[bug#69971] gnu: webkitgtk: Add locale and dri access to gtk sandbox in order to silence gtk locale warnings and enable hardware accelerated video, respectively.
Commit Message
* gnu/packages/patches/webkitgtk-adjust-bubblewrap-paths.patch:
Add @dridir@ and @localedir@ to bubblewrap gtk sandbox
* gnu/packages/webkit.scm (webkitgtk)[arguments]: In the
'configure-bubblewrap-store-directory' phase, also supply locale
and dri directory paths to webkitgtk-adjust-bubblewrap-paths.patch
template.
Change-Id: Id1ffe23e56a8da4ff3c81a2cde7d9622f024bdea
---
.../patches/webkitgtk-adjust-bubblewrap-paths.patch | 8 +++++++-
gnu/packages/webkit.scm | 11 ++++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
base-commit: d67e4f0f9b10c7ddac8fb0ca68cbf1d6ad0a6e5d
prerequisite-patch-id: 2feff8a49a2bca7cb55d49c21c04736f9828df0e
prerequisite-patch-id: c3460fa91fad7c4f67859f672420ca72e616d89b
Comments
Hello,
So this patch fixes two things. First, it gives the webkit gtk process
access to va-api drivers, which allows hardware acceleration for video
and prevents the errors below:
0:00:00.489161195 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: Trying to open /home/abhishek/.guix-profile/lib/dri/i965_drv_video.so
0:00:00.489224548 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: Trying to open /run/current-system/profile/lib/dri/i965_drv_video.so
0:00:00.489278879 21 0xfd4200 INFO vadisplay gstvadisplay.c:268:_va_info:<vadisplaydrm2> VA info: va_openDriver() returns -1
0:00:00.489287135 21 0xfd4200 WARN vadisplay gstvadisplay.c:316:gst_va_display_initialize:<vadisplaydrm2> vaInitialize: unknown libva error
0:00:00.489302829 21 0xfd4200 ERROR msdkcontext gstmsdkcontext.c:183:gst_msdk_context_use_vaapi: Couldn't create a VA DRM display
Second, it gives access to the locale dir, which silences some warnings
of the sort below:
(process:2): Gtk-WARNING **: 02:21:08.731: Locale not supported by C library.
Using the fallback 'C' locale.
Yours sincerely,
Abhishek Cherath.
The reason the driver path stuff is particularly important is that I get
my env vars for LIBVA_DRIVERS_PATH from guix package --search paths as
follows
```bash
eval "$(guix package --search-paths \
-p $HOME/.config/guix/current \
-p $HOME/.guix-profile \
-p $HOME/.guix-extra-profiles/emacs/emacs \
-p $HOME/.guix-home/profile \
-p /run/current-system/profile)"
```
and this gives the following for LIBVA_DRIVERS_PATH:
```bash
export LIBVA_DRIVERS_PATH="/run/current-system/profile/lib/dri:/home/abhishek/.guix-profile/lib/dri"
```
This means that any sandboxed program with access to one of those won't
be able to use hardware acceleration. I only figured this out when I got
curious about why mpv could use hardware accel just fine but nyxt
couldn't. It's also a problem for firefox. Guess I should put in a bug
report there?
> This means that any sandboxed program with access to one of those won't
I mean *without* access.
close 69971
Hello,
I've made the changes and submitted as 70446 to gnome-team.
@@ -5,7 +5,7 @@ diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Sour
index f0a5e4b05dff..88b11f806968 100644
--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-@@ -854,27 +854,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
+@@ -854,27 +854,18 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
"--ro-bind", "/sys/dev", "/sys/dev",
"--ro-bind", "/sys/devices", "/sys/devices",
@@ -33,6 +33,12 @@ index f0a5e4b05dff..88b11f806968 100644
+
+ // Bind mount the store inside the WebKitGTK sandbox.
+ "--ro-bind", "@storedir@", "@storedir@",
++
++ // This is needed for locales in /run/current-system/locales
++ "--ro-bind-try", "@localedir@", "@localedir@",
++
++ // This is needed for video hardware acceleration (va-api) via /lib/dri
++ "--ro-bind-try", "@dridir@", "@dridir@",
};
if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) {
@@ -8,6 +8,7 @@
;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2022, 2023 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2024 Abhishek Cherath <abhi@quic.us>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -190,7 +191,15 @@ (define-public webkitgtk
(let ((store-directory (%store-directory)))
(substitute*
"Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp"
- (("@storedir@") store-directory)))))
+ (("@storedir@") store-directory)
+ ;; this adds access to drivers for va-api
+ ;; for hardware accelerated video
+ (("@localedir@") "/run/current-system/profile/lib/dri")
+ ;; this silences gtk locale errors
+ ;; Unfortunately, simply bind mounting /run/current-system
+ ;; does not work since it leads to weird issues
+ ;; with symlinks that confuse bubblewrap.
+ (("@dridir@") "/run/current-system/locale")))))
(add-after 'unpack 'do-not-disable-new-dtags
;; Ensure the linker uses new dynamic tags as this is what Guix
;; uses and validates in the validate-runpath phase.