QubesOS · neowutran · Oct 30, 2020 · Jul 16, 2020 · Jul 16, 2020 · Jul 16, 2020
diff --git a/.travis.yml b/.travis.yml
@@ -3,10 +3,9 @@ import:
   - source: QubesOS/qubes-continuous-integration:R4.1/travis-dom0-r4.1.yml
   - source: QubesOS/qubes-continuous-integration:R4.0/travis-dom0-r4.0.yml
   - source: QubesOS/qubes-continuous-integration:R4.1/travis-vms-r4.1.yml
-
 jobs:
   include:
-    - language: python
+      language: python
       python:
        - '3.7'
       install:

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 #
-# The Qubes OS Project, http://www.qubes-os.org
+# The Qubes OS Project, https://www.qubes-os.org
 #
 # Copyright (C) 2013  Joanna Rutkowska <[email protected]>
 #
@@ -20,12 +20,12 @@
 #
 
 PYTHON ?= python3
+PANDOC=pandoc -s -f markdown -t man
+NAME := convert-pdf
 
-build:
-	make manpages -C doc
-
-install-vm:
-	make install -C doc
+install-vm: build
+	install -d $(DESTDIR)/usr/share/man/man1
+	install -D qvm-$(NAME).1.gz $(DESTDIR)/usr/share/man/man1/
 	$(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --root $(DESTDIR)
 	install -d $(DESTDIR)/etc/qubes-rpc
 	ln -s ../../usr/lib/qubes/qpdf-convert-server $(DESTDIR)/etc/qubes-rpc/qubes.PdfConvert
@@ -41,6 +41,15 @@ install-dom0:
 	rm -f $(DESTDIR)/usr/bin/qvm-convert-pdf
 	rm -f $(DESTDIR)/usr/lib/qubes/qpdf-convert-server
 
+qvm-$(NAME).1: README.md
+	$(PANDOC) $< > $@
+
+qvm-$(NAME).1.gz: qvm-$(NAME).1
+	gzip -f $<
+
+build: qvm-$(NAME).1.gz
+
 clean:
 	rm -rf debian/changelog.*
 	rm -rf pkgs
+	rm -f qvm-$(NAME).1.gz
diff --git a/Makefile.builder b/Makefile.builder
@@ -5,6 +5,7 @@ else ifeq ($(PACKAGE_SET),vm)
   ifeq ($(filter $(DIST), stretch jessie centos7),)
     DEBIAN_BUILD_DIRS := debian
     RPM_SPEC_FILES := rpm_spec/qpdf-converter.spec
+    ARCH_BUILD_DIRS := archlinux
   endif
 endif
 

diff --git a/README.md b/README.md
@@ -1,34 +1,64 @@
-Qubes PDF Converter
-====================
+% QVM-CONVERT-PDF(1) | User Commands
 
-Qubes PDF converter is a [Qubes](https://qubes-os.org) Application that
-utilizes Disposable VMs and Qubes' flexible qrexec (inter-VM communication)
-infrastructure to securely convert potentially untrusted PDF files into
+NAME
+===============
+qvm-convert-pdf - converts a potentially untrusted file to a safe-to-view pdf
+
+SYNOPSIS
+===============
+**qvm-convert-pdf** [_OPTION_]... [_FILE_]...
+
+DESCRIPTION
+==============
+Qubes PDF converter is a [Qubes](https://qubes-os.org) Application, which utilizes Qubes flexible qrexec
+(inter-VM communication) infrastructure and Disposable VMs to perform conversion
+of potentially untrusted (e.g. maliciously malformed) files into
 safe-to-view PDF files.
 
-This is done by having a Disposable VM render each page of a PDF file into a
-very simple representation (RGB bitmap) that (presumably) leaves no room for
-malicious code. This representation is then sent back to the client AppVM which
-then constructs an entirely new PDF file out of the received bitmaps.
+This is done by having the Disposable VM perform the complex (and potentially
+buggy) rendering of the PDF in question) and sending the resulting RGB bitmap
+(simple representation) to the client AppVM. The client AppVM can _trivially_
+verify the received data are indeed the simple representation, and then
+construct a new PDF out of the received bitmap. Of course the price we pay for
+this conversion is loosing any structural information and text-based search in
+the converted PDF.
+
+More discussion and introduction of the concept has been described in the original article [here](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html).
+
+OPTIONS
+=============
+**-b** SIZE, **`--`batch**=SIZE
+--------------------------------
+Maximum number of conversion tasks
+
+**-a** PATH, **`--`archive**=PATH
+----------------------------------
+Directory for storing archived files
+
+**-i**, **`--`in-place**
+-------------------------
+Replace original files instead of archiving them
 
-More discussion of the concept has been described in the original article
-[here](http://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html).
+**-g**, **`--`gui**
+---------------------
+Use a progress bar output understandable by zenity.
 
-Usage
-------
+**`--`help**
+-------------
+Show this message and exit.
 
-    [user@domU ~]$ qvm-convert-pdf file1.pdf file2.pdf file3.pdf
-    :: Sending files to Disposable VMs...
 
-     file1.pdf...done
-     file2.pdf...fail
-     file3.pdf...done
+CONFIGURATION
+===============
+To use a custom DisposableVM instead of the default one:
 
-    Total Sanitized Files: 2/3
+Let’s assume that this custom DisposableVM is called "web".
+In dom0, add new line in "/etc/qubes-rpc/policy/qubes.PdfConvert":
 
-Authors
----------
+**YOUR_CLIENT_VM_NAME @dispvm allow,target=@dispvm:web**
 
+AUTHOR
+============
 The original idea and implementation has been provided by Joanna Rutkowska. The
 project has been subsequently incorporated into [Qubes OS](https://qubes-os.org)
 and multiple other developers have contributed various fixes and improvements

diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD
@@ -0,0 +1,18 @@
+pkgname=(qubes-pdf-converter)
+pkgver=$(cat version)
+pkgrel=1
+arch=(x86_64)
+pkgdesc=$(grep "Summary:" ./rpm_spec/qpdf-converter.spec.in | sed 's/Summary://' | xargs)
+url=$(git remote get-url origin)
+license=(GPL)
+makedepends=(git pandoc python-setuptools)
+depends=(libreoffice graphicsmagick zenity poppler python-nautilus python-click python-pillow python-tqdm python-magic)
+
+build() {
+ ln -s "$srcdir"/../ "$srcdir/src"
+}
+package() {
+ cd src
+ make install-vm DESTDIR="$pkgdir/"
+}
+
diff --git a/ci/requirements.txt b/ci/requirements.txt
@@ -4,3 +4,4 @@ click
 pillow
 pylint
 tqdm
+file-magic
diff --git a/debian/compat b/debian/compat
@@ -1 +1 @@
-9
+10
diff --git a/debian/control b/debian/control
@@ -1,27 +1,25 @@
 Source: qubes-pdf-converter
 Section: admin
-Priority: extra
+Priority: optional
 Maintainer: Jason Mehring <[email protected]>
-Build-Depends:
- debhelper (>= 9~),
- dh-python,
- python3-setuptools,
- pandoc,
- quilt
-X-Python-Version: 2.7
-Standards-Version: 3.9.5
-Homepage: http://www.qubes-os.org
+Build-Depends: pandoc, python3-setuptools, debhelper (>= 9)
+# For the futures version of debian, delete the "compat" file, and add the line below in "Build-Depends"
+# debhelper-compat (= 12)
+Standards-Version: 4.5.0
+Homepage: https://github.com/QubesOS/qubes-app-linux-pdf-converter
 
 Package: qubes-pdf-converter
 Section: admin
 Architecture: any
-Depends:
+Depends: 
  poppler-utils,
- imagemagick,
+ libreoffice,
+ graphicsmagick,
  python3 (>= 3.7.0),
  python3-nautilus | python-nautilus,
  python3-click,
  python3-pillow,
  python3-tqdm,
+ python3-magic,
  ${misc:Depends}
 Description: The Qubes service for converting untrusted PDF files into trusted ones
diff --git a/debian/copyright b/debian/copyright
@@ -1,6 +1,6 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: qubes-pdf-converter
-Source: <http://www.qubes-os.org/>
+Source: <https://github.com/QubesOS/qubes-app-linux-pdf-converter>
 
 Files: *
 Copyright: 2014-2015 Qubes Developers
@@ -16,7 +16,7 @@ License: GPL-2+
  GNU General Public License for more details.
  .
  You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>
+ along with this program. If not, see <https://www.gnu.org/licenses/>
  .
  On Debian systems, the complete text of the GNU General
  Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
@@ -34,7 +34,7 @@ Copyright: 2015 Jason Mehring <[email protected]> License: GPL-2+
  GNU General Public License for more details.
  .
  You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>
+ along with this program. If not, see <https://www.gnu.org/licenses/>
  .
  On Debian systems, the complete text of the GNU General
  Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".

diff --git a/doc/Makefile b/doc/Makefile
diff --git a/doc/qvm-convert-pdf.rst b/doc/qvm-convert-pdf.rst
diff --git a/qubes.PdfConvert.policy b/qubes.PdfConvert.policy
@@ -1,6 +1,7 @@
 ## Note that policy parsing stops at the first match,
-## so adding anything below "$anyvm $anyvm action" line will have no effect
+## so adding anything below "@anyvm @anyvm action" line will have no effect
 
 ## Please use a single # to start your custom comments
 
-$anyvm $dispvm allow
+@anyvm @dispvm allow
+@anyvm @anyvm deny
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,4 @@ click @@
     pillow
     pylint
     tqdm
+    file-magic