feat: add report bundle

Signed-off-by: James Petersen <jpetersenames@gmail.com>

Author: found-it

Cargo.lock

@@ -5,7 +5,10 @@ edition = "2024"
 
 [dependencies]
 anyhow = "1.0.99"
+chrono = "0.4.42"
 env_logger = "0.11.8"
+flate2 = "1.1.2"
 log = "0.4.28"
 procfs = "0.18.0"
 sysinfo = "0.36.1"
+tar = "0.4.44"

Cargo.toml

@@ -1,6 +1,8 @@
 #!/bin/sh
 set -eu
 
+echo "EDERA_PREFLIGHT_CHECK_NAME=Can PVH Be Enabled"
+
 # prerequisites: msr-tools (rdmsr), and the msr kernel module
 modprobe msr 2>/dev/null || true
 

scripts/pvh.sh

@@ -3,7 +3,6 @@ use super::{
     CheckResultValue::{Errored, Failed, Passed},
 };
 
-use log::debug;
 use std::process::Command;
 
 const GROUP_IDENTIFIER: &str = "HardwareChecks";
@@ -50,11 +49,7 @@ impl HardwareChecks {
 
         let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
 
-        for line in stdout.lines() {
-            debug!("{}", line);
-        }
-
-        CheckResult::new(&name, Passed)
+        CheckResult::new_with_output(&name, Passed, Some(stdout))
     }
 
     fn record_lspci(&self) -> CheckResult {

src/hardware.rs

@@ -114,10 +114,7 @@ impl KernelChecks {
         // Search loaded modules
         let modules = procfs::KernelModules::current();
         if let Err(e) = modules {
-            return CheckResult {
-                name,
-                result: Errored(format!("getting kernel modules {e}")),
-            };
+            return CheckResult::new(&name, Errored(format!("getting kernel modules {e}")));
         }
         let modules = modules.unwrap();
 

src/kernel/mod.rs

@@ -33,13 +33,22 @@ pub struct CheckResult {
 
     /// result is the final result of an individual check
     pub result: CheckResultValue,
+
+    /// output_to_record is an optional field used to return output that should be recorded into an
+    /// information bundle
+    pub output_to_record: Option<String>,
 }
 
 impl CheckResult {
     pub fn new(name: &str, result: CheckResultValue) -> Self {
+        Self::new_with_output(name, result, None)
+    }
+
+    pub fn new_with_output(name: &str, result: CheckResultValue, output_to_record: Option<String>) -> Self {
         Self {
             name: name.to_string(),
             result,
+            output_to_record,
         }
     }
 }

src/lib.rs

@@ -1,23 +1,86 @@
 use preflight::{
-    CheckGroup,
+    CheckGroup, CheckGroupResult,
     CheckResultValue::{Errored, Failed, Passed},
+    hardware::HardwareChecks,
     kernel::KernelChecks,
     script::ScriptChecks,
     system::SystemChecks,
-    hardware::HardwareChecks,
 };
 
-use anyhow::{Result, anyhow, bail};
+use anyhow::{Context, Result, anyhow, bail};
+use chrono::Utc;
+use flate2::Compression;
+use flate2::write::GzEncoder;
 use log::info;
 use std::env;
+use std::fs;
+use std::fs::File;
 use std::os::unix;
+use std::path::{Path, PathBuf};
 
 // Skip certain groups. List is separated by ;
 fn skip_groups() -> Vec<String> {
     let skips = env::var("EDERA_PREFLIGHT_SKIP_GROUPS").unwrap_or_default();
     skips.split(";").map(|s| s.to_string()).collect()
 }
 
+fn create_gzip_from(base_path: PathBuf) -> Result<()> {
+    let mut archive_path = base_path.clone();
+    archive_path.set_extension("tar.gz");
+    let tar_gz = File::create(&archive_path)
+        .with_context(|| format!("failed to create {}", archive_path.display()))?;
+    let enc = GzEncoder::new(tar_gz, Compression::default());
+    let mut tar = tar::Builder::new(enc);
+    tar.append_dir_all(".", base_path)
+        .context("failed to append to tar {}")?;
+    info!("Wrote to: {}", archive_path.to_string_lossy());
+    Ok(())
+}
+
+fn create_base_path() -> Result<PathBuf> {
+    let now = Utc::now();
+
+    let base = env::var("EDERA_PREFLIGHT_REPORT_DIR")
+        .map(PathBuf::from)
+        .unwrap_or(env::temp_dir());
+
+    let base_path = base.join(format!(
+        "protect-preflight-bundle-{}",
+        now.format("%Y%m%d-%H%M%S")
+    ));
+    fs::create_dir_all(&base_path)
+        .with_context(|| format!("could not create {}", base_path.display()))?;
+    info!("Writing all files to {}", base_path.to_string_lossy());
+    Ok(base_path)
+}
+
+fn write_group_report(
+    group: Box<dyn CheckGroup>,
+    result: &CheckGroupResult,
+    path: &Path,
+) -> Result<()> {
+    let path = path.join(group.id());
+    fs::create_dir_all(&path).with_context(|| format!("could not create {}", path.display()))?;
+
+    for check in result.results.iter() {
+        // Sanitize the name of the check into a flat file. Script Checks default to the path of
+        // the script as the name so we need to sanitize.
+        let name = check
+            .name
+            .replace(" ", "_")
+            .replace("/", "_")
+            .replace(".", "");
+
+        let path = path.join(name);
+        match check.output_to_record.as_ref() {
+            Some(text) => fs::write(&path, text),
+            None => fs::write(&path, format!("{}", check.result)),
+        }
+        .with_context(|| format!("failed to write to {}", path.display()))?;
+    }
+    Ok(())
+}
+
 fn main() -> Result<()> {
     env_logger::init();
 
@@ -36,6 +99,9 @@ fn main() -> Result<()> {
             .map_err(|e| anyhow!("failed to chroot to {target_dir}: {e}"))?;
     }
 
+    let base_path =
+        create_base_path().map_err(|e| anyhow!("failed to create bundle base path: {e}"))?;
+
     // Run each check group
     for group in groups {
         // Check if we need to explicity skip this group
@@ -61,8 +127,12 @@ fn main() -> Result<()> {
         if matches!(check_group_result.result, Errored(_)) {
             final_result = Errored(String::from("group errored"));
         }
+
+        write_group_report(group, &check_group_result, &base_path)?;
     }
 
+    create_gzip_from(base_path)?;
+
     match final_result {
         Errored(_) | Failed(_) => bail!("Preflight checks did not pass"),
         _ => Ok(()),

src/main.rs

@@ -147,7 +147,7 @@ impl ScriptChecks {
                 stderr
             )),
         };
-        CheckResult::new(&name, result)
+        CheckResult::new_with_output(&name, result, Some(stdout.to_string()))
     }
 }