GNU bug report logs -
#47092
Icecat sandbox causes issues with fonts in --pure env
Previous Next
Reported by: Martin <smartin <at> disroot.org>
Date: Fri, 12 Mar 2021 09:05:01 UTC
Severity: normal
Done: Mark H Weaver <mhw <at> netris.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47092 in the body.
You can then email your comments to 47092 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 09:05:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Martin <smartin <at> disroot.org>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Fri, 12 Mar 2021 09:05:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello,
whenever I'm trying to run 'guix environment --pure --ad-hoc icecat --
icecat' or similar commands in a --container I'm ending up with some
tofu ugly font fallback box glyphs in the app. However everything works
fine running 'guix environment --ad-hoc icecat -- icecat'. Moreover I've
noticed that when I edit the default value of
"security.sandbox.content.level" from 4 to 2 in "about:config" then the
problem disappear and the fonts are properly displayed in --pure and
--container env. I was trying to install all possible fonts, running
'fc-cache -rfv' and analyze the icecat logs with "MOZ_SANDBOX_LOGGING=1"
to include blocking paths into the
"security.sandbox.content.read_path_whitelist" but still I couldn't fix
this issue with the icecat default sandbox level. Any ideas how to solve
it in Guix System and what are the side effects of using
"security.sandbox.content.level=2" in --pure env?
Kind regards!
Martin
security.sandbox.content.read_path_whitelist
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 09:59:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 47092 <at> debbugs.gnu.org (full text, mbox):
Hi,
The example about ’eolie’ adapted to your usecase, does it not work?
See:
<https://guix.gnu.org/manual/devel/en/guix.html#Invoking-guix-environment>
All the best,
simon
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 10:16:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 47092 <at> debbugs.gnu.org (full text, mbox):
Hi Simon,
no it doesn't help in this case and in general eolie package seems to be
broken because it doesn't work even with the simple 'guix environment
--ad-hoc eolie -- eolie':
Traceback (most recent call last):
File
"/gnu/store/w47sa5q3vki5siwk5lb62ld4ksxa5gcn-eolie-0.9.101/bin/.eolie-real",
line 20, in <module>
from eolie.application import Application
File
"/gnu/store/w47sa5q3vki5siwk5lb62ld4ksxa5gcn-eolie-0.9.101/lib/python3.8/site-packages/eolie/application.py",
line 19, in <module>
gi.require_version("Handy", "1")
File
"/gnu/store/597f7p79vyxjhwsv2qqnn76hx107xgj1-python-pygobject-3.34.0/lib/python3.8/site-packages/gi/__init__.py",
line 129, in require_version
raise ValueError('Namespace %s not available' % namespace)
ValueError: Namespace Handy not available
Kind regards!
Martin
On 3/12/21 9:53 AM, zimoun wrote:
> Hi,
>
> The example about ’eolie’ adapted to your usecase, does it not work?
>
> See:
> <https://guix.gnu.org/manual/devel/en/guix.html#Invoking-guix-environment>
>
>
> All the best,
> simon
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 10:32:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 47092 <at> debbugs.gnu.org (full text, mbox):
Hi,
For discussion, please CC the bug.
On Fri, 12 Mar 2021 at 10:14, Martin <smartin <at> disroot.org> wrote:
> Hi Simon,
> no it doesn't help in this case and in general eolie package seems to be
> broken because it doesn't work even with the simple 'guix environment
> --ad-hoc eolie -- eolie':
The manual example is:
--8<---------------cut here---------------start------------->8---
guix environment --preserve='^DISPLAY$' --container --network \
--expose=/etc/machine-id \
--expose=/etc/ssl/certs/ \
--share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
--ad-hoc eolie nss-certs dbus -- eolie
--8<---------------cut here---------------end--------------->8---
from <https://guix.gnu.org/manual/devel/en/guix.html#Invoking-guix-environment>
Does it not work for you?
Then it should be adapted for your use-case.
All the best,
simon
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 10:54:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 47092 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Fri, 12 Mar 2021 at 10:15, Martin via Bug reports for GNU Guix <bug-guix <at> gnu.org> wrote:
> no it doesn't help in this case and in general eolie package seems to be
> broken because it doesn't work even with the simple 'guix environment
> --ad-hoc eolie -- eolie':
Indeed, the package eolie is broken; which is another issue–and BTW
thanks for pointing this out. Back to your initial report about icecat,
what about something like that:
--8<---------------cut here---------------start------------->8---
guix environment --preserve='^DISPLAY$' --container --network \
--expose=/etc/machine-id \
--expose=/etc/ssl/certs/ \
--share=$HOME/.local/share/icecat/=$HOME/.local/share/icecat/ \
--ad-hoc icecat nss-certs dbus -- icecat
--8<---------------cut here---------------end--------------->8---
All the best,
simon
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Fri, 12 Mar 2021 11:11:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 47092 <at> debbugs.gnu.org (full text, mbox):
On 3/12/21 10:51 AM, zimoun wrote:
> Indeed, the package eolie is broken; which is another issue–and BTW
> thanks for pointing this out. Back to your initial report about icecat,
> what about something like that:
>
> --8<---------------cut here---------------start------------->8---
> guix environment --preserve='^DISPLAY$' --container --network \
> --expose=/etc/machine-id \
> --expose=/etc/ssl/certs/ \
> --share=$HOME/.local/share/icecat/=$HOME/.local/share/icecat/ \
> --ad-hoc icecat nss-certs dbus -- icecat
> --8<---------------cut here---------------end--------------->8---
It's still not relevant to my issue. To run icecat using your example
you should change one parameter to
"--share=$HOME/.mozilla=$HOME/.mozilla" but again with the default
"security.sandbox.content.level=4" the fonts will be tofued. I think
once the issue could be fixed with simpler command, i.e. 'guix
environment --pure --ad-hoc icecat -- icecat' than it would be easier to
port the solution on the --container case.
Kind regards!
Martin
Information forwarded
to
bug-guix <at> gnu.org:
bug#47092; Package
guix.
(Thu, 28 Oct 2021 11:16:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 47092 <at> debbugs.gnu.org (full text, mbox):
Problem fixed with the newest IceCat v91.2.0-guix0-preview1 in the
guix c1ca853
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: c1ca85323d5246fc805a31e03b4164b8da08e930
Reply sent
to
Mark H Weaver <mhw <at> netris.org>:
You have taken responsibility.
(Thu, 28 Oct 2021 18:52:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Martin <smartin <at> disroot.org>:
bug acknowledged by developer.
(Thu, 28 Oct 2021 18:52:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 47092-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Martin via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:
> Problem fixed with the newest IceCat v91.2.0-guix0-preview1 in the
> guix c1ca853
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: c1ca85323d5246fc805a31e03b4164b8da08e930
Thanks for letting us know! I'm closing this bug now.
Regards,
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 26 Nov 2021 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 225 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.