almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
dangerzone/Dockerfile
Alex Pyrgiotis 29d3552cce
WIP: HWPX conversion works
2025-01-08 10:59:15 +02:00

71 lines
2.9 KiB
Docker
Raw Blame History

ARG DEBIAN_DATE=20241202
###########################################
# Build Dangerzone container image (inner)
FROM debian:bookworm-${DEBIAN_DATE}-slim
ENV DEBIAN_FRONTEND=noninteractive
ARG GVISOR_DATE=20241202
RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
--mount=type=bind,source=./oci/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
--mount=type=bind,source=./oci/gvisor.key,target=/tmp/gvisor.key \
repro-sources-list.sh && \
: "Setup APT to install gVisor from its separate APT repo" && \
apt-get update && \
apt-get install -y --no-install-recommends apt-transport-https ca-certificates gnupg && \
gpg -o /usr/share/keyrings/gvisor-archive-keyring.gpg --dearmor /tmp/gvisor.key && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases ${GVISOR_DATE} main" > /etc/apt/sources.list.d/gvisor.list && \
: "Install gVisor and Dangerzone dependencies" && \
apt-get update && \
apt-get install -y --no-install-recommends \
python3 python3-fitz libreoffice-nogui libreoffice-java-common \
python3 python3-magic default-jre-headless fonts-noto-cjk fonts-dejavu \
runsc unzip wget && \
: "Clean up programs that are no longer necessary" && \
#apt-get remove -y apt-transport-https ca-certificates gnupg && \
: "Clean up for improving reproducibility (optional)" && \
rm -rf /var/cache/fontconfig/ && \
rm -rf /etc/ssl/certs/java/cacerts && \
rm -rf /var/log/* /var/cache/ldconfig/aux-cache
# Download H2ORestart from GitHub using a pinned version and hash. Note that
# it's available in Debian repos, but not Bookworm just yet.
ARG H2ORESTART_CHECKSUM=8a5be77359695c14faaf33891d3eca6c9d73c1224599aab50a9d2ccc04640580
ARG H2ORESTART_VERSION=v0.6.8
RUN mkdir /libreoffice_ext && cd libreoffice_ext \
&& H2ORESTART_FILENAME=h2orestart.oxt \
&& wget https://github.com/ebandal/H2Orestart/releases/download/$H2ORESTART_VERSION/$H2ORESTART_FILENAME \
&& echo "$H2ORESTART_CHECKSUM $H2ORESTART_FILENAME" | sha256sum -c \
&& install -dm777 "/usr/lib/libreoffice/share/extensions/" \
&& rm /root/.wget-hsts
RUN mkdir -p /opt/dangerzone/dangerzone && \
touch /opt/dangerzone/dangerzone/__init__.py && \
addgroup --gid 1000 dangerzone && \
adduser --uid 1000 --ingroup dangerzone --shell /bin/true --home /home/dangerzone dangerzone
COPY conversion/doc_to_pixels.py \
conversion/common.py \
conversion/errors.py \
conversion/__init__.py \
/opt/dangerzone/dangerzone/conversion
RUN touch /config.json
RUN chown dangerzone:dangerzone /config.json
# Switch to the dangerzone user for the rest of the script.
USER dangerzone
# Create a directory that will be used by gVisor as the place where it will
# store the state of its containers.
RUN mkdir /home/dangerzone/.containers
COPY oci/entrypoint.py /
ENTRYPOINT ["/entrypoint.py"]
Reference in a new issue View git blame Copy permalink