diff --git a/README.md b/README.md index 1e1a8af..324470a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Pacwrap +# pacwrap - + A package management front-end which utilises libalpm to facilitate the creation of unprivileged, userspace containers with parallelised, filesystem-agnostic deduplication. Sandboxing of unprivileged namespace containers is provided via bubblewrap to execute package transactions and launch applications inside of these containers. diff --git a/logo.svg b/assets/logo.svg similarity index 100% rename from logo.svg rename to assets/logo.svg diff --git a/pacwrap-agent/README.md b/pacwrap-agent/README.md new file mode 100644 index 0000000..c96254a --- /dev/null +++ b/pacwrap-agent/README.md @@ -0,0 +1,3 @@ +# pacwrap-agent + +Agent for conducting containerized transactions. Required by pacwrap-core and pacwrap. diff --git a/pacwrap-core/README.md b/pacwrap-core/README.md new file mode 100644 index 0000000..5c89ee5 --- /dev/null +++ b/pacwrap-core/README.md @@ -0,0 +1,3 @@ +# pacwrap-core - core library + +Core library providing core functionality for pacwrap. diff --git a/pacwrap-core/build.rs b/pacwrap-core/build.rs index 1986c5d..a5b9a26 100644 --- a/pacwrap-core/build.rs +++ b/pacwrap-core/build.rs @@ -1,32 +1,5 @@ -use std::process::Command; use std::env::var; -fn head() -> String { - match Command::new("git").args(["rev-parse", "--short", "HEAD"]).output() { - Ok(output) => String::from_utf8(output.stdout).unwrap_or("N/A".into()), - Err(_) => "N/A".into(), - } -} - -fn time(debug: bool) -> String { - match debug { - false => match Command::new("git").args(["log", "-1", "--date=format:%d/%m/%Y", "--format=%ad"]).output() { - Ok(output) => String::from_utf8(output.stdout).unwrap_or("N/A".into()), - Err(_) => "N/A".into(), - }, - true => match Command::new("date").args(["+%d/%m/%Y %T"]).output() { - Ok(output) => String::from_utf8(output.stdout).unwrap_or("N/A".into()), - Err(_) => "N/A".into(), - } - } -} - -fn release(debug: bool) -> &'static str { - match debug { - true => "DEV", false => "RELEASE", - } -} - fn dist_repo() -> String { match var("PACWRAP_DIST_REPO") { Ok(var) => var, @@ -34,16 +7,7 @@ fn dist_repo() -> String { } } -fn is_debug() -> bool { - var("DEBUG").unwrap().parse().unwrap() -} - fn main() { - let debug: bool = is_debug(); - println!("cargo:rerun-if-env-changed=PACWRAP_DIST_REPO"); println!("cargo:rustc-env=PACWRAP_DIST_REPO={}", dist_repo()); - println!("cargo:rustc-env=PACWRAP_BUILDSTAMP={}", head()); - println!("cargo:rustc-env=PACWRAP_BUILDTIME={}", time(debug)); - println!("cargo:rustc-env=PACWRAP_BUILD={}", release(debug)); } diff --git a/pacwrap/README.md b/pacwrap/README.md new file mode 100644 index 0000000..fb10a34 --- /dev/null +++ b/pacwrap/README.md @@ -0,0 +1,47 @@ +# pacwrap + + + +A package management front-end which utilises libalpm to facilitate the creation of unprivileged, userspace containers with parallelised, filesystem-agnostic deduplication. Sandboxing of unprivileged namespace containers is provided via bubblewrap to execute package transactions and launch applications inside of these containers. + +This application is designed to allow for the creation and execution of secure, replicable containerised environments for general-purpose use. CLI and GUI applications are all supported*. Once a container environment is configured, it can be re-established or replicated on any system. + +Goal of this project is to provide a distribution-backed alternative to flatpak with easily configurable security parameters. + +\* Some CLI-based applications, such as ncspot, require disabling termios isolation. This could allow an attacker to overtake the terminal and thus breakout of the container. +## Example usage + +To create a container, execute the following command: + +``` +$ pacwrap -Syucb --target=base +``` + +Then to launch a shell inside of this container to configure it: + +``` +$ pacwrap -Es base +``` + +And then finally, to install neovim inside of a fresh, replicable, root container: + + +``` +$ pacwrap -Syucr --target=neovim neovim --target=base +``` + +More advanced examples along with further documentation of configuration can be found further +elaborated upon **[here](./docs/README.md)**. + +## Manual + +An online version of the user manual is viewable **[here](./docs/manual.md)**. + +## Build requirements + +A minimum version of Rust 1.72, with base-devel and repose packages from Arch Linux's repositories. + +## Distribution support + +Currently only Arch Linux is supported in containers as package management is faciliated by libalpm. +However, this package should be distribution agnostic, so it should be possible to use on non-Arch-based distributions. diff --git a/pacwrap/build.rs b/pacwrap/build.rs index 1986c5d..6daf6e9 100644 --- a/pacwrap/build.rs +++ b/pacwrap/build.rs @@ -27,13 +27,6 @@ fn release(debug: bool) -> &'static str { } } -fn dist_repo() -> String { - match var("PACWRAP_DIST_REPO") { - Ok(var) => var, - Err(_) => "file:///usr/share/pacwrap/dist-repo".into(), - } -} - fn is_debug() -> bool { var("DEBUG").unwrap().parse().unwrap() } @@ -42,7 +35,6 @@ fn main() { let debug: bool = is_debug(); println!("cargo:rerun-if-env-changed=PACWRAP_DIST_REPO"); - println!("cargo:rustc-env=PACWRAP_DIST_REPO={}", dist_repo()); println!("cargo:rustc-env=PACWRAP_BUILDSTAMP={}", head()); println!("cargo:rustc-env=PACWRAP_BUILDTIME={}", time(debug)); println!("cargo:rustc-env=PACWRAP_BUILD={}", release(debug));