-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make libvips opt-in #30504
Make libvips opt-in #30504
Conversation
@@ -1,3 +1,27 @@ | |||
# frozen_string_literal: true | |||
|
|||
Vips.block_untrusted(true) if Vips.at_least_libvips?(8, 13) | |||
if ENV['MASTODON_USE_LIBVIPS'] == 'true' | |||
ENV['VIPS_BLOCK_UNTRUSTED'] = 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has the same effect as the block_untrusted
below I think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think so, yes. My reasoning to go with the env var approach was to disable those as soon as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont think this has an effect if we call block_untrusted
below? I dont think that vips will run any foreign code if it is not called on an image.
This is probably the right path at least initially for upgrading to 4.3 from previous versions. Would give folks time to figure out how to adopt it if we advertise the performance benefits. The container builds would be fine to switch to libvips. Would we mark IM support as deprecated and then maybe remove it in 4.4 or 4.5? |
fc24134
to
d560ce8
Compare
d560ce8
to
512b122
Compare
30a4077
to
745d3a7
Compare
I still need to refactor it a bit, but I added a couple CI jobs running on Ubuntu 24.04 (
I think all that remains is refactoring the |
c0b7a09
to
f2e65bf
Compare
f2e65bf
to
17485b1
Compare
@@ -148,6 +148,93 @@ jobs: | |||
env: | |||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |||
|
|||
test-libvips: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably use a re-usable workflow for this to deduplicate the code, but this can be done in a further PR
@@ -1,3 +1,27 @@ | |||
# frozen_string_literal: true | |||
|
|||
Vips.block_untrusted(true) if Vips.at_least_libvips?(8, 13) | |||
if ENV['MASTODON_USE_LIBVIPS'] == 'true' | |||
ENV['VIPS_BLOCK_UNTRUSTED'] = 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont think this has an effect if we call block_untrusted
below? I dont think that vips will run any foreign code if it is not called on an image.
#30090 removes ImageMagick in favor of libvips, which has many benefits.
This PR fixes a few issue with it and requires libvips 8.13+ in order to disable unsafe and unused format support.
However, that requirement being pretty steep, with a lot of major distributions shipping earlier version, it changes libvips to be opt-in, behind the
MASTODON_USE_LIBVIPS
environment variable.The idea being to deprecate ImageMagick in favor of libvips in 4.3, and drop support for ImageMagick in 4.4 or 5.0.