almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Make container mount and unmount dirs from the host

Browse source
This commit is contained in:
Micah Lee 2021-07-01 17:14:48 -07:00
parent 2904d44aad
commit a7f3eb9b43
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
2 changed files with 73 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
dangerzone/container.py
View file

@ -5,6 +5,7 @@ import sys
import pipes import pipes
import shutil import shutil
import json import json
import os
# What is the container runtime for this platform? # What is the container runtime for this platform?
if platform.system() == "Darwin": if platform.system() == "Darwin":
@ -66,6 +67,18 @@ def exec_vm(args, vm_info):
return exec(args) return exec(args)
def mount_vm(path, vm_info):
basename = os.path.basename(path)
normalized_path = f"/home/user/mnt/{basename}"
exec_vm(["/usr/bin/sshfs", f"hostbox:{path}", normalized_path], vm_info)
return normalized_path
def unmount_vm(normalized_path, vm_info):
exec_vm(["/usr/bin/fusermount3", normalized_path], vm_info)
exec_vm(["/bin/rmdir", normalized_path], vm_info)
def exec_container(args, vm_info): def exec_container(args, vm_info):
if container_tech == "dangerzone-vm" and vm_info is None: if container_tech == "dangerzone-vm" and vm_info is None:
print("--vm-info-path required on this platform") print("--vm-info-path required on this platform")
@ -113,6 +126,21 @@ def ls(vm_info_path, container_name):
@click.option("--container-name", default="docker.io/flmcode/dangerzone") @click.option("--container-name", default="docker.io/flmcode/dangerzone")
def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name): def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name):
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels""" """docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
vm_info = load_vm_info(vm_info_path)
document_dir = os.path.dirname(document_filename)
if vm_info:
normalized_document_dir = mount_vm(document_dir, vm_info)
normalized_document_filename = os.path.join(
normalized_document_dir, os.path.basename(document_filename)
)
normalized_pixel_dir = mount_vm(pixel_dir, vm_info)
else:
normalized_document_dir = document_dir
normalized_document_filename = document_filename
normalized_pixel_dir = pixel_dir
args = ["run", "--network", "none"] args = ["run", "--network", "none"]
# docker uses --security-opt, podman doesn't # docker uses --security-opt, podman doesn't
@ -121,13 +149,19 @@ def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name)
args += [ args += [
"-v", "-v",
f"{document_filename}:/tmp/input_file", f"{normalized_document_filename}:/tmp/input_file",
"-v", "-v",
f"{pixel_dir}:/dangerzone", f"{normalized_pixel_dir}:/dangerzone",
container_name, container_name,
"document-to-pixels", "document-to-pixels",
] ]
sys.exit(exec_container(args, load_vm_info(vm_info_path))) ret = exec_container(args, load_vm_info(vm_info_path))
if vm_info:
unmount_vm(normalized_document_dir, vm_info)
unmount_vm(normalized_pixel_dir, vm_info)
sys.exit(ret)
@container_main.command() @container_main.command()
@ -139,23 +173,36 @@ def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name)
@click.option("--ocr-lang", required=True) @click.option("--ocr-lang", required=True)
def pixelstopdf(vm_info_path, pixel_dir, safe_dir, container_name, ocr, ocr_lang): def pixelstopdf(vm_info_path, pixel_dir, safe_dir, container_name, ocr, ocr_lang):
"""docker run --network none -v [pixel_dir]:/dangerzone -v [safe_dir]:/safezone [container_name] -e OCR=[ocr] -e OCR_LANGUAGE=[ocr_lang] pixels-to-pdf""" """docker run --network none -v [pixel_dir]:/dangerzone -v [safe_dir]:/safezone [container_name] -e OCR=[ocr] -e OCR_LANGUAGE=[ocr_lang] pixels-to-pdf"""
sys.exit( vm_info = load_vm_info(vm_info_path)
exec_container(
[ if vm_info:
"run", normalized_pixel_dir = mount_vm(pixel_dir, vm_info)
"--network", normalized_safe_dir = mount_vm(safe_dir, vm_info)
"none", else:
"-v", normalized_pixel_dir = pixel_dir
f"{pixel_dir}:/dangerzone", normalized_safe_dir = safe_dir
"-v",
f"{safe_dir}:/safezone", ret = exec_container(
"-e", [
f"OCR={ocr}", "run",
"-e", "--network",
f"OCR_LANGUAGE={ocr_lang}", "none",
container_name, "-v",
"pixels-to-pdf", f"{normalized_pixel_dir}:/dangerzone",
], "-v",
load_vm_info(vm_info_path), f"{normalized_safe_dir}:/safezone",
) "-e",
f"OCR={ocr}",
"-e",
f"OCR_LANGUAGE={ocr_lang}",
container_name,
"pixels-to-pdf",
],
vm_info,
) )
if vm_info:
unmount_vm(normalized_pixel_dir, vm_info)
unmount_vm(normalized_safe_dir, vm_info)
sys.exit(ret)

4
install/vm-builder/etc/init.d/dangerzone
View file

@ -8,6 +8,10 @@ start() {
# Create user # Create user
/usr/sbin/adduser -D -u 1001 user /usr/sbin/adduser -D -u 1001 user
# Make folder for user mounts
mkdir /home/user/mnt
chown user:user /home/user/mnt
# Move containers into home dir # Move containers into home dir
mkdir -p /home/user/.local/share mkdir -p /home/user/.local/share
mv /etc/container-data /home/user/.local/share/containers mv /etc/container-data /home/user/.local/share/containers