almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
dangerzone/rip_docker
History
Micah Lee c39562906e
Extract vmlinuz and initramfs as well
2021-06-25 12:20:42 -07:00
..
vm-image-builder Extract vmlinuz and initramfs as well 2021-06-25 12:20:42 -07:00
.gitignore Got LinuxKit working, and a custom VM built, but I have a docker issue 2021-06-14 17:25:02 -07:00
dangerzone.yml More updates to the readme and stuff but docker containers still will not run 2021-06-15 12:10:39 -07:00
metadata.json More updates to the readme and stuff but docker containers still will not run 2021-06-15 12:10:39 -07:00
README.md More updates to the readme and stuff but docker containers still will not run 2021-06-15 12:10:39 -07:00

README.md

RIP Docker

Notes for removing the Docker Desktop dependency from Dangerzone.

macOS

The most promising path forward is with LinuxKit and HyperKit. This is super helpful, a LinuxKit config for Docker for Mac.

Install Docker Desktop

Docker is required for linuxkit to build the VM image.

Collect the binaries

mkdir -p bin

# download pre-built LinuxKit binary
cd bin
wget https://github.com/linuxkit/linuxkit/releases/download/v0.8/linuxkit-darwin-amd64
chmod +x linuxkit-darwin-amd64 
mv linuxkit-darwin-amd64 linuxkit
cd ..

# copy binaries from Docker Desktop
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit bin/hyperkit
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit bin/vpnkit
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.cli bin/docker

Build the dangerzone VM image and see if it works

When building the image, use linuxkit from homebrew to avoid a problem with expired certificates:

brew tap linuxkit/linuxkit
brew install --HEAD linuxkit

Then use it:

/usr/local/bin/linuxkit build -format kernel+initrd dangerzone.yml

And then try running it (using linuxkit from bin):

./bin/linuxkit run hyperkit \
    -hyperkit ./bin/hyperkit \
    -vpnkit ./bin/vpnkit \
    -cpus 2 \
    -data-file ./metadata.json \
    -networking=vpnkit \
    -vsock-ports=2376 \
    -disk size=4096M \
    -mem 2048 \
    -kernel dangerzone

And see if it works:

./bin/docker -H unix://dangerzone-state/guest.00000948 ps

Inside the VM you can shutdown with poweroff.

Ooh, almost there

$ ./bin/docker -H unix://dangerzone-state/guest.00000948 run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete 
Digest: sha256:9f6ad537c5132bcce57f7a0a20e317228d382c3cd61edae14650eec68b2b345c
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"fork/exec /proc/7/exe: no such file or directory\\\"\"": unknown.
ERRO[0003] error waiting for container: context canceled