Bug#864082: [Fontconfig] Next steps for a reproducible Fontconfig?
Alexander Larsson
alexander.larsson at gmail.com
Thu Jan 31 08:54:39 GMT 2019
On Thu, Jan 31, 2019 at 9:40 AM Keith Packard <keithp at keithp.com> wrote:
>
> Alexander Larsson <alexander.larsson at gmail.com> writes:
>
> > We don't want a global salt for everything in the container.
>
> I guess I wonder why not? Salt + dir inside the container will always be
> unique. The place where you want to have different salt is for
> directories mapped from the host; I think those will always be in
> remap-dir clauses, if we have salt there, that should work?
It will be unique per runtime, as the default salt comes from the
runtime generated file in the sandbox.
But, if multiple apps use the same runtime they will always use the
same salt for its /app/share/fonts, even though it could differ, which
seems risky.
But worse, if the runtime changes the default salt, then the caches
built into the app will be for the wrong salt until the app is
rebuilt.
> > In
> > reality things are more complicated than that. For example, an app may
> > bundle fonts, which will be in like /app/share/fonts, in addition to
> > the runtime fonts in /usr/share/fonts. These come from different
> > places and may individually be different in a different (or updated)
> > app, so the directories need to have different salts.
>
> If building the flatpak generates the font caches, then per-flatpak salt
> would make those correct.
Only as long as the runtime salt doesn't change. But its also a
robustness issue, if for whatever reason (cache version, etc) a cache
is generated for the app dir I want that to map to a uniqe cache id
rather than one shared between every app using that runtime.
> > Also, it is quite possible that some host font directory is *not*
> > remapped, but still visible to the app. For example /opt/fonts for an
> > app that has filesystem access. If for whatever reason fontconfig
> > looks at this directory it should not apply any salt for it.
>
> Oh, so some host directories may be visible unmapped and unknown to the
> flatpak? In that case, we'll need to enumerate all flatpak visible font
> directories separately.
What happens today is that if you host has fonts somewhere, say
/opt/fonts, and the app has --filesystem=host access, then /opt will
be visible as-is in the sandbox (along with essentially everything but
/usr and /app).
These directories are not (currently) added to the fontconfig setup in
the sandbox, so it will not be automatically picked up. But that
doesn't mean fontconfig in the sandbox can *never* see it. For
example, the app could call FcConfigAppFontAddDir() if it has a
per-app font dir option or something.
We *could* make flatpak enumerate *all* configured host font
directories and set up snippets for them. However, currently we don't,
and I don't see a huge need for this.
More information about the Pkg-freedesktop-maintainers
mailing list