bubblejail: init at 0.9.4.1

NixOS · Jan 14, 2025 · 3fb5616 · 3fb5616
1 parent 5ecb91a
commit 3fb5616
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/pkgs/by-name/bu/bubblejail/package.nix b/pkgs/by-name/bu/bubblejail/package.nix
@@ -0,0 +1,41 @@
+{
+  lib,
+  python3,
+  fetchFromGitHub,
+  scdoc,
+}:
+python3.pkgs.buildPythonApplication rec {
+  pname = "bubblejail";
+  version = "0.9.4.1";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "igo95862";
+    repo = "bubblejail";
+    tag = version;
+    hash = "sha256-L6Z/HtRbWwtJaZPAmRxZeaNFvsM4CJL4NaZF2/lURdg=";
+    fetchSubmodules = true;
+  };
+
+  build-system = [
+    python3.pkgs.meson-python
+  ];
+
+  patches = [ ./scan-store.patch ];
+
+  dependencies = [ python3.pkgs.jinja2 ];
+  nativeBuildInputs = [ scdoc ];
+
+  pythonImportsCheck = [
+    "bubblejail"
+  ];
+
+  meta = {
+    description = "Bubblewrap based sandboxing for desktop applications";
+    homepage = "https://github.com/igo95862/bubblejail";
+    changelog = "https://github.com/igo95862/bubblejail/blob/${src.rev}/CHANGELOG.md";
+    license = lib.licenses.gpl3;
+    maintainers = with lib.maintainers; [ justdeeevin ];
+    mainProgram = "bubblejail";
+  };
+}
diff --git a/pkgs/by-name/bu/bubblejail/scan-store.patch b/pkgs/by-name/bu/bubblejail/scan-store.patch
@@ -0,0 +1,13 @@
+diff --git a/src/bubblejail/services.py b/src/bubblejail/services.py
+index 4aad731..e0e294d 100644
+--- a/src/bubblejail/services.py
++++ b/src/bubblejail/services.py
+@@ -177,6 +177,7 @@ class BubblejailDefaults(BubblejailService):
+         # Distro packaged libraries and binaries
+         yield ReadOnlyBind("/usr")
+         yield ReadOnlyBind("/opt")
++        yield ReadOnlyBind("/nix")
+         # Recreate symlinks in / or mount them read-only if its not a symlink.
+         # Should be portable between distros.
+         for root_path in Path("/").iterdir():
+