github/dev -> github/master

* Update icon
* Make runner and prefix paths optional
* Update version
* Split sandbox constants and helper methods
* Move constants
* Split binary check to allow further improvements
* Update README.md
* Update description

Author: RX0FA

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "raptor-cage"
-version = "1.0.2"
+version = "1.0.3"
 edition = "2021"
 license = "CIL-1.0"
 

Cargo.toml

@@ -1,4 +1,5 @@
 <div align="center">
+  <img src="assets/icon.png" />
   <h1>
     raptor-cage
   </h1>
@@ -44,7 +45,7 @@ sudo install -Dm755 raptor-cage "/usr/local/bin/rcage"
 rcage run -r soda-9.0-1 -p my_prefix -d ~/games/some_game -b game.exe
 
 # Run native binary, and pass custom parameters.
-rcage run -r soda-9.0-1 -p my_prefix -d ~/games/some_game -b native_binary -- --param1
+rcage run -d ~/games/some_game -b native_binary -- --param1
 
 # Mount game path as read-write, mount installer path as read-only, then start interactive shell.
 rcage run -r soda-9.0-1 -p my_prefix  -d ~/games/some_game:rw -v ~/installers:/installers:
@@ -114,7 +115,7 @@ cargo upgrade --dry-run
 * Native wayland support, see https://www.phoronix.com/news/Wine-9.22-Released and https://wiki.archlinux.org/title/Wine#Wayland. Also consider bringing back `--unshare-ipc` if using Wayland prevents the issue described in bwrap.rs#90.
 * Add `kill` sub-command to terminate all processes in a sandbox, need to connect to existing bwrap container.
 * When using the `integrate` sub-command to create a `.desktop` shortcut, extract executable icon and set it respectively. It can be done with a small windows executable calling a win32 API call or natively on Linux by using `wrestool`.
-* Add NTSYNC support, see also https://www.phoronix.com/news/Linux-6.14-NTSYNC-Driver-Ready.
+* Add NTSYNC support, see also https://www.phoronix.com/news/Linux-6.14-Char-Misc-NTSYNC.
 
 #### Packaging
 

README.md

@@ -44,10 +44,10 @@ pub enum Commands {
     sync_mode: SyncMode,
     /// Path of the Wine runner.
     #[arg(short, long = "runner", value_name = "PATH")]
-    runner_path: PathBuf,
+    runner_path: Option<PathBuf>,
     /// Path of the Wine prefix.
     #[arg(short, long = "prefix", value_name = "PATH")]
-    prefix_path: PathBuf,
+    prefix_path: Option<PathBuf>,
     /// Path that contains the application files.
     #[arg(short = 'd', long = "appdir", value_name = "PATH")]
     app_dir: Option<String>,
@@ -65,7 +65,7 @@ pub enum Commands {
 }
 
 #[derive(Debug, Parser)]
-#[command(about = "Run and manage games inside of a sandbox", long_about = None)]
+#[command(about = "Run games in a secure sandbox", long_about = None)]
 pub struct Cli {
   #[command(subcommand)]
   pub command: Commands,

assets/icon.png

@@ -27,12 +27,15 @@ pub fn run(
   verbose: bool,
   upscale_mode: UpscaleMode,
   sync_mode: SyncMode,
-  runner_path: PathBuf,
-  prefix_path: PathBuf,
+  runner_path: Option<PathBuf>,
+  prefix_path: Option<PathBuf>,
   app_dir: Option<String>,
   app_bin: Option<String>,
   app_args: Option<Vec<String>>,
 ) -> anyhow::Result<()> {
+  if runner_path.as_ref().xor(prefix_path.as_ref()).is_some() {
+    anyhow::bail!("either both runner and prefix paths are required, or neither");
+  }
   let sandbox_config = SandboxConfig {
     namespace_isolation: !no_namespace_isolation,
     user_mapping,

src/cli.rs

@@ -3,47 +3,16 @@ use super::mount::MountMapping;
 use super::sandbox::{
   DeviceAccess, LaunchConfig, LaunchParams, NetworkMode, RuntimeEnv, SandboxConfig,
 };
+use super::sandbox_config::{
+  current_timestamp_hex, find_nvidia_devices, INNER_APP_DIR, INNER_WINE_PREFIX, INNER_WINE_ROOT,
+};
 use super::wine::{SyncMode, UpscaleMode};
 use anyhow::Context;
 use std::env;
 use std::path::PathBuf;
-use std::time::{SystemTime, UNIX_EPOCH};
-use std::{
-  fs,
-  os::unix::fs::FileTypeExt,
-  process::{Command, Stdio},
-};
+use std::process::{Command, Stdio};
 use tempfile::NamedTempFile;
 
-fn current_timestamp_hex() -> String {
-  let start = SystemTime::now();
-  let since_epoch = start.duration_since(UNIX_EPOCH).unwrap();
-  let seconds = since_epoch.as_secs();
-  format!("{:x}", seconds)
-}
-
-fn find_nvidia_devices() -> anyhow::Result<Vec<String>> {
-  let mut nvidia_devices = Vec::new();
-  let entries = fs::read_dir("/dev")?;
-  for entry in entries.flatten() {
-    let path = entry.path();
-    let metadata = path.metadata()?;
-    if metadata.file_type().is_char_device() {
-      let file_name = path
-        .file_name()
-        .unwrap_or_default()
-        .to_str()
-        .unwrap_or_default();
-      if file_name.starts_with("nvidia") {
-        if let Some(path_str) = path.to_str() {
-          nvidia_devices.push(path_str.to_string());
-        }
-      }
-    }
-  }
-  Ok(nvidia_devices)
-}
-
 /// Gets the corresponding bwrap parameters for the selected DeviceAccess option.
 pub fn get_device_args(device_access: &DeviceAccess) -> anyhow::Result<Vec<String>> {
   match device_access {
@@ -84,10 +53,6 @@ fn get_mount_args(mount_mappings: &[MountMapping]) -> Vec<String> {
   args
 }
 
-const INNER_WINE_ROOT: &str = "/opt/wine";
-const INNER_WINE_PREFIX: &str = "/var/lib/wine";
-const INNER_APP_DIR: &str = "/app";
-
 fn build_args(
   sandbox_config: &SandboxConfig,
   launch_config: &LaunchConfig,
@@ -209,26 +174,24 @@ fn build_args(
   // Mount the directory that contains the Wine binaries and libraries (a.k.a. runner), the Wine
   // version to be mounted must be statically compiled in order to not rely on any host library
   // i.e. the runners downloaded by Bottles are statically compiled.
-  args.extend([
-    "--tmpfs",
-    "/opt",
-    "--ro-bind",
-    launch_config
-      .runner_path
-      .to_str()
-      .context("bad runner path")?,
-    INNER_WINE_ROOT,
-  ]);
+  if let Some(runner_path) = &launch_config.runner_path {
+    args.extend([
+      "--tmpfs",
+      "/opt",
+      "--ro-bind",
+      runner_path.to_str().context("bad runner path")?,
+      INNER_WINE_ROOT,
+    ]);
+  }
   // Prefix needs to be read-write because some dependencies may be installed or system files change
   // while wine is running, even changing the registry requires write access.
-  args.extend([
-    "--bind",
-    launch_config
-      .prefix_path
-      .to_str()
-      .context("bad prefix path")?,
-    INNER_WINE_PREFIX,
-  ]);
+  if let Some(prefix_path) = &launch_config.prefix_path {
+    args.extend([
+      "--bind",
+      prefix_path.to_str().context("bad prefix path")?,
+      INNER_WINE_PREFIX,
+    ]);
+  }
   // Mount X11 socket to allow running GUI apps. Using the same X11 display number as the host
   // because using a different number will not work despite being the first recommendation in the
   // ArchWiki: https://wiki.archlinux.org/title/Bubblewrap#Using_X11.
@@ -402,7 +365,7 @@ fn build_args(
         let bin_path = bin_buf
           .to_str()
           .with_context(|| format!("invalid path: {}", bin_buf.to_string_lossy()))?;
-        if bin_path.ends_with(".exe") {
+        if launch_config.launch_params.is_windows_binary() {
           final_args.push("wine".into());
         }
         final_args.push(bin_path.into());

src/invoker.rs

@@ -3,5 +3,6 @@ pub mod bwrap;
 mod display;
 pub mod mount;
 pub mod sandbox;
+mod sandbox_config;
 pub mod user_mapping;
 pub mod wine;

src/sandbox/bwrap.rs

@@ -142,14 +142,24 @@ impl LaunchParams {
       app_args: app_args.unwrap_or(vec![]),
     }
   }
+
+  pub fn is_windows_binary(&self) -> bool {
+    match self {
+      LaunchParams::Configured {
+        app_bin: Some(app_bin),
+        ..
+      } => app_bin.ends_with(".exe"),
+      _ => false,
+    }
+  }
 }
 
 // TODO: detect GPUs and configure environment to use the dedicated GPU, currently bottles uses
 // lspci and grep, however it does not seem to work in many scenarios. See
 // https://github.com/bottlesdevs/Bottles/blob/540f6fc0d4c2853e2a62cab98548ce3210c7352a/bottles/backend/utils/gpu.py.
 pub struct LaunchConfig {
-  pub runner_path: PathBuf,
-  pub prefix_path: PathBuf,
+  pub runner_path: Option<PathBuf>,
+  pub prefix_path: Option<PathBuf>,
   /// Application to execute inside the sandbox, if not set, a shell will be started instead.
   pub launch_params: LaunchParams,
   /// Optional upscale mode (needs to be supported by the runner).
@@ -160,23 +170,25 @@ pub struct LaunchConfig {
 
 impl LaunchConfig {
   pub fn new(
-    runner_path: PathBuf,
-    prefix_path: PathBuf,
+    runner_path: Option<PathBuf>,
+    prefix_path: Option<PathBuf>,
     launch_params: Option<LaunchParams>,
     upscale_mode: Option<UpscaleMode>,
     sync_mode: Option<SyncMode>,
   ) -> anyhow::Result<Self> {
-    let data_root = bottles::get_data_root()?;
-    let runner_path = if runner_path.is_absolute() {
-      runner_path
-    } else {
-      data_root.join("runners").join(runner_path)
-    };
-    let prefix_path = if prefix_path.is_absolute() {
-      prefix_path
+    let data_root: Option<PathBuf> = if runner_path.is_some() || prefix_path.is_some() {
+      Some(bottles::get_data_root()?)
     } else {
-      data_root.join("bottles").join(prefix_path)
+      None
     };
+    let runner_path = runner_path.map(|path| match &data_root {
+      Some(data_root) if !path.is_absolute() => data_root.join("runners").join(path),
+      _ => path,
+    });
+    let prefix_path = prefix_path.map(|path| match &data_root {
+      Some(data_root) if !path.is_absolute() => data_root.join("bottles").join(path),
+      _ => path,
+    });
     Ok(LaunchConfig {
       runner_path,
       prefix_path,

src/sandbox/mod.rs

@@ -0,0 +1,38 @@
+use std::{
+  fs,
+  os::unix::fs::FileTypeExt,
+  time::{SystemTime, UNIX_EPOCH},
+};
+
+pub const INNER_WINE_ROOT: &str = "/opt/wine";
+pub const INNER_WINE_PREFIX: &str = "/var/lib/wine";
+pub const INNER_APP_DIR: &str = "/app";
+
+pub fn current_timestamp_hex() -> String {
+  let start = SystemTime::now();
+  let since_epoch = start.duration_since(UNIX_EPOCH).unwrap();
+  let seconds = since_epoch.as_secs();
+  format!("{:x}", seconds)
+}
+
+pub fn find_nvidia_devices() -> anyhow::Result<Vec<String>> {
+  let mut nvidia_devices = Vec::new();
+  let entries = fs::read_dir("/dev")?;
+  for entry in entries.flatten() {
+    let path = entry.path();
+    let metadata = path.metadata()?;
+    if metadata.file_type().is_char_device() {
+      let file_name = path
+        .file_name()
+        .unwrap_or_default()
+        .to_str()
+        .unwrap_or_default();
+      if file_name.starts_with("nvidia") {
+        if let Some(path_str) = path.to_str() {
+          nvidia_devices.push(path_str.to_string());
+        }
+      }
+    }
+  }
+  Ok(nvidia_devices)
+}