forked from marfrit/marfrit-packages
test0r
d0190e2c05
Extends Mozilla's RDD sandbox to permit /dev/media* (driver-matched),
the MEDIA_IOC_* ioctl family ('|'), and the sysfs paths libudev would
need to enumerate the media controller (read-only AddTree on
/sys/class, /sys/bus, /sys/dev/char, /sys/devices/platform plus
/run/udev, /etc/udev/udev.conf, /proc/self, /dev/dma_heap).
Necessary but not sufficient on its own: Mozilla's OpenAtTrap
rejects fd-relative openat used by systemd's chase() inside libudev.
The companion ffmpeg-v4l2-request-git patch adds a brute-force
fallback that opens /dev/media[0..15] directly with absolute paths,
which composes with this broker policy.
Validated on RK3399 / Pinebook Pro / mainline rkvdec: with both
patches in place, default RDD sandbox runs HW decode at ~5% CPU on
1080p30 H.264 (vs ~64% software fallback before). Closes the
parity gap with MOZ_DISABLE_RDD_SANDBOX=1 baseline.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
marfrit-packages
Overlay package repository for the reauktion.de infrastructure.
Published at: https://packages.reauktion.de/
Scope
| Tree | Arches | Notes |
|---|---|---|
| Arch Linux ARM (ALARM) | aarch64 |
primary target — Pi 5, Rock 5, ampere, KU-1255 test rigs |
| Arch Linux | x86_64 |
for nuccies / workstations |
| Debian | arm64, amd64 |
for non-Arch hosts |
MIPS is intentionally unsupported. The Fritz!Box is sacred.
Layout (served at packages.reauktion.de)
packages.reauktion.de/
├── arch/
│ ├── aarch64/{marfrit.db,marfrit.files,*.pkg.tar.{xz,zst}{,.sig}}
│ └── x86_64/...
├── debian/
│ ├── dists/
│ │ ├── bookworm/{Release,InRelease,Release.gpg,main/binary-{arm64,amd64}/...}
│ │ └── trixie/...
│ └── pool/main/...
└── marfrit.gpg # public signing key
Adding the repo (Arch / ALARM)
curl -sO https://packages.reauktion.de/marfrit.gpg
sudo pacman-key --add marfrit.gpg
sudo pacman-key --lsign-key 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C
# Paste at the end of /etc/pacman.conf:
[marfrit]
Server = https://packages.reauktion.de/arch/$arch
SigLevel = Required DatabaseRequired
sudo pacman -Sy
Adding the repo (Debian)
sudo install -m 755 -d /etc/apt/keyrings
curl -s https://packages.reauktion.de/marfrit.gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/marfrit.gpg
echo "deb [signed-by=/etc/apt/keyrings/marfrit.gpg] https://packages.reauktion.de/debian $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/marfrit.list
sudo apt update
Signing key
- Fingerprint:
92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C - UID:
Markus Fritsche (marfrit-repo signing) <mfritsche@reauktion.de> - Expires: 2030-04-13
Key management procedures (renewal, rotation, revocation) live in DokuWiki at private:reauktion:marfrit_repo_key (admin-only).
Layout in this Git repo
marfrit-packages/
├── README.md
├── arch/
│ └── distcc-avahi/ # ALARM distcc with --with-avahi
├── debian/ # (future) Debian source packages
└── .gitea/
└── workflows/
└── build.yml # CI pipeline stub
mfritsche@reauktion.de.