almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-06 13:31:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

FIXUP: Don't require a 'latest' image tag anymore

Browse source
This commit is contained in:
Alex Pyrgiotis 2024-12-04 18:11:31 +02:00
parent 2f438c09f1
commit c0fa32b6b8
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
6 changed files with 21 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
QA.md
View file

@ -109,7 +109,6 @@ version. For example:
``` ```
$ docker images dangerzone.rocks/dangerzone $ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <image ID> <date> <size>
dangerzone.rocks/dangerzone <tag> <image ID> <date> <size> dangerzone.rocks/dangerzone <tag> <image ID> <date> <size>
``` ```
@ -121,7 +120,6 @@ and seeing the following differences:
``` ```
$ docker images dangerzone.rocks/dangerzone $ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <different ID> <newer date> <different size>
dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size> dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size>
``` ```

40
dangerzone/container_utils.py
View file

@ -1,10 +1,9 @@
import gzip import gzip
import json
import logging import logging
import platform import platform
import shutil import shutil
import subprocess import subprocess
from typing import Dict, Tuple from typing import List, Tuple
from .util import get_resource_path, get_subprocess_startupinfo from .util import get_resource_path, get_subprocess_startupinfo
from . import errors from . import errors
@ -72,36 +71,25 @@ def get_runtime() -> str:
return runtime return runtime
def list_image_tags() -> Dict[str, str]: def list_image_tags() -> List[str]:
"""Get the tags of all loaded Dangerzone images. """Get the tags of all loaded Dangerzone images.
This method returns a mapping of image tags to image IDs, for all Dangerzone This method returns a mapping of image tags to image IDs, for all Dangerzone
images. This can be useful when we want to find which are the local image tags, images. This can be useful when we want to find which are the local image tags,
and which image ID does the "latest" tag point to. and which image ID does the "latest" tag point to.
""" """
images = json.loads( return subprocess.check_output(
subprocess.check_output( [
[ get_runtime(),
get_runtime(), "image",
"image", "list",
"list", "--format",
"--format", "{{ .Tag }}",
"json", CONTAINER_NAME,
CONTAINER_NAME, ],
], text=True,
text=True, startupinfo=get_subprocess_startupinfo(),
startupinfo=get_subprocess_startupinfo(), ).strip().split()
)
)
# Grab every image name and associate it with an image ID.
tags = {}
for image in images:
for name in image["Names"]:
tag = name.split(":")[1]
tags[tag] = image["Id"]
return tags
def delete_image_tag(tag: str) -> None: def delete_image_tag(tag: str) -> None:

15
dangerzone/isolation_provider/container.py
View file

@ -81,11 +81,9 @@ class Container(IsolationProvider):
1. Get the tags of any locally available images that match Dangerzone's image 1. Get the tags of any locally available images that match Dangerzone's image
name. name.
2. Get the expected image tag from the image-id.txt file. 2. Get the expected image tag from the image-id.txt file.
- If this tag is present in the local images, and that image is also tagged - If this tag is present in the local images, then we can return.
as "latest", then we can return.
- Else, prune the older container images and continue. - Else, prune the older container images and continue.
3. Load the image tarball and make sure it matches the expected tag. 3. Load the image tarball and make sure it matches the expected tag.
4. Tag that image as "latest", and mark the installation as finished.
""" """
old_tags = container_utils.list_image_tags() old_tags = container_utils.list_image_tags()
expected_tag = container_utils.get_expected_tag() expected_tag = container_utils.get_expected_tag()
@ -95,12 +93,8 @@ class Container(IsolationProvider):
log.info( log.info(
f"Could not find a Dangerzone container image with tag '{expected_tag}'" f"Could not find a Dangerzone container image with tag '{expected_tag}'"
) )
for tag in old_tags.keys(): for tag in old_tags:
container_utils.delete_image_tag(tag) container_utils.delete_image_tag(tag)
elif old_tags[expected_tag] != old_tags.get("latest"):
log.info(f"The expected tag '{expected_tag}' is not the latest one")
container_utils.add_image_tag(expected_tag, "latest")
return True
else: else:
return True return True
@ -117,8 +111,6 @@ class Container(IsolationProvider):
" container image tarball" " container image tarball"
) )
# Mark the expected tag as "latest".
container_utils.add_image_tag(expected_tag, "latest")
return True return True
@staticmethod @staticmethod
@ -179,13 +171,14 @@ class Container(IsolationProvider):
enable_stdin = ["-i"] enable_stdin = ["-i"]
set_name = ["--name", name] set_name = ["--name", name]
prevent_leakage_args = ["--rm"] prevent_leakage_args = ["--rm"]
image_name = [container_utils.CONTAINER_NAME + ":" + container_utils.get_expected_tag()]
args = ( args = (
["run"] ["run"]
+ security_args + security_args
+ prevent_leakage_args + prevent_leakage_args
+ enable_stdin + enable_stdin
+ set_name + set_name
+ [container_utils.CONTAINER_NAME] + image_name
+ command + command
) )
args = [container_runtime] + args args = [container_runtime] + args

2
dev_scripts/qa.py
View file

@ -129,7 +129,6 @@ version. For example:
``` ```
$ docker images dangerzone.rocks/dangerzone $ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <image ID> <date> <size>
dangerzone.rocks/dangerzone <tag> <image ID> <date> <size> dangerzone.rocks/dangerzone <tag> <image ID> <date> <size>
``` ```
@ -141,7 +140,6 @@ and seeing the following differences:
``` ```
$ docker images dangerzone.rocks/dangerzone $ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <different ID> <newer date> <different size>
dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size> dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size>
``` ```

6
install/common/build-image.py
View file

@ -83,11 +83,9 @@ def main():
check=True, check=True,
) )
# Build the container image, and tag it with two tags; the one we calculated # Build the container image, and tag it with the calculated tag
# above, and the "latest" tag.
print("Building container image") print("Building container image")
cache_args = [] if args.use_cache else ["--no-cache"] cache_args = [] if args.use_cache else ["--no-cache"]
image_name_latest = IMAGE_NAME + ":latest"
subprocess.run( subprocess.run(
[ [
args.runtime, args.runtime,
@ -101,8 +99,6 @@ def main():
"-f", "-f",
"Dockerfile", "Dockerfile",
"--tag", "--tag",
image_name_latest,
"--tag",
image_name_tagged, image_name_tagged,
], ],
check=True, check=True,

6
tests/isolation_provider/test_container.py
View file

@ -61,11 +61,10 @@ class TestContainer(IsolationProviderTest):
"image", "image",
"list", "list",
"--format", "--format",
"json", "{{ .Tag }}",
"dangerzone.rocks/dangerzone", "dangerzone.rocks/dangerzone",
], ],
occurrences=2, occurrences=2,
stdout="{}",
) )
# Make podman load fail # Make podman load fail
@ -95,11 +94,10 @@ class TestContainer(IsolationProviderTest):
"image", "image",
"list", "list",
"--format", "--format",
"json", "{{ .Tag }}",
"dangerzone.rocks/dangerzone", "dangerzone.rocks/dangerzone",
], ],
occurrences=2, occurrences=2,
stdout="{}",
) )
# Patch gzip.open and podman load so that it works # Patch gzip.open and podman load so that it works