2021-03-26 18:03:50 +01:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
## Dependencies: bash gzip fuse2 (or fuse3) tar coreutils
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
# Prevent launching as root
|
2021-05-28 11:42:43 +02:00
|
|
|
if [ $EUID = 0 ] && [ -z "$ALLOW_ROOT" ]; then
|
|
|
|
echo "Do not run this script as root!"
|
|
|
|
echo
|
|
|
|
echo "If you really need to run it as root and you know what you are doing,"
|
2022-06-16 16:53:57 +02:00
|
|
|
echo "set the ALLOW_ROOT environment variable."
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-05-28 11:42:43 +02:00
|
|
|
exit 1
|
2021-03-26 18:03:50 +01:00
|
|
|
fi
|
|
|
|
|
2022-09-11 14:49:13 +02:00
|
|
|
script_version="1.21.1"
|
2021-05-25 15:31:21 +02:00
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
# Full path to the script
|
2021-03-28 13:35:24 +02:00
|
|
|
script_literal="${BASH_SOURCE[0]}"
|
|
|
|
script_name="$(basename "${script_literal}")"
|
|
|
|
script="$(readlink -f "${script_literal}")"
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-10-27 21:52:32 +02:00
|
|
|
# MD5 of the last 1 MB of the file
|
2021-04-02 20:24:21 +02:00
|
|
|
script_md5="$(tail -c 1000000 "${script}" | md5sum | head -c 7)"
|
|
|
|
|
|
|
|
script_id="${RANDOM}"
|
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
# Working directory where the utils will be extracted
|
2021-08-06 14:10:31 +02:00
|
|
|
# And where the image will be mounted
|
2021-06-08 16:13:49 +02:00
|
|
|
# The default path is /tmp/scriptname_username_scriptmd5
|
|
|
|
# And if /tmp is mounted with noexec, the default path
|
|
|
|
# is ~/.local/share/Conty/scriptname_username_scriptmd5
|
|
|
|
conty_dir_name="$(basename "${script}")"_"${USER}"_"${script_md5}"
|
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
if [ -z "${BASE_DIR}" ]; then
|
2021-06-08 16:13:49 +02:00
|
|
|
export working_dir=/tmp/"${conty_dir_name}"
|
2021-05-19 10:39:01 +02:00
|
|
|
else
|
2021-06-08 16:13:49 +02:00
|
|
|
export working_dir="${BASE_DIR}"/"${conty_dir_name}"
|
2021-05-19 10:39:01 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
mount_point="${working_dir}"/mnt
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2022-06-16 18:16:51 +02:00
|
|
|
# It is important to set correct sizes below, otherwise there will be
|
2021-08-06 14:10:31 +02:00
|
|
|
# a problem with mounting the image due to an incorrectly calculated offset.
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
# The size of this script
|
2022-09-11 14:49:13 +02:00
|
|
|
scriptsize=26209
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-10-27 21:52:32 +02:00
|
|
|
# The size of the utils archive
|
2022-08-26 16:51:12 +02:00
|
|
|
utilssize=2542302
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Offset where the image is stored
|
2021-03-26 18:03:50 +01:00
|
|
|
offset=$((scriptsize+utilssize))
|
|
|
|
|
2022-06-16 18:16:51 +02:00
|
|
|
# Detect if the image is compressed with DwarFS or SquashFS
|
|
|
|
if [ "$(tail -c +$((offset+1)) "${script}" | head -c 6)" = "DWARFS" ]; then
|
|
|
|
dwarfs_image=1
|
|
|
|
fi
|
2021-08-06 14:10:31 +02:00
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="128M"
|
|
|
|
dwarfs_num_workers="2"
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# These arguments are used to rebuild the image when using the self-update function
|
2022-06-16 16:57:59 +02:00
|
|
|
squashfs_comp_arguments="-b 1M -comp zstd -Xcompression-level 19"
|
2021-08-10 20:57:36 +02:00
|
|
|
dwarfs_comp_arguments="-l7 -C zstd:level=19 --metadata-compression null \
|
2021-11-08 12:18:46 +01:00
|
|
|
-S 22 -B 2 --order nilsimsa:255:40000:40000 \
|
|
|
|
--bloom-filter-size 11 -W 15 -w 3"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
unset script_is_symlink
|
|
|
|
if [ -L "${script_literal}" ]; then
|
|
|
|
script_is_symlink=1
|
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ -z "${script_is_symlink}" ]; then
|
|
|
|
if [ "$1" = "--help" ] || [ "$1" = "-h" ] || [ -z "$1" ]; then
|
|
|
|
echo "Usage: ./conty.sh command command_arguments"
|
|
|
|
echo
|
|
|
|
echo "Arguments:"
|
|
|
|
echo
|
|
|
|
echo -e "-v \tShow version of this script"
|
|
|
|
echo -e "-V \tShow version of the image"
|
|
|
|
echo -e "-e \tExtract the image"
|
|
|
|
echo -e "-o \tShow the image offset"
|
|
|
|
echo -e "-l \tShow a list of all installed packages"
|
|
|
|
echo -e "-m \tMount/unmount the image"
|
|
|
|
echo -e "\tThe image will be mounted if it's not mounted, and unmounted otherwise."
|
|
|
|
echo -e "\tMount point can be changed with the BASE_DIR env variable"
|
|
|
|
echo -e "\t(the default is /tmp)."
|
|
|
|
echo -e "-u \tUpdate all packages inside the container"
|
|
|
|
echo -e "\tThis will update all packages inside the container and will rebuild"
|
|
|
|
echo -e "\tthe image. This may take quite a lot of time, depending"
|
|
|
|
echo -e "\ton your hardware and internet speed. Additional disk space"
|
|
|
|
echo -e "\t(about 6x the size of the current file) is needed during"
|
|
|
|
echo -e "\tthe update process."
|
|
|
|
echo -e "-U \tThe same as -u but will also update the init script (conty-start.sh)"
|
|
|
|
echo -e "\tand the integrated utils. This option may break Conty in some cases,"
|
|
|
|
echo -e "\tuse with caution."
|
|
|
|
echo -e "-H \tShow the bubblewrap help"
|
|
|
|
echo
|
|
|
|
echo "Arguments that don't match any of the above will be passed directly to"
|
|
|
|
echo "bubblewrap. So all bubblewrap arguments are supported as well."
|
|
|
|
echo
|
|
|
|
echo "Environment variables:"
|
|
|
|
echo
|
|
|
|
echo -e "DISABLE_NET \tDisables network access"
|
|
|
|
echo -e "DISABLE_X11 \tDisables access to X server"
|
|
|
|
echo -e "\t\tNote that even with this variable enabled applications can"
|
|
|
|
echo -e "\t\tstill access your X server if it does not use XAUTHORITY and"
|
|
|
|
echo -e "\t\tlistens to abstract socket. This can be solved by enabling"
|
2022-08-27 19:58:31 +02:00
|
|
|
echo -e "\t\tXAUTHORITY or disabling the abstract socket or disabling"
|
|
|
|
echo -e "\t\tnetwork access."
|
2022-08-27 19:40:51 +02:00
|
|
|
echo -e "SANDBOX \tEnables sandbox"
|
|
|
|
echo -e "\t\tTo control which files and directories are available inside"
|
|
|
|
echo -e "\t\tthe container when SANDBOX is enabled, you can use the --bind"
|
|
|
|
echo -e "\t\tand --ro-bind launch arguments (see the bubblewrap help for"
|
|
|
|
echo -e "\t\tmore info)."
|
|
|
|
echo -e "SANDBOX_LEVEL \tControls the strictness of the sandbox"
|
|
|
|
echo -e "\t\tAvailable levels are 1-3. The default is 1."
|
|
|
|
echo -e "\t\tLevel 1 isolates all user files."
|
|
|
|
echo -e "\t\tLevel 2 isolates all user files, disables dbus and hides"
|
|
|
|
echo -e "\t\tall running processes."
|
|
|
|
echo -e "\t\tLevel 3 does the same as the level 2, but additionally"
|
|
|
|
echo -e "\t\tdisables network access and isolates X11 server with Xephyr."
|
|
|
|
echo -e "XEPHYR_SIZE \tSets the size of the Xephyr window. The default is 800x600."
|
|
|
|
echo -e "HOME_DIR \tSets the HOME directory to a custom location."
|
|
|
|
echo -e "\t\tFor example, HOME_DIR=\"/home/username/custom_home\""
|
|
|
|
echo -e "\t\tIf you set this, HOME inside the container will still appear"
|
|
|
|
echo -e "\t\tas /home/username, but actually a custom directory will be"
|
|
|
|
echo -e "\t\tused for it."
|
|
|
|
echo -e "USE_SYS_UTILS \tMakes the script to use squashfuse/dwarfs and bwrap"
|
|
|
|
echo -e "\t\tinstalled on the system instead of the builtin ones."
|
|
|
|
echo -e "BASE_DIR \tSets a custom directory where Conty will extract"
|
|
|
|
echo -e "\t\tits builtin utilities and mount the image."
|
|
|
|
echo -e "\t\tThe default location is /tmp."
|
|
|
|
echo -e "QUIET_MODE \tDisables all non-error Conty messages."
|
|
|
|
echo -e "\t\tDoesn't affect the output of applications."
|
|
|
|
echo
|
|
|
|
echo "Additional notes:"
|
|
|
|
echo
|
|
|
|
echo "If you enable SANDBOX but don't bind (mount) any items or don't set HOME_DIR,"
|
|
|
|
echo "then no system directories/files will be available at all inside the container"
|
|
|
|
echo "and a fake temporary HOME directory will be used."
|
|
|
|
echo
|
|
|
|
echo "If the script is a symlink to itself but with a different name,"
|
|
|
|
echo "then the symlinked script will automatically run a program according"
|
|
|
|
echo "to its name. For instance, if the script is a symlink with the name \"wine\","
|
|
|
|
echo "then it will automatically run wine during launch."
|
|
|
|
echo
|
|
|
|
echo "Besides updating all packages, you can also remove and install packages using"
|
|
|
|
echo "the same -u (or -U) argument. To install packages add them as additional"
|
|
|
|
echo "arguments, and to remove packages add a minus sign (-) before their names."
|
|
|
|
echo "To install: ./conty.sh -u pkgname1 pkgname2 pkgname3"
|
|
|
|
echo "To remove: ./conty.sh -u -pkgname1 -pkgname2 -pkgname3"
|
|
|
|
echo "In this case Conty will update all packages and will additionally"
|
|
|
|
echo "install and/or remove specified packages."
|
|
|
|
echo
|
|
|
|
echo "If you are using an Nvidia GPU, please read the information"
|
|
|
|
echo "here: https://github.com/Kron4ek/Conty#known-issues"
|
|
|
|
exit
|
|
|
|
elif [ "$1" = "-v" ]; then
|
|
|
|
echo "${script_version}"
|
|
|
|
|
|
|
|
exit
|
|
|
|
elif [ "$1" = "-o" ]; then
|
|
|
|
echo ${offset}
|
|
|
|
|
|
|
|
exit
|
|
|
|
fi
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg () {
|
|
|
|
if [ "${QUIET_MODE}" != 1 ]; then
|
|
|
|
echo "$@"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
exec_test () {
|
|
|
|
mkdir -p "${working_dir}"
|
|
|
|
|
|
|
|
exec_test_file="${working_dir}"/exec_test
|
|
|
|
|
|
|
|
rm -f "${exec_test_file}"
|
|
|
|
touch "${exec_test_file}"
|
|
|
|
chmod +x "${exec_test_file}"
|
|
|
|
|
2021-06-22 10:51:01 +02:00
|
|
|
[ -x "${exec_test_file}" ]
|
2021-06-08 18:45:57 +02:00
|
|
|
}
|
|
|
|
|
2021-06-09 20:46:31 +02:00
|
|
|
launch_wrapper () {
|
2022-06-18 10:47:06 +02:00
|
|
|
if [ "${USE_SYS_UTILS}" = 1 ]; then
|
2021-06-09 20:46:31 +02:00
|
|
|
"$@"
|
|
|
|
else
|
|
|
|
"${working_dir}"/utils/ld-linux-x86-64.so.2 --library-path "${working_dir}"/utils "$@"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2022-06-18 10:47:06 +02:00
|
|
|
# Check if FUSE is installed
|
|
|
|
if ! command -v fusermount3 1>/dev/null && ! command -v fusermount 1>/dev/null; then
|
|
|
|
echo "Please install fuse2 or fuse3 and run the script again."
|
|
|
|
exit 1
|
2021-08-10 20:57:36 +02:00
|
|
|
fi
|
|
|
|
|
2022-06-18 10:47:06 +02:00
|
|
|
if command -v fusermount3 1>/dev/null; then
|
|
|
|
fuse_version=3
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
# Set the dwarfs block cache size depending on how much RAM is available
|
2021-08-07 20:20:15 +02:00
|
|
|
# Also set the number of workers depending on the number of CPU cores
|
2021-08-06 21:31:49 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
if getconf _PHYS_PAGES &>/dev/null && getconf PAGE_SIZE &>/dev/null; then
|
|
|
|
memory_size="$(($(getconf _PHYS_PAGES) * $(getconf PAGE_SIZE) / (1024 * 1024)))"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 21:31:49 +02:00
|
|
|
if [ "${memory_size}" -ge 23000 ]; then
|
|
|
|
dwarfs_cache_size="1024M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 15000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="512M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 7000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="256M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 3000 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="128M"
|
2022-09-11 14:49:13 +02:00
|
|
|
elif [ "${memory_size}" -ge 1500 ]; then
|
2021-08-06 21:31:49 +02:00
|
|
|
dwarfs_cache_size="64M"
|
2022-09-11 14:49:13 +02:00
|
|
|
else
|
|
|
|
dwarfs_cache_size="32M"
|
2021-08-06 21:31:49 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if getconf _NPROCESSORS_ONLN &>/dev/null; then
|
|
|
|
dwarfs_num_workers="$(getconf _NPROCESSORS_ONLN)"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-09-11 14:49:13 +02:00
|
|
|
if [ "${dwarfs_num_workers}" -ge 8 ]; then
|
|
|
|
dwarfs_num_workers=8
|
2021-08-07 20:20:15 +02:00
|
|
|
fi
|
2021-08-06 21:31:49 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Extract utils.tar.gz
|
2021-06-08 18:45:57 +02:00
|
|
|
mkdir -p "${working_dir}"
|
|
|
|
|
|
|
|
if [ "${USE_SYS_UTILS}" != 1 ]; then
|
|
|
|
# Check if filesystem of the working_dir is mounted without noexec
|
|
|
|
if ! exec_test; then
|
|
|
|
if [ -z "${BASE_DIR}" ]; then
|
|
|
|
export working_dir="${HOME}"/.local/share/Conty/"${conty_dir_name}"
|
|
|
|
mount_point="${working_dir}"/mnt
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! exec_test; then
|
|
|
|
echo "Seems like /tmp is mounted with noexec or you don't have write access!"
|
|
|
|
echo "Please remount it without noexec or set BASE_DIR to a different location."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
|
|
|
if ! command -v tar 1>/dev/null || ! command -v gzip 1>/dev/null; then
|
|
|
|
echo "Please install tar and gzip and run the script again."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
mount_tool="${working_dir}"/utils/dwarfs${fuse_version}
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool="${working_dir}"/utils/dwarfsextract
|
2021-08-06 14:10:31 +02:00
|
|
|
else
|
|
|
|
mount_tool="${working_dir}"/utils/squashfuse${fuse_version}
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool="${working_dir}"/utils/unsquashfs
|
2021-08-06 14:10:31 +02:00
|
|
|
fi
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
bwrap="${working_dir}"/utils/bwrap
|
|
|
|
|
|
|
|
if [ ! -f "${mount_tool}" ] || [ ! -f "${bwrap}" ]; then
|
2021-08-10 20:57:36 +02:00
|
|
|
tail -c +$((scriptsize+1)) "${script}" | head -c ${utilssize} | tar -C "${working_dir}" -zxf -
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
if [ ! -f "${mount_tool}" ] || [ ! -f "${bwrap}" ]; then
|
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "The integrated utils were not extracted!"
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Perhaps something is wrong with the integrated utils.tar.gz."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
chmod +x "${mount_tool}"
|
|
|
|
chmod +x "${bwrap}"
|
2022-06-21 14:36:31 +02:00
|
|
|
chmod +x "${extraction_tool}" 2>/dev/null
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
else
|
|
|
|
if ! command -v bwrap 1>/dev/null; then
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but bubblewrap is not installed!"
|
2021-06-08 18:45:57 +02:00
|
|
|
echo "Please install it and run the script again."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
bwrap=bwrap
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
2021-08-10 20:57:36 +02:00
|
|
|
if ! command -v dwarfs 1>/dev/null && ! command -v dwarfs2 1>/dev/null; then
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but dwarfs is not installed!"
|
|
|
|
echo "Please install it and run the script again."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
|
|
|
if command -v dwarfs2 1>/dev/null; then
|
|
|
|
mount_tool=dwarfs2
|
|
|
|
else
|
|
|
|
mount_tool=dwarfs
|
|
|
|
fi
|
2022-06-21 14:36:31 +02:00
|
|
|
|
|
|
|
extraction_tool=dwarfsextract
|
2021-08-06 14:10:31 +02:00
|
|
|
else
|
2022-06-18 10:47:06 +02:00
|
|
|
if ! command -v squashfuse 1>/dev/null; then
|
2022-06-21 14:36:31 +02:00
|
|
|
echo "USE_SYS_UTILS is enabled, but squashfuse is not installed!"
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Please install it and run the script again."
|
2021-06-08 18:45:57 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
mount_tool=squashfuse
|
2022-06-21 14:36:31 +02:00
|
|
|
extraction_tool=unsquashfs
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
show_msg "Using system-wide ${mount_tool} and bwrap"
|
2021-06-08 18:45:57 +02:00
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-e" ] && [ -z "${script_is_symlink}" ]; then
|
2022-06-21 14:36:31 +02:00
|
|
|
if command -v "${extraction_tool}" 1>/dev/null; then
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
echo "Extracting the image..."
|
|
|
|
mkdir "$(basename "${script}")"_files
|
|
|
|
launch_wrapper "${extraction_tool}" -i "${script}" -o "$(basename "${script}")"_files -O ${offset}
|
|
|
|
echo "Done"
|
|
|
|
else
|
|
|
|
launch_wrapper "${extraction_tool}" -o ${offset} -user-xattrs -d "$(basename "${script}")"_files "${script}"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
echo "Extraction tool not found"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-H" ] && [ -z "${script_is_symlink}" ]; then
|
2022-02-25 20:56:23 +01:00
|
|
|
launch_wrapper "${bwrap}" --help
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if ([ "$1" = "-u" ] || [ "$1" = "-U" ]) && [ -z "${script_is_symlink}" ]; then
|
2021-05-04 17:11:51 +02:00
|
|
|
OLD_PWD="${PWD}"
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Check if the current directory is writable
|
2021-05-06 12:41:22 +02:00
|
|
|
# And if it's not, use ~/.local/share/Conty as a working directory
|
|
|
|
if ! touch test_rw 2>/dev/null; then
|
|
|
|
update_temp_dir="${HOME}"/.local/share/Conty/conty_update_temp
|
|
|
|
else
|
|
|
|
update_temp_dir="${OLD_PWD}"/conty_update_temp
|
|
|
|
fi
|
|
|
|
rm -f test_rw
|
2021-05-19 10:07:49 +02:00
|
|
|
|
2021-05-06 12:41:22 +02:00
|
|
|
# Remove conty_update_temp directory if it already exists
|
|
|
|
chmod -R 700 "${update_temp_dir}" 2>/dev/null
|
|
|
|
rm -rf "${update_temp_dir}"
|
|
|
|
|
|
|
|
mkdir -p "${update_temp_dir}"
|
|
|
|
cd "${update_temp_dir}" || exit 1
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2022-06-16 16:53:57 +02:00
|
|
|
if command -v awk 1>/dev/null; then
|
|
|
|
current_file_size="$(stat -c "%s" "${script}")"
|
|
|
|
available_disk_space="$(df -P -B1 "${update_temp_dir}" | awk 'END {print $4}')"
|
|
|
|
required_disk_space="$((current_file_size*7))"
|
|
|
|
|
|
|
|
if [ "${available_disk_space}" -lt "${required_disk_space}" ]; then
|
|
|
|
echo "Not enough free disk space"
|
|
|
|
echo "You need at least $((required_disk_space/1024/1024)) MB of free space"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
tail -c +$((scriptsize+1)) "${script}" | head -c ${utilssize} | tar -C "${update_temp_dir}" -zxf -
|
|
|
|
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
chmod +x utils/dwarfsextract 2>/dev/null
|
|
|
|
chmod +x utils/mkdwarfs 2>/dev/null
|
|
|
|
|
|
|
|
if [ ! -x "utils/dwarfsextract" ] || [ ! -x "utils/mkdwarfs" ]; then
|
|
|
|
missing_utils="dwarfsextract and/or mkdwarfs"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
chmod +x utils/unsquashfs 2>/dev/null
|
|
|
|
chmod +x utils/mksquashfs 2>/dev/null
|
|
|
|
|
|
|
|
if [ ! -x "utils/unsquashfs" ] || [ ! -x "utils/mksquashfs" ]; then
|
|
|
|
missing_utils="unsquashfs and/or mksquashfs"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -n "${missing_utils}" ]; then
|
|
|
|
echo "The integrated utils don't contain ${missing_utils}."
|
|
|
|
echo "Or your file system is mounted with noexec."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tools_wrapper () {
|
|
|
|
"${update_temp_dir}"/utils/ld-linux-x86-64.so.2 --library-path "${update_temp_dir}"/utils "$@"
|
|
|
|
}
|
|
|
|
|
2021-05-04 17:11:51 +02:00
|
|
|
# Since Conty is used here to update itself, it's necessary to disable
|
2021-06-08 18:45:57 +02:00
|
|
|
# some environment variables for this to work properly
|
2021-05-04 17:11:51 +02:00
|
|
|
unset DISABLE_NET
|
2021-06-01 19:24:10 +02:00
|
|
|
unset HOME_DIR
|
2021-08-30 15:04:52 +02:00
|
|
|
unset SANDBOX_LEVEL
|
2021-06-08 18:45:57 +02:00
|
|
|
|
|
|
|
# Enable SANDBOX
|
|
|
|
export SANDBOX=1
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
export QUIET_MODE=1
|
|
|
|
|
|
|
|
# Extract the image
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "Extracting the image"
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
mkdir sqfs
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/dwarfsextract \
|
|
|
|
-i "${script}" -o sqfs -O ${offset} --cache-size "${dwarfs_cache_size}" \
|
|
|
|
--num-workers "${dwarfs_num_workers}"
|
|
|
|
else
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/unsquashfs \
|
|
|
|
-o ${offset} -user-xattrs -d sqfs "${script}"
|
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
# Download or extract the utils.tar.gz and the init script depending
|
2021-05-04 17:11:51 +02:00
|
|
|
# on what command line argument is used (-u or -U)
|
|
|
|
clear
|
|
|
|
if [ "$1" = "-U" ] && command -v wget 1>/dev/null; then
|
2021-08-11 11:43:12 +02:00
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
utils="utils_dwarfs.tar.gz"
|
|
|
|
else
|
|
|
|
utils="utils.tar.gz"
|
|
|
|
fi
|
|
|
|
|
2021-05-04 17:11:51 +02:00
|
|
|
echo "Downloading the init script and the utils"
|
|
|
|
wget -q --show-progress "https://github.com/Kron4ek/Conty/raw/master/conty-start.sh"
|
2021-08-11 11:43:12 +02:00
|
|
|
wget -q --show-progress -O utils.tar.gz "https://github.com/Kron4ek/Conty/raw/master/${utils}"
|
2021-05-06 21:26:31 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-06 14:10:31 +02:00
|
|
|
if [ ! -s conty-start.sh ] || [ ! -s utils.tar.gz ]; then
|
2021-05-04 17:11:51 +02:00
|
|
|
echo "Extracting the init script and the integrated utils"
|
2021-08-11 11:43:12 +02:00
|
|
|
tail -c +$((scriptsize+1)) "${script}" | head -c ${utilssize} > utils.tar.gz
|
|
|
|
head -c ${scriptsize} "${script}" > conty-start.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
fi
|
|
|
|
|
2021-05-07 17:17:57 +02:00
|
|
|
# Check if there are additional arguments passed
|
|
|
|
shift
|
|
|
|
if [ -n "$1" ]; then
|
2021-05-22 11:33:44 +02:00
|
|
|
packagelist="$@"
|
|
|
|
|
|
|
|
# Check which packages to install and which ones to remove
|
|
|
|
for i in ${packagelist}; do
|
|
|
|
if [ "$(echo "${i}" | head -c 1)" = "-" ]; then
|
|
|
|
export pkgsremove="${pkgsremove} $(echo "${i}" | tail -c +2)"
|
|
|
|
else
|
|
|
|
export pkgsinstall="${pkgsinstall} ${i}"
|
|
|
|
fi
|
|
|
|
done
|
2021-05-07 17:17:57 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Generate a script to perform inside Conty
|
|
|
|
# It updates Arch mirrorlist
|
|
|
|
# Updates keyrings
|
|
|
|
# Updates all installed packages
|
|
|
|
# Installs additional packages (if requested)
|
2021-05-22 11:33:44 +02:00
|
|
|
# Removes packages (if requested)
|
2021-05-07 17:17:57 +02:00
|
|
|
# Clears package cache
|
2021-05-22 11:33:44 +02:00
|
|
|
# Updates SSL CA certificates
|
2021-05-27 16:29:08 +02:00
|
|
|
# Generates locales
|
2021-05-07 17:17:57 +02:00
|
|
|
cat <<EOF > container-update.sh
|
2021-09-15 22:08:09 +02:00
|
|
|
reflector --protocol https --score 5 --sort rate --save /etc/pacman.d/mirrorlist
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman -Syy 2>/dev/null
|
2021-10-27 21:52:32 +02:00
|
|
|
date -u +"%d-%m-%Y %H:%M (DMY UTC)" > /version
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman --noconfirm -S archlinux-keyring 2>/dev/null
|
|
|
|
fakeroot -- pacman --noconfirm -S chaotic-keyring 2>/dev/null
|
2021-05-07 17:17:57 +02:00
|
|
|
rm -rf /etc/pacman.d/gnupg
|
|
|
|
fakeroot -- pacman-key --init
|
2021-06-23 10:23:43 +02:00
|
|
|
echo "keyserver hkps://keyserver.ubuntu.com" >> /etc/pacman.d/gnupg/gpg.conf
|
2021-05-07 17:17:57 +02:00
|
|
|
fakeroot -- pacman-key --populate archlinux
|
|
|
|
fakeroot -- pacman-key --populate chaotic
|
2021-05-27 16:29:08 +02:00
|
|
|
fakeroot -- pacman --noconfirm --overwrite "*" -Su 2>/dev/null
|
|
|
|
fakeroot -- pacman --noconfirm -Runs ${pkgsremove} 2>/dev/null
|
2021-05-27 17:01:19 +02:00
|
|
|
fakeroot -- pacman --noconfirm -S ${pkgsinstall} 2>/dev/null
|
2021-05-07 17:17:57 +02:00
|
|
|
rm -f /var/cache/pacman/pkg/*
|
2021-10-27 21:52:32 +02:00
|
|
|
pacman -Qn > /pkglist.x86_64.txt
|
|
|
|
pacman -Qm >> /pkglist.x86_64.txt
|
2021-05-07 17:17:57 +02:00
|
|
|
update-ca-trust
|
2021-05-27 16:29:08 +02:00
|
|
|
locale-gen
|
2021-05-07 17:17:57 +02:00
|
|
|
EOF
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-06-01 19:24:10 +02:00
|
|
|
rm -f sqfs/etc/resolv.conf
|
|
|
|
cp /etc/resolv.conf sqfs/etc/resolv.conf
|
|
|
|
mkdir -p sqfs/run/shm
|
2021-05-06 21:26:31 +02:00
|
|
|
|
2021-05-07 17:17:57 +02:00
|
|
|
# Execute the previously generated script
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-05-07 17:17:57 +02:00
|
|
|
echo "Updating and installing packages"
|
2021-06-01 19:24:10 +02:00
|
|
|
bash "${script}" --bind sqfs / --ro-bind /sys /sys --dev-bind /dev /dev \
|
|
|
|
--proc /proc --bind "${update_temp_dir}" "${update_temp_dir}" \
|
|
|
|
bash container-update.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Create an image
|
2021-05-04 17:11:51 +02:00
|
|
|
clear
|
2021-08-10 20:57:36 +02:00
|
|
|
echo "Creating an image"
|
|
|
|
if [ "${dwarfs_image}" = 1 ]; then
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/mkdwarfs \
|
|
|
|
-i sqfs -o image ${dwarfs_comp_arguments}
|
|
|
|
else
|
|
|
|
tools_wrapper "${update_temp_dir}"/utils/mksquashfs \
|
|
|
|
sqfs image ${squashfs_comp_arguments}
|
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
|
|
|
# Combine into a single executable
|
|
|
|
clear
|
|
|
|
echo "Combining everything into a single executable"
|
2021-08-06 14:10:31 +02:00
|
|
|
cat conty-start.sh utils.tar.gz image > conty_updated.sh
|
2021-05-06 12:41:22 +02:00
|
|
|
chmod +x conty_updated.sh
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
mv -f "${script}" "${script}".old."${script_md5}" 2>/dev/null
|
|
|
|
mv -f conty_updated.sh "${script}" 2>/dev/null || move_failed=1
|
|
|
|
|
|
|
|
if [ "${move_failed}" = 1 ]; then
|
|
|
|
mv -f conty_updated.sh "${OLD_PWD}" 2>/dev/null || \
|
|
|
|
mv -f conty_updated.sh "${HOME}" 2>/dev/null
|
|
|
|
fi
|
2021-05-04 17:11:51 +02:00
|
|
|
|
2021-05-06 12:41:22 +02:00
|
|
|
chmod -R 700 sqfs 2>/dev/null
|
|
|
|
rm -rf "${update_temp_dir}"
|
2021-05-04 17:11:51 +02:00
|
|
|
|
|
|
|
clear
|
|
|
|
echo "Conty has been updated!"
|
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
if [ "${move_failed}" = 1 ]; then
|
|
|
|
echo
|
|
|
|
echo "Replacing ${script} with the new one failed!"
|
|
|
|
echo
|
|
|
|
echo "You can find conty_updated.sh in the current working"
|
|
|
|
echo "directory or in your HOME."
|
2021-03-28 14:37:46 +02:00
|
|
|
fi
|
2021-03-29 15:33:43 +02:00
|
|
|
|
2021-06-08 18:45:57 +02:00
|
|
|
exit
|
2021-03-28 14:37:46 +02:00
|
|
|
fi
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
run_bwrap () {
|
2021-08-30 15:04:52 +02:00
|
|
|
unset sandbox_params
|
|
|
|
unset unshare_net
|
|
|
|
unset custom_home
|
2022-08-27 12:33:40 +02:00
|
|
|
unset non_standard_home
|
2022-08-27 16:12:29 +02:00
|
|
|
unset xsockets
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2021-10-02 15:02:48 +02:00
|
|
|
if [ -n "${WAYLAND_DISPLAY}" ]; then
|
|
|
|
wayland_socket="${WAYLAND_DISPLAY}"
|
|
|
|
else
|
|
|
|
wayland_socket="wayland-0"
|
|
|
|
fi
|
|
|
|
|
2021-11-03 12:06:38 +01:00
|
|
|
if [ -z "${XDG_RUNTIME_DIR}" ]; then
|
|
|
|
XDG_RUNTIME_DIR="/run/user/${EUID}"
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:27:06 +02:00
|
|
|
# Handle non-standard HOME locations that are outside of our default
|
|
|
|
# visibility scope
|
2022-08-27 12:33:40 +02:00
|
|
|
if [ -n "${HOME}" ] && [ "$(echo "${HOME}" | head -c 6)" != "/home/" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
HOME_BASE_DIR="$(echo "${HOME}" | cut -d '/' -f2)"
|
|
|
|
|
|
|
|
case "${HOME_BASE_DIR}" in
|
|
|
|
tmp|mnt|opt|media|run|var)
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
NEW_HOME="/home/${USER}"
|
|
|
|
non_standard_home+=("--tmpfs" "/home" \
|
|
|
|
"--bind" "${HOME}" "${NEW_HOME}" \
|
|
|
|
"--setenv" "HOME" "${NEW_HOME}")
|
|
|
|
;;
|
|
|
|
esac
|
2022-08-27 12:33:40 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ "${SANDBOX}" = 1 ]; then
|
2022-08-27 11:29:59 +02:00
|
|
|
sandbox_params+=("--tmpfs" "/home" \
|
|
|
|
"--tmpfs" "/opt" \
|
|
|
|
"--tmpfs" "/mnt" \
|
|
|
|
"--tmpfs" "/media" \
|
|
|
|
"--tmpfs" "/var" \
|
|
|
|
"--tmpfs" "/run" \
|
|
|
|
"--symlink" "/run" "/var/run" \
|
|
|
|
"--tmpfs" "/tmp" \
|
|
|
|
"--new-session")
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2022-08-27 19:27:06 +02:00
|
|
|
if [ -n "${non_standard_home}" ]; then
|
|
|
|
sandbox_params+=("--dir" "${NEW_HOME}")
|
|
|
|
else
|
|
|
|
sandbox_params+=("--dir" "${HOME}")
|
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 2 ]; then
|
|
|
|
sandbox_level_msg="(level 2)"
|
2022-08-27 11:29:59 +02:00
|
|
|
sandbox_params+=("--dir" "${XDG_RUNTIME_DIR}" \
|
2022-08-27 19:27:06 +02:00
|
|
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/${wayland_socket} "${XDG_RUNTIME_DIR}"/${wayland_socket} \
|
2022-08-27 11:29:59 +02:00
|
|
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/pulse "${XDG_RUNTIME_DIR}"/pulse \
|
|
|
|
"--ro-bind-try" "${XDG_RUNTIME_DIR}"/pipewire-0 "${XDG_RUNTIME_DIR}"/pipewire-0 \
|
|
|
|
"--unshare-pid" \
|
|
|
|
"--unshare-user-try" \
|
|
|
|
"--unsetenv" "DBUS_SESSION_BUS_ADDRESS")
|
2021-08-30 15:04:52 +02:00
|
|
|
else
|
|
|
|
sandbox_level_msg="(level 1)"
|
2022-08-27 11:29:59 +02:00
|
|
|
sandbox_params+=("--bind-try" "${XDG_RUNTIME_DIR}" "${XDG_RUNTIME_DIR}" \
|
|
|
|
"--bind-try" "/run/dbus" "/run/dbus")
|
2021-08-30 15:04:52 +02:00
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
|
|
|
sandbox_level_msg="(level 3)"
|
|
|
|
DISABLE_NET=1
|
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
show_msg "Sandbox is enabled ${sandbox_level_msg}"
|
|
|
|
fi
|
2021-03-31 13:59:09 +02:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
if [ "${DISABLE_NET}" = 1 ]; then
|
|
|
|
show_msg "Network is disabled"
|
2021-03-29 15:33:43 +02:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
unshare_net="--unshare-net"
|
2021-03-26 18:03:50 +01:00
|
|
|
fi
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-05-20 11:23:23 +02:00
|
|
|
if [ -n "${HOME_DIR}" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
show_msg "Home directory is set to ${HOME_DIR}"
|
2021-08-30 15:04:52 +02:00
|
|
|
|
2022-08-27 19:27:06 +02:00
|
|
|
if [ -n "${non_standard_home}" ]; then
|
|
|
|
custom_home+=("--bind" "${HOME_DIR}" "${NEW_HOME}")
|
|
|
|
else
|
|
|
|
custom_home+=("--bind" "${HOME_DIR}" "${HOME}")
|
|
|
|
fi
|
2022-08-27 11:37:48 +02:00
|
|
|
|
|
|
|
[ ! -d "${HOME_DIR}" ] && mkdir -p "${HOME_DIR}"
|
2021-05-20 11:23:23 +02:00
|
|
|
fi
|
|
|
|
|
2022-08-27 16:12:29 +02:00
|
|
|
# Set the XAUTHORITY variable if it's missing
|
2021-05-28 11:22:29 +02:00
|
|
|
if [ -z "${XAUTHORITY}" ]; then
|
|
|
|
XAUTHORITY="${HOME}"/.Xauthority
|
|
|
|
fi
|
|
|
|
|
2022-08-27 16:12:29 +02:00
|
|
|
# Mount X server sockets and XAUTHORITY
|
|
|
|
xsockets+=("--tmpfs" "/tmp/.X11-unix")
|
|
|
|
|
2022-08-27 19:27:06 +02:00
|
|
|
if [ -n "${non_standard_home}" ] && [ "${XAUTHORITY}" = "${HOME}"/.Xauthority ]; then
|
|
|
|
xsockets+=("--ro-bind-try" "${XAUTHORITY}" "${NEW_HOME}"/.Xauthority \
|
|
|
|
"--setenv" "XAUTHORITY" "${NEW_HOME}"/.Xauthority)
|
|
|
|
else
|
|
|
|
xsockets+=("--ro-bind-try" "${XAUTHORITY}" "${XAUTHORITY}")
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "${DISABLE_X11}" != 1 ]; then
|
|
|
|
if [ "$(ls /tmp/.X11-unix 2>/dev/null)" ]; then
|
|
|
|
if [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
|
|
|
xsockets+=("--ro-bind-try" "/tmp/.X11-unix/X${xephyr_display}" "/tmp/.X11-unix/X${xephyr_display}" \
|
|
|
|
"--setenv" "DISPLAY" ":${xephyr_display}")
|
|
|
|
else
|
|
|
|
for s in /tmp/.X11-unix/*; do
|
|
|
|
xsockets+=("--bind-try" "${s}" "${s}")
|
|
|
|
done
|
|
|
|
fi
|
2022-08-27 16:12:29 +02:00
|
|
|
fi
|
2022-08-27 19:27:06 +02:00
|
|
|
else
|
|
|
|
show_msg "Access to X server is disabled"
|
|
|
|
|
2022-08-27 19:58:31 +02:00
|
|
|
# Unset the DISPLAY and XAUTHORITY env variables and mount an
|
|
|
|
# empty file to XAUTHORITY to invalidate it
|
2022-08-27 19:27:06 +02:00
|
|
|
xsockets+=("--ro-bind-try" "${working_dir}"/running_"${script_id}" "${XAUTHORITY}" \
|
2022-08-27 19:58:31 +02:00
|
|
|
"--unsetenv" "DISPLAY" \
|
|
|
|
"--unsetenv" "XAUTHORITY")
|
2022-08-27 16:12:29 +02:00
|
|
|
fi
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
launch_wrapper "${bwrap}" \
|
|
|
|
--ro-bind "${mount_point}" / \
|
2021-03-26 18:03:50 +01:00
|
|
|
--dev-bind /dev /dev \
|
|
|
|
--ro-bind /sys /sys \
|
2021-03-31 13:59:09 +02:00
|
|
|
--bind-try /tmp /tmp \
|
|
|
|
--proc /proc \
|
2021-08-30 15:04:52 +02:00
|
|
|
--bind-try /home /home \
|
|
|
|
--bind-try /mnt /mnt \
|
|
|
|
--bind-try /opt /opt \
|
|
|
|
--bind-try /media /media \
|
|
|
|
--bind-try /run /run \
|
|
|
|
--bind-try /var /var \
|
2021-09-12 12:40:14 +02:00
|
|
|
--ro-bind-try /usr/share/steam/compatibilitytools.d /usr/share/steam/compatibilitytools.d \
|
2021-03-26 18:03:50 +01:00
|
|
|
--ro-bind-try /etc/resolv.conf /etc/resolv.conf \
|
|
|
|
--ro-bind-try /etc/hosts /etc/hosts \
|
|
|
|
--ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf \
|
2021-03-29 15:33:43 +02:00
|
|
|
--ro-bind-try /etc/passwd /etc/passwd \
|
|
|
|
--ro-bind-try /etc/group /etc/group \
|
2021-04-06 21:16:29 +02:00
|
|
|
--ro-bind-try /etc/machine-id /etc/machine-id \
|
|
|
|
--ro-bind-try /etc/asound.conf /etc/asound.conf \
|
2021-05-28 11:42:43 +02:00
|
|
|
--ro-bind-try /etc/localtime /etc/localtime \
|
2022-08-27 12:33:40 +02:00
|
|
|
"${non_standard_home[@]}" \
|
2022-08-27 11:29:59 +02:00
|
|
|
"${sandbox_params[@]}" \
|
|
|
|
"${custom_home[@]}" \
|
2022-08-27 16:12:29 +02:00
|
|
|
"${xsockets[@]}" \
|
2021-08-30 15:04:52 +02:00
|
|
|
${unshare_net} \
|
2021-04-01 13:13:39 +02:00
|
|
|
--setenv PATH "${CUSTOM_PATH}" \
|
2021-03-26 18:03:50 +01:00
|
|
|
"$@"
|
|
|
|
}
|
|
|
|
|
2021-03-29 21:41:06 +02:00
|
|
|
trap_exit () {
|
2021-04-02 20:24:21 +02:00
|
|
|
rm -f "${working_dir}"/running_"${script_id}"
|
|
|
|
|
|
|
|
if [ ! "$(ls "${working_dir}"/running_* 2>/dev/null)" ]; then
|
2021-06-09 20:46:31 +02:00
|
|
|
fusermount${fuse_version} -uz "${mount_point}" 2>/dev/null || \
|
2022-06-18 10:47:06 +02:00
|
|
|
umount --lazy "${mount_point}" 2>/dev/null
|
2021-04-02 20:24:21 +02:00
|
|
|
|
2022-02-20 17:40:31 +01:00
|
|
|
if [ ! "$(ls "${mount_point}" 2>/dev/null)" ]; then
|
|
|
|
rm -rf "${working_dir}"
|
|
|
|
fi
|
2021-04-02 20:24:21 +02:00
|
|
|
fi
|
|
|
|
|
2021-03-29 21:41:06 +02:00
|
|
|
exit
|
|
|
|
}
|
|
|
|
|
|
|
|
trap 'trap_exit' EXIT
|
|
|
|
|
2021-08-09 14:50:01 +02:00
|
|
|
if [ "$(ls "${working_dir}"/running_* 2>/dev/null)" ] && [ ! "$(ls "${mount_point}" 2>/dev/null)" ]; then
|
|
|
|
rm -f "${working_dir}"/running_*
|
|
|
|
fi
|
|
|
|
|
2021-08-10 20:57:36 +02:00
|
|
|
# Mount the image
|
2021-05-19 10:39:01 +02:00
|
|
|
mkdir -p "${mount_point}"
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-05-19 10:39:01 +02:00
|
|
|
if [ "$(ls "${mount_point}" 2>/dev/null)" ] || \
|
2021-08-06 14:10:31 +02:00
|
|
|
( [ "${dwarfs_image}" != 1 ] && launch_wrapper "${mount_tool}" -o offset="${offset}",ro "${script}" "${mount_point}" ) || \
|
2021-08-06 21:31:49 +02:00
|
|
|
launch_wrapper "${mount_tool}" "${script}" "${mount_point}" -o offset="${offset}" -o debuglevel=error -o workers="${dwarfs_num_workers}" \
|
|
|
|
-o mlock=try -o no_cache_image -o cache_files -o cachesize="${dwarfs_cache_size}"; then
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-m" ] && [ -z "${script_is_symlink}" ]; then
|
2021-08-09 14:50:01 +02:00
|
|
|
if [ ! -f "${working_dir}"/running_mount ]; then
|
|
|
|
echo 1 > "${working_dir}"/running_mount
|
|
|
|
echo "The image has been mounted to ${mount_point}"
|
|
|
|
else
|
|
|
|
rm -f "${working_dir}"/running_mount
|
|
|
|
echo "The image has been unmounted"
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-08-09 14:50:01 +02:00
|
|
|
exit
|
|
|
|
fi
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-V" ] && [ -z "${script_is_symlink}" ]; then
|
2021-10-27 21:52:32 +02:00
|
|
|
if [ -f "${mount_point}"/version ]; then
|
|
|
|
cat "${mount_point}"/version
|
|
|
|
else
|
|
|
|
echo "Unknown version"
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2021-04-02 20:24:21 +02:00
|
|
|
echo 1 > "${working_dir}"/running_"${script_id}"
|
2021-08-10 20:57:36 +02:00
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg "Running Conty"
|
2021-03-28 13:35:24 +02:00
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
export CUSTOM_PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/lib/jvm/default/bin:/usr/local/bin:/usr/local/sbin:${PATH}"
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ "$1" = "-l" ] && [ -z "${script_is_symlink}" ]; then
|
2022-08-27 19:27:06 +02:00
|
|
|
run_bwrap --ro-bind "${mount_point}"/var /var pacman -Q
|
2021-09-22 13:15:48 +02:00
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
# If SANDBOX_LEVEL is 3, run Xephyr and openbox before running applications
|
|
|
|
if [ "${SANDBOX}" = 1 ] && [ -n "${SANDBOX_LEVEL}" ] && [ "${SANDBOX_LEVEL}" -ge 3 ]; then
|
|
|
|
if [ -f "${mount_point}"/usr/bin/Xephyr ]; then
|
|
|
|
if [ -z "${XEPHYR_SIZE}" ]; then
|
|
|
|
XEPHYR_SIZE="800x600"
|
|
|
|
fi
|
|
|
|
|
|
|
|
xephyr_display="$((${script_id}+2))"
|
|
|
|
|
2021-09-05 14:15:31 +02:00
|
|
|
if [ -S /tmp/.X11-unix/X${xephyr_display} ]; then
|
|
|
|
xephyr_display="$((${script_id}+10))"
|
|
|
|
fi
|
|
|
|
|
2021-08-30 15:04:52 +02:00
|
|
|
QUIET_MODE=1 DISABLE_NET=1 SANDBOX_LEVEL=2 run_bwrap \
|
2022-08-27 16:12:29 +02:00
|
|
|
--bind-try /tmp/.X11-unix /tmp/.X11-unix \
|
2021-08-30 15:04:52 +02:00
|
|
|
Xephyr -noreset -ac -br -screen ${XEPHYR_SIZE} :${xephyr_display} &>/dev/null & sleep 1
|
|
|
|
xephyr_pid=$!
|
|
|
|
|
|
|
|
QUIET_MODE=1 run_bwrap openbox & sleep 1
|
|
|
|
else
|
|
|
|
echo "SANDBOX_LEVEL is set to 3, but Xephyr is not present inside the container."
|
|
|
|
echo "Xephyr is required for this SANDBOX_LEVEL."
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2022-08-27 19:40:51 +02:00
|
|
|
if [ -n "${script_is_symlink}" ] && [ -f "${mount_point}"/usr/bin/"${script_name}" ]; then
|
2021-04-01 13:13:39 +02:00
|
|
|
export CUSTOM_PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/lib/jvm/default/bin"
|
|
|
|
|
2021-06-29 22:20:23 +02:00
|
|
|
show_msg "Autostarting ${script_name}"
|
2021-05-20 11:35:14 +02:00
|
|
|
run_bwrap "${script_name}" "$@"
|
2021-03-28 13:35:24 +02:00
|
|
|
else
|
2021-05-20 11:35:14 +02:00
|
|
|
run_bwrap "$@"
|
2021-03-28 13:35:24 +02:00
|
|
|
fi
|
2021-08-30 15:04:52 +02:00
|
|
|
|
|
|
|
if [ -n "${xephyr_pid}" ]; then
|
|
|
|
wait ${xephyr_pid}
|
|
|
|
fi
|
2021-03-26 18:03:50 +01:00
|
|
|
else
|
2021-08-06 14:10:31 +02:00
|
|
|
echo "Mounting the image failed!"
|
2021-03-27 11:01:24 +01:00
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
exit
|