almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Merge branch 'master' into 118_rip_docker_desktop

Browse source
This commit is contained in:
Micah Lee 2021-06-29 16:52:25 -07:00
commit cf28d47ffc
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
29 changed files with 285 additions and 365 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
.circleci/config.yml
View file

@ -1,16 +1,16 @@
version: 2.1
jobs:
build-ubuntu-focal:
build-ubuntu-impish:
docker:
- image: ubuntu:20.04
- image: ubuntu:21.10
steps:
- run:
name: Install dependencies
command: |
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
apt-get update
apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-termcolor
apt-get install -y git ssh ruby-dev rubygems podman python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
gem install -N rake
gem install -N package_cloud
- checkout
@ -22,9 +22,39 @@ jobs:
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
package_cloud push firstlookmedia/code/ubuntu/focal deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/ubuntu/focal deb_dist/dangerzone_${VERSION}-1.dsc
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/ubuntu/impish deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/ubuntu/impish deb_dist/dangerzone_${VERSION}-1.dsc
build-ubuntu-hirsute:
docker:
# The ubuntu:21.04 container doesn't work in CircleCI until they update
# their docker runtime due to this bug:
# https://stackoverflow.com/questions/66319610/gpg-error-in-ubuntu-21-04-after-second-apt-get-update-during-docker-build
# So for now, we'll build the 21.04 package in a 20.10 container
# - image: ubuntu:21.04
- image: ubuntu:20.10
steps:
- run:
name: Install dependencies
command: |
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
apt-get update
apt-get install -y git ssh ruby-dev rubygems podman python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
gem install -N rake
gem install -N package_cloud
- checkout
- run:
name: Create the .deb package
command: |
./install/linux/build_deb.py
dpkg -i deb_dist/dangerzone_*-1_all.deb
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/ubuntu/hirsute deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/ubuntu/hirsute deb_dist/dangerzone_${VERSION}-1.dsc
build-ubuntu-groovy:
docker:
@ -35,7 +65,7 @@ jobs:
command: |
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
apt-get update
apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-termcolor
apt-get install -y git ssh ruby-dev rubygems podman python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
gem install -N rake
gem install -N package_cloud
- checkout
@ -47,34 +77,10 @@ jobs:
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/ubuntu/groovy deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/ubuntu/groovy deb_dist/dangerzone_${VERSION}-1.dsc
build-debian-buster:
docker:
- image: debian:buster
steps:
- run:
name: Install dependencies
command: |
apt-get update
apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-termcolor
gem install --no-ri --no-rdoc rake
gem install --no-ri --no-rdoc package_cloud
- checkout
- run:
name: Create the .deb package
command: |
./install/linux/build_deb.py
dpkg -i deb_dist/dangerzone_*-1_all.deb
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
package_cloud push firstlookmedia/code/debian/buster deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/debian/buster deb_dist/dangerzone_${VERSION}-1.dsc
build-debian-bullseye:
docker:
- image: debian:bullseye
@ -83,7 +89,7 @@ jobs:
name: Install dependencies
command: |
apt-get update
apt-get install -y git ssh ruby-dev rubygems python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-termcolor
apt-get install -y git ssh ruby-dev rubygems podman python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
gem install -N rake
gem install -N package_cloud
- checkout
@ -95,18 +101,21 @@ jobs:
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/debian/bullseye deb_dist/dangerzone_${VERSION}-1_all.deb
package_cloud push firstlookmedia/code/debian/bullseye deb_dist/dangerzone_${VERSION}-1.dsc
build-fedora-31:
build-fedora-34:
docker:
- image: fedora:31
# The package_cloud ruby gem doesn't work properly when installed in fedora 34,
# so for now we'll built the fedora 34 package in a fedora:33 container
# - image: fedora:34
- image: fedora:33
steps:
- run:
name: Install dependencies
command: |
dnf install -y git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-termcolor
dnf install -y podman git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
gem install package_cloud
- checkout
- run:
@ -117,31 +126,9 @@ jobs:
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
package_cloud push firstlookmedia/code/fedora/31 dist/dangerzone-${VERSION}-1.noarch.rpm
package_cloud push firstlookmedia/code/fedora/31 dist/dangerzone-${VERSION}-1.src.rpm
build-fedora-32:
docker:
- image: fedora:32
steps:
- run:
name: Install dependencies
command: |
dnf install -y git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-termcolor
gem install package_cloud
- checkout
- run:
name: Create the .rpm package
command: |
./install/linux/build_rpm.py
dnf install -y dist/dangerzone-*-1.noarch.rpm
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
package_cloud push firstlookmedia/code/fedora/32 dist/dangerzone-${VERSION}-1.noarch.rpm
package_cloud push firstlookmedia/code/fedora/32 dist/dangerzone-${VERSION}-1.src.rpm
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/fedora/34 dist/dangerzone-${VERSION}-1.noarch.rpm
package_cloud push firstlookmedia/code/fedora/34 dist/dangerzone-${VERSION}-1.src.rpm
build-fedora-33:
docker:
@ -150,7 +137,7 @@ jobs:
- run:
name: Install dependencies
command: |
dnf install -y git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-termcolor
dnf install -y podman git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
gem install package_cloud
- checkout
- run:
@ -161,27 +148,50 @@ jobs:
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat dangerzone/__init__.py |grep "dangerzone_version = " |cut -d '"' -f2)
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/fedora/33 dist/dangerzone-${VERSION}-1.noarch.rpm
package_cloud push firstlookmedia/code/fedora/33 dist/dangerzone-${VERSION}-1.src.rpm
build-fedora-32:
docker:
- image: fedora:32
steps:
- run:
name: Install dependencies
command: |
dnf install -y podman git openssh ruby-devel make automake gcc gcc-c++ rpm-build python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
gem install package_cloud
- checkout
- run:
name: Create the .rpm package
command: |
./install/linux/build_rpm.py
dnf install -y dist/dangerzone-*-1.noarch.rpm
- run:
name: Deploy to packagecloud.io
command: |
VERSION=$(cat share/version.txt)
package_cloud push firstlookmedia/code/fedora/32 dist/dangerzone-${VERSION}-1.noarch.rpm
package_cloud push firstlookmedia/code/fedora/32 dist/dangerzone-${VERSION}-1.src.rpm
workflows:
version: 2
build-tags:
jobs:
- build-ubuntu-focal:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
# - build-ubuntu-groovy:
# Ubuntu 21.10 (impish) not yet supported by packagecloud.io
# - build-ubuntu-impish: 
# filters:
# tags:
# only: /^v.*/
# branches:
# ignore: /.*/
- build-debian-buster:
- build-ubuntu-hirsute:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- build-ubuntu-groovy:
filters:
tags:
only: /^v.*/
@ -193,7 +203,13 @@ workflows:
only: /^v.*/
branches:
ignore: /.*/
- build-fedora-31:
- build-fedora-34:
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- build-fedora-33:
filters:
tags:
only: /^v.*/
@ -205,9 +221,3 @@ workflows:
only: /^v.*/
branches:
ignore: /.*/
# - build-fedora-33:
# filters:
# tags:
# only: /^v.*/
# branches:
# ignore: /.*/

31
BUILD.md
View file

@ -5,11 +5,9 @@
Install dependencies:
```sh
sudo apt install -y dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
sudo apt install -y podman dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-requests python3-colorama
```
You also need docker, either by installing the [Docker snap package](https://snapcraft.io/docker), installing the `docker.io` package, or by installing `docker-ce` by following [these instructions for Ubuntu](https://docs.docker.com/install/linux/docker-ce/ubuntu/) or [for Debian](https://docs.docker.com/install/linux/docker-ce/debian/).
Run from source tree:
```sh
@ -27,11 +25,9 @@ Create a .deb:
Install dependencies:
```sh
sudo dnf install -y rpm-build python3 python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
sudo dnf install -y rpm-build podman python3 python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-requests python3-colorama
```
You also need docker, either by installing the `docker` package, or by installing `docker-ce` by following [these instructions](https://docs.docker.com/install/linux/docker-ce/fedora/).
Run from source tree:
```sh
@ -46,6 +42,8 @@ Create a .rpm:
## macOS
Install [Docker Desktop](https://www.docker.com/products/docker-desktop).
Install python@3.9 from Homebrew:
```
@ -93,6 +91,8 @@ The output is in the `dist` folder.
## Windows
Install [Docker Desktop](https://www.docker.com/products/docker-desktop).
These instructions include adding folders to the path in Windows. To do this, go to Start and type "advanced system settings", and open "View advanced system settings" in the Control Panel. Click Environment Variables. Under "System variables" double-click on Path. From there you can add and remove folders that are available in the PATH.
Download Python 3.9.0, 32-bit (x86) from https://www.python.org/downloads/release/python-390/. I downloaded python-3.9.0.exe. When installing it, make sure to check the "Add Python 3.9 to PATH" checkbox on the first page of the installer.
@ -112,7 +112,8 @@ poetry install
After that you can launch dangerzone during development with:
```
poetry run dangerzone
.\dev_scripts\dangerzone.bat
.\dev_scripts\dangerzone-cli.bat --help
```
### If you want to build a .exe
@ -139,16 +140,14 @@ cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Auxiliary\
vcvars32.bat
```
Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v3.6` tag:
Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v4.3` tag:
```
git clone https://github.com/pyinstaller/pyinstaller.git
cd pyinstaller
git tag -v v4.0
git checkout v4.3
```
(Note that ideally you would verify the git tag, but the PGP key that has signed the v3.5 git tag for is not published anywhere, so this isn't possible. See [this issue](https://github.com/pyinstaller/pyinstaller/issues/4430).)
The next step is to compile the bootloader. We should do this all in dangerzone's poetry shell:
```
@ -224,14 +223,4 @@ Then back in the first command prompt, run:
poetry run install\windows\step3-build-installer.bat
```
When you're done you will have `dist\Dangerzone.msi`.
# Release instructions
Before each release:
- Update `CHANGELOG.md`
- Update the version in `pyproject.toml`
- Update the version in `dangerzone/__init__.py`

12
CHANGELOG.md
View file

@ -1,5 +1,17 @@
# Change Log
## Dangerzone 0.2.1
- Switch from Docker to Podman for Linux
- Improve CLI colors
## Dangerzone 0.2
- Command line support and improved terminal output
- Additional container hardening
- Fix macOS crash on quit
- Fix --custom-container CLI argument
## Dangerzone 0.1.5
- Add support for macOS Big Sur

4
README.md
View file

@ -10,8 +10,8 @@ _Read more about Dangerzone in the blog post [Dangerzone: Working With Suspiciou
## Getting started
- Download [Dangerzone 0.1.5 for Mac](https://github.com/firstlookmedia/dangerzone/releases/download/v0.1.5/Dangerzone.0.1.5.dmg)
- Download [Dangerzone 0.1.5 for Windows](https://github.com/firstlookmedia/dangerzone/releases/download/v0.1.5/Dangerzone.0.1.5.msi)
- Download [Dangerzone 0.2.1 for Mac](https://github.com/firstlookmedia/dangerzone/releases/download/v0.2/Dangerzone-0.2.dmg)
- Download [Dangerzone 0.2.1 for Windows](https://github.com/firstlookmedia/dangerzone/releases/download/v0.2/Dangerzone-0.2.msi)
- See [installing Dangerzone](https://github.com/firstlookmedia/dangerzone/wiki/Installing-Dangerzone) on the wiki for Linux repositories
You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `brew install --cask dangerzone`

19
RELEASE.md
View file

@ -6,11 +6,14 @@ This section documents the release process. Unless you're a dangerzone developer
Before making a release, all of these should be complete:
* Update `version` in `pyproject.toml`
* Update in `share/version.txt`
* Update version and download links in `README.md`
* CHANGELOG.md should be updated to include a list of all major changes since the last release
* There must be a PGP-signed git tag for the version, e.g. for dangerzone 0.1.0, the tag must be `v0.1.0`
- [ ] Update `version` in `pyproject.toml`
- [ ] Update `share/version.txt`
- [ ] Update version and download links in `README.md`
- [ ] CHANGELOG.md should be updated to include a list of all major changes since the last release
- [ ] Test CircleCI Linux builds: Look in `.circleci/config.yml`, manually try each build in docker, and add new platforms and remove obsolete platforms
- [ ] Create a test build in Windows and make sure it works
- [ ] Create a test build in mcaOS and make sure it works
- [ ] There must be a PGP-signed git tag for the version, e.g. for dangerzone 0.1.0, the tag must be `v0.1.0`
Before making a release, verify the release git tag:
@ -47,7 +50,7 @@ This process ends up with the final file:
dist/Dangerzone.dmg
```
Rename `Dangerzone.dmg` to `Dangerzone $VERSION.dmg`.
Rename `Dangerzone.dmg` to `Dangerzone-$VERSION.dmg`.
## Windows release
@ -62,7 +65,7 @@ To make a Windows release, go to the Windows build machine:
- Back in the first command prompt, run: `poetry run install\windows\step3-build-installer.bat`
- When you're done you will have `dist\Dangerzone.msi`
Rename `Dangerzone.msi` to `Dangerzone $VERSION.msi`.
Rename `Dangerzone.msi` to `Dangerzone-$VERSION.msi`.
## Linux release
@ -73,3 +76,5 @@ Linux binaries are automatically built and deployed to repositories when a new t
To publish the release:
- Create a new release on GitHub, put the changelog in the description of the release, and upload the macOS and Windows installers
- Update the [Installing Dangerzone](https://github.com/firstlookmedia/dangerzone/wiki/Installing-Dangerzone) wiki page
- Update the [Dangerzone website](https://github.com/firstlookmedia/dangerzone.rocks) to link to the new installers

18
dangerzone/__init__.py
View file

@ -1,14 +1,20 @@
import os
import sys
# Depending on the filename, decide if we want to run:
# dangerzone, dangerzone-cli, or dangerzone-container
if "DANGERZONE_MODE" in os.environ:
mode = os.environ["DANGERZONE_MODE"]
else:
basename = os.path.basename(sys.argv[0])
if basename == "dangerzone-container" or basename == "dangerzone-container.exe":
mode = "container"
elif basename == "dangerzone-cli" or basename == "dangerzone-cli.exe":
mode = "cli"
else:
mode = "gui"
basename = os.path.basename(sys.argv[0])
if basename == "dangerzone-container" or basename == "dangerzone-container.exe":
if mode == "container":
from .container import container_main as main
elif basename == "dangerzone-cli" or basename == "dangerzone-cli.exe":
elif mode == "cli":
from .cli import cli_main as main
else:
from .gui import gui_main as main

6
dangerzone/cli.py
View file

@ -9,7 +9,7 @@ from .common import Common
def print_header(s):
click.echo("")
click.echo(Style.BRIGHT + Fore.LIGHTWHITE_EX + s)
click.echo(Style.BRIGHT + s)
def exec_container(global_common, args):
@ -20,9 +20,9 @@ def exec_container(global_common, args):
output += line.decode()
# Hack to add colors to the command executing
if line.startswith(b"\xe2\x80\xa3 "):
if line.startswith(b"> "):
print(
Fore.WHITE + "\u2023 " + Fore.LIGHTCYAN_EX + line.decode()[2:],
Style.DIM + "> " + Style.NORMAL + Fore.CYAN + line.decode()[2:],
end="",
)
else:

31
dangerzone/common.py
View file

@ -2,6 +2,7 @@ import os
import stat
import platform
import tempfile
import appdirs
class Common(object):
@ -11,26 +12,16 @@ class Common(object):
def __init__(self):
# Temporary directory to store pixel data and safe PDFs
if platform.system() == "Windows":
self.pixel_dir = tempfile.TemporaryDirectory(prefix="dangerzone-pixel-")
self.safe_dir = tempfile.TemporaryDirectory(prefix="dangerzone-safe-")
elif platform.system() == "Darwin":
# In macOS, temp dirs must be in /tmp (or a few other paths) for Docker to mount them
self.pixel_dir = tempfile.TemporaryDirectory(
prefix="/tmp/dangerzone-pixel-"
)
self.safe_dir = tempfile.TemporaryDirectory(prefix="/tmp/dangerzone-safe-")
else:
# In Linux, temp dirs must be in the homedir for the snap package version of Docker to mount them
cache_dir = os.path.expanduser("~/.cache/dangerzone")
os.makedirs(cache_dir, exist_ok=True)
self.pixel_dir = tempfile.TemporaryDirectory(
prefix=os.path.join(cache_dir, "pixel-")
)
self.safe_dir = tempfile.TemporaryDirectory(
prefix=os.path.join(cache_dir, "safe-")
)
cache_dir = appdirs.user_cache_dir("dangerzone")
os.makedirs(cache_dir, exist_ok=True)
self.pixel_dir = tempfile.TemporaryDirectory(
prefix=os.path.join(cache_dir, "pixel-")
)
self.safe_dir = tempfile.TemporaryDirectory(
prefix=os.path.join(cache_dir, "safe-")
)
try:
# Make the folders world-readable to ensure that the container has permission
# to access it even if it's owned by root or someone else
permissions = (
@ -44,6 +35,8 @@ class Common(object):
)
os.chmod(self.pixel_dir.name, permissions)
os.chmod(self.safe_dir.name, permissions)
except:
pass
# Name of input and out files
self.document_filename = None

62
dangerzone/container.py
View file

@ -4,13 +4,21 @@ import subprocess
import sys
import pipes
import shutil
import os
# What is the container runtime for this platform?
if platform.system() == "Darwin":
container_tech = "docker"
container_runtime = "/usr/local/bin/docker"
elif platform.system() == "Windows":
container_runtime = "C:\\Program Files\\Docker\\Docker\\resources\\docker.exe"
container_tech = "docker"
container_runtime = shutil.which("docker.exe")
elif platform.system() == "Linux":
container_tech = "podman"
container_runtime = shutil.which("podman")
else:
print("Unknown operating system, defaulting to Docker")
container_tech = "docker"
container_runtime = shutil.which("docker")
# Define startupinfo for subprocesses
@ -25,9 +33,20 @@ def exec_container(args):
args = [container_runtime] + args
args_str = " ".join(pipes.quote(s) for s in args)
print("\u2023 " + args_str) # ‣
print("> " + args_str)
sys.stdout.flush()
# In Tails, tell the container runtime to download over Tor
if (
platform.system() == "Linux"
and os.getlogin() == "amnesia"
and os.getuid() == 1000
):
env = os.environ.copy()
env["HTTP_PROXY"] = "socks5://127.0.0.1:9050"
else:
env = None
with subprocess.Popen(
args,
stdin=None,
@ -36,6 +55,7 @@ def exec_container(args):
bufsize=1,
universal_newlines=True,
startupinfo=startupinfo,
env=env,
) as p:
p.communicate()
return p.returncode
@ -51,7 +71,7 @@ def container_main():
@container_main.command()
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def ls(container_name):
"""docker image ls [container_name]"""
sys.exit(exec_container(["image", "ls", container_name]))
@ -60,36 +80,36 @@ def ls(container_name):
@container_main.command()
def pull():
"""docker pull flmcode/dangerzone"""
sys.exit(exec_container(["pull", "flmcode/dangerzone"]))
sys.exit(exec_container(["pull", "docker.io/flmcode/dangerzone"]))
@container_main.command()
@click.option("--document-filename", required=True)
@click.option("--pixel-dir", required=True)
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
def documenttopixels(document_filename, pixel_dir, container_name):
"""docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
sys.exit(
exec_container(
[
"run",
"--network",
"none",
"-v",
f"{document_filename}:/tmp/input_file",
"-v",
f"{pixel_dir}:/dangerzone",
container_name,
"document-to-pixels",
]
)
)
args = ["run", "--network", "none"]
# docker uses --security-opt, podman doesn't
if container_tech == "docker":
args += ["--security-opt=no-new-privileges:true"]
args += [
"-v",
f"{document_filename}:/tmp/input_file",
"-v",
f"{pixel_dir}:/dangerzone",
container_name,
"document-to-pixels",
]
sys.exit(exec_container(args))
@container_main.command()
@click.option("--pixel-dir", required=True)
@click.option("--safe-dir", required=True)
@click.option("--container-name", default="flmcode/dangerzone")
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
@click.option("--ocr", required=True)
@click.option("--ocr-lang", required=True)
def pixelstopdf(pixel_dir, safe_dir, container_name, ocr, ocr_lang):

31
dangerzone/global_common.py
View file

@ -18,8 +18,13 @@ class GlobalCommon(object):
def __init__(self):
# Version
with open(self.get_resource_path("version.txt")) as f:
self.version = f.read().strip()
try:
with open(self.get_resource_path("version.txt")) as f:
self.version = f.read().strip()
except FileNotFoundError:
# In dev mode, in Windows, get_resource_path doesn't work properly for dangerzone-container, but luckily
# it doesn't need to know the version
self.version = "unknown"
# Initialize terminal colors
colorama.init(autoreset=True)
@ -379,7 +384,7 @@ class GlobalCommon(object):
if self.custom_container:
return self.custom_container
else:
return "flmcode/dangerzone"
return "docker.io/flmcode/dangerzone"
def get_resource_path(self, filename):
if getattr(sys, "dangerzone_dev", False):
@ -409,7 +414,7 @@ class GlobalCommon(object):
def get_dangerzone_container_path(self):
if getattr(sys, "dangerzone_dev", False):
# Look for resources directory relative to python file
return os.path.join(
path = os.path.join(
os.path.dirname(
os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe()))
@ -418,6 +423,9 @@ class GlobalCommon(object):
"dev_scripts",
"dangerzone-container",
)
if platform.system() == "Windows":
path = f"{path}.bat"
return path
else:
if platform.system() == "Darwin":
return os.path.join(
@ -431,18 +439,11 @@ class GlobalCommon(object):
return "/usr/bin/dangerzone-container"
def exec_dangerzone_container(self, args):
# Prefix the args with the retainer runtime, and in the case linux when the user isn't in the docker group, pkexec
if platform.system() == "Linux":
if self.settings.get("linux_prefers_typing_password"):
args = ["/usr/bin/pkexec", self.dz_container_path] + args
else:
args = [self.dz_container_path] + args
else:
args = [self.dz_container_path] + args
args = [self.dz_container_path] + args
args_str = " ".join(pipes.quote(s) for s in args)
print(Style.DIM + "> " + Style.NORMAL + Fore.CYAN + args_str)
# Execute dangerzone-container
args_str = " ".join(pipes.quote(s) for s in args)
print(Fore.YELLOW + "\u2023 " + Fore.CYAN + args_str) # ‣
return subprocess.Popen(
args,
startupinfo=self.get_subprocess_startupinfo(),
@ -469,7 +470,7 @@ class GlobalCommon(object):
) as p:
stdout_data, _ = p.communicate()
lines = stdout_data.split(b"\n")
if b"\u2023 " in lines[0]: # ‣
if b"> " in lines[0]:
stdout_data = b"\n".join(lines[1:])
# The user canceled, or permission denied

36
dangerzone/gui/__init__.py
View file

@ -49,10 +49,30 @@ class ApplicationWrapper(QtCore.QObject):
@click.option("--custom-container") # Use this container instead of flmcode/dangerzone
@click.argument("filename", required=False)
def gui_main(custom_container, filename):
# Required for macOS Big Sur: https://stackoverflow.com/a/64878899
if platform.system() == "Darwin":
# Required for macOS Big Sur: https://stackoverflow.com/a/64878899
os.environ["QT_MAC_WANTS_LAYER"] = "1"
# Strip ANSI colors from stdout output, to prevent terminal colors from breaking
# the macOS GUI app
from strip_ansi import strip_ansi
class StdoutFilter:
def __init__(self, stream):
self.stream = stream
def __getattr__(self, attr_name):
return getattr(self.stream, attr_name)
def write(self, data):
self.stream.write(strip_ansi(data))
def flush(self):
self.stream.flush()
sys.stdout = StdoutFilter(sys.stdout)
sys.stderr = StdoutFilter(sys.stderr)
# Create the Qt app
app_wrapper = ApplicationWrapper()
app = app_wrapper.app
@ -61,8 +81,6 @@ def gui_main(custom_container, filename):
global_common = GlobalCommon()
gui_common = GuiCommon(app, global_common)
global_common.display_banner()
if custom_container:
success, error_message = global_common.container_exists(custom_container)
if not success:
@ -74,18 +92,6 @@ def gui_main(custom_container, filename):
# Allow Ctrl-C to smoothly quit the program instead of throwing an exception
signal.signal(signal.SIGINT, signal.SIG_DFL)
# If we're using Linux and docker, see if we need to add the user to the docker group or if the user prefers typing their password
if platform.system() == "Linux":
if not gui_common.ensure_docker_group_preference():
return
try:
if not gui_common.ensure_docker_service_is_started():
click.echo("Failed to start docker service")
return
except AuthorizationFailed:
click.echo("Authorization failed")
return
# See if we need to install Docker...
if (platform.system() == "Darwin" or platform.system() == "Windows") and (
not is_docker_installed() or not is_docker_ready(global_common)

93
dangerzone/gui/common.py
View file

@ -56,7 +56,7 @@ class GuiCommon(object):
# Run
args_str = " ".join(pipes.quote(s) for s in args)
print(Fore.YELLOW + "\u2023 " + Fore.CYAN + args_str) # ‣
print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
subprocess.run(args)
elif platform.system() == "Linux":
@ -76,7 +76,7 @@ class GuiCommon(object):
# Open as a background process
args_str = " ".join(pipes.quote(s) for s in args)
print(Fore.YELLOW + "\u2023 " + Fore.CYAN + args_str) # ‣
print(Fore.YELLOW + "> " + Fore.CYAN + args_str)
subprocess.Popen(args)
def _find_pdf_viewers(self):
@ -142,95 +142,6 @@ class GuiCommon(object):
return pdf_viewers
def ensure_docker_group_preference(self):
# If the user prefers typing their password
if self.global_common.settings.get("linux_prefers_typing_password") == True:
return True
# Get the docker group
try:
groupinfo = grp.getgrnam("docker")
except:
# Ignore if group is not found
return True
# See if the user is in the group
username = getpass.getuser()
if username not in groupinfo.gr_mem:
# User is not in the docker group, ask if they prefer typing their password
message = "<b>Dangerzone requires Docker</b><br><br>In order to use Docker, your user must be in the 'docker' group or you'll need to type your password each time you run dangerzone.<br><br><b>Adding your user to the 'docker' group is more convenient but less secure</b>, and will require just typing your password once. Which do you prefer?"
return_code = Alert(
self,
self.global_common,
message,
ok_text="I'll type my password each time",
extra_button_text="Add my user to the 'docker' group",
).launch()
if return_code == QtWidgets.QDialog.Accepted:
# Prefers typing password
self.global_common.settings.set("linux_prefers_typing_password", True)
self.global_common.settings.save()
return True
elif return_code == 2:
# Prefers being in the docker group
self.global_common.settings.set("linux_prefers_typing_password", False)
self.global_common.settings.save()
# Add user to the docker group
p = subprocess.run(
[
"/usr/bin/pkexec",
"/usr/sbin/usermod",
"-a",
"-G",
"docker",
username,
]
)
if p.returncode == 0:
message = "Great! Now you must log out of your computer and log back in, and then you can use Dangerzone."
Alert(self, self.global_common, message).launch()
else:
message = "Failed to add your user to the 'docker' group, quitting."
Alert(self, self.global_common, message).launch()
return False
else:
# Cancel
return False
return True
def ensure_docker_service_is_started(self):
if not is_docker_ready(self.global_common):
message = "<b>Dangerzone requires Docker</b><br><br>Docker should be installed, but it looks like it's not running in the background.<br><br>Click Ok to try starting the docker service. You will have to type your login password."
if (
Alert(self, self.global_common, message).launch()
== QtWidgets.QDialog.Accepted
):
p = subprocess.run(
[
"/usr/bin/pkexec",
self.global_common.get_resource_path(
"enable_docker_service.sh"
),
]
)
if p.returncode == 0:
# Make sure docker is now ready
if is_docker_ready(self.global_common):
return True
else:
message = "Restarting docker appeared to work, but the service still isn't responding, quitting."
Alert(self, self.global_common, message).launch()
else:
message = "Failed to start the docker service, quitting."
Alert(self, self.global_common, message).launch()
return False
return True
class Alert(QtWidgets.QDialog):
def __init__(

4
dangerzone/gui/docker_installer.py
View file

@ -34,7 +34,7 @@ def is_docker_installed():
def is_docker_ready(global_common):
# Run `docker image ls` without an error
with global_common.exec_dangerzone_container(["ls"]) as p:
p.communicate()
outs, errs = p.communicate()
# The user canceled, or permission denied
if p.returncode == 126 or p.returncode == 127:
@ -44,6 +44,8 @@ def is_docker_ready(global_common):
if p.returncode == 0:
return True
else:
print(outs.decode())
print(errs.decode())
return False

6
dangerzone/gui/tasks.py
View file

@ -19,9 +19,9 @@ class TaskBase(QtCore.QThread):
for line in p.stdout:
output += line.decode()
if line.startswith(b"\xe2\x80\xa3 "):
if line.startswith(b"> "):
print(
Fore.WHITE + "\u2023 " + Fore.LIGHTCYAN_EX + line.decode()[2:],
Style.DIM + "> " + Style.NORMAL + Fore.CYAN + line.decode()[2:],
end="",
)
else:
@ -39,7 +39,7 @@ class TaskBase(QtCore.QThread):
if p.returncode == 126 or p.returncode == 127:
self.task_failed.emit(f"Authorization failed")
elif p.returncode == 0:
elif p.returncode != 0:
self.task_failed.emit(f"Return code: {p.returncode}")
print("")

2
dev_scripts/dangerzone-cli.bat Normal file
View file

@ -0,0 +1,2 @@
set DANGERZONE_MODE=cli
poetry run python .\dev_scripts\dangerzone %*

2
dev_scripts/dangerzone-container.bat Normal file
View file

@ -0,0 +1,2 @@
set DANGERZONE_MODE=container
poetry run python .\dev_scripts\dangerzone %*

2
dev_scripts/dangerzone.bat Normal file
View file

@ -0,0 +1,2 @@
set DANGERZONE_MODE=gui
poetry run python .\dev_scripts\dangerzone %*

9
install/linux/build_deb.py
View file

@ -6,18 +6,15 @@ import inspect
import subprocess
import shutil
sys.path.insert(
0, os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
)
import dangerzone
version = dangerzone.dangerzone_version
root = os.path.dirname(
os.path.dirname(
os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
)
)
with open(os.path.join(root, "share", "version.txt")) as f:
version = f.read().strip()
def run(cmd):
subprocess.run(cmd, cwd=root, check=True)

10
install/linux/build_rpm.py
View file

@ -6,18 +6,16 @@ import inspect
import subprocess
import shutil
sys.path.insert(
0, os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
)
import dangerzone
version = dangerzone.dangerzone_version
root = os.path.dirname(
os.path.dirname(
os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
)
)
with open(os.path.join(root, "share", "version.txt")) as f:
version = f.read().strip()
def main():
build_path = os.path.join(root, "build")
@ -31,7 +29,7 @@ def main():
print("* Building RPM package")
subprocess.run(
"python3 setup.py bdist_rpm --requires='python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-requests,python3-colorama,(docker or docker-ce)'",
"python3 setup.py bdist_rpm --requires='podman,python3-pyside2,python3-appdirs,python3-click,python3-pyxdg,python3-requests,python3-colorama'",
shell=True,
cwd=root,
check=True,

16
install/linux/media.firstlook.dangerzone-container.policy
View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<action id="org.freedesktop.policykit.pkexec.dangerzone">
<description>Run Dangerzone Container</description>
<message>Dangerzone needs you to authenticate to run containers</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/dangerzone-container</annotate>
</action>
</policyconfig>

3
install/macos/build_app.py
View file

@ -67,6 +67,9 @@ def main():
os.symlink(
"dangerzone", os.path.join(app_path, "Contents/MacOS/dangerzone-container"),
)
os.symlink(
"dangerzone", os.path.join(app_path, "Contents/MacOS/dangerzone-cli"),
)
print(f"○ Finished build app: {app_path}")

6
install/pyinstaller/pyinstaller.spec
View file

@ -1,5 +1,4 @@
# -*- mode: python -*-
import sys
import os
import inspect
import platform
@ -12,10 +11,9 @@ root = os.path.dirname(
os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
)
)
sys.path.insert(0, root)
import dangerzone
with open(os.path.join(root, "share", "version.txt")) as f:
version = f.read().strip()
version = dangerzone.dangerzone_version
print("Dangerzone version: {}".format(version))
if p == "Darwin":

42
install/windows/build-wxs.py
View file

@ -107,14 +107,11 @@ def build_components_xml(root, data):
def main():
version_filename = os.path.join(
os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
"dangerzone",
"__init__.py",
"share",
"version.txt",
)
with open(version_filename) as f:
for line in f.readlines():
if line.startswith("dangerzone_version ="):
version = line.split('"')[1]
break
version = f.read().strip()
dist_dir = os.path.join(
os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
@ -157,7 +154,7 @@ def main():
"Product",
Name="Dangerzone",
Manufacturer="First Look Media",
Id="f40ff0a9-ebf8-4e1e-9bce-6ab5c74fe119",
Id="*",
UpgradeCode="$(var.ProductUpgradeCode)",
Language="1033",
Codepage="1252",
@ -206,41 +203,16 @@ def main():
Id="WixUIDialogBmp",
Value="..\\..\\install\\windows\\dialog.bmp",
)
upgrade_el = ET.SubElement(product_el, "Upgrade", Id="$(var.ProductUpgradeCode)")
ET.SubElement(
upgrade_el,
"UpgradeVersion",
Minimum="$(var.ProductVersion)",
OnlyDetect="yes",
Property="NEWERVERSIONDETECTED",
)
ET.SubElement(
upgrade_el,
"UpgradeVersion",
Minimum="0.0.0",
Maximum="$(var.ProductVersion)",
IncludeMinimum="yes",
IncludeMaximum="no",
Property="OLDERVERSIONBEINGUPGRADED",
)
condition_el = ET.SubElement(
product_el,
"Condition",
Message="A newer version of this software is already installed.",
"MajorUpgrade",
AllowSameVersionUpgrades="yes",
DowngradeErrorMessage="A newer version of [ProductName] is already installed. If you are sure you want to downgrade, remove the existing installation via Programs and Features.",
)
condition_el.text = "NOT NEWERVERSIONDETECTED"
build_dir_xml(product_el, data)
component_ids = build_components_xml(product_el, data)
install_exec_seq_el = ET.SubElement(
product_el,
"InstallExecuteSequence",
)
ET.SubElement(
install_exec_seq_el, "RemoveExistingProducts", After="InstallValidate"
)
feature_el = ET.SubElement(product_el, "Feature", Id="DefaultFeature", Level="1")
for component_id in component_ids:
ET.SubElement(feature_el, "ComponentRef", Id=component_id)

14
poetry.lock generated
View file

@ -296,6 +296,14 @@ category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.10"
[[package]]
name = "strip-ansi"
version = "0.1.1"
description = "Strip ANSI escape sequences from a string"
category = "main"
optional = false
python-versions = ">=3.6,<4.0"
[[package]]
name = "termcolor"
version = "1.1.0"
@ -374,7 +382,7 @@ testing = ["pytest (>=4.6)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pyt
[metadata]
lock-version = "1.1"
python-versions = ">=3.7,<3.10"
content-hash = "72592722794667cf7cb6bea727b31eb60d710c90d488be9d10a13bbbcaa56688"
content-hash = "6db74c36125b2d3ad4d04c864c24ecbcf376d5ac75ee7402d950010cade5de96"
[metadata.files]
altgraph = [
@ -551,6 +559,10 @@ shiboken2 = [
{file = "shiboken2-5.15.2-5.15.2-cp35.cp36.cp37.cp38.cp39-none-win32.whl", hash = "sha256:89c157a0e2271909330e1655892e7039249f7b79a64a443d52c512337065cde0"},
{file = "shiboken2-5.15.2-5.15.2-cp35.cp36.cp37.cp38.cp39-none-win_amd64.whl", hash = "sha256:14a33169cf1bd919e4c4c4408fffbcd424c919a3f702df412b8d72b694e4c1d5"},
]
strip-ansi = [
{file = "strip-ansi-0.1.1.tar.gz", hash = "sha256:5d60f239cc8a37fdd52b43c3e66e893d45ba0423115db59eca0d2eef83b07729"},
{file = "strip_ansi-0.1.1-py3-none-any.whl", hash = "sha256:9f55280e1b0ba84dac49d4f18aa6b51b90ff766b22e4918ffc01cc87b394ecd1"},
]
termcolor = [
{file = "termcolor-1.1.0.tar.gz", hash = "sha256:1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"},
]

3
pyproject.toml
View file

@ -1,6 +1,6 @@
[tool.poetry]
name = "dangerzone"
version = "0.1.5"
version = "0.2.1"
description = "Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF"
authors = ["Micah Lee <micah.lee@theintercept.com>"]
license = "MIT"
@ -18,6 +18,7 @@ wmi = {version = "*", platform = "win32"}
pyxdg = {version = "*", platform = "linux"}
pyobjc-core = {version = "*", platform = "darwin"}
pyobjc-framework-launchservices = {version = "*", platform = "darwin"}
strip-ansi = {version = "*", platform = "darwin"}
colorama = "^0.4.4"
[tool.poetry.dev-dependencies]

9
setup.py
View file

@ -23,7 +23,7 @@ setuptools.setup(
license="MIT",
description="Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF",
url="https://github.com/firstlookmedia/dangerzone",
packages=["dangerzone"],
packages=["dangerzone", "dangerzone.gui"],
data_files=[
(
"share/applications",
@ -34,10 +34,6 @@ setuptools.setup(
["install/linux/media.firstlook.dangerzone.png"],
),
("share/dangerzone", file_list("share")),
(
"share/polkit-1/actions",
["install/linux/media.firstlook.dangerzone-container.policy"],
),
],
classifiers=[
"Programming Language :: Python",
@ -47,7 +43,8 @@ setuptools.setup(
entry_points={
"console_scripts": [
"dangerzone = dangerzone:main",
"dangerzone-container = dangerzone:container_main",
"dangerzone-container = dangerzone:main",
"dangerzone-cli = dangerzone:main",
]
},
)

3
share/enable_docker_service.sh
View file

@ -1,3 +0,0 @@
#!/bin/sh
/bin/systemctl restart docker.service
/bin/systemctl enable docker.service

2
share/version.txt
View file

@ -1 +1 @@
0.2
0.2.1

2
stdeb.cfg
View file

@ -1,6 +1,6 @@
[DEFAULT]
Package3: dangerzone
Depends3: python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-appdirs, python3-click, python3-xdg, python3-requests, python3-colorama
Depends3: podman, python3, python3-pyside2.qtcore, python3-pyside2.qtgui, python3-pyside2.qtwidgets, python3-appdirs, python3-click, python3-xdg, python3-requests, python3-colorama
Build-Depends: dh-python, python3, python3-all
Suite: bionic
X-Python3-Version: >= 3.6