Is it possible to run ROOT 6.34 with the new RBrowser in Ubuntu using the snap chromium browser?

Is it possible to run ROOT 6.34 with the new RBrowser in Ubuntu using the snap chromium browser?

The problem appears to be that when starting a new TBrowser ROOT looks for a file named /tmp/root_start_XXXXX.html where /tmp is the native temp directory, but chromium on Ubuntu is a snap package and so uses a sandboxed temp directory (/tmp/snap-private-tmp/snap.chromium/tmp) and is unable to see the native /tmp. Is there any way to tell ROOT to look in the chromium sandboxed temp area? (e.g. an environment variable?) Or some other way to use the new web based gui features when chromium is a snap package?

_ROOT Version: 6.34.02
_Platform: Ubuntu 24.04 LTS on WSL 2
_Compiler: gcc 13.3.0 w/ snap chromium 134.0.6998.88


Welcome to the ROOT Forum!
Maybe @linev can help

Hi,

Shell variable TMPDIR can be used to change location of /tmp directory.

You also can start ROOT application in web server mode.
Like root --web=server:7788
In such case just URL will be printed. One have to copy it to any browser.

Regards,
Sergez

1 Like

Dear Sergey,

Thank you for your quick reply.

Changing TMPDIR is insufficient because access is restricted to /tmp/snap-private-tmp/snap.chromium/tmp. A sudo command is required to write there or even list its contents.

The web server trick works but, of course, must be activated for each canvas. A macro such as .demo is rather inconvenient through that channel.

I’m not sure how to solve either puzzle without installing the repository for the non-snap version of chromium and installing chromium from there … which is not the preferred way of doing things on Ubuntu these days.

I would be delighted to hear your thoughts.

Cheers,
Jim

Dear Sergey & Friends,

Here is one solution to the problem: the snap version of chromium has access to the user’s home directory. So it is possible to create a new ‘tmp4root’ directory under the user’s home directory and then export TMPDIR=“/home/user_name/tmp4root”. Finally, run ROOT with the web option pointing to chromium.

This works for many macros but doesn’t work reliably for the .demo suite of macros. I’m not sure why. It also has the drawback that tmp4root is now used for all of your /tmp needs and it doesn’t clear itself out upon reboot (etc).

Cheers,
Jim

Hi,

I’d expect that this would work sort of work by default; because there’s patches in the latest release that should have this work by default and did the last time I’d tested. However for WSL2 specifically, the mechanism that handles opening the web browser (xdg-open) doesn’t work, so the file needs to be accessed manually for WSL2 (including via e.g., xdg-open just run in bash outside of the snap).

Could you try run sudo snap refresh just to ensure everything is up to date and try again?

root-framework  v6-34-02  943

The file containing the authorisation token as I’ve just tested it should go in $HOME automatically; ROOT will then clear this automatically upon exiting, meanwhile the rest of $TMP is untouched, this is explicitly changed from the default behaviour to benefit sandboxed browsers.

It’s also worth mentioning if you just open the .html file in e.g., nano or via cat, you can just extract the URL and visit it in any web browser on the system, such as e.g., Microsoft Edge in the Windows environment, the networking aspects of the web ROOT and Jupyter Notebook environments aren’t limited to the Linux side.

Dear Jim (James?),

Magic is good. I am working with a locally compiled version of ROOT 6.34.02 and/or the precompiled 6.34.04 for Ubuntu 24.04. However, I’m not working with your snap version of ROOT, rather I’m pulling the source or image down from the cern website. I could imagine that your snap version has some magic built in.

So I suppose the obvious question is whether the magic can be exported (so to speak) so that any version of Root on WSL2 can access the web gui features.

Update: I installed the snap version of root-framework and refreshed the others as you described. No Magic. At the highest level, it doesn’t behave any differently than the locally compiled version of ROOT. The web based gui tools for the snap version of root-framework don’t work unless you do something manually such as copy paste the address for each canvas into the address field of a browser. Specs below.

Welcome to ROOT 6.34.02
(c) 1995-2024, The ROOT Team; conception: R. Brun, F. Rademakers
Built for linuxx8664gcc on Dec 28 2024, 08:39:22
From tags/v6-34-02, v6-34-02
With (Ubuntu 13.3.0-6ubuntu2~24.04) c++13.3.0

Cheers,
Jim

Ah apologies, I misread this as you were running the ROOT snap itself; but sure, the problem is specifically regarding the Chromiums snap own usage of temp.

Unfortunately then there likely won’t be any magic, the underlying problem is that to Chromium as a snap, /tmp is actually a different folder, and it won’t find whatever string/filename you provide due to the mount namespace. On the snapcraft side, I’d made a proposal a while ago that a snap should be able to opt into being able to write into a subdirectory of /tmp that itself is public, because these edge cases are basically unsolvable otherwise, it didn’t pick up any traction and annoyingly also wouldn’t even help here, because the application would still have to opt into actually using it.

In terms of your options upon rereading then, your fix to move $TMPDIR is basically the only immediate fix. What you might like to do is to use /etc/fstab and make a folder in $HOME that itself is a tmpfs so that it’ll always be cleared up like /tmp itself should be. Aside from that, I think you’d need to patch the RBrowser code to prefer somewhere else too.

Since this isn’t a problem with the ROOT snap itself, it could be worth raising it as a bug on the Github repo. This likely doesn’t even just effect Chromium and e.g., likely doesn’t work on the default Ubuntu Firefox - and likely, doesn’t even just effect snaps, e.g., Flatpak Browsers could run into similar problems.

As I imagine the underlying problem, the intention is to keep the session token hidden and the file open approach is a good way of achieving that in the usual circumstances, but, with the ecosystem changing around ROOT, maybe having a environment (or build) variable to override this one usage of TMP might be ideal. If ROOT were to e.g., call the XDG Desktop Portals to handle this as would be the current trend in 2025, you technically have some increased risks of e.g., leaking the token to other users or apps on the session bus. On the other hand, most people aren’t particularly bothered about leaking secrets to themselves, but in the context of a multiuser machine? It’s interesting to consider. The downside again, is those portals also don’t work everywhere (specifically including WSL2!)

Hi,

For those who are interested, the solution James-Carroll has outlined above for Ubuntu on WSL2 looks like this in its actual implementation:

Put the following line in /etc/fstab (all on one line) and restart WSL:
tmpfs /home/user_name/.cern-root-system tmpfs defaults,mode=1777,uid=user_name,gid=user_name 0 0

This will create a temporary file system in your home directory that is accessible to chromium. After making this change, go to a cmd window (as an ordinary user) and execute wsl --shutdown to shudown and restart WSL.

Then put the following lines in your .bash_aliases file to access ROOT and the new tmpfs:

source /home/user_name/root/bin/thisroot.sh
#
# Workaround to allow Wayland apps to work on WSL 2 as of Oct 2024
ln -sf /mnt/wslg/runtime-dir/wayland-* $XDG_RUNTIME_DIR/
#
# Workaround to avoid excess dbus errors with, for example, emacs-pgtk
export $(dbus-launch)
#
# Workaround to allow chromium to access the new tmpfs in your home directory
export TMPDIR="/home/user_name/.cern-root-system"

With these changes, the new web gui features in ROOT will work with the snap version of the chromium browser in Ubuntu and WSL 2.

1 Like