Qubes OS GSoC 2020 Proposal

Introduction

This is a project intended to improve template handling in Qubes OS. Currently, images of template VMs are distributed by RPM packages and managed by yum/dnf. However, tracking inherently dynamic VM images with a package manager that is suited for tracking static files creates some challenges. For example, users may accidentally update the images, overriding local changes (#996, #1647). (Or in the case of #2061, want to specifically override the changes.) Other operations that work well on non-RPM template VMs are also somewhat inconsistent on RPM-managed templates, such as renaming (#839), removing (#5509) and backup/restore (#1385, #1453, 1, 2), creating inconvenience and confusion for users (#1403, #4518).

In addition to the distribution mechanism, users may also wish to have an integrated template management application for better UX (#2062, #2064, #2534, #3040), as opposed to the current situation where multiple programs are required for different purposes, e.g., qubes-dom0-update, dnf, qvm-remove, qubes-manager.

To tackle these issues, I propose i) designing a better mechanism for handling template installation, and ii) creating a user-facing application to deal with the aforementioned mechanism and other template-related configuration, consolidating the management of templates.

Project goals

  • Design a template distribution/handling mechanism
    • Extracting and handling root.img from RPMs
  • Template management application
    • CLI/GUI
    • Features:
      • List available templates
      • Download / install / reinstall / update / remove templates
      • Switch VMs to certain templates
      • Possibly other features mentioned in issues such as #2062, #2064, #2534, and #3040
      • Ability to run outside of dom0 (UI for #1705)

Implementation

The consensus among the developers seems to be that sticking with RPM but not installing the package directly is a better idea 3, which I agree with, in part because handling package integrity is a bit non-trivial and may lead to security issues (c.f. QSB-028 3.2).

Installed template versions can be kept either in a separate database or the metadata of the template VM. Alternatively, it is possible to keep the version number in the template name, with the benefit that multiple versions of the same template can be installed at the same time.

The extraction and verification of template packages can be done in DispVMs if necessary.

After extracting the root.img, it remains to install it via a process similar to the post-processing script in linux-template-builder/templates.spec, which mainly consists of calling qvm-template-postprocess.

The application can be written in Python to take advantage of APIs such as qubes-core-admin and qubes-core-admin-client. Also, the application can be consolidated with the existing Template Manager in qubes-manager.

Using the Admin API, it should be possible to use the tool outside of dom0, making the management VM scenario mentioned in the Admin API post 4 even easier.

Timeline

This project will very likely be my main focus for the summer. There may be some ICPC-training-related events at the end of August, but I do not expect it to interfere with my schedule much.

I am familiar with the mailing lists and am willing to report back my progress via email regularly.

  • Now ~ June 2 (Week [-oo, 0]):
    • Installation of Qubes on daily driver laptop
      • Previous experiences with Qubes were on my desktop, which I now rarely use
    • Familiarize myself with the related codebase and the Admin API
    • Familiarize myself with PyQt / PyGTK
    • Attempt trivial contributions and bug fixes to Qubes
  • Week [1, 2]:
    • Proposal amendments & draft designs & initial version of the design document
  • Week 3:
    • Initial CLI program with support for already-downloaded RPMs
  • Week [4, 5]:
    • Initial implementation of other features in the Goals section above
  • Week [6, 7]:
    • Initial GUI implementation
  • Week 8:
    • Buffer & clean up
  • Week [9, 10]:
    • Documentation
  • Week [11, 12]:
    • Additional features

About me

I am an undergrad (sophomore) studying Computer Science at National Taiwan University. I have been a proud user of Qubes OS since around 2015~2016 (also played with qubes-builder to build kernels with NIC-related patches at that time), and have experience both on the mailing lists and the qubes-issues tracker. Moreover, I have written some (albeit simple) blog posts about Qubes OS, such as https://blog.nerde.pw/2017/02/06/freenet-on-qubes.html. While I do not have direct code contributions to Qubes (yet), my contributions to other OSS projects can be found under my Github/Gitlab profile @WillyPillow 5.

I have more than 8 years of programming and Linux experience. Language-wise, I am familiar with C++ and Python (among other languages). Besides, being a bit of a data-hoarder, I am somewhat familiar with storage-related topics such as LVM. I am also familiar with mailing lists and tools like Git. I consider myself a quick learner and can pick up stuff pretty well as I go.

Timezone-wise, being someone who takes part in online competitive programming contests, I am fairly okay with adjusting my schedule to accommodate for events in other time zones.

While my native language is Mandarin Chinese, I have lived in the US for some while, and have experience with English-speaking online communities in general, so communication should not be an issue.

Since Qubes is the sole reason I am applying to GSoC this year, I do not plan to submit proposals to other organizations.

Qubes OS is a project that I have always been quite interested in, and I hope I can have the opportunity to work with the team on this project.

Contact

wp@nerde.pw

Select a repo