# Test official instructions for installing Dangerzone # ==================================================== # # The installation instructions have been copied from our INSTALL.md file. # NOTE: When you change either place, please make sure to keep the two files in # sync. # NOTE: Because the commands run as root, the use of sudo is not necessary. name: Test official instructions for installing Dangerzone on: schedule: - cron: '0 0 * * *' # Run every day at 00:00 UTC. workflow_dispatch: jobs: install-from-apt-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" runs-on: ubuntu-latest container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: include: - distro: ubuntu version: "25.04" # plucky - distro: ubuntu version: "24.10" # oracular - distro: ubuntu version: "24.04" # noble - distro: ubuntu version: "22.04" # jammy - distro: debian version: "trixie" # 13 - distro: debian version: "12" # bookworm - distro: debian version: "11" # bullseye steps: - name: Add packages.freedom.press PGP key (gpg) if: matrix.version != 'trixie' run: | apt-get update && apt-get install -y gnupg2 ca-certificates dirmngr # NOTE: This is a command that's necessary only in containers # The key needs to be in the GPG keybox database format so the # signing subkey is detected by apt-secure. gpg --keyserver hkps://keys.openpgp.org \ --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" mkdir -p /etc/apt/keyrings/ mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/. - name: Add packages.freedom.press PGP key (sq) if: matrix.version == 'trixie' run: | apt-get update && apt-get install -y ca-certificates sq mkdir -p /etc/apt/keyrings/ # On debian trixie, apt-secure uses `sqv` to verify the signatures # so we need to retrieve PGP keys and store them using the base64 format. sq network keyserver \ --server hkps://keys.openpgp.org \ search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \ --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg - name: Add packages.freedom.press to our APT sources run: | . /etc/os-release echo "deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \ https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main" \ | tee /etc/apt/sources.list.d/fpf-apt-tools.list - name: Install Dangerzone run: | apt update apt install -y dangerzone install-from-yum-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" runs-on: ubuntu-latest container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: include: - distro: fedora version: 40 - distro: fedora version: 41 - distro: fedora version: 42 steps: - name: Add packages.freedom.press to our YUM sources run: | dnf install -y 'dnf-command(config-manager)' dnf-3 config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo - name: Replace 'rawhide' string with Fedora version # The previous command has created a `dangerzone.repo` file. The # config-manager plugin should have substituted the $releasever variable # with the Fedora version number. However, for unreleased Fedora # versions, this gets translated to "rawhide", even though they do have # a number. To fix this, we need to substitute the "rawhide" string # witht the proper Fedora version. run: | source /etc/os-release sed -i "s/rawhide/${VERSION_ID}/g" /etc/yum.repos.d/dangerzone.repo - name: Install Dangerzone # FIXME: We add the `-y` flag here, in lieu of a better way to check the # Dangerzone signature. run: dnf install -y dangerzone