marfrit/marfrit-packages
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a36cf85e06c0f1f01d9105f884a3f209ce948c76
marfrit-packages/arch/mesa-panvk-bifrost/brave-vulkan
T
marfrit a36cf85e06 mesa-panvk-bifrost: iter10 polish — drop sandbox bypass, pin sha256, tighten loader select 
iter10 of the panvk-bifrost campaign. Eliminates the cosmetic
'--disable-gpu-sandbox' warning at brave-vulkan launch + pins the
Mesa tarball hash + makes the Vulkan ICD selection deterministic
across filesystems.

PKGBUILD changes (pkgrel: 1 -> 2):
  - install ICD JSON at /usr/share/vulkan/icd.d/00-panvk-bifrost.json
    (was: /usr/lib/panvk-bifrost/icd.json — required VK_ICD_FILENAMES,
    which the GPU sandbox would strip, forcing --disable-gpu-sandbox)
  - libvulkan_panfrost.so install path unchanged at /usr/lib/panvk-bifrost/
  - sha256sums[0] pinned to 1d3c3b8a8363b8cc354175bb4a684ad8b035211cc1d6fa17aeb9b9623c513f89
    (mesa-26.0.6.tar.xz from archive.mesa3d.org); patches + brave-vulkan +
    icd.json remain SKIP since they're in-tree (git-tracked)

brave-vulkan changes:
  - dropped --no-sandbox + --disable-gpu-sandbox: env vars MESA_VK_VERSION_OVERRIDE
    and PAN_I_WANT_A_BROKEN_VULKAN_DRIVER survive the GPU sandbox boundary
    (Mesa loader reads them pre-seccomp-lockdown)
  - dropped VK_ICD_FILENAMES (loader auto-picks via icd.d/ directory scan)
  - added VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*' for deterministic
    ICD selection — Vulkan loader's readdir order is implementation-defined
    per Khronos LoaderDriverInterface, so the '00-' filename prefix is
    not spec-backed (ext4 happens to give insertion-order, other filesystems
    may not). VK_LOADER_DRIVERS_SELECT short-circuits readdir ambiguity.
    (Phase 5 review hardening.)

Test result on ohm (pre-push validation):
  - brave-vulkan launches Brave without sandbox bypass
  - seccomp-bpf sandboxes activate normally for utility/renderer processes
  - 'panvk is not a conformant Vulkan implementation' fires ONCE (loader-select
    excluded stock ICD from enumeration — only patched driver loads)
  - GPU process boots, no 'Exiting GPU process' error
  - Brave runs through full test timeout cleanly

README updated to reflect the new install layout + simplified wrapper.

Campaign artifacts: ~/src/panvk-bifrost/{phase0_findings_iter10.md,
phase8_iteration9_close.md (which iter10 polishes)}.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 12:28:29 +02:00

69 lines
2.5 KiB
Bash
Raw Blame History

#!/bin/bash
# brave-vulkan — launch Brave with the PanVk-Bifrost Vulkan compositor on
# Bifrost SBCs (PineTab2 / Mali-G52 r1 MC1 and similar).
#
# Side-steps the GL stack failures stock Brave hits on Bifrost
# (the README "Consumer-side benefit" path of the panvk-bifrost campaign).
#
# Provided by the mesa-panvk-bifrost package. See:
# /usr/share/doc/mesa-panvk-bifrost/README
# ~/src/panvk-bifrost/phase8_iteration{9,10}_close.md
#
# Usage: brave-vulkan [brave args...]
# Equivalent to: brave [VULKAN_FLAGS] [your args]
#
# iter10 changes vs iter9:
# - dropped VK_ICD_FILENAMES env (ICD now at /usr/share/vulkan/icd.d/
# with '00-' prefix so the Vulkan loader auto-picks ours first)
# - dropped --no-sandbox / --disable-gpu-sandbox (env vars survive the
# GPU sandbox boundary, no bypass needed)
set -e
# Pin the Vulkan ICD selection to our package's ICD. The Vulkan loader's
# readdir-order in /usr/share/vulkan/icd.d/ is implementation-defined
# per Khronos LoaderDriverInterface — the '00-' filename prefix is NOT
# spec-backed. VK_LOADER_DRIVERS_SELECT short-circuits the directory
# enumeration and picks our ICD deterministically. (Phase 5 review
# hardening, iter10.)
export VK_LOADER_DRIVERS_SELECT='00-panvk-bifrost*'
# PanVk's "I know it's not conformant" gate — the patched driver still
# refuses to enumerate Bifrost without this env var (upstream Mesa choice
# for v6/v7, kept for compatibility).
export PAN_I_WANT_A_BROKEN_VULKAN_DRIVER=1
# Override apiVersion to 1.2 — ANGLE (Chromium's GL stack) requires
# device.apiVersion >= 1.1. Source patches don't move get_api_version()'s
# PAN_ARCH>=10 hardcode; the env var override does.
export MESA_VK_VERSION_OVERRIDE=1.2
# Find the live Plasma session's Xauthority. On a fresh boot the suffix
# is randomized; pgrep the Xwayland args to find the current one.
if [ -z "${XAUTHORITY:-}" ]; then
XAUTHF=$(pgrep -fa Xwayland 2>/dev/null | grep -oE "/run/user/$(id -u)/xauth_[A-Za-z0-9]+" | head -1)
if [ -n "$XAUTHF" ]; then
export XAUTHORITY="$XAUTHF"
fi
fi
# Standard session env if not already set
: "${XDG_RUNTIME_DIR:=/run/user/$(id -u)}"
export XDG_RUNTIME_DIR
# Default to the active Plasma Wayland session if WAYLAND_DISPLAY unset
: "${WAYLAND_DISPLAY:=wayland-0}"
export WAYLAND_DISPLAY
# Default to the XWayland :1 unless DISPLAY is set
: "${DISPLAY:=:1}"
export DISPLAY
exec brave \
--use-gl=disabled \
--enable-features=Vulkan \
--use-vulkan=native \
--ozone-platform=x11 \
--ignore-gpu-blocklist \
"$@"
Reference in New Issue View Git Blame Copy Permalink