Skip to content

Commit

Permalink
Update debian rules to require exact replacement of /etc/udisks2/tcry…
Browse files Browse the repository at this point in the history
…pt.conf file.

Update Export README to include new status values.
Include VeraCrypt unlock instructions in InsertUSBPage.
Extract new dialog strings for localization.
  • Loading branch information
rocodes committed Feb 21, 2024
1 parent dc32ba2 commit 60be7f5
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,8 @@ def __init__(self, export: Export, summary: str) -> None:
body = _(
"Please insert one of the export drives provisioned specifically "
"for the SecureDrop Workstation."
"<br />"
"If you're using a VeraCrypt drive, unlock it manually before proceeding."
)
super().__init__(export, header=header, body=body)

Expand Down
5 changes: 1 addition & 4 deletions client/securedrop_client/locale/messages.pot
Original file line number Diff line number Diff line change
Expand Up @@ -276,9 +276,6 @@ msgstr ""
msgid "BACK"
msgstr ""

msgid "Export {}"
msgstr ""

msgid "No device detected"
msgstr ""

Expand Down Expand Up @@ -333,7 +330,7 @@ msgstr ""
msgid "Export Failed"
msgstr ""

msgid "Please insert one of the export drives provisioned specifically for the SecureDrop Workstation."
msgid "Please insert one of the export drives provisioned specifically for the SecureDrop Workstation.<br />If you're using a VeraCrypt drive, unlock it manually before proceeding."
msgstr ""

msgid "Remember to be careful when working with files outside of your Workstation machine."
Expand Down
5 changes: 4 additions & 1 deletion debian/rules
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,10 @@ override_dh_strip_nondeterminism:

# Override debhelper's auto-generated files in `/etc/`
# to force an exact replacement of the files we are modifying
# there (specifically, `/etc/apt/trusted.gpg.d/securedrop-keyring.gpg`).
# there (specifically, `/etc/apt/trusted.gpg.d/securedrop-keyring.gpg`
# for the keyring package and `/etc/udisks2/tcrypt.conf` for the
# securedrop-export package).
override_dh_installdeb:
dh_installdeb
cat /dev/null > ${CURDIR}/debian/securedrop-keyring/DEBIAN/conffiles
cat /dev/null > ${CURDIR}/debian/securedrop-export/DEBIAN/conffiles
42 changes: 23 additions & 19 deletions export/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,34 +86,38 @@ For all device types (described in detail below), the following standard error t

The supported device types for export are as follows, including the possible errors specific to that device type:

1. `disk-test` : Preflight check that probes for USB connected devices, that returns:
- `DEVICE_WRITABLE` if a supported USB device is attached and unlocked
- `DEVICE_LOCKED` if a supported drive is inserted but locked (a LUKS drive, since locked Veracrypt detection is not supported)
1. `disk-test`: Preflight check that probes for USB connected devices, that returns:
- `NO_DEVICE_DETECTED`, `MULTI_DEVICE_DETECTED`: wrong number of inserted USB drives
- `INVALID_DEVICE_DETECTED`: Wrong number of partitions, unsupported encryption scheme, etc
- `UNKNOWN_DEVICE_DETECTED`: (Future use) this is what a locked drive that could be Veracrypt would return
- `INVALID_DEVICE_DETECTED`: Wrong number of partitions, unsupported encryption scheme, etc.
Note: locked VeraCrypt drives also return this status, and a hint is shown to the user that they must
manually unlock such drives before proceeding.
- `DEVICE_LOCKED` if a supported drive is inserted but locked (a LUKS drive, since locked Veracrypt detection is not supported)
- `DEVICE_WRITABLE` if a supported USB device is attached and unlocked. (Only used for Preflight check)
- `DEVICE_ERROR`: A problem was encountered and device state cannot be reported.

2. `printer-test`: prints a test page that returns:
- `ERROR_PRINTER_NOT_FOUND` if no printer is connected
- `ERROR_PRINTER_NOT_SUPPORTED` if the printer is not currently supported by the export script
- `ERROR_PRINTER_DRIVER_UNAVAILABLE` if the printer driver is not available
- `ERROR_PRINTER_INSTALL` If there is an error installing the printer
- `ERROR_PRINT` if there is an error printing

3. `printer`: sends files to printer that returns:
2. `disk`: Attempts to send files to disk. Can return any Preflight status except `DEVICE_WRITABLE`, as well as
the following status results below, which replace `DEVICE_WRITABLE` since they attempt the export action.
Because export is a linear process, a status such as `ERROR_EXPORT_CLEANUP` indicates that the file export
succeeded and the problem occurred after that point in the process.
- `ERROR_UNLOCK_LUKS` if LUKS decryption failed due to bad passphrase
- `ERROR_UNLOCK_GENERIC` if unlocking failed due to some other reason
- `ERROR_MOUNT` if there was an error mounting the volume
- `ERROR_UNMOUT_VOLUME_BUSY` if there was an error unmounting the drive after export
- `ERROR_EXPORT_CLEANUP` if there was an error removing temporary directories after export
- `SUCCESS_EXPORT`: Entire routine, including export and cleanup, was successful

3. `printer-preflight`, `printer-test`: test the printer and ensure it is ready.
- `ERROR_PRINTER_NOT_FOUND` if no printer is connected
- `ERROR_PRINTER_NOT_SUPPORTED` if the printer is not currently supported by the export script
- `ERROR_PRINTER_DRIVER_UNAVAILABLE` if the printer driver is not available
- `ERROR_PRINTER_URI` if `lpinfo` fails to retrieve printer information
- `ERROR_PRINTER_INSTALL` If there is an error installing the printer
- `ERROR_PRINT` if there is an error printing
- `PRINT_PREFLIGHT_SUCCESS` if preflight checks were successful (Preflight only)

4. `disk`: sends files to disk that returns:
- `SUCCESS_EXPORT`: Successful
- `ERROR_CLEANUP`: Export was successful but files could not be cleaned up or drive was not properly unmounted
- `ERROR_UNLOCK_LUKS` if the luks decryption failed (likely due to bad passphrase)
- `ERROR_MOUNT` if there was an error mounting the volume (after unlocking the luks volume)
- `ERROR_WRITE` if there was an error writing to disk (e.g., no space left on device)
4. `printer`: sends files to printer that returns any of the `printer-preflight` statuses except
`PRINT_PREFLIGHT_SUCCESS`, as well as:
- `PRINT_SUCCESS` if the job is dispatched successfully

### Export Folder Structure

Expand Down

0 comments on commit 60be7f5

Please sign in to comment.