Andrew Morgan's Blog

It's a blog

GSoC Weekly Progress Report #9 - Final

August 29, 2017 — Andrew Morgan

Hey everyone, another blog post coming right on the heels of the final week of GSoC. I have to say that it's been an absolute blast participating, and I hope to have the chance to do so again before I graduate.

Barring that, I can say that qubes-MIME-types (now renamed to qubes-file-trust) as a project is now in a complete and working state! Fedora and Debian packages are currently being put together, and will hopefully show up in the repos in the not-too-far future.

And now, on to the final report!

Original goals

The original goals outlined in my proposal consist of the following:

  1. Implement a python context menu in Dolphin and Nautilus as well as a minimal GUI for modifying file trust settings
  2. Create a patch for Nautilus and Dolphin to follow these settings when opening a file
  3. Create a system daemon to watch and enforce file trust settings on files create inside of untrusted folders
  4. Documentation of implementation
  5. Unit testing and integration

In terms of meeting these goals, most were completed on time. The only task yet to be completed is a patch for KDE's Dolphin File Manager. The patch for Nautilus ended up taking at least 3 weeks, and thus towards the end of the project I decided to prioritize polish and bug fixes of the existing code over starting an entirely new patch.

Other than that though, the rest of the goals were met, and the code is now sitting in five separate repositories on my Github. There are, with explanation:

  1. The main repo, containing the python qvm-file-trust command line tool and the C++ system daemon that watches untrusted folders: qubes-file-trust

  2. The patched version of nautilus, patched to allow extensions to react to file-opening events and block them if necessary: qubes-nautilus-trust

  3. The patch version of nautilus-python, patched to allow the same thing as above: qubes-nautilus-trust-python

  4. Our nautilus extension that listens for file-opening events and blocks them if it references an untrusted file (and opens them in a disposable VM instead): qubes-nautilus-trust-extension

  5. Dolphin activities that allow one to change the trusted state of a file or folder from the right-click menu: qubes-dolphin-trust-activities

Recent updates

For those following the series, here are the main updates since the last posting:

Nautilus pointer truncation bug workaround

In the last blog post, I talked about a horribly hacky workaround that I was using to get around the pointer truncation bug that kept causing nautilus to crash. Not only was it hacky, but it also only worked inside of a running gdb instance, which is pretty useless.

Working with a friend, we managed to narrow the bug down to a scope issue. For some reason the GList* was being returned as an integer instead, which explains the 32-bit truncation (integers are 32-bit by default in C). Neither the nautilus maintainer, nor my mentors really had any clue about how to come up with a solution.

To rectify this, instead of grabbing the GList* from nautilus-mime-actions.c (which had scope issues), we sourced the pointer from the same file as the method that generated it, then transferred it to nautilus-mime-actions.c through a double-pointer. You can see the code here and here. Admittedly, this is still a workaround for the scope issue, but it's MUCH cleaner than before, and actually works outside of gdb, so that's handy.

Nautilus patch now supports opening multiple files at once

Yes, originally you could only open one file at a time with the patch (lame!). But, after learning a bit more about how extensions in nautilus are handled, this limitation has now been removed, and things are opened as you'd expect them to be.

Added new commands to qvm-file-trust such as --check-multiple and --check-multiple-all-untrusted

In earlier iterations, you were only able to check the trust state of a single file or folder at a time. There wasn't really a need to check multiple at once. That was until I tested opening multiple files from nautilus. We would have to make a separate call to qvm-file-trust for every single file, and spinning up and down the Python runtime, combined with extensions running in the same thread as nautilus itself, made everything way too slow.

These commands were added in order to check a large list of files all in one go. Both commands tell you which files are untrusted and which aren't, however they each return different error codes based on different situations. More explanation can be found in the updated man page (now written in RestructuredText!)

RPM packages and repo separation

As mentioned above, the qubes-mime-types repo has not only been renamed, but also broken up into three separate repos! This was to keep things clean, as well as to follow packaging, as it was decided to have one package per repo, instead of multiple stemming from a single codebase. Each repo now has its own rpm_spec folder, containing the SPEC files used to build RPM packages. These packages build and install successfully on my machine (minus some minor packaging issues, this is my first time packaging for Linux, so go easy :), and they will hopefully be available in Qubes Fedora (and debian!) repos in the not-too-distant future.

The were lots of little bug fixes across all the repos, and likely more to come once people start getting their hands on the packages. I'll make another post when they're available to download. I'll also continue to maintain the code even after my GSoC period to ensure there aren't any issues for anyone, as well as extend in little ways, such as adding support for upcoming Qubes R4.0 features (multiple DispVM templates, anyone?).

Thanks and closing thoughts

That's all for this week (and Summer). Thank you for taking the time to read my ramblings over the past few months. QubesOS is currently my all-time favorite operating system, and I can't wait to see how it flourishes in the seasons and releases to come.

I'd also like to thank my mentors, Marek Marczykowski-Górecki and Jean-Philippe Ouellet, as well as the rest of the Qubes team, for putting up with my questions and issues along the way.

It was both fun and an honor to work with you, and I hope to continue to do so in the future.

Tags: gsoc-2017, progress-report