fix init

* fix: 部分应用卸载失败的问题

* fix: 光标主题失效的问题

README.md

@@ -1,31 +1,49 @@
-# 书虫兼容模式
-书虫兼容模式，是`琥珀兼容环境(ACE)`的一部分
 
-琥珀兼容环境是一款基于bubblewrap的容器化应用打包和分发方案。
-
-书虫兼容模式用极为轻量的容器方案让你可以在几乎任何的Linux发行版上运行一个`Debian 12`容器。在`Appimage`应用无法启动或者打包的时候，使用书虫兼容模式来打包可以让你在使用最新的环境的同时在更多的发行版上运行，是一个很好的选择
-
-书虫兼容模式让你可以在deepin或UOS上使用Debian 12的应用，为你带来更好的使用体验！
-
-请使用 `git clone --recurse-submodules` 来获取
-
-## 构建指南
-
-先构建容器再打包，容器位置在`src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files`
 
 
 # Bookworm compatibility mode
 
+# [中文](README.zh.md)
+
 Bookworm compatibility mode is a part of `Amber Compatability Environment(ACE)`
 
 Amber Compatability Environment is a container app packaging and distributing solution.
 
 With the help of bubblewrap, a super tiny container solution, you can run a `Debian 12` container in almost every linux distrobution. When you can not launch or pack an `Appimage` App, using Bookworm compatibility mode can allow you to pack the app in a newer environment and also be able to run on more distrobutions. It is a good choice! 
 
-Bookworm compatibility mode allows you to use Debian 12 applications on deepin or UniontechOS using bwrap containers, providing you with a better user experience!
+ **You need to logout or reboot your computer to show the entries in launcher app list if it's your first time using ACE.** 
 
 Please use `git clone --recurse-submodules` to obtain the env
 
+
+## Install Guide
+
+
+### Quick Install (Need to install Spark Store first)
+
+[spk://store/tools/cn.flamescion.bookworm-compatibility-mode/](https://spark-store-project.gitee.io/spk-resolv/?spk=spk://store/tools/cn.flamescion.bookworm-compatibility-mode/)
+
+### Manual Install（Debian/Fedora/Arch)
+
+https://share.shenmo.tech:23333/index.php?share/folder&user=1&sid=kr8z6Fqf
+
 ## Build Guide
 
+### Debian
+
 Build the container first then build the package. Container at `src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files`
+Here are the details:
+1. Install dependencies: sudo apt-get install arch-test debootstrap libnss-mymachines systemd-container
+2. Enter the terminal at `src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files` and execute `./build-container.sh amd64`.[for amd,other arch please change]
+3. Wait for the container to complete.
+4.Get in to `bookworm-compatibility-mode` dir,run`fakeroot dpkg-deb -b src .`
+5.Wating for complete.
+
+
+### Fedora
+
+See https://gitee.com/amber-compatability-environment/ace-rpm
+
+### Arch
+
+`yay -S cn.flamescion.bookworm-compatibility-mode`

README.zh.md

@@ -0,0 +1,46 @@
+# 书虫兼容模式
+
+# [English](README.md)
+
+
+琥珀兼容环境是一款基于bubblewrap的容器化应用打包和分发方案。
+
+书虫兼容模式用极为轻量的容器方案让你可以在几乎任何的Linux发行版上运行一个`Debian 12`容器。在`Appimage`应用无法启动或者打包的时候，使用书虫兼容模式来打包可以让你在使用最新的环境的同时在更多的发行版上运行，是一个很好的选择
+
+ **首次安装后请注销或重启以展示启动器入口** 
+
+请使用 `git clone --recurse-submodules` 来获取
+
+## 安装指南
+
+### 快捷安装 (需要安装星火应用商店)
+
+[spk://store/tools/cn.flamescion.bookworm-compatibility-mode/](https://spark-store-project.gitee.io/spk-resolv/?spk=spk://store/tools/cn.flamescion.bookworm-compatibility-mode/)
+
+### 手动安装（Debian/Fedora/Arch)
+
+https://share.shenmo.tech:23333/index.php?share/folder&user=1&sid=kr8z6Fqf
+
+## 构建指南
+
+### Debian
+
+先构建容器再打包，容器位置在`src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files`
+
+下面是详细步骤：
+
+1. 安装依赖：sudo apt-get install arch-test debootstrap libnss-mymachines systemd-container
+2. 在`src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files`位置进入终端，执行`./build-container.sh amd64`[amd架构，其他架构同理]`
+3. 等待容器打包完成
+4. 进入`bookworm-compatibility-mode`目录，执行`fakeroot dpkg-deb -b src .`
+5. 等待打包完成
+
+### Fedora
+
+请前往 https://gitee.com/amber-compatability-environment/ace-rpm
+
+### Arch
+
+`yay -S cn.flamescion.bookworm-compatibility-mode`
+
+---

src/DEBIAN/control

@@ -1,8 +1,8 @@
 Package: cn.flamescion.bookworm-compatibility-mode
-Version: 12.4.7
+Version: 12.4.10
 Section: misc
 Priority: optional
-Depends: bubblewrap,flatpak,zenity,policykit-1,gcc
+Depends: bubblewrap,flatpak,zenity,policykit-1,gcc,systemd
 Maintainer: shenmo <shenmo@spark-app.store>
 Architecture: amd64
 Description: bwrap wrapper for install and running debs inside a bookworm container

src/DEBIAN/postinst

@@ -2,3 +2,8 @@
 export PACKAGE_NAME="$DPKG_MAINTSCRIPT_PACKAGE"
 /opt/apps/$PACKAGE_NAME/files/bin/bookworm-init
 
+if [ "${PACKAGE_NAME}" = "cn.flamescion.bookworm-compatibility-mode" ];then
+systemctl daemon-reload
+systemctl enable ace-auto-upgrade
+systemctl start ace-auto-upgrade
+fi

src/DEBIAN/postrm

@@ -1,5 +1,13 @@
 #!/bin/bash
 PACKAGE_NAME="$DPKG_MAINTSCRIPT_PACKAGE"
+
+if [ "${PACKAGE_NAME}" = "cn.flamescion.bookworm-compatibility-mode" ];then
+systemctl stop ace-auto-upgrade
+systemctl disable ace-auto-upgrade
+fi
+
+
+
 if [ "$1" = "remove" ] || [ "$1" = "purge" ];then
 
 echo "清理卸载残留"
@@ -9,3 +17,5 @@ else
 echo "非卸载，跳过清理"
 fi
 
+
+

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/ace-uninstall-helper

@@ -25,8 +25,13 @@ fi
 
 # 验证是否为desktop文件
 if [[ ! $ABSOLUTE_PATH == *.desktop ]]; then
-    echo "Error: The file is not a desktop file."
+	if [ ! -e $ABSOLUTE_PATH ];then
-    exit 1
+		echo "$ABSOLUTE_PATH does not exist. May have already been uninstalled. Ignore it."
+		exit
+	else
+    		echo "Error: The file is not a desktop file."
+    		exit 1
+	fi
 fi
 
 # 截取路径

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-init

@@ -37,16 +37,15 @@ bwrap --dev-bind $chrootEnvPath/ / \
   --setenv PULSE_SERVER /run/user/$uid/pulse/native \
   --setenv PATH /flamescion-container-tools/bin-override:$PATH \
   --setenv IS_ACE_ENV "1" \
-  --dev-bind $chrootEnvPath/ / \
   --dev-bind-try /media /media \
   --dev-bind-try /tmp /tmp \
   --dev /dev  \
   --dev-bind-try /dev/dri /dev/dri  \
   --proc /proc  \
+  --dev-bind / /host \
   --dev-bind /sys /sys  \
   --dev-bind /run /run  \
   --dev-bind-try /run/user/$uid/pulse /run/user/$uid/pulse  \
-  --dev-bind / /host \
   --bind-try /usr/share/themes /usr/local/share/themes  \
   --bind-try /usr/share/icons /usr/local/share/icons  \
   --bind-try /usr/share/fonts /usr/local/share/fonts  \
@@ -58,267 +57,26 @@ bwrap --dev-bind $chrootEnvPath/ / \
 
 
 }
-# Move the package init work to build stage
+
-#bookworm-run apt update
-#bookworm-run apt install apt-utils bc curl dialog diffutils findutils gnupg2 less libnss-myhostname libvte-2.9*-common libvte-common lsof ncurses-base passwd pinentry-curses procps sudo time util-linux wget libegl1-mesa libgl1-mesa-glx libvulkan1 mesa-vulkan-drivers locales libglib2.0-bin -y
 echo "Update the flamescion container tools"
 cp -r `dirname $chrootEnvPath`/flamescion-container-tools/  $chrootEnvPath
 
 rm -rf $chrootEnvPath/usr/lib/`gcc -dumpmachine`/dri/dri
 # 之前错误的多复制了一个，这里删掉
 
-container_user_gid="$(sudo -u $non_root_user id -rg)"
+export container_user_gid="$(sudo -u $non_root_user id -rg)"
-container_user_home="/home/${non_root_user}"
+export container_user_home="/home/${non_root_user}"
-container_user_name="${non_root_user}"
+export container_user_name="${non_root_user}"
-container_user_uid="$(sudo -u $non_root_user id -ru)"
+export container_user_uid="$(sudo -u $non_root_user id -ru)"
-
-
-cat << EOFFFFFF > $chrootEnvPath/init.sh
-#!/bin/bash 
-        printf "bookworm-cm: Setting up sudo...\n"
-        mkdir -p /etc/sudoers.d
-        # Do not check fqdn when doing sudo, it will not work anyways
-        if ! grep -q 'Defaults !fqdn' /etc/sudoers.d/sudoers; then
-                printf "Defaults !fqdn\n" >> /etc/sudoers.d/sudoers
-        fi
-        # Ensure passwordless sudo is set up for user
-        if ! grep -q "\"${container_user_name}\" ALL = (root) NOPASSWD:ALL" /etc/sudoers.d/sudoers; then
-                printf "\"%s\" ALL = (root) NOPASSWD:ALL\n" "${container_user_name}" >> /etc/sudoers.d/sudoers
-        fi
-
-
-printf "bookworm-cm: Setting up groups...\n"
-# If not existing, ensure we have a group for our user.
-if ! grep -q "^${container_user_name}:" /etc/group; then
-        if ! groupadd --force --gid "${container_user_gid}" "${container_user_name}"; then
-                # It may occur that we have users with unsupported user name (eg. on LDAP or AD)
-                # So let's try and force the group creation this way.
-                printf "%s:x:%s:" "${container_user_name}" "${container_user_gid}" >> /etc/group
-        fi
-fi
-
-printf "bookworm-cm: Setting up users...\n"
-
-# Setup kerberos integration with the host
-if [ -d "/run/host/var/kerberos" ] &&
-        [ -d "/etc/krb5.conf.d" ] &&
-        [ ! -e "/etc/krb5.conf.d/kcm_default_ccache" ]; then
-
-        cat << EOF > "/etc/krb5.conf.d/kcm_default_ccache"
-# # To disable the KCM credential cache, comment out the following lines.
-[libdefaults]
-    default_ccache_name = KCM:
-EOF
-fi
-
-# If we have sudo/wheel groups, let's add the user to them.
-additional_groups=""
-if grep -q "^sudo" /etc/group; then
-        additional_groups="sudo"
-elif grep -q "^wheel" /etc/group; then
-        additional_groups="wheel"
-fi
-
-# Let's add our user to the container. if the user already exists, enforce properties.
-#
-# In case of AD or LDAP usernames, it is possible we will have a backslach in the name.
-# In that case grep would fail, so we replace the backslash with a point to make the regex work.
-# shellcheck disable=SC1003
-if ! grep -q "^$(printf '%s' "${container_user_name}" | tr '\\' '.'):" /etc/passwd &&
-        ! grep -q "^.*:.*:${container_user_uid}:" /etc/passwd; then
-        if ! useradd \
-                --home-dir "${container_user_home}" \
-                --no-create-home \
-                --groups "${additional_groups}" \
-                --shell "${SHELL:-"/bin/bash"}" \
-                --uid "${container_user_uid}" \
-                --gid "${container_user_gid}" \
-                "${container_user_name}"; then
-
-                printf "Warning: there was a problem setting up the user\n"
-                printf "Warning: trying manual addition\n"
-                printf "%s:x:%s:%s:%s:%s:%s" \
-                        "${container_user_name}" "${container_user_uid}" \
-                        "${container_user_gid}" "${container_user_name}" \
-                        "${container_user_home}" "${SHELL:-"/bin/bash"}" >> /etc/passwd
-                printf "%s::1::::::" "${container_user_name}" >> /etc/shadow
-        fi
-# Ensure we're not using the specified SHELL. Run it only once, so that future
-# user's preferences are not overwritten at each start.
-elif [ ! -e /etc/passwd.done ]; then
-        # This situation is presented when podman or docker already creates the user
-        # for us inside container. We should modify the user's prepopulated shadowfile
-        # entry though as per user's active preferences.
-
-        # If the user was there with a different username, get that username so
-        # we can modify it
-        if ! grep -q "^$(printf '%s' "${container_user_name}" | tr '\\' '.'):" /etc/passwd; then
-                user_to_modify=$(getent passwd "${container_user_uid}" | cut -d: -f1)
-        fi
-
-        if ! usermod \
-                --home "${container_user_home}" \
-                --shell "${SHELL:-"/bin/bash"}" \
-                --groups "${additional_groups}" \
-                --uid "${container_user_uid}" \
-                --gid "${container_user_gid}" \
-                --login "${container_user_name}" \
-                "${user_to_modify:-"${container_user_name}"}"; then
-
-                printf "Warning: there was a problem setting up the user\n"
-        fi
-        touch /etc/passwd.done
-fi
-
-# We generate a random password to initialize the entry for the user and root.
-temporary_password="$(cat /proc/sys/kernel/random/uuid)"
-printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | passwd root
-printf "%s:%s" "${container_user_name}" "${temporary_password}" | chpasswd -e
-# Delete password for root and user
-printf "%s:" "root" | chpasswd -e
-printf "%s:" "${container_user_name}" | chpasswd -e
-
-mkdir -p /usr/share/fonts
-mkdir -p /usr/share/icons
-mkdir -p /usr/share/themes
-
-## init host-spawn
-unlink /flamescion-container-tools/bin-override/host-spawn
-ln -sfv /flamescion-container-tools/bin-override/host-spawn-$(uname -m) /flamescion-container-tools/bin-override/host-spawn
-
-## install host-integration
-
-apt install --reinstall /flamescion-container-tools/ace-host-integration.deb
 
 
 
-### Do NVIDIA Integration
-
-echo "ACE: NVIDIA Integration"
-
-    ensureTargetDir() {
-        targetFile=$1
-        t=$(dirname "$targetFile")
-        mkdir -p "$t"
-    }
-
-
-	lib32_dir="/usr/lib/"
-	lib64_dir="/usr/lib/"
-	if [ -e "/usr/lib/x86_64-linux-gnu" ]; then
-		lib64_dir="/usr/lib/x86_64-linux-gnu/"
-	elif [ -e "/usr/lib64" ]; then
-		lib64_dir="/usr/lib64/"
-	fi
-	if [ -e "/usr/lib/i386-linux-gnu" ]; then
-		lib32_dir="/usr/lib/i386-linux-gnu/"
-	elif [ -e "/usr/lib32" ]; then
-		lib32_dir="/usr/lib32/"
-	fi
-
-	# First we find all non-lib files we need, this includes
-	#	- binaries
-	#	- confs
-	#	- egl files
-	#	- icd files
-	#	Excluding here the libs, we will threat them later specifically
-	NVIDIA_FILES="$(find /host/etc/ /host/usr/ \
-		-path "/host/usr/lib/i386-linux-gnu/*" -prune -o \
-		-path "/host/usr/lib/x86_64-linux-gnu/*" -prune -o \
-		-path "/host/usr/lib32/*" -prune -o \
-		-path "/host/usr/lib64/*" -prune -o \
-		-iname "*nvidia*" -not -type d -print 2> /dev/null || :)"
-	for nvidia_file in ${NVIDIA_FILES}; do
-		dest_file="$(printf "%s" "${nvidia_file}" | sed 's|/host||g')"
-		ensureTargetDir ${dest_file}
-		cp -r "${nvidia_file}" "${dest_file}" 
-	done
-
-	# Then we find all directories with nvidia in the name and just mount them
-	NVIDIA_DIRS="$(find /host/etc /host/usr -iname "*nvidia*" -type d 2> /dev/null || :)"
-	for nvidia_dir in ${NVIDIA_DIRS}; do
-		# /usr/lib64 is common in Arch or RPM based distros, while /usr/lib/x86_64-linux-gnu is
-		# common on Debian derivatives, so we need to adapt between the two nomenclatures.
-		if printf "%s" "${nvidia_dir}" | grep -Eq "lib32|lib64|x86_64-linux-gnu|i386-linux-gnu"; then
-
-			# Remove origin so we plug our own
-			dest_dir="$(printf "%s" "${nvidia_dir}" |
-				sed "s|/host/usr/lib/x86_64-linux-gnu/|${lib64_dir}|g" |
-				sed "s|/host/usr/lib/i386-linux-gnu/|${lib32_dir}|g" |
-				sed "s|/host/usr/lib64/|${lib64_dir}|g" |
-				sed "s|/host/usr/lib32/|${lib32_dir}|g")"
-		else
-			dest_dir="$(printf "%s" "${nvidia_dir}" | sed 's|/host||g')"
-		fi
-		ensureTargetDir ${dest_file}
-		cp -r "${nvidia_dir}" "${dest_file}" 
-	done
-
-	# Then we find all the ".so" libraries, there are searched separately
-	# because we need to extract the relative path to mount them in the
-	# correct path based on the guest's setup
-	#
-	# /usr/lib64 is common in Arch or RPM based distros, while /usr/lib/x86_64-linux-gnu is
-	# common on Debian derivatives, so we need to adapt between the two nomenclatures.
-	NVIDIA_LIBS="$(find \
-		/host/usr/lib/i386-linux-gnu/ \
-		/host/usr/lib/x86_64-linux-gnu/ \
-		/host/usr/lib32/ \
-		/host/usr/lib64/ \
-		-iname "*nvidia*.so*" \
-		-o -iname "libcuda*.so*" \
-		-o -iname "libnvcuvid*.so*" \
-		-o -iname "libnvoptix*.so*" 2> /dev/null || :)"
-	for nvidia_lib in ${NVIDIA_LIBS}; do
-		dest_file="$(printf "%s" "${nvidia_lib}" |
-			sed "s|/host/usr/lib/x86_64-linux-gnu/|${lib64_dir}|g" |
-			sed "s|/host/usr/lib/i386-linux-gnu/|${lib32_dir}|g" |
-			sed "s|/host/usr/lib64/|${lib64_dir}|g" |
-			sed "s|/host/usr/lib32/|${lib32_dir}|g")"
-
-		# If file exists, just continue
-		# this may happen for directories like /usr/lib/nvidia/xorg/foo.so
-		# where the directory is already bind mounted (ro) and we don't need
-		# to mount further files in it.
-		if [ -e "${dest_file}" ]; then
-			continue
-		fi
-
-		type="file"
-		if [ -L "${nvidia_lib}" ]; then
-			type="link"
-		fi
-
-		if [ "${type}" = "link" ]; then
-			mkdir -p "$(dirname "${dest_file}")"
-			cp -d "${nvidia_lib}" "${dest_file}"
-			continue
-		fi
-		ensureTargetDir ${dest_file}
-		cp -r "${nvidia_lib}" "${dest_file}" 
-
-	done
-
-	# Refresh ldconfig cache, also detect if there are empty files remaining
-	# and clean them.
-	# This could happen when upgrading drivers and changing versions.
-	empty_libs="$(ldconfig 2>&1 | grep -Eo "File.*is empty" | cut -d' ' -f2)"
-	if [ -n "${empty_libs}" ]; then
-		# shellcheck disable=SC2086
-		find ${empty_libs} -delete 2> /dev/null || :
-		find /usr/ /etc/ -empty -iname "*nvidia*" -delete 2> /dev/null || :
-	fi
-
-
-EOFFFFFF
 
 #####init
 
-chmod +x $chrootEnvPath/init.sh
-bookworm-run bash /init.sh
-bookworm-run rm /init.sh
-bookworm-run cp /host/etc/locale.gen /etc/locale.gen && locale-gen
 
+bookworm-run bash /flamescion-container-tools/container-init/init.sh
+bookworm-run cp /host/etc/locale.gen /etc/locale.gen && locale-gen
 bookworm-run touch /finish.flag
 bookworm-run apt clean
 bookworm-run chown -R $(who | awk '{print $1}' | head -n 1)  /usr/lib/locale/
@@ -354,4 +112,4 @@ sudo -u $(who | awk '{print $1}' | head -n 1) bwrap --dev-bind $chrootEnvPath/ /
   locale-gen
 
 chown -R root $chrootEnvPath
-
+chmod 777 -R $chrootEnvPath /usr/share/icons

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-run

@@ -8,12 +8,6 @@ PKGNAME=`basename $ppparent_dir`
 export PACKAGE_NAME=$PKGNAME
 chrootEnvPath=/opt/apps/$PKGNAME/files/bookworm-env
 
-
-if [ "$(id -u)" = "0" ]; then
-`dirname $chrootEnvPath`/bin/bookworm-run-root "$@"
-exit
-fi
-
 if [ ! -e $chrootEnvPath/finish.flag ];then
 
 if [ "$(id -u)" = "0" ]; then
@@ -40,39 +34,126 @@ for arg in "$@"; do
         container_command="${container_command} '${arg}'"
 done
 fi
+#########################################################################################
+##########合成bwrap 1. 基础函数配置段
+# 初始化 EXEC_COMMAND 为 bwrap 基础指令
+EXEC_COMMAND="bwrap --dev-bind / / bwrap"
+
+# add_command 函数定义
+function add_command() {
+    # 参数拼接，考虑到转义和空格的处理
+    for arg in "$@"; do
+        EXEC_COMMAND="${EXEC_COMMAND} ${arg}"
+    done
+}
+
+function add_env_var() {
+    local var_name="${1}"
+    local var_value="${2}"
+    if [ "$var_value" != "" ]; then    
+	add_command "--setenv $var_name $var_value"
+	
+    fi
+}
+##########合成bwrap 2. 特殊需求函数配置段
+function cursor_theme_dir_integration() {
+
+local directory=""
+if [ "$(id -u)" = "0" ]; then #####We don't want bother root to install themes,but will try to fix the unwriteable issue
+	mkdir -p $chrootEnvPath/usr/share/icons
+	chmod 777 -R $chrootEnvPath/usr/share/icons
+	return
+fi
+
+for directory in "/usr/share/icons"/*; do
+    # 检查是否为目录
+    if [ -d "$directory" ]; then
+        # 检查目录中是否存在 cursors 文件
+        if [ -d "$directory/cursors" ]; then
+        	if [ -w $chrootEnvPath/usr/share/icons ];then
+			add_command "--ro-bind-try $directory $directory"
+		fi
+        fi
+    fi
+done
 
 
-bwrap --dev-bind / / \
+
-  bwrap \
+
-  --setenv LANG "$LANG" \
+
-  --setenv LC_COLLATE "$LC_COLLATE" \
+
-  --setenv LC_CTYPE "$LC_CTYPE" \
+
-  --setenv LC_MONETARY "$LC_MONETARY" \
+}
-  --setenv LC_MESSAGES "$LC_MESSAGES" \
+##########合成bwrap 3. 环境变量和目录绑定配置段
-  --setenv LC_NUMERIC "$LC_NUMERIC" \
+# 添加环境变量和其他初始设置
-  --setenv LC_TIME "$LC_TIME" \
+ENV_VARS=(
-  --setenv LC_ALL "$LC_ALL" \
+    "LANG $LANG"
-  --setenv PULSE_SERVER /run/user/$uid/pulse/native \
+    "LC_COLLATE $LC_COLLATE"
-  --setenv PATH /flamescion-container-tools/bin-override:$PATH \
+    "LC_CTYPE $LC_CTYPE"
-  --setenv IS_ACE_ENV "1" \
+    "LC_MONETARY $LC_MONETARY"
-  --dev-bind $chrootEnvPath/ / \
+    "LC_MESSAGES $LC_MESSAGES"
-  --dev-bind-try /media /media \
+    "LC_NUMERIC $LC_NUMERIC"
-  --dev-bind-try /tmp /tmp \
+    "LC_TIME $LC_TIME"
-  --dev /dev  \
+    "LC_ALL $LC_ALL"
-  --dev-bind-try /dev/dri /dev/dri  \
+    "PULSE_SERVER /run/user/\$uid/pulse/native"
-  --proc /proc  \
+    "PATH /flamescion-container-tools/bin-override:\$PATH"
-  --dev-bind /sys /sys  \
+    "IS_ACE_ENV 1"
-  --dev-bind /run /run  \
+)
-  --dev-bind-try /run/user/$uid/pulse /run/user/$uid/pulse  \
+
-  --dev-bind / /host \
+BIND_DIRS=(
-  --ro-bind-try /usr/share/themes /usr/local/share/themes  \
+    "--dev-bind $chrootEnvPath/ /"
-  --ro-bind-try /usr/share/icons /usr/local/share/icons  \
+    "--dev-bind-try /media /media"
-  --ro-bind-try /usr/share/fonts /usr/local/share/fonts  \
+    "--dev-bind-try /tmp /tmp"
-  --hostname Amber-CE-Bookworm \
+    "--dev /dev"
-  --unshare-uts \
+    "--dev-bind-try /dev/dri /dev/dri"
-  --dev-bind-try /etc/resolv.conf /etc/resolv.conf \
+    "--proc /proc"
-  --cap-add CAP_SYS_ADMIN \
+    "--dev-bind /sys /sys"
-  --dev-bind-try /home /home \
+    "--dev-bind /run /run"
-  bash -c "${container_command}"
+    "--dev-bind-try /run/user/\$uid/pulse /run/user/\$uid/pulse"
+    "--dev-bind / /host"
+    "--ro-bind-try /usr/share/themes /usr/local/share/themes"
+    "--ro-bind-try /usr/share/icons /usr/local/share/icons"
+    "--ro-bind-try /usr/share/fonts /usr/local/share/fonts"
+    "--ro-bind-try $(realpath /etc/localtime) /etc/localtime"
+    "--dev-bind-try /etc/resolv.conf /etc/resolv.conf"
+    "--dev-bind-try /home /home"
+
+)
+EXTRA_ARGS=(
+    "--hostname Amber-CE-Bookworm"
+    "--unshare-uts"
+    "--cap-add CAP_SYS_ADMIN"
+)
+
+EXTRA_SCRIPTS=(
+    cursor_theme_dir_integration
+)
+
+##########合成bwrap 4. 合成并执行指令
+# 逐一添加到 EXEC_COMMAND
+for var in "${ENV_VARS[@]}"; do
+    add_env_var $var
+done
+
+for var in "${BIND_DIRS[@]}"; do
+    add_command "$var"
+done
+
+for var in "${EXTRA_ARGS[@]}"; do
+    add_command "$var"
+done
+
+for var in "${EXTRA_SCRIPTS[@]}"; do
+    $var
+done
+
+# 添加最终的 bash 命令
+add_command "bash -c \"${container_command}\""
+
+# 输出完整的 EXEC_COMMAND 以查看
+# echo "${EXEC_COMMAND}"
+
+# 注意: 实际执行时，请确保所有变量（如 $uid, $chrootEnvPath 等）都已正确定义
+eval ${EXEC_COMMAND}
 
 

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-run-bwrap

@@ -0,0 +1,159 @@
+#!/bin/bash
+
+curdir=`realpath $0`
+parent_dir=`dirname $curdir`
+pparent_dir=`dirname $parent_dir`
+ppparent_dir=`dirname $pparent_dir`
+PKGNAME=`basename $ppparent_dir`
+export PACKAGE_NAME=$PKGNAME
+chrootEnvPath=/opt/apps/$PKGNAME/files/bookworm-env
+
+if [ ! -e $chrootEnvPath/finish.flag ];then
+
+if [ "$(id -u)" = "0" ]; then
+    `dirname $chrootEnvPath`/bin/bookworm-init
+else
+pkexec `dirname $chrootEnvPath`/bin/bookworm-init
+fi
+
+
+fi
+non_root_user=$(who  | awk '{print $1}' | head -n 1)
+uid=$(id -u $non_root_user)
+
+
+#### This part is for args pharm
+if [ "$1" = "" ];then
+container_command="bash"
+else
+container_command="$1"
+shift
+for arg in "$@"; do
+        arg="$(echo "${arg}x" | sed 's|'\''|'\'\\\\\'\''|g')"
+        arg="${arg%x}"
+        container_command="${container_command} '${arg}'"
+done
+fi
+#########################################################################################
+##########合成bwrap 1. 基础函数配置段
+# 初始化 EXEC_COMMAND 为 bwrap 基础指令
+EXEC_COMMAND="bwrap --dev-bind / / bwrap"
+
+# add_command 函数定义
+function add_command() {
+    # 参数拼接，考虑到转义和空格的处理
+    for arg in "$@"; do
+        EXEC_COMMAND="${EXEC_COMMAND} ${arg}"
+    done
+}
+
+function add_env_var() {
+    local var_name="${1}"
+    local var_value="${2}"
+    if [ "$var_value" != "" ]; then    
+	add_command "--setenv $var_name $var_value"
+	
+    fi
+}
+##########合成bwrap 2. 特殊需求函数配置段
+function cursor_theme_dir_integration() {
+
+local directory=""
+if [ "$(id -u)" = "0" ]; then #####We don't want bother root to install themes,but will try to fix the unwriteable issue
+	mkdir -p $chrootEnvPath/usr/share/icons
+	chmod 777 -R $chrootEnvPath/usr/share/icons
+	return
+fi
+
+for directory in "/usr/share/icons"/*; do
+    # 检查是否为目录
+    if [ -d "$directory" ]; then
+        # 检查目录中是否存在 cursors 文件
+        if [ -d "$directory/cursors" ]; then
+        	if [ -w $chrootEnvPath/usr/share/icons ];then
+			add_command "--ro-bind-try $directory $directory"
+		fi
+        fi
+    fi
+done
+
+
+
+
+
+
+
+}
+##########合成bwrap 3. 环境变量和目录绑定配置段
+# 添加环境变量和其他初始设置
+ENV_VARS=(
+    "LANG $LANG"
+    "LC_COLLATE $LC_COLLATE"
+    "LC_CTYPE $LC_CTYPE"
+    "LC_MONETARY $LC_MONETARY"
+    "LC_MESSAGES $LC_MESSAGES"
+    "LC_NUMERIC $LC_NUMERIC"
+    "LC_TIME $LC_TIME"
+    "LC_ALL $LC_ALL"
+    "PULSE_SERVER /run/user/\$uid/pulse/native"
+    "PATH /flamescion-container-tools/bin-override:\$PATH"
+    "IS_ACE_ENV 1"
+)
+
+BIND_DIRS=(
+    "--dev-bind $chrootEnvPath/ /"
+    "--dev-bind-try /media /media"
+    "--dev-bind-try /tmp /tmp"
+    "--dev /dev"
+    "--dev-bind-try /dev/dri /dev/dri"
+    "--proc /proc"
+    "--dev-bind /sys /sys"
+    "--dev-bind /run /run"
+    "--dev-bind-try /run/user/\$uid/pulse /run/user/\$uid/pulse"
+    "--dev-bind / /host"
+    "--ro-bind-try /usr/share/themes /usr/local/share/themes"
+    "--ro-bind-try /usr/share/icons /usr/local/share/icons"
+    "--ro-bind-try /usr/share/fonts /usr/local/share/fonts"
+    "--ro-bind-try $(realpath /etc/localtime) /etc/localtime"
+    "--dev-bind-try /etc/resolv.conf /etc/resolv.conf"
+    "--dev-bind-try /home /home"
+
+)
+EXTRA_ARGS=(
+    "--hostname Amber-CE-Bookworm"
+    "--unshare-uts"
+#    "--cap-add CAP_SYS_ADMIN"
+)
+
+EXTRA_SCRIPTS=(
+    cursor_theme_dir_integration
+)
+
+##########合成bwrap 4. 合成并执行指令
+# 逐一添加到 EXEC_COMMAND
+for var in "${ENV_VARS[@]}"; do
+    add_env_var $var
+done
+
+for var in "${BIND_DIRS[@]}"; do
+    add_command "$var"
+done
+
+for var in "${EXTRA_ARGS[@]}"; do
+    add_command "$var"
+done
+
+for var in "${EXTRA_SCRIPTS[@]}"; do
+    $var
+done
+
+# 添加最终的 bash 命令
+add_command "bash -c \"/usr/bin/bwrap ${container_command}\""
+
+# 输出完整的 EXEC_COMMAND 以查看
+# echo "${EXEC_COMMAND}"
+
+# 注意: 实际执行时，请确保所有变量（如 $uid, $chrootEnvPath 等）都已正确定义
+eval ${EXEC_COMMAND}
+
+

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-run-root

@@ -1,78 +0,0 @@
-#!/bin/bash
-if [ "$(id -u)" != "0" ]; then
-    echo "当前用户不是 root 用户，退出"
-    exit
-fi
-
-curdir=`realpath $0`
-parent_dir=`dirname $curdir`
-pparent_dir=`dirname $parent_dir`
-ppparent_dir=`dirname $pparent_dir`
-PKGNAME=`basename $ppparent_dir`
-export PACKAGE_NAME=$PKGNAME
-chrootEnvPath=/opt/apps/$PKGNAME/files/bookworm-env
-
-
-if [ ! -e $chrootEnvPath/finish.flag ];then
-
-if [ "$(id -u)" = "0" ]; then
-    `dirname $chrootEnvPath`/bin/bookworm-init
-else
-pkexec `dirname $chrootEnvPath`/bin/bookworm-init
-fi
-
-
-fi
-non_root_user=$(who  | awk '{print $1}' | head -n 1)
-uid=$(id -u $non_root_user)
-
-
-#### This part is for args pharm
-if [ "$1" = "" ];then
-container_command="bash"
-else
-container_command="$1"
-shift
-for arg in "$@"; do
-        arg="$(echo "${arg}x" | sed 's|'\''|'\'\\\\\'\''|g')"
-        arg="${arg%x}"
-        container_command="${container_command} '${arg}'"
-done
-fi
-
-
-bwrap --dev-bind / / \
-  bwrap \
-  --setenv LANG "$LANG" \
-  --setenv LC_COLLATE "$LC_COLLATE" \
-  --setenv LC_CTYPE "$LC_CTYPE" \
-  --setenv LC_MONETARY "$LC_MONETARY" \
-  --setenv LC_MESSAGES "$LC_MESSAGES" \
-  --setenv LC_NUMERIC "$LC_NUMERIC" \
-  --setenv LC_TIME "$LC_TIME" \
-  --setenv LC_ALL "$LC_ALL" \
-  --setenv PULSE_SERVER /run/user/$uid/pulse/native \
-  --setenv PATH /flamescion-container-tools/bin-override:$PATH \
-  --setenv IS_ACE_ENV "1" \
-  --dev-bind $chrootEnvPath/ / \
-  --dev-bind-try /media /media \
-  --dev-bind-try /tmp /tmp \
-  --dev /dev  \
-  --dev-bind-try /dev/dri /dev/dri  \
-  --proc /proc  \
-  --dev-bind /sys /sys  \
-  --dev-bind /run /run  \
-  --dev-bind-try /run/user/$uid/pulse /run/user/$uid/pulse  \
-  --dev-bind / /host \
-  --bind-try /usr/share/themes /usr/local/share/themes  \
-  --bind-try /usr/share/icons /usr/local/share/icons  \
-  --bind-try /usr/share/fonts /usr/local/share/fonts  \
-  --hostname Amber-CE-Bookworm \
-  --unshare-uts \
-  --dev-bind-try /etc/resolv.conf /etc/resolv.conf \
-  --cap-add CAP_SYS_ADMIN \
-  --dev-bind-try /home /home \
-  bash -c "${container_command}"
-
-
-

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/build-container.sh

@@ -23,7 +23,7 @@ exit 1
 fi
 
 cd "`dirname $0`"
-sudo debootstrap --include=apt-utils,bash-completion,bc,curl,dialog,diffutils,findutils,gnupg2,less,libnss-myhostname,libvte-common,lsof,ncurses-base,passwd,pinentry-curses,procps,sudo,time,util-linux,wget,libegl1-mesa,libgl1-mesa-glx,libvulkan1,mesa-vulkan-drivers,locales,libglib2.0-bin --arch=${ARCH} bookworm ./bookworm-env https://mirrors.ustc.edu.cn/debian/ 
+sudo debootstrap --include=libnotify-bin,apt-utils,bash-completion,bc,curl,dialog,diffutils,findutils,gnupg2,less,libnss-myhostname,libvte-common,lsof,ncurses-base,passwd,pinentry-curses,procps,sudo,time,util-linux,wget,libegl1-mesa,libgl1-mesa-glx,libvulkan1,mesa-vulkan-drivers,locales,libglib2.0-bin --arch=${ARCH} bookworm ./bookworm-env https://mirrors.ustc.edu.cn/debian/ 
 
 
 sudo rm -rf bookworm-env/var/cache/apt/archives/*.deb

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/flamescion-container-tools/ace-host-integration/opt/ace-host-integration/ace-host-integration

@@ -1,5 +1,43 @@
 #!/bin/bash
-ACE_dir="/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bookworm-env"
+# ===== Log =====
+# log.info xxx
+# log.warn xxx
+# log.info xxx
+# log.debug xxx
+# 带颜色的echo
+function log.color_output() {
+    local color=$1
+    shift 1
+
+    echo >&2 -e "\033[${color}m$@\033[0m"
+    return 0
+}
+
+# Log is named without prefix "utils." for convenience
+# Usage: log.log <level> ...content
+function log.log() {
+    if [[ $# < 2 ]]; then
+        return -1
+    fi
+
+    local level=$1
+    shift 1
+
+    case $level in
+    error) log.color_output "0;31" "[ERROR] $@" ;;
+    warn) log.color_output "1;33" "[WARN] $@" ;;
+    info) log.color_output "1;37" "[INFO] $@" ;;
+    debug) log.color_output "1;30" "[DEBUG] $@" ;;
+    esac
+
+    return 0
+}
+
+function log.error() { log.log "error" "$@"; }
+function log.warn() { log.log "warn" $@; }
+function log.info() { log.log "info" $@; }
+function log.debug() { log.log "debug" $@; }
+
 
 
 function do_integrate(){
@@ -25,19 +63,25 @@ local file=$1
     chmod +x $file
 }
 
-
+if [  "${IS_ACE_ENV}" != "" ];then
-
+	if [ -e /opt/apps/ ];then
-for app_dir in $(ls /opt/apps/); do
+	for app_dir in $(ls /opt/apps/); do
-	for file in /opt/apps/$app_dir/entries/applications/*.desktop;do
+		for file in /opt/apps/$app_dir/entries/applications/*.desktop;do
-	do_integrate $file
+		do_integrate $file
 
 	
+		done
 	done
-done
+	else
-
+	log.warn "No /opt/apps directory. Skip..."
-
+	fi
+	
 for file in /usr/share/applications/*.desktop; do
 do_integrate $file
 done
 find "/usr/share/applications/" -xtype l -delete
 
+else
+
+log.error "DO NOT run me on host OS"
+fi

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/flamescion-container-tools/ace-upgrader/ace-upgrader

@@ -0,0 +1,175 @@
+#!/bin/bash
+LANGUAGE=en_US
+
+
+
+#############################################################
+# ===== Log =====
+# log.info xxx
+# log.warn xxx
+# log.info xxx
+# log.debug xxx
+# 带颜色的echo
+function log.color_output() {
+    local color=$1
+    shift 1
+
+    echo >&2 -e "\033[${color}m$@\033[0m"
+    return 0
+}
+
+# Log is named without prefix "utils." for convenience
+# Usage: log.log <level> ...content
+function log.log() {
+    if [[ $# < 2 ]]; then
+        return -1
+    fi
+
+    local level=$1
+    shift 1
+
+    case $level in
+    error) log.color_output "0;31" "[ERROR] $@" ;;
+    warn) log.color_output "1;33" "[WARN] $@" ;;
+    info) log.color_output "1;37" "[INFO] $@" ;;
+    debug) log.color_output "1;30" "[DEBUG] $@" ;;
+    esac
+
+    return 0
+}
+
+function log.error() { log.log "error" "$@"; }
+function log.warn() { log.log "warn" $@; }
+function log.info() { log.log "info" $@; }
+function log.debug() { log.log "debug" $@; }
+
+
+# 发送通知
+function notify-send() {
+
+
+    # Detect user using the display
+    local user=$(who | awk '{print $1}' | head -n 1)
+
+    # Detect uid of the user
+    local uid=$(id -u $user)
+    log.debug "User is $user and the uid of it is $uid"
+    sudo -u $user  DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${uid}/bus notify-send $@
+}
+
+
+# 检测网络链接畅通
+function network-check()
+{
+    # 超时时间
+    local timeout=15
+
+    # 目标网站
+    local target=www.baidu.com
+
+    # 获取响应状态码
+    local ret_code=`curl -I -s --connect-timeout ${timeout} ${target} -w %{http_code} | tail -n1`
+
+    if [ "x$ret_code" = "x200" ] ; then
+        # 网络畅通
+        return 0
+    else
+        # 网络不畅通
+        return 1
+    fi
+}
+###############################################################
+
+if [ "$(id -u)" != "0" ]; then
+log.error "Nope we need root to run"
+exit -1
+fi
+
+network-check
+if [ $? -ne 0 ] ; then
+    log.error "NETWORK_FAIL"
+    exit -1
+fi
+
+# The code above is modified from https://blog.csdn.net/yaxuan88521/article/details/120516298
+
+if [  $(which aptss)  ];then
+APT_COMMAND=aptss
+/usr/bin/apt update
+log.info "Using aptss to operate the upgrade process since we detect it."
+elif [ -e /usr/bin/apt ];then
+APT_COMMAND=/usr/bin/apt
+log.info "Using apt to operate the upgrade process."
+else
+log.error "Nope we support debian only now"
+exit -1
+fi
+${APT_COMMAND} clean
+${APT_COMMAND} update
+
+updatetext=`${APT_COMMAND} update 2>&1`
+
+until [ "`echo $updatetext | grep E: `" = "" ];do
+log.info "UPDATE_ERROR_AND_WAIT_15_SEC"
+sleep 15
+updatetext=`${APT_COMMAND} update 2>&1`
+
+
+
+done
+
+isupdate=`echo ${updatetext: -5}`
+if [ "$isupdate" = "date." ] ; then
+	log.info "No need to upgrade. exit"
+    exit 0
+fi
+
+## 从这里开始，只有检测到了更新才会进行
+update_app_number=`echo ${updatetext%package*} #从右向左截取第一个 src 后的字符串`
+update_app_number=`echo ${update_app_number##*information...}`
+
+# 获取用户选择的要更新的应用
+PKG_LIST="$(env LANGUAGE=en_US /usr/bin/apt list --upgradable  | awk NR\>1)"
+# 指定分隔符为 \n
+IFS_OLD="$IFS"
+IFS=$'\n'
+
+for line in $PKG_LIST ; do
+    PKG_NAME=$(echo $line | awk -F ' ' '{print $1}')
+    PKG_NEW_VER=$(echo $line | awk -F ' ' '{print $2}')
+    PKG_CUR_VER=$(echo $line | awk -F ' ' '{print $3}')
+
+    dpkg --compare-versions $PKG_NEW_VER le $PKG_CUR_VER
+
+    if [ $? -eq 0 ] ; then
+        let update_app_number=$update_app_number-1
+        continue
+    fi
+
+    ## 检测是否是 hold 状态
+    PKG_STA=$(dpkg-query -W -f='${db:Status-Want}' $PKG_NAME)
+    if [ "$PKG_STA" = "hold" ] ; then
+        let update_app_number=$update_app_number-1
+    fi
+done
+
+# 还原分隔符
+IFS="$IFS_OLD"
+if [ $update_app_number -le 0 ] ; then
+	log.info "No package need to upgrade after ignoring those holded ones. exit"
+    exit 0
+fi
+
+
+## 如果都是hold或者版本一致的那就直接退出，否则把剩余的给提醒了
+
+
+user=$(who | awk '{print $1}' | head -n 1)
+
+	log.info "ACE环境中有 $update_app_number 个软件包可升级，正在自动升级"
+notify-send -a cn.flamescion.bookworm-compatibility-mode "ACE兼容环境" "ACE环境中有${update_app_number}个软件包可升级，执行自动升级..."
+
+${APT_COMMAND} clean
+${APT_COMMAND} full-upgrade -y
+${APT_COMMAND} clean
+notify-send -a cn.flamescion.bookworm-compatibility-mode "ACE兼容环境" "自动升级结束"

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/flamescion-container-tools/bin-override/bwrap

@@ -0,0 +1,2 @@
+#!/bin/bash
+host-spawn /opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-run-bwrap $@

src/opt/apps/cn.flamescion.bookworm-compatibility-mode/files/flamescion-container-tools/container-init/init.sh

@@ -0,0 +1,245 @@
+#!/bin/bash 
+if [ "$IS_ACE_ENV" != "1" ];then
+echo "ONLY RUN ME IN ACE"
+exit
+fi
+
+
+
+        printf "ACE: Setting up sudo...\n"
+        mkdir -p /etc/sudoers.d
+        # Do not check fqdn when doing sudo, it will not work anyways
+        if ! grep -q 'Defaults !fqdn' /etc/sudoers.d/sudoers; then
+                printf "Defaults !fqdn\n" >> /etc/sudoers.d/sudoers
+        fi
+        # Ensure passwordless sudo is set up for user
+        if ! grep -q "\"${container_user_name}\" ALL = (root) NOPASSWD:ALL" /etc/sudoers.d/sudoers; then
+                printf "\"%s\" ALL = (root) NOPASSWD:ALL\n" "${container_user_name}" >> /etc/sudoers.d/sudoers
+        fi
+
+
+printf "ACE: Setting up groups...\n"
+# If not existing, ensure we have a group for our user.
+if ! grep -q "^${container_user_name}:" /etc/group; then
+        if ! groupadd --force --gid "${container_user_gid}" "${container_user_name}"; then
+                # It may occur that we have users with unsupported user name (eg. on LDAP or AD)
+                # So let's try and force the group creation this way.
+                printf "%s:x:%s:" "${container_user_name}" "${container_user_gid}" >> /etc/group
+        fi
+fi
+
+printf "ACE: Setting up users...\n"
+
+# Setup kerberos integration with the host
+if [ -d "/run/host/var/kerberos" ] &&
+        [ -d "/etc/krb5.conf.d" ] &&
+        [ ! -e "/etc/krb5.conf.d/kcm_default_ccache" ]; then
+
+        cat << EOF > "/etc/krb5.conf.d/kcm_default_ccache"
+# # To disable the KCM credential cache, comment out the following lines.
+[libdefaults]
+    default_ccache_name = KCM:
+EOF
+fi
+
+# If we have sudo/wheel groups, let's add the user to them.
+additional_groups=""
+if grep -q "^sudo" /etc/group; then
+        additional_groups="sudo"
+elif grep -q "^wheel" /etc/group; then
+        additional_groups="wheel"
+fi
+
+# Let's add our user to the container. if the user already exists, enforce properties.
+#
+# In case of AD or LDAP usernames, it is possible we will have a backslach in the name.
+# In that case grep would fail, so we replace the backslash with a point to make the regex work.
+# shellcheck disable=SC1003
+if ! grep -q "^$(printf '%s' "${container_user_name}" | tr '\\' '.'):" /etc/passwd &&
+        ! grep -q "^.*:.*:${container_user_uid}:" /etc/passwd; then
+        if ! useradd \
+                --home-dir "${container_user_home}" \
+                --no-create-home \
+                --groups "${additional_groups}" \
+                --shell "${SHELL:-"/bin/bash"}" \
+                --uid "${container_user_uid}" \
+                --gid "${container_user_gid}" \
+                "${container_user_name}"; then
+
+                printf "Warning: there was a problem setting up the user\n"
+                printf "Warning: trying manual addition\n"
+                printf "%s:x:%s:%s:%s:%s:%s" \
+                        "${container_user_name}" "${container_user_uid}" \
+                        "${container_user_gid}" "${container_user_name}" \
+                        "${container_user_home}" "${SHELL:-"/bin/bash"}" >> /etc/passwd
+                printf "%s::1::::::" "${container_user_name}" >> /etc/shadow
+        fi
+# Ensure we're not using the specified SHELL. Run it only once, so that future
+# user's preferences are not overwritten at each start.
+elif [ ! -e /etc/passwd.done ]; then
+        # This situation is presented when podman or docker already creates the user
+        # for us inside container. We should modify the user's prepopulated shadowfile
+        # entry though as per user's active preferences.
+
+        # If the user was there with a different username, get that username so
+        # we can modify it
+        if ! grep -q "^$(printf '%s' "${container_user_name}" | tr '\\' '.'):" /etc/passwd; then
+                user_to_modify=$(getent passwd "${container_user_uid}" | cut -d: -f1)
+        fi
+
+        if ! usermod \
+                --home "${container_user_home}" \
+                --shell "${SHELL:-"/bin/bash"}" \
+                --groups "${additional_groups}" \
+                --uid "${container_user_uid}" \
+                --gid "${container_user_gid}" \
+                --login "${container_user_name}" \
+                "${user_to_modify:-"${container_user_name}"}"; then
+
+                printf "Warning: there was a problem setting up the user\n"
+        fi
+        touch /etc/passwd.done
+fi
+
+# We generate a random password to initialize the entry for the user and root.
+temporary_password="$(cat /proc/sys/kernel/random/uuid)"
+printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | passwd root
+printf "%s:%s" "${container_user_name}" "${temporary_password}" | chpasswd -e
+# Delete password for root and user
+printf "%s:" "root" | chpasswd -e
+printf "%s:" "${container_user_name}" | chpasswd -e
+
+mkdir -p /usr/share/fonts
+mkdir -p /usr/share/icons
+mkdir -p /usr/share/themes
+
+## init host-spawn
+unlink /flamescion-container-tools/bin-override/host-spawn
+ln -sfv /flamescion-container-tools/bin-override/host-spawn-$(uname -m) /flamescion-container-tools/bin-override/host-spawn
+
+## install host-integration
+
+apt install --reinstall /flamescion-container-tools/ace-host-integration.deb
+
+
+
+### Do NVIDIA Integration
+
+echo "ACE: NVIDIA Integration"
+
+    ensureTargetDir() {
+        targetFile=$1
+        t=$(dirname "$targetFile")
+        mkdir -p "$t"
+    }
+
+
+	lib32_dir="/usr/lib/"
+	lib64_dir="/usr/lib/"
+	if [ -e "/usr/lib/x86_64-linux-gnu" ]; then
+		lib64_dir="/usr/lib/x86_64-linux-gnu/"
+	elif [ -e "/usr/lib64" ]; then
+		lib64_dir="/usr/lib64/"
+	fi
+	if [ -e "/usr/lib/i386-linux-gnu" ]; then
+		lib32_dir="/usr/lib/i386-linux-gnu/"
+	elif [ -e "/usr/lib32" ]; then
+		lib32_dir="/usr/lib32/"
+	fi
+
+	# First we find all non-lib files we need, this includes
+	#	- binaries
+	#	- confs
+	#	- egl files
+	#	- icd files
+	#	Excluding here the libs, we will threat them later specifically
+	NVIDIA_FILES="$(find /host/etc/ /host/usr/ \
+		-path "/host/usr/lib/i386-linux-gnu/*" -prune -o \
+		-path "/host/usr/lib/x86_64-linux-gnu/*" -prune -o \
+		-path "/host/usr/lib32/*" -prune -o \
+		-path "/host/usr/lib64/*" -prune -o \
+		-iname "*nvidia*" -not -type d -print 2> /dev/null || :)"
+	for nvidia_file in ${NVIDIA_FILES}; do
+		dest_file="$(printf "%s" "${nvidia_file}" | sed 's|/host||g')"
+		ensureTargetDir ${dest_file}
+		cp -r "${nvidia_file}" "${dest_file}" 
+	done
+
+	# Then we find all directories with nvidia in the name and just mount them
+	NVIDIA_DIRS="$(find /host/etc /host/usr -iname "*nvidia*" -type d 2> /dev/null || :)"
+	for nvidia_dir in ${NVIDIA_DIRS}; do
+		# /usr/lib64 is common in Arch or RPM based distros, while /usr/lib/x86_64-linux-gnu is
+		# common on Debian derivatives, so we need to adapt between the two nomenclatures.
+		if printf "%s" "${nvidia_dir}" | grep -Eq "lib32|lib64|x86_64-linux-gnu|i386-linux-gnu"; then
+
+			# Remove origin so we plug our own
+			dest_dir="$(printf "%s" "${nvidia_dir}" |
+				sed "s|/host/usr/lib/x86_64-linux-gnu/|${lib64_dir}|g" |
+				sed "s|/host/usr/lib/i386-linux-gnu/|${lib32_dir}|g" |
+				sed "s|/host/usr/lib64/|${lib64_dir}|g" |
+				sed "s|/host/usr/lib32/|${lib32_dir}|g")"
+		else
+			dest_dir="$(printf "%s" "${nvidia_dir}" | sed 's|/host||g')"
+		fi
+		ensureTargetDir ${dest_file}
+		cp -r "${nvidia_dir}" "${dest_file}" 
+	done
+
+	# Then we find all the ".so" libraries, there are searched separately
+	# because we need to extract the relative path to mount them in the
+	# correct path based on the guest's setup
+	#
+	# /usr/lib64 is common in Arch or RPM based distros, while /usr/lib/x86_64-linux-gnu is
+	# common on Debian derivatives, so we need to adapt between the two nomenclatures.
+	NVIDIA_LIBS="$(find \
+		/host/usr/lib/i386-linux-gnu/ \
+		/host/usr/lib/x86_64-linux-gnu/ \
+		/host/usr/lib32/ \
+		/host/usr/lib64/ \
+		-iname "*nvidia*.so*" \
+		-o -iname "libcuda*.so*" \
+		-o -iname "libnvcuvid*.so*" \
+		-o -iname "libnvoptix*.so*" 2> /dev/null || :)"
+	for nvidia_lib in ${NVIDIA_LIBS}; do
+		dest_file="$(printf "%s" "${nvidia_lib}" |
+			sed "s|/host/usr/lib/x86_64-linux-gnu/|${lib64_dir}|g" |
+			sed "s|/host/usr/lib/i386-linux-gnu/|${lib32_dir}|g" |
+			sed "s|/host/usr/lib64/|${lib64_dir}|g" |
+			sed "s|/host/usr/lib32/|${lib32_dir}|g")"
+
+		# If file exists, just continue
+		# this may happen for directories like /usr/lib/nvidia/xorg/foo.so
+		# where the directory is already bind mounted (ro) and we don't need
+		# to mount further files in it.
+		if [ -e "${dest_file}" ]; then
+			continue
+		fi
+
+		type="file"
+		if [ -L "${nvidia_lib}" ]; then
+			type="link"
+		fi
+
+		if [ "${type}" = "link" ]; then
+			mkdir -p "$(dirname "${dest_file}")"
+			cp -d "${nvidia_lib}" "${dest_file}"
+			continue
+		fi
+		ensureTargetDir ${dest_file}
+		cp -r "${nvidia_lib}" "${dest_file}" 
+
+	done
+
+	# Refresh ldconfig cache, also detect if there are empty files remaining
+	# and clean them.
+	# This could happen when upgrading drivers and changing versions.
+	empty_libs="$(ldconfig 2>&1 | grep -Eo "File.*is empty" | cut -d' ' -f2)"
+	if [ -n "${empty_libs}" ]; then
+		# shellcheck disable=SC2086
+		find ${empty_libs} -delete 2> /dev/null || :
+		find /usr/ /etc/ -empty -iname "*nvidia*" -delete 2> /dev/null || :
+	fi
+echo "ACE: Timezone Integration"
+rm /etc/localtime
+cp $(realpath /host/etc/localtime) /etc/localtime
+chmod 777 /etc/localtime 

src/usr/bin/bookworm-init

@@ -1 +0,0 @@
-../../opt/apps/cn.flamescion.bookworm-compatibility-mode/files/bin/bookworm-init

src/usr/lib/systemd/system/ace-auto-upgrade.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Amber CE Auto upgrade
+After=apt-daily.service network.target network-online.target systemd-networkd.service NetworkManager.service connman.service
+
+
+[Service]
+Type=simple
+RemainAfterExit=yes 
+ExecStart=bookworm-run /flamescion-container-tools/ace-upgrader/ace-upgrader
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target