From 4853d4bc949cf77718b92d2399eed969ff7e6fd6 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Mon, 11 Mar 2024 15:41:15 -0400
Subject: [PATCH] Build securedrop-proxy package with qubesdb integration

---
 debian/control                    |   2 +-
 debian/rules                      |   2 +-
 scripts/Dockerfile                |   6 ++++++
 scripts/qubes-archive-keyring.gpg | Bin 0 -> 1142 bytes
 4 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 scripts/qubes-archive-keyring.gpg

diff --git a/debian/control b/debian/control
index 1bca9a37f..3416c9247 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: securedrop-client
 Section: unknown
 Priority: optional
 Maintainer: SecureDrop Team <securedrop@freedom.press>
-Build-Depends: debhelper-compat (= 11), dh-apparmor, python3-virtualenv, libssl-dev, pkg-config
+Build-Depends: debhelper-compat (= 11), dh-apparmor, python3-virtualenv, libssl-dev, pkg-config, libclang-dev, qubesdb-dev
 Standards-Version: 3.9.8
 Homepage: https://github.com/freedomofpress/securedrop-client
 X-Python3-Version: >= 3.5
diff --git a/debian/rules b/debian/rules
index 14f74270b..acb89b646 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,7 @@ override_dh_auto_install:
 	bash ./debian/setup-venv.sh client
 	bash ./debian/setup-venv.sh export
 	bash ./debian/setup-venv.sh log
-	cargo build --release --locked
+	cargo build --release --locked --features qubesdb
 	dh_auto_install
 	dh_apparmor --profile-name=usr.bin.securedrop-client -psecuredrop-client
 
diff --git a/scripts/Dockerfile b/scripts/Dockerfile
index b06a5c85c..d3535d28b 100644
--- a/scripts/Dockerfile
+++ b/scripts/Dockerfile
@@ -1,6 +1,9 @@
 ARG DISTRO=bullseye
 FROM debian:$DISTRO
 
+# ARGs must be repeated for every different build stage
+ARG DISTRO
+
 ENV PIP_DISABLE_PIP_VERSION_CHECK=1
 ENV PIP_PROGRESS_BAR=off
 ENV CARGO_TERM_COLOR=never
@@ -8,6 +11,9 @@ ENV CARGO_TERM_PROGRESS_WHEN=never
 
 RUN apt-get update && apt-get --yes upgrade && apt-get install --yes build-essential curl
 
+RUN echo "deb [arch=amd64] https://deb.qubes-os.org/r4.1/vm ${DISTRO} main" > /etc/apt/sources.list.d/qubes.list
+COPY qubes-archive-keyring.gpg /etc/apt/trusted.gpg.d/
+
 # Keep in sync with rust-toolchain.toml
 ENV RUST_VERSION 1.74.1
 ENV RUSTUP_VERSION 1.24.3
diff --git a/scripts/qubes-archive-keyring.gpg b/scripts/qubes-archive-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..7a2d634b3ea4a2afc0dd687cb6f883c910097416
GIT binary patch
literal 1142
zcmV-+1d02Z0u2OMz8R+h5CD~yxpre}RAb8-vVNO*t_4KvF;A2@Lq&_JtxI0M7Hv?4
zV9p~(CM5U+Ck}wtM6D74<kefVdmF_ZN>4gn=e8!fyrN5rHJ?>Gj}#H>;_IB|7whP`
zr3#xgi(-*$zRQeG-z6>BY%UVoX65WVji%XV+2b6@B8$=zmf8?UDlA_Q6zQp>&UB>u
zRILz35n-vV&trbS<(Xt<bGEGY4-jpyY)VzV0Fyy>8qzb!vR9%YJ52H?3bVZi7PJ;(
zI8}#gA`<lb$7lx(khTW&=02w3{c~|Yvp5G=%<d5&PUH;T;d&r=-b4(w>}cmmCSTNM
zuB&XEe1hWzu$=nPbEz0#bt3D2i;^JJc|Pu&9}-kCVWsp+c7e3|tWWl!w<a!ZAxum%
z=A#iK5eR|S#l+Rt6&W(jJRa_``E?3%%p>>1ivg|YTpjU4&KkP3;Yz>7mV3&Rxy5{c
z3^TZ{+bL;m0GEz_{Je+eE}E!NqgY4RlTXN6VVs*)-Nuc9+5<;L?mOYU-Jd99I2WS7
z`4;~fdr~awIYoBPaW)@B;6<JPC0CunD{jgv-0s1p^vtQ$KyNRD<sdoJh7lVgVPZ9_
z@UY6x8C;rYA?AtQjXW+}TLnhM76gQGt5N~XTXaljh!zWZVPq40H`{ZQH$>=gfUKkg
z<QFDbd8!Fl9iadb0RRECCQ)@_Wpf};Qy?@TL}g-WVQwH$VPk7yXJvCBQ)y>zX>MmA
zOJ#Y90yhK`0SEvg1p-*U8K(jp0|g5S2nPZN6$l9m3jzcd0s{d89svRufB*^!5JR_M
z@t4XQ^~!h;{0Kk|n=shx{bzx2<*2r~z=1y1$i0`KVPnvTn#>K+1?0Akh!`A)aOu-H
z$!(v5sP-&wq;u>c2vqfu;UKdh7GK<DH!3ZT!@qd2q*0dDc<rUW;lqM4998?&K}NA;
z!0M<y*i`n`^f|mh2UDZ*K%{u^aLCfFgp%x-7r<`lEJrM64U>of0wM1#ShWx`>t@um
zs^?nhH+{)0-k~QY4Y19pKWjvvqs;#4Y>AYi*zw2uhtd~VYxriPtGBRF&Jm(h0&p76
zDg)WPuskp^E<OkcL^6jHOw;<$BLkJ@ffrsQQnMa8F|bn^Rq@_`Ubt#UhJ2@xj^{`V
zQEp3Od@bI{V6p;B8*L?v8TbU3QU_nH&R-_KI3{(x!1xv6*%ZxtqIx*Z2vT{D&a)!m
zr{Xj7f~2y)i#D@o3B~N(>uu5G^l>#SO`N91lS~ExVPeSDPKdg#%p;B3cuXk*rJW&r
zePGnhb~nrhzXw<azg=*DT`3F6lMDZh>l^!_vSYi2_Xs1RLGH5EOEV@F1s8&tk1Fh-
zhhI8MfZwvn6z)Lj(u9~1$2OXnD>9DjBb8a<{W_#muHCv-0hMA7e|2%Kdgw1?lp*SP
zkzVh0iKe=v7EPJt^U4cg4?GV-?GJR)Y;h5P6!B!3zp6BjrfvUS^XdLJ5bN)c0Z4zn
Iys!cQ1C#F*KL7v#

literal 0
HcmV?d00001