diff --git a/.circleci/config.yml b/.circleci/config.yml
index b99a22f..80f3b3a 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -81,37 +81,6 @@ jobs:
package_cloud push firstlookmedia/code/ubuntu/groovy deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/ubuntu/groovy deb_dist/dangerzone_${VERSION}-1.dsc
- build-ubuntu-focal:
- docker:
- - image: ubuntu:20.04
- steps:
- - run:
- name: Install dependencies
- command: |
- export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
- apt-get update
- apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
- gem install -N rake
- gem install -N package_cloud
- - checkout
- - run:
- name: Create the .deb package
- command: |
- ./install/linux/build_deb.py
- dpkg -i deb_dist/dangerzone_*-1_all.deb
- - run:
- name: Deploy to packagecloud.io
- # Linux Mint 20 (ulyana) and 20.1 (ulyssa) are based on Ubuntu 20.04 LTS
- # https://en.wikipedia.org/wiki/Linux_Mint_version_history
- command: |
- VERSION=$(cat share/version.txt)
- package_cloud push firstlookmedia/code/ubuntu/focal deb_dist/dangerzone_${VERSION}-1_all.deb
- package_cloud push firstlookmedia/code/ubuntu/focal deb_dist/dangerzone_${VERSION}-1.dsc
- package_cloud push firstlookmedia/code/linuxmint/ulyana deb_dist/dangerzone_${VERSION}-1_all.deb
- package_cloud push firstlookmedia/code/linuxmint/ulyana deb_dist/dangerzone_${VERSION}-1.dsc
- package_cloud push firstlookmedia/code/linuxmint/ulyssa deb_dist/dangerzone_${VERSION}-1_all.deb
- package_cloud push firstlookmedia/code/linuxmint/ulyssa deb_dist/dangerzone_${VERSION}-1.dsc
-
build-debian-bullseye:
docker:
- image: debian:bullseye
@@ -136,30 +105,6 @@ jobs:
package_cloud push firstlookmedia/code/debian/bullseye deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/debian/bullseye deb_dist/dangerzone_${VERSION}-1.dsc
- build-debian-buster:
- docker:
- - image: debian:buster
- steps:
- - run:
- name: Install dependencies
- command: |
- apt-get update
- apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
- gem install --no-ri --no-rdoc rake
- gem install --no-ri --no-rdoc package_cloud
- - checkout
- - run:
- name: Create the .deb package
- command: |
- ./install/linux/build_deb.py
- dpkg -i deb_dist/dangerzone_*-1_all.deb
- - run:
- name: Deploy to packagecloud.io
- command: |
- VERSION=$(cat share/version.txt)
- package_cloud push firstlookmedia/code/debian/buster deb_dist/dangerzone_${VERSION}-1_all.deb
- package_cloud push firstlookmedia/code/debian/buster deb_dist/dangerzone_${VERSION}-1.dsc
-
build-fedora-34:
docker:
# The package_cloud ruby gem doesn't work properly when installed in fedora 34,
@@ -252,24 +197,12 @@ workflows:
only: /^v.*/
branches:
ignore: /.*/
- - build-ubuntu-focal:
- filters:
- tags:
- only: /^v.*/
- branches:
- ignore: /.*/
- build-debian-bullseye:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- - build-debian-buster:
- filters:
- tags:
- only: /^v.*/
- branches:
- ignore: /.*/
- build-fedora-34:
filters:
tags:
diff --git a/BUILD.md b/BUILD.md
index b9d40a1..25fd30e 100644
--- a/BUILD.md
+++ b/BUILD.md
@@ -5,11 +5,9 @@
Install dependencies:
```sh
-sudo apt install -y dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
+sudo apt install -y podman dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
```
-You also need docker, either by installing the [Docker snap package](https://snapcraft.io/docker), installing the `docker.io` package, or by installing `docker-ce` by following [these instructions for Ubuntu](https://docs.docker.com/install/linux/docker-ce/ubuntu/) or [for Debian](https://docs.docker.com/install/linux/docker-ce/debian/).
-
Run from source tree:
```sh
@@ -27,11 +25,9 @@ Create a .deb:
Install dependencies:
```sh
-sudo dnf install -y rpm-build python3 python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
+sudo dnf install -y rpm-build podman python3 python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
```
-You also need docker, either by installing the `docker` package, or by installing `docker-ce` by following [these instructions](https://docs.docker.com/install/linux/docker-ce/fedora/).
-
Run from source tree:
```sh
@@ -46,6 +42,8 @@ Create a .rpm:
## macOS
+Install [Docker Desktop](https://www.docker.com/products/docker-desktop).
+
Install python@3.9 from Homebrew:
```
@@ -87,6 +85,8 @@ The output is in the `dist` folder.
## Windows
+Install [Docker Desktop](https://www.docker.com/products/docker-desktop).
+
These instructions include adding folders to the path in Windows. To do this, go to Start and type "advanced system settings", and open "View advanced system settings" in the Control Panel. Click Environment Variables. Under "System variables" double-click on Path. From there you can add and remove folders that are available in the PATH.
Download Python 3.9.0, 32-bit (x86) from https://www.python.org/downloads/release/python-390/. I downloaded python-3.9.0.exe. When installing it, make sure to check the "Add Python 3.9 to PATH" checkbox on the first page of the installer.
diff --git a/dangerzone/cli.py b/dangerzone/cli.py
index e688c32..2e40e97 100644
--- a/dangerzone/cli.py
+++ b/dangerzone/cli.py
@@ -9,7 +9,7 @@ from .common import Common
def print_header(s):
click.echo("")
- click.echo(Style.BRIGHT + Fore.LIGHTWHITE_EX + s)
+ click.echo(Style.BRIGHT + s)
def exec_container(global_common, args):
@@ -22,7 +22,7 @@ def exec_container(global_common, args):
# Hack to add colors to the command executing
if line.startswith(b"> "):
print(
- Fore.YELLOW + "> " + Fore.LIGHTCYAN_EX + line.decode()[2:],
+ Style.DIM + "> " + Style.NORMAL + Fore.CYAN + line.decode()[2:],
end="",
)
else:
diff --git a/dangerzone/common.py b/dangerzone/common.py
index d8630d6..9a81915 100644
--- a/dangerzone/common.py
+++ b/dangerzone/common.py
@@ -2,6 +2,7 @@ import os
import stat
import platform
import tempfile
+import appdirs
class Common(object):
@@ -11,26 +12,16 @@ class Common(object):
def __init__(self):
# Temporary directory to store pixel data and safe PDFs
- if platform.system() == "Windows":
- self.pixel_dir = tempfile.TemporaryDirectory(prefix="dangerzone-pixel-")
- self.safe_dir = tempfile.TemporaryDirectory(prefix="dangerzone-safe-")
- elif platform.system() == "Darwin":
- # In macOS, temp dirs must be in /tmp (or a few other paths) for Docker to mount them
- self.pixel_dir = tempfile.TemporaryDirectory(
- prefix="/tmp/dangerzone-pixel-"
- )
- self.safe_dir = tempfile.TemporaryDirectory(prefix="/tmp/dangerzone-safe-")
- else:
- # In Linux, temp dirs must be in the homedir for the snap package version of Docker to mount them
- cache_dir = os.path.expanduser("~/.cache/dangerzone")
- os.makedirs(cache_dir, exist_ok=True)
- self.pixel_dir = tempfile.TemporaryDirectory(
- prefix=os.path.join(cache_dir, "pixel-")
- )
- self.safe_dir = tempfile.TemporaryDirectory(
- prefix=os.path.join(cache_dir, "safe-")
- )
+ cache_dir = appdirs.user_cache_dir("dangerzone")
+ os.makedirs(cache_dir, exist_ok=True)
+ self.pixel_dir = tempfile.TemporaryDirectory(
+ prefix=os.path.join(cache_dir, "pixel-")
+ )
+ self.safe_dir = tempfile.TemporaryDirectory(
+ prefix=os.path.join(cache_dir, "safe-")
+ )
+ try:
# Make the folders world-readable to ensure that the container has permission
# to access it even if it's owned by root or someone else
permissions = (
@@ -44,6 +35,8 @@ class Common(object):
)
os.chmod(self.pixel_dir.name, permissions)
os.chmod(self.safe_dir.name, permissions)
+ except:
+ pass
# Name of input and out files
self.document_filename = None
diff --git a/dangerzone/container.py b/dangerzone/container.py
index 20717bf..0b57eaa 100644
--- a/dangerzone/container.py
+++ b/dangerzone/container.py
@@ -4,13 +4,21 @@ import subprocess
import sys
import pipes
import shutil
+import os
# What is the container runtime for this platform?
if platform.system() == "Darwin":
- container_runtime = "/usr/local/bin/docker"
+ container_tech = "docker"
+ container_runtime = shutil.which("docker")
elif platform.system() == "Windows":
+ container_tech = "docker"
container_runtime = shutil.which("docker.exe")
+elif platform.system() == "Linux":
+ container_tech = "podman"
+ container_runtime = shutil.which("podman")
else:
+ print("Unknown operating system, defaulting to Docker")
+ container_tech = "docker"
container_runtime = shutil.which("docker")
# Define startupinfo for subprocesses
@@ -28,6 +36,17 @@ def exec_container(args):
print("> " + args_str)
sys.stdout.flush()
+ # In Tails, tell the container runtime to download over Tor
+ if (
+ platform.system() == "Linux"
+ and os.getlogin() == "amnesia"
+ and os.getuid() == 1000
+ ):
+ env = os.environ.copy()
+ env["HTTP_PROXY"] = "socks5://127.0.0.1:9050"
+ else:
+ env = None
+
with subprocess.Popen(
args,
stdin=None,
@@ -36,6 +55,7 @@ def exec_container(args):
bufsize=1,
universal_newlines=True,
startupinfo=startupinfo,
+ env=env,
) as p:
p.communicate()
return p.returncode
@@ -51,7 +71,7 @@ def container_main():
@container_main.command()
-@click.option("--container-name", default="flmcode/dangerzone")
+@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def ls(container_name):
"""docker image ls [container_name]"""
sys.exit(exec_container(["image", "ls", container_name]))
@@ -60,37 +80,36 @@ def ls(container_name):
@container_main.command()
def pull():
"""docker pull flmcode/dangerzone"""
- sys.exit(exec_container(["pull", "flmcode/dangerzone"]))
+ sys.exit(exec_container(["pull", "docker.io/flmcode/dangerzone"]))
@container_main.command()
@click.option("--document-filename", required=True)
@click.option("--pixel-dir", required=True)
-@click.option("--container-name", default="flmcode/dangerzone")
+@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def documenttopixels(document_filename, pixel_dir, container_name):
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
- sys.exit(
- exec_container(
- [
- "run",
- "--network",
- "none",
- "--security-opt=no-new-privileges:true",
- "-v",
- f"{document_filename}:/tmp/input_file",
- "-v",
- f"{pixel_dir}:/dangerzone",
- container_name,
- "document-to-pixels",
- ]
- )
- )
+ args = ["run", "--network", "none"]
+
+ # docker uses --security-opt, podman doesn't
+ if container_tech == "docker":
+ args += ["--security-opt=no-new-privileges:true"]
+
+ args += [
+ "-v",
+ f"{document_filename}:/tmp/input_file",
+ "-v",
+ f"{pixel_dir}:/dangerzone",
+ container_name,
+ "document-to-pixels",
+ ]
+ sys.exit(exec_container(args))
@container_main.command()
@click.option("--pixel-dir", required=True)
@click.option("--safe-dir", required=True)
-@click.option("--container-name", default="flmcode/dangerzone")
+@click.option("--container-name", default="docker.io/flmcode/dangerzone")
@click.option("--ocr", required=True)
@click.option("--ocr-lang", required=True)
def pixelstopdf(pixel_dir, safe_dir, container_name, ocr, ocr_lang):
diff --git a/dangerzone/global_common.py b/dangerzone/global_common.py
index ba473bc..f7de028 100644
--- a/dangerzone/global_common.py
+++ b/dangerzone/global_common.py
@@ -384,7 +384,7 @@ class GlobalCommon(object):
if self.custom_container:
return self.custom_container
else:
- return "flmcode/dangerzone"
+ return "docker.io/flmcode/dangerzone"
def get_resource_path(self, filename):
if getattr(sys, "dangerzone_dev", False):
@@ -439,18 +439,11 @@ class GlobalCommon(object):
return "/usr/bin/dangerzone-container"
def exec_dangerzone_container(self, args):
- # Prefix the args with the retainer runtime, and in the case linux when the user isn't in the docker group, pkexec
- if platform.system() == "Linux":
- if self.settings.get("linux_prefers_typing_password"):
- args = ["/usr/bin/pkexec", self.dz_container_path] + args
- else:
- args = [self.dz_container_path] + args
- else:
- args = [self.dz_container_path] + args
+ args = [self.dz_container_path] + args
+ args_str = " ".join(pipes.quote(s) for s in args)
+ print(Style.DIM + "> " + Style.NORMAL + Fore.CYAN + args_str)
# Execute dangerzone-container
- args_str = " ".join(pipes.quote(s) for s in args)
- print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
return subprocess.Popen(
args,
startupinfo=self.get_subprocess_startupinfo(),
diff --git a/dangerzone/gui/__init__.py b/dangerzone/gui/__init__.py
index 65ccddd..a0c2a45 100644
--- a/dangerzone/gui/__init__.py
+++ b/dangerzone/gui/__init__.py
@@ -71,18 +71,6 @@ def gui_main(custom_container, filename):
# Allow Ctrl-C to smoothly quit the program instead of throwing an exception
signal.signal(signal.SIGINT, signal.SIG_DFL)
- # If we're using Linux and docker, see if we need to add the user to the docker group or if the user prefers typing their password
- if platform.system() == "Linux":
- if not gui_common.ensure_docker_group_preference():
- return
- try:
- if not gui_common.ensure_docker_service_is_started():
- click.echo("Failed to start docker service")
- return
- except AuthorizationFailed:
- click.echo("Authorization failed")
- return
-
# See if we need to install Docker...
if (platform.system() == "Darwin" or platform.system() == "Windows") and (
not is_docker_installed() or not is_docker_ready(global_common)
diff --git a/dangerzone/gui/common.py b/dangerzone/gui/common.py
index b6478c4..4ee9bd2 100644
--- a/dangerzone/gui/common.py
+++ b/dangerzone/gui/common.py
@@ -142,95 +142,6 @@ class GuiCommon(object):
return pdf_viewers
- def ensure_docker_group_preference(self):
- # If the user prefers typing their password
- if self.global_common.settings.get("linux_prefers_typing_password") == True:
- return True
-
- # Get the docker group
- try:
- groupinfo = grp.getgrnam("docker")
- except:
- # Ignore if group is not found
- return True
-
- # See if the user is in the group
- username = getpass.getuser()
- if username not in groupinfo.gr_mem:
- # User is not in the docker group, ask if they prefer typing their password
- message = "Dangerzone requires Docker
In order to use Docker, your user must be in the 'docker' group or you'll need to type your password each time you run dangerzone.
Adding your user to the 'docker' group is more convenient but less secure, and will require just typing your password once. Which do you prefer?"
- return_code = Alert(
- self,
- self.global_common,
- message,
- ok_text="I'll type my password each time",
- extra_button_text="Add my user to the 'docker' group",
- ).launch()
- if return_code == QtWidgets.QDialog.Accepted:
- # Prefers typing password
- self.global_common.settings.set("linux_prefers_typing_password", True)
- self.global_common.settings.save()
- return True
- elif return_code == 2:
- # Prefers being in the docker group
- self.global_common.settings.set("linux_prefers_typing_password", False)
- self.global_common.settings.save()
-
- # Add user to the docker group
- p = subprocess.run(
- [
- "/usr/bin/pkexec",
- "/usr/sbin/usermod",
- "-a",
- "-G",
- "docker",
- username,
- ]
- )
- if p.returncode == 0:
- message = "Great! Now you must log out of your computer and log back in, and then you can use Dangerzone."
- Alert(self, self.global_common, message).launch()
- else:
- message = "Failed to add your user to the 'docker' group, quitting."
- Alert(self, self.global_common, message).launch()
-
- return False
- else:
- # Cancel
- return False
-
- return True
-
- def ensure_docker_service_is_started(self):
- if not is_docker_ready(self.global_common):
- message = "Dangerzone requires Docker
Docker should be installed, but it looks like it's not running in the background.
Click Ok to try starting the docker service. You will have to type your login password."
- if (
- Alert(self, self.global_common, message).launch()
- == QtWidgets.QDialog.Accepted
- ):
- p = subprocess.run(
- [
- "/usr/bin/pkexec",
- self.global_common.get_resource_path(
- "enable_docker_service.sh"
- ),
- ]
- )
- if p.returncode == 0:
- # Make sure docker is now ready
- if is_docker_ready(self.global_common):
- return True
- else:
- message = "Restarting docker appeared to work, but the service still isn't responding, quitting."
- Alert(self, self.global_common, message).launch()
- else:
- message = "Failed to start the docker service, quitting."
- Alert(self, self.global_common, message).launch()
-
- return False
-
- return True
-
class Alert(QtWidgets.QDialog):
def __init__(
diff --git a/dangerzone/gui/tasks.py b/dangerzone/gui/tasks.py
index f6ece5c..63227d9 100644
--- a/dangerzone/gui/tasks.py
+++ b/dangerzone/gui/tasks.py
@@ -21,7 +21,7 @@ class TaskBase(QtCore.QThread):
if line.startswith(b"> "):
print(
- Fore.YELLOW + "> " + Fore.LIGHTCYAN_EX + line.decode()[2:],
+ Style.DIM + "> " + Style.NORMAL + Fore.CYAN + line.decode()[2:],
end="",
)
else:
diff --git a/install/linux/build_rpm.py b/install/linux/build_rpm.py
index 7c6300d..2f07c60 100755
--- a/install/linux/build_rpm.py
+++ b/install/linux/build_rpm.py
@@ -29,7 +29,7 @@ def main():
print("* Building RPM package")
subprocess.run(
- "python3 setup.py bdist_rpm --requires='python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-requests,python3-colorama,(docker or docker-ce)'",
+ "python3 setup.py bdist_rpm --requires='podman,python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-requests,python3-colorama'",
shell=True,
cwd=root,
check=True,
diff --git a/install/linux/media.firstlook.dangerzone-container.policy b/install/linux/media.firstlook.dangerzone-container.policy
deleted file mode 100644
index 4e0a847..0000000
--- a/install/linux/media.firstlook.dangerzone-container.policy
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
- Run Dangerzone Container
- Dangerzone needs you to authenticate to run containers
-
- auth_admin_keep
- auth_admin_keep
- auth_admin_keep
-
- /usr/bin/dangerzone-container
-
-
diff --git a/setup.py b/setup.py
index ce53640..67b8ecc 100644
--- a/setup.py
+++ b/setup.py
@@ -34,10 +34,6 @@ setuptools.setup(
["install/linux/media.firstlook.dangerzone.png"],
),
("share/dangerzone", file_list("share")),
- (
- "share/polkit-1/actions",
- ["install/linux/media.firstlook.dangerzone-container.policy"],
- ),
],
classifiers=[
"Programming Language :: Python",
diff --git a/share/enable_docker_service.sh b/share/enable_docker_service.sh
deleted file mode 100755
index ca0f29d..0000000
--- a/share/enable_docker_service.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-/bin/systemctl restart docker.service
-/bin/systemctl enable docker.service
\ No newline at end of file
diff --git a/stdeb.cfg b/stdeb.cfg
index df13e23..519d82b 100644
--- a/stdeb.cfg
+++ b/stdeb.cfg
@@ -1,6 +1,6 @@
[DEFAULT]
Package3: dangerzone
-Depends3: python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-appdirs, python3-click, python3-xdg, python3-requests, python3-colorama
+Depends3: podman, python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-appdirs, python3-click, python3-xdg, python3-requests, python3-colorama
Build-Depends: dh-python, python3, python3-all
Suite: bionic
X-Python3-Version: >= 3.6
\ No newline at end of file