Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

Provides usb preflight checks and standardizes error messages #5

Merged
merged 7 commits into from
Aug 14, 2019
Merged

Provides usb preflight checks and standardizes error messages #5

merged 7 commits into from
Aug 14, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Jul 25, 2019
edited
Loading

Closes freedomofpress/securedrop-workstation#281
Closes freedomofpress/securedrop-workstation#264

Test plan

Testing the changes to this branch requires a specific branch of securedrop-workstation.

  • check out Add sd-export-config.json in sd-export VMs securedrop-workstation#305
  • Build package from this branch and install in sd-export-template
  • build is successful
  • Copy securedrop-export-.deb to sd-export-template and install the package
  • create metadata.json and sd-export archive based on the new functionality: {"device":"usb-test"} and {"device":"disk-test"}
  • pre-flight test works as expected based on the usb device/drive connected to the export dedicated port

@zenmonkeykstop zenmonkeykstop self-assigned this Jul 25, 2019
emkll added 2 commits July 25, 2019 12:48
@emkll
Provides usb preflight checks
9763192 
Also check if a USB device is connected via `usb-test` action:
* returns `USB_CONNECTED` if a device is connected to sd-export Qube
* returns `USB_NOT_CONNECTED` if a device is not connnected to sd-export Qube

Also checks if a Drive is LUKS-encrypted via `disk-test` action:
* returns `USB_ENCRYPTED` if the usb device is LUKS-encrypted
* returns `USB_NO_SUPPORTED_ENCRYPTION` if the usb device is not LUKS-encrypted
@emkll
Standardize error messages for sd-export
f511756 
All errors return codes are now prefixed with `ERROR_`
@emkll emkll changed the title Provides usb preflight checks Provides usb preflight checks and standardizes error messages Jul 25, 2019
zenmonkeykstop
zenmonkeykstop suggested changes Jul 25, 2019
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

disk-test works fine, usb-test failing for me due to problems parsing output of the lsusb -s 002: process call.

securedrop_export/export.py Outdated
if p == "":
msg = "ERROR_USB_CHECK"
self.exit_gracefully(msg)
n_usb = len(p.rstrip().split("\n"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the usb check fails for me unless i sub in p.decode("utf-8") for p here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what version of python are you using? Getting the following error with 3.5.7:

>       n_usb = len(p.decode("utf-8").rstrip().split("\n"))
E       AttributeError: 'str' object has no attribute 'decode'

Copy link
Contributor Author

@emkll emkll Aug 2, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind my commend above, this was due to the test strings not being the correct format 🤦‍♂️ , this is now fixed, thanks.

securedrop_export/export.py Outdated
@@ -18,15 +18,21 @@
ENCRYPTED_DEVICE = "encrypted_volume"
BRLASER_DRIVER = "/usr/share/cups/drv/brlaser.drv"
BRLASER_PPD = "/usr/share/cups/model/br7030.ppd"

PCI_BUS_ID = "002:"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PCI_BUS_ID for my sd-export-usb is 003: but this changes intermittently on my system based on attach/detach events.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated this script and freedomofpress/securedrop-workstation#305 to pass the PCI_BUS_ID from dom0 to a sd-export-* specific config file. This should now work as expected.

emkll added 2 commits August 1, 2019 16:20
@emkll
Add more return codes for errors
8cfa3bd
@emkll
Address review comments
bee4790 
Configurable PCI_DEVICE_ID will be populated at provision time by salt logic
@emkll emkll mentioned this pull request Aug 6, 2019
Closed
@eloquence eloquence mentioned this pull request Aug 7, 2019
Closed
zenmonkeykstop
zenmonkeykstop approved these changes Aug 14, 2019
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested as follows:

  • checked out and built freedomofpress/securedrop-workstation master (#305 is merged)
  • Built package from this branch and install in sd-export-template
  • build was successful
  • Copied securedrop-export-.deb to sd-export-template and installed the package
  • created metadata.json and sd-export archive based on the new functionality: {"device":"usb-test"} and {"device":"disk-test"}
  • pre-flight test works as expected based on the usb device/drive connected to the export dedicated port

LGTM!

@zenmonkeykstop
Copy link
Contributor

(Also confirmed existing printer, printer-test, disk targets work as expected.)

@zenmonkeykstop zenmonkeykstop merged commit 436a45e into master Aug 14, 2019
@zenmonkeykstop zenmonkeykstop deleted the usb-preflight branch August 14, 2019 21:28
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement pre-flight check for USB export Return export device state details as part of export attempts
2 participants
@emkll @zenmonkeykstop