ereuse/workbench-script
9
0
Fork 0
Code Issues 3 Pull requests 1 Packages Projects Releases Wiki Activity

163-10-158-small-fixes #12

Open
sergiogimenez wants to merge 3 commits from 163-10-158-small-fixes into main
pull from: 163-10-158-small-fixes
merge into: ereuse:main
Conversation 0 Commits 3 Files changed 4 +118 -37
4 changed files with 118 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Makefile
View file

@ -22,7 +22,13 @@ install_dependencies:
boot_iso: boot_iso:
sudo qemu-system-x86_64 \ sudo qemu-system-x86_64 \
-enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \ -enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \
-drive format=raw,file=iso/workbench_production.iso,cache=none,if=virtio -drive format=raw,file=$(ISO_FILE),cache=none,if=virtio
boot_iso_from_usb:
sudo qemu-system-x86_64 \
-enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \
-drive format=raw,file=$(USB_DEVICE),cache=none,if=virtio
# src https://www.ubuntubuzz.com/2021/04/how-to-boot-uefi-on-qemu.html # src https://www.ubuntubuzz.com/2021/04/how-to-boot-uefi-on-qemu.html
# needs `sudo apt-get install ovmf` # needs `sudo apt-get install ovmf`
@ -30,18 +36,16 @@ boot_iso_uefi:
sudo qemu-system-x86_64 \ sudo qemu-system-x86_64 \
-bios /usr/share/ovmf/OVMF.fd \ -bios /usr/share/ovmf/OVMF.fd \
-enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \ -enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \
-drive format=raw,file=deploy/iso/WORKBENCH_debug.iso,cache=none,if=virtio -drive format=raw,file=$(ISO_FILE),cache=none,if=virtio
boot_iso_uefi_secureboot: boot_iso_uefi_secureboot:
# For ovmf 2020.08-1, the change of boot order is usually necessary because the UEFI shell has the highest boot priority in OVMF_VARS*.ms.fd.
sudo cp /usr/share/OVMF/OVMF_VARS_4M.ms.fd /tmp/efivars_4M.fd sudo cp /usr/share/OVMF/OVMF_VARS_4M.ms.fd /tmp/efivars_4M.fd
# src https://wiki.debian.org/SecureBoot/VirtualMachine
sudo qemu-system-x86_64 \ sudo qemu-system-x86_64 \
-machine q35,smm=on -global driver=cfi.pflash01,property=secure,value=on \ -machine q35,smm=on -global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd,readonly=on \ -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=/tmp/efivars_4M.fd \ -drive if=pflash,format=raw,unit=1,file=/tmp/efivars_4M.fd \
-enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \ -enable-kvm -m 2G -vga qxl -netdev user,id=wan -device virtio-net,netdev=wan,id=nic1 \
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \ -drive file=$(ISO_FILE),cache=none,if=virtio,format=raw,index=0,media=disk \
-boot menu=on -boot menu=on
# when you change something, you need to refresh it this way # when you change something, you need to refresh it this way

70
README-es.md
View file

@ -40,8 +40,72 @@ Se puede especificar un fichero de configuración con el argumento `--config`, y
workbench-script trata de ser simple y minimalista, una función principal y funciones de soporte la lectura de las diferentes funcionalidades. workbench-script trata de ser simple y minimalista, una función principal y funciones de soporte la lectura de las diferentes funcionalidades.
## Generar ISO para el USB ## Generar una ISO para el USB
Para generar la iso y preparar un usb que arranque con workbench necesitas generarte una workbench de este, con tu configuración específica Para crear una imagen ISO y preparar un USB que arranque con Workbench, primero debes generar una versión personalizada de Workbench con tu configuración específica. Como mínimo, necesitas un archivo `settings.ini` que contenga la URL de tu instancia de DeviceHub y el token de acceso.
Existen dos métodos para generar la ISO:
### 1. Usando Docker (Método recomendado)
Este método es el más sencillo y compatible con cualquier sistema operativo (incluyendo Windows y macOS). Solo necesitas tener Docker instalado en tu máquina.
Una vez instalado Docker, ejecuta el siguiente comando en la terminal:
```bash
docker compose up
```
Este comando creará un contenedor de Docker con el script de Workbench y generará una ISO que incluirá tanto el script como el archivo `settings.ini` de tu directorio. La ISO resultante se guardará en:
```bash
iso/workbench_debug.iso
```
### 2. Generando la ISO directamente en tu máquina
Si prefieres generar la ISO sin Docker, puedes hacerlo manualmente ejecutando el script `deploy-workbench.sh`. Para ello, primero debes instalar las dependencias necesarias con el siguiente script:
```bash
install-dependencies.sh
```
Luego, ejecuta:
```bash
deploy-workbench.sh
```
Este proceso generará la ISO en el directorio `iso/workbench_debug.iso`.
> [!NOTE]
> Se ha detectado que `deploy-workbench.sh` no funciona correctamente en distribuciones basadas en Ubuntu 24.04.
## Testear la ISO Generada (Solo para linux)
Para testear la ISO Generada, se proveé un Makefile. Este Makefile proporciona comandos para desplegar el sistema Workbench, gestionar dependencias y arrancar imágenes ISO con QEMU.
Antes de usar el `Makefile`, instala las dependencias necesarias:
```bash
make install_dependencies
```
### Arranque de Imágenes ISO
```bash
make boot_iso ISO_FILE=iso/workbench_production.iso
```
O bien:
```bash
make boot_iso ISO_FILE=iso/workbench_debug.iso
```
También es posible arrancar desde un live USB:
```bash
make boot_iso_from_usb USB_DEVICE=/dev/sda
```
Ejecuta `./deploy-workbench.sh`

2
docker-compose.yaml
View file

@ -1,4 +1,3 @@
services: services:
build-iso: build-iso:
init: true init: true
@ -8,6 +7,7 @@ services:
# uncomment next two lines to test this # uncomment next two lines to test this
environment: environment:
- DEBUG=true - DEBUG=true
- USER=root
volumes: volumes:
- .:/opt/workbench-script:ro - .:/opt/workbench-script:ro
- ./iso:/opt/workbench-script/iso:rw - ./iso:/opt/workbench-script/iso:rw

69
workbench-script.py
View file

@ -17,6 +17,7 @@ import locale
import logging import logging
from datetime import datetime from datetime import datetime
import time
SNAPSHOT_BASE = { SNAPSHOT_BASE = {
@ -31,7 +32,6 @@ SNAPSHOT_BASE = {
} }
## Utility Functions ## ## Utility Functions ##
def logs(f): def logs(f):
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
@ -364,7 +364,7 @@ def generate_qr_code(url, disable_qr):
# TODO sanitize url, if url is like this, it fails # TODO sanitize url, if url is like this, it fails
# url = 'http://127.0.0.1:8000/api/snapshot/' # url = 'http://127.0.0.1:8000/api/snapshot/'
def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy, disable_qr): def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy, disable_qr, max_retries=5):
url_components = urllib.parse.urlparse(url) url_components = urllib.parse.urlparse(url)
ev_path = f"evidence/{ev_uuid}" ev_path = f"evidence/{ev_uuid}"
components = (url_components.scheme, url_components.netloc, ev_path, '', '', '') components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
@ -374,35 +374,48 @@ def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy, disable_qr
"Authorization": f"Bearer {token}", "Authorization": f"Bearer {token}",
"Content-Type": "application/json" "Content-Type": "application/json"
} }
try:
data = snapshot.encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response:
status_code = response.getcode()
response_text = response.read().decode('utf-8')
if 200 <= status_code < 300: retries = 0
logger.info(_("Snapshot successfully sent to '%s'"), url) while retries < max_retries:
if legacy: try:
try: data = snapshot.encode('utf-8')
response = json.loads(response_text) request = urllib.request.Request(url, data=data, headers=headers)
public_url = response.get('public_url') with urllib.request.urlopen(request) as response:
dhid = response.get('dhid') status_code = response.getcode()
if public_url: response_text = response.read().decode('utf-8')
generate_qr_code(public_url, disable_qr)
print("url: {}".format(public_url)) if 200 <= status_code < 300:
if dhid: logger.info(_("Snapshot successfully sent to '%s'"), url)
print("dhid: {}".format(dhid)) if legacy:
except Exception: try:
logger.error(response_text) response = json.loads(response_text)
public_url = response.get('public_url')
dhid = response.get('dhid')
if public_url:
generate_qr_code(public_url, disable_qr)
print("url: {}".format(public_url))
if dhid:
print("dhid: {}".format(dhid))
except Exception:
logger.error(response_text)
else:
generate_qr_code(ev_url, disable_qr)
print("url: {}".format(ev_url))
return
else: else:
generate_qr_code(ev_url, disable_qr) logger.error(
print("url: {}".format(ev_url)) _("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"), ev_uuid, url, response_text)
else: except Exception as e:
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"), ev_uuid, url, response_text) logger.error(
_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
except Exception as e: retries += 1
logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e) if retries < max_retries:
logger.info(_("Retrying... (%d/%d)"), retries, max_retries)
time.sleep(5) # TODO arbitrary number of seconds.
logger.error(
_("Failed to send snapshot to URL '%s' after %d attempts"), url, max_retries)
def load_config(config_file="settings.ini"): def load_config(config_file="settings.ini"):