change EreuseWorkbench for workbench-script

in session with cayo we see this just works for Monday

Makefile

@@ -44,6 +44,21 @@ boot_iso_uefi_secureboot:
 		-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
 		-boot menu=on
 
+test_usody_sanitize:
+	# TODO adapt settings accordingly for this test
+	# ERASE=y ./deploy-workbench.sh
+	# create 3 disks for testing
+	qemu-img create -f raw test_sanitize_disk1.img 1G
+	qemu-img create -f raw test_sanitize_disk2.img 1G
+	qemu-img create -f raw test_sanitize_disk3.img 1G
+	sudo qemu-system-x86_64 \
+		-enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \
+		-drive format=raw,file=iso/workbench_debug.iso,cache=none,if=virtio \
+		-drive format=raw,file=test_sanitize_disk1.img,cache=none,if=virtio \
+		-drive format=raw,file=test_sanitize_disk2.img,cache=none,if=virtio \
+		-drive format=raw,file=test_sanitize_disk3.img,cache=none,if=virtio
+
+
 es_gen_po:
 	cp locale/es/LC_MESSAGES/messages.po locale/es/LC_MESSAGES/messages.pot.bak
 	pygettext3 -p locale/es/LC_MESSAGES/ workbench-script.py

deploy-workbench.sh

@@ -264,6 +264,8 @@ prepare_app() {
 
         # startup script execution
         cat > "${ISO_PATH}/chroot/root/.profile" <<END
+# pipx path for usody-sanitize
+PATH="${PATH}:/root/.local/bin"
 if [ -f /tmp/workbench_lock ]; then
         return 0
 else
@@ -304,14 +306,16 @@ echo 'Install requirements'
 apt-get install -y --no-install-recommends \
   sudo locales \
   python-is-python3 python3 python3-dev python3-pip pipenv \
-  dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null
+  dmidecode smartmontools hwinfo pciutils lshw nfs-common pipx < /dev/null
+
+pipx install usody-sanitize
 
 # Install lshw B02.19 utility using backports (DEPRECATED in Debian 12)
 #apt install -y -t ${VERSION_CODENAME}-backports lshw  < /dev/null
 
-echo 'Install sanitize requirements'
+echo 'Install usody-sanitize requirements'
 
-# Install sanitize debian requirements
+# Install usody-sanitize debian requirements
 apt-get install -y --no-install-recommends \
   hdparm nvme-cli < /dev/null
 

docs/dev-es.md

@@ -0,0 +1,112 @@
+## borrado minimalista
+
+Un enfoque inicial que teníamos para el borrado de disco son las siguientes funciones, esto lo hemos descartado para usar una herramienta más avanzada en el borrado [usody-sanitize](https://github.com/usody/sanitize/)
+
+```python
+## Xavier Functions ##
+def erase_basic(disk):
+    """
+    Basic Erasure
+    https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935
+
+    Settings for basic data erasure using shred Linux command.
+    A software-based fast non-100%-secured way of erasing data storage.
+
+    Performs 1 pass overwriting one round using all zeros.
+    Compliant with NIST SP-800-8y8.
+
+    In settings appear:
+
+    WB_ERASE = EraseBasic
+    WB_ERASE_STEPS = 1
+    WB_ERASE_LEADING_ZEROS = False
+
+    """
+    cmd = f'shred -vn 1 /dev/{disk}'
+    return [exec_cmd_erase(cmd)]
+
+
+def erase_baseline(disk):
+    """
+    Baseline Secure Erasure
+    Settings for advanced data erasure using badblocks Linux software.
+    A secured-way of erasing data storages, erase hidden areas,
+    checking the erase sector by sector.
+
+    Performs 1 pass overwriting each sector with zeros and a final verification.
+    Compliant with HMG Infosec Standard 5 Baseline.
+
+    In settings appear:
+
+    WB_ERASE = EraseSectors
+    WB_ERASE_STEPS = 1
+    WB_ERASE_LEADING_ZEROS = True
+
+    WB_ERASE_1_METHOD = EraseBasic
+    WB_ERASE_1_STEP_TYPE = 0
+    WB_ERASE_2_METHOD = EraseSectors
+    WB_ERASE_2_STEP_TYPE = 1
+    """
+    result = []
+    cmd = f'shred -zvn 0 /dev/{disk}'
+    result.append(exec_cmd_erase(cmd))
+    cmd = f'badblocks -st random -w /dev/{disk}'
+    result.append(exec_cmd_erase(cmd))
+    return result
+
+
+def erase_enhanced(disk):
+    """
+    Enhanced Secure Erasure
+    Settings for advanced data erasure using badblocks Linux software.
+    A secured-way of erasing data storages, erase hidden areas,
+    checking the erase sector by sector.
+
+    Performs 3 passes overwriting every sector with zeros and ones,
+    and final verification. Compliant with HMG Infosec Standard 5 Enhanced.
+
+    In settings appear:
+
+    WB_ERASE = EraseSectors
+    WB_ERASE_LEADING_ZEROS = True
+
+    WB_ERASE_1_METHOD = EraseBasic
+    WB_ERASE_1_STEP_TYPE = 1
+    WB_ERASE_2_METHOD = EraseBasic
+    WB_ERASE_2_STEP_TYPE = 0
+    WB_ERASE_3_METHOD = EraseSectors
+    WB_ERASE_3_STEP_TYPE = 1
+    """
+    result = []
+    cmd = f'shred -vn 1 /dev/{disk}'
+    result.append(exec_cmd_erase(cmd))
+    cmd = f'shred -zvn 0 /dev/{disk}'
+    result.append(exec_cmd_erase(cmd))
+    ## creo que realmente seria asi (3 pases y una extra poniendo a ceros):
+    # shred -zvn 3 /def/{disk}
+    # tampoco estoy seguro que el badblocks haga un proceso de verificacion.
+    cmd = f'badblocks -st random -w /dev/{disk}'
+    result.append(exec_cmd_erase(cmd))
+    return result
+
+## End Xavier Functions ##
+
+## Erase Functions ##
+
+def ata_secure_erase_null(disk):
+    cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}'
+    return [exec_cmd_erase(cmd_baseline)]
+
+
+def ata_secure_erase_enhanced(disk):
+    cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}'
+    return [exec_cmd_erase(cmd_enhanced)]
+
+
+def nvme_secure_erase(disk):
+    cmd_encrypted = f'nvme format /dev/{disk} --ses=1'
+    return [exec_cmd_erase(cmd_encrypted)]
+
+
+## End Erase Functions ##
+```

workbench-script.py

@@ -67,119 +67,13 @@ SNAPSHOT_BASE = {
     'type': 'Snapshot',
     'uuid': str(uuid.uuid4()),
     'code': gen_code(),
-    'software': "EreuseWorkbench",
+    'software': "workbench-script",
     'version': "0.0.1",
     'data': {},
     'erase': []
 }
 
-
 ## Command Functions ##
-## Erase Functions ##
-## Xavier Functions ##
-def erase_basic(disk):
-    """
-    Basic Erasure
-    https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935
-
-    Settings for basic data erasure using shred Linux command.
-    A software-based fast non-100%-secured way of erasing data storage.
-
-    Performs 1 pass overwriting one round using all zeros.
-    Compliant with NIST SP-800-8y8.
-
-    In settings appear:
-
-    WB_ERASE = EraseBasic
-    WB_ERASE_STEPS = 1
-    WB_ERASE_LEADING_ZEROS = False
-
-    """
-    cmd = f'shred -vn 1 /dev/{disk}'
-    return [exec_cmd_erase(cmd)]
-
-
-def erase_baseline(disk):
-    """
-    Baseline Secure Erasure
-    Settings for advanced data erasure using badblocks Linux software.
-    A secured-way of erasing data storages, erase hidden areas,
-    checking the erase sector by sector.
-
-    Performs 1 pass overwriting each sector with zeros and a final verification.
-    Compliant with HMG Infosec Standard 5 Baseline.
-
-    In settings appear:
-
-    WB_ERASE = EraseSectors
-    WB_ERASE_STEPS = 1
-    WB_ERASE_LEADING_ZEROS = True
-
-    WB_ERASE_1_METHOD = EraseBasic
-    WB_ERASE_1_STEP_TYPE = 0
-    WB_ERASE_2_METHOD = EraseSectors
-    WB_ERASE_2_STEP_TYPE = 1
-    """
-    result = []
-    cmd = f'shred -zvn 0 /dev/{disk}'
-    result.append(exec_cmd_erase(cmd))
-    cmd = f'badblocks -st random -w /dev/{disk}'
-    result.append(exec_cmd_erase(cmd))
-    return result
-
-
-def erase_enhanced(disk):
-    """
-    Enhanced Secure Erasure
-    Settings for advanced data erasure using badblocks Linux software.
-    A secured-way of erasing data storages, erase hidden areas,
-    checking the erase sector by sector.
-
-    Performs 3 passes overwriting every sector with zeros and ones,
-    and final verification. Compliant with HMG Infosec Standard 5 Enhanced.
-
-    In settings appear:
-
-    WB_ERASE = EraseSectors
-    WB_ERASE_LEADING_ZEROS = True
-
-    WB_ERASE_1_METHOD = EraseBasic
-    WB_ERASE_1_STEP_TYPE = 1
-    WB_ERASE_2_METHOD = EraseBasic
-    WB_ERASE_2_STEP_TYPE = 0
-    WB_ERASE_3_METHOD = EraseSectors
-    WB_ERASE_3_STEP_TYPE = 1
-    """
-    result = []
-    cmd = f'shred -vn 1 /dev/{disk}'
-    result.append(exec_cmd_erase(cmd))
-    cmd = f'shred -zvn 0 /dev/{disk}'
-    result.append(exec_cmd_erase(cmd))
-    ## creo que realmente seria asi (3 pases y una extra poniendo a ceros):
-    # shred -zvn 3 /def/{disk}
-    # tampoco estoy seguro que el badblocks haga un proceso de verificacion.
-    cmd = f'badblocks -st random -w /dev/{disk}'
-    result.append(exec_cmd_erase(cmd))
-    return result
-
-## End Xavier Functions ##
-
-def ata_secure_erase_null(disk):
-    cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}'
-    return [exec_cmd_erase(cmd_baseline)]
-
-
-def ata_secure_erase_enhanced(disk):
-    cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}'
-    return [exec_cmd_erase(cmd_enhanced)]
-
-
-def nvme_secure_erase(disk):
-    cmd_encrypted = f'nvme format /dev/{disk} --ses=1'
-    return [exec_cmd_erase(cmd_encrypted)]
-
-
-## End Erase Functions ##
 
 @logs
 def get_disks():
@@ -188,39 +82,13 @@ def get_disks():
     )
     return disks.get('blockdevices', [])
 
+
 @logs
-def gen_erase(all_disks, type_erase, user_disk=None):
-    erase = []
-    for disk in all_disks:
-        if user_disk and disk['name'] not in user_disk:
-            continue
-
-        if disk['type'] != 'disk':
-            continue
-
-        if 'boot' in disk['mountpoints']:
-            continue
-
-        if not disk['rota']:
-            # if soport nvme erase
-            erase.append(nvme_secure_erase(disk['name']))
-        elif disk['tran'] in ['ata', 'sata']:
-            # if soport ata erase
-            if type_erase == 'basic':
-                erase.append(ata_secure_erase_null(disk['name']))
-            elif type_erase == 'baseline':
-                erase.append(ata_secure_erase_null(disk['name']))
-            elif type_erase == 'enhanced':
-                erase.append(ata_secure_erase_enhanced(disk['name']))
-        else:
-            # For old disks
-            if type_erase == 'basic':
-                erase.append(erase_basic(disk['name']))
-            elif type_erase == 'baseline':
-                erase.append(erase_baseline(disk['name']))
-            elif type_erase == 'enhanced':
-                erase.append(erase_enhanced(disk['name']))
-    return erase
+def gen_erase(type_erase, user_disk=None):
+    if user_disk:
+        return exec_cmd(f"sanitize -d {user_disk} -m {type_erase}")
+    return exec_cmd(f"sanitize -a -m {type_erase}")
+    # return exec_cmd(f"sanitize -a -m {type_erase} --confirm")
 
 
 @logs
@@ -423,13 +291,10 @@ def main():
     all_disks = get_disks()
     snapshot = gen_snapshot(all_disks)
 
-    if config['erase'] and config['device'] and not config.get("legacy"):
-        snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
-    elif config['erase'] and not config.get("legacy"):
-        snapshot['erase'] = gen_erase(all_disks, config['erase'])
-
     if config.get("legacy"):
         convert_to_legacy_snapshot(snapshot)
+    else:
+        snapshot['erase'] = gen_erase(config['erase'], user_disk=config['device'])
 
     save_snapshot_in_disk(snapshot, config['path'])