python-cairocffi's tests are starting to fail with glycin: https://koschei.fedoraproject.org/package/python-cairocffi?collection=f43 ___________________________________ test_api ___________________________________ def test_api(): with pytest.raises(pixbuf.ImageLoadingError): pixbuf.decode_to_image_surface(b'') with pytest.raises(pixbuf.ImageLoadingError): pixbuf.decode_to_image_surface(b'Not a valid image.') with pytest.raises(pixbuf.ImageLoadingError): pixbuf.decode_to_image_surface(PNG_BYTES[:10]) > surface, format_name = pixbuf.decode_to_image_surface(PNG_BYTES) ../BUILDROOT/usr/lib/python3.14/site-packages/cairocffi/test_pixbuf.py:36: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.14/site-packages/cairocffi/pixbuf.py:129: in decode_to_image_surface pixbuf, format_name = decode_to_pixbuf(image_data, width, height) ../BUILDROOT/usr/lib/python3.14/site-packages/cairocffi/pixbuf.py:100: in decode_to_pixbuf handle_g_error(error, gdk_pixbuf.gdk_pixbuf_loader_close(loader, error)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ error = <cdata 'GError *' 0x3ff10001070>, return_value = 0 def handle_g_error(error, return_value): """Convert a ``GError**`` to a Python :exception:`ImageLoadingError`, and raise it. """ error = error[0] assert bool(return_value) == (error == ffi.NULL) if error != ffi.NULL: if error.message != ffi.NULL: message = ('Pixbuf error: ' + ffi.string(error.message).decode('utf8', 'replace')) else: # pragma: no cover message = 'Pixbuf error' glib.g_error_free(error) > raise ImageLoadingError(message) E cairocffi.pixbuf.ImageLoadingError: Pixbuf error: Could not spawn `env -i "bwrap" "--unshare-all" "--die-with-parent" "--chdir" "/" "--ro-bind" "/usr" "/usr" "--dev" "/dev" "--ro-bind-try" "/etc/ld.so.cache" "/etc/ld.so.cache" "--tmpfs" "/tmp-home" "--setenv" "HOME" "/tmp-home" "--tmpfs" "/tmp-run" "--setenv" "XDG_RUNTIME_DIR" "/tmp-run" "--symlink" "/usr/lib" "/lib" "--symlink" "/usr/lib64" "/lib64" "--seccomp" "18" "/usr/libexec/glycin-loaders/2+/glycin-image-rs"`: No such file or directory (os error 2) ../BUILDROOT/usr/lib/python3.14/site-packages/cairocffi/pixbuf.py:64: ImageLoadingError This is because /usr/bin/bwrap is not installed. Nothing in cairocffi seems to reference brwap, but glycin does: ## Sandboxing and Inner Workings Glycin spawns one process per image file. The communication between glycin and the loader takes place via peer-to-peer D-Bus over a Unix socket. Glycin supports a sandbox mechanism inside and outside of Flatpaks. Outside of Flatpaks, the following mechanisms are used: The image loader binary is spawned via `bwrap`. The bubblewrap configuration only allows for minimal interaction with the host system. Only necessary parts of the filesystem are mounted and only with read access. There is no direct network access. Environment variables are not passed to the sandbox. Before forking the process the memory usage is limited via calling `setrlimit` and syscalls are limited to an allow-list via seccomp filters. Inside of Flatpaks the `flatpak-spawn --sandbox` command is used. This restricts the access to the filesystem in a similar way as the direct `bwrap` call. The memory usage is limited by wrapping the loader call into a `prlimit` command. No additional seccomp filters are applied to the existing Flatpak seccomp rules. So it seems like glycin-loaders should require /usr/bin/bwrap Reproducible: Always
It looks like I saw an issue that was filed later first, sorry about that - but it should be fixed in rawhide now. Submitting the same fix for Fedora 42 is currently blocked by a build failure on s390x :( *** This bug has been marked as a duplicate of bug 2387023 ***