diff --git a/README.md b/README.md index ce16dcf..419dbc2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # Portable A sandboxing framework, originally designed for WeChat. Still in heavy development. +![Example](https://raw.githubusercontent.com/Kraftland/portable/refs/heads/master/example.webp) + +--- + # File installment ## Portable @@ -27,7 +31,7 @@ install -Dm755 config /usr/lib/portable/info/appID/config ## Runtime -Environment variables are read from stateDirectory/portable.env +Environment variables are read from `XDG_DATA_HOME/stateDirectory/portable.env` Start portable with environment variable `_portalConfig`, which is pointed to the actual config. diff --git a/config b/config index 0a09e47..7b73379 100644 --- a/config +++ b/config @@ -1,13 +1,16 @@ #!/usr/bin/bash # This is your Application ID, avoid conflict -appID="" +appID="top.kimiblock.example" # This is a friendly name of an application. It should only contain ASCII characters and not spaces. -friendlyName="" +friendlyName="Portable_Test" # This is the state directory of your application, which is located under "XDG_DATA_HOME" -stateDirectory="" +stateDirectory="Portable_Test_Data" # This is the target executable to launch -launchTarget="" +launchTarget="gtk3-demo" + +# Takes boolean value. When enabled, do not process XAuth files and enable X access. Generally this should be always on. +waylandOnly="false" \ No newline at end of file diff --git a/example.webp b/example.webp new file mode 100644 index 0000000..139e53d Binary files /dev/null and b/example.webp differ diff --git a/portable.sh b/portable.sh index e3c553a..b5e25dd 100755 --- a/portable.sh +++ b/portable.sh @@ -38,17 +38,25 @@ function manageDirs() { createWrapIfNotExist "${XDG_DATA_HOME}"/${stateDirectory} } -function detectXauth() { - if [ ! ${XAUTHORITY} ]; then - echo '[Warn] No ${XAUTHORITY} detected! Do you have any X server running?' - export XAUTHORITYpath="/$(uuidgen)/$(uuidgen)" - xhost +localhost - else - export XAUTHORITYpath="${XAUTHORITY}" - fi - if [[ ! ${DISPLAY} ]]; then - echo '[Warn] No ${DISPLAY} detected! Do you have any X server running?' +function genXAuth() { + if [[ ${waylandOnly} = "true" ]]; then + touch "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" + return $? fi + echo "[Info] Processing X Server security restriction..." + #authHash="$(xxd -p -l 16 /dev/urandom)" + rm "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" + touch "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" + xauth -f \ + "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" \ + add $(xauth list :0) + #xauth -f \ + # "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" \ + # add \ + # "${DISPLAY}" \ + # . \ + # "${authHash}" + #xauth merge "${XDG_DATA_HOME}/${stateDirectory}/.XAuthority" } function createWrapIfNotExist() { @@ -111,11 +119,6 @@ function execApp() { fi cameraDect importEnv - if [ ${XDG_SESSION_TYPE} = wayland ]; then - echo "[Info] Skipping Xhost operation" - else - xhost +localhost #Unlock the XServer for X11 users - fi mkdir -p "${XDG_DATA_HOME}"/"${stateDirectory}"/.config echo "GTK_IM_MODULE is ${GTK_IM_MODULE}" echo "QT_IM_MODULE is ${QT_IM_MODULE}" @@ -195,6 +198,8 @@ function execApp() { -p BindReadOnlyPaths=-/run/systemd/resolve/stub-resolv.conf \ -p BindReadOnlyPaths=/usr/lib/portable/flatpak-info:"${XDG_RUNTIME_DIR}/.flatpak-info" \ -p Environment=PATH=/sandbox:"${PATH}" \ + -p Environment=XAUTHORITY="${HOME}/.XAuthority" \ + -p Environment=DISPLAY="${DISPLAY}" \ -- \ bwrap \ --tmpfs /tmp \ @@ -210,9 +215,9 @@ function execApp() { --ro-bind /sys/dev/char /sys/dev/char \ --ro-bind /sys/devices /sys/devices \ --dir /sandbox \ - --ro-bind /usr/lib/flatpak-xdg-utils/xdg-open \ + --ro-bind /usr/lib/portable/open \ /sandbox/chromium \ - --ro-bind /usr/lib/flatpak-xdg-utils/xdg-open \ + --ro-bind /usr/lib/portable/open \ /sandbox/firefox \ --ro-bind /usr/lib/portable/mimeapps.list \ "${XDG_DATA_HOME}/${stateDirectory}/.config/mimeapps.list" \ @@ -229,7 +234,6 @@ function execApp() { "${XDG_RUNTIME_DIR}/pulse" \ --bind "${XDG_DATA_HOME}/${stateDirectory}" "${HOME}" \ --ro-bind-try "${XDG_DATA_HOME}"/icons "${XDG_DATA_HOME}"/icons \ - --ro-bind-try "${XAUTHORITYpath}" "${XAUTHORITYpath}" \ --ro-bind-try "${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}" \ "${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}" \ --ro-bind-try "${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}.lock" \ @@ -443,7 +447,7 @@ function openDataDir() { } function launch() { - detectXauth + genXAuth inputMethod moeDect if [[ $(systemctl --user is-failed ${unitName}.service) = failed ]]; then