GSoC week #4 and #5, with screencast

[Update]: since the video on youtube still look like crap ( 😦 ), I’ve re-uploaded the video on and embedded from it.

Two weeks are gone without blogging, and now it’s time to show to the Planet the progess I made during this weeks with my GSoC project.

During week #4 I was somewhat busy with a College exam, however I performed a lot of fixes to the Authentication API, and got lots of headaches because of the qca-gnupg, again :\

Basically, when calling the startVerify(QByteArray &detachedSig) function, it randomly hangs, causing the library to freeze ( and thus the application too). After struggling a lot on the possible reasons, I noticed that the gpg process spawned by qca sometimes didn’t end, causing the issue. I wrote in the QCA mailing list, where I sent some feedbacks about what’s happened, but the problem doesn’t seems to be easily fixable. So, in the meantime, I wrote an other workaround to launch gpg with aΒ  KProcess and parse its output, until the patch is released.

During week #5 I started to deeply integrate the authentication library into the widget explorer. When I made this screenshot, I basically setted a fixed TrustLevel for each scirpted plasmoid, as well for the rating icons, to test how these new informations will look once merged with the usual UI. Now, instead, the ratings are retrieved by verifying each plasmoid against its signature, if any, and the informations about the signer are showed in the tooltip. Moreover, compared to the screenshot I linked above, the icons which represents the rating and running plasmoid are now better placed in the layout, in order to save space on the bottom of the Plasma widget explorer.

Oh well, stop talking now, and let’s see the video I made πŸ™‚
[ ?posts_id=3835218&dest=-1]

.ogv version

Urghh, seems like Youtube is taking a lot to process my video…If tomorrow the condition is the same, I’ll re-upload on .

About Naruto chapter 499

Oh well, this is my very first post where I’m talking about my passion for mangas, especially for the Naruto and PGE series πŸ™‚

However, as the last Naruto chapter _really_ amazed me like I’ve never felt since the chapters 439/440, I want to share my personal collection of thoughts about that.
Warning: don’t read this post unless you are up to date with Naruto, otherwise /epicspoils will occur!
Continue reading

GSoC week #3 && Heya PlanetKDE :)

The fourth week of Summer of Code started today: it’s time, as usual, to talk about the progress I made during the last week.

However, since this is my first post on PlanetKDE too, I’ll spend a couple of lines to introduce myself. I’m Diego Casella, a 24 years student inΒ  Engineering at the University of Padova ( major in Control Theory). In the 2009 edition of the GSoC I worked with Yuen Hoe and Shantanu within the PlasMate project and this year, inspired by some remarks about it, I’m developing an authentication library for plasmoids taking advantage of the QCA framework. A library on its own is not much useful of course, so I’m going to improve the Plasma widget explorer, its GHNS download widget and PlasMate as well in order to close the circle πŸ™‚

The authentication library itself is not much complicate: it keeps track, loads and monitors for changes on the keys saved in the user PGP keyring, plus it adds the public keys shipped with KDE. It performs a subdivision of the keys according with their trust level and provides a method – signedByKey()- to easily test if the plasmoid and signature file passed as parameter to the function, has been signed with the key provided. In the public API, all the keys are referenced by their unique string ID, without showing the presence of the QCA framework under the hood.

After this brief introduction, let’s talk about what I did this last week: except fixing some issues on the library, I was (actually I _am_) still waiting for a response from the QCA developer about an API change I need to complete the library. So I decided to move forward, and I started playing with the widget explorer in order to show properly the new informations about the trust level of the scripted plasmoids found in the computer. This is the result I achieved:

Widgets Explorer

As you can see, under the plasmoid name there are a number of stars corresponding to its trust level; for detailed informations about the signer and the trust level, the tooltip has been improved too πŸ™‚

However, I’m not really satisfied of this implementation: look at the amount of space wasted between the plasmoids names and the bottom of the widget due to a single scripted plasmoid. That’s why I’m considering to paint the rating starting from the bottom left corner of the plasmoid icon, and move the dialog-ok icon (used to advise that the current plasmoid is running) on the upper right corner in order to save space.

Oh well, that’s all for now. Stay tuned πŸ™‚

GSoC week#2

This week I improved the authentication library I began writing the previous week: more precisely, I’ve implemented the method responsible to verify the signature against the ID of the key passed as parameter, moved the key IDs from five QStringList objetcs to a single QMap< TrustLevel, QList< QCA::SecureArray > > object which reduces a little the lines of code and, more important,Β  increases its storage security.

However, I had a unhappy surprise when testing the library during this week: seems like the PGPKey class, which is widely used to load/save the keys from the local keystore, as well to verify the signature, lacks of a method call to retrieve all the IDs that signed the current key O.o

Is this method that essential for my library? Absolutely. Since I have to split the keys by their level of trust, first I save the KDE IDs, then I have to iterate all the PGPKeys remaining, and look if they are signed by a KDE key: these keys will build the second level of trust. Then, the library will load the user’s private key, and whose keys will create the user trusted keys; since we want to provide a certain degree of freedom on trustlevel, the user can also sign the keys he personally trusts, so here it is an other relationships check on the keys not processed yet. As you can see, I need to know which keys signed an other, so I spent some time on exploring the sourcecode of the GnuPG plugin to find out what went wrong, and I discovered that first, the API doesn’t expose that kind of call, and second, that the plugin doesn’t call the gpg command switches –list-signs or –check-signs at all! So I wrote to the QCA mantainer about my problem, and now we’re discussing about the implementation details on their mailinglist. My only hope is that they won’t take that much to implement this feature, I’ve got my first deadline in about one month, afterall!

Well, this is a brief summary of what I did on this second week of GSoC, stay tuned !

QMap< TrustLevel, QList< QCA::SecureArray > >