almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-19 11:40:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Compare commits

base: almet:88a6b377708a56e88173da83bfa9b8ec6ddfa988
Branches Tags
almet:main
almet:test/1146-assets
almet:1146-inventory
almet:independent-container-updates
almet:test/1146-inventory
almet:podman-embed
almet:uv-take3
almet:revamp-docs
almet:global-settings
almet:v0.8.1-readme-fix
almet:test-large/969-pytest-group
almet:test/image-publication-cosign-apyrgio
almet:0.8.1-2-fedora
almet:test/image-publication-cosign
almet:1071-quilt
almet:0.8.1-trixie
almet:test/1046-reproducibility-2
almet:sequoia-key-retrieval
almet:test/ubuntu-24-bump
almet:fix-trixie-sq
almet:test/uv
almet:test/wip-reproducible-containers
almet:poetry-export-plugin
almet:test-poetry-export
almet:0.8.1-merge
almet:wip-reproducible-containers
almet:test/2024-11-ubuntu-24-ci
almet:feature-doit
almet:ci-depend-deb
almet:test/macos-runner
almet:ci-win-run-buit-artifact
almet:hotfix-0.7.1
almet:625-host-stream-4
almet:2024-10-fedora-41
almet:625-host-stream-2
almet:merge-hotfix-0.7.1-ci
almet:hotfix-0.7.1-ci
almet:193-instal-fail-wip
almet:test-ci
almet:revert-trixie
almet:hotfix-0.7.0
almet:850-pymupdf-musl
almet:2024-06-fix-runc-secomp
almet:2024-06-update-screenshots
almet:2024-06-docker-desktop-version-check
almet:almet/small-improvements
almet:681-upgrade-circleci-runners
almet:2024-04-pin-mupdf
almet:2024-02_v0.6.0-large-test
almet:424-file-viewer
almet:2023-12-trivy
almet:2023-11-main-largetest-comparison
almet:334-large-test-gh-actions
almet:221-user-ns
almet:v0.9.0
almet:v0.9.0-rc1
almet:v0.8.1
almet:v0.8.0
almet:v0.8.0-rc1
almet:v0.7.1
almet:v0.7.0-2
almet:v0.7.0
almet:v0.6.1
almet:v0.6.1-rc1
almet:v0.6.0-2
almet:v0.6.0
almet:v0.6.0-rc2
almet:v0.6.0-rc1
almet:v0.5.1
almet:v0.5.0
almet:v0.4.2
almet:v0.4.1
almet:v0.4.1-rc3
almet:v0.4.1-rc2
almet:v0.4.1-rc1
almet:v0.4.0-2
almet:v0.4.0
almet:v0.3.2
almet:dev-v0.3.2-rc3
almet:dev-v0.3.2-rc2
almet:dev-v0.3.2-rc1
almet:v0.3.1
almet:v0.3
almet:v0.3.dev1
almet:dev-v0.3.dev1
almet:v0.2.1
almet:v0.2
almet:v0.1.5
almet:v0.1.4
almet:v0.1.3
almet:v0.1.2
almet:v0.1.1
almet:v0.1
almet:v0.0.3
almet:v0.0.2
almet:v0.0.1
..
compare: almet:e388fe609094941c0d8f2f28230be6c6c145c077
Branches Tags
almet:test/1146-assets
almet:1146-inventory
almet:independent-container-updates
almet:main
almet:test/1146-inventory
almet:podman-embed
almet:uv-take3
almet:revamp-docs
almet:global-settings
almet:v0.8.1-readme-fix
almet:test-large/969-pytest-group
almet:test/image-publication-cosign-apyrgio
almet:0.8.1-2-fedora
almet:test/image-publication-cosign
almet:1071-quilt
almet:0.8.1-trixie
almet:test/1046-reproducibility-2
almet:sequoia-key-retrieval
almet:test/ubuntu-24-bump
almet:fix-trixie-sq
almet:test/uv
almet:test/wip-reproducible-containers
almet:poetry-export-plugin
almet:test-poetry-export
almet:0.8.1-merge
almet:wip-reproducible-containers
almet:test/2024-11-ubuntu-24-ci
almet:feature-doit
almet:ci-depend-deb
almet:test/macos-runner
almet:ci-win-run-buit-artifact
almet:hotfix-0.7.1
almet:625-host-stream-4
almet:2024-10-fedora-41
almet:625-host-stream-2
almet:merge-hotfix-0.7.1-ci
almet:hotfix-0.7.1-ci
almet:193-instal-fail-wip
almet:test-ci
almet:revert-trixie
almet:hotfix-0.7.0
almet:850-pymupdf-musl
almet:2024-06-fix-runc-secomp
almet:2024-06-update-screenshots
almet:2024-06-docker-desktop-version-check
almet:almet/small-improvements
almet:681-upgrade-circleci-runners
almet:2024-04-pin-mupdf
almet:2024-02_v0.6.0-large-test
almet:424-file-viewer
almet:2023-12-trivy
almet:2023-11-main-largetest-comparison
almet:334-large-test-gh-actions
almet:221-user-ns
almet:v0.9.0
almet:v0.9.0-rc1
almet:v0.8.1
almet:v0.8.0
almet:v0.8.0-rc1
almet:v0.7.1
almet:v0.7.0-2
almet:v0.7.0
almet:v0.6.1
almet:v0.6.1-rc1
almet:v0.6.0-2
almet:v0.6.0
almet:v0.6.0-rc2
almet:v0.6.0-rc1
almet:v0.5.1
almet:v0.5.0
almet:v0.4.2
almet:v0.4.1
almet:v0.4.1-rc3
almet:v0.4.1-rc2
almet:v0.4.1-rc1
almet:v0.4.0-2
almet:v0.4.0
almet:v0.3.2
almet:dev-v0.3.2-rc3
almet:dev-v0.3.2-rc2
almet:dev-v0.3.2-rc1
almet:v0.3.1
almet:v0.3
almet:v0.3.dev1
almet:dev-v0.3.dev1
almet:v0.2.1
almet:v0.2
almet:v0.1.5
almet:v0.1.4
almet:v0.1.3
almet:v0.1.2
almet:v0.1.1
almet:v0.1
almet:v0.0.3
almet:v0.0.2
almet:v0.0.1

13 commits
88a6b37770 ... e388fe6090

Author SHA1 Message Date
Alex Pyrgiotis
e388fe6090
WIP: Bump Python upper version 2025-01-27 14:18:16 +02:00
Alex Pyrgiotis
8b1e4c25e7
WIP: Allow security scanning 2025-01-27 13:06:46 +02:00
Alex Pyrgiotis
3cf34e6182
Ruff fixes
Some checks failed
Tests / Download and cache Tesseract data (push) Has been cancelled
Details
Tests / check-reproducibility (push) Has been cancelled
Details
Tests / windows (push) Has been cancelled
Details
Tests / macOS (arch64) (push) Has been cancelled
Details
Tests / macOS (x86_64) (push) Has been cancelled
Details
Tests / build-deb (debian bookworm) (push) Has been cancelled
Details
Tests / build-deb (debian bullseye) (push) Has been cancelled
Details
Tests / build-deb (debian trixie) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / install-deb (debian bookworm) (push) Has been cancelled
Details
Tests / install-deb (debian bullseye) (push) Has been cancelled
Details
Tests / install-deb (debian trixie) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Details
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Details
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Details
Tests / run tests (debian bookworm) (push) Has been cancelled
Details
Tests / run tests (debian bullseye) (push) Has been cancelled
Details
Tests / run tests (debian trixie) (push) Has been cancelled
Details
Tests / run tests (fedora 40) (push) Has been cancelled
Details
Tests / run tests (fedora 41) (push) Has been cancelled
Details
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Details
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Details
2025-01-24 10:13:19 +02:00
Alex Pyrgiotis
414efb629f
WIP: Symlink /usr 2025-01-24 09:12:14 +02:00
Alex Pyrgiotis
6d6ac92371
FIXUP: Strip 'v' from image tag 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
df1ec758bc
Mask some extra paths in gVisor's OCI config 
Mask some paths of the outer container in the OCI config of the inner
container. This is done to avoid leaking any sensitive information from
Podman / Docker / gVisor, since we reuse the same rootfs

Refs #1048
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
9e23802142
docs: Add design document for artifact reproducibility 
Refs #1047
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
7e1f4bca6c
Update RELEASE.md 
Co-authored-by: Alexis Métaireau <alexis@freedom.press>
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
a1383fa016
ci: Add a CI job that enforces image reproducibility 
Add a CI job that uses the `reproduce.py` dev script to enforce image
reproducibility, for every PR that we send to the repo.

Fixes #1047
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
94a57f997e
dev_scripts: Add script for enforcing image reproducibility 
Add a dev script for Linux platforms that verifies that a source image
can be reproducibly built from the current Git commit. The
reproducibility check is enforced by the `diffoci` tool, which is
downloaded as part of running the script.
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
ab10d5b6dd
Allow setting a tag for the container image 
Allow setting a tag for the container image, when building it with the
`build-image.py` script. This should be used for development purposes
only, since the proper image name should be dictated by the script.
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
3ebc454b61
ci: Scan the latest image for CVEs 
Update the Debian snapshot date to the current one, so that we always
scan the latest image for CVEs.

Refs #1057
 2025-01-23 23:27:36 +02:00
Alex Pyrgiotis
20af68f7f2
Render the Dockerfile from a template and some params 
Allow updating the Dockerfile from a template and some envs, so that
it's easier to bump the dates in it.
 2025-01-23 23:27:34 +02:00
Show stats Expand all files Collapse all files

Diff content is not available