From 4f9ae3b1f99c4a5cf68f46647e76f108ac5e08a5 Mon Sep 17 00:00:00 2001 From: jkaczman Date: Sun, 21 Jun 2026 06:11:09 -0400 Subject: [PATCH 1/4] feat(deploy): bundle AppImage with GStreamer; don't require it on the host --- releases/Dockerfile.deploy | 2 ++ .../setup_linuxdeploy_plugins.bash | 20 +++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/releases/Dockerfile.deploy b/releases/Dockerfile.deploy index f114cd2..cdb4f67 100644 --- a/releases/Dockerfile.deploy +++ b/releases/Dockerfile.deploy @@ -76,6 +76,8 @@ RUN set -eux; \ librsvg2-dev \ libglib2.0-bin \ libgdk-pixbuf2.0-bin \ + libgstreamer1.0-0 \ + gstreamer1.0-plugins-base \ patchelf file xz-utils zip unzip \ squashfs-tools desktop-file-utils \ strace procps binutils \ diff --git a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash index d36e985..be28c2c 100755 --- a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash +++ b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash @@ -46,6 +46,11 @@ linuxdeploy_plugin_gtk_commit="b5eb8d05b4c0ed40107fe2158c5d8527f94568ef" linuxdeploy_plugin_gtk_url="https://raw.githubusercontent.com/tauri-apps/linuxdeploy-plugin-gtk/${linuxdeploy_plugin_gtk_commit}/linuxdeploy-plugin-gtk.sh" linuxdeploy_plugin_gtk_sha256="cb379f9b0733e9ad9f8bd78f8c2fa038aef2478523bb7d4c8e64ff6a1ea3501a" +# https://github.com/linuxdeploy/linuxdeploy-plugin-gstreamer/commit/2a2e67491c32995a3f279ad0ecbe77abd512b42a +linuxdeploy_plugin_gstreamer_commit="2a2e67491c32995a3f279ad0ecbe77abd512b42a" +linuxdeploy_plugin_gstreamer_url="https://raw.githubusercontent.com/linuxdeploy/linuxdeploy-plugin-gstreamer/${linuxdeploy_plugin_gstreamer_commit}/linuxdeploy-plugin-gstreamer.sh" +linuxdeploy_plugin_gstreamer_sha256="c107b49d84edbffc6ab226ed1007e0626a4f7aa2c3a36b7782bef62351d49e94" + # Keep linuxdeploy at the canonical path as a real AppImage binary. # The appimage output plugin mutates the running linuxdeploy file with the dd utility # If this path is a shell wrapper, that mutation corrupts the wrapper shebang @@ -59,16 +64,19 @@ if [ ! -x "$linuxdeploy_bin" ]; then fi # The Tauri appimage pipeline looks for plugins in /root/.cache/tauri. +# Bundle GStreamer so WebKitGTK gets its media elements (e.g. appsink) from inside the AppImage; means it doesn't need gst-plugins-base on the host. +download_verified_file \ + "$linuxdeploy_plugin_gstreamer_url" \ + /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh \ + "$linuxdeploy_plugin_gstreamer_sha256" \ + "linuxdeploy-plugin-gstreamer.sh" +chmod +x /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh + cat >/root/.cache/tauri/linuxdeploy-plugin-gstreamer.sh <<'EOS' && chmod +x /root/.cache/tauri/linuxdeploy-plugin-gstreamer.sh #!/bin/sh set -eu -if [ "${1:-}" = "--plugin-api-version" ]; then - echo "0" - exit 0 -fi - -exit 0 +exec bash /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh "$@" EOS download_verified_file \ From 7632409a2c5feb487dfef13e77ce8486f05f3ed3 Mon Sep 17 00:00:00 2001 From: jkaczman Date: Wed, 24 Jun 2026 13:03:50 -0400 Subject: [PATCH 2/4] fix(releases): drop wayland libs [Mesa] + disable WebKit DMABuf renderer in AppImage --- .../lib/docker_deploy/run_tauri_build.bash | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/releases/lib/docker_deploy/run_tauri_build.bash b/releases/lib/docker_deploy/run_tauri_build.bash index 4142064..7a1cae5 100755 --- a/releases/lib/docker_deploy/run_tauri_build.bash +++ b/releases/lib/docker_deploy/run_tauri_build.bash @@ -903,6 +903,50 @@ ensure_libgpg_error_bundled_with_libgcrypt() { fi } + +# New version of Mesa has some dependency issues with libwayland-client if it is bundled +# https://github.com/AppImageCommunity/pkg2appimage/pull/559 +# https://gitlab.freedesktop.org/mesa/mesa/-/issues/11316 +# Bundled libwayland-client/server/egl carries private protocol-interface pointers that must match the running compositor. +# If we use our own copy makes the client lib and the host's Wayland server disagree +# So we drop them so the loader falls back to the host libraries +prune_appdir_wayland_libs() { + local appdir="$1" + [[ -n "$appdir" && -d "$appdir" ]] || return 0 + + local removed=0 lib + while IFS= read -r -d '' lib; do + echo "==> excluding bundled $(basename "$lib") (use host copy)" + rm -f "$lib" + removed=1 + done < <(find "$appdir" \( -type f -o -type l \) \ + \( -name 'libwayland-client.so*' \ + -o -name 'libwayland-server.so*' \ + -o -name 'libwayland-egl.so*' \) -print0 2>/dev/null) + + [[ "$removed" -eq 1 ]] || echo "==> no bundled libwayland-{client,server,egl} found in AppDir" +} + +# https://github.com/tauri-apps/tauri/issues/9304: webkit2gtk is broken under 2.44 with Nvidia GPUs +# "KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied" [https://github.com/secluso/core/issues/113] +# WEBKIT_DISABLE_DMABUF_RENDERER falls back to portable compositing +# AppRun sources apprun-hooks sh files at startup +install_webkit_dmabuf_apprun_hook() { + local appdir="$1" + [[ -n "$appdir" && -d "$appdir" ]] || return 0 + + local hooks_dir="$appdir/apprun-hooks" + mkdir -p "$hooks_dir" + local hook="$hooks_dir/zz-secluso-webkit-dmabuf.sh" + echo "==> installing AppRun hook to disable WebKit DMABuf renderer ($hook)" + cat >"$hook" <<'EOS' +#!/bin/sh +# Disable WebKitGTK's DMABuf renderer unless the user opted into it. +export WEBKIT_DISABLE_DMABUF_RENDERER="${WEBKIT_DISABLE_DMABUF_RENDERER:-1}" +EOS + chmod 0644 "$hook" +} + canonicalize_linux_bundle_outputs_deterministically() { [[ "$TAURI_TARGET" == *"-unknown-linux-"* ]] || return 0 @@ -949,6 +993,14 @@ canonicalize_linux_bundle_outputs_deterministically() { echo "==> error: failed to bundle libgpg-error alongside libgcrypt in $appdir" >&2 return 1 } + prune_appdir_wayland_libs "$appdir" || { + echo "==> error: failed to prune bundled libwayland from $appdir" >&2 + return 1 + } + install_webkit_dmabuf_apprun_hook "$appdir" || { + echo "==> error: failed to install WebKit DMABuf AppRun hook in $appdir" >&2 + return 1 + } fi local appimage_path while IFS= read -r appimage_path; do From dcaf47ea6614a40369bf4e115e2ba3f84095d18f Mon Sep 17 00:00:00 2001 From: jkaczman Date: Mon, 29 Jun 2026 07:08:31 -0400 Subject: [PATCH 3/4] revert: do not bundle GStreamer --- releases/Dockerfile.deploy | 2 -- .../docker_deploy/setup_linuxdeploy_plugins.bash | 15 ++++++--------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/releases/Dockerfile.deploy b/releases/Dockerfile.deploy index cdb4f67..f114cd2 100644 --- a/releases/Dockerfile.deploy +++ b/releases/Dockerfile.deploy @@ -76,8 +76,6 @@ RUN set -eux; \ librsvg2-dev \ libglib2.0-bin \ libgdk-pixbuf2.0-bin \ - libgstreamer1.0-0 \ - gstreamer1.0-plugins-base \ patchelf file xz-utils zip unzip \ squashfs-tools desktop-file-utils \ strace procps binutils \ diff --git a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash index be28c2c..3d6e578 100755 --- a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash +++ b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash @@ -64,19 +64,16 @@ if [ ! -x "$linuxdeploy_bin" ]; then fi # The Tauri appimage pipeline looks for plugins in /root/.cache/tauri. -# Bundle GStreamer so WebKitGTK gets its media elements (e.g. appsink) from inside the AppImage; means it doesn't need gst-plugins-base on the host. -download_verified_file \ - "$linuxdeploy_plugin_gstreamer_url" \ - /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh \ - "$linuxdeploy_plugin_gstreamer_sha256" \ - "linuxdeploy-plugin-gstreamer.sh" -chmod +x /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh - cat >/root/.cache/tauri/linuxdeploy-plugin-gstreamer.sh <<'EOS' && chmod +x /root/.cache/tauri/linuxdeploy-plugin-gstreamer.sh #!/bin/sh set -eu -exec bash /root/.cache/tauri/linuxdeploy-plugin-gstreamer.real.sh "$@" +if [ "${1:-}" = "--plugin-api-version" ]; then + echo "0" + exit 0 +fi + +exit 0 EOS download_verified_file \ From f856a412392f814106f0bf410a5d85c3e8b57131 Mon Sep 17 00:00:00 2001 From: jkaczman Date: Mon, 29 Jun 2026 07:10:20 -0400 Subject: [PATCH 4/4] fix: try setting WEBKIT_DISABLE_DMABUF_RENDERER in lib.rs set_var instead of apprun-hook --- deploy/src-tauri/src/lib.rs | 6 +++++ .../lib/docker_deploy/run_tauri_build.bash | 24 ------------------- .../setup_linuxdeploy_plugins.bash | 5 ---- 3 files changed, 6 insertions(+), 29 deletions(-) diff --git a/deploy/src-tauri/src/lib.rs b/deploy/src-tauri/src/lib.rs index 5df574a..cb58797 100644 --- a/deploy/src-tauri/src/lib.rs +++ b/deploy/src-tauri/src/lib.rs @@ -8,6 +8,12 @@ mod open_external; #[cfg_attr(mobile, tauri::mobile_entry_point)] pub fn run() { + // https://github.com/tauri-apps/tauri/issues/9304: webkit2gtk is broken under 2.44 with Nvidia GPUs + // "KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied" [https://github.com/secluso/core/issues/113] + // WEBKIT_DISABLE_DMABUF_RENDERER falls back to portable compositing + #[cfg(target_os = "linux")] + std::env::set_var("WEBKIT_DISABLE_DMABUF_RENDERER", "1"); + tauri::Builder::default() .plugin(tauri_plugin_opener::init()) .plugin(tauri_plugin_dialog::init()) diff --git a/releases/lib/docker_deploy/run_tauri_build.bash b/releases/lib/docker_deploy/run_tauri_build.bash index 7a1cae5..6a4ce1f 100755 --- a/releases/lib/docker_deploy/run_tauri_build.bash +++ b/releases/lib/docker_deploy/run_tauri_build.bash @@ -927,26 +927,6 @@ prune_appdir_wayland_libs() { [[ "$removed" -eq 1 ]] || echo "==> no bundled libwayland-{client,server,egl} found in AppDir" } -# https://github.com/tauri-apps/tauri/issues/9304: webkit2gtk is broken under 2.44 with Nvidia GPUs -# "KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied" [https://github.com/secluso/core/issues/113] -# WEBKIT_DISABLE_DMABUF_RENDERER falls back to portable compositing -# AppRun sources apprun-hooks sh files at startup -install_webkit_dmabuf_apprun_hook() { - local appdir="$1" - [[ -n "$appdir" && -d "$appdir" ]] || return 0 - - local hooks_dir="$appdir/apprun-hooks" - mkdir -p "$hooks_dir" - local hook="$hooks_dir/zz-secluso-webkit-dmabuf.sh" - echo "==> installing AppRun hook to disable WebKit DMABuf renderer ($hook)" - cat >"$hook" <<'EOS' -#!/bin/sh -# Disable WebKitGTK's DMABuf renderer unless the user opted into it. -export WEBKIT_DISABLE_DMABUF_RENDERER="${WEBKIT_DISABLE_DMABUF_RENDERER:-1}" -EOS - chmod 0644 "$hook" -} - canonicalize_linux_bundle_outputs_deterministically() { [[ "$TAURI_TARGET" == *"-unknown-linux-"* ]] || return 0 @@ -997,10 +977,6 @@ canonicalize_linux_bundle_outputs_deterministically() { echo "==> error: failed to prune bundled libwayland from $appdir" >&2 return 1 } - install_webkit_dmabuf_apprun_hook "$appdir" || { - echo "==> error: failed to install WebKit DMABuf AppRun hook in $appdir" >&2 - return 1 - } fi local appimage_path while IFS= read -r appimage_path; do diff --git a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash index 3d6e578..d36e985 100755 --- a/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash +++ b/releases/lib/docker_deploy/setup_linuxdeploy_plugins.bash @@ -46,11 +46,6 @@ linuxdeploy_plugin_gtk_commit="b5eb8d05b4c0ed40107fe2158c5d8527f94568ef" linuxdeploy_plugin_gtk_url="https://raw.githubusercontent.com/tauri-apps/linuxdeploy-plugin-gtk/${linuxdeploy_plugin_gtk_commit}/linuxdeploy-plugin-gtk.sh" linuxdeploy_plugin_gtk_sha256="cb379f9b0733e9ad9f8bd78f8c2fa038aef2478523bb7d4c8e64ff6a1ea3501a" -# https://github.com/linuxdeploy/linuxdeploy-plugin-gstreamer/commit/2a2e67491c32995a3f279ad0ecbe77abd512b42a -linuxdeploy_plugin_gstreamer_commit="2a2e67491c32995a3f279ad0ecbe77abd512b42a" -linuxdeploy_plugin_gstreamer_url="https://raw.githubusercontent.com/linuxdeploy/linuxdeploy-plugin-gstreamer/${linuxdeploy_plugin_gstreamer_commit}/linuxdeploy-plugin-gstreamer.sh" -linuxdeploy_plugin_gstreamer_sha256="c107b49d84edbffc6ab226ed1007e0626a4f7aa2c3a36b7782bef62351d49e94" - # Keep linuxdeploy at the canonical path as a real AppImage binary. # The appimage output plugin mutates the running linuxdeploy file with the dd utility # If this path is a shell wrapper, that mutation corrupts the wrapper shebang