mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
Compare commits
6 commits
c1cf16a705
...
f540a67d06
| Author | SHA1 | Date | |
|---|---|---|---|
|
f540a67d06 | ||
|
|
68f8338d20 | ||
|
|
d561878e03 | ||
|
|
59e1666c28 | ||
|
|
95d7d8a4d9 | ||
|
|
ed2791bbbc |
12 changed files with 22 additions and 33 deletions
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
|
|
@ -33,8 +33,6 @@ jobs:
|
|||
version: "20.04"
|
||||
- distro: ubuntu
|
||||
version: "22.04"
|
||||
- distro: ubuntu
|
||||
version: "23.10"
|
||||
- distro: ubuntu
|
||||
version: "24.04"
|
||||
- distro: ubuntu
|
||||
|
|
|
|||
2
.github/workflows/check_repos.yml
vendored
2
.github/workflows/check_repos.yml
vendored
|
|
@ -23,8 +23,6 @@ jobs:
|
|||
version: "24.10" # oracular
|
||||
- distro: ubuntu
|
||||
version: "24.04" # noble
|
||||
- distro: ubuntu
|
||||
version: "23.10" # mantic
|
||||
- distro: ubuntu
|
||||
version: "22.04" # jammy
|
||||
- distro: ubuntu
|
||||
|
|
|
|||
6
.github/workflows/ci.yml
vendored
6
.github/workflows/ci.yml
vendored
|
|
@ -159,8 +159,6 @@ jobs:
|
|||
version: "20.04"
|
||||
- distro: ubuntu
|
||||
version: "22.04"
|
||||
- distro: ubuntu
|
||||
version: "23.10"
|
||||
- distro: ubuntu
|
||||
version: "24.04"
|
||||
- distro: ubuntu
|
||||
|
|
@ -229,8 +227,6 @@ jobs:
|
|||
version: "20.04"
|
||||
- distro: ubuntu
|
||||
version: "22.04"
|
||||
- distro: ubuntu
|
||||
version: "23.10"
|
||||
- distro: ubuntu
|
||||
version: "24.04"
|
||||
- distro: ubuntu
|
||||
|
|
@ -350,8 +346,6 @@ jobs:
|
|||
version: "20.04"
|
||||
- distro: ubuntu
|
||||
version: "22.04"
|
||||
- distro: ubuntu
|
||||
version: "23.10"
|
||||
- distro: ubuntu
|
||||
version: "24.04"
|
||||
- distro: ubuntu
|
||||
|
|
|
|||
2
.github/workflows/scan_released.yml
vendored
2
.github/workflows/scan_released.yml
vendored
|
|
@ -13,7 +13,7 @@ jobs:
|
|||
- name: Download container image for the latest release
|
||||
run: |
|
||||
VERSION=$(curl https://api.github.com/repos/freedomofpress/dangerzone/releases/latest | jq -r '.tag_name')
|
||||
wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container.tar.gz
|
||||
wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/container-${VERSION}-i686.tar.gz -O container.tar.gz
|
||||
- name: Load container image
|
||||
run: docker load -i container.tar.gz
|
||||
# NOTE: Scan first without failing, else we won't be able to read the scan
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ an isolated environment. It will be installed automatically when installing Dang
|
|||
Dangerzone is available for:
|
||||
- Ubuntu 24.10 (oracular)
|
||||
- Ubuntu 24.04 (noble)
|
||||
- Ubuntu 23.10 (mantic)
|
||||
- Ubuntu 22.04 (jammy)
|
||||
- Ubuntu 20.04 (focal)
|
||||
- Debian 13 (trixie)
|
||||
|
|
@ -290,7 +289,7 @@ Our [GitHub Releases page](https://github.com/freedomofpress/dangerzone/releases
|
|||
hosts the following files:
|
||||
* Windows installer (`Dangerzone-<version>.msi`)
|
||||
* macOS archives (`Dangerzone-<version>-<arch>.dmg`)
|
||||
* Container image (`container.tar.gz`)
|
||||
* Container images (`container-<version>-<arch>.tar.gz`)
|
||||
* Source package (`dangerzone-<version>.tar.gz`)
|
||||
|
||||
All these files are accompanied by signatures (as `.asc` files). We'll explain
|
||||
|
|
@ -315,10 +314,10 @@ gpg --verify Dangerzone-0.6.1-arm64.dmg.asc Dangerzone-0.6.1-arm64.dmg
|
|||
gpg --verify Dangerzone-0.6.1-i686.dmg.asc Dangerzone-0.6.1-i686.dmg
|
||||
```
|
||||
|
||||
For the container image:
|
||||
For the container images:
|
||||
|
||||
```
|
||||
gpg --verify container.tar.gz.asc container.tar.gz
|
||||
gpg --verify container-0.6.1-i686.tar.gz.asc container-0.6.1-i686.tar.gz
|
||||
```
|
||||
|
||||
For the source package:
|
||||
|
|
|
|||
11
RELEASE.md
11
RELEASE.md
|
|
@ -285,6 +285,11 @@ Once we are confident that the release will be out shortly, and doesn't need any
|
|||
* You can verify the correct Python version is used with `poetry debug info`
|
||||
- [ ] Verify and checkout the git tag for this release
|
||||
- [ ] Run `poetry install --sync`
|
||||
- [ ] On the silicon mac, build the container image:
|
||||
```
|
||||
python3 ./install/common/build-image.py
|
||||
```
|
||||
Then copy the `share/container.tar.gz` to the assets folder on `dangerzone-$VERSION-arm64.tar.gz`, along with the `share/image-id.txt` file.
|
||||
- [ ] Run `poetry run ./install/macos/build-app.py`; this will make `dist/Dangerzone.app`
|
||||
- [ ] Make sure that the build application works with the containerd graph
|
||||
driver (see [#933](https://github.com/freedomofpress/dangerzone/issues/933))
|
||||
|
|
@ -403,6 +408,8 @@ Build the latest container:
|
|||
python3 ./install/common/build-image.py
|
||||
```
|
||||
|
||||
Copy the container image to the assets folder on `dangerzone-$VERSION-i686.tar.gz`.
|
||||
|
||||
Create a .rpm:
|
||||
|
||||
```sh
|
||||
|
|
@ -449,9 +456,9 @@ To publish the release:
|
|||
* Copy the release notes text from the template at [`docs/templates/release-notes`](https://github.com/freedomofpress/dangerzone/tree/main/docs/templates/)
|
||||
* You can use `./dev_scripts/upload-asset.py`, if you want to upload an asset
|
||||
using an access token.
|
||||
- [ ] Upload the `container.tar.gz` i686 image that was created in the previous step
|
||||
- [ ] Upload the `container-$VERSION-i686.tar.gz` and `container-$VERSION-arm64.tar.gz` images that were created in the previous step
|
||||
|
||||
**Important:** Make sure that it's the same container image as the ones that
|
||||
**Important:** Make sure that it's the same container images as the ones that
|
||||
are shipped in other platforms (see our [Pre-release](#Pre-release) section)
|
||||
|
||||
- [ ] Upload the detached signatures (.asc) and checksum file.
|
||||
|
|
|
|||
|
|
@ -142,9 +142,6 @@ runsc_argv = [
|
|||
"--rootless=true",
|
||||
"--network=none",
|
||||
"--root=/home/dangerzone/.containers",
|
||||
# Disable DirectFS for to make the seccomp filter even stricter,
|
||||
# at some performance cost.
|
||||
"--directfs=false",
|
||||
]
|
||||
if os.environ.get("RUNSC_DEBUG"):
|
||||
runsc_argv += ["--debug=true", "--alsologtostderr=true"]
|
||||
|
|
|
|||
|
|
@ -696,8 +696,6 @@ class Env:
|
|||
DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEV_DEBIAN_DEPS
|
||||
)
|
||||
elif self.distro == "ubuntu" and self.version in (
|
||||
"23.10",
|
||||
"mantic",
|
||||
"24.04",
|
||||
"noble",
|
||||
"24.10",
|
||||
|
|
@ -784,8 +782,6 @@ class Env:
|
|||
# package (see https://github.com/freedomofpress/dangerzone/issues/685)
|
||||
install_deps = DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEBIAN_DEPS
|
||||
elif self.distro == "ubuntu" and self.version in (
|
||||
"23.10",
|
||||
"mantic",
|
||||
"24.04",
|
||||
"noble",
|
||||
"24.10",
|
||||
|
|
|
|||
|
|
@ -978,11 +978,6 @@ class QAUbuntu2204(QADebianBased):
|
|||
VERSION = "22.04"
|
||||
|
||||
|
||||
class QAUbuntu2310(QADebianBased):
|
||||
DISTRO = "ubuntu"
|
||||
VERSION = "23.10"
|
||||
|
||||
|
||||
class QAUbuntu2404(QADebianBased):
|
||||
DISTRO = "ubuntu"
|
||||
VERSION = "24.04"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,8 @@ log = logging.getLogger(__name__)
|
|||
|
||||
|
||||
DZ_ASSETS = [
|
||||
"container.tar.gz",
|
||||
"container-{version}-i686.tar.gz",
|
||||
"container-{version}-arm64.tar.gz",
|
||||
"Dangerzone-{version}.msi",
|
||||
"Dangerzone-{version}-arm64.dmg",
|
||||
"Dangerzone-{version}-i686.dmg",
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ from cx_Freeze import Executable, setup
|
|||
with open("share/version.txt") as f:
|
||||
version = f.read().strip()
|
||||
|
||||
packages = ["dangerzone", "dangerzone.gui"]
|
||||
|
||||
setup(
|
||||
name="dangerzone",
|
||||
|
|
@ -12,10 +11,13 @@ setup(
|
|||
# On Windows description will show as the app's name in the "Open With" menu. See:
|
||||
# https://github.com/freedomofpress/dangerzone/issues/283#issuecomment-1365148805
|
||||
description="Dangerzone",
|
||||
packages=packages,
|
||||
options={
|
||||
"build_exe": {
|
||||
"packages": packages,
|
||||
# Explicitly specify pymupdf.util module to fix building the executables
|
||||
# with cx_freeze. See https://github.com/marcelotduarte/cx_Freeze/issues/2653
|
||||
# for more details.
|
||||
# TODO: Upgrade to cx_freeze 7.3.0 which should include a fix.
|
||||
"packages": ["dangerzone", "dangerzone.gui", "pymupdf.utils"],
|
||||
"excludes": ["test", "tkinter"],
|
||||
"include_files": [("share", "share"), ("LICENSE", "LICENSE")],
|
||||
"include_msvcr": True,
|
||||
|
|
|
|||
|
|
@ -164,6 +164,7 @@ class IsolationProviderTermination:
|
|||
terminate_proc_mock = mocker.patch.object(
|
||||
provider, "terminate_doc_to_pixels_proc", return_value=None
|
||||
)
|
||||
kill_pg_orig = base.kill_process_group
|
||||
kill_pg_mock = mocker.patch(
|
||||
"dangerzone.isolation_provider.base.kill_process_group", return_value=None
|
||||
)
|
||||
|
|
@ -178,6 +179,7 @@ class IsolationProviderTermination:
|
|||
|
||||
# Reset the function to the original state.
|
||||
provider.terminate_doc_to_pixels_proc = terminate_proc_orig # type: ignore [method-assign]
|
||||
base.kill_process_group = kill_pg_orig
|
||||
|
||||
# Really kill the spawned process, so that it doesn't linger after the tests
|
||||
# complete.
|
||||
|
|
|
|||
Loading…
Reference in a new issue