[chore] ffmpeg webassembly fiddling (#4454)

This disables ffmpeg / ffprobe support on platforms where the wazero compiler is not available. The slowness introduced is hard to pindown for admins (and us!), so it's easier to just return an error message linking to docs on attempted media processing. It still allows the instance to run, just erroring if anything other than a jpeg is attempted to be processed. This should hopefully make it easier for users to notice these issues. Also further locks down our wazero 'allowFiles' fs and other media code to address: https://codeberg.org/superseriousbusiness/gotosocial/issues/4408 relates to: https://codeberg.org/superseriousbusiness/gotosocial/issues/4427 also relates to issues raised in #gotosocial-help on matrix closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4408 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4454 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-10-29 16:52:25 -05:00 · 2025-09-24 15:12:25 +02:00 · 2025-09-24 15:12:25 +02:00 · 3db2d42247
commit 3db2d42247
parent 121677754c
7 changed files with 111 additions and 97 deletions
--- a/internal/media/ffmpeg.go
+++ b/internal/media/ffmpeg.go
@ -21,8 +21,6 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-	"os"
-	"path"
 	"strconv"
 	"strings"

@ -158,34 +156,20 @@ func ffmpeg(ctx context.Context, inpath string, outpath string, args ...string)
 		Config: func(modcfg wazero.ModuleConfig) wazero.ModuleConfig {
 			fscfg := wazero.NewFSConfig()

-			// Needs read-only access to
-			// /dev/urandom for some types.
-			urandom := &allowFiles{
-				{
-					abs:  "/dev/urandom",
-					flag: os.O_RDONLY,
-					perm: 0,
-				},
-			}
-			fscfg = fscfg.WithFSMount(urandom, "/dev")
+			// Needs read-only access /dev/urandom,
+			// required by some ffmpeg operations.
+			fscfg = fscfg.WithFSMount(&allowFiles{
+				allowRead("/dev/urandom"),
+			}, "/dev")

 			// In+out dirs are always the same (tmp),
 			// so we can share one file system for
 			// both + grant different perms to inpath
 			// (read only) and outpath (read+write).
-			shared := &allowFiles{
-				{
-					abs:  inpath,
-					flag: os.O_RDONLY,
-					perm: 0,
-				},
-				{
-					abs:  outpath,
-					flag: os.O_RDWR | os.O_CREATE | os.O_TRUNC,
-					perm: 0666,
-				},
-			}
-			fscfg = fscfg.WithFSMount(shared, path.Dir(inpath))
+			fscfg = fscfg.WithFSMount(&allowFiles{
+				allowCreate(outpath),
+				allowRead(inpath),
+			}, tmpdir)

 			// Set anonymous module name.
 			modcfg = modcfg.WithName("")
@ -246,16 +230,10 @@ func ffprobe(ctx context.Context, filepath string) (*result, error) {
 		Config: func(modcfg wazero.ModuleConfig) wazero.ModuleConfig {
 			fscfg := wazero.NewFSConfig()

-			// Needs read-only access
-			// to file being probed.
-			in := &allowFiles{
-				{
-					abs:  filepath,
-					flag: os.O_RDONLY,
-					perm: 0,
-				},
-			}
-			fscfg = fscfg.WithFSMount(in, path.Dir(filepath))
+			// Needs read-only access to probed file.
+			fscfg = fscfg.WithFSMount(&allowFiles{
+				allowRead(filepath),
+			}, tmpdir)

 			// Set anonymous module name.
 			modcfg = modcfg.WithName("")