-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #253 adds reproducible testing container #254
Conversation
This PR adds a new container and also uses it in the CircleCI to test reproducible wheels and Debian packages. The container is based on standard Debian Buster, thus having the same version of Python and environment.
updated description to close #253 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just a few questions as i review this. ci is passing.
.circleci/config.yml
Outdated
@@ -234,29 +234,27 @@ jobs: | |||
|
|||
reprotest-wheels: | |||
docker: | |||
- image: circleci/python:3.7-buster | |||
- image: quay.io/freedomofpress/packaging-debian-buster@sha256:5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
confirmed
dockerfiles/image_hash
Outdated
@@ -0,0 +1,2 @@ | |||
# sha256 digest quay.io/freedomofpress/packaging-debian-buster:2021_07_09 | |||
7ac0e1e1c29d9a60e210e0da246a6d60e49c9eab18cf654bacf95ce5fed1413b |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't this be: 5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65
? also i'm seeing https://security-tracker.debian.org/tracker/CVE-2019-19814 for this image. trying to see if we have it documented somewhere that this is fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't this be: 5e1d3cf73ac6bfe418d499fc419bf789a0d365c51c157b704969d88d2df25e65? also i'm seeing https://security-tracker.debian.org/tracker/CVE-2019-19814 for this image. trying to see if we have it documented somewhere that this is fine.
I actually have similar question and forgot to put in the comment. The checksum mentioned here is created by our scripts, may be I did a mistake in calling the script. Thank you for pointing out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is now fixed with the hash of the newer image.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great I'll take another look at this PR
Updated the Note to self: there are still many differences between |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
This PR adds a new container and also uses it in the CircleCI
to test reproducible wheels and Debian packages. The container
is based on standard Debian Buster, thus having the same version
of Python and environment.
closes #253
How to test?