claude-noether/marfrit-packages
1
0
Fork 0
forked from marfrit/marfrit-packages
Code Pull Requests Activity
Files
noether/mesa-panvk-bifrost-iter10
marfrit-packages/arch/mesa-panvk-bifrost/README.md
T
marfrit a36cf85e06 mesa-panvk-bifrost: iter10 polish — drop sandbox bypass, pin sha256, tighten loader select 
iter10 of the panvk-bifrost campaign. Eliminates the cosmetic
'--disable-gpu-sandbox' warning at brave-vulkan launch + pins the
Mesa tarball hash + makes the Vulkan ICD selection deterministic
across filesystems.

PKGBUILD changes (pkgrel: 1 -> 2):
  - install ICD JSON at /usr/share/vulkan/icd.d/00-panvk-bifrost.json
    (was: /usr/lib/panvk-bifrost/icd.json — required VK_ICD_FILENAMES,
    which the GPU sandbox would strip, forcing --disable-gpu-sandbox)
  - libvulkan_panfrost.so install path unchanged at /usr/lib/panvk-bifrost/
  - sha256sums[0] pinned to 1d3c3b8a8363b8cc354175bb4a684ad8b035211cc1d6fa17aeb9b9623c513f89
    (mesa-26.0.6.tar.xz from archive.mesa3d.org); patches + brave-vulkan +
    icd.json remain SKIP since they're in-tree (git-tracked)

brave-vulkan changes:
  - dropped --no-sandbox + --disable-gpu-sandbox: env vars MESA_VK_VERSION_OVERRIDE
    and PAN_I_WANT_A_BROKEN_VULKAN_DRIVER survive the GPU sandbox boundary
    (Mesa loader reads them pre-seccomp-lockdown)
  - dropped VK_ICD_FILENAMES (loader auto-picks via icd.d/ directory scan)
  - added VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*' for deterministic
    ICD selection — Vulkan loader's readdir order is implementation-defined
    per Khronos LoaderDriverInterface, so the '00-' filename prefix is
    not spec-backed (ext4 happens to give insertion-order, other filesystems
    may not). VK_LOADER_DRIVERS_SELECT short-circuits readdir ambiguity.
    (Phase 5 review hardening.)

Test result on ohm (pre-push validation):
  - brave-vulkan launches Brave without sandbox bypass
  - seccomp-bpf sandboxes activate normally for utility/renderer processes
  - 'panvk is not a conformant Vulkan implementation' fires ONCE (loader-select
    excluded stock ICD from enumeration — only patched driver loads)
  - GPU process boots, no 'Exiting GPU process' error
  - Brave runs through full test timeout cleanly

README updated to reflect the new install layout + simplified wrapper.

Campaign artifacts: ~/src/panvk-bifrost/{phase0_findings_iter10.md,
phase8_iteration9_close.md (which iter10 polishes)}.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 12:28:29 +02:00

87 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# mesa-panvk-bifrost
Patched Mesa `libvulkan_panfrost.so` exposing Bifrost-gen Mali GPUs
(Mali-G31/G52/G72/G76, PAN_ARCH 6/7) to Chromium-family browsers'
Vulkan compositor.
Result of the **panvk-bifrost** campaign ([`~/src/panvk-bifrost/`](../../../panvk-bifrost/)),
iter9 close 2026-05-20 (technical milestone — operator-confirmed Brave
window) followed by this package as the actual delivery.
## What it solves
Stock Chromium / Brave on Bifrost SBCs (PineTab2, etc.) currently dies
at GL bindings init:
```
ERROR: ui/gl/gl_context_egl.cc:120 GLES3 is unsupported and ES version fallback is disabled
ERROR: ui/gl/init/gl_factory.cc:111 Requested GL implementation not found
ERROR: components/viz/service/main/viz_main_impl.cc:189 Exiting GPU process due to errors during initialization
```
This package makes Brave's **Vulkan compositor path** work on Bifrost,
side-stepping the failing GL stack. Browser chrome and standard page
rendering work.
## Known limitations (not addressed)
- **WebGL / WebGL2** in-page: blocked. ANGLE needs `VK_EXT_transform_feedback`
to expose GLES3 contexts; PanVk-Bifrost doesn't currently support that.
Sites using WebGL will degrade or refuse.
- **VAAPI hardware video decode**: unrelated to this package — see the
`libva-v4l2-request-fourier` package for that path.
## Install
```sh
# Ensure [marfrit] is in /etc/pacman.conf, then:
sudo pacman -Sy mesa-panvk-bifrost
```
## Use
```sh
brave-vulkan # launches Brave with Vulkan
brave-vulkan https://www.example.com
brave-vulkan --your-flags-here # extra args passed through
```
The launcher sets:
- `PAN_I_WANT_A_BROKEN_VULKAN_DRIVER=1` (Mesa upstream gate)
- `MESA_VK_VERSION_OVERRIDE=1.2` (apiVersion bump for ANGLE)
- Brave flags: `--use-gl=disabled --enable-features=Vulkan --use-vulkan=native --ozone-platform=x11 --ignore-gpu-blocklist`
iter10 dropped `VK_ICD_FILENAMES` (ICD now at `/usr/share/vulkan/icd.d/00-panvk-bifrost.json` so the Vulkan loader auto-picks it, pinned deterministically via `VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'`) and `--no-sandbox` / `--disable-gpu-sandbox` (env vars survive the GPU sandbox boundary without bypass).
## What's in the package
- `/usr/lib/panvk-bifrost/libvulkan_panfrost.so` — patched Mesa Vulkan driver (Mesa 26.0.6 + 2 sed-applied patches)
- `/usr/share/vulkan/icd.d/00-panvk-bifrost.json` — Vulkan ICD JSON pointing at the patched .so (Vulkan loader picks it deterministically via `VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'` set by the launcher)
- `/usr/bin/brave-vulkan` — launcher script
System Mesa's binary `/usr/lib/libvulkan_panfrost.so` is untouched. The
stock `panfrost_icd.json` is also untouched and continues to enumerate
the same Mali-G52 device — apps see both drivers in
`vkEnumeratePhysicalDevices` and pick by index (ANGLE picks first, which
becomes ours by alphabetical priority).
## Co-existence
Both stock Mesa and this package can be installed. Stock Vulkan apps
(`vulkaninfo`, `vkcube`, etc.) use the stock driver by default. Only
apps started via `brave-vulkan` (or with `VK_ICD_FILENAMES` manually
set to our path) use the patched driver.
## Campaign close criterion
Per [`feedback_package_done_means_installable`](file:///home/mfritsche/.claude/projects/-home-mfritsche-src/memory/feedback_package_done_means_installable.md)
three-point check:
1. PR merged to `marfrit-packages`
2. CI green AND `packages.reauktion.de/arch/aarch64/mesa-panvk-bifrost-*.pkg.tar.zst` exists
3. `pacman -Ss mesa-panvk-bifrost` on a fresh consumer host (e.g. ohm
after `pacman -Syu` from clean state) returns the package + brave-vulkan launches
When all three pass, panvk-bifrost iter9 closes.
View Git Blame Copy Permalink