From 1ab14dbd86d01b61e0d2dde92401e192ca137661 Mon Sep 17 00:00:00 2001 From: deeplow Date: Thu, 29 Jun 2023 09:25:50 +0100 Subject: [PATCH] Use containers in Qubes until Beta Reverse the logic in Qubes to run in containers by default and only perform the conversion with VMs when explicitly set by the env var QUBES_CONVERSION=1. This will avoid surprises when someone installs Dangerzone on Qubes expecting it to work out of the box just like any other Linux. Fixes #451 --- BUILD.md | 22 ++++++---------------- dangerzone/cli.py | 5 ++--- dangerzone/conversion/common.py | 5 +---- dangerzone/gui/__init__.py | 5 ++--- dangerzone/isolation_provider/qubes.py | 20 +++++++++++++++++++- 5 files changed, 30 insertions(+), 27 deletions(-) diff --git a/BUILD.md b/BUILD.md index f8494b6..5e64476 100644 --- a/BUILD.md +++ b/BUILD.md @@ -104,23 +104,13 @@ Create a .rpm: ## Qubes OS -
- :memo: Expand this section if you want to use containers instead of disposable qubes. -
- - Create a Debian or Fedora-based development standalone qube with at least - 8GB of private storage space, and follow the relevant instructions above for - the respective template. - - Remember to set the environment variable `DZ_USE_CONTAINERS=1`, before executing - Dangerzone. - - Over time, you may need to increase disk space or prune outdated container - images if you run into build issues on this VM. -
> :warning: Native Qubes support is in alpha stage, so the instructions below > require switching between qubes, and are subject to change. +> +> If you want to build Dangerzone on Qubes and use containers instead of disposable +> qubes, please follow the intructions of Fedora / Debian instead. + ### Initial Setup @@ -248,10 +238,10 @@ can run the following commands in the `dz` app qube: poetry shell # run the CLI -./dev_scripts/dangerzone-cli --help +QUBES_CONVERSION=1 ./dev_scripts/dangerzone-cli --help # run the GUI -./dev_scripts/dangerzone +QUBES_CONVERSION=1 ./dev_scripts/dangerzone ``` Create a .rpm: diff --git a/dangerzone/cli.py b/dangerzone/cli.py index 1d31c05..2361399 100644 --- a/dangerzone/cli.py +++ b/dangerzone/cli.py @@ -6,11 +6,10 @@ import click from colorama import Back, Fore, Style from . import args, errors -from .conversion.common import running_on_qubes from .document import ARCHIVE_SUBDIR, SAFE_EXTENSION from .isolation_provider.container import Container from .isolation_provider.dummy import Dummy -from .isolation_provider.qubes import Qubes +from .isolation_provider.qubes import Qubes, is_qubes_native_conversion from .logic import DangerzoneCore from .util import get_version @@ -65,7 +64,7 @@ def cli_main( if getattr(sys, "dangerzone_dev", False) and dummy_conversion: dangerzone = DangerzoneCore(Dummy()) - elif running_on_qubes(): + elif is_qubes_native_conversion(): dangerzone = DangerzoneCore(Qubes()) else: dangerzone = DangerzoneCore(Container(enable_timeouts=enable_timeouts)) diff --git a/dangerzone/conversion/common.py b/dangerzone/conversion/common.py index 5f6de42..93cd1b2 100644 --- a/dangerzone/conversion/common.py +++ b/dangerzone/conversion/common.py @@ -19,10 +19,7 @@ TIMEOUT_MIN: float = 60 # (seconds) def running_on_qubes() -> bool: # https://www.qubes-os.org/faq/#what-is-the-canonical-way-to-detect-qubes-vm - if os.environ.get("DZ_USE_CONTAINERS", "0") == "0": - return os.path.exists("/usr/share/qubes/marker-vm") - else: - return False + return os.path.exists("/usr/share/qubes/marker-vm") async def read_stream( diff --git a/dangerzone/gui/__init__.py b/dangerzone/gui/__init__.py index 1e5495b..08fa44e 100644 --- a/dangerzone/gui/__init__.py +++ b/dangerzone/gui/__init__.py @@ -21,11 +21,10 @@ else: from PySide2 import QtCore, QtGui, QtWidgets from .. import args, errors -from ..conversion.common import running_on_qubes from ..document import Document from ..isolation_provider.container import Container from ..isolation_provider.dummy import Dummy -from ..isolation_provider.qubes import Qubes +from ..isolation_provider.qubes import Qubes, is_qubes_native_conversion from ..util import get_resource_path, get_version from .logic import DangerzoneGui from .main_window import MainWindow @@ -105,7 +104,7 @@ def gui_main( if getattr(sys, "dangerzone_dev", False) and dummy_conversion: dummy = Dummy() dangerzone = DangerzoneGui(app, isolation_provider=dummy) - elif running_on_qubes(): + elif is_qubes_native_conversion(): qubes = Qubes() dangerzone = DangerzoneGui(app, isolation_provider=qubes) else: diff --git a/dangerzone/isolation_provider/qubes.py b/dangerzone/isolation_provider/qubes.py index 9a9eb9d..7ddb9be 100644 --- a/dangerzone/isolation_provider/qubes.py +++ b/dangerzone/isolation_provider/qubes.py @@ -19,8 +19,9 @@ from .base import IsolationProvider log = logging.getLogger(__name__) +from ..conversion.common import running_on_qubes from ..conversion.pixels_to_pdf import PixelsToPDF -from ..util import get_subprocess_startupinfo, get_tmp_dir +from ..util import get_resource_path, get_subprocess_startupinfo, get_tmp_dir CONVERTED_FILE_PATH = ( # FIXME won't work for parallel conversions (see #454) @@ -173,3 +174,20 @@ class Qubes(IsolationProvider): bufsize_bytes = len(temp_file.getvalue()).to_bytes(4) wpipe.write(bufsize_bytes) wpipe.write(temp_file.getvalue()) + + +def is_qubes_native_conversion() -> bool: + """Returns True if the conversion should be run using Qubes OS's diposable + VMs and False if not.""" + if running_on_qubes(): + if getattr(sys, "dangerzone_dev", False): + return os.environ.get("QUBES_CONVERSION", "0") == "1" + + # XXX If Dangerzone is installed check if container image was shipped + # This disambiguates if it is running a Qubes targetted build or not + # (Qubes-specific builds don't ship the container image) + + compressed_container_path = get_resource_path("container.tar.gz") + return not os.path.exists(compressed_container_path) + else: + return False