Sunday, February 8, 2015

PC-BSD: Running QT applications from within a Warden "Ports" jail (for X11 applications)

I've been running PC-BSD 10.1.1 with great success. However, there are a few "bleeding edge" applications that I want to compile and run; most notably, Anki, my favorite flash-carding application / learning aid.

I started out by creating a "Ports Jail (insecure, allows running X applications)," which automatically downloads and installs the FreeBSD ports tree (a large library of applications that can be compiled to run on a FreeBSD system). I installed a few packages (binary, precompiled programs), including the ssh daemon and sudo.

From there, I descended into the ports tree in /usr/ports/games/anki, and then I executed a recursive make command, to automatically compile everything
/usr/bin/nice -n 19 make DISABLE_VULNERABILITIES=yes -DBATCH
This worked swimmingly, and a subsequent make install successfully integrated Anki into my jailed environment. However, a few issues remain:

  1. X11 over SSH:  ssh -Y username@ports_jail does NOT forward X11 correctly. Launching any X11 program results in the following message:
    X11 connection rejected because of wrong authentication.
    Error: Can't open display: localhost:11.0
    If you're SSHing in via a shell within your computer's X11 environment, this can be rectified with:
    export DISPLAY=":0.0"
    However, this doesn't really fix the ssh X11 forwarding problem, and I'm still at an impasse.
  2. QT doesn't render correctly. When launched without environmental variables, I get the following results:
    • A number of X11 errors when launching from the command line:

      QNativeImage: Unable to attach to shared memory segment.
      X Error: BadDrawable (invalid Pixmap or Window parameter) 9
      Major opcode: 62 (X_CopyArea)
        Resource id: 0x0
      X Error: BadDrawable (invalid Pixmap or Window parameter) 9
      Major opcode: 62 (X_CopyArea)
      Resource id: 0x0
    • The initial screen is rendered improperly: gray windows, weird artifacts. 
    To solve, modify the QT_GRAPHICSSYSTEM environment variable:
    QT_GRAPHICSSYSTEM=native anki
I'm going to post my experiences to the PC-BSD forums, and see if some folks have some ideas about how to fix the issue.