add 3 Docker users/build helpers : local_dev, repro and latest, update README.md to simplify usage #1855
Conversation
- Kill any GPG toolstack USB host consumers of USB devices so targets/qemu.md instruction can be used as intended (usb security dongles, HOTP features) Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…uilders(local repro of CircleCI builds), referring to ./docker_*.sh scripts created Signed-off-by: Thierry Laurion <insurgo@riseup.net>
|
Bugfix extensively tested under hotp-verification upcoming modifications. TODO: improve README.md notes in regard of OpenPGP smartcard usage outside of reverse HOTP sealing of TPMTOP secret, which requires the fixes of this PR ot flawlessly work out of the box. Tagging as input for docs. Merging without review: this is dev oriented but help anyone wanting to test/use heads without additional hardware or to automatically test/unit test. Notes for automated testing: use whiptail flavors so menus can be selected with their corresponding letters instead of emulating keypress/navigation of fbwhiptail menus. fbwhiptail is meant to be used to check visual consistency when doing string outputs for end user oriented UX changes,is slower under qemu TCG (not kvm; under QubesOS: since we still do not have nested qemu virt support from Xen therefore cannot use kvm yet). |
This pull request includes significant updates to the
README.mdfile and the addition of three new helper scripts for creating/consuming Docker images. The changes aim to streamline the development/usage workflow and enhance reproducibility.Documentation updates:
README.md: Updated instructions for building the Docker image and provided details about three new helper scripts:docker_local_dev.sh,docker_latest.sh, anddocker_repro.sh. Clarified the reproducibility of builds and provided examples for using these scripts. [1] [2] [3]New helper scripts:
docker_local_dev.sh: Added a script to build and use a local;y created Docker image from nix flakes.nix and flakes.lock for local development, including checks for Nix and Docker installations, and a warning about non-reproducible builds and docker usage once jumped in itdocker_latest.sh: Added a script to use the latest published Docker image for development, with options for setting the number of CPUs and enabling verbose modedocker_repro.sh: Added a script to use the versioned Docker image specified in the CircleCI configuration for reproducible builds, with options for setting the number of CPUs and enabling verbose mode.Fixes longterm issue of being able to use USB Security dongles under QubesOS with Qemu not being able to obtain usb devices exclusivity as opposed to kvm. The scripts kill gpg toolstack consumers of usb devices on host.
Finally fixes #1490