Compare commits

..

4 Commits

Author SHA1 Message Date
67189f34c6 gui: main: Make sandboxing work on kernels without landlock
Those are still around of course, so deal with that
2022-06-06 22:16:36 +02:00
fac6ed1853 Release: v0.1 2022-06-06 17:44:51 +02:00
ae2097fe6a HACKING.md: Fix broken link 2022-06-06 17:44:51 +02:00
9e3d3b1dd4 Begin CHANGELOG.md 2022-06-06 17:26:14 +02:00
4 changed files with 42 additions and 9 deletions

29
CHANGELOG.md Normal file
View File

@ -0,0 +1,29 @@
# looqs: Release notes
## 2022-06-06 - v0.1
The first release comes with basic functionality. It's a start that can be considered useful to some degree.
looqs is still at an early stage and may exhibit some weirdness and contain bugs.
Tested architectures: amd64.
CHANGES:
- CLI command "looqs" to add/update/delete and search
- GUI: "looqs-gui" to search, render previews, and add files to index
- General: Add multi-threaded indexing of all files (paths, mtime)
- General: Generate sqlite based full-text search index for: .pdf,.odt,.ods, text files
- General: Sandboxed content processing
- GUI: Sandboxed IPC sub-process to render previews.
- GUI: Add previews for pdf: Render the page the search keywords were found. Highlight the keywords when rendering the page.
- GUI: Add previews for plaintext files: Extract snippets. Highlight the keywords when rendering the page.
- General: Add basic filters for query.
- GUI: Add icon. Special thanks to the following sources:
https://www.svgrepo.com/svg/151751/magnifier-with-small-handle
https://www.svgrepo.com/svg/52764/open-book
Thanks!
- General: Documentation.
- Add packages: Ubuntu 21.10, 22.04
Thanks to all those who provided feedback (and endured bugs) at various stages. You know who you are, thx!

View File

@ -5,22 +5,22 @@ Without elaborating here, I hacked looqs because I was not satisfied with the st
Originally a set of CLI python scripts, it is now written in C++ and offers a GUI made using Qt. While a "web app" would have been an option, I prefer a desktop application for something like looqs. I chose Qt because I am more familiar with it than with any other GUI framework. To my knowledge, potential alternatives like GTK do not include as many "batteries" as Qt anyway, so the job presumably would have been harder there.
[CONTRIBUTING.md](CONTRIBUTING.md] contains the instructions on how to submit patches etc.
[CONTRIBUTING.md](CONTRIBUTING.md) contains the instructions on how to submit patches etc.
## Security
The architecture ensures that the parsing of documents and the preview generation is sandboxed by [exile.h](https://github.com/quitesimpleorg/exile.h). looqs uses a multi-process architecture to achieve this.
Qt code is considered trusted in this model. While one may criticize this, it was the only practical solution. looqs uses its serialization mechanism and other classes to communicate between the non-sandboxed GUI process and the sandboxed processes.
Qt code is considered trusted in this model. While one may critize this, it was the only practical solution. looqs uses its serialization mechanism and other classes to communicate between the non-sandboxed GUI process and the sandboxed processes.
## Database
The heart is sqlite, with the FTS5 extensions behind the full-text search. I definitely did not
The heart is sqlite, with the FTS5 extensions behind the full-text search. I definitly did not
want to run some heavy Java based solutions. I explored other options like Postgresql, I've discard them due to some limitations back then.
Down the road, alternatives will be explored of course if sqlite should not suffice anymore.
## File format support
The pdf library is libpoppler. Files such as .odt or .docx documents are opened with libquazip. The XML files in there are not parsed,
looqs simply strips the tags and that seems to work fine so far. Naturally, this is not the "proper way", so there is room for improvement maybe here. However, those file formats are not a huge priority for me personally. libuchardet does encoding detection and conversion.
looqs simply strips the tags and that seems to work fine so far. Naturally, this is not the "proper way", so there is room for improvement maybehere. However, those file formats are not a huge priortiy for me personally. libuchardet does encoding detection and conversion.
Naturally looqs won't be able to index and render previews for everything. Such approach would create a huge bloated binary. In the future, there will be some plugin system of some sorts, either we will load .so objects or use subprocesses.

View File

@ -30,7 +30,7 @@ There is no need to write the long form of filters. There are also booleans avai
## Current status
Last version: 2022-06-0X, v0.1
Last version: 2022-06-06, v0.1
Please see [Changelog](CHANGELOG.md) for a human readable list of changes.

View File

@ -23,19 +23,23 @@ void enableIpcSandbox()
qCritical() << "Failed to init policy for sandbox";
exit(EXIT_FAILURE);
}
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
policy->namespace_options = EXILE_UNSHARE_USER | EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_NETWORK;
policy->no_new_privs = 1;
policy->drop_caps = 1;
policy->vow_promises =
exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl error");
policy->mount_path_policies_to_chroot = 1;
QString ipcSocketPath = Common::ipcSocketPath();
QFileInfo info{ipcSocketPath};
QString ipcSocketPathDir = info.absolutePath();
std::string stdIpcSocketPath = ipcSocketPathDir.toStdString();
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, stdIpcSocketPath.c_str());
/* ALLOW_EXEC is needed for fallback, not in landlock mode. It does not allow executing anything though here
* due to the vows */
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_EXEC, "/");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE | EXILE_FS_ALLOW_EXEC,
stdIpcSocketPath.c_str());
int ret = exile_enable_policy(policy);
if(ret != 0)
{
@ -61,7 +65,7 @@ int main(int argc, char *argv[])
qDebug() << "Launching IPC Server";
if(!ipcserver->startSpawner(socketPath))
{
qCritical() << "Error failed to spawn";
qCritical() << "Error failed to spawn" << Qt::endl;
return 1;
}
qDebug() << "Launched IPC Server";