Create an RPM for Qubes

Allow creating an RPM package that is to be installed specifically on
Qubes. This package has the following extra properties from our regular
RPM packages:

1. Make `python3-magic`, `libreoffice` and `tesseract` requirements
   for installing Dangerzone, since the conversion takes place in a
   disposable qube that needs these packages.
2. Ignore the container.tar.gz file, if it exists.
3. Add our RPC calls under `/etc/qubes-rpc`

install/linux/build-rpm.py

@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
+import argparse
 import inspect
 import os
 import shutil
@@ -17,6 +18,12 @@ with open(os.path.join(root, "share", "version.txt")) as f:
 
 
 def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--qubes", action="store_true", help="Build RPM package for a Qubes OS system"
+    )
+    args = parser.parse_args()
+
     build_path = os.path.join(root, "build")
     dist_path = os.path.join(root, "dist")
 
@@ -26,9 +33,28 @@ def main():
     if os.path.exists(dist_path):
         shutil.rmtree(dist_path)
 
+    if args.qubes:
+        print("> Building for a Qubes system")
+        os.environ["QUBES_TARGET"] = "1"
+
+        # Server and Client package requirements are bundled together since
+        # we assume the server and client qubes are installed on the same
+        # template
+        platform_dependant_packages = ",".join(
+            [
+                # Server package requirements
+                "python3-magic",
+                "libreoffice",
+                # Client package requirements
+                "tesseract",  # FIXME add other languages
+            ]
+        )
+    else:
+        platform_dependant_packages = "podman"
+
     print("* Building RPM package")
     subprocess.run(
-        "python3 setup.py bdist_rpm --requires='podman,python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-colorama'",
+        f"python3 setup.py bdist_rpm --requires='{platform_dependant_packages},python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-colorama'",
         shell=True,
         cwd=root,
         check=True,

setup.py

@@ -7,15 +7,39 @@ import setuptools
 with open("share/version.txt") as f:
     version = f.read().strip()
 
+qubes_target = os.environ.get("QUBES_TARGET") == "1"
+if qubes_target:
+    print("Target: Qubes OS")
+
 
 def file_list(path):
     files = []
     for filename in os.listdir(path):
         if os.path.isfile(os.path.join(path, filename)):
+            if qubes_target and filename.endswith("container.tar.gz"):
+                continue  # ignore container when building a Qubes package
             files.append(os.path.join(path, filename))
     return files
 
 
+def data_files_list():
+    data_files = [
+        (
+            "share/applications",
+            ["install/linux/press.freedom.dangerzone.desktop"],
+        ),
+        (
+            "share/icons/hicolor/64x64/apps",
+            ["install/linux/press.freedom.dangerzone.png"],
+        ),
+        ("share/dangerzone", file_list("share")),
+    ]
+    if qubes_target:
+        # Qubes RPC policy
+        data_files.append(("/etc/qubes-rpc/", ["qubes/dz.Convert"]))
+    return data_files
+
+
 setuptools.setup(
     name="dangerzone",
     version=version,
@@ -35,17 +59,7 @@ It uses container technology to convert the documents within a secure sandbox.\
         "dangerzone.gui",
         "dangerzone.isolation_provider",
     ],
-    data_files=[
-        (
-            "share/applications",
-            ["install/linux/press.freedom.dangerzone.desktop"],
-        ),
-        (
-            "share/icons/hicolor/64x64/apps",
-            ["install/linux/press.freedom.dangerzone.png"],
-        ),
-        ("share/dangerzone", file_list("share")),
-    ],
+    data_files=data_files_list(),
     classifiers=[
         "Programming Language :: Python",
         "Intended Audience :: End Users/Desktop",