Provides usb preflight checks and standardizes error messages #5
Conversation
Also check if a USB device is connected via `usb-test` action: * returns `USB_CONNECTED` if a device is connected to sd-export Qube * returns `USB_NOT_CONNECTED` if a device is not connnected to sd-export Qube Also checks if a Drive is LUKS-encrypted via `disk-test` action: * returns `USB_ENCRYPTED` if the usb device is LUKS-encrypted * returns `USB_NO_SUPPORTED_ENCRYPTION` if the usb device is not LUKS-encrypted
All errors return codes are now prefixed with `ERROR_`
emkll
changed the title
securedrop_export/export.py
Outdated
| if p == "": | ||
| msg = "ERROR_USB_CHECK" | ||
| self.exit_gracefully(msg) | ||
| n_usb = len(p.rstrip().split("\n")) |
There was a problem hiding this comment.
the usb check fails for me unless i sub in p.decode("utf-8") for p here.
There was a problem hiding this comment.
what version of python are you using? Getting the following error with 3.5.7:
> n_usb = len(p.decode("utf-8").rstrip().split("\n"))
E AttributeError: 'str' object has no attribute 'decode'
There was a problem hiding this comment.
Nevermind my commend above, this was due to the test strings not being the correct format 🤦♂️ , this is now fixed, thanks.
securedrop_export/export.py
Outdated
| @@ -18,15 +18,21 @@ | |||
| ENCRYPTED_DEVICE = "encrypted_volume" | |||
| BRLASER_DRIVER = "/usr/share/cups/drv/brlaser.drv" | |||
| BRLASER_PPD = "/usr/share/cups/model/br7030.ppd" | |||
|
|
|||
| PCI_BUS_ID = "002:" | |||
There was a problem hiding this comment.
PCI_BUS_ID for my sd-export-usb is 003: but this changes intermittently on my system based on attach/detach events.
There was a problem hiding this comment.
I have updated this script and freedomofpress/securedrop-workstation#305 to pass the PCI_BUS_ID from dom0 to a sd-export-* specific config file. This should now work as expected.
Configurable PCI_DEVICE_ID will be populated at provision time by salt logic
There was a problem hiding this comment.
Tested as follows:
- checked out and built
freedomofpress/securedrop-workstationmaster (#305 is merged) - Built package from this branch and install in sd-export-template
- build was successful
- Copied securedrop-export-.deb to sd-export-template and installed the package
- created metadata.json and sd-export archive based on the new functionality: {"device":"usb-test"} and {"device":"disk-test"}
- pre-flight test works as expected based on the usb device/drive connected to the export dedicated port
LGTM!
|
(Also confirmed existing |
Closes freedomofpress/securedrop-workstation#281
Closes freedomofpress/securedrop-workstation#264
Test plan
Testing the changes to this branch requires a specific branch of securedrop-workstation.
{"device":"usb-test"}and{"device":"disk-test"}