Thoughts about this Summer of Code :)

Yesterday I was thinking about my whole GSoC and what I learned and did during this period and, regardless the evaluation that Aaron will fill about my work, I must admit that this year I’m very excited about what I’ve done 😀

In fact, during these months, I :

  • learned the QCA framework, and wrote the authentication library on the top of it;
  • got in touch with their developers, and asked them for improvements;
  • recognized QCA limitations, took the decision to move to the GpgME++ library, learned it, and ported the authentication library to this new library;
  • debated with the open-collaboration-service guys both at #ghns and on their mailing list about adding gpg support;
  • took part in the drafting of the new Open Collaboration Service API;
  • learned how the Attica library works, and modified it in order to make it work with the testerver they put online;
  • improved the KNewStuff3 library to retrieve, process and show the authentication informations.

Compared with the last year, when  I worked on PlasMate, this year I really enjoyed my gsoc, had a lot of fun and met great people.

That’s why I want to thank Aaron for begin my mentor, Frederik Gladhorn and Frank Karlitschek  for our talks about the open collaboration draft and their help with the testserver, Marc Mutz for his help on the GpgME++ library, Justin Karneges for his support with QCA, and Pinotree for his advices 😉

Authentication framework: closing the circle (+ screencast)

As I promised more than a week ago, today I’ll show you the progress done with the authentication framework, starting with signing a plasmoid with PlasMate, uploading that plasmoid and its signature to within PlasMate, and retrieve it with the Widget Explorer  “Download widget dialog”.

Originally, I planned to show a more detailed screencast but, for an unfortunate serie of events, I started playing on a full functional opendesktop testserver just yesterday afternoon. However here it is the screencast, splitted in two pieces. Alas, I noticed too late that the screencast took so much time (the first part lasts about 14 minutes O.o, but you can skip the last 7 minutes because I’m repeatedly signing and sending some plasmoids on the server to show later the authentication process).  By the way, I hope you’ll enjoy these videos:

Part 1 (.ogv version):

[ ?posts_id=4019829&dest=-1]

Part 2 (.ogv version):

[ ?posts_id=4019854&dest=-1]

Cool, isn’t it? 🙂

However, this is only the beginning: as I mentioned in my previous post, the KNewStuff maintainer (fregl) wants to extend that authenticatiom mechanism for every package exchanged with KNS, so I need to move the library from plasma libs to a more suitable place (perhaps kdelibs?). There is some work to do also in the Attica library, because the opendesktop specification describes multiple signatures and fingerprints (because of the collaboration stuff), and I did only a basic implementation in order to see if everything worked as expected. The KNewStuff3 download dialog needs some love too, because the detailed up to now shows only a string with the signer name and the trust level for each plasmoid; I didn’t implemented a widget with start ratings for the following reasons:

  • there is already a starred rating widget, used for the users rating:  showing two widgets with different star ratings will confuse the user in my opinion, so I opted for visualizing a simple text ;
  • lack of time 😛

The grid view is even more complex, because the same informations are condensed in less space, so I need to figure out how to show in a proper way also the authentication information.

PlasMate needs a lot of love too, and I realized it when playing on its code again; perhaps, after this summer of code, I’ll start on rewriting its internals and clean up the code.

That’s all, for now. Stay tuned 😉

[GSoC] Authentication framework progress

Heya Planet,
It’s been a while since my last post about my GSoC projetc and, since there is one week left before the suggested pencil down date, it’s time to summarize what I’ve done in these weeks.
First of all, I’m proud to announce that PlasMate now is able to sign the plasmoids made within it, and install/export them (plasmoid+signature) successfully; thanks a lot to Mark Mutz that helped me to find out where I was wrong 😉
Now, about KNewStuff3: unfortunately, I discovered that signature upload/download wasn’t implemented yet1 , oppositely what I’ve been told. However, joining the #ghns channel and the open-collaboration-services mailing list, I met very enthusiastic and friendly people. We discussed a lot about exending the current protocol to support gpg signature and turned out that, in the current OCS draft, they already inserted a basical gpp specification. So we exchanged our opinions and informations, and finally the gpg signature support is well-defined!
But wait, there is even more! Talking with fregl, he told me that the authentication framework I’m building could be used inside KNewStuff3 to provide an authentication mechanism for _every_ package sent/received, instead of limit its use to plasmoids. I don’t know why I didn’t think about it from the beginning, because it’s really an awesome idea!
Think about it: you’ll be able to download plasmoids, plasma themes, kopete themes, new comics for your comic plasmoid, amarok plugins, and tons of other extensions for your favourite app, and you’ll be notified about their trust level at the same time 😀
This excited me so much that I modified the library again, introducing a new level of trust to give the user a finer control over the authentication mechanism, and I’ve also made available the possibility to specify a custom keystore when creating a new instance of the class, allowing to have different keyrings for different applications (however, I’m not still 100% convinced about this feature).
By the way, things are really evolving good!
See you the next week, I’m thinking about making a cool screencast about all this stuff 😉


1: The mantainer explained his reasons, and he was totally right, because the only app that used gpg auth was Quanta, back in the old times; so he opted to keep a clean and compact api.