2021-03-26 18:03:50 +01:00
|
|
|
#!/usr/bin/env bash
|
2021-08-06 14:10:31 +02:00
|
|
|
## Dependencies: bash gzip fuse2 (or fuse3) tar coreutils
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
msg_root="
|
|
|
|
Do not run this script as root!
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
If you really need to run it as root and know what you are doing, set
|
|
|
|
the ALLOW_ROOT environment variable.
|
|
|
|
"
|
|
|
|
|
|
|
|
# Refuse to run as root unless environment variable is set
|
|
|
|
if (( EUID == 0 )) && [ -z "$ALLOW_ROOT" ]; then
|
|
|
|
echo "${msg_root}"
|
|
|
|
exit 1
|
2021-03-26 18:03:50 +01:00
|
|
|
fi
|
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
# Conty version
|
2022-11-24 09:01:34 +01:00
|
|
|
script_version="1.21.3"
|
2021-05-25 15:31:21 +02:00
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
# Important variables to manually adjust after modification!
|
|
|
|
# Needed to avoid problems with mounting due to an incorrect offset.
|
|
|
|
script_size=25161
|
|
|
|
utils_size=2507588
|
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
# Full path to the script
|
2021-03-28 13:35:24 +02:00
|
|
|
script_literal="${BASH_SOURCE[0]}"
|
|
|
|
script_name="$(basename "${script_literal}")"
|
|
|
|
script="$(readlink -f "${script_literal}")"
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
# Help output
|
|
|
|
msg_help="
|
|
|
|
Usage: ${script_name} [COMMAND] [ARGUMENTS]
|
|
|
|
|
|
|
|
|
|
|
|
Arguments:
|
|
|
|
-e Extract the image
|
|
|
|
|
|
|
|
-h Display this text
|
|
|
|
|
|
|
|
-H Display bubblewrap help
|
|
|
|
|
|
|
|
-l Show a list of all installed packages
|
|
|
|
|
|
|
|
-m Mount/unmount the image
|
|
|
|
The image will be mounted if it's not, unmounted otherwise.
|
|
|
|
Mount point can be changed with the BASE_DIR env variable
|
|
|
|
(the default is /tmp).
|
|
|
|
|
|
|
|
-o Show the image offset
|
|
|
|
|
|
|
|
-u Update all packages inside the container
|
|
|
|
This requires a rebuild of the image, which may take quite
|
|
|
|
a lot of time, depending on your hardware and internet speed.
|
|
|
|
Additional disk space (about 6x the size of the current file)
|
|
|
|
is needed during the update process.
|
|
|
|
|
|
|
|
-U Same as -u with the addition of updating the init script and
|
|
|
|
the integrated utils. This option may break Conty in some cases,
|
|
|
|
use with caution!
|
|
|
|
|
|
|
|
-v Display version of this script
|
|
|
|
|
|
|
|
-V Display version of the image
|
|
|
|
|
|
|
|
Arguments that don't match any of the above will be passed directly to
|
|
|
|
bubblewrap, so all bubblewrap arguments are supported as well.
|
|
|
|
|
|
|
|
|
|
|
|
Environment variables:
|
|
|
|
BASE_DIR Sets a custom directory where Conty will extract its
|
|
|
|
builtin utilities and mount the image.
|
|
|
|
The default is /tmp.
|
|
|
|
|
|
|
|
DISABLE_NET Disables network access.
|
|
|
|
|
|
|
|
DISABLE_X11 Disables access to X server.
|
|
|
|
|
|
|
|
Note: Even with this variable enabled applications
|
|
|
|
can still access your X server if it doesn't use
|
|
|
|
XAUTHORITY and listens to the abstract socket. This
|
|
|
|
can be solved by enabling XAUTHORITY, disabling the
|
|
|
|
abstract socket or by disabling network access.
|
|
|
|
|
|
|
|
HOME_DIR Sets the home directory to a custom location.
|
|
|
|
For example: HOME_DIR=\"$HOME/custom_home\"
|
|
|
|
Note: If this variable is set the home directory
|
|
|
|
inside the container will still appear as $HOME,
|
|
|
|
even though the custom directory is used.
|
|
|
|
|
|
|
|
QUIET_MODE Disables all non-error Conty messages.
|
|
|
|
Doesn't affect the output of applications.
|
|
|
|
|
|
|
|
SANDBOX Enables a sandbox.
|
|
|
|
To control which files and directories are available
|
|
|
|
inside the container, you can use the --bind and
|
|
|
|
--ro-bind launch arguments.
|
|
|
|
(See bubblewrap help for more info).
|
|
|
|
|
|
|
|
SANDBOX_LEVEL Controls the strictness of the sandbox.
|
|
|
|
Available levels:
|
|
|
|
1: Isolates all user files.
|
|
|
|
2: Additionally disables dbus and hides all
|
|
|
|
running processes.
|
|
|
|
3: Additionally disables network access and
|
|
|
|
isolates X11 server with Xephyr.
|
|
|
|
The default is 1.
|
|
|
|
|
|
|
|
USE_SYS_UTILS Tells the script to use squashfuse/dwarfs and bwrap
|
|
|
|
installed on the system instead of the builtin ones.
|
|
|
|
|
|
|
|
XEPHYR_SIZE Sets the size of the Xephyr window. The default is
|
|
|
|
800x600.
|
|
|
|
|
|
|
|
Additional notes:
|
|
|
|
System directories/files will not be available inside the container if
|
|
|
|
you set the SANDBOX variable but don't bind (mount) any items or set
|
|
|
|
HOME_DIR. A fake temporary home directory will be used instead.
|
|
|
|
|
|
|
|
If the executed script is a symlink with a different name, said name
|
|
|
|
will be used as the command name.
|
|
|
|
For instance, if the script is a symlink with the name \"wine\" it will
|
|
|
|
automatically run wine during launch.
|
|
|
|
|
|
|
|
Besides updating all packages, you can also install and remove packages
|
|
|
|
using the same -u (or -U) argument. To install packages add them as
|
|
|
|
additional arguments, to remove add a minus sign (-) before their names.
|
|
|
|
To install: ${script_name} -u pkgname1 pkgname2 pkgname3 ...
|
|
|
|
To remove: ${script_name} -u -pkgname1 -pkgname2 -pkgname3 ...
|
|
|
|
In this case Conty will update all packages and additionally install
|
|
|
|
and/or remove specified packages.
|
|
|
|
|
|
|
|
If you are using an Nvidia GPU, please read the following:
|
|
|
|
https://github.com/Kron4ek/Conty#known-issues
|
|
|
|
"
|
|
|
|
|
2021-10-27 21:52:32 +02:00
|
|
|
# MD5 of the last 1 MB of the file
|
2021-04-02 20:24:21 +02:00
|
|
|
script_md5="$(tail -c 1000000 "${script}" | md5sum | head -c 7)"
|
|
|
|
|
|
|
|
script_id="${RANDOM}"
|
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
# Working directory where the utils will be extracted
|
2021-08-06 14:10:31 +02:00
|
|
|
# And where the image will be mounted
|
2021-06-08 16:13:49 +02:00
|
|
|
# The default path is /tmp/scriptname_username_scriptmd5
|
|
|
|
# And if /tmp is mounted with noexec, the default path
|
|
|
|
# is ~/.local/share/Conty/scriptname_username_scriptmd5
|
|
|
|
conty_dir_name="$(basename "${script}")"_"${USER}"_"${script_md5}"
|
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
if [ -z "${BASE_DIR}" ]; then
|
2021-06-08 16:13:49 +02:00
|
|
|
export working_dir=/tmp/"${conty_dir_name}"
|
2021-05-19 10:39:01 +02:00
|
|
|
else
|
2021-06-08 16:13:49 +02:00
|
|
|
export working_dir="${BASE_DIR}"/"${conty_dir_name}"
|
2021-05-19 10:39:01 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
mount_point="${working_dir}"/mnt
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Offset where the image is stored
|
2023-02-16 17:27:40 +01:00
|
|
|
offset=$((script_size+utils_size))
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2022-06-16 18:16:51 +02:00
|
|
|
# Detect if the image is compressed with DwarFS or SquashFS
|
|
|
|
if [ "$(tail -c +$((offset+1)) "${script}" | head -c 6)" = "DWARFS" ]; then
|
|
|
|
dwarfs_image=1
|
|
|
|
fi
|
2021-08-06 14:10:31 +02:00
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="128M"
|
|
|
|
dwarfs_num_workers="2"
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# These arguments are used to rebuild the image when using the self-update function
|
2023-02-15 20:57:05 +01:00
|
|
|
squashfs_comp_arguments=(-b 1M -comp zstd -Xcompression-level 19)
|
|
|
|
dwarfs_comp_arguments=(-l7 -C zstd:level=19 --metadata-compression null \
|
2022-11-24 09:01:34 +01:00
|
|
|
-S 22 -B 2 --order nilsimsa:255:60000:60000 \
|
2023-02-15 20:57:05 +01:00
|
|
|
--bloom-filter-size 11 -W 15 -w 3 --no-create-timestamp)
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
unset script_is_symlink
|
|
|
|
if [ -L "${script_literal}" ]; then
|
|
|
|
script_is_symlink=1
|
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ -z "${script_is_symlink}" ]; then
|
2023-02-16 17:27:40 +01:00
|
|
|
if [ "$1" = "-h" ] || [ -z "$1" ]; then
|
|
|
|
echo "${msg_help}"
|
2022-08-27 19:40:51 +02:00
|
|
|
exit
|
|
|
|
elif [ "$1" = "-v" ]; then
|
|
|
|
echo "${script_version}"
|
|
|
|
exit
|
|
|
|
elif [ "$1" = "-o" ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
echo "${offset}"
|
2022-08-27 19:40:51 +02:00
|
|
|
exit
|
|
|
|
fi
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg () {
|
|
|
|
if [ "${QUIET_MODE}" != 1 ]; then
|
|
|
|
echo "$@"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
exec_test () {
|
|
|
|
mkdir -p "${working_dir}"
|
|
|
|
|
|
|
|
exec_test_file="${working_dir}"/exec_test
|
|
|
|
|
|
|
|
rm -f "${exec_test_file}"
|
|
|
|
touch "${exec_test_file}"
|
|
|
|
chmod +x "${exec_test_file}"
|
|
|
|
|
2021-06-22 10:51:01 +02:00
|
|
|
[ -x "${exec_test_file}" ]
|
2021-06-08 18:45:57 +02:00
|
|
|
}
|
|
|
|
|
2021-06-09 20:46:31 +02:00
|
|
|
launch_wrapper () {
|
2022-06-18 10:47:06 +02:00
|
|
|
if [ "${USE_SYS_UTILS}" = 1 ]; then
|
2021-06-09 20:46:31 +02:00
|
|
|
"$@"
|
|
|
|
else
|
|
|
|
"${working_dir}"/utils/ld-linux-x86-64.so.2 --library-path "${working_dir}"/utils "$@"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2022-06-18 10:47:06 +02:00
|
|
|
# Check if FUSE is installed
|
|
|
|
if ! command -v fusermount3 1>/dev/null && ! command -v fusermount 1>/dev/null; then
|
|
|
|
echo "Please install fuse2 or fuse3 and run the script again."
|
|
|
|
exit 1
|
2021-08-10 20:57:36 +02:00
|
|
|
fi
|
|
|
|
|
2022-06-18 10:47:06 +02:00
|
|
|
if command -v fusermount3 1>/dev/null; then
|
|
|
|
fuse_version=3
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
# Set the dwarfs block cache size depending on how much RAM is available
|
2021-08-07 20:20:15 +02:00
|
|
|
# Also set the number of workers depending on the number of CPU cores
|
2021-08-06 21:31:49 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
if getconf _PHYS_PAGES &>/dev/null && getconf PAGE_SIZE &>/dev/null; then
|
|
|
|
memory_size="$(($(getconf _PHYS_PAGES) * $(getconf PAGE_SIZE) / (1024 * 1024)))"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
if [ "${memory_size}" -ge 23000 ]; then
|
|
|
|
dwarfs_cache_size="1024M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 15000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="512M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 7000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="256M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 3000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="128M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 1500 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="64M"
|
2022-09-11 14:49:13 +02:00
|
|
|
else
|
|
|
|
dwarfs_cache_size="32M"
|
2021-08-06 21:31:49 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if getconf _NPROCESSORS_ONLN &>/dev/null; then
|
|
|
|
dwarfs_num_workers="$(getconf _NPROCESSORS_ONLN)"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-09-11 14:49:13 +02:00
|
|
|
if [ "${dwarfs_num_workers}" -ge 8 ]; then
|
|
|
|
dwarfs_num_workers=8
|
2021-08-07 20:20:15 +02:00
|
|
|
fi
|
2021-08-06 21:31:49 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Extract utils.tar.gz
|
2021-06-08 18:45:57 +02:00
|
|
|
mkdir -p "${working_dir}"
|
|
|
|
|
|
|
|
if [ "${USE_SYS_UTILS}" != 1 ]; then
|
|
|
|
# Check if filesystem of the working_dir is mounted without noexec
|
|
|
|
if ! exec_test; then
|
|
|
|
if [ -z "${BASE_DIR}" ]; then
|
|
|
|
export working_dir="${HOME}"/.local/share/Conty/"${conty_dir_name}"
|
|
|
|
mount_point="${working_dir}"/mnt
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! exec_test; then
|
|
|
|
echo "Seems like /tmp is mounted with noexec or you don't have write access!"
|
|
|
|
echo "Please remount it without noexec or set BASE_DIR to a different location."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
|
|
|
if ! command -v tar 1>/dev/null || ! command -v gzip 1>/dev/null; then
|
|
|
|
echo "Please install tar and gzip and run the script again."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
mount_tool="${working_dir}"/utils/dwarfs"${fuse_version}"
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool="${working_dir}"/utils/dwarfsextract
|
2021-08-06 14:10:31 +02:00
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
mount_tool="${working_dir}"/utils/squashfuse"${fuse_version}"
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool="${working_dir}"/utils/unsquashfs
|
2021-08-06 14:10:31 +02:00
|
|
|
fi
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
bwrap="${working_dir}"/utils/bwrap
|
|
|
|
|
|
|
|
if [ ! -f "${mount_tool}" ] || [ ! -f "${bwrap}" ]; then
|
2023-02-16 17:27:40 +01:00
|
|
|
tail -c +$((script_size+1)) "${script}" | head -c "${utils_size}" | tar -C "${working_dir}" -zxf -
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
if [ ! -f "${mount_tool}" ] || [ ! -f "${bwrap}" ]; then
|
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "The integrated utils were not extracted!"
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Perhaps something is wrong with the integrated utils.tar.gz."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
chmod +x "${mount_tool}"
|
|
|
|
chmod +x "${bwrap}"
|
2022-06-21 14:36:31 +02:00
|
|
|
chmod +x "${extraction_tool}" 2>/dev/null
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
else
|
|
|
|
if ! command -v bwrap 1>/dev/null; then
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but bubblewrap is not installed!"
|
2021-06-08 18:45:57 +02:00
|
|
|
echo "Please install it and run the script again."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
bwrap=bwrap
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
2021-08-10 20:57:36 +02:00
|
|
|
if ! command -v dwarfs 1>/dev/null && ! command -v dwarfs2 1>/dev/null; then
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but dwarfs is not installed!"
|
|
|
|
echo "Please install it and run the script again."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
|
|
|
if command -v dwarfs2 1>/dev/null; then
|
|
|
|
mount_tool=dwarfs2
|
|
|
|
else
|
|
|
|
mount_tool=dwarfs
|
|
|
|
fi
|
2022-06-21 14:36:31 +02:00
|
|
|
|
|
|
|
extraction_tool=dwarfsextract
|
2021-08-06 14:10:31 +02:00
|
|
|
else
|
2022-06-18 10:47:06 +02:00
|
|
|
if ! command -v squashfuse 1>/dev/null; then
|
2022-06-21 14:36:31 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but squashfuse is not installed!"
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Please install it and run the script again."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
mount_tool=squashfuse
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool=unsquashfs
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
show_msg "Using system-wide ${mount_tool} and bwrap"
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-e" ] && [ -z "${script_is_symlink}" ]; then
|
2022-06-21 14:36:31 +02:00
|
|
|
if command -v "${extraction_tool}" 1>/dev/null; then
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
echo "Extracting the image..."
|
|
|
|
mkdir "$(basename "${script}")"_files
|
2023-02-15 20:57:05 +01:00
|
|
|
launch_wrapper "${extraction_tool}" -i "${script}" -o "$(basename "${script}")"_files -O "${offset}"
|
2022-06-21 14:36:31 +02:00
|
|
|
echo "Done"
|
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
launch_wrapper "${extraction_tool}" -o "${offset}" -user-xattrs -d "$(basename "${script}")"_files "${script}"
|
2022-06-21 14:36:31 +02:00
|
|
|
fi
|
|
|
|
else
|
|
|
|
echo "Extraction tool not found"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-H" ] && [ -z "${script_is_symlink}" ]; then
|
2022-02-25 20:56:23 +01:00
|
|
|
launch_wrapper "${bwrap}" --help
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
if { [ "$1" = "-u" ] || [ "$1" = "-U" ]; } && [ -z "${script_is_symlink}" ]; then
|
2021-05-04 17:11:51 +02:00
|
|
|
OLD_PWD="${PWD}"
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Check if the current directory is writable
|
2021-05-06 12:41:22 +02:00
|
|
|
# And if it's not, use ~/.local/share/Conty as a working directory
|
|
|
|
if ! touch test_rw 2>/dev/null; then
|
|
|
|
update_temp_dir="${HOME}"/.local/share/Conty/conty_update_temp
|
|
|
|
else
|
|
|
|
update_temp_dir="${OLD_PWD}"/conty_update_temp
|
|
|
|
fi
|
|
|
|
rm -f test_rw
|
2021-05-19 10:07:49 +02:00
|
|
|
|
2021-05-06 12:41:22 +02:00
|
|
|
# Remove conty_update_temp directory if it already exists
|
|
|
|
chmod -R 700 "${update_temp_dir}" 2>/dev/null
|
|
|
|
rm -rf "${update_temp_dir}"
|
|
|
|
|
|
|
|
mkdir -p "${update_temp_dir}"
|
|
|
|
cd "${update_temp_dir}" || exit 1
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2022-06-16 16:53:57 +02:00
|
|
|
if command -v awk 1>/dev/null; then
|
|
|
|
current_file_size="$(stat -c "%s" "${script}")"
|
|
|
|
available_disk_space="$(df -P -B1 "${update_temp_dir}" | awk 'END {print $4}')"
|
|
|
|
required_disk_space="$((current_file_size*7))"
|
|
|
|
|
|
|
|
if [ "${available_disk_space}" -lt "${required_disk_space}" ]; then
|
|
|
|
echo "Not enough free disk space"
|
|
|
|
echo "You need at least $((required_disk_space/1024/1024)) MB of free space"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2023-02-16 17:27:40 +01:00
|
|
|
tail -c +$((script_size+1)) "${script}" | head -c "${utils_size}" | tar -C "${update_temp_dir}" -zxf -
|
2021-08-10 20:57:36 +02:00
|
|
|
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
chmod +x utils/dwarfsextract 2>/dev/null
|
|
|
|
chmod +x utils/mkdwarfs 2>/dev/null
|
|
|
|
|
|
|
|
if [ ! -x "utils/dwarfsextract" ] || [ ! -x "utils/mkdwarfs" ]; then
|
|
|
|
missing_utils="dwarfsextract and/or mkdwarfs"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
chmod +x utils/unsquashfs 2>/dev/null
|
|
|
|
chmod +x utils/mksquashfs 2>/dev/null
|
|
|
|
|
|
|
|
if [ ! -x "utils/unsquashfs" ] || [ ! -x "utils/mksquashfs" ]; then
|
|
|
|
missing_utils="unsquashfs and/or mksquashfs"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -n "${missing_utils}" ]; then
|
|
|
|
echo "The integrated utils don't contain ${missing_utils}."
|
|
|
|
echo "Or your file system is mounted with noexec."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tools_wrapper () {
|
|
|
|
"${update_temp_dir}"/utils/ld-linux-x86-64.so.2 --library-path "${update_temp_dir}"/utils "$@"
|
|
|
|
}
|
|
|
|
|
2021-05-04 17:11:51 +02:00
|
|
|
# Since Conty is used here to update itself, it's necessary to disable
|
2021-06-08 18:45:57 +02:00
|
|
|
# some environment variables for this to work properly
|
2021-05-04 17:11:51 +02:00
|
|
|
unset DISABLE_NET
|
2021-06-01 19:24:10 +02:00
|
|
|
unset HOME_DIR
|
2021-08-30 15:04:52 +02:00
|
|
|
unset SANDBOX_LEVEL
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
# Enable SANDBOX
|
|
|
|
export SANDBOX=1
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
export QUIET_MODE=1
|
|
|
|
|
|
|
|
# Extract the image
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "Extracting the image"
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
mkdir sqfs
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/dwarfsextract \
|
2023-02-15 20:57:05 +01:00
|
|
|
-i "${script}" -o sqfs -O "${offset}" --cache-size "${dwarfs_cache_size}" \
|
2021-08-10 20:57:36 +02:00
|
|
|
--num-workers "${dwarfs_num_workers}"
|
|
|
|
else
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/unsquashfs \
|
2023-02-15 20:57:05 +01:00
|
|
|
-o "${offset}" -user-xattrs -d sqfs "${script}"
|
2021-08-10 20:57:36 +02:00
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Download or extract the utils.tar.gz and the init script depending
|
2021-05-04 17:11:51 +02:00
|
|
|
# on what command line argument is used (-u or -U)
|
|
|
|
clear
|
2023-02-16 11:48:21 +01:00
|
|
|
if [ "$1" = "-U" ] && command -v curl 1>/dev/null; then
|
2021-08-11 11:43:12 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
utils="utils_dwarfs.tar.gz"
|
|
|
|
else
|
|
|
|
utils="utils.tar.gz"
|
|
|
|
fi
|
|
|
|
|
2021-05-04 17:11:51 +02:00
|
|
|
echo "Downloading the init script and the utils"
|
2023-02-16 11:48:21 +01:00
|
|
|
curl -#LO "https://github.com/Kron4ek/Conty/raw/master/conty-start.sh"
|
|
|
|
curl -#Lo utils.tar.gz "https://github.com/Kron4ek/Conty/raw/master/${utils}"
|
2021-05-06 21:26:31 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ ! -s conty-start.sh ] || [ ! -s utils.tar.gz ]; then
|
2021-05-04 17:11:51 +02:00
|
|
|
echo "Extracting the init script and the integrated utils"
|
2023-02-16 17:27:40 +01:00
|
|
|
tail -c +$((script_size+1)) "${script}" | head -c "${utils_size}" > utils.tar.gz
|
|
|
|
head -c "${script_size}" "${script}" > conty-start.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
fi
|
|
|
|
|
2021-05-07 17:17:57 +02:00
|
|
|
# Check if there are additional arguments passed
|
|
|
|
shift
|
|
|
|
if [ -n "$1" ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
packagelist=("$@")
|
2021-05-22 11:33:44 +02:00
|
|
|
|
|
|
|
# Check which packages to install and which ones to remove
|
2023-02-15 20:57:05 +01:00
|
|
|
for i in "${packagelist[@]}"; do
|
2021-05-22 11:33:44 +02:00
|
|
|
if [ "$(echo "${i}" | head -c 1)" = "-" ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
pkgsremove+=" ${i:1}"
|
2021-05-22 11:33:44 +02:00
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
pkgsinstall+=" ${i}"
|
2021-05-22 11:33:44 +02:00
|
|
|
fi
|
|
|
|
done
|
2023-02-15 20:57:05 +01:00
|
|
|
|
|
|
|
export pkgsremove
|
|
|
|
export pkgsinstall
|
2021-05-07 17:17:57 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Generate a script to perform inside Conty
|
|
|
|
# It updates Arch mirrorlist
|
|
|
|
# Updates keyrings
|
|
|
|
# Updates all installed packages
|
|
|
|
# Installs additional packages (if requested)
|
2021-05-22 11:33:44 +02:00
|
|
|
# Removes packages (if requested)
|
2021-05-07 17:17:57 +02:00
|
|
|
# Clears package cache
|
2021-05-22 11:33:44 +02:00
|
|
|
# Updates SSL CA certificates
|
2021-05-27 16:29:08 +02:00
|
|
|
# Generates locales
|
2021-05-07 17:17:57 +02:00
|
|
|
cat <<EOF > container-update.sh
|
2021-09-15 22:08:09 +02:00
|
|
|
reflector --protocol https --score 5 --sort rate --save /etc/pacman.d/mirrorlist
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman -Syy 2>/dev/null
|
2021-10-27 21:52:32 +02:00
|
|
|
date -u +"%d-%m-%Y %H:%M (DMY UTC)" > /version
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman --noconfirm -S archlinux-keyring 2>/dev/null
|
|
|
|
fakeroot -- pacman --noconfirm -S chaotic-keyring 2>/dev/null
|
2021-05-07 17:17:57 +02:00
|
|
|
rm -rf /etc/pacman.d/gnupg
|
|
|
|
fakeroot -- pacman-key --init
|
2021-06-23 10:23:43 +02:00
|
|
|
echo "keyserver hkps://keyserver.ubuntu.com" >> /etc/pacman.d/gnupg/gpg.conf
|
2021-05-07 17:17:57 +02:00
|
|
|
fakeroot -- pacman-key --populate archlinux
|
|
|
|
fakeroot -- pacman-key --populate chaotic
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman --noconfirm --overwrite "*" -Su 2>/dev/null
|
|
|
|
fakeroot -- pacman --noconfirm -Runs ${pkgsremove} 2>/dev/null
|
2021-05-27 17:01:19 +02:00
|
|
|
fakeroot -- pacman --noconfirm -S ${pkgsinstall} 2>/dev/null
|
2022-09-18 11:01:52 +02:00
|
|
|
ldconfig -C /etc/ld.so.cache
|
2021-05-07 17:17:57 +02:00
|
|
|
rm -f /var/cache/pacman/pkg/*
|
2021-10-27 21:52:32 +02:00
|
|
|
pacman -Qn > /pkglist.x86_64.txt
|
|
|
|
pacman -Qm >> /pkglist.x86_64.txt
|
2021-05-07 17:17:57 +02:00
|
|
|
update-ca-trust
|
2021-05-27 16:29:08 +02:00
|
|
|
locale-gen
|
2021-05-07 17:17:57 +02:00
|
|
|
EOF
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-06-01 19:24:10 +02:00
|
|
|
rm -f sqfs/etc/resolv.conf
|
|
|
|
cp /etc/resolv.conf sqfs/etc/resolv.conf
|
|
|
|
mkdir -p sqfs/run/shm
|
2021-05-06 21:26:31 +02:00
|
|
|
|
2021-05-07 17:17:57 +02:00
|
|
|
# Execute the previously generated script
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-05-07 17:17:57 +02:00
|
|
|
echo "Updating and installing packages"
|
2021-06-01 19:24:10 +02:00
|
|
|
bash "${script}" --bind sqfs / --ro-bind /sys /sys --dev-bind /dev /dev \
|
|
|
|
--proc /proc --bind "${update_temp_dir}" "${update_temp_dir}" \
|
|
|
|
bash container-update.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Create an image
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "Creating an image"
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/mkdwarfs \
|
2023-02-15 20:57:05 +01:00
|
|
|
-i sqfs -o image "${dwarfs_comp_arguments[@]}"
|
2021-08-10 20:57:36 +02:00
|
|
|
else
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/mksquashfs \
|
2023-02-15 20:57:05 +01:00
|
|
|
sqfs image "${squashfs_comp_arguments[@]}"
|
2021-08-10 20:57:36 +02:00
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
|
|
|
# Combine into a single executable
|
|
|
|
clear
|
|
|
|
echo "Combining everything into a single executable"
|
2021-08-06 14:10:31 +02:00
|
|
|
cat conty-start.sh utils.tar.gz image > conty_updated.sh
|
2021-05-06 12:41:22 +02:00
|
|
|
chmod +x conty_updated.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
mv -f "${script}" "${script}".old."${script_md5}" 2>/dev/null
|
|
|
|
mv -f conty_updated.sh "${script}" 2>/dev/null || move_failed=1
|
|
|
|
|
|
|
|
if [ "${move_failed}" = 1 ]; then
|
|
|
|
mv -f conty_updated.sh "${OLD_PWD}" 2>/dev/null || \
|
|
|
|
mv -f conty_updated.sh "${HOME}" 2>/dev/null
|
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-05-06 12:41:22 +02:00
|
|
|
chmod -R 700 sqfs 2>/dev/null
|
|
|
|
rm -rf "${update_temp_dir}"
|
2021-05-04 17:11:51 +02:00
|
|
|
|
|
|
|
clear
|
|
|
|
echo "Conty has been updated!"
|
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
if [ "${move_failed}" = 1 ]; then
|
|
|
|
echo
|
|
|
|
echo "Replacing ${script} with the new one failed!"
|
|
|
|
echo
|
|
|
|
echo "You can find conty_updated.sh in the current working"
|
|
|
|
echo "directory or in your HOME."
|
2021-03-28 14:37:46 +02:00
|
|
|
fi
|
2021-03-29 15:33:43 +02:00
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
exit
|
2021-03-28 14:37:46 +02:00
|
|
|
fi
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
run_bwrap () {
|
2021-08-30 15:04:52 +02:00
|
|
|
unset sandbox_params
|
|
|
|
unset unshare_net
|
|
|
|
unset custom_home
|
2022-08-27 12:33:40 +02:00
|
|
|
unset non_standard_home
|
2022-08-27 16:12:29 +02:00
|
|
|
unset xsockets
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2021-10-02 15:02:48 +02:00
|
|
|
if [ -n "${WAYLAND_DISPLAY}" ]; then
|
|
|
|
wayland_socket="${WAYLAND_DISPLAY}"
|
|
|
|
else
|
|
|
|
wayland_socket="wayland-0"
|
|
|
|
fi
|
|
|
|
|
2021-11-03 12:06:38 +01:00
|
|
|
if [ -z "${XDG_RUNTIME_DIR}" ]; then
|
|
|
|
XDG_RUNTIME_DIR="/run/user/${EUID}"
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:27:06 +02:00
|
|
|
# Handle non-standard HOME locations that are outside of our default
|
|
|
|
# visibility scope
|
2022-08-27 12:33:40 +02:00
|
|
|
if [ -n "${HOME}" ] && [ "$(echo "${HOME}" | head -c 6)" != "/home/" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
HOME_BASE_DIR="$(echo "${HOME}" | cut -d '/' -f2)"
|
|
|
|
|
|
|
|
case "${HOME_BASE_DIR}" in
|
|
|
|
tmp|mnt|opt|media|run|var)
|
|
|
|
;;
|
|
|
|
*)
|
2023-02-15 20:57:05 +01:00
|
|
|
NEW_HOME=/home/"${USER}"
|
|
|
|
non_standard_home+=(--tmpfs /home \
|
|
|
|
--bind "${HOME}" "${NEW_HOME}" \
|
|
|
|
--setenv "HOME" "${NEW_HOME}")
|
2022-08-27 19:27:06 +02:00
|
|
|
;;
|
|
|
|
esac
|
2022-08-27 12:33:40 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ "${SANDBOX}" = 1 ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
sandbox_params+=(--tmpfs /home \
|
|
|
|
--tmpfs /opt \
|
|
|
|
--tmpfs /mnt \
|
|
|
|
--tmpfs /media \
|
|
|
|
--tmpfs /var \
|
|
|
|
--tmpfs /run \
|
|
|
|
--symlink /run /var/run \
|
|
|
|
--tmpfs /tmp \
|
|
|
|
--new-session)
|
|
|
|
|
|
|
|
if [ -n "${non_standard_home[*]}" ]; then
|
|
|
|
sandbox_params+=(--dir "${NEW_HOME}")
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
sandbox_params+=(--dir "${HOME}")
|
2022-08-27 19:27:06 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 2 ]; then
|
|
|
|
sandbox_level_msg="(level 2)"
|
2023-02-15 20:57:05 +01:00
|
|
|
sandbox_params+=(--dir "${XDG_RUNTIME_DIR}" \
|
|
|
|
--ro-bind-try "${XDG_RUNTIME_DIR}"/"${wayland_socket}" "${XDG_RUNTIME_DIR}"/"${wayland_socket}" \
|
|
|
|
--ro-bind-try "${XDG_RUNTIME_DIR}"/pulse "${XDG_RUNTIME_DIR}"/pulse \
|
|
|
|
--ro-bind-try "${XDG_RUNTIME_DIR}"/pipewire-0 "${XDG_RUNTIME_DIR}"/pipewire-0 \
|
|
|
|
--unshare-pid \
|
|
|
|
--unshare-user-try \
|
|
|
|
--unsetenv "DBUS_SESSION_BUS_ADDRESS")
|
2021-08-30 15:04:52 +02:00
|
|
|
else
|
|
|
|
sandbox_level_msg="(level 1)"
|
2023-02-15 20:57:05 +01:00
|
|
|
sandbox_params+=(--bind-try "${XDG_RUNTIME_DIR}" "${XDG_RUNTIME_DIR}" \
|
|
|
|
--bind-try /run/dbus /run/dbus)
|
2021-08-30 15:04:52 +02:00
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
|
|
|
sandbox_level_msg="(level 3)"
|
|
|
|
DISABLE_NET=1
|
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
show_msg "Sandbox is enabled ${sandbox_level_msg}"
|
|
|
|
fi
|
2021-03-31 13:59:09 +02:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ "${DISABLE_NET}" = 1 ]; then
|
|
|
|
show_msg "Network is disabled"
|
2021-03-29 15:33:43 +02:00
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
unshare_net=(--unshare-net)
|
2021-03-26 18:03:50 +01:00
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-05-20 11:23:23 +02:00
|
|
|
if [ -n "${HOME_DIR}" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
show_msg "Home directory is set to ${HOME_DIR}"
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
if [ -n "${non_standard_home[*]}" ]; then
|
|
|
|
custom_home+=(--bind "${HOME_DIR}" "${NEW_HOME}")
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
custom_home+=(--bind "${HOME_DIR}" "${HOME}")
|
2022-08-27 19:27:06 +02:00
|
|
|
fi
|
2022-08-27 11:37:48 +02:00
|
|
|
|
|
|
|
[ ! -d "${HOME_DIR}" ] && mkdir -p "${HOME_DIR}"
|
2021-05-20 11:23:23 +02:00
|
|
|
fi
|
|
|
|
|
2022-08-27 16:12:29 +02:00
|
|
|
# Set the XAUTHORITY variable if it's missing
|
2021-05-28 11:22:29 +02:00
|
|
|
if [ -z "${XAUTHORITY}" ]; then
|
|
|
|
XAUTHORITY="${HOME}"/.Xauthority
|
|
|
|
fi
|
|
|
|
|
2022-08-27 16:12:29 +02:00
|
|
|
# Mount X server sockets and XAUTHORITY
|
2023-02-15 20:57:05 +01:00
|
|
|
xsockets+=(--tmpfs /tmp/.X11-unix)
|
2022-08-27 16:12:29 +02:00
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
if [ -n "${non_standard_home[*]}" ] && [ "${XAUTHORITY}" = "${HOME}"/.Xauthority ]; then
|
|
|
|
xsockets+=(--ro-bind-try "${XAUTHORITY}" "${NEW_HOME}"/.Xauthority \
|
|
|
|
--setenv "XAUTHORITY" "${NEW_HOME}"/.Xauthority)
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
2023-02-15 20:57:05 +01:00
|
|
|
xsockets+=(--ro-bind-try "${XAUTHORITY}" "${XAUTHORITY}")
|
2022-08-27 19:27:06 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "${DISABLE_X11}" != 1 ]; then
|
|
|
|
if [ "$(ls /tmp/.X11-unix 2>/dev/null)" ]; then
|
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
xsockets+=(--ro-bind-try /tmp/.X11-unix/X"${xephyr_display}" /tmp/.X11-unix/X"${xephyr_display}" \
|
|
|
|
--setenv "DISPLAY" :"${xephyr_display}")
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
|
|
|
for s in /tmp/.X11-unix/*; do
|
2023-02-15 20:57:05 +01:00
|
|
|
xsockets+=(--bind-try "${s}" "${s}")
|
2022-08-27 19:27:06 +02:00
|
|
|
done
|
|
|
|
fi
|
2022-08-27 16:12:29 +02:00
|
|
|
fi
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
|
|
|
show_msg "Access to X server is disabled"
|
|
|
|
|
2022-08-27 19:58:31 +02:00
|
|
|
# Unset the DISPLAY and XAUTHORITY env variables and mount an
|
|
|
|
# empty file to XAUTHORITY to invalidate it
|
2023-02-15 20:57:05 +01:00
|
|
|
xsockets+=(--ro-bind-try "${working_dir}"/running_"${script_id}" "${XAUTHORITY}" \
|
|
|
|
--unsetenv "DISPLAY" \
|
|
|
|
--unsetenv "XAUTHORITY")
|
2022-08-27 16:12:29 +02:00
|
|
|
fi
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
launch_wrapper "${bwrap}" \
|
|
|
|
--ro-bind "${mount_point}" / \
|
2021-03-26 18:03:50 +01:00
|
|
|
--dev-bind /dev /dev \
|
|
|
|
--ro-bind /sys /sys \
|
2021-03-31 13:59:09 +02:00
|
|
|
--bind-try /tmp /tmp \
|
|
|
|
--proc /proc \
|
2021-08-30 15:04:52 +02:00
|
|
|
--bind-try /home /home \
|
|
|
|
--bind-try /mnt /mnt \
|
|
|
|
--bind-try /opt /opt \
|
|
|
|
--bind-try /media /media \
|
|
|
|
--bind-try /run /run \
|
|
|
|
--bind-try /var /var \
|
2021-09-12 12:40:14 +02:00
|
|
|
--ro-bind-try /usr/share/steam/compatibilitytools.d /usr/share/steam/compatibilitytools.d \
|
2021-03-26 18:03:50 +01:00
|
|
|
--ro-bind-try /etc/resolv.conf /etc/resolv.conf \
|
|
|
|
--ro-bind-try /etc/hosts /etc/hosts \
|
|
|
|
--ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf \
|
2021-03-29 15:33:43 +02:00
|
|
|
--ro-bind-try /etc/passwd /etc/passwd \
|
|
|
|
--ro-bind-try /etc/group /etc/group \
|
2021-04-06 21:16:29 +02:00
|
|
|
--ro-bind-try /etc/machine-id /etc/machine-id \
|
|
|
|
--ro-bind-try /etc/asound.conf /etc/asound.conf \
|
2021-05-28 11:42:43 +02:00
|
|
|
--ro-bind-try /etc/localtime /etc/localtime \
|
2022-08-27 12:33:40 +02:00
|
|
|
"${non_standard_home[@]}" \
|
2022-08-27 11:29:59 +02:00
|
|
|
"${sandbox_params[@]}" \
|
|
|
|
"${custom_home[@]}" \
|
2022-08-27 16:12:29 +02:00
|
|
|
"${xsockets[@]}" \
|
2023-02-15 20:57:05 +01:00
|
|
|
"${unshare_net[@]}" \
|
2021-04-01 13:13:39 +02:00
|
|
|
--setenv PATH "${CUSTOM_PATH}" \
|
2021-03-26 18:03:50 +01:00
|
|
|
"$@"
|
|
|
|
}
|
|
|
|
|
2021-03-29 21:41:06 +02:00
|
|
|
trap_exit () {
|
2021-04-02 20:24:21 +02:00
|
|
|
rm -f "${working_dir}"/running_"${script_id}"
|
|
|
|
|
|
|
|
if [ ! "$(ls "${working_dir}"/running_* 2>/dev/null)" ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
fusermount"${fuse_version}" -uz "${mount_point}" 2>/dev/null || \
|
2022-06-18 10:47:06 +02:00
|
|
|
umount --lazy "${mount_point}" 2>/dev/null
|
2021-04-02 20:24:21 +02:00
|
|
|
|
2022-02-20 17:40:31 +01:00
|
|
|
if [ ! "$(ls "${mount_point}" 2>/dev/null)" ]; then
|
|
|
|
rm -rf "${working_dir}"
|
|
|
|
fi
|
2021-04-02 20:24:21 +02:00
|
|
|
fi
|
|
|
|
|
2021-03-29 21:41:06 +02:00
|
|
|
exit
|
|
|
|
}
|
|
|
|
|
|
|
|
trap 'trap_exit' EXIT
|
|
|
|
|
2021-08-09 14:50:01 +02:00
|
|
|
if [ "$(ls "${working_dir}"/running_* 2>/dev/null)" ] && [ ! "$(ls "${mount_point}" 2>/dev/null)" ]; then
|
|
|
|
rm -f "${working_dir}"/running_*
|
|
|
|
fi
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Mount the image
|
2021-05-19 10:39:01 +02:00
|
|
|
mkdir -p "${mount_point}"
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
if [ "$(ls "${mount_point}" 2>/dev/null)" ] || \
|
2021-08-06 14:10:31 +02:00
|
|
|
( [ "${dwarfs_image}" != 1 ] && launch_wrapper "${mount_tool}" -o offset="${offset}",ro "${script}" "${mount_point}" ) || \
|
2021-08-06 21:31:49 +02:00
|
|
|
launch_wrapper "${mount_tool}" "${script}" "${mount_point}" -o offset="${offset}" -o debuglevel=error -o workers="${dwarfs_num_workers}" \
|
|
|
|
-o mlock=try -o no_cache_image -o cache_files -o cachesize="${dwarfs_cache_size}"; then
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-m" ] && [ -z "${script_is_symlink}" ]; then
|
2021-08-09 14:50:01 +02:00
|
|
|
if [ ! -f "${working_dir}"/running_mount ]; then
|
|
|
|
echo 1 > "${working_dir}"/running_mount
|
|
|
|
echo "The image has been mounted to ${mount_point}"
|
|
|
|
else
|
|
|
|
rm -f "${working_dir}"/running_mount
|
|
|
|
echo "The image has been unmounted"
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-09 14:50:01 +02:00
|
|
|
exit
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-V" ] && [ -z "${script_is_symlink}" ]; then
|
2021-10-27 21:52:32 +02:00
|
|
|
if [ -f "${mount_point}"/version ]; then
|
|
|
|
cat "${mount_point}"/version
|
|
|
|
else
|
|
|
|
echo "Unknown version"
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2021-04-02 20:24:21 +02:00
|
|
|
echo 1 > "${working_dir}"/running_"${script_id}"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg "Running Conty"
|
2021-03-28 13:35:24 +02:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
export CUSTOM_PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/lib/jvm/default/bin:/usr/local/bin:/usr/local/sbin:${PATH}"
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-l" ] && [ -z "${script_is_symlink}" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
run_bwrap --ro-bind "${mount_point}"/var /var pacman -Q
|
2021-09-22 13:15:48 +02:00
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
# If SANDBOX_LEVEL is 3, run Xephyr and openbox before running applications
|
|
|
|
if [ "${SANDBOX}" = 1 ] && [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
|
|
|
if [ -f "${mount_point}"/usr/bin/Xephyr ]; then
|
|
|
|
if [ -z "${XEPHYR_SIZE}" ]; then
|
|
|
|
XEPHYR_SIZE="800x600"
|
|
|
|
fi
|
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
xephyr_display="$((script_id+2))"
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2023-02-15 20:57:05 +01:00
|
|
|
if [ -S /tmp/.X11-unix/X"${xephyr_display}" ]; then
|
|
|
|
xephyr_display="$((script_id+10))"
|
2021-09-05 14:15:31 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
QUIET_MODE=1 DISABLE_NET=1 SANDBOX_LEVEL=2 run_bwrap \
|
2022-08-27 16:12:29 +02:00
|
|
|
--bind-try /tmp/.X11-unix /tmp/.X11-unix \
|
2023-02-15 20:57:05 +01:00
|
|
|
Xephyr -noreset -ac -br -screen "${XEPHYR_SIZE}" :"${xephyr_display}" &>/dev/null & sleep 1
|
2021-08-30 15:04:52 +02:00
|
|
|
xephyr_pid=$!
|
|
|
|
|
|
|
|
QUIET_MODE=1 run_bwrap openbox & sleep 1
|
|
|
|
else
|
|
|
|
echo "SANDBOX_LEVEL is set to 3, but Xephyr is not present inside the container."
|
|
|
|
echo "Xephyr is required for this SANDBOX_LEVEL."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ -n "${script_is_symlink}" ] && [ -f "${mount_point}"/usr/bin/"${script_name}" ]; then
|
2021-04-01 13:13:39 +02:00
|
|
|
export CUSTOM_PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/lib/jvm/default/bin"
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg "Autostarting ${script_name}"
|
2021-05-20 11:35:14 +02:00
|
|
|
run_bwrap "${script_name}" "$@"
|
2021-03-28 13:35:24 +02:00
|
|
|
else
|
2021-05-20 11:35:14 +02:00
|
|
|
run_bwrap "$@"
|
2021-03-28 13:35:24 +02:00
|
|
|
fi
|
2021-08-30 15:04:52 +02:00
|
|
|
|
|
|
|
if [ -n "${xephyr_pid}" ]; then
|
2023-02-15 20:57:05 +01:00
|
|
|
wait "${xephyr_pid}"
|
2021-08-30 15:04:52 +02:00
|
|
|
fi
|
2021-03-26 18:03:50 +01:00
|
|
|
else
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Mounting the image failed!"
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|