arcan

Arcan - [Display Server, Multimedia Framework, Game Engine] -> "Desktop Engine"

letoram
1548
89
C

Arcan

Arcan is a powerful development framework for creating virtually anything from
user interfaces for specialized embedded applications all the way to full-blown
standalone desktop environments.

At its heart lies a robust and portable multimedia engine, with a well-tested
and well-documented Lua scripting interface. The development emphasizes
security, debuggability and performance – guided by a principle of least
surprise in terms of API design.

For more details about capabilities, design, goals, current development,
roadmap, changelogs, notes on contributing and so on, please refer to the
arcan-wiki.

There is also a website that collects other links,
announcements, releases, videos / presentations and so on.

  • For community contact, check out the IRC channel #arcan on irc.libera.chat
    and/or the discord (invite-link)

  • For developer information, see the HACKING.md

The github repository is going defunct thanks to Microsofts incresingly abusive
practices, and we are thus moving to self-hosted Fossil. The repository will be
synched to github for the time being, but no active development activities
there. See fossil.arcan-fe.com.

Getting Started

Some distributions, e.g. voidlinux have most of arcan
as part of its packages, so you can save yourself some work going for one of
those. Other ones with an active community would be through Nix (for example:
nix-shell -p arcan.all-wrapped).

Docker- container templates (mainly used for headless development and testing)
can be found here, quality varies wildly from bad to poor (just like Docker):
dockerfiles.

Compiling from Source

There are many ways to tune the build steps in order to reduce dependencies.
There are even more ways to configure and integrate the components depending
on what you are going for; running as a native desktop or as an application
runtime inside another desktop?

Most options are exposed via the build output from running cmake on the src
directory.

For the sake of simplicity over size, there is a build preset, ‘everything’
which is the one we will use here.

Dependencies

Specific package names depend on your distribution, but common ones are:

sqlite3, openal-soft, sdl2, opengl, luajit, gbm, kms, freetype, harfbuzz
libxkbcommon

For more encoding and decoding options you might also want:

libvlc-core (videolan), the ffmpeg suite, leptonica + tesseract (ocr)
libvncserver libusb1, v4l2-loopback, mupdf

First we need some in-source dependencies that are cloned manually for now:

git clone https://github.com/letoram/arcan.git
cd arcan/external/git
./clone.sh
cd ../../

These are typically not needed, the main use is for ensuring certain build
options that might vary between distributions (luajit) and to ensure that a
recoverable desktop can be statically linked and executed in an otherwise
broken userspace (so embedded bringup). The one exception is OpenAL which is
patched to be used by a special (arcan-lwa) build. This is slated for
refactoring to remove that dependency, but there are other priorities in the
way.

Compiling

Now we can configure and build the main engine:

mkdir build
cd build
cmake -DBUILD_PRESET="everything" ../src

Like with other CMake based projects, you can add:

-DCMAKE_BUILD_TYPE=Debug

To switch from a release build to a debug one.

When it has finished probing dependencies, you will get a report of which
dependencies that has been found and which features that were turned on/off,
or alert you if some of the required dependencies could not be found.

Make and install like normal (i.e. make, sudo make install). A number of
binaries are produced, with the ‘main’ one being called simply arcan. To
test ‘in source’ (without installing) you should be able to run:

 ./arcan -T ../data/scripts -p ../data/resources ../data/appl/welcome

The -T argument sets our built-in/shared set of scripts, the -p where shared
resources like fonts and so on can be found, and the last argument being
the actual ‘script’ to run.

With installation, this should reduce to:

 arcan welcome

It will automatically try to figure out if it should be a native display
server or run nested within another or even itself based on the presence
of various environment variables (DISPLAY, WAYLAND_DISPLAY, ARCAN_CONNPATH).

‘welcome’ is a name of a simple builtin welcome screen, that will shut down
automatically after a few seconds.

For something of more directly useful, you can try the builtin appl ‘console’:

arcan console

Which should work just like your normal console command-line, but with the
added twist of being able to run (arcan compatible) graphical applications
as well. For other projects, see the ‘Related Projects’ further below.

If input devices are misbehaving, the quick and dirty ‘eventtest’ in:

arcan /path/to/arcan/tests/interactive/eventtest

Might be useful in figuring out who to blame.

SUID Notes

The produced egl-dri platform ‘arcan’ binary installs suid by default. This is
not strictly necessary unless some specific features are desired, e.g. laptop
backlight controls on Linux as those require access to sysfs and friends.

If that is not relevant, you can strip the suid property on the binary, but do
note that your current user still requires access to relevant /dev/input/event
and /dev/dri/cardN and /dev/dri/renderN files to work properly – otherwise
input and/or graphics devices might not be detected or useable.

The binary does split off into a non-suid part that the main engine runs off
of, see posix/psep_open.c for auditing what is being run with higher
privileges as well as the code for dropping privileges. The privileged process
is responsible for negotiating device access, implementing virtual-terminal
switching and as a watchdog for recovering the main process on live locks or
some GPU failures.

Hook-Scripts

Another way to extend engine behavior regardless of the appl being used are
so called hook-scripts. These reside inside the ‘system script path’ covered
by the -T command-line argument, or the default of shared/arcan/scripts.

The idea is that these should be able to provide ‘toggle on’ features that
would need cooperation from within the engine, in order to do quick custom
modifications or help bridge other tools.

A good example is ‘external_input’:

arcan -H hooks/external_input.lua -H hooks/external_input.lua myappl

This would open up two connection points, ‘extio_1’, ‘extio_2’ that will
allow one client to connect and provide input that will appear to the ‘myappl’
appl as coming from the engine.

These are covered in more detail in the manpage.

Networking

Arcan-net is a binary that allows you to forward one or many arcan clients over
a network. It is built by default, and can be triggered both as a separate
network tool as well as being launched indirectly from shmif by setting
ARCAN_CONNPATH=a12://id@host:port, or when issuing a migration request by the
window manager.

See also: src/a12/net/README.md and src/a12/net/HACKING.md.

Wayland

The ‘arcan-wayland’ or ‘waybridge’, as it is refered to in some places is
binary adds support for wayland and X clients (via Xwayland). It can be run as
either a global system service, e.g.

arcan-wayland -xwl

Or on a case by case basis, like:

arcan-wayland -exec weston-terminal

For a compliant wayland client, and:

arcan-wayland -exec-x11 xterm

For an X client. The ‘per case’ basis is recommended as it is safer and more
secure than letting multiple clients share the same bridge process, at a
negilable cost. The downside is that some complex clients that rely on making
multiple distinct wayland connections may fail to work properly. Firefox is a
known offender.

There is a number of tuning and troubleshooting options due to the complexity
of using wayland, consult the manpage and the --help toggle.

Database

All runtime configuration is consolidated into a database, either the default
‘arcan.sqlite’ one or an explicitly set one (arcan -d mydb.sqlite).

This is used for platform specific options, engine specific options and for
trusted clients that the running scripts are allowed to start. It is also used
as a configuration key-value store for any arcan applications that are running.

As a quick example, this is how to inspect and modify keys that ‘Durden’
are currently using:

arcan_db show_appl durden
arcan_db add_appl_kv durden shadow_on true

Advanced configuration for some video platforms can be set via the reserved
arcan appl name. This would, for instance, set the primary graphics card
device name for the ‘egl-dri’ platform version:

arcan_db add_appl_kv arcan video_device=/dev/dri/card2

To add ‘launch targets’, you can use something like:

arcan_db add_target net BIN /usr/bin/arcan-net -l netfwd
arcan_db add_config arcan-net default 10.0.0.10 6666
arcan_db add_target xterm BIN /usr/bin/arcan-wayland -exec-x11

This allow applications to start a program as a trusted child (that inherits
its connection primitives rather than to try and find them using some OS
dependent namespace). The example above would have spawned arcan-net in the
local mode where clients connecting to the ‘netfwd’ connpath would be
redirected to the server listening at 10.0.0.10:6666.

There are many controls and options for this tool, so it is suggested that you
look at its manpage for further detail and instructions.

Headless Mode

The ‘everything’ build option should also produce a binary called
‘arcan_headless’, at least on BSDs and Linux. This binary can be used to run
arcan without interfering with your other graphics and display system. Given
access to a ‘render node’ (/dev/dri/renderD128 and so on) and it should also
work fine inside containers and other strict sandboxing solutions.

To make it useful, it can record/stream to a virtual screen. An example of
such a setup following the example above would be:

ARCAN_VIDEO_ENCODE=protocol=vnc arcan_headless console

Assuming the build-system found the libvncserver dependency, this should
leave you with an exposed (insecure, unprotected, …) vnc server at
localhost+5900. See afsrv_encode for a list of arguments that can be added
to the encode environment in order to control what happens.

Funding

This project is funded through NGI0 Entrust, a fund
established by NLnet with financial support from the
European Commission’s Next Generation Internet program. Learn
more at the NLnet project page.

NLnet foundation logo
NGI Zero Logo

Related Projects

If you are not interested in developing something of your own, you will
likely find little use with the parts of this project alone. Here are some
projects that you might want to look into:

  • Durden is the main desktop
    environment that uses this project as its display server.

  • Safespaces is an experimental
    VR/3D desktop environment.

  • Pipeworld is a dataflow
    (think excel) programming environment

  • Arcan-Devices accumulates
    extra drivers.

To get support for more types of clients and so on, there is also:

  • Wayland support (see Wayland section above, and src/wayland/README.md).

  • QEmu a patched QEmu version that
    adds a -ui arcan option.

  • Xarcan is a patched Xorg that
    allows you to run an X session ‘as a window’.

  • nvim-arcan is a neovim frontend
    that act as a native arcan client.

Tools

There is also a number of helper tools that can be used to add certain
features, such as support for VR devices and tray-icons. These are built
separately and can be found in the tools/ subdirectory. They have their
own separate build systems and corresponding README.md files.

They work on the assumption that arcan and its respective libraries have been
built and installed. They are lockstepped and versioned to the engine, so if
you upgrade it, make sure to rebuild the tools as well.

The main tools of interest are:

Acfgfs

Acfgfs is a tool that lets you mount certain arcan applications as a FUSE
file-system. The application has to explicitly support it. For the Durden
desktop environment, you can use global/settings/system/control=somename
and then:

arcan_cfgfs --control=/path/to/durden/ipc/somename /mnt/desktop

And desktop control / configuration should be exposed in the specified
mountpoint.

Aclip

Aclip is a clipboard manager similar to Xclip. It allows for bridging the
clipboard between a desktop environment like Durden, and that of an X server.

This requires that clipboard bridging has been allowed (disabled by default for
security reasons). In Durden this is activated via
global/settings/system/clipboard where you can control how much clipboard
access the tool gets.

Aloadimage

Aloadimage is a simple sandboxing image loader, similar to xloadimage. It is
useful both for testing client behavior when developing applications using
arcan, but also as an image viewer in its own right, with reasonably fast image
loading, basic playlist controls and so on.

Vrbridge

VR bridge is an optional input driver that provides the arcan_vr binary which
adds support for various head-mounted displays. More detailed instructions on
its setup and use can be found as part of the Safespaces project mentioned in
the 'Related Projects 'section.

Trayicon

Arcan-trayicon is a tool that chain-loads another arcan client, along with two
reference images (active and inactive). It tries to register itself in the
icon-tray of a running arcan application, though it must explicitly enable the
support. In Durden, this is done via the path:

global/settings/statusbar/buttons/right/add_external=tray

Then you can use:

ARCAN_CONNPATH=tray arcan-trayicon active.svg inactive.svg afsrv_terminal

Or some other arcan client that will then be loaded when the tray button is
clicked, confined into a popup and then killed off as the popup is destroyed.
This is a quick and convenient way to wrap various system services and external
command scripts.