GNU bug report logs -
#72265
[PATCH 0/1] Fix hardware acceleration support for librewolf
Previous Next
Full log
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
Change-Id: I5aaf590b625dfbacb19b6dc54d7f83f73bea1fda
---
gnu/packages/librewolf.scm | 20 ++++---------------
...librewolf-add-paths-to-rdd-whitelist.patch | 11 ++++++++++
2 files changed, 15 insertions(+), 16 deletions(-)
create mode 100644 gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 3e46477724..b34e29d9db 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -203,7 +203,9 @@ (define librewolf-source
(invoke "make" "all")
(copy-file (string-append "librewolf-" #$version
".source.tar.gz")
- #$output))))))))
+ #$output)))))
+ (patches
+ (search-patches "librewolf-add-paths-to-rdd-whitelist.patch")))))
;; Define the versions of rust needed to build librewolf, trying to match
;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
@@ -573,26 +575,12 @@ (define-public librewolf
;; For U2F and WebAuthn
"eudev")))
- ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
- ;; and must be explicitly given access to files it needs.
- ;; Rather than adding the whole store (as Nix had
- ;; upstream do, see
- ;; <https://github.com/NixOS/nixpkgs/pull/165964> and
- ;; linked upstream patches), we can just follow the
- ;; runpaths of the needed libraries to add everything to
- ;; LD_LIBRARY_PATH. These will then be accessible in the
- ;; RDD sandbox.
- (rdd-whitelist (map (cut string-append <> "/")
- (delete-duplicates (append-map
- runpaths-of-input
- '("mesa"
- "ffmpeg")))))
(gtk-share (string-append (assoc-ref inputs
"gtk+")
"/share")))
(wrap-program (car (find-files lib "^librewolf$"))
`("LD_LIBRARY_PATH" prefix
- (,@libs ,@rdd-whitelist))
+ (,@libs))
`("XDG_DATA_DIRS" prefix
(,gtk-share))
`("MOZ_LEGACY_PROFILES" =
diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
new file mode 100644
index 0000000000..1bee0bddf5
--- /dev/null
+++ b/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
@@ -0,0 +1,11 @@
+--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -920,6 +920,8 @@
+ policy->AddDir(rdonly, "/usr/lib64");
+ policy->AddDir(rdonly, "/run/opengl-driver/lib");
+ policy->AddDir(rdonly, "/nix/store");
++ policy->AddDir(rdonly, "/gnu/store");
++ policy->AddDir(rdonly, "/run/current-system/profile/lib");
+
+ // Bug 1647957: memory reporting.
+ AddMemoryReporting(policy.get(), aPid);
--
Best Regards,
Nikita Domnitskii
This bug report was last modified 126 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.