From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 46275123A1;
	Thu, 27 Nov 2025 20:27:57 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id DAD2112341; Thu, 27 Nov 2025 20:27:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-b2-smtp.messagingengine.com
 (fhigh-b2-smtp.messagingengine.com [202.12.124.153])
	by atuin.qyliss.net (Postfix) with ESMTPS id 0A31612387
	for <devel@spectrum-os.org>; Thu, 27 Nov 2025 20:27:54 +0000 (UTC)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44])
	by mailfhigh.stl.internal (Postfix) with ESMTP id 01CAD7A0631;
	Thu, 27 Nov 2025 15:27:51 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-04.internal (MEProxy); Thu, 27 Nov 2025 15:27:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm3; t=1764275271; x=
	1764361671; bh=xI0J12Zj99enh7BtkPn/6+C6ZgDWiMdshm63knZem6I=; b=B
	CTs/EqAwqk+q4235VV0HL2Qj3mMi0600KLGr4AwWdJG4+YBo2S2AoPR2DvpQyx9a
	z2E6gAm9nBrnOvUtYS4qof5SAeu3rI/xM8ikGGCvvJg9+TAJFHPPt7oHNtdmxFse
	BUY3zecX0aehPFwXwMxhHSEN6BVTND4stb1uGJ0A24K1P5TlE8nkkI16Bqd9GStC
	/Sq0TlWc1wWxLATCPhZ0T60F2LY/6UHydH3wlVqr7cdH+Y2Fn+axIoylHneWQKMx
	IZYBqv+LKHHkf501f/EE6i1HlCsdDSp6bSQN7cgdWFs07E1d4YqMV9Ghh5XT70xM
	hjYQzgQeWcEllpDcQyauw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm1; t=1764275271; x=1764361671; bh=x
	I0J12Zj99enh7BtkPn/6+C6ZgDWiMdshm63knZem6I=; b=j/v72YE17ZsnOI3IE
	ZBwkZ2doKLKGlfg7xPGnlXFAAyAnr/XKIlHCK8S5armABnCyGTteTlNDO4P1jPkz
	1kOx3vEb9XCCFDkfkjXVzmAphyZsVR/3i5Mg5DE3FOAOdlXss3BGbzzvCTohtrV7
	SyqHG9WKDJyw95uyhbyDKtc4nldJ5BW/m/7FyELyRB/Umd63NQ/4pn6w5YoZ3qZz
	eE6K6yg5nZy5Q1UKDqmXslED/JZqCeuwQDpPPcBF4PQm/m69GGbbR+2Jc1Dfaz+X
	KH/QZoGyI5Zl9eYzfSZJf2NQxJffel8J+/z8S2RCs2OqsBBWbWsHQAJ3BsI/yl/1
	RC05w==
X-ME-Sender: <xms:R7QoaSPqL0wHVAubT9MWEK-W8cL51A5sBC1oy2JHLQX-4mT5GRM7Mg>
    <xme:R7QoadQPsXBbRSfpUGUfRNVu3VL0gySPIj4dNk8CmmdkB5BWh9uqrbFwPX7-mYYp4
    3GgmgkHW9WQZ76QkdV_QwAJVEj9pMuEcpDfvsskMO7oM9rI7g>
X-ME-Received: 
 <xmr:R7QoacA-C47L_OAfHQwN7fIMC9wx2uhV0tEqAGwkHD1h6QfbpHMeYIgiolFdgwoYow>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvgeekudekucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomheptehlhihsshgr
    ucftohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnheptefhge
    eiffffleetudeuledtleeutefhueetveeiteeugfegfeduvdelgfdtfedvnecuffhomhgr
    ihhnpehsphgvtghtrhhumhdqohhsrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc
    frrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhspdhnsggprhgtphht
    thhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguvghmihhosggvnhhouh
    hrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdho
    shdrohhrgh
X-ME-Proxy: <xmx:R7QoaUjXvcYdIZqg-Jn_BB8b7UjxAXznVqp1lvss7LfTq6uBBCOS-g>
    <xmx:R7QoadNP6EjTYJuC4TX5G0sQL2A6IPZ7S4vEFtVsJ5tA1V49sFWoFA>
    <xmx:R7Qoad7X_3rNV0yPLcKgzrh0Z1TrQHFgFeU6723rEt5X6a-DN515nw>
    <xmx:R7QoaT3bTqldj9RQJo6ACc_It5H5BoZm2Tkq-UImu9fjBgapR5KsbQ>
    <xmx:R7QoaUbKeiDrsJ-BT0NWkksWQenVaSPtuO8VPkosVGc7tU3J1qSPpUeA>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 27 Nov 2025 15:27:51 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id 1B2B92BB1AE2; Thu, 27 Nov 2025 21:27:40 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH v3 3/3] host/rootfs: add run-flatpak script
Date: Thu, 27 Nov 2025 21:23:15 +0100
Message-ID: <20251127202311.42422-7-hi@alyssa.is>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251127202311.42422-2-hi@alyssa.is>
References: <20251127202311.42422-2-hi@alyssa.is>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 2WNYSN5ON7AS735GLQXDB7U6MHGJDFI2
X-Message-ID-Hash: 2WNYSN5ON7AS735GLQXDB7U6MHGJDFI2
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/2WNYSN5ON7AS735GLQXDB7U6MHGJDFI2/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This is the entrypoint for running Flatpak applications.

It would be good to only add mounts for the VM in virtiofsd's mount
namespace, so we don't need to do lots of manual unmounts, but that's
a wider change affecting more than just Flatpak.

I've tested this by copying my host's Flatpak repository into a disk
image, and attaching that as a drive to the VM.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
v3: pass $@ to mount-flatpak rather than each individual argument.
v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251124195921.24441-1-hi@alyssa.is/

 host/rootfs/default.nix               | 10 +++---
 host/rootfs/file-list.mk              |  1 +
 host/rootfs/image/usr/bin/run-flatpak | 51 +++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100755 host/rootfs/image/usr/bin/run-flatpak

diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 941c04e..c93a06b 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -11,8 +11,9 @@ pkgsStatic.callPackage (
 { spectrum-host-tools
 , lib, stdenvNoCC, nixos, runCommand, writeClosure, erofs-utils, s6-rc
 , busybox, cloud-hypervisor, cryptsetup, dbus, execline, inkscape
-, iproute2, inotify-tools, jq, mdevd, s6, s6-linux-init, socat
-, util-linuxMinimal, virtiofsd, xorg, xdg-desktop-portal-spectrum-host
+, iproute2, inotify-tools, jq, mdevd, mount-flatpak, s6, s6-linux-init
+, socat, util-linuxMinimal, virtiofsd, xorg
+, xdg-desktop-portal-spectrum-host
 }:
 
 let
@@ -34,8 +35,9 @@ let
 
   packages = [
     cloud-hypervisor cryptsetup dbus execline inotify-tools iproute2
-    jq mdevd s6 s6-linux-init s6-rc socat spectrum-host-tools
-    util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host
+    jq mdevd mount-flatpak s6 s6-linux-init s6-rc socat
+    spectrum-host-tools util-linuxMinimal virtiofsd
+    xdg-desktop-portal-spectrum-host
 
     (busybox.override {
       # Use a separate file as it is a bit too big.
diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index 7625c54..67529c0 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -43,6 +43,7 @@ FILES = \
 	image/usr/bin/assign-devices \
 	image/usr/bin/create-vm-dependencies \
 	image/usr/bin/run-appimage \
+	image/usr/bin/run-flatpak \
 	image/usr/bin/run-vmm \
 	image/usr/bin/vm-console \
 	image/usr/bin/vm-import \
diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
new file mode 100755
index 0000000..f7b9bc4
--- /dev/null
+++ b/host/rootfs/image/usr/bin/run-flatpak
@@ -0,0 +1,51 @@
+#!/bin/execlineb -W
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
+
+backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
+backtick -E id { basename -- $dir }
+
+if {
+  elgetpositionals
+
+  if { mkdir -p /run/configs/${id}/fs }
+  if { redirfd -w 1 /run/configs/${id}/fs/type echo flatpak }
+  if { cd /run/configs/${id}/fs mount-flatpak $@ }
+  if {
+    ln -s /usr/lib/spectrum/img/appvm/blk /usr/lib/spectrum/img/appvm/vmlinux
+      /run/configs/${id}
+  }
+
+  if { ln -s /run/configs/${id} ${dir}/config }
+
+  if { create-vm-dependencies $id }
+
+  piperw 4 3
+  background {
+    fdclose 3
+    fdmove 0 4
+
+    # Wait for the VMM to be up, then start the VM.
+    if { redirfd -w 1 /dev/null head -1 }
+    vm-start $id
+  }
+  fdclose 4
+
+  foreground { run-vmm $id }
+}
+
+if { s6-instance-delete -- /run/service/vm-services $id }
+
+if {
+  elglob -0 flatpak_dir_mounts /run/configs/${id}/fs/flatpak/*/*/*/*/*
+  forx -E mount {
+    ${dir}/fs/doc
+    /run/configs/${id}/fs/flatpak/repo/config
+    $flatpak_dir_mounts
+    /run/configs/${id}/fs/flatpak
+    ${dir}/fs/config
+  }
+  umount $mount
+}
+
+rm -r $dir /run/configs/${id}
-- 
2.51.0