From 47d6eb0d8b12efa41410460470f869f529ac21a4 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Thu, 18 Nov 2021 11:47:51 -0800 Subject: [PATCH] Build vpnkit and hyperkit from source, remove Docker Desktop dependency to build, and add --allow-vm-login flag --- BUILD.md | 11 +++++++++-- dangerzone/gui/__init__.py | 5 +++-- dangerzone/gui/vm.py | 26 ++++++++++++++------------ install/macos/make-vm.sh | 5 ++--- vendor/vpnkit | 2 +- vm-builder/Vagrantfile | 6 ++++++ 6 files changed, 35 insertions(+), 20 deletions(-) diff --git a/BUILD.md b/BUILD.md index 63a3b30..a5b261d 100644 --- a/BUILD.md +++ b/BUILD.md @@ -76,9 +76,16 @@ poetry install Install [Homebrew](https://brew.sh/) dependencies: -``` +```sh brew install vagrant create-dmg -brew install wget opam pkg-config +brew install wget pkg-config opam dune ocaml +``` + +Install opam dependencies: + +``` +opam init -y +opam install -y alcotest astring base64 bigarray-compat charrua-client-mirage charrua-core cmdliner cohttp-lwt cstruct cstruct-lwt datakit-server datakit-server-9p duration ezjsonm fd-send-recv fmt hvsock io-page io-page-unix ipaddr logs lwt lwt-dllist mirage-channel mirage-channel-lwt mirage-clock-lwt mirage-clock-unix mirage-flow-lwt mirage-kv-lwt mirage-profile mirage-protocols-lwt mirage-random mirage-stack-lwt mirage-time-lwt mirage-vnetif oUnit pcap-format ppx_cstruct ppx_sexp_conv protocol-9p re rresult sexplib sha tar tcpip uri uuidm uwt ``` Run this to compile hyperkit and vpnkit, and build a custom Alpine Linux ISO for Dangerzone, and copy it into the `share` folder: diff --git a/dangerzone/gui/__init__.py b/dangerzone/gui/__init__.py index dab7e4f..3f7c9d3 100644 --- a/dangerzone/gui/__init__.py +++ b/dangerzone/gui/__init__.py @@ -51,7 +51,8 @@ class ApplicationWrapper(QtCore.QObject): @click.command() @click.argument("filename", required=False) -def gui_main(filename): +@click.option("--allow-vm-login", is_flag=True, help="Allow logging into the VM as root to troubleshoot") +def gui_main(filename, allow_vm_login): if platform.system() == "Darwin": # Required for macOS Big Sur: https://stackoverflow.com/a/64878899 os.environ["QT_MAC_WANTS_LAYER"] = "1" @@ -98,7 +99,7 @@ def gui_main(filename): # The dangerzone VM (Mac-only) if platform.system() == "Darwin": - vm = Vm(global_common) + vm = Vm(global_common, allow_vm_login) global_common.vm = vm else: vm = None diff --git a/dangerzone/gui/vm.py b/dangerzone/gui/vm.py index 17b412a..b43a4b8 100644 --- a/dangerzone/gui/vm.py +++ b/dangerzone/gui/vm.py @@ -22,9 +22,10 @@ class Vm(QtCore.QObject): vm_state_change = QtCore.Signal(int) - def __init__(self, global_common): + def __init__(self, global_common, allow_vm_login): super(Vm, self).__init__() self.global_common = global_common + self.allow_vm_login = allow_vm_login # VM starts off self.state = self.STATE_OFF @@ -144,9 +145,9 @@ class Vm(QtCore.QObject): stderr=self.devnull, ) with open(self.ssh_client_key_path) as f: - ssh_client_key = f.read() + self.ssh_client_key = f.read() with open(self.ssh_client_pubkey_path) as f: - ssh_client_pubkey = f.read() + self.ssh_client_pubkey = f.read() # Start an sshd service on this port args = [ @@ -192,8 +193,8 @@ class Vm(QtCore.QObject): # Create a JSON object to pass into the VM # This is a 512kb file that starts with a JSON object, followed by null bytes guest_vm_info = { - "id_ed25519": ssh_client_key, - "id_ed25519.pub": ssh_client_pubkey, + "id_ed25519": self.ssh_client_key, + "id_ed25519.pub": self.ssh_client_pubkey, "user": getpass.getuser(), "ip": "192.168.65.2", "port": self.sshd_port, @@ -261,13 +262,14 @@ class Vm(QtCore.QObject): args_str = " ".join(pipes.quote(s) for s in args) print("> " + args_str) - # Start the VM with the ability to login - # self.hyperkit_p = subprocess.Popen(args) - - # Start the VM without ability to login - self.hyperkit_p = subprocess.Popen( - args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull - ) + if self.allow_vm_login: + # Start the VM with the ability to login + self.hyperkit_p = subprocess.Popen(args) + else: + # Start the VM without ability to login + self.hyperkit_p = subprocess.Popen( + args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull + ) # Wait for SSH thread self.wait_t = WaitForSsh(self.sshd_tunnel_port) diff --git a/install/macos/make-vm.sh b/install/macos/make-vm.sh index 6f25762..dad3c64 100755 --- a/install/macos/make-vm.sh +++ b/install/macos/make-vm.sh @@ -7,14 +7,13 @@ cd ../.. # Compile vpnkit cd vendor/vpnkit/ -unset OPAMROOT -make || { echo 'Failed to compile vpnkit' ; exit 1; } +make -f Makefile.darwin || { echo 'Failed to compile vpnkit' ; exit 1; } cd ../.. # Copy binaries to share mkdir -p share/bin cp vendor/hyperkit/build/hyperkit share/bin/hyperkit -cp vendor/vpnkit/build/vpnkit share/bin/vpnkit +cp vendor/vpnkit/_build/install/default/bin/vpnkit share/bin/vpnkit # Build ISO cd vm-builder diff --git a/vendor/vpnkit b/vendor/vpnkit index 7f0eff0..16ed722 160000 --- a/vendor/vpnkit +++ b/vendor/vpnkit @@ -1 +1 @@ -Subproject commit 7f0eff0dd99b576c5474de53b4454a157c642834 +Subproject commit 16ed722e6dc24307e99aee931ffd0eb80a9487d0 diff --git a/vm-builder/Vagrantfile b/vm-builder/Vagrantfile index 294703d..66ac30c 100644 --- a/vm-builder/Vagrantfile +++ b/vm-builder/Vagrantfile @@ -16,4 +16,10 @@ Vagrant.configure("2") do |config| echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild sudo -u user abuild-keygen -i -a -n SHELL + + # Workaround VirtualBox bug in macOS Monterey + # https://github.com/hashicorp/vagrant/issues/12557#issuecomment-952026455 + config.vm.provider "virtualbox" do |v| + v.gui = true + end end