On 11/30/25 23:45, Alyssa Ross wrote: > This is the entrypoint for running Flatpak applications. > > It would be good to only add mounts for the VM in virtiofsd's mount > namespace, so we don't need to do lots of manual unmounts, but that's > a wider change affecting more than just Flatpak. > > I've tested this by copying my host's Flatpak repository into a disk > image, and attaching that as a drive to the VM. > > Signed-off-by: Alyssa Ross > --- > v4: use the new VM mount namespace > v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251127202311.42422-7-hi@alyssa.is/ > > host/rootfs/default.nix | 12 +++---- > host/rootfs/file-list.mk | 1 + > host/rootfs/image/usr/bin/run-flatpak | 47 +++++++++++++++++++++++++++ > 3 files changed, 54 insertions(+), 6 deletions(-) > create mode 100755 host/rootfs/image/usr/bin/run-flatpak > > diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix > index 57dd7a9..ca2084f 100644 > --- a/host/rootfs/default.nix > +++ b/host/rootfs/default.nix > @@ -12,9 +12,9 @@ pkgsMusl.callPackage ( > , lib, stdenvNoCC, nixos, runCommand, writeClosure, erofs-utils, s6-rc > , btrfs-progs, busybox, cloud-hypervisor, cosmic-files, crosvm > , cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3, iproute2 > -, inotify-tools, jq, kmod, mdevd, mesa, s6, s6-linux-init, socat > -, systemd, util-linuxMinimal, virtiofsd, westonLite > -, xdg-desktop-portal, xdg-desktop-portal-gtk > +, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6 > +, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd > +, westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk > , xdg-desktop-portal-spectrum-host > }: > > @@ -26,9 +26,9 @@ let > > packages = [ > btrfs-progs cloud-hypervisor cosmic-files crosvm cryptsetup dbus > - execline fuse3 inotify-tools iproute2 jq kmod mdevd s6 s6-linux-init > - s6-rc socat spectrum-host-tools spectrum-router util-linuxMinimal virtiofsd > - xdg-desktop-portal-spectrum-host > + execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6 > + s6-linux-init s6-rc socat spectrum-host-tools spectrum-router > + util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host > > (foot.override { allowPgo = false; }) > > diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk > index bfe3940..df22bce 100644 > --- a/host/rootfs/file-list.mk > +++ b/host/rootfs/file-list.mk > @@ -55,6 +55,7 @@ FILES = \ > image/usr/bin/assign-devices \ > image/usr/bin/create-vm-dependencies \ > image/usr/bin/run-appimage \ > + image/usr/bin/run-flatpak \ > image/usr/bin/run-vmm \ > image/usr/bin/spectrum-update \ > image/usr/bin/vm-console \ > diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak > new file mode 100755 > index 0000000..d7914a7 > --- /dev/null > +++ b/host/rootfs/image/usr/bin/run-flatpak > @@ -0,0 +1,47 @@ > +#!/bin/execlineb -W > +# SPDX-License-Identifier: EUPL-1.2+ > +# SPDX-FileCopyrightText: 2024-2025 Alyssa Ross > + > +backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX } > +backtick -E id { basename -- $dir } > + > +if { > + elgetpositionals Serial substitution again! Should not be an issue as $id and $dir should not contain ‘$’, but nicer to avoid. You can use ‘elgetpositionals’ with ‘multisubstitute’ instead. > + if { mkdir -p /run/configs/${id}/fs } > + > + if { > + ln -s /usr/lib/spectrum/img/appvm/blk /usr/lib/spectrum/img/appvm/vmlinux > + /run/configs/${id} > + } > + > + if { ln -s /run/configs/${id} ${dir}/config } > + > + if { create-vm-dependencies $id } > + > + if { > + nsenter --mount=${dir}/mount > + cd ${dir}/fs/config > + if { redirfd -w 1 type echo flatpak } > + mount-flatpak $@ > + } > + > + piperw 4 3 > + background { > + fdclose 3 > + fdmove 0 4 > + > + # Wait for the VMM to be up, then start the VM. > + if { redirfd -w 1 /dev/null head -1 } > + vm-start $id > + } > + fdclose 4 > + > + foreground { run-vmm $id } > +} > + > +if { s6-instance-delete -- /run/service/vm-services $id } > + > +if { umount ${dir}/mount } # mount namespace > +if { umount ${dir}/mount } # private bind mount > +rm -r $dir /run/configs/${id} -- Sincerely, Demi Marie Obenour (she/her/hers)