Skip to content

Latest commit

 

History

History
453 lines (305 loc) · 10.7 KB

BUILD.md

File metadata and controls

453 lines (305 loc) · 10.7 KB
Raw

Development environment

Debian/Ubuntu

Install dependencies:

sudo apt install -y podman dh-python build-essential fakeroot make libqt6gui6 \
    pipx python3 python3-dev python3-stdeb python3-all

Install Poetry using pipx (recommended) and add it to your $PATH:

(See also a list of alternative installation methods)

pipx ensurepath
pipx install poetry

After this, restart the terminal window, for the poetry command to be in your $PATH.

Clone this repository:

git clone https://github.com/freedomofpress/dangerzone/

Change to the dangerzone folder, and install the poetry dependencies:

Note: due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

cd dangerzone
poetry install

Build the latest container:

./install/linux/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

Create a .deb:

./install/linux/build-deb.py

Fedora

Install dependencies:

sudo dnf install -y rpm-build podman python3 python3-devel python3-poetry-core \
    pipx qt6-qtbase-gui

Install Poetry using pipx:

pipx install poetry

Clone this repository:

git clone https://github.com/freedomofpress/dangerzone/

Change to the dangerzone folder, and install the poetry dependencies:

Note: due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

cd dangerzone
poetry install

Build the latest container:

./install/linux/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

Note

Prefer running the following command in a Fedora development environment, created by ./dev_script/env.py.

Create a .rpm:

./install/linux/build-rpm.py

Qubes OS

⚠️ Native Qubes support is in beta stage, so the instructions below require switching between qubes, and are subject to change.

If you want to build Dangerzone on Qubes and use containers instead of disposable qubes, please follow the intructions of Fedora / Debian instead.

Initial Setup

The following steps must be completed once. Make sure you run them in the specified qubes.

Overview of the qubes you'll create:

qube type purpose
dz app qube Dangerzone development
dz-dvm app qube offline diposable template for performing conversions
fedora-38-dz template template for the other two qubes

In dom0:

  1. Create a new Fedora template (fedora-38-dz) for Dangerzone development:

    qvm-clone fedora-38 fedora-38-dz

    💡 Alternatively, you can use your base Fedora 38 template in the following instructions. In that case, replace fedora-38-dz with fedora-38 in the steps below.

  2. Create a disposable, offline app qube (dz-dvm), based on the fedora-38-dz template. This will be the qube where the documents will be sanitized:

    qvm-create --class AppVM --label red --template fedora-38-dz \
    --prop netvm="" --prop template_for_dispvms=True \
    dz-dvm

  3. Create an app qube (dz) that will be used for Dangerzone development and initiating the sanitization process:

    qvm-create --class AppVM --label red --template fedora-38-dz dz

    💡 Alternatively, you can use a different app qube for Dangerzone development. In that case, replace dz with the qube of your choice in the steps below.

  4. Add an RPC policy (/etc/qubes/policy.d/50-dangerzone.policy) that will allow launching a disposable qube (dz-dvm) when Dangerzone converts a document, with the following contents:

    dz.Convert         *       @anyvm       @dispvm:dz-dvm  allow
dz.ConvertDev      *       @anyvm       @dispvm:dz-dvm  allow

In the fedora-38-dz template

  1. Install dependencies:

    sudo dnf install -y rpm-build podman python3 python3-devel \
    python3-poetry-core pipx qt6-qtbase-gui libreoffice python3-magic \
    python3-keyring tesseract*

  2. Shutdown the fedora-38-dz template:

    shutdown -h now

In the dz app qube

  1. Clone the Dangerzone project:

    git clone https://github.com/freedomofpress/dangerzone
cd dangerzone

  2. Install Poetry using pipx:

    pipx install poetry

  3. Install the poetry dependencies:

    poetry install

    Note: due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

  4. Change to the dangerzone folder and copy the Qubes RPC calls into the template for the disposable qube that will be used for document sanitization (dz-dvm):

    qvm-copy qubes/*

    And then choose dz-dvm as the target.

In the dz-dvm template

  1. Create the directory that will contain the Dangerzone RPC calls, if it does not exist already:

    sudo mkdir -p /rw/usrlocal/etc/qubes-rpc/

  2. Move the files we copied in the previous step to their proper place:

    sudo cp ~/QubesIncoming/dz/* /rw/usrlocal/etc/qubes-rpc/

  3. Shutdown the dz-dvm qube:

    shutdown -h now

Developing Dangerzone

From here on, developing Dangerzone is similar as in other Linux platforms. You can run the following commands in the dz app qube:

# start a shell in the virtual environment
poetry shell

# run the CLI
QUBES_CONVERSION=1 ./dev_scripts/dangerzone-cli --help

# run the GUI
QUBES_CONVERSION=1 ./dev_scripts/dangerzone

Create a .rpm:

Note

Prefer running the following command in a Fedora development environment, created by ./dev_script/env.py.

./install/linux/build-rpm.py --qubes

For changes in the server side components, you can simply edit them locally, and they will be mirrored to the disposable qube through the dz.ConvertDev RPC call.

The only reason to update the fedora-38-dz template from there on is if:

  1. The project requires new server-side components.
  2. The code for dz.ConvertDev needs to be updated. Copy the updated file as we've shown in the steps above.

Installing Dangerzone system-wide

If you want to test the .rpm you just created, you can do the following:

On the dz app cube, copy the built dangerzone.rpm to fedora-38-dz template:

qvm-copy-to-vm fedora-38-dz dist/dangerzone*.noarch.rpm

On the fedora-38-dz template, install the copied .rpm:

sudo dnf install -y ~/QubesIncoming/dz/dangerzone-*.rpm

Shutdown the fedora-38-dz template and the dz app qube, and then you can refresh the applications on the dz qube, find Dangerzone in the list, and use it to convert a document.

macOS

Install Docker Desktop. Make sure to choose your correct CPU, either Intel Chip or Apple Chip.

Install the latest version of Python 3.11 from python.org, and make sure /Library/Frameworks/Python.framework/Versions/3.11/bin is in your PATH.

Clone this repository:

git clone https://github.com/freedomofpress/dangerzone/
cd dangerzone

Install Python dependencies:

python3 -m pip install poetry
poetry install

Install Homebrew dependencies:

brew install create-dmg

Build the dangerzone container image:

./install/macos/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

To create an app bundle, use the build_app.py script:

poetry run ./install/macos/build-app.py

If you want to build for distribution, you'll need a codesigning certificate, and then run:

poetry run ./install/macos/build-app.py --with-codesign

The output is in the dist folder.

Windows

Install Docker Desktop.

Install the latest version of Python 3.11 (64-bit) from python.org. Make sure to check the "Add Python 3.11 to PATH" checkbox on the first page of the installer.

Install Microsoft Visual C++ 14.0 or greater. Get it with "Microsoft C++ Build Tools" and make sure to select "Desktop development with C++" when installing.

Install poetry. Open PowerShell, and run:

python -m pip install poetry

Install git from here, open a Windows terminal (cmd.exe) and clone this repository:

git clone https://github.com/freedomofpress/dangerzone/

Change to the dangerzone folder, and install the poetry dependencies:

cd dangerzone
poetry install

Build the dangerzone container image:

python .\install\windows\build-image.py

After that you can launch dangerzone during development with:

# start a shell in the virtual environment
poetry shell

# run the CLI
.\dev_scripts\dangerzone-cli.bat --help

# run the GUI
.\dev_scripts\dangerzone.bat

If you want to build the installer

If you want to sign binaries with Authenticode

You'll need a code signing certificate.

To make a .exe

Open a command prompt, cd into the dangerzone directory, and run:

poetry run python .\setup-windows.py build

In build\exe.win32-3.11\ you will find dangerzone.exe, dangerzone-cli.exe, and all supporting files.

To build the installer

Note that you must have a codesigning certificate installed in order to use the install\windows\build-app.bat script, because it codesigns dangerzone.exe, dangerzone-cli.exe and Dangerzone.msi.

poetry run .\install\windows\build-app.bat

When you're done you will have dist\Dangerzone.msi.