Independent container updates #1080
Conversation
|
I'm in the final stages of the review Alexis, but I just wanted to say: ✨ freaking awesome work ✨ ! There were several places in the code where I was like "oh neat!", but I didn't track them I'm afraid 😞 . (there should be a 🤩 reaction or something for specific lines of code. it's a shame if reviews are just "here's one comment, and here's another one", and let good decisions not be rewarded or anything. Anyway, food for thought...) Anyways, what I haven't reviewed yet is the airgapped logic, the docs, and the tests. I'll switch to updating the reproduce image script based on the |
almet
force-pushed
the
independent-container-updates
branch
2 times, most recently
from
2a56c7f to
c39cd4e
Compare
almet
force-pushed
the
independent-container-updates
branch
22 times, most recently
from
11ff9f0 to
0a6492b
Compare
almet
force-pushed
the
independent-container-updates
branch
2 times, most recently
from
bb8dd23 to
cfc6a62
Compare
- Update the release instructions - Create a `RELEASE-SANDBOX.md` file documenting the sandbox release process
To avoid computing it twice in the same run
It's originally intended as a way to help the users debug any issues with the registry, but isn't otherwise used in Dangerzone itself. Rather than taking this route, we are thinking about embedding a tool like crane or regctl inside Dangerzone. The discussion can be followed at #1186.
When doing `dangerzone-image prepare-archive`, ensure the downloaded archive matches the expected public key, and bail out if not.
This helps to understand all the logic.
Add an environment variable (DANGERZONE_BYPASS_SIG_CHECKS) that instructs Dangerzone to bypass any signature checking. This way, we can use local image builds for testing, which have not been signed with `cosign`, nor uploaded to a container registry.
almet
force-pushed
the
independent-container-updates
branch
from
a03d44b to
29a3a9b
Compare
|
✔️ The CI for the Independent Container Updates is now green. I've just updated the base branch to be @apyrgio let me know if I can merge! |
|
The diff from the stored version of ICU that I had locally looks ok to me. If there's anything CI-related that you wanna bring to my attention, let me know. Else, feel free to merge! |
This pull request introduces "independent container updates": sandbox images can now be updated without issuing a new release, allowing the reduce the time to patch the sandbox in use by Dangerzone users.
You can read more about the rationale at #1006.
Sandbox signatures are done via a hardware key, for which the public key is packaged alongside the shipped application.
On container installation, sandbox signatures are stored locally and checked against a known public key just before doing the conversion of the documents. Behind the curtain, it uses cosign, which enables us to have auditable signatures (so if somebody is to impersonate us, they would need to do so in public).
Graphical interface
The graphical interface has been updated to ask users if they want Dangerzone to check for container updates and apply them on their behalf. The
updater_checksetting is now deprecated and replaced byupdater_icu_check.Command-line interface
It adds a
dangerzone-imageCLI providing tooling to check for remote new images, verification of the attestations and signatures, also with the ability to create and use archives, for air-gapped environments.It is fixing the following issues:
Current progress
Before being ready to be shipped, we still need to: