Apart from version update:
- remove some packages from `LD_LIBRARY_PATH`. I haven't found any
references for them. Most of them were copypasted from AUR expression
- found an implicit reference to `pidof`, in my case this caused warnings
about mismatched Glibc version. I've found implicit reference to `sh` too,
with Glibc warning too, but I don't know how to fix this, and looks like it's
only a warning
Since the program to be wrapped is already in a different path than
$out/bin, we don't need the complicated dance that wrapProgram uses to
put the wrapper in the same location as the original program. Just tell
makeWrapper to put the wrapper in the final desired output location
instead.
This package does not work on arbitrary Linux systems, only on platforms
for which upstream has provided prebuilt binaries. Fortunately, we have
a list of the platforms we know how to get binaries for: it's exactly
the ones in the `srcs` set.
Webcam Logitech C270 showed black screen in zoom, but LD_PRELOADing
v4l1compat.so fixed this. I hope, this wouldn't break camera for people,
who were already able to see video, but I can't be 100% sure currently.
Turns out, zoom couldn't launch QtWebEngineProcess because of wrong interpreter
Also, there was a need for some extra deps, which I found when
running debug version of zoom.
* paxmark zoom to fix execution on PaX-enabled kernels[1]
* Requires moving from qt55 to qt56
* Put libs as buildInputs so that wrapQtProgram sees their paths!
* Don't use bundled Qt libs.
(if these should be used, we shouldn't put our own on rpath, etc.)
[1] Without this, program fails to start (but doesn't exit),
and the following exception is logged a few times:
Dec 07 12:24:26 hostname kernel: grsec: denied RWX mmap of <anonymous mapping> by /nix/store/v1i2bff9fs7w1vycv0y615phhs7hky87-zoom-us/share/.zoom-wrapped[.zoom-wrapped:23812] uid/euid:1000/1
zoom still won't run unless using a pax-fixed version of qtwebengine.
( see: https://github.com/NixOS/nixpkgs/pull/20991 )
Only zoom-us depends on icu4c-54.1. Since we know that version has some vulnerabilities, and zoom-us appears to work with icu4c-57.1, I remove the icu/54.1.nix file, remove icu_54_1 from all-packages.nix, and have zoom-us depend on icu (i.e., icu4c-57.1)