Friday, August 26, 2016

GNOME Keysign - GSoC 2016 Final Report

Modernising GNOME-Keysign

As GSoC 2016 came to end,  here's what happened to this project over the summer. I have created a separate 'gsoc' branch with details about the implementation [1]. There's also a readme file that shows a more detailed list with the tasks.

To summarize my work for this summer, here's what I've did:

  • I've re-created the GUI using Glade and Gtk Builder. This improves the user experience and makes the codebase more robust.
  • I've improved the app logic by adding states and transition phases that will give users more feedback about what happened. 
  • I've ported most of the functionality from the old app to the new one. The 'key download' and 'key sign' functionalities are still missing, but I'm hoping to have them added by the end of this week. 
  • Packaging the app. I've done this using the python setuptools module. It should take care of most of the dependencies, the problem is that some of them are not in the 'cheese shop' (like avahi and pygobject). 
  • Package the old app using flatpak. 

What will happen after GSoC

We want modularity between the widgets to be able to run each of them individually. Now that the GUI is constructed with Gtk.Builder, we can split the classes better, to follow a loose coupling design.

With the help of my mentor Tobias Mueller and flatpak people, we managed to have a flatpak bundle which anyone can install without caring too much of the dependencies [2]. After downloading the bundle , you can do `flatpak --user install --bundle` on that file and it will install it.

You can also copy the manifest file and the makefiles from here [3], and build the app them using:

flatpak-builder --force-clean -v --repo=/tmp/fb.repo /tmp/fpbuilder org.gnome.Keysign.json
flatpak remote-add --user gks /tmp/fb.repo
flatpak install --verbose --user gks org.gnome.Keysign

For me it remains to package the new app using flatpak, after I'm done adding the rest of the functionality.

This was GSoC 2016!  I was grateful to have a chance to work again on this project, and I hope people will be more interested about it. It's a nice tool to have when you're at some open source conference, after or before the conference you can exchange your OpenPGP keys with others in an easy and secure way.

Thanks for reading.


Monday, July 25, 2016

GNOME Keysign - Report #2 GSoC 2016

More than a week ago I blogged about the new GUI made with GtkBuilder and Glade [1].  Now, I will talk about what has changed since then with the GUI and also the new functionality that has been added to it.

I will start with the new "transition" page which I've added for the key download phase. Before going more in depth, I have to say that the app knows at each moment in what state it is, which really helps in adding more functionality.

The transition page will give user more feedback about the download status of a key, because in the old gnome-keysign GUI, when the download was interrupted the GUI didn't show anything. Now, the GUI is more explicit about the process:

If the download fails, the spinner widget stops and an error message is shown. If the download is successful, the app will auto-advance to the confirmation page and the user is presented with details for the key he's about to sign:

A few people noticed that I am displaying short key ids in the GUI. I want to say that the entire key fingerprint is used when authenticating a downloaded key. The other info shown in the GUI are just key details that I'm getting from GnuPG and I'm displaying in the interface.
Though, I will stop displaying the 8 chars ID , because user may be influenced somehow by this.

Other changes that have been done since the last post were:

  • added a "Confirm" button to sign a key
  • added a transition phase for the key signing also
  • implement the "Refresh" keylist button
  • minor GUI adjustments
  • use logging instead of print
  • improve code quality

Apart from these, one major change is the GPG functionality added to the new GUI. The file made by Tobias acts as a common interface for what gpg libraries we'll use in the future. For now, you can test the new GUI with your own keys on the gpgmh branch [2]. This requires having the 'monkeysign' package installed [3].

In the following week I'm adding the widgets for the QR code and the QR scanner, as well as making a simple script that will create a flatpack app.


Friday, July 15, 2016

GNOME Keysign new GUI and updates

As of now we have a new and better GUI for GnomeKeysign app which I've made using Glade3 and Gtk.Builder. The new user interface looks more sharp and integrates better with other gnome apps.

Here's are some windows comparison between the old GUI and the new one. The new GUI can be found on my github repo [1].

  • The app window for presenting User's own PGP keys



  • The window for presenting the fingerprint and QR code of the key

  • The window for scanning a QR code or type a key fingerprint

Thanks to Allan Day for the mock-ups which I've followed when creating the new GUI [2].

Some widgets aren't yet integrated, such as the QR code generator or the integrated webcam, but the base functionality of the GUI is working and the code for it looks more clean.

I've discovered that using Gtk.Builder and Glade is a better approach than coding the GUI manually, as I've done in the past GSoC. Also, the builder object gives a more robust way of separating the user interface from the application logic.

The future work is to finish connecting the remaining functionality with the new GUI, and afterwards make it use Flatpak [3].