ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 07:26:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: librewolf: Revert video acceleration fix.

Browse source 
This patch partly reverts #73429, because that change makes livestreaming
video refuse to play.

* gnu/packages/librewolf.scm (librewolf) [source]: Remove
the librewolf-add-paths-to-rdd-allowlist patch.
[phases] <wrap-program>: Reinstate previous LD_LIBRARY_PATH wrapping.
* gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch: Delete
file.
* gnu/local.mk (dist_patch_DATA): De-register it.

Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Iaf36c64464cd078538fda677ea4fa7b13e7c110f
This commit is contained in:
Ian Eure 2024-10-05 09:19:11 -07:00 committed by Maxim Cournoyer
parent daaba6ac16
commit 5eaebebdea
No known key found for this signature in database
GPG key ID: 1260E46482E63562
3 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1691,7 +1691,6 @@ dist_patch_DATA = \
%D%/packages/patches/libphonenumber-reproducible-build.patch \
%D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libquicktime-ffmpeg.patch \
%D%/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch \
%D%/packages/patches/libsepol-versioned-docbook.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtgvoip-disable-sse2.patch \

22
gnu/packages/librewolf.scm
View file

@ -212,7 +212,7 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
(define %librewolf-build-id "20241003201141")
(define %librewolf-build-id "20241005085731")
(define-public librewolf
(package
@ -223,9 +223,7 @@ (define-public librewolf
(inherit (make-librewolf-source
#:version version
#:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"
#:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd"))
(patches
(search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
#:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd"))))
(build-system gnu-build-system)
(arguments
(list
@ -592,12 +590,26 @@ (define (runpaths-of-input label)
;; For U2F and WebAuthn
"eudev")))
;; VA-API is run in the RDD (Remote Data Decoder) sandbox
;; and must be explicitly given access to files it needs.
;; Rather than adding the whole store (as Nix had
;; upstream do, see
;; <https://github.com/NixOS/nixpkgs/pull/165964> and
;; linked upstream patches), we can just follow the
;; runpaths of the needed libraries to add everything to
;; LD_LIBRARY_PATH. These will then be accessible in the
;; RDD sandbox.
(rdd-whitelist (map (cut string-append <> "/")
(delete-duplicates (append-map
runpaths-of-input
'("mesa"
"ffmpeg")))))
(gtk-share (string-append (assoc-ref inputs
"gtk+")
"/share")))
(wrap-program (car (find-files lib "^librewolf$"))
`("LD_LIBRARY_PATH" prefix
,libs)
(,@libs ,@rdd-whitelist))
`("XDG_DATA_DIRS" prefix
(,gtk-share))
`("MOZ_LEGACY_PROFILES" =

11
gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch
View file

@ -1,11 +0,0 @@
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -920,6 +920,8 @@
policy->AddDir(rdonly, "/usr/lib64");
policy->AddDir(rdonly, "/run/opengl-driver/lib");
policy->AddDir(rdonly, "/nix/store");
+ policy->AddDir(rdonly, "/gnu/store");
+ policy->AddDir(rdonly, "/run/current-system/profile/lib");
// Bug 1647957: memory reporting.
AddMemoryReporting(policy.get(), aPid);