systemed / potlatch3

OpenStreetMap editor for desktop
Other
26 stars 5 forks source link

AIR on Linux? #2

Open systemed opened 3 years ago

systemed commented 3 years ago

It should in theory be possible to get AIR 2.6 running on modern Linux (e.g. Ubuntu 20.04), enabling P3 to be run.

https://launchpad.net/~andykimpe/+archive/ubuntu/adobeair looks like the most promising solution and is reputedly 20.04 (Focal)-compatible.

I'd welcome anyone trying it with the "more Linux-friendly" AIR file from https://www.systemed.net/potlatch/download/ and reporting back. There may well be P3 issues with Linux AIR, but hopefully we can work through those one by one.

mmd-osm commented 3 years ago

I'm still getting segfaults when testing on Xenial:

/usr/bin# Adobe\ AIR\ Application\ Installer       
The program 'Adobe AIR Application Installer' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 183 error_code 2 request_code 130 minor_code 3)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
Application crashed with an unhandled SIGSEGV
Crashlog has been dumped in /tmp/airCrashLogs/1230_1643_kmJJcw
root@ubuntu:~# Adobe\ AIR\ Application\ Installer  /root/Potlatch_Linux.air  
The program 'Adobe AIR Application Installer' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 183 error_code 2 request_code 130 minor_code 3)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
Application crashed with an unhandled SIGSEGV
Crashlog has been dumped in /tmp/airCrashLogs/1230_1654_1zY2LE

By the way, support for AIR 2.6 on Linux ended in June 2011 already, that's almost a decade ago...

mmd-osm commented 3 years ago

Ok, on attempt # 5, installation somehow started. Please don't ask me what was different this time... :|

p3

systemed commented 3 years ago

Thanks - that's promising. Out of interest, are the "Background" and "Map Style" menus populated?

I wonder if there's something in P3 which isn't 2.6-compliant and is causing it to b0rk; the only thing I'm aware of is the JSON parsing and there's a fallback for that, but it's very possible there's something else in there.

(I just had a go at putting ubuntu-desktop on my home OSRM box, but quickly got lost in a warren of dependencies so it doesn't look like I'll be able to debug it in the flesh any time soon.)

mmd-osm commented 3 years ago

It's not that all network communication is dead. I'm getting all help window contents, which is served by your website. Background and Mapstyle had a few entries, and they seemed ok. I also tried the search function, which sends some request to Nominatim, but the handshake breaks at some point, and I'm getting no results. At one point I was thinking about some certificate weirdness, but again, you're also using Let's encrypt.

I'm running this again in my Docker based setup (my real box runs on Focal) with X11 forwarding. All networking inside the container seemed to be ok otherwise.

systemed commented 3 years ago

Yep, my gut feeling is that it's probably just a post-2.6 instruction has sneaked in somewhere, which is causing execution to halt. Looking at the changelog for 3.0 onwards the only thing I've yet spotted is that we have a couple of calls to .isPlaying in CollapsiblePanel.as, but I wouldn't have thought that would be called at this point (edit: it's Effect.isPlaying not MovieClip.isPlaying anyway, so that's not an issue).

(I may see if I can get my old Power Mac G5 up and running, as I suspect that still has a Flash Player roughly equivalent to AIR 2.6...)

SomeoneElseOSM commented 3 years ago

I'm not even getting that far - just trying the https://launchpad.net/~andykimpe/+archive/ubuntu/adobeair route and that PPA seems not to work for focal (20.04).

I'm seeing (among lots of others) "ia32-libs-multiarch:i386 Depends: libcurl3:i386 but it is not installable", and "sudo apt install libcurl3:i386" fails because libcurl4:i386 is the version for this OS.

I'll try taking a step back, not using this PPA and getting the 32-bit stuff in place "properly" on 20.04, but I suspect that Wine might actually be the more supportable option than mixed 64+32 bit libraries and relying on an Air runtime from 2011.

mmd-osm commented 3 years ago

For the sake of completeness, here's my Docker setup (requires xhost + on host for testing)

that's for testing only, it's not meant as a final solution!

sudo docker run -ti --rm  -e DISPLAY=$DISPLAY --net=host -v /tmp/.X11-unix:/tmp/.X11-unix ubuntu:16.04 /bin/bash

apt-get update
apt-get install -y software-properties-common wget unzip ca-certificates

dpkg --add-architecture i386
add-apt-repository -y ppa:andykimpe/adobeair
apt-get update

apt-get -y install adobeair 

cd
wget https://www.systemed.net/potlatch/download/Potlatch_3_air_linux__2020_12_29.zip
unzip Potlatch_3_air_linux__2020_12_29.zip

Adobe\ AIR\ Application\ Installer /root/Potlatch_Linux.air

Adobe AIR installer step may throw "Application crashed with an unhandled SIGSEGV" Just keep on trying forever, it will succeed eventually.

Start Potlatch once installed using /opt/Potlatch/bin/Potlatch

Squid configuration: super painful, follow https://techexpert.tips/de/squid-de/installieren-sie-squid-mit-https-unterstuetzung-unter-ubuntu-linux/ to compile squid 4 from sources (apologies, main text is in German).

Install certificate: /opt/Adobe\ AIR/Versions/1.0/Resources/installCertificate -l myCA.der

export http_proxy=localhost:3128
export https_proxy=localhost:3128
mmd-osm commented 3 years ago
screencast (click to open) ![potlatch3](https://user-images.githubusercontent.com/5842757/103407960-deb0bb80-4b60-11eb-8cb8-a2a73f253d88.gif)
systemed commented 3 years ago

That's interesting. So it's not fetching or parsing the (remotely stored) imagery JSON, nor the Nominatim results XML.

mmd-osm commented 3 years ago

Tried it with my local Rails port as backend. Remote control & uploading changes looks ok. OAuth config was a bit brittle, but I got it working in the end.

p3_local

p3_screen

systemed commented 3 years ago

I've tried running P2 on my old PowerPC Mac which has led me to think that this might be a TLS issue - or as you said above, "certificate weirdness".

openstreetmap.org, osmlab.github.io (for the imagery index), and nominatim.openstreetmap.org all have TLS 1.1 and 1.0 disabled.

systemed.net (for the help pages) has it explicitly enabled (despite LetsEncrypt's defaults). Your local rails_port is presumably running over HTTP.

If that is indeed the issue, I guess the challenge is whether AIR for Linux can be made to support TLS 1.2, or whether it's permanently stuck on an earlier version. I might drop andykimpe a line.

mmd-osm commented 3 years ago

Yes, that makes sense. I've also seen some TLS handshake errors in wireshark:

Request: TLSv1 Client Hello Response: TLSv1 Alert (Level: Fatal, Description: Protocol Version)

mmd-osm commented 3 years ago

You can do some funny tricks using stunnel inside the container, similar to https://www.stunnel.org/pipermail/stunnel-users/2012-March/003666.html

p3_api

systemed commented 3 years ago

Wow, that's interesting. So in theory, could we have a Dockerfile that would have all of this in it, and we could suggest to Linux users that they just use that?

mmd-osm commented 3 years ago

For a Dockerfile, we would need to include all those instructions I mentioned earlier on. Installing Adobe AIR and Potlatch will be a bit of a pain, due to their dependency on a working X server. I tried some fake X11 server a while back with limited success. A fully automated build will be challenging.

Then we need some HTTP(s) proxy to handle the TLS1.2 termination and funnel all Potlatch traffic through. stunnel is a bit too static, as we need to be able to connect to pretty much arbitrary sites out there.

It looks like there's still quite some work ahead, but it might be feasible after all.

systemed commented 3 years ago

That's really promising - thanks for all the digging so far.

KAMiKAZOW commented 3 years ago

Ruffle is a Flash Player emulator written in Rust. Ruffle runs natively on all modern operating systems as a standalone application, and on all modern browsers through the use of WebAssembly.

https://ruffle.rs/

systemed commented 3 years ago

Indeed, but it only has 1% compatibility with the ActionScript 3 API right now, so isn't a realistic proposition for running Potlatch yet. https://ruffle.rs/#compatibility

grischard commented 3 years ago

I'd use something like squid as a plain http proxy inside the container to also do the translation to modern TLS for imagery tile servers, etc.

SomeoneElseOSM commented 3 years ago

I'd use something like squid as a plain http proxy inside the container to also do the translation to modern TLS for imagery tile servers, etc.

This actually looks more doable than it sounds at first glance (see e.g. https://stackoverflow.com/questions/34398484/can-i-use-squid-to-upgrade-client-tls-connections and https://wiki.squid-cache.org/Features/HTTPS ). One thought though - is there a potential issue with AIR's root certificate list? I've no idea where that comes from on various OSes, and whether there could be a problem because it doesn't understand (say) the root behind the Let's Encrypt certificate used by openstreetmap.org.

mmd-osm commented 3 years ago

I've seen this squid post on stackoverflow before, but haven't tried it out yet. Maybe that's an option. The last thing I tried was mitmproxy, a man-in-the-middle-proxy. It needs to run outside the container, making it rather difficult to set up for a normal user.

Adobe AIR seems to have some command line tool to install additional root certificates, if a missing certificate turns out to be an issue.

mmd-osm commented 3 years ago

New screenshot - using squid... super painful to get it working. needs compiling squid from sources. squid package provided by xenial doesn't have all necessary compile flags set :|

potlatch

Also, users need to confirm tons of SSL certificate alerts once per session despite installing the root certificate. Maybe that didn't really work as expected.

pl3_nag

grischard commented 3 years ago

Nice screenshot location :)

It's a pity it doesn't give you more detail. Does the same error happen without the certificate import? What happens if using squid from a normal modern browser, what's the certificate being used?

mmd-osm commented 3 years ago

I'm not sure this is worthwhile exploring much further. As I wrote here, the native version has a number of other issues that would need to be solved on top of the SSL Certificate Alert topic - issues that basically don't even exist when using wine.

systemed commented 3 years ago

It appears that Harman have revived AIR support for Linux: https://www.reddit.com/r/as3/comments/p9vqd2/building_air_game_for_linux_working_experience/

I don't have a Linux desktop to test on but am just posting the link here in case anyone's curious!