help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Drafting a Guix blog post on the FHS container

From: Jim Newsome
Subject: Re: Drafting a Guix blog post on the FHS container
Date: Wed, 04 Jan 2023 18:07:18 +0000
User-agent: Cyrus-JMAP/3.7.0-alpha0-1185-g841157300a-fm-20221208.002-g84115730 

On Wed, Jan 4, 2023, at 5:47 PM, John Kehayias wrote:
> Hi Jim,
> 
> On Fri, Dec 16, 2022 at 05:39 PM, Jim Newsome wrote:
> 
> > Sorry for (presumably) breaking threading; I came across this online and
> > don't see a way to set my in-reply-to-email header properly.
> >
> > Anyways just thought I'd mention that I recently learned about this
> > feature, and was able to use it to get a downloaded [Tor Browser Bundle]
> > running with:
> >
> >
> > ```
> > guix shell \
> >    --container \
> >    --network \
> >    --emulate-fhs \
> >    --preserve='^DISPLAY$'
> >    --share=/run/user/$(id -u)/gdm \
> >    openssl@1 \
> >    libevent \
> >    pciutils \
> >    dbus-glib \
> >    bash \
> >    libgccjit \
> >    libcxx \
> >    gtk+ \
> >    coreutils \
> >    grep \
> >    sed \
> >    file \
> >    alsa-lib \
> >    -- \
> >    ./start-tor-browser.desktop -v
> > ```
> >
> > `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get
> > access to the display. I'm not sure the second parameter is universally
> > correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`.
> >
> > The `-v` parameter to the browser script keeps it from trying to
> > background itself, which otherwise causes the container and browser to
> > terminate.
> >
> > It'd ultimately be nice to package the Tor Browser Bundle properly for
> > guix, but it's nice to be able to use it this way in the meantime.
> 
> Thanks again for this! I slightly modified it for the blog post, which you 
> can see in draft form at <https://issues.guix.gnu.org/60112>. I used 
> 'gcc:lib' instead of 'libgccjit' as it is smaller, and changed the needed 
> display options to be like the previous ones I had. Yours didn't work for me 
> since it looks like it relies on sharing something from GDM, which I don't 
> use. But do let me know if my version doesn't work for you.
> 
> Also gave you credit for this example; if you prefer not to be mentioned by 
> name/link to the mailing list for any reason, just let me know.
> 
> Oh, and we do have some (older) patches for building the Tor Browser from 
> source, but I don't know if they currently work: 
> <https://issues.guix.gnu.org/42380> Your example was great though, something 
> very useful!
> 
> John

Thanks, looks good, and the command in your patch also works for me.

I agree that passing and exposing XAUTHORITY seems better. Experimentally, 
sharing the directory read-only also works (using `--expose` instead of 
`--share`) also works, but I'm not familiar enough with this mechanism to be 
confident that'll work for everyone, or whether making it read-only is worth 
the fuss.

Btw it turns out that `libevent` and `openssl@1` can be dropped; they're 
already bundled. All together, here's my current "best" version:

```
guix shell --container --network --emulate-fhs \
    --preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
    alsa-lib bash coreutils dbus-glib file gcc:lib grep gtk+ \
    libcxx pciutils sed \
    -- ./start-tor-browser.desktop -v
```
reply via email to
[Prev in Thread] Current Thread [Next in Thread]