From 0ed49544bfa356470a0dfb418c43b04351b1f77e Mon Sep 17 00:00:00 2001
From: Kevin O'Gorman <kog@freedom.press>
Date: Sun, 21 Jul 2019 12:53:02 -0700
Subject: [PATCH 1/2] Refactored send-to-usb script as a python module

---
 MANIFEST.in                       |  12 ++
 build-requirements.txt            |   0
 changelog.md                      |   6 +
 files/application-x-sd-export.xml |   7 +
 files/sd-logo.png                 | Bin 0 -> 8606 bytes
 files/send-to-usb.desktop         |   5 +
 requirements.txt                  |   0
 securedrop_export/VERSION         |   1 +
 securedrop_export/__init__.py     |   0
 securedrop_export/entrypoint.py   |  23 +++
 securedrop_export/export.py       | 327 ++++++++++++++++++++++++++++++
 securedrop_export/main.py         |  37 ++++
 setup.py                          |  35 ++++
 test-requirements.txt             |   1 +
 tests/__init__.py                 |   0
 tests/test_export.py              | 171 ++++++++++++++++
 16 files changed, 625 insertions(+)
 create mode 100644 MANIFEST.in
 create mode 100644 build-requirements.txt
 create mode 100644 changelog.md
 create mode 100644 files/application-x-sd-export.xml
 create mode 100644 files/sd-logo.png
 create mode 100644 files/send-to-usb.desktop
 create mode 100644 requirements.txt
 create mode 100644 securedrop_export/VERSION
 create mode 100644 securedrop_export/__init__.py
 create mode 100755 securedrop_export/entrypoint.py
 create mode 100755 securedrop_export/export.py
 create mode 100755 securedrop_export/main.py
 create mode 100644 setup.py
 create mode 100644 test-requirements.txt
 create mode 100644 tests/__init__.py
 create mode 100644 tests/test_export.py

diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 000000000..8104f05fc
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,12 @@
+include LICENSE
+include README.md
+include securedrop_export/VERSION
+include changelog.md
+include build-requirements.txt
+include requirements.txt
+include securedrop_export/*.py
+include setup.py
+include files/send-to-usb.desktop
+include files/application-x-sd-export.xml
+include files/sd-logo.png
+
diff --git a/build-requirements.txt b/build-requirements.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/changelog.md b/changelog.md
new file mode 100644
index 000000000..02c74ef5a
--- /dev/null
+++ b/changelog.md
@@ -0,0 +1,6 @@
+securedrop-export (0.1.1-1) unstable; urgency=medium
+
+  [ Freedom Of The Press Foundation ]
+  * Initial release 
+
+ -- SecureDrop Team <securedrop@freedom.press>  Thu, 18 Jul 2019 10:47:38 -0700
diff --git a/files/application-x-sd-export.xml b/files/application-x-sd-export.xml
new file mode 100644
index 000000000..9e36ef08b
--- /dev/null
+++ b/files/application-x-sd-export.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+  <mime-type type="application/x-sd-export">
+    <comment>Archive for transfering files from the SecureDrop workstation to an external USB device.</comment>
+    <glob pattern="*.sd-export"/>
+  </mime-type>
+</mime-info>
diff --git a/files/sd-logo.png b/files/sd-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..531cbf26c3426493616b7060338cc68d714bad1d
GIT binary patch
literal 8606
zcmZ`<cRX8P*pC@|REwf0G1`WjwNj&Y?NLQ+iBW3rRchBNYD5X@huW(eqX@NwP`g%8
zRIQ*^tNPx)|Gj^_pL}x9Cnxtj`}>^dJohFV>TA-|aL|B2AbM>rHDh2*0lsJ|O5n=K
zmG~MM$emU6R6wAHG}=ph3g9=dqn5EA2oxd+0!7AvK)-;g$nPMKzZeMg!wv+J&jo?l
zyz<+OV89=g4mz4@puhh<MIGgtzzo<=TTdOlO3Tf}0o9_`@B!$BYpbc427TQtuy~D_
z51xGyI22wXJv&@odWI}>&eV{k66^1Ggjif-4f+s5qDdSki-;yff%&M=R5l6qp!tl_
z^yCr29y=_9s+}XwGQ_fDHczLf)vWexvm+-yQ|4ZKTWDFkMAebglfMe`ZO(V^?VvNe
zuJ!{vkCj%kf^LJZPG<j(U%7FeFJQMKl}ICK&B>~}{%#a<pCIKQeR+T1Zt6$00BIQM
z`3-_&B+q!{TdYjv0qIQ}tZzWE963&ix&9MHP$ALhRuIqmb71zgXggYfGK}V&hOaTG
zaCN~J`}yX}O~bLHJ8FmvDm*35ex4Y1iv&;UOocXK9DQvs2ffuo5yo<EJ*L$Y_N+LV
z2FgPL8z8RBW1p*ilRF{i%e%DIYbleSQxI@mJkWUL=VN+;LcVd3KD|`D-364dJ3J*b
zYNK9X8s^A2YGN0B%PZ~ISJ_fxvWQf8JtPWGfSNPl;<f^r<nVXxQt!bW!FoK<JA_HD
z#khPboV|Z!Xu|YND3->N3O}dpOO<V_25FIDX9N~0V~-V*Z^KgKH>vBxD1uOjF&p*$
z*SH5B9bY&10M#1VE{G4tZN0@}ykudi(PfO;QbdgGQazWM66}BkC(Fb=pgal2k@nz^
z1PJoZWZ9o3B7Y~mKjtPfiRF{x2aAJAp|+H@-VXp9kdcgFm?j38iOF<%Z1u1lE((02
z>SV0?=HbF?`HY+F_vJ{@EdN*t5ON~%{CqfCbF?jg?AF}>5+N0pd}I#UJ}ic3OIPA<
zs{J8`(FS3uvA*u(vJ|Xu8F8eOAH;N7fD1hfPJ-n14eBRGhNcu28Bq<<gUV9@ohicC
zm)F@>Z^{EE4Q4y%D~T+neO2b~^3m_>^ILi{VstE%QWO64dTu2<B6O;n8Bmx9Teo3k
z#n7Ec-Au3EonkpyP%s7q=Q$!BeV(GZD6d^`4)b!H<@17P&Dtdu_UwWI1ST<y?`^4N
z&Ep>g^JX5+QYeRLs%F@QJbTp_EATFzy%CxQ|0d3?uzhfw(28T?$79F2UTz#?*&>r7
zC0@-pLX&(-RZ749H!0qJfm^TJ_5(yCNvXw*`_o%{mTZei)ufa)zeXnd>aYcE|DuO^
z;9H`|(mqSR8T3WC<Wtg8vA-&n-*~*PYCF4~pf%~C#GrR@V9BXBEBj)f)HD3&ddt$j
zH#s<t4)3eFu4cX)wL5FMyZhv#9)B{FUbYllwiK-~D}A_fs{pfdDSO{K6lqo500iUn
z-e)@xG$XfA#oImaKsmC578(pmBDj}(1vJeezY{V4El0N7hFR+Kztd4tmahrO41#tG
zEni59o|s;**0Z~{%6CagWI>am8Dlq@ptj0tImZbu>+Gm9^@u9ns!}D&6p(t47&&Ov
zDMiDv(5xz|79*}#@>~8e1Sd725W>cl@^OZbi{=<*5W&!;B(^_MX3N@xxwIm}Zsd7K
zmA?3?pm5{V4V<o#0fFM)nN`(yG<Dn9Xa2Fgspn>&r*ZZf1ESW>cn!Jv#K^mKF$iXJ
z-J;l${X?^$@6dInzfFaYjP#Kt3v0YbVFip)TjDMZ-AC%Z&j%aoe^T<P)GRxNVqPIF
zwKCM;ZVhb#Z*?~nQ=I5&X)9<4!J~!9sLIM9n4(qX+ti8G=^UkDx4KVJmBSqz<9DVc
zyC>gvh(hmr#YX4%9Ri@Kuqrq8826BAy~tF$U1-ZpmW6(}l>?zx_g^($YO(S_Xs>;V
zoz*HGTRnVFe(CYaMyAr|8Hqd{{<$({HT{=e>#GE47dceIss5*in@Y{hCRpjp_i8Qv
z1zjXmX~hs>q48v?#d?3akZo+mE+Bwm^22K+bK<2U8%Y;9O;bG``F)weAl*GEf-(Jg
zk=*Y|_Qq2I?T}fq<c7GuY>0~N?#9N>({zE9jb^av-5YczlV=>;)GL9+zYq%z#h>sW
z``YvA>az-Oni;15u!`m+57aPG1rdWE3coTpM3Y8B$XWh^&hsIM*0?qJW7)i4(UJFw
z^UA!kBHE1*0>_JsKO~!zTR<@KC7Ne=$tDl1-<VJ}GO`w3^pH_3WUQNwFLO1|j)mS6
ze)Y1lQur0^lP5+`vMPqyBVG_EZtnS%x!$@veYZU{^v$rqS4&Rybnl8<Ze>SN>fG@U
zV*`&je&MyAF8^vR@N(hvx%eVoYunNNbBfOE?p0R8M8H$^Y~+`1KeaveN%3R`*0l%x
zx4jR#pGO28|DNLXhj}oH=767`&3yA|wXkX#`{}ovc<hizS!0%IR;AHop*aZ`Zd4b(
z&c~6$j6(GtF!E|&E0Z(hECRWN#Q*uj+H9GWYHyaM^{Yq89RrWLbjqGSL0Z-b78|k`
z&YoEfm1H7cj5k8p16mJ5I?lsME;~WoX>4f&I4cP~2~^qAGoz~6*8&tz{EPkgM|*pr
ziniY?4pz4PzWe#nnG8tDOTqPMVyz!YxK%%|HiqswSPDkG0I74QeJ|Oe%z766s6ih{
zL9c?{@1*~XU3m?;1Bh2+mgMdc-F$LGszXm!HfnZf{Z0LGLiK)KM64<cbgYn{z}RTJ
zFd#-}+80~dCZ<aU1?-)U+(>_6_-EXYj=7JnB-)kZdz*%T*P{wkWuxnB6XYJ4Cj5oJ
zJZ0A7%ts9x9mV!}X(J}^#Q*MJQZj)Q-snid=_Tg<XC$lq<mCa?>t<zsG;p<7i(a45
zN=AgGrrM9YOR4iE$1F3y%`J1~!#!q13#pb&PDq<RvG=x5#3=squC;1QUFdG#C`i?A
z{)(tGFIjfsiR+sw8J}xht&rJqN6ZW%X2s~Dy<AAsoY}1h^6wYo4J5=hd71v3aJSDD
ztXyL);^oVN3;{s|Q5hHqa(YQgNuVD>n~&LmIE<_FzF2$GQ%rmx|5Hu-8hf0!f0uT#
zX^ENVLwZ)YLEI*RzSN_%xj)1yOV@*JQi?iWh}fbzaql}qKu5wP(?rdQ-%bTS`5H;l
z4DT{}($MD9ZVKa;X{3vruz%+B@?MUpug5m5xM(mspVgYd&eceGX0EPTEZO<-mxV9W
zn3Z|Tcle`clTt>ASaWDMZq|0=vQ_6iJOYaIS^SUA<h0Vc&Jf}22DX;*ZVzv1*9pqe
z>0UQG46%Ms69n_PuI~LUKjFQLaUG^&U&a-qV9tuq#F#0HeSx_ifhvFBn3>5L@^ngv
zBm(Bi!OagX6=gsY?Rc?M2zCpzae7*HGw)W@%LvBR*KA$*l!ZN?Z<Qt)F)T%9o+iRm
z@Ar9RISY?{3h#g6%683rU-?)feY0PuuJMBxciKQ`CBK2^)~Drn6I0Zbu=7u2<my)U
z+2hnpZu99hl`456<f@02$LA#USaN>wNz33<a%>#!Bd9S8lG(A<lYH8wllAXqq$_{x
zS&Gn4a#69uvx;+75f=So^k%a;Lz|K#<!mk9fBZKmX<MxJ*@*c?y9<UL#YQ!+1|9Nd
zj675grVVeYH$olRZ)HE_emzv%B=#be^L~fMUAZ*eMhFRBd^oOjVyeRQt<>AE<Ms_F
zR*A$WM&%wcI-0(RW@bFb!uzX-zuLg#`K^`gPv_hBN6R#dA)nOpX12rk*rya(U3w{W
ztb^otZv>cIgezBAVYg0L!btGgjJAjvC!KQhT9do8u9&nNtndNwXg7fzR-hkWu=E@t
zZCLw;_?wjc<?T0z3LUb>^U5E-%9nZ|T$_Jtb_R^dN4PLh-XlyX$S)|stE(0NvlLlB
z15=Z~To3wrqJ|`!@Ys1XO#ir4el(lGT&SZs%x9d7u9G&cwxPMe8M$}+cXK#t6fXdG
ziwvHH@QB;?KksJkT-Wi>)9YwIlg`kQ3wCjzC%WYIZ<?h}H^)zLO26zjoUMoWT3W?K
zYfZ|(xl2#e$B|N&icFzng_lJ4XVV+N-5fc)^G1R6L{*4Cn0vhAtusqMoJHAZoZ@8S
zOA7s{!I)CR4clXF4U20A64~B^Rl629a^L>sTNrL%94a;G<5<)`LRHg{w{YihM+&{!
zP}ZqQVeKDn8<iq7r9y2R`H(FY$Eqzp_nG;@>V|X+0OtR|gucd~t2QfwS^3YfS}BQS
znA%5F>SKs#k48$$2nTAHqs*0wCU#&(eNIw&I))Kr#xjN#Pd^6gkS(d^uZlaIRR~{B
z^K5llsi;t0s~EDDjr{)(|A~UXipV-ix#4r6J4?kHP>r*77t90do9nOqPtOXMzdomv
ziWr~!(MnZy!)*5HpeGUlprP<CJKHM1N2^21vy(v&IiZS&r=w=Qr_tJi?PGv7TM>Cc
zfc39k2E(}VT2?U+F;-1_&0nukzORLQB-?Mh?iM!);3Udi8#@~wM@Z^~ctriXKP-eA
z^Ba+D_mIrgy2NKtB#^_dLHfFjTJx8iO?=6Al=s{ihc+MN8r=6;FP+sYXH6TWnvqnN
zCWnr05|@1RzbMP4AT45q%BaXyKfv`gyZN=R#UTx$tUy=}df0>01{P)$!-(+grNOp|
zsXMGYfP<y>Ca%KE4Wk8nSkuk(t7dKandpjlIQ9Z?;>5X{FLa-a4Cj!@6Ovd5lEPU{
zVRpqv=IX6%H`jNb-mNOXgZ^<PjK}n3_O5BaEY{{rmj%L2&zBwck$L2MeY=oVOrJ4H
z7v4aOxGUO&CaEk9T=+2UT96FiZ-r#M;I<&AJM?Ae$|Lqdn$l(MZr{7RN==f6KVW+p
zyzqRh+p(Q$mfN@jzz7*RS#dc>_pc?NKI4M5q4o{5w%M7oiP(33RuqH-1>ri1hK#^f
ze{scid}EDif5>gTEx<QHt^k)inx}u(T)9qgeZaZ+=|naADUa87&kdWlQ=0U7_C|=K
zrPEoF(uc3NDyIccG#1kRSvh}J4DsfO{%4+_c8%^Aa2&wJXf%x;4GYS6)_ieq24B&|
zvAc5TRJP^j<~u#$7+60nYF_wm3HRIg$5x-UQ^{bCs%u3|>JC__C=Y}GxU?O<hmXmj
zSqY%*M6XEB*_`t^P0=PXp1vLbqy~Rq`LqFb*n?R7*6qUkcI;#+j=7lfa@>ZGxSaH7
zT}T{mPsL4ULW<st6=qq;tedfzo1GK#*@#jYAZIu}p!1Y1cxUt;RHXMX$ciWTt)2k|
zklyF+nSxPgnH5wEWQP}*(1I>CsQ7?WM08D9wo?g%EG_z3^T_55YbJ|tYII*CFZ)lQ
zh&$a`Nq5T1&>dNc?}VWu{T4R!TrN-lsNL&1#a>>4wnVK2&{_?s1v@uM&8j=xnDy&H
z-}aBM=Mzjm+8_RYm=90(-7wBWZ5!6z>^}a4SCfq#Sbw+dax1u2voXbvQHqJm`)W;k
zEm7)Xk#YfU@wJAPKo_JT5<0(o+-6~w;C<qgH@HjQ2({1CTre?ta`VZpYNKyjXXsrO
zu&TYNO{YE##aFmw=d2Jv;}OVX8FET!um@Cz{#RnvkuS(vpk{<P9G@Xs4F8;~r|E9~
zl^F9mGp1JmwN}}X^X%Nx{G-X;^2&VrAl=EHJu_|msL#nTEOAb%QeGDN`3-+j!!-Pn
zzCJUJ!Ry?&LOIsXp3bz^v-&3@I4Kb;(b$VAy4l*1Ox+QJ&z;nlec2^N4M;W;p>iiG
z16?E3y$oD+1EyWCyyOIJ;>Cf;W39X^nRC7Vzl^4qrAmJLh7GNMc~(~sFCi|cUSZCg
zV_njMQ7xamxijdP$NGvdQ&-n_?{VIRsoInU7hO^fOLYHLWLm}{Z4koAsYF+Q)bQ>;
zz{3c-YtOz;k>+YC+^7b7Ff@%jh6dbg$(FWz8Tt}mATREcmm=Tz&W}^B$LI&o+MPQR
z0H!icny%9-e3RID^Efm&Zq+4d_x(*&0pZ7nln$-<Wdxqdj=A~2fc9vJPK)*DLz?i{
z`s5ti8FTYvO&wW654(EZrJ`^f{f((+Ss$RZ>P89uo4M#j!?~r~fD%@B?efY>2n|Zu
z?Fy!x`=zp7Z+O|6{(4cyQ&djNpK)&vA_BeJtv_A#183MFM~bapJ|I7t4pTh)eM9j0
zCIC?<zKJL+zii|?;kymJT$4>krvaG3>biPck;18Z#c#iW(DdFrg0bO+s44pz)>Q17
z@w}c#b^`bgu*Kc1kh+hOa?HFODA^hB0vA3gx*Y-7$oLK$3Y{pHW8?5FB%mnZ*=e*`
zMg;`~5^;3J==J#Gg|}k=P96Fn{JmzO!r@?4NXh8Y55d3#q;U2r&qbaq&C1AY%Pz$y
zLL9EYgs@V20f7(h+&Ifk=|$<>2mJTYP!o!4e2o~o1J{TQ@7?^4r8-DeYpQ5y>l`ik
zee?A6F8_&O0lSoFPCKUCiP0>hcPOf6lrFZ1VZ!AlA|%}_=%`g@UB3ij@os6x0>A6C
zwNJUwj->mnmaViaJ~2?m(xlOQ&3CX-SF~ND**Jm@om!jt<6!^6#5tF51qEp_(=}&C
zZj0>k69zZV(8bQT_P$lh<@|Q(8xukoLaeT))9Mn<Sa(SOsTtZTpx|r7jR_aSIVK48
z*F9F$2@=pIQOFpwwRs5cCDSxefHguVwsR4_0Ht=72VL>CoT*WLGl{=l7rF0m$NH+h
z^Zxjt$$j&|`&l<^6g5rJw0r$WpTdGY*idWmTH<w^!mcyLawGVHfX9-JGk?2k`;s>o
z^rL<lXZIDhLs2PdOO!c9fYB-}Tm#C9*68RzidJy<bkZ(kP3YV5Vl?FStJIxbi<il<
zuvmDMenYdz!3_~=@Q}@xckm)<HlfetThora=Y|Ug{_wuu3%B&&fu0S`D5Pk!79<b5
z5l~q99srO};KeS2o-SoChzEh9v*w@4%1IC~`6lVMyX*eW&C<3JdR6^KXZPtn_fwh}
zanqA?ovr(RMI^<{&hY?X6uV@{#e`ujEG99JSb8&E8&T3U?QlQ&5IloDndRMmqnbCl
zd1!$wAe;nW>TG{yw<Y>kb5H>w5oQgzm|(nmqvnGSa_}G^npYT@(YfzT7x{B6O3ml`
zzAwDlefZQT@U2e;cEtV7&z_6@<;kJFbF@0WKzYUNsYL{l<>LcMNQSFJqUnL$ax|7d
z;Dh5oxGyf;erpl#Zt_Ku(AAMuVhSZ3hS-wlInEdsZA%+1)*TVAo_{>DxaND@yXG78
z=^fb?FH!i_BPlfEnPAWInBe>_$F$FO18H$BrXB4N@0{USTU?7~Fq6OW?98J9g@3I(
z%90`wx(5d@yzxuVh1&^Ub9BCE07TsLuD{7G$4|M-RmfCJDn+5Vu-=II=yJ==s{)$0
zt)j3Ah)0^{qGBp}n(WScK&aN}eR0l|rVf-q;X;wk!i#UtUE_zYye?3j!-H%59EJZZ
zVY(O!wV-%!_IURx&fQ5y3-EpKwU#Ax6jvC?rY<eEG)c{2XkUAjZd7BPLUy2<gg<3a
zhOdF#Wb)%5W7+R$a)VOica}Bvs1;t6CE~%gfxQ4my0jG@!lk<RNZ|7gMflr!Bm7PR
zgkf&z=&+U>-1*SL+`P<dT-{OIzH6~*^^QYc{Az=6&MVV<$Q~Axky18PN^jdKUWGP>
zWkiF;{rSe&w>&s-N^Pic#AMNlGqc7|-B1@`H4v9%L3(<=wQ@>%+<HDI0kqkMOG&36
zCngTLZhlD`8R@4yW^nX2yBAvK>f<5a9d=g&-S2~wFfz>w;u{4#-m&!jXkPm6#ut`V
zAceetqob=oPgHBCKAk5g1S2dRx}Le-9)o+@bnhu%1uM+Z>i}z?$Rr~2=I7bl+u=a$
zo8A?u9w3N^F0T$%+yr>);?-<-?>$rxK-mY#k4)oSMe}tcTuk^6!=wN1vdnF;Vnn7l
z1m$G#KmyoLjV!m6vnpbNlf`!20wgz?Y_bmG8$7bx6W3327ZwzHY1R2=ZLJm3U37+8
zxNr*rTOZK*(F?hxFcDi8xi^hz)%d&v0*(Nuy*I-d#0)GyZ96^MQF9!UyyYDtGWjS%
zw7|e;`_U^e^WEczJL&8IB%c2Gu<%P6nV5MtY0hUI{(;N|J$gy`dwSTB$R4LsKG|)g
zNvH4E)+RDZYBN@-<F#S@s$$656E$;xQfg@9?7QFSw&wJpo;kYqk0ggqV@H9bB*xpt
zjZp1ZCI?em5;a$p*<xJ>wtOci`LJ&rAD}wB`%i#0O804cjh!WXU<Vno`YF;`2Wzsj
zqU6gMfJxi=YF%GzjS}KOsTrj%OXz**kZuWf%d)JIuFvwbV=*f=cJOpgsz425%OS<>
z()B@6=Fp)Tr_`Fue!Co5jYeIdw-HhgS&I(rzIIXEHwv$U)_E}Wg~IBotITS=b~ev|
z-9{qE2J!3}WiUJO{1VuPw4mr+ks$*NG$Zk5t&O&1;VXtx+H9!Khh_$u72Aygj9Ew;
z3x{d+medl$-&sMkp&sWBdGLY%BS`UuU8MElVLBA|>FDT-SDtvlWb9sngi^?h*prlk
zViGb{-IzY+g;ZIGc8n^7LkMLFfr-mq4;p*93m@WLVPx%FQw-!m0M*-n%P#(DhYSbu
z@tq+V5R|?qf8m0iXW&~csER~0aV_jreAot=jg#JgICA6_oN3uX?FHQ`Pjwv<8JubU
z=u+R(qz=hOh)NrXNga}+Z&x_WRm=nv#Rj4`VAFrr4=y7<`R93%p#$300~}+Q3iKQf
z<uZJa$)j%vk>Jy(d^KkBU{+(^2llCtH@>08y&d)@L0@YGIo%lN=f_wKM$&;gi%Hhf
z{}?*#VPjg=9MsY_1Z?V$OEWR8XfL7atIvNJ=az>vwaOBOOwRu}mq_*+AwGX``CwtO
zw6-5j7rS;f$ibO{;OyphX)<!&ShfBr)6~25rI*Duto)N?@9}ppw(9mXnYpE^Q<zlA
zZj5we&8^V!laQ1waNyjqv-a31<3|0GEH18e`ilkL-FM3-u3+hL9c?zua{W^^=~)yt
z_F<d$j~<hSgIgbUfTYzAR=O|k(OA`js&+wrY&P*RW~*i;cG861Jf|a8Vg0evmG^!q
zxd;B;|Gi{FOAEjxD)m!xG{WN1qyj>QX0f$hC8A2Jd_7mxoP(%JSRwtZPB9btg8C9n
zuqNEYKCwfXwMHKsBPYxtIn4bvCUcn@KW8Ne5wwe)Ik&f}vt8xASk5_!*1U}7KMIsC
zJV7%+Q^*2*ML|4>!jsvOimrl!?r!k?o|d?{r1V`nHWr-?;>7P=g<Oo1Vh%iB5A7AZ
zrn;hLNIb~8D8j&lpc$pV0|%txRpp|v&3~jQuPn~`Y<I5|8IyN|<vRH9_mNKfXtU!@
zl19|tz5g+h_9^)hP@uC5UW{G~+<#t=p5L3le+!gEvPjm+@CjV~1)Nkfki8gATm)aa
zp1ti#Zt*X0?5(P~O5MtwY#J$zIkbB6L{s4sVbLQd^6?{Xv9+uF>o10y?9J=ux`f+A
zg{2i-WH39>ORJgmTNSVE{4;ioPzYKfjktNPfQ9kL4M^$Hv@g6#3VnDVKjPl&z16aZ
zn_sH(+Oh$9rXn0EA5H8UB5(9M|Mn-4*um(tmvhl4OLd)p7!tCkaa2Ky;E{*;P_Bi+
zcDx2q&v}Q!5He=q;Xo+v+i<B&OW1Zwlt*|r(%VB^Mfm&r>SMHJ$8=S9a>#HbJz)Xs
zNfsD67T@i#(^?0#SU7`jH0b_?zGgpxVpYznRam~+tB`?>Ca!+JFQ*#3&8lEaw!9^0
zx1F;6Ua5mN4SY^TiZ&pdFv1UuN$I+9{imm9v9Us;MEYSXwr>XeJ#h7ql!xp}lt^tC
zFeNFKpnp?J0sBJZ`erBNhcud`n&MuZs4Pg4u#R0JTP7*fkTN3Mexqyx>I7eM68@6Z
zsMt41PrY^LfsqjE_y`xA%I7hH&xARAT^?g!fIDd}d5WmTpmu~@GsSQsc~l`~M8|LE
z?{j6(5;#m;DzSe-5iIA9MGT(-SsKcY!-+9bh3abP!bfU+1J6c^Do9==BtZYt&c(0)
zs|~A3eiKmS5e&@1R}y?+pZtFEJb7XlbNU7&Q~IX4eS`nI*l5KdC#I@uzy=!Com~9!
zs*~hb_xTzx75U=jn9bc&{`)!wHXuKz=r#VspU{RM+%R;p#1`H*Q(YlDB_IG@zFb4{
zz`WIv7f+*R*^85yxWFltmlW^DjtV26v(p1jCY#wfZrHWg<PprkvsX%fA7*)Sj$1~p
ze>jMtRAf_Hz?qB6#r>o^Q)9R6uY^|$%Zr&!t>SGEhKch13PmHVds5=D91RCNoCx)?
zQ|TC?Zl%&BPa#=U-<9tISFekiyUShUfLjM4Vtk3TRJ1=RQs>o!dd71TSZ=R?IupHc
zDE%1V7+Bme4aN(^{P{^s#kSgj^?fv+3vicV#=@|x^>ZAwF7E!TMv?at;4|&mp85gr
zk#X|`7T$x~9_nX7l$iWXDKnt4)KkJY<~q+hHC5m5s|(!l->E_Z<V=XG8?-^5A|Ung
z7xaCd7lALI^JjP(NgkKO{G~KuAW|_EVBiMmXklop>8=+>nQ-gmPaM_g10oM|Y%7mg
zBz#O;{sut4si-q?F7F)TP_@=7MeY(HC#L-8rm7cCPP_b{0a&Ln%mK+=)VfMLXN({{
z=7z-cC%t8B<BLFJry}gbkWBze>(?W2!{dwa7@3)r!9cXV=8{8z;LxsahO@h@p~|_}
zUuI$*lYdTwu1}$Qxx|;BJFk<7<xDo{t}(E=VIlvQUH)W)F6v9>9;S_iKgH`)74iLM
zJh0mYXC_QdS6t*a^FuNze{zT|#g&kdOQg@sF*-nL0!le|`NggCdyy+wJz(WY<=p13
zS7M$ytGif-oe`it$cT0&Y%y2WbdjH<L3*_3Cgjk+H`0k{Idk^{i+{eCOfrA>HxG&O
zwCVgAcK{&VG8=g%x5QwWQ2G-EL^|q!#n7IV>hd}{(o_uJINDi})H~)(c(sp;@0<Ax
zR`oVK{oMOa6?iv6z)#)W4`J_zly~$&0s}}wOk74pTwFv_%v3^LUgCkgl$3~=w7i%Y
zCB{Ac|15a!iEwoa{{I&Q{+Q|p7To;D!Nk+aFVNlx2~t6LIv{zqpW8bljgj_<VDBO1
Rzn3OJ+UojhwU6vx{tx_^b1wh@

literal 0
HcmV?d00001

diff --git a/files/send-to-usb.desktop b/files/send-to-usb.desktop
new file mode 100644
index 000000000..6521a92c9
--- /dev/null
+++ b/files/send-to-usb.desktop
@@ -0,0 +1,5 @@
+[Desktop Entry]
+Type=Application
+MimeType=application/x-sd-export
+Name="Export SD submission to USB"
+Exec=/usr/bin/send-to-usb
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/securedrop_export/VERSION b/securedrop_export/VERSION
new file mode 100644
index 000000000..17e51c385
--- /dev/null
+++ b/securedrop_export/VERSION
@@ -0,0 +1 @@
+0.1.1
diff --git a/securedrop_export/__init__.py b/securedrop_export/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/securedrop_export/entrypoint.py b/securedrop_export/entrypoint.py
new file mode 100755
index 000000000..9958d5d05
--- /dev/null
+++ b/securedrop_export/entrypoint.py
@@ -0,0 +1,23 @@
+import os
+import shutil
+import sys
+
+from securedrop_export import export
+from securedrop_export import main
+
+
+def start():
+    my_sub = export.SDExport(sys.argv[1])
+    try:
+        # Halt immediately if target file is absent
+        if not os.path.exists(my_sub.archive):
+            msg = "File does not exist"
+            my_sub.exit_gracefully(msg)
+        main.__main__(my_sub)
+        # Delete extracted achive from tempfile
+        shutil.rmtree(my_sub.tmpdir)
+    except Exception as e:
+        # exit with 0 return code otherwise the os will attempt to open
+        # the file with another application
+        msg = "Unhandled exception:"
+        my_sub.exit_gracefully(msg, e=e)
diff --git a/securedrop_export/export.py b/securedrop_export/export.py
new file mode 100755
index 000000000..c40ee2f1d
--- /dev/null
+++ b/securedrop_export/export.py
@@ -0,0 +1,327 @@
+#!/usr/bin/env python3
+
+import datetime
+import json
+import os
+import shutil
+import signal
+import subprocess
+import sys
+import tarfile
+import tempfile
+import time
+
+PRINTER_NAME = "sdw-printer"
+PRINTER_WAIT_TIMEOUT = 60
+DEVICE = "/dev/sda1"
+MOUNTPOINT = "/media/usb"
+ENCRYPTED_DEVICE = "encrypted_volume"
+BRLASER_DRIVER = "/usr/share/cups/drv/brlaser.drv"
+BRLASER_PPD = "/usr/share/cups/model/br7030.ppd"
+
+
+class Metadata(object):
+    """
+    Object to parse, validate and store json metadata from the sd-export archive.
+    """
+
+    METADATA_FILE = "metadata.json"
+    SUPPORTED_EXPORT_METHODS = ["disk", "printer", "printer-test"]
+    SUPPORTED_ENCRYPTION_METHODS = ["luks"]
+
+    def __init__(self, archive_path):
+        self.metadata_path = os.path.join(archive_path, self.METADATA_FILE)
+        try:
+            with open(self.metadata_path) as f:
+                json_config = json.loads(f.read())
+                self.export_method = json_config.get("device", None)
+                self.encryption_method = json_config.get("encryption_method", None)
+                self.encryption_key = json_config.get("encryption_key", None)
+        except Exception as e:
+            raise
+
+    def is_valid(self):
+        if self.export_method not in self.SUPPORTED_EXPORT_METHODS:
+            return False
+
+        if self.export_method == "disk":
+            if self.encryption_method not in self.SUPPORTED_ENCRYPTION_METHODS:
+                return False
+        return True
+
+
+class SDExport(object):
+
+    def __init__(self, archive):
+        self.device = DEVICE
+        self.mountpoint = MOUNTPOINT
+        self.encrypted_device = ENCRYPTED_DEVICE
+
+        self.printer_name = PRINTER_NAME
+        self.printer_wait_timeout = PRINTER_WAIT_TIMEOUT
+
+        self.brlaser_driver = BRLASER_DRIVER
+        self.brlaser_ppd = BRLASER_PPD
+        
+        self.archive = archive
+        self.submission_dirname = os.path.basename(self.archive).split(".")[0] 
+        self.target_dirname = "sd-export-{}".format(
+            datetime.datetime.now().strftime("%Y%m%d-%H%M%S")
+        )
+        self.tmpdir = tempfile.mkdtemp()
+
+
+    def exit_gracefully(self, msg, e=False):
+        """
+        Utility to print error messages, mostly used during debugging,
+        then exits successfully despite the error. Always exits 0,
+        since non-zero exit values will cause system to try alternative
+        solutions for mimetype handling, which we want to avoid.
+        """
+        sys.stderr.write(msg)
+        sys.stderr.write("\n")
+        if e:
+            try:
+                # If the file archive was extracted, delete before returning
+                if os.path.isdir(self.tmpdir):
+                    shutil.rmtree(self.tmpdir)
+                e_output = e.output
+            except Exception:
+                e_output = "<unknown exception>"
+            sys.stderr.write(e_output)
+            sys.stderr.write("\n")
+        # exit with 0 return code otherwise the os will attempt to open
+        # the file with another application
+        self.popup_message("Export error: {}".format(msg))
+        sys.exit(0)
+
+
+    def popup_message(self, msg):
+        try:
+            subprocess.check_call([
+                "notify-send",
+                "--expire-time", "3000",
+                "--icon", "/usr/share/securedrop/icons/sd-logo.png",
+                "SecureDrop: {}".format(msg)
+            ])
+        except subprocess.CalledProcessError as e:
+            msg = "Error sending notification:"
+            self.exit_gracefully(msg, e=e)
+
+
+    def extract_tarball(self):
+        try:
+            with tarfile.open(self.archive) as tar:
+                tar.extractall(self.tmpdir)
+        except Exception as e:
+            print (e)
+            msg = "Error opening export bundle: "
+            self.exit_gracefully(msg, e=e)
+
+
+    def unlock_luks_volume(self, encryption_key):
+        # the luks device is not already unlocked
+        if not os.path.exists(os.path.join("/dev/mapper/", self.encrypted_device)):
+            p = subprocess.Popen(
+                ["sudo", "cryptsetup", "luksOpen", self.device, self.encrypted_device],
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+            p.communicate(input=str.encode(encryption_key, "utf-8"))
+            rc = p.returncode
+            if rc != 0:
+                msg = "Bad passphrase or luks error."
+                self.exit_gracefully(msg)
+
+
+    def mount_volume(self):
+        # mount target not created
+        if not os.path.exists(self.mountpoint):
+            subprocess.check_call(["sudo", "mkdir", self.mountpoint])
+        try:
+            subprocess.check_call(
+                [
+                    "sudo",
+                    "mount",
+                    os.path.join("/dev/mapper/", self.encrypted_device),
+                    self.mountpoint,
+                ]
+            )
+            subprocess.check_call(
+                [
+                    "sudo", 
+                    "chown", 
+                    "-R", "user:user", self.mountpoint,
+                ]
+            )
+        except subprocess.CalledProcessError as e:
+            # clean up
+            subprocess.check_call(["sudo", "cryptsetup", "luksClose", self.encrypted_device])
+            msg = "An error occurred while mounting disk: "
+            self.exit_gracefully(msg, e=e)
+
+
+    def copy_submission(self):
+        # move files to drive (overwrites files with same filename) and unmount drive
+        try:
+            target_path = os.path.join(self.mountpoint, self.target_dirname)
+            subprocess.check_call(["mkdir", target_path])
+            export_data = os.path.join(
+                self.tmpdir, self.submission_dirname, "export_data/"
+            )
+            subprocess.check_call(["cp", "-r", export_data, target_path])
+            self.popup_message("Files exported successfully to disk.")
+        except (subprocess.CalledProcessError, OSError) as e:
+            msg = "Error writing to disk:"
+            self.exit_gracefully(msg, e=e)
+        finally:
+            # Finally, we sync the filesystem, unmount the drive and lock the
+            # luks volume, and exit 0
+            subprocess.check_call(["sync"])
+            subprocess.check_call(["sudo", "umount", self.mountpoint])
+            subprocess.check_call(["sudo", "cryptsetup", "luksClose", self.encrypted_device])
+            subprocess.check_call(["rm", "-rf", self.tmpdir])
+            sys.exit(0)
+
+
+    def wait_for_print(self):
+        # use lpstat to ensure the job was fully transfered to the printer
+        # returns True if print was successful, otherwise will throw exceptions
+        signal.signal(signal.SIGALRM, handler)
+        signal.alarm(self.printer_wait_timeout)
+        printer_idle_string = "printer {} is idle".format(self.printer_name)
+        while(True):
+            try:
+                output = subprocess.check_output(["lpstat", "-p", self.printer_name])
+                if(printer_idle_string in output.decode("utf-8")):
+                    return True
+                else:
+                    time.sleep(5)
+            except subprocess.CalledProcessError as e:
+                msg = "Error while retrieving print status"
+                self.exit_gracefully(msg, e=e)
+            except TimeoutException as e:
+                msg = "Timeout when getting printer information"
+                self.exit_gracefully(msg, e=e)
+        return True
+
+
+    def get_printer_uri(self):
+        # Get the URI via lpinfo and only accept URIs of supported printers
+        printer_uri = ""
+        try:
+            output = subprocess.check_output(["sudo", "lpinfo", "-v"])
+        except subprocess.CalledProcessError as e:
+            msg = "Error retrieving printer uri."
+            self.exit_gracefully(msg, e=e)
+
+        # fetch the usb printer uri
+        for line in output.split():
+            if "usb://" in line.decode("utf-8"):
+                printer_uri = line.decode("utf-8")
+
+        # verify that the printer is supported, else exit
+        if printer_uri == "":
+            # No usb printer is connected
+            self.exit_gracefully("USB Printer not found")
+        elif "Brother" in printer_uri:
+            return printer_uri
+        else:
+            # printer url is a make that is unsupported
+            self.exit_gracefully("USB Printer not supported")
+
+
+    def install_printer_ppd(self, uri):
+         # Some drivers don't come with ppd files pre-compiled, we must compile them
+        if "Brother" in uri:
+            try:
+                subprocess.check_call(
+                    ["sudo", "ppdc", self.brlaser_driver, "-d", "/usr/share/cups/model/"]
+                )
+            except subprocess.CalledProcessError as e:
+                msg = "Error installing ppd file for printer {}.".format(uri)
+                self.exit_gracefully(msg, e=e)
+            return self.brlaser_ppd
+        # Here, we could support ppd drivers for other makes or models in the future
+
+
+    def setup_printer(self, printer_uri, printer_ppd):
+        try:
+            # Add the printer using lpadmin
+            subprocess.check_call(
+                [
+                    "sudo",
+                    "lpadmin",
+                    "-p",
+                    self.printer_name,
+                    "-v",
+                    printer_uri,
+                    "-P",
+                    printer_ppd,
+                ]
+            )
+            # Activate the printer so that it can receive jobs
+            subprocess.check_call(["sudo", "lpadmin", "-p", self.printer_name, "-E"])
+            # Allow user to print (without using sudo)
+            subprocess.check_call(
+                ["sudo", "lpadmin", "-p", self.printer_name, "-u", "allow:user"]
+            )
+        except subprocess.CalledProcessError as e:
+            msg = "Error setting up printer {} at {} using {}.".format(
+                self.printer_name, printer_uri, printer_ppd
+            )
+            self.exit_gracefully(msg, e=e)
+
+
+    def print_test_page(self):
+        self.print_file("/usr/share/cups/data/testprint")
+        self.popup_message("Printing test page")
+
+
+    def print_all_files(self):
+        files_path = os.path.join(self.tmpdir, "export_data/")
+        files = os.listdir(files_path)
+        print_count = 0
+        for f in files:
+            file_path = os.path.join(files_path, f)
+            self.print_file(file_path)
+            print_count += 1
+            msg = "Printing document {} of {}".format(print_count, len(files))
+            self.popup_message(msg)
+
+
+    def is_open_office_file(self, filename):
+        OPEN_OFFICE_FORMATS = [".doc", ".docx", ".xls", ".xlsx",
+                               ".ppt", ".pptx", ".odt", ".ods", ".odp"]
+        for extension in OPEN_OFFICE_FORMATS:
+            if os.path.basename(filename).endswith(extension):
+                return True
+        return False
+
+
+    def print_file(self, file_to_print):
+        try:
+            # if the file to print is an (open)office document, we need to call unoconf to convert
+            # the file to pdf as printer drivers do not immediately support this format out of the box
+            if self.is_open_office_file(file_to_print):
+                folder = os.path.dirname(file_to_print)
+                converted_filename = file_to_print + ".pdf"
+                converted_path = os.path.join(folder, converted_filename)
+                subprocess.check_call(["unoconv", "-o", converted_path, file_to_print])
+                file_to_print = converted_path
+
+            subprocess.check_call(["xpp", "-P", self.printer_name, file_to_print])
+        except subprocess.CalledProcessError as e:
+            msg = "Error printing file {} with printer {}.".format(
+                file_to_print, self.printer_name
+            )
+            self.exit_gracefully(msg, e=e)
+
+## class ends here
+class TimeoutException(Exception):
+    pass
+
+
+def handler(s, f):
+    raise TimeoutException("Timeout")
diff --git a/securedrop_export/main.py b/securedrop_export/main.py
new file mode 100755
index 000000000..79b5d721d
--- /dev/null
+++ b/securedrop_export/main.py
@@ -0,0 +1,37 @@
+import os
+import shutil
+import sys
+
+from securedrop_export import export 
+
+def __main__(submission):
+    submission.extract_tarball()
+
+    try: 
+        submission.archive_metadata = export.Metadata(submission.tmpdir)
+    except Exception as e:
+         msg = "Error parsing metadata: "
+         submission.exit_gracefully(msg, e=e)
+
+    if submission.archive_metadata.is_valid():
+        if submission.archive_metadata.export_method == "disk":
+            # exports all documents in the archive to luks-encrypted volume
+            submission.unlock_luks_volume(submission.archive_metadata.encryption_key)
+            submission.mount_volume()
+            submission.copy_submission()
+        elif submission.archive_metadata.export_method == "printer":
+            # prints all documents in the archive
+            printer_uri = submission.get_printer_uri()
+            printer_ppd = submission.install_printer_ppd(printer_uri)
+            submission.setup_printer(printer_uri, printer_ppd)
+            submission.print_all_files()
+        elif submission.archive_metadata.export_method == "printer-test":
+            # Prints a test page to ensure the printer is functional
+            printer_uri = submission.get_printer_uri()
+            printer_ppd = submission.install_printer_ppd(printer_uri)
+            submission.setup_printer(printer_uri, printer_ppd)
+            submission.print_test_page()
+    else:
+        submission.exit_gracefully("Archive metadata is invalid")
+
+
diff --git a/setup.py b/setup.py
new file mode 100644
index 000000000..c13b851e9
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,35 @@
+import pkgutil
+import setuptools
+
+with open("README.md", "r") as fh:
+    long_description = fh.read()
+
+version = pkgutil.get_data("securedrop_export", "VERSION").decode("utf-8")
+version = version.strip()
+
+setuptools.setup(
+    name="securedrop-export",
+    version=version,
+    author="Freedom of the Press Foundation",
+    author_email="securedrop@freedom.press",
+    description="SecureDrop Qubes export scripts",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    license="GPLv3+",
+    install_requires=[],
+    python_requires=">=3.5",
+    url="https://github.com/freedomofpress/securedrop-export",
+    packages=setuptools.find_packages(exclude=["docs", "tests"]),
+    package_data={
+            'securedrop_export': ['VERSION'],
+    },
+    classifiers=(
+        "Development Status :: 3 - Alpha",
+        "Programming Language :: Python :: 3",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+        "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
+        "Intended Audience :: Developers",
+        "Operating System :: OS Independent",
+    ),
+    entry_points={"console_scripts": ["send-to-usb = securedrop_export.entrypoint:start"]},
+)
diff --git a/test-requirements.txt b/test-requirements.txt
new file mode 100644
index 000000000..e079f8a60
--- /dev/null
+++ b/test-requirements.txt
@@ -0,0 +1 @@
+pytest
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/test_export.py b/tests/test_export.py
new file mode 100644
index 000000000..85dbcd258
--- /dev/null
+++ b/tests/test_export.py
@@ -0,0 +1,171 @@
+from unittest import mock
+
+import os
+import pytest
+import tempfile
+
+from securedrop_export import export 
+
+SAMPLE_OUTPUT_NO_PRINTER = b"network beh\nnetwork https\nnetwork ipp\nnetwork ipps\nnetwork http\nnetwork\nnetwork ipp14\nnetwork lpd"  # noqa
+SAMPLE_OUTPUT_BOTHER_PRINTER = b"network beh\nnetwork https\nnetwork ipp\nnetwork ipps\nnetwork http\nnetwork\nnetwork ipp14\ndirect usb://Brother/HL-L2320D%20series?serial=A00000A000000\nnetwork lpd"  # noqa
+
+
+# This below stanza is only necessary because the export code is not
+# structured as a module. If a Python module were created called
+# `export`, we could simply do `import export`
+# path_to_script = os.path.join(
+#    os.path.dirname(os.path.abspath(__file__)), "send-to-usb"
+# )
+# securedropexport = imp.load_source("send-to-usb", path_to_script)
+
+
+def test_exit_gracefully_no_exception(capsys):
+    submission = export.SDExport("testfile")
+    test_msg = 'test'
+
+    with pytest.raises(SystemExit) as sysexit:
+        submission.exit_gracefully(test_msg)
+
+    # A graceful exit means a return code of 0
+    assert sysexit.value.code == 0
+
+    captured = capsys.readouterr()
+    assert captured.err == "{}\n".format(test_msg)
+    assert captured.out == ""
+
+
+def test_exit_gracefully_exception(capsys):
+    submission = export.SDExport("testfile")
+    test_msg = 'test'
+
+    with pytest.raises(SystemExit) as sysexit:
+        submission.exit_gracefully(test_msg,
+                                         e=Exception('BANG!'))
+
+    # A graceful exit means a return code of 0
+    assert sysexit.value.code == 0
+
+    captured = capsys.readouterr()
+    assert captured.err == "{}\n<unknown exception>\n".format(test_msg)
+    assert captured.out == ""
+
+
+def test_empty_config(capsys):
+    submission = export.SDExport("testfile")
+    temp_folder = tempfile.mkdtemp()
+    metadata = os.path.join(temp_folder, export.Metadata.METADATA_FILE)
+    with open(metadata, "w") as f:
+        f.write("{}")
+    config = export.Metadata(temp_folder)
+    assert not config.is_valid()
+
+
+def test_valid_printer_test_config(capsys):
+    submission = export.SDExport("testfile")
+    temp_folder = tempfile.mkdtemp()
+    metadata = os.path.join(temp_folder, export.Metadata.METADATA_FILE)
+    with open(metadata, "w") as f:
+        f.write('{"device": "printer-test"}')
+    config = export.Metadata(temp_folder)
+    assert config.is_valid()
+    assert config.encryption_key is None
+    assert config.encryption_method is None
+
+
+def test_valid_printer_config(capsys):
+    submission = export.SDExport("")
+    temp_folder = tempfile.mkdtemp()
+    metadata = os.path.join(temp_folder, export.Metadata.METADATA_FILE)
+    with open(metadata, "w") as f:
+        f.write('{"device": "printer"}')
+    config = export.Metadata(temp_folder)
+    assert config.is_valid()
+    assert config.encryption_key is None
+    assert config.encryption_method is None
+
+
+def test_invalid_encryption_config(capsys):
+    submission = export.SDExport("testfile")
+
+    temp_folder = tempfile.mkdtemp()
+    metadata = os.path.join(temp_folder, export.Metadata.METADATA_FILE)
+    with open(metadata, "w") as f:
+        f.write(
+            '{"device": "disk", "encryption_method": "base64", "encryption_key": "hunter1"}'
+        )
+    config = export.Metadata(temp_folder)
+    assert config.encryption_key == "hunter1"
+    assert config.encryption_method == "base64"
+    assert not config.is_valid()
+
+
+def test_valid_encryption_config(capsys):
+    submission = export.SDExport("testfile")
+    temp_folder = tempfile.mkdtemp()
+    metadata = os.path.join(temp_folder, export.Metadata.METADATA_FILE)
+    with open(metadata, "w") as f:
+        f.write(
+            '{"device": "disk", "encryption_method": "luks", "encryption_key": "hunter1"}'
+        )
+    config = export.Metadata(temp_folder)
+    assert config.encryption_key == "hunter1"
+    assert config.encryption_method == "luks"
+    assert config.is_valid()
+
+
+@mock.patch("subprocess.check_call")
+def test_popup_message(mocked_call):
+    submission = export.SDExport("testfile")
+    submission.popup_message("hello!")
+    mocked_call.assert_called_once_with([
+        "notify-send",
+        "--expire-time", "3000",
+        "--icon", "/usr/share/securedrop/icons/sd-logo.png",
+        "SecureDrop: hello!"
+    ])
+
+
+@mock.patch("subprocess.check_output", return_value=SAMPLE_OUTPUT_BOTHER_PRINTER)
+def test_get_good_printer_uri(mocked_call):
+    submission = export.SDExport("testfile")
+    result = submission.get_printer_uri()
+    assert result == "usb://Brother/HL-L2320D%20series?serial=A00000A000000"
+
+
+@mock.patch("subprocess.check_output", return_value=SAMPLE_OUTPUT_NO_PRINTER)
+def test_get_bad_printer_uri(mocked_call, capsys):
+    submission = export.SDExport("testfile")
+    expected_message = "USB Printer not found"
+    mocked_exit = mock.patch("export.exit_gracefully", return_value=0)
+
+    with pytest.raises(SystemExit) as sysexit:
+        result = submission.get_printer_uri()
+        assert result == ""
+        mocked_exit.assert_called_once_with(expected_message)
+
+    assert sysexit.value.code == 0
+    captured = capsys.readouterr()
+    assert captured.err == "{}\n".format(expected_message)
+    assert captured.out == ""
+
+
+@pytest.mark.parametrize('open_office_paths', [
+    "/tmp/whatver/thisisadoc.doc"
+    "/home/user/Downloads/thisisadoc.xlsx"
+    "/home/user/Downloads/file.odt"
+    "/tmp/tmpJf83j9/secret.pptx"
+])
+def test_is_open_office_file(capsys, open_office_paths):
+    submission = export.SDExport("")
+    assert submission.is_open_office_file(open_office_paths)
+
+
+@pytest.mark.parametrize('open_office_paths', [
+    "/tmp/whatver/thisisadoc.doccc"
+    "/home/user/Downloads/thisisa.xlsx.zip"
+    "/home/user/Downloads/file.odz"
+    "/tmp/tmpJf83j9/secret.gpg"
+])
+def test_is_not_open_office_file(capsys, open_office_paths):
+    submission = export.SDExport("")
+    assert not submission.is_open_office_file(open_office_paths)

From 8806ea1968a5f2d75f448f3652089c2d3bdc81ba Mon Sep 17 00:00:00 2001
From: Kevin O'Gorman <kog@freedom.press>
Date: Tue, 23 Jul 2019 14:52:35 -0700
Subject: [PATCH 2/2] fixed disk export location

---
 securedrop_export/export.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/securedrop_export/export.py b/securedrop_export/export.py
index c40ee2f1d..f5ce56a95 100755
--- a/securedrop_export/export.py
+++ b/securedrop_export/export.py
@@ -168,7 +168,7 @@ def copy_submission(self):
             target_path = os.path.join(self.mountpoint, self.target_dirname)
             subprocess.check_call(["mkdir", target_path])
             export_data = os.path.join(
-                self.tmpdir, self.submission_dirname, "export_data/"
+                self.tmpdir, "export_data/"
             )
             subprocess.check_call(["cp", "-r", export_data, target_path])
             self.popup_message("Files exported successfully to disk.")