diff options
author | Jack Hill <jackhill@jackhill.us> | 2020-04-25 22:03:48 -0400 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2020-05-06 22:49:55 +0200 |
commit | a6919866b07e9ed3986abde7ae48d0c69ff3deed (patch) | |
tree | 920fdaee4b9ead2132d7cf78dc60354ad06cc239 /gnu/packages/patches/webkitgtk-share-store.patch | |
parent | 3ed94ed8c2d1d0befc99ef2740b6fb9f717207db (diff) | |
download | guix-a6919866b07e9ed3986abde7ae48d0c69ff3deed.tar.gz |
gnu: webkitgtk: Patch to share store via Bubblewrap.
Fixes <https://bugs.gnu.org/40837>. * gnu/packages/patches/webkitgtk-share-store.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/webkit.scm (webkitgtk)[source](patches): Use it. Co-authored-by: Marius Bakke <mbakke@fastmail.com>
Diffstat (limited to 'gnu/packages/patches/webkitgtk-share-store.patch')
-rw-r--r-- | gnu/packages/patches/webkitgtk-share-store.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/webkitgtk-share-store.patch b/gnu/packages/patches/webkitgtk-share-store.patch new file mode 100644 index 0000000000..053d86fcf4 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-share-store.patch @@ -0,0 +1,19 @@ +Tell bubblewrap to share the store. Required for programs that use the +sandboxing features such as Epiphany. + +See <https://bugs.gnu.org/40837>. +Author: Jack Hill <jackhill@jackhill.us> +--- +diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp ++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +@@ -737,6 +737,9 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + "--ro-bind-try", "/usr/local/share", "/usr/local/share", + "--ro-bind-try", DATADIR, DATADIR, + ++ // Bind mount the store inside the WebKitGTK sandbox. ++ "--ro-bind", "@storedir@", "@storedir@", ++ + // We only grant access to the libdirs webkit is built with and + // guess system libdirs. This will always have some edge cases. + "--ro-bind-try", "/lib", "/lib", |