Commit graph

135 commits

Author SHA1 Message Date
ghtm2
b3c16de238
Fix shellcheck warnings and style (#62) 2023-02-16 00:57:05 +05:00
Kron4ek
c86cba4af3 Update integrated utils
Update bubblewrap to 0.7.0
Update dwarfs to the latest git revision (3dfad5a)
Update zstd to 1.5.4
Update glibc to 2.37
Update boost to 1.81
Update all other outdated dependencies
2023-02-10 16:11:08 +05:00
Kron4ek
521ef2069f Update dwarfs compression arguments 2022-11-24 13:01:34 +05:00
Kron4ek
d74279f6f5 Update integrated utils
Update glibc to 2.36
2022-10-17 01:18:11 +05:00
Kron4ek
b01c65bd8a Update ld.so.cache when updating Conty
ld.so.cache does not get updated automatically for some reason, so update it manually. Otherwise there may be problems with libraries (like https://github.com/Kron4ek/Conty/discussions/55)
2022-09-18 14:01:52 +05:00
Kron4ek
425a9eb21f Tweak dwarfs parameters
Lower the cache size
Limit the maximum number of workers to 8
2022-09-11 17:49:13 +05:00
Kron4ek
114a55e840 Also unset XAUTHORITY when disabling access to X server 2022-08-27 22:58:31 +05:00
Kron4ek
cc69e5361b Don't parse own arguments if the script is a symlink 2022-08-27 22:40:51 +05:00
Kron4ek
d2fda8cbcf Add the ability to disable access to X server
For example, this is useful for restricting applications from accessing Xwayland on Wayland.
2022-08-27 22:27:06 +05:00
Kron4ek
36d01751b4 Mount all X sockets separately
Remount /tmp/.X11-unix as tmpfs and then mount all X sockets separately.
This fixes gamescope.
2022-08-27 19:12:29 +05:00
Kron4ek
71d2460e60 Properly handle non-standard HOME directories
Non-standard here means outside of /home.
2022-08-27 15:33:40 +05:00
Kron4ek
30938e7713 Automatically create a directory for HOME_DIR when it is set 2022-08-27 14:37:48 +05:00
Kron4ek
c186b86cbd Properly handle spaces for all bwrap parameters
Use bash arrays instead of just variables to properly handle spaces.
2022-08-27 14:29:59 +05:00
Kron4ek
ea3a106654 Update integrated utils
Update squashfuse to 0.1.105
Update dwarfs to the latest git revision (e8f489a)
Update lz4 to 1.9.4
Update all other outdated libraries
2022-08-26 19:51:12 +05:00
Kron4ek
576f16fcf6 Use integrated utils to extract images
Unless USE_SYS_UTILS is enabled.
2022-06-21 17:36:31 +05:00
Kron4ek
714d7dce15 Remove the SUDO_MOUNT feature 2022-06-18 13:47:06 +05:00
Kron4ek
6789b088a0 Remove the mount message when using DwarFS
DwarFS mounts instantly now, so the message is no longer needed.
2022-06-16 21:25:43 +05:00
Kron4ek
3039659db9 Automatically detect image format
DwarFS images have the string "DWARFS" at the very beginning of the file.
2022-06-16 21:16:51 +05:00
Kron4ek
886e1ff880 Update sqfs compressor arguments 2022-06-16 19:57:59 +05:00
Kron4ek
f5f1e9fbd7 Check the amount of free space before updating 2022-06-16 19:53:57 +05:00
Kron4ek
53e64b65bf Update integrated utils
Update bubblewrap to 0.6.2
Update squashfs-tools to 4.5.1
Update dwarfs to the latest git revision of the wip branch (which should speed up mount times on HDDs)
Update all other outdated libraries
2022-06-01 14:26:26 +05:00
Kron4ek
e55b1e6869 Update integrated utils
Update bubblewrap to 0.6.1
Update dwarfs to the latest git revision
Update all other outdated libraries
2022-04-05 23:54:28 +05:00
Kron4ek
8ff3f30563 Remove BIND and BIND_RO variables
`--bind` and `--ro-bind` launch arguments can still be used.

This commit also adds a launch argument (`-H`) to show the bubblewrap help.
2022-02-26 00:56:23 +05:00
Kron4ek
579b84bf84 Do not remove mount_point if the image is still mounted 2022-02-20 21:40:31 +05:00
Kron4ek
2598e9766f Update integrated utils
Update glibc (to 2.35) and other libraries.
2022-02-20 20:31:22 +05:00
Kron4ek
349b39874e Update integrated zstd to 1.5.2 2022-01-25 15:24:10 +05:00
Kron4ek
d17b60f1c7 Update integrated utils
Dwarfs updated to the latest git revision
Updated all outdated dependencies

Compiled using Clang 13 + O3 + LTO for better runtime performance
2022-01-08 15:11:17 +05:00
Kron4ek
759615545f Update integrated zstd to 1.5.1 2021-12-29 17:08:27 +05:00
Kron4ek
72c3be5dfa Mount pulse and pipewire sockets
Mount pulse and pipewire sockets at SANDBOX_LEVEL 2+, oherwise sound will not work for pulseaudio and pipewire users.

With SANDBOX disabled or at SANDBOX_LEVEL 1 this is not a problem, since the entire XDG_RUNTIME_DIR gets mounted.
2021-11-20 13:48:50 +05:00
Kron4ek
d05109732b Change the default dwarfs compressor arguments
Slightly worse compression ratio, but faster file system access.
2021-11-08 16:18:46 +05:00
Kron4ek
dc9afd7f5b Use XDG_RUNTIME_DIR
Use XDG_RUNTIME_DIR instead of /run/user/USERID, even though XDG_RUNTIME_DIR (almost) always points to it.
2021-11-03 16:06:38 +05:00
Kron4ek
a373a53bd1 Remove the NVIDIA_FIX function
From what i heard from some people, it doesn't seem to work.
Let me know if it works for you and i will revert the change.
2021-10-30 17:46:21 +05:00
Kron4ek
f278975237 Add an argument to show version of the image 2021-10-28 00:52:32 +05:00
Kron4ek
8368ec9d44 Update the integrated libcap and libfuse3
libcap 2.60
libfuse3 3.10.5
2021-10-24 18:49:04 +05:00
Kron4ek
47ebc27410 Properly detect Wayland display 2021-10-02 18:02:48 +05:00
Kron4ek
4f1cdfd9fd Add an argument to list installed packages 2021-09-22 16:15:48 +05:00
Kron4ek
ff03775b24 Move some Nvidia binds out of the loop 2021-09-19 00:07:15 +05:00
Kron4ek
279275d02f Generate 5 mirrors with reflector 2021-09-16 01:08:09 +05:00
Kron4ek
2ed0ca2ead Mount system-wide compatibilitytools.d for Steam
Needed for Steam to be able to see compatibility tools (custom Proton builds, for example) installed in /usr/share/steam/compatibilitytools.d.
2021-09-12 15:40:14 +05:00
Kron4ek
571eddd6fd Add the ability to mount files/dirs as read-only 2021-09-07 14:46:08 +05:00
Kron4ek
de0ffb94be Check if X11 display already exists 2021-09-05 17:15:31 +05:00
Kron4ek
bf11b6e631 Implement X11 isolation and sandbox levels
The sandbox strictness can now be controlled with the SANDBOX_LEVEL environment variable. There are 3 available levels, the default is 1.
Level 1 isolates all user files.
Level 2 isolates all user files, disables dbus and hides all running processes.
Level 3 does the same as the level 2, but additionally disables network access and isolates X11 server with Xephyr.

The XEPHYR_SIZE env variable controls the size of the Xephyr window, the default is 800x600.
2021-08-30 18:04:52 +05:00
Kron4ek
0c5dc8668e Update bubblewrap to 0.5.0 2021-08-24 14:38:39 +05:00
Kron4ek
d97077d026 Split squashfs and dwarfs utils
The dwarfs utils are relatively large (~20 MB when extracted) and are not needed for squashfs-compressed images, so it's better to move them into a separate archive.
2021-08-11 14:43:12 +05:00
Kron4ek
268ff808ba Implement the self-update function for dwarfs
And some other improvements.
2021-08-10 23:57:36 +05:00
Kron4ek
9e366b00fe
Add option to mount and unmount the image 2021-08-09 17:50:01 +05:00
Kron4ek
22e6270f62
Don't set too high number of workers 2021-08-07 23:20:15 +05:00
Kron4ek
a34eef062b Tweaks for dwarfs 2021-08-07 00:31:49 +05:00
Kron4ek
8292d055f0 Add dwarfs support 2021-08-06 17:10:31 +05:00
Kron4ek
0d54828bf7
Add quiet mode 2021-06-30 01:20:23 +05:00
Kron4ek
2cae712abf Change the default keyserver 2021-06-23 13:23:43 +05:00
Kron4ek
f41e9be2c4
Remove redundant return from exec_test function 2021-06-22 13:51:01 +05:00
Kron4ek
ff29fd4d5f Add lzo, lzma and gzip support 2021-06-10 19:58:12 +05:00
Kron4ek
358acd8aca Add glibc libs and fuse3 support
The integrated utils now include two squashfuse binaries: the one is for fuse2 and the second is for fuse3.
Conty will automatically use the fuse3 version if fuse3 is installed, otherwise it will use the fuse2 version.

Besides, glibc libs are now included and they are used for the integrated utils.
Which means that the integrated utils now don't depend on system-wide glibc and will work even on really old distros (like Ubuntu 12.04, for example), assuming that kernel version is new enough, of course.
2021-06-09 23:46:31 +05:00
Kron4ek
55ecd8016e
Improvements for the self-update function 2021-06-08 21:45:57 +05:00
Kron4ek
d9238913e0
Fix exec checking 2021-06-08 19:57:30 +05:00
Kron4ek
5eb93c9127
Check if /tmp is mounted with noexec
If /tmp is mounted with noexec, use ~/.local/share/Conty as a working directory. And if HOME is also mounted with noexec, then show an error and exit.
2021-06-08 19:13:49 +05:00
Kron4ek
b88de42bc4
Fix the self-update function
Hopefully for sure this time.
2021-06-01 22:24:10 +05:00
Kron4ek
334dffaa6c
Bind /etc/localtime
The timezone for applications running using Conty will be the same as on the host system.
2021-05-28 14:42:43 +05:00
Kron4ek
8fc39a132a
Update conty-start.sh
Bind $HOME to $HOME. This is useful in case if HOME is not /home/username.
2021-05-28 14:33:48 +05:00
Kron4ek
409a08d196
Bind XAUTHORITY file
This is required for any graphical application to work (to connect to X server) when SANDBOX is enabled. Another possible solution is to allow any local user to connect to X server by using xhost, but binding XAUTHORITY is simpler.
2021-05-28 14:22:29 +05:00
Kron4ek
edc3f5d938
Install packages after removing packages 2021-05-27 20:01:19 +05:00
Kron4ek
8dca7fe819
Replace yes with noconfirm
Otherwise pacman may hang in some cases (for example if there are multiple providers for a library).
2021-05-27 19:29:08 +05:00
Kron4ek
21ef8c7514
Add an argument to show the script version 2021-05-25 18:31:21 +05:00
Kron4ek
68bc1b222d
Add ability to remove packages 2021-05-22 14:33:44 +05:00
Kron4ek
7b37b5f218
Check the values of variables
It makes more sense.
2021-05-20 14:51:11 +05:00
Kron4ek
812b73ee49
Remove AUTOSTART and AUTOARGS variables
Because they are useless.
2021-05-20 14:35:14 +05:00
Kron4ek
6fc84c7263
Allow to set HOME_DIR even without SANDBOX
Because there is no reason to strictly tie this feature to SANDBOX.
2021-05-20 14:23:23 +05:00
Kron4ek
c64be240da
Do not bind /tmp when SANDBOX is enabled
However, it's necessary to bind /tmp/.X11-unix, otherwise applications will not be able to connect to X server when network is disabled (DISABLE_NET=1).
2021-05-20 14:06:53 +05:00
Kron4ek
7389a082a4
Add mount_point variable
Mount point path is used many times in the script, so it's better to use a single variable for it.
2021-05-19 13:39:01 +05:00
Kron4ek
076c91ffdb
Remove fmount variable 2021-05-19 13:23:31 +05:00
Kron4ek
2a6b1ccdf6
Rename sfuse to mount_tool
As it makes more sense.
2021-05-19 13:17:04 +05:00
Kron4ek
e8a73f4cea
Remove reduntant sudo variable 2021-05-19 13:13:01 +05:00
Kron4ek
9313aa4e74
Remove exit delay 2021-05-19 13:10:03 +05:00
Kron4ek
80ef7c393d
Fix PWD when NVIDIA_FIX is enabled 2021-05-19 13:07:49 +05:00
Kron4ek
62f247ee57
Use lower compression level
In my testing, compression using level 14 is almost 3x faster than level 19, while compression ratio is only about 2% lower. In my opinion, it's definitely worth it.
2021-05-15 15:59:07 +05:00
Kron4ek
b03f6dcab2 Update zstd to 1.5.0 2021-05-15 14:51:44 +05:00
Kron4ek
a3450c7757
More improvements 2021-05-07 20:17:57 +05:00
Kron4ek
2313664285
More improvements for the self-update feature 2021-05-07 00:26:31 +05:00
Kron4ek
6770cf5792
Improvements to the self-update feature 2021-05-06 15:41:22 +05:00
Kron4ek
3f4543748a
Fix BASE_DIR 2021-05-04 20:46:18 +05:00
Kron4ek
3805dabf13
Add ability to update and install packages 2021-05-04 20:11:51 +05:00
Kron4ek
2cef946680
Use squashfuse instead of squashfuse_ll
This revert commit 9d73f302f8

squashfuse_ll causes some weird filesystem access issues. For example, some applications are unable to access /usr/share/alsa when the squashfs image mounted with squashfuse_ll.
2021-04-23 16:29:44 +05:00
Kron4ek
a61db786ec
Fix the squashfs image extraction 2021-04-12 14:23:29 +05:00
Kron4ek
313958776c Rename squashfs-start.sh to conty-start.sh 2021-04-12 02:50:25 +05:00
Renamed from squashfs-start.sh (Browse further)