(address . guix-patches@gnu.org)
86ilr0o6t4.fsf@163.com
-----BEGIN PGP SIGNATURE-----
iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYmNohxUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/l+qwEAnDgfdFUzH1nnXFlxPFJ4bKxx5FTk
eYexdAnvEaIxw0kBAPTZI2txd3pUJTi1INrmFDthGAJQczjXf0hPumj8EkgN
=jT8/
-----END PGP SIGNATURE-----
From affd34d0f0bf6bf04110b595ce77ed8e9448b2c7 Mon Sep 17 00:00:00 2001
From: Zhu Zihao <all_but_last@163.com>
Date: Thu, 21 Apr 2022 18:48:51 +0800
Subject: [PATCH 1/3] gnu: bubblewrap: Update to 0.6.1.
* gnu/packages/virtualization.scm (bubblewrap): Update to 0.6.1.
---
gnu/packages/virtualization.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Toggle diff (32 lines)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index f3396e7c94..3f7c6312f2 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -27,6 +27,7 @@
;;; Copyright © 2022 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2022 Ekaitz Zarraga <ekaitz@elenq.tech>
;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2022 Zhu Zihao <all_but_last@163.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1950,7 +1951,7 @@ (define-public python-vagrant
(define-public bubblewrap
(package
(name "bubblewrap")
- (version "0.5.0")
+ (version "0.6.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/containers/bubblewrap/"
@@ -1958,7 +1959,7 @@ (define-public bubblewrap
version ".tar.xz"))
(sha256
(base32
- "0608l2sjwhnb1c0mslah1h6yjvqr17wk60by6i710qwxg4rszz8n"))
+ "10ij62jg7p2scwdx0pm141ss7p2gjdkbbymb56y8miib2vfcf2cn"))
(patches (search-patches "bubblewrap-fix-locale-in-tests.patch"))))
(build-system gnu-build-system)
(arguments
--
2.35.1
From 5f1369f8731cc1b35c3c80aac6ad7ebd89d3cb10 Mon Sep 17 00:00:00 2001
From: Zhu Zihao <all_but_last@163.com>
Date: Sat, 23 Apr 2022 10:39:32 +0800
Subject: [PATCH 3/3] gnu: flatpak: Do not leak GDK_PIXBUF_MODULE_FILE into the
sandbox.
* gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add corresponding entry.
* gnu/packages/package-management.scm (flatpak)[source]: Use patch.
---
gnu/local.mk | 1 +
gnu/packages/package-management.scm | 4 +++-
...flatpak-unset-gdk-pixbuf-for-sandbox.patch | 19 +++++++++++++++++++
3 files changed, 23 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
Toggle diff (54 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 9bad87710c..ce25b0f21e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1070,6 +1070,7 @@ dist_patch_DATA = \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/flann-cmake-3.11.patch \
%D%/packages/patches/flatpak-fix-path.patch \
+ %D%/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch \
%D%/packages/patches/fontconfig-cache-ignore-mtime.patch \
%D%/packages/patches/foobillard++-pkg-config.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 2ea639d376..1ab293e2dd 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1804,7 +1804,9 @@ (define-public flatpak
version "/flatpak-" version ".tar.xz"))
(sha256
(base32 "05lkpbjiwp69q924i1jfyk5frcqbdbv9kyzbqwm2hy723i9jmdbd"))
- (patches (search-patches "flatpak-fix-path.patch"))))
+ (patches
+ (search-patches "flatpak-fix-path.patch"
+ "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
;; find the TLS backend in glib-networking.
diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
new file mode 100644
index 0000000000..79fec8e526
--- /dev/null
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@@ -0,0 +1,19 @@
+Most Guix system setup with desktop evironment will install GDK_PIXBUF_MODULE_FILE
+environment variable in the system profile, and it'll be leaked into the sandbox
+environment of flatpak, so the applications in sandbox may fail to find correct
+GdkPixbuf loaders.
+
+This patch unset the GDK_PIXBUF_MODULE_FILE environment variable before running
+the sandboxed applications, prevents it to load GdkPixbuf loaders from the path
+of host system.
+
+--- a/common/flatpak-run.c
++++ b/common/flatpak-run.c
+@@ -1853,6 +1853,7 @@ static const ExportData default_exports[] = {
+ {"GST_PTP_HELPER", NULL},
+ {"GST_PTP_HELPER_1_0", NULL},
+ {"GST_INSTALL_PLUGINS_HELPER", NULL},
++ {"GDK_PIXBUF_MODULE_FILE", NULL},
+ };
+
+ static const ExportData no_ld_so_cache_exports[] = {
--
2.35.1
--
Retrieve my PGP public key:
gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F
Zihao