From 505a96b90fc2900de36c4b59038137224c7be26a Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 16:31:09 -0400 Subject: [PATCH 01/25] Add more control to which directories apps get access to --- modules/sandboxes.am | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 667ec233e..c83fa9d53 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -100,6 +100,11 @@ case "$1" in DATADIR="${XDG_DATA_HOME:-$HOME/.local/share}" CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" + + # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME + APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) + APPCONF=$( ls "$CONFIGDIR" | grep -i "$APPNAME" | head -1 ) + mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" @@ -113,15 +118,17 @@ case "$1" in echo " \033[32m$APPEXEC successfully unsandboxed!\n" exit 0 fi + if [ -z "$APPNAME" ]; then exit 1; fi # Start at sandboxed home # Edit below this to add or remove access to parts of the system exec aisap --trust-once --level 2 \ --data-dir "$SANDBOXDIR/$APPNAME" \ - --add-file "$DATADIR/$APPNAME":rw \ + --add-file "$DATADIR/${APPDATA:-$APPNAME}":rw \ --add-file "$DATADIR"/themes \ --add-file "$DATADIR"/icons \ - --add-file "$CONFIGDIR/$APPNAME":rw \ + --add-file "$CONFIGDIR/${APPCONF:-$APPNAME}":rw \ + --add-file "$CONFIGDIR"/dconf \ --add-file "$CONFIGDIR"/gtk3.0 \ --add-file "$CONFIGDIR"/gtk4.0 \ --add-file "$CONFIGDIR"/kdeglobals \ @@ -129,6 +136,12 @@ case "$1" in --add-file "$CONFIGDIR"/qt6ct \ --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ + --rm-file xdg-download \ + --rm-file xdg-music \ + --rm-file xdg-pictures \ + --rm-file xdg-videos \ + --rm-file xdg-documents \ + --add-socket dbus \ --add-socket x11 \ --add-socket wayland \ --add-socket pulseaudio \ @@ -138,6 +151,22 @@ case "$1" in HEREDOC $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 + read -p "Allow $2 to access ~/Downloads? (y/N): " yn + if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then + sed -i "s|--rm-file xdg-download|--add-file xdg-download:rw|g" "$TARGET" || exit 1 + fi + read -p "Allow $2 to access ~/Documents? (y/N): " yn + if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then + sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 + fi + read -p "Allow $2 to access ~/Pictures (y/N): " yn + if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then + sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 + fi + read -p "Allow $2 to access ~/Videos (y/N): " yn + if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then + sed -i "s|--rm-file xdg-videos|--add-file xdg-videos:rw|g" "$TARGET" || exit 1 + fi echo -e "\n \033[33m\"$2\" successfully sandboxed!" echo -e "\n \033[0mThe sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" echo -e "\n This location can be moved by setting the 'SANDBOXDIR' env variable" From 117a4e72ef0e6b10429c65e3ed2fc406091ce1b1 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 16:50:57 -0400 Subject: [PATCH 02/25] Update sandboxes.am --- modules/sandboxes.am | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index c83fa9d53..055a8cef8 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -151,28 +151,29 @@ case "$1" in HEREDOC $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 - read -p "Allow $2 to access ~/Downloads? (y/N): " yn + echo -e "\n \033[33m\"$2\" successfully sandboxed!" + echo -e "\n \033[0mThe sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" + echo -e "\n This location can be moved by setting the 'SANDBOXDIR' env variable" + echo -e "\n --------------------------------------------------------------------------" + echo -e "\n \033[33mUse the --disable-sandbox flag if you want to revert the changes" + echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" + read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then sed -i "s|--rm-file xdg-download|--add-file xdg-download:rw|g" "$TARGET" || exit 1 fi - read -p "Allow $2 to access ~/Documents? (y/N): " yn + read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 fi - read -p "Allow $2 to access ~/Pictures (y/N): " yn + read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 fi - read -p "Allow $2 to access ~/Videos (y/N): " yn + read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then sed -i "s|--rm-file xdg-videos|--add-file xdg-videos:rw|g" "$TARGET" || exit 1 fi - echo -e "\n \033[33m\"$2\" successfully sandboxed!" - echo -e "\n \033[0mThe sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" - echo -e "\n This location can be moved by setting the 'SANDBOXDIR' env variable" - echo -e "\n --------------------------------------------------------------------------" - echo -e "\n \033[33mUse the --disable-sandbox flag if you want to revert the changes" - echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n" + echo -e "\n \033[33mUser directories access configured successfully!" exit 0 done From ea7ab52692d6a7e82b7c4cb4efc40bf0fb2821cb Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 01:49:06 +0200 Subject: [PATCH 03/25] Update sandboxes.am: fix "echo" messages in aisap script / use "-e" --- modules/sandboxes.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 055a8cef8..677ee156e 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -108,14 +108,14 @@ case "$1" in mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" - echo "\n Giving exec permissions back to $APPEXEC..." + echo -e "\n Giving exec permissions back to $APPEXEC..." chmod a+x "$APPEXEC" || exit 1 echo " Patching $APPIMAGEPATH/AM-updater to give permissions back..." sed -i 's|chmod a-x|chmod a+x|g' "$APPIMAGEPATH/AM-updater" || exit 1 THISFILE="$(realpath "$0")" - echo " Replacing $THISFILE with a link to the AppImage...\n" + echo -e " Replacing $THISFILE with a link to the AppImage...\n" SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 - echo " \033[32m$APPEXEC successfully unsandboxed!\n" + echo -e " \033[32m$APPEXEC successfully unsandboxed!\n" exit 0 fi if [ -z "$APPNAME" ]; then exit 1; fi From 8fde1b02905a891c77756fc7eb1125b848dd2353 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 01:53:14 +0200 Subject: [PATCH 04/25] Update sandboxes.am: "sed" require "$SUDOCOMMAND" --- modules/sandboxes.am | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 677ee156e..174ec716d 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -159,19 +159,19 @@ case "$1" in echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - sed -i "s|--rm-file xdg-download|--add-file xdg-download:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i "s|--rm-file xdg-download|--add-file xdg-download:rw|g" "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - sed -i "s|--rm-file xdg-videos|--add-file xdg-videos:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i "s|--rm-file xdg-videos|--add-file xdg-videos:rw|g" "$TARGET" || exit 1 fi echo -e "\n \033[33mUser directories access configured successfully!" exit 0 From 39dc663c1a16952505679961cc303327bc8141df Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 20:35:26 -0400 Subject: [PATCH 05/25] Update sandboxes.am --- modules/sandboxes.am | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 174ec716d..4a75ee445 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -136,6 +136,7 @@ case "$1" in --add-file "$CONFIGDIR"/qt6ct \ --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ + --add-file /usr/share \ --rm-file xdg-download \ --rm-file xdg-music \ --rm-file xdg-pictures \ From 6e0c1babbc6fffe73aa2da3bfbba5351c181bb6a Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 02:48:21 +0200 Subject: [PATCH 06/25] Update sandboxes.am: ask to access "Music" --- modules/sandboxes.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 4a75ee445..06498d8bd 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -166,6 +166,10 @@ case "$1" in if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then $SUDOCOMMAND sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 fi + read -p " Allow $2 access to ~/Music (y/N): " yn + if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then + $SUDOCOMMAND sed -i "s|--rm-file xdg-music|--add-file xdg-music:rw|g" "$TARGET" || exit 1 + fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then $SUDOCOMMAND sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 From 4a13d17feffd224c7cc7eed1948e5cec2f0c3040 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 21:43:32 -0400 Subject: [PATCH 07/25] Update sandboxes.am --- modules/sandboxes.am | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 06498d8bd..f19162835 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -108,14 +108,14 @@ case "$1" in mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" - echo -e "\n Giving exec permissions back to $APPEXEC..." + echo "\n Giving exec permissions back to $APPEXEC..." chmod a+x "$APPEXEC" || exit 1 echo " Patching $APPIMAGEPATH/AM-updater to give permissions back..." sed -i 's|chmod a-x|chmod a+x|g' "$APPIMAGEPATH/AM-updater" || exit 1 THISFILE="$(realpath "$0")" - echo -e " Replacing $THISFILE with a link to the AppImage...\n" + echo " Replacing $THISFILE with a link to the AppImage...\n" SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 - echo -e " \033[32m$APPEXEC successfully unsandboxed!\n" + echo " \033[32m$APPEXEC successfully unsandboxed!\n" exit 0 fi if [ -z "$APPNAME" ]; then exit 1; fi @@ -137,11 +137,11 @@ case "$1" in --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ --add-file /usr/share \ - --rm-file xdg-download \ - --rm-file xdg-music \ - --rm-file xdg-pictures \ - --rm-file xdg-videos \ - --rm-file xdg-documents \ + --rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw \ + --rm-file "${XDG_MUSIC_DIR:-~/Music}":rw \ + --rm-file "${XDG_PICTURES_DIR:-~/Pictures}":rw \ + --rm-file "${XDG_VIDEOS_DIR:-~/Videos}":rw \ + --rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}":rw \ --add-socket dbus \ --add-socket x11 \ --add-socket wayland \ @@ -160,23 +160,23 @@ case "$1" in echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i "s|--rm-file xdg-download|--add-file xdg-download:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file ${XDG_DOWNLOAD_DIR:-~/Downloads}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i "s|--rm-file xdg-documents|--add-file xdg-documents:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Downloads}"|--add-file ${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Music (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i "s|--rm-file xdg-music|--add-file xdg-music:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Downloads}"|--add-file ${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i "s|--rm-file xdg-pictures|--add-file xdg-pictures:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Downloads}"|--add-file ${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i "s|--rm-file xdg-videos|--add-file xdg-videos:rw|g" "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Downloads}"|--add-file ${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 fi echo -e "\n \033[33mUser directories access configured successfully!" exit 0 From cbf72fa8ffa2c49e65bb33b5cd2d57862d85baf8 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 21:58:23 -0400 Subject: [PATCH 08/25] Fix missing " --- modules/sandboxes.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index f19162835..dea34c1df 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -160,23 +160,23 @@ case "$1" in echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file ${XDG_DOWNLOAD_DIR:-~/Downloads}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Downloads}"|--add-file ${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Downloads}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Music (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Downloads}"|--add-file ${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Downloads}"|--add-file "${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Downloads}"|--add-file ${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Downloads}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Downloads}"|--add-file ${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Downloads}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 fi echo -e "\n \033[33mUser directories access configured successfully!" exit 0 From 11a162954bd1599eaa3fc43e96536ffed3a27b54 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 22:00:37 -0400 Subject: [PATCH 09/25] Fixed a bigger issue --- modules/sandboxes.am | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index dea34c1df..6c6794e97 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -164,19 +164,19 @@ case "$1" in fi read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Downloads}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Music (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Downloads}"|--add-file "${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Music}"|--add-file "${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Downloads}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Pictures}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Downloads}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 fi echo -e "\n \033[33mUser directories access configured successfully!" exit 0 From bf0d97f422583b471b3effb92eea46aac327e301 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 23:06:47 -0400 Subject: [PATCH 10/25] Update sandboxes.am --- modules/sandboxes.am | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 6c6794e97..b41c1a754 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -100,6 +100,12 @@ case "$1" in DATADIR="${XDG_DATA_HOME:-$HOME/.local/share}" CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" + + XDG_DOWNLOAD_DIR=$(xdg-user-dir DOWNLOAD 2>/dev/null) + XDG_MUSIC_DIR=$(xdg-user-dir MUSIC 2>/dev/null) + XDG_PICTURES_DIR=$(xdg-user-dir PICTURES 2>/dev/null) + XDG_VIDEOS_DIR=$(xdg-user-dir VIDEOS 2>/dev/null) + XDG_DOCUMENTS_DIR=$(xdg-user-dir DOCUMENTS 2>/dev/null) # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) From 29b2cfb53974e28cc40faf2973039965917898ce Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Tue, 18 Jun 2024 23:10:31 -0400 Subject: [PATCH 11/25] Update sandboxes.am --- modules/sandboxes.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index b41c1a754..ea18a5f7b 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -101,11 +101,11 @@ case "$1" in CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" - XDG_DOWNLOAD_DIR=$(xdg-user-dir DOWNLOAD 2>/dev/null) - XDG_MUSIC_DIR=$(xdg-user-dir MUSIC 2>/dev/null) - XDG_PICTURES_DIR=$(xdg-user-dir PICTURES 2>/dev/null) - XDG_VIDEOS_DIR=$(xdg-user-dir VIDEOS 2>/dev/null) - XDG_DOCUMENTS_DIR=$(xdg-user-dir DOCUMENTS 2>/dev/null) + XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" + XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" + XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" + XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" + XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) From e189c5451b734ee012eda2dd8b384124242753a5 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Wed, 19 Jun 2024 00:00:50 -0400 Subject: [PATCH 12/25] Small change --- modules/sandboxes.am | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index ea18a5f7b..02cb7614b 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -143,11 +143,11 @@ case "$1" in --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ --add-file /usr/share \ - --rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw \ - --rm-file "${XDG_MUSIC_DIR:-~/Music}":rw \ - --rm-file "${XDG_PICTURES_DIR:-~/Pictures}":rw \ - --rm-file "${XDG_VIDEOS_DIR:-~/Videos}":rw \ - --rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}":rw \ + --rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}" \ + --rm-file "${XDG_MUSIC_DIR:-~/Music}" \ + --rm-file "${XDG_PICTURES_DIR:-~/Pictures}" \ + --rm-file "${XDG_VIDEOS_DIR:-~/Videos}" \ + --rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}" \ --add-socket dbus \ --add-socket x11 \ --add-socket wayland \ @@ -166,23 +166,23 @@ case "$1" in echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Documents? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}":rw|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Music (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Music}"|--add-file "${XDG_MUSIC_DIR:-~/Music}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Music}"|--add-file "${XDG_MUSIC_DIR:-~/Music}":rw|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Pictures (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Pictures}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Pictures}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}":rw|g' "$TARGET" || exit 1 fi read -p " Allow $2 access to ~/Videos (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}"|g' "$TARGET" || exit 1 + $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}":rw|g' "$TARGET" || exit 1 fi echo -e "\n \033[33mUser directories access configured successfully!" exit 0 From 122dd793507a0dd3cbfad3139ab19aec04ee3638 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Wed, 19 Jun 2024 03:02:15 -0400 Subject: [PATCH 13/25] Use POSIX printf instead of echo -e https://www.shellcheck.net/wiki/SC3037 --- modules/sandboxes.am | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 02cb7614b..fd2942df5 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -42,15 +42,14 @@ case "$1" in echo " '$2' is not a valid argument or is not installed."; exit elif [ "$2" = "aisap" ]; then echo " Error: You can't sandbox aisap"; exit 1 - elif ! command -v am 1>/dev/null && ! command -v appman 1>/dev/null; then - echo -e " Error: You need AM or AppMan for this script work\nInstall AM/AppMan and try again"; exit 1 elif ! command -v aisap 1>/dev/null; then - echo -e " Error: You need aisap for this script work\n" - read -p " ◆ DO YOU WISH TO INSTALL AISAP (y,n)?: " yn - if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $AMCLIPATH -i aisap >/dev/null 2>&1 + printf '\n%s\n\n' " Error: You need aisap for this script work" + read -p " ◆ DO YOU WISH TO INSTALL AISAP? Install size <5 MIB, (Y/n)?: " yn + if echo "$yn" | grep -i '^n' >/dev/null 2>&1; then + printf '\n%s\n\n' "Installation aborted"; exit 1 fi - command -v aisap 1>/dev/null && echo " aisap installed successfully" || exit 1 + $AMCLIPATH -i aisap >/dev/null 2>&1 + command -v aisap 1>/dev/null && printf '\n%s\n\n' " aisap installed successfully" || exit 1 fi # Set variables @@ -76,7 +75,7 @@ case "$1" in sed -i 's|chmod a+x|chmod a-x|g' "$APPIMAGEPATH/AM-updater" || exit 1 # Check if we are using AM or AppMan - echo -e "\n Making aisap script for \"$(echo "$AMCLI" | tr a-z A-Z)\"..." + printf '\n%s\n' " Making aisap script for \"$(echo "$AMCLI" | tr a-z A-Z)\"..." mkdir -p "$AMCACHEDIR/sandbox-scripts" cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" @@ -114,14 +113,14 @@ case "$1" in mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" - echo "\n Giving exec permissions back to $APPEXEC..." + printf '\n%s' " Giving exec permissions back to $APPEXEC..." chmod a+x "$APPEXEC" || exit 1 - echo " Patching $APPIMAGEPATH/AM-updater to give permissions back..." + printf '\n%s' " Patching $APPIMAGEPATH/AM-updater to give permissions back..." sed -i 's|chmod a-x|chmod a+x|g' "$APPIMAGEPATH/AM-updater" || exit 1 THISFILE="$(realpath "$0")" - echo " Replacing $THISFILE with a link to the AppImage...\n" + printf '\n%s\n' " Replacing $THISFILE with a link to the AppImage..." SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 - echo " \033[32m$APPEXEC successfully unsandboxed!\n" + printf '\033[32m\n%s\n\n' " $APPEXEC successfully unsandboxed!" exit 0 fi if [ -z "$APPNAME" ]; then exit 1; fi @@ -158,12 +157,13 @@ case "$1" in HEREDOC $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 - echo -e "\n \033[33m\"$2\" successfully sandboxed!" - echo -e "\n \033[0mThe sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" - echo -e "\n This location can be moved by setting the 'SANDBOXDIR' env variable" - echo -e "\n --------------------------------------------------------------------------" - echo -e "\n \033[33mUse the --disable-sandbox flag if you want to revert the changes" - echo -e "\n \033[0mIn this case that is: \033[33m$2 --disable-sandbox\n\033[36m" + printf '\n\033[33m%s\n' " \"$2\" successfully sandboxed!" + printf '\n\033[0m%s\n' " The sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" + printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" + printf '\n%s\n' " --------------------------------------------------------------------------" + printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" + printf '\n\033[0m%s' " In this case that is:" + printf '\033[33m%s\033[36m\n\n' " $2 --disable-sandbox" read -p " Allow $2 access to ~/Downloads? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw|g' "$TARGET" || exit 1 @@ -184,7 +184,7 @@ case "$1" in if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}":rw|g' "$TARGET" || exit 1 fi - echo -e "\n \033[33mUser directories access configured successfully!" + printf '\n\033[33m%s\n\n' " User directories access configured successfully!" exit 0 done From 17fe48064834a5eb6790ed146a0ac7d8b0136892 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:48:45 +0200 Subject: [PATCH 14/25] Use system language in XDG directories --- modules/sandboxes.am | 75 ++++++++++++++++++++++++++------------------ 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index fd2942df5..35eaae4b3 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -62,6 +62,12 @@ case "$1" in APPIMAGEPATH="$APPSPATH/$2" APPIMAGE="$APPIMAGEPATH/$2" + XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" + XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" + XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" + XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" + XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" + # Check if TARGET is an AppImage or was already sandboxed if grep "aisap-am" "$TARGET" >/dev/null 2>&1; then echo " $2 is already sandboxed!"; exit 1 @@ -99,12 +105,6 @@ case "$1" in DATADIR="${XDG_DATA_HOME:-$HOME/.local/share}" CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" - - XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" - XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" - XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" - XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" - XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) @@ -142,21 +142,7 @@ case "$1" in --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ --add-file /usr/share \ - --rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}" \ - --rm-file "${XDG_MUSIC_DIR:-~/Music}" \ - --rm-file "${XDG_PICTURES_DIR:-~/Pictures}" \ - --rm-file "${XDG_VIDEOS_DIR:-~/Videos}" \ - --rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}" \ - --add-socket dbus \ - --add-socket x11 \ - --add-socket wayland \ - --add-socket pulseaudio \ - --add-socket network \ - --add-device dri -- \ - "$APPEXEC" "$@" HEREDOC - $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 - $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 printf '\n\033[33m%s\n' " \"$2\" successfully sandboxed!" printf '\n\033[0m%s\n' " The sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" @@ -164,26 +150,55 @@ case "$1" in printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" printf '\n\033[0m%s' " In this case that is:" printf '\033[33m%s\033[36m\n\n' " $2 --disable-sandbox" - read -p " Allow $2 access to ~/Downloads? (y/N): " yn + + read -p " Allow $2 access to $XDG_DOCUMENTS_DIR? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw|g' "$TARGET" || exit 1 + cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-file "$XDG_DOCUMENTS_DIR":rw \\ + HEREDOC fi - read -p " Allow $2 access to ~/Documents? (y/N): " yn + + read -p " Allow $2 access to $XDG_DOWNLOAD_DIR? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}":rw|g' "$TARGET" || exit 1 + cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-file "$XDG_DOWNLOAD_DIR":rw \\ + HEREDOC fi - read -p " Allow $2 access to ~/Music (y/N): " yn + + read -p " Allow $2 access to $XDG_MUSIC_DIR? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Music}"|--add-file "${XDG_MUSIC_DIR:-~/Music}":rw|g' "$TARGET" || exit 1 + cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-file "$XDG_MUSIC_DIR":rw \\ + HEREDOC fi - read -p " Allow $2 access to ~/Pictures (y/N): " yn + + read -p " Allow $2 access to $XDG_PICTURES_DIR? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Pictures}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}":rw|g' "$TARGET" || exit 1 + cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-file "$XDG_PICTURES_DIR":rw \\ + HEREDOC fi - read -p " Allow $2 access to ~/Videos (y/N): " yn + + read -p " Allow $2 access to $XDG_VIDEOS_DIR? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - $SUDOCOMMAND sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}":rw|g' "$TARGET" || exit 1 + cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-file "$XDG_VIDEOS_DIR":rw \\ + HEREDOC fi + + cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" + --add-socket dbus \ + --add-socket x11 \ + --add-socket wayland \ + --add-socket pulseaudio \ + --add-socket network \ + --add-device dri -- \ + "$APPEXEC" "$@" + HEREDOC + + $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 + $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 + printf '\n\033[33m%s\n\n' " User directories access configured successfully!" exit 0 done From 63ac9406843c483e54490cd5f556d6f437cb578a Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:59:12 +0200 Subject: [PATCH 15/25] The surrounding quotes actually unquote this. Escape them. By Shellcheck --- modules/sandboxes.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 35eaae4b3..7b4d4203a 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -144,7 +144,7 @@ case "$1" in --add-file /usr/share \ HEREDOC printf '\n\033[33m%s\n' " \"$2\" successfully sandboxed!" - printf '\n\033[0m%s\n' " The sandboxed app home will be in "${SANDBOXDIR:-$HOME/.local/am-sandboxes}" once launched" + printf '\n\033[0m%s\n' " The sandboxed app home will be in \"${SANDBOXDIR:-$HOME/.local/am-sandboxes}\" once launched" printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" printf '\n%s\n' " --------------------------------------------------------------------------" printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" From b402d972ed47e2236cb1f27a59a9a1fdc91e64e3 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 19:34:49 +0200 Subject: [PATCH 16/25] Move messages / password comes before messages (in "AM") --- modules/sandboxes.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 7b4d4203a..c8492a968 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -113,13 +113,13 @@ case "$1" in mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" + THISFILE="$(realpath "$0")" + SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 printf '\n%s' " Giving exec permissions back to $APPEXEC..." chmod a+x "$APPEXEC" || exit 1 printf '\n%s' " Patching $APPIMAGEPATH/AM-updater to give permissions back..." sed -i 's|chmod a-x|chmod a+x|g' "$APPIMAGEPATH/AM-updater" || exit 1 - THISFILE="$(realpath "$0")" printf '\n%s\n' " Replacing $THISFILE with a link to the AppImage..." - SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 printf '\033[32m\n%s\n\n' " $APPEXEC successfully unsandboxed!" exit 0 fi @@ -196,8 +196,8 @@ case "$1" in "$APPEXEC" "$@" HEREDOC + chmod a+x "$AMCACHEDIR/sandbox-scripts/$2" && sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 - $SUDOCOMMAND chmod a+x "$TARGET" && $SUDOCOMMAND sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$TARGET" || exit 1 printf '\n\033[33m%s\n\n' " User directories access configured successfully!" exit 0 From 7127794d6a08d86e89c2e6c924277f6b7a8fd532 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Wed, 19 Jun 2024 19:55:44 +0200 Subject: [PATCH 17/25] Remove "$AMCACHEDIR/sandbox-scripts" before creating a new sandbox --- modules/sandboxes.am | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index c8492a968..f2429fb63 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -83,6 +83,7 @@ case "$1" in # Check if we are using AM or AppMan printf '\n%s\n' " Making aisap script for \"$(echo "$AMCLI" | tr a-z A-Z)\"..." + rm -Rf "$AMCACHEDIR/sandbox-scripts" mkdir -p "$AMCACHEDIR/sandbox-scripts" cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" #!/bin/sh From 7089977cc288ea2f385da3b0be16837b9360fe10 Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:23:07 -0400 Subject: [PATCH 18/25] Changed a lot of things --- modules/sandboxes.am | 125 +++++++++++++++++++++++-------------------- 1 file changed, 68 insertions(+), 57 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index f2429fb63..a47817899 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -62,12 +62,6 @@ case "$1" in APPIMAGEPATH="$APPSPATH/$2" APPIMAGE="$APPIMAGEPATH/$2" - XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" - XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" - XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" - XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" - XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" - # Check if TARGET is an AppImage or was already sandboxed if grep "aisap-am" "$TARGET" >/dev/null 2>&1; then echo " $2 is already sandboxed!"; exit 1 @@ -75,16 +69,26 @@ case "$1" in echo " $TARGET doesn't look like an AppImage, aborting"; exit 1 fi - # Remove the exec permission from the AppImage and its updater for better safety™ - $SUDOCOMMAND rm -f "$TARGET" && - chmod a-x "$APPIMAGE" && - sed -i 's|chmod a+x|chmod a-x|g' "$APPIMAGEPATH/AM-updater" || exit 1 - # Check if we are using AM or AppMan printf '\n%s\n' " Making aisap script for \"$(echo "$AMCLI" | tr a-z A-Z)\"..." - + rm -Rf "$AMCACHEDIR/sandbox-scripts" mkdir -p "$AMCACHEDIR/sandbox-scripts" + + # Get xdg variables + XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" + XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" + XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" + XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" + XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" + + # Unset the xdg variable if it equals to $HOME + if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ]; then XDG_DOWNLOAD_DIR=""; fi + if [ "$XDG_MUSIC_DIR" = "$HOME" ]; then XDG_MUSIC_DIR=""; fi + if [ "$XDG_PICTURES_DIR" = "$HOME" ]; then XDG_PICTURES_DIR=""; fi + if [ "$XDG_VIDEOS_DIR" = "$HOME" ]; then XDG_VIDEOS_DIR=""; fi + if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ]; then XDG_DOCUMENTS_DIR=""; fi + cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" #!/bin/sh @@ -106,6 +110,18 @@ case "$1" in DATADIR="${XDG_DATA_HOME:-$HOME/.local/share}" CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" + + XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" + XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" + XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" + XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" + XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" + + if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ]; then XDG_DOWNLOAD_DIR=""; fi + if [ "$XDG_MUSIC_DIR" = "$HOME" ]; then XDG_MUSIC_DIR=""; fi + if [ "$XDG_PICTURES_DIR" = "$HOME" ]; then XDG_PICTURES_DIR=""; fi + if [ "$XDG_VIDEOS_DIR" = "$HOME" ]; then XDG_VIDEOS_DIR=""; fi + if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ]; then XDG_DOCUMENTS_DIR=""; fi # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) @@ -114,13 +130,13 @@ case "$1" in mkdir -p "$SANDBOXDIR/$APPNAME" if [ "$1" = "--disable-sandbox" ]; then APPIMAGEPATH="$(echo ${APPEXEC%/*})" - THISFILE="$(realpath "$0")" - SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 printf '\n%s' " Giving exec permissions back to $APPEXEC..." chmod a+x "$APPEXEC" || exit 1 printf '\n%s' " Patching $APPIMAGEPATH/AM-updater to give permissions back..." sed -i 's|chmod a-x|chmod a+x|g' "$APPIMAGEPATH/AM-updater" || exit 1 + THISFILE="$(realpath "$0")" printf '\n%s\n' " Replacing $THISFILE with a link to the AppImage..." + SUDO ln -sf "$APPEXEC" "$THISFILE" || exit 1 printf '\033[32m\n%s\n\n' " $APPEXEC successfully unsandboxed!" exit 0 fi @@ -143,64 +159,59 @@ case "$1" in --add-file "$CONFIGDIR"/Kvantum \ --add-file "$HOME"/.local/lib \ --add-file /usr/share \ + --rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}" \ + --rm-file "${XDG_MUSIC_DIR:-~/Music}" \ + --rm-file "${XDG_PICTURES_DIR:-~/Pictures}" \ + --rm-file "${XDG_VIDEOS_DIR:-~/Videos}" \ + --rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}" \ + --add-socket dbus \ + --add-socket x11 \ + --add-socket wayland \ + --add-socket pulseaudio \ + --add-socket network \ + --add-device dri -- \ + "$APPEXEC" "$@" HEREDOC - printf '\n\033[33m%s\n' " \"$2\" successfully sandboxed!" - printf '\n\033[0m%s\n' " The sandboxed app home will be in \"${SANDBOXDIR:-$HOME/.local/am-sandboxes}\" once launched" - printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" - printf '\n%s\n' " --------------------------------------------------------------------------" - printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" - printf '\n\033[0m%s' " In this case that is:" - printf '\033[33m%s\033[36m\n\n' " $2 --disable-sandbox" - - read -p " Allow $2 access to $XDG_DOCUMENTS_DIR? (y/N): " yn + printf '\033[36m\n' + read -p " Allow $2 access to ${XDG_DOWNLOAD_DIR:-~/Downloads}? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-file "$XDG_DOCUMENTS_DIR":rw \\ - HEREDOC + sed -i 's|--rm-file "${XDG_DOWNLOAD_DIR:-~/Downloads}"|--add-file "${XDG_DOWNLOAD_DIR:-~/Downloads}":rw|g' "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 fi - - read -p " Allow $2 access to $XDG_DOWNLOAD_DIR? (y/N): " yn + read -p " Allow $2 access to ${XDG_DOCUMENTS_DIR:-~/Documents}? (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-file "$XDG_DOWNLOAD_DIR":rw \\ - HEREDOC + sed -i 's|--rm-file "${XDG_DOCUMENTS_DIR:-~/Documents}"|--add-file "${XDG_DOCUMENTS_DIR:-~/Documents}":rw|g' "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 fi - - read -p " Allow $2 access to $XDG_MUSIC_DIR? (y/N): " yn + read -p " Allow $2 access to ${XDG_MUSIC_DIR:-~/Music} (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-file "$XDG_MUSIC_DIR":rw \\ - HEREDOC + sed -i 's|--rm-file "${XDG_MUSIC_DIR:-~/Music}"|--add-file "${XDG_MUSIC_DIR:-~/Music}":rw|g' "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 fi - - read -p " Allow $2 access to $XDG_PICTURES_DIR? (y/N): " yn + read -p " Allow $2 access to ${XDG_PICTURES_DIR:-~/Pictures} (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-file "$XDG_PICTURES_DIR":rw \\ - HEREDOC + sed -i 's|--rm-file "${XDG_PICTURES_DIR:-~/Pictures}"|--add-file "${XDG_PICTURES_DIR:-~/Pictures}":rw|g' "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 fi - - read -p " Allow $2 access to $XDG_VIDEOS_DIR? (y/N): " yn + read -p " Allow $2 access to ${XDG_VIDEOS_DIR:-~/Videos} (y/N): " yn if echo "$yn" | grep -i '^y' >/dev/null 2>&1; then - cat <<-HEREDOC >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-file "$XDG_VIDEOS_DIR":rw \\ - HEREDOC + sed -i 's|--rm-file "${XDG_VIDEOS_DIR:-~/Videos}"|--add-file "${XDG_VIDEOS_DIR:-~/Videos}":rw|g' "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 fi - - cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" - --add-socket dbus \ - --add-socket x11 \ - --add-socket wayland \ - --add-socket pulseaudio \ - --add-socket network \ - --add-device dri -- \ - "$APPEXEC" "$@" - HEREDOC + printf '\n\033[33m%s\n' " User directories access configured successfully!" chmod a+x "$AMCACHEDIR/sandbox-scripts/$2" && sed -i "s|DUMMY|$APPIMAGE|g; s|SUDO |$SUDOCOMMAND |g" "$AMCACHEDIR/sandbox-scripts/$2" || exit 1 + + # Remove the exec permission from the AppImage and its updater for better safety™ + $SUDOCOMMAND rm -f "$TARGET" && chmod a-x "$APPIMAGE" && + sed -i 's|chmod a+x|chmod a-x|g' "$APPIMAGEPATH/AM-updater" || exit 1 + + # Put sandbox script in the place of the appimage symlink $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 - printf '\n\033[33m%s\n\n' " User directories access configured successfully!" + printf '\n%s\n' " \"$2\" successfully sandboxed!" + printf '\n\033[0m%s\n' " The sandboxed app home will be in \"${SANDBOXDIR:-$HOME/.local/am-sandboxes}\" once launched" + printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" + printf '\n%s\n' " --------------------------------------------------------------------------" + printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" + printf '\n\033[0m%s' " In this case that is:" + printf '\033[33m%s\033[36m\n\n' " $2 --disable-sandbox" + exit 0 done From ea43db9188e35a7f8645eb89585ae0a860c02e3f Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:04:08 -0400 Subject: [PATCH 19/25] Simplify how `$SCRIPTDIR` is defined --- APP-MANAGER | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/APP-MANAGER b/APP-MANAGER index 0b69146e1..530eba639 100755 --- a/APP-MANAGER +++ b/APP-MANAGER @@ -30,8 +30,7 @@ function _clean_amcachedir() { } APPMANCONFIG="$CONFIGDIR/appman" - -export SCRIPTDIR="$(if command -v xdg-user-dir &>/dev/null; then xdg-user-dir DESKTOP; else echo $HOME; fi)" +export SCRIPTDIR="$(xdg-user-dir DESKTOP 2>/dev/null || echo "$HOME")" # Determine sytem package manager function _system_package_manager_check() { From 30d7421d0859f8fc5524ed1cff5a1e38a530461e Mon Sep 17 00:00:00 2001 From: Samuel <36420837+Samueru-sama@users.noreply.github.com> Date: Wed, 19 Jun 2024 19:21:35 -0400 Subject: [PATCH 20/25] Improve check against xdg variables being `$HOME` --- modules/sandboxes.am | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index a47817899..1bb16856b 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -83,11 +83,12 @@ case "$1" in XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" # Unset the xdg variable if it equals to $HOME - if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ]; then XDG_DOWNLOAD_DIR=""; fi - if [ "$XDG_MUSIC_DIR" = "$HOME" ]; then XDG_MUSIC_DIR=""; fi - if [ "$XDG_PICTURES_DIR" = "$HOME" ]; then XDG_PICTURES_DIR=""; fi - if [ "$XDG_VIDEOS_DIR" = "$HOME" ]; then XDG_VIDEOS_DIR=""; fi - if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ]; then XDG_DOCUMENTS_DIR=""; fi + if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ] || [ "$XDG_DOWNLOAD_DIR" = "$HOME/" ]; then XDG_DOWNLOAD_DIR=""; fi + if [ "$XDG_MUSIC_DIR" = "$HOME" ] || [ "$XDG_MUSIC_DIR" = "$HOME/" ]; then XDG_MUSIC_DIR=""; fi + if [ "$XDG_PICTURES_DIR" = "$HOME" ] || [ "$XDG_PICTURES_DIR" = "$HOME/" ]; then XDG_PICTURES_DIR=""; fi + if [ "$XDG_VIDEOS_DIR" = "$HOME" ] || [ "$XDG_VIDEOS_DIR" = "$HOME/" ]; then XDG_VIDEOS_DIR=""; fi + if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ] || [ "$XDG_DOCUMENTS_DIR" = "$HOME/" ]; then XDG_DOCUMENTS_DIR=""; fi + cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" #!/bin/sh @@ -117,11 +118,11 @@ case "$1" in XDG_VIDEOS_DIR="$(xdg-user-dir VIDEOS 2>/dev/null)" XDG_DOCUMENTS_DIR="$(xdg-user-dir DOCUMENTS 2>/dev/null)" - if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ]; then XDG_DOWNLOAD_DIR=""; fi - if [ "$XDG_MUSIC_DIR" = "$HOME" ]; then XDG_MUSIC_DIR=""; fi - if [ "$XDG_PICTURES_DIR" = "$HOME" ]; then XDG_PICTURES_DIR=""; fi - if [ "$XDG_VIDEOS_DIR" = "$HOME" ]; then XDG_VIDEOS_DIR=""; fi - if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ]; then XDG_DOCUMENTS_DIR=""; fi + if [ "$XDG_DOWNLOAD_DIR" = "$HOME" ] || [ "$XDG_DOWNLOAD_DIR" = "$HOME/" ]; then XDG_DOWNLOAD_DIR=""; fi + if [ "$XDG_MUSIC_DIR" = "$HOME" ] || [ "$XDG_MUSIC_DIR" = "$HOME/" ]; then XDG_MUSIC_DIR=""; fi + if [ "$XDG_PICTURES_DIR" = "$HOME" ] || [ "$XDG_PICTURES_DIR" = "$HOME/" ]; then XDG_PICTURES_DIR=""; fi + if [ "$XDG_VIDEOS_DIR" = "$HOME" ] || [ "$XDG_VIDEOS_DIR" = "$HOME/" ]; then XDG_VIDEOS_DIR=""; fi + if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ] || [ "$XDG_DOCUMENTS_DIR" = "$HOME/" ]; then XDG_DOCUMENTS_DIR=""; fi # Try to find the right name of the app xdg directories, as sometimes it is not the same as $APPNAME APPDATA=$( ls "$DATADIR" | grep -i "$APPNAME" | head -1 ) From 2af28a89202a4c6120691dc980e551e1d58baba1 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Thu, 20 Jun 2024 01:31:43 +0200 Subject: [PATCH 21/25] Update sandboxes.am: spaces --- modules/sandboxes.am | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 1bb16856b..9c37e568b 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -71,7 +71,7 @@ case "$1" in # Check if we are using AM or AppMan printf '\n%s\n' " Making aisap script for \"$(echo "$AMCLI" | tr a-z A-Z)\"..." - + rm -Rf "$AMCACHEDIR/sandbox-scripts" mkdir -p "$AMCACHEDIR/sandbox-scripts" @@ -89,7 +89,6 @@ case "$1" in if [ "$XDG_VIDEOS_DIR" = "$HOME" ] || [ "$XDG_VIDEOS_DIR" = "$HOME/" ]; then XDG_VIDEOS_DIR=""; fi if [ "$XDG_DOCUMENTS_DIR" = "$HOME" ] || [ "$XDG_DOCUMENTS_DIR" = "$HOME/" ]; then XDG_DOCUMENTS_DIR=""; fi - cat <<-"HEREDOC" >> "$AMCACHEDIR/sandbox-scripts/$2" #!/bin/sh @@ -111,7 +110,7 @@ case "$1" in DATADIR="${XDG_DATA_HOME:-$HOME/.local/share}" CONFIGDIR="${XDG_CONFIG_HOME:-$HOME/.config}" CACHEDIR="${XDG_CACHE_HOME:-$HOME/.cache}" - + XDG_DOWNLOAD_DIR="$(xdg-user-dir DOWNLOAD 2>/dev/null)" XDG_MUSIC_DIR="$(xdg-user-dir MUSIC 2>/dev/null)" XDG_PICTURES_DIR="$(xdg-user-dir PICTURES 2>/dev/null)" From 357672d46d93beaa30ec19d3ade09b3e520ecde1 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Thu, 20 Jun 2024 01:41:55 +0200 Subject: [PATCH 22/25] Update sandboxes.am --- modules/sandboxes.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sandboxes.am b/modules/sandboxes.am index 9c37e568b..d80ccd979 100644 --- a/modules/sandboxes.am +++ b/modules/sandboxes.am @@ -205,7 +205,7 @@ case "$1" in $SUDOCOMMAND mv "$AMCACHEDIR/sandbox-scripts/$2" "$TARGET" && rmdir "$AMCACHEDIR/sandbox-scripts" || exit 1 printf '\n%s\n' " \"$2\" successfully sandboxed!" - printf '\n\033[0m%s\n' " The sandboxed app home will be in \"${SANDBOXDIR:-$HOME/.local/am-sandboxes}\" once launched" + printf '\n\033[0m%s\n' " The app will be sandboxed in \"${SANDBOXDIR:-$HOME/.local/am-sandboxes}\" once launched" printf '\n%s\n' " This location can be moved by setting the 'SANDBOXDIR' env variable" printf '\n%s\n' " --------------------------------------------------------------------------" printf '\n\033[33m%s\n' " Use the --disable-sandbox flag if you want to revert the changes" From 4bd74ffaca7db04ebeeecebaa26f6707ac963c29 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Thu, 20 Jun 2024 01:50:27 +0200 Subject: [PATCH 23/25] Update APP-MANAGER --- APP-MANAGER | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/APP-MANAGER b/APP-MANAGER index 530eba639..c9b0e6504 100755 --- a/APP-MANAGER +++ b/APP-MANAGER @@ -1,6 +1,6 @@ #!/usr/bin/env bash -AMVERSION="6.12-1" +AMVERSION="6.12.1" # Determine main repository and branch AMREPO="https://raw.githubusercontent.com/ivan-hc/AM/main" From 44acdb81da366c411a84eeb063e52901e8088e20 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Thu, 20 Jun 2024 02:14:02 +0200 Subject: [PATCH 24/25] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 38b1a6330..ec7a551a6 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ You can consult the entire **list of managed apps** at [**portable-linux-apps.gi - [Backup and restore installed apps using snapshots](#backup-and-restore-installed-apps-using-snapshots) - [Remove one or more applications](#remove-one-or-more-applications) - [Convert Type2 AppImages requiring libfuse2 to Type3 AppImages](#convert-type2-appimages-requiring-libfuse2-to-type3-appimages) -- [Drag local AppImages to integrate them into the application menu](#drag-local-appimages-to-integrate-them-into-the-application-menu) +- [Integrate local AppImages into the menu by dragging and dropping them, as you do with AppImageLauncher](#integrate-local-appimages-into-the-menu-by-dragging-and-dropping-them-as-you-do-with-appimagelauncher) - [How to use "AM" in non-privileged mode, like "AppMan"](#how-to-use-am-in-non-privileged-mode-like-appman) - [Sandbox an AppImage](#sandbox-an-appimage) - [How to enable bash completion](#how-to-enable-bash-completion) @@ -699,7 +699,7 @@ This section is committed to giving small demonstrations of each available optio - [Backup and restore installed apps using snapshots](#backup-and-restore-installed-apps-using-snapshots) - [Remove one or more applications](#remove-one-or-more-applications) - [Convert Type2 AppImages requiring libfuse2 to Type3 AppImages](#convert-type2-appimages-requiring-libfuse2-to-type3-appimages) - - [Drag local AppImages to integrate them into the application menu](#drag-local-appimages-to-integrate-them-into-the-application-menu) + - [Integrate local AppImages into the menu by dragging and dropping them, as you do with AppImageLauncher](#integrate-local-appimages-into-the-menu-by-dragging-and-dropping-them-as-you-do-with-appimagelauncher) - [How to use "AM" in non-privileged mode, like "AppMan"](#how-to-use-am-in-non-privileged-mode-like-appman) - [Sandbox an AppImage](#sandbox-an-appimage) - [How to enable bash completion](#how-to-enable-bash-completion) @@ -852,7 +852,7 @@ If also the second step does not succeed either, the process will end with an er ------------------------------------------------------------------------ __________________________________________________________________________ -### Drag local AppImages to integrate them into the application menu +### Integrate local AppImages into the menu by dragging and dropping them, as you do with AppImageLauncher If you are a user who is used to dragging your local AppImages scattered around the system and if you are a user who likes clutter and wants to place their packages in different places... this option is for you. The option `--launcher` allows you to drag and drop a local AppImage to create a launcher to place in the menu, like [AppImageLauncher](https://github.com/TheAssassin/AppImageLauncher) or [Gear Lever](https://github.com/mijorus/gearlever), or any other classic AppImage package helper would... but in SHELL. From a1085c64968a4bf8f1e31af4bbbd3ea3a0f35670 Mon Sep 17 00:00:00 2001 From: iVAN <88724353+ivan-hc@users.noreply.github.com> Date: Thu, 20 Jun 2024 02:25:01 +0200 Subject: [PATCH 25/25] Update README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ec7a551a6..2d84298cd 100644 --- a/README.md +++ b/README.md @@ -908,6 +908,7 @@ or appman --sandbox $APP ``` - if the "aisap" package is not installed, you will be asked if you want to install it via "AM"/AppMan; +- you will be asked if your AppImages can have access to the main XDG directories (Pictures, Videos, Documents... using the system language); - requires replacing the symlink in $PATH with a script ("AM" users will need the root password); - to work, the Appimage will be set to "not executable", and the AM-updater will also have its `chmod` command set to `a-x` instead of `a+x`. @@ -917,9 +918,11 @@ To restore the use of the AppImage without sandbox, you need to run the applicat ``` $APP --disable-sandbox ``` -https://github.com/ivan-hc/AM/assets/88724353/420bfa1c-274f-4ac3-a79f-78ad64f01254 +In the video we will use "Baobab" (GTK3 version), a disk space analyzer, available in the database as "baobab-gtk3", and giving it read/write permissions only in "Video" (the Italian for "Videos") : -For more information aboit "Aisap", visit https://github.com/mgord9518/aisap +https://github.com/ivan-hc/AM/assets/88724353/79c1b4af-53d8-4175-9a28-136804059f6e + +For more information about "Aisap", visit https://github.com/mgord9518/aisap Available profiles are listed at https://github.com/mgord9518/aisap/tree/main/profiles