Replies: 1 comment
-
|
The more I think about it the less I feel like that Flatpak should provide it's own way to gave a PipeWire core but xdp should propose a more portal-agnostic method to get one (works for any portal thanks to permission control). Otherwise we would have every sandbox system implementing their own core addition where we could just provide one that likely fits them all. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Move PipeWire logic in-tree
Reminder:
pipewire-media-sessionis just an example implementation that is no longer meant for production use since WirePlumber has been endorsedAccess module
PipeWire has in its tree a module to set
pipewire.accessto "portal" if the PID that created core is xdg-desktop-portal's.Which allow the session manager to filter them and manage those core permission with the permission store.
While the necessity of moving it seems low, I still propose to move it in-tree to reduce fragmentation of xdg-desktop-portal logic across repos.
Implementation detail
The in-tree module will be built and installed if the system PipeWire is version 1.3.81 or later.
Earlier version does not allow the original module to be disabled through a drop-in configuration file.
Permission management
WirePlumber has in its tree:
I propose to implement a module to replace those features with one in-tree C module.
This would allow to change how some portals without having to wait for a WirePlumber release and the needed change to its features.
Some desired portal feature are likely to need to add logic to this module.
Implementation detail
Property keys like
pipewire.access.portal.app_idwould be replaced with by one using "xdg-desktop-portal" (e.g.pipewire.access.xdg-desktop-portal.app_id), this would avoid to conflict with any assumptions that PipeWire made (e.g. set a app id on a core not created by xdg-desktop-portal).Replace
media.rolexdg-desktop-portal relies on this property key to identify Camera.
The main issue is that the real usage of the key by WirePlumber is completely different.
I propose to completely replace our usage of this key.
By using
media.classalongside a new boolean key meant to indicate that the node representing a device is user facing.If the key is unset or set to
false, the device is not to be shown to the user.A user-facing:
Video/Sourcecan be a camera or a capture cardAudio/Sinkcan be speakers or headphonesAudio/Sourcecan be a microphone, an instrument or the audio stream of a capture cardIt can be observed that this way we also avoid any struggle about applying a term that do not perfectly match the device behind the node (e.g. "Camera" on capture card or "Microphone" on a digital instrument).
Enable multiple way to get a core
OpenPipeWireRemoteThe main (and only for now) way to get a permission-controlled PipeWire core in a sandbox.
The given core has
pipewire.accessset to "portal" (or "xdg-desktop-portal") and xdg-desktop-portal has set the app id and the media role to camera if Camera portal.Flatpak (draft idea)
The idea is for Flatpak (or PipeWire) to have module that mark with the app id (e.g.
pipewire.access.flatpak.app_id) and maybe the instance id any core created through PipeWire socket with Flatpak security context.xdg-desktop-portal WirePlumber module would manage those core permission and use at least
pipewire.access.flatpak.app_idto apply the matching permission for device nodes.Other sandbox system
Like xdg-desktop-portal has specific code to handle Snap app information, those other system needs would need to the same as Flatpak to have their own access type and make the xdg-desktop-portal WirePlumber module handle it.
TODOs:
media.roleusageMAYBEs:
OpenPipeWireRemote)Beta Was this translation helpful? Give feedback.
All reactions