Compare commits
	
		
			2 commits
		
	
	
		
			
				94048e2d2b
			
			...
			
				52faa6c6d7
			
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 52faa6c6d7 | |||
| ded4816343 | 
					 8 changed files with 21 additions and 11 deletions
				
			
		|  | @ -12,5 +12,7 @@ RUN apt-get -y update && apt-get -y install prismlauncher qtwayland5 openjdk-17- | |||
| 
 | ||||
| USER user | ||||
| 
 | ||||
| LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/org.prismlauncher.PrismLauncher.desktop" | ||||
| 
 | ||||
| ENTRYPOINT [ "/usr/bin/prismlauncher" ] | ||||
| 
 | ||||
|  |  | |||
|  | @ -9,4 +9,6 @@ RUN pacman -Syu --noconfirm \ | |||
| 
 | ||||
| USER user | ||||
| 
 | ||||
| LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/shattered-pixel-dungeon.desktop" | ||||
| 
 | ||||
| ENTRYPOINT [ "/usr/bin/shattered-pixel-dungeon" ] | ||||
|  |  | |||
|  | @ -1,3 +1,2 @@ | |||
| #!/usr/bin/env bash | ||||
| INVALIDATE_CACHE_UPSTREAM_ARCHLINUX="extra/any/shattered-pixel-dungeon" | ||||
| DESKTOP_FILE_PATH="/usr/share/applications/shattered-pixel-dungeon.desktop" | ||||
|  |  | |||
|  | @ -8,4 +8,11 @@ USER user | |||
| 
 | ||||
| ENV PROTON_NO_FSYNC=1 | ||||
| 
 | ||||
| LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/steam.desktop" | ||||
| 
 | ||||
| # Steam Runtime requires its own namespaces | ||||
| # so we have to allow them in our seccomp filter. | ||||
| # Don't use it if you don't trust their sandboxing (pressure-vessel). | ||||
| LABEL net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces="true" | ||||
| 
 | ||||
| ENTRYPOINT [ "/usr/games/steam" ] | ||||
|  |  | |||
|  | @ -1,6 +1,5 @@ | |||
| #!/usr/bin/env bash | ||||
| INVALIDATE_CACHE_UPSTREAM_UBUNTU="steam" | ||||
| DESKTOP_FILE_PATH="/usr/share/applications/steam.desktop" | ||||
| # Steam Runtime requires its own namespaces | ||||
| # so we have to allow them in our seccomp filter. | ||||
| # Don't use it if you don't trust their sandboxing (pressure-vessel). | ||||
|  |  | |||
|  | @ -12,9 +12,9 @@ assert_image_exists "$image_name" | |||
| [ -f "$script_path/apps/$1/control" ] || \ | ||||
|   die "App $1 does not have a control file that defines how to generate a shortcut" | ||||
| 
 | ||||
| . "$script_path/apps/$1/control" | ||||
| desktop_file_path="$(get_image_label "$image_name" "net.typeblog.dobu.desktop_file_path")" | ||||
| 
 | ||||
| [ -z "${DESKTOP_FILE_PATH+x}" ] && die "App $1 did not specify DESKTOP_FILE_PATH in its control file" | ||||
| [ -z "$desktop_file_path" ] && die "App $1 did not specify desktop_file_path in its labels" | ||||
| 
 | ||||
| # Create a temporary working directory | ||||
| # Because we will have to extract files from the container image | ||||
|  | @ -36,8 +36,8 @@ log "Creating temporary container $tmp_container_name from $image_name" | |||
| 
 | ||||
| podman create --name "$tmp_container_name" "$image_name" | ||||
| 
 | ||||
| log "Extracting $DESKTOP_FILE_PATH from $tmp_container_name" | ||||
| podman cp "$tmp_container_name:$DESKTOP_FILE_PATH" ./$1.desktop | ||||
| log "Extracting $desktop_file_path from $tmp_container_name" | ||||
| podman cp "$tmp_container_name:$desktop_file_path" ./$1.desktop | ||||
| 
 | ||||
| log "Extracting /usr/share/icons from $tmp_container_name" | ||||
| podman cp "$tmp_container_name:/usr/share/icons" ./icons | ||||
|  |  | |||
|  | @ -26,11 +26,7 @@ if container_exists "$container_name"; then | |||
|   exit 0 | ||||
| fi | ||||
| 
 | ||||
| # Load app control file because some apps require run-time customization | ||||
| # TODO: Maybe these things should really be container labels? | ||||
| [ -f "$script_path/apps/$1/control" ] && . "$script_path/apps/$1/control" | ||||
| 
 | ||||
| if [ "$UNSAFE_I_KNOW_WHAT_I_AM_DOING_ALLOW_NAMESPACES" == "true" ]; then | ||||
| if [ "$(get_image_label "$image_name" net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces)" == "true" ]; then | ||||
|   log "Enabling sub-namespaces support inside this container" | ||||
|   log "This is considered UNSAFE; DO NOT USE if the app inside container does not do its own sandboxing" | ||||
|   log "DO NOT USE if you don't trust sandboxing done by the app inside" | ||||
|  |  | |||
|  | @ -72,6 +72,11 @@ container_exists() { | |||
|   podman container exists $1 > /dev/null 2>&1 | ||||
| } | ||||
| 
 | ||||
| get_image_label() { | ||||
|   assert_image_exists "$1" | ||||
|   podman inspect "$1" | jq -r ".[0].Labels.\"$2\"" | ||||
| } | ||||
| 
 | ||||
| remove_stale_container() { | ||||
|   container_exists "$1" || return 0 | ||||
|   local is_running="$(podman inspect "$1" | jq -r '.[0].State.Running')" | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue