1498 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Alex Pyrgiotis	be1fa7a395	Whitespace fixes	2025-01-23 23:24:47 +02:00
Alexis Métaireau	b2f4e2d523	Bump poetry.lock	2025-01-23 16:26:07 +01:00
Alexis Métaireau	7409966253	Remove ${Python3:Depends} as it's not used at the moment.	2025-01-23 16:26:06 +01:00
Alexis Métaireau	40fb6579f6	Alternatives for debian/control	2025-01-23 16:26:06 +01:00
Alexis Métaireau	6ae91b024e	Use platformdirs to find user configuration files ... The previous library we were using for this (`appdirs`) is dead upstream and not supported anymore in debian testing. Fixes #1058	2025-01-23 16:26:06 +01:00
Alexis Métaireau	c2841dcc08	Run ruff format	2025-01-23 14:48:33 +01:00
Alexis Métaireau	df5ccb3f75	Fedora: bypass the shiboken specific version.	2025-01-23 14:39:50 +01:00
Alexis Métaireau	9c6c2e1051	build: pin shiboken6 to specific versions	2025-01-23 12:52:48 +01:00
Alexis Métaireau	23f3ad1f46	doc: bump the Docker Desktop version as part of the RELEASE procedure	2025-01-21 10:21:24 +01:00
Alexis Métaireau	970a82f432	Bind Alert instances to the main window alert property	2025-01-21 10:21:24 +01:00
Alexis Métaireau	3d5cacfffb	Warn users if the minimum version of Docker Desktop is not met ... This only happens on Windows and macOS. Fixes #693	2025-01-21 10:21:24 +01:00
Alexis Métaireau	c407e2ff84	doc: update Debian Trixie installation instructions ... Starting with Debian Trixie, `apt secure` relies on `sqv` to do its verification, which doesn't support the GPG keybox database format. At the same time, using the standard PGP base64 format makes the verification fail for versions of `apt secure` which relies on `gpg`, as the subkey isn't detected there. Fixes #1055	2025-01-20 14:10:15 +01:00
Alexis Métaireau	7f418118e6	CI: Drop Fedora 39 from the CI checks	2025-01-16 11:51:22 +01:00
Alexis Métaireau	02602b072a	Remove intermediate variables for conversion start/end logs ... Also, state that the logs are incomplete in the header.	2025-01-16 11:35:07 +01:00
Alexis Métaireau	acf20ef700	Add a --debug flag to the CLI to help retrieve more logs ... When the flag is set, the `RUNSC_DEBUG=1` environment variable is added to the outer container, and stderr is captured in a separate thread, before printing its output.	2025-01-16 11:35:06 +01:00
Alexis Métaireau	3499010d8e	docs(install): store GPG keys in the base64 format	2025-01-15 19:48:00 +01:00
Alexis Métaireau	2423fc18c5	CI: Store the signature key using the base64 format ... The GPG binary format used until now doesn't seem to please `sqv` which is now used by default on debian trixie. Fixes #1052	2025-01-15 19:39:02 +01:00
Alexis Métaireau	1298e9c398	build: add build_scripts/env.py to the hashed files ... It contains information that define the build environments, and as such, modifying it should result in a new release of the dev containers.	2025-01-08 06:18:30 +01:00
Alexis Métaireau	00e58a8707	build: add poetry-plugin-export to the dependencies ... Since Poetry 2.0.0, the `export` command has been removed and it's advised to use the "poetry-plugin-export" package instead. This commit adds this dependency to the different places it's needed (debian environments, CI, build instructions, etc).	2025-01-08 06:18:01 +01:00
Alexis Métaireau	77975a8e50	Update links to the 0.8.1 release	2024-12-24 18:11:17 +01:00
Alexis Métaireau	5b9e9c82fc	Add a security advisory for gst-plugins-base	2024-12-24 18:11:17 +01:00
Alexis Métaireau	f4fa1f87eb	Bump version to 0.8.1	2024-12-24 18:11:17 +01:00
Alexis Métaireau	eb345562da	Lint: Add click to the dependencies used by mypy	2024-12-17 17:44:51 +01:00
jkarasti	d080d03f5a	Lint: Enable isort (I) rules	2024-12-17 17:44:32 +01:00
jkarasti	767bfa7e48	Lint: Fix unused-variable (F841)	2024-12-17 17:44:32 +01:00
jkarasti	37ec91aae2	Lint: Fix f-string-missing-placeholders (F541)	2024-12-17 17:44:32 +01:00
jkarasti	cecfe63338	Lint: Fix unused-import (F401)	2024-12-17 17:44:32 +01:00
jkarasti	4da6b92e12	Format: Run ruff format over the source code	2024-12-17 17:44:31 +01:00
jkarasti	b06d1aebed	Lint: Remove unused black and isort dependencies	2024-12-17 17:44:30 +01:00
jkarasti	da5490a5a1	Lint: Merge mypy makefile targets into the lint target	2024-12-17 17:44:09 +01:00
jkarasti	e96b44e10a	Lint: adapt Makefile targets for ruff ... - Use `ruff` instead of `black` and `isort` in the `lint` target for linting and code formatting. - Add a new target `fix` which applies all suggestions from `ruff check` and `ruff format`.	2024-12-17 17:44:09 +01:00
jkarasti	7624624471	Lint: add ruff for linting and formatting	2024-12-17 17:44:07 +01:00
Alex Pyrgiotis	fb7c2088e2	grype: Ignore CVE-2024-11053 ... Ignore the CVE-2024-11053 vulnerability, since it's a libcurl one, and the Dangerzone container does not make network calls. Also, clear the previous vulnerabilities, now that we have a new image out.	2024-12-17 17:41:07 +01:00
Alexis Métaireau	1ea2f109cb	Run apt update before running apt get install	2024-12-17 17:24:46 +01:00
dependabot[bot]	df3063a825	build(deps): bump anchore/scan-action from 5 to 6 ... Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 5 to 6. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/v5...v6) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-12-16 19:49:37 +02:00
jkarasti	57bb7286ef	Install more type stubs wanted by mypy	2024-12-16 19:49:03 +02:00
Alex Pyrgiotis	fbe05065c9	docs: Update release instructions ... Update our release instructions with a way to run manual tasks via `doit`. Also, add developer documentation on how to use `doit`, and some tips and tricks.	2024-12-10 15:28:16 +02:00
Alex Pyrgiotis	54ffc63c4f	Add build-* targets in Makefile based on doit ... Add Make targets that build release artifacts with doit.	2024-12-10 15:28:16 +02:00
Alex Pyrgiotis	bdc4cf13c4	Add doit configuration options	2024-12-10 15:28:16 +02:00
Alex Pyrgiotis	92d7bd6bee	Automate a large portion of our release tasks ... Create a `dodo.py` file where we define the dependencies and targets of each release task, as well as how to run it. Currently, we have automated all of our Linux and macOS tasks, except for adding Linux packages to the respective APT/YUM repos. The tasks we have automated follow below: build_image Build the container image using ./install/common/build-image.py check_container_runtime Test that the container runtime is ready. clean_container_runtime Clean the storage space of the container runtime. clean_prompt Make sure that the user really wants to run the clean tasks. debian_deb Build a Debian package for Debian Bookworm. debian_env Build a Debian Bookworm dev environment. download_tessdata Download the Tesseract data using ./install/common/download-tessdata.py fedora_env Build Fedora dev environments. fedora_env:40 Build Fedora 40 dev environments fedora_env:41 Build Fedora 41 dev environments fedora_rpm Build Fedora packages for every supported version. fedora_rpm:40 Build a Fedora 40 package fedora_rpm:40-qubes Build a Fedora 40 package for Qubes fedora_rpm:41 Build a Fedora 41 package fedora_rpm:41-qubes Build a Fedora 41 package for Qubes git_archive Build a Git archive of the repo. init_release_dir Create a directory for release artifacts. macos_build_dmg Build the macOS .dmg file for Dangerzone. macos_check_cert Test that the Apple developer certificate can be used. macos_check_system Run macOS specific system checks, as well as the generic ones. poetry_install Setup the Poetry environment Closes #1016	2024-12-10 15:27:20 +02:00
Alex Pyrgiotis	7c5a191a5c	Add doit in Poetry as package dependency ... Add the doit automation tool in our `pyproject.toml` and `poetry.lock` file as a package-related dependency, since we don't want to ship it to our end users.	2024-12-10 11:34:25 +02:00
Alex Pyrgiotis	4bd794dbd1	Allow passing true/false to --use-cache build arg	2024-12-10 11:34:25 +02:00
Alex Pyrgiotis	3eac00b873	ci: Work with image tarballs that are not tagged as 'latest' ... Now that our image tarball is not tagged as 'latest', we must first grab the image tag first, and then refer to it. We can grab the tag either from `share/image-id.txt` (if available) or with: docker load dangerzone.rocks/dangerzone --format {{ .Tag }}	2024-12-10 11:31:39 +02:00
Alex Pyrgiotis	ec9f8835e0	Move container security arg to proper place ... Now that #748 has been merged, we can move the `--userns nomap` argument to the list with the rest of our security arguments.	2024-12-10 11:31:39 +02:00
Alex Pyrgiotis	0383081394	Factor out container utilities to separate module	2024-12-10 11:31:39 +02:00
Alex Pyrgiotis	25fba42022	Extend the interface of the isolation provider ... Add the following two methods in the isolation provider: 1. `.is_available()`: Mainly used for the Container isolation provider, it specifies whether the container runtime is up and running. May be used in the future by other similar providers. 2. `.should_wait_install()`: Whether the isolation provider takes a while to be installed. Should be `True` only for the Container isolation provider, for the time being.	2024-12-10 11:29:00 +02:00
Alex Pyrgiotis	e54567b7d4	Fix minor typos in our docs	2024-12-10 11:29:00 +02:00
Alex Pyrgiotis	2a8355fb88	Update our release instructions	2024-12-10 11:29:00 +02:00
Alex Pyrgiotis	e22c795cb7	container: Revamp container image installation ... Revamp the container image installation process in a way that does not involve using image IDs. We don't want to rely on image IDs anymore, since they are brittle (see https://github.com/freedomofpress/dangerzone/issues/933). Instead, we use image tags, as provided in the `image-id.txt` file. This allows us to check fast if an image is up to date, and we no longer need to maintain multiple image IDs from various container runtimes. Refs #933 Refs #988 Fixes #1020	2024-12-10 11:29:00 +02:00
Alex Pyrgiotis	909560353d	Build and tag Dangerzone images ... Build Dangerzone images and tag them with a unique ID that stems from the Git reop. Note that using tags as image IDs instead of regular image IDs breaks the current Dangerzone expectations, but this will be addressed in subsequent commits.	2024-12-10 11:18:23 +02:00