From c94c8c8ba59b9e6bea289663902365b987184a4e Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Wed, 6 Sep 2023 18:19:56 +0300 Subject: [PATCH] Add installation instructions for Qubes Add instructions for installing Dangerzone on Qubes from our official repos. These instructions are adapted from the build instructions, but have been greatly simplified because we don't need some of the qubes that the development environment needs. Closes #431 --- BUILD.md | 2 +- INSTALL.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 60 insertions(+), 6 deletions(-) diff --git a/BUILD.md b/BUILD.md index 7fc22d0..94a92cc 100644 --- a/BUILD.md +++ b/BUILD.md @@ -106,7 +106,7 @@ Create a .rpm: ## Qubes OS -> :warning: Native Qubes support is in alpha stage, so the instructions below +> :warning: Native Qubes support is in beta stage, so the instructions below > require switching between qubes, and are subject to change. > > If you want to build Dangerzone on Qubes and use containers instead of disposable diff --git a/INSTALL.md b/INSTALL.md index ad9b487..6dadf6a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -18,7 +18,7 @@ Dangerzone is available for: - Fedora 38 - Fedora 37 - Fedora 36 -- Qubes OS (alpha support) +- Qubes OS (beta support) ### Ubuntu, Debian @@ -132,11 +132,65 @@ After confirming that it matches, type `y` (for yes) and the installation should ### Qubes OS -> :warning: This section is for the experimental native Qubes support. If you want -> to try out the stable Dangerzone version (which uses containers instead of virtual machines for isolation), -> please follow the Fedora or Debian instructions and adapt them as needed. +> [!WARNING] +> This section is for the beta version of native Qubes support. If you +> want to try out the stable Dangerzone version (which uses containers instead +> of virtual machines for isolation), please follow the Fedora or Debian +> instructions and adapt them as needed. -If you want to try the experimental native Qubes OS support for Dangerzone, check out our [build instructions](BUILD.md#qubes-os) +> [!IMPORTANT] +> This section will install Dangerzone in your **default template** +> (`fedora-38` as of writing this). If you want to install it in a different +> one, make sure to replace `fedora-38` with the template of your choice. + +The following steps must be completed once. Make sure you run them in the +specified qubes. + +Overview of the qubes you'll create: + +| qube | type | purpose | +|--------------|----------|---------| +| dz-dvm | app qube | offline diposable template for performing conversions | + +#### In `dom0`: + +Create a **disposable**, offline app qube (`dz-dvm`), based on your default +template. This will be the qube where the documents will be sanitized: + +``` +qvm-create --class AppVM --label red --template fedora-38 \ + --prop netvm="" --prop template_for_dispvms=True \ + dz-dvm +``` + +Add an RPC policy (`/etc/qubes/policy.d/50-dangerzone.policy`) that will +allow launching a disposable qube (`dz-dvm`) when Dangerzone converts a +document, with the following contents: + +``` +dz.Convert * @anyvm @dispvm:dz-dvm allow +``` + +#### In the `fedora-38` template + +Install Dangerzone: + +``` +sudo dnf config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo +sudo dnf install dangerzone-qubes +``` + +While Dangerzone gets installed, you will be prompted to accept a signing key. +Expand the instructions in the [Verifying Dangerzone GPG key](#verifying-dangerzone-gpg-key) +section to verify the key. + +Finally, shutdown the template and restart the qubes where you want to use +Dangerzone in. Go to "Qube Settings" -> choose the "Applications" tab, +click on "Refresh applications", and then move "Dangerzone" from the "Available" +column to "Selected". + +You can now launch Dangerzone from the list of applications for your qube, and +pass it a file to sanitize. ## Build from source