From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id yH2LBqfAtWNGbgAAbAwnHQ (envelope-from ) for ; Wed, 04 Jan 2023 19:08:39 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id gC+aBqfAtWNiaAEA9RJhRA (envelope-from ) for ; Wed, 04 Jan 2023 19:08:39 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A7C2615317 for ; Wed, 4 Jan 2023 19:08:37 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pD8BZ-0008BK-TY; Wed, 04 Jan 2023 13:08:21 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pD8BX-00088P-Vl; Wed, 04 Jan 2023 13:08:20 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pD8BV-00014y-45; Wed, 04 Jan 2023 13:08:19 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8F42E5C00C9; Wed, 4 Jan 2023 13:08:11 -0500 (EST) Received: from imap51 ([10.202.2.101]) by compute3.internal (MEProxy); Wed, 04 Jan 2023 13:08:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sporksmith.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1672855691; x=1672942091; bh=Z0 079MF7T0WjwlNLoCnDubcbKSl6DvY3jMhiLgrki4w=; b=xOBtJablhJ6z/GA7Pr nCztwbl+8CamAsS1bsbiujFX1JvqgvNAg+RDLBm7XWpXE6J0SeAugj2+U8WvGs7b GUBDiJ2fm4tUMyECYL8X9eJL5iOvMKHlQQyaebWCeu5B0Y2FDzjB53bVKGqV2g8L EfaZkn6USCXC8kjaZZ01+o9SnwQtdr+RTETlHknuaLuCvlGRZcFAK1Cm8YYfe52T yiRHdNBElak4YD/GFt0ueXyBVrEqHksZwjCEOBqvkUj1CtsKe8rJUPGWzw89So1n WQmpuQDpSE9JGuXMiqYpbVA6Ul/YuXYrHMx13obAzP0ctlm/2xnxIy/V3+B/ppYQ 1oDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1672855691; x=1672942091; bh=Z0079MF7T0WjwlNLoCnDubcbKSl6 DvY3jMhiLgrki4w=; b=a/PmtZvSQO2LAMVF0ymOiVERRQyTVycvMTbcON9JB5lU wgZoKNSCY5HBa5r1xHl8Mh2z9NXoYQFJASxmqJpukTjrv7dy+Y27dlYl1YNTxVLb TgqAnMJCWKAnw0RVBRGQ+KB7+xf2i41wWMGkvkAguAuBXruVFEaHhnZu9NrJjh/b DjE3w7WiDtdfv6e7bkFjd3caelvc0KId9hfLqm+BWfkY/dSs1lg4go+89ryRkXjd M7wt/D7OxNS0lAqUhrQEdtx0VzPEnszWQ63zDD06833rFlqcvzDiB4kBpWSZJrAZ 1ZfcXCzGDbvivSDmYzgJyjWakKPuFuHpOSCnwzQ9Fg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrjeeigddutdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsegrtderreerredtnecuhfhrohhmpedflfhi mhcupfgvfihsohhmvgdfuceojhhimhesshhpohhrkhhsmhhithhhrdhnvghtqeenucggtf frrghtthgvrhhnpeeggeejieelgeevfeeiveefueevgefhueeguedvvedttdfgleeguedu fffgvdevveenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehjihhmsehsphhorhhkshhmihhthhdrnhgv th X-ME-Proxy: Feedback-ID: ib0914636:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 364EBB60086; Wed, 4 Jan 2023 13:08:11 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.7.0-alpha0-1185-g841157300a-fm-20221208.002-g84115730 Mime-Version: 1.0 Message-Id: In-Reply-To: <87fscqjioe.fsf@protonmail.com> References: <44635a7b-f8dc-4bea-935a-15e6a41ffa88@sporksmith.net> <87fscqjioe.fsf@protonmail.com> Date: Wed, 04 Jan 2023 18:07:18 +0000 From: "Jim Newsome" To: "John Kehayias" Cc: help-guix@gnu.org, guix-devel@gnu.org Subject: Re: Drafting a Guix blog post on the FHS container Received-SPF: pass client-ip=66.111.4.29; envelope-from=jim@sporksmith.net; helo=out5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1672855718; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=F6MHKW7UgGzB72FE9gY4eg2wTQLctCCldEpoS1wjwDg=; b=u4Vq2pIUCPYfvegLb0XlUxYoaB8DSKrJxyb+H7iRlfhrmf+jnSsJHBZWpeffXQR9RdUrZP 9ktm7c4fwnI/6NpGDjaa+Ok1nAonFfc5UW1BM2J5MtwykMtkIT4AxSmHi9/gDNw9eXyEBK pGDVrQSCxAWEeTEOFxfIjus7NR5OMz7Rdg2uZ7dqZsoYvu7sZdCyJV75Y18U6zSuajcaMn cink9hZUwiRKKl6z+hkJ7yH7cv1pHbBa2c9aQj2NNI6DeGsWGQS8aSHfc2u70fTJ4M0Ky7 iX+eXRttVez1ELIXn7Mr02HSyGUvj4pl8Qk/9b7X2foywvRCj1xurhMSLvUEkQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=sporksmith.net header.s=fm3 header.b=xOBtJabl; dkim=fail ("body hash did not verify") header.d=messagingengine.com header.s=fm2 header.b="a/PmtZvS"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1672855718; a=rsa-sha256; cv=none; b=bl20Ytxg1UPwVAR4tTZLAJG5D31EKc92WhiM6/RILMOlN9ezHRw5rWcyrEtSgKCAnfvWzS S/9FzX/qIvL13CuMiOptRbqQgf7jhWu3+RPUZQB3m3WfOOvnYpwgqMrXvJYyE7oD31twVe 1UU5GRGzj9HyMYYAPVYxjsMmpldONpx62JgXfqpV/oiMVPGbR8Hl469SB8XNcUfKMAruEn K2LFg73SnczMRzGOhD/mEYZpBrGXn5oNQ7bLaWVkFWx4aU8QR72fDAikBwz/SLPJbUyMDC st1RS9QA96l0klPk0HUqiCIejkTh5g0TXKkP9MFkU4Z4f0bAMTLhkn1L5RS7FA== X-Spam-Score: 1.55 X-Migadu-Queue-Id: A7C2615317 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=sporksmith.net header.s=fm3 header.b=xOBtJabl; dkim=fail ("body hash did not verify") header.d=messagingengine.com header.s=fm2 header.b="a/PmtZvS"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: 1.55 X-TUID: UsKP2ePy+KKr On Wed, Jan 4, 2023, at 5:47 PM, John Kehayias wrote: > Hi Jim, > > On Fri, Dec 16, 2022 at 05:39 PM, Jim Newsome wrote: > > > Sorry for (presumably) breaking threading; I came across this online and > > don't see a way to set my in-reply-to-email header properly. > > > > Anyways just thought I'd mention that I recently learned about this > > feature, and was able to use it to get a downloaded [Tor Browser Bundle] > > running with: > > > > > > ``` > > guix shell \ > > --container \ > > --network \ > > --emulate-fhs \ > > --preserve='^DISPLAY$' > > --share=/run/user/$(id -u)/gdm \ > > openssl@1 \ > > libevent \ > > pciutils \ > > dbus-glib \ > > bash \ > > libgccjit \ > > libcxx \ > > gtk+ \ > > coreutils \ > > grep \ > > sed \ > > file \ > > alsa-lib \ > > -- \ > > ./start-tor-browser.desktop -v > > ``` > > > > `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get > > access to the display. I'm not sure the second parameter is universally > > correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`. > > > > The `-v` parameter to the browser script keeps it from trying to > > background itself, which otherwise causes the container and browser to > > terminate. > > > > It'd ultimately be nice to package the Tor Browser Bundle properly for > > guix, but it's nice to be able to use it this way in the meantime. > > Thanks again for this! I slightly modified it for the blog post, which you can see in draft form at . I used 'gcc:lib' instead of 'libgccjit' as it is smaller, and changed the needed display options to be like the previous ones I had. Yours didn't work for me since it looks like it relies on sharing something from GDM, which I don't use. But do let me know if my version doesn't work for you. > > Also gave you credit for this example; if you prefer not to be mentioned by name/link to the mailing list for any reason, just let me know. > > Oh, and we do have some (older) patches for building the Tor Browser from source, but I don't know if they currently work: Your example was great though, something very useful! > > John Thanks, looks good, and the command in your patch also works for me. I agree that passing and exposing XAUTHORITY seems better. Experimentally, sharing the directory read-only also works (using `--expose` instead of `--share`) also works, but I'm not familiar enough with this mechanism to be confident that'll work for everyone, or whether making it read-only is worth the fuss. Btw it turns out that `libevent` and `openssl@1` can be dropped; they're already bundled. All together, here's my current "best" version: ``` guix shell --container --network --emulate-fhs \ --preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \ alsa-lib bash coreutils dbus-glib file gcc:lib grep gtk+ \ libcxx pciutils sed \ -- ./start-tor-browser.desktop -v ```