From 429c8284d232c3f9fbe3dc87a3da323f3a864c03 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 15 Jan 2020 20:26:46 -0500 Subject: gnu: icecat: Fix support for ffmpeg codecs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes . Thanks to Jakub Kądziołka and Amin Bandali for their helpful observations and suggestions. This is a followup to commit 8e5567195f5d29301d571612085b5afdb460619d. * gnu/packages/gnuzilla.scm (icecat)[inputs]: Add shared-mime-info. [arguments]: Add elf and binary I/O modules to #:modules. Add code to the 'fix-ffmpeg-runtime-linker' phase that sets the sandbox read-path whitelist to include libavcodec's RUNPATH, as well as shared-mime-info. --- gnu/packages/gnuzilla.scm | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 62b4390eab..0797cb06b8 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2016 Alex Griffin @@ -756,6 +756,7 @@ from forcing GEXP-PROMISE." ;; and related comments in the 'remove-bundled-libraries' phase. ;; UNBUNDLE-ME! ("nspr" ,nspr) ;; UNBUNDLE-ME! ("nss" ,nss) + ("shared-mime-info" ,shared-mime-info) ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) @@ -882,6 +883,10 @@ from forcing GEXP-PROMISE." (ice-9 match) (srfi srfi-34) (srfi srfi-35) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) ,@%gnu-build-system-modules) #:phases (modify-phases %standard-phases @@ -966,11 +971,31 @@ from forcing GEXP-PROMISE." #t)) (add-after 'link-libxul-with-libraries 'fix-ffmpeg-runtime-linker (lambda* (#:key inputs #:allow-other-keys) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - (string-append (assoc-ref inputs "ffmpeg") "/lib/libavcodec.so"))) - #t)) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec)) + ;; Populate the sandbox read-path whitelist as needed by ffmpeg. + (let* ((mime-info (assoc-ref inputs "shared-mime-info")) + (libavcodec-runpath (call-with-input-file libavcodec + (compose elf-dynamic-info-runpath + elf-dynamic-info + parse-elf + get-bytevector-all))) + (whitelist (cons (string-append mime-info "/share/mime/") + (map (lambda (dir) + (string-append dir "/")) + libavcodec-runpath))) + (whitelist-string (string-join whitelist ",")) + (port (open-file "browser/app/profile/icecat.js" "a"))) + (format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%" + whitelist-string) + (format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%" + whitelist-string) + (close-output-port port)) + #t))) (replace 'bootstrap (lambda _ (invoke "sh" "-c" "autoconf old-configure.in > old-configure") -- cgit v1.2.3