about summary refs log tree commit diff
path: root/nixpkgs/pkgs/desktops/plasma-5/kwin
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/desktops/plasma-5/kwin')
-rw-r--r--nixpkgs/pkgs/desktops/plasma-5/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch40
-rw-r--r--nixpkgs/pkgs/desktops/plasma-5/kwin/0003-plugins-qpa-allow-using-nixos-wrapper.patch2
-rw-r--r--nixpkgs/pkgs/desktops/plasma-5/kwin/default.nix142
3 files changed, 155 insertions, 29 deletions
diff --git a/nixpkgs/pkgs/desktops/plasma-5/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch b/nixpkgs/pkgs/desktops/plasma-5/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch
new file mode 100644
index 000000000000..e6408605aa43
--- /dev/null
+++ b/nixpkgs/pkgs/desktops/plasma-5/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch
@@ -0,0 +1,40 @@
+From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001
+From: Alois Wohlschlager <alois1@gmx-topmail.de>
+Date: Sun, 7 Aug 2022 16:12:31 +0200
+Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set
+
+The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it
+is inherited by the wrapped program. However, we don't want it to leak
+into the entire desktop environment.
+
+Lower the capability again at startup so that the kernel will clear it
+on exec.
+---
+ src/main_wayland.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp
+index 1720e14e7..f2bb446b0 100644
+--- a/src/main_wayland.cpp
++++ b/src/main_wayland.cpp
+@@ -39,7 +39,9 @@
+ #include <QWindow>
+ #include <qplatformdefs.h>
+ 
++#include <linux/capability.h>
+ #include <sched.h>
++#include <sys/prctl.h>
+ #include <sys/resource.h>
+ 
+ #include <iomanip>
+@@ -285,6 +287,7 @@ static QString automaticBackendSelection()
+ 
+ int main(int argc, char *argv[])
+ {
++    prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0);
+     KWin::Application::setupMalloc();
+     KWin::Application::setupLocalizedString();
+     KWin::gainRealTime();
+-- 
+2.37.1
+
diff --git a/nixpkgs/pkgs/desktops/plasma-5/kwin/0003-plugins-qpa-allow-using-nixos-wrapper.patch b/nixpkgs/pkgs/desktops/plasma-5/kwin/0003-plugins-qpa-allow-using-nixos-wrapper.patch
index 50c7cef3f8cd..d0be721b044c 100644
--- a/nixpkgs/pkgs/desktops/plasma-5/kwin/0003-plugins-qpa-allow-using-nixos-wrapper.patch
+++ b/nixpkgs/pkgs/desktops/plasma-5/kwin/0003-plugins-qpa-allow-using-nixos-wrapper.patch
@@ -13,9 +13,9 @@ index efd236b..a69c046 100644
 --- a/src/plugins/qpa/main.cpp
 +++ b/src/plugins/qpa/main.cpp
 @@ -23,7 +23,7 @@ public:
+
  QPlatformIntegration *KWinIntegrationPlugin::create(const QString &system, const QStringList &paramList)
  {
-     Q_UNUSED(paramList)
 -    if (!QCoreApplication::applicationFilePath().endsWith(QLatin1String("kwin_wayland")) && !qEnvironmentVariableIsSet("KWIN_FORCE_OWN_QPA")) {
 +    if (!QCoreApplication::applicationFilePath().endsWith(QLatin1String("kwin_wayland")) && !QCoreApplication::applicationFilePath().endsWith(QLatin1String(".kwin_wayland-wrapped")) && !qEnvironmentVariableIsSet("KWIN_FORCE_OWN_QPA")) {
          // Not KWin
diff --git a/nixpkgs/pkgs/desktops/plasma-5/kwin/default.nix b/nixpkgs/pkgs/desktops/plasma-5/kwin/default.nix
index 74c6b1b7faa5..2334604903fe 100644
--- a/nixpkgs/pkgs/desktops/plasma-5/kwin/default.nix
+++ b/nixpkgs/pkgs/desktops/plasma-5/kwin/default.nix
@@ -1,20 +1,61 @@
-{
-  mkDerivation, lib,
-  extra-cmake-modules, kdoctools, fetchpatch,
-
-  libepoxy, lcms2, libICE, libSM, libcap, libdrm, libinput, libxkbcommon, mesa,
-  pipewire, udev, wayland, xcb-util-cursor, xwayland,
-  plasma-wayland-protocols, wayland-protocols, libxcvt,
-
-  qtdeclarative, qtmultimedia, qtquickcontrols2, qtscript, qtsensors,
-  qtvirtualkeyboard, qtx11extras,
-
-  breeze-qt5, kactivities, kcompletion, kcmutils, kconfig, kconfigwidgets,
-  kcoreaddons, kcrash, kdeclarative, kdecoration, kglobalaccel, ki18n,
-  kiconthemes, kidletime, kinit, kio, knewstuff, knotifications, kpackage,
-  krunner, kscreenlocker, kservice, kwayland, kwidgetsaddons,
-  kwindowsystem, kxmlgui, plasma-framework, libqaccessibilityclient,
-  python3
+{ mkDerivation
+, lib
+, extra-cmake-modules
+, kdoctools
+, fetchpatch
+, libepoxy
+, lcms2
+, libICE
+, libSM
+, libcap
+, libdrm
+, libinput
+, libxkbcommon
+, mesa
+, pipewire
+, udev
+, wayland
+, xcb-util-cursor
+, xwayland
+, plasma-wayland-protocols
+, wayland-protocols
+, libxcvt
+, qtdeclarative
+, qtmultimedia
+, qtquickcontrols2
+, qtscript
+, qtsensors
+, qtvirtualkeyboard
+, qtx11extras
+, breeze-qt5
+, kactivities
+, kcompletion
+, kcmutils
+, kconfig
+, kconfigwidgets
+, kcoreaddons
+, kcrash
+, kdeclarative
+, kdecoration
+, kglobalaccel
+, ki18n
+, kiconthemes
+, kidletime
+, kinit
+, kio
+, knewstuff
+, knotifications
+, kpackage
+, krunner
+, kscreenlocker
+, kservice
+, kwayland
+, kwidgetsaddons
+, kwindowsystem
+, kxmlgui
+, plasma-framework
+, libqaccessibilityclient
+, python3
 }:
 
 # TODO (ttuegel): investigate qmlplugindump failure
@@ -23,18 +64,60 @@ mkDerivation {
   pname = "kwin";
   nativeBuildInputs = [ extra-cmake-modules kdoctools ];
   buildInputs = [
-    libepoxy lcms2 libICE libSM libcap libdrm libinput libxkbcommon mesa pipewire
-    udev wayland xcb-util-cursor xwayland
-    libxcvt plasma-wayland-protocols wayland-protocols
+    libepoxy
+    lcms2
+    libICE
+    libSM
+    libcap
+    libdrm
+    libinput
+    libxkbcommon
+    mesa
+    pipewire
+    udev
+    wayland
+    xcb-util-cursor
+    xwayland
+    libxcvt
+    plasma-wayland-protocols
+    wayland-protocols
 
-    qtdeclarative qtmultimedia qtquickcontrols2 qtscript qtsensors
-    qtvirtualkeyboard qtx11extras
+    qtdeclarative
+    qtmultimedia
+    qtquickcontrols2
+    qtscript
+    qtsensors
+    qtvirtualkeyboard
+    qtx11extras
 
-    breeze-qt5 kactivities kcmutils kcompletion kconfig kconfigwidgets
-    kcoreaddons kcrash kdeclarative kdecoration kglobalaccel ki18n kiconthemes
-    kidletime kinit kio knewstuff knotifications kpackage krunner kscreenlocker
-    kservice kwayland kwidgetsaddons kwindowsystem kxmlgui
-    plasma-framework libqaccessibilityclient
+    breeze-qt5
+    kactivities
+    kcmutils
+    kcompletion
+    kconfig
+    kconfigwidgets
+    kcoreaddons
+    kcrash
+    kdeclarative
+    kdecoration
+    kglobalaccel
+    ki18n
+    kiconthemes
+    kidletime
+    kinit
+    kio
+    knewstuff
+    knotifications
+    kpackage
+    krunner
+    kscreenlocker
+    kservice
+    kwayland
+    kwidgetsaddons
+    kwindowsystem
+    kxmlgui
+    plasma-framework
+    libqaccessibilityclient
 
   ];
   outputs = [ "out" "dev" ];
@@ -48,6 +131,7 @@ mkDerivation {
     ./0002-xwayland.patch
     ./0003-plugins-qpa-allow-using-nixos-wrapper.patch
     ./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch
+    ./0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch
     # Pass special environments through arguemnts to `kwin_wayland`, bypassing
     # ld.so(8) environment stripping due to `kwin_wayland`'s capabilities.
     # We need this to have `TZDIR` correctly set for `plasmashell`, or
@@ -58,9 +142,11 @@ mkDerivation {
       sha256 = "sha256-f35G+g2MVABLDbAkCed3ZmtDWrzYn1rdD08mEx35j4k=";
     })
   ];
+
   CXXFLAGS = [
-    ''-DNIXPKGS_XWAYLAND=\"${lib.getBin xwayland}/bin/Xwayland\"''
+    ''-DNIXPKGS_XWAYLAND=\"${lib.getExe xwayland}\"''
   ];
+
   postInstall = ''
     # Some package(s) refer to these service types by the wrong name.
     # I would prefer to patch those packages, but I cannot find them!
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-17 00:29:24 +0000