every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2
every.channel/evolution/proposals/ECP-0105-stable-home-for-forge-nbc-browser-workers.md
every.channel 8065860449
Harden forge NBC worker runtime and MVPD selection
2026-04-03 03:11:11 -07:00

1.5 KiB
Raw Blame History

ECP-0105: Stable home directory for forge NBC browser workers

Why

The forge NBC worker runs Chrome under a dedicated service user and a persistent profile, but the publish unit was not explicitly setting HOME.

That leaves browser helper processes free to derive state paths from ambient defaults instead of the intended service home. On a long-running forge host, that makes the browser worker more vulnerable to stale locks, crash-report paths, and profile contamination from out-of-band debugging sessions.

Decision

  1. Set HOME=/var/lib/every-channel on NBC wt-publish units, not only on the Xvfb helper units.
  2. Keep the persistent NBC profile and auth artifacts under /var/lib/every-channel.
  3. Treat the forge NBC browser runtime as a single-service home/profile domain so cleanup and troubleshooting stay deterministic.

Consequences

  • Forge NBC launches use the same home directory across the display service and publish service.
  • Chrome helper processes no longer need to infer state roots from ambient defaults.
  • Manual debugging sessions must either reuse the service home intentionally or use an isolated profile path to avoid poisoning the live worker profile.

Rejected Alternatives

  • Keep only --user-data-dir and leave HOME implicit: rejected because browser helper processes still derive ancillary paths outside the intended service state root.
  • Give the publish unit a separate home from the display unit: rejected because it makes the forge browser runtime harder to reason about and recover.