almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 09:52:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Update docs to use sphinx syntax when possible

Browse source
This commit is contained in:
Alexis Métaireau 2025-03-25 16:11:21 +01:00
parent d4e312a57b
commit 6bc123503e
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
5 changed files with 64 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
docs/developer/build.md
View file

@ -4,13 +4,8 @@
Install dependencies:
<table>
<tr>
<td>
<details>
<summary><i>:memo: Expand this section if you are on Ubuntu 22.04 (Jammy).</i></summary>
</br>
:::{admonition} Read this section if you are on Ubuntu 22.04 (Jammy).</i></summary>
:collapsible: closed
The `conmon` version that Podman uses and Ubuntu Jammy ships, has a bug
that gets triggered by Dangerzone
(more details in https://github.com/freedomofpress/dangerzone/issues/685).
@ -27,11 +22,7 @@ Install dependencies:
following [instructions](https://github.com/freedomofpress/maint-dangerzone-conmon/tree/ubuntu/jammy/fpf).
Alternatively, you can install a `conmon` version higher than `v2.0.25` from
any repo you prefer.
</details>
</td>
</tr>
</table>
:::
```sh
@ -156,9 +147,9 @@ poetry shell
./dev_scripts/dangerzone
```
> [!NOTE]
> Prefer running the following command in a Fedora development environment,
> created by `./dev_script/env.py`.
:::{note}
Prefer running the following command in a Fedora development environment, created by `./dev_script/env.py`. You can read more about how to do that [here](./environments).
:::
Create a .rpm:
@ -169,11 +160,12 @@ Create a .rpm:
## Qubes OS
> :warning: Native Qubes support is in beta stage, so the instructions below
> require switching between qubes, and are subject to change.
>
> If you want to build Dangerzone on Qubes and use containers instead of disposable
> qubes, please follow the instructions of Fedora / Debian instead.
:::{warning}
Native Qubes support is in beta stage, so the instructions below require
switching between qubes, and are subject to change. If you want to build
Dangerzone on Qubes and use containers instead of disposable qubes, please
follow the instructions of Fedora / Debian instead.
:::
### Initial Setup
@ -293,9 +285,11 @@ QUBES_CONVERSION=1 poetry run ./dev_scripts/dangerzone
And when creating a `.rpm` you'll need to enable the `--qubes` flag.
> [!NOTE]
> Prefer running the following command in a Fedora development environment,
> created by `./dev_script/env.py`.
:::{note}
Prefer running the following command in a Fedora development environment,
created by `./dev_script/env.py`.
You can read more about how to do that [here](./environments).
:::
```sh
./install/linux/build-rpm.py --qubes
@ -442,10 +436,10 @@ Install the WiX UI extension. You may need to open a new terminal in order to us
wix extension add --global WixToolset.UI.wixext/5.0.2
```
> [!IMPORTANT]
> To avoid compatibility issues, ensure the WiX UI extension version matches the version of the WiX Toolset.
>
> Run `wix --version` to check the version of WiX Toolset you have installed and replace `5.x.y` with the full version number without the Git revision.
:::{important}
To avoid compatibility issues, ensure the WiX UI extension version matches the version of the WiX Toolset.
Run `wix --version` to check the version of WiX Toolset you have installed and replace `5.x.y` with the full version number without the Git revision.
:::
### If you want to sign binaries with Authenticode

12
docs/developer/gvisor.md
View file

@ -1,10 +1,5 @@
# gVisor integration
> [!NOTE]
> **Update on 2025-01-13:** There is no longer a copied container image under
> `/home/dangerzone/dangerzone-image/rootfs`. We now reuse the same container
> image both for the inner and outer container. See
> [#1048](https://github.com/freedomofpress/dangerzone/issues/1048).
Dangerzone has relied on the container runtime available in each supported
operating system (Docker Desktop on Windows / macOS, Podman on Linux) to isolate
@ -27,6 +22,13 @@ as **untrusted**, and the computation and output of the second container as
trusted. For this reason, and because we are about to remove the need for the
second container, our integration plan will focus on the first container.
:::{versionchanged} 0.9.0
There is no longer a copied container image under
`/home/dangerzone/dangerzone-image/rootfs`. We now reuse the same container
image both for the inner and outer container. See
[#1048](https://github.com/freedomofpress/dangerzone/issues/1048).
:::
## Design overview
Our integration goals are to:

2
docs/developer/reproducibility.md
View file

@ -2,7 +2,7 @@
We want to improve the transparency and auditability of our build artifacts, and
a way to achieve this is via reproducible builds. For a broader understanding of
what reproducible builds entail, check out https://reproducible-builds.org/.
what reproducible builds entail, check out [reproducible-builds.org](https://reproducible-builds.org)
Our build artifacts consist of:
* Container images (`amd64` and `arm64` architectures)

38
docs/release/index.md
View file

@ -75,24 +75,25 @@ Once we are confident that the release will be out shortly, and doesn't need any
```
**Note**: release candidates are suffixed by `-rcX`.
> [!IMPORTANT]
> Because we don't have [reproducible builds](https://github.com/freedomofpress/dangerzone/issues/188)
> yet, building the Dangerzone container image in various platforms would lead
> to different container image IDs / hashes, due to different timestamps. To
> avoid this issue, we should build the final container image for x86_64
> architectures on **one** platform, and then copy it to the rest of the
> platforms, before creating our .deb / .rpm / .msi / app bundles.
:::{important}
Because we don't have [reproducible builds](https://github.com/freedomofpress/dangerzone/issues/188)
yet, building the Dangerzone container image in various platforms would lead
to different container image IDs / hashes, due to different timestamps. To
avoid this issue, we should build the final container image for x86_64
architectures on **one** platform, and then copy it to the rest of the
platforms, before creating our .deb / .rpm / .msi / app bundles.
:::
### macOS Release
> [!TIP]
> You can automate these steps from your macOS terminal app with:
>
> ```
> export APPLE_ID=<email>
> make build-macos-intel # for Intel macOS
> make build-macos-arm # for Apple Silicon macOS
> ```
:::{tip}
You can automate these steps from your macOS terminal app with:
```
export APPLE_ID=<email>
make build-macos-intel # for Intel macOS
make build-macos-arm # for Apple Silicon macOS
```
:::
The following needs to happen for both Silicon and Intel chipsets.
@ -274,9 +275,10 @@ repo, by sending a PR. Follow the instructions in that repo on how to do so.
#### Fedora
> **NOTE**: This procedure will have to be done for every supported Fedora version.
>
> In this section, we'll use Fedora 41 as an example.
:::{note}
This procedure will have to be done for every supported Fedora version.
In this section, we'll use Fedora 41 as an example.
:::
Create a Fedora development environment. You can [follow the
instructions in our build section](https://github.com/freedomofpress/dangerzone/blob/main/BUILD.md#fedora),

1
docs/security.md
View file

@ -3,6 +3,7 @@
Dangerzone being a privacy-focused tool, it is subject to security advisories. To be updated about future ones, you can follow [the news from the project blog](https://dangerzone.rocks/news/).
```{toctree}
:maxdepth: 1
advisories/2024-12-24.md
advisories/2023-12-07.md