From 03db8e2f29055d0f56635bad0891e41558c79868 Mon Sep 17 00:00:00 2001
From: undergroundwires <git@undergroundwires.dev>
Date: Sat, 12 Oct 2024 00:14:37 +0200
Subject: [PATCH] Fix CI/CD runtime checks failing on Ubuntu 24.04

GitHub runners now use Ubuntu 24.04, which introduces new restrictions
on unprivileged user namespaces affecting AppImages. This causes
runtime checks to fail when running Electron applications, producing
errors like:

```
[5475:1011/121711.489417:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_privacv1kcOj/chrome-sandbox is owned by root and has mode 4755.
```

This commit modifies CI workflow to disable the restrictions during
runtime checks. This allows the runtime checks to pass by permitting
unprivileged user namespaces.

This works around the issue without requiring changes to the AppImage
itself. A more permanent solution may be needed in the future.

Related key Electron issues:

- electron/electron$41066
- electron/electron$42510
- electron-userland/electron-builder$844
---
 .../workflows/checks.desktop-runtime-errors.yaml    | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checks.desktop-runtime-errors.yaml b/.github/workflows/checks.desktop-runtime-errors.yaml
index 1c5a924e..809be73c 100644
--- a/.github/workflows/checks.desktop-runtime-errors.yaml
+++ b/.github/workflows/checks.desktop-runtime-errors.yaml
@@ -31,7 +31,7 @@ jobs:
         uses: ./.github/actions/install-imagemagick
       -
         name: Configure Ubuntu
-        if: contains(matrix.os, 'ubuntu') # macOS runner is missing Docker
+        if: contains(matrix.os, 'ubuntu')
         shell: bash
         run: |-
           sudo apt update
@@ -61,11 +61,22 @@ jobs:
 
           # Install xdotool and xprop (from x11-utils) for window title capturing
           sudo apt install -y xdotool x11-utils
+
+          # Workaround for Electron apps failing to initialize on Ubuntu 24.04 due to AppArmor restrictions
+          # Disables unprivileged user namespaces restriction to allow Electron apps to run
+          # Reference: https://github.com/electron/electron/issues/42510
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
+          # Install Vulkan support
+          sudo apt install libvulkan1 mesa-vulkan-drivers vulkan-tools
+          # Install additional X11 libraries
+          sudo apt-get install -y libgtk-3-0 libx11-xcb1 libxcb-dri3-0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxrandr2 libxss1 libxtst6 libnss3
       -
         name: Test
         shell: bash
         run: |-
           export SCREENSHOT=true
+          export ELECTRON_DISABLE_SANDBOX=true
           npm run check:desktop
       -
         name: Upload screenshot