Update to digikam 7.5.0 release.

Changes: * Image now based on ubuntu-20.04 for new 7.4.0+ digikam requirements. * Removed CVE / non-reproducible build warnings. No longer applies. * Removed pre 7.5.0 non-reproducible builds, all releases are reproducible again.
r-pufky · Feb 6, 2022 · ba4a153 · ba4a153
1 parent 2227fe1
commit ba4a153
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 64 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,32 +1,4 @@
-# TODO(debian-11): Debian 11 has not been released yet for baseimage-gui.
-#     This is currently being worked on in the v4 release branch:
-#
-#     https://github.com/jlesage/docker-baseimage-gui/tree/v4
-#
-#     Digikam 7.4.0 requires libraries present in Debian 11, as well as
-#     mitigating any potential issues with CVE-2021-44228 (log4j) from any
-#     dependencies. See: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
-#
-#     It has been decided to build a pre-release debian-11 image to mitigate
-#     this potential vulnerability as well as release digikam 7.4.0. It will
-#     **NOT** be considered stable until debian-11 is released for
-#     baseimage-gui.
-#
-#     Currently, this means the the build **IS NOT** reproducible without
-#     patches. These are included in patches/ to manually reproduce (with some
-#     docker user changes).
-#
-#     Manual build reproduction:
-#       git clone https://github.com/jlesage/docker-baseimage-gui
-#       cd docker-baseimage-gui
-#       git checkout remotes/origin/v4
-#       git apply ../digikam/patches/docker-baseimage-gui.3077e2c.patch
-#       docker build -t rpufky/baseimage-gui:debian-11 .
-#
-
-# TODO(debian-11): revert when debian-11 jlesage image is released.
-#FROM jlesage/baseimage-gui:debian-10
-FROM rpufky/baseimage-gui:debian-11
+FROM jlesage/baseimage-gui:ubuntu-20.04
 ARG digikam_version=unknown
 
 ENV APP_NAME=$digikam_version \
@@ -66,8 +38,8 @@ COPY squashfs-root/ /digikam/
 # libgssapi-krb5-2       - 7.2.0 needed for digikam base.
 # libnss3                - 7.2.0 needed for digikam base.
 # libimage-exiftool-perl - 7.3.0 needed for digikam base.
-# firefox-esr            - 7.3.0 needed for smugmug auth.   
-# firefox-esr-l10n-all   - 7.3.0 needed for smugmug auth.
+# firefox-esr            - 7.3.0 needed for smugmug auth (firefox on ubuntu). 
+# firefox-esr-l10n-all   - 7.3.0 needed for smugmug auth (firefox on ubuntu).
 # libgl1-mesa-glx        - 7.4.0 needed for digikam base.
 # Ensure en.UTF-8 set for locale.
 RUN \
@@ -83,8 +55,7 @@ RUN \
   libgssapi-krb5-2 \
   libnss3 \
   libimage-exiftool-perl \
-  firefox-esr \ 
-  firefox-esr-l10n-all \
+  firefox \
   libgl1-mesa-glx \
   dbus && \
   apt-get clean autoclean && \

diff --git a/Makefile b/Makefile
@@ -5,8 +5,8 @@
 #
 # TODO: De-duplicate stable/unstable and finish simplifying build options.
 #
-version            = 7.4.0
-pre_release        = 7.4.0
+version            = 7.5.0
+pre_release        = 7.5.0
 BUILD_DIR          = digikam-build
 STAGING_DIR        = $(BUILD_DIR)/staging
 GPG_DIR            = $(BUILD_DIR)/gpg

diff --git a/README.md b/README.md
@@ -5,38 +5,27 @@ runs on Linux, Windows, and MacOS. The application provides a comprehensive set
 of tools for importing, managing, editing, and sharing photos and raw files.
 
 This is a docker image that uses the [digikam AppImage][f9] combined with
-[jlesage/baseimage-gui:debian10][5t] to enable dockerized digikam usage with all
+[jlesage/baseimage-gui:ubuntu-20.04][5t] to enable dockerized digikam usage with all
 plugins via any modern web browser without additional client configuration.
 
 Please read documentation on [jlesage/baseimage-gui][5t] for detailed baseimage
 usage.
 
-:warning:
-The 7.4.0 release requires Debian 11 as well as mitigating [CVE-2021-44228][7g].
-
-Debian 11 baseimage has not been released stable yet; therefore a custom build
-has been created. As such, 7.4.0 will not be in the 'stable' release until
-it is publically released and the build is reproducible without patches.
-
-Build reproduction instructions are located in [Dockerfile](Dockerfile).
-:warning:
-
 ## Version Tags
 This image provides various versions that are available via tags. Use `stable`
 or an explicit digikam version (e.g. 7.3.0), which will provide updates but
 minimize unexpected changes. 
 
 * `stable` will provide the latest officially released version of digikam.
-* `latest` will provide the latest digikam build and can break.
+* `latest` will provide the latest digikam build and **will** break.
 
 `stable` and `latest` containers are auto-rebuilt weekly.
 
 | Tag    | Description             | Comment                                                         |
 |--------|-------------------------|-----------------------------------------------------------------|
-| latest | digikam container 7.4.0 | [7.4.0 Release](https://download.kde.org/stable/digikam/7.4.0/) |
-| stable | digikam container 7.3.0 | [7.3.0 Release](https://download.kde.org/stable/digikam/7.3.0/) |
+| latest | digikam container 7.5.0 | [7.5.0 Release](https://download.kde.org/stable/digikam/7.5.0/) |
+| stable | digikam container 7.5.0 | [7.5.0 Release](https://download.kde.org/stable/digikam/7.5.0/) |
 
-* All binaries are based on the [jlesaige/baseimage-gui:debian9][5t] base image.
 * See detailed [release notes here][b2] for older container point releases. Only current and previous versions are kept.
 * Submit docker-related [bugs here][sl].
 * See digikam [release plan here][2k].
@@ -281,4 +270,3 @@ unmodified and copied under this license.
 [b7]: https://github.com/r-pufky/digikam/blob/master/media/digikam-setup-db.png?raw=true
 [b2]: https://github.com/r-pufky/digikam/blob/master/RELEASE.md
 [c8]: https://github.com/r-pufky/digikam/blob/master/media/digikam-setup-faces.png?raw=true
-[7g]: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
diff --git a/RELEASE.md b/RELEASE.md
@@ -5,23 +5,17 @@ Uses semantic versioning, with an additional container version number:
 
 ## Unreleased
 
-## 7.4.0
-Digikam [7.4.0 release][9f].
-
-:warning:
-The 7.4.0 release requires Debian 11 as well as mitigating [CVE-2021-44228][7g].
+## 7.5.0
+Digikam [7.5.0 relase][9f].
 
-Debian 11 baseimage has not been released stable yet; therefore a custom build
-has been created. As such, 7.4.0 will not be in the 'stable' release until
-it is publically released and the build is reproducible without patches.
+Changes:
+* update baseimage-gui to ubuntu-20.04 due to digikam changes.
 
-Build reproduction instructions are located in [Dockerfile](Dockerfile).
-:warning:
+## 7.4.0
+Digikam [7.4.0 release][9f].
 
 Changes:
-* Update baseimage-gui to use Debian 11; required by Digikam.
-* Mitigate [CVE-2021-44228][7g] via Debian 11.
-* Custom baseimage-gui build until a public Debian 11 release occurs.
+* update baseimage-gui to ubuntu-20.04 due to digikam changes.
 
 ## 7.3.0
 Digikam [7.3.0 release][9f].