buskill / buskill-app Goto Github PK

The Debian packaging is based on the source tarball and so that's the tarball that would benefit from a separate detached GPG signature.

At the moment the Debian-specific signature is on the Linux (AppImage) tarball.

Describe the bug
when removing USB Device on BusKill - Mac the laptop can be woken up without a password. when executing command it does work.
The Delay creates a possible risk

To Reproduce
Steps to reproduce the behavior:

1. Go to 'BusKill'
2. Click on 'Arm'
3. Remove USB Device
4. Screen Dims but mouse wiggle wakes the device

Mac Should lock and require a password/authentication
Desktop (please complete the following information):

• OS: macOS Catalina 10.15.5
• N/A
• Version 0.2.0

This task is for me to sign our first BusKill release, v0.1.0, with a pgp "BusKill Release Signing Key" subkey that'll be kept locked-down, unlike the BusKill Pre-release Signing Key -- which necessarily must be given to, at least, github.com's servers.

Problem: If BusKill doesn't work, it doesn't output anything. This is a problem if it fails to run for some reason on a platform.

Solution: We need a way for a non-technical user to be able to get the runtime debug log so they can send it to us in the event that BusKill fails to trigger for some reason.

Currently the debug output we need is only available when executing the app from the CLI. That's a non-starter for non-technical folks, and we need to improve the UX to make it extremely easy for the user to send us their debug logs.

Attacker can recover RAM content (passwords/keys) by freezing it with spray, even after power down!
I would recommend filling it with random first,
or at least misleading valid words into the free space if previous is not possible because of OS.

This ticket will track the effort to implement a self-destruct trigger for veracrypt.

Work was started on this by @jneplokh here:

• https://github.com/BusKill/veracrypt-self-destruct

But I believe they got stuck on privilege escalation in Windows. When developing the soft-shutdown trigger on MacOS, I also encountered issues running as a non-root user, so I wrote a simple wrapper to launch a child process as root. I believe this would need to be ported to Windows for this task:

• https://github.com/BusKill/buskill-app/blob/v0.6.0/src/packages/buskill/__init__.py#L567-L751
• https://github.com/BusKill/buskill-app/blob/v0.6.0/src/packages/buskill/root_child_mac.py

Deliverables would be:

1. A function spawn_root_child() - A python function that, when executed as a non-root user, asks the user (via the official OS UAC prompt) for their password and then launches another python script (root_child_win.py) as child process with root privileges.
2. root_child_win.sh A python script that, when executed as root by wrapper spawn_root_child(), it loops and waits for a command sent over stdin. If sent a veracrypt-self-destruct command, then it calls a function trigger_veracrypt-self-destruct()
3. A function trigger_veracrypt-self-destruct() that finds all veracrypt volumes, securely wipes the veracrypt header and footer, and initiates a hard shutdown
4. a forensic analysis that proves this works

[1] above would be similar to spawn_root_child() in src/packages/buskill/__init__.py

This ticket is to update our build scripts to download the latest version of python-libusb1 and use it in future builds (iff the signature is good).

Per our request, the developer just started cryptographically signing their releases:

• vpelletier/python-libusb1#54

This task is to setup GitHub's CI process to automatically sign pre-releases with a pre-release-specific gpg key's subkey. I need to

1. Mint a new 4096-bit RSA pre-release-specific master pgp key (distinct from our main pgp "Release Key", whoose subkeys will never be exposed like the Pre-Release Key's will)
2. Mint a new sign-only 4096-bit RSA subkey for the above master key
3. Export the new private subkey (without the master key's private key) and remove the the encryption
4. Add the orphaned subkey's private key to GitHub secrets and make it read-only to the CI process
5. Update the build scripts to generate a checksum of the build artifacts (the tarball/zip file?)
6. Update the build scripts to cryptographically sign the checksum file

I found a link to the Mastodon page on https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html and noticed that the fingerprint listed there doesn't match any of the ones at the bottom of https://www.buskill.in/.

Is that normal? Is the Mastodon key supposed to be a different one?

Describe the bug
A user has reported that attempting the in-app upgrade fails on MacOS.

To Reproduce
Steps to reproduce the behavior:

1. Open the BusKill App
2. Click on the hamburger menu
3. Click Update
4. See error

Expected behavior
The app should fetch and install an update

Screenshots

Versions (please complete the following information):

• OS: MacOS running Monterey (12.6) (MacBook Pro)
• BusKill: Reported for both v0.4.0 and v0.5.0

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
The BusKill app needs a a way to disable the in-app update functionality

Describe the solution you'd like
A boolean option in the buskill config file, when set, should:

1. Prevent the "Update" button from even being visible in the navigation drawer
2. Cause any of the upgrade()-related functions to WARN and then immediately return

Describe alternatives you've considered
A debian patch

Additional context
This is needed when BusKill is installed by a third party (secure) package manager, such as Debian's apt.

For more info, see:

• #31 (comment)

This issue will track adding a --run-trigger argument that will immediately execute the trigger (eg lock-screen or soft-shutdown)

Is your feature request related to a problem? Please describe.

There should be an easier way to test that triggers work without having to fiddle with USB drives. This is especially important for testing on VM or headless systems.

Describe the solution you'd like

I should be able to execute

./buskill --run-trigger lock-screen

...and the screen should lock (ok, maybe after confirming with the user that they really want to proceed)

Idea for Cryptomator trigger.
Cryptomator (https://cryptomator.org/) creates encrypted volumes.
It uses WebDav or Fuse to mount volumes.

On Mac OSX, a script can do the unmounting:
umount --force /Volumes/<CryptomatorVaultName> or
sudo diskutil unmount /Volumes/<CryptomatorVaultName/

The main issue with this, is that the Vault Name should be known for the path to be able to trigger it in a script.

Another idea is to buy and install the Mountain application (https://appgineers.de/mountain/) with HotKeys set for Unmount external volumes, it works without knowing all the volume names.
The Buskill would trigger a script that presses these hotkeys for the Mountain app to do this.

Remarks on this are appreciated.

Is your feature request related to a problem? Please describe.
An opt-in setting to check for updates in the app

Describe the solution you'd like
An opt-in setting to check for updates in the app. When the setting is enabled, the app will check for updates when the app launches and every 12-24 hours. If there is an update, it will notify the user with a notification.

Describe alternatives you've considered
None

Additional context
None

This ticket will track the effort to add post-push CI security checks that would help detect malicious code.

For example, bidirectional control characters or other malicious unicode characters could make it impossible for me to visually detect malicious code added to this repo by a malicious PR contributor.

• https://www.trojansource.codes/

At least, the resolution of this ticket should include some automated testing of submitted PRs that detects such malicious unicode characters.

A user just requested that we add a feature to the BusKill app to query some webpage on trigger.

This could be useful, for example, to trigger remote shutdown of other devices.

Our https://keybase.io/buskill account does not list our newest code signing key (E0AF FF57 DC00 FBE0 5635 8761 4AE2 1E19 36CE 786A).

More information on the creation of this new key (which was done months after our keybase account was created) can be found here:

• #5

This is a ticket to track the support of the BusKill GUI app running on BSD platforms.

Describe the bug
I see two different directories being used for the buskill app on my machine using two different names:

• ~/.buskill (just for the cache)
• ~/.kivy (everything else)

Expected behavior
I would expect to see the same name for that app. I didn't know what "kivy" was, "buskill" on the other hand is exactly what I was expecting to see.

Additionally, I would suggest using the standard locations:

• $XDG_CACHE_HOME/buskill, falling back to $HOME/.cache/buskill
• $XDG_CONFIG_HOME/buskill, falling back to $HOME/.config/buskill

Versions (please complete the following information):

• OS: Debian unstable
• BusKill: 0.5.0

This ticket is to track the development of a new feature permitting the user to choose the trigger that's executed.

Currently there is only one hard-coded trigger supported: lockscreen. When this feature is complete, there will be 1-3 triggers supported:

1. Lockscreen
2. Soft Shutdown
3. Hard Shutdown (if implementable on the platform)

To achieve this, the following needs to be added

1. Create a configuration file in the DATA_DIR to persist settings between runs
2. In the CLI, implement a --list-triggers option allowing the user to list all available triggers on their platform
3. In the CLI, implement a -t = --trigger option allowing the user to specify the trigger to be used at runtime. This is to be used in combination with the --arm argument
4. In the CLI, implement a --set-default-trigger option, which updates the config file's default trigger to be used after arming (affects both the CLI and the GUI).
5. In the GUI, add a "Settings" screen and cooresponding button to the navigation drawer to access it
6. In the GUI, add a drop-down menu to select from the available triggers to the "Settings" screen, which updates the config file's default trigger to be used after arming (affects both the CLI and the GUI)

Note: this ticket should not attempt to handle auxiliary triggers (ie: self-destruct triggers or other custom triggers). This will be added later.

This ticket is for me to:

1. create a 4096-bit RSA sign-only subkey on my personal/master key
2. export only this new subkey to my buskill development AppVM
3. upload my new gpg key to my GitHub account
4. update my git remote repo/sandbox's config to sign all commits
5. successfully push to this repo with a gpg-signed commit, and that github gives it the desired green checkbox

Problem: Right now we're storing all of the app's dependencies directly in this repo, which has made it balloon in-size, which is only going to get worse with time.

This issue will track the task to find a solution to this problem.

The solution:

1. Should not depend on downloading resources through the Internet, unless those resources have been cryptographically signed with a pinned, trustworthy key such that the authenticity of the release can be verified, even if the infrastructure from which we're downloading or the connection to that infrastructure is compromised

2. Should not cause builds to fail in the future in-case our dependency is not longer available for download (404).

For more info on why PyPi fails at security the supply chain (unlike apt for example), see:

• https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises
• https://security.stackexchange.com/a/234098
• https://security.stackexchange.com/questions/234052/where-can-i-find-a-list-of-all-government-agencies-with-cas-in-pki-root-stores

This ticket will track adding auto-update functionality to the BusKill app.

Now that we have our fully-functional alpha release, the most important feature TODO (before starting on a long list of other basic features) is to integrate a robust auto-update feature that can securely upgrade the BusKill app in-case any critical bugs are found with the current version.

Secure means, in part, that I shouldn't have to trust the download pipe (https) and instead should trust only updates that are cryptographically signed with a single pinned/known 4096-bit RSA key.

Robust means, in part, that I shouldn't have to rely on one endpoint for finding updates--such as github.com. Rather, I should support the updates being stored on a set of (untrusted) mirrors. It's critical that this first release has a good set of mirrors hard-coded so that if one mirror goes permanently offline or we can no longer use them for any reason, an old version of our app won't get orphaned with no way to auto-update itself.

When running GitHub Actions on forked version of repo not getting build release asset.

https://github.com/stevenj2019/buskill-app/runs/1730209270?check_suite_focus=true

Link to the build in question.

on step "Upload Release Asset" the URL provided links to BusKill's GitHub Repo as oppose to the repo the build was created on

Is your feature request related to a problem? Please describe.

This ticket will track the effort to build an archive file that, when extracted, can be copied onto a FAT32 filesystem on a USB thumb drive containing all of the BusKill apps across all platforms for super-simple UX.

Describe the solution you'd like

I'll create a script that will:

1. Download the most-recent releases for all platofrms (and verify their cryptographic release signatures)
2. Organize each release into OS-specific directories
3. Create symlinks (for easy UX)
4. Create autorun files to launch the BusKill app when the USB drive is inserted, where possible (for easy UX)
5. zip it all up in a compressed archive that supports symlinks (likely 7zip)

This task is for me to

1. Enumerate all the external dependencies that are downloaded from the Internet at build time
2. See if the publisher of the dependency provides a way to verify the authentication and integrity of their releases cryptographically
3. If not, then 3TOFU checksums of the latest releases
4. Hard-code the checksums to the build scripts
5. Update the build scripts to fail if the checksums don't match the expected hash values

Is your feature request related to a problem? Please describe.
A self hosted Debian/Ubuntu repository for the Buskill app

Describe the solution you'd like
The ability to install Buskill on Debian and Ubuntu using a 3rd party repository and receive updates to Buskill right when the updates are released.

Describe alternatives you've considered
Flatpak
AppImage
Pacstall

Additional context
None

Describe the bug

A user has reported that their machine doesn't actually lock after arm & disconnect of the BusKill cable. It does make the screen go black, but it does not lock the machine (wiggling the mouse just makes the screen no-dark again without prompting for a password)

MacOS Monterey (12.6)

To Reproduce
Steps to reproduce the behavior:

1. Open the BusKill App
2. Connect the BusKill cable assembly to the computer
3. Arm the app
4. Disconnect the BusKill cable from the computer
5. Experience issue

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

• OS: MacOS running Monterey (12.6) (MacBook Pro)
• BusKill: Reported for both v0.4.0 and v0.5.0

Additional context
Add any other context about the problem here.

Describe the bug
Builds in the dev branch are failing, see:

• https://github.com/BusKill/buskill-app/runs/2814490516?

To Reproduce

push changes on dev branch to github

Expected behavior
A clear and concise description of what you expected to happen.

Builds should finish and spit-out a working dmg

Screenshots
If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

• OS: MacOS
• BusKill: dev

Additional context

2021-06-13T17:05:42.6157790Z + PYTHON_PATH=/usr/local/Cellar/[email protected]/3.8.10/Frameworks/Python.framework/Versions/3.8/bin/python3.8
...
2021-06-13T17:05:42.7168160Z + PIP_PATH=/usr/local/Cellar/[email protected]/3.8.10/bin/pip3
...
2021-06-13T17:05:42.9342940Z + /usr/local/Cellar/[email protected]/3.8.10/Frameworks/Python.framework/Versions/3.8/bin/python3.8 --version
2021-06-13T17:05:42.9417760Z Python 3.8.10
2021-06-13T17:05:42.9421310Z + /usr/local/Cellar/[email protected]/3.8.10/Frameworks/Python.framework/Versions/3.8/bin/python3.8 -m pip list
2021-06-13T17:05:45.2528580Z Package    Version
2021-06-13T17:05:45.2530460Z ---------- -------
2021-06-13T17:05:45.2530910Z pip        21.1.1
2021-06-13T17:05:45.2531270Z setuptools 56.0.0
2021-06-13T17:05:45.2531660Z wheel      0.36.2
2021-06-13T17:05:50.3587140Z + which pip3
2021-06-13T17:05:50.3608340Z /usr/local/bin/pip3
2021-06-13T17:05:50.3610090Z + pip3 list
2021-06-13T17:05:52.2740810Z Package    Version
2021-06-13T17:05:52.2742170Z ---------- -------
2021-06-13T17:05:52.2743100Z pip        21.1.1
2021-06-13T17:05:52.2743880Z setuptools 56.0.0
2021-06-13T17:05:52.2744530Z wheel      0.36.2
...
2021-06-13T17:18:59.9047870Z + /usr/local/Cellar/[email protected]/3.8.10/bin/pip3 download python-gnupg
2021-06-13T17:19:00.1174990Z Traceback (most recent call last):
2021-06-13T17:19:00.1176070Z   File "/usr/local/Cellar/[email protected]/3.8.10/bin/pip3", line 33, in <module>
2021-06-13T17:19:00.1177770Z     sys.exit(load_entry_point('pip==21.1.1', 'console_scripts', 'pip3')())
2021-06-13T17:19:00.1178780Z   File "/usr/local/Cellar/[email protected]/3.8.10/bin/pip3", line 25, in importlib_load_entry_point
2021-06-13T17:19:00.1179620Z     return next(matches).load()
2021-06-13T17:19:00.1182660Z   File "/usr/local/Cellar/[email protected]/3.8.10/Frameworks/Python.framework/Versions/3.8/lib/python3.8/importlib/metadata.py", line 77, in load
2021-06-13T17:19:00.1184520Z     module = import_module(match.group('module'))
2021-06-13T17:19:00.1185880Z   File "/usr/local/Cellar/[email protected]/3.8.10/Frameworks/Python.framework/Versions/3.8/lib/python3.8/importlib/__init__.py", line 127, in import_module
2021-06-13T17:19:00.1187280Z     return _bootstrap._gcd_import(name[level:], package, level)
2021-06-13T17:19:00.1188190Z   File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
2021-06-13T17:19:00.1189050Z   File "<frozen importlib._bootstrap>", line 991, in _find_and_load
2021-06-13T17:19:00.1189970Z   File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
2021-06-13T17:19:00.1191060Z   File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
2021-06-13T17:19:00.1192040Z   File "<frozen importlib._bootstrap_external>", line 848, in exec_module
2021-06-13T17:19:00.1193010Z   File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
2021-06-13T17:19:00.1194540Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/main.py", line 10, in <module>
2021-06-13T17:19:00.1195710Z     from pip._internal.cli.autocompletion import autocomplete
2021-06-13T17:19:00.1198000Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/autocompletion.py", line 9, in <module>
2021-06-13T17:19:00.1199500Z     from pip._internal.cli.main_parser import create_main_parser
2021-06-13T17:19:00.1201010Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/main_parser.py", line 7, in <module>
2021-06-13T17:19:00.1202250Z     from pip._internal.cli import cmdoptions
2021-06-13T17:19:00.1203760Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/cmdoptions.py", line 24, in <module>
2021-06-13T17:19:00.1205590Z     from pip._internal.cli.progress_bars import BAR_TYPES
2021-06-13T17:19:00.1207300Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/progress_bars.py", line 12, in <module>
2021-06-13T17:19:00.1208470Z     from pip._internal.utils.logging import get_indentation
2021-06-13T17:19:00.1210660Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/utils/logging.py", line 18, in <module>
2021-06-13T17:19:00.1211830Z     from pip._internal.utils.misc import ensure_dir
2021-06-13T17:19:00.1214120Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/utils/misc.py", line 31, in <module>
2021-06-13T17:19:00.1215210Z     from pip._internal.locations import (
2021-06-13T17:19:00.1216650Z   File "/usr/local/lib/python3.8/site-packages/pip/_internal/locations/__init__.py", line 7, in <module>
2021-06-13T17:19:00.1218040Z     from pip._internal.models.scheme import SCHEME_KEYS, Scheme
2021-06-13T17:19:00.1219920Z ImportError: cannot import name 'SCHEME_KEYS' from 'pip._internal.models.scheme' (/usr/local/lib/python3.8/site-packages/pip/_internal/models/scheme.py)```

Describe the bug
Currently not all of the default kivy icons are being replaced by the BusKill icon

When I was working on issue #16 & #39 today, I realized that the KIVY_HOME dir has an icons dir, and inside that dir has a mix of kivy's default icons and our custom BusKill icons. I guess that I didn't add all of the sizes needed, so there's three files that are still the default kivy icon:

1. kivy-icon-24.png
2. kivy-icon-256.png
3. kivy-icon-512.png

See screenshot of my dev machine's icons dir inside KIVY_HOME (/home/user/.local/share/.buskill/icon/):

Describe the bug
It's currently not possible to swipe from the left-hand side of the app to open the navigation drawer on all screens

To Reproduce
Steps to reproduce the behavior:

1. On the Main Screen, swipe from the very far left-hand margin of the app from left-to-right. Notice that the Navigation Drawer opens.
2. Click on "Debug Log" to open the "Debug Log" screen
3. Again, swipe from the very far left-hand margin of the app from left-to-right. Notice that the Navigation Drawer does not open.

Expected behavior
The Navigation Drawer should be accessible by the swipe gesture on all screens.

Problem: The GUI app currently doesn't display anything when a USB removal event causes a trigger to be executed. This means that, if it fails to execute, the user sees nothing happening at all.

Solution: We need to display a notification in the GUI saying that the trigger was (attempted to be executed)

At the time of writing (2022-10-01), The buskill-app/src/packages/buskill/__init__.py file is 1,656 lines long. And growing.

This task is to track the effort to split this file up into multiple distinct files.

Feature request: create a .deb and work with Debian to add this software to the main Debian repos

Describe the bug

For some reason, the font size on MacOS after upgrading the BusKill app to v0.5.0 is really small

To Reproduce
Steps to reproduce the behavior:

1. Download the BusKill app v0.5.0
2. Open the BusKill app
3. Struggle to read font

Expected behavior

The font size should be reasonably large and easy-to-read. If needed, the user should be able to increase the font size, as needed.

Screenshots

Versions (please complete the following information):

• OS: MacOS running Monterey (12.6) (MacBook Pro)
• BusKill: v0.5.0

Additional context
Add any other context about the problem here.

This ticket will track the effort to add internationalization (i18n) to the BusKill app such that things like the "arm" button, tooltips, labels in the navigation drawer, settings/options names/descriptions are automatically changed to the system's locale or whatever language is defined in the BusKill settings.

IMHO, it's not so important to provide translations to our documentation, which can trivially be translated by the user with tools like Google Translate. The text in the app, however, can't just be copied & pasted into a translator. So i18n of the app takes priority over i18n of the docs.

Currently the Sphinx-generated autodoc reference documentation is only present for main.py

• https://docs.buskill.in/buskill-app/en/v0.4.0/software_dev/autodoc.html

So it's missing for:

1. src/packages/buskill/init.py
2. buskill_cli.py
3. buskill_gui.py
4. buskill.kv

However, on my local builds, it's present for

1. buskill_cli.py
2. buskill_gui.py

So something is off with the build server. And I need to add the main "buskill" package (src/packages/buskill/__init__.py) for sure

Issue: Now that we're adding a shutdown trigger (#14), storing debug logs in temp storage doesn't always work out great (since they're gone after reboot).

This ticket will track the effort to add a config option to persist the debug log into the BusKill DATA_DIR

Of course, this is blocked by #16

All Python files that come from the Buskill project look like https://github.com/BusKill/buskill-app/blob/master/src/main.py#L1:

#!/usr/bin/env python3.7

In Debian, that interpreter is not available (only 3.9, 3.10 and 3.11 are in Debian unstable and therefore in the next stable release). I get the following warning when I build the package:

W: buskill: unusual-interpreter /usr/bin/python3.7 [usr/share/buskill/buskill_cli.py]
N: 
N:   This package contains a script for an interpreter that is not shipped in the package and is not known to Lintian. It is possible that
N:   there is a typo or the interpreter is not executable.

Now, this doesn't appear to be fatal, so I don't need to patch it, but I'm wondering why the shebang line is so specific. Normally I see this:

#!/usr/bin/env python3

and the OS has the appropriate symlink to make that point to the exact version that's installed.

Would that work with the AppImage/DMG/EXE too?

This task is for me to confirm that all three of our build scripts produce deterministic artifacts.

Files produced by our build script run via GitHub's CI workflows should have identical checksums to files produced by our build script run on our developer's local machines.

See also:

• https://reproducible-builds.org/

https://github.com/stevenj2019/buskill-app/actions/runs/524262719

Windows Build error occurs. Seems to be trying to push binary to BusKills Repo instead of branch.

Many Thanks :)

Describe the bug

When executing buskill.exe in Windows with CLI arguments (CLI mode), nothing is ever printed to the command prompt.

To Reproduce

Execute the following when cwd is the folder containing buskill.exe

buskill.exe --help

Expected behavior

Output should be similar to the following

C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>buskill.exe --help
buskill version {'VERSION': '1632568907', 'GITHUB_REF': 'refs/heads/dev', 'GITHUB_SHA': '29102dc99feaf2359d3aa1d76460e8068c45af15', 'SOURCE_DATE_EPOCH': '1632568907'}
usage: buskill [-h] [--version] [-v] [-a] [-U]
 
App for arming and configuring BusKill. For help, see https://docs.buskill.in
 
optional arguments:
  -h, --help     show this help message and exit
  --version      print version and exit.
  -v, --verbose  increase output verbosity
  -a, --arm      Arms BusKill
  -U, --upgrade  Download & upgrade latest version of BusKill
 
 
C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>

But the output is actually empty

C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>buskill.exe --help
 
C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>

A simple hack can be used to force the output to appear: append | more (found from Stack Overflow)

• https://stackoverflow.com/questions/38981547/making-a-pyinstaller-exe-do-both-command-line-and-windowed

C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>buskill.exe --help | more
buskill version {'VERSION': '1632568907', 'GITHUB_REF': 'refs/heads/dev', 'GITHUB_SHA': '29102dc99feaf2359d3aa1d76460e8068c45af15', 'SOURCE_DATE_EPOCH': '1632568907'}
usage: buskill [-h] [--version] [-v] [-a] [-U]
 
App for arming and configuring BusKill. For help, see https://docs.buskill.in
 
optional arguments:
  -h, --help     show this help message and exit
  --version      print version and exit.
  -v, --verbose  increase output verbosity
  -a, --arm      Arms BusKill
  -U, --upgrade  Download & upgrade latest version of BusKill
 
 
C:\Users\user\Downloads\buskill-win-1632568907-x86_64\buskill-win-1632568907-x86_64\buskill-1632568907-x86_64>

Screenshots
If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

The first version that experiences this is this build, after --noconsole was set in commit 29102dc

• https://github.com/BusKill/buskill-app/releases/tag/1272823787_windows

Additional context

I created an upstream ticket for PyInstaller to fix this

• pyinstaller/pyinstaller#6244

Currently we don't release BusKill for any arm platforms (eg Apple's new M1 notebooks).

This ticket will track the effort to add ARM64 builds.

Config File to manage various settings within the application,
such as Trigger and Device.
This will allow for:
-> Modular Trigger System (expanding to a DIY Trigger oppurunity)
-> Preferred Device (i.e. if you have a device you routinely removed and would like BusKill to ignore its event)
-> a "First Start" sequence to allow for first time configuration

Once Configuration Files are an option within BusKill we can perform further enhancements such as:
-> update frequency
-> Trigger EcoSystem

This ticket will track the effort to write a manpage for the BusKill app that will be displayed when running man buskill on *nix systems.

This is a prerequisite to getting BusKill added to the official Debian repos in #31

• #31

This is an idea for a FileVault trigger.

After the cable is detached, the trigger should be possible to remove the user that has access to Filevault (like: https://brendanthompson.com/til/2021/07/remove-user-from-filevault).

The command to remove a user from FileVault is: sudo fdesetup remove -user <Username>

This way, another (non admin) user can be first setup with access/login to filevault (for good opsec with an unkown password, but that would make it unusable after reboot), so that when the shutdown is triggered, the specific filevault user is removed.

The best option is to delete the whole FileVault key, but AFAIK that's not possible on a running Mac since it's also the boot/system partition, which has to be running when the trigger activates.
Links from my research:
https://discussions.apple.com/thread/7169436
https://apple.stackexchange.com/questions/261537/i-was-able-to-erase-filevault-encrypted-drive

Any thoughts or ideas are greatly appreciated.

This ticket will track the effort to add the project's first unit to our CI pipeline such that:

1. A runner builds the BusKill app
2. The BusKill App is opened in arm mode (CLI)
3. A USB Hotplug Removal Event is done (simulated?)
4. The result of the trigger execution is captured and marked as a success or failure

I'm actually not sure if [3] is possible with GitHub actions. Probably the first thing to determine is how the heck we can make a USB drive get removed from the OS on the GitHub runner.

I'll start with Linux. Once this is done, we should pile in as many popular Linux distros and versions as possible to see if BusKill fails with any of them.

After Linux, let's try Windows and MacOS.

Right now, it looks like the fonts are required for the UI to load. It would be great if the app would fallback to using whatever the defaults fonts are on the system when the Roboto* files are missing.

Some dyslexic users for example choose to set their system fonts to https://opendyslexic.org/ and therefore it would be better on some systems to avoid overriding the user-selected fonts. (I would probably do this on Debian.)

Can you please document how to setup BusKill with Qubes OS?

I have made multiple attempts to run the CLI on Windows (attempting to use soft shutdown trigger and possibly custom triggers) and it just launches the GUI program. If the CLI is usable on Windows, there is definitely a lack of documentation as to how to achieve that.

Is the CLI intended to work on windows, or is that on the future roadmap?

To Reproduce

1. Open CMD at the Buskill install dir
2. run buskill.exe --list-triggers which should invoke the CLI
3. (nothing happens)
4. run buskill.exe (no args) - GUI opens

Also had a quick go at running it via cygwin python but the gnupg package doesn't support cygwin. Might be a workaround somewhere but currently lacking the time/spoons.

Expected behavior
CLI working on Windows

Versions (please complete the following information):

• OS: Windows 10
• BusKill: v 0.6.0

Happy to do any further testing or run any experimental builds.