cmd/fpkg/start: prepare nixGL before start

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-30 00:13:17 +09:00 · 2024-12-30 00:13:17 +09:00 · d01261dffe
commit d01261dffe
parent 031304444a
2 changed files with 93 additions and 31 deletions
--- a/cmd/fpkg/install.go
+++ b/cmd/fpkg/install.go
@ -155,7 +155,7 @@ func actionInstall(args []string) {
 		"rm -rf .local/state/{nix,home-manager}",
 		// run activation script
 		bundle.ActivationPackage + "/activate",
-	}, false, app, pathSet, dropShellActivate, cleanup)
+	}, false, func(config *fst.Config) *fst.Config { return config }, app, pathSet, dropShellActivate, cleanup)

 	/*
 		Installation complete. Write metadata to block re-installs or downgrades.
@ -184,14 +184,19 @@ func actionInstall(args []string) {
 	cleanup()
 }

-func withNixDaemon(action string, command []string, net bool, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
-	fortifyAppDropShell(&fst.Config{
+func withNixDaemon(
+	action string, command []string, net bool, updateConfig func(config *fst.Config) *fst.Config,
+	app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func(),
+) {
+	fortifyAppDropShell(updateConfig(&fst.Config{
 		ID: app.ID,
 		Command: []string{shell, "-lc", "rm -f /nix/var/nix/daemon-socket/socket && " +
 			// start nix-daemon
 			"nix-daemon --store / & " +
 			// wait for socket to appear
 			"(while [ ! -S /nix/var/nix/daemon-socket/socket ]; do sleep 0.01; done) && " +
+			// create directory so nix stops complaining
+			"mkdir -p /nix/var/nix/profiles/per-user/root/channels && " +
 			strings.Join(command, " && ") +
 			// terminate nix-daemon
 			" && pkill nix-daemon",
@ -223,7 +228,7 @@ func withNixDaemon(action string, command []string, net bool, app *bundleInfo, p
 				{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true},
 			},
 		},
-	}, dropShell, beforeFail)
+	}), dropShell, beforeFail)
 }

 func withCacheDir(action string, command []string, workDir string, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
--- a/cmd/fpkg/start.go
+++ b/cmd/fpkg/start.go
@ -10,8 +10,12 @@ import (

 func actionStart(args []string) {
 	set := flag.NewFlagSet("start", flag.ExitOnError)
-	var dropShell bool
+	var (
+		dropShell      bool
+		dropShellNixGL bool
+	)
 	set.BoolVar(&dropShell, "s", false, "Drop to a shell")
+	set.BoolVar(&dropShellNixGL, "sg", false, "Drop to a shell on nixGL build")

 	// Ignore errors; set is set for ExitOnError.
 	_ = set.Parse(args)
@ -21,14 +25,53 @@ func actionStart(args []string) {
 	if len(args) < 1 {
 		fmsg.Fatal("invalid argument")
 	}
+
+	/*
+		Parse app metadata.
+	*/
+
 	id := args[0]
 	pathSet := pathSetByApp(id)
 	app := loadBundleInfo(pathSet.metaPath, func() {})
-
 	if app.ID != id {
 		fmsg.Fatalf("app %q claims to have identifier %q", id, app.ID)
 	}

+	/*
+		Prepare nixGL.
+	*/
+
+	if app.GPU {
+		withNixDaemon("nix-gl", []string{
+			"rm -rf /nix/.nixGL",
+			"mkdir -p /nix/.nixGL",
+			"export NIXPKGS_ALLOW_UNFREE=1",
+			"nix build --impure " +
+				"--out-link /nix/.nixGL/opengl " +
+				"--override-input nixpkgs path:/etc/nixpkgs " +
+				"path:" + app.NixGL,
+			"nix build --impure " +
+				"--out-link /nix/.nixGL/vulkan " +
+				"--override-input nixpkgs path:/etc/nixpkgs " +
+				"path:" + app.NixGL + "#nixVulkanIntel",
+		}, true, func(config *fst.Config) *fst.Config {
+			config.Confinement.Sandbox.Filesystem = append(config.Confinement.Sandbox.Filesystem, []*fst.FilesystemConfig{
+				{Src: "/etc/resolv.conf"},
+				{Src: "/sys/block"},
+				{Src: "/sys/bus"},
+				{Src: "/sys/class"},
+				{Src: "/sys/dev"},
+				{Src: "/sys/devices"},
+			}...)
+			appendGPUFilesystem(config)
+			return config
+		}, app, pathSet, dropShellNixGL, func() {})
+	}
+
+	/*
+		Create app configuration.
+	*/
+
 	command := make([]string, 1, len(args))
 	if !dropShell {
 		command[0] = app.Launcher
@ -82,35 +125,49 @@ func actionStart(args []string) {
 		},
 	}

+	/*
+		Expose GPU devices.
+	*/
+
 	if app.GPU {
 		config.Confinement.Sandbox.Filesystem = append(config.Confinement.Sandbox.Filesystem,
-			// flatpak commit 763a686d874dd668f0236f911de00b80766ffe79
-			&fst.FilesystemConfig{Src: "/dev/dri", Device: true},
-			// mali
-			&fst.FilesystemConfig{Src: "/dev/mali", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/mali0", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/umplock", Device: true},
-			// nvidia
-			&fst.FilesystemConfig{Src: "/dev/nvidiactl", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia-modeset", Device: true},
-			// nvidia OpenCL/CUDA
-			&fst.FilesystemConfig{Src: "/dev/nvidia-uvm", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia-uvm-tools", Device: true},
-
-			// flatpak commit d2dff2875bb3b7e2cd92d8204088d743fd07f3ff
-			&fst.FilesystemConfig{Src: "/dev/nvidia0", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia1", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia2", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia3", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia4", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia5", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia6", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia7", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia8", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia9", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia10", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia11", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia12", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia13", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia14", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia15", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia16", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia17", Device: true},
-			&fst.FilesystemConfig{Src: "/dev/nvidia18", Device: true}, &fst.FilesystemConfig{Src: "/dev/nvidia19", Device: true},
-		)
+			&fst.FilesystemConfig{Src: path.Join(pathSet.nixPath, ".nixGL"), Dst: path.Join(fst.Tmp, "nixGL")})
+		appendGPUFilesystem(config)
 	}

+	/*
+		Spawn app.
+	*/
+
 	fortifyApp(config, func() {})
 	fmsg.Exit(0)
 }
+
+func appendGPUFilesystem(config *fst.Config) {
+	config.Confinement.Sandbox.Filesystem = append(config.Confinement.Sandbox.Filesystem, []*fst.FilesystemConfig{
+		// flatpak commit 763a686d874dd668f0236f911de00b80766ffe79
+		{Src: "/dev/dri", Device: true},
+		// mali
+		{Src: "/dev/mali", Device: true},
+		{Src: "/dev/mali0", Device: true},
+		{Src: "/dev/umplock", Device: true},
+		// nvidia
+		{Src: "/dev/nvidiactl", Device: true},
+		{Src: "/dev/nvidia-modeset", Device: true},
+		// nvidia OpenCL/CUDA
+		{Src: "/dev/nvidia-uvm", Device: true},
+		{Src: "/dev/nvidia-uvm-tools", Device: true},
+
+		// flatpak commit d2dff2875bb3b7e2cd92d8204088d743fd07f3ff
+		{Src: "/dev/nvidia0", Device: true}, {Src: "/dev/nvidia1", Device: true},
+		{Src: "/dev/nvidia2", Device: true}, {Src: "/dev/nvidia3", Device: true},
+		{Src: "/dev/nvidia4", Device: true}, {Src: "/dev/nvidia5", Device: true},
+		{Src: "/dev/nvidia6", Device: true}, {Src: "/dev/nvidia7", Device: true},
+		{Src: "/dev/nvidia8", Device: true}, {Src: "/dev/nvidia9", Device: true},
+		{Src: "/dev/nvidia10", Device: true}, {Src: "/dev/nvidia11", Device: true},
+		{Src: "/dev/nvidia12", Device: true}, {Src: "/dev/nvidia13", Device: true},
+		{Src: "/dev/nvidia14", Device: true}, {Src: "/dev/nvidia15", Device: true},
+		{Src: "/dev/nvidia16", Device: true}, {Src: "/dev/nvidia17", Device: true},
+		{Src: "/dev/nvidia18", Device: true}, {Src: "/dev/nvidia19", Device: true},
+	}...)
+}