gnu: webkitgtk: Expose more paths to bubblewrap sandbox.

Provide access to system locale path and to paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to the Bubblewrap sandbox in order to silence GTK locale warnings and enable hardware accelerated video. * gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch: Add @dridir@ and @localedir@ to bubblewrap gtk sandbox. Add paths from GUIX_LOCPATH, LOCPATH, and LIBVA_DRIVERS_PATH to bubblewrap gtk sandbox. * gnu/packages/webkit.scm (webkitgtk) [arguments]: In the 'configure-bubblewrap-store-directory' phase, also supply system locale to webkitgtk-adjust-bubblewrap-paths.patch template. Change-Id: I6be0c473ebaa6c04ebb00a2b4afcae2c89396e4f Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2026-04-29 13:31:16 +02:00 · 2024-04-20 09:44:03 -04:00
parent 5f0c0bc59a
commit 075ff9f60b
2 changed files with 19 additions and 2 deletions
--- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
+++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch
@@ -1,11 +1,13 @@
 Share /gnu/store in the BubbleWrap container and remove FHS mounts.
+Also share system locale directory and paths in LOCPATH, GUIX_LOCPATH,
+and LIBVA_DRIVERS_PATH.

 This is a Guix-specific patch not meant to be upstreamed.
 diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
 index f0a5e4b05dff..88b11f806968 100644
 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
 +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-@@ -854,27 +854,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
+@@ -854,27 +854,21 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
         "--ro-bind", "/sys/dev", "/sys/dev",
         "--ro-bind", "/sys/devices", "/sys/devices",
 
@@ -33,6 +35,15 @@ index f0a5e4b05dff..88b11f806968 100644
 +
 +        // Bind mount the store inside the WebKitGTK sandbox.
 +        "--ro-bind", "@storedir@", "@storedir@",
+
+        // This is needed for system locales.
+        "--ro-bind-try", "@localedir@", "@localedir@",
     };
+    // User specified locale directory.
+    bindPathVar(sandboxArgs, "LOCPATH");
+    // Locales in case of foreign system.
+    bindPathVar(sandboxArgs, "GUIX_LOCPATH");
+    // Drivers for video hardware acceleration (va-api).
+    bindPathVar(sandboxArgs, "LIBVA_DRIVERS_PATH");
 
     if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) {
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2022, 2023 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2024 Abhishek Cherath <abhi@quic.us>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -191,7 +192,12 @@ engine that uses Wayland for graphics output.")
              (let ((store-directory (%store-directory)))
                (substitute*
                    "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
-                  (("@storedir@") store-directory)))))
+                  (("@storedir@") store-directory)
+                  ;; This silences GTK locale errors.
+                  ;; Unfortunately, simply bind mounting /run/current-system
+                  ;; does not work since it leads to weird issues
+                  ;; with symlinks that confuse bubblewrap.
+                  (("@localedir@") "/run/current-system/locale")))))
          (add-after 'unpack 'do-not-disable-new-dtags
            ;; Ensure the linker uses new dynamic tags as this is what Guix
            ;; uses and validates in the validate-runpath phase.