doc: bump the Docker Desktop version as part of the RELEASE procedure

This only happens on Windows and macOS.

Fixes #693

.github/workflows/check_repos.yml

@@ -53,8 +53,13 @@ jobs:
           gpg --keyserver hkps://keys.openpgp.org \
               --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
               --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
+
+          # Export the GPG key in armor mode because sequoia needs it this way
+          # (sqv is used on debian trixie by default to check the keys)
           mkdir -p /etc/apt/keyrings/
-          mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings
+          gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+              --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 
       - name: Add packages.freedom.press to our APT sources
         run: |

.github/workflows/scan.yml

@@ -17,7 +17,10 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install container build dependencies
-        run: sudo apt install pipx && pipx install poetry
+        run: |
+          sudo apt install pipx
+          pipx install poetry
+          pipx inject poetry poetry-plugin-export
       - name: Build container image
         run: python3 ./install/common/build-image.py --runtime docker --no-save
       - name: Get image tag

BUILD.md

@@ -70,6 +70,7 @@ methods](https://python-poetry.org/docs/#installation))_
 ```sh
 pipx ensurepath
 pipx install poetry
+pipx inject poetry poetry-plugin-export
 ```
 
 After this, restart the terminal window, for the `poetry` command to be in your
@@ -157,6 +158,7 @@ Install Poetry using `pipx`:
 
 ```sh
 pipx install poetry
+pipx inject poetry poetry-plugin-export
 ```
 
 Clone this repository:
@@ -369,7 +371,7 @@ cd dangerzone
 Install Python dependencies:
 
 ```sh
-python3 -m pip install poetry
+python3 -m pip install poetry poetry-plugin-export
 poetry install
 ```
 
@@ -430,7 +432,7 @@ Install Microsoft Visual C++ 14.0 or greater. Get it with ["Microsoft C++ Build
 Install [poetry](https://python-poetry.org/). Open PowerShell, and run:
 
 ```
-python -m pip install poetry
+python -m pip install poetry poetry-plugin-export
 ```
 
 Install git from [here](https://git-scm.com/download/win), open a Windows terminal (`cmd.exe`) and clone this repository:

CHANGELOG.md

@@ -5,7 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...HEAD)
+## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.8.1...HEAD)
+
+- 
+
+## [0.8.1](https://github.com/freedomofpress/dangerzone/compare/v0.8.1...0.8.0)
+
+- Update the container image
 
 ### Added
 

INSTALL.md

@@ -1,7 +1,7 @@
 ## MacOS
 
-- Download [Dangerzone 0.8.0 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.0/Dangerzone-0.8.0-arm64.dmg)
+- Download [Dangerzone 0.8.1 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-arm64.dmg)
-- Download [Dangerzone 0.8.0 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.0/Dangerzone-0.8.0-i686.dmg)
+- Download [Dangerzone 0.8.1 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1-i686.dmg)
 
 You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `brew install --cask dangerzone`
 
@@ -11,7 +11,7 @@ You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `bre
 
 ## Windows
 
-- Download [Dangerzone 0.8.0 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.0/Dangerzone-0.8.0.msi)
+- Download [Dangerzone 0.8.1 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.8.1/Dangerzone-0.8.1.msi)
 
 > **Note**: you will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/).
 > This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to
@@ -94,7 +94,9 @@ gpg --keyserver hkps://keys.openpgp.org \
     --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
     --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
 sudo mkdir -p /etc/apt/keyrings/
-sudo mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings
+sudo gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+    --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
+    > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 ```
 
 Add the URL of the repo in your APT sources:

README.md

@@ -14,13 +14,13 @@ _Read more about Dangerzone in the [official site](https://dangerzone.rocks/abou
 
 Follow the instructions for each platform:
 
-* [macOS](https://github.com/freedomofpress/dangerzone/blob/v0.8.0//INSTALL.md#macos)
+* [macOS](https://github.com/freedomofpress/dangerzone/blob/v0.8.1/INSTALL.md#macos)
-* [Windows](https://github.com/freedomofpress/dangerzone/blob/v0.8.0//INSTALL.md#windows)
+* [Windows](https://github.com/freedomofpress/dangerzone/blob/v0.8.1//INSTALL.md#windows)
-* [Ubuntu Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.0/INSTALL.md#ubuntu-debian)
+* [Ubuntu Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.1/INSTALL.md#ubuntu-debian)
-* [Debian Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.0/INSTALL.md#ubuntu-debian)
+* [Debian Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.1/INSTALL.md#ubuntu-debian)
-* [Fedora Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.0/INSTALL.md#fedora)
+* [Fedora Linux](https://github.com/freedomofpress/dangerzone/blob/v0.8.1/INSTALL.md#fedora)
 * [Qubes OS (beta)](https://github.com/freedomofpress/dangerzone/blob/v0.8.0/INSTALL.md#qubes-os)
-* [Tails](https://github.com/freedomofpress/dangerzone/blob/v0.8.0/INSTALL.md#tails)
+* [Tails](https://github.com/freedomofpress/dangerzone/blob/v0.8.1/INSTALL.md#tails)
 
 ## Some features
 

RELEASE.md

@@ -8,12 +8,13 @@ Here is a list of tasks that should be done before issuing the release:
 
 - [ ] Create a new issue named **QA and Release for version \<VERSION\>**, to track the general progress.
       You can generate its content with the the `poetry run ./dev_scripts/generate-release-tasks.py` command.
-- [ ] [Add new Linux platforms and remove obsolete ones](https://github.com/freedomofpress/dangerzone/blob/main/RELEASE.md#add-new-platforms-and-remove-obsolete-ones)
+- [ ] [Add new Linux platforms and remove obsolete ones](https://github.com/freedomofpress/dangerzone/blob/main/RELEASE.md#add-new-linux-platforms-and-remove-obsolete-ones)
 - [ ] Bump the Python dependencies using `poetry lock`
 - [ ] Update `version` in `pyproject.toml`
 - [ ] Update `share/version.txt`
 - [ ] Update the "Version" field in `install/linux/dangerzone.spec`
 - [ ] Bump the Debian version by adding a new changelog entry in `debian/changelog`
+- [ ] [Bump the minimum Docker Desktop versions](https://github.com/freedomofpress/dangerzone/blob/main/RELEASE.md#bump-the-minimum-docker-desktop-version) in `isolation_provider/container.py`
 - [ ] Update screenshot in `README.md`, if necessary
 - [ ] CHANGELOG.md should be updated to include a list of all major changes since the last release
 - [ ] A draft release should be created. Copy the release notes text from the template at [`docs/templates/release-notes`](https://github.com/freedomofpress/dangerzone/tree/main/docs/templates/)
@@ -46,6 +47,12 @@ In case of the removal of a version:
    * Consult the previous paragraph, but also `grep` your way around.
 2. Add a notice in our `CHANGELOG.md` about the version removal.
 
+## Bump the minimum Docker Desktop version
+
+We embed the minimum docker desktop versions inside Dangerzone, as an incentive for our macOS and Windows users to upgrade to the latests version.
+
+You can find the latest version at the time of the release by looking at [their release notes](https://docs.docker.com/desktop/release-notes/)
+
 ## Large Document Testing
 
 Parallel to the QA process, the release candidate should be put through the large document tests in a dedicated machine to run overnight.
@@ -113,7 +120,7 @@ Here is what you need to do:
 
   # In case of a new Python installation or minor version upgrade, e.g., from
   # 3.11 to 3.12, reinstall Poetry
-  python3 -m pip install poetry
+  python3 -m pip install poetry poetry-plugin-export
 
   # You can verify the correct Python version is used
   poetry debug info
@@ -195,7 +202,7 @@ The Windows release is performed in a Windows 11 virtual machine (as opposed to
   ```bash
   # In case of a new Python installation or minor version upgrade, e.g., from
   # 3.11 to 3.12, reinstall Poetry
-  python3 -m pip install poetry
+  python3 -m pip install poetry poetry-plugin-export
 
   # You can verify the correct Python version is used
   poetry debug info

dangerzone/cli.py

@@ -42,6 +42,12 @@ def print_header(s: str) -> None:
     type=click.UNPROCESSED,
     callback=args.validate_input_filenames,
 )
+@click.option(
+    "--debug",
+    "debug",
+    flag_value=True,
+    help="Run Dangerzone in debug mode, to get logs from gVisor.",
+)
 @click.version_option(version=get_version(), message="%(version)s")
 @errors.handle_document_errors
 def cli_main(
@@ -50,6 +56,7 @@ def cli_main(
     filenames: List[str],
     archive: bool,
     dummy_conversion: bool,
+    debug: bool,
 ) -> None:
     setup_logging()
 
@@ -58,7 +65,7 @@ def cli_main(
     elif is_qubes_native_conversion():
         dangerzone = DangerzoneCore(Qubes())
     else:
-        dangerzone = DangerzoneCore(Container())
+        dangerzone = DangerzoneCore(Container(debug=debug))
 
     display_banner()
     if len(filenames) == 1 and output_filename:

dangerzone/gui/main_window.py

@@ -124,6 +124,7 @@ class MainWindow(QtWidgets.QMainWindow):
 
         self.setWindowTitle("Dangerzone")
         self.setWindowIcon(self.dangerzone.get_window_icon())
+        self.alert: Optional[Alert] = None
 
         self.setMinimumWidth(600)
         if platform.system() == "Darwin":
@@ -226,6 +227,13 @@ class MainWindow(QtWidgets.QMainWindow):
         # This allows us to make QSS rules conditional on the OS color mode.
         self.setProperty("OSColorMode", self.dangerzone.app.os_color_mode.value)
 
+        if hasattr(self.dangerzone.isolation_provider, "check_docker_desktop_version"):
+            is_version_valid, version = (
+                self.dangerzone.isolation_provider.check_docker_desktop_version()
+            )
+            if not is_version_valid:
+                self.handle_docker_desktop_version_check(is_version_valid, version)
+
         self.show()
 
     def show_update_success(self) -> None:
@@ -279,6 +287,46 @@ class MainWindow(QtWidgets.QMainWindow):
         self.dangerzone.settings.set("updater_check", check)
         self.dangerzone.settings.save()
 
+    def handle_docker_desktop_version_check(
+        self, is_version_valid: bool, version: str
+    ) -> None:
+        hamburger_menu = self.hamburger_button.menu()
+        sep = hamburger_menu.insertSeparator(hamburger_menu.actions()[0])
+        upgrade_action = QAction("Docker Desktop should be upgraded", hamburger_menu)
+        upgrade_action.setIcon(
+            QtGui.QIcon(
+                load_svg_image(
+                    "hamburger_menu_update_dot_error.svg", width=64, height=64
+                )
+            )
+        )
+
+        message = """
+        <p>A new version of Docker Desktop is available. Please upgrade your system.</p>
+        <p>Visit the <a href="https://www.docker.com/products/docker-desktop">Docker Desktop website</a> to download the latest version.</p>
+        <em>Keeping Docker Desktop up to date allows you to have more confidence that your documents are processed safely.</em>
+        """
+        self.alert = Alert(
+            self.dangerzone,
+            title="Upgrade Docker Desktop",
+            message=message,
+            ok_text="Ok",
+            has_cancel=False,
+        )
+
+        def _launch_alert() -> None:
+            if self.alert:
+                self.alert.launch()
+
+        upgrade_action.triggered.connect(_launch_alert)
+        hamburger_menu.insertAction(sep, upgrade_action)
+
+        self.hamburger_button.setIcon(
+            QtGui.QIcon(
+                load_svg_image("hamburger_menu_update_error.svg", width=64, height=64)
+            )
+        )
+
     def handle_updates(self, report: UpdateReport) -> None:
         """Handle update reports from the update checker thread.
 
@@ -365,7 +413,7 @@ class MainWindow(QtWidgets.QMainWindow):
         self.content_widget.show()
 
     def closeEvent(self, e: QtGui.QCloseEvent) -> None:
-        alert_widget = Alert(
+        self.alert = Alert(
             self.dangerzone,
             message="Some documents are still being converted.\n Are you sure you want to quit?",
             ok_text="Abort conversions",
@@ -379,7 +427,7 @@ class MainWindow(QtWidgets.QMainWindow):
             else:
                 self.dangerzone.app.exit(0)
         else:
-            accept_exit = alert_widget.launch()
+            accept_exit = self.alert.launch()
             if not accept_exit:
                 e.ignore()
                 return
@@ -623,7 +671,7 @@ class ContentWidget(QtWidgets.QWidget):
 
     def documents_selected(self, docs: List[Document]) -> None:
         if self.conversion_started:
-            Alert(
+            self.alert = Alert(
                 self.dangerzone,
                 message="Dangerzone does not support adding documents after the conversion has started.",
                 has_cancel=False,
@@ -633,7 +681,7 @@ class ContentWidget(QtWidgets.QWidget):
         # Ensure all files in batch are in the same directory
         dirnames = {os.path.dirname(doc.input_filename) for doc in docs}
         if len(dirnames) > 1:
-            Alert(
+            self.alert = Alert(
                 self.dangerzone,
                 message="Dangerzone does not support adding documents from multiple locations.\n\n The newly added documents were ignored.",
                 has_cancel=False,
@@ -802,14 +850,14 @@ class DocSelectionDropFrame(QtWidgets.QFrame):
             text = f"{num_unsupported_docs} files are not supported."
             ok_text = "Continue without these files"
 
-        alert_widget = Alert(
+        self.alert = Alert(
             self.dangerzone,
             message=f"{text}\nThe supported extensions are: "
             + ", ".join(get_supported_extensions()),
             ok_text=ok_text,
         )
 
-        return alert_widget.exec_()
+        return self.alert.exec_()
 
 
 class SettingsWidget(QtWidgets.QWidget):

dangerzone/isolation_provider/base.py

@@ -5,7 +5,9 @@ import platform
 import signal
 import subprocess
 import sys
+import threading
 from abc import ABC, abstractmethod
+from io import BytesIO
 from typing import IO, Callable, Iterator, Optional
 
 import fitz
@@ -18,10 +20,6 @@ from ..util import get_tessdata_dir, replace_control_chars
 
 log = logging.getLogger(__name__)
 
-MAX_CONVERSION_LOG_CHARS = 150 * 50  # up to ~150 lines of 50 characters
-DOC_TO_PIXELS_LOG_START = "----- DOC TO PIXELS LOG START -----"
-DOC_TO_PIXELS_LOG_END = "----- DOC TO PIXELS LOG END -----"
-
 TIMEOUT_EXCEPTION = 15
 TIMEOUT_GRACE = 15
 TIMEOUT_FORCE = 5
@@ -75,9 +73,9 @@ def read_int(f: IO[bytes]) -> int:
     return int.from_bytes(untrusted_int, "big", signed=False)
 
 
-def read_debug_text(f: IO[bytes], size: int) -> str:
+def sanitize_debug_text(text: bytes) -> str:
-    """Read arbitrarily long text (for debug purposes), and sanitize it."""
+    """Read all the buffer and return a sanitized version"""
-    untrusted_text = f.read(size).decode("ascii", errors="replace")
+    untrusted_text = text.decode("ascii", errors="replace")
     return replace_control_chars(untrusted_text, keep_newlines=True)
 
 
@@ -86,12 +84,16 @@ class IsolationProvider(ABC):
     Abstracts an isolation provider
     """
 
-    def __init__(self) -> None:
+    def __init__(self, debug: bool = False) -> None:
-        if getattr(sys, "dangerzone_dev", False) is True:
+        self.debug = debug
+        if self.should_capture_stderr():
             self.proc_stderr = subprocess.PIPE
         else:
             self.proc_stderr = subprocess.DEVNULL
 
+    def should_capture_stderr(self) -> bool:
+        return self.debug or getattr(sys, "dangerzone_dev", False)
+
     @abstractmethod
     def install(self) -> bool:
         pass
@@ -327,7 +329,11 @@ class IsolationProvider(ABC):
         timeout_force: int = TIMEOUT_FORCE,
     ) -> Iterator[subprocess.Popen]:
         """Start a conversion process, pass it to the caller, and then clean it up."""
+        # Store the proc stderr in memory
+        stderr = BytesIO()
         p = self.start_doc_to_pixels_proc(document)
+        stderr_thread = self.start_stderr_thread(p, stderr)
+
         if platform.system() != "Windows":
             assert os.getpgid(p.pid) != os.getpgid(
                 os.getpid()
@@ -343,15 +349,40 @@ class IsolationProvider(ABC):
                 document, p, timeout_grace=timeout_grace, timeout_force=timeout_force
             )
 
-            # Read the stderr of the process only if:
+            if stderr_thread:
-            # * Dev mode is enabled.
+                # Wait for the thread to complete. If it's still alive, mention it in the debug log.
-            # * The process has exited (else we risk hanging).
+                stderr_thread.join(timeout=1)
-            if getattr(sys, "dangerzone_dev", False) and p.poll() is not None:
+
-                assert p.stderr
+                debug_bytes = stderr.getvalue()
-                debug_log = read_debug_text(p.stderr, MAX_CONVERSION_LOG_CHARS)
+                debug_log = sanitize_debug_text(debug_bytes)
+
+                incomplete = "(incomplete) " if stderr_thread.is_alive() else ""
+
                 log.info(
                     "Conversion output (doc to pixels)\n"
-                    f"{DOC_TO_PIXELS_LOG_START}\n"
+                    f"----- DOC TO PIXELS LOG START {incomplete}-----\n"
                     f"{debug_log}"  # no need for an extra newline here
-                    f"{DOC_TO_PIXELS_LOG_END}"
+                    "----- DOC TO PIXELS LOG END -----"
                 )
+
+    def start_stderr_thread(
+        self, process: subprocess.Popen, stderr: IO[bytes]
+    ) -> Optional[threading.Thread]:
+        """Start a thread to read stderr from the process"""
+
+        def _stream_stderr(process_stderr: IO[bytes]) -> None:
+            try:
+                for line in process_stderr:
+                    stderr.write(line)
+            except (ValueError, IOError) as e:
+                log.debug(f"Stderr stream closed: {e}")
+
+        if process.stderr:
+            stderr_thread = threading.Thread(
+                target=_stream_stderr,
+                args=(process.stderr,),
+                daemon=True,
+            )
+            stderr_thread.start()
+            return stderr_thread
+        return None

dangerzone/isolation_provider/container.py

@@ -3,7 +3,7 @@ import os
 import platform
 import shlex
 import subprocess
-from typing import List
+from typing import List, Tuple
 
 from .. import container_utils, errors
 from ..document import Document
@@ -11,7 +11,10 @@ from ..util import get_resource_path, get_subprocess_startupinfo
 from .base import IsolationProvider, terminate_process_group
 
 TIMEOUT_KILL = 5  # Timeout in seconds until the kill command returns.
-
+MINIMUM_DOCKER_DESKTOP = {
+    "Darwin": "4.36.0",
+    "Windows": "4.36.0",
+}
 
 # Define startupinfo for subprocesses
 if platform.system() == "Windows":
@@ -121,6 +124,7 @@ class Container(IsolationProvider):
     def is_available() -> bool:
         container_runtime = container_utils.get_runtime()
         runtime_name = container_utils.get_runtime_name()
+
         # Can we run `docker/podman image ls` without an error
         with subprocess.Popen(
             [container_runtime, "image", "ls"],
@@ -135,6 +139,28 @@ class Container(IsolationProvider):
                 )
             return True
 
+    def check_docker_desktop_version(self) -> Tuple[bool, str]:
+        # On windows and darwin, check that the minimum version is met
+        version = ""
+        if platform.system() != "Linux":
+            with subprocess.Popen(
+                ["docker", "version", "--format", "{{.Server.Platform.Name}}"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                startupinfo=get_subprocess_startupinfo(),
+            ) as p:
+                stdout, stderr = p.communicate()
+                if p.returncode != 0:
+                    # In the case where there were an error, consider that
+                    # the check went trough, as we're checking for installation
+                    # compatibiliy somewhere else already
+                    return True, version
+                # The output is like "Docker Desktop 4.35.1 (173168)"
+                version = stdout.decode().replace("Docker Desktop", "").split()[0]
+                if version < MINIMUM_DOCKER_DESKTOP[platform.system()]:
+                    return False, version
+        return True, version
+
     def doc_to_pixels_container_name(self, document: Document) -> str:
         """Unique container name for the doc-to-pixels phase."""
         return f"dangerzone-doc-to-pixels-{document.id}"
@@ -168,6 +194,10 @@ class Container(IsolationProvider):
     ) -> subprocess.Popen:
         container_runtime = container_utils.get_runtime()
         security_args = self.get_runtime_security_args()
+        debug_args = []
+        if self.debug:
+            debug_args += ["-e", "RUNSC_DEBUG=1"]
+
         enable_stdin = ["-i"]
         set_name = ["--name", name]
         prevent_leakage_args = ["--rm"]
@@ -177,14 +207,14 @@ class Container(IsolationProvider):
         args = (
             ["run"]
             + security_args
+            + debug_args
             + prevent_leakage_args
             + enable_stdin
             + set_name
             + image_name
             + command
         )
-        args = [container_runtime] + args
+        return self.exec([container_runtime] + args)
-        return self.exec(args)
 
     def kill_container(self, name: str) -> None:
         """Terminate a spawned container.

dangerzone/logic.py

@@ -71,6 +71,7 @@ class DangerzoneCore(object):
                     ocr_lang,
                     stdout_callback,
                 )
+
             except Exception:
                 log.exception(
                     f"Unexpected error occurred while converting '{document}'"

debian/changelog

@@ -1,3 +1,9 @@
+dangerzone (0.8.1) unstable; urgency=low
+
+  * Released Dangerzone 0.8.1
+
+ -- Freedom of the Press Foundation   <info@freedom.press>  Tue, 22 December 2024 22:03:28 +0300
+
 dangerzone (0.8.0) unstable; urgency=low
 
   * Released Dangerzone 0.8.0

dev_scripts/env.py

@@ -183,6 +183,7 @@ COPY storage.conf /home/user/.config/containers
 # FIXME: pipx install poetry does not work for Ubuntu Focal.
 ENV PATH="$PATH:/home/user/.local/bin"
 RUN pipx install poetry
+RUN pipx inject poetry poetry-plugin-export
 
 COPY pyproject.toml poetry.lock /home/user/dangerzone/
 RUN cd /home/user/dangerzone && poetry --no-ansi install
@@ -291,6 +292,7 @@ def get_build_dir_sources(distro, version):
     sources = [
         git_root() / "pyproject.toml",
         git_root() / "poetry.lock",
+        git_root() / "dev_scripts" / "env.py",
         git_root() / "dev_scripts" / "storage.conf",
         git_root() / "dev_scripts" / "containers.conf",
     ]

dev_scripts/qa.py

@@ -287,6 +287,7 @@ methods](https://python-poetry.org/docs/#installation))_
 ```sh
 pipx ensurepath
 pipx install poetry
+pipx inject poetry poetry-plugin-export
 ```
 
 After this, restart the terminal window, for the `poetry` command to be in your
@@ -375,6 +376,7 @@ Install Poetry using `pipx`:
 
 ```sh
 pipx install poetry
+pipx inject poetry poetry-plugin-export
 ```
 
 Clone this repository:
@@ -440,7 +442,7 @@ Install Microsoft Visual C++ 14.0 or greater. Get it with ["Microsoft C++ Build
 Install [poetry](https://python-poetry.org/). Open PowerShell, and run:
 
 ```
-python -m pip install poetry
+python -m pip install poetry poetry-plugin-export
 ```
 
 Install git from [here](https://git-scm.com/download/win), open a Windows terminal (`cmd.exe`) and clone this repository:
@@ -878,7 +880,7 @@ class QAWindows(QABase):
         "Install Poetry and the project's dependencies", ref=REF_BUILD, auto=True
     )
     def install_poetry(self):
-        self.run("python", "-m", "pip", "install", "poetry")
+        self.run("python", "-m", "pip", "install", "poetry", "poetry-plugin-export")
         self.run("poetry", "install", "--sync")
 
     @QABase.task("Build Dangerzone container image", ref=REF_BUILD, auto=True)

docs/advisories/2024-12-24.md

@@ -0,0 +1,33 @@
+Security Advisory 2024-12-24
+
+In Dangerzone, a security vulnerability was detected in the quarantined
+environment where documents are opened. Vulnerabilities like this are expected
+and do not compromise the security of Dangerzone. However, in combination with
+another more serious vulnerability (also called container escape), a malicious
+document may be able to breach the security of Dangerzone. We are not aware of
+any container escapes that affect Dangerzone. **To reduce that risk, you are
+strongly advised to update Dangerzone to the latest version**.
+
+# Summary
+
+A series of vulnerabilities in gst-plugins-base (CVE-2024-47538, CVE-2024-47607
+and CVE-2024-47615) affects the **contained** environment where the document
+rendering takes place.
+
+If one attempts to convert a malicious file with an embedded Vorbis or Opus
+media elements,  arbitrary code may run within that environment. Such files
+look like regular Office documents, which means that you cannot avoid a specific
+extension. Other programs that open Office documents, such as LibreOffice, are
+also affected, unless the system has been upgraded in the meantime.
+
+# How does this impact me?
+
+The expectation is that malicious code will run in a container without Internet
+access, meaning that it won't be able to infect the rest of the system.
+
+If you are running Dangerzone via the Qubes OS, you are not impacted.
+
+# What do I need to do?
+
+You are **strongly** advised to update your Dangerzone installation to 0.8.1 as
+soon as possible.

install/linux/dangerzone.spec

@@ -32,7 +32,7 @@ Name:           dangerzone-qubes
 Name:           dangerzone
 %endif
 
-Version:        0.8.0
+Version:        0.8.1
 Release:        1%{?dist}
 Summary:        Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
 

pyproject.toml

@@ -1,6 +1,6 @@
     [tool.poetry]
 name = "dangerzone"
-version = "0.8.0"
+version = "0.8.1"
 description = "Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs"
 authors = ["Freedom of the Press Foundation <info@freedom.press>", "Micah Lee <micah.lee@theintercept.com>"]
 license = "AGPL-3.0"

share/version.txt

@@ -1 +1 @@
-0.8.0
+0.8.1

tests/gui/test_main_window.py

@@ -587,3 +587,57 @@ def test_installation_failure_return_false(qtbot: QtBot, mocker: MockerFixture)
 
     assert "the following error occured" in widget.label.text()
     assert "The image cannot be found" in widget.traceback.toPlainText()
+
+
+def test_up_to_date_docker_desktop_does_nothing(
+    qtbot: QtBot, mocker: MockerFixture
+) -> None:
+    # Setup install to return False
+    mock_app = mocker.MagicMock()
+    dummy = mocker.MagicMock(spec=Container)
+    dummy.check_docker_desktop_version.return_value = (True, "1.0.0")
+    dz = DangerzoneGui(mock_app, dummy)
+
+    window = MainWindow(dz)
+    qtbot.addWidget(window)
+
+    menu_actions = window.hamburger_button.menu().actions()
+    assert "Docker Desktop should be upgraded" not in [
+        a.toolTip() for a in menu_actions
+    ]
+
+
+def test_outdated_docker_desktop_displays_warning(
+    qtbot: QtBot, mocker: MockerFixture
+) -> None:
+    # Setup install to return False
+    mock_app = mocker.MagicMock()
+    dummy = mocker.MagicMock(spec=Container)
+    dummy.check_docker_desktop_version.return_value = (False, "1.0.0")
+
+    dz = DangerzoneGui(mock_app, dummy)
+
+    load_svg_spy = mocker.spy(main_window_module, "load_svg_image")
+
+    window = MainWindow(dz)
+    qtbot.addWidget(window)
+
+    menu_actions = window.hamburger_button.menu().actions()
+    assert menu_actions[0].toolTip() == "Docker Desktop should be upgraded"
+
+    # Check that the hamburger icon has changed with the expected SVG image.
+    assert load_svg_spy.call_count == 4
+    assert (
+        load_svg_spy.call_args_list[2].args[0] == "hamburger_menu_update_dot_error.svg"
+    )
+
+    alert_spy = mocker.spy(window.alert, "launch")
+
+    # Clicking the menu item should open a warning message
+    def _check_alert_displayed() -> None:
+        alert_spy.assert_any_call()
+        if window.alert:
+            window.alert.close()
+
+    QtCore.QTimer.singleShot(0, _check_alert_displayed)
+    menu_actions[0].trigger()

tests/isolation_provider/test_container.py

@@ -1,4 +1,5 @@
 import os
+import platform
 
 import pytest
 from pytest_mock import MockerFixture
@@ -108,6 +109,92 @@ class TestContainer(IsolationProviderTest):
         with pytest.raises(errors.ImageNotPresentException):
             provider.install()
 
+    @pytest.mark.skipif(
+        platform.system() not in ("Windows", "Darwin"),
+        reason="macOS and Windows specific",
+    )
+    def test_old_docker_desktop_version_is_detected(
+        self, mocker: MockerFixture, provider: Container, fp: FakeProcess
+    ) -> None:
+        fp.register_subprocess(
+            [
+                "docker",
+                "version",
+                "--format",
+                "{{.Server.Platform.Name}}",
+            ],
+            stdout="Docker Desktop 1.0.0 (173100)",
+        )
+
+        mocker.patch(
+            "dangerzone.isolation_provider.container.MINIMUM_DOCKER_DESKTOP",
+            {"Darwin": "1.0.1", "Windows": "1.0.1"},
+        )
+        assert (False, "1.0.0") == provider.check_docker_desktop_version()
+
+    @pytest.mark.skipif(
+        platform.system() not in ("Windows", "Darwin"),
+        reason="macOS and Windows specific",
+    )
+    def test_up_to_date_docker_desktop_version_is_detected(
+        self, mocker: MockerFixture, provider: Container, fp: FakeProcess
+    ) -> None:
+        fp.register_subprocess(
+            [
+                "docker",
+                "version",
+                "--format",
+                "{{.Server.Platform.Name}}",
+            ],
+            stdout="Docker Desktop 1.0.1 (173100)",
+        )
+
+        # Require version 1.0.1
+        mocker.patch(
+            "dangerzone.isolation_provider.container.MINIMUM_DOCKER_DESKTOP",
+            {"Darwin": "1.0.1", "Windows": "1.0.1"},
+        )
+        assert (True, "1.0.1") == provider.check_docker_desktop_version()
+
+        fp.register_subprocess(
+            [
+                "docker",
+                "version",
+                "--format",
+                "{{.Server.Platform.Name}}",
+            ],
+            stdout="Docker Desktop 2.0.0 (173100)",
+        )
+        assert (True, "2.0.0") == provider.check_docker_desktop_version()
+
+    @pytest.mark.skipif(
+        platform.system() not in ("Windows", "Darwin"),
+        reason="macOS and Windows specific",
+    )
+    def test_docker_desktop_version_failure_returns_true(
+        self, mocker: MockerFixture, provider: Container, fp: FakeProcess
+    ) -> None:
+        fp.register_subprocess(
+            [
+                "docker",
+                "version",
+                "--format",
+                "{{.Server.Platform.Name}}",
+            ],
+            stderr="Oopsie",
+            returncode=1,
+        )
+        assert provider.check_docker_desktop_version() == (True, "")
+
+    @pytest.mark.skipif(
+        platform.system() != "Linux",
+        reason="Linux specific",
+    )
+    def test_linux_skips_desktop_version_check_returns_true(
+        self, mocker: MockerFixture, provider: Container
+    ) -> None:
+        assert (True, "") == provider.check_docker_desktop_version()
+
 
 class TestContainerTermination(IsolationProviderTermination):
     pass