Add sanity check

[Eeems]

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced make_for_remarkable.sh script for Docker-based ARM builds.
  • Added build commands in the README: make executable and make portable.

• Improvements

  • Enhanced build workflow with new sanity check and error handling.
  • Updated .gitignore to exclude nuitka-crash-report.xml.
  • Refined Makefile for better organization and streamlined builds.

These updates aim to improve the build process and provide clearer instructions for users.

[coderabbitai]

Actionable comments posted: 9

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between 4448fa7 and 902550d.

📒 Files selected for processing (5)

• .github/workflows/build.yml (2 hunks)
• .gitignore (1 hunks)
• Makefile (4 hunks)
• README.md (1 hunks)
• make_for_remarkable.sh (1 hunks)

🔇 Additional comments (4)

Makefile (3)

103-103: Good addition of --remove-output flag

The --remove-output flag helps clean up intermediate build files, which is particularly useful in CI/CD environments.

---

87-90: Verify the security of the custom wheel repository

Using a custom wheel repository (wheels.eeems.codes) could pose security risks. Ensure that:

1. The repository is properly secured and maintained
2. Package integrity is verified
3. Consider pinning specific versions of wheel and nuitka for reproducible builds

---

107-130: ⚠️ Potential issue

Add version verification for bundled libraries

While bundling system libraries makes the build portable, consider:

1. Adding version checks for bundled libraries
2. Verifying security implications of bundling specific versions
3. Adding a mechanism to update bundled libraries when security patches are available

Consider adding version checks before bundling:

+'--include-data-files=$(shell pkgconf --modversion fuse):$(shell pkgconf --variable=libdir fuse)/libfuse.so=libfuse.so.2' \
+'--include-data-files=$(shell pkgconf --modversion libssl):$(shell pkgconf --variable=libdir libssl)/libssl.so=libssl.so.1' \
+'--include-data-files=$(shell pkgconf --modversion libcrypto):$(shell pkgconf --variable=libdir libcrypto)/libcrypto.so=libcrypto.so.3' \

.github/workflows/build.yml (1)

285-288: Good handling of portable artifact uploads

The implementation properly handles both regular and portable builds, with appropriate overwrite behavior using --clobber.