Bug#864082: [Fontconfig] Next steps for a reproducible Fontconfig?

Keith Packard keithp at keithp.com
Sun Jan 13 18:21:01 GMT 2019

Alexander Larsson <alexander.larsson at gmail.com> writes:

> Ugh. Sorry about that!

Thanks. Bugs happen, fortunately I was able to track this one down and
fix it (we all love free software!)

> Yes:ish. It should not *normally* happen. But you may run into it in
> uncommon situations like e.g. chrome using a statically linked version
> of fontconfig that has a different fontconfig cache format.

Hrm. I don't get the sense that we've got a solution to this problem
yet. Given that the contents of the flatpak cannot change on the fly,
would it be sufficient to generate a new 'salt' value for the flatpak
each time it is changed? It might be sufficient to use the name of the
flatpak including a version as this salt (that has the advantage of
making the flatpak reproducible, which you probably want to encourage).

> I agree with this, but the point was that we can't just modify the
> fontconfig to be dynamic always. We need to design it such that
> whatever flatpak generates is optional for the runtime to pick up when
> it is able to handle it.

Sounds like being able to handle an arbitrary host fonts directory
mounted as /run/host/fonts will really help avoid future issues. And
that needs to be in the fontconfig used inside the flatpak, which means
we can't wait for a system which has fonts in a different place and plan
on fixing it in the host.

> Yeah, there will be two files. One static in the runtime
> (/etc/fonts/conf.d/50-flatpak.xml), and one generated by flatpak
> (/run/host/fontconf.xml).

Sounds like we've got a plan for this part -- fix my mapping code to use
config bits separate from the <dir> elements, then add a 'salt'
mechanism in the config bits that stirs in some random data when
generating the cache keys for specific directory trees.

Let's figure out how we should handle the stale flatpak fonts cache
issue. Once we've settled that, we can go implement the whole mess and
get a new fontconfig release made in time for debian freeze.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20190113/983a8a97/attachment.sig>

More information about the Pkg-freedesktop-maintainers mailing list