Merge 7e4346a306 into 5ed4a048a0

Do not close stderr as part of the Qubes termination logic, since we
need to read the debug logs. This shouldn't affect typical termination
scenarios, since we expect our disposable qube to be either busy reading
from stdin, or writing to stdout. If this is not the case, then
forcefully killing the `qrexec-client-vm` process should unblock the
qube.

dangerzone/isolation_provider/container.py

@@ -248,7 +248,7 @@ class Container(IsolationProvider):
         else:
             msg = (
                 f"{Container.CONTAINER_NAME} images found, but IDs do not match."
-                f"Found: {found_image_id}, Expected: {','.join(expected_image_ids)}"
+                f" Found: {found_image_id}, Expected: {','.join(expected_image_ids)}"
             )
             if raise_on_error:
                 raise ImageNotPresentException(msg)

dangerzone/isolation_provider/qubes.py

@@ -70,14 +70,18 @@ class Qubes(IsolationProvider):
         standard streams explicitly, so that we can afterwards use `Popen.wait()` to
         learn if the qube terminated.
 
+        Note that we don't close the stderr stream because we want to read debug logs
+        from it. In the rare case where a qube cannot terminate because it's stuck
+        writing at stderr (this is not the expected behavior), we expect that the
+        process will still be forcefully killed after the soft termination timeout
+        expires.
+
         [1]: https://github.com/freedomofpress/dangerzone/issues/563#issuecomment-2034803232
         """
         if p.stdin:
             p.stdin.close()
         if p.stdout:
             p.stdout.close()
-        if p.stderr:
-            p.stderr.close()
 
     def teleport_dz_module(self, wpipe: IO[bytes]) -> None:
         """Send the dangerzone module to another qube, as a zipfile."""