEP/5EN0Wnn+/iQ WPsZm6j3jvK/8B/rm8VslgTDFkIwu0Ip/lfgVNPk5+BO4c5itRqAgt81nbafX9F/d10H MOcLvehfT3IsidfoRvbThb2GqkDaPRS0ZWX/yNJoO1WTn9fX8+Tq0WpvTsRTeUJmgXR0 RwtZtk43hklT+Cu3w/rNEp4AjrM8uAjDRQs6B3ELAGnnQ7jrFGbRim9zZa5iEb6PHNyl aptDUFocOvY1neUTmCfeW4ZsiyLj2D3ByOAYZHQoBIZq5AElzCpxWb9QPCRFz5oTIpnS 8FEQ== X-Forwarded-Encrypted: i=1; AJvYcCVAymSj78SrUt6yhDgKMC/rf+GW8iMN/U0h9/AVgcfiJFod8Pt9jcSJKZTb6jOH/p50tLLEL2NV7MPNGl4yR8J4BWUJy3c= X-Gm-Message-State: AOJu0YxI3eAXE6bQk2pZqddLnLgqYWUcSNCY+USXnU7KgVxHr09tK5O0 rWubGHQqS4B5OGZfyImQ03AmM94vVTqXmoVaIQq8B5s0Fn5DRo9o X-Google-Smtp-Source: AGHT+IEdEa+32o7qc0slgvMzyCcnxqifmlN+8E33cpfkdmMu0RXZuK5TLj0+3CotaQ+2uyR4nu323Q== X-Received: by 2002:a17:906:6d54:b0:a55:7837:b546 with SMTP id a20-20020a1709066d5400b00a557837b546mr2775770ejt.57.1713561572322; Fri, 19 Apr 2024 14:19:32 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id l22-20020a1709065a9600b00a51b5282837sm2648376ejq.15.2024.04.19.14.19.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 14:19:31 -0700 (PDT) Message-ID: From: Liliana Marie Prikler Date: Fri, 19 Apr 2024 23:19:27 +0200 In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Freitag, dem 19.04.2024 um 16:24 -0400 schrieb Abhishek Cherath: > Could just add the locale and dri dir, but afaik the user profile is > just stuff in the store, right? And the thing has access to the whole > store anyhow, so no change, right? The user dir *is* just stuff in the store, but it is particularly stuff in the store that's linked to the currently logged-in user. That is, you're giving the sandbox extra information by exposing it, and I don't think it'd be solely (or even largely) useful for beneficial purposes. Cheers From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 21:58:12 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17135638769317 (code B ref 70446); Fri, 19 Apr 2024 21:58:12 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 21:57:56 +0000 Received: from localhost ([127.0.0.1]:60594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEu-0002PM-Us for submit@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:55 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:11482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwEp-0002NG-2o for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 17:57:46 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id 757FE1800144; Fri, 19 Apr 2024 17:57:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713563842; bh=AHNzBdNsSR1jjvIk8kUT73LD40mHndjeoLTzwPwlhms=; h=From:To:Cc:Subject:Date:From; b=OtQUhi6/4G5aGfTjlEqR4+Ykw58TKOT3CrhnHL13WqqmrDOTdPKQOJhGoo9Fqr2z+ OtE4Bw02mTh4YbU+FV6bI/7mQSNV96PLMjH7x1ZFqh5XvZLGhiDuZvspA7+gfDEasb xa4zf1cv9yNgyrsBjf92I8ejCIcZ19s12aQdEXiG9Oqbnp+tY2HDkV3MqQDVf+iYbL PmjNbhdbkOZVAcom+xxFvl23i/GIAOMV26KOX+SCqXutBXLEAosbnfn2I6L/chsNtN O8y+iWW2fjoQqO0q7EN8EMgyhTD06p6YMjcTfQe12QmCQJ0kPX5zI8FEeCCKW+63zV DB95vxyZM15MQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 17:57:20 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id fe1c0342; Fri, 19 Apr 2024 21:57:19 +0000 (UTC) From: Abhishek Cherath Date: Fri, 19 Apr 2024 17:55:11 -0400 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile/lib/dri and ~/.guix-profile/share/locale to bubblewrap gtk sandbox. * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f --- Only shares user profile locale and dri folders. .../webkitgtk-adjust-bubblewrap-paths.patch | 33 +++++++++++++++++-- gnu/packages/webkit.scm | 11 ++++++- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..0cf1498b92 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,22 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share locale and dri directories (user and system.) This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,6 +765,9 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* userDriDir = g_strconcat(homeDir, "/.guix-profile/lib/dri", NULL); ++ char* userLocaleDir = g_strconcat(homeDir, "/.guix-profile/share/locale", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,28 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +44,22 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the locales in profile ++ "--ro-bind-try", userLocaleDir, userLocaleDir, ++ ++ // Bind mount the dri dir in profile ++ "--ro-bind-try", userDriDir, userDriDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(userLocaleDir); ++ free(userDriDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v2] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 22:01:11 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171356403010672 (code B ref 70446); Fri, 19 Apr 2024 22:01:11 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 22:00:30 +0000 Received: from localhost ([127.0.0.1]:60610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwHT-0002m2-9z for submit@debbugs.gnu.org; Fri, 19 Apr 2024 18:00:29 -0400 Received: from mta-07-3.privateemail.com ([198.54.118.214]:21750) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwHM-0002kw-T1 for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 18:00:24 -0400 Received: from mta-07.privateemail.com (localhost [127.0.0.1]) by mta-07.privateemail.com (Postfix) with ESMTP id 0462B1800153; Fri, 19 Apr 2024 18:00:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713564001; bh=t4gBPVXwq/TYBc9cMayr5xP3reXkIEH6b1wjGYqPbOw=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=CdXe5eaKBG0NPfjdwoOk+f7C2bkhjgnvP2zJJs19pLNWvgSRcMKO9MTFP7sjpfrFR qRkQS8YP/V3DdkPRP5/m4y45BkCH0qDSVhi8rXcfiI7a9RL2cYtoR5Smq+EqghzVpw AHvdAtWweGFLtcM6slim3VD9wFCN85KGKQo9jlcQFSo9zIMXLWs1xU4JIIkGJHhBSe p/R69Sv5vIqsgB9Lr8xa9NFZRfjDhZBV4LDVYZAOGtkNcZnz5dKdfCq8ZjuwT526S8 yx4RjSNEVTiDW1oYywD8xr5kcsqVnCt2GSb8+B2w+Hlo4ALwSaET/7tDlGgKuf58bw lvZyF1fOvFfdQ== Received: from [127.0.0.1] (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-07.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 17:59:57 -0400 (EDT) Date: Fri, 19 Apr 2024 17:59:55 -0400 From: Abhishek Cherath User-Agent: K-9 Mail for Android In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Message-ID: <0DD9A42F-CB08-4055-9255-706D8172E523@quic.us> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) That makes sense=2E I've modified the patch and sent a v3=2E I only used the profile path instead of the specific paths because it's th= e first thing I got working, and I figured there wasn't really anything sen= sitive in the profile anyway=2E From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Apr 2024 22:45:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171356667429836 (code B ref 70446); Fri, 19 Apr 2024 22:45:04 +0000 Received: (at 70446) by debbugs.gnu.org; 19 Apr 2024 22:44:34 +0000 Received: from localhost ([127.0.0.1]:60783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwy6-0007lA-1h for submit@debbugs.gnu.org; Fri, 19 Apr 2024 18:44:33 -0400 Received: from mail-lj1-x243.google.com ([2a00:1450:4864:20::243]:45071) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxwxv-0007jb-Ep for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 18:44:26 -0400 Received: by mail-lj1-x243.google.com with SMTP id 38308e7fff4ca-2dcbcfe11f8so14336721fa.2 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 15:44:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713566639; x=1714171439; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=6yej2PQSc7goJ8gIO6+HO0Iem7tsBfm8oUiPxUI9QLY=; b=FQcZCgRpO0vEZaNexNML3HRBOKBbcSW0lWks/zK4thf1o6BN1oirbT/mZwQJdxmVyC GtQ+tnIJXZ4ZwGEXkP0ROemoTFyrY1jDNyseLzaL9bSU/S40ixKgAGhtTy6w7me606DH utd7ywhxrBDRx1cgML5+38DR274pPoFaliQLuU7Y3GwkvCicpEWDWupZ+25UdlyPByWA lKJd8SZTDDeW/qtrlG6OXxVkxDuRAu5QDyRJs6Ns2LR7oOAnlCTBy7yaMQu0hwgi7xIq G+CLrNixI80QS4hiQZ1C2UkX3pAoiqUt3oGAZv3kOwu6HgB52TPoEs+hq6Tqcu0EjNae h5/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713566639; x=1714171439; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=6yej2PQSc7goJ8gIO6+HO0Iem7tsBfm8oUiPxUI9QLY=; b=WggBMxyLUI0EMTNbu5oACvuXpvPXCYwe069qDsjHsnOaq9bO93OHj0Q/l/kHLvVqMF ZYfssyrQ49D7MFNn0CB4Q4Xmfkuspu7GnbqkAOr+p8stuuOVlwPmtOgxSLu/S8ZhP9CN ZvzkPC8mF9T4CsVd0AwNpGHDbRe7j46zMfRt8sBETlkM4lMsm4OfVt6pU7n1IPb52RZf TWAJMIq52SS+YFncPEf+vvjUoV9K2uw+6GdoLiZtb2Z7YKPdWpugExMA8MUdJUfjGmsB 3ajmHBrUSwfl+zJ/lLLpcpqMiKTlZhbszprX8zogXUD9Zyj+B7TF64Kch8LgLiwVn1a2 OMdA== X-Forwarded-Encrypted: i=1; AJvYcCWvjDHkfQxhWAXWwsjVmhf7DD/Fx+Yf8DeHUQPKt1eKY4W14fi98Y+Tsl462OP5bn9WbKuPE6YQXrxn9Az3Iizwnls9pzs= X-Gm-Message-State: AOJu0YzOr8Yfr17bcA1702bKa63NTzQNJRnUL9Omt9tlfi8w0jmtG7va 0VBt7rO3doapLQwHnsYSZruf/gjGUc5FSTyA3GXBXJF/XpwohxyJ X-Google-Smtp-Source: AGHT+IEv/jJ3sp40ypOV1ah3QtKCkDQEVFUFjaoEEOTfOlVqogDOZRV7kVw9JUyLiGaaqKVJzzE1rA== X-Received: by 2002:a2e:7006:0:b0:2d8:6725:e9c3 with SMTP id l6-20020a2e7006000000b002d86725e9c3mr2816350ljc.36.1713566638611; Fri, 19 Apr 2024 15:43:58 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id u20-20020aa7d994000000b005700fa834acsm2601518eds.45.2024.04.19.15.43.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 15:43:58 -0700 (PDT) Message-ID: <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> From: Liliana Marie Prikler Date: Sat, 20 Apr 2024 00:43:56 +0200 In-Reply-To: References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Freitag, dem 19.04.2024 um 17:55 -0400 schrieb Abhishek Cherath: > * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: > Add @dridir@ and @localedir@ to bubblewrap gtk sandbox > Add ~/.guix-profile/lib/dri and ~/.guix-profile/share/locale > to bubblewrap gtk sandbox. >=20 > * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the > 'configure-bubblewrap-store-directory' phase, also supply locale > and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch > template. >=20 > Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f > --- > Only shares user profile locale and dri folders. >=20 > =C2=A0.../webkitgtk-adjust-bubblewrap-paths.patch=C2=A0=C2=A0 | 33 > +++++++++++++++++-- > =C2=A0gnu/packages/webkit.scm=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 | 11 ++++++- > =C2=A02 files changed, 40 insertions(+), 4 deletions(-) >=20 > diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap- > paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap- > paths.patch > index 18ddb645ad..0cf1498b92 100644 > --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch > +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch > @@ -1,11 +1,22 @@ > =C2=A0Share /gnu/store in the BubbleWrap container and remove FHS mounts. > +Also share locale and dri directories (user and system.) > =C2=A0 > =C2=A0This is a Guix-specific patch not meant to be upstreamed. > =C2=A0diff --git > a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp > b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp > -index f0a5e4b05dff..88b11f806968 100644 > +index 99395d6..3604730 100644 > =C2=A0--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp > =C2=A0+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp > -@@ -854,27 +854,12 @@ GRefPtr > bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces > +@@ -765,6 +765,9 @@ GRefPtr > bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return adoptGRef(g_subp= rocess_launcher_spawnv(launcher, > argv, error)); > +=20 > +=C2=A0=C2=A0=C2=A0=C2=A0 const char* runDir =3D g_get_user_runtime_dir()= ; > ++=C2=A0=C2=A0=C2=A0 const char* homeDir =3D g_get_home_dir(); > ++=C2=A0=C2=A0=C2=A0 char* userDriDir =3D g_strconcat(homeDir, "/.guix- > profile/lib/dri", NULL); > ++=C2=A0=C2=A0=C2=A0 char* userLocaleDir =3D g_strconcat(homeDir, "/.guix= - > profile/share/locale", NULL); > +=C2=A0=C2=A0=C2=A0=C2=A0 Vector sandboxArgs =3D { > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--die-with-parent", > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--unshare-uts", > +@@ -786,28 +788,28 @@ GRefPtr > bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind", "/sys= /dev", "/sys/dev", > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind", "/sys= /devices", "/sys/devices", > =C2=A0=20 > @@ -33,6 +44,22 @@ index f0a5e4b05dff..88b11f806968 100644 > =C2=A0+ > =C2=A0+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // Bind mount the store= inside the WebKitGTK sandbox. > =C2=A0+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind", "@storedir= @", "@storedir@", > ++ > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // Bind mount the locales in= profile > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userLocaleD= ir, userLocaleDir, > ++ > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // Bind mount the dri dir in= profile > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userDriDir,= userDriDir, For reference, why are these two needed here? Can't we do this with the locales and drivers referenced below? Should we perhaps expand GUIX_LOCPATH here? > ++ > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // This is needed for locale= s if not in profile > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", "@localedir= @", "@localedir@", > ++ > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // This is needed for video = hardware acceleration (va-api) > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // via /lib/dri if not in pr= ofile > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", "@dridir@",= "@dridir@", > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 }; > ++=C2=A0=C2=A0=C2=A0 free(userLocaleDir); > ++=C2=A0=C2=A0=C2=A0 free(userDriDir); > =C2=A0=20 > -=C2=A0=C2=A0=C2=A0=C2=A0 if (launchOptions.processType =3D=3D > ProcessLauncher::ProcessType::DBusProxy) { > +=C2=A0=C2=A0=C2=A0=C2=A0 if (enableDebugPermissions()) { > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 const char* dataDir =3D= g_get_user_data_dir(); > diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm > index bf24a65e83..a0d04f31d3 100644 > --- a/gnu/packages/webkit.scm > +++ b/gnu/packages/webkit.scm > @@ -8,6 +8,7 @@ > =C2=A0;;; Copyright =C2=A9 2019 Marius Bakke > =C2=A0;;; Copyright =C2=A9 2021, 2022, 2023 Maxim Cournoyer > > =C2=A0;;; Copyright =C2=A9 2022, 2023 Efraim Flashner > +;;; Copyright =C2=A9 2024 Abhishek Cherath > =C2=A0;;; > =C2=A0;;; This file is part of GNU Guix. > =C2=A0;;; > @@ -190,7 +191,15 @@ (define-public webkitgtk > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 (let ((store-directory (%store-directory))) > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 (substitute* > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (("@storedir@") store-directory))))) > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (("@storedir@") store-directory) > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; this adds access to drivers for va-api > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; for hardware accelerated video > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (("@dridir@") "/run/current- > system/profile/lib/dri") > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; this silences gtk locale errors > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; Unfortunately, simply bind mounting > /run/current-system > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; does not work since it leads to weird iss= ues > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;; with symlinks that confuse bubblewrap. > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (("@localedir@") "/run/current-system/locale= "))))) > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (add-after '= unpack 'do-not-disable-new-dtags > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = ;; Ensure the linker uses new dynamic tags as this is > what Guix > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = ;; uses and validates in the validate-runpath phase. >=20 > base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 Note that any item you add here which references the user home will fail to be loaded correctly when using `guix shell' in a way that hides it; or even just using `guix shell' normally with a user who doesn't have the hardware-accelerated drivers in their home. For system paths, this is somewhat different, since we can more or less expect them to exist and mirror the layout of other distros to some extent. Cheers From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 00:23:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171357256411996 (code B ref 70446); Sat, 20 Apr 2024 00:23:06 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 00:22:44 +0000 Received: from localhost ([127.0.0.1]:32935 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxyV7-00037Q-26 for submit@debbugs.gnu.org; Fri, 19 Apr 2024 20:22:43 -0400 Received: from mta-14-3.privateemail.com ([198.54.127.110]:31927) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxyV2-00036N-CL for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 20:22:38 -0400 Received: from mta-14.privateemail.com (localhost [127.0.0.1]) by mta-14.privateemail.com (Postfix) with ESMTP id 98C3918000E1; Fri, 19 Apr 2024 20:22:15 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713572535; bh=thwK0VhULm3bc45q9r++USEIvvsc+8rUUmacrcW86Yk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=AsN7VW6jc8KF1vzLYmhwBOWqAsFPPbmFRNkEUeOR5rsbHj4sLvtIldX7bLTYhZpfe bzA5kP7EnbGX+yTC/dTJ6TGlVCLgSwgXGZqHlIL5HiLe7K/YayCkOOCVRejUCPWo5d uwZpokA3sCK5UvttafLHPMxixg0HRqs8+0Ac6CGxMMJ8IghIbfXnktX6IqNnUMZE8H gOTZf5ggqAqUUCewc4XfnbMTpDmbUPhhXoEaTu4ONFyPIppX2b4gXVJjT2ob3ZdqU9 nl3HcJ5VIGThN0x0HVY0ga3QwEi9FUKorasVUPkCqYpMvTONY/g5OeXbRHXGxg93YC CS7HmXAiwtgFA== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-14.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 20:22:10 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 346396c6; Sat, 20 Apr 2024 00:22:09 +0000 (UTC) From: Abhishek Cherath In-Reply-To: <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> (Liliana Marie Prikler's message of "Sat, 20 Apr 2024 00:43:56 +0200") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> Date: Fri, 19 Apr 2024 20:22:08 -0400 Message-ID: <871q70993j.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, >> ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userLocale= Dir, userLocaleDir, >> ++ >> ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // Bind mount the dri dir i= n profile >> ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userDriDir= , userDriDir, > For reference, why are these two needed here? Can't we do this with > the locales and drivers referenced below? Should we perhaps expand > GUIX_LOCPATH here? Initially, I only had the system paths below those. I added these so that people could have hardware accel by only installing the required drivers in their local profiles (as recommended in 69971, unless I entirely misunderstood) I'm afraid I don't really know what adding stuff to GUIX_LOCPATH would do. That's for foreign distros, correct? To reiterate, The locale problem here is that the bubblewrapped process doesn't have access to the locales, without which it throws warnings. > Note that any item you add here which references the user home will > fail to be loaded correctly when using `guix shell' in a way that hides > it; or even just using `guix shell' normally with a user who doesn't > have the hardware-accelerated drivers in their home. For system paths, > this is somewhat different, since we can more or less expect them to > exist and mirror the layout of other distros to some extent. Hmm, since it's in an ro-bind-try, that'll cause the drivers not to work, and fall back to trying the system drivers. Is there a better solution you could recommend? Yours sincerely, Abhishek Cherath. From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 00:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171357365019997 (code B ref 70446); Sat, 20 Apr 2024 00:41:02 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 00:40:50 +0000 Received: from localhost ([127.0.0.1]:33007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxymf-0005CT-GN for submit@debbugs.gnu.org; Fri, 19 Apr 2024 20:40:49 -0400 Received: from mail-lf1-x143.google.com ([2a00:1450:4864:20::143]:49166) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxymc-0005CN-R0 for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 20:40:47 -0400 Received: by mail-lf1-x143.google.com with SMTP id 2adb3069b0e04-516d1ecaf25so3381390e87.2 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 17:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713573626; x=1714178426; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=hEp2+liNJ833KFO49/Zc9ifqMK/23EwhKufjna9UDeQ=; b=EToU7RAC5Z1wDh4VNzuwK5qSefPuR0bBrGM00woAXvP2Tz2udNGvd7rJQRtyt4Zdi1 KtxPXmnrtrblp561RDi3mCjQTYmhOkmyRbXcxGm7Ew95MqDL55+/H3xBNxmHt8Amlsz2 KNnyM/d5/BItaIuN/H7VoGkNcVpqGJmgCNzJVRbZsYJAl9tSh5eihlXXA/xzRdHImxfe I2jqP+Q+PWNA1g8/CmbOAU/LEH2kcR5lUvO3EFBxZ9wylzgi0fNgUe6F67XRufh7O/9U A+N/erIOTpv/dQBL3FKRJkRQMgWYLX+DO0EnvYNUpqRO7wI3KMhTCLmcQjuFmhqjI+sE 83yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713573626; x=1714178426; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hEp2+liNJ833KFO49/Zc9ifqMK/23EwhKufjna9UDeQ=; b=w/B1zv1GHDHFEplQbOD/1a/GRdPdWXD9yJ2WyXH+zyRTjGcmPfPdOWTp4/TSJZ2W0v 09lmuajqzZK3QeJRLIPFlpF77kQ+8JSjR4LBfr76M7fA0vSy3yjjmXdKEaVmgEVJYXvA Xxv4AUfnAiW9AtqiL2+qZUtv/Wo9xevAdCN5e5c44zY6a/jqhndZo2T7vPxL25elKPEB yP61YUT5PxrdAq5AzQ9AkpPyT1qDN08FSOgrIkPTYVziMhyaQuAUmzBvMq6qERJ/FAwH n1TAc/pDntWv0pK3v6Jeiwjmt2biSH3iBlCIPHm2Pq4V3HBbCnDGdp/knc93r9p8DKCj SwaA== X-Gm-Message-State: AOJu0YwUkWNK17Cv6S/jhnkQKfiHYGg26JCmvagW6UmXFtNxtB5sOvIj mQvAbwNZUq5zN80jL0A6IPEQmZLibt6X7Q6LLUa1MqTrxuN/khPj X-Google-Smtp-Source: AGHT+IEWAJKDgiRHZKvdFC89M/FPwaBYgAHaV/uDe5820S3B5hlIqLnyfWi3wj97y6HV7DNye87h/A== X-Received: by 2002:a19:ca4c:0:b0:513:cfbc:970a with SMTP id h12-20020a19ca4c000000b00513cfbc970amr2105084lfj.2.1713573626065; Fri, 19 Apr 2024 17:40:26 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id qu20-20020a170907111400b00a5242ec4573sm2732051ejb.29.2024.04.19.17.40.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 17:40:25 -0700 (PDT) Message-ID: From: Liliana Marie Prikler Date: Sat, 20 Apr 2024 02:40:23 +0200 In-Reply-To: <871q70993j.fsf@quic.us> References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> <871q70993j.fsf@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Freitag, dem 19.04.2024 um 20:22 -0400 schrieb Abhishek Cherath: > Hello, >=20 > > > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userLoc= aleDir, userLocaleDir, > > > ++ > > > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // Bind mount the dri di= r in profile > > > ++=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind-try", userDri= Dir, userDriDir, > > For reference, why are these two needed here?=C2=A0 Can't we do this > > with the locales and drivers referenced below?=C2=A0 Should we perhaps > > expand GUIX_LOCPATH here? >=20 > Initially, I only had the system paths below those. I added these > so that people could have hardware accel by only installing the > required drivers in their local profiles (as recommended in 69971, > unless I entirely misunderstood) Ah, yes, Maxim did mention this, but yeah, non-static paths are NG (nogood) here. There really is no reason that those paths ought to exist or be useful in a container, for example. > I'm afraid I don't really know what adding stuff to GUIX_LOCPATH > would do. That's for foreign distros, correct? To reiterate, The > locale problem here is that the bubblewrapped process doesn't have > access to the locales, without which it throws warnings. Adding stuff *from* GUIX_LOCPATH, the idea being that this is where we already advocate locales be put. > > Note that any item you add here which references the user home will > > fail to be loaded correctly when using `guix shell' in a way that > > hides it; or even just using `guix shell' normally with a user who > > doesn't have the hardware-accelerated drivers in their home.=C2=A0 For > > system paths, this is somewhat different, since we can more or less > > expect them to exist and mirror the layout of other distros to some > > extent. >=20 > Hmm, since it's in an ro-bind-try, that'll cause the drivers not to > work, and fall back to trying the system drivers. Is there a better > solution you could recommend? Unless a hard dependency on Mesa is appropriate (which we'd have to confirm), I think just rolling with the system ones is okay. Cheers=20 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 01:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171357801620807 (code B ref 70446); Sat, 20 Apr 2024 01:54:02 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 01:53:36 +0000 Received: from localhost ([127.0.0.1]:33310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxzv4-0005PK-5x for submit@debbugs.gnu.org; Fri, 19 Apr 2024 21:53:35 -0400 Received: from mta-12-4.privateemail.com ([198.54.127.107]:20093) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxzuz-0005Nq-9l for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 21:53:31 -0400 Received: from mta-12.privateemail.com (localhost [127.0.0.1]) by mta-12.privateemail.com (Postfix) with ESMTP id 9135C180034B; Fri, 19 Apr 2024 21:53:08 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713577988; bh=+ow94W2L/K51+NL8gjUZ5Cno0iFlTHU/VYObErcHrE4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=DDOPp4dHf+HcY1+Mnhkfcn5XzVhprh46wHh7PaZTMpJw3yipOQZChZH3y+wTrZApy 1eeqrNVCchALh6RIPM5yq/atKmw1MlkLdGL13qtNTSUxjZEWxwP3t69Lc0YdQRw9Jn i/4Hi6pTKjeH3rAiqZMtwG2H6OCOyjP6YhsfSpc5bg4FQG9bejpLMwW5nXgNTb2uB6 nj2jLpKvHgLWaukbBiV3GnxPQBbqgWpiBS1BVxywBgOOv9hM+JG4uR5NjuQZmya+5S WQGRXFzV887JRCCwmM4fYcfmqwvqclPIJeJmkM6/CNKnCmPsW/Y/gH3+/Ye0OcRazR vwnmmPj9uDElg== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-12.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 21:53:00 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id b0bd1ee9; Sat, 20 Apr 2024 01:52:58 +0000 (UTC) From: Abhishek Cherath In-Reply-To: (Liliana Marie Prikler's message of "Sat, 20 Apr 2024 02:40:23 +0200") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> <871q70993j.fsf@quic.us> Date: Fri, 19 Apr 2024 21:52:58 -0400 Message-ID: <87o7a47qbp.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Liliana Marie Prikler writes: >> Initially, I only had the system paths below those. I added these >> so that people could have hardware accel by only installing the >> required drivers in their local profiles (as recommended in 69971, >> unless I entirely misunderstood) > Ah, yes, Maxim did mention this, but yeah, non-static paths are NG > (nogood) here. There really is no reason that those paths ought to > exist or be useful in a container, for example. > Gotcha. >> I'm afraid I don't really know what adding stuff to GUIX_LOCPATH >> would do. That's for foreign distros, correct? To reiterate, The >> locale problem here is that the bubblewrapped process doesn't have >> access to the locales, without which it throws warnings. > Adding stuff *from* GUIX_LOCPATH, the idea being that this is where we > already advocate locales be put. I see, so something along these lines? ```C const char* guixLocPath =3D g_getenv("GUIX_LOCPATH"); char** locPaths =3D NULL; if (guixLocPath !=3D NULL) { locPaths =3D g_strsplit(guixLocPath,':', 4096); for (int i =3D 0; i < g_strv_length(locPaths); i++) { sandboxArgs.appendVector(Vector({ "--ro-bind", *locPaths[i], *locPaths[i] })); } g_strfreev(locPaths); } ``` >> > Note that any item you add here which references the user home will >> > fail to be loaded correctly when using `guix shell' in a way that >> > hides it; or even just using `guix shell' normally with a user who >> > doesn't have the hardware-accelerated drivers in their home.=C2=A0 For >> > system paths, this is somewhat different, since we can more or less >> > expect them to exist and mirror the layout of other distros to some >> > extent. >>=20 >> Hmm, since it's in an ro-bind-try, that'll cause the drivers not to >> work, and fall back to trying the system drivers. Is there a better >> solution you could recommend? > Unless a hard dependency on Mesa is appropriate (which we'd have to > confirm), I think just rolling with the system ones is okay. Sounds good to me! Will send v4 with just that. From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 02:52:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171358150414700 (code B ref 70446); Sat, 20 Apr 2024 02:52:03 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 02:51:44 +0000 Received: from localhost ([127.0.0.1]:33533 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ry0pL-0003on-6q for submit@debbugs.gnu.org; Fri, 19 Apr 2024 22:51:43 -0400 Received: from mail-ej1-x642.google.com ([2a00:1450:4864:20::642]:61778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ry0pJ-0003nq-P9 for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 22:51:42 -0400 Received: by mail-ej1-x642.google.com with SMTP id a640c23a62f3a-a4702457ccbso292670266b.3 for <70446@debbugs.gnu.org>; Fri, 19 Apr 2024 19:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713581481; x=1714186281; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=E5CZ0xRE0UNNGQZ6151I4cVb3+fprIwBCScJHnqU3nQ=; b=lKBmjPOJHiXSChJcjptJNXZ6ucJccZtWJCfbYlaoOsWJhGvDurwZe39ET9j9DmH1Z2 WCHEp8bX9O/Qno+4F6MvqBE/0xQjQ/qjMnrpk+gVs7bS3tOX981+j9prgqeWl/qylhhU /I2D9UqZcjBeLgTF0ZW9n331jiJD3KyiRnXzIJVIf133TeUGKjcwNqv7sWsT6LM8XtOj zZtoL2Xck5UljSoawRsCOOctZi3dhvqOcTRw1iSYEcxcBwsmc4whamrB/NguAnbgNVH3 6X9VPgRLth8lxqn++QdNRIqwAbf8YgkbnZu7jrzSymmo+xWGvFElMDj6wyCmt1Twzt4N uBDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713581481; x=1714186281; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=E5CZ0xRE0UNNGQZ6151I4cVb3+fprIwBCScJHnqU3nQ=; b=EoOZiZjShXzsIdp2Ccn5Rzov2rVr5nFljt39CVbL5r0YXeKzVOmIgeTgaBdUCEd4j5 tPuxO68+24muSl4Lp179eIpc7JzZkBcAWB39q3/h+t602XeLrWIddOUOktEiSBBpQQD7 C1oq790VS9cGQqozF7TcXMldSJp7fcGdaVAdR/za1rMzKDGM21llNJVxKfsBAca3nL/t Z39s4R6twueOxVXQC5xA3yZeQBJaINubRlFCt0MhC/ArX1lvyDHACbVr51ANzydNihl4 NzMwHSaSJc+ZOP7g8TJpfun+S2QvX0bsdGty4qgT+ulDKolXORzMsPhLNvxtqCk/ZYXm Rsbg== X-Gm-Message-State: AOJu0Yy6MG5yn+T7P+MVNYzFUtbJhp1Vtp+ufPr//spnfc+dJNN3ItAp 0E1oU08/G3f/kfo4Avl5pQi4Vc1QdKQ02sljg7RLV85pwY7vadBZ X-Google-Smtp-Source: AGHT+IFaGvRf/T3aAsFl4YYwAEZEGU1v2SLiX6L6TcGsQjhCjtx82cMgo688ZrMqLzDp8wuphd93zQ== X-Received: by 2002:a17:906:1e4c:b0:a55:6507:6a35 with SMTP id i12-20020a1709061e4c00b00a5565076a35mr2202552ejj.49.1713581481200; Fri, 19 Apr 2024 19:51:21 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id z13-20020a17090655cd00b00a4739efd7cesm2891892ejp.60.2024.04.19.19.51.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 19:51:20 -0700 (PDT) Message-ID: From: Liliana Marie Prikler Date: Sat, 20 Apr 2024 04:51:10 +0200 In-Reply-To: <87o7a47qbp.fsf@quic.us> References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> <871q70993j.fsf@quic.us> <87o7a47qbp.fsf@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Freitag, dem 19.04.2024 um 21:52 -0400 schrieb Abhishek Cherath: >=20 > Hello, >=20 > Liliana Marie Prikler writes: >=20 > > > Initially, I only had the system paths below those. I added these > > > so that people could have hardware accel by only installing the > > > required drivers in their local profiles (as recommended in > > > 69971, > > > unless I entirely misunderstood) > > Ah, yes, Maxim did mention this, but yeah, non-static paths are NG > > (nogood) here.=C2=A0 There really is no reason that those paths ought t= o > > exist or be useful in a container, for example. > >=20 >=20 > Gotcha. >=20 > > > I'm afraid I don't really know what adding stuff to GUIX_LOCPATH > > > would do. That's for foreign distros, correct? To reiterate, The > > > locale problem here is that the bubblewrapped process doesn't > > > have > > > access to the locales, without which it throws warnings. > > Adding stuff *from* GUIX_LOCPATH, the idea being that this is where > > we already advocate locales be put. >=20 > I see, so something along these lines? > ```C > const char* guixLocPath =3D g_getenv("GUIX_LOCPATH"); > char** locPaths =3D NULL; > if (guixLocPath !=3D NULL) { > =C2=A0=C2=A0 locPaths =3D g_strsplit(guixLocPath,':', 4096); > =C2=A0=C2=A0 for (int i =3D 0; i < g_strv_length(locPaths); i++) { > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sandboxArgs.appendVector(Vector({ > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "--ro-bind", *locPaths[i], *lo= cPaths[i] > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 })); > =C2=A0=C2=A0 } > =C2=A0=C2=A0 g_strfreev(locPaths); > } > ``` You can (and arguably should) use C++ semantics, and should not attempt to hardcode any magic numbers here. Historically, there used to be more patches to deal with e.g. fonts, try to check if a procedure by the name "bindIfExists" can still be found in the Webkit source. Cheers From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v4] gnu: webkitgtk: Add access to system locale path and to paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video. References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> In-Reply-To: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 13:51:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70446@debbugs.gnu.org Cc: Abhishek Cherath , Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17136210091656 (code B ref 70446); Sat, 20 Apr 2024 13:51:07 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 13:50:09 +0000 Received: from localhost ([127.0.0.1]:36426 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryB6T-0000Q4-2X for submit@debbugs.gnu.org; Sat, 20 Apr 2024 09:50:08 -0400 Received: from mta-10-4.privateemail.com ([198.54.122.149]:9745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryB6N-0000OX-59 for 70446@debbugs.gnu.org; Sat, 20 Apr 2024 09:50:02 -0400 Received: from mta-10.privateemail.com (localhost [127.0.0.1]) by mta-10.privateemail.com (Postfix) with ESMTP id 40C6C18000AF; Sat, 20 Apr 2024 09:49:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713620978; bh=2kem6GbuluofU8uK56M6Yb4KmSgwxMpB8SNZvCea/xI=; h=From:To:Cc:Subject:Date:From; b=ZjHNAojh3YYuSUZ2r6w+qERnML+Izyh9+8lCJxd36VSCSCZWWO+OG4x/OXzXL7Aog zjZKiaBW6rRWubDnI3stTmu3Yi9vPSM90HkF6O/X764AtrD5tyejGcUjAnje1lcZzP 1sj3cUssy3M3vBjIV8I4aUvrbtIWaJOShY8eHUszNfw30xahyD0xywO62ju6+x6uSH zrAp6KgEAZTxxYo1NNSK3K+qKSw4fzaP/LI0VRLaANhprajXvX7mmdpSxCpqFtBJBf FGa+K1JFoICW37lKAg0YRucFNMhDFZyx4qryb7IhQWDRyr/dCtZFTw2grjeuXhffjH iDDb869c0QOQg== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-10.privateemail.com (Postfix) with ESMTPA; Sat, 20 Apr 2024 09:49:36 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id a41b26ce; Sat, 20 Apr 2024 13:49:34 +0000 (UTC) From: Abhishek Cherath Date: Sat, 20 Apr 2024 09:44:03 -0400 Message-ID: <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to bubblewrap gtk sandbox. * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply system locale to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f --- Thanks @LillianaPrikler@gmail.com for all the help :D, I thought about this a bit more and looked at all the utility stuff in BubblewrapLauncher.cpp. I realized that the correct thing to do here is to simply mount the LIBVA_DRIVERS_PATH paths. I'm wondering if this shouldn't be part of the gstreamer default mounts even upstream? along with the LOCPATH mount. .../patches/webkitgtk-adjust-bubblewrap-paths.patch | 13 ++++++++++++- gnu/packages/webkit.scm | 8 +++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..4195aca388 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,13 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share system locale directory and paths in LOCPATH, GUIX_LOCPATH, +and LIBVA_DRIVERS_PATH This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp index f0a5e4b05dff..88b11f806968 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -854,27 +854,21 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +35,15 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // This is needed for system locales ++ "--ro-bind-try", "@localedir@", "@localedir@", }; ++ // User specified locale directory ++ bindPathVar(sandboxArgs, "LOCPATH"); ++ // Locales in case of foreign system. ++ bindPathVar(sandboxArgs, "GUIX_LOCPATH"); ++ // Drivers for video hardware acceleration (va-api) ++ bindPathVar(sandboxArgs, "LIBVA_DRIVERS_PATH"); if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..d057bb3aa2 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,12 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0 From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v4] gnu: webkitgtk: Add access to system locale path and to paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video. Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 15:01:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath , 70446@debbugs.gnu.org Cc: Vivien Kraus , Maxim Cournoyer Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.17136252202248 (code B ref 70446); Sat, 20 Apr 2024 15:01:01 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 15:00:20 +0000 Received: from localhost ([127.0.0.1]:36716 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryCCR-0000aC-VY for submit@debbugs.gnu.org; Sat, 20 Apr 2024 11:00:20 -0400 Received: from mail-ej1-x642.google.com ([2a00:1450:4864:20::642]:57401) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryCCP-0000Yd-DE for 70446@debbugs.gnu.org; Sat, 20 Apr 2024 11:00:18 -0400 Received: by mail-ej1-x642.google.com with SMTP id a640c23a62f3a-a519e1b0e2dso332579166b.2 for <70446@debbugs.gnu.org>; Sat, 20 Apr 2024 08:00:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713625196; x=1714229996; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=VL/QEgkCAsaJMKaR2x7pKP7A5FSSL7lrj0KXJLmwVW8=; b=MIfE7BhEPUnpz3FJHAk34Wey/fkthiMVUekSaqyd42U8MkeOZ6K5bwweK2/UGDT9tS Vl8i/+ZLD7WpC/RR6oGk1x4/OzIfu2u999/D5fThw2lOfeL3fooppUYFn8hPKhEkPoDJ KwuvG3HGsFFOsjhs8RBrhayZjFSPneQMAlCsZjKNrpa5XvJ/JMt02Lb2LZPnOQQXCTKq lBkEmADEjm4g1qGU+MoD4U74t/KQGtyTb7gtS8LhV77zWHpUaSVW1azbAWC9Czemk1Dn 8DRc180sCKbBc84ArUEpBEqHA+g3k9ZiTwGCZ3V9gjLvySQu98ngomHZ93GeFqj5eXqx IlOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713625196; x=1714229996; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=VL/QEgkCAsaJMKaR2x7pKP7A5FSSL7lrj0KXJLmwVW8=; b=YSpaJD3Pfh4DirgJxsBR5VxPMB1yfdg2Zc8pmpg0di2hhER4mZR13+KF6AhZoNoFzx ykirrlFjsiyn2IGQE2yMVYD3enM6KFe1qgXozh7vQgg3JSzvd8z4eF5Vf8Z69W62smRR IiF+lRbuWVd2EYJPzcK8BNnNQ6DNRLjsZK1/y/oMhmyaCZzznVsQs0RJ16wTjYBHxESJ gi/TMpl3xkoQxoDwmLfj9lV2jkntmFvd4pZmnpljXk8H0t4fzjxsPgGUFii0AJ8gqjJE NF7zzYyqsh/0fJ6TTCJKkkZ280vBLqeIHUCPySAszMxnFuwzAs3WNhRG77drqlGdJpT5 fnjA== X-Forwarded-Encrypted: i=1; AJvYcCWPdiYtPZSC69CFruBuras7KZFsDPO0lwK2Xbd5cfbmiV5Mi38c0cbjBEX75OC+lvOhpJ5bn4kWNAk5AJtP6haPqtkGZIA= X-Gm-Message-State: AOJu0YwHYDNONopVhp7Ed7+dkpigUODG2bb9zarSykUgHVPTozdM67ok u47+peNK00Beq4SvudbA8NlVEf/TDHu6Un5lEXJJN6ixEafgAMU2 X-Google-Smtp-Source: AGHT+IG+QDzSOVHwDdr6E2MvFR4vdYQs1KSIZxEYGWK5fT8E3zSaJFC1ZJGDkJDbGRY4bavA7whoLA== X-Received: by 2002:a17:907:971a:b0:a55:a350:c55a with SMTP id jg26-20020a170907971a00b00a55a350c55amr421911ejc.10.1713625196398; Sat, 20 Apr 2024 07:59:56 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id d8-20020a170906344800b00a4e2dc1283asm3484836ejb.50.2024.04.20.07.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Apr 2024 07:59:55 -0700 (PDT) Message-ID: <1786c04febdba0477a2ec6270854a4ce7e4303f0.camel@gmail.com> From: Liliana Marie Prikler Date: Sat, 20 Apr 2024 16:59:53 +0200 In-Reply-To: <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Samstag, dem 20.04.2024 um 09:44 -0400 schrieb Abhishek Cherath: > * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: > Add @dridir@ and @localedir@ to bubblewrap gtk sandbox > Add paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH > to bubblewrap gtk sandbox. >=20 > * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the > 'configure-bubblewrap-store-directory' phase, also supply system > locale to webkitgtk-adjust-bubblewrap-paths.patch template. >=20 > Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f > --- > Thanks [liliana.prikler@gmail.com]=C2=A0for all the help :D, I thought > about this a bit more and looked at all the utility stuff in > BubblewrapLauncher.cpp. I realized that the correct thing to do here > is to simply mount the LIBVA_DRIVERS_PATH paths. I'm wondering if > this shouldn't be part of the gstreamer default mounts even upstream? > along with the LOCPATH mount. This patch LGTM. I think submitting it upstream sans GUIX_LOCPATH would be a great idea =E2=80=93 that way, we'd have fewer things to patch. Is @localedir@ still needed with the bindPathVar in place? Otherwise, as already said, LGTM, and I'll look into forwarding it to/cherry- picking it from gnome-team once I got new Webkit over there (still need to wait for CI on that). Cheers From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v4] gnu: webkitgtk: Add access to system locale path and to paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 15:32:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171362710216365 (code B ref 70446); Sat, 20 Apr 2024 15:32:04 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 15:31:42 +0000 Received: from localhost ([127.0.0.1]:36846 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryCgn-0004Ft-Ci for submit@debbugs.gnu.org; Sat, 20 Apr 2024 11:31:41 -0400 Received: from mta-13-4.privateemail.com ([198.54.127.109]:9799) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryCgk-0004Fn-OF for 70446@debbugs.gnu.org; Sat, 20 Apr 2024 11:31:39 -0400 Received: from mta-13.privateemail.com (localhost [127.0.0.1]) by mta-13.privateemail.com (Postfix) with ESMTP id 848D018000A2; Sat, 20 Apr 2024 11:31:17 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713627077; bh=XrAC7dzrG4G0sQO/e60fHeGbufTMXf1oy43yL/ElYdU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=lKNpeaU84oYgpsznq95+lt5RShvOi/X0nAFdx14t4VNQVgZCV/2gQmpkeGFVPmAsm thAebonla6l1Lecv4A/nXLeUSAB3lFkeE7uSiiyq5MhtyG0Q3/DIZSkgoJVYyQSnSR KbU8UVEAeK1b1qQR9bhdFy5bQATI+8rbNZ7S3BKxGOtq86d5bhwVJqGGDa7gQdU09N ggTCP2kQ/5OPznVjiGaky6sek9FHMXMvMS88e+lT1kO4t5HlkcV6KGXQPvH5/69/yq SvEO4I5RNTUcEbQNjNjl1Ha87pBVyx4uAO1GGKj8SQM5rQyAjDcr2NgbNZgqjrL0TA mL2AePJGVJv6w== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-13.privateemail.com (Postfix) with ESMTPA; Sat, 20 Apr 2024 11:31:12 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id cac5eba7; Sat, 20 Apr 2024 15:31:11 +0000 (UTC) From: Abhishek Cherath In-Reply-To: <1786c04febdba0477a2ec6270854a4ce7e4303f0.camel@gmail.com> (Liliana Marie Prikler's message of "Sat, 20 Apr 2024 16:59:53 +0200") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> <1786c04febdba0477a2ec6270854a4ce7e4303f0.camel@gmail.com> Date: Sat, 20 Apr 2024 11:31:10 -0400 Message-ID: <87frvg6og1.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, >> Thanks [liliana.prikler@gmail.com]=C2=A0for all the help :D, I thought >> about this a bit more and looked at all the utility stuff in >> BubblewrapLauncher.cpp. I realized that the correct thing to do here >> is to simply mount the LIBVA_DRIVERS_PATH paths. I'm wondering if >> this shouldn't be part of the gstreamer default mounts even upstream? >> along with the LOCPATH mount. > This patch LGTM. I think submitting it upstream sans GUIX_LOCPATH > would be a great idea =E2=80=93 that way, we'd have fewer things to patch. Sweet! I'll get on that sometime next month. > Is @localedir@ still needed with the bindPathVar in place? Otherwise, > as already said, LGTM, and I'll look into forwarding it to/cherry- > picking it from gnome-team once I got new Webkit over there (still need > to wait for CI on that). Yes, it's still needed since Guix system doesn't generally set LOCPATH (or GUIX_LOCPATH.) Thanks again for the review and suggestions! Yours sincerely, Abhishek Cherath. From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 21:40:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: Vivien Kraus , Liliana Marie Prikler , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171364919716428 (code B ref 70446); Sat, 20 Apr 2024 21:40:03 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 21:39:57 +0000 Received: from localhost ([127.0.0.1]:38337 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryIRA-0004Gs-H9 for submit@debbugs.gnu.org; Sat, 20 Apr 2024 17:39:57 -0400 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]:48326) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryIR8-0004Fc-47 for 70446@debbugs.gnu.org; Sat, 20 Apr 2024 17:39:55 -0400 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-69b10ead8f5so16844156d6.0 for <70446@debbugs.gnu.org>; Sat, 20 Apr 2024 14:39:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713649173; x=1714253973; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=RoxyDhdv2WrNdAyBq8RxbYaHeOERnJgEHGeetuI1dKI=; b=itRuwFxubu4icJ6EnwEdJonHJnANzi7kYSxT0O0gjU0o6/CRODo283Qxxa3MKt452j OBo9MYB2pm7Db5rKywqh87hxYIyarm4//jaGL+dJeO2pdtmYjTpWBXues3VBajFE5gE5 1gwix8stUuApfjRydWxdYlyeu9K90uTrWAybjBS8/Yr5aj76cHSQmh08ShV5BDDURfGR DR3uY7wMjyd111Q68iO0yvwZAh1j2akMi/zz0+fc/t6sv6DMb+COE+XAtRNQiZw39TNr iZfTxUyscK6xUGRjWfrTRVFzhqvLfazlnbTXxd4KiycTxj9lVa3zUD+jIRPizLmdbSty /2Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713649173; x=1714253973; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=RoxyDhdv2WrNdAyBq8RxbYaHeOERnJgEHGeetuI1dKI=; b=pqvd+RmLmQ8yC7nEoBoiyttAcZMTFrh5w/kffPrxlyhEwc7IVAjyExp7yikW3k5g8V 1ITs4I5rnMUEkS+1pJjo3Z9Pmv9ZyVc7+E7bQf3+howQIYSHwO6sHRfp8x+gT/3PSM95 KAC6y1HzVTSPPRJ5hwrQvq7jvxuJAp5LkqDDAxW5jLxuM0Rg0kupxczHNSDP96yAa5Fk ko3l/OFmGNN9R/7J4CRMeR+H2gLCrz2p2G4TRc/2oqhGWCYU+uVG50Jg47zhtODh1XoC mrDX3a0C6jHlE9juSIJx6/gWpIrgUafGIy0eih3eds2z+DSkHba3EwLNLz8a5n2GogD/ tYDQ== X-Forwarded-Encrypted: i=1; AJvYcCUmruwnZiZtCh2kNr+PQBEgBmJw/zMQoiID9fDy9Z5PzVOoTKnOEPLatWTB70jZnhn4GmM6k92piXSYZcOVOw3Cyv5/W3s= X-Gm-Message-State: AOJu0YxKNH8OIvgPqGwOc36sVT0V7xTEewJWpmrIesyvaYlUkmxJlCvL bfs7hpg/odfV5yBZ+dL+I2FJnMmXy0GjvVTQ89N5a8Bran5RN6jk X-Google-Smtp-Source: AGHT+IGu4+E8Br+KbUWp9kHngVInELOcS6u/RaZ9M8Crak3ciAdlnBwxxvkCEBA3TMQwl4L/4cStIQ== X-Received: by 2002:a05:6214:16cd:b0:699:d07:593f with SMTP id d13-20020a05621416cd00b006990d07593fmr5095503qvz.4.1713649173504; Sat, 20 Apr 2024 14:39:33 -0700 (PDT) Received: from hurd (dsl-10-134-76.b2b2c.ca. [72.10.134.76]) by smtp.gmail.com with ESMTPSA id w17-20020a056214013100b0069b57111a98sm1903008qvs.79.2024.04.20.14.39.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Apr 2024 14:39:33 -0700 (PDT) From: Maxim Cournoyer In-Reply-To: <87o7a47qbp.fsf@quic.us> (Abhishek Cherath's message of "Fri, 19 Apr 2024 21:52:58 -0400") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> <871q70993j.fsf@quic.us> <87o7a47qbp.fsf@quic.us> Date: Sat, 20 Apr 2024 17:39:32 -0400 Message-ID: <87edaziui3.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Abhishek, Abhishek Cherath writes: > Hello, > > Liliana Marie Prikler writes: > >>> Initially, I only had the system paths below those. I added these >>> so that people could have hardware accel by only installing the >>> required drivers in their local profiles (as recommended in 69971, >>> unless I entirely misunderstood) >> Ah, yes, Maxim did mention this, but yeah, non-static paths are NG >> (nogood) here. There really is no reason that those paths ought to >> exist or be useful in a container, for example. >> > > Gotcha. Sorry for the confusion; I agree with Liliana that honoring GUIX_LOCPATH is better than hard-coding any specific file name. -- Thanks, Maxim From unknown Sat Jun 14 19:45:12 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v4] gnu: webkitgtk: Add access to system locale path and to paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 21:44:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Abhishek Cherath Cc: Vivien Kraus , Liliana Marie Prikler , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171364940017935 (code B ref 70446); Sat, 20 Apr 2024 21:44:04 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 21:43:20 +0000 Received: from localhost ([127.0.0.1]:38353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryIUQ-0004f3-S1 for submit@debbugs.gnu.org; Sat, 20 Apr 2024 17:43:19 -0400 Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]:42116) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ryIUO-0004dm-Ff for 70446@debbugs.gnu.org; Sat, 20 Apr 2024 17:43:16 -0400 Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-436f1a770bdso29033681cf.0 for <70446@debbugs.gnu.org>; Sat, 20 Apr 2024 14:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713649376; x=1714254176; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PBntfCOxrJIHuuOCe3/uk1k0ExSIt9o8BQbJyRz/g+Q=; b=Z2IRCsdM17EWt7WQLs58GJCAVNrFLPfv5lkTqMgvklnYXiUja8xzOWPr5CS/zHnd+i d/RlfZJ0gBgM+dQ04+inGDWSUnJJ1fNrhxHuyPFVENGYw06OgrYzdBjkAlCOwylMz7zQ cGGBS79fy7RXXiOc0WZIr1eBJ1sAwCBGK1iFm/XPWGeSmIiebSHdSg/VbVkAALMk6e7C ZSuRU/lDwTKkCLegB8Ant4gplKOcJtiA0ktX9ABLPkmfEgxacaw2RIUupbApWjbMKvhX Lek6RFFX502uLLmH7bzP5oHoOz59i/CJup60DsHGrcUsJXfBTrSFiBJzRIRNc3PF11vA mvYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713649376; x=1714254176; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=PBntfCOxrJIHuuOCe3/uk1k0ExSIt9o8BQbJyRz/g+Q=; b=bVM7IiwPomtUKtYmf3cnBDl6cuWZ8gQyc1nNPPtpnS/mRbC3nDl4oCX2Ko2/hNYwgK YVKCCGURpvvA5P1F7QM77RFH0DA3a+NlqLJZ+hoFcpUNyFBimE1JubFAj4fQBImixDwi LNLq29IDWNADyL4NJy6ZKkJ8QA+w6zooWTnXtzPMhzukCZbja7AxuwsFDAFL1NqOUHH4 vZyJT2ItOfnea/cwdWLKI3j1SWWopb4Xr6TjM/Xry2bkTxBgsofjtNfTDJiYfJXkio87 2+HdtyglNz+3AHUYkV8juHoMn7E9O/EG9MWUFHLcoWSRXdX56mSPJ8WMF6qRSv4ZD3q+ 1CdA== X-Forwarded-Encrypted: i=1; AJvYcCVMl8KZEDdAIju6GHKaGonsFbl5nbLLlRP74/v8jQTcoWLXZTfH7CpWLeii4UIy3BFg3BgLJ1W0uRSI4SfMsdOWGufyE0Y= X-Gm-Message-State: AOJu0YyoWwkyU4mQElKfWkHE60ap0WFXhVS8zt9dCKENxk/SW4U2IDLs bVfDShbKQLVpCpIf4EJaLTmk8xo/WdD6sE4LAhmbTh2hnyjwHgS9LRIDiA== X-Google-Smtp-Source: AGHT+IHWOKrxhH52P3J26LDAkhKNSKYL2AaXD7JTTagHwBw7oY8mxEn0YbhU/twADJ2W31U3kkmPcw== X-Received: by 2002:a05:622a:13d2:b0:435:9c32:ae57 with SMTP id p18-20020a05622a13d200b004359c32ae57mr10553465qtk.26.1713649375789; Sat, 20 Apr 2024 14:42:55 -0700 (PDT) Received: from hurd (dsl-10-134-76.b2b2c.ca. [72.10.134.76]) by smtp.gmail.com with ESMTPSA id k3-20020ac81403000000b00434b1f4e371sm2816771qtj.13.2024.04.20.14.42.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Apr 2024 14:42:55 -0700 (PDT) From: Maxim Cournoyer In-Reply-To: <87frvg6og1.fsf@quic.us> (Abhishek Cherath's message of "Sat, 20 Apr 2024 11:31:10 -0400") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> <1786c04febdba0477a2ec6270854a4ce7e4303f0.camel@gmail.com> <87frvg6og1.fsf@quic.us> Date: Sat, 20 Apr 2024 17:42:54 -0400 Message-ID: <87a5lniuch.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Abhishek Cherath writes: > Hello, > >>> Thanks [liliana.prikler@gmail.com]=C2=A0for all the help :D, I thought >>> about this a bit more and looked at all the utility stuff in >>> BubblewrapLauncher.cpp. I realized that the correct thing to do here >>> is to simply mount the LIBVA_DRIVERS_PATH paths. I'm wondering if >>> this shouldn't be part of the gstreamer default mounts even upstream? >>> along with the LOCPATH mount. >> This patch LGTM. I think submitting it upstream sans GUIX_LOCPATH >> would be a great idea =E2=80=93 that way, we'd have fewer things to patc= h. > > Sweet! I'll get on that sometime next month. > >> Is @localedir@ still needed with the bindPathVar in place? Otherwise, >> as already said, LGTM, and I'll look into forwarding it to/cherry- >> picking it from gnome-team once I got new Webkit over there (still need >> to wait for CI on that). > > Yes, it's still needed since Guix system doesn't generally set LOCPATH > (or GUIX_LOCPATH.) > > Thanks again for the review and suggestions! I just finished catching up with the thread. Great to see the review back and forth converging to an increasingly fancier solution :-). --=20 Thanks, Maxim From unknown Sat Jun 14 19:45:12 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Abhishek Cherath Subject: bug#70446: closed (Re: bug#70446: [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively.) Message-ID: References: <87h68eb8ms.fsf_-_@gmail.com> <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> X-Gnu-PR-Message: they-closed 70446 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 70446@debbugs.gnu.org Date: Mon, 11 Nov 2024 06:15:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1731305702-20662-1" This is a multi-part message in MIME format... ------------=_1731305702-20662-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #70446: [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, a= nd user profile access to gtk sandbox in order to silence gtk locale warnin= gs and enable hardware accelerated video, respectively. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 70446@debbugs.gnu.org. --=20 70446: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D70446 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1731305702-20662-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 70446-done) by debbugs.gnu.org; 11 Nov 2024 06:14:42 +0000 Received: from localhost ([127.0.0.1]:57568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tANhB-0005MW-QF for submit@debbugs.gnu.org; Mon, 11 Nov 2024 01:14:42 -0500 Received: from mail-pj1-f51.google.com ([209.85.216.51]:56794) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tANh9-0005MO-8Z for 70446-done@debbugs.gnu.org; Mon, 11 Nov 2024 01:14:39 -0500 Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-2e2bd347124so3176531a91.1 for <70446-done@debbugs.gnu.org>; Sun, 10 Nov 2024 22:14:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731305618; x=1731910418; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=os8ewbSFGZSw55S3Po/ZSO8hKXvA7LQWuhWb/KZYI28=; b=X9pusy8VmhHHuH153+xz/5pFPsov2Sq9dpS/URkn8T11gjnX5wQC7fCWUQAsg6QFgB n1W1+fuHLs4Csr047OMgoYlCyDTKFXTSDCY45UKe0JU1uJnRiv4yUxRg4dL18BrngX8U gh3WLmnh6ZfQbORFLbBJKW/jU0JcLv6nvFTIU7lMEPHLVZqS7VWfbLax/206CTD+Bd9M EDgNIum7csiBebWXfyzFvTVl4BqLNxL8/f1U5q82zKvK6q6R5o5ipMPeiR54NZDmRTW6 OZeF9JhU64ImRIzhKXCX6Ok+cbx4ZsoTCISim3mY42/5ZGTgfoqZdi7JCGXqXLPVm7Em 6Dyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731305618; x=1731910418; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=os8ewbSFGZSw55S3Po/ZSO8hKXvA7LQWuhWb/KZYI28=; b=bhHBqFAnDKF7dOctqv+FkjHmQm5DQ4TMvhg1OaJ31Sodl5vrEbzb3F/Kc5vFxej4iJ nK5zhc2Oa9gnaZb+MFKSNqoZDApp4SGIpXFWSl4MnPRlb2mc+vVGGmSwtt8ETyuGpgfi Hgg/4S10zkw5dzI+vytj9KzBWXov7/4yE4jG2PEWKzLdNqAv1lXE00MF0XGnHtM9aHYd E1x0aRyOI0oyDgqbf3vkdipAG83ixk4XBHJZHYd4gTGfR3bx7CpguihBxkxgDEs/ytEo BVNxWg6tmCY8buq1cods+WJvmXDlOAQYZKWcyXgk+BRXSP8dFYF6ECmv4gXDhUI0YdEZ oq0Q== X-Forwarded-Encrypted: i=1; AJvYcCW7v6MJF+VQT7w6xy7r9LY+f8I2Km0cq6WRlq95rBAWCTI3DTYBaLTpX96ETkAePTo5v9o00X9eMaN4@debbugs.gnu.org X-Gm-Message-State: AOJu0YzPrHmZ9JGnD/33vhHZWvUZRUlxwI7m1sKFqzSxFftjhT2u1nh5 ZfCuE+IxI4qm43bvcfOED0e0s3VrTKCy3AB94X1OzETaIeqtBw12c2DVgA== X-Google-Smtp-Source: AGHT+IHYfgtJWhjb0uqPDmpWEK093TdpY+y24czIWvJmaHvcpqCHBtp4saGgCOt2g7FJR3rrFHFW+w== X-Received: by 2002:a17:90b:1c02:b0:2e5:5ab5:ba4b with SMTP id 98e67ed59e1d1-2e9b17425ffmr18142896a91.22.1731305617809; Sun, 10 Nov 2024 22:13:37 -0800 (PST) Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e99a5fed81sm9807298a91.36.2024.11.10.22.13.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 10 Nov 2024 22:13:37 -0800 (PST) From: Maxim Cournoyer To: Abhishek Cherath Subject: Re: bug#70446: [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. In-Reply-To: <87a5lniuch.fsf@gmail.com> (Maxim Cournoyer's message of "Sat, 20 Apr 2024 17:42:54 -0400") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <337ee6c76e8326b875045f6c8bf54304ff017311.1713620642.git.abhi@quic.us> <1786c04febdba0477a2ec6270854a4ce7e4303f0.camel@gmail.com> <87frvg6og1.fsf@quic.us> <87a5lniuch.fsf@gmail.com> Date: Mon, 11 Nov 2024 15:13:31 +0900 Message-ID: <87h68eb8ms.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70446-done Cc: Vivien Kraus , Liliana Marie Prikler , 70446-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, This is finally pushed to the gnome-team branch, as commit e7d08eeba9. -- Thanks, Maxim ------------=_1731305702-20662-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Apr 2024 02:59:07 +0000 Received: from localhost ([127.0.0.1]:49595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzO-0005TU-Mx for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:07 -0400 Received: from lists.gnu.org ([2001:470:142::17]:45844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxHzK-0005RZ-90 for submit@debbugs.gnu.org; Wed, 17 Apr 2024 22:59:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHz1-0003SR-4N for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:43 -0400 Received: from mta-15-3.privateemail.com ([198.54.122.111]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxHyz-0007fi-3I for guix-patches@gnu.org; Wed, 17 Apr 2024 22:58:42 -0400 Received: from mta-15.privateemail.com (localhost [127.0.0.1]) by mta-15.privateemail.com (Postfix) with ESMTP id 99F7618000B1; Wed, 17 Apr 2024 22:58:32 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713409112; bh=mbkBT6dHBiEk2Ct3BwIXT62NGWjgJFfTN54E1mfe6+E=; h=From:To:Cc:Subject:Date:From; b=JwKSA5FjcuuO+OhbniVoDXVhxKsigGDD/jcQdHeD6eyKuUqObbkzIq+s1TrkF61QY q+Szrt5B4mSx07Nuh/ZWOguKrUkzE3CwBqBzkoV4vw4WEw2ilRox+6qeGp4vKML/oo HsFUZRhUjThPvx1U/MQ1rGUH7ydO4kl0LxDG6ctI0elp8mZwKVDN0SCJ8Yusq6+zm2 u75BfvLteJBQmxrrozGH4OjIuN2jcVp7ZKz0vIPal89HdyRmSJcF39d63AESH+Un7B zHYFKtlUgHo0wYsS37Xsii8vp77CLgeS4NO4tIZlf3cMfl3v5/dkzQhy6tFEceYYPS BpjyTMh0hqaRQ== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-15.privateemail.com (Postfix) with ESMTPA; Wed, 17 Apr 2024 22:58:30 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 6431f5a0; Thu, 18 Apr 2024 02:58:28 +0000 (UTC) From: Abhishek Cherath To: guix-patches@gnu.org Subject: [PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Date: Wed, 17 Apr 2024 22:52:04 -0400 Message-ID: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbugs-Cc: Liliana Marie Prikler , Maxim Cournoyer , Vivien Kraus Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP Received-SPF: pass client-ip=198.54.122.111; envelope-from=abhi@quic.us; helo=MTA-15-3.privateemail.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Abhishek Cherath X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox Add ~/.guix-profile to bubblewrap gtk sandbox * gnu/packages/webkit.scm (webkitgtk)[arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply locale and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch template. --- .../webkitgtk-adjust-bubblewrap-paths.patch | 28 +++++++++++++++++-- gnu/packages/webkit.scm | 11 +++++++- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..2b6f54c912 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -1,11 +1,21 @@ Share /gnu/store in the BubbleWrap container and remove FHS mounts. +Also share user profile directory. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index f0a5e4b05dff..88b11f806968 100644 +index 99395d6..3604730 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -765,1 +765,1 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); + + const char* runDir = g_get_user_runtime_dir(); ++ const char* homeDir = g_get_home_dir(); ++ char* profileDir = g_strconcat(homeDir, "/.guix-profile", NULL); + Vector sandboxArgs = { + "--die-with-parent", + "--unshare-uts", +@@ -786,28 +788,24 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +43,18 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // Bind mount the guix profile directory ++ "--ro-bind", profileDir, profileDir, ++ ++ // This is needed for locales if not in profile ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) ++ // via /lib/dri if not in profile ++ "--ro-bind-try", "@dridir@", "@dridir@", }; ++ free(profileDir); - if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { + if (enableDebugPermissions()) { + const char* dataDir = g_get_user_data_dir(); diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..a0d04f31d3 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2022, 2023 Efraim Flashner +;;; Copyright © 2024 Abhishek Cherath ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@dridir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@localedir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase. base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282 -- 2.41.0 ------------=_1731305702-20662-1--