Automate the creation of Linux environments for Dangerzone testing #286

apyrgio · 2022-12-09T14:48:40Z

Dangerzone is a multi-platform application, currently available on Windows, MacOS, and several Linux flavors. In order to test new Dangerzone features on these environments, we need to have access to them. Typically, this requires dedicated hardware, and some time to provision (and possibly deprovision) these environments.

This issue focuses on the Linux environments that we need to support. Windows and MacOS environments are still a hard problem, mainly because they require nested virtualization, if the user does not have dedicated hardware.

As of writing this, we are supporting 8 Linux environments (source):

Ubuntu 22.10 (kinetic)
Ubuntu 22.04 (jammy)
Ubuntu 20.04 (focal)
Debian 12 (bookworm)
Debian 11 (bullseye)
Fedora 37
Fedora 36
Fedora 35

Our QA requirements for adequately testing these environments are the following:

Create a development environment. That is, being able to run the corresponding section in our BUILD.md, which includes installing build tools, Poetry, and installing the project's dependencies.
Build the container image for Dangerzone. This step requires running Podman in the Linux environment.
Run the Dangerzone tests. This step also requires Podman.
Build the .deb / .rpm package for Dangerzone. This step requires a dev environment (see 1).
Test QA scenarios on the Linux environment. This step requires Podman and GUI support.

The text was updated successfully, but these errors were encountered:

apyrgio · 2022-12-09T15:03:15Z

A way to implement this feature could be to run these environments in separate containers. This approach has the following benefits:

Containers need few resources.
Performance is on par with the user's host.
Container creation is declarative, which aids in caching and reproducibility.

The drawbacks in this approach are the following:

Nested containerization is difficult. The first containerization layer is usually very restrictive, and prevents users from creating more layers.
GUI support from within containers is not straightforward.

For (1), we can make the first containerization layer as privileged as the user in the host. Security-wise this should not be much of an issue, since it's an improvement from building Dangerzone directly on the host. For (2), we need to mount the X11 / Wayland sockets to the container, and we can document how it works.

apyrgio · 2022-12-12T19:20:20Z

Some notes on running Podman within another container:

The /usr/bin/new[gu]idmap executables may not have the suid bit set. The Podman authors have acknowledged this issue, and suggest either reinstalling the corresponding package, or setting the bit manually. We choose the first option, since it affects only old versions of Fedora. Ideally, we should drop this workaround after they fix it upstream.
The default range in /etc/sub[gu]id is user:100000:65536. However, if one runs Podman in Podman, this range is not acceptable for the innner container. The reason is that the outer container will be granted 65536 UIDs/GIDs, and the inner container will try to reserve UID/GID 100000, which is higher than 65536. For this reason, we reserve a lower UID and a smaller range, to make sure that the inner container will work.

Introduce `dev_scripts/env.py`, which is a script for building Dangerzone environments for various Linux distros, and running commands in them. Closes #286

Add a design document for `dev_scripts/env.py`, which is a script that creates Dangerzone environments for various Linux distros. In this design document, we explain various architectural decisions that we have taken for this script, as well as how it works under the hood, what are its shortcomings, etc. Refs #286

Ignore the `dev_scripts/envs` folder when running tests or linting code, as it may contain files that are not owned by the current user. In this case, we've seen that pytest/black etc. fail. This typically happens when the user has run Dangerzone in a containerized environment (see #286), and Podman created a directory with files owned by the user in the nested container.