On Sunday, March 29, 2020 10:37 PM, WillyPillow <w...@nerde.pw> wrote:
> On Sunday, March 29, 2020 9:07 PM, donoban dono...@riseup.net wrote: > > > On 2020-03-29 14:55, unman wrote: > > > > > What you mean with Template manager? If you refer to the > > > > "Template Manager" integrated with Qubes Manager, I am working on > > > > a rewrite of Qube Manager using QT model/view which simplifies > > > > things like multiple row selection [1]. > > > > Currently it supports multiple VM's selection and > > > > start/stop/remove/etc... options. I think that It should be easy > > > > to integrate a Template change option in context menu and make > > > > the current Template Manager obsolete. This way you could select > > > > some halted VM's directly in Qube Manager, right click and choose > > > > "Change Template", see submenu of available templates and select > > > > the desired one . > > > > I hope to finish the pull request soon (it delayed too long :/ > > > > ). > > > > [1] https://github.com/QubesOS/qubes-manager/pull/195 > > > > I think this is more about maintaining, updating, and distributing > > > the available templates, than applying those to qubes, which is > > > what you are talking about. It's a difficult topic but worth > > > pursuing. > > > Oh I see. Definitively a separated window where add, remove and > > upgrade templates will improve Qubes usability. > > Hi. > > Indeed, I meant what unman was talking about. Thanks for helping me clarify > that :) > > --WillyPillow > > > https://blog.nerde.pw/ > > PGP fingerprint = 6CCF 3FC7 32AC 9D83 D154 217F 1C16 C70E E7C3 1C84 > > Protonmail PGP = D02D CEFF ACE5 5A7B FF5D 871E 4004 1CB1 F52B 127E > > -- Hi. The following is a draft for my proposal to GSoC 2020 regarding templates. Feedback and critique are greatly appreciated. (I apologize terribly for sending this so late. TBH I did not realize that Qubes was in GSoC until very recently :/) # Introduction This is a project intended to improve template handling in Qubes OS. Currently, images of template VMs are distributed by RPM packages and managed by `yum`/`dnf`. However, tracking inherently dynamic VM images with a package manager that is suited for tracking static files creates some challenges. For example, users may accidentally update the images, overriding local changes (#996, #1647). (Or in the case of #2061, want to specifically override the changes.) Other operations that work well on non-RPM template VMs are also somewhat inconsistent on RPM-managed templates, such as renaming (#839), removing (#5509) and backup/restore (#1385, #1453, [1], [2]), creating inconvenience and confusion for users (#1403, #4518). In addition to the distribution mechanism, users may also wish to have an integrated template management application for better UX (#2062, #2064, #2534, #3040), as opposed to the current situation where multiple programs are required for different purposes, e.g., `qubes-dom0-update`, `dnf`, `qvm-remove`, `qubes-manager`. To tackle these issues, I propose i) designing a better mechanism for handling template installation, and ii) creating a user-facing application to deal with the aforementioned mechanism and other template-related configuration, consolidating the management of templates. [1]: https://groups.google.com/forum/#!topic/qubes-devel/rwc2_miCNNE/discussion [2]: https://groups.google.com/forum/#!topic/qubes-users/uQEUpv4THsY/discussion # Project goals * Design a template distribution/handling mechanism * Extracting and handling `root.img` from RPMs * Template management application * CLI/GUI * Features: * List available templates * Download / install / reinstall / update / remove templates * Switch VMs to certain templates * Possibly other features mentioned in issues such as #2062, #2064, #2534, and #3040 * Ability to run outside of dom0 (UI for #1705) # Implementation The consensus among the developers seems to be that sticking with RPM but not installing the package directly is a better idea [3][3.1], which I agree with, in part because handling package integrity is a bit non-trivial and may lead to security issues (c.f. QSB-028 [3.2]). Installed template versions can be kept either in a separate database or the metadata of the template VM. Alternatively, it is possible to keep the version number in the template name, with the benefit that multiple versions of the same template can be installed at the same time. The extraction and verification of template packages can be done in DispVMs if necessary. After extracting the `root.img`, it remains to install it via a process similar to the post-processing script in `linux-template-builder/templates.spec`, which mainly consists of calling `qvm-template-postprocess`. The application can be written in Python to take advantage of APIs such as `qubes-core-admin` and `qubes-core-admin-client`. Also, the application can be consolidated with the existing Template Manager in `qubes-manager`. Using the Admin API, it should be possible to use the tool outside of dom0, making the management VM scenario mentioned in the Admin API post [4] even easier. [3]: https://github.com/QubesOS/qubes-issues/issues/2534#issuecomment-453749075 [3.1]: https://github.com/QubesOS/qubes-issues/issues/2064#issue-159825365 [3.2]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-028-2016.txt [4]: https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/ # Timeline This project will very likely be my main focus for the summer. There may be some ICPC-training-related events at the end of August, but I do not expect it to interfere with my schedule much. I am familiar with the mailing lists and am willing to report back my progress via email regularly. * Now ~ June 2 (Week [-oo, 0]): * Installation of Qubes on daily driver laptop * Previous experiences with Qubes were on my desktop, which I now rarely use * Familiarize myself with the related codebase and the Admin API * Familiarize myself with PyQt / PyGTK * Attempt trivial contributions and bug fixes to Qubes * Week [1, 2]: * Proposal amendments & draft designs & initial version of the design document * Week 3: * Initial CLI program with support for already-downloaded RPMs * Week [4, 5]: * Initial implementation of other features in the *Goals* section above * Week [6, 7]: * Initial GUI implementation * Week 8: * Buffer & clean up * Week [9, 10]: * Documentation * Week [11, 12]: * Additional features # About me I am an undergrad (sophomore) studying Computer Science at National Taiwan University. I have been a proud user of Qubes OS since around 2015~2016 (also played with `qubes-builder` to build kernels with NIC-related patches at that time), and have experience both on the mailing lists and the `qubes-issues` tracker. Moreover, I have written some (albeit simple) blog posts about Qubes OS, such as <https://blog.nerde.pw/2017/02/06/freenet-on-qubes.html>. While I do not have direct code contributions to Qubes (yet), my contributions to other OSS projects can be found under my Github/Gitlab profile @WillyPillow [5][6]. [5]: https://github.com/WillyPillow/ [6]: https://gitlab.com/WillyPillow/ I have more than 8 years of programming and Linux experience. Language-wise, I am familiar with C++ and Python (among other languages). Besides, being a bit of a data-hoarder, I am somewhat familiar with storage-related topics such as LVM. I am also familiar with mailing lists and tools like Git. I consider myself a quick learner and can pick up stuff pretty well as I go. Timezone-wise, being someone who takes part in online competitive programming contests, I am fairly okay with adjusting my schedule to accommodate for events in other time zones. While my native language is Mandarin Chinese, I have lived in the US for some while, and have experience with English-speaking online communities in general, so communication should not be an issue. Since Qubes is the sole reason I am applying to GSoC this year, I do not plan to submit proposals to other organizations. Qubes OS is a project that I have always been quite interested in, and I hope I can have the opportunity to work with the team on this project. # Contact <w...@nerde.pw> Thanks. --William Huang / WillyPillow > https://blog.nerde.pw/ > > PGP fingerprint = 6CCF 3FC7 32AC 9D83 D154 217F 1C16 C70E E7C3 1C84 > > Protonmail PGP = D02D CEFF ACE5 5A7B FF5D 871E 4004 1CB1 F52B 127E -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/4_h8vfJ2OtTqx3K_Ej_brbx2ezmHHib4hVRTPD715QzKvOgXE3YgOlvGIvZW42mTZXxud3LGatltVugvKxNBznNbCKwPMzGz_7kAGd_N9H4%3D%40nerde.pw.
publickey - wp@nerde.pw - 0xD02DCEFF.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature