Build vpnkit and hyperkit from source, remove Docker Desktop dependency to build, and add --allow-vm-login flag

2025-04-28 18:02:38 +02:00 · 2021-11-18 11:47:51 -08:00 · 2021-11-18 11:47:51 -08:00 · 47d6eb0d8b
commit 47d6eb0d8b
parent 83bd021803
6 changed files with 35 additions and 20 deletions
--- a/BUILD.md
+++ b/BUILD.md
@ -76,9 +76,16 @@ poetry install

 Install [Homebrew](https://brew.sh/) dependencies:

-```
+```sh
 brew install vagrant create-dmg
-brew install wget opam pkg-config
+brew install wget pkg-config opam dune ocaml
+```
+
+Install opam dependencies:
+
+```
+opam init -y
+opam install -y alcotest astring base64 bigarray-compat charrua-client-mirage charrua-core cmdliner cohttp-lwt cstruct cstruct-lwt datakit-server datakit-server-9p duration ezjsonm fd-send-recv fmt hvsock io-page io-page-unix ipaddr logs lwt lwt-dllist mirage-channel mirage-channel-lwt mirage-clock-lwt mirage-clock-unix mirage-flow-lwt mirage-kv-lwt mirage-profile mirage-protocols-lwt mirage-random mirage-stack-lwt mirage-time-lwt mirage-vnetif oUnit pcap-format ppx_cstruct ppx_sexp_conv protocol-9p re rresult sexplib sha tar tcpip uri uuidm uwt
 ```

 Run this to compile hyperkit and vpnkit, and build a custom Alpine Linux ISO for Dangerzone, and copy it into the `share` folder:
--- a/dangerzone/gui/init.py
+++ b/dangerzone/gui/init.py
@ -51,7 +51,8 @@ class ApplicationWrapper(QtCore.QObject):

@click.command()
@click.argument("filename", required=False)
-def gui_main(filename):
+@click.option("--allow-vm-login", is_flag=True, help="Allow logging into the VM as root to troubleshoot")
+def gui_main(filename, allow_vm_login):
    if platform.system() == "Darwin":
        # Required for macOS Big Sur: https://stackoverflow.com/a/64878899
        os.environ["QT_MAC_WANTS_LAYER"] = "1"
@ -98,7 +99,7 @@ def gui_main(filename):

    # The dangerzone VM (Mac-only)
    if platform.system() == "Darwin":
-        vm = Vm(global_common)
+        vm = Vm(global_common, allow_vm_login)
        global_common.vm = vm
    else:
        vm = None
--- a/dangerzone/gui/vm.py
+++ b/dangerzone/gui/vm.py
@ -22,9 +22,10 @@ class Vm(QtCore.QObject):

    vm_state_change = QtCore.Signal(int)

-    def __init__(self, global_common):
+    def __init__(self, global_common, allow_vm_login):
        super(Vm, self).__init__()
        self.global_common = global_common
+        self.allow_vm_login = allow_vm_login

        # VM starts off
        self.state = self.STATE_OFF
@ -144,9 +145,9 @@ class Vm(QtCore.QObject):
            stderr=self.devnull,
        )
        with open(self.ssh_client_key_path) as f:
-            ssh_client_key = f.read()
+            self.ssh_client_key = f.read()
        with open(self.ssh_client_pubkey_path) as f:
-            ssh_client_pubkey = f.read()
+            self.ssh_client_pubkey = f.read()

        # Start an sshd service on this port
        args = [
@ -192,8 +193,8 @@ class Vm(QtCore.QObject):
        # Create a JSON object to pass into the VM
        # This is a 512kb file that starts with a JSON object, followed by null bytes
        guest_vm_info = {
-            "id_ed25519": ssh_client_key,
-            "id_ed25519.pub": ssh_client_pubkey,
+            "id_ed25519": self.ssh_client_key,
+            "id_ed25519.pub": self.ssh_client_pubkey,
            "user": getpass.getuser(),
            "ip": "192.168.65.2",
            "port": self.sshd_port,
@ -261,13 +262,14 @@ class Vm(QtCore.QObject):
        args_str = " ".join(pipes.quote(s) for s in args)
        print("> " + args_str)

-        # Start the VM with the ability to login
-        # self.hyperkit_p = subprocess.Popen(args)
-
-        # Start the VM without ability to login
-        self.hyperkit_p = subprocess.Popen(
-            args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull
-        )
+        if self.allow_vm_login:
+            # Start the VM with the ability to login
+            self.hyperkit_p = subprocess.Popen(args)
+        else:
+            # Start the VM without ability to login
+            self.hyperkit_p = subprocess.Popen(
+                args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull
+            )

        # Wait for SSH thread
        self.wait_t = WaitForSsh(self.sshd_tunnel_port)
--- a/install/macos/make-vm.sh
+++ b/install/macos/make-vm.sh
@ -7,14 +7,13 @@ cd ../..

 # Compile vpnkit
 cd vendor/vpnkit/
-unset OPAMROOT
-make || { echo 'Failed to compile vpnkit' ; exit 1; }
+make -f Makefile.darwin || { echo 'Failed to compile vpnkit' ; exit 1; }
 cd ../..

 # Copy binaries to share
 mkdir -p share/bin
 cp vendor/hyperkit/build/hyperkit share/bin/hyperkit
-cp vendor/vpnkit/build/vpnkit share/bin/vpnkit
+cp vendor/vpnkit/_build/install/default/bin/vpnkit share/bin/vpnkit

 # Build ISO
 cd vm-builder
--- a/vendor/vpnkit
+++ b/vendor/vpnkit
@ -1 +1 @@
-Subproject commit 7f0eff0dd99b576c5474de53b4454a157c642834
+Subproject commit 16ed722e6dc24307e99aee931ffd0eb80a9487d0
--- a/vm-builder/Vagrantfile
+++ b/vm-builder/Vagrantfile
@ -16,4 +16,10 @@ Vagrant.configure("2") do |config|
    echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild
    sudo -u user abuild-keygen -i -a -n
  SHELL
+
+  # Workaround VirtualBox bug in macOS Monterey
+  # https://github.com/hashicorp/vagrant/issues/12557#issuecomment-952026455
+  config.vm.provider "virtualbox" do |v|
+    v.gui = true
+  end
 end