almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-06 13:31:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

FIXUP: Don't require a 'latest' image tag anymore

Browse source
This commit is contained in:
Alex Pyrgiotis 2024-12-04 18:11:31 +02:00
parent 2f438c09f1
commit c0fa32b6b8
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
6 changed files with 21 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
QA.md
View file

@ -109,7 +109,6 @@ version. For example:
```
$ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <image ID> <date> <size>
dangerzone.rocks/dangerzone <tag> <image ID> <date> <size>
```
@ -121,7 +120,6 @@ and seeing the following differences:
```
$ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <different ID> <newer date> <different size>
dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size>
```

22
dangerzone/container_utils.py
View file

@ -1,10 +1,9 @@
import gzip
import json
import logging
import platform
import shutil
import subprocess
from typing import Dict, Tuple
from typing import List, Tuple
from .util import get_resource_path, get_subprocess_startupinfo
from . import errors
@ -72,36 +71,25 @@ def get_runtime() -> str:
return runtime
def list_image_tags() -> Dict[str, str]:
def list_image_tags() -> List[str]:
"""Get the tags of all loaded Dangerzone images.
This method returns a mapping of image tags to image IDs, for all Dangerzone
images. This can be useful when we want to find which are the local image tags,
and which image ID does the "latest" tag point to.
"""
images = json.loads(
subprocess.check_output(
return subprocess.check_output(
[
get_runtime(),
"image",
"list",
"--format",
"json",
"{{ .Tag }}",
CONTAINER_NAME,
],
text=True,
startupinfo=get_subprocess_startupinfo(),
)
)
# Grab every image name and associate it with an image ID.
tags = {}
for image in images:
for name in image["Names"]:
tag = name.split(":")[1]
tags[tag] = image["Id"]
return tags
).strip().split()
def delete_image_tag(tag: str) -> None:

15
dangerzone/isolation_provider/container.py
View file

@ -81,11 +81,9 @@ class Container(IsolationProvider):
1. Get the tags of any locally available images that match Dangerzone's image
name.
2. Get the expected image tag from the image-id.txt file.
- If this tag is present in the local images, and that image is also tagged
as "latest", then we can return.
- If this tag is present in the local images, then we can return.
- Else, prune the older container images and continue.
3. Load the image tarball and make sure it matches the expected tag.
4. Tag that image as "latest", and mark the installation as finished.
"""
old_tags = container_utils.list_image_tags()
expected_tag = container_utils.get_expected_tag()
@ -95,12 +93,8 @@ class Container(IsolationProvider):
log.info(
f"Could not find a Dangerzone container image with tag '{expected_tag}'"
)
for tag in old_tags.keys():
for tag in old_tags:
container_utils.delete_image_tag(tag)
elif old_tags[expected_tag] != old_tags.get("latest"):
log.info(f"The expected tag '{expected_tag}' is not the latest one")
container_utils.add_image_tag(expected_tag, "latest")
return True
else:
return True
@ -117,8 +111,6 @@ class Container(IsolationProvider):
" container image tarball"
)
# Mark the expected tag as "latest".
container_utils.add_image_tag(expected_tag, "latest")
return True
@staticmethod
@ -179,13 +171,14 @@ class Container(IsolationProvider):
enable_stdin = ["-i"]
set_name = ["--name", name]
prevent_leakage_args = ["--rm"]
image_name = [container_utils.CONTAINER_NAME + ":" + container_utils.get_expected_tag()]
args = (
["run"]
+ security_args
+ prevent_leakage_args
+ enable_stdin
+ set_name
+ [container_utils.CONTAINER_NAME]
+ image_name
+ command
)
args = [container_runtime] + args

2
dev_scripts/qa.py
View file

@ -129,7 +129,6 @@ version. For example:
```
$ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <image ID> <date> <size>
dangerzone.rocks/dangerzone <tag> <image ID> <date> <size>
```
@ -141,7 +140,6 @@ and seeing the following differences:
```
$ docker images dangerzone.rocks/dangerzone
REPOSITORY TAG IMAGE ID CREATED SIZE
dangerzone.rocks/dangerzone latest <different ID> <newer date> <different size>
dangerzone.rocks/dangerzone <other tag> <different ID> <newer date> <different size>
```

6
install/common/build-image.py
View file

@ -83,11 +83,9 @@ def main():
check=True,
)
# Build the container image, and tag it with two tags; the one we calculated
# above, and the "latest" tag.
# Build the container image, and tag it with the calculated tag
print("Building container image")
cache_args = [] if args.use_cache else ["--no-cache"]
image_name_latest = IMAGE_NAME + ":latest"
subprocess.run(
[
args.runtime,
@ -101,8 +99,6 @@ def main():
"-f",
"Dockerfile",
"--tag",
image_name_latest,
"--tag",
image_name_tagged,
],
check=True,

6
tests/isolation_provider/test_container.py
View file

@ -61,11 +61,10 @@ class TestContainer(IsolationProviderTest):
"image",
"list",
"--format",
"json",
"{{ .Tag }}",
"dangerzone.rocks/dangerzone",
],
occurrences=2,
stdout="{}",
)
# Make podman load fail
@ -95,11 +94,10 @@ class TestContainer(IsolationProviderTest):
"image",
"list",
"--format",
"json",
"{{ .Tag }}",
"dangerzone.rocks/dangerzone",
],
occurrences=2,
stdout="{}",
)
# Patch gzip.open and podman load so that it works