cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #67968 from ambrop72/virtualbox-qt-fix

Browse source 
virtualbox: Fix #65564
This commit is contained in:
Florian Klink 2019-09-04 06:38:37 -07:00 committed by GitHub
commit 432e55242e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
pkgs/applications/virtualization/virtualbox/default.nix
View file

@ -1,8 +1,8 @@
{ config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook { config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook
, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL , libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL
, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras , libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras
, qttools, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 , qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43
, alsaLib, curl, libvpx, nettools, dbus , alsaLib, curl, libvpx, nettools, dbus, substituteAll
, makeself, perl , makeself, perl
, javaBindings ? true, jdk ? null # Almost doesn't affect closure size , javaBindings ? true, jdk ? null # Almost doesn't affect closure size
, pythonBindings ? false, python3 ? null , pythonBindings ? false, python3 ? null
@ -37,7 +37,7 @@ in stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ] nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ]
++ optional (!headless) wrapQtAppsHook; ++ optional (!headless) wrapQtAppsHook;
# Wrap manually because we just need to wrap one executable # Wrap manually because we wrap just a small number of executables.
dontWrapQtApps = true; dontWrapQtApps = true;
buildInputs = buildInputs =
@ -79,6 +79,17 @@ in stdenv.mkDerivation {
patches = patches =
optional enableHardening ./hardened.patch optional enableHardening ./hardened.patch
# When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees
# the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.
# This is because VirtualBoxVM would detect that it is wrapped that and refuse to run,
# and also because it would unset QT_PLUGIN_PATH for security reasons. We work around
# these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths,
# after the code that unsets it. Note that qtsvg is included so that SVG icons from
# the user's icon theme can be loaded.
++ optional (!headless && enableHardening) (substituteAll {
src = ./qt-env-vars.patch;
qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}";
})
++ [ ++ [
./qtx11extras.patch ./qtx11extras.patch
]; ];
@ -184,6 +195,11 @@ in stdenv.mkDerivation {
preFixup = optionalString (!headless) '' preFixup = optionalString (!headless) ''
wrapQtApp $out/bin/VirtualBox wrapQtApp $out/bin/VirtualBox
''
# If hardening is disabled, wrap the VirtualBoxVM binary instead of patching
# the source code (see postPatch).
+ optionalString (!headless && !enableHardening) ''
wrapQtApp $out/libexec/virtualbox/VirtualBoxVM
''; '';
passthru = { passthru = {

14
pkgs/applications/virtualization/virtualbox/qt-env-vars.patch Normal file
View file

@ -0,0 +1,14 @@
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp)
/** @todo Call NT API to do the same. */
#endif
}
+
+ /*
+ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins.
+ */
+ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1);
}