Print improvements: don't print unprintable filetypes, improve PDF conversion and mimetype detection

[rocodes]

Status

Ready for review

Documentation changes tk as well

Description

Printer-focused UX improvements/support: (#918)

• Detect file mimetypes via mimetype instead of by file extension before printing
• Add new status codes to report mimetype detection/conversion/unprintable types back to the user
• Update print dialog to display a message if the user tries to print an unprintable type

Broadening printable filetype support: (#1725)

• Use libreoffice headless mode instead of unoconv for file conversion
• Attempt to convert for printing any file type that is supported by libreoffice, by parsing its .desktop entries on sd-devices. This broadens our printable filetypes from ~10 to ... a lot more than 10 :) ... although some may not print well. (This isn't quite an accurate list; I will add a docs PR).

Dependency management:

• Specify libreoffice as a dependency of the securedrop-export and securedrop-viewer packages in the debian/control file. This is a change for two reasons:
  • Removes the no-install-recommends flag, meaning Java (openjdk-17-jdk at present time) will be installed, which it currently is not. This is intentional; it will allow us to support viewing and converting more filetypes. When updated client packages have been released, we can remove the Salt logic that installs libreoffice: see Remove Salt logic installing libreoffice securedrop-workstation#1162
• Adjust paxctld.conf to allow openjdk-17 (needed for a dependency of libreoffice, ca-certificates-java).
• Deprecate unoconv dependency

Fixes #918
Fixes #1725 (although we will still want to look at an overall consistent way of handling file types in the client, and there have been a few suggestions)
Refs (probably fixes, but needs testing) #1731

Test Plan

• Visual review
• CI passing
• Manual testing (below)

Manual testing

• You will need a supported USB printer.
• Start from SecureDrop Workstation 1.0.0 rpm or tag and provision SDW. Build packages from the tip of this branch, and install them in the large template. You will need to install at minimum securedrop-client, securedrop-export, securedrop-workstation-viewer, and securedrop-workstation-config.
• Packages install successfully
• Shut down the template, then start SDW. You will need to submit various file types to your instance for testing: please submit: a multi-page PDF; a plain .txt file; one or more video/audio files; one or more image files; one file with the wrong extension; and one or more files supported by libreoffice.
  Viewing
• Files that are currently supported by securedrop-workstation viewer can be viewed in viewer Dispvm (no change, no added filetype support, just regression testing)
  Printing
• Printing a multi-page PDF is successful
• Printing a .txt file is successful
• Printing a non-PDF file is successful; you can choose from any of the filetypes supported by libreoffice ( 😮 ), although definitions of "success" may be stretched for some filetypes.
• Attempting to print a video or audio file or any other "unprintable" mimetype (see below) results in the printer modal error that says "This file type cannot be printed" (Disable "Print" when file format is not conducive to printing #918). You don't have to try every single type.

unprintable types

"audio/mp4", "audio/mpeg", "audio/x-vorbis", "audio/x-wav", "video/quicktime", "video/x-theora", "video/mp4", "video/webm", "video/x-msvideo", "video/x-ms-wmv", "application/vnd.djvu", "application/vnd.rar", "application/zip", "application/x-7z-compressed"

Checklist

TK

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

• I have tested these changes in the appropriate Qubes environment
• I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
• These changes should not need testing in Qubes

If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:

• I have updated the AppArmor profile
• No update to the AppArmor profile is required for these changes
• I don't know and would appreciate guidance

If these changes modify the database schema, you should include a database migration. Please check as applicable:

• I have written a migration and upgraded a test database based on main and confirmed that the migration is self-contained and applies cleanly
• I have written a migration but have not upgraded a test database based on main and would like the reviewer to do so
• I need help writing a database migration
• No database schema changes are needed

[legoktm]

I just did a quick skim!

[rocodes]

I was hoping to have this all finished + green before tomorrow and to do a little more testing, but I'm a little short on time and still need to fix up one or two tests, but I'm taking it out of draft mode to invite more feedback and testing. So far I've tested the export component with locally-built packages, and printing and mime detection are working as expected.

I will be back to address review feedback (such as #2166 (comment) and anything else that arises) and do test fixup on Wed.

[legoktm]

Excited for this, I've done a code review pass and now am going to actually test it.

[legoktm]

Since we're testing against fixed sample files, can we assert the real number? Or even just the full list of mime types?

[legoktm]

Test plan checks out, one note: I tried "one file with the wrong extension" by having a webp image with the .txt extension, it opened in the wrong application (text editor instead of eog), I don't think that's a regression here right?

Marking as requesting changes based on previous CR

[legoktm]

I pushed 292b230 in a separate branch to show how we can install LibreOffice in CI and use it for integration tests; there could be others that run various files through headless libreoffice to see how the conversion goes and error handling instead of trying to mock it all out.

Let me know if you'd like me to push it to this branch or submit it as a separate PR after this lands! (Or feel free to pull it in yourself :))

[rocodes]

Hey, thank you for all the feedback and testing :) Realquick:

• These changes don't affect sd-viewer (and don't broaden viewing support - only printing support), so you're right that the .txt file being opened in the wrong application is not related (but we should fix it).
• I have local changes to address a couple failures including the pathlib thing you noticed, but I ran out of time and didn't want to push anything in haste - sorry if you spent too much time looking into that.
• Thanks for all your cleanup changes - much better - shall include them too. And I'll take a look at your libreoffice branch. I was on the fence about including that in CI or whether that blurs the boundaries between unit-testing and integration testing, but I'm into it.

[legoktm]

• so you're right that the .txt file being opened in the wrong application is not related (but we should fix it).

Ack, filed separately as #2171.

• I have local changes to address a couple failures including the pathlib thing you noticed, but I ran out of time and didn't want to push anything in haste - sorry if you spent too much time looking into that.

OK! I was going to spend some time today figuring that out but I can hold off for now then.

• And I'll take a look at your libreoffice branch. I was on the fence about including that in CI or whether that blurs the boundaries between unit-testing and integration testing, but I'm into it.

It definitely does blur the boundaries, but I think mixing is fine, if we end up having more we can split them out into separate files.

Also, integration tests are important:

[legoktm]

test are failing because it doesn't find any libreoffice .desktop mime types:

        if len(supported_types) == 0:
>           raise ExportException(sdstatus=Status.ERROR_MIMETYPE_DISCOVERY)

I suspect you (like me) have LibreOffice installed locally so it passes locally but the CI container doesn't have it, so it either needs to be mocked or we just install LibreOffice in CI and it works (which it will once my integration patch is in)

[rocodes]

:) I did catch that, and I think I addressed all your changes too in 05fe7dd..706e94a (edit - but not quite successfully, apparently - hang on)

[rocodes]

(moving out of 'ready for review' until I pull in 292b230)

[legoktm]

A cool trick is that startswith takes a tuple of strings, which allows you to do:

>>> 'audio/foo'.startswith(('audio/', 'video/'))
True
>>> 'text/foo'.startswith(('audio/', 'video/'))
False

[legoktm]

LGTM, in real testing, it all works too!