New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Man Page on Windows #82
Comments
Well ssh has a man page so I'd suggest looking there. Cygwin ssh would likely be your best bet. |
Not offhand. But PyInstaller's documentation should describe how to do this. I'd be happy to this feature in, if you were interested in working on it. |
@jtesta Let's say we do find a way to ship the man page (in its converted format) within the ssh-audit executable... You'd need to add some steps to your Windows build process to produce the ANSI escape sequence formatted version of the man page (as described above). Are you OK with this? I simply cannot find a way to easily render man pages on Windows in their native format. There's probably some library that exists for this purpose but I am opposed to adding any third party libraries into a project unless absolutely essential. |
Yep. Every time the
One of the original design goals of ssh-audit was to run with no external dependencies. The Windows build is a special case, however. Before PyInstaller is run, dependencies can be installed with pip. However, I'm pretty sure that wouldn't be needed. Colors can be enabled with the SetConsoleMode() Win32 API call (for an example, see https://github.com/rbsec/sslscan/blob/1530435c4eb7de0bc4eb47eda481497bf61b4d63/sslscan.c#L3654). After that, ANSI escape sequences work just fine (see https://github.com/rbsec/sslscan/blob/1530435c4eb7de0bc4eb47eda481497bf61b4d63/sslscan.h#L99). I don't know off-hand how to call SetConsoleMode() from Python code, however... |
What if instead of WINDOWS_MAN_PAGE = '<ANSI Escape Sequence Formatted Value>' Could |
On Wed, 2021-01-20 at 14:58 -0800, thecliguy wrote:
What if instead of update_windows_man_page.sh producing a text file,
it produced a python file, where it populates a string with the ANSI
escape sequence formatted version of the man page?
WINDOWS_MAN_PAGE = '<ANSI Escape Sequence Formatted Value>'
Could ssh-audit then reference WINDOWS_MAN_PAGE as a variable so we
don't have to package the man page as a text file?
I was thinking that, actually. Then the code can do something like:
```
if sys.platform == "win32":
import windows_man_page
do_terminal_color_setup() # Somehow...
print(WINDOWS_MAN_PAGE)
```
Two concerns about the above strategy: 1.) PyInstaller might not
automatically package windows_man_page.py; it might need to be
explicitly told (somehow), and 2.) pylint and/or flake8 might not like
conditional imports.
…--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
|
Here's another way we could approach it that avoids both of those potential problems... Add When performing a windows build, run When a user invokes What do you think? |
What do you think?
Perfect!
|
I am making an assumption that PyInstaller automatically packages |
I am making an assumption that PyInstaller automatically packages
globals.py. Is that correct?
Yep.
|
I've written a function to:
The function is invoked using the I've a couple of implementation related questions for you...
sopts = 'h1246M:p:P:jbcnvl:t:T:L'
lopts = ['help', 'ssh1', 'ssh2', 'ipv4', 'ipv6', 'make-policy=', 'port=', 'policy=', 'json', 'batch', 'client-audit', 'no-colors', 'verbose', 'level=', 'timeout=', 'targets=', 'list-policies', 'lookup=']
# The manual options are intended for use on Windows only.
# Users of other operating systems should read the man page.
if sys.platform == 'win32':
sopts += 'm'
lopts.append('manual')
|
Do you want to hide -m and --manual in usage on non-Windows platforms
or just make its purpose clear by including Windows only in the
explanation text, EG: -m, --manual print the man page (Windows only)?
Perhaps `usage()` should explicitly tell the user that -m/--manual is
for Windows only. And if it's used on a non-Windows OS, we print an
error that it's not supported on this platform (I think this should
answer your first question too).
|
@jtesta Thank you, that makes sense. I'll proceed on that basis. In PACKAGING it says that the Windows package is built against Python 3.7.x. I see that PyInstaller (4.2 stable) now supports up to Python 3.9, see downloads. Do you want to continue building against Python 3.7.x or move to 3.9.x? Should I open a new issue for this? |
Do you want to continue building against Python
3.7.x or move to 3.9.x?
I'll switch to Python 3.9 for Windows builds, then.
Should I open a new PR for this?
To update PACKAGING? That wouldn't be necessary. I'll update it
myself with tweaks after each time I package a new release.
|
Thanks! I approved it, and changed a few things in 11e2e77. Namely, Secondly, since colorama.init() does all the terminal color setup for us already, I removed all the direct Win32 API calls you included (I appreciate the work you put into that, though!). Unfortunately, the current colorama version ignores the underlining sequences, so we lose that in the translation (perhaps we can open an issue with them... update: there's already an open PR to support underlining: tartley/colorama#267). And strangely, when I make a test build with pyinstaller 4.2 and Python 3.9.1 (the latest versions of both) and run with Other than that, if you're able to give it a test with my changes included, please let me know if you notice anything wrong! Thanks again! |
Hi Joe, the code I had written was more verbose but served some specific purposes... I was just looking at
Regarding |
I see that |
A comment about underlined text...
To demonstrate, if you remove this: ssh-audit/src/ssh_audit/ssh_audit.py Lines 62 to 66 in 49cf91a
And add |
According to this and this, version 1511 reached its end-of-life in October 2017. So we don't need to worry about Windows 10, it seems.
I see that Server 2012 R2 is supported until late 2023. In that case, users on that platform can run with
3609461 fixes this. You can now run
This is also fixed in 3609461. Cygwin's
Sure. I'm probably going to continue to use Cygwin when making official builds, but if you want to add support for another workflow for yourself, feel free!
Well that's pretty unexpected! I wonder why this I experimented with removing colorama for this new trick. We do indeed gain underlining functionality, but lose the ability to detect output re-direction & escape code filtering; escape codes end up being printed when piping output to So the choice comes down to:
I'd prefer waiting patiently for colorama so we have less code to maintain. |
@thecliguy Do you have access to a Server 2012 R2 machine? If so, can you show the output of |
Great, so we don't need to worry about unicode characters in the man page because you've stripped out unicode hyphens prior to export in On Windows 10, now that you've changed I agree about underlining, let's just wait for colorama to merge that PR. So the last thing to do is engineer a way to automatically turn off colours in older version of Windows that lack ANSI support... I believe that these are the versions of Windows released prior to Windows 10 that are still in support:
I feel confident in saying that Microsoft will not to backport ANSI support to either of the above, they are far too old in their respective product lifecycles to have any new features added. So we should automatically turn off colour on both of these Windows versions.
Perhaps it would be easier to use if sys.getwindowsversion().major < 10: Windows Server 2016 Windows Server 2016 was developed concurrently with Windows 10 (they share a We know that ANSI support was first added in Windows 10 version 1511, so in |
Windows 8.1 - End of Extended Support: January 10, 2023
Ok, I'll look into how to identify Windows 8.1.
platform.platform() outputs the following on Windows Server 2012 R2:
Windows-2012ServerR2-6.3.9600-SP0
Thanks!
Perhaps it would be easier to use sys.getwindowsversion, EG:
if sys.getwindowsversion().major < 10:
What does this do on Windows Server 2016, though? I'd be wary of using
this without testing first. Since I don't have Server 2016 handy, I'll
probably go with platform.platform() to be safe.
Thanks for the help!
|
For Windows 10, Windows Server 2016 and Windows Server 2019 the See Windows System Information: Operating System Version and Comparison of Microsoft Windows versions: Windows NT. I currently only have access to Windows 10 and Windows Server 2012 R2 machines, here's what # Windows Server 2012 R2
sys.getwindowsversion(major=6, minor=3, build=9600, platform=2, service_pack='')
# Windows 10
sys.getwindowsversion(major=10, minor=0, build=18363, platform=2, service_pack='') |
Ok, I updated it to use sys.getwindowsversion(), since that doesn't
require an additional import. Thanks for doing research on this!
|
I noticed that you placed the code for disabling colour within ssh-audit/src/ssh_audit/ssh_audit.py Lines 1029 to 1033 in 1b7cfbe
This means that there is no colour output at all now on older versions of Windows, such as when performing a scan. Older versions of Windows can handle colour output, they just don't understand ANSI. So you only need to suppress colour output within |
This means that there is no colour output at all now on older
versions of Windows, such as when performing a scan.
Older versions of Windows can handle colour output, they just don't
understand ANSI. So you only need to suppress colour output within
windows_manual.
They can do color in other ways? How? I thought older versions of
Windows had no color support at all.
The scan output uses ANSI color codes as well (see
https://github.com/jtesta/ssh-audit/blob/1b7cfbec713a2d0cbc6ded2df8b768a4f745d9eb/src/ssh_audit/outputbuffer.py#L64
). So we're already in an all-or-none situation.
If there's another way to do color on Windows 8.1/Windows Server 2012
R2, I'm all ears!
|
Although Windows 10 version 1511 was the first version of Windows to support ANSI escape sequences, colour was previously supported by calling the Windows Console API. Sorry about this... I just discovered something that I should have realised earlier... It appears that colorama must convert ANSI escape sequences into Windows Console API calls because when ssh-audit is packaged as an EXE or you run So actually, we don't need this: ssh-audit/src/ssh_audit/ssh_audit.py Lines 1029 to 1033 in 1b7cfbe
In case colorama is not available then we should:
Apologies, this has been quite a journey of discovery... But I think this is the final revision. Does this sound OK to you? |
How about this? if not self.use_colors or not self.colors_supported:
windows_man_page = re.sub(r'\x1b\[\d+?m', '', windows_man_page) |
Sorry, that example above is wrong - I need to take a break from this... 😩 Hopefully you get my point though. |
Sorry, that example above is wrong - I need to take a break from
this... 😩
No problem.
When you're ready to continue, I think the easiest path would be for
you to test a patch against your Server 2012 machine, then submit a PR.
Otherwise, I'm pretty much just guessing with changes on my end.
No rush, though.
|
Thank you, there is just a small amount of work left to finish this. I can visualise exactly what needs to be done, I will submit a PR tomorrow. |
@jtesta PR submitted, see #95. When I first wrote It isn't necessary to disable colour on older versions of Windows without native ANSI support because the colorama library converts ANSI into the appropriate win32 calls. Therefore I have made the following changes:
I've also:
Once Windows Server 2012 R2 and Windows 8.1 are out of support, all in-support versions of Windows should be capable of handling ANSI natively. When that time comes it would be worth thinking about whether the colorama library should be |
Merged. Thanks for helping me with this! I'd like to get a release out the door soon. I'm just waiting on a block of hours to free up so I can focus on packaging everything up correctly. Hopefully that will be within the next few days! Thanks again! |
I'm contemplating whether it would be possible make the man page available in Windows.
This is not a complete solution, these are just my initial thoughts exploring what would be required and how we might go about doing it... Any thoughts, feedback or suggestions would be welcome...
Converting the man page to a readable format for the Windows console
Since Windows doesn't have a manual reader, the man page would need to be converted to a format that can be rendered in the Windows console. This would have to be performed as part of the build process when there's a new release.
One option would be to simply convert it to plain text output. This conversion can be achieved as follows:
MANWIDTH=80 man ./ssh-audit.1 > ssh_audit_windows_man.txt
In Windows 10, the console is capable of interpreting ANSI escape sequences (also known as VT escape sequences). So another option would be to convert the man page to ANSI escape sequence formatted output, this would preserve any typographical emphasis that's present in the original man page, such as bold and underlined text. This conversion can be achieved as follows:
Example of an ANSI escape sequence formatted man page on Windows 10
Displaying the man page
Displaying the man page could perhaps be invoked using a command line parameter such as:
Packaging the converted man page
Currently the Windows package is a standalone executable with no external dependencies. Ideally any solution that's adopted would preserve this.
Does anyone know of a way that the man page (in its converted format) could be embedded into the ssh-audit executable without having to ship an external text file?
The text was updated successfully, but these errors were encountered: