Use containers in Qubes until Beta

Reverse the logic in Qubes to run in containers by default and only perform the conversion with VMs when explicitly set by the env var QUBES_CONVERSION=1. This will avoid surprises when someone installs Dangerzone on Qubes expecting it to work out of the box just like any other Linux. Fixes #451
2025-04-28 09:52:37 +02:00 · 2023-06-29 09:25:50 +01:00 · 2023-06-29 09:25:50 +01:00 · 1ab14dbd86
commit 1ab14dbd86
parent 8b8f2a207c
5 changed files with 30 additions and 27 deletions
--- a/BUILD.md
+++ b/BUILD.md
@ -104,23 +104,13 @@ Create a .rpm:

 ## Qubes OS

-<details>
-  <summary><i>:memo: Expand this section if you want to use containers instead of disposable qubes.</i></summary>
-  </br>
-
-  Create a Debian or Fedora-based development standalone qube with at least
-  8GB of private storage space, and follow the relevant instructions above for
-  the respective template.
-
-  Remember to set the environment variable `DZ_USE_CONTAINERS=1`, before executing
-  Dangerzone.
-
-  Over time, you may need to increase disk space or prune outdated container
-  images if you run into build issues on this VM.
-</details>

 > :warning: Native Qubes support is in alpha stage, so the instructions below
 > require switching between qubes, and are subject to change.
+>
+> If you want to build Dangerzone on Qubes and use containers instead of disposable
+> qubes, please follow the intructions of Fedora / Debian instead.
+

 ### Initial Setup

@ -248,10 +238,10 @@ can run the following commands in the `dz` app qube:
 poetry shell

 # run the CLI
-./dev_scripts/dangerzone-cli --help
+QUBES_CONVERSION=1 ./dev_scripts/dangerzone-cli --help

 # run the GUI
-./dev_scripts/dangerzone
+QUBES_CONVERSION=1 ./dev_scripts/dangerzone
 ```

 Create a .rpm:
--- a/dangerzone/cli.py
+++ b/dangerzone/cli.py
@ -6,11 +6,10 @@ import click
 from colorama import Back, Fore, Style

 from . import args, errors
-from .conversion.common import running_on_qubes
 from .document import ARCHIVE_SUBDIR, SAFE_EXTENSION
 from .isolation_provider.container import Container
 from .isolation_provider.dummy import Dummy
-from .isolation_provider.qubes import Qubes
+from .isolation_provider.qubes import Qubes, is_qubes_native_conversion
 from .logic import DangerzoneCore
 from .util import get_version

@ -65,7 +64,7 @@ def cli_main(

    if getattr(sys, "dangerzone_dev", False) and dummy_conversion:
        dangerzone = DangerzoneCore(Dummy())
-    elif running_on_qubes():
+    elif is_qubes_native_conversion():
        dangerzone = DangerzoneCore(Qubes())
    else:
        dangerzone = DangerzoneCore(Container(enable_timeouts=enable_timeouts))
--- a/dangerzone/conversion/common.py
+++ b/dangerzone/conversion/common.py
@ -19,10 +19,7 @@ TIMEOUT_MIN: float = 60  # (seconds)

 def running_on_qubes() -> bool:
    # https://www.qubes-os.org/faq/#what-is-the-canonical-way-to-detect-qubes-vm
-    if os.environ.get("DZ_USE_CONTAINERS", "0") == "0":
-        return os.path.exists("/usr/share/qubes/marker-vm")
-    else:
-        return False
+    return os.path.exists("/usr/share/qubes/marker-vm")


 async def read_stream(
--- a/dangerzone/gui/init.py
+++ b/dangerzone/gui/init.py
@ -21,11 +21,10 @@ else:
        from PySide2 import QtCore, QtGui, QtWidgets

 from .. import args, errors
-from ..conversion.common import running_on_qubes
 from ..document import Document
 from ..isolation_provider.container import Container
 from ..isolation_provider.dummy import Dummy
-from ..isolation_provider.qubes import Qubes
+from ..isolation_provider.qubes import Qubes, is_qubes_native_conversion
 from ..util import get_resource_path, get_version
 from .logic import DangerzoneGui
 from .main_window import MainWindow
@ -105,7 +104,7 @@ def gui_main(
    if getattr(sys, "dangerzone_dev", False) and dummy_conversion:
        dummy = Dummy()
        dangerzone = DangerzoneGui(app, isolation_provider=dummy)
-    elif running_on_qubes():
+    elif is_qubes_native_conversion():
        qubes = Qubes()
        dangerzone = DangerzoneGui(app, isolation_provider=qubes)
    else:
--- a/dangerzone/isolation_provider/qubes.py
+++ b/dangerzone/isolation_provider/qubes.py
@ -19,8 +19,9 @@ from .base import IsolationProvider

 log = logging.getLogger(__name__)

+from ..conversion.common import running_on_qubes
 from ..conversion.pixels_to_pdf import PixelsToPDF
-from ..util import get_subprocess_startupinfo, get_tmp_dir
+from ..util import get_resource_path, get_subprocess_startupinfo, get_tmp_dir

 CONVERTED_FILE_PATH = (
    # FIXME won't work for parallel conversions (see #454)
@ -173,3 +174,20 @@ class Qubes(IsolationProvider):
        bufsize_bytes = len(temp_file.getvalue()).to_bytes(4)
        wpipe.write(bufsize_bytes)
        wpipe.write(temp_file.getvalue())
+
+
+def is_qubes_native_conversion() -> bool:
+    """Returns True if the conversion should be run using Qubes OS's diposable
+    VMs and False if not."""
+    if running_on_qubes():
+        if getattr(sys, "dangerzone_dev", False):
+            return os.environ.get("QUBES_CONVERSION", "0") == "1"
+
+        # XXX If Dangerzone is installed check if container image was shipped
+        # This disambiguates if it is running a Qubes targetted build or not
+        # (Qubes-specific builds don't ship the container image)
+
+        compressed_container_path = get_resource_path("container.tar.gz")
+        return not os.path.exists(compressed_container_path)
+    else:
+        return False