Avoid python tracebacks in output during provisioning - Githubissues

freedomofpress / securedrop-workstation

Qubes-based SecureDrop Journalist Workstation environment for submission handling

GNU Affero General Public License v3.0

141 stars 43 forks source link

Avoid python tracebacks in output during provisioning #1207

Open rocodes opened 1 day ago

rocodes commented 1 day ago

[x] I have searched for duplicates or related issues
Related (these could make a story/epic):
- Address (or suppress) warning messages and/or information displayed in terminal output: https://github.com/freedomofpress/securedrop-workstation/issues/1123 , https://github.com/freedomofpress/securedrop-workstation/issues/747 , https://github.com/freedomofpress/securedrop-workstation/issues/417
- Catch logic errors and don't provision, or bail early: https://github.com/freedomofpress/securedrop-workstation/issues/1071 , https://github.com/freedomofpress/securedrop-workstation/issues/232
- Logic: https://github.com/freedomofpress/securedrop-workstation/issues/813

Description

Per https://github.com/freedomofpress/securedrop-workstation/pull/1205#issuecomment-2508199486, consider showing a friendlier warning instead of a python traceback in provision-all or other admin scripts.

How will this impact SecureDrop/SecureDrop Workstation users?

Easier to understand terminal output. (Potentially harder to debug if there is an issue, but we can address.)

How would this affect the SecureDrop Workstation threat model?

this issue: n/a. Linked issues: be sure not to write sensitive info to console.

deeplow commented 21 hours ago

@rocodes should we add to the scope python tracebacks during sdw-admin --validate?