92d7bd6bee
Create a `dodo.py` file where we define the dependencies and targets of
each release task, as well as how to run it. Currently, we have
automated all of our Linux and macOS tasks, except for adding Linux
packages to the respective APT/YUM repos.
The tasks we have automated follow below:
build_image Build the container image using ./install/common/build-image.py
check_container_runtime Test that the container runtime is ready.
clean_container_runtime Clean the storage space of the container runtime.
clean_prompt Make sure that the user really wants to run the clean tasks.
debian_deb Build a Debian package for Debian Bookworm.
debian_env Build a Debian Bookworm dev environment.
download_tessdata Download the Tesseract data using ./install/common/download-tessdata.py
fedora_env Build Fedora dev environments.
fedora_env:40 Build Fedora 40 dev environments
fedora_env:41 Build Fedora 41 dev environments
fedora_rpm Build Fedora packages for every supported version.
fedora_rpm:40 Build a Fedora 40 package
fedora_rpm:40-qubes Build a Fedora 40 package for Qubes
fedora_rpm:41 Build a Fedora 41 package
fedora_rpm:41-qubes Build a Fedora 41 package for Qubes
git_archive Build a Git archive of the repo.
init_release_dir Create a directory for release artifacts.
macos_build_dmg Build the macOS .dmg file for Dangerzone.
macos_check_cert Test that the Apple developer certificate can be used.
macos_check_system Run macOS specific system checks, as well as the generic ones.
poetry_install Setup the Poetry environment
Closes #1016
|
||
|---|---|---|
| .github | ||
| assets | ||
| dangerzone | ||
| debian | ||
| dev_scripts | ||
| docs | ||
| install | ||
| qubes | ||
| share | ||
| tests | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .grype.yaml | ||
| BUILD.md | ||
| CHANGELOG.md | ||
| Dockerfile | ||
| dodo.py | ||
| INSTALL.md | ||
| LICENSE | ||
| Makefile | ||
| poetry.lock | ||
| pyproject.toml | ||
| QA.md | ||
| README.md | ||
| RELEASE.md | ||
| setup-windows.py | ||
| setup.py | ||
Dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
 |
 |
|---|
Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, outside of the sandbox, Dangerzone takes this pixel data and converts it back into a PDF.
Read more about Dangerzone in the official site.
Getting started
Follow the instructions for each platform:
Some features
- Sandboxes don't have network access, so if a malicious document can compromise one, it can't phone home
- Sandboxes use gVisor, an application kernel written in Go, that implements a substantial portion of the Linux system call interface.
- Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again
- Dangerzone compresses the safe PDF to reduce file size
- After converting, Dangerzone lets you open the safe PDF in the PDF viewer of your choice, which allows you to open PDFs and office docs in Dangerzone by default so you never accidentally open a dangerous document
Dangerzone can convert these types of document into safe PDFs:
- PDF (
.pdf) - Microsoft Word (
.docx,.doc) - Microsoft Excel (
.xlsx,.xls) - Microsoft PowerPoint (
.pptx,.ppt) - ODF Text (
.odt) - ODF Spreadsheet (
.ods) - ODF Presentation (
.odp) - ODF Graphics (
.odg) - Hancom HWP (Hangul Word Processor) (
.hwp,.hwpx)- Not supported on Qubes OS
- EPUB (
.epub) - Jpeg (
.jpg,.jpeg) - GIF (
.gif) - PNG (
.png) - SVG (
.svg) - other image formats (
.bmp,.pnm,.pbm,.ppm)
Dangerzone was inspired by Qubes trusted PDF, but it works in non-Qubes operating systems. It uses containers as sandboxes instead of virtual machines (using Docker for macOS and Windows, and podman on Linux).
Set up a development environment by following these instructions.
License and Copyright
Licensed under the AGPLv3: https://opensource.org/licenses/agpl-3.0
Copyright (c) 2022-2024 Freedom of the Press Foundation and Dangerzone contributors Copyright (c) 2020-2021 First Look Media
See also
- GIJN Toolbox: Cutting-Edge — and Free — Online Investigative Tools You Can Try Right Now
- When security matters: working with Qubes OS at the Guardian
FAQ
Has Dangerzone received a security audit?
Yes, Dangerzone received its first security audit by Include Security in December 2023. The audit was generally favorable, as it didn't identify any high-risk findings, except for 3 low-risk and 7 informational findings.
"I'm experiencing an issue while using Dangerzone."
Dangerzone gets updates to improve its features and to fix problems. So, updating may be the simplest path to resolving the issue which brought you here. Here is how to update:
- Check which version of Dangerzone you are currently using: run Dangerzone, then look for a series of numbers to the right of the logo within the app. The format of the numbers will look similar to
0.4.1 - Now find the latest available version of Dangerzone: go to the download page. Look for the version number displayed. The number will be using the same format as in Step 1.
- Is the version on the Dangerzone download page higher than the version of your installed app? Go ahead and update.