gsoc:google-summer-code-2024-openprinting-projects
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
gsoc:google-summer-code-2024-openprinting-projects [2024/02/11 13:41] till [Videos/Podcasts] |
gsoc:google-summer-code-2024-openprinting-projects [2024/02/26 17:12] till |
||
|---|---|---|---|
| Line 215: | Line 215: | ||
| Code License: Apache 2.0, MIT, GPL-2+ and LGPL-2+ | Code License: Apache 2.0, MIT, GPL-2+ and LGPL-2+ | ||
| + | |||
| + | =====Integrating C-based OpenPrinting projects in OSS-Fuzz testing===== | ||
| + | |||
| + | 1 contributor full-size (350 hours), Level of difficulty: Intermediate | ||
| + | |||
| + | [[https://google.github.io/oss-fuzz|OSS-Fuzz]] is a project aimed at finding vulnerabilities in open-source projects that are critical to the Internet infrastructure. It is powered by Google and was initiated in response to [[https://heartbleed.com|Heartbleed]], an OpenSSL vulnerability that could have been discovered with classic vulnerability discovery techniques. The codebases integrated into OSS-Fuzz are run multiple times with randomly crafted inputs in an approach called fuzzing. | ||
| + | |||
| + | Most of OpenPrinting's code is written in C, which is susceptible to memory corruption bugs. OpenPrinting's projects do not use fuzzing, with a single exception: CUPS has a [[https://github.com/OpenPrinting/cups/blob/master/cups/fuzzipp.c|custom fuzzer]] run when testing the build, for a fixed number of iterations. | ||
| + | |||
| + | Due to the compatibility of C projects with OSS-Fuzz, we would like to abandon the existing fuzzer and integrate the following C-based OpenPrinting projects into OSS-Fuzz (projects in priority order): | ||
| + | |||
| + | * CUPS | ||
| + | * libcups | ||
| + | * cups-local | ||
| + | * cups-sharing | ||
| + | * libcupsfilters | ||
| + | * cups-filters | ||
| + | * cups-browsed | ||
| + | * PAPPL | ||
| + | * cpdb-libs | ||
| + | * cpdb-backend-cups | ||
| + | * libppd | ||
| + | * pappl-retrofit | ||
| + | |||
| + | The purpose is to use the Google Summer of Code timeframe to create a mature OSS-Fuzz integration that maximises the number of fuzzed projects and fuzzing efficiency, as measured by coverage and execution speed. | ||
| + | |||
| + | The contributor should work on: | ||
| + | |||
| + | * Coordinating with OpenPrinting which projects have highest priority and also which functionality of them, to get the best from the limited GSoC time | ||
| + | * Creating Docker-based build environments | ||
| + | * Writing libFuzzer fuzz targets | ||
| + | * Creating a corpus of data | ||
| + | * Understanding and implementing the [[https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/|OSS-Fuzz best practices]] | ||
| + | * Coordinating with the OpenPrinting developers to patch the vulnerabilities found by OSS-Fuzz | ||
| + | * Analysing the found vulnerabilities and interpreting their details to deduce vulnerability classes that can be mitigated in bulk. | ||
| + | |||
| + | Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), George-Andrei Iosif, Security Engineer at Canonical (andrei at iosif at canonical dot com, further members of Canonical's Security Team TBD | ||
| + | |||
| + | Desired knowledge: C, fuzzing | ||
| + | |||
| + | Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | ||
| + | |||
| + | =====Official OCI containers (Docker, ROCKs, podman, ...) of CUPS and Printer Applications===== | ||
| + | |||
| + | 1 contributor full-size (350 hours), Level of difficulty: Intermediate | ||
| + | |||
| + | [[https://ubuntu.com/blog/ubuntu-core-an-immutable-linux-desktop|Immutable desktop operating system distributions]] are currently one of the most talked about subjects in free software. There is barely passing a week where one does not hear about any new distribution of this kind. | ||
| + | |||
| + | Immutable distributions are made up of a read-only (immutable) core file system and applications are installed also as immutable container images. This gives more ease of use, reliability, and security, as the file systems cannot be modified and messed up, but instead, only replaced and updated as a whole, and also each application is in its own security capsule not being able to access any of the other applications or the system. This practice is commonplace on smartphones and got overtaken to PCs. | ||
| + | |||
| + | On most immutable distributions, one installs desktop applications in the [[https://flatpak.org/|Flatpak]] format. This gives a huge choice of apps, but Flatpak cannot be used for GUI-less system applications and daemons. The solution for adding this type of software is the use of an alternative container format. And here [[https://opencontainers.org/|OCI containers]] are the solution. The container images can be downloaded from app-store-alike services like the [[https://hub.docker.com/|Docker Hub]] and be installed an run via [[https://www.docker.com/|Docker]], [[https://podman.io/|podman]] or similar. | ||
| + | |||
| + | If you have a look at the Docker Hub you will find several container images for CUPS, but none of them is the official one, none of them comes from OpenPrinting. This makes the choice difficult, to find the most suitable one and also not get hit by a malicious one. So an official OCI container of CUPS is the first thing we need, to be able to have always the latest release of CUPS, directly from its developers. | ||
| + | |||
| + | Another point is how to add printer and scanner drivers to immutable distributions. For this we also need containers of Printer and Scanner Applications. | ||
| + | |||
| + | The contributor's task is to create these containers and infrastructure and scripting to ease their maintenance, like for example update automation when for one or another of their components a new upstream version is released, or for automated test building and testing. | ||
| + | |||
| + | There are tools for creating such images, for example [[https://discourse.ubuntu.com/c/rocks/|rockcraft]] which uses build instruction files similar to Snap (see this [[https://events.canonical.com/event/31/contributions/228/|workshop]]: [[https://events.canonical.com/event/31/contributions/228/attachments/132/209/%5Bslidedeck%5D%20Container%20craftsmanship_%20from%20a%20Pebble%20to%20a%20ROCK.pdf|slides]], [[https://www.youtube.com/watch?v=BDXZxp3aFBY|video]]) and so we can use our [[https://github.com/OpenPrinting/cups-snap/|CUPS Snap]] as base, but we will not require the contributor to use a special, given tool. | ||
| + | |||
| + | Desired knowledge: Shell, Python, packaging, immutable OS distributions, GIT | ||
| + | |||
| + | Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | ||
| =====Replace QPDF by PDFio as PDF manipulation library in libcupsfilters (cfFilterPDFToPDF() filter function and others)===== | =====Replace QPDF by PDFio as PDF manipulation library in libcupsfilters (cfFilterPDFToPDF() filter function and others)===== | ||
gsoc/google-summer-code-2024-openprinting-projects.txt ยท Last modified: 2024/04/01 09:28 by till
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
