On 10/11/2017 11:02 PM, Marek Marczykowski-Górecki wrote: > On Wed, Oct 11, 2017 at 05:07:38PM -0700, Andrew Morgan wrote: >> Hey all, it's been a while since I last reported on the progress of the >> Qubes-MIME-Types project, now renamed to Qubes File Trust, but I'd like >> to share an update on how things have been going. > >> School has been a bit busy since it started again, but I've found time >> in the last couple weeks and have gone ahead fixed a ton of bugs and >> implemented the last few remaining features, including: > >> * Recursively removing old inotify watches when a folder is moved from >> under an untrusted directory. > >> This means that when you move a subfolder out of an untrusted folder, >> the files within will remain as untrusted, but any new files or folders >> that are created within the moved folder are no longer marked as untrusted. > >> * The qubes trust daemon now keeps track of when rule lists are >> modified, and updates its watches accordingly. > >> Now whether you mark a folder as untrusted through the tool or by >> editing the rule lists by hand, the daemon will get the memo and mark >> things accordingly. No need to restart it manually anymore :) > >> * Stop using a separate thread for batching processes > >> Before we would spawn a separate thread that waited an arbitrary amount >> of seconds for new untrusted files to appear on the system and mark them >> as untrusted en masse. Starting up and shutting down the python cli tool >> for every single new untrusted file was very resource intensive, so >> instead we fed it up to 500 files, then shut it down when it was finished. > >> However, spawning an extra thread just to control batching was not only >> more resource intensive, but made the program logic more fragile. The >> less threads one has to worry about, the better. > >> Thus, the logic for batching is now based on the cli tool itself. As we >> send a batch off for python to process, we begin collecting the next >> batch. Once python has finished, we immediately send it the next list of >> files. This not only is quicker and more efficient, but removes the need >> for an extra process all at once! > > >> I'd like to ask for another review from either Marek or Jean-Philippe >> whenever they are free, so we can finally move forward with integrating >> the code. In the mean time, I'll be cleaning up and adding new unit test >> cases, to ensure things are rock-solid before its merged in. > >> https://github.com/anoadragon453/qubes-file-trust > > Thanks for the update! > > What is the status of upstreaming nautilus patch? > >
Last time I talked to the Nautilus folks they had the idea of eliminating Nautilus extensions all together :l They argued that they were unlikely to accept it as their goal with Nautilus was to convert it to sitting inside their Flatpak sandbox, and they would not give it (or extensions) arbitrary code execution anymore, and they seemed to leave it at that. I'm not sure if they plan to introduce a replacement for the current extension system, or how long overhauling it would take, but they said they would not take any improvements to extensions during that period. Otherwise, I've separated the commit into a .patch file for both Nautilus and Nautilus-extensions, so it should be easy to apply to updated versions of the app while the extension code still exists. Those patch files are sitting at the bottom of the following repos: https://github.com/anoadragon453/qubes-nautilus-trust https://github.com/anoadragon453/qubes-nautilus-python-trust Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/orn6hi%247mt%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
