Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added preliminary Dockerfile and tooling #2

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Added preliminary Dockerfile and tooling #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e77592
Added preliminary Dockerfile and tooling
InnovativeInventor Aug 12, 2020
b9c83d0
Swapped the droplet create actions around
InnovativeInventor Aug 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

A collection of community contributions for [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium). Inspired by [this blog post by Drew DeVault](https://drewdevault.com/2020/06/06/Add-a-contrib-directory.html)

## Layout

All docker-related things are in [`/docker`](/docker) and are mostly intended to move ungoogled-chromium towards a more reproducible build system.
Copy link
Member

@Eloston Eloston Aug 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's necessary to have a Layout section, because anyone can contribute anything to contrib at any point. Too much structure makes things difficult, and we should minimize difficulty.

It should be sufficient to simply have a README.md inside your docker directory, as users should find that on their own without any indication.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should narrow the scope of your changes a bit more. Right now, your changes are only for Debian, and not for all platforms. Could we change the docker directory name and the README within to reflect reproducible builds for Debian using Docker?

If we manage to implement reproducibility on more platforms, we can consider merging the efforts.

Fair point! Does a /scripts/builds thing work or were you thinking of something else?
I'll put a thing in the README about all the scripts being in /scripts if you think that's best -- if not, I'll remove the layout section entirely.

Reproducible builds is one of the main goals of having a Dockerfile build process, but it isn't the only main goal -- it's also great if users want to build it themselves (all they need to do is build the Dockefile). I'm thinking about perhaps adding Dockerfiles for other architectures/OSes before I get reproducible builds working.

Lmk what you think -- I'm not particularly attached to any of the above ideas.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe a directory like reproducible-debian? If we want to add more code regarding reproducibility in the future, then we could move your code into reproducible-debian/docker.

Reproducible builds is one of the main goals of having a Dockerfile build process, but it isn't the only main goal -- it's also great if users want to build it themselves (all they need to do is build the Dockefile)

Docker is pretty useful, but I don't agree with your premise (i.e. easier for users to build it themselves) for a few nitpicky reasons:

  1. I think Docker adds another unnecessary layer. The overhead of Docker is higher than users installing the build dependencies directly on their system. Not only does it take more space, but Docker is pretty invasive, configuring kernel-level stuff like nftables (for NAT). While you could probably configure Docker not to do this, it's not ideal for a user who likes to have a comprehensive understanding and control of their system (an analogy would be someone's personal garden).
  2. Docker only works for Linux systems. It won't help us with reproducibility for macOS and Windows.
  3. I'd argue that the build process for all platforms can be made nearly as simple as a Dockerfile, if need to be.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've used Docker on both Debian and macOS to build UC so here are my opinions:

  • Docker on macOS is possible, but very inefficient since it needs a VM to run. Meanwhile if you do not have UI access to the mac machine you cannot use VirtualBox due to a copyright/license problem I think, and the other VM is old and not well maintained.

  • If the user uses a remote machine for building, than Docker can potentially be a necessary tool. There exists a lot of cloud solutions based on Docker so I believe it is not much riskier than, say running a LAMP stack. The reason I used Docker is there are often a lot of restrictions on remote machines, for example:

    • The machines themselves are often virtualized in KVM or Xen so you cannot use type 2 hypervisors inside it, including KVM and VirtualBox
    • There are often limited offering of OSes by cloud provider. For example, Gaudi.net (the one I am using for Android build) does not have Fedora so I have to use Docker on Debian

    In these cases, Docker is basically the only way to get a working environment.

I think a reasonable point is that, Docker and Dockerfile can be useful for those who need it, and it can potentially be more friendly to users who want to make small changes to the project. IMO the problem it solves better is a quick to establish development/build environment, reproducibility is a nice addon.

You can easily build ungoogled-chromium in a containerized (or remote) environment using the tools in [`/docker`](/docker).

Further information can be found at [`/docker/README.md`](/docker/README.md).

## Motivation

The target audience includes those who maintain their own ungoogled-chromium-based browsers. Some potential use cases include:
Expand Down
29 changes: 29 additions & 0 deletions docker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
## Docker + ungoogled_chromium builds

This folder is intended to contain scripts, Dockerfiles, and other misc. files to assist in the creation of reproducible builds.
To that end, all Dockerfiles are pinned to a particular Debian version (it's a best practice anyways) and everything is, if possible, specified by hash.
A reproducible environment is the first step towards reproducible builds.
Each separate platform will be in a different folder (e.g. [`./debian/`](/docker/debian)).

## Building on a VPS
To aid in the ease of reproducing (the easier it is to reproduce or build, the more people will do it), some simple scripts have been added to setup and teardown a VPS instance.
Right now, the scripts are only written for DigitalOcean, but contributions are welcome!

### DigitalOcean setup
Deps:

- [doctl](https://github.com/digitalocean/doctl)

To setup a VPS instance on DigitalOcean, run:
```
bash do-setup.sh [ssh-key]
```
where `[ssh-key]` is the id of one of your DigitalOcean ssh keys (you can list them by running `doctl compute ssh-key list`)

To teardown, execute:
```
bash do-teardown.sh
```

## Contributions
Just follow the same format as above.
27 changes: 27 additions & 0 deletions docker/debian/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Here we make sure to specify the digest to prevent tampering and ensure reproducibility
# This is from https://hub.docker.com/layers/debian/library/debian/buster-slim/images/sha256-e0a33348ac8cace6b4294885e6e0bb57ecdfe4b6e415f1a7f4c5da5fe3116e02?context=explore

FROM debian@sha256:e0a33348ac8cace6b4294885e6e0bb57ecdfe4b6e415f1a7f4c5da5fe3116e02

LABEL maintainer="[email protected]"

# The following lines have been modified from the README
RUN apt-get update && apt-get install -y git python3 packaging-dev equivs

RUN git clone --recurse-submodules https://github.com/ungoogled-software/ungoogled-chromium-debian.git

# Checkout to commit: https://github.com/ungoogled-software/ungoogled-chromium-debian/commit/1c1b44277f7b0c88fc510394e25ec9d1d0dfcb7a
RUN git -C ungoogled-chromium-debian checkout --recurse-submodules 1c1b44277f7b0c88fc510394e25ec9d1d0dfcb7a && mkdir -p build/src && cp -r ungoogled-chromium-debian/debian build/src/

# From: https://superuser.com/questions/164553/automatically-answer-yes-when-using-apt-get-install
RUN echo 'APT::Get::Assume-Yes "true";' >> /etc/apt/apt.conf.d/forceyes
RUN echo 'APT::Get::force-yes "true";' >> /etc/apt/apt.conf.d/forceyes

# The rest of the Dockerfile is modified from the README
RUN cd build/src && ./debian/scripts/setup debian && mk-build-deps -i debian/control

# RUN rm ungoogled-chromium-build-deps_*

RUN cd build/src && ./debian/scripts/setup local-src

RUN cd build/src && dpkg-buildpackage -b -uc
16 changes: 16 additions & 0 deletions docker/do-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/usr/bin/env bash

# Helper to setup a digitalocean VPS with all the right stuff
# Usage: bash do-setup.sh [ssh-key-id]
# If you do not specify ssh-key-id, you need to know the root password!

# Example: bash do-setup.sh 28142601

if [ -z "$1" ]; then
doctl compute droplet create "ungoogled-chromium" --image ubuntu-20-04-x64 --region nyc1 --size s-6vcpu-16gb
else
doctl compute droplet create "ungoogled-chromium" --image ubuntu-20-04-x64 --region nyc1 --size s-6vcpu-16gb --ssh-keys $1
fi

echo "curl -fsSL https://get.docker.com -o get-docker.sh" | doctl compute ssh "ungoogled-chromium"
echo "sh get-docker.sh" | doctl compute ssh "ungoogled-chromium"
6 changes: 6 additions & 0 deletions docker/do-teardown.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env bash

# Helper to destroy a digitalocean VPS that was created with do-setup.sh
# Usage: bash do-teardown.sh

doctl compute droplet delete "ungoogled-chromium"