Enable Wayland security context protocol

nesteroff commented 2 weeks ago

Description of changes

This enables support for the Wayland security context protocol in Ghaf. I previously added support for it to Labwc and Waypipe and upstreamed those changes. The version of Labwc used in Ghaf already includes it. For Waypipe, I added a patch but it was merged upstream recently. The new version should be released close to the end of the year. After that we should be able to get rid of the Waypipe overlay.

The security context protocol allows window frame colors to be defined on a per-VM basis rather than by application identifier. All settings are defined on the compositor side and AppVMs cannot change them. The same application can now have different border colors when run from different VMs. For example, the trusted browser and the regular one now have different colors, even though they are both Chromium.

Also, enabling the Security Context seems to resolve the issue with window caption rendering reported in SSRCSP-5343.

Technical details:

Each AppVM now gets its own instance of waypipe and vsockproxy.
vsockproxy has been updated to prevent one VM from connecting to the port designated for another VM.
Waypipe borders patch has been updated to draw borders on the GUIVM side. Currently, waypipe border is disabled but it might be useful in the future in case we change the compositor, as not many compositors support security contexts and custom border colors.

Checklist for things done

[x] Summary of the proposed changes in the PR description
[x] More detailed description in the commit message(s)
[x] Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
[x] Contribution guidelines followed
[ ] Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
[ ] PR linked to architecture documentation and requirement(s) (ticket id)
[x] Test procedure described (or includes tests). Select one or more:
- [x] Tested on Lenovo X1 x86_64
- [ ] Tested on Jetson Orin NX or AGX aarch64
- [ ] Tested on Polarfire riscv64
[ ] Author has run make-checks and it passes
[x] All automatic Github Action checks pass - see actions
[x] Author has added reviewers and removed PR draft status
[ ] Change requires full re-installation
[x] Change can be updated with nixos-rebuild ... switch

Instructions for Testing

On Lenovo X1, make sure all apps still work fine after this change and that the window borders have the correct colors. The regular Chromium and Trusted versions should now have different colors as defined in chromium.nix and business.nix.

johannarautanen commented 1 week ago

Tested on Lenovo-X1 (flashed to the SSD) (commit: 139e527d5e8ce0fae6571bf7770cda52fbb36c2a)

Working:

regular Chromium and Trusted versions have different borders colors
all other ghaf apps can be launched
ci-test automation cases ok

Issues:

business-app border color is ok, but the header color shouldn't be neon green, not user friendly at all. Hard to read the text in header and see the "minimize-maximize-close"-option.
minor cosmetic thing, the text editor seem to have rounded borders, so are "holes" in corners:

nesteroff commented 1 week ago

business-app border color is ok, but the header color shouldn't be neon green, not user friendly at all. Hard to read the text in header and see the "minimize-maximize-close"-option.

Thanks for testing! I updated the color to a slightly different shade. Hopefully, it looks better now. As far as I understand, Joni is working on the new colors so we might update them again later.

minor cosmetic thing, the text editor seem to have rounded borders, so are "holes" in corners:

I guess it has always been like that but it was overlapped by the waypipe border, which is no longer used. I made a quick workaround to disable the rounded corners. I think a better fix might be to develop a Ghaf GTK theme but this is something we can consider later on.

johannarautanen commented 1 week ago

Tested on Lenovo-X1 (flashed to the SSD)

Working:

regular Chromium and Trusted versions have different borders colors
business-app header color is much better now
text editor has right angle corners
all other ghaf apps can be launched
ci-test automation cases ok

screenshot-20241029-09-14-59

tiiuae / ghaf