Received: (at 72265) by debbugs.gnu.org; 17 Aug 2024 22:33:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Aug 17 18:33:55 2024 Received: from localhost ([127.0.0.1]:55052 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sfRze-00075M-KX for submit <at> debbugs.gnu.org; Sat, 17 Aug 2024 18:33:54 -0400 Received: from fhigh1-smtp.messagingengine.com ([103.168.172.152]:37331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ian@HIDDEN>) id 1sfRzc-000756-BL for 72265 <at> debbugs.gnu.org; Sat, 17 Aug 2024 18:33:53 -0400 Received: from phl-compute-08.internal (phl-compute-08.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 41F111145481; Sat, 17 Aug 2024 18:33:07 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Sat, 17 Aug 2024 18:33:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1723933987; x=1724020387; bh=xSZXZ4wHW9qwGaWcGowjMyw1G8IzQqKIlo5V8whEu/4=; b= mq/szVoe5v8IpZ4rYHpuGvYaKcDLOovNW7uYVsCPd2lzHfubfqlGMO4o7/IRHgiR 1cSe5bmDKBxiY7z0q75A7b+KtEFvJ/ovd9dto0kwoL1+UGVD2u9IeSPnnlnDuBip v498eqtjPG72KCnojRSlTN7MPphvAjFY5tHBwQoc0Wl23hYq9FPAkPBAHM8GQ+nG IM1kzdSnG+JVmBuNhgeuLli4q1bcAdcIHf4Q7WRPStEX6+y/TVO22GnEJbzAyfv9 Y3rpMW54NXwPQrZuR6hiKUsxnYTOnaHomJ9yG4jdpfw2qF2YBxOvNxpXlJUTKaPg M6rxsqWmZF9k/aOjaOTmjw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723933987; x= 1724020387; bh=xSZXZ4wHW9qwGaWcGowjMyw1G8IzQqKIlo5V8whEu/4=; b=e kdD3rnMp9rxRcaeurvz1fyxRpHGcfXoFZLGhtKxCk5pVeNzcdXlrrON4qh5lfbuC LH/DH438TbF+qp/Q4sK0I5E5cZ4zshcCiZwtloauKMDSZgKv1xDTYQ7UuBjgfe1+ 90GBMAgChQyqhDyk+iv/CmY+uNpl0czYTL/zkOTkfHgMMYiGCq7ESlysWdu7KrYG LkkLoHBofSvVsjDAP33iNzOksXXqvgOcz4NpMbtIZdTIaxW0Odj6qtaYHUqA5kwQ rpcCdeaUfWMYYhr2LExfdzW9vCSAWo90HGW8980tzgpa3j1PQI2C8uHou1pmK7sg BWpsJFkt8psrc+N9gDRHA== X-ME-Sender: <xms:IiXBZkVRGP8Pxatri1iU2-WxnYIXfQX5iL3rf8eUHTCtQ_8PDw4LCw> <xme:IiXBZom08H_HLkhHlG25F7ChyB1jJcLXbt-jNUEr2Nv4aB2YojYVxpd3mEjyVeiys E5FlMziaPutVqyWxQ> X-ME-Received: <xmr:IiXBZoZMXO_EDJYTRYo1BC0WJRkUCqRZtzsk4z9Ai45I7SFb7okHBH72XXMF81riVPnc3yRVGgIdMUdY7-7rNNb4SjjczVixyGQ> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudduuddgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfhgfhffvvefuffgjkfggtgfgsehtqhertddtreej necuhfhrohhmpefkrghnucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqne cuggftrfgrthhtvghrnhephfelvedtieeffffggeeivdeukedutedtveejfffhleeileef heeggfdugfeiuefhnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphhtthhopedvpdhm ohguvgepshhmthhpohhuthdprhgtphhtthhopeejvddvieehseguvggssghughhsrdhgnh hurdhorhhgpdhrtghpthhtohepnhhikhhithgrseguohhmnhhithhskhhiihdrmhgv X-ME-Proxy: <xmx:IiXBZjVleNtaEgHDgh6gJBJ6HfKtCZEGnQfemh3whq8czH169vArKg> <xmx:IiXBZul5UBwH8L-jJguhZCUNpciSchMwF4PH1Dn3tn_2LQ4Arr0DsA> <xmx:IiXBZofafU3EWV1ar7dEPRFAFUAmN1u7Lb2Ln7L_UHitsvyEr3paCw> <xmx:IiXBZgHn_AnuWNdpqfJVMzM4HeSup18sI2ztMAjBldAGOjYF-PD-_Q> <xmx:IyXBZjx7j7Q01d__8pZSuwZ2VUYOMn19USmXNI3cWRm8xZ1a7pWl-jyu> Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 18:33:06 -0400 (EDT) References: <87cymutnnr.fsf@meson> <87ed7a5etn.fsf@HIDDEN> User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure <ian@HIDDEN> To: Nikita Domnitskii <nikita@HIDDEN> Subject: Re: [PATCH 0/1] Fix hardware acceleration support for librewolf Date: Sat, 17 Aug 2024 15:20:02 -0700 In-reply-to: <87ed7a5etn.fsf@HIDDEN> Message-ID: <874j7i6aqm.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 72265 Cc: 72265 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi Nikita, Nikita Domnitskii <nikita@HIDDEN> writes: > Ian Eure <ian@HIDDEN> writes: > >> Since a lot of system config stuff ends up in there, and Guix=20 >> doesn=E2=80=99t >> have a good way to manage secrets, it feels risky to me to open=20 >> it up. > > Is it really an issue? Any program on your system already does=20 > that, > why LW any different? It's a good enough solution for NixOS/FF=20 > not sure > why we have to do something different here. > I think it=E2=80=99s worth considering. While any program can read the=20 store, few of them run the huge volume of untrusted code that a=20 web browser does. That said, I=E2=80=99m okay with this approach. Ideally, I=E2=80=99d like = it to=20 be a stopgap solution, but it=E2=80=99s a clear improvement on the current= =20 situation. However, there are two changes I=E2=80=99d like to see: 1. Please remove the source patching from `make-librewolf-source'=20 and move it into the librewolf package definition.=20 `make-librewolf-source' is intended to produce a source tarball=20 identical to upstream, and isn=E2=80=99t a good place to be adding=20 Guix-specific patches. 2. Use the `substitute*' procedure instead of a patch file. I=20 maintain LibreWolf in my personal channel first, then contribute=20 patches to Guix, and the patch file facility doesn=E2=80=99t work outside=20 the main Guix repository. I work this way because I=E2=80=99m not a Guix=20 committer, and would like to run the latest version of LibreWolf.=20 Guix is often several versions behind due to intractable delays in=20 patch review. With those two changes, your patch has my +1. Though as noted, I=20 cannot commit it, since I don=E2=80=99t have those privileges. >> The approach in LW is taken directly from the Firefox packages=20 >> in=20 >> Nonguix -- can you reproduce your problem with that packages? > > I can and it never worked for me. I used to mantain my LW=20 > package > definition[1] where I put neccesary paths to LD_LIBRARY_PATH,=20 > but that > solution very specific to my setup and would not work as a=20 > general one. > Would you please file a bug report with them? I=E2=80=99d be interested=20 to hear what they have to say on the subject. Thanks, =E2=80=94 Ian
guix-patches@HIDDEN:bug#72265; Package guix-patches.
Full text available.Received: (at 72265) by debbugs.gnu.org; 31 Jul 2024 05:09:06 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 31 01:09:06 2024 Received: from localhost ([127.0.0.1]:48862 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sZ1aE-0003sy-6v for submit <at> debbugs.gnu.org; Wed, 31 Jul 2024 01:09:06 -0400 Received: from out-182.mta0.migadu.com ([91.218.175.182]:34936) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <nikita@HIDDEN>) id 1sZ1aA-0003sN-07 for 72265 <at> debbugs.gnu.org; Wed, 31 Jul 2024 01:09:04 -0400 X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=domnitskii.me; s=key1; t=1722402489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9iPJP2jHRFokinPatFOd32T0R+4OGshRwQBXIXuJbDI=; b=Zi805fhEKuRsr9c3p3ouisiPZUuEIe68mnb3XpgAKbvOPc5nufYITDvKFKauu5dMXwWXlF szOdX8LiBtNN1pQzSfwEp5SqnTQWsiaug4hfJK0ejhZN5AhJOUH9lhKojIHfn8TcWBhVEl jYtsJSxi6M8hBdbL0uszhL8FgpPAmx0= From: Nikita Domnitskii <nikita@HIDDEN> To: Ian Eure <ian@HIDDEN>, 72265 <at> debbugs.gnu.org Subject: Re: [PATCH 0/1] Fix hardware acceleration support for librewolf In-Reply-To: <87cymutnnr.fsf@meson> References: <87cymutnnr.fsf@meson> Date: Wed, 31 Jul 2024 11:08:04 +0600 Message-ID: <87ed7a5etn.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 72265 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Ian Eure <ian@HIDDEN> writes: > I=E2=80=99d like to have a better handle on *why* this isn=E2=80=99t work= ing, and what > alternate options may exist, before granting LW=E2=80=99s sandboxed proce= sses > full access to the store. It doesn't work because RDD does not have access to drivers (in /run/current-system/profile/lib/) and any shared libraries that driver can use (anywhere in /gnu/store). Which you could see when running LW with MOZ_SANDBOX_LOGGING=3D1 environment variable or in my initial message. While we can add /run/current-system/profile/lib/ to whitelist and partially fix this issue, I don't think we can predict what driver would want to load. So I don't really see any alternative solutions for shared libraries problem. > Since a lot of system config stuff ends up in there, and Guix doesn=E2=80= =99t > have a good way to manage secrets, it feels risky to me to open it up. Is it really an issue? Any program on your system already does that, why LW any different? It's a good enough solution for NixOS/FF not sure why we have to do something different here. > Do you have reproduction steps which demonstrate the issue? It's in my initial message. You just run LW with MOZ_SANDBOX_LOGGING=3D1/MOZ_LOG=3D"PlatformDecoderModule:5" and check your GPU usage (intel_gpu_top for Intel GPU, not sure about others) while playing video. > I see it complaining about not loading libva, but setting > `MOZ_LOG=3D"PlatformDecoderModule:5"'[1] and enabling the various ffmpeg > config bits, then playing a video, it *seems* like it=E2=80=99s using hwa= ccel. I'm not aware of any other hwaccel implementation in LW/FF other than VA-API. If it's not loading libva it doesn't use hwaccel. > The approach in LW is taken directly from the Firefox packages in=20 > Nonguix -- can you reproduce your problem with that packages? I can and it never worked for me. I used to mantain my LW package definition[1] where I put neccesary paths to LD_LIBRARY_PATH, but that solution very specific to my setup and would not work as a general one. --=20 Best Regards, Nikita Domnitskii [1] https://git.sr.ht/~krevedkokun/dotfiles/tree/master/item/src/guile/yggd= rasil/packages/mozilla.scm
guix-patches@HIDDEN:bug#72265; Package guix-patches.
Full text available.Received: (at 72265) by debbugs.gnu.org; 31 Jul 2024 00:23:44 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 30 20:23:44 2024 Received: from localhost ([127.0.0.1]:48748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sYx84-00054U-6g for submit <at> debbugs.gnu.org; Tue, 30 Jul 2024 20:23:44 -0400 Received: from fhigh5-smtp.messagingengine.com ([103.168.172.156]:50733) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ian@HIDDEN>) id 1sYx80-000543-Lf for 72265 <at> debbugs.gnu.org; Tue, 30 Jul 2024 20:23:43 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 256231146D14; Tue, 30 Jul 2024 20:23:20 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 30 Jul 2024 20:23:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to; s=fm2; t=1722385400; x=1722471800; bh=eEieeA80Fh izoEPr/sRvytGXpnO7L4Nff7iqpisQkY0=; b=P80UCkuXany3AeBbHgDlIBGbeR kubCuMGiSQPVNyhUNHx3TA2TqwhCbiNacvki5M0/nT+qmya81Jt53nVeqTf82FPz 0BEjGwyEOGCkPlsTqNKtlTW/d6sk/YTmEIv2WhKVHaouQM6SBSOqk10WKBt2jdfJ p4Y6ezUZRNbfkrGliuqb2Lk28TuyHHtBuLxxgqySWwtbbX+xSFVcpbGumxRIeVnr ZZCBRFWPm0Qs87HpcAttJWgbcQZu+d00JjY4831RCMCWKXCMQagV5pPpPaKON52a 2ghPghvL0U3DXAZvH3aInyw9WGCEEFnNPECKOG4YVqVh5cL7Dj4GiS5l1ApA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1722385400; x=1722471800; bh=eEieeA80FhizoEPr/sRvytGXpnO7 L4Nff7iqpisQkY0=; b=EOrX/6XTfvJqZL9CJkGh/yBtsKwFm9YWmvVxIu1nkOlM bkcT6KLZvwCf/sC0s8oVI+3q6LetIefewCSOy1MJfkB+2Mas7nT+GtwhHp5gvYFK 6fPksIzWfUFbOSEp2/wDbdamrmUqgJlrkUHp/n5C/Sy9EUE907L4LuylKlI+kdhO iqSbpeJBsfEe0D3KRZA2XjMyPBlMLCd2w4OaFypJBaSN7G3yIzDE5vPlhEBxVDwI etGyP5wn4r6leEYMKNovltz/qsjvoXKlFfFtPjwT+1MSQkg9QI+yNX2cfzvJYDof 4CQsb6QdkwqLjFhXwMpelNYH4scajXquIJxPE89cew== X-ME-Sender: <xms:94OpZmbp_Mgt2m1JuMLlQEitxeNvG-8MF0gz5K59VWHzn0dk2YnPtw> <xme:94OpZpYgX7Nzak-qqNEB_HJMmmFKt-lquTKh9od6gQ6P-OWnXx_MO9lOKG5727LEx KD8HQjCQoe8XWYPdA> X-ME-Received: <xmr:94OpZg_8b-yDlvwr89a4AuTgv9BAG-M11dQ9lkOIMOMLcI1xSpJTHwDOB6KzF69KoTV-ZuOHgwl_eXSQivxy_REPEP0YLJgS_k0> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdefgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegfhffvufffkfggtgfgsehtqhertddtreejnecuhfhrohhmpefkrghnucfguhhr vgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnhepgfefff elffekuefgudegfeefkeehiefgleejhefhjeehiefhudefgfejffdvhfeknecuffhomhgr ihhnpehmohiiihhllhgrrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphht thhopedt X-ME-Proxy: <xmx:94OpZoo42-wRUA7rhUoxg4ws0-wVPZ6tjpMvwonEzPYefvLZ3MUqiw> <xmx:94OpZhrTntXEx8WL1aaX_ib5b2e4QBwRR9z-Uvpk5NfWfNnCDcb3OQ> <xmx:94OpZmTaJ084EFxWi5yrVAUmZfj2oHnSo7nZMJ1ahPid71Vg02m31w> <xmx:94OpZhpm-wCAUpFHF-g7QiZuvokmxf5oYwiddmdOp-ZkJDT1qQz5gg> <xmx:-IOpZo1pI5QaOwmMaSpShClxvGxP2fKo8t0gW3FVLXjk2O3rqlh5RPMI> Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 20:23:19 -0400 (EDT) User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure <ian@HIDDEN> To: 72265 <at> debbugs.gnu.org, Nikita Domnitskii <nikita@HIDDEN> Subject: Re: [PATCH 0/1] Fix hardware acceleration support for librewolf Date: Tue, 30 Jul 2024 17:12:39 -0700 Message-ID: <87cymutnnr.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 72265 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hello, I=E2=80=99d like to have a better handle on *why* this isn=E2=80=99t workin= g, and=20 what alternate options may exist, before granting LW=E2=80=99s sandboxed=20 processes full access to the store. Since a lot of system config=20 stuff ends up in there, and Guix doesn=E2=80=99t have a good way to manage= =20 secrets, it feels risky to me to open it up. Do you have reproduction steps which demonstrate the issue? I see=20 it complaining about not loading libva, but setting=20 `MOZ_LOG=3D"PlatformDecoderModule:5"'[1] and enabling the various=20 ffmpeg config bits, then playing a video, it *seems* like it=E2=80=99s=20 using hwaccel. The approach in LW is taken directly from the Firefox packages in=20 Nonguix -- can you reproduce your problem with that packages?=20 That might provide a clue as to what=E2=80=99s different between the two=20 package definitions. Thanks, =E2=80=94 Ian [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=3D1610199#c31
guix-patches@HIDDEN:bug#72265; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 24 Jul 2024 05:45:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 24 01:45:05 2024
Received: from localhost ([127.0.0.1]:33010 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWUoD-00072E-Fh
for submit <at> debbugs.gnu.org; Wed, 24 Jul 2024 01:45:05 -0400
Received: from lists.gnu.org ([209.51.188.17]:33464)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <nikita@HIDDEN>) id 1sWUoC-000727-Bo
for submit <at> debbugs.gnu.org; Wed, 24 Jul 2024 01:45:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <nikita@HIDDEN>)
id 1sWUo6-0000C2-M6
for guix-patches@HIDDEN; Wed, 24 Jul 2024 01:44:58 -0400
Received: from out-177.mta0.migadu.com ([2001:41d0:1004:224b::b1])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <nikita@HIDDEN>)
id 1sWUo4-00078X-Lp
for guix-patches@HIDDEN; Wed, 24 Jul 2024 01:44:58 -0400
X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and
include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=domnitskii.me;
s=key1; t=1721799894;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=QnKqVbHDMPRRifNhGJmyUx0IqDbJqyt0ndTXJ+k4bQg=;
b=dv+WswKSfQN1WANAruPkB4CK/Sgj5IvcyN24SE6rtonQpCbEpb8K13BFzyZmWnhDWDHC7p
4NN9dcJhqpRHv+erun+WJZaozAlHkMJhNJFgggCcohfOp8Jktl+fb1qeQqRPdsk1DyNOKd
48JCuLRTPVFJr5I/T4cM9sH40IyumzQ=
From: Nikita Domnitskii <nikita@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 1/1] gnu: librewolf: Add guix drivers paths to RDD whitelist
In-Reply-To: <cover.1721797552.git.nikita@HIDDEN>
References: <cover.1721797552.git.nikita@HIDDEN>
Message-Id: <d58e28b577d0c7f9ba30314b409dc5d4749b69ec.1721797552.git.nikita@HIDDEN>
Date: Wed, 24 Jul 2024 11:44:51 +0600
MIME-Version: 1.0
Content-Type: text/plain
X-Migadu-Flow: FLOW_OUT
Received-SPF: pass client-ip=2001:41d0:1004:224b::b1;
envelope-from=nikita@HIDDEN; helo=out-177.mta0.migadu.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)
Change-Id: I5aaf590b625dfbacb19b6dc54d7f83f73bea1fda
---
gnu/packages/librewolf.scm | 20 ++++---------------
...librewolf-add-paths-to-rdd-whitelist.patch | 11 ++++++++++
2 files changed, 15 insertions(+), 16 deletions(-)
create mode 100644 gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 3e46477724..b34e29d9db 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -203,7 +203,9 @@ (define librewolf-source
(invoke "make" "all")
(copy-file (string-append "librewolf-" #$version
".source.tar.gz")
- #$output))))))))
+ #$output)))))
+ (patches
+ (search-patches "librewolf-add-paths-to-rdd-whitelist.patch")))))
;; Define the versions of rust needed to build librewolf, trying to match
;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
@@ -573,26 +575,12 @@ (define-public librewolf
;; For U2F and WebAuthn
"eudev")))
- ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
- ;; and must be explicitly given access to files it needs.
- ;; Rather than adding the whole store (as Nix had
- ;; upstream do, see
- ;; <https://github.com/NixOS/nixpkgs/pull/165964> and
- ;; linked upstream patches), we can just follow the
- ;; runpaths of the needed libraries to add everything to
- ;; LD_LIBRARY_PATH. These will then be accessible in the
- ;; RDD sandbox.
- (rdd-whitelist (map (cut string-append <> "/")
- (delete-duplicates (append-map
- runpaths-of-input
- '("mesa"
- "ffmpeg")))))
(gtk-share (string-append (assoc-ref inputs
"gtk+")
"/share")))
(wrap-program (car (find-files lib "^librewolf$"))
`("LD_LIBRARY_PATH" prefix
- (,@libs ,@rdd-whitelist))
+ (,@libs))
`("XDG_DATA_DIRS" prefix
(,gtk-share))
`("MOZ_LEGACY_PROFILES" =
diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
new file mode 100644
index 0000000000..1bee0bddf5
--- /dev/null
+++ b/gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch
@@ -0,0 +1,11 @@
+--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -920,6 +920,8 @@
+ policy->AddDir(rdonly, "/usr/lib64");
+ policy->AddDir(rdonly, "/run/opengl-driver/lib");
+ policy->AddDir(rdonly, "/nix/store");
++ policy->AddDir(rdonly, "/gnu/store");
++ policy->AddDir(rdonly, "/run/current-system/profile/lib");
+
+ // Bug 1647957: memory reporting.
+ AddMemoryReporting(policy.get(), aPid);
--
Best Regards,
Nikita Domnitskii
guix-patches@HIDDEN:bug#72265; Package guix-patches.
Full text available.Received: (at submit) by debbugs.gnu.org; 24 Jul 2024 05:44:52 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 24 01:44:52 2024 Received: from localhost ([127.0.0.1]:33005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sWUo0-00070l-1h for submit <at> debbugs.gnu.org; Wed, 24 Jul 2024 01:44:52 -0400 Received: from lists.gnu.org ([209.51.188.17]:51390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <nikita@HIDDEN>) id 1sWUnx-00070d-US for submit <at> debbugs.gnu.org; Wed, 24 Jul 2024 01:44:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <nikita@HIDDEN>) id 1sWUnr-0000At-HA for guix-patches@HIDDEN; Wed, 24 Jul 2024 01:44:44 -0400 Received: from out-172.mta0.migadu.com ([2001:41d0:1004:224b::ac]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <nikita@HIDDEN>) id 1sWUno-00076F-SH for guix-patches@HIDDEN; Wed, 24 Jul 2024 01:44:43 -0400 X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=domnitskii.me; s=key1; t=1721799875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=LVvH0ngi9XXu4zQymzB2qEAKqiIqBvqKVD9ye3ZD0js=; b=CSUDw/EOZyhv/OE9AJW78/6fhNOlLnc0MMhY/K80qYlsFtH5Wdtqn2FlwiPmHsCpTKhmfH e8NEFUFFepW9bYep6CE3B7+gHzLckeGZZWdHs/5ynJ/8AzG4FuHOPwQS8TwBV4fATUWPtU lA6Pp8eKDH0HyhFqByGpiLoQK5Zk9rE= From: Nikita Domnitskii <nikita@HIDDEN> To: guix-patches@HIDDEN Subject: [PATCH 0/1] Fix hardware acceleration support for librewolf Message-Id: <cover.1721797552.git.nikita@HIDDEN> Date: Wed, 24 Jul 2024 11:44:31 +0600 MIME-Version: 1.0 Content-Type: text/plain X-Migadu-Flow: FLOW_OUT Received-SPF: pass client-ip=2001:41d0:1004:224b::ac; envelope-from=nikita@HIDDEN; helo=out-172.mta0.migadu.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) Current approach with LD_LIBRARY_PATH seems wrong for multiple reasons: 1. It doesn't work 2. It would require us to add all available drivers and every shared library that drivers load Currently it works like that: --8<---------------cut here---------------start------------->8--- $ MOZ_SANDBOX_LOGGING=1 librewolf libva info: Trying to open /run/current-system/profile/lib/dri/iHD_drv_video.so [3323] Sandbox: SandboxBroker: denied op=open rflags=2000000 perms=0 path=/gnu/store/371amhgyc25i0frgxkllp94v6rvvyl0y-intel-media-driver-nonfree-24.1.5/lib/dri/iHD_drv_video.so for pid=3971 [3971] Sandbox: Failed errno -13 op open flags 02000000 path /run/current-system/profile/lib/dri/iHD_drv_video.so [3323] Sandbox: SandboxBroker: denied op=access rflags=0 perms=0 path=/gnu/store/371amhgyc25i0frgxkllp94v6rvvyl0y-intel-media-driver-nonfree-24.1.5/lib/dri/iHD_drv_video.so for pid=3971 [3971] Sandbox: Failed errno -13 op access flags 00 path /run/current-system/profile/lib/dri/iHD_drv_video.so libva info: va_openDriver() returns -1 --8<---------------cut here---------------end--------------->8--- If I'll add /run/current-system/profile/lib/dri to LD_LIBRARY_PATH it tries to load gmmlib: --8<---------------cut here---------------start------------->8--- $ MOZ_SANDBOX_LOGGING=1 LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/run/current-system/profile/lib librewolf libva info: Trying to open /run/current-system/profile/lib/dri/iHD_drv_video.so [5004] Sandbox: Failed errno -2 op open flags 02000000 path /gnu/store/z987j9j71l114051dg3722amqcnv84c6-librewolf-126.0-1/lib/librewolf/libigdgmm.so.12 [5004] Sandbox: Failed errno -2 op open flags 02000000 path /gnu/store/9i3zzv8kmv2rkkiyn70lp594fz637vna-mesa-24.0.4/lib/libigdgmm.so.12 ... tries to lookup libigdgmm.so.12 [5004] Sandbox: Failed errno -2 op open flags 02000000 path /gnu/store/ln6hxqjvz6m9gdd9s97pivlqck7hzs99-glibc-2.35/lib/libigdgmm.so.12 libva error: dlopen of /run/current-system/profile/lib/dri/iHD_drv_video.so failed: libigdgmm.so.12: cannot open shared object file: No such file or directory libva info: va_openDriver() returns -1 --8<---------------cut here---------------end--------------->8--- So I propose to use NixOS approach (already upstreamed) Nikita Domnitskii (1): gnu: librewolf: Add guix drivers paths to RDD whitelist gnu/packages/librewolf.scm | 20 ++++--------------- ...librewolf-add-paths-to-rdd-whitelist.patch | 11 ++++++++++ 2 files changed, 15 insertions(+), 16 deletions(-) create mode 100644 gnu/packages/patches/librewolf-add-paths-to-rdd-whitelist.patch base-commit: ee7e5e00bf2b9257e67d785b37efddb008c5da37 -- Best Regards, Nikita Domnitskii
Nikita Domnitskii <nikita@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#72265; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.