Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-28 00:39:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add new ideas for GSoC 2019, drop outdated/completed

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2019-02-06 14:37:30 +01:00
parent 1e0425cacc
commit 5b6c5dd504
No known key found for this signature in database
GPG Key ID: F32894BE9684938A
1 changed files with 83 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
basics_dev/gsoc.md
View File

@ -143,31 +143,72 @@ would override all the user changes there). More details:
**Mentor**: [Marek Marczykowski-Górecki](/team/)
### Easy inter-VM networking configuration
### USB passthrough to Windows qubes
**Project**: Easy inter-VM networking configuration
**Project**: USB passthrough to Windows qubes
**Brief explanation**: Utility to easily configure selected VMs to be reachable (by network) from other VMs or outside network. Currently such configuration require adding iptables rules in multiple VMs manually. For exposing VM to outside network, it may be good to adopt qrexec-based TCP forwarding ([#2148](https://github.com/QubesOS/qubes-issues/issues/2148)).
**Brief explanation**: Add ability to use individual USB devices in Windows qubes. Right now the only option to do that, is to assign the whole USB controller (PCI device), which applies to all the devices connected to it. USB passthrough on Qubes is based on USBIP project, with transport over qrexec instead of TCP/IP.
**Expected results**:
- support firewall rules for inter-VM traffic in qubes-firewall - both VM side (qubes-firewall service) and dom0 configuration side (relevant Admin API calls)
- mechanism for configuring firewall in target VM, especially INPUT iptables chain - currently it is hardcoded to drop new incoming connections
- convenient tool (or modification to existing tool) for controlling above mechanisms
- integration the above with existing GUI tools (especially VM settings)
Relevant links:
- [Qubes networking and firewall documentation](/doc/firewall/)
- [qubes-firewall service code](https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubesagent/firewall.py)
- Evaluate possible approaches (including flexibility, compatibility and performance), suggested ideas:
- use [USBIP for Windows](https://github.com/cezuni/usbip-win) and make it work with qrexec - similar as done for Linux
- use qrexec+USBIP in Linux-based stubdomain and plug it into USB emulation in qemu
- Choose one approach, write (very simple) design documentation
- Write relevant new code (applies mostly for usbip-win case)
- Plug the mechanism into Qubes core toolstack ([Devices API](https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-devices.html))
**Knowledge prerequisite**:
- iptables
- basics of nft
- python3
- basic USB architecture knowledge (buses, devices, interfaces, functions)
- Python and Bash scripting
- C
- Windows USB stack and/or qemu USB stack
**Mentor**: [Marek Marczykowski-Górecki](/team/)
### Dedicated Audio qube
**Project**: Dedicated Audio qube
**Brief explanation**: Moving audio subsystem from dom0 to a dedicated AudioVM and/or a preexisting VM (e.g sys-usb with attached usb audio device). This would allow using USB audio devices system-wide, without leaving a USB controller in dom0. [Relevant github issue](https://github.com/QubesOS/qubes-issues/issues/1590).
**Expected results**:
- Make audio virtualization components work with non-dom0 backend (in short: add configuration option for the backend, instead of assuming "dom0")
- Possibly per-qube setting what should be used as an AudioVM
- Make other audio-related tools work with the new setup, especially enabling/disabling microphone (`qvm-device mic`) and volume control.
**Knowledge prerequisite**:
- Pulseaudio
- C
- Python
**Mentor**: [Marek Marczykowski-Górecki](/team/)
### Qubes as a Vagrant provider
**Project**: Qubes as a Vagrant provider
**Brief explanation**: Currently using Vagrant on Qubes requires finding an image that uses Docker as isolation provider and running Docker in a qube, or downloading the Vagrantfile and manually setting up a qube according to the Vagrantfile. This project aims at simplifying this workflow. Since introduction of Admin API, it's possible for a qube to provision another qube - which is exactly what is needed for Vagrant. [Related discussion](https://groups.google.com/d/msgid/qubes-devel/535299ca-d16a-4a70-8223-a4ac6be4be41%40googlegroups.com)
**Expected results**:
- Design how Vagrant Qubes provider should look like, including:
- [box format](https://www.vagrantup.com/docs/plugins/providers.html#box-format)
- method for running commands inside (ssh vs qvm-run)
- Write a Vagrant provider able to create/start/stop/etc a VM
- Document how to configure and use the provider, including required qrexec policy changes and possibly firewall rules
- Write integration tests
**Knowledge prerequisite**:
- Ruby
- Vagrant concepts
**Mentor**: [Wojtek Porczyk](/team/), [Marek Marczykowski-Górecki](/team/)
### Mechanism for maintaining in-VM configuration
**Project**: Mechanism for maintaining in-VM configuration
@ -186,7 +227,7 @@ Relevant links:
- shell and/or python scripting
- Qubes OS qrexec services
**Mentor**: [Marek Marczykowski-Górecki](/team/), [Wojtek Porczyk](/team/).
**Mentor**: [Frédéric Pierret](/team/)
### Wayland support in GUI agent and/or GUI daemon
@ -253,7 +294,7 @@ details: [#1552](https://github.com/QubesOS/qubes-issues/issues/1552),
- Python and Bash scripting
- Filesystems and block devices: loop devices, device-mapper, tmpfs, overlayfs, sparse files.
**Mentor**: [Marek Marczykowski-Górecki](/team/)
**Mentor**: [Frédéric Pierret](/team/)
### Unikernel-based firewallvm with Qubes firewall settings support
@ -271,32 +312,6 @@ details: [#1552](https://github.com/QubesOS/qubes-issues/issues/1552),
**Mentor**: [Thomas Leonard](mailto:talex5@gmail.com), [Marek Marczykowski-Górecki](/team/)
### Thunderbird, Firefox and Chrome extensions
**Project**: additional Thunderbird, Firefox and Chrome extensions
**Brief explanation**:
* browser/mail: open link in vm
* browser/mail: open link in dispvm
* browser: save destination to vm
* mail: add whitelisted senders option (address-based and signing key-based) [#845](https://github.com/QubesOS/qubes-issues/issues/845)
**Expected results**:
- Extend existing Thunderbird extension to decide on action (where to open/save attachments) based on message sender - recognized as email address, or signing key
- Add Firefox extension to open links in DisposableVM / selected VM (right-click option and a default action for not-whitelisted URLs/domains)
- The same for Chrome
- Add tests for above enhancements
- Update user documentation
**Knowledge prerequisite**:
- writing Thunderbird/Firefox extensions (XUL, javascript)
- writing Chrome extensions (javascript)
**Mentor**: Inquire on [qubes-devel][ml-devel].
### LogVM(s)
**Project**: LogVM(s)
@ -326,7 +341,7 @@ immune to altering past entries. See
- systemd
- Python/Bash scripting
**Mentor**: [Marek Marczykowski-Górecki](/team/)
**Mentor**: [Frédéric Pierret](/team/)
### Xen GPU pass-through for Intel integrated GPUs
**Project**: Xen GPU pass-through for Intel integrated GPUs (largely independent of Qubes)
@ -415,6 +430,30 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618).
**Mentor**: [Rafał Wojdyła](/team/)
### Unattended Windows installation
**Project**: Unattended Windows installation
**Brief explanation**: Simplify Windows usage by providing a tool that perform unattended installation given required input data (installation image, license key, user name, etc). Similar feature is already supported in other virtualization solutions, including VMWare Workstation and VirtualBox. [Related github issue](https://github.com/QubesOS/qubes-issues/issues/4688).
**Expected results**:
- A template for `autounattended.xml` file for Windows installer - the template should have placeholders for settings that need to be provided by the user.
- A tool for generating actual `autounattended.xml` file based on the template and user settings.
- A tool for launching Windows installation, given installation image and `autounattended.xml` file (can be the same as in the above point).
- (Optional) Unattended installation should also include Qubes Windows Tools.
- (Optional) A tool should be able to use Windows license embedded in ACPI tables - [related discussion](https://groups.google.com/d/msgid/qubes-devel/0b7fabae-f843-e7ce-40cf-193326cecdb0%40zrubi.hu)
- User documentation
- Automated tests (unit tests, integration tests)
**Knowledge prerequisite**:
- Python scripting
- Linux administration, including handling loop devices, partition tables, filesystems etc
- For optional features, C language and x86 architecture (ACPI tables)
**Mentor**: [Rafał Wojdyła](/team/), [Marek Marczykowski-Górecki](/team/)
### GNOME support in dom0 / GUI VM
**Project**: GNOME support in dom0
@ -449,7 +488,7 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618).
- C language (patching metacity)
- Probably also javascript - for modifying GNOME shell extensions
**Mentor**: [Marek Marczykowski-Górecki](/team/)
**Mentor**: [Frédéric Pierret](/team/), [Marek Marczykowski-Górecki](/team/)
### Generalize the Qubes PDF Converter to other types of files