diff --git a/.circleci/config.yml b/.circleci/config.yml index 945186f..94bf93c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,25 +5,12 @@ aliases: name: Install Podman in Ubuntu Focal command: ./install/linux/install-podman-ubuntu-focal.sh - # FIXME: Remove the following step once we drop Ubuntu Focal support. The - # python-all dependency is an artificial requirement due to an stdeb bug - # prior to v0.9.1. See: - # - # * https://github.com/astraw/stdeb/issues/153 - # * https://github.com/freedomofpress/dangerzone/issues/292#issuecomment-1349967888 - - &install-python-all - name: Install python-all package - command: | - export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true - apt-get update - apt-get install -y python-all - - &install-dependencies-deb name: Install dependencies (deb) command: | export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get update - apt-get install -y dh-python python3 python3-stdeb + apt build-dep -y . - &install-dependencies-rpm name: Install dependencies (rpm) @@ -470,8 +457,8 @@ jobs: - image: ubuntu:24.04 resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -482,8 +469,8 @@ jobs: - image: ubuntu:23.10 resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -494,8 +481,8 @@ jobs: - image: ubuntu:22.04 resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -506,9 +493,8 @@ jobs: - image: ubuntu:20.04 resource_class: medium+ steps: - - run: *install-dependencies-deb - - run: *install-python-all - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -519,8 +505,8 @@ jobs: - image: debian:trixie resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -531,8 +517,8 @@ jobs: - image: debian:bookworm resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -543,8 +529,8 @@ jobs: - image: debian:bullseye resource_class: medium+ steps: - - run: *install-dependencies-deb - checkout + - run: *install-dependencies-deb - run: *calculate-cache-key - restore_cache: *restore-cache - run: *copy-image @@ -613,13 +599,9 @@ workflows: - ci-fedora-39: requires: - build-container-image - # FIXME: Currently disabled because `stdeb` does not work with Python - # 3.12, which is the default in Ubuntu Noble. See also: - # https://github.com/freedomofpress/dangerzone/issues/773 - # - #- build-ubuntu-noble: - # requires: - # - build-container-image + - build-ubuntu-noble: + requires: + - build-container-image - build-ubuntu-mantic: requires: - build-container-image @@ -632,13 +614,9 @@ workflows: - build-debian-bullseye: requires: - build-container-image - # FIXME: Currently disabled because `stdeb` does not work with Python - # 3.12, which has become the default in Debian Trixie. See also: - # https://github.com/freedomofpress/dangerzone/issues/773 - # - #- build-debian-trixie: - # requires: - # - build-container-image + - build-debian-trixie: + requires: + - build-container-image - build-debian-bookworm: requires: - build-container-image diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a66384..57d6a3c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,9 @@ name: Tests on: push: pull_request: - branches: [ main ] + branches: [main] schedule: - - cron: '0 0 * * *' # Run every day at 00:00 UTC. + - cron: "0 0 * * *" # Run every day at 00:00 UTC. workflow_dispatch: jobs: @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: "3.12" - run: pip install poetry - run: poetry install - name: Run CLI tests @@ -37,7 +37,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: "3.12" - run: pip install poetry - run: poetry install - name: Run CLI tests @@ -55,7 +55,7 @@ jobs: - uses: actions/setup-python@v5 with: - python-version: '3.10' + python-version: "3.10" - name: Build dev environment run: | @@ -79,7 +79,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: dangerzone.deb - path: "deb_dist/dangerzone_*_all.deb" + path: "deb_dist/dangerzone_*_*.deb" install-deb: runs-on: ubuntu-latest @@ -115,7 +115,7 @@ jobs: - uses: actions/setup-python@v5 with: - python-version: '3.10' + python-version: "3.10" - name: Download Dangerzone .deb uses: actions/download-artifact@v4 diff --git a/.gitignore b/.gitignore index 0a71e01..9881bfe 100644 --- a/.gitignore +++ b/.gitignore @@ -127,6 +127,13 @@ dmypy.json # Pyre type checker .pyre/ +# Debian packaging + +debian/.debhelper +debian/dangerzone +debian/files +debian/debhelper-build-stamp +debian/dangerzone.* # Other .vscode *.tar.gz diff --git a/BUILD.md b/BUILD.md index b39a73b..edaf923 100644 --- a/BUILD.md +++ b/BUILD.md @@ -58,8 +58,8 @@ Install dependencies: ```sh -sudo apt install -y podman dh-python build-essential fakeroot make libqt6gui6 \ - pipx python3 python3-dev python3-stdeb python3-all +sudo apt install -y podman dh-python build-essential make libqt6gui6 \ + pipx python3 python3-dev ``` Install Poetry using `pipx` (recommended) and add it to your `$PATH`: diff --git a/INSTALL.md b/INSTALL.md index 3aeaf06..14e61da 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -46,12 +46,6 @@ Dangerzone is available for: sudo apt update ``` - Also, you need to install the `python-all` package, due to an `stdeb` bug that - existed before v0.9.1: - - ``` - sudo apt-get install python-all -y - ``` diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..86f59f6 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +dangerzone (0.7.0) unstable; urgency=low + + * Removed stdeb in favor of direct debian packaging tools + + -- Freedom of the Press Foundation Tue, 27 Aug 2024 14:39:28 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..133883b --- /dev/null +++ b/debian/control @@ -0,0 +1,15 @@ +Source: dangerzone +Maintainer: Freedom of the Press Foundation +Section: python +Priority: optional +Build-Depends: dh-python, python3-setuptools, python3, dpkg-dev, debhelper (>= 9) +Standards-Version: 4.5.1 +Homepage: https://github.com/freedomofpress/dangerzone +Rules-Requires-Root: no + +Package: dangerzone +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends}, podman, python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-pyside2.qtsvg, python3-appdirs, python3-click, python3-xdg, python3-colorama, python3-requests, python3-markdown, python3-packaging +Description: Take potentially dangerous PDFs, office documents, or images + Dangerzone is an open source desktop application that takes potentially dangerous PDFs, office documents, or images and converts them to safe PDFs. It uses disposable VMs on Qubes OS, or container technology in other OSes, to convert the documents within a secure sandbox. + . diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..f5e7ce4 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,8 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: dangerzone +Source: https://github.com/freedomofpress/dangerzone + +Files: * +Copyright: 2020-2021 First Look Media + 2022- Freedom of the Press Foundation, and Dangerzone contributors +License: AGPL-3.0-or-later \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..25946a9 --- /dev/null +++ b/debian/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f +export PYBUILD_NAME=dangerzone +export DEB_BUILD_OPTIONS=nocheck + +%: + dh $@ --with python3 --buildsystem=pybuild + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..9f67427 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) \ No newline at end of file diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..57156b1 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,4 @@ +compression = "gzip" +tar-ignore = "dev_scripts" +tar-ignore = ".*" +tar-ignore = "__pycache__" \ No newline at end of file diff --git a/dev_scripts/env.py b/dev_scripts/env.py index e6552f8..71c005b 100755 --- a/dev_scripts/env.py +++ b/dev_scripts/env.py @@ -139,8 +139,7 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* RUN apt-get update \ && apt-get install -y --no-install-recommends dh-python make build-essential \ - git fakeroot {qt_deps} pipx python3 python3-dev python3-venv python3-stdeb \ - python3-all \ + git {qt_deps} pipx python3 python3-venv dpkg-dev debhelper python3-setuptools \ && rm -rf /var/lib/apt/lists/* # NOTE: `pipx install poetry` fails on Ubuntu Focal, when installed through APT. By # installing the latest version, we sidestep this issue. @@ -676,7 +675,7 @@ class Env: "noble", ): install_deps = DOCKERFILE_UBUNTU_REM_USER + DOCKERFILE_BUILD_DEBIAN_DEPS - package_pattern = f"dangerzone_{version}-*_all.deb" + package_pattern = f"dangerzone_{version}-*_*.deb" package_src = self.find_dz_package(git_root() / "deb_dist", package_pattern) package = package_src.name package_dst = build_dir / package diff --git a/dev_scripts/qa.py b/dev_scripts/qa.py index 5b883fe..3f8e9ca 100755 --- a/dev_scripts/qa.py +++ b/dev_scripts/qa.py @@ -250,8 +250,8 @@ Install dependencies: ```sh -sudo apt install -y podman dh-python build-essential fakeroot make libqt6gui6 \ - pipx python3 python3-dev python3-stdeb python3-all +sudo apt install -y podman dh-python build-essential make libqt6gui6 \ + pipx python3 python3-dev ``` Install Poetry using `pipx` (recommended) and add it to your `$PATH`: diff --git a/install/linux/build-deb.py b/install/linux/build-deb.py index e28a6cf..10d73be 100755 --- a/install/linux/build-deb.py +++ b/install/linux/build-deb.py @@ -2,19 +2,17 @@ # -*- coding: utf-8 -*- import argparse -import inspect import os import shutil import subprocess import sys +from pathlib import Path -root = os.path.dirname( - os.path.dirname( - os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe()))) - ) -) +# .absolute() is needed for python<=3.8, for which +# __file__ returns an absolute path. +root = Path(__file__).parent.parent.parent.absolute() -with open(os.path.join(root, "share", "version.txt")) as f: +with open(root / "share" / "version.txt") as f: version = f.read().strip() @@ -39,8 +37,8 @@ def main(): ) args = parser.parse_args() - dist_path = os.path.join(root, "dist") - deb_dist_path = os.path.join(root, "deb_dist") + dist_path = root / "dist" + deb_dist_path = root / "deb_dist" print("* Deleting old dist and deb_dist") if os.path.exists(dist_path): @@ -49,31 +47,28 @@ def main(): shutil.rmtree(deb_dist_path) print("* Building DEB package") - # NOTE: This command first builds the Debian source package, and then creates the - # final DEB package. We could simply call `bdist_deb`, which performs `sdist_dsc` - # implicitly, but we wouldn't be able to pass the Debian version argument. Because - # we do this in a single invocation though, there's no performance cost. if args.distro is None: - deb_ver_args = () deb_ver = "1" else: - deb_ver_args = ("--debian-version", args.distro) deb_ver = args.distro run( [ - "python3", - "setup.py", - "--command-packages=stdeb.command", - "sdist_dsc", - *deb_ver_args, - "bdist_deb", + "dpkg-buildpackage", ] ) + os.makedirs(deb_dist_path, exist_ok=True) print("") print("* To install run:") - print(f"sudo dpkg -i deb_dist/dangerzone_{version}-{deb_ver}_all.deb") + + # dpkg-buildpackage produces a .deb file in the parent folder + # that needs to be copied to the `deb_dist` folder manually + for item in root.parent.glob(f"dangerzone_{version}_*.deb"): + arch = item.stem.split("_")[-1] + destination = root / "deb_dist" / f"dangerzone_{version}-{deb_ver}_{arch}.deb" + shutil.move(item, destination) + print(f"sudo dpkg -i {destination}") if __name__ == "__main__": diff --git a/stdeb.cfg b/stdeb.cfg deleted file mode 100644 index 716287f..0000000 --- a/stdeb.cfg +++ /dev/null @@ -1,11 +0,0 @@ -[DEFAULT] -Package3: dangerzone -Depends3: podman, python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-pyside2.qtsvg, python3-appdirs, python3-click, python3-xdg, python3-colorama, python3-requests, python3-markdown, python3-packaging -Build-Depends: dh-python, python3, python3-setuptools, python3-stdeb -Suite: bionic -X-Python3-Version: >= 3.8 -# Do not trigger testing when we build the package. Assume that the user -# has tested the package already. For more info, see: -# https://github.com/freedomofpress/dangerzone/issues/292#issuecomment-1349967888 -Setup-Env-Vars: DEB_BUILD_OPTIONS=nocheck -Maintainer: Freedom of the Press Foundation