From d1afe4c30a8ca4845e1c21ce7f287e09796463ff Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Mon, 29 Jan 2024 18:56:29 +0200 Subject: [PATCH] Fix Podman crashes due to old conmon version Switching from mounting files to writing to stdout has introduced some Podman crashes in specific environments (Ubuntu Jammy / Debian Bullseye) due to a conmon bug that affects version 2.0.25. Fixing it for various permutations of the environments we support requires the following: 1. CI tests: Install conmon from the oldstable-proposed-updates in our Debian Bullseye / Ubuntu Jammy dev/end-user environments. 2. Developers: Add a line in BUILD.md that suggests users to install conmon from the oldstable-proposed-updates repo, or some other repo they prefer. 3. End-user installations: We will build conmon for Ubuntu Jammy, and wait until the proposed updates repo gets merged in Debian Bullseye. Fixes #685 --- BUILD.md | 21 +++ dev_scripts/env.py | 36 +++++ dev_scripts/oldstable-pu-debian.sources | 4 + dev_scripts/oldstable-pu-ubuntu.sources | 193 ++++++++++++++++++++++++ dev_scripts/oldstable-pu.pref | 7 + dev_scripts/qa.py | 21 +++ 6 files changed, 282 insertions(+) create mode 100644 dev_scripts/oldstable-pu-debian.sources create mode 100644 dev_scripts/oldstable-pu-ubuntu.sources create mode 100644 dev_scripts/oldstable-pu.pref diff --git a/BUILD.md b/BUILD.md index f393d5507..323ca12db 100644 --- a/BUILD.md +++ b/BUILD.md @@ -4,6 +4,27 @@ Install dependencies: +
+ :memo: Expand this section if you are on Ubuntu 22.04 (Jammy). +
+ + The `conmon` version that Podman uses and Ubuntu Jammy ships, has a bug + that gets triggered by Dangerzone + (more details in https://github.com/freedomofpress/dangerzone/issues/685). + If you want to run Dangerzone from source, you are advised to install a + patched `conmon` version. A simple way to do so is to enable the Debian + Bullseye Proposed Updates repo, just for the `conmon` package: + + ```bash + sudo cp ./dev_scripts/oldstable-pu-ubuntu.sources /etc/apt/sources.list.d/ + sudo cp ./dev_scripts/oldstable-pu.pref /etc/apt/preferences.d/ + ``` + + Alternatively, you can install a `conmon` version higher than `v2.0.25` from + any repo you prefer. + +
+ ```sh sudo apt install -y podman dh-python build-essential fakeroot make libqt6gui6 \ pipx python3 python3-dev python3-stdeb python3-all diff --git a/dev_scripts/env.py b/dev_scripts/env.py index 67eb49ddc..31c6543ee 100755 --- a/dev_scripts/env.py +++ b/dev_scripts/env.py @@ -115,6 +115,14 @@ RUN touch /var/mail/ubuntu && chown ubuntu /var/mail/ubuntu && userdel -r ubuntu """ +# On Ubuntu Jammy / Debian Bullseye, use a different conmon version, as acquired from +# Debian's oldstable proposed updates. For more details, read: +# https://github.com/freedomofpress/dangerzone/issues/685 +DOCKERFILE_CONMON_UPDATE = r""" +COPY oldstable-pu.sources /etc/apt/sources.list.d/ +COPY oldstable-pu.pref /etc/apt/preferences.d/ +""" + # FIXME: Do we really need the python3-venv packages? DOCKERFILE_BUILD_DEV_DEBIAN_DEPS = r""" ARG DEBIAN_FRONTEND=noninteractive @@ -557,6 +565,11 @@ def build_dev(self, show_dockerfile=DEFAULT_SHOW_DOCKERFILE): # Ubuntu Jammy misses a dependency to `libxkbcommon-x11-0`, which we can # install indirectly via `qt6-qpa-plugins`. qt_deps += " qt6-qpa-plugins" + # Ubuntu Jammy and Debian Bullseye require a more up-to-date conmon + # package (see https://github.com/freedomofpress/dangerzone/issues/685) + install_deps = ( + DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEV_DEBIAN_DEPS + ) elif self.distro == "ubuntu" and self.version in ( "23.04", "23.10", @@ -569,6 +582,11 @@ def build_dev(self, show_dockerfile=DEFAULT_SHOW_DOCKERFILE): elif self.distro == "debian" and self.version in ("bullseye-backports",): # Debian Bullseye misses a dependency to libgl1. qt_deps += " libgl1" + # Ubuntu Jammy and Debian Bullseye require a more up-to-date conmon + # package (see https://github.com/freedomofpress/dangerzone/issues/685) + install_deps = ( + DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEV_DEBIAN_DEPS + ) install_deps = install_deps.format(qt_deps=qt_deps) @@ -586,6 +604,12 @@ def build_dev(self, show_dockerfile=DEFAULT_SHOW_DOCKERFILE): shutil.copy(git_root() / "pyproject.toml", build_dir) shutil.copy(git_root() / "poetry.lock", build_dir) shutil.copy(git_root() / "dev_scripts" / "storage.conf", build_dir) + if self.distro in ("debian", "ubuntu"): + shutil.copy(git_root() / "dev_scripts" / "oldstable-pu.pref", build_dir) + shutil.copy( + git_root() / "dev_scripts" / f"oldstable-pu-{self.distro}.sources", + build_dir / "oldstable-pu.sources", + ) with open(build_dir / "Dockerfile", mode="w") as f: f.write(dockerfile) @@ -636,6 +660,12 @@ def build( install_deps = ( DOCKERFILE_UBUNTU_2004_DEPS + DOCKERFILE_BUILD_DEBIAN_DEPS ) + elif (self.distro == "ubuntu" and self.version in ("22.04", "jammy")) or ( + self.distro == "debian" and self.version in ("bullseye-backports",) + ): + # Ubuntu Jammy and Debian Bullseye require a more up-to-date conmon + # package (see https://github.com/freedomofpress/dangerzone/issues/685) + install_deps = DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEBIAN_DEPS elif self.distro == "ubuntu" and self.version in ( "23.04", "23.10", @@ -664,6 +694,12 @@ def build( # Populate the build context. shutil.copy(package_src, package_dst) shutil.copy(git_root() / "dev_scripts" / "storage.conf", build_dir) + if self.distro in ("debian", "ubuntu"): + shutil.copy(git_root() / "dev_scripts" / "oldstable-pu.pref", build_dir) + shutil.copy( + git_root() / "dev_scripts" / f"oldstable-pu-{self.distro}.sources", + build_dir / "oldstable-pu.sources", + ) with open(build_dir / "Dockerfile", mode="w") as f: f.write(dockerfile) diff --git a/dev_scripts/oldstable-pu-debian.sources b/dev_scripts/oldstable-pu-debian.sources new file mode 100644 index 000000000..ba4e3da39 --- /dev/null +++ b/dev_scripts/oldstable-pu-debian.sources @@ -0,0 +1,4 @@ +Types: deb +URIs: http://deb.debian.org/debian/ +Suites: oldstable-proposed-updates +Components: main diff --git a/dev_scripts/oldstable-pu-ubuntu.sources b/dev_scripts/oldstable-pu-ubuntu.sources new file mode 100644 index 000000000..821c983ae --- /dev/null +++ b/dev_scripts/oldstable-pu-ubuntu.sources @@ -0,0 +1,193 @@ +Types: deb +URIs: http://deb.debian.org/debian/ +Suites: oldstable-proposed-updates +Components: main +# Taken from Debian 11's FTP master key: +# https://ftp-master.debian.org/keys.html +Signed-By: + -----BEGIN PGP PUBLIC KEY BLOCK----- + . + mQINBGAEHQwBEAC7MhpIQlLicwR8tmMH0yFkMIsqIbfudnBCuV043sSSSdUT/XjA + XKdsdOCpfb6Tfiau1uY9Yb8gWLM8JxmSuaIa1jKlYiRZ5G79D7NOVIcqBrqp3lzV + HShLEXs4421f0Y4bSMuDcY/cdmRt+S+qlJvqKLwAbyejyi1i1N39UfJtK/OdZfuP + Njz8VoWPgJff7CaIYYREo4QWzAnuq65gN6DP3q33vh5OcoZgMDR+toEKYyGqhjXI + YEJU9qYz/wpglyijbFoyS3jn0oCTHpS2NwKc01vBGVZpfR+DVSgDWWQHjlrSpb9E + 7bAxn2RfUZnQ6Sh3qcoihOjyI0RZ9ZYH8uQlur1JSS2n3/RxtCaV6uRtXDB5GuXj + NfqNsprZVhYYhBcX4z/4oMVim5ABkXwGNQMezrESHGq3oiIeJaBI5Oso2g/D1MIS + 2W5B6NzSTqB4CaGzZ+IY30vvkxhnIG7gr4y76FzcafdJKM1cH/XlFXjnSGQ6UmA0 + E6hpXnjsQWGPL7InpDYHFVl1dH2syHOqHUmEU8CcZayb6hVygnQHh7DlhsrtnrN8 + 4qEkuXfitC4Aqaq7lMflGB+ymphxBM+CC4OfiyvW2FDuzQAIWPVRwmKuKxMCRnPm + Sd+UPkyD0jm6yb1F2Fl8Y5T4lYOJJ9OfOpUz38LEqdVx0BosBn68shCwPwARAQAB + iQJOBB8BCgA4FiEEH4mYPgCB/eAY88yWc6Tye43UeTYFAmAEHQ8XDIABgOl28UpQ + ikjpyj/pvDciUsoc+WQCBwAACgkQc6Tye43UeTYUrg/+LEMuHp3zMwvR6zok7CAV + n6Wy2QNj7uNEvx7S4jmd8oMcjPZqkF5kjNso2iJs+l+6AeluoQq4b4gnCbGlarqB + Ee0BwKdHKo0eXcOzmx3XoJ7Gt4J+/iIrBANt4cXmvT6kyreq5unj4AkxQDDgeaBX + Ukkr7B0WtzZpRWyYhrHELlGEEdPSAgnIzmLYNXQT5cUrBwLawtn1IfC4SYpVfehW + +ltr+q7OlV18ggLxjsXTD4EppPGtUn9k8NYzMK6IB6NnDxT2pwCsJZzItxv9TU8m + VwchJ+NZ+EKCRgK3QfZkxEfXuZuxRdjyZp3ZYuq+1nT/7BRx1m/Skkj8/zrv/aFQ + iLi9uT3gqAG0PRZBgXbYDHGByTayZayZuW73lBV5dZyEpBEJ55DXgbnDk7rmKPDQ + itXpVvXEZVDo3xMaxu+XP/M3THz159ll3//8MgUKeQWw0wHYD9/iWSDmeo0i6XT+ + 6cQU3khJv7IvoiK5S6slOa2h3RRoNbtIHhtQVGz7Q5RfoVkczOeV4jo9eiJW3Q8V + 2SUhzI8WIIrEjdQJaG/gnDNM8dlO4gnvCfTQVThEtxkYEAWBreo2DfWsKwqi7ZJa + jMdpPGTIvU+pJwDY6i7zNuoHrkph1sgc8dYraX0VzjtfJYLMv0z+oTfdHkNKQ6s/ + zhCBw9V3a5w4UtIKaSKGUwiJAk4EHwEKADgWIQQfiZg+AIH94BjzzJZzpPJ7jdR5 + NgUCYAQdDxcMgAH7+r21QbXclVvZum7bFs9bsSUlxAIHAAAKCRBzpPJ7jdR5Nmn4 + EACMtvbnCpFKD+MzkF3b5ccFQLk03cC7sPzRipKsR1SoKKXV7Vcps2telPZPx88F + zjRoj3jBLtsFNELYvpFANFCLO1Nexv9a79sG8vYrhqKDLT6ecgSJDHbRl9DovAjl + VbAGsHBjbmV4J7o7F6xcXgB4t0DIObe2yU4oiCa+S4ku2p9a5ZPrKMJmbRg8EfwD + 2VVfw8KCycW977JV7MuihXYjjrHugI40h76+rTbKbuZLcTBxMsi1Dfx5rpLVYZgu + kMU0N9WwBdCC+x6WBQGmOFMDy15f0cuXYTjDuiZExFaSb04e9O6p3wf2vOjfsexF + IQIy9sXJ7KLfpZoULVzoUuAWgZfKxtH3D4imJ9jeiFKbPomeLpo7vsxfZ9W8UMRf + FCKUZG5kS6HKC00ThKD8qXCOz66Ypfy6BJvvTAKr32Y8lgQNqqu7DIntjNrmAJXY + SKlE5h+B/tVD5VdszimE1tEEcgf8lA19C3iqUTIle17w0WvhJgBITE+TP2SUiw4t + fWYQ55y4oUfJi4lJVck4PuV/ELzwlZmN2A8PSgj7JmivfEQhq+ANGRpnGJ7AvmhA + OsuPfakHmsiAdeo0EOIPy5hYFxWGZcFI8xX0ywMH9Kh4hS97oZInCeOsBfWGWUrL + 4NWogLYDIsdVLDxlDT+ZPnXzqlbtHhwuoniVpVWXH6sMbokCTgQfAQoAOBYhBB+J + mD4Agf3gGPPMlnOk8nuN1Hk2BQJgBB0PFwyAAYyCPe0QqoBBY54SEFrOjW4MFKRw + AgcAAAoJEHOk8nuN1Hk2QmcP/A1IBxQMUaPom/NzStJhOMibGUGgcCx306ioq3By + gu5L6Tfo5QoaJINj57Nee+0Dy2dHe9FCaMdv+Cl7cGL6egq6VyIhDyYef/edVRXa + ukzi/dUIW57704lDyudHKBy2KTbzY/WJBNOBXmRG76Q7vTxX4JOYv6whtd5ulyYn + om2KUlctOJ1sfNXg+D0QWo2XjhTkevdewME4aQEaPuJabAcfcr1LoR3Gnsw+l06h + BzuUn1kOMO37ocveGzwLshzIee2b0bhCcc2o2SH7R2xxGkAAleSeS3nXsn0qH/R+ + 3juQfwKqonmqF/dMx+JhcbIvGi8TfZ0vzhC3YJGqUdK12un0wFF0c0IHR3ZnbkvP + 4Fh+yThFgTxMhR3XiX27+n/ic/C1fm3pN0RnQabUHODlP0VgAVk2fwoa+rjZq+Xq + iwZe3qqfXDQrB6blF5/K9jyEaph3D9Ug7Z0wVyFJ8BBgN4+b1DaBRFt43vTOOx2u + VuRDqGjF/LuBAw97kphFK4e8xAkKfUzjygQqZRt8yFr2LvfaFyrBklEqZXDjCs2/ + +sZkS0e/EZ4T6yaUM2jPzt6MBM9A65VZE0LtvWTLQuvxpbdrwxDyOfqX9GW0RCAX + bz08y5h6EqBeBha0s5Mtdy0V4FgFNNTeTUR5GCTi+wWUkwni3aCOBPnEjHwCWYSs + uBLwiQJOBB8BCgA4FiEEH4mYPgCB/eAY88yWc6Tye43UeTYFAmAEHQ8XDIABMJkR + vqlm0GEwUwRXEbTl/xWw/YICBwAACgkQc6Tye43UeTY3wQ/+LjebzIjgcLJaFePu + VICRZdTjtyj0EEWDc3rjbYUhLH/oMMDt5wjvKaRiF5TixJdP+BqbYOaNbC1q1zSX + e3WKp7rKf3Y23A4ib6qpI8jiAG3vZRyki5yh4Upe3BsTlRHYVd4O4pWzNktv3NYw + xg0HHv6T7ZMs0oGT+ewQDbVpovWaiaaLgFPtFYrN2qPhi66J+K+QTNJdTpvWUQo1 + m92YRVlG2C7rx3Y1x2do5SM/vhRJ8Di9bMU0ZCXQGLoNedTEq/3OgjqPUUdEtcUw + f0jO/fPnaEhaqRDjtTteGNx21Iy5adM8otUw4XQmmDe7makdmYTi3LDTlOVkOyMl + nWQT4k601ySvnSmdRwUT7vOV7pqUnHPTklBwoWO99/N0DF524LW8/IobNuUyX8hk + Q70krpC7/suT7cq+l8Q45nJ1zTNnYNUdtLktB4MwQchedynsmPjGjADpqgCFF5gC + yY25RIJ/S2CBObE+z9Kx9s+CAvQyoTYVaQdwXmavybHpPmocXGJCBG0V6JAkJTpJ + DFNZM4MstcAltUH6JgNZ5YkKvDAzLBFXROvo0Se4xsEiMkhPixXqqtiITiynQIIg + Lgb9BQB9MxZ1FD1E5xC+ayMuD5W0gXGNQUNflaywJHIGTY66axrIVXPXhi6vhLWO + 8YYIsewgcR/rQDc9kc5SGBvDxs+JAk4EHwEKADgWIQQfiZg+AIH94BjzzJZzpPJ7 + jdR5NgUCYAQdDxcMgAHHT2rJ6TOzBn9S8z+kWexnFbBwXwIHAAAKCRBzpPJ7jdR5 + NhsQEACf8Cwrte2o8ZoUo6GhLasJF0Jkh0d5kC7utqxK3056ykRz4QcHmacWdYzT + hZoYtsSzM9UudclTgObbRnnGFZz9X+UlEzM/D1wgQ0uDbdaYbMpNtexChRnoYugn + gzhgcZI9kzWXLSGeRR13TVoqHFTRiDkl69OCxGf002MoSYKAqwUUoaBnb+uAoDFd + pj+UoFwKqcCiDUcZ00vXtfR62f8i/+kYHjVMMrE9kksk0Q8Q+cj8K2e7znaLD2hJ + Wre2ctLUX9HON2Xi+Dnw944GtbdVMIZjoTgeTphW+eGr8B3+WHYUoO1MHMb3eezB + ZSZHKbYLgPLv3qz6dm/VHVBR0MOSJu7y2ljDIb4XAvvam0btK/JeothXWgUr+ou3 + Bjc7YXH+Q4KYgJ1ALs34PmmyTaKmT3lpbI+3qyDcvx4yEGZJLE3hE9fuOwYLvtXC + c8+wxfLpRdQ7puuFTAL97i1eHGODj/ZZDmUivp1eUzjoRUTDyuvWOMVtC7D2CHai + +yRQVtN6uCinTwCnhlq/+B+MMrlEL92kNEvoVwVkGsogTupTiUy9DySk4b8iyKsy + thnwN2zCF+GfwjEDetXJnO4kLQGc0TX01TSLp4b9mqGXKKYZyp2tFOJm3+QtD4/1 + 4tpGFTZWqfLDzCNXUSXUQFTHUFcJ9guUJp653054YfJAIhl0VrRJRGViaWFuIEFy + Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICgxMS9idWxsc2V5ZSkgPGZ0cG1h + c3RlckBkZWJpYW4ub3JnPokCVAQTAQoAPhYhBB+JmD4Agf3gGPPMlnOk8nuN1Hk2 + BQJgBB0MAhsDBQkPCZwABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEHOk8nuN + 1Hk2o5oQALUciYUFb+EKd0pz5zDYpYTLxyzFk6d1mMVJCejG8ZiEJ5Jv6FVYMvDi + Gmku0yrIjnKe5vfPXGHOQO7WOBbge2M/VQcmQp/mkOEcvAz+2lF71dPHq7/RadJF + LmRxnvHhbDANl+lgO4LNWHEJRN7s29IJVBzrfOXAoDgVs4gKjVK5JC4qNA7be+TI + uQwyCQfWs6tmOpKaF578APfYdeao3kNZTe85ahUm6WrtVEBcQtv4TlxY0X4/5EBS + lhyNux12fvA/0/s/iB7Of+SFHbj7xZ/Ep4R1BxmX9cBFaNVUD9UQUkJLstMb0KnF + 75PRcohPjGnPN6cpeNwOX3D2zAwn7mGeRxJP3ttppV031HzzI5WBiKT6jCONNuHS + 6uw3yhfTD96OHOwhDG3ikmOh8jO7cqAP0Bdl1TICZ3RIMqMR/iYLFmLLrlqGI3OZ + IRMMJZe+7C8uFRHN/hX3Y2f41FC7lf+IKfTYL33x2CGzTlW0fQIz/cERkvHTIY+t + UjOvC518F/8Rq3+MAg0eoa/hQR9v7c4vFBzC7V3Ix8+A1MJq+E5aEqsy2vIBoVbM + Of5cjUy5q/bCq7HU5v/hr8gzQHArfvIYgkC/AXfWM17G3DR2fsUE+lyc2ReAneMr + /oqSl3u51ScSAHMeN6/6Le73aZ4yYwhPIS2M/KDf2wNURv/rMc0NiQIzBBABCgAd + FiEEgNFYI7f9FWH597zd3DDXwjy7q+4FAmAEHtsACgkQ3DDXwjy7q+40iQ//am8n + YLA4VOAw//lz8CMgk+Uyn5HS2t2aAdMvep5wAVPVGZZb5Wa5eoNh4Rg5GnurVvl2 + N0OXo57vD9vXHhJkooA3p/UaeVMRnilNgSWdphW1l4rRXFWCw6l8frLp0iVq4yOx + olOWTrWmpCYI+fgRrOknnaiqUS5+TH0a6RJtFJsO0x7wjPobdXhY6vfnhBIzdfnJ + /oH+EkYbXhtMNtpUT75bywtB12Bj6Y+CPbel7u9yMOwBK7R9t/56rpqF8WwExr9O + wJkmfgVkScy8SOBTv0Wv+jG9JSGZKVNqCATYnKga/QgOMuDmrIbIe+OMjgRhiSfc + zXBVWQ7Xd9DMzh5682+DEiK7cawBmpoGnJNkERR0P3uqn8vn+TYkEHpvNHQ0kISt + /9IIiI9BOX3aA26xaD3RMSldsCzq2n64Y3THwXX2hTT8FCYLSAlrdlaqVajsgAsJ + HimcbDnPVmYfq2YlBeEiRbdeeZijKO/OKmgKtSble3/7Z8JylyCIGsZzYu65ZYr3 + v5QfSRSmJYPsG/MvI1dMpiohBs9o4/JYrph6/ulgZVMaMqyWnAv7+MsBSApXPRi0 + 13k1oInnO+toUvFWh2NdoARKzCQnVf/xozkhSvyAbVTM58jTZQjsAVIOUAKixeRV + 7xR99VUoJYDrZKSewoE+cHkXWYPTf081wPBDdhWJAjMEEAEKAB0WIQReYbIXJl2p + gHojxf9N+rJwyqlt+gUCYAQfFwAKCRBN+rJwyqlt+oVSD/9nQjSynGhzlBF0817m + JNRH3m1eXEeWc5vbuEkMHTjphctidfhEgmC5Ay/DvJlN+HNhsLoYZb9It5vyhkPE + AM46UroQ4mcx9Sj/IuJNrUF7UBLGx9TWDx+7UQIA7/rCDnSdMfHkX1l/1KD8t7yi + sTXRiwWvIn6pEwlZQ6fUOgzy2emZU7l1UlWQI/kWFb2gmkgAb+/jStbjsIJIRaQC + WTvkasgU56vCu5oqb2/b2gUSX0MBTIboszEZxnZe1z15oX/RD/EU3zPr0w4wmN7v + dLBtqbFxbnuVhDAPJH4zRgPdTB9E/n0PeFE37OxqOlC4eQJMKrFr4yw1nn5O5HMe + nkRHnXWQHwMDSE8ZEQ5OB3BRC8J6eUz5hk0oUNepcag0h2DUDsvSes/Ogf0azipd + P3h2UCNrNqe6RXKO14JmR9028Lpps2LxOncjpoPKWw74zD10Ts3iO1IuCOc96Miv + Qtwbnu5pQhq/LyNKmXsIkMVv7oW0Ca/EuUl73UVXptwLyJJTEtFJgXibmY9NQ9aV + Ii7mJOLopR8bqYP3Esl8Uqtk/j2UsV+Tl/V4a2KgbpR0b4cmfGJA7SyrtBWRtVDS + KfzSvrZkvC9eAQdizTlcGM32r5jesNnui/HyBcRjX360gWzzMeOdEcHqRQ27qimg + Qk+PhMXfJ9thcG09Tri1Zt8rKIkCMwQQAQoAHRYhBKxTDVIPLzJp9emDE6SESQRK + rVxdBQJgBB/dAAoJEKSESQRKrVxd1WEQAKIOigIdl5WR/YqQrn7u8nXdU0ghMPNz + 9xTQvbIQC6f+A5Qk1Lwu6mD3keKEKu/aQ6wN1DSu86xAKwnW1ZRzcHJd1HVjpjNI + Q2j53KmPAtMjQSlzsUz1yfp1wSai4BGa9LbobIbC3nbtndiUmbYVtvn4fGa6k2Qh + tti+TzSy3wQ3lPEe3aVD+3BWr9F0kOO5f2N2Os6iaF4ZFffn99D5qry1K0sg3IBF + fLryUVkOUokHV5W5TaKfpvM71iJU/Sua6E0XvDiD6pXksqOVG3kQNqa7AEESzPHm + 2+X1XydUxFkXK41F/8z+mNOy1z5wYz3QfL9gp76IV48jjYNaIFCkq1jQOlOo7YDa + EvlKJPJ/0/eejI6mLJO/7irqYaSgYlCTe60SHLMjmx4rmYi0YEdgyEk9tnqnKvws + SYdPZdaC8Kl3VSM2lg7B6AFjD4NCvrBcbKgZBNx/NrUg5i88lHFmK3ErGyBSFNoL + VbEsaEzUm2Wml/S58XOlxB7vKSnVL26WfedqF/W/6jihABb0EN6I8Hraa7/V59dV + iKa1EmvEz64/C1J2nAb7cnNAPPnkdgwqrsBMcP6GXPpwOSA9U1tcHSFJfxuMuAY6 + nWns2e3cC6FpTHR9Tnnp+wpv53Nd0CYdo6jYngPPaPRvQSZo2PcYNF54lq8UaowZ + vm+emPRqJ59AiQIzBBABCgAdFiEEgOl28UpQikjpyj/pvDciUsoc+WQFAmAEIpMA + CgkQvDciUsoc+WQW0g//TDVm35jty3V7Dmql9P2ioDIbsTGb1RTGdIr1p4gLZTyA + 9jbJyVpEjyUwWHa/DbAWAOLYkuPjujFH80r439kKYvcbwNcA6I3P8nvdYIkgpxT6 + AyF8YA2lLWB6MWQy93Bm0R2fk7J7O1I7/uvBLjs3pbklhSyQsDSaPD9VE5jJ9zYw + FdYkSEqcOrC5XKqt9pp9e1y+QVTWViXvOch9l5NanA7fMEpO56xue0EYRnXcxfov + o0/unBuUcFJ7zwYmFTAicKlBWmErRcV3n8DcTbTF51ZyMHtkq30K/ZQb/f9LVSN8 + 1Om9gspAzRpUP/XB3IY6cnbpbIcxdgAphm8O8bhMjCztjfPK9zcwhmzAprW6f5S+ + vfl5ndGBhNkAcFdEJsODVVPYQNR+nxfUjfyZTl3/lEEpdhagkjkw2DPStpStGKDW + wNnmGs1RMNOKCZtnKI1s+oeBFxxnUFQ+/DYcjWz+t27QIAZNx2vGbND0JIjGebf2 + WFFpDXjqF7xaa0mRfCUtu7jyuNAAj3eg+fARserqRugyoHsu2QlGI24HGyHQO02e + ne6l7+n5Y3M3FtgsLRjPlKUP8gUO9xW3Bpi1+pnaSzbM85pK6dooH7tj6OF9pNXc + SMf1Fq0l1Fw/gEt+H3bX51i2eJkQfGcx3Fr+90ibVYsStFh/uXs6bH40M5q8kxyJ + AlUEEgEKAD8WIQT7+r21QbXclVvZum7bFs9bsSUlxAUCYAQyziEaaHR0cDovL2dw + Zy5nYW5uZWZmLmRlL3BvbGljeS50eHQACgkQ2xbPW7ElJcSndxAAiZFxjtM3OalP + J/VI8yF16lNHrHR1KMpSt9azMRMRvEx2B1LkNCxCFL+ZiIY4SgXdG8pt4nRNRUwO + h+mbPIxjTi6BU6jJbNEV/x0aZHMvthPXqzY5T3ZcfYxvvAm2PiOE/T37Vj5OAlkm + uEhBi9TA88wpjFiMzNvkhXxnjiezviAStsjADjqxJ8cipX4cTcoqt9A+ftdEp8Hk + qMWewMBLkRWizDFW7uXCFXGcLvi6FnXAOvi4CU6g/VUkDhExrqA0rRNXdmTJRNDC + WEGH9i/2vafMHziEpBWDCLESSxpjt2X0YAEWr/NSWRfiygVkl23mC+Cgs8N5QUUb + /w9BeO0kagaelCak28aHvfJRsdD7qObDlQdhWRWqXZlemEcHGyaMsVsZRDArPxe3 + y6OSeyR3c/cET/KalAsYhC7LL5YSjeVL8D7fgSpMahnmB09nmMztWFQ0XXMnvhBR + ZZfwM+GDeIxNhVUb+R1hgCibc/aMLZvzZXqF/urupWVAycVzqTD3vi5zrYFEZ0C6 + q+YzcHENHN0t2HyNlGFobiTmv0DQiuAu3Wcpor3zFAwaHIbZiq6jhesJOq4vAjVT + dVoYY/NhwSSe2EdaFuaDTh1CNnk0tpAKP/SxQ+3Odn7xQZ0wlKl4vFl3EiFv+dD+ + q0M2KlEjaoj/d8kunKPnO+A/kS1ene65Ag0EYAQdDAEQALxyG4hn47Yqk8SKE03a + vuNFlLP0NFWg149k7csVIDRZNygicf+6RSCZHSr6ep3gYIX/f8xsmqSyckznIerA + gCRmr5TDqs7SsGOIyMetOHol+soiJqggunmX6clkVFT2KAOecq/3A6uw4M3JNlvG + XeSRtsMlSHTdS0wK2m3n++VVr9tZ//NFlmnSnnAOAazomM3Od74Ne6fD9xRfFF9O + l4NS29oXqwJS5NpsCU0nfoxEEADFRVBmLiGFTbMN0LtBLzciznTsGvKsZNdBAafE + aNgW6RFYY+eTdlgQbdILwXuU7TE+n+AUhVaWsV0ldCjNlFdUhTde1ldTBfycpBF9 + 8hzdV1KguE3vpJW6xmPSrXgtHrBzFHMpMEBP59J5cRsoD4kJU7IdhGGnKqZGVmoX + XZOqYDXs8iJ74PKye5jk96ooNHO6etX0lLrb7HMVJIRXkPiv3Oj04QDEZcxrxnqZ + 0Su2m8S5/SLK37W4Rnp/KTWaifUPI0xyEEfssz/i/fdXta+XvoaMSH4zHzaXQnVY + QDoN9CH312k0N+PYSDlxSVMinBn2Lh1JTghRDl+Ww8GplcOSoO8k8hRPeqbXMnCw + fpXrU7GOPkMv7K98pAZx47bohgVNA+SGY83eUFlmQ7MdhIiWu1deLJT8jQoFz2aN + eW3DxgN1Ltqxh8e9ABDvYTdNABEBAAGJBHIEGAEKACYWIQQfiZg+AIH94BjzzJZz + pPJ7jdR5NgUCYAQdDAIbAgUJDwmcAAJACRBzpPJ7jdR5NsF0IAQZAQoAHRYhBKcj + aIbzzMqtFIon+A6YQE04b6HZBQJgBB0MAAoJEA6YQE04b6HZbYQQALP5Em7+PaMd + nhtyeGEX7pISquoZOuBA4RV5oWkJtCjYjtWq85/dDRoo17EzIkxhJCUypnELwavd + PVOrKmDNv36mrdtdkOe8xsm+ITN4w0EbMif+SByvXtTEv0u9CBYfeq4EKCig1YcC + glUPaTJsmSLZUv/k+d+dQht9FQaEUk9ZSYjpYdU1gZOsfzVY3FMwLpUlGtg6JoQM + ObpxsW9uNSYUbEDl8mFfc1odz+lFw3mhU7Nov8IW1QNMrg8Yu6hY4yQkxw8A7bs+ + JBz8XKVQXMP/0Zb5NROuISI/btPDkmQfU6ruD91cPVXXGy9PluV5+E9g7Cs/RlaM + 8TmAp0NAWKQixnPHoOwfRmuqYTc0WWuyZSaQdE5z0nPKB9Wc9nGUdZhXooqHADrm + 6TXFk/4w2xEkKKneGXHHBCaKhPjQRpwcKm6wVJ0gSmr9X9FLCjrHu+K5Fry5UkX+ + pWVsbdL2gIyKK5FtNx0ujuAlZxE94PStQUC74rZ2s/ac6QqbD3FKEW1jcVe1KPMH + q/6+JzaSN7isIi+s6jsXg7K/sYMh5J0h6heMpZhoIuMGqQ93doyA9rRa47wLB4g2 + h1c2hx2uLK1VS4SJ9+0yvkNoNJSYGzFoMc0UnBVqP1p03sSBxwd6F9cs3bvOE3jX + XslUBcmyzFP971eKI5Kc7MwbfbM4kFoWWOAP/27m7zRuZSrAkFD2UCabCUWbEQwp + 4vafcYjsdJFuennaLhqybQe41P5IXvcJwvDIjzJXfgrq3IyBrWNI+fZzCo3I7XeW + Ldm3McXP0Q9X/UmMHuZ0aBqc26OHvFH5f2od/hwc3G9sB66sB4/rfWBOHMWJHTkN + nzNMljTK7kPC9YT7n4DYVrdPTacvXrh2MkHGz1hEgznlW3VzF1Mk4qYBkWeIpcdX + wHDfHXDYWIVXWtrEiqBMjLDH8Bpx5nee98KvFQpTzMbU9lE1rInSskw7+iGRONEB + XcGs3fRJB8NvALsYMp0MU7hx3wQWmX9q58mb4qXvypFn+IqTOuN1AVCqSVEDn+gc + dehCG8vkjOIKMANfKEqRrbQmY7CJtI4BxkJwtUCTVPaRDVdW3RTv4K8K8KAM+hVz + 7rnFYTONiO51yPCCuVHSQ9ivZv5GohbyDO5nNTve1no6Fzl5l/CSpb5XCvOcGMvg + MWP22nlLGoSNG4g3TWlUabxrXmPEANG7D+qEhhuebeFC6OpX2i1JgYEpUgoTFtFC + 96299K38JSWRK/x0FPigzxvUkxVt7rG3APIPJlYQhYRq2rmDA4zRQL/ZDtFF9+QH + IIvMDlYYZCLKlxoEjYlCusJLiwHiO5uiHDiLRA1vu1qeJVJ8o435g/gRLJALZojZ + 1UKhwK2BVhqTmCWb + =svWP + -----END PGP PUBLIC KEY BLOCK----- diff --git a/dev_scripts/oldstable-pu.pref b/dev_scripts/oldstable-pu.pref new file mode 100644 index 000000000..f3e44e851 --- /dev/null +++ b/dev_scripts/oldstable-pu.pref @@ -0,0 +1,7 @@ +Package: * +Pin: release a=oldstable-proposed-updates +Pin-Priority: 100 + +Package: conmon +Pin: release a=oldstable-proposed-updates +Pin-Priority: 500 diff --git a/dev_scripts/qa.py b/dev_scripts/qa.py index d51042780..810efc00e 100755 --- a/dev_scripts/qa.py +++ b/dev_scripts/qa.py @@ -198,6 +198,27 @@ Install dependencies: +
+ :memo: Expand this section if you are on Ubuntu 22.04 (Jammy). +
+ + The `conmon` version that Podman uses and Ubuntu Jammy ships, has a bug + that gets triggered by Dangerzone + (more details in https://github.com/freedomofpress/dangerzone/issues/685). + If you want to run Dangerzone from source, you are advised to install a + patched `conmon` version. A simple way to do so is to enable the Debian + Bullseye Proposed Updates repo, just for the `conmon` package: + + ```bash + sudo cp ./dev_scripts/oldstable-pu-ubuntu.sources /etc/apt/sources.list.d/ + sudo cp ./dev_scripts/oldstable-pu.pref /etc/apt/preferences.d/ + ``` + + Alternatively, you can install a `conmon` version higher than `v2.0.25` from + any repo you prefer. + +
+ ```sh sudo apt install -y podman dh-python build-essential fakeroot make libqt6gui6 \ pipx python3 python3-dev python3-stdeb python3-all