1554 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Alexis Métaireau	983622fe59	Update CHANGELOG	2025-03-31 16:20:29 +02:00
Alexis Métaireau	8e99764952	Use a Runtime class to get information about container runtimes ... This is useful to avoid parsing too many times the settings.	2025-03-31 16:20:28 +02:00
Alexis Métaireau	20cd9cfc5c	Allow to define a container_runtime_path	2025-03-31 16:20:28 +02:00
Alexis Métaireau	f082641b71	Only check Docker version if the container runtime is set to docker	2025-03-31 16:20:28 +02:00
Alexis Métaireau	c0215062bc	Allow to read the container runtime from the settings ... Add a few tests for this along the way, and update the end-user messages about Docker/Podman to account for this change.	2025-03-31 16:20:28 +02:00
Alexis Métaireau	b551a4dec4	Mock the settings rather than monkeypatching external modules	2025-03-31 16:20:28 +02:00
Alexis Métaireau	5a56a7f055	Decouple the Settings class from DangerzoneCore ... No real reason to pass the whole object where what we really need is just the location of the configuration folder.	2025-03-31 16:20:28 +02:00
Alexis Métaireau	ab6dd9c01d	Use pathlib.Path to return path locations	2025-03-31 16:20:28 +02:00
Alex Pyrgiotis	dfcb74b427	Improve our release instructions regarding versioned links ... Update our `RELEASE.md` so that we don't forget to bump the download links in `INSTALL.md` prior to tagging a release. This way, we won't have a versioned `INSTALL.md` page pointing to an older download link. Note that this means that the latest version of the `INSTALL.md` page will point to a broken link, in the short period of time between the pre-release and the actual release. That's not an issue in our case, because we don't point to the latest version of our `INSTALL.md` from our `README.md`. We use versioned links instead, and thus we minimize the chance that a user may encounter a broken link. Fixes #1100	2025-03-28 15:04:05 +02:00
Alexis Métaireau	a910ccc273	Provide a way to opt-out from CHANGELOG check ... Co-authored-by: Alex Pyrgiotis <alex.p@freedom.press>	2025-03-28 13:53:05 +01:00
dependabot[bot]	d868699bab	build(deps): bump slsa-framework/slsa-github-generator ... Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-03-26 14:54:50 +01:00
Alexis Métaireau	d6adfbc6c1	Skip PDF-diffing tests when using a dummy isolation provider.	2025-03-26 11:45:46 +01:00
Alexis Métaireau	687bd8585f	Update reference documents to their last version	2025-03-26 11:45:46 +01:00
Alexis Métaireau	b212bfc47e	Add a makefile target to regenerate reference PDFs ... This leverages a new flag that can be passed during the tests to regenerate the PDFs if needed.	2025-03-26 11:45:45 +01:00
Alexis Métaireau	bbc90be217	Publish the resulted diffs as github artifacts ... Which makes it easier to inspect after CI run failures.	2025-03-26 11:45:45 +01:00
Alexis Métaireau	2d321bf257	Add a dependency to numpy for the tests ... This is useful to reduce the computation time when creating PDF visual diffs. Here is a comparison of the same operation using python arrays and numpy arrays + lookups: Python arrays: ``` diff took 5.094218431997433 seconds diff took 3.1553626069980965 seconds diff took 3.3721952960004273 seconds diff took 3.2134646750018874 seconds diff took 3.3410625500000606 seconds diff took 3.2893160990024626 seconds ``` Numpy: ``` diff took 0.13705662599750212 seconds diff took 0.05698924000171246 seconds diff took 0.15319590600120137 seconds diff took 0.06126453700198908 seconds diff took 0.12916332699751365 seconds diff took 0.05839455900058965 seconds	2025-03-26 11:45:44 +01:00
Alexis Métaireau	8bfeae4eed	tests: test for regressions when converting PDFs when running the tests ... This stores a reference version of the converted PDFs and diffs them when the newly converted document during the tests.	2025-03-26 11:45:43 +01:00
Alexis Métaireau	3ed71e8ee0	Document Operating System support ... The goal is to have rules rather than specific versions, and a table to summarize everything.	2025-03-21 12:08:30 +01:00
Alexis Métaireau	fa8e8c6dbb	CI: Enforce updating the CHANGELOG in the CI ... Currently, this is only returning warnings, but we seem to just skip them. As it's possible to merge PRs when the CI is red, issuing an error would help us to think about populating this file.	2025-03-21 11:10:56 +01:00
Alex Pyrgiotis	8d05b5779d	ci: Reproducibly build a container image ... Create a reusable GitHub Actions workflow that does the following: 1. Create a multi-architecture container image for Dangerzone, instead of having two different tarballs (or no option at all) 2. Build the Dangerzone container image on our supported architectures (linux/amd64 and linux/arm64). It so happens that GitHub also offers ARM machine runners, which speeds up the build. 3. Combine the images from these two architectures into one, multi-arch image. 4. Generate provenance info for each manifest, and the root manifest list. 5. Check the image's reproduciblity. Also, remove an older CI job for checking the reproducibility of the image, which is now obsolete. Fixes #1035	2025-03-20 17:24:42 +02:00
Alex Pyrgiotis	e1dbdff1da	Completely overhaul the reproduce-image.py script ... Make a major change to the `reproduce-image.py` script: drop `diffoci`, build the container image, and ensure it has the exact same hash as the source image. We can drop the `diffoci` script when comparing the two images, because we are now able build bit-for-bit reproducible images.	2025-03-20 17:17:46 +02:00
Alex Pyrgiotis	a1402d5b6b	Fix a Podman regression regarding Buildkit images ... Loading an image built with Buildkit in Podman 3.4 messes up its name. The tag somehow becomes the name of the loaded image. We know that older Podman versions are not generally affected, since Podman v3.0.1 on Debian Bullseye works properly. Also, Podman v4.0 is not affected, so it makes sense to target only Podman v3.4 for a fix. The fix is simple, tag the image properly based on the expected tag from `share/image-id.txt` and delete the incorrect tag. Refs containers/podman#16490	2025-03-20 17:17:40 +02:00
Alex Pyrgiotis	51f432be6b	Fix references to container.tar.gz ... Find all references to the `container.tar.gz` file, and replace them with references to `container.tar`. Moreover, remove the `--no-save` argument of `build-image.py` since we now always save the image. Finally, fix some stale references to Poetry, which are not necessary anymore.	2025-03-20 17:15:15 +02:00
Alex Pyrgiotis	69234507c4	Build container image using repro-build ... Invoke the `repro-build` script when building a container image, instead of the underlying Docker/Podman commands. The `repro-build` script handles the underlying complexity to call Docker/Podman in a manner that makes the image reproducible. Moreover, mirror some arguments from the `repro-build` script, so that consumers of `build-image.py` can pass them to it. Important: the resulting image will be in .tar format, not .tar.gz, starting from this commit. This means that our tests will be broken for the next few commits. Fixes #1074	2025-03-20 17:15:15 +02:00
Alex Pyrgiotis	94fad78f94	Vendor repro-build script ... Vendor the `repro-build` script in our codebase, which will be used to build our container image in a reproducible manner. We prefer to copy it verbatim for the time-being, since its interface is not stable enough, and the repro-build repo is not reviewed after all. In the future, we want to store this script in a separate place, and pull it when necessary. Refs #1085	2025-03-20 17:15:15 +02:00
Alex Pyrgiotis	66600f32dc	Remove sources of non-determinism from our image ... Make our container image more reproducible, by changing the following in our Dockerfile: 1. Touch `/etc/apt/sources.list` with a UTC timestamp. Else, builds on different countries (!?) may result to different Unix epochs for the same date, and therefore different modification time for the file. 2. Turn the third column of `/etc/shadow` (date of last password change) for the `dangerzone` user into a constant number. 3. Fix r-s file permissions in some copied files, due to inconsistent COPY behavior in containerized vs non-containerized Buildkit. This requires creating a full file hierarchy in a separate directory (see new_root/). 4. Set a specific modification time for the entrypoint script, because rewrite-timestamp=true does not overwrite it.	2025-03-20 17:15:15 +02:00
Alex Pyrgiotis	d41f604969	Bump container image parameters ... Bump all the values in Dockerfile.env, since there are new releases out for all of them.	2025-03-20 17:15:15 +02:00
Alex Pyrgiotis	6d269572ae	Add support for Ubuntu 25.04 (plucky) ... Closes #1090	2025-03-20 16:56:58 +02:00
Alex Pyrgiotis	c7ba9ee75c	Add support for Fedora 42 ... Closes #1091	2025-03-20 16:53:37 +02:00
Alexis Métaireau	418b68d4ca	Avoid passing wrong options -B to subprocesses ... This is a common pitfall of pyinstaller, when using multiprocessing. In our case, the spawned processes is passed the -B option, thinking it's python (but it's dangerzone). > -B Don't write .pyc files on import. See also PYTHONDONTWRITEBYTECODE. As a result, dangerzone is spawned with the -B option, which doesn't mean anything for it. > In the frozen application, sys.executable points to your application > executable. So when the multiprocessing module in your main process > attempts to spawn a subprocess (a worker or the resource tracker), it > runs another instance of your program, with the following arguments for > resource tracker: > > my_program -B -S -I -c "from multiprocessing.resource_tracker import main;main(5)" https://pyinstaller.org/en/stable/common-issues-and-pitfalls.html#multi-processing	2025-03-17 17:47:42 +01:00
Alex Pyrgiotis	9ba95b5c20	Use correct Ubuntu version for conmon notice	2025-03-17 15:40:25 +02:00
Alex Pyrgiotis	b043c97c41	Unpin the Debian-vendored PyMuPDF package ... Unpin the PyMuPDF package that we vendor in our Debian packages. We originally pinned it to version 1.24.11, because it was the last version that supported Ubuntu Focal, but we can now unpin it, since we have dropped Ubuntu Focal support. Fixes #1018	2025-03-17 15:40:25 +02:00
Alex Pyrgiotis	4a48a2551b	Drop Ubuntu 20.04 (Focal) support ... Drop Ubuntu 20.04 (Focal) support, because it's nearing its end-of-life date. By doing so, we can remove several workarounds and notices we had in place for this version, and most importantly, remove the pin to our vendored PyMuPDF package. Refs #1018 Refs #965	2025-03-17 15:40:25 +02:00
Alex Pyrgiotis	56663023f5	ci: Security scan ARM images ... Scan ARM images using Anchore's scan action, by utilizing the Ubuntu ARM runners provided by GitHub. While our ARM images are used only in macOS silicon platforms, we can use the Ubuntu ARM runners just for scanning. Closes #1008	2025-03-10 18:45:26 +02:00
Alex Pyrgiotis	53a952235c	Specify version when installing WiX ... Update our CI job and build instructions with the latest WiX version, so that we don't encounter any installation issues when new WiX versions are released. Also, add a reminder in our release instruction to bump the WiX version before we start a new release. Fixes #1087	2025-03-10 18:03:24 +02:00
Erik Moeller	d2652ef6cd	Add reference to funding.json (required by floss.fund application)	2025-03-06 15:54:36 +01:00
Alex Pyrgiotis	a6aa66f925	Remove a stale Shiboken6 pin ... Remove the Shiboken6 pin for our Linux and macOS platforms, since a new upstream package has been released, that has wheels for every platform. Also, remove the `sed` command from our dangerzone.spec, whose purpose was to nullify this pin for our Fedora packages. Fixes #1061	2025-02-19 11:43:30 +02:00
Alex Pyrgiotis	856de3fd46	grype: Ignore CVE-2025-0665 ... Ignore the CVE-2025-0665 vulnerability, since it's a libcurl one, and the Dangerzone container does not make network calls. Also, it seems that Debian Bookworm is not affected.	2025-02-10 12:31:08 +02:00
Alex Pyrgiotis	88a6b37770	Add support for Python 3.13 ... Bump our max supported Python version to 3.13, now that PySide6 supports it. Fixes #992	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	fb90243668	Symlink /usr in Debian container image ... Update our Dockerfile and entrypoint script in order to reuse the /usr dir in the inner and outer container image. Refs #1048	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	9724a16d81	Mask some extra paths in gVisor's OCI config ... Mask some paths of the outer container in the OCI config of the inner container. This is done to avoid leaking any sensitive information from Podman / Docker / gVisor, since we reuse the same rootfs Refs #1048	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	cf43a7a0c4	docs: Add design document for artifact reproducibility ... Refs #1047	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	cae4187550	Update RELEASE.md ... Co-authored-by: Alexis Métaireau <alexis@freedom.press>	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	cfa4478ace	ci: Add a CI job that enforces image reproducibility ... Add a CI job that uses the `reproduce.py` dev script to enforce image reproducibility, for every PR that we send to the repo. Fixes #1047	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	2557be9bc0	dev_scripts: Add script for enforcing image reproducibility ... Add a dev script for Linux platforms that verifies that a source image can be reproducibly built from the current Git commit. The reproducibility check is enforced by the `diffoci` tool, which is downloaded as part of running the script.	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	235d71354a	Allow setting a tag for the container image ... Allow setting a tag for the container image, when building it with the `build-image.py` script. This should be used for development purposes only, since the proper image name should be dictated by the script.	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	5d49f5abdb	ci: Scan the latest image for CVEs ... Update the Debian snapshot date to the current one, so that we always scan the latest image for CVEs. Refs #1057	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	0ce7773ca1	Render the Dockerfile from a template and some params ... Allow updating the Dockerfile from a template and some envs, so that it's easier to bump the dates in it.	2025-01-27 21:40:27 +02:00
Alex Pyrgiotis	fa27f4b063	Add jinja2-cli package dependency ... Add jinja2-cli as a package dependency, since it will be used to create the Dockerfile from some user parameters and a template.	2025-01-23 23:26:56 +02:00
Alex Pyrgiotis	8e8a515b64	Allow using the container engine cache when building our image ... Remove our suggestions for not using the container cache, which stemmed from the fact that our Dangerzone image was not reproducible. Now that we have switched to Debian Stable and the Dockerfile is all we need to reproducibly build the exact same container image, we can just use the cache to speed up builds.	2025-01-23 23:25:43 +02:00