diff --git a/QA.md b/QA.md index 5302f92..0f0a760 100644 --- a/QA.md +++ b/QA.md @@ -109,7 +109,6 @@ version. For example: ``` $ docker images dangerzone.rocks/dangerzone REPOSITORY TAG IMAGE ID CREATED SIZE -dangerzone.rocks/dangerzone latest dangerzone.rocks/dangerzone ``` @@ -121,7 +120,6 @@ and seeing the following differences: ``` $ docker images dangerzone.rocks/dangerzone REPOSITORY TAG IMAGE ID CREATED SIZE -dangerzone.rocks/dangerzone latest dangerzone.rocks/dangerzone ``` diff --git a/dangerzone/container_utils.py b/dangerzone/container_utils.py index 6d1e48f..5f9172e 100644 --- a/dangerzone/container_utils.py +++ b/dangerzone/container_utils.py @@ -1,10 +1,9 @@ import gzip -import json import logging import platform import shutil import subprocess -from typing import Dict, Tuple +from typing import List, Tuple from .util import get_resource_path, get_subprocess_startupinfo from . import errors @@ -72,36 +71,25 @@ def get_runtime() -> str: return runtime -def list_image_tags() -> Dict[str, str]: +def list_image_tags() -> List[str]: """Get the tags of all loaded Dangerzone images. This method returns a mapping of image tags to image IDs, for all Dangerzone images. This can be useful when we want to find which are the local image tags, and which image ID does the "latest" tag point to. """ - images = json.loads( - subprocess.check_output( - [ - get_runtime(), - "image", - "list", - "--format", - "json", - CONTAINER_NAME, - ], - text=True, - startupinfo=get_subprocess_startupinfo(), - ) - ) - - # Grab every image name and associate it with an image ID. - tags = {} - for image in images: - for name in image["Names"]: - tag = name.split(":")[1] - tags[tag] = image["Id"] - - return tags + return subprocess.check_output( + [ + get_runtime(), + "image", + "list", + "--format", + "{{ .Tag }}", + CONTAINER_NAME, + ], + text=True, + startupinfo=get_subprocess_startupinfo(), + ).strip().split() def delete_image_tag(tag: str) -> None: diff --git a/dangerzone/isolation_provider/container.py b/dangerzone/isolation_provider/container.py index 72da7ae..e757c4a 100644 --- a/dangerzone/isolation_provider/container.py +++ b/dangerzone/isolation_provider/container.py @@ -81,11 +81,9 @@ class Container(IsolationProvider): 1. Get the tags of any locally available images that match Dangerzone's image name. 2. Get the expected image tag from the image-id.txt file. - - If this tag is present in the local images, and that image is also tagged - as "latest", then we can return. + - If this tag is present in the local images, then we can return. - Else, prune the older container images and continue. 3. Load the image tarball and make sure it matches the expected tag. - 4. Tag that image as "latest", and mark the installation as finished. """ old_tags = container_utils.list_image_tags() expected_tag = container_utils.get_expected_tag() @@ -95,12 +93,8 @@ class Container(IsolationProvider): log.info( f"Could not find a Dangerzone container image with tag '{expected_tag}'" ) - for tag in old_tags.keys(): + for tag in old_tags: container_utils.delete_image_tag(tag) - elif old_tags[expected_tag] != old_tags.get("latest"): - log.info(f"The expected tag '{expected_tag}' is not the latest one") - container_utils.add_image_tag(expected_tag, "latest") - return True else: return True @@ -117,8 +111,6 @@ class Container(IsolationProvider): " container image tarball" ) - # Mark the expected tag as "latest". - container_utils.add_image_tag(expected_tag, "latest") return True @staticmethod @@ -179,13 +171,14 @@ class Container(IsolationProvider): enable_stdin = ["-i"] set_name = ["--name", name] prevent_leakage_args = ["--rm"] + image_name = [container_utils.CONTAINER_NAME + ":" + container_utils.get_expected_tag()] args = ( ["run"] + security_args + prevent_leakage_args + enable_stdin + set_name - + [container_utils.CONTAINER_NAME] + + image_name + command ) args = [container_runtime] + args diff --git a/dev_scripts/qa.py b/dev_scripts/qa.py index ebd6099..dfc352b 100755 --- a/dev_scripts/qa.py +++ b/dev_scripts/qa.py @@ -129,7 +129,6 @@ version. For example: ``` $ docker images dangerzone.rocks/dangerzone REPOSITORY TAG IMAGE ID CREATED SIZE -dangerzone.rocks/dangerzone latest dangerzone.rocks/dangerzone ``` @@ -141,7 +140,6 @@ and seeing the following differences: ``` $ docker images dangerzone.rocks/dangerzone REPOSITORY TAG IMAGE ID CREATED SIZE -dangerzone.rocks/dangerzone latest dangerzone.rocks/dangerzone ``` diff --git a/install/common/build-image.py b/install/common/build-image.py index dfa32b4..3e2ab71 100644 --- a/install/common/build-image.py +++ b/install/common/build-image.py @@ -83,11 +83,9 @@ def main(): check=True, ) - # Build the container image, and tag it with two tags; the one we calculated - # above, and the "latest" tag. + # Build the container image, and tag it with the calculated tag print("Building container image") cache_args = [] if args.use_cache else ["--no-cache"] - image_name_latest = IMAGE_NAME + ":latest" subprocess.run( [ args.runtime, @@ -101,8 +99,6 @@ def main(): "-f", "Dockerfile", "--tag", - image_name_latest, - "--tag", image_name_tagged, ], check=True, diff --git a/tests/isolation_provider/test_container.py b/tests/isolation_provider/test_container.py index 76a797c..15a393f 100644 --- a/tests/isolation_provider/test_container.py +++ b/tests/isolation_provider/test_container.py @@ -61,11 +61,10 @@ class TestContainer(IsolationProviderTest): "image", "list", "--format", - "json", + "{{ .Tag }}", "dangerzone.rocks/dangerzone", ], occurrences=2, - stdout="{}", ) # Make podman load fail @@ -95,11 +94,10 @@ class TestContainer(IsolationProviderTest): "image", "list", "--format", - "json", + "{{ .Tag }}", "dangerzone.rocks/dangerzone", ], occurrences=2, - stdout="{}", ) # Patch gzip.open and podman load so that it works