feat(install): auto-enable gstack browser on Ubuntu 24.04+

Two OS-too-new layers blocked gstack's browser on Ubuntu 26.04; handle both
from the installer so a fresh `make install` works without manual steps:

1. Playwright version — gstack pins 1.58.x which has no browser build for
   ubuntu>24.04 ("does not support chromium on ubuntu26.04"). New
   gstack_bump_playwright_if_unsupported() runs before ./setup: if the
   pinned Playwright's support list lacks the running distro, `bun add
   playwright@latest` in the submodule (1.61 supports 26.04), then ./setup's
   frozen-lockfile install picks it up and rebuilds the browse binary against
   it. Idempotent (skips when already supported). Edits the submodule locally
   — goes dirty, reset by `git submodule update`, re-applied next install.

2. Chromium sandbox — Ubuntu 24.04+ restricts unprivileged user namespaces
   via AppArmor, so Chromium aborts "No usable sandbox". Persist gstack's
   documented opt-out GSTACK_CHROMIUM_NO_SANDBOX=1 to the shell profile, gated
   on the exact sysctl (kernel.apparmor_restrict_unprivileged_userns=1) so it
   only triggers where the restriction is active.

Verified end-to-end on Ubuntu 26.04: gstack browse drives a real page
(Navigated 200). See BDR-029 / LRN-040 / BLK-008.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
This commit is contained in:
Bastien Chanot 2026-06-23 16:58:30 +02:00
parent 637b8379b1
commit 3b8ffb17b1

View File

@ -258,6 +258,35 @@ fi
echo ""
# gstack pins Playwright (1.58.x) which only ships browser builds for
# ubuntu<=24.04. On a newer distro the browser install fails ("does not
# support chromium on ubuntuXX.04"). Bump gstack's Playwright to a version
# that supports this OS so ./setup builds the browse binary against it and
# installs a native browser. Fires only when the pinned version genuinely
# lacks support — idempotent across runs. Edits the submodule locally (goes
# dirty); a `git submodule update` resets it and the next install re-applies.
# See BLK-008 / LRN-040.
gstack_bump_playwright_if_unsupported() {
[ -d "$GSTACK_DIR" ] && [ -r /etc/os-release ] || return 0
local ostag pwlib
# shellcheck disable=SC1091
ostag="$(. /etc/os-release 2>/dev/null; [ "${ID:-}" = ubuntu ] && printf 'ubuntu%s' "${VERSION_ID:-}")"
[ -n "$ostag" ] || return 0 # only the known Ubuntu case
pwlib="$GSTACK_DIR/node_modules/playwright-core/lib"
# populate node_modules at the pinned version so we can read its support list
( cd "$GSTACK_DIR" && { bun install --frozen-lockfile >/dev/null 2>&1 || bun install >/dev/null 2>&1; } ) || return 0
if grep -rqs "$ostag" "$pwlib" 2>/dev/null; then
return 0 # pinned Playwright already supports this OS
fi
info "gstack's Playwright lacks $ostag support — bumping to latest (local submodule edit)..."
( cd "$GSTACK_DIR" && bun add playwright@latest >/dev/null 2>&1 )
if grep -rqs "$ostag" "$pwlib" 2>/dev/null; then
ok "gstack Playwright bumped — now supports $ostag (browse binary rebuilt by ./setup)"
else
warn "Playwright bump didn't add $ostag support — gstack browser may stay unavailable"
fi
}
# ============================================================
# STEP 2 — GSTACK SUBMODULE
# ============================================================
@ -301,14 +330,12 @@ if [ -d "$GSTACK_DIR" ]; then
ok "bun $(bun --version)"
fi
# NOTE: on Ubuntu newer than 24.04, gstack's ./setup can't install its
# Playwright browser — Playwright 1.58 has no build for it and fails fast
# ("does not support chromium on ubuntuXX.04"). That's non-fatal (gstack is
# OFF by default; the browser is only needed for /browse, /qa, screenshots).
# The PLAYWRIGHT_HOST_PLATFORM_OVERRIDE=ubuntu24.04 workaround was tried and
# reverted: it makes Playwright download a fallback build that then HANGS at
# extraction on 26.04, blocking the whole install. Real fix is upstream —
# gstack bumping Playwright to a version that supports the OS. See BLK-008.
# On a distro newer than gstack's pinned Playwright supports, bump Playwright
# BEFORE ./setup so its frozen-lockfile install picks up the new version and
# the browse binary is rebuilt against it (avoids the "does not support
# chromium" fail). Non-fatal if it can't — gstack is OFF by default.
gstack_bump_playwright_if_unsupported
info "Running GStack setup..."
if [ -x "$GSTACK_DIR/setup" ]; then
if (cd "$GSTACK_DIR" && ./setup); then
@ -709,6 +736,14 @@ CLAUDE_LINES=(
'export CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1'
)
# Ubuntu 24.04+ (and other distros) restrict unprivileged user namespaces via
# AppArmor, which breaks Chromium's sandbox → gstack's browser (/browse, /qa)
# crashes with "No usable sandbox". Persist gstack's documented opt-out, but
# only where the restriction is actually active (precise, distro-agnostic).
if [ "$(sysctl -n kernel.apparmor_restrict_unprivileged_userns 2>/dev/null)" = "1" ]; then
CLAUDE_LINES+=('export GSTACK_CHROMIUM_NO_SANDBOX=1')
fi
# Clean up old CLAUDE_EFFORT env var if present (replaced by alias)
if grep -qF 'export CLAUDE_EFFORT=max' "$SHELL_PROFILE" 2>/dev/null; then
sed -i '/export CLAUDE_EFFORT=max/d' "$SHELL_PROFILE"