search

cmehay / docker-tor-hidden-service

232 stars 53 forks source link

Make docker determine the 'last tor version' #57

Closed schildbach closed 3 years ago

schildbach commented 3 years ago

This moves the logic from last_tor_version.sh into the Dockerfile itself. The Tor version can still be specified with the tor_version argument, as before. If that argument is missing, the last tor version is determined by the regular expression.

This has a couple of advantages:

1) Users need not have git, make or docker-compose installed to build the image. 2) Users can build the image entirely inside a container which reduces the trust needed in the safety of the build instructions. 3) git tag is much quicker than git ls-remote since it operates on local data.

cmehay commented 3 years ago

It seems a good idea in first, but by doing this, the build is less reproducible from the same commit.

I don't mind having the ability to build the image by itself, but please keep the tagging logic in place and lookup for the last tag at the build time only if the build argument is not present. I'm note sure, but the line you added in the dockerfile seems to override $tor_version.

schildbach commented 3 years ago

I've rebased on current master and added the same logic for torsocks, too.

I reverted the changes to Makefile and docker-compose.build.yml so that it doesn't interfere with your original tagging. The downside of this is the regular expressions are present at two places.

It seems a good idea in first, but by doing this, the build is less reproducible from the same commit.

The Dockerfile is not reproducible and never was. It's installing packages from Alpine.

I don't mind having the ability to build the image by itself, but please keep the tagging logic in place and lookup for the last tag at the build time only if the build argument is not present.

I've added a comment to the build arguments to assert that this is the case.

I'm note sure, but the line you added in the dockerfile seems to override $tor_version.

It works like this: If you specify tor_version and/or torsocks_version, it will use those versions – like before. If you omit any of those versions, they will be determined from the git tags – this is the new part.

cmehay commented 3 years ago

The Dockerfile is not reproducible and never was. It's installing packages from Alpine.

This is why I said "less", as long you can build the same tor version, is good enough.

Thanks for the commit