Improve python matplotlib/gtk sandboxing
It was looking for font configs outside of the sandbox. This was
generating a lot of warnings on buster.
Change-Id: I7c2e9c03cc8fbdca7b951e7be404fb20c3a7d3d3
diff --git a/debian/matplotlib.bzl b/debian/matplotlib.bzl
index a2c6683..be520f3 100644
--- a/debian/matplotlib.bzl
+++ b/debian/matplotlib.bzl
@@ -238,7 +238,7 @@
],
data = _data_files + _builtin_so_copied + _system_so_copied + [
":usr/share/matplotlib/mpl-data/matplotlibrc",
- ],
+ ] + native.glob(["etc/**"]),
imports = ["usr/lib/python" + version + "/dist-packages", version, "."],
restricted_to = ["@//tools:k8"],
visibility = ["//visibility:public"],
diff --git a/debian/matplotlib_init.patch b/debian/matplotlib_init.patch
index e547108..8d67dc6 100644
--- a/debian/matplotlib_init.patch
+++ b/debian/matplotlib_init.patch
@@ -8,17 +8,17 @@
import six
import sys
import distutils.version
-@@ -110,6 +111,26 @@
+@@ -110,6 +111,31 @@
__version__ = str('1.4.2')
__version__numpy__ = str('1.6') # minimum required numpy version
-+_matplotlib_base = os.path.dirname(os.path.dirname(__file__))
++_matplotlib_base = os.path.join(os.path.dirname(os.path.dirname(__file__)), "..")
+
+# Hack to point matplotlib at its data.
+os.environ['MATPLOTLIBDATA'] = \
+ os.path.join( \
+ _matplotlib_base,
-+ "..", "usr", "share", "matplotlib", "mpl-data")
++ "usr", "share", "matplotlib", "mpl-data")
+# Avoid reading /etc/matplotlib in all cases. Matplotlib is pretty happy to
+# escape the sandbox by using absolute paths.
+os.environ['MATPLOTLIBRC'] = os.environ['MATPLOTLIBDATA']
@@ -29,9 +29,14 @@
+
+# Tell Tcl where to find the sandboxed version. Otherwise, it will try using
+# one from the host system, even if that's an incompatible version.
-+os.environ['TCL_LIBRARY'] = os.path.join(_matplotlib_base, '..', 'usr', 'share',
++os.environ['TCL_LIBRARY'] = os.path.join(_matplotlib_base, 'usr', 'share',
+ 'tcltk', 'tcl8.6')
+
++# Tell fontconfig where to find matplotlib's sandboxed font files.
++os.environ["FONTCONFIG_PATH"] = os.path.join(_matplotlib_base, "etc/fonts/")
++os.environ["FONTCONFIG_FILE"] = os.path.join(_matplotlib_base, "etc/fonts/fonts.conf")
++os.environ["FONTCONFIG_SYSROOT"] = _matplotlib_base
++
try:
import dateutil
except ImportError:
diff --git a/debian/python_gi_init.patch b/debian/python_gi_init.patch
index 97ca2dc..ee09ccf 100644
--- a/debian/python_gi_init.patch
+++ b/debian/python_gi_init.patch
@@ -1,6 +1,6 @@
--- a/__init__.py 1969-12-31 16:00:00.000000000 -0800
+++ b/__init__.py 2018-10-17 21:45:04.908201161 -0700
-@@ -29,6 +29,11 @@ import os
+@@ -29,6 +29,16 @@ import os
import importlib
import types
@@ -9,6 +9,11 @@
+ 'x86_64-linux-gnu',
+ 'girepository-1.0')
+
++# Tell fontconfig where to find the sandboxed font files.
++os.environ["FONTCONFIG_PATH"] = os.path.join(_base, "etc/fonts/")
++os.environ["FONTCONFIG_FILE"] = os.path.join(_base, "etc/fonts/fonts.conf")
++os.environ["FONTCONFIG_SYSROOT"] = _base
++
_static_binding_error = ('When using gi.repository you must not import static '
'modules like "gobject". Please change all occurrences '
'of "import gobject" to "from gi.repository import GObject". '
diff --git a/debian/python_gtk.BUILD b/debian/python_gtk.BUILD
index d65101a..e1cdc99 100644
--- a/debian/python_gtk.BUILD
+++ b/debian/python_gtk.BUILD
@@ -63,6 +63,8 @@
_data_files = glob([
"usr/lib/x86_64-linux-gnu/girepository-1.0/**/*",
+ "usr/share/font*/**",
+ "etc/**",
])
_src_copied = ["/".join(f.split("/")[4:]) for f in _src_files]