mesa-panvk-bifrost: iter10 polish — drop sandbox bypass, pin sha256, tighten loader select

iter10 of the panvk-bifrost campaign. Eliminates the cosmetic
'--disable-gpu-sandbox' warning at brave-vulkan launch + pins the
Mesa tarball hash + makes the Vulkan ICD selection deterministic
across filesystems.

PKGBUILD changes (pkgrel: 1 -> 2):
  - install ICD JSON at /usr/share/vulkan/icd.d/00-panvk-bifrost.json
    (was: /usr/lib/panvk-bifrost/icd.json — required VK_ICD_FILENAMES,
    which the GPU sandbox would strip, forcing --disable-gpu-sandbox)
  - libvulkan_panfrost.so install path unchanged at /usr/lib/panvk-bifrost/
  - sha256sums[0] pinned to 1d3c3b8a8363b8cc354175bb4a684ad8b035211cc1d6fa17aeb9b9623c513f89
    (mesa-26.0.6.tar.xz from archive.mesa3d.org); patches + brave-vulkan +
    icd.json remain SKIP since they're in-tree (git-tracked)

brave-vulkan changes:
  - dropped --no-sandbox + --disable-gpu-sandbox: env vars MESA_VK_VERSION_OVERRIDE
    and PAN_I_WANT_A_BROKEN_VULKAN_DRIVER survive the GPU sandbox boundary
    (Mesa loader reads them pre-seccomp-lockdown)
  - dropped VK_ICD_FILENAMES (loader auto-picks via icd.d/ directory scan)
  - added VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*' for deterministic
    ICD selection — Vulkan loader's readdir order is implementation-defined
    per Khronos LoaderDriverInterface, so the '00-' filename prefix is
    not spec-backed (ext4 happens to give insertion-order, other filesystems
    may not). VK_LOADER_DRIVERS_SELECT short-circuits readdir ambiguity.
    (Phase 5 review hardening.)

Test result on ohm (pre-push validation):
  - brave-vulkan launches Brave without sandbox bypass
  - seccomp-bpf sandboxes activate normally for utility/renderer processes
  - 'panvk is not a conformant Vulkan implementation' fires ONCE (loader-select
    excluded stock ICD from enumeration — only patched driver loads)
  - GPU process boots, no 'Exiting GPU process' error
  - Brave runs through full test timeout cleanly

README updated to reflect the new install layout + simplified wrapper.

Campaign artifacts: ~/src/panvk-bifrost/{phase0_findings_iter10.md,
phase8_iteration9_close.md (which iter10 polishes)}.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

arch/mesa-panvk-bifrost/PKGBUILD

@@ -31,7 +31,7 @@
 pkgname=mesa-panvk-bifrost
 _mesaver=26.0.6
 pkgver=26.0.6.r2
-pkgrel=1
+pkgrel=2
 pkgdesc="Patched Mesa libvulkan_panfrost.so exposing Bifrost-gen Mali to Vulkan apps (panvk-bifrost campaign)"
 arch=('aarch64')
 url="https://github.com/marfrit/panvk-bifrost"
@@ -83,7 +83,7 @@ source=(
     "icd.json"
 )
 sha256sums=(
-    'SKIP'  # TODO: pin once we know the upstream tarball is stable. archive.mesa3d.org tarballs are stable, so we can hash-pin in iter10.
+    '1d3c3b8a8363b8cc354175bb4a684ad8b035211cc1d6fa17aeb9b9623c513f89'  # mesa-26.0.6.tar.xz from archive.mesa3d.org, pinned 2026-05-20 (iter10)
     'SKIP'
     'SKIP'
     'SKIP'
@@ -142,15 +142,24 @@ package() {
     cd "${srcdir}/mesa-${_mesaver}"
 
     # Patched lib — co-install path, NOT /usr/lib (to avoid clashing
-    # with stock mesa's libvulkan_panfrost.so).
+    # with stock mesa's libvulkan_panfrost.so binary).
     install -Dm755 build/src/panfrost/vulkan/libvulkan_panfrost.so \
         "$pkgdir/usr/lib/panvk-bifrost/libvulkan_panfrost.so"
 
-    # Custom ICD JSON. NOT under /usr/share/vulkan/icd.d/ (the default
-    # loader search path) — the user has to opt in via VK_ICD_FILENAMES.
+    # ICD JSON at the standard Vulkan loader search path. The '00-'
+    # filename prefix gives optical priority but is NOT spec-backed —
+    # Vulkan loader readdir-order is implementation-defined per Khronos
+    # LoaderDriverInterface. The brave-vulkan wrapper sets
+    # VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*' to make the selection
+    # deterministic across filesystems. This avoids the VK_ICD_FILENAMES
+    # full-path override (whose GPU-sandbox survival is fragile) while
+    # still letting the loader work normally. iter10 result + Phase 5
+    # hardening.
     install -Dm644 "$srcdir/icd.json" \
-        "$pkgdir/usr/lib/panvk-bifrost/icd.json"
+        "$pkgdir/usr/share/vulkan/icd.d/00-panvk-bifrost.json"
 
-    # The brave-vulkan launcher wires up env + flags.
+    # The brave-vulkan launcher wires up env + flags. iter10: no longer
+    # sets VK_ICD_FILENAMES, no longer passes --no-sandbox /
+    # --disable-gpu-sandbox.
     install -Dm755 "$srcdir/brave-vulkan" "$pkgdir/usr/bin/brave-vulkan"
 }

arch/mesa-panvk-bifrost/README.md

@@ -48,20 +48,23 @@ brave-vulkan --your-flags-here                  # extra args passed through
 
 The launcher sets:
 
-- `VK_ICD_FILENAMES=/usr/lib/panvk-bifrost/icd.json` (the patched driver)
 - `PAN_I_WANT_A_BROKEN_VULKAN_DRIVER=1` (Mesa upstream gate)
 - `MESA_VK_VERSION_OVERRIDE=1.2` (apiVersion bump for ANGLE)
-- Brave flags: `--use-gl=disabled --enable-features=Vulkan --use-vulkan=native --ozone-platform=x11 --no-sandbox --disable-gpu-sandbox --ignore-gpu-blocklist`
+- Brave flags: `--use-gl=disabled --enable-features=Vulkan --use-vulkan=native --ozone-platform=x11 --ignore-gpu-blocklist`
+
+iter10 dropped `VK_ICD_FILENAMES` (ICD now at `/usr/share/vulkan/icd.d/00-panvk-bifrost.json` so the Vulkan loader auto-picks it, pinned deterministically via `VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'`) and `--no-sandbox` / `--disable-gpu-sandbox` (env vars survive the GPU sandbox boundary without bypass).
 
 ## What's in the package
 
 - `/usr/lib/panvk-bifrost/libvulkan_panfrost.so` — patched Mesa Vulkan driver (Mesa 26.0.6 + 2 sed-applied patches)
-- `/usr/lib/panvk-bifrost/icd.json` — Vulkan ICD JSON pointing at the patched .so (NOT auto-loaded; only via `VK_ICD_FILENAMES`)
+- `/usr/share/vulkan/icd.d/00-panvk-bifrost.json` — Vulkan ICD JSON pointing at the patched .so (Vulkan loader picks it deterministically via `VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'` set by the launcher)
 - `/usr/bin/brave-vulkan` — launcher script
 
-System Mesa is untouched. The stock `/usr/lib/libvulkan_panfrost.so` and
-`/usr/share/vulkan/icd.d/panfrost_icd.json` continue to work for any
-other Vulkan app.
+System Mesa's binary `/usr/lib/libvulkan_panfrost.so` is untouched. The
+stock `panfrost_icd.json` is also untouched and continues to enumerate
+the same Mali-G52 device — apps see both drivers in
+`vkEnumeratePhysicalDevices` and pick by index (ANGLE picks first, which
+becomes ours by alphabetical priority).
 
 ## Co-existence
 

arch/mesa-panvk-bifrost/brave-vulkan

@@ -7,26 +7,35 @@
 #
 # Provided by the mesa-panvk-bifrost package. See:
 #   /usr/share/doc/mesa-panvk-bifrost/README
-#   ~/src/panvk-bifrost/phase8_iteration9_close.md (campaign close)
+#   ~/src/panvk-bifrost/phase8_iteration{9,10}_close.md
 #
 # Usage: brave-vulkan [brave args...]
 # Equivalent to: brave [VULKAN_FLAGS] [your args]
+#
+# iter10 changes vs iter9:
+#   - dropped VK_ICD_FILENAMES env (ICD now at /usr/share/vulkan/icd.d/
+#     with '00-' prefix so the Vulkan loader auto-picks ours first)
+#   - dropped --no-sandbox / --disable-gpu-sandbox (env vars survive the
+#     GPU sandbox boundary, no bypass needed)
 
 set -e
 
-# Patched Vulkan driver (from this package) — must point at the custom path
-# so we don't clash with the stock /usr/share/vulkan/icd.d/panfrost_icd.json
-export VK_ICD_FILENAMES=/usr/lib/panvk-bifrost/icd.json
+# Pin the Vulkan ICD selection to our package's ICD. The Vulkan loader's
+# readdir-order in /usr/share/vulkan/icd.d/ is implementation-defined
+# per Khronos LoaderDriverInterface — the '00-' filename prefix is NOT
+# spec-backed. VK_LOADER_DRIVERS_SELECT short-circuits the directory
+# enumeration and picks our ICD deterministically. (Phase 5 review
+# hardening, iter10.)
+export VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'
 
 # PanVk's "I know it's not conformant" gate — the patched driver still
-# refuses to enumerate Bifrost without this env var (Mesa upstream choice,
-# kept for compatibility).
+# refuses to enumerate Bifrost without this env var (upstream Mesa choice
+# for v6/v7, kept for compatibility).
 export PAN_I_WANT_A_BROKEN_VULKAN_DRIVER=1
 
 # Override apiVersion to 1.2 — ANGLE (Chromium's GL stack) requires
-# device.apiVersion >= 1.1. The patched libvulkan_panfrost.so still has
-# a PAN_ARCH>=10 gate inside get_api_version(); easier to override at
-# runtime via this Mesa env var than to add a third patch.
+# device.apiVersion >= 1.1. Source patches don't move get_api_version()'s
+# PAN_ARCH>=10 hardcode; the env var override does.
 export MESA_VK_VERSION_OVERRIDE=1.2
 
 # Find the live Plasma session's Xauthority. On a fresh boot the suffix
@@ -55,7 +64,5 @@ exec brave \
     --enable-features=Vulkan \
     --use-vulkan=native \
     --ozone-platform=x11 \
-    --no-sandbox \
-    --disable-gpu-sandbox \
     --ignore-gpu-blocklist \
     "$@"