add inxi and verifiable credential functionality #8

Merged
pedro merged 19 commits from issue_5__vcs_and_inxi into main 2024-12-17 10:07:51 +00:00
Showing only changes of commit b4e18e52da - Show all commits

View file

@ -21,7 +21,7 @@ SNAPSHOT_BASE = {
'uuid': str(uuid.uuid4()), 'uuid': str(uuid.uuid4()),
'software': "workbench-script", 'software': "workbench-script",
'version': "0.0.1", 'version': "0.0.1",
'token_hash': "", 'operator_id': "",
'data': {}, 'data': {},
'erase': [] 'erase': []
} }
@ -87,11 +87,11 @@ def convert_to_legacy_snapshot(snapshot):
snapshot["schema_api"] = "1.0.0" snapshot["schema_api"] = "1.0.0"
snapshot["settings_version"] = "No Settings Version (NaN)" snapshot["settings_version"] = "No Settings Version (NaN)"
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T") snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
snapshot["data"]["smart"] = snapshot["data"]["disks"] snapshot["data"]["smart"] = snapshot["data"]["smartctl"]
snapshot["data"].pop("disks") snapshot["data"].pop("smartctl")
snapshot["data"].pop("inxi") snapshot["data"].pop("inxi")
snapshot.pop("operator_id")
snapshot.pop("erase") snapshot.pop("erase")
snapshot.pop("token_hash")
lshw = 'sudo lshw -xml' lshw = 'sudo lshw -xml'
hwinfo = 'sudo hwinfo --reallyall' hwinfo = 'sudo hwinfo --reallyall'
@ -274,7 +274,7 @@ def smartctl(all_disks, disk=None):
data = exec_smart(disk['name']) data = exec_smart(disk['name'])
data_list.append(data) data_list.append(data)
return data_list return json.dumps(data_list)
## End Command Functions ## ## End Command Functions ##
@ -286,7 +286,7 @@ def get_data(all_disks):
inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print" inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print"
data = { data = {
'disks': smartctl(all_disks), 'smartctl': smartctl(all_disks),
'dmidecode': exec_cmd(dmidecode), 'dmidecode': exec_cmd(dmidecode),
'inxi': exec_cmd(inxi) 'inxi': exec_cmd(inxi)
} }
@ -329,35 +329,53 @@ def save_snapshot_in_disk(snapshot, path, snap_uuid):
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e) logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
def send_to_sign_credential(cred, token, url): def send_to_sign_credential(snapshot, token, url):
headers = { headers = {
"Authorization": f"Bearer {token}", "Authorization": f"Bearer {token}",
"Content-Type": "application/json" "Content-Type": "application/json"
} }
try: try:
cred = {
"type": "DeviceSnapshotV1",
"save": False,
"data": {
"operator_id": snapshot["operator_id"],
"dmidecode": snapshot["data"]["dmidecode"],
"inxi": snapshot["data"]["inxi"],
"smartctl": snapshot["data"]["smartctl"],
"uuid": snapshot["uuid"],
}
}
data = json.dumps(cred).encode('utf-8') data = json.dumps(cred).encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers) request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response: with urllib.request.urlopen(request) as response:
status_code = response.getcode() status_code = response.getcode()
#response_text = response.read().decode('utf-8') response_text = response.read().decode('utf-8')
if 200 <= status_code < 300: if 200 <= status_code < 300:
logger.info(_("Credential successfully signed")) logger.info(_("Credential successfully signed"))
res = json.loads(response_text)
if res.get("status") == "success" and res.get("data"):
return res["data"]
return snapshot
else: else:
logger.error(_("Credential cannot signed in '%s'"), url) logger.error(_("Credential cannot signed in '%s'"), url)
return snapshot
except Exception as e: except Exception as e:
logger.error(_("Credential not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e) logger.error(_("Credential not remotely builded to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
return json.dumps(snapshot)
# TODO sanitize url, if url is like this, it fails # TODO sanitize url, if url is like this, it fails
# url = 'http://127.0.0.1:8000/api/snapshot/' # url = 'http://127.0.0.1:8000/api/snapshot/'
def send_snapshot_to_devicehub(snapshot, token, url): def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid):
url_components = urllib.parse.urlparse(url) url_components = urllib.parse.urlparse(url)
ev_path = "evidence/{}".format(snapshot["uuid"]) ev_path = f"evidence/{ev_uuid}"
components = (url_components.schema, url_components.netloc, ev_path, '', '', '') components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
ev_url = urllib.parse.urlunparse(components) ev_url = urllib.parse.urlunparse(components)
# apt install qrencode # apt install qrencode
qr = "echo {} | qrencode -t ANSI".format(ev_url) qr = "echo {} | qrencode -t ANSI".format(ev_url)
@ -369,7 +387,7 @@ def send_snapshot_to_devicehub(snapshot, token, url):
"Content-Type": "application/json" "Content-Type": "application/json"
} }
try: try:
data = json.dumps(snapshot).encode('utf-8') data = snapshot.encode('utf-8')
request = urllib.request.Request(url, data=data, headers=headers) request = urllib.request.Request(url, data=data, headers=headers)
with urllib.request.urlopen(request) as response: with urllib.request.urlopen(request) as response:
status_code = response.getcode() status_code = response.getcode()
@ -515,18 +533,17 @@ def main():
if wb_sign_token: if wb_sign_token:
tk = wb_sign_token.encode("utf8") tk = wb_sign_token.encode("utf8")
snapshot["token_hash"] = hashlib.hash256(tk).hexdigest() snapshot["operator_id"] = hashlib.sha3_256(tk).hexdigest()
if url_wallet and wb_sign_token: if url_wallet and wb_sign_token:
snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet) snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
else: else:
snapshot = json.dumps(snapshot) snapshot = json.dumps(snapshot)
save_snapshot_in_disk(snapshot, config['path'], snap_uuid) save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
if config['url']: if config['url']:
send_snapshot_to_devicehub(snapshot, config['token'], config['url']) send_snapshot_to_devicehub(snapshot, config['token'], config['url'], snap_uuid)
logger.info(_("END")) logger.info(_("END"))