Commit graph

58 commits

Author SHA1 Message Date
Kron4ek
759615545f Update integrated zstd to 1.5.1 2021-12-29 17:08:27 +05:00
Kron4ek
72c3be5dfa Mount pulse and pipewire sockets
Mount pulse and pipewire sockets at SANDBOX_LEVEL 2+, oherwise sound will not work for pulseaudio and pipewire users.

With SANDBOX disabled or at SANDBOX_LEVEL 1 this is not a problem, since the entire XDG_RUNTIME_DIR gets mounted.
2021-11-20 13:48:50 +05:00
Kron4ek
d05109732b Change the default dwarfs compressor arguments
Slightly worse compression ratio, but faster file system access.
2021-11-08 16:18:46 +05:00
Kron4ek
dc9afd7f5b Use XDG_RUNTIME_DIR
Use XDG_RUNTIME_DIR instead of /run/user/USERID, even though XDG_RUNTIME_DIR (almost) always points to it.
2021-11-03 16:06:38 +05:00
Kron4ek
a373a53bd1 Remove the NVIDIA_FIX function
From what i heard from some people, it doesn't seem to work.
Let me know if it works for you and i will revert the change.
2021-10-30 17:46:21 +05:00
Kron4ek
f278975237 Add an argument to show version of the image 2021-10-28 00:52:32 +05:00
Kron4ek
8368ec9d44 Update the integrated libcap and libfuse3
libcap 2.60
libfuse3 3.10.5
2021-10-24 18:49:04 +05:00
Kron4ek
47ebc27410 Properly detect Wayland display 2021-10-02 18:02:48 +05:00
Kron4ek
4f1cdfd9fd Add an argument to list installed packages 2021-09-22 16:15:48 +05:00
Kron4ek
ff03775b24 Move some Nvidia binds out of the loop 2021-09-19 00:07:15 +05:00
Kron4ek
279275d02f Generate 5 mirrors with reflector 2021-09-16 01:08:09 +05:00
Kron4ek
2ed0ca2ead Mount system-wide compatibilitytools.d for Steam
Needed for Steam to be able to see compatibility tools (custom Proton builds, for example) installed in /usr/share/steam/compatibilitytools.d.
2021-09-12 15:40:14 +05:00
Kron4ek
571eddd6fd Add the ability to mount files/dirs as read-only 2021-09-07 14:46:08 +05:00
Kron4ek
de0ffb94be Check if X11 display already exists 2021-09-05 17:15:31 +05:00
Kron4ek
bf11b6e631 Implement X11 isolation and sandbox levels
The sandbox strictness can now be controlled with the SANDBOX_LEVEL environment variable. There are 3 available levels, the default is 1.
Level 1 isolates all user files.
Level 2 isolates all user files, disables dbus and hides all running processes.
Level 3 does the same as the level 2, but additionally disables network access and isolates X11 server with Xephyr.

The XEPHYR_SIZE env variable controls the size of the Xephyr window, the default is 800x600.
2021-08-30 18:04:52 +05:00
Kron4ek
0c5dc8668e Update bubblewrap to 0.5.0 2021-08-24 14:38:39 +05:00
Kron4ek
d97077d026 Split squashfs and dwarfs utils
The dwarfs utils are relatively large (~20 MB when extracted) and are not needed for squashfs-compressed images, so it's better to move them into a separate archive.
2021-08-11 14:43:12 +05:00
Kron4ek
268ff808ba Implement the self-update function for dwarfs
And some other improvements.
2021-08-10 23:57:36 +05:00
Kron4ek
9e366b00fe
Add option to mount and unmount the image 2021-08-09 17:50:01 +05:00
Kron4ek
22e6270f62
Don't set too high number of workers 2021-08-07 23:20:15 +05:00
Kron4ek
a34eef062b Tweaks for dwarfs 2021-08-07 00:31:49 +05:00
Kron4ek
8292d055f0 Add dwarfs support 2021-08-06 17:10:31 +05:00
Kron4ek
0d54828bf7
Add quiet mode 2021-06-30 01:20:23 +05:00
Kron4ek
2cae712abf Change the default keyserver 2021-06-23 13:23:43 +05:00
Kron4ek
f41e9be2c4
Remove redundant return from exec_test function 2021-06-22 13:51:01 +05:00
Kron4ek
ff29fd4d5f Add lzo, lzma and gzip support 2021-06-10 19:58:12 +05:00
Kron4ek
358acd8aca Add glibc libs and fuse3 support
The integrated utils now include two squashfuse binaries: the one is for fuse2 and the second is for fuse3.
Conty will automatically use the fuse3 version if fuse3 is installed, otherwise it will use the fuse2 version.

Besides, glibc libs are now included and they are used for the integrated utils.
Which means that the integrated utils now don't depend on system-wide glibc and will work even on really old distros (like Ubuntu 12.04, for example), assuming that kernel version is new enough, of course.
2021-06-09 23:46:31 +05:00
Kron4ek
55ecd8016e
Improvements for the self-update function 2021-06-08 21:45:57 +05:00
Kron4ek
d9238913e0
Fix exec checking 2021-06-08 19:57:30 +05:00
Kron4ek
5eb93c9127
Check if /tmp is mounted with noexec
If /tmp is mounted with noexec, use ~/.local/share/Conty as a working directory. And if HOME is also mounted with noexec, then show an error and exit.
2021-06-08 19:13:49 +05:00
Kron4ek
b88de42bc4
Fix the self-update function
Hopefully for sure this time.
2021-06-01 22:24:10 +05:00
Kron4ek
334dffaa6c
Bind /etc/localtime
The timezone for applications running using Conty will be the same as on the host system.
2021-05-28 14:42:43 +05:00
Kron4ek
8fc39a132a
Update conty-start.sh
Bind $HOME to $HOME. This is useful in case if HOME is not /home/username.
2021-05-28 14:33:48 +05:00
Kron4ek
409a08d196
Bind XAUTHORITY file
This is required for any graphical application to work (to connect to X server) when SANDBOX is enabled. Another possible solution is to allow any local user to connect to X server by using xhost, but binding XAUTHORITY is simpler.
2021-05-28 14:22:29 +05:00
Kron4ek
edc3f5d938
Install packages after removing packages 2021-05-27 20:01:19 +05:00
Kron4ek
8dca7fe819
Replace yes with noconfirm
Otherwise pacman may hang in some cases (for example if there are multiple providers for a library).
2021-05-27 19:29:08 +05:00
Kron4ek
21ef8c7514
Add an argument to show the script version 2021-05-25 18:31:21 +05:00
Kron4ek
68bc1b222d
Add ability to remove packages 2021-05-22 14:33:44 +05:00
Kron4ek
7b37b5f218
Check the values of variables
It makes more sense.
2021-05-20 14:51:11 +05:00
Kron4ek
812b73ee49
Remove AUTOSTART and AUTOARGS variables
Because they are useless.
2021-05-20 14:35:14 +05:00
Kron4ek
6fc84c7263
Allow to set HOME_DIR even without SANDBOX
Because there is no reason to strictly tie this feature to SANDBOX.
2021-05-20 14:23:23 +05:00
Kron4ek
c64be240da
Do not bind /tmp when SANDBOX is enabled
However, it's necessary to bind /tmp/.X11-unix, otherwise applications will not be able to connect to X server when network is disabled (DISABLE_NET=1).
2021-05-20 14:06:53 +05:00
Kron4ek
7389a082a4
Add mount_point variable
Mount point path is used many times in the script, so it's better to use a single variable for it.
2021-05-19 13:39:01 +05:00
Kron4ek
076c91ffdb
Remove fmount variable 2021-05-19 13:23:31 +05:00
Kron4ek
2a6b1ccdf6
Rename sfuse to mount_tool
As it makes more sense.
2021-05-19 13:17:04 +05:00
Kron4ek
e8a73f4cea
Remove reduntant sudo variable 2021-05-19 13:13:01 +05:00
Kron4ek
9313aa4e74
Remove exit delay 2021-05-19 13:10:03 +05:00
Kron4ek
80ef7c393d
Fix PWD when NVIDIA_FIX is enabled 2021-05-19 13:07:49 +05:00
Kron4ek
62f247ee57
Use lower compression level
In my testing, compression using level 14 is almost 3x faster than level 19, while compression ratio is only about 2% lower. In my opinion, it's definitely worth it.
2021-05-15 15:59:07 +05:00
Kron4ek
b03f6dcab2 Update zstd to 1.5.0 2021-05-15 14:51:44 +05:00