From 295b5a4f148eaf9d73201c52d0461840b5ae4745 Mon Sep 17 00:00:00 2001
From: Roman Podoliaka <roman.podoliaka@gmail.com>
Date: Tue, 3 Feb 2026 21:16:31 +0000
Subject: [PATCH] ci: add a workaround for the LLVM package issue

APT no longer considers SHA1 signatures secure, and LLVM hasn't
updated their repo yet, so we need to extend the deadline date to
work around package install failures.

See https://github.com/llvm/llvm-project/issues/153385 for details.
---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 49ee7b8..242483d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,11 @@ FROM python:${PY_VERSION}
 
 ARG LLDB_VERSION=21
 
+# Temporary workaround for https://github.com/llvm/llvm-project/issues/153385
+RUN if [ -f /usr/share/apt/default-sequoia.config ]; then \
+        sed -i 's/\(sha1\.second_preimage_resistance =\).*/\1 2027-01-01/' /usr/share/apt/default-sequoia.config; \
+    fi
+
 RUN DEBIAN_VERSION=`awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release` && \
     wget -q https://apt.llvm.org/llvm-snapshot.gpg.key -O /usr/share/keyrings/apt.llvm.org.asc && \
     echo "deb [signed-by=/usr/share/keyrings/apt.llvm.org.asc] http://apt.llvm.org/${DEBIAN_VERSION}/ llvm-toolchain-${DEBIAN_VERSION}-${LLDB_VERSION} main" >> /etc/apt/sources.list && \