virtualbox: Make sure that Qt finds plugins to make VMs run again.

Fixes #65564. When hardening is enabled, we cannot use a wrapper for
VirtualBoxVM, so patch the source code to set QT_PLUGIN_PATH as required.
This commit is contained in:
Ambroz Bizjak 2019-09-02 23:21:34 +02:00 committed by Florian Klink
parent 12ae04518b
commit b52dfd3007
2 changed files with 33 additions and 3 deletions

View file

@ -1,8 +1,8 @@
{ config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook
, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL
, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras
, qttools, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43
, alsaLib, curl, libvpx, nettools, dbus
, qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43
, alsaLib, curl, libvpx, nettools, dbus, substituteAll
, makeself, perl
, javaBindings ? true, jdk ? null # Almost doesn't affect closure size
, pythonBindings ? false, python3 ? null
@ -37,7 +37,7 @@ in stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ]
++ optional (!headless) wrapQtAppsHook;
# Wrap manually because we just need to wrap one executable
# Wrap manually because we wrap just a small number of executables.
dontWrapQtApps = true;
buildInputs =
@ -79,6 +79,17 @@ in stdenv.mkDerivation {
patches =
optional enableHardening ./hardened.patch
# When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees
# the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.
# This is because VirtualBoxVM would detect that it is wrapped that and refuse to run,
# and also because it would unset QT_PLUGIN_PATH for security reasons. We work around
# these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths,
# after the code that unsets it. Note that qtsvg is included so that SVG icons from
# the user's icon theme can be loaded.
++ optional (!headless && enableHardening) (substituteAll {
src = ./qt-env-vars.patch;
qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}";
})
++ [
./qtx11extras.patch
];
@ -184,6 +195,11 @@ in stdenv.mkDerivation {
preFixup = optionalString (!headless) ''
wrapQtApp $out/bin/VirtualBox
''
# If hardening is disabled, wrap the VirtualBoxVM binary instead of patching
# the source code (see postPatch).
+ optionalString (!headless && !enableHardening) ''
wrapQtApp $out/libexec/virtualbox/VirtualBoxVM
'';
passthru = {

View file

@ -0,0 +1,14 @@
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp)
/** @todo Call NT API to do the same. */
#endif
}
+
+ /*
+ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins.
+ */
+ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1);
}