sandboxbox 1.0.8 → 1.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "1.0.8",
+  "version": "1.1.0",
   "description": "Zero-privilege container runner with Playwright support",
   "type": "module",
   "main": "index.js",

package/scripts/build.js

@@ -46,26 +46,21 @@ async function downloadAndBuild() {
     }
   }
 
-  // Try to use system bubblewrap first (fallback option)
-  try {
-    const systemBwrap = execSync('which bwrap', { encoding: 'utf8' }).trim();
-    if (systemBwrap && fs.existsSync(systemBwrap)) {
-      fs.copyFileSync(systemBwrap, binaryPath);
-      fs.chmodSync(binaryPath, 0o755);
-      console.log('✅ Using system bubblewrap:', systemBwrap);
-      return;
-    }
-  } catch (e) {
-    // System bwrap not found, continue with build
+  // Build from source like SQLite does - the ONLY method
+  if (await buildFromSource(binaryPath)) {
+    return; // Build succeeded
+  } else {
+    // Build failed - exit with error to make the problem visible
+    console.error('❌ Bubblewrap build failed!');
+    console.error('');
+    console.error('💡 Install build tools:');
+    console.error('   Ubuntu/Debian: sudo apt-get install build-essential autoconf automake libtool xz-utils');
+    console.error('   CentOS/RHEL: sudo yum groupinstall "Development Tools" && sudo yum install xz');
+    console.error('');
+    console.error('🚫 SandboxBox cannot function without bubblewrap.');
+    console.error('   Please install build tools and try again.');
+    process.exit(1);
   }
-
-  // Try to download pre-built binary first
-  if (await downloadPreBuiltBinary(binaryPath)) {
-    return;
-  }
-
-  // Build from source like SQLite does as last resort
-  await buildFromSource(binaryPath);
 }
 
 async function downloadPreBuiltBinary(binaryPath) {
@@ -260,50 +255,68 @@ async function buildFromSource(binaryPath) {
       missingTools.push('xz');
     }
 
+    try {
+      execSync('which autoconf', { stdio: 'ignore' });
+    } catch (e) {
+      missingTools.push('autoconf');
+    }
+
+    try {
+      execSync('which automake', { stdio: 'ignore' });
+    } catch (e) {
+      missingTools.push('automake');
+    }
+
+    try {
+      execSync('which libtool', { stdio: 'ignore' });
+    } catch (e) {
+      missingTools.push('libtool');
+    }
+
     if (missingTools.length > 0) {
-      console.log(`⚠️  Missing build tools: ${missingTools.join(', ')}`);
-      console.log('   On Ubuntu/Debian: sudo apt-get install build-essential xz-utils');
-      console.log('   On CentOS/RHEL: sudo yum groupinstall "Development Tools" && sudo yum install xz');
-      console.log('   Falling back to system bubblewrap check...');
-
-      // Create a placeholder binary that will show helpful error
-      const placeholderScript = `#!/bin/bash
-echo "❌ Bubblewrap not available"
-echo ""
-echo "💡 Install bubblewrap system-wide:"
-echo "   sudo apt-get install bubblewrap    # Ubuntu/Debian"
-echo "   sudo apk add bubblewrap            # Alpine"
-echo "   sudo yum install bubblewrap        # CentOS/RHEL"
-echo ""
-echo "Or install build tools and reinstall SandboxBox:"
-echo "   sudo apt-get install build-essential xz-utils"
-echo "   npm uninstall sandboxbox && npm install sandboxbox"
-exit 1
-`;
-      fs.writeFileSync(binaryPath, placeholderScript);
-      fs.chmodSync(binaryPath, 0o755);
-      console.log('📝 Created placeholder binary with installation instructions');
-      return;
+      console.error(`❌ Missing build tools: ${missingTools.join(', ')}`);
+      console.error('');
+      console.error('💡 Install build tools:');
+      console.error('   Ubuntu/Debian: sudo apt-get install build-essential autoconf automake libtool xz-utils');
+      console.error('   CentOS/RHEL: sudo yum groupinstall "Development Tools" && sudo yum install xz');
+      console.error('');
+      console.error('🚫 SandboxBox requires these build tools to compile bubblewrap.');
+      return false; // Indicate build failed
     }
 
     // Configure and build
     console.log('⚙️  Configuring build...');
-    execSync(`
-      cd "${sourceDir}" &&
-      ./configure --prefix="${tmpDir}/install" --disable-man
-    `, { stdio: 'inherit' });
+    try {
+      execSync(`
+        cd "${sourceDir}" &&
+        timeout 60 ./configure --prefix="${tmpDir}/install" --disable-man
+      `, { stdio: 'inherit' });
+    } catch (e) {
+      console.error('❌ Configure step failed or timed out');
+      return false;
+    }
 
     console.log('🏗️  Compiling bubblewrap...');
-    execSync(`
-      cd "${sourceDir}" &&
-      make -j$(nproc 2>/dev/null || echo 4)
-    `, { stdio: 'inherit' });
+    try {
+      execSync(`
+        cd "${sourceDir}" &&
+        timeout 300 make -j$(nproc 2>/dev/null || echo 4)
+      `, { stdio: 'inherit' });
+    } catch (e) {
+      console.error('❌ Compile step failed or timed out');
+      return false;
+    }
 
     console.log('📦 Installing...');
-    execSync(`
-      cd "${sourceDir}" &&
-      make install
-    `, { stdio: 'inherit' });
+    try {
+      execSync(`
+        cd "${sourceDir}" &&
+        timeout 60 make install
+      `, { stdio: 'inherit' });
+    } catch (e) {
+      console.error('❌ Install step failed or timed out');
+      return false;
+    }
 
     // Copy binary to final location
     const builtBinary = path.join(tmpDir, 'install', 'bin', 'bwrap');
@@ -315,10 +328,15 @@ exit 1
       // Test the binary
       const version = execSync(`"${binaryPath}" --version`, { encoding: 'utf8' });
       console.log(`🎯 Built: ${version.trim()}`);
+      return true; // Build succeeded
     } else {
-      throw new Error('Built binary not found');
+      console.log('❌ Built binary not found');
+      return false; // Build failed
     }
 
+  } catch (error) {
+    console.log(`❌ Build from source failed: ${error.message}`);
+    return false; // Build failed
   } finally {
     // Cleanup
     fs.rmSync(tmpDir, { recursive: true, force: true });
@@ -327,12 +345,11 @@ exit 1
 
 // Run the build
 downloadAndBuild().catch(error => {
-  console.error('❌ Build failed:', error.message);
-  console.log('💡 SandboxBox will still work with system bubblewrap if available');
-
-  // Create a minimal fallback as last resort
-  createMinimalBubblewrap(path.join(BINARY_DIR, 'bwrap'));
-  process.exit(0); // Don't fail npm install
+  console.error('❌ Bubblewrap build failed:', error.message);
+  console.error('');
+  console.error('🚫 SandboxBox cannot function without bubblewrap.');
+  console.error('   Please install build tools and try again.');
+  process.exit(1);
 });
 
 function createMinimalBubblewrap(binaryPath) {

package/bin/bwrap

@@ -1,50 +0,0 @@
-#!/bin/bash
-# Minimal bubblewrap fallback for SandboxBox
-# This provides basic namespace isolation functionality
-
-# Handle --version flag for compatibility
-if [[ "$1" == "--version" ]]; then
-  echo "bubblewrap 0.11.0 (minimal fallback for SandboxBox)"
-  exit 0
-fi
-
-# Handle --help flag
-if [[ "$1" == "--help" ]] || [[ "$1" == "-h" ]]; then
-  echo "bubblewrap - minimal fallback version"
-  echo ""
-  echo "⚠️  This is a minimal fallback for SandboxBox"
-  echo "💡 For full functionality, install bubblewrap:"
-  echo "   sudo apt-get install bubblewrap"
-  echo ""
-  echo "Usage: bwrap [options] -- command [args]"
-  exit 0
-fi
-
-echo "⚠️  Using minimal bubblewrap fallback"
-echo "💡 For full functionality, install bubblewrap:"
-echo "   sudo apt-get install bubblewrap"
-echo ""
-
-# Filter out bubblewrap-specific options that unshare doesn't support
-ARGS=()
-for arg in "$@"; do
-  case "$arg" in
-    --ro-bind|--bind|--dev-bind|--proc|--tmpfs|--symlink|--dir|--file|--setenv|--die-with-parent|--new-session|--share-net|--unshare-net|--unshare-pid|--unshare-ipc|--unshare-uts|--unshare-cgroup|--unshare-user)
-      # Skip bubblewrap-specific options
-      ;;
-    *)
-      ARGS+=("$arg")
-      ;;
-  esac
-done
-
-# Basic namespace isolation using unshare
-exec unshare \
-  --pid \
-  --mount \
-  --uts \
-  --ipc \
-  --net \
-  --fork \
-  --mount-proc \
-  "${ARGS[@]}"