mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
Fetch repro-build script
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Build dev environments / build-container-image (push) Has been cancelled
Tests / run-lint (push) Has been cancelled
Tests / build-container-image (push) Has been cancelled
Tests / Download and cache Tesseract data (push) Has been cancelled
Tests / check-reproducibility (push) Has been cancelled
Release multi-arch container image / build (linux/amd64) (push) Has been cancelled
Release multi-arch container image / build (linux/arm64) (push) Has been cancelled
Tests / windows (push) Has been cancelled
Tests / macOS (arch64) (push) Has been cancelled
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Tests / macOS (x86_64) (push) Has been cancelled
Tests / build-deb (debian bookworm) (push) Has been cancelled
Tests / build-deb (debian bullseye) (push) Has been cancelled
Tests / build-deb (debian trixie) (push) Has been cancelled
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Tests / install-deb (debian bookworm) (push) Has been cancelled
Tests / install-deb (debian bullseye) (push) Has been cancelled
Tests / install-deb (debian trixie) (push) Has been cancelled
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Tests / run tests (debian bookworm) (push) Has been cancelled
Tests / run tests (debian bullseye) (push) Has been cancelled
Tests / run tests (debian trixie) (push) Has been cancelled
Tests / run tests (fedora 40) (push) Has been cancelled
Tests / run tests (fedora 41) (push) Has been cancelled
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Release multi-arch container image / merge (push) Has been cancelled
Release multi-arch container image / provenance (push) Has been cancelled
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Build dev environments / build-container-image (push) Has been cancelled
Tests / run-lint (push) Has been cancelled
Tests / build-container-image (push) Has been cancelled
Tests / Download and cache Tesseract data (push) Has been cancelled
Tests / check-reproducibility (push) Has been cancelled
Release multi-arch container image / build (linux/amd64) (push) Has been cancelled
Release multi-arch container image / build (linux/arm64) (push) Has been cancelled
Tests / windows (push) Has been cancelled
Tests / macOS (arch64) (push) Has been cancelled
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Tests / macOS (x86_64) (push) Has been cancelled
Tests / build-deb (debian bookworm) (push) Has been cancelled
Tests / build-deb (debian bullseye) (push) Has been cancelled
Tests / build-deb (debian trixie) (push) Has been cancelled
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Tests / install-deb (debian bookworm) (push) Has been cancelled
Tests / install-deb (debian bullseye) (push) Has been cancelled
Tests / install-deb (debian trixie) (push) Has been cancelled
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Tests / run tests (debian bookworm) (push) Has been cancelled
Tests / run tests (debian bullseye) (push) Has been cancelled
Tests / run tests (debian trixie) (push) Has been cancelled
Tests / run tests (fedora 40) (push) Has been cancelled
Tests / run tests (fedora 41) (push) Has been cancelled
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Release multi-arch container image / merge (push) Has been cancelled
Release multi-arch container image / provenance (push) Has been cancelled
This commit is contained in:
Alex Pyrgiotis
parent
b560159d08
commit
ee4c03800e
3 changed files with 23 additions and 23 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -146,7 +146,7 @@ tests/test_docs/**/*-safe.pdf
|
||||||
tests/test_docs_large/
|
tests/test_docs_large/
|
||||||
install/windows/Dangerzone.wxs
|
install/windows/Dangerzone.wxs
|
||||||
share/container.tar
|
share/container.tar
|
||||||
share/container.tar.gz
|
share/container.tar.*
|
||||||
share/image-id.txt
|
share/image-id.txt
|
||||||
container/container-pip-requirements.txt
|
container/container-pip-requirements.txt
|
||||||
.doit.db.db
|
.doit.db.db
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,5 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
###################
|
|
||||||
# Copied from:
|
|
||||||
# https://github.com/freedomofpress/repro-build/blob/8f85db91a5595bf29d9ba22f6021aca77c1037a8/repro-build
|
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import datetime
|
import datetime
|
||||||
import hashlib
|
import hashlib
|
||||||
|
|
@ -35,7 +31,7 @@ DEFAULT_BUILDKIT_IMAGE_ROOTLESS = "moby/buildkit:v0.19.0-rootless@sha256:e901cff
|
||||||
|
|
||||||
MSG_BUILD_CTX = """Build environment:
|
MSG_BUILD_CTX = """Build environment:
|
||||||
- Container runtime: {runtime}
|
- Container runtime: {runtime}
|
||||||
- Buildkit image: {buildkit_image}
|
- BuildKit image: {buildkit_image}
|
||||||
- Rootless support: {rootless}
|
- Rootless support: {rootless}
|
||||||
- Caching enabled: {use_cache}
|
- Caching enabled: {use_cache}
|
||||||
- Build context: {context}
|
- Build context: {context}
|
||||||
|
|
@ -49,7 +45,7 @@ Build parameters:
|
||||||
- Platform: {platform}
|
- Platform: {platform}
|
||||||
|
|
||||||
Podman-only arguments:
|
Podman-only arguments:
|
||||||
- Buildkit arguments: {buildkit_args}
|
- BuildKit arguments: {buildkit_args}
|
||||||
|
|
||||||
Docker-only arguments:
|
Docker-only arguments:
|
||||||
- Docker Buildx arguments: {buildx_args}
|
- Docker Buildx arguments: {buildx_args}
|
||||||
|
|
@ -133,7 +129,8 @@ def parse_sde(args) -> str:
|
||||||
|
|
||||||
if dt is not None:
|
if dt is not None:
|
||||||
d = datetime.datetime.fromisoformat(dt)
|
d = datetime.datetime.fromisoformat(dt)
|
||||||
# If the datetime is naive, assume its timezone is UTC. The check is taken from:
|
# If the datetime is naive, assume its timezone is UTC. The check is
|
||||||
|
# taken from:
|
||||||
# https://docs.python.org/3/library/datetime.html#determining-if-an-object-is-aware-or-naive
|
# https://docs.python.org/3/library/datetime.html#determining-if-an-object-is-aware-or-naive
|
||||||
if d.tzinfo is None or d.tzinfo.utcoffset(d) is None:
|
if d.tzinfo is None or d.tzinfo.utcoffset(d) is None:
|
||||||
d = d.replace(tzinfo=datetime.timezone.utc)
|
d = d.replace(tzinfo=datetime.timezone.utc)
|
||||||
|
|
@ -159,7 +156,7 @@ def parse_buildkit_args(args, runtime: str) -> str:
|
||||||
return []
|
return []
|
||||||
|
|
||||||
if runtime != "podman":
|
if runtime != "podman":
|
||||||
raise RuntimeError("Cannot specify Buildkit arguments using the Podman runtime")
|
raise RuntimeError("Cannot specify BuildKit arguments using the Podman runtime")
|
||||||
|
|
||||||
return shlex.split(args.buildkit_args)
|
return shlex.split(args.buildkit_args)
|
||||||
|
|
||||||
|
|
@ -227,6 +224,12 @@ def oci_get_file_from_tarball(tar: tarfile.TarFile, path: str) -> dict:
|
||||||
|
|
||||||
|
|
||||||
def oci_parse_manifest(tar: tarfile.TarFile, path: str, platform: dict | None) -> dict:
|
def oci_parse_manifest(tar: tarfile.TarFile, path: str, platform: dict | None) -> dict:
|
||||||
|
"""Parse manifest information in JSON format.
|
||||||
|
|
||||||
|
Interestingly, the platform info for a manifest is not included in the
|
||||||
|
manifest itself, but in the descriptor that points to it. So, we have to
|
||||||
|
carry it from the previous manifest and include in the info here.
|
||||||
|
"""
|
||||||
path = oci_normalize_path(path)
|
path = oci_normalize_path(path)
|
||||||
contents = tar.extractfile(path).read().decode()
|
contents = tar.extractfile(path).read().decode()
|
||||||
digest = "sha256:" + hashlib.sha256(contents.encode()).hexdigest()
|
digest = "sha256:" + hashlib.sha256(contents.encode()).hexdigest()
|
||||||
|
|
@ -304,6 +307,8 @@ def podman_build(
|
||||||
if dockerfile:
|
if dockerfile:
|
||||||
dockerfile_args_podman = ["-v", f"{dockerfile}:/tmp/Dockerfile"]
|
dockerfile_args_podman = ["-v", f"{dockerfile}:/tmp/Dockerfile"]
|
||||||
dockerfile_args_buildkit = ["--local", "dockerfile=/tmp"]
|
dockerfile_args_buildkit = ["--local", "dockerfile=/tmp"]
|
||||||
|
else:
|
||||||
|
dockerfile_args_buildkit = ["--local", "dockerfile=/tmp/work"]
|
||||||
|
|
||||||
tag_args = f",name={tag}" if tag else ""
|
tag_args = f",name={tag}" if tag else ""
|
||||||
|
|
||||||
|
|
@ -348,7 +353,7 @@ def podman_build(
|
||||||
f"build-arg:SOURCE_DATE_EPOCH={sde}",
|
f"build-arg:SOURCE_DATE_EPOCH={sde}",
|
||||||
*_build_args,
|
*_build_args,
|
||||||
"--output",
|
"--output",
|
||||||
f"type=oci,dest=/tmp/image/{output.name},rewrite-timestamp=true{tag_args}",
|
f"type=docker,dest=/tmp/image/{output.name},rewrite-timestamp=true{tag_args}",
|
||||||
*cache_args,
|
*cache_args,
|
||||||
*dockerfile_args_buildkit,
|
*dockerfile_args_buildkit,
|
||||||
*platform_args,
|
*platform_args,
|
||||||
|
|
@ -406,7 +411,7 @@ def docker_build(
|
||||||
"--provenance",
|
"--provenance",
|
||||||
"false",
|
"false",
|
||||||
"--output",
|
"--output",
|
||||||
f"type=oci,dest={output},rewrite-timestamp=true",
|
f"type=docker,dest={output},rewrite-timestamp=true",
|
||||||
*cache_args,
|
*cache_args,
|
||||||
*tag_args,
|
*tag_args,
|
||||||
*dockerfile_args,
|
*dockerfile_args,
|
||||||
|
|
@ -527,7 +532,7 @@ def define_build_cmd_args(parser: argparse.ArgumentParser) -> None:
|
||||||
metavar="NAME:TAG@DIGEST",
|
metavar="NAME:TAG@DIGEST",
|
||||||
default=None,
|
default=None,
|
||||||
help=(
|
help=(
|
||||||
"The Buildkit container image which will be used for building the"
|
"The BuildKit container image which will be used for building the"
|
||||||
" reproducible container image. Make sure to pass the '-rootless'"
|
" reproducible container image. Make sure to pass the '-rootless'"
|
||||||
" variant if you are using rootless Podman"
|
" variant if you are using rootless Podman"
|
||||||
" (default: docker.io/moby/buildkit:v0.19.0)"
|
" (default: docker.io/moby/buildkit:v0.19.0)"
|
||||||
|
|
@ -551,7 +556,7 @@ def define_build_cmd_args(parser: argparse.ArgumentParser) -> None:
|
||||||
"--rootless",
|
"--rootless",
|
||||||
default=False,
|
default=False,
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="Run Buildkit in rootless mode (Podman only)",
|
help="Run BuildKit in rootless mode (Podman only)",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"-f",
|
"-f",
|
||||||
|
|
@ -585,13 +590,13 @@ def define_build_cmd_args(parser: argparse.ArgumentParser) -> None:
|
||||||
"--platform",
|
"--platform",
|
||||||
metavar="PLAT1,PLAT2",
|
metavar="PLAT1,PLAT2",
|
||||||
default=None,
|
default=None,
|
||||||
help="Set platform if server is multi-platform capable",
|
help="Set platform for the image",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"--buildkit-args",
|
"--buildkit-args",
|
||||||
metavar="'ARG1 ARG2'",
|
metavar="'ARG1 ARG2'",
|
||||||
default=None,
|
default=None,
|
||||||
help="Extra arguments for Buildkit (Podman only)",
|
help="Extra arguments for BuildKit (Podman only)",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"--buildx-args",
|
"--buildx-args",
|
||||||
|
|
|
||||||
|
|
@ -78,11 +78,6 @@ def main():
|
||||||
help="Path to store the container image",
|
help="Path to store the container image",
|
||||||
)
|
)
|
||||||
# parser.add_argument(
|
# parser.add_argument(
|
||||||
# "--buildx",
|
|
||||||
# action="store_true",
|
|
||||||
# help="Use the buildx platform of Docker or Podman",
|
|
||||||
# )
|
|
||||||
# parser.add_argument(
|
|
||||||
# "--compress-level",
|
# "--compress-level",
|
||||||
# type=int,
|
# type=int,
|
||||||
# choices=range(0, 10),
|
# choices=range(0, 10),
|
||||||
|
|
@ -116,8 +111,8 @@ def main():
|
||||||
)
|
)
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
tag = args.tag or determine_git_tag()
|
tag = args.tag or f"{args.debian_archive_date}-{determine_git_tag()}"
|
||||||
image_name_tagged = f"{IMAGE_NAME}:{args.debian_archive_date}-{tag}"
|
image_name_tagged = f"{IMAGE_NAME}:{tag}"
|
||||||
|
|
||||||
print(f"Will tag the container image as '{image_name_tagged}'")
|
print(f"Will tag the container image as '{image_name_tagged}'")
|
||||||
image_id_path = Path("share") / "image-id.txt"
|
image_id_path = Path("share") / "image-id.txt"
|
||||||
|
|
@ -129,7 +124,7 @@ def main():
|
||||||
print("Building container image")
|
print("Building container image")
|
||||||
cache_args = [] if args.use_cache else ["--no-cache"]
|
cache_args = [] if args.use_cache else ["--no-cache"]
|
||||||
platform_args = [] if not args.platform else ["--platform", args.platform]
|
platform_args = [] if not args.platform else ["--platform", args.platform]
|
||||||
# rootless_args = [] if args.runtime == "docker" else ["--rootless"]
|
rootless_args = [] if args.runtime == "docker" else ["--rootless"]
|
||||||
rootless_args = []
|
rootless_args = []
|
||||||
dry_args = [] if not args.dry else ["--dry"]
|
dry_args = [] if not args.dry else ["--dry"]
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue