Compare commits

...

23 commits

Author SHA1 Message Date
Cayo Puigdefabregas 21ca8755d2 fix smart legacy as a list 2024-12-13 09:50:01 +01:00
Cayo Puigdefabregas 30e1539753 fix rebase 4 time 2024-12-12 20:09:25 +01:00
Cayo Puigdefabregas d18d9e1529 fix rebase with main 2024-12-12 20:00:57 +01:00
Cayo Puigdefabregas 23fd72a77f inxi and credentials fix 2024-12-12 20:00:56 +01:00
Cayo Puigdefabregas d145c631a2 add inxi in main 2024-12-12 20:00:28 +01:00
Cayo Puigdefabregas 9abaafeb1b fix flow 2024-12-12 19:57:48 +01:00
Cayo Puigdefabregas 017ad52eee create credential from snapshot 2024-12-12 19:57:46 +01:00
Cayo Puigdefabregas bc244f3891 issue 100 new url in qr for evidence instead of device 2024-12-12 19:53:36 +01:00
pedro cdcb58cc0b Makefile: easy way to regenerate pxe setup 2024-12-12 19:52:42 +01:00
pedro c2464ed3ba pxe: dnsmasq restart, do not cause big error 2024-12-12 19:52:42 +01:00
pedro 1eef011e29 settings.ini.example: legacy, use capital boolean 2024-12-12 19:52:42 +01:00
pedro 296e0b8ef4 pxe: restart dnsmasq after applying config
useful on first init of service
2024-12-12 19:51:27 +01:00
pedro 95e317b9b7 bugfixes contributed by thomas
related to PR #7
2024-12-09 19:19:08 +01:00
Cayo Puigdefabregas 44b629d108 inxi and credentials fix 2024-12-05 19:24:34 +01:00
Cayo Puigdefabregas bebc2e78de come from inxi branch 2024-11-21 13:43:17 +01:00
Cayo Puigdefabregas ae5f9c341a add inxi in main 2024-11-15 11:05:24 +01:00
Cayo Puigdefabregas ea8bf99f28 inxi 2024-11-15 10:45:26 +01:00
Cayo Puigdefabregas eac898964f add inxi 2024-11-12 10:50:49 +01:00
Cayo Puigdefabregas b2f9363696 . 2024-11-11 18:15:14 +01:00
Cayo Puigdefabregas 7ddaecb9c7 fix flow 2024-11-08 12:23:45 +01:00
Cayo Puigdefabregas b3285421d1 fix lshw json 2024-11-07 17:33:36 +01:00
Cayo Puigdefabregas 468b6f63c4 create credential from snapshot 2024-11-06 14:10:02 +01:00
Cayo Puigdefabregas 7ebff00e2e issue 100 new url in qr for evidence instead of device 2024-10-31 16:30:45 +01:00
6 changed files with 145 additions and 61 deletions

View file

@ -44,6 +44,11 @@ boot_iso_uefi_secureboot:
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \ -drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
-boot menu=on -boot menu=on
# when you change something, you need to refresh it this way
regenerate_pxe_install:
./deploy-workbench.sh
pxe/install-pxe.sh
es_gen: es_gen:
$(MAKE) es_gen_po $(MAKE) es_gen_po
$(MAKE) es_gen_mo $(MAKE) es_gen_mo

View file

@ -327,7 +327,7 @@ echo 'Install requirements'
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
sudo locales keyboard-configuration console-setup qrencode \ sudo locales keyboard-configuration console-setup qrencode \
python-is-python3 python3 python3-dev python3-pip pipenv \ python-is-python3 python3 python3-dev python3-pip pipenv \
dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null dmidecode smartmontools hwinfo pciutils lshw nfs-common inxi < /dev/null
# Install lshw B02.19 utility using backports (DEPRECATED in Debian 12) # Install lshw B02.19 utility using backports (DEPRECATED in Debian 12)
#apt install -y -t ${VERSION_CODENAME}-backports lshw < /dev/null #apt install -y -t ${VERSION_CODENAME}-backports lshw < /dev/null

View file

@ -9,7 +9,7 @@ set -u
set -x set -x
main() { main() {
sudo apt install smartmontools lshw hwinfo dmidecode sudo apt install qrencode smartmontools lshw hwinfo dmidecode inxi
} }
main "${@}" main "${@}"

View file

@ -93,6 +93,7 @@ pxe-service=x86PC,"Network Boot",pxelinux
enable-tftp enable-tftp
tftp-root=${tftp_path} tftp-root=${tftp_path}
END END
sudo systemctl restart dnsmasq || true
} }
install_netboot() { install_netboot() {

View file

@ -1,10 +1,14 @@
[settings] [settings]
url = http://localhost:8000/api/v1/snapshot/ url = http://localhost:8000/api/snapshot/
#url = https://demo.ereuse.org/api/v1/snapshot/ #url = https://demo.ereuse.org/api/v1/snapshot/
# sample token that works with default deployment such as the previous two urls # sample token that works with default deployment such as the previous two urls
token = 5018dd65-9abd-4a62-8896-80f34ac66150 token = 5018dd65-9abd-4a62-8896-80f34ac66150
# Idhub
# wb_sign_token = "27de6ad7-cee2-4fe8-84d4-c7eea9c969c8"
# url_wallet = "http://localhost"
# path = /path/to/save # path = /path/to/save
# device = your_device_name # device = your_device_name
# # erase = basic # # erase = basic
# legacy = true # legacy = True

View file

@ -16,21 +16,17 @@ import logging
from datetime import datetime from datetime import datetime
## Legacy Functions ## SNAPSHOT_BASE = {
'timestamp': str(datetime.now()),
'type': 'Snapshot',
'uuid': str(uuid.uuid4()),
'software': "workbench-script",
'version': "0.0.1",
'operator_id': "",
'data': {},
'erase': []
}
def convert_to_legacy_snapshot(snapshot):
snapshot["sid"] = str(uuid.uuid4()).split("-")[0]
snapshot["software"] = "workbench-script"
snapshot["version"] = "dev"
snapshot["schema_api"] = "1.0.0"
snapshot["settings_version"] = "No Settings Version (NaN)"
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
snapshot["data"]["smart"] = snapshot["data"]["disks"]
snapshot["data"]["lshw"] = json.loads(snapshot["data"]["lshw"])
snapshot["data"].pop("disks")
snapshot.pop("erase")
## End Legacy Functions ##
## Utility Functions ## ## Utility Functions ##
@ -50,6 +46,7 @@ def exec_cmd(cmd):
logger.info(_('Running command `%s`'), cmd) logger.info(_('Running command `%s`'), cmd)
return os.popen(cmd).read() return os.popen(cmd).read()
@logs @logs
def exec_cmd_erase(cmd): def exec_cmd_erase(cmd):
logger.info(_('Running command `%s`'), cmd) logger.info(_('Running command `%s`'), cmd)
@ -59,15 +56,33 @@ def exec_cmd_erase(cmd):
## End Utility functions ## ## End Utility functions ##
SNAPSHOT_BASE = { ## Legacy Functions ##
'timestamp': str(datetime.now()),
'type': 'Snapshot', def convert_to_legacy_snapshot(snapshot):
'uuid': str(uuid.uuid4()), snapshot["sid"] = str(uuid.uuid4()).split("-")[1]
'software': "workbench-script", snapshot["software"] = "workbench-script"
'version': "0.0.1", snapshot["version"] = "dev"
'data': {}, snapshot["schema_api"] = "1.0.0"
'erase': [] snapshot["settings_version"] = "No Settings Version (NaN)"
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
snapshot["data"]["smart"] = json.loads(snapshot["data"]["smartctl"])
snapshot["data"].pop("smartctl")
snapshot["data"].pop("inxi")
snapshot.pop("operator_id")
snapshot.pop("erase")
lshw = 'sudo lshw -json'
hwinfo = 'sudo hwinfo --reallyall'
lspci = 'sudo lspci -vv'
data = {
'lshw': exec_cmd(lshw) or "{}",
'hwinfo': exec_cmd(hwinfo),
'lspci': exec_cmd(lspci)
} }
snapshot['data'].update(data)
## End Legacy Functions ##
## Command Functions ## ## Command Functions ##
@ -237,7 +252,7 @@ def smartctl(all_disks, disk=None):
data = exec_smart(disk['name']) data = exec_smart(disk['name'])
data_list.append(data) data_list.append(data)
return data_list return json.dumps(data_list)
## End Command Functions ## ## End Command Functions ##
@ -245,16 +260,13 @@ def smartctl(all_disks, disk=None):
# TODO permitir selección # TODO permitir selección
# TODO permitir que vaya más rápido # TODO permitir que vaya más rápido
def get_data(all_disks): def get_data(all_disks):
lshw = 'sudo lshw -json'
hwinfo = 'sudo hwinfo --reallyall'
dmidecode = 'sudo dmidecode' dmidecode = 'sudo dmidecode'
lspci = 'sudo lspci -vv' inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print"
data = { data = {
'lshw': exec_cmd(lshw) or "{}", 'smartctl': smartctl(all_disks),
'disks': smartctl(all_disks),
'hwinfo': exec_cmd(hwinfo),
'dmidecode': exec_cmd(dmidecode), 'dmidecode': exec_cmd(dmidecode),
'lspci': exec_cmd(lspci) 'inxi': exec_cmd(inxi)
} }
return data return data
@ -266,20 +278,20 @@ def gen_snapshot(all_disks):
return snapshot return snapshot
def save_snapshot_in_disk(snapshot, path): def save_snapshot_in_disk(snapshot, path, snap_uuid):
snapshot_path = os.path.join(path, 'snapshots') snapshot_path = os.path.join(path, 'snapshots')
filename = "{}/{}_{}.json".format( filename = "{}/{}_{}.json".format(
snapshot_path, snapshot_path,
datetime.now().strftime("%Y%m%d-%H_%M_%S"), datetime.now().strftime("%Y%m%d-%H_%M_%S"),
snapshot['uuid']) snap_uuid)
try: try:
if not os.path.exists(snapshot_path): if not os.path.exists(snapshot_path):
os.makedirs(snapshot_path) os.makedirs(snapshot_path)
logger.info(_("Created snapshots directory at '%s'"), snapshot_path) logger.info(_("Created snapshots directory at '%s'"), snapshot_path)
with open(filename, "w") as f: with open(filename, "w") as f:
f.write(json.dumps(snapshot)) f.write(snapshot)
logger.info(_("Snapshot written in path '%s'"), filename) logger.info(_("Snapshot written in path '%s'"), filename)
except Exception as e: except Exception as e:
try: try:
@ -287,18 +299,59 @@ def save_snapshot_in_disk(snapshot, path):
fallback_filename = "{}/{}_{}.json".format( fallback_filename = "{}/{}_{}.json".format(
path, path,
datetime.now().strftime("%Y%m%d-%H_%M_%S"), datetime.now().strftime("%Y%m%d-%H_%M_%S"),
snapshot['uuid']) snap_uuid)
with open(fallback_filename, "w") as f: with open(fallback_filename, "w") as f:
f.write(json.dumps(snapshot)) f.write(snapshot)
logger.warning(_("Snapshot written in fallback path '%s'"), fallback_filename) logger.warning(_("Snapshot written in fallback path '%s'"), fallback_filename)
except Exception as e: except Exception as e:
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e) logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
def send_to_sign_credential(snapshot, token, url):
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
try:
cred = {
"type": "DeviceSnapshotV1",
"save": False,
"data": {
"operator_id": snapshot["operator_id"],
"dmidecode": snapshot["data"]["dmidecode"],
"inxi": snapshot["data"]["inxi"],
"smartctl": snapshot["data"]["smartctl"],
"uuid": snapshot["uuid"],
}
}
data = json.dumps(cred).encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response:
status_code = response.getcode()
response_text = response.read().decode('utf-8')
if 200 <= status_code < 300:
logger.info(_("Credential successfully signed"))
res = json.loads(response_text)
if res.get("status") == "success" and res.get("data"):
return res["data"]
return json.dumps(snapshot)
else:
logger.error(_("Credential cannot signed in '%s'"), url)
return json.dumps(snapshot)
except Exception as e:
logger.error(_("Credential not remotely builded to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
return json.dumps(snapshot)
# TODO sanitize url, if url is like this, it fails # TODO sanitize url, if url is like this, it fails
# url = 'http://127.0.0.1:8000/api/snapshot/' # url = 'http://127.0.0.1:8000/api/snapshot/'
def send_snapshot_to_devicehub(snapshot, token, url, legacy): def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy):
url_components = urllib.parse.urlparse(url) url_components = urllib.parse.urlparse(url)
ev_path = "evidence/{}".format(snapshot["uuid"]) ev_path = f"evidence/{ev_uuid}"
components = (url_components.scheme, url_components.netloc, ev_path, '', '', '') components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
ev_url = urllib.parse.urlunparse(components) ev_url = urllib.parse.urlunparse(components)
# apt install qrencode # apt install qrencode
@ -308,7 +361,7 @@ def send_snapshot_to_devicehub(snapshot, token, url, legacy):
"Content-Type": "application/json" "Content-Type": "application/json"
} }
try: try:
data = json.dumps(snapshot).encode('utf-8') data = snapshot.encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers) request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response: with urllib.request.urlopen(request) as response:
status_code = response.getcode() status_code = response.getcode()
@ -319,13 +372,15 @@ def send_snapshot_to_devicehub(snapshot, token, url, legacy):
if legacy: if legacy:
try: try:
response = json.loads(response_text) response = json.loads(response_text)
if response.get('url'): public_url = response.get('public_url')
dhid = response.get('dhid')
if public_url:
# apt install qrencode # apt install qrencode
qr = "echo {} | qrencode -t ANSI".format(response['url']) qr = "echo {} | qrencode -t ANSI".format(public_url)
print(exec_cmd(qr)) print(exec_cmd(qr))
print("url: {}".format(response['url'])) print("url: {}".format(public_url))
if response.get("dhid"): if dhid:
print("dhid: {}".format(response['dhid'])) print("dhid: {}".format(dhid))
except Exception: except Exception:
logger.error(response_text) logger.error(response_text)
else: else:
@ -333,15 +388,10 @@ def send_snapshot_to_devicehub(snapshot, token, url, legacy):
print(exec_cmd(qr)) print(exec_cmd(qr))
print(f"url: {ev_url}") print(f"url: {ev_url}")
else: else:
logger.error(_("Snapshot %s could not be sent to URL '%s'"), snapshot["uuid"], url) logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"), ev_uuid, url, response_text)
# TODO review all the try-except thing here; maybe the try inside legacy does not make sense anymore
except urllib.error.HTTPError as e:
error_details = e.read().decode('utf-8') # Get the error response body
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"),
snapshot["uuid"], url, error_details)
except Exception as e: except Exception as e:
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), snapshot["uuid"], url, e) logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
def load_config(config_file="settings.ini"): def load_config(config_file="settings.ini"):
@ -363,10 +413,12 @@ def load_config(config_file="settings.ini"):
device = config.get('settings', 'device', fallback=None) device = config.get('settings', 'device', fallback=None)
erase = config.get('settings', 'erase', fallback=None) erase = config.get('settings', 'erase', fallback=None)
legacy = config.get('settings', 'legacy', fallback=None) legacy = config.get('settings', 'legacy', fallback=None)
url_wallet = config.get('settings', 'url_wallet', fallback=None)
wb_sign_token = config.get('settings', 'wb_sign_token', fallback=None)
else: else:
logger.error(_("Config file '%s' not found. Using default values."), config_file) logger.error(_("Config file '%s' not found. Using default values."), config_file)
path = os.path.join(os.getcwd()) path = os.path.join(os.getcwd())
url, token, device, erase, legacy = None, None, None, None, None url, token, device, erase, legacy, url_wallet, wb_sign_token = (None,)*7
return { return {
'path': path, 'path': path,
@ -374,7 +426,9 @@ def load_config(config_file="settings.ini"):
'token': token, 'token': token,
'device': device, 'device': device,
'erase': erase, 'erase': erase,
'legacy': legacy 'legacy': legacy,
'wb_sign_token': wb_sign_token,
'url_wallet': url_wallet
} }
def parse_args(): def parse_args():
@ -437,19 +491,39 @@ def main():
all_disks = get_disks() all_disks = get_disks()
snapshot = gen_snapshot(all_disks) snapshot = gen_snapshot(all_disks)
snap_uuid = snapshot["uuid"]
if config['erase'] and config['device'] and not config.get("legacy"): if config['erase'] and config['device'] and not legacy:
snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device']) snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
elif config['erase'] and not config.get("legacy"): elif config['erase'] and not legacy:
snapshot['erase'] = gen_erase(all_disks, config['erase']) snapshot['erase'] = gen_erase(all_disks, config['erase'])
if legacy: if legacy:
convert_to_legacy_snapshot(snapshot) convert_to_legacy_snapshot(snapshot)
snapshot = json.dumps(snapshot)
else:
url_wallet = config.get("url_wallet")
wb_sign_token = config.get("wb_sign_token")
save_snapshot_in_disk(snapshot, config['path']) if wb_sign_token:
tk = wb_sign_token.encode("utf8")
snapshot["operator_id"] = hashlib.sha3_256(tk).hexdigest()
if url_wallet and wb_sign_token:
snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
else:
snapshot = json.dumps(snapshot)
save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
if config['url']: if config['url']:
send_snapshot_to_devicehub(snapshot, config['token'], config['url'], legacy) send_snapshot_to_devicehub(
snapshot,
config['token'],
config['url'],
snap_uuid,
legacy
)
logger.info(_("END")) logger.info(_("END"))