From 9158d026699d9d2edfac5c30b0f0d48c51eaac00 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Wed, 30 Jun 2021 14:27:26 -0700 Subject: [PATCH] Successfully boot VM --- dangerzone/gui/__init__.py | 4 +-- dangerzone/gui/systray.py | 3 -- dangerzone/gui/vm.py | 56 ++++++++++++++++++++++++-------- install/macos/entitlements.plist | 6 ++-- install/vm-builder/run-vm.sh | 37 +++++++-------------- 5 files changed, 58 insertions(+), 48 deletions(-) diff --git a/dangerzone/gui/__init__.py b/dangerzone/gui/__init__.py index 149bcbe..4923172 100644 --- a/dangerzone/gui/__init__.py +++ b/dangerzone/gui/__init__.py @@ -112,8 +112,8 @@ def gui_main(custom_container, filename): systray = SysTray(global_common, gui_common, app, vm) # Start the VM - # if vm: - # vm.start() + if vm: + vm.start() closed_windows = {} windows = {} diff --git a/dangerzone/gui/systray.py b/dangerzone/gui/systray.py index e7495c1..4dcfce3 100644 --- a/dangerzone/gui/systray.py +++ b/dangerzone/gui/systray.py @@ -40,9 +40,6 @@ class SysTray(QtWidgets.QSystemTrayIcon): elif state == self.vm.STATE_ON: self.status_action.setText("Dangerzone VM is running") self.restart_action.setEnabled(True) - elif state == self.vm.STATE_STOPPING: - self.status_action.setText("Dangerzone VM is stopping...") - self.restart_action.setEnabled(False) def restart_clicked(self): self.vm.restart() diff --git a/dangerzone/gui/vm.py b/dangerzone/gui/vm.py index b991ea8..aeeafeb 100644 --- a/dangerzone/gui/vm.py +++ b/dangerzone/gui/vm.py @@ -3,6 +3,7 @@ import sys import subprocess import uuid import pipes +import tempfile from PySide2 import QtCore @@ -10,7 +11,6 @@ class Vm(QtCore.QObject): STATE_OFF = 0 STATE_STARTING = 1 STATE_ON = 2 - STATE_STOPPING = 3 vm_state_change = QtCore.Signal(int) @@ -21,10 +21,12 @@ class Vm(QtCore.QObject): # VM starts off self.state = self.STATE_OFF - # Hyperkit subprocess + # Processes + self.vpnkit_p = None self.hyperkit_p = None # Relevant paths + self.vpnkit_path = self.global_common.get_resource_path("bin/vpnkit") self.hyperkit_path = self.global_common.get_resource_path("bin/hyperkit") self.vm_iso_path = self.global_common.get_resource_path("vm/dangerzone.iso") self.vm_kernel_path = self.global_common.get_resource_path("vm/kernel") @@ -33,27 +35,47 @@ class Vm(QtCore.QObject): ) # Folder to hold files related to the VM - self.vm_state_dir = os.path.join(self.global_common.appdata_path, "vm-state") - os.makedirs(self.vm_state_dir, exist_ok=True) + self.state_dir = tempfile.TemporaryDirectory() + self.vpnkit_sock_path = os.path.join(self.state_dir.name, "vpnkit.eth.sock") + self.hyperkit_pid_path = os.path.join(self.state_dir.name, "hyperkit.pid") # UDID for VM self.vm_uuid = str(uuid.uuid4()) - self.vm_cmdline = "modules=virtio_net console=ttyS0" + self.vm_cmdline = ( + "earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod" + ) def start(self): self.state = self.STATE_STARTING self.vm_state_change.emit(self.state) - # Kill existing process - if self.hyperkit_p is not None: - self.hyperkit_p.terminate() - self.hyperkit_p = None + # Run VPNKit + args = [ + self.vpnkit_path, + "--ethernet", + self.vpnkit_sock_path, + "--gateway-ip", + "192.168.65.1", + "--host-ip", + "192.168.65.2", + "--lowest-ip", + "192.168.65.3", + "--highest-ip", + "192.168.65.254", + ] + args_str = " ".join(pipes.quote(s) for s in args) + print("> " + args_str) + self.vpnkit_p = subprocess.Popen( + args, + stdout=sys.stdout, + stderr=subprocess.STDOUT, + ) # Run Hyperkit args = [ self.hyperkit_path, "-F", - os.path.join(self.vm_state_dir, "hyperkit.pid"), + self.hyperkit_pid_path, "-A", "-u", "-m", @@ -69,7 +91,7 @@ class Vm(QtCore.QObject): "-s", f"1:0,ahci-cd,{self.vm_iso_path}", "-s", - "2:0,virtio-net", + f"2:0,virtio-vpnkit,path={self.vpnkit_sock_path}", "-U", self.vm_uuid, "-f", @@ -77,7 +99,6 @@ class Vm(QtCore.QObject): ] args_str = " ".join(pipes.quote(s) for s in args) print("> " + args_str) - self.hyperkit_p = subprocess.Popen( args, stdout=sys.stdout, @@ -85,7 +106,14 @@ class Vm(QtCore.QObject): ) def restart(self): - pass + self.stop() + self.start() def stop(self): - pass + # Kill existing processes + if self.vpnkit_p is not None: + self.vpnkit_p.terminate() + self.vpnkit_p = None + if self.hyperkit_p is not None: + self.hyperkit_p.terminate() + self.hyperkit_p = None diff --git a/install/macos/entitlements.plist b/install/macos/entitlements.plist index 8048859..03da557 100644 --- a/install/macos/entitlements.plist +++ b/install/macos/entitlements.plist @@ -2,8 +2,8 @@ - com.apple.security.app-sandbox - + com.apple.security.inherit com.apple.security.files.user-selected.read-write @@ -14,8 +14,6 @@ com.apple.security.hypervisor - com.apple.security.cs.allow-unsigned-executable-memory diff --git a/install/vm-builder/run-vm.sh b/install/vm-builder/run-vm.sh index b55ba7b..b58c264 100755 --- a/install/vm-builder/run-vm.sh +++ b/install/vm-builder/run-vm.sh @@ -4,16 +4,16 @@ ROOT=$(pwd)/vm HYPERKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit VPNKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit -# VPNKIT_SOCK=$ROOT/vpnkit.eth.sock -# PIDFILE=$ROOT/vpnkit.pid -# $VPNKIT \ -# --ethernet=$VPNKIT_SOCK \ -# --gateway-ip 192.168.65.1 \ -# --host-ip 192.168.65.2 \ -# --lowest-ip 192.168.65.3 \ -# --highest-ip 192.168.65.254 & -# echo $! > $PIDFILE -# trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT +VPNKIT_SOCK=$ROOT/vpnkit.eth.sock +PIDFILE=$ROOT/vpnkit.pid +$VPNKIT \ + --ethernet=$VPNKIT_SOCK \ + --gateway-ip 192.168.65.1 \ + --host-ip 192.168.65.2 \ + --lowest-ip 192.168.65.3 \ + --highest-ip 192.168.65.254 & +echo $! > $PIDFILE +trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT $HYPERKIT \ -F $ROOT/hyperkit.pid \ @@ -23,19 +23,6 @@ $HYPERKIT \ -s 0:0,hostbridge -s 31,lpc \ -l com1,stdio \ -s 1:0,ahci-cd,$ROOT/dangerzone.iso \ - -s 2:0,virtio-net \ + -s 2:0,virtio-vpnkit,path=$VPNKIT_SOCK \ -U 9efa82d7-ebd5-4287-b1cc-ac4160a39fa7 \ - -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod,usb-storage vpnkit.connect=connect://2/1999" - -# hyperkit -# -c 1 -m 1024M -# -u -A -H -# -U 386bba5a-5dc4-3ac2-95c9-cf0b9a29b352 -# -s 0:0,hostbridge -# -s 2:0,virtio-net -# -s 5,virtio-rnd -# -s 31,lpc -# -l com1,autopty=primary/pty,log=/Library/Logs/Multipass/primary-hyperkit.log -# -s 1:0,virtio-blk,file://primary/ubuntu-20.04-server-cloudimg-amd64.img?sync=os&buffered=1,format=qcow,qcow-config=discard=true;compact_after_unmaps=262144;keep_erased=262144;runtime_asserts=false -# -s 1:1,ahci-cd,primary/cloud-init-config.iso -# -f kexec,primary/ubuntu-20.04-server-cloudimg-amd64-vmlinuz-generic,primary/ubuntu-20.04-server-cloudimg-amd64-initrd-generic,earlyprintk=serial console=ttyS0 root=/dev/vda1 rw panic=1 no_timer_check + -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"