GNU bug report logs - #54784
Flatpak GTK apps cannot show pictures.

Previous Next

Package: guix;

Reported by: Zhu Zihao <all_but_last <at> 163.com>

Date: Fri, 8 Apr 2022 05:05:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 54784 in the body.
You can then email your comments to 54784 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#54784; Package guix. (Fri, 08 Apr 2022 05:05:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Zhu Zihao <all_but_last <at> 163.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Fri, 08 Apr 2022 05:05:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Zhu Zihao <all_but_last <at> 163.com>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Flatpak GTK apps cannot show pictures. 
Date: Fri, 08 Apr 2022 12:35:42 +0800
[Message part 1 (text/plain, inline)]
# Main issue

Solanum in flatpak failed to render its logo.

# Reproduce step

Run

```
guix shell flatpak
flatpak install org.gnome.Solanum
flatpak run org.gnome.Solanum
```

# Investigation

The issue maybe caused by missing gdk pixbuf loaders. Try `flatpak run
--command=sh --devel org.gnome.Solanum` enter the debug shell of flatpak
and run `strace -o s.log solanum`. Found something like

```
openat(AT_FDCWD, "/run/current-system/profile/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache",
O_RDONLY) = -1 ENOENT (没有那个文件或目录)
...

access("/run/current-system/profile/share/themes/Adwaita/gtk-4.6/gtk.css", F_OK) = -1 ENOENT (没有那个文件或目录)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.4/gtk.css", F_OK) = -1 ENOENT (没有那个文件或目录)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.2/gtk.css", F_OK) = -1 ENOENT (没有那个文件或目录)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.0/gtk.css", F_OK) = -1 ENOENT (没有那个文件或目录)

...

openat(AT_FDCWD, "/run/current-system/profile/lib/gio/modules", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (没有那个文件或目录)
```

It shows that flatpak is trying to load GTK related resource from
/run/current-system/profile. And use

```
flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
```

It works well.

# Related links

https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch

The solution of Nixpkgs is add these path and store to the flatpak
sandbox. I'm not sure whether it's good or not. Because user may want to
setup its own GUIX{2,3,4}_GTK_PATH and GDK_PIXBUF_LOADER_FILES.
-- 
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#54784; Package guix. (Wed, 20 Apr 2022 20:01:01 GMT) Full text and rfc822 format available.

Message #8 received at 54784 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Zhu Zihao <all_but_last <at> 163.com>
Cc: 54784 <at> debbugs.gnu.org
Subject: Re: bug#54784: Flatpak GTK apps cannot show pictures. 
Date: Wed, 20 Apr 2022 22:00:47 +0200
Hi,

Zhu Zihao <all_but_last <at> 163.com> skribis:

> It shows that flatpak is trying to load GTK related resource from
> /run/current-system/profile. And use
>
> ```
> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
> ```
>
> It works well.
>
> # Related links
>
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch

A patch like this one looks reasonable; it’s a transcription of what’s
done on FHS systems, so why not.

Would you like to give it a try?

Thanks,
Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#54784; Package guix. (Thu, 21 Apr 2022 05:48:01 GMT) Full text and rfc822 format available.

Message #11 received at 54784 <at> debbugs.gnu.org (full text, mbox):

From: Zhu Zihao <all_but_last <at> 163.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 54784 <at> debbugs.gnu.org
Subject: Re: bug#54784: Flatpak GTK apps cannot show pictures.
Date: Thu, 21 Apr 2022 13:45:33 +0800
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi,
>
> Zhu Zihao <all_but_last <at> 163.com> skribis:
>
>> It shows that flatpak is trying to load GTK related resource from
>> /run/current-system/profile. And use
>>
>> ```
>> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
>> ```
>>
>> It works well.
>>
>> # Related links
>>
>> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
>
> A patch like this one looks reasonable; it’s a transcription of what’s
> done on FHS systems, so why not.

Guix users often use declarative configuartion. So my concern is
mounting the whole store into flatpak sandbox will leak unneccesary
user secrets.
-- 
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#54784; Package guix. (Sat, 23 Apr 2022 02:57:01 GMT) Full text and rfc822 format available.

Message #14 received at 54784 <at> debbugs.gnu.org (full text, mbox):

From: Zhu Zihao <all_but_last <at> 163.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 54784 <at> debbugs.gnu.org
Subject: Re: bug#54784: Flatpak GTK apps cannot show pictures.
Date: Sat, 23 Apr 2022 10:55:48 +0800
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi,
>
> Zhu Zihao <all_but_last <at> 163.com> skribis:
>
>> It shows that flatpak is trying to load GTK related resource from
>> /run/current-system/profile. And use
>>
>> ```
>> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
>> ```
>>
>> It works well.
>>
>> # Related links
>>
>> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
>
> A patch like this one looks reasonable; it’s a transcription of what’s
> done on FHS systems, so why not.
>
> Would you like to give it a try?
>
> Thanks,
> Ludo’.

See https://issues.guix.gnu.org/55072

-- 
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
[signature.asc (application/pgp-signature, inline)]

Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Thu, 28 Apr 2022 14:56:02 GMT) Full text and rfc822 format available.

Notification sent to Zhu Zihao <all_but_last <at> 163.com>:
bug acknowledged by developer. (Thu, 28 Apr 2022 14:56:02 GMT) Full text and rfc822 format available.

Message #19 received at 54784-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Zhu Zihao <all_but_last <at> 163.com>
Cc: 55072-done <at> debbugs.gnu.org, 54784-done <at> debbugs.gnu.org
Subject: Re: bug#55072: [PATCH]: Do not leak GDK_PIXBUF_MODULE_FILE into the
 sandbox.
Date: Thu, 28 Apr 2022 16:55:19 +0200
Hi,

Zhu Zihao <all_but_last <at> 163.com> skribis:

>>From affd34d0f0bf6bf04110b595ce77ed8e9448b2c7 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last <at> 163.com>
> Date: Thu, 21 Apr 2022 18:48:51 +0800
> Subject: [PATCH 1/3] gnu: bubblewrap: Update to 0.6.1.
>
> * gnu/packages/virtualization.scm (bubblewrap): Update to 0.6.1.

Applied to the ‘staging’ branch, due to the high number of rebuilds.

>>From 3432b64e34d5df329c31b1a09f476ff01a743245 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last <at> 163.com>
> Date: Thu, 21 Apr 2022 18:52:21 +0800
> Subject: [PATCH 2/3] gnu: flatpak: Use G-expressions.
>
> * gnu/packages/package-management.scm (flatpak): Fix indentation.
> [arguments]: Use G-expressions.

[...]

>>From 5f1369f8731cc1b35c3c80aac6ad7ebd89d3cb10 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last <at> 163.com>
> Date: Sat, 23 Apr 2022 10:39:32 +0800
> Subject: [PATCH 3/3] gnu: flatpak: Do not leak GDK_PIXBUF_MODULE_FILE into the
>  sandbox.
>
> Fixes https://issues.guix.gnu.org/54784.
>
> * gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add corresponding entry.
> * gnu/packages/package-management.scm (flatpak)[source]: Use patch.

Applied to ‘master’.

Thanks!

Ludo’.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 27 May 2022 11:24:07 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 306 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.