almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

ci: Install recommended Podman packages

Browse source 
In Debian-based images, there are some Podman dependencies that are
marked as recommended, but are essential for rootless containers. These
dependencies will not be installed in our Dangerzone environments, due
to the `--no-install-recommends` flag.

Our approach was to find these dependencies through trial and error,
and hardcode them in our image. Turns out though that there are some
dependencies (e.g., `netavark`) that may be necessary in some Debian
flavors, and not others.

In order to not impact the readability of the env.py file, we prefer
installing Podman with all of its recommended packages. On one hand,
this will make the image size of our Debian-based Dangerzone
environments slightly larger, but on the other hand, it will make CI
tests less flaky.
This commit is contained in:
Alex Pyrgiotis 2023-05-24 22:28:05 +03:00
parent 14063349bb
commit 91f8f8b387
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
dev_scripts/env.py
View file

@ -71,15 +71,19 @@ RUN . /etc/os-release \
""" """
# FIXME: Do we really need the python3-venv packages? # FIXME: Do we really need the python3-venv packages?
# XXX: We install uidmap separately, because it is not a hard dependency for Podman, and
# we use --no-install-recommends.
DOCKERFILE_BUILD_DEV_DEBIAN_DEPS = r""" DOCKERFILE_BUILD_DEV_DEBIAN_DEPS = r"""
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
# NOTE: Podman has several recommended packages that are actually essential for rootless
# containers. Instead of specifying them by name, we can install Podman with all of its
# recommendations, which increases the image size, but makes the environment less flaky.
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends podman uidmap dh-python make \ && apt-get install -y podman \
build-essential fakeroot fuse-overlayfs libqt5gui5 pipx python3 python3-dev \ && rm -rf /var/lib/apt/lists/*
python3-venv python3-stdeb python3-all \ RUN apt-get update \
&& apt-get install -y --no-install-recommends dh-python make build-essential \
fakeroot libqt5gui5 pipx python3 python3-dev python3-venv python3-stdeb \
python3-all \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# NOTE: `pipx install poetry` fails on Ubuntu Focal, when installed through APT. By # NOTE: `pipx install poetry` fails on Ubuntu Focal, when installed through APT. By
# installing the latest version, we sidestep this issue. # installing the latest version, we sidestep this issue.
@ -143,7 +147,7 @@ RUN cd /home/user/dangerzone && poetry --no-ansi install
DOCKERFILE_BUILD_DEBIAN_DEPS = r""" DOCKERFILE_BUILD_DEBIAN_DEPS = r"""
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends mupdf fuse-overlayfs \ && apt-get install -y --no-install-recommends mupdf \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
""" """