device identity

[piotrbartman]

implements: QubesOS/qubes-issues/issues/9325

[marmarek]

Can you drop commits adding gui, instead of adding+removing gui? the PR is quite big already...

[codecov]

Codecov Report

Attention: Patch coverage is 76.32450% with 143 lines in your changes missing coverage. Please review.

Project coverage is 69.45%. Comparing base (68070df) to head (65f14db).

Files with missing lines	Patch %	Lines
qubes/device_protocol.py	77.74%	77 Missing ⚠️
qubes/ext/admin.py	20.83%	19 Missing ⚠️
qubes/ext/block.py	81.03%	11 Missing ⚠️
qubes/vm/__init__.py	62.96%	10 Missing ⚠️
qubes/ext/pci.py	60.86%	9 Missing ⚠️
qubes/devices.py	85.36%	6 Missing ⚠️
qubes/vm/qubesvm.py	0.00%	5 Missing ⚠️
qubes/api/admin.py	91.42%	3 Missing ⚠️
qubes/ext/utils.py	93.33%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #614      +/-   ##
==========================================
+ Coverage   69.33%   69.45%   +0.12%     
==========================================
  Files          58       58              
  Lines       11946    12275     +329     
==========================================
+ Hits         8283     8526     +243     
- Misses       3663     3749      +86     

Flag	Coverage Δ
unittests	69.45% <76.32%> (+0.12%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[marmarek]

Just one thing noticed so far (not a full review yet)

[marmarek]

There are a few problems with this function:

1. It must be async, since it may block for some time, and it's not acceptable to block the whole qubesd for this time. In fact, attach-confirm probably won't work this way at all if it tries to talk to qubesd, since it's blocked on waiting for attach-confirm...
2. subprocess.Popen -> asyncio variant
3. The tool name is IMO too generic for a tool in a common /usr/bin/
4. The tool belongs to desktop-linux-manager repo, which looks like a layering violation - dom0 code should also work without any of the GUI frontends installed in dom0.
5. Extension of the above: this also will need adjustment to the GUI domain threat model: verify the response is one of allowed ones (on the frontends list?)

[marmarek]

I see the code of attach-confirm already is async. Maybe simply put its code here, instead of calling external program? It means you will need to keep the params dict format in sync, but changes there needs to be done in compatible way anyway (due to the GUI domain case, where both ends may be updated independently). Plus, you won't need to make external get_system_info() call, as by running inside qubesd you already have all the info here.