Compare commits
2 commits
94048e2d2b
...
52faa6c6d7
Author | SHA1 | Date | |
---|---|---|---|
Peter Cai | 52faa6c6d7 | ||
Peter Cai | ded4816343 |
|
@ -12,5 +12,7 @@ RUN apt-get -y update && apt-get -y install prismlauncher qtwayland5 openjdk-17-
|
||||||
|
|
||||||
USER user
|
USER user
|
||||||
|
|
||||||
|
LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/org.prismlauncher.PrismLauncher.desktop"
|
||||||
|
|
||||||
ENTRYPOINT [ "/usr/bin/prismlauncher" ]
|
ENTRYPOINT [ "/usr/bin/prismlauncher" ]
|
||||||
|
|
||||||
|
|
|
@ -9,4 +9,6 @@ RUN pacman -Syu --noconfirm \
|
||||||
|
|
||||||
USER user
|
USER user
|
||||||
|
|
||||||
|
LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/shattered-pixel-dungeon.desktop"
|
||||||
|
|
||||||
ENTRYPOINT [ "/usr/bin/shattered-pixel-dungeon" ]
|
ENTRYPOINT [ "/usr/bin/shattered-pixel-dungeon" ]
|
||||||
|
|
|
@ -1,3 +1,2 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
INVALIDATE_CACHE_UPSTREAM_ARCHLINUX="extra/any/shattered-pixel-dungeon"
|
INVALIDATE_CACHE_UPSTREAM_ARCHLINUX="extra/any/shattered-pixel-dungeon"
|
||||||
DESKTOP_FILE_PATH="/usr/share/applications/shattered-pixel-dungeon.desktop"
|
|
||||||
|
|
|
@ -8,4 +8,11 @@ USER user
|
||||||
|
|
||||||
ENV PROTON_NO_FSYNC=1
|
ENV PROTON_NO_FSYNC=1
|
||||||
|
|
||||||
|
LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/steam.desktop"
|
||||||
|
|
||||||
|
# Steam Runtime requires its own namespaces
|
||||||
|
# so we have to allow them in our seccomp filter.
|
||||||
|
# Don't use it if you don't trust their sandboxing (pressure-vessel).
|
||||||
|
LABEL net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces="true"
|
||||||
|
|
||||||
ENTRYPOINT [ "/usr/games/steam" ]
|
ENTRYPOINT [ "/usr/games/steam" ]
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
INVALIDATE_CACHE_UPSTREAM_UBUNTU="steam"
|
INVALIDATE_CACHE_UPSTREAM_UBUNTU="steam"
|
||||||
DESKTOP_FILE_PATH="/usr/share/applications/steam.desktop"
|
|
||||||
# Steam Runtime requires its own namespaces
|
# Steam Runtime requires its own namespaces
|
||||||
# so we have to allow them in our seccomp filter.
|
# so we have to allow them in our seccomp filter.
|
||||||
# Don't use it if you don't trust their sandboxing (pressure-vessel).
|
# Don't use it if you don't trust their sandboxing (pressure-vessel).
|
||||||
|
|
|
@ -12,9 +12,9 @@ assert_image_exists "$image_name"
|
||||||
[ -f "$script_path/apps/$1/control" ] || \
|
[ -f "$script_path/apps/$1/control" ] || \
|
||||||
die "App $1 does not have a control file that defines how to generate a shortcut"
|
die "App $1 does not have a control file that defines how to generate a shortcut"
|
||||||
|
|
||||||
. "$script_path/apps/$1/control"
|
desktop_file_path="$(get_image_label "$image_name" "net.typeblog.dobu.desktop_file_path")"
|
||||||
|
|
||||||
[ -z "${DESKTOP_FILE_PATH+x}" ] && die "App $1 did not specify DESKTOP_FILE_PATH in its control file"
|
[ -z "$desktop_file_path" ] && die "App $1 did not specify desktop_file_path in its labels"
|
||||||
|
|
||||||
# Create a temporary working directory
|
# Create a temporary working directory
|
||||||
# Because we will have to extract files from the container image
|
# Because we will have to extract files from the container image
|
||||||
|
@ -36,8 +36,8 @@ log "Creating temporary container $tmp_container_name from $image_name"
|
||||||
|
|
||||||
podman create --name "$tmp_container_name" "$image_name"
|
podman create --name "$tmp_container_name" "$image_name"
|
||||||
|
|
||||||
log "Extracting $DESKTOP_FILE_PATH from $tmp_container_name"
|
log "Extracting $desktop_file_path from $tmp_container_name"
|
||||||
podman cp "$tmp_container_name:$DESKTOP_FILE_PATH" ./$1.desktop
|
podman cp "$tmp_container_name:$desktop_file_path" ./$1.desktop
|
||||||
|
|
||||||
log "Extracting /usr/share/icons from $tmp_container_name"
|
log "Extracting /usr/share/icons from $tmp_container_name"
|
||||||
podman cp "$tmp_container_name:/usr/share/icons" ./icons
|
podman cp "$tmp_container_name:/usr/share/icons" ./icons
|
||||||
|
|
|
@ -26,11 +26,7 @@ if container_exists "$container_name"; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Load app control file because some apps require run-time customization
|
if [ "$(get_image_label "$image_name" net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces)" == "true" ]; then
|
||||||
# TODO: Maybe these things should really be container labels?
|
|
||||||
[ -f "$script_path/apps/$1/control" ] && . "$script_path/apps/$1/control"
|
|
||||||
|
|
||||||
if [ "$UNSAFE_I_KNOW_WHAT_I_AM_DOING_ALLOW_NAMESPACES" == "true" ]; then
|
|
||||||
log "Enabling sub-namespaces support inside this container"
|
log "Enabling sub-namespaces support inside this container"
|
||||||
log "This is considered UNSAFE; DO NOT USE if the app inside container does not do its own sandboxing"
|
log "This is considered UNSAFE; DO NOT USE if the app inside container does not do its own sandboxing"
|
||||||
log "DO NOT USE if you don't trust sandboxing done by the app inside"
|
log "DO NOT USE if you don't trust sandboxing done by the app inside"
|
||||||
|
|
|
@ -72,6 +72,11 @@ container_exists() {
|
||||||
podman container exists $1 > /dev/null 2>&1
|
podman container exists $1 > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_image_label() {
|
||||||
|
assert_image_exists "$1"
|
||||||
|
podman inspect "$1" | jq -r ".[0].Labels.\"$2\""
|
||||||
|
}
|
||||||
|
|
||||||
remove_stale_container() {
|
remove_stale_container() {
|
||||||
container_exists "$1" || return 0
|
container_exists "$1" || return 0
|
||||||
local is_running="$(podman inspect "$1" | jq -r '.[0].State.Running')"
|
local is_running="$(podman inspect "$1" | jq -r '.[0].State.Running')"
|
||||||
|
|
Loading…
Reference in a new issue