emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Florin Boariu <florin.om@rootshell.ro>
To: "emacs-orgmode@gnu.org" <emacs-orgmode@gnu.org>
Subject: Re: org-ditaa woes
Date: Mon, 23 Oct 2023 13:18:27 +0200	[thread overview]
Message-ID: <ZTZWg8MbrPzza7qA@toolbox> (raw)
In-Reply-To: <31b83821-3468-499c-a7f8-54912e5caf90@gmail.com>

On Sat, Oct 21, 2023 at 10:50:08AM +0700, Max Nikulin wrote:

>Does it work when executed from Emacs shell or eshell buffers?
>Could you, please, provide complete sequence of commands to generate a 
>graphics file from a ditaa source for a shell running in Emacs?

"M-x shell" and then:

> sh-5.1$ echo -e "+-----+\n| moo |\n+-----+\n" > /tmp/foo.txt
> sh-5.1$ cat /tmp/foo.txt 
> +-----+
> | moo |
> +-----+
> sh-5.1$ flatpak-spawn --host toolbox run /usr/bin/ditaa /tmp/foo.txt -o /tmp/foo.png
> ditaa version 0.9, Copyright (C) 2004--2009  Efstathios (Stathis) Sideris
> Running with options:
> overwrite
> Reading file: /tmp/foo.txt
> Rendering to file: /tmp/foo.png
> Done in 0sec
> sh-5.1$ 

...gives pretty much the expected result, which is a PNG image of the
word "moo" embedded in a square. Is this what you hoped for?

>Flatpack is a means to prevent accessing system files by applications 
>that may have less degree of trust. I expect that a package should be 
>carefully prepared to allow `man' and `info' access docs installed 
>system-wide, files from /usr/share/doc should be available for 
>doc-view, compiler toolchains should be available if Emacs is used for 
>development. It sounds like rather broad permissions for isolated 

...I'm not an expert of Flatpak, but it is my understanding that it
uses something they call "portals" for defined access to your file
system. Apparently it's a bit more sphisticated than "just" broad

For instance, once you have an application that requires to process a
file, you're presented with a dialog window by the OS (*not* by the
application) with which you can select your file. The file is then
opened for you, and your application only has the option to write to
that specific file -- and nowhere else. (Please don't fact-check me on
this, I really am just parroting concepts here... :-p)

This doesn't sound a lot like Emacs, and in fact I'm not sure how the
Emacs Flatpak works. Given that it's an "editor" designed to "edit"
everything, maybe it is indeed opening up most/all of the whole
host filesystem (?), has very little in the way of actual isolation
(??), and just uses Flatpak as a "package manager on steroids"
only to keep its own dependencies private (???).

But even this broad access to the host system isn't of any help to
me. This is because of the way the Fedora Silverblue distribution
works: the "bare linux" you boot into doesn't contain anything
beyond bare Wayland/Gnome desktop shell and essential system tools
(systemd, networking, DNS resolving, user management...). This is a
read-only ("immutable") image, like a perpetual, bare-bones "live
ISO" (courtesy of "libostree", https://ostreedev.github.io/ostree/ if
you're interested).

Any other applications -- gcc, python, additional libraries,
development tools, ditaa etc -- are being installed in a kind of
mutable container technology ("toolboxes", see
https://containertoolbx.org/ ). Those are pretty strongly isolated
from the host file system, and essentially only share the $HOME folder
and some state (/var, /proc, /dev, ...) with the host.

(This is a simplified view of things, but that's the gist of it.)

This means that even if the Emacs Flatpak was to give broad access to
the host, I still wouldn't be able to call "java -jar ...", simply
because the host system isn't meant to, and generally doesn't, even
have Java runtime to begin with, a ditaa.jar, or a /usr/bin/ditaa.
Those are meant to exist in toolboxes.

The command line above ("flatpak-spawn --host toolbox run [...]") is
designed to cross two namespacing boundaries:

   - "flatpak-spawn --host [...]" breaks out from the Flatpak,

   - "toolbox run [...]" then executes a command inside a toolbox
     (e.g. "/usr/bin/ditaa").

The way they share data is worth some thought, but we incidentally get
lucky here: Emacs writes the code into "/tmp/...", which is shared
and accessible across all namespaces; and /usr/bin/ditaa read that,
and writes the PNG in the current project folder (in $HOME), which, in
this case, is also shared by emacs.

Hope this helps a bit to see the context of my request :-)

I really _need_ to generically execute a command.

>Menu: Org → Documentation → Show version, Help → About Emacs
>or M-x org-version

"9.6.6 (release_9.6.6 @ /app/share/emacs/29.1/lisp/org)"

> M-x emacs-version.

"GNU Emacs 29.1 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.38,
cairo version 1.16.0), of 2023-08-06"


    "Socks come in pairs. If you put a sock on your left foot, the other
     sock of the pair instantly becomes the “right sock,” no matter where
     it is located in the universe."
                                  -- quantum entanglement explained on /.

  reply	other threads:[~2023-10-23 11:19 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-19 10:59 org-ditaa woes Florin Boariu
2023-10-20 17:22 ` Leo Butler
2023-10-20 18:16   ` Dr. Arne Babenhauserheide
2023-10-20 19:31     ` Leo Butler
2023-10-20 21:39   ` Florin Boariu
2023-10-21  3:50     ` Max Nikulin
2023-10-23 11:18       ` Florin Boariu [this message]
2023-10-24  7:55         ` Max Nikulin
2023-10-24  9:31           ` Florin Boariu
2023-10-24  9:38             ` Ihor Radchenko
2023-10-25 19:00               ` Leo Butler
2023-10-26  8:44                 ` Max Nikulin
2023-10-26  9:30                 ` Ihor Radchenko
2023-12-20 18:03               ` Leo Butler
2023-12-21 14:15                 ` Ihor Radchenko
2023-10-26 15:32           ` Leo Butler
2023-10-23 12:25       ` Florin Boariu
2023-10-21  7:44     ` Dr. Arne Babenhauserheide
2023-10-21  8:56       ` [TASK] Allow customizeable ditaa executable in ob-ditaa.el (was: org-ditaa woes) Ihor Radchenko
2023-11-09  3:17         ` [TASK] Allow customizeable ditaa executable in ob-ditaa.el Leo Butler
2023-11-09 12:17           ` Max Nikulin
2023-11-10  3:19             ` Leo Butler
2023-11-10 10:09               ` Ihor Radchenko
2023-11-10 10:38               ` Max Nikulin
2023-11-10 15:21                 ` Leo Butler
2023-11-11 10:07                   ` Ihor Radchenko
2023-11-10 10:18           ` Ihor Radchenko
2023-11-10 14:59             ` Leo Butler
2023-11-11 10:24               ` Ihor Radchenko
2023-11-13 16:26                 ` Leo Butler
2023-11-15 11:12           ` Formatting worg code examples (was: Re: [TASK] Allow customizeable ditaa executable in ob-ditaa.el) Max Nikulin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZTZWg8MbrPzza7qA@toolbox \
    --to=florin.om@rootshell.ro \
    --cc=emacs-orgmode@gnu.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).