Integrate basic single-file export using sd-export VM

[eloquence]

We now have a basic export implementation using the sd-export workflow documented in the workstation README. Once remaining integration blockers are resolved (freedomofpress/securedrop-workstation#281, freedomofpress/securedrop-workstation#264, and freedomofpress/securedrop-workstation#271), and we have a basic UI layout for per-file actions in place (#525), we should be ready to start on a lightweight integration:

• Add an "Export" action for each individual file as seen in Zeplin
• If user clicks "Export", client initiates pre-flight checks
• If pre-flight checks suggest VM is not launched yet or no USB connected, show "Insert USB" dialog as shown in final print/export specs in Zeplin
• If pre-flight checks suggest we're ready to go, immediately initiate export
• Client shows error screens for each error state returned by the script (screen content to be vetted in close collaboration with @ninavizz), otherwise shows success message

Out of scope for this issue:

• Handling currently unsupported error cases, e.g., pre-calculation of file size vs. diskspace
• Handling passphrases (passphrase can be hardcoded in config for now)
• Handling VeraCrypt vs. LUKS (VeraCrypt support is still pending)
• Handling multiple files
• Handling message export
• Handling >1 USB port

As always, splitting this into multiple PRs is up to the implementer, but all the above in-scope requirements should be addressed to fully resolve this issue.

[sssoleileraaa]

Quick notes - what im seeing right now (this could change since im actively testing export in qubes):

• when the usb port is reassigned a number or i accidentally plug the usb into the wrong port, the client will get back ERROR_USB_CONFIGURATION when running the usb-test preflight check (this seems fine, but it's not documented as an expected error for usb-test and im not sure we should assume this won't ever happen with admins or journalists)
• when the port number matches what's in config.json, but the usb is not plugged in yet and the client triggers theusb-test preflight check, then sd-export-usb vm fails to start and freezes the client so the usb-test preflight check is not run (we cannot get back USB_NOT_CONNECTED error and respond.
• The client becomes inoperable for somewhere between 10 and 20 seconds while the sd-export-usb vm starts up
• The export vm is not being started during qubes startup (I thought this had been added at some point but haven't looked into this yet)
• when the client starts up with the usb drive plugged in, then when attemting to run usb-test preflight check qubes says it the vm failed to start. there is a barrage of qubes notification popups and some that immediately disappear and others that remain that sometimes are no longer relevant.
• when i reboot the machine with the usb stick plugged in, it automounts to the export vm, however the usb-test preflight check freezes the client, tihs is the command it freezes on qvm-open-in-vm sd-export-usb /home/user/.securedrop_client/usb-test.ed-export
• after the client freezes, i cannot kill sd-export-usb and when i try from Qube Manager, that too freezes. make remove-sd-export and qvm-kill sd-export-usb hang. the only thing i can do is restart Qubes.

will update here when there's more progress or information about my findings... once the steps to reproduce these issues above become clearer i can file issues

[sssoleileraaa]

when sd-export-usb starts, i see these popups with the error message:
Domain sd-export-usb has failed to start: list.remove(x): x not in list:

To check that this is not only happening on my machine, run qvm-open-in-vm sd-export-usb /home/user/.securedrop_client/usb-test.sd-export in sd-svs when the usb is plugged in and when it's not plugged in.

Note: I ran the following commands before testing this:

make remove-sd-export
qvm-remove sd-export-template
make sd-export

(make sd-export is run with the usb stick plugged in and config.json has the correct usb port number)

[sssoleileraaa]

[sssoleileraaa]

To get past Domain sd-export-usb has failed to start: list.remove(x): x not in list: error:

1. kill qui-devices per Device widget not showing attached devices.  QubesOS/qubes-issues#4878 (comment)
2. run qvm-usb ls with the usb device plugged in, see what its assigned number is (it was a new number for me)
3. update config.json to the correct usb device number
4. rerun make sd-export
5. start sd-export and no longer see a bunch of qube popup notifications

[eloquence]

Cross-linking other potentially related upstream issue:
QubesOS/qubes-issues#4849

[sssoleileraaa]

Linking to the most up-to-date design: https://projects.invisionapp.com/share/TNT1Q7XGH89#/screens

[sssoleileraaa]

Linking to the most up-to-date design: https://projects.invisionapp.com/share/WKTCW3J7B34#/screens/377942793

[sssoleileraaa]

• Add an "Export" action for each individual file as seen in Zeplin
• If user clicks "Export", client initiates pre-flight checks
• If pre-flight checks suggest VM is not launched yet or no USB connected, show "Insert USB" dialog as shown in final print/export specs in Zeplin
• If pre-flight checks suggest we're ready to go, immediately initiate export
• Client shows error screens for each error state returned by the script (screen content to be vetted in close collaboration with @ninavizz), otherwise shows success message

The criteria is met here so I think this issue should be closed, unless I'm missing something?

UI polishing, UX-blocker discussions, post-beta feature ideas, and the bus id bug are all being tracked:

• Switching drives mid-export #554
• Add "Export Successful" message #556
• Don't close Export Dialog when the user clicks outside of it #557
• Add 5 minute timeout to close Export dialog #558
• [EPIC] Polish Export UI #560
• and more! See https://github.com/freedomofpress/securedrop-client/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+export for a break down of
• See https://github.com/freedomofpress/securedrop-export/issues for bus id and enhancement issues

[redshiftzero]

agreed, let's close this