From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id yKSBETogI2avEQEAe85BDQ:P1 (envelope-from ) for ; Sat, 20 Apr 2024 03:54:02 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id yKSBETogI2avEQEAe85BDQ (envelope-from ) for ; Sat, 20 Apr 2024 03:54:02 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=quic.us header.s=default header.b=DDOPp4dH; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713578042; a=rsa-sha256; cv=none; b=SB841ua+oiRO3Oeyq/GDEkz237eAD7igQs0tl9DIbE61vzxxxpUdbieV2IjKmPi/dNarFC 7eOqGs9h7hyj33+PNDYOSDFZ+ravg2fK7mwGyg5/U4uV7XTfj81yjZTvqRwfFd1rFQX491 WhyXdK7Dri9lZF9vtLaWPD5JE6aGO1mAzjcrExnhtZvAOh1QMaZFpaanKYfkhDP7KHBAZ2 tMdIiKwL9tXyH/42q3sRnMgSAhSf7+WxsFJqSrKPhAt2EJNTPe+f0zJ32d1QK3sPjlSvB6 mfqHeyAWhb7nFnXpV3BMjOkz/HqbELjG3RT/k5AE5eJhya8QvAt3SxPhx7Dl+A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=quic.us header.s=default header.b=DDOPp4dH; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713578042; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Wv6jjlW0aAg2BsmfG1bGJ+VYZ8LjF9GIc9ciiWCXY7k=; b=kKbxXq9Ug9pmNQGNR20y8miFr26hlUhzTlRZCBmKYcPHYE2IFneXonWXI6Ex+Lh9GgsFq0 qPegVjQuj5LB5KUFxFVR/W0fnaomJUucypwBjEF8pF5WuDMwqjUWOOZoINAjWZ01JhpC27 FMFq9+iBL54PCTRbzEtNRu+VBbkICm5uW0+wVB8liSK9m0cnkNIARjC4UCiTT+8nkx18Qt IL1Wu0n4cGEx2zEEaoquQTQN0lAW/RtmER59Q6HqFGfau1BVorkCRvmllkTCKSFxGGcWTA 36LDgfBtumgv2HBV8U/touJpgu45+2AzHA1i6WFQtqTqrLvSOM4u2tAVKxh9VQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 24B19A83B for ; Sat, 20 Apr 2024 03:54:02 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxzvK-0003Go-9v; Fri, 19 Apr 2024 21:53:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxzvI-0003GR-LU for guix-patches@gnu.org; Fri, 19 Apr 2024 21:53:48 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxzvI-00032P-C6 for guix-patches@gnu.org; Fri, 19 Apr 2024 21:53:48 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxzvW-0005Sr-FU for guix-patches@gnu.org; Fri, 19 Apr 2024 21:54:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70446] [PATCH v3] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. Adjust bubblewrap wrapper to add user profile locale and dri directories. Resent-From: Abhishek Cherath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Apr 2024 01:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: Vivien Kraus , Maxim Cournoyer , 70446@debbugs.gnu.org Received: via spool by 70446-submit@debbugs.gnu.org id=B70446.171357801620807 (code B ref 70446); Sat, 20 Apr 2024 01:54:02 +0000 Received: (at 70446) by debbugs.gnu.org; 20 Apr 2024 01:53:36 +0000 Received: from localhost ([127.0.0.1]:33310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxzv4-0005PK-5x for submit@debbugs.gnu.org; Fri, 19 Apr 2024 21:53:35 -0400 Received: from mta-12-4.privateemail.com ([198.54.127.107]:20093) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxzuz-0005Nq-9l for 70446@debbugs.gnu.org; Fri, 19 Apr 2024 21:53:31 -0400 Received: from mta-12.privateemail.com (localhost [127.0.0.1]) by mta-12.privateemail.com (Postfix) with ESMTP id 9135C180034B; Fri, 19 Apr 2024 21:53:08 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=quic.us; s=default; t=1713577988; bh=+ow94W2L/K51+NL8gjUZ5Cno0iFlTHU/VYObErcHrE4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=DDOPp4dHf+HcY1+Mnhkfcn5XzVhprh46wHh7PaZTMpJw3yipOQZChZH3y+wTrZApy 1eeqrNVCchALh6RIPM5yq/atKmw1MlkLdGL13qtNTSUxjZEWxwP3t69Lc0YdQRw9Jn i/4Hi6pTKjeH3rAiqZMtwG2H6OCOyjP6YhsfSpc5bg4FQG9bejpLMwW5nXgNTb2uB6 nj2jLpKvHgLWaukbBiV3GnxPQBbqgWpiBS1BVxywBgOOv9hM+JG4uR5NjuQZmya+5S WQGRXFzV887JRCCwmM4fYcfmqwvqclPIJeJmkM6/CNKnCmPsW/Y/gH3+/Ye0OcRazR vwnmmPj9uDElg== Received: from localhost (207-237-25-55.s5642.c3-0.wsd-cbr1.qens-wsd.ny.cable.rcncustomer.com [207.237.25.55]) by mta-12.privateemail.com (Postfix) with ESMTPA; Fri, 19 Apr 2024 21:53:00 -0400 (EDT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id b0bd1ee9; Sat, 20 Apr 2024 01:52:58 +0000 (UTC) From: Abhishek Cherath In-Reply-To: (Liliana Marie Prikler's message of "Sat, 20 Apr 2024 02:40:23 +0200") References: <34830675a6123b15bd652b2aae0922ff95d15f54.1713408724.git.abhi@quic.us> <0c1de95d697742f7ede4d8e967b5bc272ea40004.camel@gmail.com> <871q70993j.fsf@quic.us> Date: Fri, 19 Apr 2024 21:52:58 -0400 Message-ID: <87o7a47qbp.fsf@quic.us> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -2.01 X-Migadu-Queue-Id: 24B19A83B X-Migadu-Spam-Score: -2.01 X-Migadu-Scanner: mx10.migadu.com X-TUID: GImSSkZP0fP4 Hello, Liliana Marie Prikler writes: >> Initially, I only had the system paths below those. I added these >> so that people could have hardware accel by only installing the >> required drivers in their local profiles (as recommended in 69971, >> unless I entirely misunderstood) > Ah, yes, Maxim did mention this, but yeah, non-static paths are NG > (nogood) here. There really is no reason that those paths ought to > exist or be useful in a container, for example. > Gotcha. >> I'm afraid I don't really know what adding stuff to GUIX_LOCPATH >> would do. That's for foreign distros, correct? To reiterate, The >> locale problem here is that the bubblewrapped process doesn't have >> access to the locales, without which it throws warnings. > Adding stuff *from* GUIX_LOCPATH, the idea being that this is where we > already advocate locales be put. I see, so something along these lines? ```C const char* guixLocPath =3D g_getenv("GUIX_LOCPATH"); char** locPaths =3D NULL; if (guixLocPath !=3D NULL) { locPaths =3D g_strsplit(guixLocPath,':', 4096); for (int i =3D 0; i < g_strv_length(locPaths); i++) { sandboxArgs.appendVector(Vector({ "--ro-bind", *locPaths[i], *locPaths[i] })); } g_strfreev(locPaths); } ``` >> > Note that any item you add here which references the user home will >> > fail to be loaded correctly when using `guix shell' in a way that >> > hides it; or even just using `guix shell' normally with a user who >> > doesn't have the hardware-accelerated drivers in their home.=C2=A0 For >> > system paths, this is somewhat different, since we can more or less >> > expect them to exist and mirror the layout of other distros to some >> > extent. >>=20 >> Hmm, since it's in an ro-bind-try, that'll cause the drivers not to >> work, and fall back to trying the system drivers. Is there a better >> solution you could recommend? > Unless a hard dependency on Mesa is appropriate (which we'd have to > confirm), I think just rolling with the system ones is okay. Sounds good to me! Will send v4 with just that.