diff --git a/.gitignore b/.gitignore index 5c5391c..e245273 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,22 @@ 1.20.1-FearFactoryTest/minecraft/patchouli_data.json /1.20.1-FearFactoryTest/minecraft/mods/.connector /1.20.1-FearFactoryTest/minecraft/config/tellme +/devtools/.sandbox-home/.cache +/devtools/.sandbox-home/.config/GitHub Desktop/Cache +devtools/.sandbox-home/.config/GitHub Desktop/.guid +devtools/.sandbox-home/.config/GitHub Desktop/Code Cache/js/index +devtools/.sandbox-home/.config/GitHub Desktop/Code Cache/js/index-dir/the-real-index +devtools/.sandbox-home/.config/GitHub Desktop/Code Cache/wasm/index +devtools/.sandbox-home/.config/GitHub Desktop/Code Cache/wasm/index-dir/the-real-index +devtools/.sandbox-home/.config/GitHub Desktop/Cookies +devtools/.sandbox-home/.config/GitHub Desktop/Cookies-journal +devtools/.sandbox-home/.config/GitHub Desktop/Crashpad/client_id +/devtools/.sandbox-home/.config +devtools/.sandbox-home/.local/share/org.gnome.TextEditor/session.gvariant +devtools/.sandbox-home/.local/share/org.gnome.TextEditor/recently-used.xbel +devtools/.sandbox-home/.gitconfig +devtools/.sandbox-home/.pki/nssdb/cert9.db +devtools/.sandbox-home/.pki/nssdb/key4.db +devtools/.sandbox-home/.pki/nssdb/pkcs11.txt +devtools/.sandbox-home/.local/share/recently-used.xbel +devtools/.sandbox-home/.local/share/PrismLauncher/metacache diff --git a/devtools/checkhash.nix b/devtools/checkhash.nix new file mode 100644 index 0000000..ba577b3 --- /dev/null +++ b/devtools/checkhash.nix @@ -0,0 +1,10 @@ +with import {}; + +let + url = "https://github.com/shiftkey/desktop/releases/download/release-3.2.1-linux1/GitHubDesktop-linux-3.2.1-linux1.AppImage"; +in +builtins.fetchurl { + inherit url; + # intentionally use a bad hash to force Nix to tell you the correct one + sha256 = "0000000000000000000000000000000000000000000000000000"; +} diff --git a/devtools/shell.nix b/devtools/shell.nix new file mode 100644 index 0000000..649c5fb --- /dev/null +++ b/devtools/shell.nix @@ -0,0 +1,38 @@ +{ pkgs ? import {} }: + +pkgs.mkShell { + buildInputs = [ + pkgs.prismlauncher + pkgs.github-desktop + pkgs.bubblewrap + ]; + + shellHook = '' + mkdir -p .sandbox-home/.config/github-desktop + mkdir -p .sandbox-home/.config/PrismLauncher + + sandboxed_run() { + local app_path="$(command -v "$1")" + echo "Launching $1 from $app_path in sandboxed environment..." + + bwrap \ + --dev-bind / / \ + --bind "$(pwd)/.sandbox-home" /home \ + --bind "$(pwd)/.." /home/workspace \ + --setenv HOME /home \ + --setenv LANG en_US.UTF-8 \ + --setenv LC_ALL en_US.UTF-8 \ + --setenv DISPLAY "$DISPLAY" \ + --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \ + --setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \ + --setenv PATH "$PATH" \ + "$app_path" & + } + + sandboxed_run github-desktop + sandboxed_run prismlauncher + + echo "Both applications launched in sandboxed writable .sandbox-home. Type 'exit' to quit this shell." + ''; +} +