From 31e5275a8ffbe9ffe5da1a39ebdcaca6a877e09a Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Thu, 9 May 2024 15:56:40 +0300
Subject: [PATCH] FIXUP: Move the container existence check at the very end of
 the termination phase

---
 dangerzone/isolation_provider/container.py | 30 ++++++++++++++--------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/dangerzone/isolation_provider/container.py b/dangerzone/isolation_provider/container.py
index 3785e36ca..e469588b9 100644
--- a/dangerzone/isolation_provider/container.py
+++ b/dangerzone/isolation_provider/container.py
@@ -240,16 +240,6 @@ def kill_container(self, name: str) -> None:
                 f"Unexpected error occurred while killing container '{name}': {str(e)}"
             )
 
-        # Sanity check to see if the container has indeed exited. It has a unique ID, so
-        # it's safe to check for it's name in the command's output.
-        all_containers = subprocess.run(
-            [container_runtime, "ps", "-a"],
-            capture_output=True,
-            startupinfo=get_subprocess_startupinfo(),
-        )
-        if name in all_containers.stdout.decode():
-            log.warning(f"Container '{name}' did not stop gracefully")
-
     def pixels_to_pdf(
         self, document: Document, tempdir: str, ocr_lang: Optional[str]
     ) -> None:
@@ -319,6 +309,26 @@ def terminate_doc_to_pixels_proc(
         self.kill_container(self.doc_to_pixels_container_name(document))
         p.terminate()
 
+    def ensure_stop_doc_to_pixels_proc(  # type: ignore [no-untyped-def]
+        self, document: Document, *args, **kwargs
+    ) -> None:
+        super().ensure_stop_doc_to_pixels_proc(document, *args, **kwargs)
+
+        # Check if the container no longer exists, either because we successfully killed
+        # it, or because it exited on its own. We operate under the assumption that
+        # after a podman kill / docker kill invocation, this will likely be the case,
+        # else the container runtime (Docker/Podman) has experienced a problem, and we
+        # should report it.
+        container_runtime = self.get_runtime()
+        name = self.doc_to_pixels_container_name(document)
+        all_containers = subprocess.run(
+            [container_runtime, "ps", "-a"],
+            capture_output=True,
+            startupinfo=get_subprocess_startupinfo(),
+        )
+        if name in all_containers.stdout.decode():
+            log.warning(f"Container '{name}' did not stop gracefully")
+
     def get_max_parallel_conversions(self) -> int:
         # FIXME hardcoded 1 until length conversions are better handled
         # https://github.com/freedomofpress/dangerzone/issues/257