1634 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Alexis Métaireau	75cd6445df	Merge 1cece70173 into d9efcd8a26	2025-04-28 17:29:54 +02:00
Alexis Métaireau	1cece70173	CI: Use a GH variable for IMAGE_URI	2025-04-28 15:09:13 +02:00
Alexis Métaireau	aca68567da	CI: Fixup for image_uri output	2025-04-28 14:35:38 +02:00
Alexis Métaireau	357ae923dd	CI: Fixup for tar creation, it was missing a dot	2025-04-28 14:33:13 +02:00
Alex Pyrgiotis	d9efcd8a26	Retain Grype ignore list from current branch ... When security scanning our poetry.lock file for the **released** Dangerzone version, retain the Grype ignore list (.grype.yaml) of the current branch, which would be otherwise overwritten by a git checkout to the latest released tag (v0.9.0 as of writing this). This way, we can instruct Grype to ignore vulnerabilities in the latest Dangerzone release.	2025-04-28 15:24:41 +03:00
Alex Pyrgiotis	a127eef9db	Ignore CVE-2025-43859 / GHSA-vqfr-h8mv-ghfj ... Ignore an h11 vulnerability that is present in the Dangerzone application released from the `v0.9.0` tag. This vulnerability reportedly affects web servers behind reverse proxies, which is not Dangerzone's case.	2025-04-28 15:22:23 +03:00
Alexis Métaireau	1dd9fc9711	CI: re-export the IMAGE_URI variable before cosign save	2025-04-28 14:16:00 +02:00
dependabot[bot]	847926f59a	build(deps-dev): bump h11 from 0.14.0 to 0.16.0 ... Bumps [h11](https://github.com/python-hyper/h11) from 0.14.0 to 0.16.0. - [Commits](https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: h11 dependency-version: 0.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-28 14:29:10 +03:00
Alexis Métaireau	ec7f6b7321	Fix Debian-derivatives installation instructions ... The way to handle the trust for a PGP key has changed in recent versions of `apt-secure` and now requires the use of PGP keys in something different than the internal GPG keybox database. When updating the CI checks, I found that there were a difference between them and the instructions that were provided in the INSTALL.md file, which was using the armored version. The instructions now require the unarmored keys, stored in a `.gpg` file, and installation of these keys differ depending on the system, using `sq` on newer distributions.	2025-04-28 10:05:18 +02:00
Alexis Métaireau	4b76250615	CI: update the key for the container.tar cache	2025-04-25 20:06:53 +02:00
Alexis Métaireau	809e72acb5	CI: FIXUP	2025-04-25 19:54:42 +02:00
Alexis Métaireau	5b2e8b3d71	CI: define the var just before using it	2025-04-25 19:50:53 +02:00
Alexis Métaireau	5cb619c22d	CI: update the way the image_uri is set	2025-04-25 19:37:37 +02:00
Alexis Métaireau	784edb83a9	CI: retrigger	2025-04-25 19:11:44 +02:00
Alexis Métaireau	7caa6cd84e	Use str for DEFAULT_PUBKEY_LOCATION	2025-04-25 18:50:27 +02:00
Alexis Métaireau	872dc97edb	CI fixup: remove duplicated var	2025-04-25 18:43:40 +02:00
Alexis Métaireau	b579a4d0c5	CI: Cache the cosign keypair	2025-04-25 18:39:45 +02:00
Alexis Métaireau	3589a27398	CI: Publish the cosign publish key as an artifact	2025-04-25 18:27:01 +02:00
Alexis Métaireau	b77583b95a	CI: Get and cache the signed container image	2025-04-25 17:50:32 +02:00
Alexis Métaireau	b78f30527c	Add image_uri output in the build-push-image workflow ... And use it when getting the container image to build `.rpm` and `.deb` packages.	2025-04-25 17:24:33 +02:00
Alexis Métaireau	59d3bba835	CI: Add an option to attach container signatures to the registry ... The `build-push-image.yml` reusable workflow can generate keypairs and sign the container images with them. This is only used by the CI, to test that a valid signature is actually detected as such.	2025-04-25 17:24:33 +02:00
Alexis Métaireau	dce91eaa26	Update the image location to track ghcr.io/freedomofpress	2025-04-22 12:55:49 +02:00
Alexis Métaireau	66b906a8ee	Fix runtime error in repro build ... Reference Docker rather than Podman in the error, otherwise it can be misleading.	2025-04-22 12:55:48 +02:00
Alexis Métaireau	06cbb13269	Use a specific error if no signatures files are found	2025-04-22 12:55:48 +02:00
Alexis Métaireau	4c9139201f	Remove duplicated python3 dependency from Dockerfile	2025-04-22 12:55:48 +02:00
Alexis Métaireau	4cedf5bf86	Skip container signature verification during the tests ... This is not required, and skipping them allows to make the whole test-suite run faster.	2025-04-22 12:55:47 +02:00
Alexis Métaireau	1079f1335b	Provide a simple function to install the shipped tarball. ... It leaves in `dangerzone.updater.install_local_container_tar()`	2025-04-22 12:55:47 +02:00
Alexis Métaireau	a5636b5e74	dangerzone.updater exposes a few funtions, constants and exceptions ... This is done to avoid looking at the internal logic of `dangerzone.updater`. Only the features that actually are part of the exposed API are exposed, and do not require deep knowledge of the updater's logic to be used.	2025-04-22 12:55:46 +02:00
Alexis Métaireau	acd8717839	Update container installation logic to allow in-place updates ... The isolation provider `install()` method is now passed a `should_upgrade` argument, which is read from the settings and represents the user decision about updates. The tests have been updated to reflect these changes.	2025-04-22 12:55:46 +02:00
Alexis Métaireau	18331d1988	Make the upgrade_container_image() callback argument optional	2025-04-22 12:55:46 +02:00
Alexis Métaireau	c9a6689271	Allow a different runtime on dangerzone-image commands. ... This can be done with the newly added `--runtime` flag, which needs to be passed to the first group, e.g: ```bash dangerzone-cli --runtime docker COMMAND ```	2025-04-22 12:55:45 +02:00
Alexis Métaireau	8d7e965553	Display the {podman,docker} pull progress when installing a new image ... The progressbars we see when using this same commands on the command line doesn't seem to be passed to the python process here, unfortunately.	2025-04-22 12:55:45 +02:00
Alexis Métaireau	bdceee53d0	Add a dangerzone-image store-signature CLI command ... This can be useful when signatures are missing from the system, for an already present image, and can be used as a way to fix user issues.	2025-04-22 12:55:45 +02:00
Alexis Métaireau	61c8f2a6ad	Replace the updater_check setting by updater_check_all ... This new setting triggers the same user prompts, but the actual meaning of it differs, since users will now be accepting to upgrade the container image rather than just checking for new releases. Changing the name of the setting will trigger this prompt for all users, effectively ensuring they want their image to be automatically upgraded.	2025-04-22 12:55:44 +02:00
Alexis Métaireau	d91a09a299	Split updater GUI code from the code checking for release updates ... The code making the actual requests and checks now lives in the `updater.releases` module. The code should be easier to read and to reason about. Tests have been updated to reflect this.	2025-04-22 12:55:44 +02:00
Alexis Métaireau	8d6e5cb8b8	Provide an is_update_available function ... This function does all the needed checks before returning `True`, making it a good external API. Under the hood, the registry now has an `is_new_remote_image_available` which is just for checking the presence of a new image, but doesn't do any verirications on it, and there is also a new `check_signatures_and_logindex` that ensures that these two are valid.	2025-04-22 12:55:44 +02:00
Alexis Métaireau	238ea527e6	Add signatures tests	2025-04-22 12:55:43 +02:00
Alexis Métaireau	6359e488e3	Check for container updates rather than using image-id.txt	2025-04-22 12:55:43 +02:00
Alexis Métaireau	53fbbc6cdf	Add documentation for independent container updates	2025-04-22 12:55:42 +02:00
Alex Pyrgiotis	27a91f9a0e	Publish and attest multi-architecture container images ... A new `dangerzone-image attest-provenance` script is now available, making it possible to verify the attestations of an image published on the github container registry. Container images are now build nightly and uploaded to the container registry.	2025-04-22 12:55:42 +02:00
Alexis Métaireau	a9fec44837	Introduce a subprocess_run utility function ... This is done to avoid forgetting windows specific arguments when calling `subprocess.run`.	2025-04-22 12:55:42 +02:00
Alexis Métaireau	a87fd4338b	Download and verify cosign signatures ... Signatures are stored in the OCI Manifest v2 registry [0], and are expected to follow the Cosign Signature Specification [0] The following CLI utilities are provided with `dangerzone-image`: For checking new container images, upgrading them and downloading them: - `upgrade` allows to upgrade the current installed image to the last one available on the OCI registry, downloading and storing the signatures in the process. - `verify-local` allows the verify the currently installed image against downloaded signatures and public key. To prepare and install archives on air-gapped environments: - `prepare-archive` helps to prepare an archive to install on another machine - `load-archive` helps upgrade the local image to the archive given in argument. Signatures are stored locally using the format provided by `cosign download signature`, and the Rekor log index is used to ensure the requested-to-install container image is fresher than the one already present on the system. [0] https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md	2025-04-22 12:55:41 +02:00
Alexis Métaireau	e1bdb75435	Add a dangerzone-image CLI script ... It contains utilities to interact with OCI registries, like getting the list of published tags and getting the content of a manifest. It does so via the use of the Docker Registry API v2 [0]. The script has been added to the `dev_scripts`, and is also installed on the system under `dangerzone-image`. [0] https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry	2025-04-16 13:11:18 +02:00
Alexis Métaireau	83be5fb151	Release container is now using the .tar format ... Update the CI check to account for it.	2025-04-14 15:08:32 +02:00
Alex Pyrgiotis	04096380ff	Include Ubuntu Plucky and Fedora 42 in our nightly repo checks	2025-04-10 12:00:15 +02:00
Alexis Métaireau	21ca927b8b	Send release notes to editorial during the release process	2025-04-09 20:55:31 +02:00
Alexis Métaireau	05040de212	Point download links to the 0.9.0 release	2025-04-09 17:08:50 +02:00
Alexis Métaireau	4014c8591b	Docs: Update the Podman Desktop docs for macOS ... In order to access our custom seccomp policy, we require it to be mounted on the podman machine. Co-Author: Alex Pyrgiotis <alex.p@freedom.press>	2025-04-09 17:04:42 +02:00
Alex Pyrgiotis	6cd706af10	windows: Minor change to uninstallation message ... Refs #1026	2025-04-09 14:26:45 +02:00
Alex Pyrgiotis	634b171b97	windows: Detect Dangerzone 0.8.1 during install ... Detect Dangerzone 0.8.1 versions during install, so that we can prompt users to manually uninstall it. Refs #929	2025-04-09 14:26:44 +02:00