freedomofpress · conorsch · Jan 22, 2020 · Jan 6, 2020 · Jan 10, 2020 · Jan 10, 2020
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -13,10 +13,25 @@ jobs:
     steps:
       - checkout
       - run: make dom0-rpm
+  launcher-tests-buster:
+    docker:
+      - image: circleci/python:3.7-buster
+    steps:
+      - checkout
+      - run:
+          name: Install dependencies and run Python tests for launcher
+          command: |
+            cd launcher/
+            set -e
+            virtualenv .venv
+            source .venv/bin/activate
+            pip install --require-hashes -r test-requirements.txt
+            make test && make bandit
 
 workflows:
   version: 2
   securedrop_workstation_ci:
     jobs:
       - lint
       - buildrpm
+      - launcher-tests-buster
diff --git a/dom0/sd-clean-all.sls b/dom0/sd-clean-all.sls
@@ -20,6 +20,7 @@ remove-dom0-sdw-config-files:
       - /usr/bin/securedrop-login
       - /etc/qubes-rpc/policy/securedrop.Log
       - /etc/qubes-rpc/policy/securedrop.Proxy
+      - /home/{{ gui_user }}/Desktop/securedrop-launcher.desktop
 
 sd-cleanup-sys-firewall:
   cmd.run:

diff --git a/dom0/sd-dom0-files.sls b/dom0/sd-dom0-files.sls
@@ -167,3 +167,28 @@ dom0-tag-whonix-gw-15:
     - tags:
       - add:
         - sd-workstation-updates
+
+dom0-securedrop-launcher-directory:
+  file.recurse:
+    - name: /opt/securedrop/launcher
+    - source: "salt://launcher"
+    - user: root
+    - group: root
+    - file_mode: 644
+    - dir_mode: 755
+
+dom0-securedrop-launcher-entrypoint-executable:
+  file.managed:
+    - name: /opt/securedrop/launcher/sdw-launcher.py
+    - user: root
+    - group: root
+    - mode: 755
+    - replace: false
+
+dom0-securedrop-launcher-desktop-shortcut:
+  file.managed:
+    - name: /home/{{ gui_user }}/Desktop/securedrop-launcher.desktop
+    - source: "salt://securedrop-launcher.desktop"
+    - user: {{ gui_user }}
+    - group: {{ gui_user }}
+    - mode: 755
diff --git a/dom0/securedrop-launcher.desktop b/dom0/securedrop-launcher.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Terminal=false
+Icon=/usr/share/securedrop/icons/sd-logo.png
+Name=SecureDrop Workstation Launcher
+Exec=/opt/securedrop/launcher/sdw-launcher.py
diff --git a/launcher/Makefile b/launcher/Makefile
@@ -0,0 +1,25 @@
+.PHONY: update-pip-requirements
+update-pip-requirements: ## Updates all Python requirements files via pip-compile.
+	pip-compile --allow-unsafe --generate-hashes --output-file=test-requirements.txt test-requirements.in
+
+.PHONY: bandit
+bandit:
+	bandit -ll --exclude ./.venv/ -r .
+
+.PHONY: test
+test:
+	pytest --cov-report term-missing --cov=sdw_updater_gui/ -v tests/
+
+# Explanation of the below shell command should it ever break.
+# 1. Set the field separator to ": ##" to parse lines for make targets.
+# 2. Check for second field matching, skip otherwise.
+# 3. Print fields 1 and 2 with colorized output.
+# 4. Sort the list of make targets alphabetically
+# 5. Format columns with colon as delimiter.
+.PHONY: help
+help: ## Prints this message and exits
+	@printf "Makefile for developing and testing SecureDrop Workstation.\n"
+	@printf "Subcommands:\n\n"
+	@perl -F':.*##\s+' -lanE '$$F[1] and say "\033[36m$$F[0]\033[0m : $$F[1]"' $(MAKEFILE_LIST) \
+		| sort \
+		| column -s ':' -t
diff --git a/launcher/sdw-launcher.py b/launcher/sdw-launcher.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+from logging.handlers import TimedRotatingFileHandler
+from PyQt4 import QtGui
+from sdw_updater_gui.UpdaterApp import UpdaterApp
+import logging
+import os
+import sys
+
+DEFAULT_HOME = os.path.join(os.path.expanduser("~"), ".securedrop_launcher")
+logger = ""
+
+
+def main():
+    configure_logging()
+    logger = logging.getLogger(__name__)
+    logger.info("Starting SecureDrop Launcher")
+    app = QtGui.QApplication(sys.argv)
+    form = UpdaterApp()
+    form.show()
+    sys.exit(app.exec_())
+
+
+def configure_logging():
+    """
+    All logging related settings are set up by this function.
+    """
+    log_folder = os.path.join(DEFAULT_HOME, "logs")
+    if not os.path.exists(log_folder):
+        os.makedirs(log_folder)
+
+    log_file = os.path.join(DEFAULT_HOME, "logs", "launcher.log")
+
+    # set logging format
+    log_fmt = (
+        "%(asctime)s - %(name)s:%(lineno)d(%(funcName)s) " "%(levelname)s: %(message)s"
+    )
+    formatter = logging.Formatter(log_fmt)
+
+    handler = TimedRotatingFileHandler(log_file)
+    handler.setFormatter(formatter)
+    handler.setLevel(logging.INFO)
+
+    # set up primary log
+    log = logging.getLogger()
+    log.setLevel(logging.INFO)
+    log.addHandler(handler)
+
+
+if __name__ == "__main__":
+    main()