Delete vm-builder folder, and make build-image.sh build the dangerzone image

.gitignore

@@ -134,9 +134,6 @@ deb_dist
 .DS_Store
 install/windows/Dangerzone.wxs
 test_docs/sample-safe.pdf
-share/bin
-share/vm
-share/container
-vm-builder/vm
-vm-builder/.vagrant
-vm-builder/dangerzone.docker_image
+share/dangerzone-converter.tar
+share/dangerzone-converter.tar.gz
+share/image-id.txt

BUILD.md

@@ -54,13 +54,6 @@ Create a .rpm:
 
 ## macOS
 
-Ensure you have the git submodules checked out:
-
-```
-git submodule init
-git submodule update
-```
-
 Install Xcode from the App Store.
 
 Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Make sure to choose your correct CPU, either Intel Chip or Apple Chip.
@@ -77,21 +70,13 @@ poetry install
 Install [Homebrew](https://brew.sh/) dependencies:
 
 ```sh
-brew install create-dmg wget pkg-config
+brew install create-dmg
 ```
 
-Install opam dependencies (you can skip this step if you are using an Apple M1 chip Mac):
-
-```
-brew install opam dune ocaml
-opam init -y
-opam install -y alcotest astring base64 bigarray-compat charrua-client-mirage charrua-core cmdliner cohttp-lwt cstruct cstruct-lwt datakit-server datakit-server-9p duration ezjsonm fd-send-recv fmt hvsock io-page io-page-unix ipaddr logs lwt lwt-dllist mirage-channel mirage-channel-lwt mirage-clock-lwt mirage-clock-unix mirage-flow-lwt mirage-kv-lwt mirage-profile mirage-protocols-lwt mirage-random mirage-stack-lwt mirage-time-lwt mirage-vnetif oUnit pcap-format ppx_cstruct ppx_sexp_conv protocol-9p re rresult sexplib sha tar tcpip uri uuidm uwt
-```
-
-Run this to compile hyperkit and vpnkit, and build a custom Alpine Linux ISO for Dangerzone, and copy it into the `share` folder:
+Build the dangerzone container image:
 
 ```sh
-./install/macos/make-vm.sh
+./install/build-image.sh
 ```
 
 Run from source tree:

dangerzone/global_common.py

@@ -494,7 +494,7 @@ class GlobalCommon(object):
         See if the podman container is installed. Linux only.
         """
         # Get the image id
-        with open(self.get_resource_path("container/image_id.txt")) as f:
+        with open(self.get_resource_path("image-id.txt")) as f:
             image_id = f.read().strip()
 
         # See if this image is already installed

install/build-image.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+echo "Building dangerzone-converter image"
+docker build dangerzone-converter --tag dangerzone.rocks/dangerzone
+
+echo "Saving dangerzone-converter image"
+docker save dangerzone.rocks/dangerzone -o share/dangerzone-converter.tar
+
+echo "Compressing dangerzone-converter image"
+gzip -f share/dangerzone-converter.tar
+
+echo "Looking up the image id"
+docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > share/image-id.txt

install/macos/make-vm.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# Compile hyperkit
-cd vendor/hyperkit/
-make || { echo 'Failed to compile hyperkit' ; exit 1; }
-cd ../..
-
-# Compile vpnkit (on Intel chips, it's too hard to compile in Apple chips)
-ARCH=$(/usr/bin/arch)
-if [ "$ARCH" == "i386" ]; then
-    cd vendor/vpnkit/
-    make -f Makefile.darwin || { echo 'Failed to compile vpnkit' ; exit 1; }
-    cd ../..
-fi
-
-# Copy binaries to share
-mkdir -p share/bin
-cp vendor/hyperkit/build/hyperkit share/bin/hyperkit
-if [ "$ARCH" == "i386" ]; then
-    cp vendor/vpnkit/_build/install/default/bin/vpnkit share/bin/vpnkit
-elif [ "$ARCH" == "arm64" ]; then
-    # On Apple chips we copy the binary from Docker Desktop
-    cp /Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit share/bin/vpnkit
-fi
-
-# Build the dangerzone-converter image
-echo "Building dangerzone-converter image"
-docker build dangerzone-converter --tag dangerzone.rocks/dangerzone
-echo "Saving dangerzone-converter image"
-docker save dangerzone.rocks/dangerzone -o vm-builder/dangerzone-converter.tar
-echo "Compressing dangerzone-converter image"
-gzip -f vm-builder/dangerzone-converter.tar
-
-# Build the ISO
-docker run -v $(pwd)/vm-builder:/vm-builder alpine:latest /vm-builder/build-iso.sh
-
-# Copy the ISO to resources
-mkdir -p share/vm
-cp vm-builder/vm/* share/vm

vm-builder/README.md

@@ -1,26 +0,0 @@
-# Build the Dangerzone VM for running podman
-
-## Build the ISO
-
-You need vagrant: `brew install vagrant`
-
-```sh
-vagrant up
-vagrant ssh -- /vagrant/build-iso.sh
-vagrant destroy
-```
-
-This takes awhile to run. It:
-
-- Builds a new `dangerzone-converter` docker image
-- Builds an ISO, which includes a copy of this image
-- Outputs files in the `vm` folder
-
-## Run the VM
-
-```sh
-./run-vm.sh
-```
-
-# How the VM works
-

vm-builder/build-iso.sh

@@ -1,47 +0,0 @@
-#!/bin/sh
-
-ALPINE_TAG=v3.14.3
-
-# Install dependencies
-apk add alpine-sdk build-base apk-tools alpine-conf busybox fakeroot xorriso squashfs-tools mtools dosfstools grub-efi p7zip abuild sudo
-
-# Make keys for build
-abuild-keygen -i -a -n
-
-# Setup aports
-cd ~/
-wget https://gitlab.alpinelinux.org/alpine/aports/-/archive/master/aports-master.tar.gz
-tar -xf ~/aports-master.tar.gz
-mv ~/aports-master ~/aports
-cp /vm-builder/mkimg.dz.sh ~/aports/scripts/
-cp /vm-builder/genapkovl-dz.sh ~/aports/scripts/
-chmod +x ~/aports/scripts/mkimg.dz.sh
-chmod +x ~/aports/scripts/genapkovl-dz.sh
-
-# Set up the vm dir
-rm -r /vm-builder/vm
-mkdir -p /vm-builder/vm
-chmod 777 /vm-builder/vm
-
-# Make the iso
-cd ~/aports/scripts
-./mkimage.sh --tag "$ALPINE_TAG" \
-    --outdir /vm-builder/vm \
-    --arch $(uname -m) \
-    --repository http://dl-cdn.alpinelinux.org/alpine/v3.14/main \
-    --repository http://dl-cdn.alpinelinux.org/alpine/v3.14/community \
-    --profile dz
-mv /vm-builder/vm/alpine-dz-${ALPINE_TAG}-$(uname -m).iso /vm-builder/vm/dangerzone.iso
-
-# Fix permissions
-chmod 755 /vm-builder/vm
-chmod 644 /vm-builder/vm/*
-
-# Extract vmlinuz and initramfs
-cd /vm-builder/vm
-7z x dangerzone.iso boot/vmlinuz-virt
-7z x dangerzone.iso boot/initramfs-virt
-mv boot/* .
-rm -r boot
-mv vmlinuz-virt kernel
-mv initramfs-virt initramfs.img

vm-builder/etc/apk/world

@@ -1,6 +0,0 @@
-alpine-base
-podman
-dropbear
-autossh
-python3
-sudo

vm-builder/etc/init.d/dangerzone

@@ -1,37 +0,0 @@
-#!/sbin/openrc-run
-name="Dangerzone init script"
-start() {
-    # Hostname
-	echo "dangerzone" > /etc/hostname
-	echo "127.0.0.1 dangerzone" >> /etc/hosts
-	hostname dangerzone
-
-	# Networking	
-	cat > /etc/network/interfaces << EOF
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet dhcp
-    hostname dangerzone
-EOF
-	setup-interfaces -a
-	echo -e "\n" | setup-dns 4.4.4.4
-	rc-service networking restart
-
-	# Timezone
-	setup-timezone -z UTC
-
-    # Create user
-    /usr/sbin/adduser -D -u 1001 user
-
-	# Load the dangerzone container
-	sudo -u user podman load -i /etc/dangerzone-converter.tar.gz
-
-	# Allow podman containers to run
-	echo "user:100000:65536" >> /etc/subuid
-    echo "user:100000:65536" >> /etc/subgid
-
-	# SSH reverse tunnel to host
-	/etc/setup-ssh.py &
-}

vm-builder/etc/setup-ssh.py

@@ -1,74 +0,0 @@
-#!/usr/bin/env python3
-import os
-import json
-import subprocess
-import shutil
-
-
-def main():
-    if not os.path.exists("/dev/vda"):
-        print("Disk is not mounted, skipping")
-        return
-
-    # Read data
-    with open("/dev/vda", "rb") as f:
-        s = f.read()
-
-    info = json.loads(s[0 : s.find(b"\0")])
-
-    # Create root's SSH files
-    os.makedirs("/root/.ssh", exist_ok=True)
-
-    with open("/root/.ssh/id_ed25519", "w") as f:
-        f.write(info["id_ed25519"])
-        f.write("\n")
-
-    with open("/root/.ssh/id_ed25519.pub", "w") as f:
-        f.write(info["id_ed25519.pub"])
-        f.write("\n")
-
-    with open("/root/.ssh/config", "w") as f:
-        f.write("Host hostbox\n")
-        f.write(f"  Hostname {info['ip']}\n")
-        f.write(f"  Port {info['port']}\n")
-        f.write(f"  User {info['user']}\n")
-        f.write(f"  RemoteForward {info['tunnel_port']} 127.0.0.1:22\n")
-        f.write("  IdentityFile /root/.ssh/id_ed25519\n")
-        f.write("  ServerAliveInterval 30\n")
-        f.write("  ServerAliveCountMax 3\n")
-        f.write("  StrictHostKeyChecking no\n")
-        f.write("\n")
-
-    os.chmod("/root/.ssh", 0o700)
-    os.chmod("/root/.ssh/id_ed25519", 0o600)
-    os.chmod("/root/.ssh/id_ed25519.pub", 0o600)
-    os.chmod("/root/.ssh/config", 0o600)
-
-    # Create user's SSH files
-    os.makedirs("/home/user/.ssh", exist_ok=True)
-
-    with open("/home/user/.ssh/authorized_keys", "w") as f:
-        f.write(info["id_ed25519.pub"])
-        f.write("\n")
-
-    os.chmod("/home/user/.ssh", 0o700)
-    os.chmod("/home/user/.ssh/authorized_keys", 0o600)
-
-    shutil.chown("/home/user/.ssh", "user", "user")
-    shutil.chown("/home/user/.ssh/authorized_keys", "user", "user")
-
-    # Start SSH reverse port forward
-    subprocess.run(
-        [
-            "/usr/bin/autossh",
-            "-M",
-            "0",
-            "-f",
-            "-N",
-            "hostbox",
-        ]
-    )
-
-
-if __name__ == "__main__":
-    main()

vm-builder/genapkovl-dz.sh

@@ -1,55 +0,0 @@
-#!/bin/sh -e
-
-HOSTNAME="$1"
-if [ -z "$HOSTNAME" ]; then
-	echo "usage: $0 hostname"
-	exit 1
-fi
-
-cleanup() {
-	rm -rf "$tmp"
-}
-
-rc_add() {
-	mkdir -p "$tmp"/etc/runlevels/"$2"
-	ln -sf /etc/init.d/"$1" "$tmp"/etc/runlevels/"$2"/"$1"
-}
-
-tmp="$(mktemp -d)"
-trap cleanup EXIT
-
-# Copy /etc
-cp -r /vm-builder/etc "$tmp"
-chown -R root:root "$tmp"/etc
-
-# Copy container image to /etc, temporarily
-cp /vm-builder/dangerzone-converter.tar.gz "$tmp"/etc
-
-# Start cgroups, required by podman
-rc_add cgroups default
-
-# Start dropbear (ssh server)
-rc_add dropbear default
-
-# Initialize the dangerzone VM
-rc_add dangerzone default
-
-# Other init scripts
-rc_add devfs sysinit
-rc_add dmesg sysinit
-rc_add mdev sysinit
-rc_add hwdrivers sysinit
-rc_add modloop sysinit
-
-rc_add hwclock boot
-rc_add modules boot
-rc_add sysctl boot
-rc_add hostname boot
-rc_add bootmisc boot
-rc_add syslog boot
-
-rc_add mount-ro shutdown
-rc_add killprocs shutdown
-rc_add savecache shutdown
-
-tar -c -C "$tmp" etc | gzip -9n > $HOSTNAME.apkovl.tar.gz

vm-builder/mkimg.dz.sh

@@ -1,8 +0,0 @@
-profile_dz() {
-	profile_virt
-	profile_abbrev="dz"
-	title="Dangerzone"
-	desc="Copied from virt but with extra apks and an apkovl"
-	apkovl="genapkovl-dz.sh"
-	apks="$apks podman dropbear autossh python3 sudo"
-}

vm-builder/run-vm.sh

@@ -1,81 +0,0 @@
-#!/bin/bash
-
-ROOT=$(pwd)/vm
-HYPERKIT=$(pwd)/../share/bin/hyperkit
-VPNKIT=$(pwd)/../share/bin/vpnkit
-
-SSHD_PORT=4445
-SSHD_TUNNEL_PORT=4446
-
-tmp="$(mktemp -d)"
-trap rm -rf "$tmp" EXIT
-
-# make ssh keys
-/usr/bin/ssh-keygen \
-    -t ed25519 \
-    -C dangerzone-host \
-    -N "" \
-    -f "$tmp/host_ed25519"
-/usr/bin/ssh-keygen \
-    -t ed25519 \
-    -C dangerzone-client \
-    -N "" \
-    -f "$tmp/client_ed25519"
-
-# run sshd
-SSHD_PIDFILE=$ROOT/sshd.pid
-/usr/sbin/sshd \
-    -4 \
-    -E $ROOT/sshd.log \
-    -o PidFile=$ROOT/sshd.pid \
-    -o HostKey=$tmp/host_ed25519 \
-    -o ListenAddress=127.0.0.1:$SSHD_PORT \
-    -o AllowUsers=$(whoami) \
-    -o PasswordAuthentication=no \
-    -o PubkeyAuthentication=yes \
-    -o Compression=yes \
-    -o ForceCommand=/usr/bin/whoami \
-    -o UseDNS=no \
-    -o AuthorizedKeysFile=$tmp/client_ed25519.pub &
-echo $! > $SSHD_PIDFILE
-trap 'test -f $SSHD_PIDFILE && kill `cat $SSHD_PIDFILE` && rm $SSHD_PIDFILE' EXIT
-
-# create disk image
-cd $ROOT
-cat > info.json << EOF
-{
-    "id_ed25519": "$(cat $tmp/client_ed25519 | awk '{printf "%s\\n", $0}')",
-    "id_ed25519.pub": "$(cat $tmp/client_ed25519.pub)",
-    "user": "$(whoami)",
-    "ip": "192.168.65.2",
-    "port": $SSHD_PORT,
-    "tunnel_port": $SSHD_TUNNEL_PORT
-}
-EOF
-python3 -c 's=open("info.json").read(); open("disk.img", "wb").write(s.encode()+b"\x00"*(512*1024-len(s)))'
-
-# run vpnkit
-VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
-VPNKIT_PIDFILE=$ROOT/vpnkit.pid
-$VPNKIT \
-    --ethernet=$VPNKIT_SOCK \
-    --gateway-ip 192.168.65.1 \
-    --host-ip 192.168.65.2 \
-    --lowest-ip 192.168.65.3 \
-    --highest-ip 192.168.65.254 &
-echo $! > $VPNKIT_PIDFILE
-trap 'test -f $VPNKIT_PIDFILE && kill `cat $VPNKIT_PIDFILE` && rm $VPNKIT_PIDFILE' EXIT
-
-# run hyperkit
-$HYPERKIT \
-    -F $ROOT/hyperkit.pid \
-    -A -u \
-    -m 4G \
-    -c 2 \
-    -s 0:0,hostbridge -s 31,lpc \
-    -l com1,stdio \
-    -s 1:0,ahci-cd,$ROOT/dangerzone.iso \
-    -s 2:0,virtio-vpnkit,path=$VPNKIT_SOCK \
-    -s 3:0,virtio-blk,$ROOT/disk.img \
-    -U 9efa82d7-ebd5-4287-b1cc-ac4160a39fa7 \
-    -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"

vm-builder/windows.sh

@@ -1,12 +0,0 @@
-#!/bin/sh
-
-VAGRANT_FILES=$(find /vagrant -type f | grep -v /vagrant/.vagrant | grep -v /vagrant/vm | grep -v /vagrant/windows.sh)
-DANGERZONE_CONVERTER_FILES=$(find /opt/dangerzone-converter -type f)
-
-for FILE in $VAGRANT_FILES; do dos2unix $FILE; done
-for FILE in $DANGERZONE_CONVERTER_FILES; do dos2unix $FILE; done
-
-/vagrant/build-iso.sh
-
-for FILE in $VAGRANT_FILES; do unix2dos $FILE; done
-for FILE in $DANGERZONE_CONVERTER_FILES; do unix2dos $FILE; done