KSecret Service just created its first secrets file

Greetings from Randa!

Take a look at this:

Well, this is the first secrets file ever created with KSecret Service, and it happened here, in Randa. For the impatient – just hold your keyboards, the code is not yet ready. The tests are still failing, but items started to appear on disk, encrypted with libgcrypt.

Stay tuned and meanwhile remember, the fund raising campaign for KDE Sprints is still ongoing. Please consider to donate by clicking the banner below to make coding sprint like this one possible.
KDE sprints 2015 fundraiser campaign

Next week I’ll be in Randa

Since Akademy 2015 KSecrets Service development continued. I did lots of code cleanup. The async API now uses QFuture and the secrets file backend, based on libgcrypt, was added. Tests are there to confirm it’s not yet working. ๐Ÿ™‚

One week from now I’ll be in Randa. The hacking ambiance will surely help to hopefully get a first pre-alpha version of the service. I also look forward to peer reviews and feedback on this new codebase.

This kind of events is made possible by our generous donors. If you’d like to join them and donate, helping the KDE community and me, then just click the image below:
KDE Sprints Fundraiser

Goodbye Akademy 2015, See You Randa 2015

OK, Akademy 2015 ended last week. This is my second Akademy, though the first full one.

A Coruรฑa is located on the Atlantic front and on my way there, I encountered rainy spots and the rain was a familiar one for me, after having lived several years in northern France (Paris and Pays de la Loire). But this time I actually found it quite enjoyable, knowing that I left behind a 39ยฐ-heated Lyon. So, yes, A Coruรฑa is warmer than what we could encounter in other parts of Spain. I shared my car with Sandro KnauรŸ, who came to Lyon from Germany by train, so the one full-day trip was quite nice, KDE hacking-oriented. But be assured, we were also able to talk lots of other topics.

The venue and the hosting in Rialta were just perfect. The local team did an awesome job when organizing the event. They had it all: welcome party – we arrived at the right moment for the Queimada – sponsored food during the week-end (thanks Blue Systems), essential goodies (they carried the VIM T-shirt), “social event” – that was really a party where I had an excellent time -, the day trip and all the schedules which weren’t difficult to follow. Rialta has free swimming pool and I actually managed to use it.

Akademy is about KDE technology but also about meeting like-minded people. Getting along together is really easy, language barrier took apart, and I actually really enjoyed just sitting there and hacking with others, then having a beer or discussing technical issues or ideas. I already miss these spontaneous late evening hacking moments.

Speaking about KDE technology, we are at a turning moment, with Plasma Mobile becoming available. KDE is now ready to take on the mobiles platforms and that’s pretty cool. I look forward to the moment when I’ll have a Linux smartphone running both KDE software and Android applications (with Shashlik, bien-sur). I’ll do my best to help and I already plan to support KSecrets Service on mobile.

KSecrets Service had it’s own BoF. The updated slides are here. I’m working right now in implementing it and that would bring us to Randa, where I intend to continue even further and hopefully I’ll even have a working version by that time.

Randa is a great location for hacking. In fact, no, not Randa, but the venue in Randa is quite perfect for that ๐Ÿ™‚ They have that big room under the roof, upstairs, where I look forward to hack, between some BoF’s or swiss meals. Some people who couldn’t make it to Akademy will go to Randa, so I look forward to meeting them there. Oh, and if you can, please help them getting there by the means of a small donation.

Finally, but not less importantly, I’d like to thank KDE e.V. and the sponsors for organizing these events and for providing travel reimbursement.

KWallet needs a serious face-lift ; enter KSecret Service

Users are often confused by the current KWallet system behavior. When their computers start, they enter the KDE session password but just after logging-in, they are prompted yet another password, for something named KWallet. Sometimes, they even see several password prompts from KWallet, depending on their precise desktop configuration.

Some users find that annoying and they file bug reports or, even worse, simply uncheck the “Enable the KDE wallet subsystem” in an attempt to deactivate it as a whole and switch to using some other external tools. Well, these tools are OK, but the KDE experience is affected, as the applications are no longer able to correctly store and retrieve their secrets. And that raises the barrier to entry for some of our potential users, adding negative points against KDE.

The remaining users have now several devices and would like to have their passwords synchronized all over these devices. They won’t find this kind of function and they’ll start using some other external tools, providing cross-device synchronization. That’s another bad point for the KDE experience.

Finally, more advanced users would like to know where their wallet data is stored and they would like to be able to put their wallets in some places of their choice, perhaps in an owncloud synchronized directory.

Enter KSecret Service!

The KDE Wallet system has some design flaws (I’ll write more on that in the future, but right now my post risk to get too long) affecting the security and should be replaced ASAP. Back in 2008 and until or 2011 an initiative was taken by the former KDE Wallet maintainer Michael Leupold and Stef Walter from GNOME to create a Freedesktop.org interface aiming to replace it. It’s called “Secret Service” and the draft may be found here: http://standards.freedesktop.org/secret-service/

This interface is already implemented by GNOME keyring and AFAICT KDE should also implement this interface if it wanted to enhance users experience.

All these points will be addressed by a new system, aiming to replace KWallet. It’s name is already known – KSecret Service.

I’m in the process of (re)defining it’s architecture and I’ll post it, for feedback, on the KDE developer mailing list as soon as I’ll get something stable enough. I cannot tell more right now – the post is already long enough – but it’s an ambitious plan! And I’m sure you’ll like it!

KDE4/KF5 Coinstalability and the KWallet

Plasma 5 is about to become part of the mainstream Linux distributions, and we are getting more and more feedback about this new platform. This blog post is a reaction to this increasing feedback from our users.

Plasma5 introduces the KDE Frameworks 5 platform (or KF5) which uses Qt5 as it’s foundation. This new platform aims to replace the legacy KDE4 platform, which was mainly the old monolithic kdelibs. More and more applications got ported to this new platform. Just stay tuned with the next release announcement, which is imminent. However, some applications, and among them some important ones, are not yet ported to the KF5 platform. And this brings on, or more appropriately reminds, the coinstalability matter.

Back in time, KWallet was split from kdelibs and the KF5/KWallet Framework has been created. This is the API part. For non-programmers, this part is the one used by the applications to store the passwords or other secrets into the KDE Wallet System. The applications that were ported to KF5 are now using the new KF5/KWallet framework.

The KDE Wallet System has two other components. The KWalletManager users know very well and the background service, kwalletd, that actually do the work and securely store the secrets on disk. In KDE4, these two components lived in two other places: kdeutils/kwalletmanager and kde-runtime/kwalletd. This separation has always been somewhat confusing and the decision was made to bring the runtime component inside KF5/KWallet framework. This runtime component has also been ported to Qt5. And the coinstalability constraint led us to rename it to kwalletd5. So the applications that were ported to KF5 are now using kwalletd5 behind the scenes, as the KF5/KWallet framework connects to this new runtime.

The KWalletManager was not accepted for inclusion in the KF5/KWallet framework and it still lives under kdeutils. It has been ported to KF5/Qt5 under the branch named “frameworks”. Same coinstalability constraints were applied, so building KWalletManager from this branch yields kwalletmanager5. This KWalletManager5 would connect, via the KF5/KWallet framework, to the new kwalletd5.

But what happens to the passwords from my KDE4 installation?

There are two possible cases where users are going from KDE4 to Plasma5 and the KF5-based platform. The more usual is the upgrade path. Others may opt for clean install. I’ll address the two cases here, and I’d recommend the upgrade path, as it requires the least user interaction.

When upgrading, your system will get kwalletd5 along with the existing kwalletd. kwalletd5 is designed to detect an existing kwalletd via D-Bus upon starting-up and, if it finds it, it’ll trigger the migration wizard. I already blogged about it: KWallet for Plasma 5 now automatically migrates KDE4 wallets!

If you rather decide to do a clean install, you’ll get kwalletd5. Odds are you’ll also get kwalletd as the Linux distributions would decide to keep it, to let run the still-to-be-ported to KF5 applications. If the home directory was preserved during the installation, then the system should go to the upgrade state upon kwalletd5 start-up, as the kwalletd5 would detect the kwalletd, which in turn would find your old wallets. So you should get the migration wizard triggered, and your passwords should land into kwalletd5.

If you opt for a clean home directory along the new install, then you’ll want to export your wallets prior to reinstalling the system. Then re-import your wallets both in KWalletManager and KWalletManager5! As such, applications still using the KDE4 infrastructure will find your passwords.

As long as you’ll continue using KDE4 applications, you’ll have to maintain the two copies of your wallets. But I expect that this would not last as the applications are being quickly ported to KF5. I agree that’s not very convenient, but I’ll add that I already managed to uninstall the old kwalletd, so you should also get there anytime soon.

What about the Chrome or Firefox integration?

Firefox is now compatible with KF5/KWallet, read the announcement on the blog of Andreas Scarpino here

Chromium is not yet compatible AFAIK. Feel free to file a bug report on their bug-tracking system here if you want it brought to you.

In conclusion

I hope that this rather long blog post would bring some light on the new KF5-base KWallet infrastructure. I’d like to thank users that file bugs and by doing this let us improve our software.

KWallet for Plasma 5 now automatically migrates KDE4 wallets!

Next time you’ll start your updated Plasma 5 session’s KDE Wallet system, it’ll eventually start migrating your wallets. The precondition is that you’re doing that on a system that also has KDE4 and that you previously used that installation’s KDE Wallet system. If your system doesn’t have a KDE4 wallet daemon, then nothing will happen.

Simply follow the instructions of the wizard that’ll popup. If you accept the migration option, then for each of your existing KDE4 wallet you’ll be :
– prompted with a new Plasma 5 wallet creation wizard – that’ll eventually be the moment to switch to GPG wallets ๐Ÿ˜‰
– eventually prompted for the old wallet’s password, it the old daemon didn’t had it already opened by some other KDE4 program.
The migration assistant will preserve wallet names and wallet internal structure.

As usual, do not hesitate to file bug reports if you encounter any problem!

A final note about those who installed KDE4 in a prefix that’s not /usr. Please ‘ln -s [your kwalletd location] /usr/bin/kwalletd’ in order to let the migration agent correctly find and start the KDE4 daemon. Without that, it’ll not trigger the migration. (yes, that’s a quick hack, but it works).

Starting KF5 using the I3 window manager

Lately I started experimenting several tiling window managers, and I settled on I3 (see its Official site and the corresponding ArchLinux wiki page)

I now plan to return hacking KF5 and I’d like to use this tiling manager. In KDE4 I simply used the “Default Applications” control module from “System Settings” to choose i3, after adding the right i3.desktop file. However, with KF5 that will not be enough. For some reason kwin will still be loaded. (And BTW, the new kwin looks really great. I also like the new plasma desktop very much, but it won’t fit my workflow, as I prefer tiling WMs paradigm) Today I started searching a quick way to workaround that and here it is what I did.

Firstly, create the $KF5/share/ksmserver/windowmanagers/i3.desktop file with this contents:

[Desktop Entry]
Comment=Highly configurable framework window manager

Then edit the file ~/.config/ksmserverrc and modify the windowManager line from the [General] section:

# other lines ommited

Alternatively, you can use the “Default Applications” control module from KF5 System Settings to change the window manager to i3.

Finally, here is the little bit that made it. Modify the KF5 startup script to define the KDEWM environment variable. It should read like this:
export KDEWM=/usr/bin/i3

Here is how:
On my system, I’m using kdm. For it to start a KF5 session, I created /usr/share/config/kdm/sessions/kf5.desktop with this contents:

[Desktop Entry]

As you can see, my KF5 is installed in /home/kde5 (others may have it in /opt/kf5). The start-up script, named ‘start-kde’ simply sets the righ environment variables, calls ssh-agent and gpg-agent, then calls startkde from KF5. I added the export KDEWM=/usr/bin/i3 line into this script.

Quit your current session, choose the KF5 session in KDM and enjoy I3 with KF5!

I’ll now return to tinkering it, as some adjustments still need to be done ๐Ÿ™‚

Oldies but goodies! Welcome back to VRCOM!

Yesterday I just created a new repository on github and pushed a new awesome library ๐Ÿ˜‰ This library is an LGPL alternative to MS ATL Library. Yes, you read that correctly! I just pushed a library implementing a technology that’s more that 14 years old. I’m talking about Microsoft’s COM technology. I used to be an expert of that technology, back in 1999, and this library was my two cents about COM objects implementation in C++. See the readme file for more details of my motivations for writing this library. Please note that this library was successfully used in a production environment.

What pushed me to publish this? Well, it appears that Microsoft is slowly returning to COM. In my opinion WinRT is purely a new version of COM. That alone would not push me to create that repository. The trigger was someone on Google+ “C++ – Libraries & Frameworks” group asking if someone knew about an ATL alternative. And that started me. Why not help and share what I wrote at that time?

I managed to get on old CD with the sources, created the repo and directly pushed them. So, please expect them not to compile using modern MSVC. At that time I was a big fan of the templates (well, I still like them alot), a very new feature of the C++ language at that time. They were not clearly specified and the syntax varied heavily from one compiler to another. At that time I stick with MSVC compiler syntax. But I think that’ll be not so hard to adjust them for the current technology. I cannot do that myself, because I no longer use Windows nor I have MSVC on my computer. I only tried Visual C++ Express Edition in a virtual machine, but please accept I don’t plan to maintain this library. I published it only to help and lower the entry barrier for those who want an ATL alternative. And it would be awesome if someone there would update this library and maintain it. Just drop me a line and we’ll arrange for the commit rights on the github repository.

Here is the repository link for the VRCOM library : https://github.com/valir/vrcom

svnmerge2.py – A tool for SVN merge operations

Well, SVN is not yet dead. Enterprise world still uses it, or at least it’s still used at my workplace ๐Ÿ™‚

When it comes to merging, one has the choice of TortoiseSVN or svnmerge from Orcaware. Each of these has their drawbacks. For example, TortoiseSVN is very mouse-intensive, so it’s click-error prone (yes, yes). The script from Orcaware is somewhat strict, and it even requires one to use it from the very beginning of the project. But what if you didn’t use it at that time? So, how to get a small improvement to this situation? Enter svnmerge2.py. I put the sources on, well, GitHub! ๐Ÿ˜‰

There are instructions in both French and English. However, the script only shows French strings. I plan to add English translation later, when I’ll have some spare time. Meanwhile, if you need it, feel free to translate it and add a pull request on GitHub. I’d be glad to integrate it.