build pipeline : drop pypi

[darodi]

The build pipeline requires total rework and Windows binary should be digitally signed to migrate many QA issues. I would suggest switching to GH releases. When they will be in place let me know - I will redirect the domain to them.

Originally posted by @AcidWeb in #456 (comment)

@AcidWeb , @ciromattia

I integrated some PR and github actions for automatic releases in master.

It works on tag push:

kcc/.github/workflows/python-package.yml

Lines 5 to 8 in 33d57d5

	on:
	push:
	tags:
	- "v*.*.*"

If you add a secrets.PYPI_API_TOKEN in the repository, it will release to pyPi

kcc/.github/workflows/python-package.yml

Line 52 in 33d57d5

password: ${{ secrets.PYPI_API_TOKEN }}

If you give public access to
https://github.com/users/ciromattia/packages?repo_name=kcc
for docker images generated
They will be available in
https://github.com/ciromattia/kcc/pkgs/container/kcc
and could be pulled with
docker pull ghcr.io/ciromattia/kcc:latest

Originally posted by @darodi in #456 (comment)

[AcidWeb]

@darodi
README is overflowing with garbage now. Get your shit together. Focus on reliable build processes not flood users with x+1 release types and instructions.

Windows - One binary made with PyInstaller. Currently that require more than just slapping it with pyinstaller as default settings will create a binary that trigger multiple AV software.
Mac OS - Focus on x86_64 version. Reliable ARM pipeline is currently not achievable for this project.
Linux - Drop binaries completely. Tell people to use flatpak release - it is maintained.
Docker - Drop it.
PyPI - Drop it. Pushing it there was mistake.

[darodi]

@AcidWeb

Docker:
This is mainly done for kcc-c2e.py and kcc-c2p.py in command line.
I admit it doesn't make a lot of sense to run the GUI and export it to the docker host...

The project needs some refactoring to make those 2 scripts work headless
this is partly done in
https://github.com/whtsky/kcc/

---

Linux:
AppImage is there in the pipeline and doesn't need much maintenance now.
It doesn't require to install an other app: flatpak, snap.
Flatpak vs AppImage vs Snap is a long debate

[AcidWeb]

Additionally this project need switch ASAP to Kindle Previewer as source of kindlegen. Technically getting it from archive.org is breaking license of that software - even if standalone kindlegen project is dead.

[darodi]

@AcidWeb

Thanks for all your advice

Indeed, kindle previewer is a priority; #463

[AcidWeb]

Currently created Linux binary will work on very limited spectrum of distributions. I would highly suggest to make it somebody else headache.

Just don't repeat my mistakes. Every release you make is one more you need to support.

[darodi]

@AcidWeb

Windows - One binary made with PyInstaller. Currently that require more than just slapping it with pyinstaller as default settings will create a binary that trigger multiple AV software.

It seems ok on virustotal.com
A problem somewhere else?

https://www.virustotal.com/gui/url/22b2f6747853c0a114883e686431193d88d8c3575a89bef3ebc56a83b0dde31b/detection

[AcidWeb]

You tested URL not file.
https://www.virustotal.com/gui/file/7a05e8867364f6fea77caeced3916c178b0302a8695fa53c9480f70c4d33d77f

[AcidWeb]

Detection count will rise and fall over the time. That is normal for PyInstaller binaries - too much malware use it.
Rebuilding bootloader component on every build is the required minimum. Proper fix also require code signing entire binary.

[AcidWeb]

Additionally #467 is the Linux problem which I mentioned earlier. Binary is bound to specific GLIBC version.

[darodi]

@AcidWeb

would this be enough?
https://plainenglish.io/blog/pyinstaller-exe-false-positive-trojan-virus-resolved-b33842bd3184
What was your build process?
there was
os.system('pyinstaller -y -F -i icons\\comic2ebook.ico -n KCC -w --noupx kcc.py')
in version 5.5.2

[AcidWeb]

No. https://github.com/AcidWeb/CurseBreaker/blob/master/.github/workflows/build.yml#L18-L23
This will recompile bootloader during every build and edit signature a little. But will not solve the issue fully.

Build process used for 5.5.2 is totally outdated.

[darodi]

Same result with your proposal
https://www.virustotal.com/gui/file/fa02a075d709d98a08d11d4160aff6c499734721fe366e202edab48514c4c10a?nocache=1

I tried JackMcKew/pyinstaller-action-windows@main
a bit better, but still not there.
https://www.virustotal.com/gui/file/d0b96d5b2619fd3da937c8b3449eddefc2bf2866d8fdcd40120df439f27daa4a/detection

I'll continue more tests this week.
Thanks for your help.

[AcidWeb]

Output will be never clean without code signing. Point of this operation is to decrease random detection by major AV.