almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-02 03:32:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Build docker image and package it inside the ISO

Browse source
This commit is contained in:
Micah Lee 2021-06-29 09:35:02 -07:00
parent c25220a767
commit 86fd9706c0
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
6 changed files with 44 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
rip_docker/README.md
View file

@ -6,9 +6,16 @@ You need vagrant: `brew install vagrant`
```sh ```sh
vagrant up vagrant up
vagrant ssh -- /vagrant/build-iso.sh vagrant ssh -- /vagrant/build-iso.sh
vagrant destroy
``` ```
This takes awhile to run. It:
- Builds a new `dangerzone-converter` docker image
- Builds an ISO, which includes a copy of this image
- Outputs the ISO, as well as vmlinuz and initramfs files, in the `vm` folder
## Run the VM ## Run the VM
```sh ```sh

8
rip_docker/Vagrantfile vendored
View file

@ -6,9 +6,15 @@ Vagrant.configure("2") do |config|
config.vm.synced_folder "../../dangerzone-converter", "/opt/dangerzone-converter" config.vm.synced_folder "../../dangerzone-converter", "/opt/dangerzone-converter"
config.vm.synced_folder ".", "/vagrant" config.vm.synced_folder ".", "/vagrant"
config.vm.provision "shell", inline: <<-SHELL config.vm.provision "shell", inline: <<-SHELL
sed -i 's/3.13/3.14/' /etc/apk/repositories
apk update apk update
apk add alpine-sdk build-base apk-tools alpine-conf busybox fakeroot syslinux xorriso squashfs-tools sudo apk add alpine-sdk build-base apk-tools alpine-conf busybox fakeroot syslinux xorriso squashfs-tools sudo
apk add mtools dosfstools grub-efi apk add mtools dosfstools grub-efi
apk add p7zip apk add podman p7zip
echo "user:100000:65536" >> /etc/subuid
echo "user:100000:65536" >> /etc/subgid
adduser user -D -G abuild
echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild
sudo -u user abuild-keygen -i -a -n
SHELL SHELL
end end

26
rip_docker/build-iso.sh
View file

@ -1,21 +1,24 @@
#!/bin/sh #!/bin/sh
cd ~/ # Set up podman
sudo modprobe fuse
sudo modprobe tun
sudo rc-update add cgroups
sudo rc-service cgroups start
sudo -u user podman system prune -a -f
# Add build user # Build the podman container
sudo adduser build -D -G abuild cd /opt/dangerzone-converter
sudo sh -c 'echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild' sudo -u user podman build . --tag dangerzone
# Create signing keys
sudo -u build abuild-keygen -i -a -n
# Setup aports # Setup aports
if [ -d aports ]; then cd ~/
if [ -d ~/aports ]; then
echo "already downloaded" echo "already downloaded"
else else
wget https://gitlab.alpinelinux.org/alpine/aports/-/archive/master/aports-master.tar.gz wget https://gitlab.alpinelinux.org/alpine/aports/-/archive/master/aports-master.tar.gz
tar -xf aports-master.tar.gz tar -xf ~/aports-master.tar.gz
mv aports-master aports mv ~/aports-master ~/aports
fi fi
cp /vagrant/mkimg.dangerzone.sh ~/aports/scripts/ cp /vagrant/mkimg.dangerzone.sh ~/aports/scripts/
cp /vagrant/genapkovl-dangerzone.sh ~/aports/scripts/ cp /vagrant/genapkovl-dangerzone.sh ~/aports/scripts/
@ -29,7 +32,7 @@ chmod 777 /vagrant/vm
# Make the iso # Make the iso
cd ~/aports/scripts cd ~/aports/scripts
sudo -u build sh mkimage.sh --tag v3.14 \ sudo -u user sh mkimage.sh --tag v3.14 \
--outdir /vagrant/vm \ --outdir /vagrant/vm \
--arch x86_64 \ --arch x86_64 \
--repository http://dl-cdn.alpinelinux.org/alpine/v3.14/main \ --repository http://dl-cdn.alpinelinux.org/alpine/v3.14/main \
@ -37,7 +40,6 @@ sudo -u build sh mkimage.sh --tag v3.14 \
--profile dangerzone --profile dangerzone
# Fix permissions # Fix permissions
chown -R vagrant:vangrant /vagrant/vm
chmod 755 /vagrant/vm chmod 755 /vagrant/vm
chmod 644 /vagrant/vm/* chmod 644 /vagrant/vm/*

14
rip_docker/genapkovl-dangerzone.sh
View file

@ -71,15 +71,27 @@ start_pre() {
/sbin/setup-alpine -f /etc/answers.txt -e -q /sbin/setup-alpine -f /etc/answers.txt -e -q
# Create user, give the dangerzone-vm-key ssh access # Create user, give the dangerzone-vm-key ssh access
/usr/sbin/adduser -D user /usr/sbin/adduser -D -u 1001 user
mkdir -p /home/user/.ssh mkdir -p /home/user/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmxIw2etg2IxY77GOFe/6tuMH/K5c1gsz3qPY/s7rZF dangerzone-vm-key" > /home/user/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmxIw2etg2IxY77GOFe/6tuMH/K5c1gsz3qPY/s7rZF dangerzone-vm-key" > /home/user/.ssh/authorized_keys
chown -R user:user /home/user/.ssh chown -R user:user /home/user/.ssh
chmod 700 /home/user/.ssh chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys chmod 600 /home/user/.ssh/authorized_keys
# Move containers into home dir
mkdir -p /home/user/.local/share
mv /etc/container-data /home/user/.local/share/containers
chown -R user:user /home/user/.local
# Allow podman containers to run
echo "user:100000:65536" >> /etc/subuid
echo "user:100000:65536" >> /etc/subgid
} }
EOF EOF
# Add the containers to /etc/container-data, temporarily
cp -r /home/user/.local/share/containers "$tmp"/etc/container-data
# Start cgroups, required by podman # Start cgroups, required by podman
rc_add cgroups boot rc_add cgroups boot

2
rip_docker/mkimg.dangerzone.sh
View file

@ -2,7 +2,7 @@ profile_dangerzone() {
profile_standard profile_standard
profile_abbrev="dangerzone" profile_abbrev="dangerzone"
title="Dangerzone" title="Dangerzone"
desc="Copied from virt but with extra apks" desc="Copied from virt but with extra apks and an apkovl"
arch="aarch64 armv7 x86 x86_64" arch="aarch64 armv7 x86 x86_64"
kernel_addons= kernel_addons=
kernel_flavors="virt" kernel_flavors="virt"

2
rip_docker/run-vm.sh
View file

@ -12,7 +12,7 @@ trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
$HYPERKIT \ $HYPERKIT \
-A -u \ -A -u \
-m 2G \ -m 4G \
-c 2 \ -c 2 \
-s 0:0,hostbridge -s 31,lpc \ -s 0:0,hostbridge -s 31,lpc \
-l com1,stdio \ -l com1,stdio \