spark-store-project/amber-pm
15
0
Fork 0
mirror of https://gitee.com/amber-ce/amber-pm synced 2026-03-25 23:19:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

初步支持沙箱化运行应用

Browse Source
This commit is contained in:
shenmo
2025-11-01 00:21:27 +08:00
parent 7b8ceb8328
commit 0f9a4ed76a
5 changed files with 212 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -26,22 +26,29 @@ Usage:
Commands: Commands:
install 安装软件包 install 安装软件包
remove 卸载软件包 remove 卸载软件包
run <package> 运行指定软件包的可执行文件
sandbox-run <package> 运行指定软件包的可执行文件(主目录沙箱化)
update 更新软件包信息 update 更新软件包信息
hold 锁定软件包版本
unhold 解锁软件包版本
full-upgrade 升级全部软件包
list 查看可用软件包信息 list 查看可用软件包信息
show 查看软件包信息
search 搜索软件包 search 搜索软件包
download 下载包 download 下载包
show 展示包信息
clean 清除缓存软件包 clean 清除缓存软件包
autoremove 自动移除不需要的包 autoremove 自动移除不需要的包
full-upgrade 完全升级软件包
run <package> 运行指定软件包的可执行文件
ssaudit <path> 使用 ssaudit 进行本地软件安装,详情见 spark-store ssaudit <path> 使用 ssaudit 进行本地软件安装,详情见 spark-store
debug 显示调试系统信息并进入调试环境 debug 显示调试系统信息并进入调试环境
amber 彩蛋功能 amber 彩蛋功能
xmp360 彩蛋功能 xmp360 彩蛋功能
bronya 彩蛋功能 bronya 彩蛋功能
-h, --help 显示此帮助信息 -h, --help 显示此帮助信息
-v, --version 展示APM版本号
``` ```

15
src/usr/bin/apm
View File

@@ -22,6 +22,7 @@ Commands:
install 安装软件包 install 安装软件包
remove 卸载软件包 remove 卸载软件包
run <package> 运行指定软件包的可执行文件 run <package> 运行指定软件包的可执行文件
sandbox-run <package> 运行指定软件包的可执行文件(主目录沙箱化)
update 更新软件包信息 update 更新软件包信息
hold 锁定软件包版本 hold 锁定软件包版本
@@ -53,7 +54,11 @@ apm_exec(){
local lowerdirs=() local lowerdirs=()
local current_dir="${PATH_PREFIX}/var/lib/apm/${coredir}" # 当前目录开始 local current_dir="${PATH_PREFIX}/var/lib/apm/${coredir}" # 当前目录开始
local next_info_file="" local next_info_file=""
if [[ "$APM_USE_SANDBOX" = "1" ]];then
APM_RUN_EXEC=/var/lib/apm/apm/files/ace-run-sandbox
else
APM_RUN_EXEC=/var/lib/apm/apm/files/ace-run
fi
while : ; do while : ; do
# 构建info文件的路径 # 构建info文件的路径
next_info_file="${current_dir}/info" next_info_file="${current_dir}/info"
@@ -105,7 +110,7 @@ apm_exec(){
fuse-overlayfs -o lowerdir="$lowerdir",upperdir="${PATH_PREFIX}/var/lib/apm/${coredir}/files/core/",workdir="${PATH_PREFIX}/var/lib/apm/${coredir}/files/work/" "/tmp/apm/${coredir}" fuse-overlayfs -o lowerdir="$lowerdir",upperdir="${PATH_PREFIX}/var/lib/apm/${coredir}/files/core/",workdir="${PATH_PREFIX}/var/lib/apm/${coredir}/files/work/" "/tmp/apm/${coredir}"
# 执行命令 # 执行命令
chrootEnvPath="/tmp/apm/${coredir}" /var/lib/apm/apm/files/ace-run "$@" chrootEnvPath="/tmp/apm/${coredir}" ${APM_RUN_EXEC} "$@"
# 卸载 # 卸载
umount "/tmp/apm/${coredir}" umount "/tmp/apm/${coredir}"
@@ -314,6 +319,12 @@ case "$1" in
exit 1 exit 1
fi fi
;; ;;
sandbox-run)
# 运行包命令:第二个参数必须是包名
export APM_USE_SANDBOX=1
shift
$0 run "$@"
;;
debug) debug)
shift shift
debug_info $@ debug_info $@

5
src/usr/share/bash-completion/completions/apm
View File

@@ -44,11 +44,14 @@ _apm()
"update" "update"
"upgrade" "full-upgrade" "dist-upgrade" "upgrade" "full-upgrade" "dist-upgrade"
"run" "run"
"run-sandbox"
"help" "help"
"source" "build-dep" "source" "build-dep"
"clean" "autoclean" "clean" "autoclean"
"download" "changelog" "download" "changelog"
"amber" "amber"
"xmp360"
"bronya"
"debug" "debug"
"depends" "rdepends" "depends" "rdepends"
"policy") "policy")
@@ -236,7 +239,7 @@ fi
command grep "^Source: $cur" | sort -u | cut -f2 -d" " ) ) command grep "^Source: $cur" | sort -u | cut -f2 -d" " ) )
return 0 return 0
;; ;;
run) run|run-sandbox)
COMPREPLY=( $( compgen -W "$(apm_run_compgen)" "$cur" ) ) COMPREPLY=( $( compgen -W "$(apm_run_compgen)" "$cur" ) )
return 0 return 0
;; ;;

13
src/var/lib/apm/apm/files/ace-run
View File

@@ -33,7 +33,10 @@ APM_PKG_NAME="${APM_PKG_NAME:-apm-general}"
non_root_user=$(who | awk '{print $1}' | head -n 1) non_root_user=$(who | awk '{print $1}' | head -n 1)
uid=$(id -u $non_root_user) uid=$(id -u $non_root_user)
ensure_dir $HOME/.apm/${APM_PKG_NAME}/ ensure_dir $HOME/.apm/${APM_PKG_NAME}/.deepinwine
#### This part is for args pharm #### This part is for args pharm
if [ "$1" = "" ];then if [ "$1" = "" ];then
@@ -125,13 +128,7 @@ BIND_DIRS=(
"--ro-bind-try /usr/share/fonts /usr/local/share/fonts" "--ro-bind-try /usr/share/fonts /usr/local/share/fonts"
"--dev-bind-try /etc/resolv.conf /etc/resolv.conf" "--dev-bind-try /etc/resolv.conf /etc/resolv.conf"
"--dev-bind-try /home /home" "--dev-bind-try /home /home"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/ $HOME/" "--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/.deepinwine $HOME/.deepinwine"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DESKTOP)) $(xdg-user-dir DESKTOP)"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DOCUMENTS)) $(xdg-user-dir DOCUMENTS)"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir PICTURES)) $(xdg-user-dir PICTURES)"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DOWNLOAD)) $(xdg-user-dir DOWNLOAD)"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir VIDEOS)) $(xdg-user-dir VIDEOS)"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir MUSIC)) $(xdg-user-dir MUSIC)"
) )
EXTRA_ARGS=( EXTRA_ARGS=(
"--cap-add CAP_SYS_ADMIN" "--cap-add CAP_SYS_ADMIN"

180
src/var/lib/apm/apm/files/ace-run-sandbox Executable file
View File

@@ -0,0 +1,180 @@
#!/bin/bash
function bash(){
/usr/bin/bash --rcfile <(cat ~/.bashrc; echo "PS1=\"\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@Amber-PM \[\e[36;40m\]\w\[\e[0m\]]\\\$ \"") $@
}
export -f bash
function ensure_dir() {
local dir="$1"
# 检查目录是否为空
if [ -z "$dir" ]; then
echo "错误: 目录路径不能为空"
return 1
fi
# 检查目录是否存在
if [ ! -d "$dir" ]; then
echo "目录 '$dir' 不存在,正在创建..."
if mkdir -p "$dir"; then
echo "成功创建目录 '$dir'"
return 0
else
echo "错误: 无法创建目录 '$dir'"
return 1
fi
else
return 0
fi
}
chrootEnvPath="${chrootEnvPath:-$(pwd)/ace-env}"
APM_PKG_NAME="${APM_PKG_NAME:-apm-general}"
non_root_user=$(who | awk '{print $1}' | head -n 1)
uid=$(id -u $non_root_user)
ensure_dir $HOME/.apm/${APM_PKG_NAME}/
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DESKTOP))
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DOCUMENTS))
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir PICTURES))
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir DOWNLOAD))
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir VIDEOS))
ensure_dir $HOME/.apm/${APM_PKG_NAME}/$(basename $(xdg-user-dir MUSIC))
#### This part is for args pharm
if [ "$1" = "" ];then
container_command="bash"
else
container_command="$1"
shift
for arg in "$@"; do
arg="$(echo "${arg}x" | sed 's|'\''|'\'\\\\\'\''|g')"
arg="${arg%x}"
container_command="${container_command} '${arg}'"
done
fi
#########################################################################################
##########合成bwrap 1. 基础函数配置段
# 初始化 EXEC_COMMAND 为 bwrap 基础指令
EXEC_COMMAND="bwrap --dev-bind / / bwrap"
# add_command 函数定义
function add_command() {
# 参数拼接,考虑到转义和空格的处理
for arg in "$@"; do
EXEC_COMMAND="${EXEC_COMMAND} ${arg}"
done
}
function add_env_var() {
local var_name="${1}"
local var_value="${2}"
if [ "$var_value" != "" ]; then
add_command "--setenv $var_name $var_value"
fi
}
##########合成bwrap 2. 特殊需求函数配置段
function cursor_theme_dir_integration() {
local directory=""
if [ "$(id -u)" = "0" ]; then #####We don't want bother root to install themes,but will try to fix the unwriteable issue
mkdir -p $chrootEnvPath/usr/share/icons
chmod 777 -R $chrootEnvPath/usr/share/icons
return
fi
for directory in "/usr/share/icons"/*; do
# 检查是否为目录
if [ -d "$directory" ]; then
# 检查目录中是否存在 cursors 文件
if [ -d "$directory/cursors" ]; then
if [ -w $chrootEnvPath/usr/share/icons ];then
add_command "--ro-bind-try $directory $directory"
fi
fi
fi
done
}
##########合成bwrap 3. 环境变量和目录绑定配置段
# 添加环境变量和其他初始设置
ENV_VARS=(
"FAKEROOTDONTTRYCHOWN 1"
"PULSE_SERVER /run/user/\$uid/pulse/native"
"PATH /amber-ce-tools/bin-override:\$PATH"
"IS_ACE_ENV 1"
"GTK_USE_PORTAL 1"
"XDG_DATA_DIRS /amber-ce-tools/additional-data-dir-in-container:\$XDG_DATA_DIRS"
)
BIND_DIRS=(
"--dev-bind $chrootEnvPath/ /"
"--dev-bind-try /media /media"
"--dev-bind-try /mnt /mnt"
"--dev-bind-try /tmp /tmp"
"--dev-bind-try /data /data"
"--dev-bind-try /dev /dev"
"--proc /proc"
"--dev-bind /sys /sys"
"--dev-bind /run /run"
"--dev-bind-try /run/user/\$uid/pulse /run/user/\$uid/pulse"
"--dev-bind / /host"
"--ro-bind-try /usr/share/themes /usr/local/share/themes"
"--ro-bind-try /usr/share/icons /usr/share/icons"
"--ro-bind-try /usr/share/fonts /usr/local/share/fonts"
"--dev-bind-try /etc/resolv.conf /etc/resolv.conf"
"--dev-bind-try /home /home"
"--dev-bind-try $HOME/.apm/${APM_PKG_NAME}/ $HOME/"
"--dev-bind-try $(xdg-user-dir DESKTOP) $(xdg-user-dir DESKTOP)"
"--dev-bind-try $(xdg-user-dir DOCUMENTS) $(xdg-user-dir DOCUMENTS)"
"--dev-bind-try $(xdg-user-dir PICTURES) $(xdg-user-dir PICTURES)"
"--dev-bind-try $(xdg-user-dir DOWNLOAD) $(xdg-user-dir DOWNLOAD)"
"--dev-bind-try $(xdg-user-dir VIDEOS) $(xdg-user-dir VIDEOS)"
"--dev-bind-try $(xdg-user-dir MUSIC) $(xdg-user-dir MUSIC)"
)
EXTRA_ARGS=(
"--cap-add CAP_SYS_ADMIN"
)
EXTRA_SCRIPTS=(
# cursor_theme_dir_integration
)
##########合成bwrap 4. 合成并执行指令
# 逐一添加到 EXEC_COMMAND
for var in "${ENV_VARS[@]}"; do
add_env_var $var
done
for var in "${BIND_DIRS[@]}"; do
add_command "$var"
done
for var in "${EXTRA_ARGS[@]}"; do
add_command "$var"
done
for var in "${EXTRA_SCRIPTS[@]}"; do
$var
done
# 添加最终的 bash 命令
add_command "bash -c \"${container_command}\""
# 输出完整的 EXEC_COMMAND 以查看
# echo "${EXEC_COMMAND}"
# 注意: 实际执行时,请确保所有变量(如 $uid, $chrootEnvPath 等)都已正确定义
eval ${EXEC_COMMAND}