Merge branch 'hotfix-0.7.1' into main

CHANGELOG.md

@@ -11,6 +11,12 @@ since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.or
 
 - Point to the installation instructions that the Tails team maintains for Dangerzone ([announcement](https://tails.net/news/dangerzone/index.en.html))
 
+## [0.7.1](https://github.com/freedomofpress/dangerzone/compare/v0.7.1...v0.7.0)
+
+### Fixed
+
+- Fix an `image-id.txt` mismatch happening on Docker Desktop >= 4.30.0 ([#933](https://github.com/freedomofpress/dangerzone/issues/933))
+
 ## [0.7.0](https://github.com/freedomofpress/dangerzone/compare/v0.7.0...v0.6.1)
 
 ### Added

Dockerfile

@@ -100,7 +100,9 @@ FROM alpine:latest
 RUN apk --no-cache -U upgrade && \
     apk --no-cache add python3
 
-RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)"; \
+# Temporarily pin gVisor to the latest working version (release-20240826.0).
+# See: https://github.com/freedomofpress/dangerzone/issues/928
+RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/20240826/$(uname -m)"; \
     wget "${GVISOR_URL}/runsc" "${GVISOR_URL}/runsc.sha512" && \
     sha512sum -c runsc.sha512 && \
     rm -f runsc.sha512 && \

README.md

@@ -13,8 +13,8 @@ _Read more about Dangerzone in the [official site](https://dangerzone.rocks/abou
 ## Getting started
 
 ### MacOS
-- Download [Dangerzone 0.7.0 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.0/Dangerzone-0.7.0-arm64.dmg)
-- Download [Dangerzone 0.7.0 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.0/Dangerzone-0.7.0-i686.dmg)
+- Download [Dangerzone 0.7.1 for Mac (Apple Silicon CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.1/Dangerzone-0.7.1-arm64.dmg)
+- Download [Dangerzone 0.7.1 for Mac (Intel CPU)](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.1/Dangerzone-0.7.1-i686.dmg)
 
 You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `brew install --cask dangerzone`
 
@@ -24,7 +24,7 @@ You can also install Dangerzone for Mac using [Homebrew](https://brew.sh/): `bre
 
 ### Windows
 
-- Download [Dangerzone 0.7.0 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.0/Dangerzone-0.7.0.msi)
+- Download [Dangerzone 0.7.1 for Windows](https://github.com/freedomofpress/dangerzone/releases/download/v0.7.1/Dangerzone-0.7.1.msi)
 
 > **Note**: you will also need to install [Docker Desktop](https://www.docker.com/products/docker-desktop/).
 > This program needs to run alongside Dangerzone at all times, since it is what allows Dangerzone to

RELEASE.md

@@ -285,6 +285,8 @@ Once we are confident that the release will be out shortly, and doesn't need any
 - [ ] Verify and checkout the git tag for this release
 - [ ] Run `poetry install --sync`
 - [ ] Run `poetry run ./install/macos/build-app.py`; this will make `dist/Dangerzone.app`
+- [ ] Make sure that the build application works with the containerd graph
+  driver (see [#933](https://github.com/freedomofpress/dangerzone/issues/933))
 - [ ] Run `poetry run ./install/macos/build-app.py --only-codesign`; this will make `dist/Dangerzone.dmg`
   * You need to run this command as the account that has access to the code signing certificate
   * You must run this command from the MacOS UI, from a terminal application.
@@ -328,7 +330,10 @@ The Windows release is performed in a Windows 11 virtual machine as opposed to a
 - [ ] Run `poetry install --sync`
 - [ ] Copy the container image into the VM
   > [!IMPORTANT]
-  > Instead of running `python .\install\windows\build-image.py` in the VM, run the build image script on the host (making sure to build for `linux/amd64`). Copy `share/container.tar.gz` and `share/image-id.txt` from the host into the `share` folder in the VM
+  > Instead of running `python .\install\windows\build-image.py` in the VM, run the build image script on the host (making sure to build for `linux/amd64`). Copy `share/container.tar.gz` and `share/image-id.txt` from the host into the `share` folder in the VM.
+  > Also, don't forget to add the supplementary image ID (see
+  > [#933](https://github.com/freedomofpress/dangerzone/issues/933)) in
+  > `share/image-id.txt`)
 - [ ] Run `poetry run .\install\windows\build-app.bat`
 - [ ] When you're done you will have `dist\Dangerzone.msi`
 

dangerzone/isolation_provider/container.py

@@ -194,7 +194,7 @@ class Container(IsolationProvider):
         """
         # Get the image id
         with open(get_resource_path("image-id.txt")) as f:
-            expected_image_id = f.read().strip()
+            expected_image_ids = f.read().strip().split()
 
         # See if this image is already installed
         installed = False
@@ -212,7 +212,7 @@ class Container(IsolationProvider):
         )
         found_image_id = found_image_id.strip()
 
-        if found_image_id == expected_image_id:
+        if found_image_id in expected_image_ids:
             installed = True
         elif found_image_id == "":
             pass

install/linux/dangerzone.spec

@@ -32,7 +32,7 @@ Name:           dangerzone-qubes
 Name:           dangerzone
 %endif
 
-Version:        0.7.0
+Version:        0.7.1
 Release:        1%{?dist}
 Summary:        Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "dangerzone"
-version = "0.7.0"
+version = "0.7.1"
 description = "Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs"
 authors = ["Freedom of the Press Foundation <info@freedom.press>", "Micah Lee <micah.lee@theintercept.com>"]
 license = "AGPL-3.0"

share/version.txt

@@ -1 +1 @@
-0.7.0
+0.7.1