Select a Wayland compositor toolkit for the GUI agent #6715
Comments
DemiMarie
added
T: task
|
To quote @vberger:
@marmarek: from a project management perspective, would this be a good trade-off for us? |
|
An idea: lets try to build a table of functionalities (interfaces, extensions) and for each lets write:
This will give us some idea how much they differ for us in practice, plus will help with planning development at the same time. |
Here is my current idea. This is PROVISIONAL and anyone in the Qubes OS team should feel free to edit it. It may be inaccurate and should not be relied upon.
|
|
I gave you some details regarding protocol extension support, and how you can think about it as an answer to Smithay/smithay#300 I'd just like to add one thing, regarding this:
You should also keep in mind that Smithay is, as a whole still rather in flux. We have at least one big API refactor still coming up before our 0.3 release. And while I do hope that we're settling on good design overall, given the low maturity of the project I cannot promise that there will not be significant changes in our API in the future. |
|
Qubes OS use case is rather unusual, and in fact having an API not written in stone may be a feature - there maybe some cases where the easiest solution would be to adjust the API, instead of working around it. @vberger do you have any timeline for the planned refactor? Do you plan at some point to provide documentation for migration (like "function X is removed, use function Y with those arguments instead")? |
|
My plan wrt this refractor is to try and tackle it in the next few days / weeks (depending on how smoothly that goes). Following that, we'll only have a few bug fixes to handle before we pin version 0.3 of Smithay. That will be the first "real" release of Smithay (that is more than just a prototype), so with it we'll start handling breaking changes more seriously (with migration guides and such). |
|
One major difficulty with wlroots is that it is extremely difficult to write safe bindings for, to the point that the only person I know of to have tried gave up and rewrote their project in C instead. Their blog post explains (in much better detail than I could) what went wrong. |
|
I definitely agree, I have attempted to write safe wrapper around wlroots just like Timidger did, after reading his blog post I thought that my attempt will have much higher chance of success, because I decided to write my own lib on top of wlroots instead of trying to expose whole wlroots API, I wasted around a month of my life on that and failed miserably. I will not attempt to explain what went wrong, because Timidger already did it way better than I could. EDIT: The only difference to Timidger story is that I ended up betting on Smithay instead of going |
Would being willing to
Was Smithay able to do what you needed? I am worried about how few protocols it supports. |
It probably would be fine, I just find it too cumbersome, it does not fix the underlying problem, it simply sweeps it under the rug, and of course, compositor is the last piece of software I would like to panic on me because of some deeply hidden API misuse.
It's too soon to tell in my case, but I believe it's a solid base that is easy to build upon. My plan is to simply implement any missing protocols as I go, and merge them upstream at some point. (at the moment I'm planing to implement |
Good point. People do manage to write seemingly-reliable compositors based on wlroots, but that is still a major footgun.
How much code was needed for each protocol? |
I may be missing something, but in context of the linked post, I guess an example would be disconnected output, right? Are you proposing to panic the compositor whenever someone disconnects an external output (VMs are aware of physical outputs, to some degree)? That doesn't sound like a good idea... |
Obviously not 🙂. I am suggesting that we panic the compositor if the compositor uses an output that has already been disconnected. That indicates a compositor bug, as the compositor should have removed all references to that output from its internal data structures in the destroy callback. |
It depends... |
Do you know how many applications require it?
We do allow VM to make fullscreen window, as opt-in feature. That's quite useful for video players or presentations. |
Note that making applications full-screen is already part of the |
|
As far as I remember it's mainly meant for compositors that don't have window management and are meant to simply display one thing, for example something like a splash screen of some sort. |
Ah, ok. |
|
It seems we have two main options:
Going with Smithay sounds like an interesting adventure. The gui-agent side (where the compositor will be) isn't the most security critical part, so from the security point of view, having it in C would be acceptable too. But on the other hand, we do want to slowly migrate from C to Rust, wherever it makes sense. This project, which is mostly writing new thing from scratch, sounds like a good candidate to apply this rule. There is also a question whether we should start now, or after the refactor @vberger mentioned earlier. Can you give some insights about what areas will be affected? Basically the question is whether will it affect hello-world kind of compositor (with totally custom backend)? |
|
The refractor in question is here Smithay/smithay#304, so if you're willing to wait a few days that we review and merge our pending PRs, that should be good for you. Once this is done, the remaining changes on our 0.3 roadmap are minor changes & bugfixes, so you should be good starting prototyping from our master branch before the release. Also feel free to come in our chat room (#smithay:matrix.org on Matrix, and it is bridged on #smithay on libera.chat if you prefer IRC, we're mostly active on European hours) if you have questions about Smithay and how to achieve what you want. We try to have detailed documentation, but it is geared towards classic compositors so I don't know how well adapted it would be to your project. |
It does make sense, and I support it! |
|
Update: The goal of getting an implementation done by now was not met. I will work on this this month. |
|
Currently wlroots has been chosen, as Smithay lacks a scene graph with damage tracking support. Closing, though this will be reconsidered if Smithay gets the needed support. |
Qubes OS version (if applicable)
R4.2
Affected component(s) or functionality (if applicable)
qubes-gui-agent
Brief summary
The Qubes GUI agent needs to support Wayland. While it is practical to support the entire core protocol using only first-party code, this will severely limit the protocols (roughly analogous to X extensions) that can be supported. As a result, applications will have less functionality than they would under X11, which would be bad. Therefore, the Qubes GUI agent should use a third-party compositor toolkit, such as wlroots or smithay.
Additional context
One of the major motivations for switching to Wayland in the GUI agent is to achieve at least some degree of isolation between sandboxed applications, such as Flatpaks. wlroots appears to be the most mature Wayland compositor toolkit, but is (according to its own documentation) 50,000 lines of C code. Smithay is written in Rust, but is not in distribution package repositories (yet) and may have fewer features and a smaller community.
Relevant documentation you've consulted
Related, non-duplicate issues
The text was updated successfully, but these errors were encountered: