diff --git a/pkgs/development/libraries/webkitgtk/default.nix b/pkgs/development/libraries/webkitgtk/default.nix index c0fae2f71765..7d48b68d14c7 100644 --- a/pkgs/development/libraries/webkitgtk/default.nix +++ b/pkgs/development/libraries/webkitgtk/default.nix @@ -6,6 +6,7 @@ , enableGeoLocation ? true, geoclue2, sqlite , enableGtk2Plugins ? false, gtk2 ? null , gst-plugins-base, gst-plugins-bad, woff2 +, bubblewrap, libseccomp, xdg-dbus-proxy, substituteAll }: assert enableGeoLocation -> geoclue2 != null; @@ -15,7 +16,7 @@ assert stdenv.isDarwin -> !enableGtk2Plugins; with stdenv.lib; stdenv.mkDerivation rec { pname = "webkitgtk"; - version = "2.24.4"; + version = "2.26.1"; meta = { description = "Web content rendering engine, GTK port"; @@ -28,11 +29,14 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://webkitgtk.org/releases/${pname}-${version}.tar.xz"; - sha256 = "1n3x5g1z6rg9n1ssna7wi0z6zlprjm4wzk544v14wqi6q0lv2s46"; + sha256 = "0mfikjfjhwcnrxbzdyh3fl9bbs2azgbdnx8h5910h41b3n022jvb"; }; - patches = optionals stdenv.isDarwin [ - ## TODO add necessary patches for Darwin + patches = optionals stdenv.isLinux [ + (substituteAll { + src = ./fix-bubblewrap-paths.patch; + inherit (builtins) storeDir; + }) ]; postPatch = '' @@ -41,8 +45,9 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DPORT=GTK" - "-DUSE_LIBHYPHEN=0" + "-DUSE_LIBHYPHEN=OFF" "-DENABLE_INTROSPECTION=ON" + "-DUSE_WPE_RENDERER=OFF" ] ++ optional (!enableGtk2Plugins) "-DENABLE_PLUGIN_PROCESS_GTK2=OFF" ++ optional stdenv.isLinux "-DENABLE_GLES2=ON" @@ -73,11 +78,14 @@ stdenv.mkDerivation rec { ++ optional enableGtk2Plugins gtk2 ++ (with xorg; [ libXdmcp libXt libXtst libXdamage ]) ++ optionals stdenv.isDarwin [ libedit readline libGLU_combined ] - ++ optional stdenv.isLinux wayland; + ++ optionals stdenv.isLinux [ + wayland bubblewrap libseccomp xdg-dbus-proxy + ]; propagatedBuildInputs = [ libsoup gtk3 ]; outputs = [ "out" "dev" ]; + } diff --git a/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch b/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch new file mode 100644 index 000000000000..6485ba0f261f --- /dev/null +++ b/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch @@ -0,0 +1,23 @@ +diff -ru old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +--- old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2019-09-09 04:47:07.000000000 -0400 ++++ webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2019-09-20 21:14:10.537921173 -0400 +@@ -585,7 +585,7 @@ + { SCMP_SYS(keyctl), nullptr }, + { SCMP_SYS(request_key), nullptr }, + +- // Scary VM/NUMA ops ++ // Scary VM/NUMA ops + { SCMP_SYS(move_pages), nullptr }, + { SCMP_SYS(mbind), nullptr }, + { SCMP_SYS(get_mempolicy), nullptr }, +@@ -724,6 +724,10 @@ + "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64", + + "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR, ++ ++ // Nix Directories ++ "--ro-bind", "@storeDir@", "@storeDir@", ++ "--ro-bind", "/run/current-system", "/run/current-system", + }; + // We would have to parse ld config files for more info. + bindPathVar(sandboxArgs, "LD_LIBRARY_PATH"); diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5c3bc883690b..c200860c317a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14098,7 +14098,7 @@ in webkitgtk = callPackage ../development/libraries/webkitgtk { harfbuzz = harfbuzzFull; inherit (gst_all_1) gst-plugins-base gst-plugins-bad; - stdenv = gcc6Stdenv; + stdenv = clangStdenv; # TODO: https://github.com/NixOS/nixpkgs/issues/36947 }; webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix {