From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id uNmKBq0ZOmf0EwAAqHPOHw:P1 (envelope-from ) for ; Sun, 17 Nov 2024 16:28:29 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id uNmKBq0ZOmf0EwAAqHPOHw (envelope-from ) for ; Sun, 17 Nov 2024 17:28:29 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FKpSHRQD; dkim=fail ("headers rsa verify failed") header.d=xn--no-cja.eu header.s=ds202402 header.b="n zcyqqw"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1731860909; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=wUQzzO36hegOYzqWr2FN4/TgaNHpU4PgI74iJRz8+LU=; b=RJk5nepSONehpn0T4aATXoMdeDHExQXYsYkeqWRxO2T/I80p0rX6+Y7pCsVxVk2E85TShb t4zL4LMkFCW30zyeKrv8XeQX+Z/PYyZaYTXuVzuMm0fiza47WekhEL8Jjaeae96/HJ74rG NxsLJOO6ecGwvtgYDVocrLcLmcz8rD6zQK9QbIX/HTvw2BnOeUGotdVsFqIYlVRbidELYw Z7C7zOX/S1n8mT+iGXndPtttXeOKCDANjM1DsshMbuLNVVAtBtdh0r5ggaR9JqsXvyEIoG hxo4Y3/1KdVQmqXhEC0ajNS2fX/zyLLOKj1J1UERRb6+d5Y1hhu2In3q8E4y1g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FKpSHRQD; dkim=fail ("headers rsa verify failed") header.d=xn--no-cja.eu header.s=ds202402 header.b="n zcyqqw"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1731860909; a=rsa-sha256; cv=none; b=Ts12FlxIVPmVapm8vVTmufVJ/fYzWG2IcyqxSdhZ/K7xMqyrcfFVa4O/DvE8lxs2ktdPYg qwPCC48fFj6GBAJM0ofp8FmLru3TYBdZEW7qc22NAB50/S8n611vxoJ8DkxgJ/XH8OAFVD tyWkzStvMPCYKeCWTWRsxBD5kT36T6XemPc2qXHy5MgJ9vyRQeXvC4RLZEkW+F/rKR3NAf rw3Phd1ilOw1lIEXR7e2novV4cmphRzWZFxMb6SO/4HQH+0F4EWcC7I4e4MYkM/luYO1cQ uNVk8O/15aSAQE5zJ4neNFSfcAqe2viBLf/HTGRqgflRgSLKclV97Owl2GvsvA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 581BE88E1F for ; Sun, 17 Nov 2024 17:28:28 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tCi85-0003Y8-0j; Sun, 17 Nov 2024 11:28:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tCi83-0003Xt-FN for guix-patches@gnu.org; Sun, 17 Nov 2024 11:28:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tCi83-0004ri-7H for guix-patches@gnu.org; Sun, 17 Nov 2024 11:28:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:From:To:In-Reply-To:Subject; bh=wUQzzO36hegOYzqWr2FN4/TgaNHpU4PgI74iJRz8+LU=; b=FKpSHRQDrxku9sfuXRvrdF7nO3ah3cW8zmEJQtsvdkHPC+YlFnmHophaKoMcLH2jruU5Z9WRpwFxI48891cfPuvvwfZNbmhNSsNnv8PBfD1lH/b2ROXD6WKySF3scX0ysCnEPUIQ6x3NKLb6fg3i3KksdbyZCvERaKFKiU5Lr6lDy14bMOOKniKOi6I7RalT/uB/sSUorUZScceod3kf1nwLfjFwLoQl19oNK5ySvnkMPn9I2aqumSLF7xc8c4aVsv4S6cgqs6Q/MO96Vb5jSMxxnKSqUn23lxnRIGOXvV3iB5xgQHPKD+ninfF0i6l0K3myJclLqX8Q9q1rrC90+Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tCi83-0002Ec-27 for guix-patches@gnu.org; Sun, 17 Nov 2024 11:28:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#73842] =?UTF-8?Q?[No=C3=A9?= Lopez] Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format. In-Reply-To: Resent-From: =?UTF-8?Q?No=C3=A9?= Lopez Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Nov 2024 16:28:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73842 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73842@debbugs.gnu.org Cc: Josselin Poiret , Maxim Cournoyer , Simon Tournier , Mathieu Othacehe , =?UTF-8?Q?No=C3=A9?= Lopez , Tobias Geerinckx-Rice , pelzflorian , Sebastian =?UTF-8?Q?D=C3=BCmcke?= , Christopher Baines Received: via spool by 73842-submit@debbugs.gnu.org id=B73842.17318608258490 (code B ref 73842); Sun, 17 Nov 2024 16:28:03 +0000 Received: (at 73842) by debbugs.gnu.org; 17 Nov 2024 16:27:05 +0000 Received: from localhost ([127.0.0.1]:58236 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCi77-0002Cs-38 for submit@debbugs.gnu.org; Sun, 17 Nov 2024 11:27:05 -0500 Received: from smtp.domeneshop.no ([194.63.252.55]:51805) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCi73-0002CL-SL for 73842@debbugs.gnu.org; Sun, 17 Nov 2024 11:27:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xn--no-cja.eu; s=ds202402; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:References:Subject:Cc:To:From:From:Sender: Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=wUQzzO36hegOYzqWr2FN4/TgaNHpU4PgI74iJRz8+LU=; b=n zcyqqwEgwWlKG6IeA7kDeu3jRMWUu3UdQ1Aa0eznywfKHtNG4gMuBzcvru/do5e11TagJgHNmfdGK IQbswK38dxgBBKwkZGGuq5wpUz7nkrKbZl2DGNRhO0t/EGbLAO6MVpQDVSwJ9gQGAwNMb4/qAgtEK 3MDC5RuiSMf0tja2Ku7QsOUBjDYiDer60aO7yFrOo2cxgfkBHVnzFuiA4bVIuwqYthm4XqAKzcJNS ASjNga/+3Ysdkd40corGVm4wdI/eBjQwlxkyiLAHiEoVT8/ql68StO1DEusEaO2iEEZ9L3wMlyiKH rxsC0uGNo+S8Yk/hY1aJMITQyk4g+du3A==; Received: from smtp by smtp.domeneshop.no with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) id 1tCi4r-00C0Nw-MY; Sun, 17 Nov 2024 17:24:45 +0100 References: <87ttc5q1b3.fsf@xn--no-cja.eu> Date: Sun, 17 Nov 2024 17:25:53 +0100 Message-ID: <87mshxq12m.fsf@xn--no-cja.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: =?UTF-8?Q?No=C3=A9?= Lopez X-ACL-Warn: , =?utf-8?q?No=C3=A9_Lopez_via_Guix-patches?= From: =?utf-8?q?No=C3=A9_Lopez_via_Guix-patches?= via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 1.59 X-Spam-Score: 1.59 X-Migadu-Queue-Id: 581BE88E1F X-TUID: SE2jZQUe/Gsl Forwarding here since I replied instead of replied to all :/ -------------------- Start of forwarded message -------------------- From: No=C3=A9 Lopez To: Ludovic Court=C3=A8s Subject: Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format. Date: Sun, 17 Nov 2024 17:20:48 +0100 Hi Ludovic, Ludovic Court=C3=A8s writes: > Hello No=C3=A9, > > The patch series LGTM, and tests pass: we=E2=80=99re all set! > Great! Thanks a lot for the time you spent reviewing. > But=E2=80=A6 one thing I noticed when trying it out is that the resulting > AppImage would fail to run on relatively bare-bones non-Guix systems: > > --8<---------------cut here---------------start------------->8--- > $ ./2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage=20 > fuse: failed to exec fusermount3: No such file or directory > > Cannot mount AppImage, please check your FUSE setup. > You might still be able to extract the contents of this AppImage=20 > if you run it with the --appimage-extract option.=20 > See https://github.com/AppImage/AppImageKit/wiki/FUSE=20 > for more information > open dir error: No such file or directory > --8<---------------cut here---------------end--------------->8--- > > I wonder if there=E2=80=99s something that can be done on our side about = it or > if it=E2=80=99s a limitation of the approach (I expect the latter: =E2=80= =98fusermount=E2=80=99 > has to be available and setuid root), in which case we could just add a > warning in the manual. > > WDYT? This is an expected error from the AppImage runtime, as said in the output the runtime depends on FUSE=C2=A03 to mount the AppImage. The AppImage can still be ran using --appimage-extract-and-run, which I believe we noted in the documentation: >The runtime used by AppImages makes use of libfuse to mount the image >quickly. If libfuse is not available, the AppImage can still be started >using the @option{--appimage-extract-and-run} flag. As for things that can be done from our side, we could change runtime to one that uses other technologies just like supported by =E2=80=9C-RR=E2=80= =9D. > > Interestingly, it works on my Guix System laptop, except if I strace it: > > --8<---------------cut here---------------start------------->8--- > $ /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImag= e=20 > Hello, world! > $ strace -f -o /tmp/log.strace -s 500 /gnu/store/2i2l6irl2n8q24aimfmidvlg= lllc4s8z-hello-appimage-pack.AppImage=20 > fusermount3: mount failed: Operation not permitted > > Cannot mount AppImage, please check your FUSE setup. > You might still be able to extract the contents of this AppImage=20 > if you run it with the --appimage-extract option.=20 > See https://github.com/AppImage/AppImageKit/wiki/FUSE=20 > for more information > open dir error: No such file or directory > $ grep 'mount(' /tmp/log.strace=20 > 17569 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImag= e", "/tmp/.mount_2i2l6iLZ8WYZ", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hell= o-appimage-pack.AppImage", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=3D5,rootmode= =3D40000,user_id=3D1000,group_id=3D998") =3D -1 EPERM (Operation not permit= ted) > 17570 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImag= e", ".", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImag= e", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=3D6,rootmode=3D40000,user_id=3D1000,g= roup_id=3D998") =3D -1 EPERM (Operation not permitted) > 17571 mount("/dev/fuse", ".", "fuse", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd= =3D6,rootmode=3D40000,user_id=3D1000,group_id=3D998") =3D -1 EPERM (Operati= on not permitted) > --8<---------------cut here---------------end--------------->8--- > > Ludo=E2=80=99. I=E2=80=99m pretty sure a process attached with ptrace can=E2=80=99t exec S= UID programs, for security reasons (ptrace allows you to change the code of the attached program so its a privilege escalation). I think you can run it with =E2=80=9Csudo -E strace -f -o /tmp/log.strace -= s 500 /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage=E2= =80=9D. Have a nice day, No=C3=A9 -------------------- End of forwarded message --------------------