search

DevToys-app / DevToys

A Swiss Army knife for developers.
https://devtoys.app/
MIT License
27.38k stars 1.47k forks source link

Can't start the GUI version on Ubuntu #1198

Closed penguinland closed 4 months ago

penguinland commented 5 months ago

Current behavior

I downloaded the CLI for x86 Linux, and it works great. I tried downloading the GUI for x86 Linux, and get the following output:

<dozens of warnings about gtk theme parser errors>
(process:116369): Gtk-WARNING **: 14:05:00.734: Theme parser error: gtk.css:1934:42-61: No property named "-gtk-outline-radius"
bwrap: setting up uid map: Permission denied

** (DevToys:116369): ERROR **: 14:05:00.991: Failed to fully launch dbus-proxy: Child process exited with code 1
zsh: IOT instruction (core dumped)  ./DevToys.Linux

How to reproduce it (as minimally and precisely as possible)

  1. Have an Ubuntu machine.
  2. Download the GUI version
  3. Unzip it
  4. Execute ./DevToys.Linux

Expected behavior

The program starts up

Screenshots

Screenshot_2024-06-11_14-13-46 Screenshot_2024-06-11_14-13-28

Workaround

Use the CLI instead. :shrug:

Affected platforms

Linux

Affected DevToys kind

DevToys (app with GUI)

DevToys Version

v2.0.1.0

Relevant Assets/Logs

alan-14:12>./DevToys.Linux

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:123:137-163: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:129:143-169: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:155:615-641: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:157:663-689: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:167:356-382: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:169:380-406: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:173:702-728: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:175:750-776: Expected a valid color.

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:189:55-69: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:190:26-40: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:200:357-373: No property named "-gtk-icon-effect"

(process:117044): Gtk-WARNING **: 14:13:04.617: Theme parser error: gtk.css:204:589-605: No property named "-gtk-icon-effect"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:390:42-61: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:430:814-833: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:432:1242-1270: No property named "-gtk-outline-top-left-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:432:1277-1308: No property named "-gtk-outline-bottom-left-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:434:1237-1266: No property named "-gtk-outline-top-right-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:434:1273-1305: No property named "-gtk-outline-bottom-right-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:436:1410-1429: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:438:391-410: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:440:1014-1042: No property named "-gtk-outline-top-left-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:440:1049-1078: No property named "-gtk-outline-top-right-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:442:1044-1075: No property named "-gtk-outline-bottom-left-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:442:1082-1114: No property named "-gtk-outline-bottom-right-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:444:464-483: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.618: Theme parser error: gtk.css:577:64-90: No property named "-GtkWidget-window-dragging"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:641:610-626: No property named "-gtk-icon-effect"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:102-135: No property named "-GtkTreeView-horizontal-separator"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:140-168: No property named "-GtkTreeView-grid-line-width"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:173-203: No property named "-GtkTreeView-grid-line-pattern"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:209-237: No property named "-GtkTreeView-tree-line-width"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:242-272: No property named "-GtkTreeView-tree-line-pattern"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:761:278-304: No property named "-GtkTreeView-expander-size"

(process:117044): Gtk-WARNING **: 14:13:04.619: Theme parser error: gtk.css:838:21-47: No property named "-GtkWidget-window-dragging"

(process:117044): Gtk-WARNING **: 14:13:04.620: Theme parser error: gtk.css:1051:102-136: No property named "-GtkScrollbar-has-backward-stepper"

(process:117044): Gtk-WARNING **: 14:13:04.620: Theme parser error: gtk.css:1051:145-178: No property named "-GtkScrollbar-has-forward-stepper"

(process:117044): Gtk-WARNING **: 14:13:04.620: Theme parser error: gtk.css:1315:95-114: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.620: Theme parser error: gtk.css:1317:51-70: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1517:50-64: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1519:59-73: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1521:53-67: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1523:62-76: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1525:51-65: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1527:60-74: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1529:52-66: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1531:61-75: Not a valid image

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1632:715-746: No property named "-gtk-outline-bottom-left-radius"

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1634:688-720: No property named "-gtk-outline-bottom-right-radius"

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1706:130-149: No property named "-gtk-outline-radius"

(process:117044): Gtk-WARNING **: 14:13:04.621: Theme parser error: gtk.css:1864:23-39: No property named "-gtk-icon-effect"

(process:117044): Gtk-WARNING **: 14:13:04.622: Theme parser error: gtk.css:1934:42-61: No property named "-gtk-outline-radius"
bwrap: setting up uid map: Permission denied

** (DevToys:117044): ERROR **: 14:13:04.875: Failed to fully launch dbus-proxy: Child process exited with code 1
zsh: IOT instruction (core dumped)  ./DevToys.Linux
phiro69 commented 5 months ago

I installed 2.0.1 via the debian on Ubuntu 24.04 LTS, and when launching via gnome under Wayland, I get a similar error:


2024-06-11T14:17:04.243303-05:00 xxx systemd[2714]: Started app-gnome-devtoys-71305.scope - Application launched by gnome-shell.
2024-06-11T14:17:04.915724-05:00 xxx devtoys.desktop[71349]: bwrap: setting up uid map: Permission denied
2024-06-11T14:17:04.915774-05:00 xxx kernel: audit: type=1400 audit(1718133424.913:395): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=71348 comm="bwrap" requested="userns_create" target="unprivileged_userns"
2024-06-11T14:17:04.915792-05:00 xxx kernel: audit: type=1400 audit(1718133424.913:396): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=71349 comm="bwrap" capability=8  capname="setpcap"
2024-06-11T14:17:04.915800-05:00 xxx kernel: audit: type=1400 audit(1718133424.913:397): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 profile="unprivileged_userns" name="proc/71349/uid_map" pid=71349 comm="bwrap" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
2024-06-11T14:17:04.916304-05:00 xxx DevToys[71305]: Failed to fully launch dbus-proxy: Child process exited with code 1```
phiro69 commented 5 months ago

There is also logs being generated I guess here: ~/.local/share/devtoys-preview/Logs One log for each run, with an epoch timestamp for a name, each run for me (4 in all) are the same, no errors, just startup text. Here's the tail with the prior ~40 lines snipped:

<snip>
2024-06-11T14:17:04.7979265-05:00   Information [DevToys.Core.Tools.GuiToolInstance]    [LogInitialized]    Initialized 'Settings' tool instance manager.
2024-06-11T14:17:04.7985013-05:00   Information [DevToys.Core.Tools.GuiToolInstance]    [LogInitialized]    Initialized 'NoSearchResults' tool instance manager.
2024-06-11T14:17:04.8011967-05:00   Information [DevToys.Core.Tools.GuiToolProvider]    [LogToolInstancesCreated]   Instantiated 32 tools in 8.4096ms
badcel commented 5 months ago

Could it be that it is resulting from Ubuntus AppArmor configuration (see: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces)?

You would probably need to configure your system to be able to run the software. You can try the commands mentioned in the linked blog article to verify if it works if you disable the feature temporarily.

penguinland commented 5 months ago

This is on my work laptop, so I don't feel comfortable disabling security features even temporarily, sorry. I'm on Ubuntu 24.04, using the XFCE desktop environment and window manager, if that's important.

Like @phiro69, I see logs generated in that directory, but they don't indicate any obvious problems:

2024-06-11T15:44:19.1213375-04:00   Information [DevToys.Core.FileHelper]   [0] Cleared temp files in 0.3513ms
2024-06-11T15:44:19.1272374-04:00   Information [DevToys.Core.Mef.MefComposer]  [LogDiscoveringPlugin]  Discovering plugin in '/home/alan/devtoys/Plugins/DevToys.Tools'...
2024-06-11T15:44:19.1993479-04:00   Information [DevToys.Core.Mef.MefComposer]  [LogMefComposition] MEF composed 112 parts from 6 assemblies in 73.3683ms
2024-06-11T15:44:19.2126419-04:00   Information [DevToys.Linux.LinuxProgram]    [2] MEF, services and logging initialized in 319.6586 ms
2024-06-11T15:44:19.2126928-04:00   Information [DevToys.Linux.LinuxProgram]    [1] App is starting...
2024-06-11T15:44:19.2345329-04:00   Information [DevToys.Core.Tools.GuiToolInstance]    [LogInitialized]    Initialized 'Base64ImageEncoderDecoder' tool instance manager.
2024-06-11T15:44:19.2345753-04:00   Information [DevToys.Core.Tools.GuiToolInstance]    [LogInitialized]    Initialized 'Base64TextEncoderDecoder' tool instance manager.
...
2024-06-11T15:44:19.2356517-04:00   Information [DevToys.Core.Tools.GuiToolInstance]    [LogInitialized]    Initialized 'NoSearchResults' tool instance manager.
2024-06-11T15:44:19.2371463-04:00   Information [DevToys.Core.Tools.GuiToolProvider]    [LogToolInstancesCreated]   Instantiated 32 tools in 4.3755ms
phiro69 commented 5 months ago

I'm 99% sure this is an overzealous apparmor issue, I'm working on a unconfined profile for devtoys but I can't quite get it to work. Mixing the case (DevToys vs devtoys) seems - no offense DevToys devs - really stupid.

phiro69 commented 5 months ago

The answer was right in front of me, it's not DevToys.Linux that's being denied, it's when it invokes bubblewrap.

This "fixes" the issue:

sudo pico /etc/apparmor.d/bwrap && sudo systemctl restart apparmor.service

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/bwrap>
}

A reference here: https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/ and many other askubuntu & other resources.

veler commented 5 months ago

Hi @phiro69 , Thanks for your investigation and the workaround you found.

I have to admit I'm pretty newbie to Linux. Is this issue something that should be fixed in DevToys, or is it some magic going-on on some people's machine, in which case I can't do much?

Thanks

phiro69 commented 5 months ago

I'm no linux expert haha ;)

AppArmor is part of Ubuntu, and it keeps getting ratcheted up each release. In 23.10 they enabled the restriction of unprivileged user namespaces, which broke alot of apps. The announcement is here: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces

One of their sorta-temporary mitigations if you need an unprivileged user namespace as part of your app is to create a profile in apparmor's daemon config folder for your app, and you can even submit it to be included in Ubuntu automatically. 24.04 shipped with ~117 pre-canned exceptions/profiles for apps like steam, discord, slack, opera, firefox, chrome, 1password, and many others. Your app is invoking bubblewrap (bwrap) which doesn't have a pre-existing profile, and it's being blocked from creating an unprivileged user namespace.

To answer your question, I don't know if the best solution is to: 1) get bwrap to submit a profile to be included in Ubuntu 2) change the way you are calling bwrap so to not create a namespace like its being asked to so you are compliant/slip under AppArmor's aegis 3) I ran out of ideas 4) ??? 5) profit!

Skipping to # 5 is what generative ai would suggest.

edit: PS - posting on r/linux is for the brave and/or foolhardy; the loudest people there are permanent trolls that hate the world. Ignore all the hate, relish in all the praise. I come from a history of being a windows system admin, and you & your cohorts bringing devtoys to linux is awesome and there's a ton of people who are only discovering your toolkit for the first time and they are loving it. TYVM for all of this.

PPS supplying a debian is chef's kiss, tyvm. I would suggest you add a snap to your build output and put it in the Ubuntu store; your core audience isn't arch users sitting in their mom's basement bemoaning systemd's tentacles taking over the world, despite 90% of the comments on r/linux.

MuhAssar commented 5 months ago

The answer was right in front of me, it's not DevToys.Linux that's being denied, it's when it invokes bubblewrap.

This "fixes" the issue:

sudo pico /etc/apparmor.d/bwrap && sudo systemctl restart apparmor.service

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/bwrap>
}

A reference here: https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/ and many other askubuntu & other resources.

thank you, using your instructions I successfully launched devtoys on ubuntu 24.04

snippyvalsonkv commented 5 months ago

Hi, Did you try installing DevToys through the deb package? I downloaded the deb file and installed it using GDebi. I am able to start and use DevToys after installing it like that.

veler commented 4 months ago

Please use this workaround for now:

sudo pico /etc/apparmor.d/bwrap && sudo systemctl restart apparmor.service

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/bwrap>
}
mpaterakis commented 1 month ago

Please use this workaround for now:

sudo pico /etc/apparmor.d/bwrap && sudo systemctl restart apparmor.service

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/bwrap>
}

Thank you so much! This is the only workaround that allows me to run bwrap-enabled apps on my LTS24. I even disabled apparmor as a test (stopped it, disabled it, rebooted), with no results. Your solution worked immediately.

gegarcia commented 1 month ago

Please don't create an "unconfined" profile for bwrap. This completely bypasses the unprivileged user namespace creation restriction and makes your machine exploitable by attacks that use it.

You should instead create a profile for DevToys instead. Please contact the AppArmor community if you need any assistance.

AppArmor upstream has created a profile for bwrap that does not make your machine vulnerable. You can find the profile here. It is not enabled by default on Ubuntu, but you can enable it by either copying the file from gitlab, installing it on /etc/apparmor.d/, and load it using sudo apparmor_parser /etc/apparmor.d/bwrap-userns-restrict

You can also use the version shipped by the apparmor-profile package, and create a symbolic link from the extra-profiles directory to /etc/apparmor.d/ sudo ln -s /usr/share/apparmor/extra-profiles/bwrap-userns-restrict /etc/apparmor.d/ and load it sudo apparmor_parser /etc/apparmor.d/bwrap-userns-restrict.

simaotwx commented 2 weeks ago

I'm having the same issue, but with Nix: bwrap: setting up uid map: Permission denied I added said bwrap file to apparmor.d and restarted the service, still same result.