This is an automated email from the git hooks/post-receive script. mhw pushed a commit to branch master in repository guix.
The following commit(s) were added to refs/heads/master by this push: new 429c828 gnu: icecat: Fix support for ffmpeg codecs. 429c828 is described below commit 429c8284d232c3f9fbe3dc87a3da323f3a864c03 Author: Mark H Weaver <m...@netris.org> AuthorDate: Wed Jan 15 20:26:46 2020 -0500 gnu: icecat: Fix support for ffmpeg codecs. Fixes <https://bugs.gnu.org/38045>. Thanks to Jakub Kądziołka <k...@kadziolka.net> and Amin Bandali <band...@gnu.org> for their helpful observations and suggestions. This is a followup to commit 8e5567195f5d29301d571612085b5afdb460619d. * gnu/packages/gnuzilla.scm (icecat)[inputs]: Add shared-mime-info. [arguments]: Add elf and binary I/O modules to #:modules. Add code to the 'fix-ffmpeg-runtime-linker' phase that sets the sandbox read-path whitelist to include libavcodec's RUNPATH, as well as shared-mime-info. --- gnu/packages/gnuzilla.scm | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 62b4390..0797cb0 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge <andr...@enge.fr> ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <l...@gnu.org> -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver <m...@netris.org> +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Mark H Weaver <m...@netris.org> ;;; Copyright © 2015 Sou Bunnbu <iyzs...@gmail.com> ;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efr...@flashner.co.il> ;;; Copyright © 2016 Alex Griffin <a...@ajgrf.com> @@ -756,6 +756,7 @@ from forcing GEXP-PROMISE." ;; and related comments in the 'remove-bundled-libraries' phase. ;; UNBUNDLE-ME! ("nspr" ,nspr) ;; UNBUNDLE-ME! ("nss" ,nss) + ("shared-mime-info" ,shared-mime-info) ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) @@ -882,6 +883,10 @@ from forcing GEXP-PROMISE." (ice-9 match) (srfi srfi-34) (srfi srfi-35) + (rnrs bytevectors) + (rnrs io ports) + (guix elf) + (guix build gremlin) ,@%gnu-build-system-modules) #:phases (modify-phases %standard-phases @@ -966,11 +971,31 @@ from forcing GEXP-PROMISE." #t)) (add-after 'link-libxul-with-libraries 'fix-ffmpeg-runtime-linker (lambda* (#:key inputs #:allow-other-keys) - ;; Arrange to load libavcodec.so by its absolute file name. - (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" - (("libavcodec\\.so") - (string-append (assoc-ref inputs "ffmpeg") "/lib/libavcodec.so"))) - #t)) + (let* ((ffmpeg (assoc-ref inputs "ffmpeg")) + (libavcodec (string-append ffmpeg "/lib/libavcodec.so"))) + ;; Arrange to load libavcodec.so by its absolute file name. + (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp" + (("libavcodec\\.so") + libavcodec)) + ;; Populate the sandbox read-path whitelist as needed by ffmpeg. + (let* ((mime-info (assoc-ref inputs "shared-mime-info")) + (libavcodec-runpath (call-with-input-file libavcodec + (compose elf-dynamic-info-runpath + elf-dynamic-info + parse-elf + get-bytevector-all))) + (whitelist (cons (string-append mime-info "/share/mime/") + (map (lambda (dir) + (string-append dir "/")) + libavcodec-runpath))) + (whitelist-string (string-join whitelist ",")) + (port (open-file "browser/app/profile/icecat.js" "a"))) + (format #t "setting 'security.sandbox.content.read_path_whitelist' to '~a'~%" + whitelist-string) + (format port "~%pref(\"security.sandbox.content.read_path_whitelist\", ~S);~%" + whitelist-string) + (close-output-port port)) + #t))) (replace 'bootstrap (lambda _ (invoke "sh" "-c" "autoconf old-configure.in > old-configure")