almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Update the docs
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Details
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Details
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Details
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Details
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Details
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Details
Build dev environments / build-container-image (push) Has been cancelled
Details
Tests / run-lint (push) Has been cancelled
Details
Tests / build-container-image (push) Has been cancelled
Details
Tests / Download and cache Tesseract data (push) Has been cancelled
Details
Tests / check-reproducibility (push) Has been cancelled
Details
Release multi-arch container image / build (linux/amd64) (push) Has been cancelled
Details
Release multi-arch container image / build (linux/arm64) (push) Has been cancelled
Details
Tests / windows (push) Has been cancelled
Details
Tests / macOS (arch64) (push) Has been cancelled
Details
Tests / macOS (x86_64) (push) Has been cancelled
Details
Tests / build-deb (debian bookworm) (push) Has been cancelled
Details
Tests / build-deb (debian bullseye) (push) Has been cancelled
Details
Tests / build-deb (debian trixie) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / install-deb (debian bookworm) (push) Has been cancelled
Details
Tests / install-deb (debian bullseye) (push) Has been cancelled
Details
Tests / install-deb (debian trixie) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Details
Tests / run tests (debian bookworm) (push) Has been cancelled
Details
Tests / run tests (debian bullseye) (push) Has been cancelled
Details
Tests / run tests (debian trixie) (push) Has been cancelled
Details
Tests / run tests (fedora 40) (push) Has been cancelled
Details
Tests / run tests (fedora 41) (push) Has been cancelled
Details
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Details
Release multi-arch container image / merge (push) Has been cancelled
Details
Release multi-arch container image / provenance (push) Has been cancelled
Details

Browse source
This commit is contained in:
Alexis Métaireau 2025-02-11 17:43:05 +01:00
parent 769a78dd27
commit a647485fdb
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
docs/developer/independent-container-updates.md
View file

@ -22,13 +22,13 @@ In case of sucess, it will report back:
``` ```
🎉 Successfully verified image 🎉 Successfully verified image
'ghcr.io/freedomofpress/dangerzone/dangerzone:20250129-0.8.0-149-gbf2f5ac@sha256:4da441235e84e93518778827a5c5745d532d7a4079886e1647924bee7ef1c14d' 'ghcr.io/freedomofpress/dangerzone/dangerzone:<tag>@sha256:<digest>'
and its associated claims: and its associated claims:
- ✅ SLSA Level 3 provenance - ✅ SLSA Level 3 provenance
- ✅ GitHub repo: apyrgio/dangerzone - ✅ GitHub repo: freedomofpress/dangerzone
- ✅ GitHub actions workflow: .github/workflows/multi_arch_build.yml - ✅ GitHub actions workflow: <workflow>
- ✅ Git branch: test/multi-arch - ✅ Git branch: <branch>
- ✅ Git commit: bf2f5accc24bd15a4f5c869a7f0b03b8fe48dfb6 - ✅ Git commit: <commit>
``` ```
## Sign and publish the remote image ## Sign and publish the remote image
@ -37,11 +37,11 @@ Once the image has been reproduced locally, we can add a signature to the contai
and update the `latest` tag to point to the proper hash. and update the `latest` tag to point to the proper hash.
```bash ```bash
cosign sign --sk ghcr.io/freedomofpress/dangerzone/dangerzone:20250129-0.8.0-149-gbf2f5ac@sha256:4da441235e84e93518778827a5c5745d532d7a4079886e1647924bee7ef1c14d cosign sign --sk ghcr.io/freedomofpress/dangerzone/dangerzone:${TAG}@sha256:${DIGEST}
# And mark bump latest # And mark bump latest
crane auth login ghcr.io -u USERNAME --password $(cat pat_token) crane auth login ghcr.io -u USERNAME --password $(cat pat_token)
crane tag ghcr.io/freedomofpress/dangerzone/dangerzone@sha256:4da441235e84e93518778827a5c5745d532d7a4079886e1647924bee7ef1c14d latest crane tag ghcr.io/freedomofpress/dangerzone/dangerzone@sha256:${DIGEST} latest
``` ```
## Install updates ## Install updates
@ -49,7 +49,7 @@ crane tag ghcr.io/freedomofpress/dangerzone/dangerzone@sha256:4da441235e84e93518
To check if a new container image has been released, and update your local installation with it, you can use the following commands: To check if a new container image has been released, and update your local installation with it, you can use the following commands:
```bash ```bash
dangerzone-image upgrade ghcr.io/almet/dangerzone/dangerzone dangerzone-image upgrade ghcr.io/freedomofpress/dangerzone/dangerzone
``` ```
## Verify locally ## Verify locally
@ -57,7 +57,7 @@ dangerzone-image upgrade ghcr.io/almet/dangerzone/dangerzone
You can verify that the image you have locally matches the stored signatures, and that these have been signed with a trusted public key: You can verify that the image you have locally matches the stored signatures, and that these have been signed with a trusted public key:
```bash ```bash
dangerzone-image verify-local ghcr.io/almet/dangerzone/dangerzone dangerzone-image verify-local ghcr.io/freedomofpress/dangerzone/dangerzone
``` ```
## Installing image updates to air-gapped environments ## Installing image updates to air-gapped environments
@ -73,7 +73,7 @@ This archive will contain all the needed material to validate that the new conta
On the machine on which you prepare the packages: On the machine on which you prepare the packages:
```bash ```bash
dangerzone-image prepare-archive --output dz-fa94872.tar ghcr.io/almet/dangerzone/dangerzone@sha256:fa948726aac29a6ac49f01ec8fbbac18522b35b2491fdf716236a0b3502a2ca7 dangerzone-image prepare-archive --output dz-fa94872.tar ghcr.io/freedomofpress/dangerzone/dangerzone@sha256:<digest>
``` ```
On the airgapped machine, copy the file and run the following command: On the airgapped machine, copy the file and run the following command: