From 5eaebebdea06eee6bb273be0a856ca89c144ad49 Mon Sep 17 00:00:00 2001 From: Ian Eure Date: Sat, 5 Oct 2024 09:19:11 -0700 Subject: gnu: librewolf: Revert video acceleration fix. This patch partly reverts #73429, because that change makes livestreaming video refuse to play. * gnu/packages/librewolf.scm (librewolf) [source]: Remove the librewolf-add-paths-to-rdd-allowlist patch. [phases] : Reinstate previous LD_LIBRARY_PATH wrapping. * gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch: Delete file. * gnu/local.mk (dist_patch_DATA): De-register it. Modified-by: Maxim Cournoyer Change-Id: Iaf36c64464cd078538fda677ea4fa7b13e7c110f --- gnu/packages/librewolf.scm | 22 +++++++++++++++++----- .../librewolf-add-paths-to-rdd-allowlist.patch | 11 ----------- 2 files changed, 17 insertions(+), 16 deletions(-) delete mode 100644 gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch (limited to 'gnu/packages') diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 32b6d13d541..31de7a7171f 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -212,7 +212,7 @@ ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20241003201141") +(define %librewolf-build-id "20241005085731") (define-public librewolf (package @@ -223,9 +223,7 @@ (inherit (make-librewolf-source #:version version #:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2" - #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")) - (patches - (search-patches "librewolf-add-paths-to-rdd-allowlist.patch")))) + #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))) (build-system gnu-build-system) (arguments (list @@ -592,12 +590,26 @@ ;; For U2F and WebAuthn "eudev"))) + ;; VA-API is run in the RDD (Remote Data Decoder) sandbox + ;; and must be explicitly given access to files it needs. + ;; Rather than adding the whole store (as Nix had + ;; upstream do, see + ;; and + ;; linked upstream patches), we can just follow the + ;; runpaths of the needed libraries to add everything to + ;; LD_LIBRARY_PATH. These will then be accessible in the + ;; RDD sandbox. + (rdd-whitelist (map (cut string-append <> "/") + (delete-duplicates (append-map + runpaths-of-input + '("mesa" + "ffmpeg"))))) (gtk-share (string-append (assoc-ref inputs "gtk+") "/share"))) (wrap-program (car (find-files lib "^librewolf$")) `("LD_LIBRARY_PATH" prefix - ,libs) + (,@libs ,@rdd-whitelist)) `("XDG_DATA_DIRS" prefix (,gtk-share)) `("MOZ_LEGACY_PROFILES" = diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch deleted file mode 100644 index 1bee0bddf59..00000000000 --- a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -920,6 +920,8 @@ - policy->AddDir(rdonly, "/usr/lib64"); - policy->AddDir(rdonly, "/run/opengl-driver/lib"); - policy->AddDir(rdonly, "/nix/store"); -+ policy->AddDir(rdonly, "/gnu/store"); -+ policy->AddDir(rdonly, "/run/current-system/profile/lib"); - - // Bug 1647957: memory reporting. - AddMemoryReporting(policy.get(), aPid); -- cgit v1.3