GNU bug report logs -
#51478
icecat 91 can't display chinese font in many web page
Previous Next
To reply to this bug, email your comments to 51478 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 10:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Z572 <873216071 <at> qq.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Fri, 29 Oct 2021 10:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
hello,
after update to 91, icecat can't display chinese font for many web page:
78:
[Screenshot from 2021-10-29 17-54-33.png (image/png, inline)]
[Message part 3 (text/plain, inline)]
91:
[Screenshot from 2021-10-29 17-43-00.png (image/png, inline)]
[Message part 5 (text/plain, inline)]
guix ad39268
repository URL: https://git.sjtu.edu.cn/sjtug/guix
branch: master
commit: ad39268cdf075f4c4eeb87ed78ce46ca6f817675
--
over
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 14:07:01 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
Z572 via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:
> after update to 91, icecat can't display chinese font for many web page:
Thank you for your report!
Does it help to run
fc-cache -rv
on the commandline?
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 14:07:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 20:20:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 51478 <at> debbugs.gnu.org (full text, mbox):
Z572 via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:
> after update to 91, icecat can't display chinese font for many web page:
Thanks for the report.
As a temporary workaround, it might help to visit <about:config> and
change the setting for "security.sandbox.content.read_path_whitelist"
to contain simply "/gnu/store/".
Doing so will make your IceCat do what all other modern web browsers in
Guix do: simply give the browser sandbox access to *all* of /gnu/store/.
The disadvantage of doing so is that the sandbox will then able to see
the complete list of Guix-installed software components installed on
your system, as well as the precise version numbers of those software
components.
To my knowledge, IceCat is the only modern web browser packaged in Guix
that attempts to build a precise whitelist of directories within
/gnu/store/ that the sandbox is given access to.
When updating our Guix package to IceCat 91, I discovered that it is now
necessary to add font directories to the whitelist, whereas that was not
needed in IceCat 78. For now, I've added 'font-dejavu' as an explicit
input to our 'icecat' package, and added its font/share directory to the
whitelist. However, I can see now that this solution is not adequate.
To be continued...
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 21:24:01 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
I'm not entirely sure if this is related, but after upgrading to 91
icecat would no longer use fonts from anywhere but my home directories
(~/.fonts or ~/.local/share/fonts).
And changing the whitelist to /gnu/store doesn't fix it.
What's strange is that the fonts are still listed in the icecat font
settings, but it won't use them. Even if I uncheck the box to allow
pages to choose their own fonts.
For example my LiberationSans font stopped working. But if I copy it (or
symlink it) to my ~/.fonts then it works.
NOTE: I test it by changing security.sandbox.content.read_path_whitelist
in about:config to "/gnu/store", closing icecat, running fc-cache -fv
(both as root and normal user), then opening icecat again. And it still
only uses LiberationSans if it gets copied to my home.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 21:24:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Fri, 29 Oct 2021 23:55:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 51478 <at> debbugs.gnu.org (full text, mbox):
ison <ison <at> airmail.cc> writes:
> NOTE: I test it by changing security.sandbox.content.read_path_whitelist
> in about:config to "/gnu/store"
That won't work. As I recall, there *must* be a slash at the end of
each directory in the whitelist, as in "/gnu/store/", not just
"/gnu/store". Does that make a difference for you?
Thanks,
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Sat, 30 Oct 2021 01:43:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 51478 <at> debbugs.gnu.org (full text, mbox):
Mark H Weaver <mhw <at> netris.org> writes:
> ison <ison <at> airmail.cc> writes:
>> NOTE: I test it by changing security.sandbox.content.read_path_whitelist
>> in about:config to "/gnu/store"
>
> That won't work. As I recall, there *must* be a slash at the end of
> each directory in the whitelist, as in "/gnu/store/", not just
> "/gnu/store". Does that make a difference for you?
That fixed it for me. Thanks for the help.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Sat, 30 Oct 2021 02:19:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 51478 <at> debbugs.gnu.org (full text, mbox):
I add "/run/current-system/profile/share/fonts/" to
"security.sandbox.content.read_path_whitelist" fixed it for me.
Thanks for the help.
Mark H Weaver <mhw <at> netris.org> writes:
> Z572 via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:
>> after update to 91, icecat can't display chinese font for many web page:
>
> Thanks for the report.
>
> As a temporary workaround, it might help to visit <about:config> and
> change the setting for "security.sandbox.content.read_path_whitelist"
> to contain simply "/gnu/store/".
>
> Doing so will make your IceCat do what all other modern web browsers in
> Guix do: simply give the browser sandbox access to *all* of /gnu/store/.
> The disadvantage of doing so is that the sandbox will then able to see
> the complete list of Guix-installed software components installed on
> your system, as well as the precise version numbers of those software
> components.
>
> To my knowledge, IceCat is the only modern web browser packaged in Guix
> that attempts to build a precise whitelist of directories within
> /gnu/store/ that the sandbox is given access to.
>
> When updating our Guix package to IceCat 91, I discovered that it is now
> necessary to add font directories to the whitelist, whereas that was not
> needed in IceCat 78. For now, I've added 'font-dejavu' as an explicit
> input to our 'icecat' package, and added its font/share directory to the
> whitelist. However, I can see now that this solution is not adequate.
>
> To be continued...
>
> Mark
--
over
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Tue, 02 Nov 2021 17:07:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 51478 <at> debbugs.gnu.org (full text, mbox):
Hi,
Z572 <873216071 <at> qq.com> writes:
> I add "/run/current-system/profile/share/fonts/" to
> "security.sandbox.content.read_path_whitelist" fixed it for me.
Thanks! One very important note: you should "reset" this customization
after updating to IceCat 91.3.0, or else IceCat will stop working
correctly after some future update of Guix. The reason is that the
whitelist contains several other directories within /gnu/store/, and
those directory will need to be updated whenever those components are
updated in Guix. For example, when 'ffmpeg' is updated to a newer
version, or one of its dependent libraries is updated, the directory
name /gnu/store/…-ffmpeg-4.4 will change; if you don't update the
whitelist accordingly, video playback will stop working.
In the IceCat 91.3.0 update that I pushed a few hours ago, I added
"/run/current-system/profile/share/fonts/" to the default whitelist.
So, I suggest that you update to IceCat 91.3.0 at your earliest
opportunity, and then visit <about:config>, navigate to the
"security.sandbox.content.read_path_whitelist" setting, and click on its
"reset" button (the one with an arrow pointing to the left), to erase
the customization of that setting.
Note that it is not enough to simply remove the directory that you
added. You must click the reset button on that customization in order
to allow it to be automatically updated in the future.
* * *
Going forward, I think that we should create a patch for IceCat
analogous to the webkitgtk-bind-all-fonts.patch that Liliana wrote for
WebKitGTK. I think that all of the directories that currently comprise
the default value of "security.sandbox.content.read_path_whitelist"
should instead be *implicitly* added to the whitelist, in *addition* to
the contents of "security.sandbox.content.read_path_whitelist". That
would enable users to customize that setting without having to manually
keep the /gnu/store/…/ entries updated.
I'll keep this bug open for now, pending a more proper fix.
Thanks,
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
Information forwarded
to
bug-guix <at> gnu.org:
bug#51478; Package
guix.
(Wed, 03 Nov 2021 02:11:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 51478 <at> debbugs.gnu.org (full text, mbox):
thanks for reminding :) .
Mark H Weaver <mhw <at> netris.org> writes:
> Hi,
>
> Z572 <873216071 <at> qq.com> writes:
>> I add "/run/current-system/profile/share/fonts/" to
>> "security.sandbox.content.read_path_whitelist" fixed it for me.
>
> Thanks! One very important note: you should "reset" this customization
> after updating to IceCat 91.3.0, or else IceCat will stop working
> correctly after some future update of Guix. The reason is that the
> whitelist contains several other directories within /gnu/store/, and
> those directory will need to be updated whenever those components are
> updated in Guix. For example, when 'ffmpeg' is updated to a newer
> version, or one of its dependent libraries is updated, the directory
> name /gnu/store/…-ffmpeg-4.4 will change; if you don't update the
> whitelist accordingly, video playback will stop working.
>
> In the IceCat 91.3.0 update that I pushed a few hours ago, I added
> "/run/current-system/profile/share/fonts/" to the default whitelist.
>
> So, I suggest that you update to IceCat 91.3.0 at your earliest
> opportunity, and then visit <about:config>, navigate to the
> "security.sandbox.content.read_path_whitelist" setting, and click on its
> "reset" button (the one with an arrow pointing to the left), to erase
> the customization of that setting.
>
> Note that it is not enough to simply remove the directory that you
> added. You must click the reset button on that customization in order
> to allow it to be automatically updated in the future.
>
> * * *
>
> Going forward, I think that we should create a patch for IceCat
> analogous to the webkitgtk-bind-all-fonts.patch that Liliana wrote for
> WebKitGTK. I think that all of the directories that currently comprise
> the default value of "security.sandbox.content.read_path_whitelist"
> should instead be *implicitly* added to the whitelist, in *addition* to
> the contents of "security.sandbox.content.read_path_whitelist". That
> would enable users to customize that setting without having to manually
> keep the /gnu/store/…/ entries updated.
>
> I'll keep this bug open for now, pending a more proper fix.
>
> Thanks,
> Mark
--
over
This bug report was last modified 2 years and 183 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.