diff --git a/lutris.apparmor b/lutris.apparmor new file mode 100644 index 0000000..398b82c --- /dev/null +++ b/lutris.apparmor @@ -0,0 +1,68 @@ +# This profile allows almost everything and only exists to allow +# bwrap to work on a system with user namespace restrictions +# being enforced. +# bwrap is allowed access to user namespaces and capabilities +# within the user namespace, but its children do not have +# capabilities, blocking bwrap from being able to be used to +# arbitrarily by-pass the user namespace restrictions. +# +# Note: the bwrap child is stacked against the bwrap profile due to +# bwraps use of no-new-privs + +# disabled by default as it can break some use cases on a system that +# doesn't have or has disable user namespace restrictions for unconfined +# use aa-enforce to enable it + +abi , + +include + +profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) { + allow capability, + # not allow all, to allow for pix stack + # sadly we have to allow m every where to allow children to work under + # stacking. + allow file rwlkm /{**,}, + allow network, + allow unix, + allow ptrace, + allow signal, + allow mqueue, + allow io_uring, + allow userns, + allow mount, + allow umount, + allow pivot_root, + allow dbus, + allow px /** -> bwrap//&unpriv_bwrap, + + # the local include should not be used without understanding the userns + # restriction. + # Site-specific additions and overrides. See local/README for details. + include if exists +} + +profile unpriv_bwrap flags=(attach_disconnected,mediate_deleted) { + # not allow all, to allow for pix stack + allow file rwlkm /{**,}, + allow network, + allow unix, + allow ptrace, + allow signal, + allow mqueue, + allow io_uring, + allow userns, + allow mount, + allow umount, + allow pivot_root, + allow dbus, + + allow pix /** -> &unpriv_bwrap, + + audit deny capability, + + # the local include should not be used without understanding the userns + # restriction. + # Site-specific additions and overrides. See local/README for details. + include if exists +} diff --git a/lutris.changes b/lutris.changes index 26680fb..565be3b 100644 --- a/lutris.changes +++ b/lutris.changes @@ -1,3 +1,67 @@ +------------------------------------------------------------------- +Wed Apr 16 06:50:25 UTC 2025 - Robert Frohl + +- Move selinux dependency + +------------------------------------------------------------------- +Mon Mar 24 13:01:47 UTC 2025 - Robert Frohl + +- Fix gaming under selinux (bsc#1206292) + +------------------------------------------------------------------- +Fri Feb 28 10:54:48 UTC 2025 - Dirk Stoecker + +- Fix wrong placement of lang_package macro in spec file + +------------------------------------------------------------------- +Mon Feb 24 08:50:06 UTC 2025 - Michael Vetter + +- Update to 0.5.19: + * Fix Proton integration bugs so Proton-fixes are applied + * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions; + Proton will handle these. + * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton + * DXVK's integrated D8VK will be enabled in Proton + * Emulator BIOS file location (used by libretro) may be set in Preferences + * Obtain the release year from GOG and Itch.io. + * MAME Machine setting uses a searchable entry for its enourmous list + * Support for importing Commodore 64 ROMs + +------------------------------------------------------------------- +Mon Dec 16 17:52:17 UTC 2024 - Carsten Ziepke + +- Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for + Leap, fix for build error: directories not owned by a package: + /etc/apparmor.d + +------------------------------------------------------------------- +Mon Dec 2 12:15:11 UTC 2024 - Richard Rahl + +- update to 0.5.18: + * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed + * Use dark theme by default + * Display cover-art rather than banners by default + * Add 'Uncategorized' view to sidebar + * Preference options that do not work on Wayland will be hidden when on Wayland + * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip + * A new filter button on the search box can build many of these fancy tags for you + * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything + * Updated the Flathub and Amazon source to new APIs, restoring integration + * Itch.io source integration will load a collection named 'Lutris' if present + * GOG and Itch.io sources can now offer Linux and Windows installers for the same game + * Added support for the 'foot' terminal + * Support for DirectX 8 in DXVK v2.4 + * Support for Ayatana Application Indicators + * Additional options for Ruffle runner + * Updated download links for the Atari800 and MicroM8 runners + * No longer re-download cached installation files even when some are missing + * Lutris log is included in the 'System' tab of the Preferences window + * Improved error reporting, with the Lutris log included in the error details + * Add AppArmor profile for Ubuntu versions >= 23.10 + * Add Duckstation runner +- add apparmor profile in it's seperate package +- remove BR update-desktop-files + ------------------------------------------------------------------- Sat May 4 06:37:10 UTC 2024 - Richard Rahl diff --git a/lutris.spec b/lutris.spec index e614c97..d9c881f 100644 --- a/lutris.spec +++ b/lutris.spec @@ -1,7 +1,7 @@ # # spec file for package lutris # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,28 +16,36 @@ # -%{?sle15_python_module_pythons} %define _py 311 %define _pyb 3.11 %define appid net.lutris.Lutris +%{?sle15_python_module_pythons} Name: lutris -Version: 0.5.17 +Version: 0.5.19 Release: 0 Summary: Manager for game installation and execution License: GPL-3.0-or-later URL: https://lutris.net -Source0: https://lutris.net/releases/lutris_%{version}.tar.xz +Source0: https://github.com/lutris/lutris/archive/refs/tags/v%{version}.tar.gz +Source1: %{name}.apparmor +Requires: xrandr +# boo#1213440 +Recommends: ca-certificates-steamtricks +Recommends: winetricks +BuildArch: noarch %if 0%{?suse_version} >= 1600 +BuildRequires: apparmor-abstractions +BuildRequires: apparmor-rpm-macros BuildRequires: fdupes BuildRequires: gettext-tools BuildRequires: gobject-introspection BuildRequires: hicolor-icon-theme +BuildRequires: libapparmor-devel BuildRequires: meson BuildRequires: pkgconfig BuildRequires: python3-devel >= 3.7 BuildRequires: python3-gobject BuildRequires: python3-setuptools -BuildRequires: update-desktop-files Requires: cabextract Requires: curl Requires: fluid-soundfont-gm @@ -48,12 +56,12 @@ Requires: python3-PyYAML Requires: python3-certifi Requires: python3-dbus-python Requires: python3-distro -Requires: python3-protobuf # controller support Requires: python3-evdev Requires: python3-gobject Requires: python3-gobject-Gdk Requires: python3-lxml +Requires: python3-protobuf Requires: python3-requests %if %{with discord} Requires: python3-pypresence @@ -61,7 +69,10 @@ Requires: python3-pypresence %if %{with moddb} Requires: python3-moddb %endif +Requires: (selinux-policy-targeted-gaming if selinux-policy-targeted) %else +BuildRequires: apparmor-abstractions +BuildRequires: apparmor-rpm-macros BuildRequires: fdupes BuildRequires: gettext-tools BuildRequires: gobject-introspection @@ -71,7 +82,6 @@ BuildRequires: pkgconfig BuildRequires: python%{_py}-devel BuildRequires: python%{_py}-gobject BuildRequires: python%{_py}-setuptools -BuildRequires: update-desktop-files Requires: cabextract Requires: curl Requires: fluid-soundfont-gm @@ -94,11 +104,7 @@ Requires: python%{_py}-pypresence Requires: python%{_py}-moddb %endif %endif -Requires: xrandr -# boo#1213440 -Recommends: ca-certificates-steamtricks -Recommends: winetricks -BuildArch: noarch + %lang_package %description @@ -107,8 +113,16 @@ all games acquired from any source, in a single interface. This includes, for example, Steam or GOG games, Windows games (WINE), or emulated console games and browser games. +%package apparmor +Summary: Apparmor profile for %{name} +Requires: %{name} = %{version}-%{release} +Supplements: (%{name} and apparmor-profiles) + +%description apparmor +%{summary}. + %prep -%autosetup -n %{name} +%autosetup %build %if 0%{?suse_version} >= 1600 @@ -131,6 +145,10 @@ sed -i "s|!%{_bindir}/env python3|!%{_bindir}/python%{_pyb}|" \ %endif %fdupes %{buildroot} +#install apparmor profile +install -d %{buildroot}%{_sysconfdir}/apparmor.d +install -Dm0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name} + %files %doc README.rst CONTRIBUTING.md AUTHORS %license LICENSE @@ -138,9 +156,9 @@ sed -i "s|!%{_bindir}/env python3|!%{_bindir}/python%{_pyb}|" \ %{_mandir}/man?/%{name}.?%{?ext_man} %{_datadir}/%{name} %{_datadir}/applications/%{appid}.desktop -%{_datadir}/icons/hicolor/scalable/apps/%{name}.svg -%{_datadir}/icons/hicolor/??x??/apps/%{name}.png -%{_datadir}/icons/hicolor/???x???/apps/%{name}.png +%{_datadir}/icons/hicolor/scalable/apps/%{appid}.svg +%{_datadir}/icons/hicolor/??x??/apps/%{appid}.png +%{_datadir}/icons/hicolor/???x???/apps/%{appid}.png %{python_sitelib}/%{name} %{_datadir}/metainfo/%{appid}.metainfo.xml @@ -150,4 +168,7 @@ sed -i "s|!%{_bindir}/env python3|!%{_bindir}/python%{_pyb}|" \ %{python_sitelib}/%{name}-*.egg-info %endif +%files apparmor +%{_sysconfdir}/apparmor.d/usr.bin.%{name} + %changelog diff --git a/lutris_0.5.17.tar.xz b/lutris_0.5.17.tar.xz deleted file mode 100644 index fcdd721..0000000 --- a/lutris_0.5.17.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:42ff33e81d09a9a1ea3f2d6f52b6421ba66cfb4ad06e7d41f6030032a68d3689 -size 1708048 diff --git a/v0.5.19.tar.gz b/v0.5.19.tar.gz new file mode 100644 index 0000000..117e20b --- /dev/null +++ b/v0.5.19.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:54edba892517473920b04423037dd480afb5e3b5e197040db33d15b1535d5096 +size 1846842