Compare commits

..

2 Commits

7 changed files with 136 additions and 163 deletions

View File

@ -44,15 +44,6 @@ boot_iso_uefi_secureboot:
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
-boot menu=on
# when you change something, you need to refresh it this way
regenerate_pxe_install:
./deploy-workbench.sh
pxe/install-pxe.sh
es_gen:
$(MAKE) es_gen_po
$(MAKE) es_gen_mo
es_gen_po:
cp locale/es/LC_MESSAGES/messages.po locale/es/LC_MESSAGES/messages.pot.bak
pygettext3 -p locale/es/LC_MESSAGES/ workbench-script.py

View File

@ -199,12 +199,12 @@ create_persistence_partition() {
mkdir -p "${tmp_rw_mount}"
${SUDO} mount "$(pwd)/${rw_img_path}" "${tmp_rw_mount}"
${SUDO} mkdir -p "${tmp_rw_mount}"
if [ ! -f "settings.ini" ]; then
${SUDO} cp -v settings.ini.example settings.ini
echo "WARNING: settings.ini was not there, settings.ini.example was copied, this only happens once"
if [ -f "settings.ini" ]; then
${SUDO} cp -v settings.ini "${tmp_rw_mount}/settings.ini"
else
echo "ERROR: settings.ini does not exist yet, cannot read config from there. You can take inspiration with file settings.ini.example"
exit 1
fi
${SUDO} cp -v settings.ini "${tmp_rw_mount}/settings.ini"
${SUDO} umount "${tmp_rw_mount}"
uuid="$(blkid "${rw_img_path}" | awk '{ print $3; }')"
@ -253,27 +253,6 @@ END2
END
)"
# thanks https://wiki.debian.org/Keyboard
chroot_kbd_conf_str="$(cat<<END
chroot_kbd_conf() {
###################
# configure keyboard
cat > /etc/default/keyboard <<END2
# KEYBOARD CONFIGURATION FILE
# generated by deploy-workbench.sh
# Consult the keyboard(5) manual page.
XKBMODEL="pc105"
XKBLAYOUT="\${CUSTOM_LANG}"
BACKSPACE="guess"
END2
}
END
)"
prepare_app() {
# prepare app during prepare_chroot_env
workbench_dir="${ISO_PATH}/chroot/opt/workbench"
@ -301,15 +280,13 @@ if [ "\${nfs_host}" ]; then
mount --bind /run/live/medium /mnt
# debian live nfs path is readonly, do a trick
# to make snapshots subdir readwrite
mount -v \${nfs_host}:/snapshots /run/live/medium/snapshots
mount \${nfs_host}:/snapshots /run/live/medium/snapshots
# reload mounts on systemd
systemctl daemon-reload
fi
# clearly specify the right working directory, used in the python script as os.getcwd()
cd /mnt
#pipenv run python /opt/workbench/workbench-script.py --config /mnt/settings.ini
# works meanwhile this project is vanilla python
python /opt/workbench/workbench-script.py --config /mnt/settings.ini
pipenv run python /opt/workbench/workbench-script.py --config /mnt/settings.ini
stty echo
set +x
@ -325,7 +302,7 @@ echo 'Install requirements'
# Install debian requirements
apt-get install -y --no-install-recommends \
sudo locales keyboard-configuration console-setup qrencode \
sudo locales \
python-is-python3 python3 python3-dev python3-pip pipenv \
dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null
@ -383,14 +360,8 @@ ${install_app_str}
# thanks src https://serverfault.com/questions/362903/how-do-you-set-a-locale-non-interactively-on-debian-ubuntu
export LANG=${LANG}
export LC_ALL=${LANG}
echo "${MYLOCALE}" > /etc/locale.gen
# Generate the locale
locale-gen
# feeds /etc/default/locale for the shell env var
update-locale LANG=${LANG} LC_ALL=${LANG}
# this is a high level command that does locale-gen and update-locale altogether
# but it is too interactive
#dpkg-reconfigure --frontend=noninteractive locales
dpkg-reconfigure --frontend=noninteractive locales
# DEBUG
locale -a
@ -416,9 +387,6 @@ apt-get install -y --no-install-recommends \
< /dev/null
${chroot_netdns_conf_str}
CUSTOM_LANG=${CUSTOM_LANG}
${chroot_kbd_conf_str}
chroot_kbd_conf
# Set up root user
# this is the root password
@ -438,19 +406,7 @@ CHROOT
}
prepare_chroot_env() {
CUSTOM_LANG="${CUSTOM_LANG:-es}"
case "${CUSTOM_LANG}" in
es)
export LANG="es_ES.UTF-8"
export MYLOCALE="${LANG} UTF-8"
;;
en)
export LANG="en_US.UTF-8"
;;
*)
echo "ERROR: CUSTOM_LANG not supported. Available: es"
exit 1
esac
LANG="${CUSTOM_LANG:-es_ES.UTF-8}"
# version of debian the bootstrap is going to build
# if no VERSION_CODENAME is specified we assume that the bootstrap is going to
# be build with the same version of debian being executed because some files
@ -474,7 +430,6 @@ prepare_chroot_env() {
prepare_app
}
# thanks https://willhaley.com/blog/custom-debian-live-environment/
install_requirements() {
# Install requirements

Binary file not shown.

View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-08 18:25+0100\n"
"POT-Creation-Date: 2024-10-15 21:15+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -17,19 +17,19 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: workbench-script.py:49 workbench-script.py:54
#: workbench-script.py:48 workbench-script.py:53
msgid "Running command `%s`"
msgstr "Ejecutando comando `%s`"
#: workbench-script.py:279
#: workbench-script.py:284
msgid "Created snapshots directory at '%s'"
msgstr "Creado directorio de snapshots en '%s'"
#: workbench-script.py:282
#: workbench-script.py:287
msgid "Snapshot written in path '%s'"
msgstr "Snapshot escrito en ruta '%s'"
#: workbench-script.py:285
#: workbench-script.py:290
msgid ""
"Attempting to save file in actual path. Reason: Failed to write in snapshots "
"directory:\n"
@ -39,11 +39,11 @@ msgstr ""
"escribir en el directorio de snapshots:\n"
" %s."
#: workbench-script.py:292
#: workbench-script.py:297
msgid "Snapshot written in fallback path '%s'"
msgstr "Snapshot escrito en ruta alternativa '%s'"
#: workbench-script.py:294
#: workbench-script.py:299
msgid ""
"Could not save snapshot locally. Reason: Failed to write in fallback path:\n"
" %s"
@ -52,53 +52,49 @@ msgstr ""
"alternativa:\n"
" %s"
#: workbench-script.py:317
#: workbench-script.py:316
msgid "Snapshot successfully sent to '%s'"
msgstr "Snapshot enviado con éxito a '%s'"
#: workbench-script.py:335
msgid "Snapshot %s could not be sent to URL '%s'"
msgstr "Snapshot %s no se pudo enviar a la URL '%s'"
#: workbench-script.py:338
#: workbench-script.py:331
msgid ""
"Snapshot %s not remotely sent to URL '%s'. Do you have internet? Is your "
"server up & running? Is the url token authorized?\n"
"Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server "
"up & running? Is the url token authorized?\n"
" %s"
msgstr ""
"Snapshot %s no enviado remotamente a la URL '%s'. Tienes internet? Está el "
"Snapshot no enviado remotamente a la URL '%s'. Tienes internet? Está el "
"servidor en marcha? Está autorizado el url token?\n"
" %s"
#: workbench-script.py:350
#: workbench-script.py:342
msgid "Found config file in path: %s."
msgstr "Encontrado fichero de configuración en ruta: %s."
#: workbench-script.py:361
#: workbench-script.py:353
msgid "Config file '%s' not found. Using default values."
msgstr ""
"Fichero de configuración '%s' no encontrado. Utilizando valores por defecto."
#: workbench-script.py:379
#: workbench-script.py:373
msgid "workbench-script.py [-h] [--config CONFIG]"
msgstr ""
#: workbench-script.py:380
#: workbench-script.py:374
msgid "Optional config loader for workbench."
msgstr "Cargador opcional de configuración para workbench"
#: workbench-script.py:383
#: workbench-script.py:377
msgid ""
"path to the config file. Defaults to 'settings.ini' in the current directory."
msgstr ""
"ruta al fichero de configuración. Por defecto es 'settings.ini' en el "
"directorio actual"
#: workbench-script.py:416
#: workbench-script.py:410
msgid "START"
msgstr "INICIO"
#: workbench-script.py:430
#: workbench-script.py:423
msgid ""
"This script must be run as root. Collected data will be incomplete or "
"unusable"
@ -106,6 +102,6 @@ msgstr ""
"Es conveniente que este script sea ejecutado como administrador (root). Los "
"datos recopilados serán incompletos o no usables."
#: workbench-script.py:448
#: workbench-script.py:441
msgid "END"
msgstr "FIN"

View File

@ -37,7 +37,7 @@ backup_file() {
if [ -f "${target}" ]; then
if ! grep -q 'we should do a backup' "${target}"; then
${SUDO} cp -v -a "${target}" "${target}-bak_${ts}"
${SUDO} cp -a "${target}" "${target}-bak_${ts}"
fi
fi
}
@ -69,14 +69,14 @@ END
# reload nfs exports
${SUDO} exportfs -vra
if [ ! -f ./settings.ini ]; then
cp -v ./settings.ini.example ./settings.ini
echo "WARNING: settings.ini was not there, settings.ini.example was copied, this only happens once"
fi
if [ ! -f "${nfs_path}/settings.ini" ]; then
${SUDO} cp -v settings.ini "${nfs_path}/settings.ini"
echo "WARNING: ${nfs_path}/settings.ini was not there, ./settings.ini was copied, this only happens once"
if [ -f "settings.ini" ]; then
${SUDO} cp settings.ini "${nfs_path}/settings.ini"
else
echo "ERROR: $(pwd)/settings.ini does not exist yet, cannot read config from there. You can take inspiration with file $(pwd)/settings.ini.example"
exit 1
fi
fi
}
@ -93,7 +93,6 @@ pxe-service=x86PC,"Network Boot",pxelinux
enable-tftp
tftp-root=${tftp_path}
END
sudo systemctl restart dnsmasq || true
}
install_netboot() {
@ -111,12 +110,8 @@ install_netboot() {
${SUDO} cp -fv "${PXE_DIR}/../iso/staging/live/vmlinuz" "${tftp_path}/"
${SUDO} cp -fv "${PXE_DIR}/../iso/staging/live/initrd" "${tftp_path}/"
${SUDO} cp -v /usr/lib/syslinux/memdisk "${tftp_path}/"
${SUDO} cp -v /usr/lib/syslinux/modules/bios/* "${tftp_path}/"
if [ ! -f ./pxe-menu.cfg ]; then
${SUDO} cp -v ./pxe-menu.cfg.example pxe-menu.cfg
echo "WARNING: pxe-menu.cfg was not there, pxe-menu.cfg.example was copied, this only happens once"
fi
${SUDO} cp /usr/lib/syslinux/memdisk "${tftp_path}/"
${SUDO} cp /usr/lib/syslinux/modules/bios/* "${tftp_path}/"
envsubst < ./pxe-menu.cfg | ${SUDO} tee "${tftp_path}/pxelinux.cfg/default"
fi
@ -133,11 +128,11 @@ init_config() {
PXE_DIR="$(pwd)"
if [ ! -f ./.env ]; then
cp -v ./.env.example ./.env
echo "WARNING: .env was not there, .env.example was copied, this only happens once"
if [ -f ./.env ]; then
. ./.env
else
echo "PXE: WARNING: $(pwd)/.env does not exist yet, cannot read config from there. You can take inspiration with file $(pwd)/.env.example"
fi
. ./.env
VERSION_CODENAME="${VERSION_CODENAME:-bookworm}"
tftp_path="${tftp_path:-/srv/pxe-tftp}"
# vars used in envsubst require to be exported:

View File

@ -1,10 +1,9 @@
[settings]
url = http://localhost:8000/api/v1/snapshot/
#url = https://demo.ereuse.org/api/v1/snapshot/
# sample token that works with default deployment such as the previous two urls
token = 5018dd65-9abd-4a62-8896-80f34ac66150
url = http://localhost:8000/api/snapshot/
token = '1234'
# wb_sign_token = "27de6ad7-cee2-4fe8-84d4-c7eea9c969c8"
# url_wallet = "http://localhost"
# path = /path/to/save
# device = your_device_name
# # erase = basic
# legacy = True
# legacy = true

View File

@ -13,22 +13,39 @@ import gettext
import locale
import logging
from pathlib import Path
from string import Template
from datetime import datetime
BASE_DIR = Path(__file__).resolve().parent
SNAPSHOT_BASE = {
'timestamp': str(datetime.now()),
'type': 'Snapshot',
'uuid': str(uuid.uuid4()),
'software': "workbench-script",
'version': "0.0.1",
'token_hash': "",
'data': {},
'erase': []
}
## Legacy Functions ##
def convert_to_legacy_snapshot(snapshot):
snapshot["sid"] = str(uuid.uuid4()).split("-")[0]
snapshot["sid"] = str(uuid.uuid4()).split("-")[1]
snapshot["software"] = "workbench-script"
snapshot["version"] = "dev"
snapshot["schema_api"] = "1.0.0"
snapshot["settings_version"] = "No Settings Version (NaN)"
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
snapshot["data"]["smart"] = snapshot["data"]["disks"]
snapshot["data"]["lshw"] = json.loads(snapshot["data"]["lshw"])
snapshot["data"].pop("disks")
snapshot.pop("erase")
snapshot.pop("token_hash")
## End Legacy Functions ##
@ -59,15 +76,14 @@ def exec_cmd_erase(cmd):
## End Utility functions ##
SNAPSHOT_BASE = {
'timestamp': str(datetime.now()),
'type': 'Snapshot',
'uuid': str(uuid.uuid4()),
'software': "workbench-script",
'version': "0.0.1",
'data': {},
'erase': []
}
def convert_to_credential(snapshot):
snapshot["data"] = json.dumps(snapshot["data"])
file_path = os.path.join(BASE_DIR, "templates", "snapshot.json")
with open(file_path) as f:
ff = f.read()
template = Template(ff)
cred = template.substitute(**snapshot)
return cred
## Command Functions ##
@ -266,20 +282,20 @@ def gen_snapshot(all_disks):
return snapshot
def save_snapshot_in_disk(snapshot, path):
def save_snapshot_in_disk(snapshot, path, snap_uuid):
snapshot_path = os.path.join(path, 'snapshots')
filename = "{}/{}_{}.json".format(
snapshot_path,
datetime.now().strftime("%Y%m%d-%H_%M_%S"),
snapshot['uuid'])
snap_uuid)
try:
if not os.path.exists(snapshot_path):
os.makedirs(snapshot_path)
logger.info(_("Created snapshots directory at '%s'"), snapshot_path)
with open(filename, "w") as f:
f.write(json.dumps(snapshot))
f.write(snapshot)
logger.info(_("Snapshot written in path '%s'"), filename)
except Exception as e:
try:
@ -287,21 +303,48 @@ def save_snapshot_in_disk(snapshot, path):
fallback_filename = "{}/{}_{}.json".format(
path,
datetime.now().strftime("%Y%m%d-%H_%M_%S"),
snapshot['uuid'])
snap_uuid)
with open(fallback_filename, "w") as f:
f.write(json.dumps(snapshot))
f.write(snapshot)
logger.warning(_("Snapshot written in fallback path '%s'"), fallback_filename)
except Exception as e:
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
def send_to_sign_credential(cred, token, url):
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
try:
data = json.dumps(cred).encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response:
status_code = response.getcode()
#response_text = response.read().decode('utf-8')
if 200 <= status_code < 300:
logger.info(_("Credential successfully signed"))
else:
logger.error(_("Credential cannot signed in '%s'"), url)
except Exception as e:
logger.error(_("Credential not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
# TODO sanitize url, if url is like this, it fails
# url = 'http://127.0.0.1:8000/api/snapshot/'
def send_snapshot_to_devicehub(snapshot, token, url, legacy):
def send_snapshot_to_devicehub(snapshot, token, url):
url_components = urllib.parse.urlparse(url)
ev_path = "evidence/{}".format(snapshot["uuid"])
components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
components = (url_components.schema, url_components.netloc, ev_path, '', '', '')
ev_url = urllib.parse.urlunparse(components)
# apt install qrencode
qr = "echo {} | qrencode -t ANSI".format(ev_url)
print(exec_cmd(qr))
print(ev_url)
headers = {
"Authorization": f"Bearer {token}",
@ -312,38 +355,15 @@ def send_snapshot_to_devicehub(snapshot, token, url, legacy):
request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response:
status_code = response.getcode()
response_text = response.read().decode('utf-8')
#response_text = response.read().decode('utf-8')
if 200 <= status_code < 300:
logger.info(_("Snapshot successfully sent to '%s'"), url)
if legacy:
try:
response = json.loads(response_text)
public_url = response.get('public_url')
dhid = response.get('dhid')
if public_url:
# apt install qrencode
qr = "echo {} | qrencode -t ANSI".format(public_url)
print(exec_cmd(qr))
print("url: {}".format(public_url))
if dhid:
print("dhid: {}".format(dhid))
except Exception:
logger.error(response_text)
else:
qr = "echo {} | qrencode -t ANSI".format(ev_url)
print(exec_cmd(qr))
print(f"url: {ev_url}")
else:
logger.error(_("Snapshot %s could not be sent to URL '%s'"), snapshot["uuid"], url)
# TODO review all the try-except thing here; maybe the try inside legacy does not make sense anymore
except urllib.error.HTTPError as e:
error_details = e.read().decode('utf-8') # Get the error response body
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"),
snapshot["uuid"], url, error_details)
logger.error(_("Snapshot cannot sent to '%s'"), url)
except Exception as e:
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), snapshot["uuid"], url, e)
logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
def load_config(config_file="settings.ini"):
@ -365,6 +385,8 @@ def load_config(config_file="settings.ini"):
device = config.get('settings', 'device', fallback=None)
erase = config.get('settings', 'erase', fallback=None)
legacy = config.get('settings', 'legacy', fallback=None)
url_wallet = config.get('settings', 'url_wallet', fallback=None)
wb_sign_token = config.get('settings', 'wb_sign_token', fallback=None)
else:
logger.error(_("Config file '%s' not found. Using default values."), config_file)
path = os.path.join(os.getcwd())
@ -376,7 +398,9 @@ def load_config(config_file="settings.ini"):
'token': token,
'device': device,
'erase': erase,
'legacy': legacy
'legacy': legacy,
'wb_sign_token': wb_sign_token,
'url_wallet': url_wallet
}
def parse_args():
@ -430,7 +454,6 @@ def main():
config_file = args.config
config = load_config(config_file)
legacy = config.get("legacy")
# TODO show warning if non root, means data is not complete
# if annotate as potentially invalid snapshot (pending the new API to be done)
@ -439,19 +462,33 @@ def main():
all_disks = get_disks()
snapshot = gen_snapshot(all_disks)
snap_uuid = snapshot["uuid"]
if config['erase'] and config['device'] and not config.get("legacy"):
snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
elif config['erase'] and not config.get("legacy"):
snapshot['erase'] = gen_erase(all_disks, config['erase'])
if legacy:
convert_to_legacy_snapshot(snapshot)
save_snapshot_in_disk(snapshot, config['path'])
if config.get("wb_sign_token"):
tk = config.get("wb_sign_token").encode("utf8")
snapshot["token_hash"] = hashlib.hash256(tk).hexdigest()
if config.get("legacy"):
convert_to_legacy_snapshot(snapshot)
snapshot = json.dumps(snapshot)
else:
snapshot = convert_to_credential(snapshot)
url_wallet = config.get("url_wallet")
wb_sign_token = config.get("wb_sign_token")
if url_wallet and wb_sign_token:
snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
if config['url']:
send_snapshot_to_devicehub(snapshot, config['token'], config['url'], legacy)
send_snapshot_to_devicehub(snapshot, config['token'], config['url'])
logger.info(_("END"))