mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
Make our image reproducible
Some checks are pending
Build dev environments / Build dev-env (debian-bookworm) (push) Waiting to run
Build dev environments / Build dev-env (debian-bullseye) (push) Waiting to run
Build dev environments / Build dev-env (debian-trixie) (push) Waiting to run
Build dev environments / Build dev-env (fedora-40) (push) Waiting to run
Build dev environments / Build dev-env (fedora-41) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-20.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-22.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-24.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-24.10) (push) Waiting to run
Build dev environments / build-container-image (push) Waiting to run
Tests / run-lint (push) Waiting to run
Tests / build-container-image (push) Waiting to run
Tests / Download and cache Tesseract data (push) Waiting to run
Tests / windows (push) Blocked by required conditions
Tests / macOS (arch64) (push) Blocked by required conditions
Tests / macOS (x86_64) (push) Blocked by required conditions
Tests / build-deb (debian bookworm) (push) Blocked by required conditions
Tests / build-deb (debian bullseye) (push) Blocked by required conditions
Tests / build-deb (debian trixie) (push) Blocked by required conditions
Tests / build-deb (ubuntu 20.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 22.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 24.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 24.10) (push) Blocked by required conditions
Tests / install-deb (debian bookworm) (push) Blocked by required conditions
Tests / install-deb (debian bullseye) (push) Blocked by required conditions
Tests / install-deb (debian trixie) (push) Blocked by required conditions
Tests / install-deb (ubuntu 20.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 22.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 24.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 24.10) (push) Blocked by required conditions
Tests / build-install-rpm (fedora 40) (push) Blocked by required conditions
Tests / build-install-rpm (fedora 41) (push) Blocked by required conditions
Tests / run tests (debian bookworm) (push) Blocked by required conditions
Tests / run tests (debian bullseye) (push) Blocked by required conditions
Tests / run tests (debian trixie) (push) Blocked by required conditions
Tests / run tests (fedora 40) (push) Blocked by required conditions
Tests / run tests (fedora 41) (push) Blocked by required conditions
Tests / run tests (ubuntu 20.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 22.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 24.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 24.10) (push) Blocked by required conditions
Tests / check-reproducibility (push) Waiting to run
Release multi-arch container image / build (linux/amd64) (push) Waiting to run
Release multi-arch container image / build (linux/arm64) (push) Waiting to run
Release multi-arch container image / merge (push) Blocked by required conditions
Release multi-arch container image / provenance (push) Blocked by required conditions
Some checks are pending
Build dev environments / Build dev-env (debian-bookworm) (push) Waiting to run
Build dev environments / Build dev-env (debian-bullseye) (push) Waiting to run
Build dev environments / Build dev-env (debian-trixie) (push) Waiting to run
Build dev environments / Build dev-env (fedora-40) (push) Waiting to run
Build dev environments / Build dev-env (fedora-41) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-20.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-22.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-24.04) (push) Waiting to run
Build dev environments / Build dev-env (ubuntu-24.10) (push) Waiting to run
Build dev environments / build-container-image (push) Waiting to run
Tests / run-lint (push) Waiting to run
Tests / build-container-image (push) Waiting to run
Tests / Download and cache Tesseract data (push) Waiting to run
Tests / windows (push) Blocked by required conditions
Tests / macOS (arch64) (push) Blocked by required conditions
Tests / macOS (x86_64) (push) Blocked by required conditions
Tests / build-deb (debian bookworm) (push) Blocked by required conditions
Tests / build-deb (debian bullseye) (push) Blocked by required conditions
Tests / build-deb (debian trixie) (push) Blocked by required conditions
Tests / build-deb (ubuntu 20.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 22.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 24.04) (push) Blocked by required conditions
Tests / build-deb (ubuntu 24.10) (push) Blocked by required conditions
Tests / install-deb (debian bookworm) (push) Blocked by required conditions
Tests / install-deb (debian bullseye) (push) Blocked by required conditions
Tests / install-deb (debian trixie) (push) Blocked by required conditions
Tests / install-deb (ubuntu 20.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 22.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 24.04) (push) Blocked by required conditions
Tests / install-deb (ubuntu 24.10) (push) Blocked by required conditions
Tests / build-install-rpm (fedora 40) (push) Blocked by required conditions
Tests / build-install-rpm (fedora 41) (push) Blocked by required conditions
Tests / run tests (debian bookworm) (push) Blocked by required conditions
Tests / run tests (debian bullseye) (push) Blocked by required conditions
Tests / run tests (debian trixie) (push) Blocked by required conditions
Tests / run tests (fedora 40) (push) Blocked by required conditions
Tests / run tests (fedora 41) (push) Blocked by required conditions
Tests / run tests (ubuntu 20.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 22.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 24.04) (push) Blocked by required conditions
Tests / run tests (ubuntu 24.10) (push) Blocked by required conditions
Tests / check-reproducibility (push) Waiting to run
Release multi-arch container image / build (linux/amd64) (push) Waiting to run
Release multi-arch container image / build (linux/arm64) (push) Waiting to run
Release multi-arch container image / merge (push) Blocked by required conditions
Release multi-arch container image / provenance (push) Blocked by required conditions
This commit is contained in:
Alex Pyrgiotis
parent
6c96d98c44
commit
fd782802ff
2 changed files with 30 additions and 15 deletions
24
Dockerfile
24
Dockerfile
|
|
@ -1,6 +1,3 @@
|
||||||
#FROM alpine
|
|
||||||
|
|
||||||
#RUN touch shite
|
|
||||||
# NOTE: Updating the packages to their latest versions requires bumping the
|
# NOTE: Updating the packages to their latest versions requires bumping the
|
||||||
# Dockerfile args below. For more info about this file, read
|
# Dockerfile args below. For more info about this file, read
|
||||||
# docs/developer/reproducibility.md.
|
# docs/developer/reproducibility.md.
|
||||||
|
|
@ -174,15 +171,27 @@ RUN mkdir /home/dangerzone/.containers
|
||||||
|
|
||||||
# Create the filesystem hierarchy that will be used to symlink /usr.
|
# Create the filesystem hierarchy that will be used to symlink /usr.
|
||||||
|
|
||||||
RUN mkdir /new_root
|
RUN mkdir -p \
|
||||||
RUN mkdir /new_root/root /new_root/run /new_root/tmp
|
/new_root \
|
||||||
RUN chmod 777 /new_root/tmp
|
/new_root/root \
|
||||||
|
/new_root/run \
|
||||||
|
/new_root/tmp \
|
||||||
|
/new_root/home/dangerzone/dangerzone-image/rootfs
|
||||||
|
|
||||||
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
||||||
RUN ln -s usr/bin /new_root/bin
|
RUN ln -s usr/bin /new_root/bin
|
||||||
RUN ln -s usr/lib /new_root/lib
|
RUN ln -s usr/lib /new_root/lib
|
||||||
RUN ln -s usr/lib64 /new_root/lib64
|
RUN ln -s usr/lib64 /new_root/lib64
|
||||||
RUN ln -s usr/sbin /new_root/sbin
|
RUN ln -s usr/sbin /new_root/sbin
|
||||||
|
|
||||||
|
# Fix permissions in /home/dangerzone, so that our entrypoint script can make
|
||||||
|
# changes in the following folders.
|
||||||
|
RUN chown dangerzone:dangerzone \
|
||||||
|
/new_root/home/dangerzone \
|
||||||
|
/new_root/home/dangerzone/dangerzone-image/
|
||||||
|
# Fix permissions in /tmp, so that it can be used by unprivileged users.
|
||||||
|
RUN chmod 777 /new_root/tmp
|
||||||
|
|
||||||
## Final image
|
## Final image
|
||||||
|
|
||||||
FROM scratch
|
FROM scratch
|
||||||
|
|
@ -203,9 +212,6 @@ RUN ln -s usr/lib64 /home/dangerzone/dangerzone-image/rootfs/lib64
|
||||||
COPY --from=dangerzone-image /etc/ /etc/
|
COPY --from=dangerzone-image /etc/ /etc/
|
||||||
COPY --from=dangerzone-image /var/ /var/
|
COPY --from=dangerzone-image /var/ /var/
|
||||||
|
|
||||||
# Allow our entrypoint script to make changes in the following folders.
|
|
||||||
RUN chown dangerzone:dangerzone /home/dangerzone /home/dangerzone/dangerzone-image/
|
|
||||||
|
|
||||||
# Switch to the dangerzone user for the rest of the script.
|
# Switch to the dangerzone user for the rest of the script.
|
||||||
USER dangerzone
|
USER dangerzone
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -171,15 +171,27 @@ RUN mkdir /home/dangerzone/.containers
|
||||||
|
|
||||||
# Create the filesystem hierarchy that will be used to symlink /usr.
|
# Create the filesystem hierarchy that will be used to symlink /usr.
|
||||||
|
|
||||||
RUN mkdir /new_root
|
RUN mkdir -p \
|
||||||
RUN mkdir /new_root/root /new_root/run /new_root/tmp
|
/new_root \
|
||||||
RUN chmod 777 /new_root/tmp
|
/new_root/root \
|
||||||
|
/new_root/run \
|
||||||
|
/new_root/tmp \
|
||||||
|
/new_root/home/dangerzone/dangerzone-image/rootfs
|
||||||
|
|
||||||
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
||||||
RUN ln -s usr/bin /new_root/bin
|
RUN ln -s usr/bin /new_root/bin
|
||||||
RUN ln -s usr/lib /new_root/lib
|
RUN ln -s usr/lib /new_root/lib
|
||||||
RUN ln -s usr/lib64 /new_root/lib64
|
RUN ln -s usr/lib64 /new_root/lib64
|
||||||
RUN ln -s usr/sbin /new_root/sbin
|
RUN ln -s usr/sbin /new_root/sbin
|
||||||
|
|
||||||
|
# Fix permissions in /home/dangerzone, so that our entrypoint script can make
|
||||||
|
# changes in the following folders.
|
||||||
|
RUN chown dangerzone:dangerzone \
|
||||||
|
/new_root/home/dangerzone \
|
||||||
|
/new_root/home/dangerzone/dangerzone-image/
|
||||||
|
# Fix permissions in /tmp, so that it can be used by unprivileged users.
|
||||||
|
RUN chmod 777 /new_root/tmp
|
||||||
|
|
||||||
## Final image
|
## Final image
|
||||||
|
|
||||||
FROM scratch
|
FROM scratch
|
||||||
|
|
@ -200,9 +212,6 @@ RUN ln -s usr/lib64 /home/dangerzone/dangerzone-image/rootfs/lib64
|
||||||
COPY --from=dangerzone-image /etc/ /etc/
|
COPY --from=dangerzone-image /etc/ /etc/
|
||||||
COPY --from=dangerzone-image /var/ /var/
|
COPY --from=dangerzone-image /var/ /var/
|
||||||
|
|
||||||
# Allow our entrypoint script to make changes in the following folders.
|
|
||||||
RUN chown dangerzone:dangerzone /home/dangerzone /home/dangerzone/dangerzone-image/
|
|
||||||
|
|
||||||
# Switch to the dangerzone user for the rest of the script.
|
# Switch to the dangerzone user for the rest of the script.
|
||||||
USER dangerzone
|
USER dangerzone
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue