webkitgtk-60: patch to support pipewire in a bubblewrap sandbox

2023-06-28 11:37:47 -04:00 · 2023-06-28 11:37:47 -04:00 · 0ca1ffb9c8
parent 0dcc282e8a
commit 0ca1ffb9c8
4 changed files with 61 additions and 10 deletions
--- a/5
+++ b/5
@ -182,9 +182,10 @@ f:e1cf1c12ed92637910cf5b565c97070c:recode/.footprint
 f:39680318d83f51fa90fd16fa4ed05154:zathura-pdf-poppler/.signature
 f:13d8d971c19328457beb3c9af2788a94:zathura-pdf-poppler/Pkgfile
 f:3961411333908c5200c5ba74f8240798:zathura-pdf-poppler/.footprint
+f:0b8c32b92dddd063c5fbaff3cec96e44:webkitgtk-60/bwrap-pipewire.patch
 f:95ed2c92dd96132378050eca03da25c6:webkitgtk-60/README
-f:7c40c41b08c60bdec6ebc49380862c06:webkitgtk-60/.signature
-f:e0b10377c58454217994c792d2779862:webkitgtk-60/Pkgfile
+f:f7d3a1539561eb65fd1cba249a3e9abe:webkitgtk-60/.signature
+f:6908464aa024e17c94ec1c545f2ce96c:webkitgtk-60/Pkgfile
 f:faf42d7af308218bfd29fffa29104ded:webkitgtk-60/.footprint
 f:0cc425d03faffdcc793b0af7ec749893:libfreeimage-lite/.signature
 f:c4a660d93a260478a5f4d246be1c260d:libfreeimage-lite/Pkgfile
--- a/webkitgtk-60/.signature
+++ b/webkitgtk-60/.signature
@ -1,5 +1,6 @@
 untrusted comment: verify with /etc/ports/jmq.pub
-RWTTPlFarK9CxKK3l7S7WjE5JXAUwgsmgV8UnWK5NX/lYJSO7+E2EB9zRr+hBoCeYGs2jTR7m9X5blA7lPXeNzOQvMd/2EFfTA8=
-SHA256 (Pkgfile) = ae20d6fb890b1588af11339ca447f75ee7ec30706c305ad20170ef319b90da34
+RWTTPlFarK9CxHb7hk5OmRqGWhEUNZJY9gHtpgsffc7tjgC0DMUoDLckz+1eJKLlNeKW1UU2IiOHoFa296s/lNJNZmWVZXObqAw=
+SHA256 (Pkgfile) = 909a27c96390e9bae47dc468aba78451ba18d95213e9c015619b56981fbb5ae2
 SHA256 (.footprint) = 2ed2899025e2cfa90e14f2747c9c963611b6da7ff372c82642114c6fdaffb461
 SHA256 (webkitgtk-2.41.4.tar.xz) = ad792d4acd4e8536cc0a652fd0303bfef93a7f8718d2b3d72db83e25f52777af
+SHA256 (bwrap-pipewire.patch) = ca4a27c4edd3099d0c8b99ef91796feb00038d1daba0055328597c54e952e56b
--- a/webkitgtk-60/Pkgfile
+++ b/webkitgtk-60/Pkgfile
@ -6,8 +6,8 @@

 name=webkitgtk-60
 version=2.41.4
-release=1
-source=(https://webkitgtk.org/releases/webkitgtk-$version.tar.xz)
+release=2
+source=(https://webkitgtk.org/releases/webkitgtk-$version.tar.xz bwrap-pipewire.patch)

 build() {
 	# fail the build if dependencies are not met
@ -28,9 +28,15 @@ build() {
 		-D ENABLE_QUARTZ_TARGET=OFF
 		-D USER_AGENT_BRANDING=CRUX-3.7)

-	prt-get isinst bubblewrap xdg-dbus-proxy && PKGMK_WEBKITGTK+=(-DENABLE_BUBBLEWRAP_SANDBOX=ON) \
-	|| PKGMK_WEBKITGTK+=(-DENABLE_BUBBLEWRAP_SANDBOX=OFF)
+	if prt-get isinst bubblewrap xdg-dbus-proxy; then
+		PKGMK_WEBKITGTK+=(-DENABLE_BUBBLEWRAP_SANDBOX=ON) 
+		patch -i bwrap-pipewire.patch \
+${name%-*}-$version/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+	else
+		PKGMK_WEBKITGTK+=(-DENABLE_BUBBLEWRAP_SANDBOX=OFF)
+	fi

+	prt-get isinst lld && LDFLAGS+=" -Wl,-fuse-ld=gold"
 	prt-get isinst openjpeg2 || PKGMK_WEBKITGTK+=(-DUSE_OPENJPEG=OFF)
 	prt-get isinst enchant || PKGMK_WEBKITGTK+=(-DENABLE_SPELLCHECK=OFF)
 	prt-get isinst geoclue && PKGMK_WEBKITGTK+=(-DENABLE_GEOLOCATION=ON) || PKGMK_WEBKITGTK+=(-DENABLE_GEOLOCATION=OFF)
@ -39,10 +45,10 @@ build() {
        prt-get isinst libavif || PKGMK_WEBKITGTK+=(-DUSE_AVIF=OFF)
        prt-get isinst gst-plugins-bad || PKGMK_WEBKITGTK+=(-DUSE_GSTREAMER_TRANSCODER=OFF)

-	cmake -S webkitgtk-$version -B build "${PKGMK_WEBKITGTK[@]}" \
+	cmake -S ${name%-*}-$version -B build "${PKGMK_WEBKITGTK[@]}" \
 	-D CMAKE_CXX_FLAGS_RELEASE="${CXXFLAGS} -DNDEBUG -ffat-lto-objects" \
 	-D CMAKE_C_FLAGS_RELEASE="${CFLAGS} -DNDEBUG -ffat-lto-objects" \
-	-D CMAKE_EXE_LINKER_FLAGS="${LDFLAGS} -Wl,-fuse-ld=gold"
+	-D CMAKE_EXE_LINKER_FLAGS="${LDFLAGS}"

 	ninja -C build -j ${JOBS:-1}
 	DESTDIR=$PKG ninja -C build install
--- a/webkitgtk-60/bwrap-pipewire.patch
+++ b/webkitgtk-60/bwrap-pipewire.patch
@ -0,0 +1,43 @@
+--- BubblewrapLauncher.cpp	2023-01-03 04:46:43.369643000 -0700
+++ BubblewrapLauncher.cpp.new	2023-04-03 18:17:29.815248828 -0600
+@@ -302,6 +302,28 @@
+     bindIfExists(args, sndioHomeDir.get(), BindFlags::ReadWrite);
+ }
+ 
+static void bindPipewire(Vector<CString>& args)
+{
+    const char* xdgRuntimeDir = g_get_user_runtime_dir();
+    const char* pwRuntimeDir = g_getenv("PIPEWIRE_RUNTIME_DIR");
+    const char* pwRemote = g_getenv("PIPEWIRE_REMOTE");
+
+    if (!pwRemote)
+        pwRemote = "pipewire-0";
+
+    if (pwRuntimeDir) {
+        GUniquePtr<char> pwRuntimeFile(g_build_filename(pwRuntimeDir, pwRemote, nullptr));
+        bindIfExists(args, pwRuntimeFile.get(), BindFlags::ReadWrite);
+    } else {
+        GUniquePtr<char> xdgRuntimeFile(g_build_filename(xdgRuntimeDir, pwRemote, nullptr));
+        bindIfExists(args, xdgRuntimeFile.get(), BindFlags::ReadWrite);
+    }
+
+    // System-wide pipewire
+    GUniquePtr<char> sysRuntimeFile(g_build_filename("/run/pipewire", pwRemote, nullptr));
+    bindIfExists(args, sysRuntimeFile.get(), BindFlags::ReadWrite);
+}
+
+ static void bindFonts(Vector<CString>& args)
+ {
+     const char* configDir = g_get_user_config_dir();
+@@ -797,9 +819,10 @@
+         static std::unique_ptr<XDGDBusProxy> dbusProxy = makeUnique<XDGDBusProxy>();
+         if (dbusProxy)
+             bindDBusSession(sandboxArgs, *dbusProxy, flatpakInfoFd != -1);
+-        // FIXME: We should move to Pipewire as soon as viable, Pulse doesn't restrict clients atm.
+        // FIXME: Disable PulseAudio access when Pipewire is available.
+         bindPulse(sandboxArgs);
+         bindSndio(sandboxArgs);
+        bindPipewire(sandboxArgs);
+         bindFonts(sandboxArgs);
+         bindGStreamerData(sandboxArgs);
+         bindOpenGL(sandboxArgs);