GNU bug report logs - #38831
IceCat: some codecs don't work without workaround

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Jakub Kądziołka <kuba@HIDDEN>; Keywords: patch; Done: Mark H Weaver <mhw@HIDDEN>; Maintainer for guix is bug-guix@HIDDEN.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 Jan 2020 12:29:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 16 07:29:38 2020
Received: from localhost ([127.0.0.1]:36845 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1is4HG-0003p1-6I
	for submit <at> debbugs.gnu.org; Thu, 16 Jan 2020 07:29:38 -0500
Received: from lists.gnu.org ([209.51.188.17]:39854)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1is4HB-0003or-SG
 for submit <at> debbugs.gnu.org; Thu, 16 Jan 2020 07:29:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34478)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <julien@HIDDEN>) id 1is4H9-0001BD-MN
 for bug-guix@HIDDEN; Thu, 16 Jan 2020 07:29:29 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@HIDDEN>) id 1is4H8-0003zu-BH
 for bug-guix@HIDDEN; Thu, 16 Jan 2020 07:29:27 -0500
Received: from lepiller.eu ([2a00:5884:8208::1]:47178)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1is4H7-0003xW-MU
 for bug-guix@HIDDEN; Thu, 16 Jan 2020 07:29:26 -0500
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 5be809b4;
 Thu, 16 Jan 2020 12:29:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:from:message-id; s=dkim;
 bh=F0AFxrOryZ80uKWLvdtD8zmAtG8=; b=idI6MmbgF31qwq9UxiYtq7cH/dkc
 mFVQcf4aIFiLMmxElrNBpNc9wi8LDkz9yT9Ns1Gjswh8X0H1q01WrJkUFeU+FcA+
 qOE+F0ymAmvA+SI8i0ZXp4oFB/96TvwF1Z3X+1ex/TOYAvASBLr3qNHl0R80IXN7
 irUjsCmLcKHgAvWuJ6JmDFUhWFjU6c4SGkKa/TFWxtGRP9NzjOF3bmSS629lc5nm
 GonwYL7Gcbpyc/d7lSjRGckniFzLWvlpZcvQAkjTx/37FVIUp9ZYJGgKP5owmqI5
 GacMVNetV/bJuZKAbWHjz6YLmyzHKdL13YkDBipm7U9Na6T428aqzGxbeA==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 7b43333f
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Thu, 16 Jan 2020 12:29:20 +0000 (UTC)
Date: Thu, 16 Jan 2020 07:29:01 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <87pnfj7waa.fsf@HIDDEN>
References: <20191231142401.qt2oxe6jkefsxxnd@HIDDEN>
 <87pnfj7waa.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#38831: IceCat: some codecs don't work without workaround
To: bug-guix@HIDDEN, Mark H Weaver <mhw@HIDDEN>,
 =?UTF-8?Q?Jakub_K=C4=85dzio=C5=82ka?= <kuba@HIDDEN>
From: Julien Lepiller <julien@HIDDEN>
Message-ID: <28E76491-53BA-47BA-B00E-669D1DC93B61@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:5884:8208::1
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Le 16 janvier 2020 01:24:50 GMT-05:00, Mark H Weaver <mhw@netris=2Eorg> a =
=C3=A9crit :
>Hi Jakub,
>
>Jakub K=C4=85dzio=C5=82ka <kuba@kadziolka=2Enet> wrote:
>> I had some problems with video codecs in IceCat
>68=2E3=2E0-guix0-preview1=2E
>> For example, consider this page: http://demo=2Enimius=2Enet/video_test/=
=2E
>By
>> default, the videos under the headings H=2E264 / AAC and MPEG4 don't
>work
>> ("No video with supported format and MIME type found=2E")=2E
>>=20
>> The following steps make the first of these videos work:
>> 1=2E Open about:config
>> 2=2E Click "I accept the risk!"
>> 3=2E Set security=2Esandbox=2Econtent=2Eread_path_whitelist to /gnu/sto=
re/
>>    (the trailing / is important)=2E
>>=20
>> The instructions were originally sketched out in this help-guix
>> message:
>> https://lists=2Egnu=2Eorg/archive/html/help-guix/2019-12/msg00150=2Ehtm=
l
>>=20
>> I believe it would be beneficial to make this a default=2E
>>=20
>> On IRC, bandali suggested that it would be better to only whitelist
>the
>> necessary store subdirectories=2E I don't know how to gather such a
>list,
>> but it it seems like a good idea=2E
>
>Thank you for bringing this to my attention=2E  I agree with Amin Bandali
>that a more precise whitelist is preferable=2E  Moreover, I was not
>comfortable whitelisting all of /gnu/store=2E
>
>I'm glad to report that it appears to be sufficient to whitelist the
>RUNPATH of libavcodec=2Eso, plus the /share/mime/ directory from
>shared-mime-info=2E  I've implemented this in commit
>429c8284d232c3f9fbe3dc87a3da323f3a864c03 and pushed it to 'master'=2E
>
>> I don't know how about:config entries modified by the user behave
>when
>> IceCat is updated, but in some of the behaviors I can imagine, the
>> config entry stops updating,
>
>As currently implemented, we now arrange to set the *default* value of
>'security=2Esandbox=2Econtent=2Eread_path_whitelist' to an appropriate
>whitelist=2E
>
>Users who have customized
>'security=2Esandbox=2Econtent=2Eread_path_whitelist'
>to work around this issue should now erase that customization, by
>right-clicking on its entry in <about:config>, and clicking on "Reset"=2E
>It might also be necessary to restart IceCat after doing so=2E
>
>> in which case it would be better to add the paths to some internal
>> whitelist (I reckon such a whitelist already exists and contains
>> something like /usr/lib)=2E
>
>I agree that it would be preferable, but I wasn't sufficiently
>motivated
>to implement it=2E  Feel free to propose a patch=2E  I'm not sure it woul=
d
>make much of a difference in practice though, because the net result
>for
>anyone who has customized it to /gnu/store/ will be the same: until
>they
>reset their customization, their effective whitelist will be all of
>/gnu/store/*=2E
>
>What do you think?
>
>Anyway, thanks to everyone who contributed to this fix!  I'm closing
>both the older bug (38045) and the more recent duplicate (38831), but
>feel free to reopen if appropriate=2E
>
>       Mark

Hi,

Thanks for the fix! We'll need something similar for webgl (mesa and depen=
dencies at least), unless your patch already fixes it? I haven't checked=2E




Information forwarded to bug-guix@HIDDEN:
bug#38831; Package guix. Full text available.

Message received at 38831-done <at> debbugs.gnu.org:


Received: (at 38831-done) by debbugs.gnu.org; 16 Jan 2020 06:26:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 16 01:26:32 2020
Received: from localhost ([127.0.0.1]:36620 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1irybu-0001BM-Ii
	for submit <at> debbugs.gnu.org; Thu, 16 Jan 2020 01:26:32 -0500
Received: from world.peace.net ([64.112.178.59]:53684)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>)
 id 1irybp-0001B6-E5; Thu, 16 Jan 2020 01:26:28 -0500
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
 (envelope-from <mhw@HIDDEN>)
 id 1irybo-0007EO-7M; Thu, 16 Jan 2020 01:26:24 -0500
From: Mark H Weaver <mhw@HIDDEN>
To: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= <kuba@HIDDEN>
Subject: Re: IceCat: some codecs don't work without workaround
Date: Thu, 16 Jan 2020 01:24:50 -0500
Message-ID: <87pnfj7waa.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 38831-done
Cc: 38831-done <at> debbugs.gnu.org, 38045-done <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Jakub,

Jakub K=C4=85dzio=C5=82ka <kuba@HIDDEN> wrote:
> I had some problems with video codecs in IceCat 68.3.0-guix0-preview1.
> For example, consider this page: http://demo.nimius.net/video_test/. By
> default, the videos under the headings H.264 / AAC and MPEG4 don't work
> ("No video with supported format and MIME type found.").
>=20
> The following steps make the first of these videos work:
> 1. Open about:config
> 2. Click "I accept the risk!"
> 3. Set security.sandbox.content.read_path_whitelist to /gnu/store/
>    (the trailing / is important).
>=20
> The instructions were originally sketched out in this help-guix
> message:
> https://lists.gnu.org/archive/html/help-guix/2019-12/msg00150.html
>=20
> I believe it would be beneficial to make this a default.
>=20
> On IRC, bandali suggested that it would be better to only whitelist the
> necessary store subdirectories. I don't know how to gather such a list,
> but it it seems like a good idea.

Thank you for bringing this to my attention.  I agree with Amin Bandali
that a more precise whitelist is preferable.  Moreover, I was not
comfortable whitelisting all of /gnu/store.

I'm glad to report that it appears to be sufficient to whitelist the
RUNPATH of libavcodec.so, plus the /share/mime/ directory from
shared-mime-info.  I've implemented this in commit
429c8284d232c3f9fbe3dc87a3da323f3a864c03 and pushed it to 'master'.

> I don't know how about:config entries modified by the user behave when
> IceCat is updated, but in some of the behaviors I can imagine, the
> config entry stops updating,

As currently implemented, we now arrange to set the *default* value of
'security.sandbox.content.read_path_whitelist' to an appropriate
whitelist.

Users who have customized 'security.sandbox.content.read_path_whitelist'
to work around this issue should now erase that customization, by
right-clicking on its entry in <about:config>, and clicking on "Reset".
It might also be necessary to restart IceCat after doing so.

> in which case it would be better to add the paths to some internal
> whitelist (I reckon such a whitelist already exists and contains
> something like /usr/lib).

I agree that it would be preferable, but I wasn't sufficiently motivated
to implement it.  Feel free to propose a patch.  I'm not sure it would
make much of a difference in practice though, because the net result for
anyone who has customized it to /gnu/store/ will be the same: until they
reset their customization, their effective whitelist will be all of
/gnu/store/*.

What do you think?

Anyway, thanks to everyone who contributed to this fix!  I'm closing
both the older bug (38045) and the more recent duplicate (38831), but
feel free to reopen if appropriate.

       Mark




Notification sent to Jakub Kądziołka <kuba@HIDDEN>:
bug acknowledged by developer. Full text available.
Reply sent to Mark H Weaver <mhw@HIDDEN>:
You have taken responsibility. Full text available.
Added tag(s) patch. Request was from Jakub Kądziołka <kuba@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 31 Dec 2019 14:24:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 31 09:24:16 2019
Received: from localhost ([127.0.0.1]:33901 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1imIRT-0006gq-Nz
	for submit <at> debbugs.gnu.org; Tue, 31 Dec 2019 09:24:15 -0500
Received: from lists.gnu.org ([209.51.188.17]:37681)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kuba@HIDDEN>) id 1imIRS-0006gj-D6
 for submit <at> debbugs.gnu.org; Tue, 31 Dec 2019 09:24:14 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:35474)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <kuba@HIDDEN>) id 1imIRR-0002hB-23
 for bug-guix@HIDDEN; Tue, 31 Dec 2019 09:24:14 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <kuba@HIDDEN>) id 1imIRP-0004wG-NZ
 for bug-guix@HIDDEN; Tue, 31 Dec 2019 09:24:12 -0500
Received: from pat.zlotemysli.pl ([37.59.186.212]:60988)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <kuba@HIDDEN>) id 1imIRP-0004JW-BM
 for bug-guix@HIDDEN; Tue, 31 Dec 2019 09:24:11 -0500
Received: (qmail 6995 invoked by uid 1009); 31 Dec 2019 15:24:03 +0100
Received: from 188.123.215.55 (kuba@HIDDEN@188.123.215.55) by pat
 (envelope-from <kuba@HIDDEN>, uid 1002) with qmail-scanner-2.08st 
 (clamdscan: 0.98.6/25679. spamassassin: 3.4.0. perlscan: 2.08st.  
 Clear:RC:1(188.123.215.55):. 
 Processed in 0.02759 secs); 31 Dec 2019 14:24:03 -0000
Received: from unknown (HELO zdrowyportier.kadziolka.net)
 (kuba@HIDDEN@188.123.215.55)
 by pat.zlotemysli.pl with SMTP; 31 Dec 2019 15:24:02 +0100
Date: Tue, 31 Dec 2019 15:24:01 +0100
From: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= <kuba@HIDDEN>
To: bug-guix@HIDDEN
Subject: IceCat: some codecs don't work without workaround
Message-ID: <20191231142401.qt2oxe6jkefsxxnd@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 37.59.186.212
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
Cc: mhw@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello,

I had some problems with video codecs in IceCat 68.3.0-guix0-preview1.
For example, consider this page: http://demo.nimius.net/video_test/. By
default, the videos under the headings H.264 / AAC and MPEG4 don't work
("No video with supported format and MIME type found.").

The following steps make the first of these videos work:
1. Open about:config
2. Click "I accept the risk!"
3. Set security.sandbox.content.read_path_whitelist to /gnu/store/
   (the trailing / is important).

The instructions were originally sketched out in this help-guix
message:
https://lists.gnu.org/archive/html/help-guix/2019-12/msg00150.html

I believe it would be beneficial to make this a default.

On IRC, bandali suggested that it would be better to only whitelist the
necessary store subdirectories. I don't know how to gather such a list,
but it it seems like a good idea.

I don't know how about:config entries modified by the user behave when
IceCat is updated, but in some of the behaviors I can imagine, the
config entry stops updating, in which case it would be better to add
the paths to some internal whitelist (I reckon such a whitelist already
exists and contains something like /usr/lib).

Regards,
Jakub Kądziołka

CC: mhw as suggested by nckx




Acknowledgement sent to Jakub Kądziołka <kuba@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#38831; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 16 Jan 2020 12:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.