Difference between revisions of "Google Summer of Code Ideas"

From Libvirt Wiki
Jump to: navigation, search
(Template)
Line 33: Line 33:
 
* Language: C
 
* Language: C
 
* Suggested by: Daniel Berrange</nowiki>
 
* Suggested by: Daniel Berrange</nowiki>
 +
 +
=== Integrate secrets driver with DEO ===
 +
 +
'''Summary:''' Provide encryption of secrets stored by libvirt, optionally using DEO to unlock the master key
 +
 +
The libvirt secrets driver currently stores secrets in base64 plain text files with the recommendation that the filesystem be backed by a LUKS encrypted block volume. This provides protection against offline compromise, but is far from ideal. Libvirt should have its own master AES key that it uses to encrypt the individual secrets files, instead of storing them in base64.
 +
 +
Of course there is a chicken & egg problem of how to store the master AES key itself. For this we should have the ability to integrate with DEO to allow the master key to be password protected on local node, having DEO decrypt it at libvirtd startup.
 +
 +
'''Links:'''
 +
* https://blog-ftweedal.rhcloud.com/2015/09/automatic-decryption-of-tls-private-keys-with-deo/
 +
* https://github.com/npmccallum/deo
 +
 +
'''Details:'''
 +
* Skill level: intermediate
 +
* Language: C
 +
* Suggested by: Daniel Berrange

Revision as of 14:25, 15 September 2016

This page contains project ideas for upcoming Google Summer of Code.

Template

=== TITLE ===
 
 '''Summary:''' Short description of the project
 
 Detailed description of the project.
 
 '''Links:'''
 * Wiki links to relevant material
 * External links to mailing lists or web sites
 
 '''Details:'''
 * Skill level: beginner or intermediate or advanced
 * Language: C
 * Suggested by: Person who suggested the idea

Suggested ideas

Test driver API coverage

Summary: Expand API coverage in the test driver

The test driver (as accessed via the test:/// URI scheme) is a fake virt driver designed to let applications test against libvirt with fake data and not have any effect on the host. As can be seen from the API coverage report http://libvirt.org/hvsupport.html there are quite a few APIs not yet implemented in the test driver. Ideally the test driver would have 100% API coverage, and so the goal of the project is to address gaps in the API coverage. The work is incremental, so does not matter if not all APIs are implemented as part of the project - any amount of expanded coverage is sufficient and useful.

Links:

Details:

  • Skill level: beginner
  • Language: C
  • Suggested by: Daniel Berrange</nowiki>

Integrate secrets driver with DEO

Summary: Provide encryption of secrets stored by libvirt, optionally using DEO to unlock the master key

The libvirt secrets driver currently stores secrets in base64 plain text files with the recommendation that the filesystem be backed by a LUKS encrypted block volume. This provides protection against offline compromise, but is far from ideal. Libvirt should have its own master AES key that it uses to encrypt the individual secrets files, instead of storing them in base64.

Of course there is a chicken & egg problem of how to store the master AES key itself. For this we should have the ability to integrate with DEO to allow the master key to be password protected on local node, having DEO decrypt it at libvirtd startup.

Links:

Details:

  • Skill level: intermediate
  • Language: C
  • Suggested by: Daniel Berrange