GNU bug report logs - #70446
[PATCH gnome-team] gnu: webkitgtk: Add system locale, dri access, and user profile access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively.

Previous Next

Full log

Message #35 received at 70446 <at> debbugs.gnu.org (full text, mbox):

From: Abhishek Cherath <abhi <at> quic.us>
To: 70446 <at> debbugs.gnu.org
Cc: Abhishek Cherath <abhi <at> quic.us>
Subject: [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox
 in order to silence gtk locale warnings and enable hardware accelerated video,
 respectively. Adjust bubblewrap wrapper to add user profile locale and dri
 directories.
Date: Fri, 19 Apr 2024 17:55:11 -0400

* gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch:
Add @dridir@ and @localedir@ to bubblewrap gtk sandbox
Add ~/.guix-profile/lib/dri and ~/.guix-profile/share/locale
to bubblewrap gtk sandbox.

* gnu/packages/webkit.scm (webkitgtk)[arguments]: In the
'configure-bubblewrap-store-directory' phase, also supply locale
and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch
template.

Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f
---
Only shares user profile locale and dri folders.

 .../webkitgtk-adjust-bubblewrap-paths.patch   | 33 +++++++++++++++++--
 gnu/packages/webkit.scm                       | 11 ++++++-
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
index 18ddb645ad..0cf1498b92 100644
--- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
+++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
@@ -1,11 +1,22 @@
 Share /gnu/store in the BubbleWrap container and remove FHS mounts.
+Also share locale and dri directories (user and system.)
 
 This is a Guix-specific patch not meant to be upstreamed.
 diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-index f0a5e4b05dff..88b11f806968 100644
+index 99395d6..3604730 100644
 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
 +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-@@ -854,27 +854,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
+@@ -765,6 +765,9 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
+         return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error));
+ 
+     const char* runDir = g_get_user_runtime_dir();
++    const char* homeDir = g_get_home_dir();
++    char* userDriDir = g_strconcat(homeDir, "/.guix-profile/lib/dri", NULL);
++    char* userLocaleDir = g_strconcat(homeDir, "/.guix-profile/share/locale", NULL);
+     Vector<CString> sandboxArgs = {
+         "--die-with-parent",
+         "--unshare-uts",
+@@ -786,28 +788,28 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
          "--ro-bind", "/sys/dev", "/sys/dev",
          "--ro-bind", "/sys/devices", "/sys/devices",
  
@@ -33,6 +44,22 @@ index f0a5e4b05dff..88b11f806968 100644
 +
 +        // Bind mount the store inside the WebKitGTK sandbox.
 +        "--ro-bind", "@storedir@", "@storedir@",
++
++        // Bind mount the locales in profile
++        "--ro-bind-try", userLocaleDir, userLocaleDir,
++
++        // Bind mount the dri dir in profile
++        "--ro-bind-try", userDriDir, userDriDir,
++
++        // This is needed for locales if not in profile
++        "--ro-bind-try", "@localedir@", "@localedir@",
++
++        // This is needed for video hardware acceleration (va-api)
++        // via /lib/dri if not in profile
++        "--ro-bind-try", "@dridir@", "@dridir@",
      };
++    free(userLocaleDir);
++    free(userDriDir);
  
-     if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) {
+     if (enableDebugPermissions()) {
+         const char* dataDir = g_get_user_data_dir();
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index bf24a65e83..a0d04f31d3 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2019 Marius Bakke <mbakke <at> fastmail.com>
 ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
 ;;; Copyright © 2022, 2023 Efraim Flashner <efraim <at> flashner.co.il>
+;;; Copyright © 2024 Abhishek Cherath <abhi <at> quic.us>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -190,7 +191,15 @@ (define-public webkitgtk
               (let ((store-directory (%store-directory)))
                 (substitute*
                     "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
-                  (("@storedir@") store-directory)))))
+                  (("@storedir@") store-directory)
+                  ;; this adds access to drivers for va-api
+                  ;; for hardware accelerated video
+                  (("@dridir@") "/run/current-system/profile/lib/dri")
+                  ;; this silences gtk locale errors
+                  ;; Unfortunately, simply bind mounting /run/current-system
+                  ;; does not work since it leads to weird issues
+                  ;; with symlinks that confuse bubblewrap.
+                  (("@localedir@") "/run/current-system/locale")))))
           (add-after 'unpack 'do-not-disable-new-dtags
             ;; Ensure the linker uses new dynamic tags as this is what Guix
             ;; uses and validates in the validate-runpath phase.

base-commit: b05bb6608c7f25ddce6b563194ba5a3007009282
-- 
2.41.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.