Allow using the container engine cache when building our image

Remove our suggestions for not using the container cache, which stemmed
from the fact that our Dangerzone image was not reproducible. Now that
we have switched to Debian Stable and the Dockerfile is all we need to
reproducibly build the exact same container image, we can just use the
cache to speed up builds.

docs/developer/doit.md

@@ -44,20 +44,6 @@ doit <task>
 * You can run `doit list --all -s` to see the full list of tasks, their
   dependencies, and whether they are up to date.
 * You can run `doit info <task>` to see which dependencies are missing.
-* You can change this line in `pyproject.toml` to `true`, to allow using the
-  Docker/Podman build cache:
-
-  ```
-  use_cache = true
-  ```
-
-  > [!WARNING]
-  > Using caching may speed up image builds, but is not suitable for release
-  > artifacts. The ID of our base container image (Alpine Linux) does not change
-  > that often, but its APK package index does. So, if we use caching, we risk
-  > skipping the `apk upgrade` layer and end up with packages that are days
-  > behind.
-
 * You can pass the following environment variables to the script, in order to
   affect some global parameters:
   - `CONTAINER_RUNTIME`: The container runtime to use. Either `podman` (default)

dodo.py

@@ -27,16 +27,6 @@ PARAM_APPLE_ID = {
     "help": "The Apple developer ID that will be used to sign the .dmg",
 }
 
-PARAM_USE_CACHE = {
-    "name": "use_cache",
-    "long": "use-cache",
-    "help": (
-        "Whether to use cached results or not. For reproducibility reasons,"
-        " it's best to leave it to false"
-    ),
-    "default": False,
-}
-
 ### File dependencies
 #
 # Define all the file dependencies for our tasks in a single place, since some file
@@ -205,11 +195,10 @@ def task_build_image():
 
     return {
         "actions": [
-            f"python install/common/build-image.py --use-cache=%(use_cache)s --runtime={CONTAINER_RUNTIME}",
+            f"python install/common/build-image.py --runtime={CONTAINER_RUNTIME}",
             ["cp", img_src, img_dst],
             ["cp", img_id_src, img_id_dst],
         ],
-        "params": [PARAM_USE_CACHE],
         "file_dep": IMAGE_DEPS,
         "targets": [img_src, img_dst, img_id_src, img_id_dst],
         "task_dep": ["init_release_dir", "check_container_runtime"],

install/common/build-image.py

@@ -51,9 +51,9 @@ def main():
         "--use-cache",
         type=str2bool,
         nargs="?",
-        default=False,
+        default=True,
         const=True,
-        help="Use the builder's cache to speed up the builds (not suitable for release builds)",
+        help="Use the builder's cache to speed up the builds",
     )
     args = parser.parse_args()
 

pyproject.toml

@@ -1,4 +1,4 @@
-    [tool.poetry]
+[tool.poetry]
 name = "dangerzone"
 version = "0.8.1"
 description = "Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs"
@@ -73,11 +73,6 @@ httpx = "^0.27.2"
 [tool.doit]
 verbosity = 3
 
-[tool.doit.tasks.build_image]
-# DO NOT change this to 'true' for release artifacts, else we risk building
-# images that are a few days behind. See also: docs/developer/doit.md
-use_cache = false
-
 [tool.ruff.lint]
 select = [
     # isort