Skip to content

Make Qubes conversion work after the dangerzone-image split#1463

Merged
almet merged 7 commits intosplit-dangerzone-imagefrom
split-dangerzone-image-qubes
Apr 23, 2026
Merged

Make Qubes conversion work after the dangerzone-image split#1463
almet merged 7 commits intosplit-dangerzone-imagefrom
split-dangerzone-image-qubes

Conversation

@apyrgio
Copy link
Copy Markdown
Contributor

@apyrgio apyrgio commented Apr 23, 2026

Update the Dangerzone Qubes logic and build instructions to work with the new server-side component (see also freedomofpress/dangerzone-image#7).

@apyrgio
qubes: Modify the RPM package
dc5aa40 
Modify the RPM package now that dangerzone-insecure-converter-qubes
covers the server-side aspect of the conversion.
almet
almet reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@almet almet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a few notes. I think we're almost good to go with this. Mainly a few changes related to how we do the teleport, and that's it!

Comment thread dangerzone/isolation_provider/qubes.py
Comment thread BUILD.md
@apyrgio apyrgio force-pushed the split-dangerzone-image-qubes branch 2 times, most recently from 4ed2b46 to 806f259 Compare April 23, 2026 17:04
@apyrgio apyrgio changed the title Split dangerzone image qubes Make Qubes conversion work after the dangerzone-image split Apr 23, 2026
@apyrgio apyrgio force-pushed the split-dangerzone-image-qubes branch from 8f2e537 to 8e91108 Compare April 23, 2026 17:10
@apyrgio
Copy link
Copy Markdown
Contributor Author

apyrgio commented Apr 23, 2026

I've squashed the fixups in this branch, and tested the Qubes tests locally. I think it's ready to merge once the CI turns green.

@apyrgio apyrgio force-pushed the split-dangerzone-image-qubes branch from 8e91108 to abae770 Compare April 23, 2026 17:34
@almet
Copy link
Copy Markdown
Member

almet commented Apr 23, 2026

The linter reports this:

dangerzone/isolation_provider/qubes.py:94: error: Value of type variable "AnyStr" of "walk" cannot be "str | None"  [type-var]
dangerzone/isolation_provider/qubes.py:96: error: Item "None" of "str | None" has no attribute "endswith"  [union-attr]
dangerzone/isolation_provider/qubes.py:97: error: Argument 1 to "join" has incompatible type "str | None"; expected "str"  [arg-type]
dangerzone/isolation_provider/qubes.py:97: error: Argument 2 to "join" has incompatible type "str | None"; expected "str"  [arg-type]
Found 4 errors in 1 file (checked 69 source files)

Otherwise, it's good! Since this targets the dangerzone-split branch, if you don't have the time to fix it before I get another look at it, I'll merge and fix in this other branch :-)

Thanks a lot 👍

apyrgio added 6 commits April 23, 2026 21:38
@apyrgio
qubes: Slightly modify the teleport trick
0534654 
Now that the server-side components are not bundled in the Dangerzone
repo, we need to slightly modify the teleport trick we did.

The change is that we no longer import the `conversion` module, but we
look for the source of the `dangerzone-insecure-converter` module via
the `DANGERZONE_INSECURE_CONVERTER_PATH` envvar. Note that this is a
dev-only argument.
@apyrgio
Update Qubes build instructions
6bd3b94 
Update the build instructions for Qubes, now that we have a separate
component for the server-side part of the conversion.
@apyrgio
tests: Ignore some tests that can't run on Qubes
c00d741
@apyrgio
tests: Replace sample_doc with sample_pdf
9da0d21
@apyrgio
qubes: Use Fedora 43 in instructions
ded01ba
@apyrgio
Add changelog entry
a6c191c
@apyrgio apyrgio force-pushed the split-dangerzone-image-qubes branch from abae770 to a6c191c Compare April 23, 2026 18:38
@apyrgio
Copy link
Copy Markdown
Contributor Author

apyrgio commented Apr 23, 2026
edited by almet
Loading

Fixed it:

diff --git a/dangerzone/isolation_provider/qubes.py b/dangerzone/isolation_provider/qubes.py
index 2f99e892..4fd8f49d 100644
--- a/dangerzone/isolation_provider/qubes.py
+++ b/dangerzone/isolation_provider/qubes.py
@@ -5,7 +5,7 @@ import subprocess
 import sys
 import zipfile
 from pathlib import Path
-from typing import IO, Callable, Optional
+from typing import IO

 from ..document import Document
 from ..updater.signatures import is_container_tar_bundled
@@ -49,6 +49,7 @@ class Qubes(IsolationProvider):

         if dev_mode:
             assert p.stdin is not None
+            assert conv_mod_path is not None
             # Send the dangerzone module first.
             self.teleport_dz_module(conv_mod_path, p.stdin)

@@ -84,7 +85,7 @@ class Qubes(IsolationProvider):
         if p.stdout:
             p.stdout.close()

-    def teleport_dz_module(self, conv_path: Optional[str], wpipe: IO[bytes]) -> None:
+    def teleport_dz_module(self, conv_path: str, wpipe: IO[bytes]) -> None:
         """Send the dangerzone module to another qube, as a zipfile."""
         # Grab the absolute file path of the dangerzone module.
         temp_file = io.BytesIO()

@almet almet merged commit 2e7109e into split-dangerzone-image Apr 23, 2026
49 checks passed
@almet almet deleted the split-dangerzone-image-qubes branch April 23, 2026 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@almet almet almet left review comments

Assignees

No one assigned

Labels

None yet

Projects

Dangerzone ✨
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@apyrgio @almet