Rewrite in Python 3.7

.pylintrc

@@ -0,0 +1,22 @@
+[MASTER]
+persistent=no
+ignore=qubespdfconverter/tests
+
+[MESSAGES CONTROL]
+disable=
+  bad-continuation,
+  bare-except,
+  blacklisted-name,
+  deprecated-method,
+  duplicate-code,
+  expression-not-assigned,
+  file-ignored,
+  fixme,
+  invalid-name,
+  locally-disabled,
+  locally-enabled,
+  missing-docstring,
+  protected-access,
+  too-few-public-methods,
+  unused-argument,
+  wrong-import-order

.travis.yml

@@ -1,8 +1,14 @@
 sudo: required
 dist: bionic
-language: generic
-install: git clone https://github.com/QubesOS/qubes-builder ~/qubes-builder
-script: ~/qubes-builder/scripts/travis-build
+language: python
+python:
+ - '3.7'
+install:
+ - git clone https://github.com/QubesOS/qubes-builder ~/qubes-builder
+ - pip install --quiet -r ci/requirements.txt
+script:
+ - python3 -m pylint --rcfile=.pylintrc qubespdfconverter
+ - ~/qubes-builder/scripts/travis-build
 env:
  - DIST_DOM0=fc25 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
  - DISTS_VM=fc30 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
@@ -11,8 +17,3 @@ env:
  - DISTS_VM=buster USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
  - DIST_DOM0=fc31 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
  - DISTS_VM=bullseye USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
-
-jobs:
-  include:
-    - script:
-      - shellcheck qpdf-convert-client qpdf-convert-server

Makefile

@@ -19,68 +19,13 @@
 #
 #
 
-RPMS_DIR=rpm/
-VERSION := $(shell cat version)
-
-help:
-	@echo "Qubes addons main Makefile:" ;\
-	    echo "make rpms                 <--- make rpms and sign them";\
-	    echo; \
-	    echo "make clean                <--- clean all the binary files";\
-	    echo "make update-repo-current  <-- copy newly generated rpms to qubes yum repo";\
-	    echo "make update-repo-current-testing <-- same, but for -current-testing repo";\
-	    echo "make update-repo-unstable <-- same, but to -testing repo";\
-	    echo "make update-repo-installer -- copy dom0 rpms to installer repo"
-	    @exit 0;
-
-rpms: rpms-vm
-
-rpms-dom0:
-	rpmbuild --define "_rpmdir rpm/" -bb rpm_spec/qpdf-converter-dom0.spec
-	rpm --addsign rpm/x86_64/qubes-pdf-converter-dom0*$(VERSION)*.rpm
-
-rpms-vm:
-	rpmbuild --define "_rpmdir rpm/" -bb rpm_spec/qpdf-converter.spec
-	rpm --addsign rpm/x86_64/qubes-pdf-converter*$(VERSION)*.rpm
-
-update-repo-current:
-	for vmrepo in ../yum/current-release/current/vm/* ; do \
-		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter*$(VERSION)*$$dist*.rpm $$vmrepo/rpm/ ;\
-	done
-	ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter-dom0-*$(VERSION)*.rpm ../yum/current-release/current/dom0/rpm/
-
-update-repo-current-testing:
-	for vmrepo in ../yum/current-release/current-testing/vm/* ; do \
-		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter*$(VERSION)*$$dist*.rpm $$vmrepo/rpm/ ;\
-	done
-	ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter-dom0-*$(VERSION)*.rpm ../yum/current-release/current-testing/dom0/rpm/
-
-update-repo-unstable:
-	for vmrepo in ../yum/current-release/unstable/vm/* ; do \
-		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter*$(VERSION)*$$dist*.rpm $$vmrepo/rpm/ ;\
-	done
-	ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter-dom0-*$(VERSION)*.rpm ../yum/current-release/unstable/dom0/rpm/
-
-update-repo-template:
-	for vmrepo in ../template-builder/yum_repo_qubes/* ; do \
-		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter*$(VERSION)*$$dist*.rpm $$vmrepo/rpm/ ;\
-	done
-
-update-repo-installer:
-	ln -f $(RPMS_DIR)/x86_64/qubes-pdf-converter-dom0-*$(VERSION)*.rpm ../installer/yum/qubes-dom0/rpm/
-
 build:
 	make manpages -C doc
 
 install-vm:
 	make install -C doc
-	install -D qvm-convert-pdf $(DESTDIR)/usr/bin/qvm-convert-pdf
-	install -D qpdf-convert-client $(DESTDIR)/usr/lib/qubes/qpdf-convert-client
-	install -D qpdf-convert-server $(DESTDIR)/usr/lib/qubes/qpdf-convert-server
+	install -D qubespdfconverter/client.py $(DESTDIR)/usr/bin/qvm-convert-pdf
+	install -D qubespdfconverter/server.py $(DESTDIR)/usr/lib/qubes/qpdf-convert-server
 	install -d $(DESTDIR)/etc/qubes-rpc
 	ln -s ../../usr/lib/qubes/qpdf-convert-server $(DESTDIR)/etc/qubes-rpc/qubes.PdfConvert
 	install -D qvm-convert-pdf.gnome $(DESTDIR)/usr/lib/qubes/qvm-convert-pdf.gnome
@@ -90,7 +35,8 @@ install-vm:
 	install -m 0644 qvm-convert-pdf.desktop $(DESTDIR)/usr/share/kde4/services
 
 install-dom0:
-	python2 setup.py install -O1 --root $(DESTDIR)
 	python3 setup.py install -O1 --root $(DESTDIR)
 
 clean:
+	rm -rf debian/changelog.*
+	rm -rf pkgs

README.md

@@ -1,32 +1,30 @@
 Qubes PDF Converter
 ====================
 
-Qubes PDF converter is a [Qubes](https://qubes-os.org) Application, which
-utilizes Qubes flexible qrexec (inter-VM communication) infrastructure and
-Disposable VMs to perform conversion of potentially untrusted (e.g. maliciously
-malformed) PDF files into safe-to-view PDF files.
-
-This is done by having the Disposable VM perform the complex (and potentially
-buggy) rendering of the PDF in question) and sending the resulting RGB bitmap
-(simple representation) to the client AppVM. The client AppVM can _trivially_
-verify the received data are indeed the simple representation, and then
-construct a new PDF out of the received bitmap. Of course the price we pay for
-this conversion is loosing any structural information and text-based search in
-the converted PDF.
-
-More discussion and introduction of the concept has been described in the
-original article
+Qubes PDF converter is a [Qubes](https://qubes-os.org) Application that
+utilizes Disposable VMs and Qubes' flexible qrexec (inter-VM communication)
+infrastructure to securely convert potentially untrusted PDF files into
+safe-to-view PDF files.
+
+This is done by having a Disposable VM render each page of a PDF file into a
+very simple representation (RGB bitmap) that (presumably) leaves no room for
+malicious code. This representation is then sent back to the client AppVM which
+then constructs an entirely new PDF file out of the received bitmaps.
+
+More discussion of the concept has been described in the original article
 [here](http://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html).
 
 Usage
 ------
 
-    [user@varia ~]$ qvm-convert-pdf test.pdf
-    -> Sending file to remote VM...
-    -> Waiting for converted samples...
-    -> Receving page 8 out of 8...
-    -> Converted PDF saved as: ./test.trusted.pdf
-    -> Original file saved as /home/user/QubesUntrustedPDFs/test.pdf
+    [user@domU ~]$ qvm-convert-pdf file1.pdf file2.pdf file3.pdf
+    :: Sending files to Disposable VMs...
+
+     file1.pdf...done
+     file2.pdf...fail
+     file3.pdf...done
+
+    Total Sanitized Files: 2/3
 
 Authors
 ---------

ci/requirements.txt

@@ -0,0 +1,6 @@
+# WARNING: those requirements are used only for travis-ci.org
+# they SHOULD NOT be used under normal conditions; use system package manager
+click
+pillow
+pylint
+tqdm

debian/qubes-pdf-converter.install

@@ -1,4 +1,3 @@
-usr/lib/qubes/qpdf-convert-client
 usr/lib/qubes/qpdf-convert-server
 etc/qubes-rpc/qubes.PdfConvert
 usr/bin/qvm-convert-pdf

doc/qvm-convert-pdf.rst

@@ -4,27 +4,28 @@ QVM-CONVERT-PDF(1)
 
 NAME
 ====
-qvm-convert-pdf - converts a potentially untrusted pdf to a safe-to-view pdf
+qvm-convert-pdf - converts potentially untrusted PDFs to a safe-to-view PDF
 
 SYNOPSIS
 ========
-| qvm-convert-pdf <pdf to convert>
+| qvm-convert-pdf <PDF to convert ...>
 
 DESCRIPTION
 ===========
 
-Qubes PDF converter is a Qubes Application, which utilizes Qubes flexible qrexec
-(inter-VM communication) infrastructure and Disposable VMs to perform conversion
-of potentially untrusted (e.g. maliciously malformed) PDF files into
-safe-to-view PDF files.
+Qubes PDF converter is a Qubes Application that utilizes Qubes' flexible qrexec
+(inter-VM communication) infrastructure and Disposable VMs to securely convert
+potentially untrusted (e.g. maliciously malformed) PDF files into safe-to-view
+PDF files.
 
-This is done by having the Disposable VM perform the complex (and potentially
-buggy) rendering of the PDF in question) and sending the resulting RGB bitmap
-(simple representation) to the client AppVM. The client AppVM can _trivially_
-verify the received data are indeed the simple representation, and then
-construct a new PDF out of the received bitmap. Of course the price we pay for
-this conversion is loosing any structural information and text-based search in
-the converted PDF.
+This is done by having a Disposable VM render each page of a PDF file into a 
+very simple representation (RGB bitmap) that (presumably) leaves no room for 
+malicious code. This representation is then sent back to the client AppVM which 
+then constructs an entirely new PDF file out of the received bitmaps.
+
+Of course, the price we pay for this conversion is an increase in file size and 
+the loss of any structural information or text-based search in the converted 
+PDF.
 
 AUTHORS
 =======