Compare commits
2 commits
618c8b9472
...
82a0dc47e3
| Author | SHA1 | Date | |
|---|---|---|---|
| 82a0dc47e3 | |||
| 043f014e9c |
6 changed files with 37 additions and 117 deletions
|
|
@ -15,4 +15,7 @@ LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/steam.desktop
|
|||
# Don't use it if you don't trust their sandboxing (pressure-vessel).
|
||||
LABEL net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces="true"
|
||||
|
||||
# We also need X11
|
||||
LABEL net.typeblog.dobu.x11_required="true"
|
||||
|
||||
ENTRYPOINT [ "/usr/games/steam" ]
|
||||
|
|
|
|||
45
deps/compositor-sandbox/Containerfile
vendored
45
deps/compositor-sandbox/Containerfile
vendored
|
|
@ -1,58 +1,45 @@
|
|||
ARG WL_MITM_COMMIT=cf723891cbb72078ee19c40908104b2837e88f9d
|
||||
ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
|
||||
ARG XWAYLAND_SATELLITE_COMMIT=10cb041a80bb815cc1789cfa305923f1f9e3713d
|
||||
|
||||
FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-wl-mitm
|
||||
ARG WL_MITM_COMMIT
|
||||
FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-rust
|
||||
|
||||
RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
|
||||
|
||||
RUN pacman -Syu --noconfirm \
|
||||
&& pacman -S --noconfirm git rustup \
|
||||
&& pacman -S --noconfirm git rustup xorg-xwayland wayland libdrm pixman mesa \
|
||||
libxcb libxkbcommon-x11 xcb-util-cursor clang \
|
||||
&& rustup default nightly \
|
||||
&& rustup update
|
||||
|
||||
ARG WL_MITM_COMMIT
|
||||
RUN mkdir /build && cd /build \
|
||||
&& git clone https://gitea.angry.im/PeterCxy/wl-mitm \
|
||||
&& cd wl-mitm \
|
||||
&& git checkout $SOMMELIER_COMMIT
|
||||
&& git checkout $WL_MITM_COMMIT
|
||||
|
||||
RUN cd /build/wl-mitm && ./generate.sh && cargo build --release
|
||||
|
||||
FROM docker.io/archlinux:base-devel-20250302.0.316047 AS builder-sommelier
|
||||
ARG SOMMELIER_COMMIT
|
||||
ARG XWAYLAND_SATELLITE_COMMIT
|
||||
RUN cd /build \
|
||||
&& git clone https://github.com/Supreeeme/xwayland-satellite \
|
||||
&& cd xwayland-satellite \
|
||||
&& git checkout $XWAYLAND_SATELLITE_COMMIT
|
||||
|
||||
RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
|
||||
|
||||
RUN pacman -Syu --noconfirm \
|
||||
&& pacman -S --noconfirm git meson ninja python python-jinja \
|
||||
xorg-xwayland wayland libdrm pixman mesa \
|
||||
libxcb libxkbcommon-x11
|
||||
|
||||
RUN mkdir /build && cd /build \
|
||||
&& git clone https://chromium.googlesource.com/chromiumos/platform2 \
|
||||
&& cd platform2 \
|
||||
&& git checkout $SOMMELIER_COMMIT
|
||||
|
||||
RUN cd /build/platform2/vm_tools/sommelier \
|
||||
&& sed -i 's/args\[i++\] = "-rootless";/args[i++] = "-rootless"; args[i++] = "-extension"; args[i++] = "MIT-SHM";/' sommelier.cc \
|
||||
&& sed -i 's/bool noop_driver = false;/bool noop_driver = true;/' sommelier.cc \
|
||||
&& meson build -Dwith_tests=false && ninja -C build
|
||||
RUN cd /build/xwayland-satellite && cargo build --release
|
||||
|
||||
# Build from ../base-archlinux
|
||||
FROM dobu/deps-base-archlinux:latest
|
||||
|
||||
RUN pacman -Syu --noconfirm \
|
||||
&& pacman -S --noconfirm xorg-xwayland pixman libnotify
|
||||
&& pacman -S --noconfirm xorg-xwayland pixman libnotify libxcb libxkbcommon-x11 xcb-util-cursor
|
||||
|
||||
COPY --from=builder-wl-mitm /build/wl-mitm/target/release/wl-mitm /usr/bin/
|
||||
COPY --from=builder-wl-mitm /build/wl-mitm/contrib/notify-libnotify.sh /usr/bin/
|
||||
COPY --from=builder-sommelier /build/platform2/vm_tools/sommelier/build/sommelier /usr/bin/
|
||||
COPY --from=builder-rust /build/wl-mitm/target/release/wl-mitm /usr/bin/
|
||||
COPY --from=builder-rust /build/wl-mitm/contrib/notify-libnotify.sh /usr/bin/
|
||||
COPY --from=builder-rust /build/xwayland-satellite/target/release/xwayland-satellite /usr/bin/
|
||||
COPY ./entrypoint.sh /
|
||||
|
||||
USER user
|
||||
|
||||
ENV WM_RENDER_NODE=/dev/dri/renderD128
|
||||
|
||||
# These paths MUST be bind-mounted from host
|
||||
VOLUME /xdg_runtime
|
||||
VOLUME /tmp/.X11-unix
|
||||
|
|
|
|||
14
deps/compositor-sandbox/entrypoint.sh
vendored
14
deps/compositor-sandbox/entrypoint.sh
vendored
|
|
@ -15,12 +15,10 @@ if [ ! -S /xdg_runtime/wayland-10 ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# X Sommelier (will listen on :1)
|
||||
echo "Starting X11 Sommelier"
|
||||
sommelier --display=wayland-10 --xwayland-path=/usr/bin/Xwayland \
|
||||
-X --glamor --x-display=1 --xwayland-gl-driver-path=/usr/lib/dri \
|
||||
--force-drm-device=$WM_RENDER_NODE --direct-scale --noop-driver sleep infinity &
|
||||
SOMMELIER_X=$!
|
||||
# XWayland Satellite (will listen on :1)
|
||||
echo "Starting XWayland Satellite"
|
||||
XDG_RUNTIME_DIR=/xdg_runtime WAYLAND_DISPLAY=wayland-10 xwayland-satellite :1 &
|
||||
XWAYLAND_SATELLITE=$!
|
||||
|
||||
for i in $(seq 1 5); do
|
||||
[ -S /tmp/.X11-unix/X1 ] && break
|
||||
|
|
@ -28,9 +26,9 @@ for i in $(seq 1 5); do
|
|||
done
|
||||
|
||||
if [ ! -S /tmp/.X11-unix/X1 ]; then
|
||||
echo "X Sommelier did not start"
|
||||
echo "XWayland Satellite did not start"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
wait $SOMMELIER_X
|
||||
wait $XWAYLAND_SATELLITE
|
||||
wait $WL_MITM
|
||||
|
|
|
|||
39
deps/sommelier/Containerfile
vendored
39
deps/sommelier/Containerfile
vendored
|
|
@ -1,39 +0,0 @@
|
|||
FROM docker.io/archlinux:base-devel-20250209.0.306557 AS builder
|
||||
|
||||
ARG SOMMELIER_COMMIT=984b27ad47ee08178a3128d5c7e96eb109fe09da
|
||||
|
||||
RUN pacman-key --init && pacman -Sy --noconfirm archlinux-keyring
|
||||
|
||||
RUN pacman -Syu --noconfirm \
|
||||
&& pacman -S --noconfirm git meson ninja python python-jinja \
|
||||
xorg-xwayland wayland libdrm pixman mesa \
|
||||
libxcb libxkbcommon-x11
|
||||
|
||||
RUN mkdir /build && cd /build \
|
||||
&& git clone https://chromium.googlesource.com/chromiumos/platform2 \
|
||||
&& cd platform2 \
|
||||
&& git checkout $SOMMELIER_COMMIT
|
||||
|
||||
RUN cd /build/platform2/vm_tools/sommelier \
|
||||
&& sed -i 's/args\[i++\] = "-rootless";/args[i++] = "-rootless"; args[i++] = "-extension"; args[i++] = "MIT-SHM";/' sommelier.cc \
|
||||
&& sed -i 's/bool noop_driver = false;/bool noop_driver = true;/' sommelier.cc \
|
||||
&& meson build -Dwith_tests=false && ninja -C build
|
||||
|
||||
# Build from ../base-archlinux
|
||||
FROM dobu/deps-base-archlinux:latest
|
||||
|
||||
RUN pacman -Syu --noconfirm \
|
||||
&& pacman -S --noconfirm xorg-xwayland pixman
|
||||
|
||||
COPY --from=builder /build/platform2/vm_tools/sommelier/build/sommelier /usr/bin/
|
||||
COPY ./entrypoint.sh /
|
||||
|
||||
USER user
|
||||
|
||||
ENV WM_RENDER_NODE=/dev/dri/renderD128
|
||||
|
||||
# These paths MUST be bind-mounted from host
|
||||
VOLUME /xdg_runtime
|
||||
VOLUME /tmp/.X11-unix
|
||||
|
||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||
36
deps/sommelier/entrypoint.sh
vendored
36
deps/sommelier/entrypoint.sh
vendored
|
|
@ -1,36 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# X Sommelier (will listen on :1)
|
||||
echo "Starting X11 Sommelier"
|
||||
sommelier --display=wayland-0 --xwayland-path=/usr/bin/Xwayland \
|
||||
-X --glamor --x-display=1 --xwayland-gl-driver-path=/usr/lib/dri \
|
||||
--force-drm-device=$WM_RENDER_NODE --direct-scale --noop-driver sleep infinity &
|
||||
SOMMELIER_X=$!
|
||||
|
||||
for i in $(seq 1 5); do
|
||||
[ -S /tmp/.X11-unix/X1 ] && break
|
||||
sleep 1
|
||||
done
|
||||
|
||||
if [ ! -S /tmp/.X11-unix/X1 ]; then
|
||||
echo "X Sommelier did not start"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Wayland Sommelier (will listen on wayland-1)
|
||||
echo "Starting Wayland Parent Sommelier"
|
||||
sommelier --display=wayland-0 --socket=wayland-1 --force-drm-device=$WM_RENDER_NODE --noop-driver --parent &
|
||||
SOMMELIER_WL=$!
|
||||
|
||||
for i in $(seq 1 5); do
|
||||
[ -S /xdg_runtime/wayland-1 ] && break
|
||||
sleep 1
|
||||
done
|
||||
|
||||
if [ ! -S /xdg_runtime/wayland-1 ]; then
|
||||
echo "Wayland Sommelier did not start"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
wait $SOMMELIER_X
|
||||
wait $SOMMELIER_WL
|
||||
17
dobu-run.sh
17
dobu-run.sh
|
|
@ -34,6 +34,12 @@ if [ "$(get_image_label "$image_name" net.typeblog.dobu.unsafe_i_know_what_i_am_
|
|||
update_podman_security_args "seccomp_unsafe.json"
|
||||
fi
|
||||
|
||||
x11_required=false
|
||||
|
||||
if [ "$(get_image_label "$image_name" net.typeblog.dobu.x11_required)" == "true" ]; then
|
||||
x11_required=true
|
||||
fi
|
||||
|
||||
if [[ -n $PULSE_SERVER ]]; then # remove prefix
|
||||
host_pulse=${PULSE_SERVER#unix:}
|
||||
else # default guess
|
||||
|
|
@ -79,6 +85,11 @@ mkdir -p "$home_path/.local/share"
|
|||
|
||||
extra_args=""
|
||||
|
||||
# If X11 is required, expose XWayland via xwayland-satellite
|
||||
if $x11_required; then
|
||||
extra_args="$extra_args -v ${XORG_SRC}:/tmp/.X11-unix/X0 -e DISPLAY=:0"
|
||||
fi
|
||||
|
||||
# Expose Pipewire socket if it exists
|
||||
if [ -S "$XDG_RUNTIME_DIR/pipewire-0" ]; then
|
||||
extra_args="$extra_args -v $XDG_RUNTIME_DIR/pipewire-0:/xdg_runtime/pipewire-0"
|
||||
|
|
@ -110,18 +121,14 @@ if [[ "$(declare -p ${bind_mount_var_name} 2>&1)" =~ "declare -a" ]]; then
|
|||
fi
|
||||
|
||||
# The fun part: start the container!
|
||||
# Don't detach like we did with Sommelier, though
|
||||
podman run --rm "${podman_security_args[@]}" --name "$container_name" \
|
||||
`# Create tmpfs mountpoints for runtime directories` \
|
||||
--mount type=tmpfs,destination=/xdg_runtime,chown,tmpfs-mode=0700 \
|
||||
--mount type=tmpfs,destination=/tmp/.X11-unix,chown,tmpfs-mode=0700 \
|
||||
`# Pass through Sommelier Wayland socket` \
|
||||
`# Pass through wl-mitm socket` \
|
||||
`# Note that XDG_RUNTIME_DIR is already set in the image` \
|
||||
-v "${WAYLAND_SRC}":/xdg_runtime/wayland-0 \
|
||||
-e WAYLAND_DISPLAY=wayland-0 \
|
||||
`# Pass through Sommelier X11 socket` \
|
||||
-v "${XORG_SRC}":/tmp/.X11-unix/X0 \
|
||||
-e DISPLAY=:0 \
|
||||
`# DRM render nodes` \
|
||||
-v /dev/dri:/dev/dri \
|
||||
`# Pass through PulseAudio` \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue