diff options
author | Ian Eure <ian@retrospec.tv> | 2024-10-05 09:19:11 -0700 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2024-10-08 16:34:38 +0900 |
commit | 5eaebebdea06eee6bb273be0a856ca89c144ad49 (patch) | |
tree | 4105519f18eab65e78bbd1e8b2a85b8834bb7323 | |
parent | daaba6ac16e287167d612d5d4660735a7058b507 (diff) | |
download | guix-5eaebebdea06eee6bb273be0a856ca89c144ad49.tar guix-5eaebebdea06eee6bb273be0a856ca89c144ad49.tar.gz |
gnu: librewolf: Revert video acceleration fix.
This patch partly reverts #73429, because that change makes livestreaming
video refuse to play.
* gnu/packages/librewolf.scm (librewolf) [source]: Remove
the librewolf-add-paths-to-rdd-allowlist patch.
[phases] <wrap-program>: Reinstate previous LD_LIBRARY_PATH wrapping.
* gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch: Delete
file.
* gnu/local.mk (dist_patch_DATA): De-register it.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Iaf36c64464cd078538fda677ea4fa7b13e7c110f
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/librewolf.scm | 22 | ||||
-rw-r--r-- | gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch | 11 |
3 files changed, 17 insertions, 17 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9502f24621..05a8716063 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1691,7 +1691,6 @@ dist_patch_DATA = \ %D%/packages/patches/libphonenumber-reproducible-build.patch \ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \ %D%/packages/patches/libquicktime-ffmpeg.patch \ - %D%/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch \ %D%/packages/patches/libsepol-versioned-docbook.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtgvoip-disable-sse2.patch \ diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 32b6d13d54..31de7a7171 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -212,7 +212,7 @@ ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20241003201141") +(define %librewolf-build-id "20241005085731") (define-public librewolf (package @@ -223,9 +223,7 @@ (inherit (make-librewolf-source #:version version #:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2" - #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")) - (patches - (search-patches "librewolf-add-paths-to-rdd-allowlist.patch")))) + #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))) (build-system gnu-build-system) (arguments (list @@ -592,12 +590,26 @@ ;; For U2F and WebAuthn "eudev"))) + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; <https://github.com/NixOS/nixpkgs/pull/165964> and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) (gtk-share (string-append (assoc-ref inputs "gtk+") "/share"))) (wrap-program (car (find-files lib "^librewolf$")) `("LD_LIBRARY_PATH" prefix - ,libs) + (,@libs ,@rdd-whitelist)) `("XDG_DATA_DIRS" prefix (,gtk-share)) `("MOZ_LEGACY_PROFILES" = diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch deleted file mode 100644 index 1bee0bddf5..0000000000 --- a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -920,6 +920,8 @@ - policy->AddDir(rdonly, "/usr/lib64"); - policy->AddDir(rdonly, "/run/opengl-driver/lib"); - policy->AddDir(rdonly, "/nix/store"); -+ policy->AddDir(rdonly, "/gnu/store"); -+ policy->AddDir(rdonly, "/run/current-system/profile/lib"); - - // Bug 1647957: memory reporting. - AddMemoryReporting(policy.get(), aPid); |