From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id gH7FDn7CtWNWYgEAbAwnHQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 04 Jan 2023 19:16:30 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id YDXZDn7CtWO25AAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 04 Jan 2023 19:16:30 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1492D32CDB
	for <larch@yhetil.org>; Wed,  4 Jan 2023 19:16:30 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1pD8JC-0001T1-GN; Wed, 04 Jan 2023 13:16:14 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <john.kehayias@protonmail.com>)
 id 1pD8JA-0001Sl-OC; Wed, 04 Jan 2023 13:16:13 -0500
Received: from mail-40134.protonmail.ch ([185.70.40.134])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <john.kehayias@protonmail.com>)
 id 1pD8J8-0002rj-HR; Wed, 04 Jan 2023 13:16:12 -0500
Date: Wed, 04 Jan 2023 18:16:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1672856167; x=1673115367;
 bh=aHMBaonso6xY9V7/bEcAuprWpz9Uboq0/8WSk+UmTRs=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=LNApSVz/IVPUzppkNeiIfWqpWzE5MFd3W8aG/3gGzEdz06GLRW21Cwruxx4wENW9n
 vRJCGyzW0fF3rCZnxoTcakvckweYNF/lDWgvsvO1ZwbxJTtKwCkuo2YG7NhyFPJT9d
 C5IACaJjanral81pb9OFG9ECeInd/JhcYbrWz6H6burxlBOzxKSFwDQhthS4oBRoYI
 17cRtCkJtlmlIPRm9A4JuLIhWmkmRz+lq/QQwOtAGKwzWzs2YiDsAPyc0g1bU1Rshy
 P9yk2tJv6tHr60q2X70ag3jY0fpLYzeenpMzLkJoHjHKNbNdGFdwNNe86pUhjIuBcr
 ouz2vsK9pmk9g==
To: Jim Newsome <jim@sporksmith.net>
From: John Kehayias <john.kehayias@protonmail.com>
Cc: help-guix@gnu.org, guix-devel@gnu.org
Subject: Re: Drafting a Guix blog post on the FHS container
Message-ID: <87edsajhd0.fsf@protonmail.com>
In-Reply-To: <ed277b25-f3d5-4336-8d17-6d0d0cfa649d@app.fastmail.com>
References: <44635a7b-f8dc-4bea-935a-15e6a41ffa88@sporksmith.net>
 <87fscqjioe.fsf@protonmail.com>
 <ed277b25-f3d5-4336-8d17-6d0d0cfa649d@app.fastmail.com>
Feedback-ID: 7805494:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=185.70.40.134;
 envelope-from=john.kehayias@protonmail.com; helo=mail-40134.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1672856190; a=rsa-sha256; cv=none;
	b=WVtdsLNKBgZmqytV+TX8IQtgfdiV116KW6pUdT9v6wZM12FgAlGxhWLL8Yb7t0qaoh1E7R
	Ebs1r5jLKnN5mTw1W1j0DGtHm3ry0Wi9qlsnzSpcSnTCwxETqXR1Jlp30nsEeHT0QbPV6j
	RZAKvfeufItOr2RIEVexqVKcN2cn8/Hskt95Bo9yVK1yNcqiPbM+cW4hRQ51eEtNIUX3A7
	+zYtg90vLkDPplMWOs89GIFfrPBoTspnFbPQfSNnvRk6p6kRnx/aoP+4QrCRmjCv3pFHJz
	SEeih7lQ2T1iZMJojfNJY2NPHSoCHW9j95+8KH9S10594aOTQHoPVpxAXo2ESg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="LNApSVz/";
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=quarantine) header.from=protonmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1672856190;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=aHMBaonso6xY9V7/bEcAuprWpz9Uboq0/8WSk+UmTRs=;
	b=TrS5yUEdW2eftofG8fUUMFYEp2SIfTIRXF9C71WXA8YIoqmFU7+ipc41ETiEVoCgHjrI00
	Y4lcfhA5JbdP3g39B1XyPkntQAey+MxuJGonOJfih0x8coCfszWJO2vtVNNklfchGeoYh4
	tHQW6LrUdMi3F8CHTc4tz4OpmmTFgk/WaWkwSD3HBZUm9tP4gXmZfR6Gzk9HQiZmgzkD1O
	gzDS79Eeje63pOhR5xOqJ7zKoRIFMuu2rhrl0PVcc0rAU8pZw7IU3XWj2L+44V1++qroE6
	3lk9/wmCQl+PUEO81TIv1ssvBVoi13VUqk9R4MtebOsvRqw+P5tykJqOqFZ3cg==
X-Spam-Score: -8.02
X-Migadu-Queue-Id: 1492D32CDB
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="LNApSVz/";
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=quarantine) header.from=protonmail.com
X-Migadu-Scanner: scn0.migadu.com
X-Migadu-Spam-Score: -8.02
X-TUID: I0Xl+SDz9g/M

Hi Jim,

On Wed, Jan 04, 2023 at 06:07 PM, Jim Newsome wrote:

> Thanks, looks good, and the command in your patch also works for me.
>

Great, thanks for testing!

> I agree that passing and exposing XAUTHORITY seems better. Experimentally=
, sharing the directory
> read-only also works (using `--expose` instead of `--share`) also works, =
but I'm not familiar enough with
> this mechanism to be confident that'll work for everyone, or whether maki=
ng it read-only is worth the
> fuss.
>

Ah, you are right, that seems to be just fine for VSCodium and Tor, in my q=
uick test. I think I'll change that.

> Btw it turns out that `libevent` and `openssl@1` can be dropped; they're =
already bundled. All together,
> here's my current "best" version:
>
> ```
> guix shell --container --network --emulate-fhs \
>     --preserve=3D'^DISPLAY$' --preserve=3D'^XAUTHORITY$' --expose=3D$XAUT=
HORITY \
>     alsa-lib bash coreutils dbus-glib file gcc:lib grep gtk+ \
>     libcxx pciutils sed \
>     -- ./start-tor-browser.desktop -v
> ```

Nice, thanks for that too! I tried eliminating a few random inputs, but the=
y were needed. It is difficult sometimes to get a really minimal set, but t=
his looks good to me.

John