Merge pull request #163966 from jfly/more-robust-kodi-webserver-symlink-fix

kodi: More robust handling of kodi webserver assets
This commit is contained in:
Aaron Andersen 2022-04-23 20:41:38 -04:00 committed by GitHub
commit 0f1f92d85b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 103 additions and 6 deletions

View file

@ -0,0 +1,88 @@
From 620c3eb38f0dbea6e877e37e97508513e87a0732 Mon Sep 17 00:00:00 2001
From: Jeremy Fleischman <jeremyfleischman@gmail.com>
Date: Sun, 27 Mar 2022 00:44:52 -0700
Subject: [PATCH] Add new KODI_WEBSERVER_EXTRA_WHITELIST cmake var to allow
access to more directories
(This is a backport of
https://github.com/xbmc/xbmc/commit/a6dedce7ba1f03bdd83b019941d1e369a06f7888
to Kodi 19.4 Matrix)
This is useful for NixOS, which often ends up creating a `KODI_HOME`
with symlinks to other files (including the chorus2 interface). Kodi's
webserver cautiously refuses to follow these symlinks, and you end up
getting 404s rather than the web page.
See https://forum.kodi.tv/showthread.php?tid=366338&pid=3079493 for a
discussion of this on the Kodi forum.
---
CMakeLists.txt | 1 +
xbmc/CompileInfo.cpp.in | 5 +++++
xbmc/CompileInfo.h | 1 +
xbmc/utils/FileUtils.cpp | 6 +++++-
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2d5369798df23..d5ef6d9390ef0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -243,6 +243,7 @@ add_custom_command(OUTPUT ${CORE_BUILD_DIR}/xbmc/CompileInfo.cpp
-DAPP_BUILD_DATE=${APP_BUILD_DATE}
-DAPP_SHARED_LIBRARY_SUFFIX="${APP_SHARED_LIBRARY_SUFFIX}"
-Dprefix=${CMAKE_BINARY_DIR}/${CORE_BUILD_DIR}
+ -DKODI_WEBSERVER_EXTRA_WHITELIST="${KODI_WEBSERVER_EXTRA_WHITELIST}"
-P ${CMAKE_SOURCE_DIR}/cmake/scripts/common/GenerateVersionedFiles.cmake
DEPENDS ${CMAKE_SOURCE_DIR}/version.txt
export-files
diff --git a/xbmc/CompileInfo.cpp.in b/xbmc/CompileInfo.cpp.in
index f81fe77902236..4f19203a89cde 100644
--- a/xbmc/CompileInfo.cpp.in
+++ b/xbmc/CompileInfo.cpp.in
@@ -105,3 +105,8 @@ std::vector<std::string> CCompileInfo::GetAvailableWindowSystems()
{
return StringUtils::Split("@CORE_PLATFORM_NAME_LC@", ' ');
}
+
+const std::vector<std::string> CCompileInfo::GetWebserverExtraWhitelist()
+{
+ return StringUtils::Split("@KODI_WEBSERVER_EXTRA_WHITELIST@", ',');
+}
diff --git a/xbmc/CompileInfo.h b/xbmc/CompileInfo.h
index 553a0194ee77f..e2521324e6576 100644
--- a/xbmc/CompileInfo.h
+++ b/xbmc/CompileInfo.h
@@ -32,4 +32,5 @@ class CCompileInfo
static const char* GetVersionCode();
static std::vector<std::string> GetAvailableWindowSystems();
static std::vector<ADDON::RepoInfo> LoadOfficialRepoInfos();
+ static const std::vector<std::string> GetWebserverExtraWhitelist();
};
diff --git a/xbmc/utils/FileUtils.cpp b/xbmc/utils/FileUtils.cpp
index e51f3d631c256..fc717c9608098 100644
--- a/xbmc/utils/FileUtils.cpp
+++ b/xbmc/utils/FileUtils.cpp
@@ -6,6 +6,7 @@
* See LICENSES/README.md for more information.
*/
+#include "CompileInfo.h"
#include "FileUtils.h"
#include "ServiceBroker.h"
#include "guilib/GUIKeyboardFactory.h"
@@ -261,12 +262,15 @@ bool CFileUtils::CheckFileAccessAllowed(const std::string &filePath)
"/.ssh/",
};
// ALLOW kodi paths
- const std::vector<std::string> whitelist = {
+ std::vector<std::string> whitelist = {
CSpecialProtocol::TranslatePath("special://home"),
CSpecialProtocol::TranslatePath("special://xbmc"),
CSpecialProtocol::TranslatePath("special://musicartistsinfo")
};
+ auto kodiExtraWhitelist = CCompileInfo::GetWebserverExtraWhitelist();
+ whitelist.insert(whitelist.end(), kodiExtraWhitelist.begin(), kodiExtraWhitelist.end());
+
// image urls come in the form of image://... sometimes with a / appended at the end
// and can be embedded in a music or video file image://music@...
// strip this off to get the real file path

View file

@ -107,6 +107,15 @@ in stdenv.mkDerivation {
src = kodi_src;
# This is a backport of
# https://github.com/xbmc/xbmc/commit/a6dedce7ba1f03bdd83b019941d1e369a06f7888
# to Kodi 19.4 Matrix.
# This can be removed once a new release of Kodi comes out and we upgrade
# to it.
patches = [
./add-KODI_WEBSERVER_EXTRA_WHITELIST.patch
];
buildInputs = [
gnutls libidn libtasn1 nasm p11-kit
libxml2 python3Packages.python
@ -185,6 +194,12 @@ in stdenv.mkDerivation {
"-DSWIG_EXECUTABLE=${buildPackages.swig}/bin/swig"
"-DFLATBUFFERS_FLATC_EXECUTABLE=${buildPackages.flatbuffers}/bin/flatc"
"-DPYTHON_EXECUTABLE=${buildPackages.python3Packages.python}/bin/python"
# When wrapped KODI_HOME will likely contain symlinks to static assets
# that Kodi's built in webserver will cautiously refuse to serve up
# (because their realpaths are outside of KODI_HOME and the other
# whitelisted directories). This adds the entire nix store to the Kodi
# webserver whitelist to avoid this problem.
"-DKODI_WEBSERVER_EXTRA_WHITELIST=${builtins.storeDir}"
] ++ lib.optional waylandSupport [
"-DWAYLANDPP_SCANNER=${buildPackages.waylandpp}/bin/wayland-scanner++"
];

View file

@ -35,11 +35,5 @@ buildEnv {
(lib.concatMap
(plugin: plugin.extraRuntimeDependencies or []) addons)}"
done
# makeWrapper just created webinterface.default as a symlink. However,
# kodi's webserver carefully refuses to follow symlinks, so we need to copy
# these assets instead.
rm $out/share/kodi/addons/webinterface.default
cp -r ${kodi}/share/kodi/addons/webinterface.default/ $out/share/kodi/addons/webinterface.default
'';
}