Bug#864082: [Fontconfig] Next steps for a reproducible Fontconfig?
keithp at keithp.com
Thu Jan 10 19:36:38 GMT 2019
Akira TAGOH <akira at tagoh.org> writes:
> Indeed, that would be able to accomplish both with the minimal efforts
> for us at least. though they might came up with this but they didn't
> do it that way. so there might be some reason why they didn't do so.
> packaging issue perhaps?
flatpak appears to change many pathnames used to access host files. I
don't know if there are other subsystems affected by these changes,
perhaps we'll see more in the future though.
> I can't figure out completely but, fontconfig may needs to deal with
> different namespaces in a cache filename to avoid a collision between
> host and sandboxes. dunno if we may see different state in the future
> but it might be represented as a depth in a filename to make it
> different like 0:<md5>-le64.cache-<version> for host and
> 1:<md5>-le64.cache-<version> for a sandbox.
> we could increase a depth
> for a child in sandbox as needed, anyway.
> We can mix up caches that is located at the same place then. the last
> missing piece would be to map them to the right place. flatpaks should
> knows where they mounted directories to. they can create a map table
> with proper parent depth and current depth I think.
That would require customizing the contents of a flatpak on install, or
perhaps this could be done when the flatpak was run?
> I may be missing something so this might not work though...
This seems to extend the change I proposed; which provides an
indirection between the actual filename and the font config cache
database key. Instead of just mapping sandbox names to external names
(which results in collisions), we also add some 'salt' to the sandbox
names to perturb the generated key for internal paths.
Let's look at some examples:
sandbox prefix cache prefix
'sandbox-depth-1' is the "salt" added to the cache keys for paths within
the sandbox to ensure they do not collide with cache keys for paths
outside of the sandbox.
You'd add all mounted file systems to this list so that fonts found
anywhere outside the sandbox would generate cache keys using the names
from outside the sandbox. If you ran another sandbox *inside* this
sandbox, you'd have another level of indirection:
(assuming that the sandbox didn't manage to mount the "real" system
fonts inside the sandbox somewhere).
This configuration file would be generated by flatpak at runtime.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Pkg-freedesktop-maintainers