Successfully boot VM

dangerzone/gui/__init__.py

@@ -112,8 +112,8 @@ def flush(self):
     systray = SysTray(global_common, gui_common, app, vm)
 
     # Start the VM
-    # if vm:
-    #     vm.start()
+    if vm:
+        vm.start()
 
     closed_windows = {}
     windows = {}

dangerzone/gui/systray.py

@@ -40,9 +40,6 @@ def vm_state_change(self, state):
         elif state == self.vm.STATE_ON:
             self.status_action.setText("Dangerzone VM is running")
             self.restart_action.setEnabled(True)
-        elif state == self.vm.STATE_STOPPING:
-            self.status_action.setText("Dangerzone VM is stopping...")
-            self.restart_action.setEnabled(False)
 
     def restart_clicked(self):
         self.vm.restart()

dangerzone/gui/vm.py

@@ -3,14 +3,14 @@
 import subprocess
 import uuid
 import pipes
+import tempfile
 from PySide2 import QtCore
 
 
 class Vm(QtCore.QObject):
     STATE_OFF = 0
     STATE_STARTING = 1
     STATE_ON = 2
-    STATE_STOPPING = 3
 
     vm_state_change = QtCore.Signal(int)
 
@@ -21,10 +21,12 @@ def __init__(self, global_common):
         # VM starts off
         self.state = self.STATE_OFF
 
-        # Hyperkit subprocess
+        # Processes
+        self.vpnkit_p = None
         self.hyperkit_p = None
 
         # Relevant paths
+        self.vpnkit_path = self.global_common.get_resource_path("bin/vpnkit")
         self.hyperkit_path = self.global_common.get_resource_path("bin/hyperkit")
         self.vm_iso_path = self.global_common.get_resource_path("vm/dangerzone.iso")
         self.vm_kernel_path = self.global_common.get_resource_path("vm/kernel")
@@ -33,27 +35,47 @@ def __init__(self, global_common):
         )
 
         # Folder to hold files related to the VM
-        self.vm_state_dir = os.path.join(self.global_common.appdata_path, "vm-state")
-        os.makedirs(self.vm_state_dir, exist_ok=True)
+        self.state_dir = tempfile.TemporaryDirectory()
+        self.vpnkit_sock_path = os.path.join(self.state_dir.name, "vpnkit.eth.sock")
+        self.hyperkit_pid_path = os.path.join(self.state_dir.name, "hyperkit.pid")
 
         # UDID for VM
         self.vm_uuid = str(uuid.uuid4())
-        self.vm_cmdline = "modules=virtio_net console=ttyS0"
+        self.vm_cmdline = (
+            "earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"
+        )
 
     def start(self):
         self.state = self.STATE_STARTING
         self.vm_state_change.emit(self.state)
 
-        # Kill existing process
-        if self.hyperkit_p is not None:
-            self.hyperkit_p.terminate()
-            self.hyperkit_p = None
+        # Run VPNKit
+        args = [
+            self.vpnkit_path,
+            "--ethernet",
+            self.vpnkit_sock_path,
+            "--gateway-ip",
+            "192.168.65.1",
+            "--host-ip",
+            "192.168.65.2",
+            "--lowest-ip",
+            "192.168.65.3",
+            "--highest-ip",
+            "192.168.65.254",
+        ]
+        args_str = " ".join(pipes.quote(s) for s in args)
+        print("> " + args_str)
+        self.vpnkit_p = subprocess.Popen(
+            args,
+            stdout=sys.stdout,
+            stderr=subprocess.STDOUT,
+        )
 
         # Run Hyperkit
         args = [
             self.hyperkit_path,
             "-F",
-            os.path.join(self.vm_state_dir, "hyperkit.pid"),
+            self.hyperkit_pid_path,
             "-A",
             "-u",
             "-m",
@@ -69,23 +91,29 @@ def start(self):
             "-s",
             f"1:0,ahci-cd,{self.vm_iso_path}",
             "-s",
-            "2:0,virtio-net",
+            f"2:0,virtio-vpnkit,path={self.vpnkit_sock_path}",
             "-U",
             self.vm_uuid,
             "-f",
             f'kexec,{self.vm_kernel_path},{self.vm_initramfs_path},"{self.vm_cmdline}"',
         ]
         args_str = " ".join(pipes.quote(s) for s in args)
         print("> " + args_str)
-
         self.hyperkit_p = subprocess.Popen(
             args,
             stdout=sys.stdout,
             stderr=subprocess.STDOUT,
         )
 
     def restart(self):
-        pass
+        self.stop()
+        self.start()
 
     def stop(self):
-        pass
+        # Kill existing processes
+        if self.vpnkit_p is not None:
+            self.vpnkit_p.terminate()
+            self.vpnkit_p = None
+        if self.hyperkit_p is not None:
+            self.hyperkit_p.terminate()
+            self.hyperkit_p = None

install/macos/entitlements.plist

@@ -2,8 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
     <dict>
-        <key>com.apple.security.app-sandbox</key>
-        <true/>
+        <!-- <key>com.apple.security.app-sandbox</key>
+        <true/> -->
         <key>com.apple.security.inherit</key>
         <true/>
         <key>com.apple.security.files.user-selected.read-write</key>
@@ -14,8 +14,6 @@
         <true/>
         <key>com.apple.security.hypervisor</key>
         <true/>
-        <!-- <key>com.apple.vm.networking</key>
-        <true/> -->
         <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
         <true/>
     </dict>

install/vm-builder/run-vm.sh

@@ -4,16 +4,16 @@ ROOT=$(pwd)/vm
 HYPERKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit
 VPNKIT=/Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit
 
-# VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
-# PIDFILE=$ROOT/vpnkit.pid
-# $VPNKIT \
-#     --ethernet=$VPNKIT_SOCK \
-#     --gateway-ip 192.168.65.1 \
-#     --host-ip 192.168.65.2 \
-#     --lowest-ip 192.168.65.3 \
-#     --highest-ip 192.168.65.254 &
-# echo $! > $PIDFILE
-# trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
+VPNKIT_SOCK=$ROOT/vpnkit.eth.sock
+PIDFILE=$ROOT/vpnkit.pid
+$VPNKIT \
+    --ethernet=$VPNKIT_SOCK \
+    --gateway-ip 192.168.65.1 \
+    --host-ip 192.168.65.2 \
+    --lowest-ip 192.168.65.3 \
+    --highest-ip 192.168.65.254 &
+echo $! > $PIDFILE
+trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
 
 $HYPERKIT \
     -F $ROOT/hyperkit.pid \
@@ -23,19 +23,6 @@ $HYPERKIT \
     -s 0:0,hostbridge -s 31,lpc \
     -l com1,stdio \
     -s 1:0,ahci-cd,$ROOT/dangerzone.iso \
-    -s 2:0,virtio-net \
+    -s 2:0,virtio-vpnkit,path=$VPNKIT_SOCK \
     -U 9efa82d7-ebd5-4287-b1cc-ac4160a39fa7 \
-    -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod,usb-storage vpnkit.connect=connect://2/1999"
-
-# hyperkit 
-#     -c 1 -m 1024M 
-#     -u -A -H 
-#     -U 386bba5a-5dc4-3ac2-95c9-cf0b9a29b352 
-#     -s 0:0,hostbridge 
-#     -s 2:0,virtio-net 
-#     -s 5,virtio-rnd 
-#     -s 31,lpc 
-#     -l com1,autopty=primary/pty,log=/Library/Logs/Multipass/primary-hyperkit.log 
-#     -s 1:0,virtio-blk,file://primary/ubuntu-20.04-server-cloudimg-amd64.img?sync=os&buffered=1,format=qcow,qcow-config=discard=true;compact_after_unmaps=262144;keep_erased=262144;runtime_asserts=false 
-#     -s 1:1,ahci-cd,primary/cloud-init-config.iso 
-#     -f kexec,primary/ubuntu-20.04-server-cloudimg-amd64-vmlinuz-generic,primary/ubuntu-20.04-server-cloudimg-amd64-initrd-generic,earlyprintk=serial console=ttyS0 root=/dev/vda1 rw panic=1 no_timer_check
+    -f kexec,$ROOT/kernel,$ROOT/initramfs.img,"earlyprintk=serial console=ttyS0 modules=loop,squashfs,sd-mod"