Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #253 adds reproducible testing container #254

Merged
merged 2 commits into from
Jul 27, 2021
Merged

Fixes #253 adds reproducible testing container #254

merged 2 commits into from
Jul 27, 2021

Conversation

kushaldas
Copy link
Contributor

@kushaldas kushaldas commented Jul 9, 2021
edited by sssoleileraaa
Loading

This PR adds a new container and also uses it in the CircleCI
to test reproducible wheels and Debian packages. The container
is based on standard Debian Buster, thus having the same version
of Python and environment.

closes #253

How to test?

  • The CI should be green

@kushaldas
Fixes #253 adds reproducible testing container
f4334b5 
This PR adds a new container and also uses it in the CircleCI
to test reproducible wheels and Debian packages. The container
is based on standard Debian Buster, thus having the same version
of Python and environment.
@kushaldas kushaldas marked this pull request as ready for review July 9, 2021 15:22
@sssoleileraaa
Copy link
Contributor

updated description to close #253

sssoleileraaa
sssoleileraaa reviewed Jul 16, 2021
View reviewed changes
Copy link
Contributor

@sssoleileraaa sssoleileraaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a few questions as i review this. ci is passing.

.circleci/config.yml Outdated
@@ -234,29 +234,27 @@ jobs:

reprotest-wheels:
docker:
- image: circleci/python:3.7-buster
- image: quay.io/freedomofpress/packaging-debian-buster@sha256:5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

confirmed

.circleci/config.yml Show resolved Hide resolved
dockerfiles/image_hash Outdated
@@ -0,0 +1,2 @@
# sha256 digest quay.io/freedomofpress/packaging-debian-buster:2021_07_09
7ac0e1e1c29d9a60e210e0da246a6d60e49c9eab18cf654bacf95ce5fed1413b
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't this be: 5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65? also i'm seeing https://security-tracker.debian.org/tracker/CVE-2019-19814 for this image. trying to see if we have it documented somewhere that this is fine.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't this be: 5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65? also i'm seeing https://security-tracker.debian.org/tracker/CVE-2019-19814 for this image. trying to see if we have it documented somewhere that this is fine.

I actually have similar question and forgot to put in the comment. The checksum mentioned here is created by our scripts, may be I did a mistake in calling the script. Thank you for pointing out.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is now fixed with the hash of the newer image.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great I'll take another look at this PR

@kushaldas
Copy link
Contributor Author

Updated the docker image and now it properly matches against the hash in the https://quay.io.

Note to self: there are still many differences between podman and docker.

sssoleileraaa
sssoleileraaa approved these changes Jul 27, 2021
View reviewed changes
Copy link
Contributor

@sssoleileraaa sssoleileraaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@sssoleileraaa sssoleileraaa merged commit 1219baf into main Jul 27, 2021
@sssoleileraaa sssoleileraaa deleted the dockerfiles branch July 27, 2021 21:36
@eloquence eloquence mentioned this pull request Jul 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sssoleileraaa sssoleileraaa sssoleileraaa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI breakage for the reproducible wheels using extensions
2 participants
@kushaldas @sssoleileraaa