Flatpak GTK apps cannot show pictures.

  • Done
  • quality assurance status badge
Details
2 participants
  • Zhu Zihao
  • Ludovic Courtès
Owner
unassigned
Submitted by
Zhu Zihao
Severity
normal
Z
Z
Zhu Zihao wrote on 8 Apr 2022 06:35
Flatpak GTK apps cannot show pictures.
(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
868rsgfaeb.fsf@163.com
# Main issue

Solanum in flatpak failed to render its logo.

# Reproduce step

Run

```
guix shell flatpak
flatpak install org.gnome.Solanum
flatpak run org.gnome.Solanum
```

# Investigation

The issue maybe caused by missing gdk pixbuf loaders. Try `flatpak run
--command=sh --devel org.gnome.Solanum` enter the debug shell of flatpak
and run `strace -o s.log solanum`. Found something like

```
openat(AT_FDCWD, "/run/current-system/profile/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache",
O_RDONLY) = -1 ENOENT (?????????)
...

access("/run/current-system/profile/share/themes/Adwaita/gtk-4.6/gtk.css", F_OK) = -1 ENOENT (?????????)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.4/gtk.css", F_OK) = -1 ENOENT (?????????)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.2/gtk.css", F_OK) = -1 ENOENT (?????????)
access("/run/current-system/profile/share/themes/Adwaita/gtk-4.0/gtk.css", F_OK) = -1 ENOENT (?????????)

...

openat(AT_FDCWD, "/run/current-system/profile/lib/gio/modules", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (?????????)
```

It shows that flatpak is trying to load GTK related resource from
/run/current-system/profile. And use

```
flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
```

It works well.

# Related links


The solution of Nixpkgs is add these path and store to the flatpak
sandbox. I'm not sure whether it's good or not. Because user may want to
setup its own GUIX{2,3,4}_GTK_PATH and GDK_PIXBUF_LOADER_FILES.
--
Retrieve my PGP public key:

gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
-----BEGIN PGP SIGNATURE-----

iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYk++nRUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/nCNQD/RKCEnxBhBviVzTzc3rVQHwq81HIW
KwDiiltANKqpZ9gA/iyU5Tas2p/U4dRDf7ARPAwsTcIPIm22539DSrZ0QuMN
=p2Yu
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 20 Apr 2022 22:00
(name . Zhu Zihao)(address . all_but_last@163.com)(address . 54784@debbugs.gnu.org)
87czhbo780.fsf@gnu.org
Hi,

Zhu Zihao <all_but_last@163.com> skribis:

Toggle quote (13 lines)
> It shows that flatpak is trying to load GTK related resource from
> /run/current-system/profile. And use
>
> ```
> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
> ```
>
> It works well.
>
> # Related links
>
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch

A patch like this one looks reasonable; it’s a transcription of what’s
done on FHS systems, so why not.

Would you like to give it a try?

Thanks,
Ludo’.
Z
Z
Zhu Zihao wrote on 21 Apr 2022 07:45
Re: bug#54784: Flatpak GTK apps cannot show pictures.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 54784@debbugs.gnu.org)
868rrzxa2y.fsf@163.com
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (20 lines)
> Hi,
>
> Zhu Zihao <all_but_last@163.com> skribis:
>
>> It shows that flatpak is trying to load GTK related resource from
>> /run/current-system/profile. And use
>>
>> ```
>> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
>> ```
>>
>> It works well.
>>
>> # Related links
>>
>> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
>
> A patch like this one looks reasonable; it’s a transcription of what’s
> done on FHS systems, so why not.

Guix users often use declarative configuartion. So my concern is
mounting the whole store into flatpak sandbox will leak unneccesary
user secrets.
--
Retrieve my PGP public key:

gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
-----BEGIN PGP SIGNATURE-----

iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYmDvtRUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/m2agEAqu9aKw1HP0zctVCEsN9HzhqeuEry
tYeLrPccIwgy/SYBAPgb4wMHdQA2wucE4jU0KkwnkN2Z9ClT7XLxxnhEfh0I
=kfHh
-----END PGP SIGNATURE-----

Z
Z
Zhu Zihao wrote on 23 Apr 2022 04:55
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 54784@debbugs.gnu.org)
865yn0o6d8.fsf@163.com
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (25 lines)
> Hi,
>
> Zhu Zihao <all_but_last@163.com> skribis:
>
>> It shows that flatpak is trying to load GTK related resource from
>> /run/current-system/profile. And use
>>
>> ```
>> flatpak run --filesystem=/gnu/store:ro --filesystem=/run/current-system:ro org.gnome.Solanum
>> ```
>>
>> It works well.
>>
>> # Related links
>>
>> https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/flatpak/bubblewrap-paths.patch
>
> A patch like this one looks reasonable; it’s a transcription of what’s
> done on FHS systems, so why not.
>
> Would you like to give it a try?
>
> Thanks,
> Ludo’.


--
Retrieve my PGP public key:

gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
-----BEGIN PGP SIGNATURE-----

iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYmNqwxUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/kJRwD/XRH/HIUKIjrWbrr6clp1ME15Etqb
ahFIg/YStIKglAgA/iUDcdCYFvUUePAOAHLk6iILkRUGH0AYf0znSw+/sugF
=xurZ
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 28 Apr 2022 16:55
Re: bug#55072: [PATCH]: Do not leak GDK_PIXBUF_MODULE_FILE into the sandbox.
(name . Zhu Zihao)(address . all_but_last@163.com)
87a6c5cl60.fsf@gnu.org
Hi,

Zhu Zihao <all_but_last@163.com> skribis:

Toggle quote (7 lines)
>>From affd34d0f0bf6bf04110b595ce77ed8e9448b2c7 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last@163.com>
> Date: Thu, 21 Apr 2022 18:48:51 +0800
> Subject: [PATCH 1/3] gnu: bubblewrap: Update to 0.6.1.
>
> * gnu/packages/virtualization.scm (bubblewrap): Update to 0.6.1.

Applied to the ‘staging’ branch, due to the high number of rebuilds.

Toggle quote (8 lines)
>>From 3432b64e34d5df329c31b1a09f476ff01a743245 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last@163.com>
> Date: Thu, 21 Apr 2022 18:52:21 +0800
> Subject: [PATCH 2/3] gnu: flatpak: Use G-expressions.
>
> * gnu/packages/package-management.scm (flatpak): Fix indentation.
> [arguments]: Use G-expressions.

[...]

Toggle quote (12 lines)
>>From 5f1369f8731cc1b35c3c80aac6ad7ebd89d3cb10 Mon Sep 17 00:00:00 2001
> From: Zhu Zihao <all_but_last@163.com>
> Date: Sat, 23 Apr 2022 10:39:32 +0800
> Subject: [PATCH 3/3] gnu: flatpak: Do not leak GDK_PIXBUF_MODULE_FILE into the
> sandbox.
>
> Fixes https://issues.guix.gnu.org/54784.
>
> * gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add corresponding entry.
> * gnu/packages/package-management.scm (flatpak)[source]: Use patch.

Applied to ‘master’.

Thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 54784@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 54784
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch