X11 Applications and Unity 8

The buzzword convergence has been bandied about a lot in relation to Ubuntu.  That’s because the plan is to have one single Ubuntu that works the same way across phones, tablets, laptops, desktops, TVs, kiosks, and refrigerators. It’s an exciting idea that some other software environments have also aimed at, but so far have not been able to deliver on.

One of the key technologies that lets the same Ubuntu run on all kinds of devices from your pocket to your desktop is Unity 8, a graphical shell that presents a way to surface and launch applications and display some information.  Unity 8 has been designed to dynamically adapt to the available display and input devices present, so it can flow from a full-screen personality on a tiny phone with only touch input to a multiple-display, multiple-workspace windowed personality with a mouse and a keyboard attached to an engineer’s workstation.  Going hand-in-hand with Unity 8 is an entire SDK that can be used to build applications that are also flexible across all combinations of displays and inputs.  Part of the magic underlying Unity 8 is the Mir compositing display server, which replaces the venerable X11 display server.

Underneath the shell layer is a new kind of way of running the fundamental operating system, with a read-only system image that can be transactionally updated.  While that is a technical description of how things differ from the old DOS and Unix way, what it means in practice is that it’s very difficult to install malware that will take over your system and turn it into a spambot for some nefarious organization and it’s also difficult to get your system into a state in which it no longer boots up or runs improperly.  In the hostile world of today’s always-on always-connected devices, that’s a very good thing.  Also, no reinstalling the OS every few months when it starts to crawl, for those of you out there familiar with Microsoft Windows.

One final bit of change for Unity 8 is that instead of the factored deb packages in which you build your system up like a jigsaw puzzle, the newer systems use self-contained application packages, originally clicks and now snaps.

So, the major differences coming down the pipe with Unity 8 and convergence include the following.

  1. Mir instead of X11.
  2. Read-only system files.
  3. No debs.

What, you may ask, about all the many gigabytes of existing deb packages everyone relies on in the Ubuntu archives, their organization’s private archives, and third-party archives?  Doesn’t this break the contract between Ubuntu and its users?

Libertine to the Rescue

The first answer to the above concern is that many of the more popular applications are being snapped as I write this.  That means they’re being packaged up so they can be installed and run on a read-only system image without deb support.

Another answer is that the most popular toolkits like GTK+ and Qt (and even libSDL, for things that really count like games) have been ported to Mir so most applications don;t have to care what the underlying display server technology is.

The final answer is that we’ve come up with  a cunning way to install and use your existing deb packaged X11 applications on a read-only deb-free system running Mir.  We call it libertine.

We chose the name libertine because the word in the English language refers to an individual who feels they need to flout rules and engage in risky and socially unacceptable behaviours.  What we’ve done is set up a container into which debs can be installed in which they can mess up the system in the container without affecting the real system, and they can run unconfined and unfettered without fear of stealing data or keystrokes and reporting home.

Libertine consists of a container with a minimal Ubuntu system installed in it, and a Mir client application that proxies the confined application.  In the case of an X11 application, that proxy is called XMir, and is actually an x.org server with a Mir-based DDX — which is to say, it’s a bog-standard X11 server that ends up drawing its output on a Mir surface.  Libertine also provides alternative proxies, such as a terminal application for venerable terminal applications such as Midnight Commander or good old vi.

The secret sauce is that actual application launching is taken care of by a tool we call the Ubuntu Application Launcher [UAL].  When you click or tap on an application icon in the Unity 8 Dash, a URI describing the application gets sent to UAL, which then figures out if it’s a native application, a libertine application, or even a snappy application, and then does the right thing to start the application.  In the case of a libertine application, that means starting the XMir server and then using the libertine tools to launch the applications in its container.  The libertine tools spin up the container as necessary, bind-mount various required devices and directories from the host system into the container, start some bridge daemons, and then start the application.  Then takes a break because it works hard.

Here’s picture saying the same thing for the right-brained among you.

Basic Libertine Block Diagram

An interesting thing to note here is that a separate XMir process is spawned for every libertine application launched.  This is the only secure way to use X11 in a hostile environment of keyloggers and data snoopers.  Data sharing previously done through the X11 server, like cut-and-paste and drag-and-drop, has to be done through a trusted arbitrator called the content hub and involves attestation steps.

The libertine project consists of a suite of tools:  a set of command-line utilities, a scope for discovering installed applications, a management GUI, and even a scope to browse the Ubuntu archives for packages to install.

Some of you may have heard the name Puritine bandied about.  Puritine is a pre-rolled container with a set of 5 curated X11 applications that comes pre-installed on certain devices as a demonstration of convergence technology.  The name was a play on libertine and puritan.

This was a brief high-level introduction to Libertine, our solution for running existing deb-packaged XApps under Unity 8.  I’ll be diving into more technical detail in some upcoming posts, but in th mean time you can actually play with libertine right now on your Ubuntu device or desktop.


11 thoughts on “X11 Applications and Unity 8

  1. Pingback: The post where I admit that I bottled it and moved to Debian, before realising I was being a dumbass and moved back to Ubuntu | corenominal

  2. Pingback: I’m using Debian, again | corenominal

    • There’s nothing to stop an X11 client from running on Unity 8 and rendering to a remote X11 server.

      The libertine/XMir setup is not going to work as a networked display server because it uses a non-default $DISPLAY port using Unix domain sockets. Of course, because it’s just an x.org server you are free to do what you want on your own system and make it wide open to the internet. Good luck with that.

  3. Thanks for this post. It’s the most straightforward and succinct info I’ve found on Libertine and the issue of running X11 apps on Ubuntu Touch/Unity 8. Just a few questions that I haven’t found answers on the Web yet:

    1. Clipboard sharing between X11 and regular apps is a huge pain on Ubuntu Touch right now. You mentioned something about a content hub. Is there a forthcoming solution to this?

    2. Puritine comes pre-installed on the bq Aquaris M10 but not on the Meizu Pro 5. With the latest OTA, the Meizu is also now capable of convergence. Is there a way to install Puritine after the fact?

    Sorry if I hijacked the comments to ask these. I’d appreciate being directed to the proper forum for these questions. Thanks a lot!

    • (1) Yes, we plan to deliver hopefully in the 16.10 timeframe.

      (2) Yes, for technical reasons The Pro 5 will have an empty Puritine in OTA-12 and the full Puritine is in the store as an upgrade. The technical reason has to do with the recovery partition size used to flash updates.

      A good place to ask these questions is in the #ubuntu-touch channel at irc.freenode.net or at the http://askubuntu.com/ exchange.

      • That is awesome! Quite excited for OTA-12. I read it will also bring fingerprint scanner support for the Meizu Pro 5. Any clue when it will roll out? Sorry, that was the last question. All future questions will be asked in the proper channels. 🙂

        It’s quite unfortunate that clipboard cross-functionality wasn’t included from the start, though I understand it’s not exactly a showstopper. 16.10 can’t come soon enough! 🙂

  4. Pingback: Conoce Libertine, el nuevo proyecto de Canonical para permitir correr aplicaciones nativas de Debian en Unity 8 | :. WindTux .:

    • No. A browser is just an application.

      Right now Firefox works just fine in libertine and gets shipped as one of the curated Puritine apps on convergence-capable Ubuntu devices right now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s