npm - sandboxbox - Versions diffs - 1.0.0 → 1.0.2 - Mend

sandboxbox 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/cli.js +40 -17
package/package.json +2 -2
package/scripts/build.js +197 -0
package/scripts/download-bubblewrap.js +17 -3

package/cli.js CHANGED Viewed

@@ -14,7 +14,8 @@ import { readFileSync, existsSync, writeFileSync, mkdirSync } from 'fs';
 import { execSync } from 'child_process';
 import { fileURLToPath } from 'url';
 import { dirname, resolve } from 'path';
-import { bubblewrap } from './lib/bubblewrap.js';
+// We'll import bubblewrap later, only on Linux systems
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -66,19 +67,26 @@ function showHelp() {
   console.log(color('magenta', '🚀 8ms startup • True isolation • Playwright ready'));
 }
-function checkBubblewrap() {
-  if (bubblewrap.isAvailable()) {
-    console.log(color('green', `✅ Bubblewrap found: ${bubblewrap.getVersion()}`));
+async function checkBubblewrap() {
+  try {
+    const { bubblewrap } = await import('./lib/bubblewrap.js');
-    if (!bubblewrap.checkUserNamespaces()) {
-      console.log(color('yellow', '⚠️  User namespaces not available'));
-      console.log(color('yellow', '   Try: sudo sysctl kernel.unprivileged_userns_clone=1'));
-      console.log(color('yellow', '   Or: echo 1 | sudo tee /proc/sys/kernel/unprivileged_userns_clone'));
-    }
+    if (bubblewrap.isAvailable()) {
+      console.log(color('green', `✅ Bubblewrap found: ${bubblewrap.getVersion()}`));
+      if (!bubblewrap.checkUserNamespaces()) {
+        console.log(color('yellow', '⚠️  User namespaces not available'));
+        console.log(color('yellow', '   Try: sudo sysctl kernel.unprivileged_userns_clone=1'));
+        console.log(color('yellow', '   Or: echo 1 | sudo tee /proc/sys/kernel/unprivileged_userns_clone'));
+      }
-    return true;
-  } else {
-    console.log(color('red', bubblewrap.findBubblewrap().message));
+      return true;
+    } else {
+      console.log(color('red', bubblewrap.findBubblewrap().message));
+      return false;
+    }
+  } catch (error) {
+    console.log(color('red', `❌ Failed to load bubblewrap manager: ${error.message}`));
     return false;
   }
 }
@@ -128,6 +136,21 @@ CMD ["npm", "test"]
 }
 async function main() {
+  // Check platform first
+  if (process.platform !== 'linux') {
+    console.log(color('red', '❌ SandboxBox only works on Linux systems'));
+    console.log(color('yellow', '🐧 Required: Linux with bubblewrap (bwrap)'));
+    console.log('');
+    console.log(color('cyan', '💡 Alternatives for Windows users:'));
+    console.log('   • Use WSL2 (Windows Subsystem for Linux 2)');
+    console.log('   • Use Docker Desktop with Linux containers');
+    console.log('   • Use GitHub Actions (ubuntu-latest runners)');
+    console.log('   • Use a cloud Linux instance (AWS, GCP, Azure)');
+    console.log('');
+    console.log(color('green', '✅ On Linux/WSL2, simply run: npx sandboxbox --help'));
+    process.exit(1);
+  }
   const args = process.argv.slice(2);
   showBanner();
@@ -143,7 +166,7 @@ async function main() {
   switch (command) {
     case 'setup':
       console.log(color('blue', '🏔️  Setting up Alpine Linux environment...'));
-      if (!checkBubblewrap()) process.exit(1);
+      if (!(await checkBubblewrap())) process.exit(1);
       runScript('./container.js', ['setup']);
       break;
@@ -154,21 +177,21 @@ async function main() {
         process.exit(1);
       }
       console.log(color('blue', '🏗️  Building container...'));
-      if (!checkBubblewrap()) process.exit(1);
+      if (!(await checkBubblewrap())) process.exit(1);
       runScript('./container.js', ['build', commandArgs[0]]);
       break;
     case 'run':
       const projectDir = commandArgs[0] || '.';
       console.log(color('blue', '🚀 Running Playwright tests...'));
-      if (!checkBubblewrap()) process.exit(1);
+      if (!(await checkBubblewrap())) process.exit(1);
       runScript('./container.js', ['run', projectDir]);
       break;
     case 'shell':
       const shellDir = commandArgs[0] || '.';
       console.log(color('blue', '🐚 Starting interactive shell...'));
-      if (!checkBubblewrap()) process.exit(1);
+      if (!(await checkBubblewrap())) process.exit(1);
       runScript('./container.js', ['shell', shellDir]);
       break;
@@ -181,7 +204,7 @@ async function main() {
       const sampleDockerfile = createSampleDockerfile(testDir);
       // Check for bubblewrap before proceeding
-      if (!checkBubblewrap()) {
+      if (!(await checkBubblewrap())) {
         console.log(color('yellow', '\n📋 Sample Dockerfile created successfully!'));
         console.log(color('yellow', 'To run tests, install bubblewrap and try again:'));
         console.log(color('cyan', `   npx sandboxbox build "${sampleDockerfile}"`));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Zero-privilege container runner with Playwright support",
   "type": "module",
   "main": "index.js",
@@ -8,7 +8,7 @@
     "sandboxbox": "./cli.js"
   },
   "scripts": {
-    "postinstall": "node scripts/download-bubblewrap.js",
+    "install": "node scripts/build.js",
     "start": "node cli.js",
     "setup": "node cli.js setup",
     "build": "node cli.js build",

package/scripts/build.js ADDED Viewed

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+/**
+ * SQLite-style build script for SandboxBox
+ * Downloads and compiles bubblewrap binary during npm install
+ */
+import fs from 'fs';
+import path from 'path';
+import https from 'https';
+import { execSync } from 'child_process';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const BINARY_DIR = path.join(__dirname, '..', 'bin');
+const BWRAP_VERSION = '0.11.0';
+console.log('📦 Building SandboxBox with bubblewrap...');
+async function downloadAndBuild() {
+  // Create binary directory
+  if (!fs.existsSync(BINARY_DIR)) {
+    fs.mkdirSync(BINARY_DIR, { recursive: true });
+  }
+  const binaryPath = path.join(BINARY_DIR, 'bwrap');
+  // Skip on non-Linux platforms but still create stub
+  if (process.platform !== 'linux') {
+    console.log('ℹ️  Skipping bubblewrap build on non-Linux platform');
+    console.log('   SandboxBox works on Linux only');
+    return;
+  }
+  // Check if already built
+  if (fs.existsSync(binaryPath)) {
+    try {
+      execSync(`"${binaryPath}" --version`, { stdio: 'ignore' });
+      console.log('✅ Bubblewrap already built');
+      return;
+    } catch (e) {
+      console.log('⚠️  Existing binary broken, rebuilding...');
+    }
+  }
+  // Try to use system bubblewrap first (fallback option)
+  try {
+    const systemBwrap = execSync('which bwrap', { encoding: 'utf8' }).trim();
+    if (systemBwrap && fs.existsSync(systemBwrap)) {
+      fs.copyFileSync(systemBwrap, binaryPath);
+      fs.chmodSync(binaryPath, 0o755);
+      console.log('✅ Using system bubblewrap:', systemBwrap);
+      return;
+    }
+  } catch (e) {
+    // System bwrap not found, continue with build
+  }
+  // Build from source like SQLite does
+  await buildFromSource(binaryPath);
+}
+async function buildFromSource(binaryPath) {
+  console.log('🔨 Building bubblewrap from source (SQLite-style)...');
+  const tmpDir = fs.mkdtempSync(path.join(process.env.TMPDIR || '/tmp', 'bwrap-build-'));
+  try {
+    // Download source tarball
+    console.log('📥 Downloading bubblewrap source...');
+    const tarball = `bubblewrap-${BWRAP_VERSION}.tar.xz`;
+    const tarballPath = path.join(tmpDir, tarball);
+    const url = `https://github.com/containers/bubblewrap/releases/download/v${BWRAP_VERSION}/${tarball}`;
+    await new Promise((resolve, reject) => {
+      const file = fs.createWriteStream(tarballPath);
+      function download(url) {
+        https.get(url, (response) => {
+          // Handle redirects
+          if (response.statusCode >= 300 && response.statusCode < 400 && response.headers.location) {
+            console.log(`🔄 Following redirect to: ${response.headers.location}`);
+            download(response.headers.location);
+            return;
+          }
+          if (response.statusCode !== 200) {
+            reject(new Error(`HTTP ${response.statusCode}: ${response.statusMessage}`));
+            return;
+          }
+          response.pipe(file);
+          file.on('finish', () => {
+            file.close();
+            resolve();
+          });
+        }).on('error', reject);
+      }
+      download(url);
+    });
+    // Extract source
+    console.log('📦 Extracting source...');
+    execSync(`tar -xf "${tarballPath}" -C "${tmpDir}"`, { stdio: 'inherit' });
+    const sourceDir = path.join(tmpDir, `bubblewrap-${BWRAP_VERSION}`);
+    // Check for required build tools
+    const missingTools = [];
+    try {
+      execSync('which gcc', { stdio: 'ignore' });
+    } catch (e) {
+      missingTools.push('gcc');
+    }
+    try {
+      execSync('which xz', { stdio: 'ignore' });
+    } catch (e) {
+      missingTools.push('xz');
+    }
+    if (missingTools.length > 0) {
+      console.log(`⚠️  Missing build tools: ${missingTools.join(', ')}`);
+      console.log('   On Ubuntu/Debian: sudo apt-get install build-essential xz-utils');
+      console.log('   On CentOS/RHEL: sudo yum groupinstall "Development Tools" && sudo yum install xz');
+      console.log('   Falling back to system bubblewrap check...');
+      // Create a placeholder binary that will show helpful error
+      const placeholderScript = `#!/bin/bash
+echo "❌ Bubblewrap not available"
+echo ""
+echo "💡 Install bubblewrap system-wide:"
+echo "   sudo apt-get install bubblewrap    # Ubuntu/Debian"
+echo "   sudo apk add bubblewrap            # Alpine"
+echo "   sudo yum install bubblewrap        # CentOS/RHEL"
+echo ""
+echo "Or install build tools and reinstall SandboxBox:"
+echo "   sudo apt-get install build-essential xz-utils"
+echo "   npm uninstall sandboxbox && npm install sandboxbox"
+exit 1
+`;
+      fs.writeFileSync(binaryPath, placeholderScript);
+      fs.chmodSync(binaryPath, 0o755);
+      console.log('📝 Created placeholder binary with installation instructions');
+      return;
+    }
+    // Configure and build
+    console.log('⚙️  Configuring build...');
+    execSync(`
+      cd "${sourceDir}" &&
+      ./configure --prefix="${tmpDir}/install" --disable-man
+    `, { stdio: 'inherit' });
+    console.log('🏗️  Compiling bubblewrap...');
+    execSync(`
+      cd "${sourceDir}" &&
+      make -j$(nproc 2>/dev/null || echo 4)
+    `, { stdio: 'inherit' });
+    console.log('📦 Installing...');
+    execSync(`
+      cd "${sourceDir}" &&
+      make install
+    `, { stdio: 'inherit' });
+    // Copy binary to final location
+    const builtBinary = path.join(tmpDir, 'install', 'bin', 'bwrap');
+    if (fs.existsSync(builtBinary)) {
+      fs.copyFileSync(builtBinary, binaryPath);
+      fs.chmodSync(binaryPath, 0o755);
+      console.log('✅ Bubblewrap built successfully!');
+      // Test the binary
+      const version = execSync(`"${binaryPath}" --version`, { encoding: 'utf8' });
+      console.log(`🎯 Built: ${version.trim()}`);
+    } else {
+      throw new Error('Built binary not found');
+    }
+  } finally {
+    // Cleanup
+    fs.rmSync(tmpDir, { recursive: true, force: true });
+  }
+}
+// Run the build
+downloadAndBuild().catch(error => {
+  console.error('❌ Build failed:', error.message);
+  console.log('💡 SandboxBox will still work with system bubblewrap if available');
+  process.exit(0); // Don't fail npm install
+});

package/scripts/download-bubblewrap.js CHANGED Viewed

@@ -105,7 +105,20 @@ async function downloadBubblewrap() {
   } catch (downloadError) {
     console.log('⚠️  Download failed, trying to compile from source...');
-    await compileBubblewrap(binaryPath);
+    try {
+      await compileBubblewrap(binaryPath);
+    } catch (compileError) {
+      console.log('❌ Both download and compilation failed');
+      console.log('');
+      console.log('💡 Easy solutions:');
+      console.log('   1. Install system bubblewrap: sudo apt-get install bubblewrap');
+      console.log('   2. Install build tools: sudo apt-get install build-essential xz-utils');
+      console.log('   3. Use a Linux system with bubblewrap pre-installed');
+      console.log('');
+      console.log('SandboxBox will work with system bubblewrap if available.');
+      console.log('Continuing without bundled binary...');
+      return; // Don't exit, just continue without bundled binary
+    }
   }
 }
@@ -161,12 +174,13 @@ async function compileBubblewrap(binaryPath) {
     console.log('   sudo yum install bubblewrap      # CentOS/RHEL');
     console.log('');
     console.log('Then try installing SandboxBox again.');
-    process.exit(1);
+    throw compileError; // Re-throw to let the caller handle it
   }
 }
 // Run the download
 downloadBubblewrap().catch(error => {
   console.error('❌ Setup failed:', error.message);
-  process.exit(1);
+  // Don't exit with error code 1, just warn and continue
+  console.log('ℹ️  SandboxBox will use system bubblewrap if available');
 });