| Message ID | 02189bbb2583491df0be62c56568caa4bf245997.1711245733.git.abhi@quic.us |
|---|---|
| State | New |
| Headers | show |
| Series | [bug#69971] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively. | expand |
Hello, So this patch fixes two things. First, it gives the webkit gtk process access to va-api drivers, which allows hardware acceleration for video and prevents the errors below: 0:00:00.489161195 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: Trying to open /home/abhishek/.guix-profile/lib/dri/i965_drv_video.so 0:00:00.489224548 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: Trying to open /run/current-system/profile/lib/dri/i965_drv_video.so 0:00:00.489278879 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: va_openDriver() returns -1 0:00:00.489287135 21 0xfd4200 WARN vadisplay gstvadisplay.c:316:gst_va_display_initialize:<vadisplaydrm2> vaInitialize: unknown libva error 0:00:00.489302829 21 0xfd4200 ERROR msdkcontext gstmsdkcontext.c:183:gst_msdk_context_use_vaapi: Couldn't create a VA DRM display Second, it gives access to the locale dir, which silences some warnings of the sort below: (process:2): Gtk-WARNING **: 02:21:08.731: Locale not supported by C library. Using the fallback 'C' locale. Yours sincerely, Abhishek Cherath.
The reason the driver path stuff is particularly important is that I get my env vars for LIBVA_DRIVERS_PATH from guix package --search paths as follows ```bash eval "$(guix package --search-paths \ -p $HOME/.config/guix/current \ -p $HOME/.guix-profile \ -p $HOME/.guix-extra-profiles/emacs/emacs \ -p $HOME/.guix-home/profile \ -p /run/current-system/profile)" ``` and this gives the following for LIBVA_DRIVERS_PATH: ```bash export LIBVA_DRIVERS_PATH="/run/current-system/profile/lib/dri:/home/abhishek/.guix-profile/lib/dri" ``` This means that any sandboxed program with access to one of those won't be able to use hardware acceleration. I only figured this out when I got curious about why mpv could use hardware accel just fine but nyxt couldn't. It's also a problem for firefox. Guess I should put in a bug report there?
> This means that any sandboxed program with access to one of those won't
I mean *without* access.
close 69971 Hello, I've made the changes and submitted as 70446 to gnome-team.
close 69971
diff --git a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch index 18ddb645ad..793f6a414b 100644 --- a/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch +++ b/gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch @@ -5,7 +5,7 @@ diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Sour index f0a5e4b05dff..88b11f806968 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -854,27 +854,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces +@@ -854,27 +854,18 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", @@ -33,6 +33,12 @@ index f0a5e4b05dff..88b11f806968 100644 + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", ++ ++ // This is needed for locales in /run/current-system/locales ++ "--ro-bind-try", "@localedir@", "@localedir@", ++ ++ // This is needed for video hardware acceleration (va-api) via /lib/dri ++ "--ro-bind-try", "@dridir@", "@dridir@", }; if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index bf24a65e83..4777a9b96e 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2022, 2023 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2024 Abhishek Cherath <abhi@quic.us> ;;; ;;; This file is part of GNU Guix. ;;; @@ -190,7 +191,15 @@ (define-public webkitgtk (let ((store-directory (%store-directory))) (substitute* "Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp" - (("@storedir@") store-directory))))) + (("@storedir@") store-directory) + ;; this adds access to drivers for va-api + ;; for hardware accelerated video + (("@localedir@") "/run/current-system/profile/lib/dri") + ;; this silences gtk locale errors + ;; Unfortunately, simply bind mounting /run/current-system + ;; does not work since it leads to weird issues + ;; with symlinks that confuse bubblewrap. + (("@dridir@") "/run/current-system/locale"))))) (add-after 'unpack 'do-not-disable-new-dtags ;; Ensure the linker uses new dynamic tags as this is what Guix ;; uses and validates in the validate-runpath phase.