31 lines
1.5 KiB
Markdown
31 lines
1.5 KiB
Markdown
# ECP-0105: Stable home directory for forge NBC browser workers
|
|
|
|
## Why
|
|
|
|
The forge NBC worker runs Chrome under a dedicated service user and a persistent profile, but the
|
|
publish unit was not explicitly setting `HOME`.
|
|
|
|
That leaves browser helper processes free to derive state paths from ambient defaults instead of the
|
|
intended service home. On a long-running forge host, that makes the browser worker more vulnerable
|
|
to stale locks, crash-report paths, and profile contamination from out-of-band debugging sessions.
|
|
|
|
## Decision
|
|
|
|
1. Set `HOME=/var/lib/every-channel` on NBC `wt-publish` units, not only on the Xvfb helper units.
|
|
2. Keep the persistent NBC profile and auth artifacts under `/var/lib/every-channel`.
|
|
3. Treat the forge NBC browser runtime as a single-service home/profile domain so cleanup and
|
|
troubleshooting stay deterministic.
|
|
|
|
## Consequences
|
|
|
|
- Forge NBC launches use the same home directory across the display service and publish service.
|
|
- Chrome helper processes no longer need to infer state roots from ambient defaults.
|
|
- Manual debugging sessions must either reuse the service home intentionally or use an isolated
|
|
profile path to avoid poisoning the live worker profile.
|
|
|
|
## Rejected Alternatives
|
|
|
|
- Keep only `--user-data-dir` and leave `HOME` implicit: rejected because browser helper processes
|
|
still derive ancillary paths outside the intended service state root.
|
|
- Give the publish unit a separate home from the display unit: rejected because it makes the forge
|
|
browser runtime harder to reason about and recover.
|