Project 'PrintVault'

This project turns a Windows PC or VM into a simple print server. It allows users on the same network (or internet via DMZ and DNS A Record entry) to upload files through a web interface and automatically sends them to a designated printer using a folder monitoring script, with pre-print sanitation for PDFs and Office files, minimizing the risk of embedded malicious code.

---

Project Folder Structure

PrintVault/
│
├─ Installers/ # Python installer, Gpg4win, qpdf zips, etc.
├─ Logs/ # All log files from scripts
├─ venv/ # Virtual environment
├─ Share/ # Folder to watch
│ └── sanitized/ # Folder for sanitized files
├─ updog/ # Updog-related files modified for this project
├─ install_print_server.ps1 # Installs dependencies, verifies Python packages, and sets up environment
├─ verify_packages.py # Checks Python packages against requirements.txt for version and name mismatches prior to install
├─ watch_folder_print_monitor.py # Watches Share folder, sanitizes files, prints, and deletes them
├─ start_print_server.ps1 # Launches folder monitor and Updog server in separate PowerShell windows
├─ config.env # Centralized configuration variables for all scripts
└─ README.md # You are here.....

---

Installation Process and Python Package Verification

A key feature of PrintVault is the secure installation process, which ensures Python packages are verified before being installed to reduce supply chain attack risks.

Before starting the install process, install the desired printer on the PC/VM, and set it as the default printer. 

Step 1: Run install_print_server.ps1

• Installs Python if not already present.
• Creates a virtual environment (venv/).
• Reads requirements.in and generates requirements.txt to verify each package before installation.

Step 2: Package Verification with verify_packages.py

1. Parse Requirements: Reads requirements.txt and extracts package names and exact versions.

2. Check Installed Packages: Compares the virtual environment packages to requirements.

3. Minor Name Mismatches: Flags differences (e.g., boolean-py vs boolean.py) as warnings with [NOTE] messages alerting of potential issues.

   ⚠️ This ensures that before any package is installed, you are aware of potential typosquats, version mismatches, or security issues.

4. Audit Vulnerabilities: Runs pip-audit to detect known vulnerabilities. If a vulnerable package would be installed, the installation aborts.

5. Logging: All verification results are logged to %LOGS_DIR%, providing a clear report for administrators.

Step 3: Install Required Packages

• After verification, only safe packages are installed into the virtual environment.
• Logs include all warnings, errors, and confirmations of successful installs.

Step 4: QPDF Verification (Uses GPG)

• qpdf.exe is downloaded from the official source along with its .sig signature.
• gpg.exe (from Gpg4win) is used to verify the integrity and authenticity of the qpdf.exe binary.
• Public GPG key fingerprint used for verification:

C2C9 6B10 011F E009 E6D1 DF82 8A75 D109 9801 2C7E

• If the signature verification fails, the installer exits to prevent unsafe binaries from being used.

• Note: GPG is not used for Python package verification—it's solely for validating qpdf.exe.

• During installation, the user is instructed:

IMPORTANT: On the 'Choose Components' page of the Gpg4win installer, ensure ONLY 'GnuPG' is checked. UNcheck all other options.

---

How It Works

1. Start the server

   • Run start_print_server.ps1. This activates the Python Virtual Environment.
   • Launches the folder monitor in one PowerShell window.
   • Launches an Updog HTTP server in another PowerShell window.

2. File upload

   • Connect to the server in a browser:

     http://<LOCAL_IP>:<UPDOG_PORT>
     

   • Log in using credentials from config.env.

   • Upload supported files: .pdf, .doc/.docx, .txt

3. File sanitization, monitoring & deletion

   • Files are saved temporarily to the shared folder (Share/).
   • The monitor script (watch_folder_print_monitor.py) handles:
     • PDFs → sanitized using qpdf with --linearize.
     • Word documents → macros removed using Word COM automation.
     • Text files → passed through as-is.
   • Files are printed immediately and deleted from all locations.

---

Printing Details

• Word documents → printed using Microsoft Word COM automation.
• PDF files → sanitized via qpdf then printed using Adobe Acrobat/Reader.
• Text files → printed using Windows ShellExecute.
• Unsupported formats → ignored.

Printer is configured in watch_folder_print_monitor.py:

PRINTER_NAME = "NPI960DB4"

Update to match your printer.

---

Security & Sanitation

• Authentication required.
• Rate limiting: max 2 uploads per IP per 5 minutes.
• Failed login protection: blocks IPs after 10 failed attempts.
• PDF sanitation: removes scripts, annotations, and other objects using qpdf.
• Word macro stripping: removes all macros.
• Automatic deletion ensures sensitive files are not retained.
• Unsupported files are ignored.

---

Logs

• Updog server log → Logs/updog_server.log
• Print monitor log → daily-rotated logs under Logs/
• Package verification notes → %LOGS_DIR%

---

Usage

1. Run install_print_server.ps1 to set up Python, dependencies, verify packages, and validate qpdf.exe.
2. Ensure Share/ folder exists.
3. Start the server with start_print_server.ps1.
4. Upload files → sanitized, printed, and automatically deleted.

---

Configuration Guide

Edit config.env:

UPDOG_USERNAME=NEW_USER
UPDOG_PASSWORD=NEW_PASSWORD
UPDOG_PORT=9090
SHARE_FOLDER=C:\Users\<USERNAME>\Desktop\Share
LOGS_DIR=C:\Users\<USERNAME>\Desktop\Logs
PRINTER_NAME=NPI960DB4
UPLOAD_LIMIT=2
WINDOW_SECONDS=300
MAX_FAILED_ATTEMPTS=10
BLOCK_DURATION=900

• Save changes and restart server.

---

Workflow Example

1. Start server.
2. Upload PDF/Word/TXT file.
3. File is sanitized automatically.
4. File prints.
5. Files deleted; logs reflect events.
6. Unsupported files are ignored/denied.