almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Add the ability to download diffoci for multiple platforms
Some checks are pending
Tests / run-lint (push) Waiting to run
Details
Build dev environments / Build dev-env (debian-bookworm) (push) Waiting to run
Details
Build dev environments / Build dev-env (debian-bullseye) (push) Waiting to run
Details
Build dev environments / Build dev-env (debian-trixie) (push) Waiting to run
Details
Build dev environments / Build dev-env (fedora-40) (push) Waiting to run
Details
Build dev environments / Build dev-env (fedora-41) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-20.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-22.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-24.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-24.10) (push) Waiting to run
Details
Build dev environments / build-container-image (push) Waiting to run
Details
Tests / windows (push) Blocked by required conditions
Details
Tests / run tests (fedora 40) (push) Blocked by required conditions
Details
Tests / run tests (fedora 41) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 24.10) (push) Blocked by required conditions
Details
Tests / check-reproducibility (push) Waiting to run
Details
Tests / build-container-image (push) Waiting to run
Details
Tests / Download and cache Tesseract data (push) Waiting to run
Details
Tests / macOS (arch64) (push) Blocked by required conditions
Details
Tests / macOS (x86_64) (push) Blocked by required conditions
Details
Tests / build-deb (debian bookworm) (push) Blocked by required conditions
Details
Tests / build-deb (debian bullseye) (push) Blocked by required conditions
Details
Tests / build-deb (debian trixie) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 24.10) (push) Blocked by required conditions
Details
Tests / install-deb (debian bookworm) (push) Blocked by required conditions
Details
Tests / install-deb (debian bullseye) (push) Blocked by required conditions
Details
Tests / install-deb (debian trixie) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 24.10) (push) Blocked by required conditions
Details
Tests / build-install-rpm (fedora 40) (push) Blocked by required conditions
Details
Tests / build-install-rpm (fedora 41) (push) Blocked by required conditions
Details
Tests / run tests (debian bookworm) (push) Blocked by required conditions
Details
Tests / run tests (debian bullseye) (push) Blocked by required conditions
Details
Tests / run tests (debian trixie) (push) Blocked by required conditions
Details
Release multi-arch container image / build (linux/amd64) (push) Waiting to run
Details
Release multi-arch container image / build (linux/arm64) (push) Waiting to run
Details
Release multi-arch container image / merge (push) Blocked by required conditions
Details
Release multi-arch container image / provenance (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Alexis Métaireau 2025-02-05 18:06:53 +01:00
parent 69f4d296ec
commit c96c0d6eed
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
dev_scripts/reproduce-image.py
View file

@ -4,6 +4,7 @@ import argparse
import hashlib import hashlib
import logging import logging
import pathlib import pathlib
import platform
import stat import stat
import subprocess import subprocess
import sys import sys
@ -11,8 +12,20 @@ import urllib.request
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
DIFFOCI_URL = "https://github.com/reproducible-containers/diffoci/releases/download/v0.1.5/diffoci-v0.1.5.linux-amd64" DIFFOCI_VERSION = "v0.1.5"
DIFFOCI_CHECKSUM = "01d25fe690196945a6bd510d30559338aa489c034d3a1b895a0d82a4b860698f" # https://github.com/reproducible-containers/diffoci/releases/download/v0.1.5/SHA256SUMS
DIFFOCI_CHECKSUMS = """
ae171821b18c3b9e5cd1953323e79fe5ec1e972e9586474b18227b2cd052e695 diffoci-v0.1.5.darwin-amd64
fadabdac9be45fb3dfe2a53986422e53dcc6e1fdc8062713c5760e8959a37c2b diffoci-v0.1.5.darwin-arm64
01d25fe690196945a6bd510d30559338aa489c034d3a1b895a0d82a4b860698f diffoci-v0.1.5.linux-amd64
5cbc5d13b51183e2988ee0f406d428eb846d51b7c2c12ae17d0775371f43103e diffoci-v0.1.5.linux-arm-v7
2d067bd1af8a26b2c206c6bf2bde9bcb21062ddb5dc575e110e0e1a93d0d065f diffoci-v0.1.5.linux-arm64
0923f0c01f270c596fea9f84e529af958d6caba3fa0f6bf4f03df2a12f23b3fc diffoci-v0.1.5.linux-ppc64le
5821cbc299a90caa167c3a91465292907077ca1123375f88165a842b8970e710 diffoci-v0.1.5.linux-riscv64
917d7f23d2bd8fcc755cb2f722fc50ffd83389e04838c3b6e9c3463ea96a9be1 diffoci-v0.1.5.linux-s390x
"""
DIFFOCI_URL = "https://github.com/reproducible-containers/diffoci/releases/download/{version}/diffoci-{version}.{arch}"
DIFFOCI_PATH = ( DIFFOCI_PATH = (
pathlib.Path.home() / ".local" / "share" / "dangerzone-dev" / "helpers" / "diffoci" pathlib.Path.home() / ".local" / "share" / "dangerzone-dev" / "helpers" / "diffoci"
) )
@ -44,12 +57,31 @@ def git_verify(commit, source):
) )
def get_platform_arch():
system = platform.system().lower()
arch = platform.machine().lower()
if arch == "x86_64":
arch = "amd64"
return f"{system}-{arch}"
def parse_checksums():
lines = [
line.replace(f"diffoci-{DIFFOCI_VERSION}.", "").split(" ")
for line in DIFFOCI_CHECKSUMS.split("\n")
if line
]
return {arch: checksum for checksum, arch in lines}
def diffoci_hash_matches(diffoci): def diffoci_hash_matches(diffoci):
"""Check if the hash of the downloaded diffoci bin matches the expected one.""" """Check if the hash of the downloaded diffoci bin matches the expected one."""
arch = get_platform_arch()
expected_checksum = parse_checksums().get(arch)
m = hashlib.sha256() m = hashlib.sha256()
m.update(diffoci) m.update(diffoci)
diffoci_checksum = m.hexdigest() diffoci_checksum = m.hexdigest()
return diffoci_checksum == DIFFOCI_CHECKSUM return diffoci_checksum == expected_checksum
def diffoci_is_installed(): def diffoci_is_installed():
@ -66,7 +98,9 @@ def diffoci_is_installed():
def diffoci_download(): def diffoci_download():
"""Download the diffoci tool, based on a URL and its checksum.""" """Download the diffoci tool, based on a URL and its checksum."""
with urllib.request.urlopen(DIFFOCI_URL) as f: download_url = DIFFOCI_URL.format(version=DIFFOCI_VERSION, arch=get_platform_arch())
logger.info(f"Downloading diffoci helper from {download_url}")
with urllib.request.urlopen(download_url) as f:
diffoci_bin = f.read() diffoci_bin = f.read()
if not diffoci_hash_matches(diffoci_bin): if not diffoci_hash_matches(diffoci_bin):
@ -153,7 +187,6 @@ def main():
git_verify(commit, args.source) git_verify(commit, args.source)
if not diffoci_is_installed(): if not diffoci_is_installed():
logger.info(f"Downloading diffoci helper from {DIFFOCI_URL}")
diffoci_download() diffoci_download()
tag = f"reproduce-{commit}" tag = f"reproduce-{commit}"