From 29d3552ccee1b98511b45d0494a563d72938b2ae Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Tue, 7 Jan 2025 19:16:56 +0200
Subject: [PATCH] WIP: HWPX conversion works

---
 Dockerfile                    | 64 +++++++++++++----------------------
 dangerzone/oci/entrypoint.py  | 15 ++++++--
 install/common/build-image.py | 16 ++-------
 3 files changed, 38 insertions(+), 57 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4c4e412..06e7616 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,20 +3,32 @@ ARG DEBIAN_DATE=20241202
 ###########################################
 # Build Dangerzone container image (inner)
 
-FROM debian:bookworm-${DEBIAN_DATE}-slim as dangerzone-image
+FROM debian:bookworm-${DEBIAN_DATE}-slim
+
 ENV DEBIAN_FRONTEND=noninteractive
+
+ARG GVISOR_DATE=20241202
+
 RUN \
   --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
   --mount=type=bind,source=./oci/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
+  --mount=type=bind,source=./oci/gvisor.key,target=/tmp/gvisor.key \
   repro-sources-list.sh && \
+  : "Setup APT to install gVisor from its separate APT repo" && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends apt-transport-https ca-certificates gnupg && \
+  gpg -o /usr/share/keyrings/gvisor-archive-keyring.gpg --dearmor /tmp/gvisor.key && \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases ${GVISOR_DATE} main" > /etc/apt/sources.list.d/gvisor.list && \
+  : "Install gVisor and Dangerzone dependencies" && \
   apt-get update && \
   apt-get install -y --no-install-recommends \
-      python3-fitz libreoffice-nogui libreoffice-java-common python3 \
-      python3-magic default-jdk-headless fonts-noto-cjk fonts-dejavu \
-      unzip wget && \
+      python3 python3-fitz libreoffice-nogui libreoffice-java-common \
+      python3 python3-magic default-jre-headless fonts-noto-cjk fonts-dejavu \
+      runsc unzip wget && \
+  : "Clean up programs that are no longer necessary" && \
+  #apt-get remove -y apt-transport-https ca-certificates gnupg && \
   : "Clean up for improving reproducibility (optional)" && \
-  apt-get autoremove -y && \
   rm -rf /var/cache/fontconfig/ && \
   rm -rf /etc/ssl/certs/java/cacerts && \
   rm -rf /var/log/* /var/cache/ldconfig/aux-cache
@@ -38,46 +50,18 @@ RUN mkdir -p /opt/dangerzone/dangerzone && \
   addgroup --gid 1000 dangerzone && \
   adduser --uid 1000 --ingroup dangerzone --shell /bin/true --home /home/dangerzone dangerzone
 
-COPY conversion/doc_to_pixels.py conversion/common.py conversion/errors.py conversion/__init__.py /opt/dangerzone/dangerzone/conversion
+COPY conversion/doc_to_pixels.py \
+    conversion/common.py \
+    conversion/errors.py \
+    conversion/__init__.py \
+    /opt/dangerzone/dangerzone/conversion
 
-####################################
-# Build gVisor wrapper image (outer)
-
-FROM debian:bookworm-${DEBIAN_DATE}-slim
-
-ARG GVISOR_DATE=20241202
-
-ENV DEBIAN_FRONTEND=noninteractive
-RUN \
-  --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=bind,source=./oci/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
-  --mount=type=bind,source=./oci/gvisor.key,target=/tmp/gvisor.key \
-  repro-sources-list.sh && \
-  : "Setup APT to install gVisor from its separate APT repo" && \
-  apt-get update && \
-  apt-get install -y --no-install-recommends apt-transport-https ca-certificates gnupg && \
-  gpg -o /usr/share/keyrings/gvisor-archive-keyring.gpg --dearmor /tmp/gvisor.key && \
-  echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases ${GVISOR_DATE} main" > /etc/apt/sources.list.d/gvisor.list && \
-  : "Install Pthon3 and gVisor" && \
-  apt-get update && \
-  apt-get install -y --no-install-recommends python3 runsc && \
-  : "Clean up for improving reproducibility (optional)" && \
-  apt-get remove -y apt-transport-https ca-certificates gnupg && \
-  apt-get autoremove -y && \
-  rm -rf /var/log/* /var/cache/ldconfig/aux-cache
-
-RUN addgroup --gid 1000 dangerzone && \
-  adduser --uid 1000 --ingroup dangerzone --shell /bin/true --home /home/dangerzone dangerzone
+RUN touch /config.json
+RUN chown dangerzone:dangerzone /config.json
 
 # Switch to the dangerzone user for the rest of the script.
 USER dangerzone
 
-# Copy the Dangerzone image, as created by the previous steps, into the home
-# directory of the `dangerzone` user.
-RUN mkdir /home/dangerzone/dangerzone-image
-COPY --from=dangerzone-image / /home/dangerzone/dangerzone-image/rootfs
-
 # Create a directory that will be used by gVisor as the place where it will
 # store the state of its containers.
 RUN mkdir /home/dangerzone/.containers
diff --git a/dangerzone/oci/entrypoint.py b/dangerzone/oci/entrypoint.py
index 8d09eb2..1d1a2cf 100755
--- a/dangerzone/oci/entrypoint.py
+++ b/dangerzone/oci/entrypoint.py
@@ -56,7 +56,7 @@ oci_config: dict[str, typing.Any] = {
             {"type": "RLIMIT_NOFILE", "hard": 4096, "soft": 4096},
         ],
     },
-    "root": {"path": "rootfs", "readonly": True},
+    "root": {"path": "/", "readonly": True},
     "hostname": "dangerzone",
     "mounts": [
         {
@@ -98,6 +98,15 @@ oci_config: dict[str, typing.Any] = {
             "source": "tmpfs",
             "options": ["nosuid", "noexec", "nodev"],
         },
+        # Mask the OCI config, just in case.
+        # TODO: Is this necessary? Can the attacker somehow trick gVisor to write to it,
+        # and therefore change the config of the running container?
+        {
+            "destination": "/config.json",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev"],
+        },
     ],
     "linux": {
         "namespaces": [
@@ -133,7 +142,7 @@ if os.environ.get("RUNSC_DEBUG"):
     json.dump(oci_config, sys.stderr, indent=2, sort_keys=True)
     # json.dump doesn't print a trailing newline, so print one here:
     log("")
-with open("/home/dangerzone/dangerzone-image/config.json", "w") as oci_config_out:
+with open("/config.json", "w") as oci_config_out:
     json.dump(oci_config, oci_config_out, indent=2, sort_keys=True)
 
 # Run gVisor.
@@ -150,7 +159,7 @@ if os.environ.get("RUNSC_DEBUG"):
     runsc_argv += ["--debug=true", "--alsologtostderr=true"]
 if os.environ.get("RUNSC_FLAGS"):
     runsc_argv += [x for x in shlex.split(os.environ.get("RUNSC_FLAGS", "")) if x]
-runsc_argv += ["run", "--bundle=/home/dangerzone/dangerzone-image", "dangerzone"]
+runsc_argv += ["run", "--bundle=/", "dangerzone"]
 log(
     "Running gVisor with command line: {}", " ".join(shlex.quote(s) for s in runsc_argv)
 )
diff --git a/install/common/build-image.py b/install/common/build-image.py
index 7c836e7..fb1b55f 100644
--- a/install/common/build-image.py
+++ b/install/common/build-image.py
@@ -51,9 +51,9 @@ def main():
         "--use-cache",
         type=str2bool,
         nargs="?",
-        default=False,
+        default=True,
         const=True,
-        help="Use the builder's cache to speed up the builds (not suitable for release builds)",
+        help="Use the builder's cache to speed up the builds",
     )
     args = parser.parse_args()
 
@@ -82,18 +82,6 @@ def main():
     with open(image_id_path, "w") as f:
         f.write(tag)
 
-    print("Exporting container pip dependencies")
-    if not args.use_cache:
-        print("Pulling base image")
-        subprocess.run(
-            [
-                args.runtime,
-                "pull",
-                "alpine:latest",
-            ],
-            check=True,
-        )
-
     # Build the container image, and tag it with the calculated tag
     print("Building container image")
     cache_args = [] if args.use_cache else ["--no-cache"]