Merge 9810ae402b into c89988654c

2025-05-05 21:21:49 +02:00 · 2024-11-26 16:22:15 +00:00 · 2024-11-26 16:22:15 +00:00 · d108766691
commit d108766691
parent c89988654c 9810ae402b
3 changed files with 20 additions and 6 deletions
--- a/dangerzone/cli.py
+++ b/dangerzone/cli.py
@ -42,6 +42,11 @@ def print_header(s: str) -> None:
    type=click.UNPROCESSED,
    callback=args.validate_input_filenames,
 )
+@click.option(
+    "--debug",
+    "debug",
+    flag_value=True,
+    help="Run Dangerzone in debug mode, to get logs from gVisor.")
@click.version_option(version=get_version(), message="%(version)s")
@errors.handle_document_errors
 def cli_main(
@ -50,6 +55,7 @@ def cli_main(
    filenames: List[str],
    archive: bool,
    dummy_conversion: bool,
+    debug: bool,
 ) -> None:
    setup_logging()

@ -58,7 +64,7 @@ def cli_main(
    elif is_qubes_native_conversion():
        dangerzone = DangerzoneCore(Qubes())
    else:
-        dangerzone = DangerzoneCore(Container())
+        dangerzone = DangerzoneCore(Container(debug=debug))

    display_banner()
    if len(filenames) == 1 and output_filename:
--- a/dangerzone/isolation_provider/base.py
+++ b/dangerzone/isolation_provider/base.py
@ -6,7 +6,6 @@ import signal
 import subprocess
 import sys
 from abc import ABC, abstractmethod
-from pathlib import Path
 from typing import IO, Callable, Iterator, Optional

 import fitz
@ -87,12 +86,16 @@ class IsolationProvider(ABC):
    Abstracts an isolation provider
    """

-    def __init__(self) -> None:
-        if getattr(sys, "dangerzone_dev", False) is True:
+    def __init__(self, debug: bool = False) -> None:
+        self.debug = debug
+        if self.should_capture_stderr():
            self.proc_stderr = subprocess.PIPE
        else:
            self.proc_stderr = subprocess.DEVNULL

+    def should_capture_stderr(self) -> bool:
+        return self.debug or getattr(sys, "dangerzone_dev", False)
+
    @staticmethod
    def is_runtime_available() -> bool:
        return True
@ -339,9 +342,9 @@ class IsolationProvider(ABC):
            )

            # Read the stderr of the process only if:
-            # * Dev mode is enabled.
+            # * We're in debug mode
            # * The process has exited (else we risk hanging).
-            if getattr(sys, "dangerzone_dev", False) and p.poll() is not None:
+            if self.should_capture_stderr() and p.poll() is not None:
                assert p.stderr
                debug_log = read_debug_text(p.stderr, MAX_CONVERSION_LOG_CHARS)
                log.info(
--- a/dangerzone/isolation_provider/container.py
+++ b/dangerzone/isolation_provider/container.py
@ -299,12 +299,17 @@ class Container(IsolationProvider):
    ) -> subprocess.Popen:
        container_runtime = self.get_runtime()
        security_args = self.get_runtime_security_args()
+        debug_args = []
+        if self.debug:
+            debug_args += ["-e", "RUNSC_DEBUG=1"]
+
        enable_stdin = ["-i"]
        set_name = ["--name", name]
        prevent_leakage_args = ["--rm"]
        args = (
            ["run"]
            + security_args
+            + debug_args
            + prevent_leakage_args
            + enable_stdin
            + set_name