summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Prikler <leo.prikler@student.tugraz.at>2020-08-15 01:03:53 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2020-08-16 16:07:47 -0400
commitbc549a276cd9c10202427d220d87f50eb3784d42 (patch)
tree50178a051dfbd95a430440443adee23e1b27b08c /gnu
parentd7d362b7dd2542db105621578656d9fad134953e (diff)
downloadguix-bc549a276cd9c10202427d220d87f50eb3784d42.tar.gz
gnu: webkitgtk: Expose all font locations to the bubblewrap sandbox.
Fixes <https://issues.guix.gnu.org/41174> and <https://issues.guix.gnu.org/42618>.

The webkitgtk library relied on by Epiphany and others uses bubblewrap to
sandbox its process.  This sandbox was only exposing fonts relative to
XDG_DATA_HOME.  Extend it so that it honors font locations specified via
XDG_DATA_DIRS as well, which is what Guix uses.

* gnu/packages/patches/webkitgtk-bind-all-fonts.patch: Add patch.
* gnu/local.mk: Register it.
* gnu/packages/webkit.scm (webkitgtk)[source]<patches>: Use it.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/webkitgtk-bind-all-fonts.patch26
-rw-r--r--gnu/packages/webkit.scm3
3 files changed, 29 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index db0f73d881..cc820c23db 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1639,6 +1639,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch	\
   %D%/packages/patches/weasyprint-library-paths.patch		\
   %D%/packages/patches/webkitgtk-share-store.patch		\
+  %D%/packages/patches/webkitgtk-bind-all-fonts.patch		\
   %D%/packages/patches/websocketpp-fix-for-cmake-3.15.patch	\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
diff --git a/gnu/packages/patches/webkitgtk-bind-all-fonts.patch b/gnu/packages/patches/webkitgtk-bind-all-fonts.patch
new file mode 100644
index 0000000000..3fe9704727
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-bind-all-fonts.patch
@@ -0,0 +1,26 @@
+Add fonts from all XDG_DATA_DIRS, not just XDG_DATA_HOME.
+
+See <http://bugs.gnu.org/41174>.
+Author: Leo Prikler <leo.prikler@student.tugraz.at>
+Index: webkitgtk-2.28.2/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+===================================================================
+--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+@@ -387,6 +387,7 @@ static void bindFonts(Vector<CString>& args)
+     const char* homeDir = g_get_home_dir();
+     const char* dataDir = g_get_user_data_dir();
+     const char* cacheDir = g_get_user_cache_dir();
++    const char* const * dataDirs = g_get_system_data_dirs();
+
+     // Configs can include custom dirs but then we have to parse them...
+     GUniquePtr<char> fontConfig(g_build_filename(configDir, "fontconfig", nullptr));
+@@ -403,6 +404,10 @@ static void bindFonts(Vector<CString>& args)
+     bindIfExists(args, fontHomeConfigDir.get());
+     bindIfExists(args, fontData.get());
+     bindIfExists(args, fontHomeData.get());
++    for (auto dataDir = dataDirs; dataDir != nullptr && *dataDir != nullptr; dataDir++) {
++        GUniquePtr<char> fontDataDir(g_build_filename(*dataDir, "fonts", nullptr));
++        bindIfExists(args, fontDataDir.get());
++    }
+     bindIfExists(args, "/var/cache/fontconfig"); // Used by Debian.
+ }
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 5a517c3b87..80df8560d9 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -129,7 +129,8 @@ engine that uses Wayland for graphics output.")
               (sha256
                (base32
                 "0r4lkk21pny2g4mmsw0ds14m5hhjys1l47gvy59dfgihr7l546c2"))
-              (patches (search-patches "webkitgtk-share-store.patch"))))
+              (patches (search-patches "webkitgtk-share-store.patch"
+                                       "webkitgtk-bind-all-fonts.patch"))))
     (build-system cmake-build-system)
     (outputs '("out" "doc"))
     (arguments