-
-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
device identity #614
base: main
Are you sure you want to change the base?
device identity #614
Conversation
Can you drop commits adding gui, instead of adding+removing gui? the PR is quite big already... |
we might need to ask to attach rest
349e2de
to
3d3a72a
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #614 +/- ##
==========================================
+ Coverage 69.33% 69.45% +0.12%
==========================================
Files 58 58
Lines 11946 12275 +329
==========================================
+ Hits 8283 8526 +243
- Misses 3663 3749 +86
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one thing noticed so far (not a full review yet)
def confirm_device_attachment(device, frontends) -> str: | ||
try: | ||
# pylint: disable=consider-using-with | ||
proc = subprocess.Popen( | ||
["attach-confirm", device.backend_domain.name, | ||
device.port_id, device.description, | ||
*[f.name for f in frontends.keys()]], | ||
stdout=subprocess.PIPE, stderr=subprocess.PIPE | ||
) | ||
(target_name, _) = proc.communicate() | ||
return target_name.decode() | ||
except Exception as exc: | ||
print("attach-confirm", exc, file=sys.stderr) | ||
return "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a few problems with this function:
- It must be async, since it may block for some time, and it's not acceptable to block the whole qubesd for this time. In fact, attach-confirm probably won't work this way at all if it tries to talk to qubesd, since it's blocked on waiting for attach-confirm...
- subprocess.Popen -> asyncio variant
- The tool name is IMO too generic for a tool in a common /usr/bin/
- The tool belongs to desktop-linux-manager repo, which looks like a layering violation - dom0 code should also work without any of the GUI frontends installed in dom0.
- Extension of the above: this also will need adjustment to the GUI domain threat model: verify the response is one of allowed ones (on the
frontends
list?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see the code of attach-confirm
already is async. Maybe simply put its code here, instead of calling external program? It means you will need to keep the params
dict format in sync, but changes there needs to be done in compatible way anyway (due to the GUI domain case, where both ends may be updated independently). Plus, you won't need to make external get_system_info()
call, as by running inside qubesd you already have all the info here.
implements: QubesOS/qubes-issues/issues/9325