From 39b578f4f572072f25e4a4591d886464f151b5ac Mon Sep 17 00:00:00 2001
From: Jo-Blade <bladeur13@free.fr>
Date: Sun, 15 Sep 2024 12:16:06 +0700
Subject: [PATCH 1/2] add bwrap Apprun

---
 appruns/bwrap/default.nix | 7 +++++++
 appruns/bwrap/test.sh     | 3 +++
 flake.nix                 | 1 +
 3 files changed, 11 insertions(+)
 create mode 100644 appruns/bwrap/default.nix
 create mode 100755 appruns/bwrap/test.sh

diff --git a/appruns/bwrap/default.nix b/appruns/bwrap/default.nix
new file mode 100644
index 0000000..21a9e9f
--- /dev/null
+++ b/appruns/bwrap/default.nix
@@ -0,0 +1,7 @@
+{ runCommand
+}:
+
+runCommand "AppRun" { } ''
+  mkdir $out
+  cp ${./test.sh} $out/AppRun
+''
diff --git a/appruns/bwrap/test.sh b/appruns/bwrap/test.sh
new file mode 100755
index 0000000..d8c5719
--- /dev/null
+++ b/appruns/bwrap/test.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+LOCATION="$(dirname -- "$(readlink -f "${BASH_SOURCE}")")"
+bwrap $(ls / | grep -v -E "dev|proc" | xargs -I % echo --bind /% /% | tr '\n' ' ') --dev-bind /dev /dev --proc /proc --ro-bind $LOCATION/nix /nix $(readlink $LOCATION/entrypoint) $@
diff --git a/flake.nix b/flake.nix
index 96d0c5e..d846fd4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,7 @@
         # appruns contain an AppRun executable that does setup and launches entrypoint
         packages.appimage-appruns = {
           userns-chroot = pkgs.callPackage ./appruns/userns-chroot { };
+          bwrap = pkgs.callPackage ./appruns/bwrap { };
         };
 
         lib.mkAppImage = pkgs.callPackage ./mkAppImage.nix {

From c2944a95ba238b3f1c2dccf904fec36b116d9c4c Mon Sep 17 00:00:00 2001
From: Jo-Blade <bladeur13@free.fr>
Date: Sat, 5 Oct 2024 09:52:43 +0200
Subject: [PATCH 2/2] include a statically linked bubblewrap binary in the
 appimage

---
 appruns/bwrap/default.nix | 4 +++-
 appruns/bwrap/test.sh     | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/appruns/bwrap/default.nix b/appruns/bwrap/default.nix
index 21a9e9f..8e8da7d 100644
--- a/appruns/bwrap/default.nix
+++ b/appruns/bwrap/default.nix
@@ -1,7 +1,9 @@
-{ runCommand
+{ runCommand,
+  pkgsStatic
 }:
 
 runCommand "AppRun" { } ''
   mkdir $out
   cp ${./test.sh} $out/AppRun
+  cp ${pkgsStatic.bubblewrap}/bin/bwrap $out/bwrap
 ''
diff --git a/appruns/bwrap/test.sh b/appruns/bwrap/test.sh
index d8c5719..8886d83 100755
--- a/appruns/bwrap/test.sh
+++ b/appruns/bwrap/test.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 LOCATION="$(dirname -- "$(readlink -f "${BASH_SOURCE}")")"
-bwrap $(ls / | grep -v -E "dev|proc" | xargs -I % echo --bind /% /% | tr '\n' ' ') --dev-bind /dev /dev --proc /proc --ro-bind $LOCATION/nix /nix $(readlink $LOCATION/entrypoint) $@
+$LOCATION/bwrap $(ls / | grep -v -E "dev|proc" | xargs -I % echo --bind /% /% | tr '\n' ' ') --dev-bind /dev /dev --proc /proc --ro-bind $LOCATION/nix /nix $(readlink $LOCATION/entrypoint) $@