From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id eKlfH9JWNmURCgEA9RJhRA:P1 (envelope-from ) for ; Mon, 23 Oct 2023 13:19:46 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id eKlfH9JWNmURCgEA9RJhRA (envelope-from ) for ; Mon, 23 Oct 2023 13:19:46 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4FC8041332 for ; Mon, 23 Oct 2023 13:19:44 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=rootshell.ro header.s=default header.b=D5qseyNv; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1698059986; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=nIb+LcLov6R35nz9U3kS0O1Su4FSeMyfdnT28Yy6rFA=; b=YEtnnsN5z/Zb6wBuWpwXaLYF53/Rgq1dtWiSUfITcQugARvqJxePODkcuxZD3ryp4DzUj+ pOt1/52rU9cBg823sxN1/on6RuME86hTXsnsjPAkveg1kFr4qNu3vWji9HUDyhQfkywHua ojA70FxixA7yad2+Y3/44jBKrR3ZSMPqvcnsuoSN5kT1HX0VWkavpWj7JW38Jmx3hA4v0h bFAJVKNT+z/OHwJxP/Y7WcQzOeS7I4bgTsLkq4lbv3Bnhas5WjVmpY+L8b+9xdWJKKZbJa F/Oeq0Nn0kcoZsLOAMtr7r7zbPSMB9wdmTV7hKvN1qPG1Tte5nhQS5slHTvKQw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1698059986; a=rsa-sha256; cv=none; b=Bv7/B7qQU40Ske2InN0MNKwubj1OTnR8DDVD2DA61WgJXZSnOpMO7riMH1NrG0zjn0ecSe zkR8fosiT/ykrigFiEauXvbUmyatmdgA9751BIXdH0DrYqKOPbVpzZ0GfVM/bo4pfV5MTD qWzwvIW6JFB65Vgw60kEB2u8NTXy/rmlAGkcpWDexDz09/haNC7j4u+mYCMThGp6q5s240 JJx6fSJfGbTHqJHmdsBOurdouxShmUUIzJBuD15BHWJoz2MyIxGHJU/fEnKI5C52aZlFsp yRPAimQ92nxogLk5Ia2jJ2NYwFjBXjPkpmZQtE/yKaJrLVj1KwqvUE3yiU2H+A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=rootshell.ro header.s=default header.b=D5qseyNv; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qusxS-0003Dq-Oy; Mon, 23 Oct 2023 07:18:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qusxQ-0003DI-62 for emacs-orgmode@gnu.org; Mon, 23 Oct 2023 07:18:52 -0400 Received: from [2a02:2f0f:2f7:1::740] (helo=mail.rootshell.ro) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qusxM-00011f-PR for emacs-orgmode@gnu.org; Mon, 23 Oct 2023 07:18:51 -0400 Received: from localhost (unknown [IPv6:2001:4091:a247:81e5:c6ab:9e00:9c15:f896]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.rootshell.ro (Postfix) with ESMTPSA id 3A0E6264D9 for ; Mon, 23 Oct 2023 14:18:29 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rootshell.ro; s=default; t=1698059910; bh=Lo2MLlysYB7KzyXIM2NKc7UK4bJyDtk+OXPMriQFeqA=; h=Date:From:To:Subject:References:In-Reply-To:From; b=D5qseyNvCkBDdvCiobizHsR5wNd4nUvKrzDcyYQM7G6GcdK9XIryjmUGhpHoRix1R u6ZKdfQyHrjR0OBv4sU95Lz5E+/ULk2lzgmjxsNzH4yA7qNpjg1tgYa3kwYlaVT5kC 1PThm8wIuC7r6PCKMpBlX0U/EoLV5aII7eIcShV4Po5ELkeOUkHMYS5BY9uqiON/ql j8MrXaZYWBJUI/mJJNAnORVRIpvZcOaF9FkfgRKo2ROTEpD1NslSoTki3sH4PoBtTG km6TMwt8XefuXsXi3aVjCDQQN6Gj3qvOPtrQdQmNg6F/7+YGq4eXJFfgwgOfW6KdCh u6eqi7bbC9b/w== Date: Mon, 23 Oct 2023 13:18:27 +0200 From: Florin Boariu To: "emacs-orgmode@gnu.org" Subject: Re: org-ditaa woes Message-ID: References: <87wmvhnr8b.fsf@t14.reltub.ca> <31b83821-3468-499c-a7f8-54912e5caf90@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <31b83821-3468-499c-a7f8-54912e5caf90@gmail.com> X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a02:2f0f:2f7:1::740 (failed) Received-SPF: pass client-ip=2a02:2f0f:2f7:1::740; envelope-from=florin.om@rootshell.ro; helo=mail.rootshell.ro X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -6.32 X-Migadu-Queue-Id: 4FC8041332 X-Migadu-Scanner: mx0.migadu.com X-Migadu-Spam-Score: -6.32 X-TUID: 0sKNeg8srza6 On Sat, Oct 21, 2023 at 10:50:08AM +0700, Max Nikulin wrote: >Does it work when executed from Emacs shell or eshell buffers? > >Could you, please, provide complete sequence of commands to generate a >graphics file from a ditaa source for a shell running in Emacs? "M-x shell" and then: > sh-5.1$ echo -e "+-----+\n| moo |\n+-----+\n" > /tmp/foo.txt > sh-5.1$ cat /tmp/foo.txt > +-----+ > | moo | > +-----+ > > sh-5.1$ flatpak-spawn --host toolbox run /usr/bin/ditaa /tmp/foo.txt -o /tmp/foo.png > > ditaa version 0.9, Copyright (C) 2004--2009 Efstathios (Stathis) Sideris > > Running with options: > overwrite > Reading file: /tmp/foo.txt > Rendering to file: /tmp/foo.png > Done in 0sec > sh-5.1$ ...gives pretty much the expected result, which is a PNG image of the word "moo" embedded in a square. Is this what you hoped for? >Flatpack is a means to prevent accessing system files by applications >that may have less degree of trust. I expect that a package should be >carefully prepared to allow `man' and `info' access docs installed >system-wide, files from /usr/share/doc should be available for >doc-view, compiler toolchains should be available if Emacs is used for >development. It sounds like rather broad permissions for isolated >applications. ...I'm not an expert of Flatpak, but it is my understanding that it uses something they call "portals" for defined access to your file system. Apparently it's a bit more sphisticated than "just" broad access. For instance, once you have an application that requires to process a file, you're presented with a dialog window by the OS (*not* by the application) with which you can select your file. The file is then opened for you, and your application only has the option to write to that specific file -- and nowhere else. (Please don't fact-check me on this, I really am just parroting concepts here... :-p) This doesn't sound a lot like Emacs, and in fact I'm not sure how the Emacs Flatpak works. Given that it's an "editor" designed to "edit" everything, maybe it is indeed opening up most/all of the whole host filesystem (?), has very little in the way of actual isolation (??), and just uses Flatpak as a "package manager on steroids" only to keep its own dependencies private (???). But even this broad access to the host system isn't of any help to me. This is because of the way the Fedora Silverblue distribution works: the "bare linux" you boot into doesn't contain anything beyond bare Wayland/Gnome desktop shell and essential system tools (systemd, networking, DNS resolving, user management...). This is a read-only ("immutable") image, like a perpetual, bare-bones "live ISO" (courtesy of "libostree", https://ostreedev.github.io/ostree/ if you're interested). Any other applications -- gcc, python, additional libraries, development tools, ditaa etc -- are being installed in a kind of mutable container technology ("toolboxes", see https://containertoolbx.org/ ). Those are pretty strongly isolated from the host file system, and essentially only share the $HOME folder and some state (/var, /proc, /dev, ...) with the host. (This is a simplified view of things, but that's the gist of it.) This means that even if the Emacs Flatpak was to give broad access to the host, I still wouldn't be able to call "java -jar ...", simply because the host system isn't meant to, and generally doesn't, even have Java runtime to begin with, a ditaa.jar, or a /usr/bin/ditaa. Those are meant to exist in toolboxes. The command line above ("flatpak-spawn --host toolbox run [...]") is designed to cross two namespacing boundaries: - "flatpak-spawn --host [...]" breaks out from the Flatpak, - "toolbox run [...]" then executes a command inside a toolbox (e.g. "/usr/bin/ditaa"). The way they share data is worth some thought, but we incidentally get lucky here: Emacs writes the code into "/tmp/...", which is shared and accessible across all namespaces; and /usr/bin/ditaa read that, and writes the PNG in the current project folder (in $HOME), which, in this case, is also shared by emacs. Hope this helps a bit to see the context of my request :-) I really _need_ to generically execute a command. >Menu: Org → Documentation → Show version, Help → About Emacs >or M-x org-version "9.6.6 (release_9.6.6 @ /app/share/emacs/29.1/lisp/org)" > M-x emacs-version. "GNU Emacs 29.1 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.38, cairo version 1.16.0), of 2023-08-06" Cheers, Florin. -- "Socks come in pairs. If you put a sock on your left foot, the other sock of the pair instantly becomes the “right sock,” no matter where it is located in the universe." -- quantum entanglement explained on /.