From ebaedb5377dcc5e6aca28ef666871e424dd39938 Mon Sep 17 00:00:00 2001 From: Bignaux Ronan Date: Tue, 3 Mar 2020 01:40:57 +0100 Subject: [PATCH 1/4] appimage: refactoring extractType2 to avoid use of appimage packer --- pkgs/build-support/appimage/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index c871df787b7eab..f4ccd038f7655e 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -1,4 +1,4 @@ -{ stdenv, libarchive, patchelf, zlib, buildFHSUserEnv, writeScript }: +{ stdenv, libarchive, radare2, jq, buildFHSUserEnv, squashfsTools, writeScript }: rec { # Both extraction functions could be unified, but then @@ -19,15 +19,16 @@ rec { name = "${name}-extracted"; inherit src; - nativeBuildInputs = [ patchelf ]; + nativeBuildInputs = [ radare2 jq squashfsTools ]; buildCommand = '' install $src ./appimage - patchelf \ - --set-interpreter ${stdenv.cc.bintools.dynamicLinker} \ - --replace-needed libz.so.1 ${zlib}/lib/libz.so.1 \ - ./appimage - ./appimage --appimage-extract + # multiarch offset one-liner using same method as AppImage + # see https://gist.github.com/probonopd/a490ba3401b5ef7b881d5e603fa20c93 + offset=$(r2 ./appimage -nn -Nqc "pfj.elf_header @ 0" |\ + jq 'map({(.name): .value}) | add | .shoff + (.shnum * .shentsize)') + + unsquashfs -o $offset ./appimage cp -rv squashfs-root $out ''; From 04037d1e03b9ee08f1b56ab3480e1ffdafd88155 Mon Sep 17 00:00:00 2001 From: Bignaux Ronan Date: Wed, 4 Mar 2020 00:46:00 +0100 Subject: [PATCH 2/4] appimage: unify extract functions --- pkgs/build-support/appimage/default.nix | 43 +++++++++++++------------ 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index f4ccd038f7655e..f8e5206bbb5a22 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -1,39 +1,40 @@ { stdenv, libarchive, radare2, jq, buildFHSUserEnv, squashfsTools, writeScript }: rec { - # Both extraction functions could be unified, but then - # it would depend on libmagic to correctly identify ISO 9660s - extractType1 = { name, src }: stdenv.mkDerivation { + extract = { name, src }: stdenv.mkDerivation { name = "${name}-extracted"; inherit src; - - nativeBuildInputs = [ libarchive ]; + nativeBuildInputs = [ radare2 libarchive jq squashfsTools ]; buildCommand = '' - mkdir $out - bsdtar -x -C $out -f $src - ''; - }; + # https://github.com/AppImage/libappimage/blob/ca8d4b53bed5cbc0f3d0398e30806e0d3adeaaab/src/libappimage/utils/MagicBytesChecker.cpp#L45-L63 + appimageType=$(r2 $src -nn -Nqc "p8 3 @ 8") + case "$appimageType" in + 414901) + mkdir $out + bsdtar -x -C $out -f $src;; - extractType2 = { name, src }: stdenv.mkDerivation { - name = "${name}-extracted"; - inherit src; + 414902) + install $src ./appimage - nativeBuildInputs = [ radare2 jq squashfsTools ]; - buildCommand = '' - install $src ./appimage + # multiarch offset one-liner using same method as AppImage + # see https://gist.github.com/probonopd/a490ba3401b5ef7b881d5e603fa20c93 + offset=$(r2 ./appimage -nn -Nqc "pfj.elf_header @ 0" |\ + jq 'map({(.name): .value}) | add | .shoff + (.shnum * .shentsize)') - # multiarch offset one-liner using same method as AppImage - # see https://gist.github.com/probonopd/a490ba3401b5ef7b881d5e603fa20c93 - offset=$(r2 ./appimage -nn -Nqc "pfj.elf_header @ 0" |\ - jq 'map({(.name): .value}) | add | .shoff + (.shnum * .shentsize)') + unsquashfs -o $offset ./appimage - unsquashfs -o $offset ./appimage + cp -rv squashfs-root $out;; - cp -rv squashfs-root $out + # 414903) get prepared, https://github.com/TheAssassin/type3-runtime + *) echo "Unsupported AppImage Signature: $appimageType";; + esac ''; }; + extractType1 = extract; + extractType2 = extract; + wrapAppImage = args@{ name, src, extraPkgs, ... }: buildFHSUserEnv (defaultFhsEnvArgs // { inherit name; From 92b36343a8ea29de1bd6d2c3920323ce8b4a1ea8 Mon Sep 17 00:00:00 2001 From: Bignaux Ronan Date: Wed, 4 Mar 2020 05:40:19 +0100 Subject: [PATCH 3/4] appimage: split checks between appimageSignature and appimageType --- pkgs/build-support/appimage/default.nix | 27 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index f8e5206bbb5a22..7459a028f076ea 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -8,13 +8,23 @@ rec { nativeBuildInputs = [ radare2 libarchive jq squashfsTools ]; buildCommand = '' # https://github.com/AppImage/libappimage/blob/ca8d4b53bed5cbc0f3d0398e30806e0d3adeaaab/src/libappimage/utils/MagicBytesChecker.cpp#L45-L63 - appimageType=$(r2 $src -nn -Nqc "p8 3 @ 8") + eval $(r2 $src -nn -Nqc "p8j 3 @ 8" | + jq -r '{appimageSignature: (.[:-1]|implode), appimageType: .[-1]}| + @sh "appimageSignature=\(.appimageSignature) appimageType=\(.appimageType)"') + + # check AppImage signature + if [[ $appimageSignature != "AI" ]]; then + echo "Not an appimage." + exit + fi + case "$appimageType" in - 414901) + 1) mkdir $out - bsdtar -x -C $out -f $src;; + bsdtar -x -C $out -f $src + ;; - 414902) + 2) install $src ./appimage # multiarch offset one-liner using same method as AppImage @@ -22,12 +32,11 @@ rec { offset=$(r2 ./appimage -nn -Nqc "pfj.elf_header @ 0" |\ jq 'map({(.name): .value}) | add | .shoff + (.shnum * .shentsize)') - unsquashfs -o $offset ./appimage - - cp -rv squashfs-root $out;; + unsquashfs -q -d $out -o $offset ./appimage + ;; - # 414903) get prepared, https://github.com/TheAssassin/type3-runtime - *) echo "Unsupported AppImage Signature: $appimageType";; + # 3) get ready, https://github.com/TheAssassin/type3-runtime + *) echo "Unsupported AppImage Type: $appimageType";; esac ''; }; From 3443b693cc10522cf5513419ba7266afb0ce5da1 Mon Sep 17 00:00:00 2001 From: Bignaux Ronan Date: Wed, 4 Mar 2020 15:10:11 +0100 Subject: [PATCH 4/4] appimage: fix suspicious ownership --- pkgs/build-support/appimage/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index 7459a028f076ea..c56aae4c599c5d 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -13,7 +13,7 @@ rec { @sh "appimageSignature=\(.appimageSignature) appimageType=\(.appimageType)"') # check AppImage signature - if [[ $appimageSignature != "AI" ]]; then + if [[ "$appimageSignature" != "AI" ]]; then echo "Not an appimage." exit fi @@ -25,14 +25,13 @@ rec { ;; 2) - install $src ./appimage - # multiarch offset one-liner using same method as AppImage # see https://gist.github.com/probonopd/a490ba3401b5ef7b881d5e603fa20c93 - offset=$(r2 ./appimage -nn -Nqc "pfj.elf_header @ 0" |\ + offset=$(r2 $src -nn -Nqc "pfj.elf_header @ 0" |\ jq 'map({(.name): .value}) | add | .shoff + (.shnum * .shentsize)') - unsquashfs -q -d $out -o $offset ./appimage + unsquashfs -q -d $out -o $offset $src + chmod go-w $out ;; # 3) get ready, https://github.com/TheAssassin/type3-runtime