mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-29 02:12:36 +02:00
Make linux container runtime be podman, remove pkexec
This commit is contained in:
Micah Lee
parent
d50b0c1bed
commit
da6c3c253e
2 changed files with 24 additions and 32 deletions
|
|
@ -11,7 +11,7 @@ if platform.system() == "Darwin":
|
||||||
elif platform.system() == "Windows":
|
elif platform.system() == "Windows":
|
||||||
container_runtime = shutil.which("docker.exe")
|
container_runtime = shutil.which("docker.exe")
|
||||||
else:
|
else:
|
||||||
container_runtime = shutil.which("docker")
|
container_runtime = shutil.which("podman")
|
||||||
|
|
||||||
# Define startupinfo for subprocesses
|
# Define startupinfo for subprocesses
|
||||||
if platform.system() == "Windows":
|
if platform.system() == "Windows":
|
||||||
|
|
@ -51,7 +51,7 @@ def container_main():
|
||||||
|
|
||||||
|
|
||||||
@container_main.command()
|
@container_main.command()
|
||||||
@click.option("--container-name", default="flmcode/dangerzone")
|
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
|
||||||
def ls(container_name):
|
def ls(container_name):
|
||||||
"""docker image ls [container_name]"""
|
"""docker image ls [container_name]"""
|
||||||
sys.exit(exec_container(["image", "ls", container_name]))
|
sys.exit(exec_container(["image", "ls", container_name]))
|
||||||
|
|
@ -60,37 +60,36 @@ def ls(container_name):
|
||||||
@container_main.command()
|
@container_main.command()
|
||||||
def pull():
|
def pull():
|
||||||
"""docker pull flmcode/dangerzone"""
|
"""docker pull flmcode/dangerzone"""
|
||||||
sys.exit(exec_container(["pull", "flmcode/dangerzone"]))
|
sys.exit(exec_container(["pull", "docker.io/flmcode/dangerzone"]))
|
||||||
|
|
||||||
|
|
||||||
@container_main.command()
|
@container_main.command()
|
||||||
@click.option("--document-filename", required=True)
|
@click.option("--document-filename", required=True)
|
||||||
@click.option("--pixel-dir", required=True)
|
@click.option("--pixel-dir", required=True)
|
||||||
@click.option("--container-name", default="flmcode/dangerzone")
|
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
|
||||||
def documenttopixels(document_filename, pixel_dir, container_name):
|
def documenttopixels(document_filename, pixel_dir, container_name):
|
||||||
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
|
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
|
||||||
sys.exit(
|
args = ["run", "--network", "none"]
|
||||||
exec_container(
|
|
||||||
[
|
# Linux uses podman instead of docker, and only docker uses --security-opt
|
||||||
"run",
|
if platform.system() != "Linux":
|
||||||
"--network",
|
args += ["--security-opt=no-new-privileges:true"]
|
||||||
"none",
|
|
||||||
"--security-opt=no-new-privileges:true",
|
args += [
|
||||||
"-v",
|
"-v",
|
||||||
f"{document_filename}:/tmp/input_file",
|
f"{document_filename}:/tmp/input_file",
|
||||||
"-v",
|
"-v",
|
||||||
f"{pixel_dir}:/dangerzone",
|
f"{pixel_dir}:/dangerzone",
|
||||||
container_name,
|
container_name,
|
||||||
"document-to-pixels",
|
"document-to-pixels",
|
||||||
]
|
]
|
||||||
)
|
sys.exit(exec_container(args))
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@container_main.command()
|
@container_main.command()
|
||||||
@click.option("--pixel-dir", required=True)
|
@click.option("--pixel-dir", required=True)
|
||||||
@click.option("--safe-dir", required=True)
|
@click.option("--safe-dir", required=True)
|
||||||
@click.option("--container-name", default="flmcode/dangerzone")
|
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
|
||||||
@click.option("--ocr", required=True)
|
@click.option("--ocr", required=True)
|
||||||
@click.option("--ocr-lang", required=True)
|
@click.option("--ocr-lang", required=True)
|
||||||
def pixelstopdf(pixel_dir, safe_dir, container_name, ocr, ocr_lang):
|
def pixelstopdf(pixel_dir, safe_dir, container_name, ocr, ocr_lang):
|
||||||
|
|
|
||||||
|
|
@ -384,7 +384,7 @@ class GlobalCommon(object):
|
||||||
if self.custom_container:
|
if self.custom_container:
|
||||||
return self.custom_container
|
return self.custom_container
|
||||||
else:
|
else:
|
||||||
return "flmcode/dangerzone"
|
return "docker.io/flmcode/dangerzone"
|
||||||
|
|
||||||
def get_resource_path(self, filename):
|
def get_resource_path(self, filename):
|
||||||
if getattr(sys, "dangerzone_dev", False):
|
if getattr(sys, "dangerzone_dev", False):
|
||||||
|
|
@ -439,18 +439,11 @@ class GlobalCommon(object):
|
||||||
return "/usr/bin/dangerzone-container"
|
return "/usr/bin/dangerzone-container"
|
||||||
|
|
||||||
def exec_dangerzone_container(self, args):
|
def exec_dangerzone_container(self, args):
|
||||||
# Prefix the args with the retainer runtime, and in the case linux when the user isn't in the docker group, pkexec
|
args = [self.dz_container_path] + args
|
||||||
if platform.system() == "Linux":
|
|
||||||
if self.settings.get("linux_prefers_typing_password"):
|
|
||||||
args = ["/usr/bin/pkexec", self.dz_container_path] + args
|
|
||||||
else:
|
|
||||||
args = [self.dz_container_path] + args
|
|
||||||
else:
|
|
||||||
args = [self.dz_container_path] + args
|
|
||||||
|
|
||||||
# Execute dangerzone-container
|
|
||||||
args_str = " ".join(pipes.quote(s) for s in args)
|
args_str = " ".join(pipes.quote(s) for s in args)
|
||||||
print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
|
print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
|
||||||
|
|
||||||
|
# Execute dangerzone-container
|
||||||
return subprocess.Popen(
|
return subprocess.Popen(
|
||||||
args,
|
args,
|
||||||
startupinfo=self.get_subprocess_startupinfo(),
|
startupinfo=self.get_subprocess_startupinfo(),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue