Bump version to 0.8.0

2025-05-01 19:22:23 +02:00 · 2024-10-30 01:57:14 +01:00
12 changed files with 33 additions and 22 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -33,6 +33,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
+          - distro: ubuntu
+            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
--- a/.github/workflows/check_repos.yml
+++ b/.github/workflows/check_repos.yml
@ -23,6 +23,8 @@ jobs:
            version: "24.10"  # oracular
          - distro: ubuntu
            version: "24.04"  # noble
+          - distro: ubuntu
+            version: "23.10"  # mantic
          - distro: ubuntu
            version: "22.04"  # jammy
          - distro: ubuntu
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -159,6 +159,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
+          - distro: ubuntu
+            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
@ -227,6 +229,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
+          - distro: ubuntu
+            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
@ -346,6 +350,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
+          - distro: ubuntu
+            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
--- a/.github/workflows/scan_released.yml
+++ b/.github/workflows/scan_released.yml
@ -13,7 +13,7 @@ jobs:
      - name: Download container image for the latest release
        run: |
          VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | jq -r '.tag_name')
-          wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container-${VERSION}-i686.tar.gz -O container.tar.gz
+          wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container.tar.gz
      - name: Load container image
        run: docker load -i container.tar.gz
      # NOTE: Scan first without failing, else we won't be able to read the scan
--- a/INSTALL.md
+++ b/INSTALL.md
@ -11,6 +11,7 @@ an isolated environment. It will be installed automatically when installing Dang
 Dangerzone is available for:
 - Ubuntu 24.10 (oracular)
 - Ubuntu 24.04 (noble)
+- Ubuntu 23.10 (mantic)
 - Ubuntu 22.04 (jammy)
 - Ubuntu 20.04 (focal)
 - Debian 13 (trixie)
@ -289,7 +290,7 @@ Our [GitHub Releases page](https://github.com/freedomofpress/dangerzone/releases
 hosts the following files:
 * Windows installer (`Dangerzone-<version>.msi`)
 * macOS archives (`Dangerzone-<version>-<arch>.dmg`)
-* Container images (`container-<version>-<arch>.tar.gz`)
+* Container image (`container.tar.gz`)
 * Source package (`dangerzone-<version>.tar.gz`)

 All these files are accompanied by signatures (as `.asc` files). We'll explain
@ -314,10 +315,10 @@ gpg --verify Dangerzone-0.6.1-arm64.dmg.asc Dangerzone-0.6.1-arm64.dmg
 gpg --verify Dangerzone-0.6.1-i686.dmg.asc Dangerzone-0.6.1-i686.dmg
 ```

-For the container images:
+For the container image:

 ```
-gpg --verify container-0.6.1-i686.tar.gz.asc container-0.6.1-i686.tar.gz
+gpg --verify container.tar.gz.asc container.tar.gz
 ```

 For the source package:
--- a/RELEASE.md
+++ b/RELEASE.md
@ -285,11 +285,6 @@ Once we are confident that the release will be out shortly, and doesn't need any
  * You can verify the correct Python version is used with `poetry debug info`
 - [ ] Verify and checkout the git tag for this release
 - [ ] Run `poetry install --sync`
- [ ] On the silicon mac, build the container image:
-  ```
-  python3 ./install/common/build-image.py
-  ```
-  Then copy the `share/container.tar.gz` to the assets folder on `dangerzone-$VERSION-arm64.tar.gz`, along with the `share/image-id.txt` file.
 - [ ] Run `poetry run ./install/macos/build-app.py`; this will make `dist/Dangerzone.app`
 - [ ] Make sure that the build application works with the containerd graph
  driver (see [#933](https://github.com/freedomofpress/dangerzone/issues/933))
@ -408,8 +403,6 @@ Build the latest container:
 python3 ./install/common/build-image.py
 ```

-Copy the container image to the assets folder on `dangerzone-$VERSION-i686.tar.gz`.
-
 Create a .rpm:

 ```sh
@ -456,9 +449,9 @@ To publish the release:
  * Copy the release notes text from the template at [`docs/templates/release-notes`](https://github.com/freedomofpress/dangerzone/tree/main/docs/templates/)
  * You can use `./dev_scripts/upload-asset.py`, if you want to upload an asset
    using an access token.
- [ ] Upload the `container-$VERSION-i686.tar.gz` and `container-$VERSION-arm64.tar.gz` images that were created in the previous step
+- [ ] Upload the `container.tar.gz` i686 image that was created in the previous step

-  **Important:** Make sure that it's the same container images as the ones that
+  **Important:** Make sure that it's the same container image as the ones that
  are shipped in other platforms (see our [Pre-release](#Pre-release) section)

 - [ ] Upload the detached signatures (.asc) and checksum file.
--- a/dangerzone/gvisor_wrapper/entrypoint.py
+++ b/dangerzone/gvisor_wrapper/entrypoint.py
@ -142,6 +142,9 @@ runsc_argv = [
    "--rootless=true",
    "--network=none",
    "--root=/home/dangerzone/.containers",
+    # Disable DirectFS for to make the seccomp filter even stricter,
+    # at some performance cost.
+    "--directfs=false",
 ]
 if os.environ.get("RUNSC_DEBUG"):
    runsc_argv += ["--debug=true", "--alsologtostderr=true"]
--- a/dev_scripts/env.py
+++ b/dev_scripts/env.py
@ -696,6 +696,8 @@ class Env:
                    DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEV_DEBIAN_DEPS
                )
            elif self.distro == "ubuntu" and self.version in (
+                "23.10",
+                "mantic",
                "24.04",
                "noble",
                "24.10",
@ -782,6 +784,8 @@ class Env:
                # package (see https://github.com/freedomofpress/dangerzone/issues/685)
                install_deps = DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEBIAN_DEPS
            elif self.distro == "ubuntu" and self.version in (
+                "23.10",
+                "mantic",
                "24.04",
                "noble",
                "24.10",
--- a/dev_scripts/qa.py
+++ b/dev_scripts/qa.py
@ -978,6 +978,11 @@ class QAUbuntu2204(QADebianBased):
    VERSION = "22.04"


+class QAUbuntu2310(QADebianBased):
+    DISTRO = "ubuntu"
+    VERSION = "23.10"
+
+
 class QAUbuntu2404(QADebianBased):
    DISTRO = "ubuntu"
    VERSION = "24.04"
--- a/dev_scripts/sign-assets.py
+++ b/dev_scripts/sign-assets.py
@ -11,8 +11,7 @@ log = logging.getLogger(__name__)


 DZ_ASSETS = [
-    "container-{version}-i686.tar.gz",
-    "container-{version}-arm64.tar.gz",
+    "container.tar.gz",
    "Dangerzone-{version}.msi",
    "Dangerzone-{version}-arm64.dmg",
    "Dangerzone-{version}-i686.dmg",
--- a/setup-windows.py
+++ b/setup-windows.py
@ -4,6 +4,7 @@ from cx_Freeze import Executable, setup
 with open("share/version.txt") as f:
    version = f.read().strip()

+packages = ["dangerzone", "dangerzone.gui"]

 setup(
    name="dangerzone",
@ -11,13 +12,10 @@ setup(
    # On Windows description will show as the app's name in the "Open With" menu. See:
    # https://github.com/freedomofpress/dangerzone/issues/283#issuecomment-1365148805
    description="Dangerzone",
+    packages=packages,
    options={
        "build_exe": {
-            # Explicitly specify pymupdf.util module to fix building the executables
-            # with cx_freeze. See https://github.com/marcelotduarte/cx_Freeze/issues/2653
-            # for more details.
-            # TODO: Upgrade to cx_freeze 7.3.0 which should include a fix.
-            "packages": ["dangerzone", "dangerzone.gui", "pymupdf.utils"],
+            "packages": packages,
            "excludes": ["test", "tkinter"],
            "include_files": [("share", "share"), ("LICENSE", "LICENSE")],
            "include_msvcr": True,
--- a/tests/isolation_provider/base.py
+++ b/tests/isolation_provider/base.py
@ -164,7 +164,6 @@ class IsolationProviderTermination:
        terminate_proc_mock = mocker.patch.object(
            provider, "terminate_doc_to_pixels_proc", return_value=None
        )
-        kill_pg_orig = base.kill_process_group
        kill_pg_mock = mocker.patch(
            "dangerzone.isolation_provider.base.kill_process_group", return_value=None
        )
@ -179,7 +178,6 @@ class IsolationProviderTermination:

        # Reset the function to the original state.
        provider.terminate_doc_to_pixels_proc = terminate_proc_orig  # type: ignore [method-assign]
-        base.kill_process_group = kill_pg_orig

        # Really kill the spawned process, so that it doesn't linger after the tests
        # complete.