Merge commit '373488e6f4c3dc3bb51cabcb959e4a70eb5d7b2c'

2 files changed, 19 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/libraries/flatpak/bubblewrap-paths.patch b/nixpkgs/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
new file mode 100644
index 000000000000..79257fd6be50
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
@@ -0,0 +1,15 @@
+diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c
+index 6e23d9f2..8c621ec4 100644
+--- a/icon-validator/validate-icon.c
++++ b/icon-validator/validate-icon.c
+@@ -149,8 +149,8 @@ rerun_in_sandbox (const char *arg_width,
+             "--unshare-ipc",
+             "--unshare-net",
+             "--unshare-pid",
+-            "--ro-bind", "/usr", "/usr",
+-            "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache",
++            "--ro-bind", "@storeDir@", "@storeDir@",
++            "--ro-bind", "/run/current-system", "/run/current-system",
+             "--ro-bind", validate_icon, validate_icon,
+             NULL);
+ 
diff --git a/nixpkgs/pkgs/development/libraries/flatpak/default.nix b/nixpkgs/pkgs/development/libraries/flatpak/default.nix
index 1c4b6ea8c722..65c876320b5a 100644
--- a/nixpkgs/pkgs/development/libraries/flatpak/default.nix
+++ b/nixpkgs/pkgs/development/libraries/flatpak/default.nix
@@ -25,6 +25,10 @@ stdenv.mkDerivation rec {
       src = ./fix-paths.patch;
       p11 = p11-kit;
     })
+    (substituteAll {
+      src = ./bubblewrap-paths.patch;
+      inherit (builtins) storeDir;
+    })
     # patch taken from gtk_doc
     ./respect-xml-catalog-files-var.patch
     ./use-flatpak-from-path.patch