Merge 3a1b41f988 into 32deea10c4

2025-05-04 12:41:50 +02:00 · 2024-10-31 13:25:22 +00:00
5 changed files with 6 additions and 82 deletions
--- a/.github/workflows/scan_released.yml
+++ b/.github/workflows/scan_released.yml
@ -13,7 +13,7 @@ jobs:
      - name: Download container image for the latest release
        run: |
          VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | jq -r '.tag_name')
-          wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container.tar.gz -O container.tar.gz
+          wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container-${VERSION}-i686.tar.gz -O container.tar.gz
      - name: Load container image
        run: docker load -i container.tar.gz
      # NOTE: Scan first without failing, else we won't be able to read the scan
--- a/BUILD.md
+++ b/BUILD.md
@ -260,16 +260,11 @@ The following instructions require typing commands in a terminal in dom0.

   ```
   qvm-create --class AppVM --label red --template fedora-40-dz dz
-   qvm-volume resize dz:private $(numfmt --from=auto 5Gi)
   ```

   > :bulb: Alternatively, you can use a different app qube for Dangerzone
   > development. In that case, replace `dz` with the qube of your choice in the
   > steps below.
-   >
-   > In the commands above, we also resize the private volume of the `dz` qube
-   > to 5GiB, since the Tesseract data that will be downloaded in the next steps
-   > take a bit of space.

 4. Add an RPC policy (`/etc/qubes/policy.d/50-dangerzone.policy`) that will
   allow launching a disposable qube (`dz-dvm`) when Dangerzone converts a
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,51 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...HEAD)
-
-## [0.8.0](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...0.7.1)
+## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.7.1...HEAD)

 ### Added

 - Point to the installation instructions that the Tails team maintains for Dangerzone ([announcement](https://tails.net/news/dangerzone/index.en.html))
- Installation and execution errors are now caught and displayed in the interface ([#193](https://github.com/freedomofpress/dangerzone/issues/193))
- Prevent users from using illegal characters in output filename ([#362](https://github.com/freedomofpress/dangerzone/issues/362)). Thanks [@bnewc](https://github.com/bnewc) for the contribution!
- Add support for Fedora 41 ([#947](https://github.com/freedomofpress/dangerzone/issues/947))
- Add support for Ubuntu Oracular (24.10) ([#954](https://github.com/freedomofpress/dangerzone/pull/954))
-
-### Fixed
-
- Update our macOS entitlements, removing now unneeded privileges ([#638](https://github.com/freedomofpress/dangerzone/issues/638))
- Make Dangerzone work on Linux systems with SELinux in enforcing mode ([#880](https://github.com/freedomofpress/dangerzone/issues/880))
- Process documents with embedded multimedia files without crashing ([#877](https://github.com/freedomofpress/dangerzone/issues/877))
- Search for applications that can read PDF files in a more reliable way on Linux ([#899](https://github.com/freedomofpress/dangerzone/issues/899))
- Handle and report some stray conversion errors ([#776](https://github.com/freedomofpress/dangerzone/issues/776)). Thanks [@amnak613](https://github.com/amnak613) for the contribution!
- Replace occurrences of the word "Docker" in Podman-related error messages in Linux ([#212](https://github.com/freedomofpress/dangerzone/issues/212))
-
-### Changed
-
- The second phase of the conversion (pixels to PDF) now happens on the host. Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF **on the host**, while the doc to pixels conversion is still running on the first container. The sanitation is no less safe, since the boundaries between the sandbox and the host are still respected ([#625](https://github.com/freedomofpress/dangerzone/issues/625))
- PyMuPDF is now vendorized for Debian packages. This is done because the PyMuPDF package from the Debian repos lacks OCR support ([#940](https://github.com/freedomofpress/dangerzone/pull/940))
- Always use our own seccomp policy as a default ([#908](https://github.com/freedomofpress/dangerzone/issues/908))
- Debian packages are now amd64 only, which removes some warnings in Linux distros with 32-bit repos enabled ([#394](https://github.com/freedomofpress/dangerzone/issues/394))
- Allow choosing installation directory on Windows platforms ([#148](https://github.com/freedomofpress/dangerzone/issues/148)). Thanks [@jkarasti](https://github.com/jkarasti) for the contribution!
- Bumped H2ORestart LibreOffice extension to version 0.6.6 ([#943](https://github.com/freedomofpress/dangerzone/issues/943))
- Platform support: Ubuntu Focal (20.04) is now deprecated, and support will be dropped with the next release ([#965](https://github.com/freedomofpress/dangerzone/issues/965))
-
-### Removed
-
- Platform support: Drop Ubuntu Mantic (23.10), since it's end-of-life ([#977](https://github.com/freedomofpress/dangerzone/pull/977))
-
-### Development changes
-
- Build Debian packages with pybuild ([#773](https://github.com/freedomofpress/dangerzone/issues/773))
- Test Dangerzone on Intel macOS machines as well ([#932](https://github.com/freedomofpress/dangerzone/issues/932))
- Switch from CircleCI runners to Github actions ([#674](https://github.com/freedomofpress/dangerzone/issues/674))
- Sign Windows executables and installer with SHA256 rather than SHA1 ([#931](https://github.com/freedomofpress/dangerzone/pull/931)). Thanks [@jkarasti](https://github.com/jkarasti) for the contribution!
+- Platform support: Ubuntu 24.10 and Fedora 41 ([issue #947](https://github.com/freedomofpress/dangerzone/issues/947))

 ## [0.7.1](https://github.com/freedomofpress/dangerzone/compare/v0.7.1...v0.7.0)

-### Fixed
+### Fixed

 - Fix an `image-id.txt` mismatch happening on Docker Desktop >= 4.30.0 ([#933](https://github.com/freedomofpress/dangerzone/issues/933))

--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ Take potentially dangerous PDFs, office documents, or images and convert them to
 | ![Settings](./assets/screenshot1.png) | ![Converting](./assets/screenshot2.png)
 |--|--|

-Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, outside of the sandbox, Dangerzone takes this pixel data and converts it back into a PDF.
+Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, in a separate sandbox, Dangerzone takes this pixel data and converts it back into a PDF.

 _Read more about Dangerzone in the [official site](https://dangerzone.rocks/about/)._

--- a/dev_scripts/qa.py
+++ b/dev_scripts/qa.py
@ -3,20 +3,14 @@
 import abc
 import argparse
 import difflib
-import json
 import logging
 import re
 import selectors
 import subprocess
 import sys
-import urllib.request

 logger = logging.getLogger(__name__)

-PYTHON_VERSION_STR = "3.12"
-PYTHON_VERSION = [int(num) for num in PYTHON_VERSION_STR.split(".")]
-EOL_PYTHON_URL = "https://endoflife.date/api/python.json"
-
 CONTENT_QA = r"""## QA

 To ensure that new releases do not introduce regressions, and support existing
@ -808,26 +802,6 @@ class QAWindows(QABase):
        while msvcrt.kbhit():
            msvcrt.getch()

-    @QABase.task(f"Install the latest version of Python {PYTHON_VERSION_STR}", ref=REF_BUILD)
-    def install_python(self):
-        cur_version = list(sys.version_info[:3])
-
-        logger.info("Getting latest Python release")
-        with urllib.request.urlopen(EOL_PYTHON_URL) as f:
-            resp = f.read()
-            releases = json.loads(resp)
-            for release in releases:
-                if release["cycle"] == PYTHON_VERSION_STR:
-                    latest_version = [int(num) for num in release["latest"].split(".")]
-                    if latest_version > cur_version:
-                        self.prompt(f"You need to install the latest Python version ({release['latest']})")
-                    elif latest_version == cur_version:
-                        logger.info(f"Verified that the latest Python version ({release['latest']}) is installed")
-                        return
-
-        logger.error("Could not verify that the latest Python version is installed")
-
-
    @QABase.task("Install and Run Docker Desktop", ref=REF_BUILD)
    def install_docker(self):
        logger.info("Checking if Docker Desktop is installed and running")
@ -842,16 +816,12 @@ class QAWindows(QABase):
    )
    def install_poetry(self):
        self.run("python", "-m", "pip", "install", "poetry")
-        self.run("poetry", "install", "--sync")
+        self.run("poetry", "install")

    @QABase.task("Build Dangerzone container image", ref=REF_BUILD, auto=True)
    def build_image(self):
        self.run("python", r".\install\common\build-image.py")

-    @QABase.task("Download Tesseract data", ref=REF_BUILD, auto=True)
-    def download_tessdata(self):
-        self.run("python", r".\install\common\download-tessdata.py")
-
    @QABase.task("Run tests", ref="REF_BUILD", auto=True)
    def run_tests(self):
        # NOTE: Windows does not have Makefile by default.
@ -868,11 +838,9 @@ class QAWindows(QABase):
        return "windows"

    def start(self):
-        self.install_python()
        self.install_docker()
        self.install_poetry()
        self.build_image()
-        self.download_tessdata()
        self.run_tests()
        self.build_dangerzone_exe()

@ -1037,10 +1005,6 @@ class QAFedora(QALinux):
        )


-class QAFedora41(QAFedora):
-    VERSION = "41"
-
-
 class QAFedora40(QAFedora):
    VERSION = "40"