dangerzone/BUILD.md

Development environment

Debian/Ubuntu

Install dependencies:

sudo apt install -y podman dh-python build-essential fakeroot make libqt5gui5 \
    pipx python3 python3-dev python3-stdeb python3-all

Install Poetry using pipx (recommended) and add it to your $PATH:

(See also a list of alternative installation methods)

pipx ensurepath
pipx install poetry

After this, restart the terminal window, for the poetry command to be in your $PATH.

Change to the dangerzone folder, and install the poetry dependencies:

Note

: due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

poetry install

Build the latest container:

./install/linux/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

Create a .deb:

./install/linux/build-deb.py

Fedora

Install dependencies:

sudo dnf install -y rpm-build podman python3 pipx qt5-qtbase-gui

Install Poetry using pipx:

pipx install poetry

Change to the dangerzone folder, and install the poetry dependencies:

Note

: due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

poetry install

Build the latest container:

./install/linux/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

Create a .rpm:

./install/linux/build-rpm.py

Qubes OS

📝 Expand this section if you want to use containers instead of disposable qubes.

Create a Debian or Fedora-based development standalone qube with at least 8GB of private storage space, and follow the relevant instructions above for the respective template.

Remember to set the environment variable DZ_USE_CONTAINERS=1, before executing Dangerzone.

Over time, you may need to increase disk space or prune outdated container images if you run into build issues on this VM.

⚠️ Native Qubes support is in alpha stage, so the instructions below require switching between qubes, and are subject to change.

Initial Setup

The following steps must be completed once. Make sure you run them in the specified qubes.

In dom0

1. Create a new Fedora template (fedora-37-dz) for Dangerzone development:

   qvm-clone fedora-37 fedora-37-dz
   

   💡 Alternatively, you can use your base Fedora 37 template in the following instructions. In that case, replace fedora-37-dz with fedora-37 in the steps below.

2. Create a disposable, offline app qube (dz-dvm), based on the fedora-37-dz template. This will be the qube where the documents will be sanitized:

   qvm-create --class AppVM --label red --template fedora-37-dz \
       --prop netvm="" --prop template_for_dispvms=True \
       dz-dvm
   

3. Create an app qube (dz) that will be used for Dangerzone development and initiating the sanitization process:

   qvm-create --class AppVM --label red --template fedora-37-dz dz
   

   💡 Alternatively, you can use a different app qube for Dangerzone development. In that case, replace dz with the qube of your choice in the steps below.

4. Add an RPC policy (/etc/qubes/policy.d/50-dangerzone.policy) that will allow launching a disposable qube (dz-dvm) when Dangerzone converts a document, with the following contents:

   dz.Convert         *       @anyvm       @dispvm:dz-dvm  allow
   dz.ConvertDev      *       @anyvm       @dispvm:dz-dvm  allow
   

In the fedora-37-dz template

1. Install dependencies:

   sudo dnf install -y rpm-build pipx qt5-qtbase-gui libreoffice python3-magic \
       tesseract*
   

2. Shutdown the fedora-37-dz template:

   shutdown -h now
   

In the dz app qube

1. Clone the Dangerzone project:

   git clone https://github.com/freedomofpress/dangerzone
   

2. Install Poetry using pipx:

   pipx install poetry
   

3. Change to the dangerzone folder, and install the poetry dependencies:

   poetry install
   

   Note

   : due to an issue with poetry, if it prompts for your keyring, disable the keyring with keyring --disable and run the command again.

4. Change to the dangerzone folder and copy the Qubes RPC calls into the template for the disposable qube that will be used for document sanitization (dz-dvm):

   qvm-copy-to-vm dz-dvm qubes/
   

In the dz-dvm template

1. Create the directory that will contain the Dangerzone RPC calls, if it does not exist already:

   sudo mkdir -p /rw/usrlocal/etc/qubes-rpc/
   

2. Move the files we copied in the previous step to their proper place:

   sudo cp ~/QubesIncoming/dz/qubes/* /rw/usrlocal/etc/qubes-rpc/
   

3. Shutdown the dz-dvm template:

   shutdown -h now
   

Developing Dangerzone

From here on, developing Dangerzone is similar as in other Linux platforms. You can run the following commands in the dz app qube:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

Create a .rpm:

./install/linux/build-rpm.py --qubes

For changes in the server side components, you can simply edit them locally, and they will be mirrored to the disposable qube through the dz.ConvertDev RPC call.

The only reason to update the fedora-37-dz template from there on is if:

1. The project requires new server-side components.
2. The code for dz.ConvertDev needs to be updated. Copy the updated file as we've shown in the steps above.

Installing Dangerzone system-wide

If you want to test the .rpm you just created, you can do the following:

On the dz app cube, copy the built dangerzone.rpm to fedora-37-dz template:

qvm-copy-to-vm fedora-37-dz dist/dangerzone*.noarch.rpm

On the fedora-37-dz template, install the copied .rpm:

sudo dnf install -y ~/QubesIncoming/dz/dangerzone-*.rpm

Shutdown the fedora-37-dz template and the dz app qube, and then you can refresh the applications on the dz qube, find Dangerzone in the list, and use it to convert a document.

macOS

Install Docker Desktop. Make sure to choose your correct CPU, either Intel Chip or Apple Chip.

Install the latest version of Python 3.10 from python.org, and make sure /Library/Frameworks/Python.framework/Versions/3.10/bin is in your PATH.

Install Python dependencies:

python3 -m pip install poetry
poetry install

Install Homebrew dependencies:

brew install create-dmg

Build the dangerzone container image:

./install/macos/build-image.sh

Run from source tree:

# start a shell in the virtual environment
poetry shell

# run the CLI
./dev_scripts/dangerzone-cli --help

# run the GUI
./dev_scripts/dangerzone

To create an app bundle, use the build_app.py script:

poetry run ./install/macos/build-app.py

If you want to build for distribution, you'll need a codesigning certificate, and then run:

poetry run ./install/macos/build-app.py --with-codesign

The output is in the dist folder.

Windows

Install Docker Desktop.

Install the latest version of Python 3.10 (64-bit) from python.org. Make sure to check the "Add Python 3.10 to PATH" checkbox on the first page of the installer.

Install Microsoft Visual C++ 14.0 or greater. Get it with "Microsoft C++ Build Tools" and make sure to select "Desktop development with C++" when installing.

Install poetry. Open PowerShell, and run:

python -m pip install poetry

Change to the dangerzone folder, and install the poetry dependencies:

poetry install

Build the dangerzone container image:

python .\install\windows\build-image.py

After that you can launch dangerzone during development with:

# start a shell in the virtual environment
poetry shell

# run the CLI
.\dev_scripts\dangerzone-cli.bat --help

# run the GUI
.\dev_scripts\dangerzone.bat

If you want to build the installer

• Go to https://dotnet.microsoft.com/download/dotnet-framework and download and install .NET Framework 3.5 SP1 Runtime. I downloaded dotnetfx35.exe.
• Go to https://wixtoolset.org/releases/ and download and install WiX toolset. I downloaded wix311.exe.
• Add C:\Program Files (x86)\WiX Toolset v3.11\bin to the path (instructions).

If you want to sign binaries with Authenticode

You'll need a code signing certificate.

To make a .exe

Open a command prompt, cd into the dangerzone directory, and run:

poetry run python .\setup-windows.py build

In build\exe.win32-3.10\ you will find dangerzone.exe, dangerzone-cli.exe, and all supporting files.

To build the installer

Note that you must have a codesigning certificate installed in order to use the install\windows\build-app.bat script, because it codesigns dangerzone.exe, dangerzone-cli.exe and Dangerzone.msi.

poetry run .\install\windows\build-app.bat

When you're done you will have dist\Dangerzone.msi.