almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Update the install docs to follow sphinx formatting

Browse source
This commit is contained in:
Alexis Métaireau 2025-03-25 15:24:58 +01:00
parent 250bb3791b
commit 0d053d00f0
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 57 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

125
docs/install.md
View file

@ -5,21 +5,35 @@
- Download [Dangerzone 0.8.1 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-arm64.dmg) - Download [Dangerzone 0.8.1 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-arm64.dmg)
- Download [Dangerzone 0.8.1 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-i686.dmg) - Download [Dangerzone 0.8.1 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-i686.dmg)
You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `brew install --cask dangerzone` You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/):
> **Note**: you will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/). ```bash
> This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to brew install --cask dangerzone
> create the secure environment. ```
:::{note}
You will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/).
This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to
create the secure environment.
:::
## Windows ## Windows
- Download [Dangerzone 0.8.1 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1.msi) - Download [Dangerzone 0.8.1 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1.msi)
> **Note**: you will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/). :::{note}
> This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to
> create the secure environment. You will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/).
This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to
create the secure environment.
:::
## Linux ## Linux
On Linux, Dangerzone uses [Podman](https://podman.io/) instead of Docker Desktop for creating On Linux, Dangerzone uses [Podman](https://podman.io/) instead of Docker Desktop for creating
an isolated environment. It will be installed automatically when installing Dangerzone. an isolated environment. It will be installed automatically when installing Dangerzone.
@ -38,25 +52,13 @@ Dangerzone is available for:
### Ubuntu, Debian ### Ubuntu, Debian
<table> :::{admonition} Backport notice for Ubuntu 22.04 (Jammy) users regarding the `conmon` package
<tr> :collapsible: closed
<td>
<details>
<summary><i>:information_source: Backport notice for Ubuntu 22.04 (Jammy) users regarding the <code>conmon</code> package</i></summary>
</br>
The `conmon` version that Podman uses and Ubuntu Jammy ships, has a bug The `conmon` version that Podman uses and Ubuntu Jammy ships, has a bug that gets triggered by Dangerzone (more details in https://github.com/freedomofpress/dangerzone/issues/685). To fix this, we provide our own `conmon` package through our APT repo, which was built with the following [instructions](https://github.com/freedomofpress/maint-dangerzone-conmon/tree/ubuntu/jammy/fpf).
that gets triggered by Dangerzone
(more details in https://github.com/freedomofpress/dangerzone/issues/685). This package is essentially a backport of the `conmon` package [provided](https://packages.debian.org/source/oldstable/conmon) by Debian Bullseye.
To fix this, we provide our own `conmon` package through our APT repo, which :::
was built with the following [instructions](https://github.com/freedomofpress/maint-dangerzone-conmon/tree/ubuntu/jammy/fpf).
This package is essentially a backport of the `conmon` package
[provided](https://packages.debian.org/source/oldstable/conmon) by Debian
Bullseye.
</details>
</td>
</tr>
</table>
First, retrieve the PGP keys. First, retrieve the PGP keys.
@ -100,27 +102,20 @@ sudo apt update
sudo apt install -y dangerzone sudo apt install -y dangerzone
``` ```
<table> :::{admonition} Security notice on third-party Debian repos</i></summary>
<tr> :collapsible: closed
<td>
<details>
<summary><i>:memo: Expand this section for a security notice on third-party Debian repos</i></summary>
</br>
This section follows the official instructions on configuring [third-party This section follows the official instructions on configuring [third-party
Debian repos](https://wiki.debian.org/DebianRepository/UseThirdParty). Debian repos](https://wiki.debian.org/DebianRepository/UseThirdParty).
To mitigate a class of attacks against our APT repo (e.g., injecting packages To mitigate a class of attacks against our APT repo (e.g., injecting packages
signed with an attacker key), we add an additional step in our instructions to signed with an attacker key), we add an additional step in our instructions to
verify the downloaded GPG key against its fingerprint. verify the downloaded GPG key against its fingerprint.
Aside from these protections, the user needs to be aware that Debian packages Aside from these protections, the user needs to be aware that Debian packages
run as `root` during the installation phase, so they need to place some trust run as `root` during the installation phase, so they need to place some trust
on our signed Debian packages. This holds for any third-party Debian repo. on our signed Debian packages. This holds for any third-party Debian repo.
</details> :::
</td>
</tr>
</table>
### Fedora ### Fedora
@ -134,12 +129,8 @@ sudo dnf install dangerzone
##### Verifying Dangerzone GPG key ##### Verifying Dangerzone GPG key
<table> :::{admonition} Importing GPG key 0x22604281: ... Is this ok [y/N]:
<tr> :collapsible: closed
<td>
<details>
<summary>Importing GPG key 0x22604281: ... Is this ok [y/N]:</summary>
</br>
After some minutes of running the above command (depending on your internet speed) you'll be asked to confirm the fingerprint of our signing key. This is to make sure that in the case our servers are compromised your computer stays safe. It should look like this: After some minutes of running the above command (depending on your internet speed) you'll be asked to confirm the fingerprint of our signing key. This is to make sure that in the case our servers are compromised your computer stays safe. It should look like this:
@ -153,34 +144,32 @@ Importing GPG key 0x22604281:
From : /etc/pki/rpm-gpg/RPM-GPG-dangerzone.pub From : /etc/pki/rpm-gpg/RPM-GPG-dangerzone.pub
Is this ok [y/N]: Is this ok [y/N]:
``` ```
:::
> **Note**: If it does not show this fingerprint confirmation or the fingerprint does not match, it is possible that our servers were compromised. Be distrustful and reach out to us. :::{note}
If it does not show this fingerprint confirmation or the fingerprint does not match, it is possible that our servers were compromised. Be distrustful and reach out to us.
:::
The `Fingerprint` should be `DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281`. For extra security, you should confirm it matches the one at the bottom of our website ([dangerzone.rocks](https://dangerzone.rocks)) and our [Mastodon account](https://fosstodon.org/@dangerzone) bio. The `Fingerprint` should be `DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281`. For extra security, you should confirm it matches the one at the bottom of our website ([dangerzone.rocks](https://dangerzone.rocks)) and our [Mastodon account](https://fosstodon.org/@dangerzone) bio.
After confirming that it matches, type `y` (for yes) and the installation should proceed. After confirming that it matches, type `y` (for yes) and the installation should proceed.
</details>
</td>
</tr>
</table>
### Qubes OS ### Qubes OS
> [!WARNING] :::{warning}
> This section is for the beta version of native Qubes support. If you This section is for the beta version of native Qubes support. If you
> want to try out the stable Dangerzone version (which uses containers instead want to try out the stable Dangerzone version (which uses containers instead
> of virtual machines for isolation), please follow the Fedora or Debian of virtual machines for isolation), please follow the Fedora or Debian
> instructions and adapt them as needed. instructions and adapt them as needed.
> **If you followed these instructions before October 25, 2023, please read [this security advisory](docs/advisories/2023-10-25.md).**
> **If you followed these instructions before October 25, 2023, please read [this security advisory](docs/advisories/2023-10-25.md).** This notice will be removed with the 1.0.0 release of Dangerzone.
> This notice will be removed with the 1.0.0 release of Dangerzone. :::
:::{important}
> [!IMPORTANT] This section will install Dangerzone in your **default template**
> This section will install Dangerzone in your **default template** (`fedora-40` as of writing this). If you want to install it in a different
> (`fedora-40` as of writing this). If you want to install it in a different one, make sure to replace `fedora-40` with the template of your choice.
> one, make sure to replace `fedora-40` with the template of your choice. :::
The following steps must be completed once. Make sure you run them in the The following steps must be completed once. Make sure you run them in the
specified qubes. specified qubes.