-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial prototype of a Kate cartridge importer #19
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
robotlolita
added
documentation
Improvements or additions to documentation
enhancement
New feature or request
c:kernel
Changes to the Kate emulator kernel (requires strict audits!)
c:ecosystem
Changes to Kate's userland ecosystem (relaxed audits)
labels
Aug 19, 2023
robotlolita
added a commit
that referenced
this pull request
Aug 21, 2023
robotlolita
added a commit
that referenced
this pull request
Aug 21, 2023
…rom-folder flow. Amends #19.
robotlolita
added a commit
that referenced
this pull request
Aug 21, 2023
robotlolita
added a commit
that referenced
this pull request
Aug 21, 2023
…ll the cartridge. Since the Kernel still has to do some work before prompting the user for the installation, closing it early means that the user has no feedback about what's happening. Amends #19.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
c:ecosystem
Changes to Kate's userland ecosystem (relaxed audits)
c:kernel
Changes to the Kate emulator kernel (requires strict audits!)
documentation
Improvements or additions to documentation
enhancement
New feature or request
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The overarching idea of this importer is that you should be able to download any game for a different platform, then import it to run in the Kate sandbox — which is particularly useful for running small Windows/Linux-only games released for game jams without all of the associated risk (and without having to set up a separate throwaway machine just to play a video game).
The way it works is pretty straight-forward: given that many game engines are divided into the "engine runtime" and "game runtime", with "game runtime" often being cross-platform, the only thing that the importer needs to do is to take out the "game runtime" part of the Windows/Linux/etc distribution and put it together with a web-based runtime for the same engine. This initial PR does that for Bitsy (the engine is already web-based and embedded in the game) and Ren'Py (a separate "renpyweb" runtime is embedded in the importer) games.
Note that since the necessary runtimes are ultimately embedded in the importer cartridge (for now! I want to implement shared runtime libraries in the future), that means that the importer ends up including LGPL code as well.
Regarding the risks, it's important to note that this patch introduces 3 new dangerous capabilities:
Also, to support unpacking games from ZIP archives and building the necessary data for Ren'Py cartridges the importer cartridge includes JSZip as an external dependency. The dependency isn't vetted as of now, but the importer runs in a sandboxed process and the capabilities it uses are not easily usable for direct escalation without the user knowledge.
Regarding the technical implementation, it's also important to note that in order to properly support converting an arbitrary Ren'Py PC-game to a renpyweb-based one we need to unpack all files from RPA archives. That's because the renpyweb runtime deals extremely poorly with them (understandably so as there's no point in having those if users will download them from the internet on demand). Unfortunately the RPA archives' index is stored using Python's pickle, which is very Python-specific and lacks a proper specification. Thus this patch includes an implementation of a subset of Python's pickle format in TypeScript based only on the documentation available in https://github.com/python/cpython/blob/main/Lib/pickletools.py and some clarifications on the integer storage from the CPython VM (because of course Pickle uses VM internals). This will require some more thorough testing, but it's also not critical for security — usually the worst that can happen is that the import process fails or succeeds with a file that's different from the intended (which is okay as cartridges generated by the importer have no capabilities).