This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------sSUp1KjWiPQwNqUHrb2Bbxn3
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

RGVhciBsaXN0LA0KDQpJIGhhdmUgc3RhcnRldCBwYWNrYWdpbmcgZGFuZ2Vyem9uZSBmb3Ig RGViaWFuLlsxXQ0KVGhpcyBpcyB0aGUgZmlyc3QgdGltZSBJIGhhdmUgaW5jbHVkZWQgcG9z dGluc3QgYW5kIHBvc3RybSBzY3JpcHRzIGluIGEgDQpwYWNrYWdlIGFuZCB3b3VsZCBiZSBn cmF0ZWZ1bCBmb3Igc29tZSByZXZpZXcuDQoNClNvbWUgY29udGV4dCBvbiB0aGUgcGFja2Fn ZToNCkRhbmdlcnpvbmUgaXMgYSBHVUkgYW5kIGNsaSBhcHAgdGhhdCB1c2VzIGEgRG9ja2Vy L1BvZG1hbiBjb250YWluZXIgDQp1bmRlciB0aGUgaG9vZCB0byBzYW5pdGl6ZSBGaWxlcy4N Ck9yaWdpbmFsbHksIHRoZSBhcHAgd291bGQgZG93bmxvYWQgdGhlIHdob2xlIGNvbnRhaW5l ciBpbWFnZSBhdCBmaXJzdCANCnVzZSBhZnRlciBJbnN0YWxsYXRpb24uIEZvciB0aGUgbmV3 IHZlcnNpb24gdXBzdHJlYW0gaGFzIGRlY2lkZWQgdG8gDQppbmNsdWRlIGJ1aWxkIGEgd2hv bGUgQ29udGFpbmVyLUltYWdlIGF0IGJ1aWxkIHRpbWUgYW5kIGluY2x1ZGUgdGhlIA0KNzAw TUIgaW1hZ2UgaW4gdGhlIC5kZWIgcGFja2FnZS4NCg0KVGhlIGFic3VyZCBwYWNrYWdlIHNp emUgc2V0IGFzaWRlLCBidWlsZGluZyB0aGUgaW1hZ2Ugb24gdGhlIERlYmlhbiANCmJ1aWxk IHNlcnZlcnMgd291bGQgbm90IGJlIHBvc3NpYmxlIGJlY2F1c2UgYSBuZXR3b3JrIGNvbm5l Y3Rpb24gaXMgDQpyZXF1aXJlZCBmb3IgcHVsbGluZyB0aGUgZG9ja2VyIGltYWdlLg0KVGhl cmVmb3JlIEkgbW92ZWQgdGhlIGJ1aWxkaW5nIG9mIHRoZSBpbWFnZSBmcm9tIGJ1aWxkIHRp bWUgaW50byANCmRhbmdlcnpvbmUucG9zdGluc3RbMl0sIHdoaWNoIGlzIGJhc2ljYWxseSB0 aGUgYnVpbGQtc2NyaXB0IGZyb20gDQp1cHN0cmVhbVszXSBvbmx5IHdpdGggc29tZSB2ZXJ5 IGJhc2ljIGVycm9yLWhhbmRsaW5nIGFkZGVkIHRvIGl0LiBJIGFtIA0Kbm90IHN1cmUgaWYg aW4gaXRzIGN1cnJlbnQgc3RhdGUgaXQgaXMgdmVyeSByb2J1c3QuDQoNClNvbWUgbm90ZXMg b24gdGhlIHNjcmlwdCBpdHNlbGY6DQpJdCBjdXJyZW50bHkgb25seSBjaGVja3MgaWYgcG9k bWFuIGlzIGluc3RhbGxlZCBpbiBjYXNlIG9mIGEgDQpoYWxmLWluc3RhbGxlZCBwYWNrYWdl LiBJIHdhcyBub3Qgc3VyZSBpZiB0aGVyZSB3YXMgYW55IHJlYWxseSByZWxpYWJsZSANCndh eSB0byBjaGVjayBpbnRlcm5ldCBjb25uZWN0aXZpdHksIHdoaWNoIGlzIG5lZWRlZCBmb3Ig cHVsbGluZyB0aGUgYmFzZSANCmltYWdlLCBidXQgb24gdGhlIG90aGVyIGhhbmQgc29tZSBi YXNpYyBmZWVkYmFjayBsaWtlICJCYXNlaW1hZ2UgY291bGQgDQpub3QgYmUgZG93bmxvYWRl ZCwgcGxlYXNlIGNoZWNrIHlvdXIgaW50ZXJuZXQgY29ubmVjdGl2aXR5IiB3b3VsZCBiZSAN Cmdvb2QuIFdoYXQgZG8geW91IHRoaW5rPw0KDQpLaW5kIHJlZ2FyZHMsDQpQZXltYW5laA0K DQpQUzogcGxlYXNlIGtlZXAgbWUgaW4gQ0Mgd2hlbiBhbnN3ZXJpbmcsIHNpbmNlIEkgYW0g bm90IGEgbGlzdCBzdWJzY3JpYmVyDQoNCi0tLQ0KWzFdIGh0dHBzOi8vc2Fsc2EuZGViaWFu Lm9yZy9wZXltYW5laC9kYW5nZXJ6b25lDQpbMl0gDQpodHRwczovL3NhbHNhLmRlYmlhbi5v cmcvcGV5bWFuZWgvZGFuZ2Vyem9uZS8tL2Jsb2IvZGViaWFuL3NpZC9kZWJpYW4vZGFuZ2Vy em9uZS5wb3N0aW5zdA0KWzNdIA0KaHR0cHM6Ly9zYWxzYS5kZWJpYW4ub3JnL3BleW1hbmVo L2RhbmdlcnpvbmUvLS9ibG9iL2RlYmlhbi9zaWQvaW5zdGFsbC9saW51eC9idWlsZC1pbWFn ZS5zaA0K

--------------sSUp1KjWiPQwNqUHrb2Bbxn3--

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSxU0gdtznMh6PWXc8GICPKPga91QUCYkqkpAUDAAAAAAAKCRAGICPKPga91ZLy AQCSoD4S7JI9/5VscLRrSX762joMsg7/8B2dqDV22XMU8gD/WgbWVrFYiGbYn4XHVkZmmPvT/jcw SqT0CwHKBTtyygk=
=lT/M
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Apr 04, 2022 at 07:56:20AM +0000, Peymaneh wrote:

Originally, the app would download the whole container image at first use after Installation. For the new version upstream has decided to include
build a whole Container-Image at build time and include the 700MB image in the .deb package.

The absurd package size set aside, building the image on the Debian build servers would not be possible because a network connection is required for pulling the docker image.
Therefore I moved the building of the image from build time into dangerzone.postinst[2], which is basically the build-script from upstream[3] only with some very basic error-handling added to it. I am not sure if in
its current state it is very robust.

If you download external files on install, the package should go to
contrib and, I think, prominently say that it will do this.
I also don't think you should keep the downloaded files in /usr instead of
e.g. /var.



--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmJKppctFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh CwAP/RcoEgOV3vBqHGdL76m1q1EjEynKnBW62aygvMed9Vg0yPrA6c0iF8AavdxO zXZ5m1wG2ouE6sjB7WARIJboamRWW7OptqXYik177xEy1gU+K1IuRW8c0mjT+keh /7G7mrxK8SlTX9rSeXcwOJzn0IZLmuE6AfHsHECxCOHz/OGwCKAQ4Kls89+TwZ8A LR//B6Am17h61AGS80NUR6ifWjOjTIwYjx/OoUPM+BWhJSY882eJV3sK+Merm1WS u8QAXMMJVNtJoGhiSCG8q4iGgLyw6nBNNFPnBtKqfpJvVbhykLN6Jkjm/rydGNeJ T6IazxG2mOJWewLc7nBkl3kgOxIVdHxASnmjQudVPq56ThemBPQsC0WOxC8Hj35t jnzTJosU/luc0egGiFFGBWgfnPMZar9mbXwLrUCImRtZnWtu8J5V/h+OHY/plMqn XTwnansweEmOiITR26mTd1IEBTAgn1g5IF6jmakILyE72Gm8pSBPz+GvmcQAuqWh Qfuim9lBfZ0lTlOcewvZSo+GrsfzYlxDSK1TyvLYmO+2iEKxt+dRpGPv27aeb9rF SbokREn5/tY/Lg//WXEQT2RpnUD55rPzENRQCifrjgLj5iV4WH4SXQfIHY5OT2T1 /winS1barNhDzhGwWME7vZD8qriWt0Gc1vRurGbN5DZ6usHG
=UvTQ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------O0jXVypE7v53sQyFZQ05MS3s
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

PiBPbiBNb24sIEFwciAwNCwgMjAyMiBhdCAwNzo1NjoyMEFNICswMDAwLCBQZXltYW5laCB3 cm90ZToNCj4+IE9yaWdpbmFsbHksIHRoZSBhcHAgd291bGQgZG93bmxvYWQgdGhlIHdob2xl IGNvbnRhaW5lciBpbWFnZSBhdCBmaXJzdCB1c2UNCj4+IGFmdGVyIEluc3RhbGxhdGlvbi4g Rm9yIHRoZSBuZXcgdmVyc2lvbiB1cHN0cmVhbSBoYXMgZGVjaWRlZCB0byBpbmNsdWRlDQo+ PiBidWlsZCBhIHdob2xlIENvbnRhaW5lci1JbWFnZSBhdCBidWlsZCB0aW1lIGFuZCBpbmNs dWRlIHRoZSA3MDBNQiBpbWFnZSBpbg0KPj4gdGhlIC5kZWIgcGFja2FnZS4NCj4+IA0KPj4g VGhlIGFic3VyZCBwYWNrYWdlIHNpemUgc2V0IGFzaWRlLCBidWlsZGluZyB0aGUgaW1hZ2Ug b24gdGhlIERlYmlhbiBidWlsZA0KPj4gc2VydmVycyB3b3VsZCBub3QgYmUgcG9zc2libGUg YmVjYXVzZSBhIG5ldHdvcmsgY29ubmVjdGlvbiBpcyByZXF1aXJlZCBmb3INCj4+IHB1bGxp bmcgdGhlIGRvY2tlciBpbWFnZS4NCj4+IFRoZXJlZm9yZSBJIG1vdmVkIHRoZSBidWlsZGlu ZyBvZiB0aGUgaW1hZ2UgZnJvbSBidWlsZCB0aW1lIGludG8NCj4+IGRhbmdlcnpvbmUucG9z dGluc3RbMl0sIHdoaWNoIGlzIGJhc2ljYWxseSB0aGUgYnVpbGQtc2NyaXB0IGZyb20gdXBz dHJlYW1bM10NCj4+IG9ubHkgd2l0aCBzb21lIHZlcnkgYmFzaWMgZXJyb3ItaGFuZGxpbmcg YWRkZWQgdG8gaXQuIEkgYW0gbm90IHN1cmUgaWYgaW4NCj4+IGl0cyBjdXJyZW50IHN0YXRl IGl0IGlzIHZlcnkgcm9idXN0Lg0KPiBJZiB5b3UgZG93bmxvYWQgZXh0ZXJuYWwgZmlsZXMg b24gaW5zdGFsbCwgdGhlIHBhY2thZ2Ugc2hvdWxkIGdvIHRvDQo+IGNvbnRyaWIgYW5kLCBJ IHRoaW5rLCBwcm9taW5lbnRseSBzYXkgdGhhdCBpdCB3aWxsIGRvIHRoaXMuDQo+IEkgYWxz byBkb24ndCB0aGluayB5b3Ugc2hvdWxkIGtlZXAgdGhlIGRvd25sb2FkZWQgZmlsZXMgaW4g L3VzciBpbnN0ZWFkIG9mDQo+IGUuZy4gL3Zhcg0KDQpPZiBjb3Vyc2UsIHRoYXQgbWFrZXMg c2Vuc2UuLiBJIGhhdmVuJ3QgaGFkIGNvbnNpZGVyZWQgdGhlIGltcGxpY2F0aW9ucyANCmZv ciB1c2VyLXByaXZhY3kgdW50aWwgbm93Li4NCg0KSSBoYXZlIGFkZGVkIGEgbm90aWNlIHRv IHRoZSBwYWNrYWdlIGRlc2NyaXB0aW9uIGFuZCBjb3B5cmlnaHQgZmlsZSBhbmQgDQpjaGFu Z2VkIHRoZSBkZXN0aW5hdGlvbiBmb3IgdGhlIGRvd25sb2FkZWQgZmlsZXMgdG8gL3Zhci9s aWIvZGFuZ2Vyem9uZS4NCg0KSSBqdXl0IGxvb2tlZCB0aHJvdWdoIHRoZSBwb2xpY3kgYW5k IGl0IGFkdmlzZXMgdG8gdXNlIHVzZXItcHJvbXB0cyBmb3IgDQpwb3N0aW5zdC1zY3JpcHRz IGFzIHNwYXJzZSBhcyBwb3NzaWJsZSwgc28gcHJvYmFibHkgYSBwcm9tcHQgZm9yIA0KdXNl ci1jb25zZW50IHdvdWxkIGJlIGEgbGl0dGxlIG92ZXJraWxsICg/KQ0KDQpraW5kIHJlZ2Fy ZHMsDQpQZXltYW5laA0K

--------------O0jXVypE7v53sQyFZQ05MS3s--

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSxU0gdtznMh6PWXc8GICPKPga91QUCYkse1AUDAAAAAAAKCRAGICPKPga91Ywz AP9WrV/U+BwljoBWY6MFjRYTrvmiIbQ9MOIxRpXcgiMWqgEAi09XfvhB5xIxvUzLv7REhu8Gh/E1 9mEDfs5zUTHPhgs=
=1rUb
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Peymaneh, all,

Thank you for working on this!

I'm not sure if there are similar packages in the archive, which build container images; there might be no established practice and policy so
far.

* The 'apk add' call in the Containerfile could rely on the '--no-cache'
option, or '/var/cache/apk/*' could be dropped, in the end. Doing so
would limit the final size of the image.

* Is there a mechanism in place to (re)build the container
regularly, to ensure packages installed in the container are updated,
after the initial installation?

* It might make sense to install some sort of script, which would be
responsible to create and/or update the container.

* Having such a script in place would allow to call it after initial
installation of the package via postinst, but also regularly via cron,
systemd timers, etc.

* To check for Internet connectivity, GNOMEs NetworkManager fetches a
URL (and checks the body or HTTP status code). See [1] for the commit
which introduced this functionality in Debian.

* Related: unattended-upgrades, by default, doesn't handle updates if
the Internet connection is 'metered', to prevent excessive data usage.
See [2] for details.

Cheers,
georg


[1] https://salsa.debian.org/utopia-team/network-manager/-/commit/6fbba288cffd647fc55817a1b2c05f04dcd1c0d2
[2] https://github.com/mvo5/unattended-upgrades/commit/a0ecfba0e6e2974e01a351d788843da54234e2e6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)