FIXUP: Remove unnecessary container function

fixup! ci: Work with image tarballs that are not tagged as 'latest'
FIXUP: Formatting
2025-05-07 14:01:49 +02:00 · 2024-12-09 19:19:22 +02:00 · 2024-12-09 19:19:22 +02:00 · 2024-12-09 19:19:22 +02:00 · 2024-12-09 19:19:22 +02:00 · 2024-12-09 19:19:22 +02:00
21 changed files with 571 additions and 458 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -74,6 +74,8 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

      - name: Get current date
        id: date
@ -83,7 +85,7 @@ jobs:
        id: cache-container-image
        uses: actions/cache@v4
        with:
-          key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
+          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
          path: |
            share/container.tar.gz
            share/image-id.txt
@ -95,6 +97,7 @@ jobs:
          python3 ./install/common/build-image.py
          echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
          gunzip -c share/container.tar.gz | podman load
+          tag=$(cat share/image-id.txt)
          podman push \
-                  dangerzone.rocks/dangerzone \
-                  ${{ env.IMAGE_REGISTRY }}/dangerzone/dangerzone
+                  dangerzone.rocks/dangerzone:$tag \
+                  ${{ env.IMAGE_REGISTRY }}/dangerzone/dangerzone:tag
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -48,6 +48,8 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

      - name: Get current date
        id: date
@ -57,7 +59,7 @@ jobs:
        id: cache-container-image
        uses: actions/cache@v4
        with:
-          key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
+          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
          path: |-
            share/container.tar.gz
            share/image-id.txt
@ -119,10 +121,14 @@ jobs:
          key: v1-tessdata-${{ hashFiles('./install/common/download-tessdata.py') }}
      - name: Run CLI tests
        run: poetry run make test
-      # Taken from: https://github.com/orgs/community/discussions/27149#discussioncomment-3254829
-      - name: Set path for candle and light
-        run: echo "C:\Program Files (x86)\WiX Toolset v3.14\bin" >> $GITHUB_PATH
-        shell: bash
+      - name: Set up .NET CLI environment
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "8.x"
+      - name: Install WiX Toolset
+        run: dotnet tool install --global wix
+      - name: Add WiX UI extension
+        run: wix extension add --global WixToolset.UI.wixext
      - name: Build the MSI installer
        # NOTE: This also builds the .exe internally.
        run: poetry run .\install\windows\build-app.bat
@ -221,7 +227,7 @@ jobs:
      - name: Restore container cache
        uses: actions/cache/restore@v4
        with:
-          key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
+          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
          path: |-
            share/container.tar.gz
            share/image-id.txt
@ -328,7 +334,7 @@ jobs:
      - name: Restore container image
        uses: actions/cache/restore@v4
        with:
-          key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
+          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
          path: |-
            share/container.tar.gz
            share/image-id.txt
@ -423,7 +429,7 @@ jobs:
      - name: Restore container image
        uses: actions/cache/restore@v4
        with:
-          key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
+          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
          path: |-
            share/container.tar.gz
            share/image-id.txt
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@ -14,17 +14,24 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
      - name: Install container build dependencies
        run: sudo apt install pipx && pipx install poetry
      - name: Build container image
        run: python3 ./install/common/build-image.py --runtime docker --no-save
+      - name: Get image tag
+        id: tag
+        run: |
+          tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
+          echo "tag=$tag" >> $GITHUB_OUTPUT
      # NOTE: Scan first without failing, else we won't be able to read the scan
      # report.
      - name: Scan container image (no fail)
        uses: anchore/scan-action@v5
        id: scan_container
        with:
-          image: "dangerzone.rocks/dangerzone:latest"
+          image: "dangerzone.rocks/dangerzone:${{ steps.tag.outputs.tag }}"
          fail-build: false
          only-fixed: false
          severity-cutoff: critical
@ -38,7 +45,7 @@ jobs:
      - name: Scan container image
        uses: anchore/scan-action@v5
        with:
-          image: "dangerzone.rocks/dangerzone:latest"
+          image: "dangerzone.rocks/dangerzone:${{ steps.tag.outputs.tag }}"
          fail-build: true
          only-fixed: false
          severity-cutoff: critical
--- a/.github/workflows/scan_released.yml
+++ b/.github/workflows/scan_released.yml
@ -24,13 +24,18 @@ jobs:
          CONTAINER_FILENAME=container-${VERSION:1}-${{ matrix.arch }}.tar.gz
          wget https://github.com/freedomofpress/dangerzone/releases/download/${VERSION}/${CONTAINER_FILENAME} -O ${CONTAINER_FILENAME}
          docker load -i ${CONTAINER_FILENAME}
+      - name: Get image tag
+        id: tag
+        run: |
+          tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
+          echo "tag=$tag" >> $GITHUB_OUTPUT
      # NOTE: Scan first without failing, else we won't be able to read the scan
      # report.
      - name: Scan container image (no fail)
        uses: anchore/scan-action@v5
        id: scan_container
        with:
-          image: "dangerzone.rocks/dangerzone:latest"
+          image: "dangerzone.rocks/dangerzone:${{ steps.tag.outputs.tag }}"
          fail-build: false
          only-fixed: false
          severity-cutoff: critical
@ -44,7 +49,7 @@ jobs:
      - name: Scan container image
        uses: anchore/scan-action@v5
        with:
-          image: "dangerzone.rocks/dangerzone:latest"
+          image: "dangerzone.rocks/dangerzone:${{ steps.tag.outputs.tag }}"
          fail-build: true
          only-fixed: false
          severity-cutoff: critical
--- a/BUILD.md
+++ b/BUILD.md
@ -471,11 +471,24 @@ poetry shell
 .\dev_scripts\dangerzone.bat
 ```

-### If you want to build the installer
+### If you want to build the Windows installer

-* Go to https://dotnet.microsoft.com/download/dotnet-framework and download and install .NET Framework 3.5 SP1 Runtime. I downloaded `dotnetfx35.exe`.
-* Go to https://wixtoolset.org/releases/ and download and install WiX toolset. I downloaded `wix314.exe`.
-* Add `C:\Program Files (x86)\WiX Toolset v3.14\bin` to the path ([instructions](https://web.archive.org/web/20230221104142/https://windowsloop.com/how-to-add-to-windows-path/)).
+Install [.NET SDK](https://dotnet.microsoft.com/en-us/download) version 6 or later. Then, open a terminal and install the latest version of [WiX Toolset .NET tool](https://wixtoolset.org/) **v5** with:
+
+```sh
+dotnet tool install --global wix --version 5.*
+```
+
+Install the WiX UI extension. You may need to open a new terminal in order to use the newly installed `wix` .NET tool:
+
+```sh
+wix extension add --global WixToolset.UI.wixext/5.x.y
+```
+
+> [!IMPORTANT]  
+> To avoid compatibility issues, ensure the WiX UI extension version matches the version of the WiX Toolset.
+> 
+> Run `wix --version` to check the version of WiX Toolset you have installed and replace `5.x.y` with the full version number without the Git revision.

 ### If you want to sign binaries with Authenticode

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,11 @@ since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.or

 - Platform support: Drop support for Fedora 39, since it's end-of-life ([#999](https://github.com/freedomofpress/dangerzone/pull/999))

+### Development changes
+
+- Build Dangerzone MSI with Wix Toolset 5 ([#929](https://github.com/freedomofpress/dangerzone/pull/929)).
+  Thanks [@jkarasti](https://github.com/jkarasti) for the contribution.
+
 ## [0.8.0](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...0.7.1)

 ### Added
--- a/QA.md
+++ b/QA.md
@ -107,9 +107,9 @@ Close the Dangerzone application and get the container image for that
 version. For example:

 ```
-$ docker images dangerzone.rocks/dangerzone:latest
+$ docker images dangerzone.rocks/dangerzone
 REPOSITORY                   TAG         IMAGE ID      CREATED       SIZE
-dangerzone.rocks/dangerzone  latest      <image ID>    <date>        <size>
+dangerzone.rocks/dangerzone  <tag>       <image ID>    <date>        <size>
 ```

 Then run the version under QA and ensure that the settings remain changed.
@ -118,9 +118,9 @@ Afterwards check that new docker image was installed by running the same command
 and seeing the following differences:

 ```
-$ docker images dangerzone.rocks/dangerzone:latest
+$ docker images dangerzone.rocks/dangerzone
 REPOSITORY                   TAG         IMAGE ID        CREATED       SIZE
-dangerzone.rocks/dangerzone  latest      <different ID>  <newer date>  <different size>
+dangerzone.rocks/dangerzone  <other tag> <different ID>  <newer date>  <different size>
 ```

 #### 4. Dangerzone successfully installs the container image
--- a/RELEASE.md
+++ b/RELEASE.md
@ -142,8 +142,6 @@ Here is what you need to do:
  poetry run ./install/macos/build-app.py
  ```

- [ ] Make sure that the build application works with the containerd graph
-  driver (see [#933](https://github.com/freedomofpress/dangerzone/issues/933))
 - [ ] Sign the application bundle, and notarize it

  You need to run this command as the account that has access to the code signing certificate
@ -212,9 +210,6 @@ The Windows release is performed in a Windows 11 virtual machine (as opposed to
 - [ ] Copy the container image into the VM
  > [!IMPORTANT]
  > Instead of running `python .\install\windows\build-image.py` in the VM, run the build image script on the host (making sure to build for `linux/amd64`). Copy `share/container.tar.gz` and `share/image-id.txt` from the host into the `share` folder in the VM.
-  > Also, don't forget to add the supplementary image ID (see
-  > [#933](https://github.com/freedomofpress/dangerzone/issues/933)) in
-  > `share/image-id.txt`)
 - [ ] Run `poetry run .\install\windows\build-app.bat`
 - [ ] When you're done you will have `dist\Dangerzone.msi`

--- a/dangerzone/container_utils.py
+++ b/dangerzone/container_utils.py
@ -0,0 +1,149 @@
+import gzip
+import logging
+import platform
+import shutil
+import subprocess
+from typing import List, Tuple
+
+from . import errors
+from .util import get_resource_path, get_subprocess_startupinfo
+
+CONTAINER_NAME = "dangerzone.rocks/dangerzone"
+
+log = logging.getLogger(__name__)
+
+
+def get_runtime_name() -> str:
+    if platform.system() == "Linux":
+        runtime_name = "podman"
+    else:
+        # Windows, Darwin, and unknown use docker for now, dangerzone-vm eventually
+        runtime_name = "docker"
+    return runtime_name
+
+
+def get_runtime_version() -> Tuple[int, int]:
+    """Get the major/minor parts of the Docker/Podman version.
+
+    Some of the operations we perform in this module rely on some Podman features
+    that are not available across all of our platforms. In order to have a proper
+    fallback, we need to know the Podman version. More specifically, we're fine with
+    just knowing the major and minor version, since writing/installing a full-blown
+    semver parser is an overkill.
+    """
+    # Get the Docker/Podman version, using a Go template.
+    runtime = get_runtime_name()
+    if runtime == "podman":
+        query = "{{.Client.Version}}"
+    else:
+        query = "{{.Server.Version}}"
+
+    cmd = [runtime, "version", "-f", query]
+    try:
+        version = subprocess.run(
+            cmd,
+            startupinfo=get_subprocess_startupinfo(),
+            capture_output=True,
+            check=True,
+        ).stdout.decode()
+    except Exception as e:
+        msg = f"Could not get the version of the {runtime.capitalize()} tool: {e}"
+        raise RuntimeError(msg) from e
+
+    # Parse this version and return the major/minor parts, since we don't need the
+    # rest.
+    try:
+        major, minor, _ = version.split(".", 3)
+        return (int(major), int(minor))
+    except Exception as e:
+        msg = (
+            f"Could not parse the version of the {runtime.capitalize()} tool"
+            f" (found: '{version}') due to the following error: {e}"
+        )
+        raise RuntimeError(msg)
+
+
+def get_runtime() -> str:
+    container_tech = get_runtime_name()
+    runtime = shutil.which(container_tech)
+    if runtime is None:
+        raise errors.NoContainerTechException(container_tech)
+    return runtime
+
+
+def list_image_tags() -> List[str]:
+    """Get the tags of all loaded Dangerzone images.
+
+    This method returns a mapping of image tags to image IDs, for all Dangerzone
+    images. This can be useful when we want to find which are the local image tags,
+    and which image ID does the "latest" tag point to.
+    """
+    return (
+        subprocess.check_output(
+            [
+                get_runtime(),
+                "image",
+                "list",
+                "--format",
+                "{{ .Tag }}",
+                CONTAINER_NAME,
+            ],
+            text=True,
+            startupinfo=get_subprocess_startupinfo(),
+        )
+        .strip()
+        .split()
+    )
+
+
+def delete_image_tag(tag: str) -> None:
+    """Delete a Dangerzone image tag."""
+    name = CONTAINER_NAME + ":" + tag
+    log.warning(f"Deleting old container image: {name}")
+    try:
+        subprocess.check_output(
+            [get_runtime(), "rmi", "--force", name],
+            startupinfo=get_subprocess_startupinfo(),
+        )
+    except Exception as e:
+        log.warning(
+            f"Couldn't delete old container image '{name}', so leaving it there."
+            f" Original error: {e}"
+        )
+
+
+def get_expected_tag() -> str:
+    """Get the tag of the Dangerzone image tarball from the image-id.txt file."""
+    with open(get_resource_path("image-id.txt")) as f:
+        return f.read().strip()
+
+
+def load_image_tarball() -> None:
+    log.info("Installing Dangerzone container image...")
+    p = subprocess.Popen(
+        [get_runtime(), "load"],
+        stdin=subprocess.PIPE,
+        startupinfo=get_subprocess_startupinfo(),
+    )
+
+    chunk_size = 4 << 20
+    compressed_container_path = get_resource_path("container.tar.gz")
+    with gzip.open(compressed_container_path) as f:
+        while True:
+            chunk = f.read(chunk_size)
+            if len(chunk) > 0:
+                if p.stdin:
+                    p.stdin.write(chunk)
+            else:
+                break
+    _, err = p.communicate()
+    if p.returncode < 0:
+        if err:
+            error = err.decode()
+        else:
+            error = "No output"
+        raise errors.ImageInstallationException(
+            f"Could not install container image: {error}"
+        )
+
+    log.info("Successfully installed container image from")
--- a/dangerzone/errors.py
+++ b/dangerzone/errors.py
@ -117,3 +117,26 @@ def handle_document_errors(func: F) -> F:
            sys.exit(1)

    return cast(F, wrapper)
+
+
+#### Container-related errors
+
+
+class ImageNotPresentException(Exception):
+    pass
+
+
+class ImageInstallationException(Exception):
+    pass
+
+
+class NoContainerTechException(Exception):
+    def __init__(self, container_tech: str) -> None:
+        super().__init__(f"{container_tech} is not installed")
+
+
+class NotAvailableContainerTechException(Exception):
+    def __init__(self, container_tech: str, error: str) -> None:
+        self.error = error
+        self.container_tech = container_tech
+        super().__init__(f"{container_tech} is not available")
--- a/dangerzone/gui/main_window.py
+++ b/dangerzone/gui/main_window.py
@ -25,13 +25,7 @@ else:

 from .. import errors
 from ..document import SAFE_EXTENSION, Document
-from ..isolation_provider.container import (
-    Container,
-    NoContainerTechException,
-    NotAvailableContainerTechException,
-)
-from ..isolation_provider.dummy import Dummy
-from ..isolation_provider.qubes import Qubes, is_qubes_native_conversion
+from ..isolation_provider.qubes import is_qubes_native_conversion
 from ..util import format_exception, get_resource_path, get_version
 from .logic import Alert, CollapsibleBox, DangerzoneGui, UpdateDialog
 from .updater import UpdateReport
@ -197,14 +191,11 @@ class MainWindow(QtWidgets.QMainWindow):
        header_layout.addWidget(self.hamburger_button)
        header_layout.addSpacing(15)

-        if isinstance(self.dangerzone.isolation_provider, Container):
+        if self.dangerzone.isolation_provider.should_wait_install():
            # Waiting widget replaces content widget while container runtime isn't available
            self.waiting_widget: WaitingWidget = WaitingWidgetContainer(self.dangerzone)
            self.waiting_widget.finished.connect(self.waiting_finished)
-
-        elif isinstance(self.dangerzone.isolation_provider, Dummy) or isinstance(
-            self.dangerzone.isolation_provider, Qubes
-        ):
+        else:
            # Don't wait with dummy converter and on Qubes.
            self.waiting_widget = WaitingWidget()
            self.dangerzone.is_waiting_finished = True
@ -500,11 +491,11 @@ class WaitingWidgetContainer(WaitingWidget):
        error: Optional[str] = None

        try:
-            self.dangerzone.isolation_provider.is_runtime_available()
-        except NoContainerTechException as e:
+            self.dangerzone.isolation_provider.is_available()
+        except errors.NoContainerTechException as e:
            log.error(str(e))
            state = "not_installed"
-        except NotAvailableContainerTechException as e:
+        except errors.NotAvailableContainerTechException as e:
            log.error(str(e))
            state = "not_running"
            error = e.error
--- a/dangerzone/isolation_provider/base.py
+++ b/dangerzone/isolation_provider/base.py
@ -93,10 +93,6 @@ class IsolationProvider(ABC):
        else:
            self.proc_stderr = subprocess.DEVNULL

-    @staticmethod
-    def is_runtime_available() -> bool:
-        return True
-
    @abstractmethod
    def install(self) -> bool:
        pass
@ -258,6 +254,16 @@ class IsolationProvider(ABC):
            )
        return errors.exception_from_error_code(error_code)

+    @abstractmethod
+    def should_wait_install(self) -> bool:
+        """Whether this isolation provider takes a lot of time to install."""
+        pass
+
+    @abstractmethod
+    def is_available(self) -> bool:
+        """Whether the backing implementation of the isolation provider is available."""
+        pass
+
    @abstractmethod
    def get_max_parallel_conversions(self) -> int:
        pass
--- a/dangerzone/isolation_provider/container.py
+++ b/dangerzone/isolation_provider/container.py
@ -1,12 +1,11 @@
-import gzip
 import logging
 import os
 import platform
 import shlex
-import shutil
 import subprocess
-from typing import List, Tuple
+from typing import List

+from .. import container_utils, errors
 from ..document import Document
 from ..util import get_resource_path, get_subprocess_startupinfo
 from .base import IsolationProvider, terminate_process_group
@ -25,88 +24,8 @@ else:
 log = logging.getLogger(__name__)


-class NoContainerTechException(Exception):
-    def __init__(self, container_tech: str) -> None:
-        super().__init__(f"{container_tech} is not installed")
-
-
-class NotAvailableContainerTechException(Exception):
-    def __init__(self, container_tech: str, error: str) -> None:
-        self.error = error
-        self.container_tech = container_tech
-        super().__init__(f"{container_tech} is not available")
-
-
-class ImageNotPresentException(Exception):
-    pass
-
-
-class ImageInstallationException(Exception):
-    pass
-
-
 class Container(IsolationProvider):
    # Name of the dangerzone container
-    CONTAINER_NAME = "dangerzone.rocks/dangerzone"
-
-    @staticmethod
-    def get_runtime_name() -> str:
-        if platform.system() == "Linux":
-            runtime_name = "podman"
-        else:
-            # Windows, Darwin, and unknown use docker for now, dangerzone-vm eventually
-            runtime_name = "docker"
-        return runtime_name
-
-    @staticmethod
-    def get_runtime_version() -> Tuple[int, int]:
-        """Get the major/minor parts of the Docker/Podman version.
-
-        Some of the operations we perform in this module rely on some Podman features
-        that are not available across all of our platforms. In order to have a proper
-        fallback, we need to know the Podman version. More specifically, we're fine with
-        just knowing the major and minor version, since writing/installing a full-blown
-        semver parser is an overkill.
-        """
-        # Get the Docker/Podman version, using a Go template.
-        runtime = Container.get_runtime_name()
-        if runtime == "podman":
-            query = "{{.Client.Version}}"
-        else:
-            query = "{{.Server.Version}}"
-
-        cmd = [runtime, "version", "-f", query]
-        try:
-            version = subprocess.run(
-                cmd,
-                startupinfo=get_subprocess_startupinfo(),
-                capture_output=True,
-                check=True,
-            ).stdout.decode()
-        except Exception as e:
-            msg = f"Could not get the version of the {runtime.capitalize()} tool: {e}"
-            raise RuntimeError(msg) from e
-
-        # Parse this version and return the major/minor parts, since we don't need the
-        # rest.
-        try:
-            major, minor, _ = version.split(".", 3)
-            return (int(major), int(minor))
-        except Exception as e:
-            msg = (
-                f"Could not parse the version of the {runtime.capitalize()} tool"
-                f" (found: '{version}') due to the following error: {e}"
-            )
-            raise RuntimeError(msg)
-
-    @staticmethod
-    def get_runtime() -> str:
-        container_tech = Container.get_runtime_name()
-        runtime = shutil.which(container_tech)
-        if runtime is None:
-            raise NoContainerTechException(container_tech)
-        return runtime
-
    @staticmethod
    def get_runtime_security_args() -> List[str]:
        """Security options applicable to the outer Dangerzone container.
@ -127,12 +46,12 @@ class Container(IsolationProvider):
        * Do not log the container's output.
        * Do not map the host user to the container, with `--userns nomap` (available
          from Podman 4.1 onwards)
-          - This particular argument is specified in `start_doc_to_pixels_proc()`, but
-            should move here once #748 is merged.
        """
-        if Container.get_runtime_name() == "podman":
+        if container_utils.get_runtime_name() == "podman":
            security_args = ["--log-driver", "none"]
            security_args += ["--security-opt", "no-new-privileges"]
+            if container_utils.get_runtime_version() >= (4, 1):
+                security_args += ["--userns", "nomap"]
        else:
            security_args = ["--security-opt=no-new-privileges:true"]

@ -156,51 +75,52 @@ class Container(IsolationProvider):

    @staticmethod
    def install() -> bool:
+        """Install the container image tarball, or verify that it's already installed.
+
+        Perform the following actions:
+        1. Get the tags of any locally available images that match Dangerzone's image
+           name.
+        2. Get the expected image tag from the image-id.txt file.
+           - If this tag is present in the local images, then we can return.
+           - Else, prune the older container images and continue.
+        3. Load the image tarball and make sure it matches the expected tag.
        """
-        Make sure the podman container is installed. Linux only.
-        """
-        if Container.is_container_installed():
+        old_tags = container_utils.list_image_tags()
+        expected_tag = container_utils.get_expected_tag()
+
+        if expected_tag not in old_tags:
+            # Prune older container images.
+            log.info(
+                f"Could not find a Dangerzone container image with tag '{expected_tag}'"
+            )
+            for tag in old_tags:
+                container_utils.delete_image_tag(tag)
+        else:
            return True

-        # Load the container into podman
-        log.info("Installing Dangerzone container image...")
+        # Load the image tarball into the container runtime.
+        container_utils.load_image_tarball()

-        p = subprocess.Popen(
-            [Container.get_runtime(), "load"],
-            stdin=subprocess.PIPE,
-            startupinfo=get_subprocess_startupinfo(),
-        )
-
-        chunk_size = 4 << 20
-        compressed_container_path = get_resource_path("container.tar.gz")
-        with gzip.open(compressed_container_path) as f:
-            while True:
-                chunk = f.read(chunk_size)
-                if len(chunk) > 0:
-                    if p.stdin:
-                        p.stdin.write(chunk)
-                else:
-                    break
-        _, err = p.communicate()
-        if p.returncode < 0:
-            if err:
-                error = err.decode()
-            else:
-                error = "No output"
-            raise ImageInstallationException(
-                f"Could not install container image: {error}"
+        # Check that the container image has the expected image tag.
+        # See https://github.com/freedomofpress/dangerzone/issues/988 for an example
+        # where this was not the case.
+        new_tags = container_utils.list_image_tags()
+        if expected_tag not in new_tags:
+            raise errors.ImageNotPresentException(
+                f"Could not find expected tag '{expected_tag}' after loading the"
+                " container image tarball"
            )

-        if not Container.is_container_installed(raise_on_error=True):
-            return False
-
-        log.info("Container image installed")
        return True

    @staticmethod
-    def is_runtime_available() -> bool:
-        container_runtime = Container.get_runtime()
-        runtime_name = Container.get_runtime_name()
+    def should_wait_install() -> bool:
+        return True
+
+    @staticmethod
+    def is_available() -> bool:
+        container_runtime = container_utils.get_runtime()
+        runtime_name = container_utils.get_runtime_name()
        # Can we run `docker/podman image ls` without an error
        with subprocess.Popen(
            [container_runtime, "image", "ls"],
@ -210,61 +130,11 @@ class Container(IsolationProvider):
        ) as p:
            _, stderr = p.communicate()
            if p.returncode != 0:
-                raise NotAvailableContainerTechException(runtime_name, stderr.decode())
+                raise errors.NotAvailableContainerTechException(
+                    runtime_name, stderr.decode()
+                )
            return True

-    @staticmethod
-    def is_container_installed(raise_on_error: bool = False) -> bool:
-        """
-        See if the container is installed.
-        """
-        # Get the image id
-        with open(get_resource_path("image-id.txt")) as f:
-            expected_image_ids = f.read().strip().split()
-
-        # See if this image is already installed
-        installed = False
-        found_image_id = subprocess.check_output(
-            [
-                Container.get_runtime(),
-                "image",
-                "list",
-                "--format",
-                "{{.ID}}",
-                Container.CONTAINER_NAME,
-            ],
-            text=True,
-            startupinfo=get_subprocess_startupinfo(),
-        )
-        found_image_id = found_image_id.strip()
-
-        if found_image_id in expected_image_ids:
-            installed = True
-        elif found_image_id == "":
-            if raise_on_error:
-                raise ImageNotPresentException(
-                    "Image is not listed after installation. Bailing out."
-                )
-        else:
-            msg = (
-                f"{Container.CONTAINER_NAME} images found, but IDs do not match."
-                f" Found: {found_image_id}, Expected: {','.join(expected_image_ids)}"
-            )
-            if raise_on_error:
-                raise ImageNotPresentException(msg)
-            log.info(msg)
-            log.info("Deleting old dangerzone container image")
-
-            try:
-                subprocess.check_output(
-                    [Container.get_runtime(), "rmi", "--force", found_image_id],
-                    startupinfo=get_subprocess_startupinfo(),
-                )
-            except Exception:
-                log.warning("Couldn't delete old container image, so leaving it there")
-
-        return installed
-
    def doc_to_pixels_container_name(self, document: Document) -> str:
        """Unique container name for the doc-to-pixels phase."""
        return f"dangerzone-doc-to-pixels-{document.id}"
@ -295,21 +165,22 @@ class Container(IsolationProvider):
        self,
        command: List[str],
        name: str,
-        extra_args: List[str] = [],
    ) -> subprocess.Popen:
-        container_runtime = self.get_runtime()
+        container_runtime = container_utils.get_runtime()
        security_args = self.get_runtime_security_args()
        enable_stdin = ["-i"]
        set_name = ["--name", name]
        prevent_leakage_args = ["--rm"]
+        image_name = [
+            container_utils.CONTAINER_NAME + ":" + container_utils.get_expected_tag()
+        ]
        args = (
            ["run"]
            + security_args
            + prevent_leakage_args
            + enable_stdin
            + set_name
-            + extra_args
-            + [self.CONTAINER_NAME]
+            + image_name
            + command
        )
        args = [container_runtime] + args
@ -325,7 +196,7 @@ class Container(IsolationProvider):
        connected to the Docker daemon, and killing it will just close the associated
        standard streams.
        """
-        container_runtime = self.get_runtime()
+        container_runtime = container_utils.get_runtime()
        cmd = [container_runtime, "kill", name]
        try:
            # We do not check the exit code of the process here, since the container may
@ -358,15 +229,8 @@ class Container(IsolationProvider):
            "-m",
            "dangerzone.conversion.doc_to_pixels",
        ]
-        # NOTE: Using `--userns nomap` is available only on Podman >= 4.1.0.
-        # XXX: Move this under `get_runtime_security_args()` once #748 is merged.
-        extra_args = []
-        if Container.get_runtime_name() == "podman":
-            if Container.get_runtime_version() >= (4, 1):
-                extra_args += ["--userns", "nomap"]
-
        name = self.doc_to_pixels_container_name(document)
-        return self.exec_container(command, name=name, extra_args=extra_args)
+        return self.exec_container(command, name=name)

    def terminate_doc_to_pixels_proc(
        self, document: Document, p: subprocess.Popen
@ -389,7 +253,7 @@ class Container(IsolationProvider):
        # after a podman kill / docker kill invocation, this will likely be the case,
        # else the container runtime (Docker/Podman) has experienced a problem, and we
        # should report it.
-        container_runtime = self.get_runtime()
+        container_runtime = container_utils.get_runtime()
        name = self.doc_to_pixels_container_name(document)
        all_containers = subprocess.run(
            [container_runtime, "ps", "-a"],
@ -411,11 +275,11 @@ class Container(IsolationProvider):
            if cpu_count is not None:
                n_cpu = cpu_count

-        elif self.get_runtime_name() == "docker":
+        elif container_utils.get_runtime_name() == "docker":
            # For Windows and MacOS containers run in VM
            # So we obtain the CPU count for the VM
            n_cpu_str = subprocess.check_output(
-                [self.get_runtime(), "info", "--format", "{{.NCPU}}"],
+                [container_utils.get_runtime(), "info", "--format", "{{.NCPU}}"],
                text=True,
                startupinfo=get_subprocess_startupinfo(),
            )
--- a/dangerzone/isolation_provider/dummy.py
+++ b/dangerzone/isolation_provider/dummy.py
@ -39,6 +39,14 @@ class Dummy(IsolationProvider):
    def install(self) -> bool:
        return True

+    @staticmethod
+    def is_available() -> bool:
+        return True
+
+    @staticmethod
+    def should_wait_install() -> bool:
+        return False
+
    def start_doc_to_pixels_proc(self, document: Document) -> subprocess.Popen:
        cmd = [
            sys.executable,
--- a/dangerzone/isolation_provider/qubes.py
+++ b/dangerzone/isolation_provider/qubes.py
@ -21,6 +21,14 @@ class Qubes(IsolationProvider):
    def install(self) -> bool:
        return True

+    @staticmethod
+    def is_available() -> bool:
+        return True
+
+    @staticmethod
+    def should_wait_install() -> bool:
+        return False
+
    def get_max_parallel_conversions(self) -> int:
        return 1

--- a/dev_scripts/qa.py
+++ b/dev_scripts/qa.py
@ -127,9 +127,9 @@ Close the Dangerzone application and get the container image for that
 version. For example:

 ```
-$ docker images dangerzone.rocks/dangerzone:latest
+$ docker images dangerzone.rocks/dangerzone
 REPOSITORY                   TAG         IMAGE ID      CREATED       SIZE
-dangerzone.rocks/dangerzone  latest      <image ID>    <date>        <size>
+dangerzone.rocks/dangerzone  <tag>       <image ID>    <date>        <size>
 ```

 Then run the version under QA and ensure that the settings remain changed.
@ -138,9 +138,9 @@ Afterwards check that new docker image was installed by running the same command
 and seeing the following differences:

 ```
-$ docker images dangerzone.rocks/dangerzone:latest
+$ docker images dangerzone.rocks/dangerzone
 REPOSITORY                   TAG         IMAGE ID        CREATED       SIZE
-dangerzone.rocks/dangerzone  latest      <different ID>  <newer date>  <different size>
+dangerzone.rocks/dangerzone  <other tag> <different ID>  <newer date>  <different size>
 ```

 #### 4. Dangerzone successfully installs the container image
--- a/install/common/build-image.py
+++ b/install/common/build-image.py
@ -2,12 +2,13 @@ import argparse
 import gzip
 import os
 import platform
+import secrets
 import subprocess
 import sys
 from pathlib import Path

 BUILD_CONTEXT = "dangerzone/"
-TAG = "dangerzone.rocks/dangerzone:latest"
+IMAGE_NAME = "dangerzone.rocks/dangerzone"
 REQUIREMENTS_TXT = "container-pip-requirements.txt"
 if platform.system() in ["Darwin", "Windows"]:
    CONTAINER_RUNTIME = "docker"
@ -44,8 +45,31 @@ def main():
    )
    args = parser.parse_args()

+    tarball_path = Path("share") / "container.tar.gz"
+    image_id_path = Path("share") / "image-id.txt"
+
    print(f"Building for architecture '{ARCH}'")

+    # Designate a unique tag for this image, depending on the Git commit it was created
+    # from:
+    # 1. If created from a Git tag (e.g., 0.8.0), the image tag will be `0.8.0`.
+    # 2. If created from a commit, it will be something like `0.8.0-31-g6bdaa7a`.
+    # 3. If the contents of the Git repo are dirty, we will append a unique identifier
+    #    for this run, something like `0.8.0-31-g6bdaa7a-fdcb` or `0.8.0-fdcb`.
+    dirty_ident = secrets.token_hex(2)
+    tag = (
+        subprocess.check_output(
+            ["git", "describe", "--long", "--first-parent", f"--dirty=-{dirty_ident}"],
+        )
+        .decode()
+        .strip()[1:]  # remove the "v" prefix of the tag.
+    )
+    image_name_tagged = IMAGE_NAME + ":" + tag
+
+    print(f"Will tag the container image as '{image_name_tagged}'")
+    with open(image_id_path, "w") as f:
+        f.write(tag)
+
    print("Exporting container pip dependencies")
    with ContainerPipDependencies():
        if not args.use_cache:
@ -59,6 +83,7 @@ def main():
                check=True,
            )

+        # Build the container image, and tag it with the calculated tag
        print("Building container image")
        cache_args = [] if args.use_cache else ["--no-cache"]
        subprocess.run(
@ -74,7 +99,7 @@ def main():
                "-f",
                "Dockerfile",
                "--tag",
-                TAG,
+                image_name_tagged,
            ],
            check=True,
        )
@ -85,7 +110,7 @@ def main():
                [
                    CONTAINER_RUNTIME,
                    "save",
-                    TAG,
+                    image_name_tagged,
                ],
                stdout=subprocess.PIPE,
            )
@ -93,7 +118,7 @@ def main():
            print("Compressing container image")
            chunk_size = 4 << 20
            with gzip.open(
-                "share/container.tar.gz",
+                tarball_path,
                "wb",
                compresslevel=args.compress_level,
            ) as gzip_f:
@ -105,21 +130,6 @@ def main():
                        break
            cmd.wait(5)

-    print("Looking up the image id")
-    image_id = subprocess.check_output(
-        [
-            args.runtime,
-            "image",
-            "list",
-            "--format",
-            "{{.ID}}",
-            TAG,
-        ],
-        text=True,
-    )
-    with open("share/image-id.txt", "w") as f:
-        f.write(image_id)
-

 class ContainerPipDependencies:
    """Generates PIP dependencies within container"""
--- a/install/windows/build-app.bat
+++ b/install/windows/build-app.bat
@ -17,22 +17,23 @@ signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd
 REM verify the signature of dangerzone-cli.exe
 signtool.exe verify /pa build\exe.win-amd64-3.12\dangerzone-cli.exe

-REM build the wix file
-python install\windows\build-wxs.py > build\Dangerzone.wxs
+REM build the wxs file
+python install\windows\build-wxs.py

 REM build the msi package
 cd build
-candle.exe Dangerzone.wxs
-light.exe -ext WixUIExtension Dangerzone.wixobj
+wix build -arch x64 -ext WixToolset.UI.wixext .\Dangerzone.wxs -out Dangerzone.msi
+
+REM validate Dangerzone.msi
+wix msi validate Dangerzone.msi

 REM code sign Dangerzone.msi
-insignia.exe -im Dangerzone.msi
 signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ Dangerzone.msi

 REM verify the signature of Dangerzone.msi
 signtool.exe verify /pa Dangerzone.msi

-REM moving Dangerzone.msi to dist
+REM move Dangerzone.msi to dist
 cd ..
 mkdir dist
 move build\Dangerzone.msi dist
--- a/install/windows/build-wxs.py
+++ b/install/windows/build-wxs.py
@ -4,114 +4,75 @@ import uuid
 import xml.etree.ElementTree as ET


-def build_data(dirname, dir_prefix, id_, name):
+def build_data(base_path, path_prefix, dir_id, dir_name):
    data = {
-        "id": id_,
-        "name": name,
+        "directory_name": dir_name,
+        "directory_id": dir_id,
        "files": [],
        "dirs": [],
    }

-    for basename in os.listdir(dirname):
-        filename = os.path.join(dirname, basename)
-        if os.path.isfile(filename):
-            data["files"].append(os.path.join(dir_prefix, basename))
-        elif os.path.isdir(filename):
-            if id_ == "INSTALLDIR":
-                id_prefix = "Folder"
+    if dir_id == "INSTALLFOLDER":
+        data["component_id"] = "ApplicationFiles"
+    else:
+        data["component_id"] = "Component" + dir_id
+    data["component_guid"] = str(uuid.uuid4()).upper()
+
+    for entry in os.listdir(base_path):
+        entry_path = os.path.join(base_path, entry)
+        if os.path.isfile(entry_path):
+            data["files"].append(os.path.join(path_prefix, entry))
+        elif os.path.isdir(entry_path):
+            if dir_id == "INSTALLFOLDER":
+                next_dir_prefix = "Folder"
            else:
-                id_prefix = id_
+                next_dir_prefix = dir_id

            # Skip lib/PySide6/examples folder due to ilegal file names
-            if "\\build\\exe.win-amd64-3.12\\lib\\PySide6\\examples" in dirname:
+            if "\\build\\exe.win-amd64-3.12\\lib\\PySide6\\examples" in base_path:
                continue

            # Skip lib/PySide6/qml/QtQuick folder due to ilegal file names
            # XXX Since we're not using Qml it should be no problem
-            if "\\build\\exe.win-amd64-3.12\\lib\\PySide6\\qml\\QtQuick" in dirname:
+            if "\\build\\exe.win-amd64-3.12\\lib\\PySide6\\qml\\QtQuick" in base_path:
                continue

-            id_value = f"{id_prefix}{basename.capitalize().replace('-', '_')}"
-            data["dirs"].append(
-                build_data(
-                    os.path.join(dirname, basename),
-                    os.path.join(dir_prefix, basename),
-                    id_value,
-                    basename,
-                )
+            next_dir_id = next_dir_prefix + entry.capitalize().replace("-", "_")
+            subdata = build_data(
+                os.path.join(base_path, entry),
+                os.path.join(path_prefix, entry),
+                next_dir_id,
+                entry,
            )

-    if len(data["files"]) > 0:
-        if id_ == "INSTALLDIR":
-            data["component_id"] = "ApplicationFiles"
-        else:
-            data["component_id"] = "FolderComponent" + id_[len("Folder") :]
-        data["component_guid"] = str(uuid.uuid4())
+            # Add the subdirectory only if it contains files or subdirectories
+            if subdata["files"] or subdata["dirs"]:
+                data["dirs"].append(subdata)

    return data


-def build_dir_xml(root, data):
+def build_directory_xml(root, data):
    attrs = {}
-    if "id" in data:
-        attrs["Id"] = data["id"]
-    if "name" in data:
-        attrs["Name"] = data["name"]
-    el = ET.SubElement(root, "Directory", attrs)
+    attrs["Id"] = data["directory_id"]
+    attrs["Name"] = data["directory_name"]
+    directory_el = ET.SubElement(root, "Directory", attrs)
    for subdata in data["dirs"]:
-        build_dir_xml(el, subdata)
-
-    # If this is the ProgramMenuFolder, add the menu component
-    if "id" in data and data["id"] == "ProgramMenuFolder":
-        component_el = ET.SubElement(
-            el,
-            "Component",
-            Id="ApplicationShortcuts",
-            Guid="539e7de8-a124-4c09-aa55-0dd516aad7bc",
-        )
-        ET.SubElement(
-            component_el,
-            "Shortcut",
-            Id="ApplicationShortcut1",
-            Name="Dangerzone",
-            Description="Dangerzone",
-            Target="[INSTALLDIR]dangerzone.exe",
-            WorkingDirectory="INSTALLDIR",
-        )
-        ET.SubElement(
-            component_el,
-            "RegistryValue",
-            Root="HKCU",
-            Key="Software\Freedom of the Press Foundation\Dangerzone",
-            Name="installed",
-            Type="integer",
-            Value="1",
-            KeyPath="yes",
-        )
+        build_directory_xml(directory_el, subdata)


 def build_components_xml(root, data):
-    component_ids = []
-    if "component_id" in data:
-        component_ids.append(data["component_id"])
-
+    component_el = ET.SubElement(
+        root,
+        "Component",
+        Id=data["component_id"],
+        Guid=data["component_guid"],
+        Directory=data["directory_id"],
+    )
+    for filename in data["files"]:
+        ET.SubElement(component_el, "File", Source=filename)
    for subdata in data["dirs"]:
-        if "component_guid" in subdata:
-            dir_ref_el = ET.SubElement(root, "DirectoryRef", Id=subdata["id"])
-            component_el = ET.SubElement(
-                dir_ref_el,
-                "Component",
-                Id=subdata["component_id"],
-                Guid=subdata["component_guid"],
-            )
-            for filename in subdata["files"]:
-                file_el = ET.SubElement(
-                    component_el, "File", Source=filename, Id="file_" + uuid.uuid4().hex
-                )
-
-        component_ids += build_components_xml(root, subdata)
-
-    return component_ids
+        build_components_xml(root, subdata)


 def main():
@ -125,120 +86,188 @@ def main():
        # -rc markers.
        version = f.read().strip().split("-")[0]

-    dist_dir = os.path.join(
+    build_dir = os.path.join(
        os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
        "build",
-        "exe.win-amd64-3.12",
    )
+
+    cx_freeze_dir = "exe.win-amd64-3.12"
+
+    dist_dir = os.path.join(build_dir, cx_freeze_dir)
+
    if not os.path.exists(dist_dir):
        print("You must build the dangerzone binary before running this")
        return

-    data = {
-        "id": "TARGETDIR",
-        "name": "SourceDir",
-        "dirs": [
-            {
-                "id": "ProgramFilesFolder",
-                "dirs": [],
-            },
-            {
-                "id": "ProgramMenuFolder",
-                "dirs": [],
-            },
-        ],
-    }
-
-    data["dirs"][0]["dirs"].append(
-        build_data(
-            dist_dir,
-            "exe.win-amd64-3.12",
-            "INSTALLDIR",
-            "Dangerzone",
-        )
+    # Prepare data for WiX file harvesting from the output of cx_Freeze
+    data = build_data(
+        dist_dir,
+        cx_freeze_dir,
+        "INSTALLFOLDER",
+        "Dangerzone",
    )

-    root_el = ET.Element("Wix", xmlns="http://schemas.microsoft.com/wix/2006/wi")
-    product_el = ET.SubElement(
-        root_el,
-        "Product",
+    # Add the Wix root element
+    wix_el = ET.Element(
+        "Wix",
+        {
+            "xmlns": "http://wixtoolset.org/schemas/v4/wxs",
+            "xmlns:ui": "http://wixtoolset.org/schemas/v4/wxs/ui",
+        },
+    )
+
+    # Add the Package element
+    package_el = ET.SubElement(
+        wix_el,
+        "Package",
        Name="Dangerzone",
        Manufacturer="Freedom of the Press Foundation",
-        Id="*",
-        UpgradeCode="$(var.ProductUpgradeCode)",
+        UpgradeCode="12B9695C-965B-4BE0-BC33-21274E809576",
        Language="1033",
-        Codepage="1252",
-        Version="$(var.ProductVersion)",
-    )
-    ET.SubElement(
-        product_el,
-        "Package",
-        Id="*",
-        Keywords="Installer",
-        Description="Dangerzone $(var.ProductVersion) Installer",
-        Manufacturer="Freedom of the Press Foundation",
-        InstallerVersion="100",
-        Languages="1033",
        Compressed="yes",
-        SummaryCodepage="1252",
+        Codepage="1252",
+        Version=version,
    )
-    ET.SubElement(product_el, "Media", Id="1", Cabinet="product.cab", EmbedCab="yes")
    ET.SubElement(
-        product_el, "Icon", Id="ProductIcon", SourceFile="..\\share\\dangerzone.ico"
+        package_el,
+        "SummaryInformation",
+        Keywords="Installer",
+        Description="Dangerzone " + version + " Installer",
+        Codepage="1252",
    )
-    ET.SubElement(product_el, "Property", Id="ARPPRODUCTICON", Value="ProductIcon")
+    ET.SubElement(package_el, "MediaTemplate", EmbedCab="yes")
    ET.SubElement(
-        product_el,
+        package_el, "Icon", Id="ProductIcon", SourceFile="..\\share\\dangerzone.ico"
+    )
+    ET.SubElement(package_el, "Property", Id="ARPPRODUCTICON", Value="ProductIcon")
+    ET.SubElement(
+        package_el,
        "Property",
        Id="ARPHELPLINK",
        Value="https://dangerzone.rocks",
    )
    ET.SubElement(
-        product_el,
+        package_el,
        "Property",
        Id="ARPURLINFOABOUT",
        Value="https://freedom.press",
    )
    ET.SubElement(
-        product_el,
-        "Property",
-        Id="WIXUI_INSTALLDIR",
-        Value="INSTALLDIR",
+        package_el, "ui:WixUI", Id="WixUI_InstallDir", InstallDirectory="INSTALLFOLDER"
    )
-    ET.SubElement(product_el, "UIRef", Id="WixUI_InstallDir")
-    ET.SubElement(product_el, "UIRef", Id="WixUI_ErrorProgressText")
+    ET.SubElement(package_el, "UIRef", Id="WixUI_ErrorProgressText")
    ET.SubElement(
-        product_el,
+        package_el,
        "WixVariable",
        Id="WixUILicenseRtf",
        Value="..\\install\\windows\\license.rtf",
    )
    ET.SubElement(
-        product_el,
+        package_el,
        "WixVariable",
        Id="WixUIDialogBmp",
        Value="..\\install\\windows\\dialog.bmp",
    )
    ET.SubElement(
-        product_el,
+        package_el,
        "MajorUpgrade",
-        AllowSameVersionUpgrades="yes",
        DowngradeErrorMessage="A newer version of [ProductName] is already installed. If you are sure you want to downgrade, remove the existing installation via Programs and Features.",
    )

-    build_dir_xml(product_el, data)
-    component_ids = build_components_xml(product_el, data)
+    # Workaround for an issue after upgrading from WiX Toolset v3 to v5 where the previous
+    # version of Dangerzone is not uninstalled during the upgrade by checking if the older installation
+    # exists in "C:\Program Files (x86)\Dangerzone".
+    #
+    # Also handle a special case for Dangerzone 0.8.0 which allows choosing the install location
+    # during install by checking if the registry key for it exists.
+    #
+    # Note that this seems to allow installing Dangerzone 0.8.0 after installing Dangerzone from this branch.
+    # In this case the installer errors until Dangerzone 0.8.0 is uninstalled again
+    #
+    # TODO: Revert this once we are reasonably certain there aren't too many affected Dangerzone installations.
+    find_old_el = ET.SubElement(package_el, "Property", Id="OLDDANGERZONEFOUND")
+    directory_search_el = ET.SubElement(
+        find_old_el,
+        "DirectorySearch",
+        Id="dangerzone_install_folder",
+        Path="C:\\Program Files (x86)\\Dangerzone",
+    )
+    ET.SubElement(directory_search_el, "FileSearch", Name="dangerzone.exe")
+    registry_search_el = ET.SubElement(package_el, "Property", Id="DANGERZONE080FOUND")
+    ET.SubElement(
+        registry_search_el,
+        "RegistrySearch",
+        Root="HKLM",
+        Key="SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{03C2D2B2-9955-4AED-831F-DA4E67FC0FDB}",
+        Name="DisplayName",
+        Type="raw",
+    )
+    ET.SubElement(
+        package_el,
+        "Launch",
+        Condition="NOT OLDDANGERZONEFOUND AND NOT DANGERZONE080FOUND",
+        Message="A previous version of [ProductName] is already installed. Please uninstall it from Programs and Features before proceeding with the installation.",
+    )

-    feature_el = ET.SubElement(product_el, "Feature", Id="DefaultFeature", Level="1")
-    for component_id in component_ids:
-        ET.SubElement(feature_el, "ComponentRef", Id=component_id)
+    # Add the ProgramMenuFolder StandardDirectory
+    programmenufolder_el = ET.SubElement(
+        package_el,
+        "StandardDirectory",
+        Id="ProgramMenuFolder",
+    )
+    # Add a shortcut for Dangerzone in the Start menu
+    shortcut_el = ET.SubElement(
+        programmenufolder_el,
+        "Component",
+        Id="ApplicationShortcuts",
+        Guid="539E7DE8-A124-4C09-AA55-0DD516AAD7BC",
+    )
+    ET.SubElement(
+        shortcut_el,
+        "Shortcut",
+        Id="DangerzoneStartMenuShortcut",
+        Name="Dangerzone",
+        Description="Dangerzone",
+        Target="[INSTALLFOLDER]dangerzone.exe",
+        WorkingDirectory="INSTALLFOLDER",
+    )
+    ET.SubElement(
+        shortcut_el,
+        "RegistryValue",
+        Root="HKCU",
+        Key="Software\\Freedom of the Press Foundation\\Dangerzone",
+        Name="installed",
+        Type="integer",
+        Value="1",
+        KeyPath="yes",
+    )
+
+    # Add the ProgramFilesFolder StandardDirectory
+    programfilesfolder_el = ET.SubElement(
+        package_el,
+        "StandardDirectory",
+        Id="ProgramFiles64Folder",
+    )
+
+    # Create the directory structure for the installed product
+    build_directory_xml(programfilesfolder_el, data)
+
+    # Create a component group for application components
+    applicationcomponents_el = ET.SubElement(
+        package_el, "ComponentGroup", Id="ApplicationComponents"
+    )
+    # Populate the application components group with components for the installed package
+    build_components_xml(applicationcomponents_el, data)
+
+    # Add the Feature element
+    feature_el = ET.SubElement(package_el, "Feature", Id="DefaultFeature", Level="1")
+    ET.SubElement(feature_el, "ComponentGroupRef", Id="ApplicationComponents")
    ET.SubElement(feature_el, "ComponentRef", Id="ApplicationShortcuts")

-    print('<?xml version="1.0" encoding="windows-1252"?>')
-    print(f'<?define ProductVersion = "{version}"?>')
-    print('<?define ProductUpgradeCode = "12b9695c-965b-4be0-bc33-21274e809576"?>')
-    ET.indent(root_el)
-    print(ET.tostring(root_el).decode())
+    ET.indent(wix_el, space="    ")
+
+    with open(os.path.join(build_dir, "Dangerzone.wxs"), "w") as wxs_file:
+        wxs_file.write(ET.tostring(wix_el).decode())


 if __name__ == "__main__":
--- a/tests/gui/test_main_window.py
+++ b/tests/gui/test_main_window.py
@ -10,6 +10,7 @@ from pytest_mock import MockerFixture
 from pytest_subprocess import FakeProcess
 from pytestqt.qtbot import QtBot

+from dangerzone import errors
 from dangerzone.document import Document
 from dangerzone.gui import MainWindow
 from dangerzone.gui import main_window as main_window_module
@ -25,11 +26,8 @@ from dangerzone.gui.main_window import (
    WaitingWidgetContainer,
 )
 from dangerzone.gui.updater import UpdateReport, UpdaterThread
-from dangerzone.isolation_provider.container import (
-    Container,
-    NoContainerTechException,
-    NotAvailableContainerTechException,
-)
+from dangerzone.isolation_provider.container import Container
+from dangerzone.isolation_provider.dummy import Dummy

 from .test_updater import assert_report_equal, default_updater_settings

@ -510,9 +508,9 @@ def test_not_available_container_tech_exception(
 ) -> None:
    # Setup
    mock_app = mocker.MagicMock()
-    dummy = mocker.MagicMock()
-
-    dummy.is_runtime_available.side_effect = NotAvailableContainerTechException(
+    dummy = Dummy()
+    fn = mocker.patch.object(dummy, "is_available")
+    fn.side_effect = errors.NotAvailableContainerTechException(
        "podman", "podman image ls logs"
    )

@ -535,7 +533,7 @@ def test_no_container_tech_exception(qtbot: QtBot, mocker: MockerFixture) -> Non
    dummy = mocker.MagicMock()

    # Raise
-    dummy.is_runtime_available.side_effect = NoContainerTechException("podman")
+    dummy.is_available.side_effect = errors.NoContainerTechException("podman")

    dz = DangerzoneGui(mock_app, dummy)
    widget = WaitingWidgetContainer(dz)
--- a/tests/isolation_provider/test_container.py
+++ b/tests/isolation_provider/test_container.py
@ -4,12 +4,8 @@ import pytest
 from pytest_mock import MockerFixture
 from pytest_subprocess import FakeProcess

-from dangerzone.isolation_provider.container import (
-    Container,
-    ImageInstallationException,
-    ImageNotPresentException,
-    NotAvailableContainerTechException,
-)
+from dangerzone import container_utils, errors
+from dangerzone.isolation_provider.container import Container
 from dangerzone.isolation_provider.qubes import is_qubes_native_conversion

 from .base import IsolationProviderTermination, IsolationProviderTest
@ -27,31 +23,27 @@ def provider() -> Container:


 class TestContainer(IsolationProviderTest):
-    def test_is_runtime_available_raises(
-        self, provider: Container, fp: FakeProcess
-    ) -> None:
+    def test_is_available_raises(self, provider: Container, fp: FakeProcess) -> None:
        """
        NotAvailableContainerTechException should be raised when
        the "podman image ls" command fails.
        """
        fp.register_subprocess(
-            [provider.get_runtime(), "image", "ls"],
+            [container_utils.get_runtime(), "image", "ls"],
            returncode=-1,
            stderr="podman image ls logs",
        )
-        with pytest.raises(NotAvailableContainerTechException):
-            provider.is_runtime_available()
+        with pytest.raises(errors.NotAvailableContainerTechException):
+            provider.is_available()

-    def test_is_runtime_available_works(
-        self, provider: Container, fp: FakeProcess
-    ) -> None:
+    def test_is_available_works(self, provider: Container, fp: FakeProcess) -> None:
        """
        No exception should be raised when the "podman image ls" can return properly.
        """
        fp.register_subprocess(
-            [provider.get_runtime(), "image", "ls"],
+            [container_utils.get_runtime(), "image", "ls"],
        )
-        provider.is_runtime_available()
+        provider.is_available()

    def test_install_raise_if_image_cant_be_installed(
        self, mocker: MockerFixture, provider: Container, fp: FakeProcess
@ -59,17 +51,17 @@ class TestContainer(IsolationProviderTest):
        """When an image installation fails, an exception should be raised"""

        fp.register_subprocess(
-            [provider.get_runtime(), "image", "ls"],
+            [container_utils.get_runtime(), "image", "ls"],
        )

        # First check should return nothing.
        fp.register_subprocess(
            [
-                provider.get_runtime(),
+                container_utils.get_runtime(),
                "image",
                "list",
                "--format",
-                "{{.ID}}",
+                "{{ .Tag }}",
                "dangerzone.rocks/dangerzone",
            ],
            occurrences=2,
@ -79,11 +71,11 @@ class TestContainer(IsolationProviderTest):
        mocker.patch("gzip.open", mocker.mock_open(read_data=""))

        fp.register_subprocess(
-            [provider.get_runtime(), "load"],
+            [container_utils.get_runtime(), "load"],
            returncode=-1,
        )

-        with pytest.raises(ImageInstallationException):
+        with pytest.raises(errors.ImageInstallationException):
            provider.install()

    def test_install_raises_if_still_not_installed(
@ -92,17 +84,17 @@ class TestContainer(IsolationProviderTest):
        """When an image keep being not installed, it should return False"""

        fp.register_subprocess(
-            [provider.get_runtime(), "image", "ls"],
+            [container_utils.get_runtime(), "image", "ls"],
        )

        # First check should return nothing.
        fp.register_subprocess(
            [
-                provider.get_runtime(),
+                container_utils.get_runtime(),
                "image",
                "list",
                "--format",
-                "{{.ID}}",
+                "{{ .Tag }}",
                "dangerzone.rocks/dangerzone",
            ],
            occurrences=2,
@ -111,9 +103,9 @@ class TestContainer(IsolationProviderTest):
        # Patch gzip.open and podman load so that it works
        mocker.patch("gzip.open", mocker.mock_open(read_data=""))
        fp.register_subprocess(
-            [provider.get_runtime(), "load"],
+            [container_utils.get_runtime(), "load"],
        )
-        with pytest.raises(ImageNotPresentException):
+        with pytest.raises(errors.ImageNotPresentException):
            provider.install()
Author	SHA1	Message	Date
Alex Pyrgiotis	3756be26f9	FIXUP: Remove unnecessary container function	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	585e23f8d3	fixup! ci: Work with image tarballs that are not tagged as 'latest'	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	056bd705a7	FIXUP: Formatting	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	99011f9c46	ci: Work with image tarballs that are not tagged as 'latest' Now that our image tarball is not tagged as 'latest', we must first grab the image tag first, and then refer to it. We can grab the tag either from `share/image-id.txt` (if available) or with: docker load dangerzone.rocks/dangerzone --format {{ .Tag }}	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	c90915a465	FIXUP: Don't require a 'latest' image tag anymore	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	3bf7310812	FIXUP: Use longer tag description, so that the commit is always shown	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	7b1a09253c	Move container security arg to proper place Now that #748 has been merged, we can move the `--userns nomap` argument to the list with the rest of our security arguments.	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	27b9de9bf2	Factor out container utilities to separate module	2024-12-09 19:19:22 +02:00
Alex Pyrgiotis	57b49cdb4e	Extend the interface of the isolation provider Add the following two methods in the isolation provider: 1. `.is_available()`: Mainly used for the Container isolation provider, it specifies whether the container runtime is up and running. May be used in the future by other similar providers. 2. `.should_wait_install()`: Whether the isolation provider takes a while to be installed. Should be `True` only for the Container isolation provider, for the time being.	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	6b899fe759	Fix minor typos in our docs	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	b078d52fb7	Update our release instructions	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	e72b89cde9	container: Revamp container image installation Revamp the container image installation process in a way that does not involve using image IDs. We don't want to rely on image IDs anymore, since they are brittle (see https://github.com/freedomofpress/dangerzone/issues/933). Instead, we use image tags, as provided in the `image-id.txt` file. This allows us to check fast if an image is up to date, and we no longer need to maintain multiple image IDs from various container runtimes. Refs #933 Refs #988 Fixes #1020	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	682436fb25	Build and tag Dangerzone images Build Dangerzone images and tag them with a unique ID that stems from the Git reop. Note that using tags as image IDs instead of regular image IDs breaks the current Dangerzone expectations, but this will be addressed in subsequent commits.	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	569e683f31	container: Factor out loading an image tarball	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	6773962466	container: Manipulate Dangerzone image tags Add the following methods that allow the `Container` isolation provider to work with tags for the Dangerzone image: * `list_image_tag()` * `delete_image_tag()` * `add_image_tag()`	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	309bd12423	Move container-specific method from base class Move the `is_runtime_available()` method from the base `IsolationProvider` class, and into the `Dummy` provider class. This method was originally defined in the base class, in order to be mocked in our tests for the `Dummy` provider. There's no reason for the `Qubes` class to have it though, so we can just move it to the `Dummy` provider.	2024-12-09 19:19:21 +02:00
Alex Pyrgiotis	1c0a99fcd2	Update changelog Some checks are pending Tests / Download and cache Tesseract data (push) Waiting to run Details Tests / macOS (arch64) (push) Blocked by required conditions Details Tests / macOS (x86_64) (push) Blocked by required conditions Details Tests / build-deb (debian bookworm) (push) Blocked by required conditions Details Tests / build-deb (debian bullseye) (push) Blocked by required conditions Details Tests / build-deb (debian trixie) (push) Blocked by required conditions Details Tests / build-deb (ubuntu 20.04) (push) Blocked by required conditions Details Tests / build-deb (ubuntu 22.04) (push) Blocked by required conditions Details Tests / build-deb (ubuntu 24.04) (push) Blocked by required conditions Details Tests / build-deb (ubuntu 24.10) (push) Blocked by required conditions Details Tests / install-deb (debian bookworm) (push) Blocked by required conditions Details Tests / install-deb (debian bullseye) (push) Blocked by required conditions Details Tests / install-deb (debian trixie) (push) Blocked by required conditions Details Tests / install-deb (ubuntu 20.04) (push) Blocked by required conditions Details Tests / install-deb (ubuntu 22.04) (push) Blocked by required conditions Details Tests / install-deb (ubuntu 24.04) (push) Blocked by required conditions Details Tests / install-deb (ubuntu 24.10) (push) Blocked by required conditions Details Tests / build-install-rpm (fedora 40) (push) Blocked by required conditions Details Tests / build-install-rpm (fedora 41) (push) Blocked by required conditions Details Tests / run tests (debian bookworm) (push) Blocked by required conditions Details Tests / run tests (debian bullseye) (push) Blocked by required conditions Details Tests / run tests (debian trixie) (push) Blocked by required conditions Details Tests / run tests (fedora 40) (push) Blocked by required conditions Details Tests / run tests (fedora 41) (push) Blocked by required conditions Details Tests / run tests (ubuntu 20.04) (push) Blocked by required conditions Details Tests / run tests (ubuntu 22.04) (push) Blocked by required conditions Details Tests / run tests (ubuntu 24.04) (push) Blocked by required conditions Details Tests / run tests (ubuntu 24.10) (push) Blocked by required conditions Details Scan latest app and container / security-scan-container (push) Waiting to run Details Scan latest app and container / security-scan-app (push) Waiting to run Details	2024-12-09 18:46:25 +02:00
jkarasti	4b5f4b27d7	Fix: Dangerzone installed using an msi built with WiX Toolset v3 is not uninstalled by an msi built with WiX Toolset v5 Workaround for an issue after upgrading from WiX Toolset v3 to v5 where the previous version of Dangerzone is not uninstalled during the upgrade by checking if the older installation exists in "C:\Program Files (x86)\Dangerzone". Also handle a special case for Dangerzone 0.8.0 which allows choosing the install location during install by checking if the registry key for it exists. Note that this seems to allow installing Dangerzone 0.8.0 after installing Dangerzone from this branch. In this case the installer errors until Dangerzone 0.8.0 is uninstalled again	2024-12-09 18:42:12 +02:00
JKarasti	f537d54ed2	Change: Build a 64-bit installer	2024-12-09 18:42:12 +02:00
JKarasti	32641603ee	Docs: Update documentation for WiX Toolset 5	2024-12-09 18:42:12 +02:00
JKarasti	a915ae8442	Change: Update the `build-app.bat` script to work with WiX Toolset v5 - WiX Toolset v3 used to validate the msi package by default. In v5 that has moved to a new command, so add a new validation step to the script. - Also emove the step that uses `insignia.exe` to sign the Dangerzone.msi with the digital signatures from its external cab archives. In WiX Toolset v4 and newer, insignia is replaced with a new command `wix msi inscribe`, but we tell wix to embed the cabinets into the .msi (That's what`EmbedCab="yes"` in the Media / MediaTemplate element does) so singning them separately is not necessary. [0] [0] https://wixtoolset.org/docs/tools/signing/	2024-12-09 18:42:12 +02:00
JKarasti	38a803085f	CI: Use WiX Toolset v5 to build the msi	2024-12-09 18:42:11 +02:00
JKarasti	2053c98c09	Change: Write Dangerzone.wxs inside the script directly Also reduce duplication slightly by definig `build_dir`, `cx_freeze_dir` and `dist_dir`	2024-12-09 18:42:11 +02:00
JKarasti	3db1ca1fbb	Fix: Make GUIDs uppercase See [1] [1] https://learn.microsoft.com/en-us/windows/win32/msi/guid	2024-12-09 18:42:11 +02:00
JKarasti	3fff16cc7e	Change: Write dangerzone version and upgradecode into Package and SummaryInformation elements directly	2024-12-09 18:42:11 +02:00
JKarasti	8bd9c05832	Refactor: `build_dir_xml()` function - rename for clarity - remove unnecessary checks	2024-12-09 18:42:11 +02:00
JKarasti	41e78c907f	Change: Wrap all files to be included in the .msi in a `ComponentGroupRef` With this, all the files are organised into Components, each of which points to a Directory defined in the StandardDirectory element. This simplifies the Feature element considerable as only thing it needs to include everything in the built msi is a reference to `ApplicationComponents`	2024-12-09 18:42:11 +02:00
JKarasti	265c1dde97	Refactor: Simplify `build_data()` function - Rename variables to be more clear about what they do: - reorganise code - simplify a few checks	2024-12-09 18:42:11 +02:00
JKarasti	ccb302462d	Change: Swap Media element with MediaTemplate This is a new default and makes authoring slightly simpler without any functional changes.	2024-12-09 18:42:11 +02:00
JKarasti	4eadc30605	Change: Convert Wix UI extension authoring to WiX Toolset v5 Due to limitations of the xml.etree.ElementTree library, add the items in the root element as a dictionary	2024-12-09 18:42:11 +02:00
JKarasti	abb71e0fe5	Change: Wrap `ProgramFilesFolder` component with a `StandardDirectory` component	2024-12-09 18:42:11 +02:00
JKarasti	4638444290	Change: Wrap `ProgramMenuFolder` component with a `StandardDirectory` component	2024-12-09 18:42:11 +02:00
jkarasti	68da50a6b2	Change: Disable `AllowSameVersionUpgrades` Since running `wix msi validate` with it set to `yes` causes an error.	2024-12-09 18:42:11 +02:00
JKarasti	cc5ba29455	Change: Merge Product into Package element - The Keywords and Description items move under a new SummaryInformation element. - Shuffle things around so that elements previously under the product element are now under the Package element. - Rename SummaryCodepage in SummaryInformation to Codepage and remove a duplicate Manufacturer item. - Remove InstallerVersion and let WiX set it to default value. (500 a.k.a Windows 7)	2024-12-09 18:42:11 +02:00
JKarasti	180b9442ab	Change: Rename `INSTALLDIR` to `INSTALLFOLDER` It's the new default name for it	2024-12-09 18:42:11 +02:00
JKarasti	f349e16523	Change: Update WiX schema namespace Also rename `root_el` to `wix_el`. WiX version 5 uses the same namespace.	2024-12-09 18:42:11 +02:00
JKarasti	adddb1ecb7	Change: Stop generating an XML declaration at the top of the WiX authoring It's not needed anymore.	2024-12-09 18:42:11 +02:00
JKarasti	8e57d81a74	Fix: Make generated WiX authoring pass WixCop checks WixCop.exe is a built in formatting tool that comes with WiX toolset v3. This fixes `wix convert` command not beins able to run	2024-12-09 18:42:11 +02:00
JKarasti	3bcf5fc147	Fix: SyntaxWarning while generating Dangerzone.wxs	2024-12-09 18:42:10 +02:00