virtualbox: Make sure that Qt finds plugins to make VMs run again.
Fixes #65564. When hardening is enabled, we cannot use a wrapper for VirtualBoxVM, so patch the source code to set QT_PLUGIN_PATH as required.
This commit is contained in:
parent
12ae04518b
commit
b52dfd3007
2 changed files with 33 additions and 3 deletions
|
@ -1,8 +1,8 @@
|
|||
{ config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook
|
||||
, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL
|
||||
, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras
|
||||
, qttools, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43
|
||||
, alsaLib, curl, libvpx, nettools, dbus
|
||||
, qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43
|
||||
, alsaLib, curl, libvpx, nettools, dbus, substituteAll
|
||||
, makeself, perl
|
||||
, javaBindings ? true, jdk ? null # Almost doesn't affect closure size
|
||||
, pythonBindings ? false, python3 ? null
|
||||
|
@ -37,7 +37,7 @@ in stdenv.mkDerivation {
|
|||
nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ]
|
||||
++ optional (!headless) wrapQtAppsHook;
|
||||
|
||||
# Wrap manually because we just need to wrap one executable
|
||||
# Wrap manually because we wrap just a small number of executables.
|
||||
dontWrapQtApps = true;
|
||||
|
||||
buildInputs =
|
||||
|
@ -79,6 +79,17 @@ in stdenv.mkDerivation {
|
|||
|
||||
patches =
|
||||
optional enableHardening ./hardened.patch
|
||||
# When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees
|
||||
# the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.
|
||||
# This is because VirtualBoxVM would detect that it is wrapped that and refuse to run,
|
||||
# and also because it would unset QT_PLUGIN_PATH for security reasons. We work around
|
||||
# these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths,
|
||||
# after the code that unsets it. Note that qtsvg is included so that SVG icons from
|
||||
# the user's icon theme can be loaded.
|
||||
++ optional (!headless && enableHardening) (substituteAll {
|
||||
src = ./qt-env-vars.patch;
|
||||
qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}";
|
||||
})
|
||||
++ [
|
||||
./qtx11extras.patch
|
||||
];
|
||||
|
@ -184,6 +195,11 @@ in stdenv.mkDerivation {
|
|||
|
||||
preFixup = optionalString (!headless) ''
|
||||
wrapQtApp $out/bin/VirtualBox
|
||||
''
|
||||
# If hardening is disabled, wrap the VirtualBoxVM binary instead of patching
|
||||
# the source code (see postPatch).
|
||||
+ optionalString (!headless && !enableHardening) ''
|
||||
wrapQtApp $out/libexec/virtualbox/VirtualBoxVM
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
|
||||
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
|
||||
@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp)
|
||||
/** @todo Call NT API to do the same. */
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins.
|
||||
+ */
|
||||
+ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in a new issue