Successfully boot VM

2025-04-28 18:02:38 +02:00 · 2021-06-30 14:27:26 -07:00 · 2021-06-30 14:27:26 -07:00 · 9158d02669
commit 9158d02669
parent d9d352a680
5 changed files with 58 additions and 48 deletions
--- a/dangerzone/gui/init.py
+++ b/dangerzone/gui/init.py
@ -112,8 +112,8 @@ def gui_main(custom_container, filename):
    systray = SysTray(global_common, gui_common, app, vm)

    # Start the VM
-    # if vm:
-    #     vm.start()
+    if vm:
+        vm.start()

    closed_windows = {}
    windows = {}
--- a/dangerzone/gui/systray.py
+++ b/dangerzone/gui/systray.py
@ -40,9 +40,6 @@ class SysTray(QtWidgets.QSystemTrayIcon):
        elif state == self.vm.STATE_ON:
            self.status_action.setText("Dangerzone VM is running")
            self.restart_action.setEnabled(True)
-        elif state == self.vm.STATE_STOPPING:
-            self.status_action.setText("Dangerzone VM is stopping...")
-            self.restart_action.setEnabled(False)

    def restart_clicked(self):
        self.vm.restart()
--- a/dangerzone/gui/vm.py
+++ b/dangerzone/gui/vm.py
@ -3,6 +3,7 @@ import sys
 import subprocess
 import uuid
 import pipes
+import tempfile
 from PySide2 import QtCore


@ -10,7 +11,6 @@ class Vm(QtCore.QObject):
    STATE_OFF = 0
    STATE_STARTING = 1
    STATE_ON = 2
-    STATE_STOPPING = 3

    vm_state_change = QtCore.Signal(int)

@ -21,10 +21,12 @@ class Vm(QtCore.QObject):
        # VM starts off
        self.state = self.STATE_OFF

-        # Hyperkit subprocess
+        # Processes
+        self.vpnkit_p = None
        self.hyperkit_p = None

        # Relevant paths
+        self.vpnkit_path = self.global_common.get_resource_path("bin/vpnkit")
        self.hyperkit_path = self.global_common.get_resource_path("bin/hyperkit")
        self.vm_iso_path = self.global_common.get_resource_path("vm/dangerzone.iso")
        self.vm_kernel_path = self.global_common.get_resource_path("vm/kernel")
@ -33,27 +35,47 @@ class Vm(QtCore.QObject):
        )

        # Folder to hold files related to the VM
-        self.vm_state_dir = os.path.join(self.global_common.appdata_path, "vm-state")
-        os.makedirs(self.vm_state_dir, exist_ok=True)
+        self.state_dir = tempfile.TemporaryDirectory()
+        self.vpnkit_sock_path = os.path.join(self.state_dir.name, "vpnkit.eth.sock")
+        self.hyperkit_pid_path = os.path.join(self.state_dir.name, "hyperkit.pid")

        # UDID for VM
        self.vm_uuid = str(uuid.uuid4())
-        self.vm_cmdline = "modules=virtio_net console=ttyS0"
+        self.vm_cmdline = (
+            "earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"
+        )

    def start(self):
        self.state = self.STATE_STARTING
        self.vm_state_change.emit(self.state)

-        # Kill existing process
-        if self.hyperkit_p is not None:
-            self.hyperkit_p.terminate()
-            self.hyperkit_p = None
+        # Run VPNKit
+        args = [
+            self.vpnkit_path,
+            "--ethernet",
+            self.vpnkit_sock_path,
+            "--gateway-ip",
+            "192.168.65.1",
+            "--host-ip",
+            "192.168.65.2",
+            "--lowest-ip",
+            "192.168.65.3",
+            "--highest-ip",
+            "192.168.65.254",
+        ]
+        args_str = " ".join(pipes.quote(s) for s in args)
+        print("> " + args_str)
+        self.vpnkit_p = subprocess.Popen(
+            args,
+            stdout=sys.stdout,
+            stderr=subprocess.STDOUT,
+        )

        # Run Hyperkit
        args = [
            self.hyperkit_path,
            "-F",
-            os.path.join(self.vm_state_dir, "hyperkit.pid"),
+            self.hyperkit_pid_path,
            "-A",
            "-u",
            "-m",
@ -69,7 +91,7 @@ class Vm(QtCore.QObject):
            "-s",
            f"1:0,ahci-cd,{self.vm_iso_path}",
            "-s",
-            "2:0,virtio-net",
+            f"2:0,virtio-vpnkit,path={self.vpnkit_sock_path}",
            "-U",
            self.vm_uuid,
            "-f",
@ -77,7 +99,6 @@ class Vm(QtCore.QObject):
        ]
        args_str = " ".join(pipes.quote(s) for s in args)
        print("> " + args_str)
-
        self.hyperkit_p = subprocess.Popen(
            args,
            stdout=sys.stdout,
@ -85,7 +106,14 @@ class Vm(QtCore.QObject):
        )

    def restart(self):
-        pass
+        self.stop()
+        self.start()

    def stop(self):
-        pass
+        # Kill existing processes
+        if self.vpnkit_p is not None:
+            self.vpnkit_p.terminate()
+            self.vpnkit_p = None
+        if self.hyperkit_p is not None:
+            self.hyperkit_p.terminate()
+            self.hyperkit_p = None
--- a/install/macos/entitlements.plist
+++ b/install/macos/entitlements.plist
@ -2,8 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
    <dict>
-        <key>com.apple.security.app-sandbox</key>
-        <true/>
+        <!-- <key>com.apple.security.app-sandbox</key>
+        <true/> -->
        <key>com.apple.security.inherit</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
@ -14,8 +14,6 @@
        <true/>
        <key>com.apple.security.hypervisor</key>
        <true/>
-        <!-- <key>com.apple.vm.networking</key>
-        <true/> -->
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
    </dict>
--- a/install/vm-builder/run-vm.sh
+++ b/install/vm-builder/run-vm.sh
@ -4,16 +4,16 @@ ROOT=$(pwd)/vm
 HYPERKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit
 VPNKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit

-# VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
-# PIDFILE=$ROOT/vpnkit.pid
-# $VPNKIT \
-#     --ethernet=$VPNKIT_SOCK \
-#     --gateway-ip 192.168.65.1 \
-#     --host-ip 192.168.65.2 \
-#     --lowest-ip 192.168.65.3 \
-#     --highest-ip 192.168.65.254 &
-# echo $! > $PIDFILE
-# trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
+VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
+PIDFILE=$ROOT/vpnkit.pid
+$VPNKIT \
+    --ethernet=$VPNKIT_SOCK \
+    --gateway-ip 192.168.65.1 \
+    --host-ip 192.168.65.2 \
+    --lowest-ip 192.168.65.3 \
+    --highest-ip 192.168.65.254 &
+echo $! > $PIDFILE
+trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT

 $HYPERKIT \
    -F $ROOT/hyperkit.pid \
@ -23,19 +23,6 @@ $HYPERKIT \
    -s 0:0,hostbridge -s 31,lpc \
    -l com1,stdio \
    -s 1:0,ahci-cd,$ROOT/dangerzone.iso \
-    -s 2:0,virtio-net \
+    -s 2:0,virtio-vpnkit,path=$VPNKIT_SOCK \
    -U 9efa82d7-ebd5-4287-b1cc-ac4160a39fa7 \
-    -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod,usb-storage vpnkit.connect=connect://2/1999"
-
-# hyperkit 
-#     -c 1 -m 1024M 
-#     -u -A -H 
-#     -U 386bba5a-5dc4-3ac2-95c9-cf0b9a29b352 
-#     -s 0:0,hostbridge 
-#     -s 2:0,virtio-net 
-#     -s 5,virtio-rnd 
-#     -s 31,lpc 
-#     -l com1,autopty=primary/pty,log=/Library/Logs/Multipass/primary-hyperkit.log 
-#     -s 1:0,virtio-blk,file://primary/ubuntu-20.04-server-cloudimg-amd64.img?sync=os&buffered=1,format=qcow,qcow-config=discard=true;compact_after_unmaps=262144;keep_erased=262144;runtime_asserts=false 
-#     -s 1:1,ahci-cd,primary/cloud-init-config.iso 
-#     -f kexec,primary/ubuntu-20.04-server-cloudimg-amd64-vmlinuz-generic,primary/ubuntu-20.04-server-cloudimg-amd64-initrd-generic,earlyprintk=serial console=ttyS0 root=/dev/vda1 rw panic=1 no_timer_check
+    -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"