almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Commit some work-in-progress

Browse source
This commit is contained in:
Micah Lee 2021-06-29 16:20:54 -07:00
parent a69376006a
commit 47bf46cb3d
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
3 changed files with 84 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
rip_docker/README.md
View file

@ -22,10 +22,18 @@ This takes awhile to run. It:
./run-vm.sh
```
You can ssh in as the unprivileged user like this:
You can ssh in as the unprivileged user like this (you need to `brew install socat`):
```sh
ssh -i ./ssh-key/id_ed25519 -o StrictHostKeyChecking=no user@192.168.65.3
ssh -i ./ssh-key/id_ed25519 \
-o LogLevel=FATAL \
-o Compression=yes \
-o IdentitiesOnly=yes \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
-o "ProxyCommand nc -U /Users/user/code/dangerzone/rip_docker/vm/connect" \
-v \
user@localhost
```
(doesn't work yet)

47
rip_docker/run-vm.py Executable file
View file

@ -0,0 +1,47 @@
#!/usr/bin/env python3
import subprocess
import uuid
import os
def main():
base_dir = os.path.join(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "vm"
)
vm_uuid = uuid.uuid4()
cmd = [
"hyperkit",
"-m",
"4G",
"-c",
"2",
"-s",
"0:0,hostbridge",
"-s",
"31,lpc",
"-s",
"2:0,virtio-net",
"-l",
"com1,stdio",
# "-F",
# os.path.join(base_dir, "hyperkit.pid"),
"-U",
str(vm_uuid),
"-s",
"3:0,ahci-cd," + os.path.join(base_dir, "alpine-dangerzone-v3.14-x86_64.iso"),
"-f",
"kexec,"
+ os.path.join(base_dir, "vmlinuz-virt")
+ ","
+ os.path.join(base_dir, "initramfs-virt")
+ ',"modules=virtio_net console=ttyS0"',
]
print(" ".join(cmd))
subprocess.run(cmd)
if __name__ == "__main__":
main()

35
rip_docker/run-vm.sh
View file

@ -4,19 +4,38 @@ ROOT=$(pwd)/vm
HYPERKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit
VPNKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit
VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
PIDFILE=$ROOT/vpnkit.pid
$VPNKIT --ethernet=$VPNKIT_SOCK &
echo $! > $PIDFILE
trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
# VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
# PIDFILE=$ROOT/vpnkit.pid
# $VPNKIT \
# --ethernet=$VPNKIT_SOCK \
# --gateway-ip 192.168.65.1 \
# --host-ip 192.168.65.2 \
# --lowest-ip 192.168.65.3 \
# --highest-ip 192.168.65.254 &
# echo $! > $PIDFILE
# trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
$HYPERKIT \
-F $ROOT/hyperkit.pid \
-A -u \
-m 4G \
-c 2 \
-s 0:0,hostbridge -s 31,lpc \
-l com1,stdio \
-s 3:0,ahci-cd,$ROOT/alpine-dangerzone-v3.14-x86_64.iso \
-s 2:0,virtio-vpnkit,path=$VPNKIT_SOCK \
-s 1:0,ahci-cd,$ROOT/alpine-dangerzone-v3.14-x86_64.iso \
-s 2:0,virtio-net \
-U 9efa82d7-ebd5-4287-b1cc-ac4160a39fa7 \
-f kexec,$ROOT/vmlinuz-virt,$ROOT/initramfs-virt,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod,usb-storage"
-f kexec,$ROOT/vmlinuz-virt,$ROOT/initramfs-virt,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod,usb-storage vpnkit.connect=connect://2/1999"
# hyperkit
# -c 1 -m 1024M
# -u -A -H
# -U 386bba5a-5dc4-3ac2-95c9-cf0b9a29b352
# -s 0:0,hostbridge
# -s 2:0,virtio-net
# -s 5,virtio-rnd
# -s 31,lpc
# -l com1,autopty=primary/pty,log=/Library/Logs/Multipass/primary-hyperkit.log
# -s 1:0,virtio-blk,file://primary/ubuntu-20.04-server-cloudimg-amd64.img?sync=os&buffered=1,format=qcow,qcow-config=discard=true;compact_after_unmaps=262144;keep_erased=262144;runtime_asserts=false
# -s 1:1,ahci-cd,primary/cloud-init-config.iso
# -f kexec,primary/ubuntu-20.04-server-cloudimg-amd64-vmlinuz-generic,primary/ubuntu-20.04-server-cloudimg-amd64-initrd-generic,earlyprintk=serial console=ttyS0 root=/dev/vda1 rw panic=1 no_timer_check