almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

WIP: Almost ready

Browse source
This commit is contained in:
Alex Pyrgiotis 2024-11-28 17:45:12 +02:00
parent 760eb85e31
commit 560f83d7d6
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
3 changed files with 77 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
dangerzone/isolation_provider/container.py
View file

@ -270,13 +270,7 @@ class Container(IsolationProvider):
log.info(f"Successfully tagged container image '{cur_image_name}' as {new_image_name}")
@staticmethod
def is_tag_latest(expected_tag: str, tag_map: [str]) -> None:
try:
return tag_map[expected_tag] == tag_map["latest"]
except KeyError:
return False
def install(self) -> bool:
def install() -> bool:
"""Install the container image tarball, or verify that it's already installed.
Perform the following actions:
@ -310,7 +304,7 @@ class Container(IsolationProvider):
new_tags = Container.get_image_tags()
if expected_tag not in new_tags:
raise ImageNotPresentException(
"Could not find expected tag {tag} after loading the container image tarball"
f"Could not find expected tag '{expected_tag}' after loading the container image tarball"
)
# Mark the expected tag as "latest".

96
dodo.py
View file

@ -75,6 +75,17 @@ def task_clean_container_runtime():
}
def task_clean_git():
"""Clean the Git repo."""
return {
"actions": None,
"clean": [
"git clean -fdx",
"git checkout -f",
],
}
def task_check_python():
"""Check that the latest supported Python version is installed (WIP).
@ -188,9 +199,13 @@ def task_download_tessdata():
def task_build_image():
"""Build the container image using ./install/common/build-image.py"""
img_src = "share/container-{VERSION}.tar.gz"
img_dst = RELEASE_DIR / "container-{VERSION}.tar.gz" # FIXME: Add arch
return {
"actions": [
"python install/common/build-image.py --use-cache=%(use_cache)s",
"cp {img_src} {img_dst}",
],
"params": [
{
@ -210,7 +225,7 @@ def task_build_image():
"dangerzone/gvisor_wrapper/entrypoint.py",
"install/common/build-image.py",
],
"targets": ["share/container.tar.gz", "share/image-id.txt"],
"targets": [img_src, img_dst],
"task_dep": ["check_container_runtime"],
"clean": True,
}
@ -223,39 +238,56 @@ def task_poetry_install():
}
def task_macos_build_app():
def task_macos_build_dmg():
"""Build the macOS app bundle for Dangerzone."""
dz_dir = RELEASE_DIR / "tmp" / "macos"
dmg_src = dz_dir / "dist" / "Dangerzone.dmg"
dmg_dst = RELEASE_DIR / "Dangerzone-{VERSION}.dmg" # FIXME: Add -arch
return {
"actions": [["poetry", "run", "install/macos/build-app.py"]],
"file_dep": [
*list_files("share"),
*list_files("dangerzone"),
"share/container.tar.gz",
"share/image-id.txt",
],
"task_dep": ["poetry_install"],
"targets": ["dist/Dangerzone.app"],
"clean": ["rm -rf dist/Dangerzone.app"],
}
def task_macos_codesign():
return {
"actions": [
["poetry", "run", "install/macos/build-app.py", "--only-codesign"],
[
"xcrun notarytool submit --wait --apple-id %(apple_id)s"
" --keychain-profile dz-notarytool-release-key dist/Dangerzone.dmg",
],
(copy_dz_dir, [".", dz_dir]),
f"cd {dz_dir} && poetry run install/macos/build-app.py --with-codesign",
("xcrun notarytool submit --wait --apple-id %(apple_id)s"
f" --keychain-profile dz-notarytool-release-key {dmg_src}"),
f"xcrun stapler staple {dmg_src}",
["cp", "-r", dmg_src, dmg_dst],
["rm", "-r", dz_dir],
],
"params": [PARAM_APPLE_ID],
"file_dep": ["dist/Dangerzone.app"],
"targets": ["dist/Dangerzone.dmg"],
"file_dep": [
RELEASE_DIR,
"poetry.lock",
"install/macos/build.app.py",
*list_files("assets"),
*list_files("share"),
*list_files("dangerzone"),
f"share/container-{VERSION}.tar.gz",
],
"task_dep": ["poetry_install"],
"targets": [dmg_dst],
"clean": True,
}
# def task_macos_codesign():
# dz_dir = RELEASE_DIR / "tmp" / "macos"
# app_src = RELEASE_DIR / "Dangerzone.app"
# dmg_src = dz_dir / "dist" / "Dangerzone.dmg"
# dmg_dst = RELEASE_DIR / "Dangerzone-{VERSION}.dmg"
# return {
# "actions": [
# ],
# "params": [PARAM_APPLE_ID],
# "file_dep": [
# RELEASE_DIR / "Dangerzone.app"
# ],
# "targets": ["dist/Dangerzone.dmg"],
# "clean": True,
# }
def task_debian_env():
return {
"actions": [
@ -287,8 +319,12 @@ def task_debian_deb():
],
"file_dep": [
RELEASE_DIR,
"share/container.tar.gz",
"share/image-id.txt",
"poetry.lock",
"install/linux/build-deb.py",
*list_files("assets"),
*list_files("share"),
*list_files("dangerzone"),
"share/container-{VERSION}.tar.gz",
],
"task_dep": [
"debian_env",
@ -339,8 +375,12 @@ def task_fedora_rpm():
],
"file_dep": [
RELEASE_DIR,
"share/container.tar.gz",
"share/image-id.txt",
"poetry.lock",
"install/linux/build-rpm.py",
*list_files("assets"),
*list_files("share"),
*list_files("dangerzone"),
"share/container-{VERSION}.tar.gz",
],
"task_dep": [
f"fedora_env:{version}",

9
pyproject.toml
View file

@ -68,8 +68,13 @@ skip_gitignore = true
follow_links = false
[tool.doit.commands.clean]
# XXX: Change this to false if you REALLY want to clean a task's output. Else,
# the `doit clean` comamnd will print the commands that would run instead.
# XXX: Change this to false if you REALLY want to clean your environment. Note
# that this command will:
# * prune container images,
# * clean the Git repo, and
# * remove all tasks output
#
# Else, the `doit clean` comamnd will print the commands that would run instead.
dryrun = true
[tool.doit.tasks.macos_check_cert]