Last month GNOME 49 was released , very smooth overall, especially given the amount of changes across the entire stack that we shipped.

One thing that is missing and that flew under the radar however, is that 32 bit Compatibility extension (org.gnome.Platform.i386.Compat) of the GNOME Flatpak Runtime is now gone. We were planning on making an announcement earlier but life got in the way.

That extension is a 32-bit version of the Runtime that applications could request to use. This is mostly helpful so Wine can use a 32 bit environment to run against. However your wine or legacy applications most likely don’t require a 32 bit build of GTK 4, libadwaita or WebkitGTK.

We rebuild all of GNOME from the latest commits in git in each module, at least twice a day. This includes 2 builds of WebkitGTK, a build of mozjs and a couple of rust libraries and applications. Multiplied for each architecture we support. This is no small task for our CI machines to handle. There were also a couple of updates that were blocked on 32-bit specific build failures, as projects rarely test for that before merging the code. Suffice to say that supporting builds that almost nobody used or needed was a universal annoyance across developers and projects.

When we lost our main pool of donated CI machines and builders, the first thing in the chopping block was the 32-bit build of the runtime. It affected no applications, as none are relying on the Nightly version of the extension but it would affect some applications on Flathub once released.

In order to keep the applications working, and to avoid having to overload our runners again, we thought about another approach. In theory it would be possible to make the runtime compatible with the org.Freedesktop.i386.Compat extension point instead. We already use freedesktop-sdk as the base for the runtime so we did not expect many issues.

There were exactly 4 applications that made use of the gnome specific extension, 2 in Flathub, 1 in Flathub Beta and 1 archived.

Abderrahim and I worked on porting all the application to the GNOME 49 runtime and have Pull Requests open. The developers of Bottles were great help in our testing and the subsequent PR is almost ready to be merged. Lutris and Minigalaxy need some extra work to upgrade the runtime but its for unrelated reasons.

Since everything was working we never re-published the i386 GNOME compatibility extension again in Nightly, and thus we also didn’t for GNOME 49. As a result, the GNOME Runtime is only available for x86_64 and AArch64.

Couple years ago we dropped the normal armv7 and i386 build as of the Runtime. With the i386 compatibility extension also gone, it means that we no longer have any 32 bit targets we QA before releasing GNOME as a whole. Previously, all modules we released would be guaranteed to at least compile for i386/x86 but going forward that will not be the case.

Some projects, for example glib, have their own CI specifically for 32 bit architectures. What was a project-wide guarantee before, is now a per-project opt-in. While many maintainers will no longer go out of their way to fix 32 bit specific issues anymore, they will most likely still review and merge any patches sent their way.

If you are a distributor, relying on 32 bit builds of GNOME, you will now be expected to debug and fix issues on your own for the majority of the projects. Alternatively you could also get involved upstream and help avoid further bit rot of 32 bit builds.

Free Palestine

Not as much as I wanted to do was done in September.

libopenraw

Extracting more of the calibration values for colour correction on DNG. Currently work on fixing the purple colour cast.

Added Nikon ZR and EOS C50.

ExifTool

Submitted some metadata updates to ExifTool. Because it nice to have, and also because libopenraw uses some of these autogenerated: I have a Perl script to generate Rust code from it (it used to do C++).

Niepce

Finally merged the develop branch with all the import dialog work after having requested that it be removed from Damned Lies to not strain the translator is there is a long way to go before we can freeze the strings.

Supporting cast

Among the number of packages I maintain / update on flathub, LightZone is a digital photo editing application written in Java ¹ . Updating to the latest runtime 25.08 cause it to ignore the HiDPI setting. It will honour GDK_SCALE environment but this isn't set. So I wrote the small command line too gdk-scale to output the value. See gdk-scale on gitlab . And another patch in the wrapper script.

HiDPI support remains a mess across the board. Fltk just recently gained support for it (it's used by a few audio plugins).

A while ago I wrote about the limited usefulness of SO_PEERPIDFD . for authenticating sandboxed applications. The core problem was simple: while pidfds gave us a race-free way to identify a process, we still had no standardized way to figure out what that process actually was - which sandbox it ran in, what application it represented, or what permissions it should have.

The situation has improved considerably since then.

cgroup xattrs

Cgroups now support user extended attributes. This feature allows arbitrary metadata to be attached to cgroup inodes using standard xattr calls.

We can change flatpak (or snap, or any other container engine) to create a cgroup for application instances it launches, and attach metadata to it using xattrs. This metadata can include the sandboxing engine, application ID, instance ID, and any other information the compositor or D-Bus service might need.

Every process belongs to a cgroup, and you can query which cgroup a process belongs to through its pidfd - completely race-free.

Standardized Authentication

Remember the complexity from the original post? Services had to implement different lookup mechanisms for different sandbox technologies:

• For flatpak: look in /proc/$PID/root/.flatpak-info
• For snap: shell out to snap routine portal-info
• For firejail: no solution
• …

All of this goes away. Now there’s a single path:

1. Accept a connection on a socket
2. Use SO_PEERPIDFD to get a pidfd for the client
3. Query the client’s cgroup using the pidfd
4. Read the cgroup’s user xattrs to get the sandbox metadata

This works the same way regardless of which sandbox engine launched the application.

A Kernel Feature, Not a systemd One

It’s worth emphasizing: cgroups are a Linux kernel feature. They have no dependency on systemd or any other userspace component. Any process can manage cgroups and attach xattrs to them. The process only needs appropriate permissions and is restricted to a subtree determined by the cgroup namespace it is in. This makes the approach universally applicable across different init systems and distributions.

To support non-Linux systems, we might even be able to abstract away the cgroup details, by providing a varlink service to register and query running applications. On Linux, this service would use cgroups and xattrs internally.

Replacing Socket-Per-App

The old approach - creating dedicated wayland, D-Bus, etc. sockets for each app instance and attaching metadata to the service which gets mapped to connections on that socket - can now be retired. The pidfd + cgroup xattr approach is simpler: one standardized lookup path instead of mounting special sockets. It works everywhere: any service can authenticate any client without special socket setup. And it’s more flexible: metadata can be updated after process creation if needed.

For compositor and D-Bus service developers, this means you can finally implement proper sandboxed client authentication without needing to understand the internals of every container engine. For sandbox developers, it means you have a standardized way to communicate application identity without implementing custom socket mounting schemes.

It’s Friday, which means that it’s time for another GNOME Foundation update. Here’s what’s been happening in the Foundation over the past 7 days.

Membership rule change

The GNOME Foundation’s members are a vitally important part of the organisation, and this week we changed our membership requirements to make them more inclusive. This change required legal input, and was one of the reasons that I had a call with a lawyer last week. With that done we have been able to drop the requirement that members provide a legally registered name: as long as the name you provide is used elsewhere and we have a valid email address, that should be enough.

I’d like to thank community members for their patience while we dealt with this matter. I’d also like to thank Andrea Veri for helping with the change, as well as all the work he’s done over the years on the GNOME Foundation Membership Committee. He’s a hugely important part of the Foundation and has been tireless over many years helping to keep our membership running smoothly. Thank you Andrea!

If you’ve wanted to apply for membership in the past, but have been put off by the name requirement, I hope you’ll feel encouraged to apply now .

Board meeting preparation

The Board of Directors has a regular meeting scheduled for next Tuesday, and there is quite a lot on the agenda, so this week has been taken up with preparing the various motions and policy changes that will be presented for ratification.

This is how Boards of Directors are generally supposed to work, with policies, reports, and plans being prepared ahead of time, so that the Board can then review and/or authorize them. I’m glad that we seem to be working in that model.

Digital wellbeing

There was another team call for our digital wellbeing program this week. As mentioned in a previous post, this program is in its final stages, and we are meeting regularly to review progress.

The project is currently focusing on delivering essential parental controls features, primarily screen time limits for children. This will make GNOME into a viable platform for children, young people and their carers: an important demographic that we want to serve better.

This week Ignacy did a demo of the work so far, showing off the updated Parental Controls app, screen limits and bedtime features. Sam Hewitt from the design team joined the call to provide UX review, and identified a list of papercut issues that the team will be working on as the project draws to a conclusion.

Testing these new digital wellbeing features can be challenging, due to them being requiring development branches in multiple modules, so Ignacy produced a custom GNOME OS image with the changes. If you’re curious, you can try it. (Sidenote: this is a great demonstration of GNOME OS and its associated tooling.)

Staff vacations

Several staff members have been taking a well-earned break this week. The past few months have been a busy period for our staff, so now is a good time for a recharge. I hope everyone comes back full of energy!

Credit card policy

The Foundation provides credit cards for certain staff members and officers, as a low-friction payment method for some types of expenses. We had some spending and reporting rules defined in the platform we use, and we haven’t had any issues around credit card usage, but we didn’t have a written policy, so this week I introduced one . This will make it clearer when credit cards should and shouldn’t be used, and make sure that our corporate credit card usage follows best practice.

Message ends

That’s it! Thanks for reading, and see you next week!

• Mail chew, patch bits, sync with Dave.
• Re-arranged the lounge to bring the Windows build machine back into action for VM-based build acceleration & office testing after its main role (and ethernet cable) got replaced by a cheap Android-TV box.
• Published the next strip exploring whether maintenance should be free:
  
• Chased a weird hanging in a Loading phase issue through reams of logs.

• Mail chew, patch review, planning call, lunch.
• Disabled Vaultwarden's browser plugin - after the performance horrors of re-scanning the DOM every keystroke - to seeing if that helps with my wayland/x11 clipboard issues.
• Plugged away at a contract, still suffering from poor contrast between selected and un-selected window titles in GNOME in light-mode too on large-screen, tried highlight focus for my keyboard only flow.
• Date night with J. lovely to spend some time with just her and eat out too, been a while.

Another edition of LinuxDays took place in Prague last weekend – the country’s largest Linux event drawing more than 1200 attendees and as every yearm we had a Fedora booth there – this time we also representing CentOS.

I was really glad that Tomáš Hrčka helped me staff the booth. I’m focused on the desktop part of Fedora and don’t follow the rest of the project in such detail. As a member of FESCo and Fedora infra team he has a great overview of what is going on in the project and our knowledge complemented each other very well when answering visitors’ questions. I’d also like to thank Adellaide Mikova who helped us tremendously despite not being a technical person.

This year I took our heavy 4K HDR display and showcased HDR support in Fedora Linux whose implementation was a multi-year effort for our team. I played HDR videos in two different video players (one that supports HDR and one that doesn’t), so that people could see a difference, and explained what needed to be implemented to make it work.

Another highlight of our booth were the laptops that run Fedora exceptionally well: Slimbook and especially Framework Laptop. Visitors were checking them out and we spoke about how the Fedora community works with the vendors to make sure Fedora Linux runs flawlessly on their laptops.

We also got a lot of questions about CentOS. We met quite a few people who were surprised that CentOS still exists. We explained to them that it lives on in the form of CentOS Stream and tried to dispel some of common misconceptions surrounding it.

Exhausting as it is, I really enjoy going to LinuxDays, but it’s also a great opportunity to explain things and get direct feedback from the community.

It’s a wet and windy October afternoon here in the UK, and it’s time for another GNOME Foundation update. As ever, there is plenty going on behind the scenes which hasn’t made it into this post, such as planning discussions and routine operations. However, there are some notable things from this week that are easier to sum up.

Sovereign Tech Resilience

The GNOME Project was recently fortunate to receive support from the Sovereign Tech Agency through their Sovereign Tech Resilience program . This program works by contracting out assistance for open source projects, and has resulted in a firm called Neighbourhood.ie Software doing some work on the Blueprint markup language, including implementing a new linter.

Neighbourhood.ie’s Blueprint work is now almost complete, and the new capabilities they have implemented will help to make GNOME maintainers and developers more efficient, and will also help to reduce bugs.

It is obviously fantastic to receive support like this, and I’d like to offer thanks to STA for the funding, to Neighbourhood.ie for being a great partner, and to Sonny Piers for developing the original work outline for this initiative.

With the Blueprint work being wrapped up, we are now in conversation with Neighbourhood.ie about other work that they might undertake. For this we’re drawing on a list of possible work areas that Adrian Vovk and I recently worked up in conversation with GNOME community members.

Black Python Devs

I had a great conversation today with Jay Miller from Black Python Devs. The GNOME Foundation is proud to provide fiscal hosting for Black Python Devs, and it was great to hear about how their work is having a major positive impact. If you haven’t already, I’d recommend that you check out their website .

Legal adventures

My quest to find answers to some of our pending corporate governance questions finally ended in success this week, with a successful call with a lawyer who specialises in this area. We’ll be working through the advice we got very soon.

Policy development

Policies are part and parcel of running a non-profit like the GNOME Foundation, and I’ve recently been working on a number of policy updates that will hopefully come into effect in coming months. This is mostly about tightening up procedures, and will hopefully help with budgeting and smoother operations in the future.

Message ends

Thanks for reading and see you next week!

At Red Hat we are expected to set, and meet, goals each quarter if we want our “full” bonus. One of those is around introducing AI into our daily work. You’ve probably seen various Red Hat employees talking about AI because there is financial incentive to do so.

Astute students of behavioral science know that humans work harder to not lose something than to gain something new. So perhaps for many it’s more about not losing that revenue stream. Arguably it’s only a “mandate to use AI” if you are entitled to the revenue so coming for your bonus is a convenient way to both “not be a mandate” and take advantage of the human behavior to not lose something.

Conveniently, I got pretty fed up with Debug Adapter Protocol (DAP for short) this week. So I wondered how hard it would be to just talk the MI2 protocol like Builder does (using the GPLv3+ gdbwire) but with a libdex-oriented library. It could potentially make integrating GDB into Foundry much easier.

Red Hat has so generously given us “ephemeral credits” at Cursor.com to play with so I fired up the cursor-agent command line tool and got started.

My goal here is just to make a minimal API that speaks the protocol and provides that as DexFuture with a very shallow object model. The result for that is mi2-glib . This post is mostly about how to go about getting positive results from the bias machine.

Writing a fully featured library in a couple hours is certainly impressive, regardless of how you feel about AI’s contributions to it.

Before I continue, I want to mention that this is not used in Foundry and the GDB support which landed today is using DAP. This was just an experiment to explore alternatives.

Create Project Scaffolding

To get the project started I used Foundry’s shared library template. It creates a C-based project with pkg-config, GObject Introspection support, Vala *.vapi generation, versioning with ABI mechanics, and gi-doc based documentation. Basically all the tricky things just work out of the box.

You could probably teach the agent to call this command but I choose to do it manually.

foundry template create library
Location[/home/christian]: .

The name for your project which should not contain spaces
Project Name: mi2-glib

The namespace for the library such as "Mylib"
Namespace: Mi2
 1: No License
 2: AGPL 3.0 or later
 3: Apache 2.0
 4: EUPL 1.2
 5: GPL 2.0 or later
 6: GPL 3.0 or later
 7: LGPL 2.1 or later
 8: LGPL 3.0 or later
 9: MIT
10: MPL 2.0
License[7]:
Version Control[yes]: 
mi2-glib/meson.options
mi2-glib/meson.build
mi2-glib/lib/meson.build
mi2-glib/testsuite/meson.build
mi2-glib/lib/mi2-glib.h
mi2-glib/lib/mi2-version.h.in
mi2-glib/lib/mi2-version-macros.h
mi2-glib/testsuite/test-mi2-glib.c
mi2-glib/doc/mi2-glib.toml.in
mi2-glib/doc/urlmap.js
mi2-glib/doc/overview.md
mi2-glib/doc/meson.build
mi2-glib/README.md
mi2-glib/LICENSE
mi2-glib/.foundry/.gitignore
mi2-glib/.foundry/project/settings.keyfile
mi2-glib/.git/objects
mi2-glib/.git/refs/heads
mi2-glib/.git/HEAD

Building Context

After that I added an AGENTS.md file that described how I want code to be written. I gave it some examples of my C style (basically opinionated GTK styling). That is things like preferring autoptr over manual memory management, how to build, how to test, etc. Consider this the “taste-making” phase.

The next thing I needed to do was to ensure that it has enough examples to be able to write libdex-based GObject code. So I copied over the markdown docs from libdex and some headers. Just enough for the agent to scan and find examples to prime how it should be used. Update your AGENTS.md to note where that documentation can be found and what it can expect to find there. That way the agent knows to look for more details.

Just as a matter of practicality, it would be great if we could have gi-doc generate markdown-formatted descriptions of APIs rather than just HTML.

Now that is all good and fun, but this is about mi2 now isn’t it? So we need to teach the agent about what mi2 is and how it works. Only then will it be able to write something useful for us.

GDB conveniently has a single-file version of the documentation so we need not piss off any network admins with recursive wget.

That left me with a big HTML document with lots of things that don’t matter. I wanted something more compact that will better fit into the context window of the agent. So I asked the agent to look over the HTML file and amalgamate a single gdb.md containing the documentation in a semi-structured format with markdown. That is of course still a lot of information.

Next, I went another level deeper where I asked it to extract from gdb.md information about the mi2 protocol. Any command in the mi2 protocol or related command in GDB is important and therefore should be included in a new mi2.md document. This will serve as the basis of our contextual knowledge.

Knowing the Problem Domain

Using an agent is no replacement for knowing the problem domain. Thankfully, I’ve written dozens of socket clients/servers using GIO primitives. So I can follow my normal technique.

First we create a client class which will manage our GIOStream . That may be a GSocketConnection or perhaps even a GSimpleIOStream containing memory streams or file streams to enable unit testing.

Then we move on to a GDataInputStream which can read the format. We ask the agent to subclass appropriately and provide a DexFuture based wrapper which can read the next message. It should have enough context at this point to know what needs to be read. Start simple, just reading the next message as a bag of bytes. We parse it into structured messages later.

After that do the same for a GDataOutputStream subclass. Once we have that we can ask the agent to wrap the input/output streams inside the client. All pretty easy stuff for it to get right.

Where I found it much easier to write things myself was dealing with the mechanics of a read-loop that will complete in-flight operations. Small price to pay to avoid debugging the slop machine.

After these mechanics are in place we can start on the message type. I knew from my previous debugger work in Builder that there would be a recursive result type and a toplevel container for them. I decided to name these Message and Result and then let the agent generate them. Even the first try had something “usable” even if I would say not very tasteful. It kept trying to do manual memory management. It left lots of “TODO” in place rather than actually doing the thing.

Instead of trying to describe to the agent how its implementation was ugly and incomplete I realized my time would be better spent letting it figure it out. So I shifted my focus towards a test suite.

Setting up a Test Suite

I saw the biggest improvement from the agent after I setup a test suite. This allowed the agent to run ninja test to check the results. That way it wasn’t just about satisfying GCC compiler warnings but also that it was functional.

I would start this as early as you can because it pays dividends. Make sure you provide both good and bad inputs to help guide it towards a better implementation.

The biggest win was creating tests for the input stream. Create different files with good and bad input. Since they wrap a base stream it is pretty easy to mock that up with a GFileInputStream or GMemoryOutputStream and verify the results. If the tests provide enough context through debug messages the agent can feed that back into why the error occurred. This made the iteration loop remarkably fast.

Another extremely valuable thing to do is to setup some type of sanitizer in your build configuration. I often build with meson configure -Db_sanitize=address to help catch memory errors. But also do things like assert object finalization in your testsuite to make sure that leaks don’t hide them.

Anyway, writing this post took about as long as designing the core parts of the library and that, I guess in some small way, is pretty neat.