This section documents the release process. Unless you're a dangerzone developer making a release, you'll probably never need to follow it.
Before making a release, all of these should be complete:
- Copy the checkboxes from these instructions onto a new issue and call it QA and Release version <VERSION>
- Add new Linux platforms and remove obsolete ones
- Bump the Python dependencies using
poetry lock
- Check for official PySide6 versions
- Update
version
inpyproject.toml
- Update
share/version.txt
- Update the "Version" field in
install/linux/dangerzone.spec
- Bump the Debian version by adding a new changelog entry in
debian/changelog
- Update screenshot in
README.md
, if necessary - CHANGELOG.md should be updated to include a list of all major changes since the last release
Our currently supported Linux OSes are Debian, Ubuntu, Fedora (we treat Qubes OS as a special case of Fedora, release-wise). For each of these platforms, we need to check if a new version has been added, or if an existing one is now EOL (https://endoflife.date/ is handy for this purpose).
In case of a new version (beta, RC, or official release):
- Add it in our CI workflows, to test if that version works.
- See
.circleci/config.yml
and.github/workflows/ci.yml
, as well asdev_scripts/env.py
anddev_scripts/qa.py
.
- See
- Do a test of this version locally with
dev_scripts/qa.py
. Focus on the GUI part, since the basic functionality is already tested by our CI workflows. - Add the new version in our
INSTALL.md
document, and drop a line in ourCHANGELOG.md
. - If that version is a new stable release, update the
RELEASE.md
andBUILD.md
files where necessary. - Send a PR with the above changes.
In case of an EOL version:
- Remove any mention to this version from our repo.
- Consult the previous paragraph, but also
grep
your way around.
- Consult the previous paragraph, but also
- Add a notice in our
CHANGELOG.md
about the version removal.
PySide6 6.7.0 is available from the Fedora Rawhide repo, and we expect that a similar version will be pushed soon to the rest of the stable releases. Prior to a release, we should check if this has happened already. Once this happens, we should update our CI tests accordingly, and remove this notice.
For more info, read: freedomofpress/maint-dangerzone-pyside6#5
Parallel to the QA process, the release candidate should be put through the large document tests in a dedicated machine to run overnight.
Follow the instructions in docs/developer/TESTING.md
to run the tests.
These tests will identify any regressions or progression in terms of document coverage.
To ensure that new releases do not introduce regressions, and support existing and newer platforms, we have to do the following:
- Make sure that the tip of the
main
branch passes the CI tests. - Make sure that the Apple account has a valid application password and has agreed to the latest Apple terms (see macOS release section).
- Create a test build in Windows and make sure it works:
- Check if the suggested Python version is still supported.
- Create a new development environment with Poetry.
- Build the container image and ensure the development environment uses the new image.
- Run the Dangerzone tests.
- Build and run the Dangerzone .exe
- Test some QA scenarios (see Scenarios below).
- Create a test build in macOS (Intel CPU) and make sure it works:
- Check if the suggested Python version is still supported.
- Create a new development environment with Poetry.
- Build the container image and ensure the development environment uses the new image.
- Run the Dangerzone tests.
- Create and run an app bundle.
- Test some QA scenarios (see Scenarios below).
- Create a test build in macOS (M1/2 CPU) and make sure it works:
- Check if the suggested Python version is still supported.
- Create a new development environment with Poetry.
- Build the container image and ensure the development environment uses the new image.
- Run the Dangerzone tests.
- Create and run an app bundle.
- Test some QA scenarios (see Scenarios below).
- Create a test build in the most recent Ubuntu LTS platform (Ubuntu 24.04
as of writing this) and make sure it works:
- Create a new development environment with Poetry.
- Build the container image and ensure the development environment uses the new image.
- Run the Dangerzone tests.
- Create a .deb package and install it system-wide.
- Test some QA scenarios (see Scenarios below).
- Create a test build in the most recent Fedora platform (Fedora 41 as of
writing this) and make sure it works:
- Create a new development environment with Poetry.
- Build the container image and ensure the development environment uses the new image.
- Run the Dangerzone tests.
- Create an .rpm package and install it system-wide.
- Test some QA scenarios (see Scenarios below).
- Create a test build in the most recent Qubes Fedora template (Fedora 40 as
of writing this) and make sure it works:
- Create a new development environment with Poetry.
- Run the Dangerzone tests.
- Create a Qubes .rpm package and install it system-wide.
- Ensure that the Dangerzone application appears in the "Applications" tab.
- Test some QA scenarios (see Scenarios below) and make sure they spawn disposable qubes.
(Only for MacOS / Windows)
Temporarily hide the Docker/Podman binaries, e.g., rename the docker
/
podman
binaries to something else. Then run Dangerzone. Dangerzone should
prompt the user to install Docker/Podman.
(Only for MacOS / Windows)
Stop the Docker Desktop application. Then run Dangerzone. Dangerzone should prompt the user to start Docker Desktop.
(Applies to Windows/MacOS)
Install the previous version of Dangerzone, downloaded from the website.
Open the Dangerzone application and enable some non-default settings. If there are new settings, make sure to change those as well.
Close the Dangerzone application and get the container image for that version. For example:
$ docker images dangerzone.rocks/dangerzone:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <image ID> <date> <size>
Then run the version under QA and ensure that the settings remain changed.
Afterwards check that new docker image was installed by running the same command and seeing the following differences:
$ docker images dangerzone.rocks/dangerzone:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <different ID> <newer date> <different size>
(Only for Linux)
Remove the Dangerzone container image from Docker/Podman. Then run Dangerzone. Dangerzone should install the container image successfully.
Run Dangerzone and make some changes in the settings (e.g., change the OCR language, toggle whether to open the document after conversion, etc.). Restart Dangerzone. Dangerzone should show the settings that the user chose.
Run Dangerzone and convert the tests/test_docs/sample_bad_pdf.pdf
document.
Dangerzone should fail gracefully, by reporting that the operation failed, and
showing the following error message:
The document format is not supported
Run Dangerzone against a list of documents, and tick all options. Ensure that:
- Conversions take place sequentially.
- Attempting to close the window while converting asks the user if they want to abort the conversions.
- Conversions are completed successfully.
- Conversions show individual progress in real-time (double-check for Qubes).
- (Only for Linux) The resulting files open with the PDF viewer of our choice.
- OCR seems to have detected characters in the PDF files.
- The resulting files have been saved with the proper suffix, in the proper location.
- The original files have been saved in the
unsafe/
directory.
Run Dangerzone against a set of documents that you drag-n-drop. Files should be added and conversion should run without issue.
Tip
On our end-user container environments for Linux, we can start a file manager
with thunar &
.
(Only for Windows and Linux)
Run Dangerzone CLI against a list of documents. Ensure that conversions happen sequentially, are completed successfully, and we see their progress.
(Only for Windows, MacOS and Qubes)
Go to a directory with office documents, right-click on one, and click on "Open With". We should be able to open the file with Dangerzone, and then convert it.
(Only for Qubes)
Check what errors does Dangerzone throw in the following scenarios. The errors should point the user to the Qubes notifications in the top-right corner:
- The
dz-dvm
template does not exist. We can trigger this scenario by temporarily renaming this template. - The Dangerzone RPC policy does not exist. We can trigger this scenario by
temporarily renaming the
dz.Convert
policy. - The
dz-dvm
disposable Qube cannot start due to insufficient resources. We can trigger this scenario by temporarily increasing the minimum required RAM of thedz-dvm
template to more than the available amount.
Once we are confident that the release will be out shortly, and doesn't need any more changes:
-
Create a PGP-signed git tag for the version, e.g., for dangerzone
v0.1.0
:git tag -s v0.1.0 git push origin v0.1.0
Note: release candidates are suffixed by
-rcX
.
Important
Because we don't have reproducible builds yet, building the Dangerzone container image in various platforms would lead to different container image IDs / hashes, due to different timestamps. To avoid this issue, we should build the final container image for x86_64 architectures on one platform, and then copy it to the rest of the platforms, before creating our .deb / .rpm / .msi / app bundles.
- Build machine must have:
- Apple-trusted
Developer ID Application: Freedom of the Press Foundation (94ZZGGGJ3W)
code-signing certificates installed
- Apple-trusted
- Apple account must have:
- A valid application password for
notarytool
in the Keychain. You can verify this by running:xcrun notarytool history --apple-id "<email>" --keychain-profile "dz-notarytool-release-key"
. If you don't find it, you can add it to the Keychain by runningxcrun notarytool store-credentials dz-notarytool-release-key --apple-id <email> --team-id <team ID>
with the respectiveemail
andteam ID
(the latter can be obtained here) - Agreed to any new terms and conditions. You can find those if you visit https://developer.apple.com and login with the proper Apple ID.
- A valid application password for
- Verify and install the latest supported Python version from
python.org (do not use the one from
brew as it is known to cause issues)
- In case of a new Python installation or minor version upgrade, e.g., from
3.11 to 3.12 , reinstall Poetry with
python3 -m pip install poetry
- You can verify the correct Python version is used with
poetry debug info
- In case of a new Python installation or minor version upgrade, e.g., from
3.11 to 3.12 , reinstall Poetry with
- Verify and checkout the git tag for this release
- Run
poetry install --sync
- On the silicon mac, build the container image:
Then copy the
python3 ./install/common/build-image.py
share/container.tar.gz
to the assets folder ondangerzone-$VERSION-arm64.tar.gz
, along with theshare/image-id.txt
file. - Run
poetry run ./install/macos/build-app.py
; this will makedist/Dangerzone.app
- Make sure that the build application works with the containerd graph driver (see #933)
- Run
poetry run ./install/macos/build-app.py --only-codesign
; this will makedist/Dangerzone.dmg
- You need to run this command as the account that has access to the code signing certificate
- You must run this command from the MacOS UI, from a terminal application.
- Notarize it:
xcrun notarytool submit --wait --apple-id "<email>" --keychain-profile "dz-notarytool-release-key" dist/Dangerzone.dmg
- You need to change the
<email>
in the above command with the email associated with the Apple Developer ID. - This command assumes that you have created, and stored in the Keychain, an
application password associated with your Apple Developer ID, which will be
used specifically for
notarytool
.
- You need to change the
- Wait for it to get approved:
- If it gets rejected, you should be able to see why with the same command
(or use the
log
option for a more verbose JSON output) - You will also receive an update in your email.
- If it gets rejected, you should be able to see why with the same command
(or use the
- After it's approved, staple the ticket:
xcrun stapler staple dist/Dangerzone.dmg
This process ends up with the final file:
dist/Dangerzone.dmg
Rename Dangerzone.dmg
to Dangerzone-$VERSION.dmg
.
The Windows release is performed in a Windows 11 virtual machine as opposed to a physical one.
- Download a VirtualBox VM image for Windows from here: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/ and import it into VirtualBox. Also install the Oracle VM VirtualBox Extension Pack.
- Install updates
- Install git for Windows from https://git-scm.com/download/win, and clone the dangerzone repo
- Follow the Windows build instructions in
BUILD.md
, except:- Don't install Docker Desktop (it won't work without nested virtualization)
- Install the Windows SDK from here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/ and add
C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool
to the path (you'll need it forsigntool.exe
) - You'll also need the Windows codesigning certificate installed on the VM
- Verify and checkout the git tag for this release
- Run
poetry install --sync
- Copy the container image into the VM
[!IMPORTANT] Instead of running
python .\install\windows\build-image.py
in the VM, run the build image script on the host (making sure to build forlinux/amd64
). Copyshare/container.tar.gz
andshare/image-id.txt
from the host into theshare
folder in the VM. Also, don't forget to add the supplementary image ID (see #933) inshare/image-id.txt
) - Run
poetry run .\install\windows\build-app.bat
- When you're done you will have
dist\Dangerzone.msi
Rename Dangerzone.msi
to Dangerzone-$VERSION.msi
.
[!INFO] Below we explain how we build packages for each Linux distribution we support.
There is also a
release.sh
script available which creates all the.rpm
and.deb
files with a single command.
Because the Debian packages do not contain compiled Python code for a specific Python version, we can create a single Debian package and use it for all of our Debian-based distros.
Create a Debian Bookworm development environment. You can follow the instructions in our build section, or create your own locally with:
./dev_scripts/env.py --distro debian --version bookworm build-dev
./dev_scripts/env.py --distro debian --version bookworm run --dev bash
cd dangerzone
Build the latest container:
python3 ./install/common/build-image.py
Create a .deb:
./install/linux/build-deb.py
Publish the .deb under ./deb_dist
to the
freedomofpress/apt-tools-prod
repo, by sending a PR. Follow the instructions in that repo on how to do so.
NOTE: This procedure will have to be done for every supported Fedora version.
In this section, we'll use Fedora 41 as an example.
Create a Fedora development environment. You can follow the instructions in our build section, or create your own locally with:
./dev_scripts/env.py --distro fedora --version 41 build-dev
./dev_scripts/env.py --distro fedora --version 41 run --dev bash
cd dangerzone
Build the latest container:
python3 ./install/common/build-image.py
Copy the container image to the assets folder on dangerzone-$VERSION-i686.tar.gz
.
Create a .rpm:
./install/linux/build-rpm.py
Publish the .rpm under ./dist
to the
freedomofpress/yum-tools-prod
repo, by sending a PR. Follow the instructions in that repo on how to do so.
Create a .rpm for Qubes:
./install/linux/build-rpm.py --qubes
and similarly publish it to the freedomofpress/yum-tools-prod
repo.
To publish the release:
-
Create an archive of the Dangerzone source in
tar.gz
format:-
You can use the following command:
export DZ_VERSION=$(cat share/version.txt) git archive --format=tar.gz -o dangerzone-${DZ_VERSION:?}.tar.gz --prefix=dangerzone/ v${DZ_VERSION:?}
-
-
Run container scan on the produced container images (some time may have passed since the artifacts were built)
gunzip --keep -c ./share/container.tar.gz > /tmp/container.tar docker pull anchore/grype:latest docker run --rm -v /tmp/container.tar:/container.tar anchore/grype:latest /container.tar
-
Collect the assets in a single directory, calculate their SHA-256 hashes, and sign them.
- You can use
./dev_scripts/sign-assets.py
, if you want to automate this task.
- You can use
-
Create a new draft release on GitHub and upload the macOS and Windows installers.
- Copy the release notes text from the template at
docs/templates/release-notes
- You can use
./dev_scripts/upload-asset.py
, if you want to upload an asset using an access token.
- Copy the release notes text from the template at
-
Upload the
container-$VERSION-i686.tar.gz
andcontainer-$VERSION-arm64.tar.gz
images that were created in the previous stepImportant: Make sure that it's the same container images as the ones that are shipped in other platforms (see our Pre-release section)
-
Upload the detached signatures (.asc) and checksum file.
-
Update the Dangerzone website to link to the new installers.
-
Update the brew cask release of Dangerzone with a PR like this one
-
Update version and download links in
README.md
- Toot release announcement on our mastodon account @dangerzone@fosstodon.org
- Extend the
check_repos.yml
CI test for the newly added platforms