almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-05 13:11:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Merge 83f6e430f3 into dfcb74b427

Browse source
This commit is contained in:
sudoforge 2025-03-29 23:24:23 -07:00 committed by GitHub
commit 2875060d00
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Dockerfile
View file

@ -3,8 +3,9 @@
# docs/developer/reproducibility.md.
ARG DEBIAN_IMAGE_DATE=20250224
ARG DEBIAN_IMAGE_DIGEST=sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc
FROM debian:bookworm-${DEBIAN_IMAGE_DATE}-slim AS dangerzone-image
FROM debian:bookworm-${DEBIAN_IMAGE_DATE}-slim@${DEBIAN_IMAGE_DIGEST} AS dangerzone-image
ARG GVISOR_ARCHIVE_DATE=20250217
ARG DEBIAN_ARCHIVE_DATE=20250226
@ -185,8 +186,8 @@ RUN mkdir -p \
# Copy the /etc and /var directories under the new root directory. Also,
# copy /etc/, /opt, and /usr to the Dangerzone image rootfs.
#
# NOTE: We also have to remove the resolv.conf file, in order to not leak any DNS
# servers added there during image build time.
# NOTE: We also have to remove the resolv.conf file, in order to not leak any
# DNS servers added there during image build time.
RUN cp -r /etc /var /new_root/ \
&& rm /new_root/etc/resolv.conf
RUN cp -r /etc /opt /usr /new_root/home/dangerzone/dangerzone-image/rootfs \

2
Dockerfile.env
View file

@ -1,5 +1,7 @@
# Can be bumped to the latest date in https://hub.docker.com/_/debian/tags?name=bookworm-
DEBIAN_IMAGE_DATE=20250224
# Should be the INDEX DIGEST for the tag with the selected build date
DEBIAN_IMAGE_DIGEST=sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc
# Can be bumped to today's date
DEBIAN_ARCHIVE_DATE=20250226
# Can be bumped to the latest date in https://github.com/google/gvisor/tags

3
Dockerfile.in
View file

@ -3,8 +3,9 @@
# docs/developer/reproducibility.md.
ARG DEBIAN_IMAGE_DATE={{DEBIAN_IMAGE_DATE}}
ARG DEBIAN_IMAGE_DIGEST={{DEBIAN_IMAGE_DIGEST}}
FROM debian:bookworm-${DEBIAN_IMAGE_DATE}-slim AS dangerzone-image
FROM debian:bookworm-${DEBIAN_IMAGE_DATE}-slim@${DEBIAN_IMAGE_DIGEST} AS dangerzone-image
ARG GVISOR_ARCHIVE_DATE={{GVISOR_ARCHIVE_DATE}}
ARG DEBIAN_ARCHIVE_DATE={{DEBIAN_ARCHIVE_DATE}}

1
docs/developer/reproducibility.md
View file

@ -28,6 +28,7 @@ This means that rebuilding the image without updating our Dockerfile will
Here are the necessary variables that make up our image in the `Dockerfile.env`
file:
* `DEBIAN_IMAGE_DATE`: The date that the Debian container image was released
* `DEBIAN_IMAGE_DIGEST`: The date that the Debian container image was released
* `DEBIAN_ARCHIVE_DATE`: The Debian snapshot repo that we want to use
* `GVISOR_ARCHIVE_DATE`: The gVisor APT repo that we want to use
* `H2ORESTART_CHECKSUM`: The SHA-256 checksum of the H2ORestart plugin