From c28d5a16d8f94ef8b1511d72cb9811893f7a5749 Mon Sep 17 00:00:00 2001
From: Boris Yumankulov <boria138@altlinux.org>
Date: Fri, 19 Jul 2024 20:13:44 +0500
Subject: [PATCH] epm play: move bwrap-fix to separate prescription

---
 prescription.d/bwrap-fix.sh | 36 ++++++++++++++++++++++++++++++++++++
 prescription.d/flatpak.sh   | 26 ++------------------------
 2 files changed, 38 insertions(+), 24 deletions(-)
 create mode 100755 prescription.d/bwrap-fix.sh

diff --git a/prescription.d/bwrap-fix.sh b/prescription.d/bwrap-fix.sh
new file mode 100755
index 00000000..73094db2
--- /dev/null
+++ b/prescription.d/bwrap-fix.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+[ "$1" != "--run" ] && echo "Enable unprivileged bubblewrap mode" && exit
+
+. $(dirname $0)/common.sh
+
+assure_root
+
+[ "$(epm print info -s)" = "alt" ] || fatal "Only ALTLinux is supported"
+
+epm install --skip-installed  sysctl-conf-userns
+
+# https://bugzilla.altlinux.org/46690 and https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
+cat <<EOL > /etc/systemd/system/check-bwrap.service
+[Unit]
+Description=Check and fix permissions for bwrap
+Wants=check-bwrap.path
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash -c "CURRENT_PERMISSIONS=\$(stat -c '%a' /usr/bin/bwrap); if [ '\$CURRENT_PERMISSIONS' != '775' ]; then chmod 0755 /usr/bin/bwrap; fi"
+EOL
+
+cat <<EOL > /etc/systemd/system/check-bwrap.path
+[Unit]
+Description=Watch /usr/bin/bwrap for changes
+
+[Path]
+PathModified=/usr/bin/bwrap
+
+[Install]
+WantedBy=multi-user.target
+EOL
+
+serv on check-bwrap.path
+serv start check-bwrap.service
diff --git a/prescription.d/flatpak.sh b/prescription.d/flatpak.sh
index e8295454..04f22433 100755
--- a/prescription.d/flatpak.sh
+++ b/prescription.d/flatpak.sh
@@ -41,29 +41,7 @@ fi
 # Р‘РµР· РїРµСЂРµР·Р°РіСЂСѓР·РєРё dbus, РїРѕСЂС‚Р°Р»С‹ РЅРµ Р·Р°СЂР°Р±РѕС‚Р°СЋС‚
 serv dbus reload
 
-# https://bugzilla.altlinux.org/46690
-cat <<EOL > /etc/systemd/system/check-bwrap.service
-[Unit]
-Description=Check and fix permissions for bwrap
-Wants=check-bwrap.path
-
-[Service]
-Type=oneshot
-ExecStart=/bin/bash -c "CURRENT_PERMISSIONS=\$(stat -c '%a' /usr/bin/bwrap); if [ '\$CURRENT_PERMISSIONS' != '775' ]; then chmod 0755 /usr/bin/bwrap; fi"
-EOL
-
-cat <<EOL > /etc/systemd/system/check-bwrap.path
-[Unit]
-Description=Watch /usr/bin/bwrap for changes
-
-[Path]
-PathModified=/usr/bin/bwrap
-
-[Install]
-WantedBy=multi-user.target
-EOL
-
-serv on check-bwrap.path
-serv start check-bwrap.service
+# https://bugzilla.altlinux.org/46690 and https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
+epm play bwrap-fix
 
 echo "You need to log out of the session for flatpak to work."
-- 
2.24.1