almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Make linux container runtime be podman, remove pkexec

Browse source
This commit is contained in:
Micah Lee 2021-06-17 14:13:43 -07:00
parent d50b0c1bed
commit da6c3c253e
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
2 changed files with 24 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
dangerzone/container.py
View file

@ -11,7 +11,7 @@ if platform.system() == "Darwin":
elif platform.system() == "Windows":
container_runtime = shutil.which("docker.exe")
else:
container_runtime = shutil.which("docker")
container_runtime = shutil.which("podman")
# Define startupinfo for subprocesses
if platform.system() == "Windows":
@ -51,7 +51,7 @@ def container_main():
@container_main.command()
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def ls(container_name):
"""docker image ls [container_name]"""
sys.exit(exec_container(["image", "ls", container_name]))
@ -60,37 +60,36 @@ def ls(container_name):
@container_main.command()
def pull():
"""docker pull flmcode/dangerzone"""
sys.exit(exec_container(["pull", "flmcode/dangerzone"]))
sys.exit(exec_container(["pull", "docker.io/flmcode/dangerzone"]))
@container_main.command()
@click.option("--document-filename", required=True)
@click.option("--pixel-dir", required=True)
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def documenttopixels(document_filename, pixel_dir, container_name):
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
sys.exit(
exec_container(
[
"run",
"--network",
"none",
"--security-opt=no-new-privileges:true",
"-v",
f"{document_filename}:/tmp/input_file",
"-v",
f"{pixel_dir}:/dangerzone",
container_name,
"document-to-pixels",
]
)
)
args = ["run", "--network", "none"]
# Linux uses podman instead of docker, and only docker uses --security-opt
if platform.system() != "Linux":
args += ["--security-opt=no-new-privileges:true"]
args += [
"-v",
f"{document_filename}:/tmp/input_file",
"-v",
f"{pixel_dir}:/dangerzone",
container_name,
"document-to-pixels",
]
sys.exit(exec_container(args))
@container_main.command()
@click.option("--pixel-dir", required=True)
@click.option("--safe-dir", required=True)
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
@click.option("--ocr", required=True)
@click.option("--ocr-lang", required=True)
def pixelstopdf(pixel_dir, safe_dir, container_name, ocr, ocr_lang):

15
dangerzone/global_common.py
View file

@ -384,7 +384,7 @@ class GlobalCommon(object):
if self.custom_container:
return self.custom_container
else:
return "flmcode/dangerzone"
return "docker.io/flmcode/dangerzone"
def get_resource_path(self, filename):
if getattr(sys, "dangerzone_dev", False):
@ -439,18 +439,11 @@ class GlobalCommon(object):
return "/usr/bin/dangerzone-container"
def exec_dangerzone_container(self, args):
# Prefix the args with the retainer runtime, and in the case linux when the user isn't in the docker group, pkexec
if platform.system() == "Linux":
if self.settings.get("linux_prefers_typing_password"):
args = ["/usr/bin/pkexec", self.dz_container_path] + args
else:
args = [self.dz_container_path] + args
else:
args = [self.dz_container_path] + args
# Execute dangerzone-container
args = [self.dz_container_path] + args
args_str = " ".join(pipes.quote(s) for s in args)
print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
# Execute dangerzone-container
return subprocess.Popen(
args,
startupinfo=self.get_subprocess_startupinfo(),