From 560f83d7d6ed8fc3fc3b45099635a38c667effe1 Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Thu, 28 Nov 2024 17:45:12 +0200 Subject: [PATCH] WIP: Almost ready --- dangerzone/isolation_provider/container.py | 10 +-- dodo.py | 96 +++++++++++++++------- pyproject.toml | 9 +- 3 files changed, 77 insertions(+), 38 deletions(-) diff --git a/dangerzone/isolation_provider/container.py b/dangerzone/isolation_provider/container.py index 7a0571a..f03cd6b 100644 --- a/dangerzone/isolation_provider/container.py +++ b/dangerzone/isolation_provider/container.py @@ -270,13 +270,7 @@ class Container(IsolationProvider): log.info(f"Successfully tagged container image '{cur_image_name}' as {new_image_name}") @staticmethod - def is_tag_latest(expected_tag: str, tag_map: [str]) -> None: - try: - return tag_map[expected_tag] == tag_map["latest"] - except KeyError: - return False - - def install(self) -> bool: + def install() -> bool: """Install the container image tarball, or verify that it's already installed. Perform the following actions: @@ -310,7 +304,7 @@ class Container(IsolationProvider): new_tags = Container.get_image_tags() if expected_tag not in new_tags: raise ImageNotPresentException( - "Could not find expected tag {tag} after loading the container image tarball" + f"Could not find expected tag '{expected_tag}' after loading the container image tarball" ) # Mark the expected tag as "latest". diff --git a/dodo.py b/dodo.py index aa3bacf..0e0ee51 100644 --- a/dodo.py +++ b/dodo.py @@ -75,6 +75,17 @@ def task_clean_container_runtime(): } +def task_clean_git(): + """Clean the Git repo.""" + return { + "actions": None, + "clean": [ + "git clean -fdx", + "git checkout -f", + ], + } + + def task_check_python(): """Check that the latest supported Python version is installed (WIP). @@ -188,9 +199,13 @@ def task_download_tessdata(): def task_build_image(): """Build the container image using ./install/common/build-image.py""" + img_src = "share/container-{VERSION}.tar.gz" + img_dst = RELEASE_DIR / "container-{VERSION}.tar.gz" # FIXME: Add arch + return { "actions": [ "python install/common/build-image.py --use-cache=%(use_cache)s", + "cp {img_src} {img_dst}", ], "params": [ { @@ -210,7 +225,7 @@ def task_build_image(): "dangerzone/gvisor_wrapper/entrypoint.py", "install/common/build-image.py", ], - "targets": ["share/container.tar.gz", "share/image-id.txt"], + "targets": [img_src, img_dst], "task_dep": ["check_container_runtime"], "clean": True, } @@ -223,39 +238,56 @@ def task_poetry_install(): } -def task_macos_build_app(): +def task_macos_build_dmg(): """Build the macOS app bundle for Dangerzone.""" + dz_dir = RELEASE_DIR / "tmp" / "macos" + dmg_src = dz_dir / "dist" / "Dangerzone.dmg" + dmg_dst = RELEASE_DIR / "Dangerzone-{VERSION}.dmg" # FIXME: Add -arch - return { - "actions": [["poetry", "run", "install/macos/build-app.py"]], - "file_dep": [ - *list_files("share"), - *list_files("dangerzone"), - "share/container.tar.gz", - "share/image-id.txt", - ], - "task_dep": ["poetry_install"], - "targets": ["dist/Dangerzone.app"], - "clean": ["rm -rf dist/Dangerzone.app"], - } - - -def task_macos_codesign(): return { "actions": [ - ["poetry", "run", "install/macos/build-app.py", "--only-codesign"], - [ - "xcrun notarytool submit --wait --apple-id %(apple_id)s" - " --keychain-profile dz-notarytool-release-key dist/Dangerzone.dmg", - ], + (copy_dz_dir, [".", dz_dir]), + f"cd {dz_dir} && poetry run install/macos/build-app.py --with-codesign", + ("xcrun notarytool submit --wait --apple-id %(apple_id)s" + f" --keychain-profile dz-notarytool-release-key {dmg_src}"), + f"xcrun stapler staple {dmg_src}", + ["cp", "-r", dmg_src, dmg_dst], + ["rm", "-r", dz_dir], ], "params": [PARAM_APPLE_ID], - "file_dep": ["dist/Dangerzone.app"], - "targets": ["dist/Dangerzone.dmg"], + "file_dep": [ + RELEASE_DIR, + "poetry.lock", + "install/macos/build.app.py", + *list_files("assets"), + *list_files("share"), + *list_files("dangerzone"), + f"share/container-{VERSION}.tar.gz", + ], + "task_dep": ["poetry_install"], + "targets": [dmg_dst], "clean": True, } +# def task_macos_codesign(): +# dz_dir = RELEASE_DIR / "tmp" / "macos" +# app_src = RELEASE_DIR / "Dangerzone.app" +# dmg_src = dz_dir / "dist" / "Dangerzone.dmg" +# dmg_dst = RELEASE_DIR / "Dangerzone-{VERSION}.dmg" + +# return { +# "actions": [ +# ], +# "params": [PARAM_APPLE_ID], +# "file_dep": [ +# RELEASE_DIR / "Dangerzone.app" +# ], +# "targets": ["dist/Dangerzone.dmg"], +# "clean": True, +# } + + def task_debian_env(): return { "actions": [ @@ -287,8 +319,12 @@ def task_debian_deb(): ], "file_dep": [ RELEASE_DIR, - "share/container.tar.gz", - "share/image-id.txt", + "poetry.lock", + "install/linux/build-deb.py", + *list_files("assets"), + *list_files("share"), + *list_files("dangerzone"), + "share/container-{VERSION}.tar.gz", ], "task_dep": [ "debian_env", @@ -339,8 +375,12 @@ def task_fedora_rpm(): ], "file_dep": [ RELEASE_DIR, - "share/container.tar.gz", - "share/image-id.txt", + "poetry.lock", + "install/linux/build-rpm.py", + *list_files("assets"), + *list_files("share"), + *list_files("dangerzone"), + "share/container-{VERSION}.tar.gz", ], "task_dep": [ f"fedora_env:{version}", diff --git a/pyproject.toml b/pyproject.toml index c373931..faa5896 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,8 +68,13 @@ skip_gitignore = true follow_links = false [tool.doit.commands.clean] -# XXX: Change this to false if you REALLY want to clean a task's output. Else, -# the `doit clean` comamnd will print the commands that would run instead. +# XXX: Change this to false if you REALLY want to clean your environment. Note +# that this command will: +# * prune container images, +# * clean the Git repo, and +# * remove all tasks output +# +# Else, the `doit clean` comamnd will print the commands that would run instead. dryrun = true [tool.doit.tasks.macos_check_cert]