{{Header}}
{{title|title=
ToDo for Developers
}}
{{#seo:
|description=TODO
}}
{{devwiki}}
{{intro|
TODO
}}
= TODO DEV =
== kloak - Qubes support - consider using Qubes API for orchestration ==
* https://github.com/QubesOS/qubes-issues/issues/1850#issuecomment-2374908358

== kloak - Qubes support - implement kloak within qubes-gui-daemon ==
* https://github.com/QubesOS/qubes-issues/issues/8541#issuecomment-2377325699
* Ensure code is modular and can be easily broken out into a separate library or executable if requested by Qubes devs
* Use common code between standalone version and Qubes version to keep differences as small as possible (perhaps create libkloak?)

== auto-detect, prompt for potential root devices in case the root= device is misconfigured or missing ==
* https://github.com/dracutdevs/dracut/issues/2589
* if doable with reasonable effort please send a pull request to dracut-'''ng'''

== audio ==
=== audio generally ===
* https://forums.whonix.org/t/port-from-pulseaudio-to-pipewire-for-audio-support/16879/40
* please read, comment if something useful to share

=== VirtualBox Intel HD Audio and PipeWire Incompatibility / Audio broken after increasing ram to 5 GB / No sound after latest updates - PipeWire Bug? ===
* https://forums.whonix.org/t/virtualbox-intel-hd-audio-and-pipewire-incompatibility-audio-broken-after-increasing-ram-to-5-gb-no-sound-after-latest-updates-pipewire-bug/18211
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081965
* please investigate if doable with reasonable effort
* Tried switching between Pulseaudio and Pipewire on a booted VM, discovered I could "initialize" the speakers with Pulseaudio and then Pipewire would work thereafter
* Virtually certain this is an upstream bug, was able to reproduce with both Ubuntu 24.04 and Arch Linux.
* Suggest switching to AC97 audio (even Arch Linux defaults to this under Virtualbox).
* Need to investigate upstream code

== org.freedesktop.secrets implementation ==
https://forums.kicksecure.com/t/error-storing-passphrase-in-keyring-the-name-org-freedesktop-secrets-was-not-provided-by-any-service-files/582

== review and refactor meta packages ==

* https://github.com/Kicksecure/kicksecure-meta-packages
* https://github.com/Whonix/whonix-meta-packages
* please review, discuss
* purpose of this task is to address and (maybe required) refactoring, bug fixes in preparation for the future, maintainability, next task below

== Split the security-misc into security-misc-shared, security-misc-desktop and security-misc-server ==
* https://github.com/Kicksecure/security-misc/issues/187
* This is in preparation for the next task.

== Kicksecure Firewall ==
https://forums.kicksecure.com/t/kicksecure-firewall/378/10

== Meta Packages, Kicksecure, Whonix - Desktop versus Server ==
https://forums.kicksecure.com/t/meta-packages-kicksecure-desktop-versus-kicksecure-server/415

== Secure Mount Options for better Security Hardening ==
* review discussions, wiki
* comment
* improve the solutions research
* https://www.kicksecure.com/wiki/Dev/remount-secure
* https://www.kicksecure.com/wiki/Noexec
* https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707

== wipe video RAM ==
* add wipe video RAM support to [[ram-wipe]]
* maybe based on https://wiki.archlinux.org/title/Swap_on_video_RAM
* if doable with reasonable effort

== Tor 0.4.8.9 broken in combination with vanguards ==
* https://gitlab.torproject.org/tpo/core/tor/-/issues/40892
* write a script to use git bisect to auto test which commit introduced this issue
* if not done by upstream yet
* if doable with reasonable effort

== Implement live mode with 90overlayfs ==
* context: [[grub-live]]
* https://github.com/Kicksecure/grub-live
* https://github.com/Kicksecure/grub-live/blob/master/etc/grub.d/11_linux_live
* stop using 90overlay-root
* port grub-live to 90overlayfs
* This does not work in Bookworm, but does work in Trixie.
* Once Trixie is released and we're upgrading Kicksecure to it, switch modules. See https://github.com/dracutdevs/dracut/issues/1565#issuecomment-2378133277

== VirtualBox serial console ==
* {{CodeSelect|inline=true|code=
sudo apt install serial-console-enable
}}
* [[Recovery#Serial_Console|Serial Console]]
* causes bug (spam of journal)
* https://forums.whonix.org/t/serial-console-in-virtualbox/8021/13
* fixable? upstream bug report?

== KVM related ==
=== KVM - 3D Graphics Acceleration - SPICE - Testing - drm ===
	
* please test: https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_drm
* please mention your configuration (still using SPICE), quote Patrick and report here: https://forums.whonix.org/t/how-to-enable-3d-acceleration-in-kvm/16501/22
* test if DRM (direct rendering manager) is enabled as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_drm
* test performance as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_Performance

=== KVM - 3D Graphics Acceleration - Performance Test - Display SDL ===
	
* https://forums.whonix.org/t/how-to-enable-3d-acceleration-in-kvm/16501/22
* test SDL
* test if DRM (direct rendering manager) is enabled as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_drm
* test performance as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_Performance
	
=== KVM - 3D Graphics Acceleration - Performance Test - Display GDK ===
	
* https://forums.whonix.org/t/how-to-enable-3d-acceleration-in-kvm/16501/22
* test GTK
* test if DRM (direct rendering manager) is enabled as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_drm
* test performance as per https://www.whonix.org/wiki/KVM#3D_Graphics_Acceleration_-_Testing_-_Performance

== apparmor.d review ==
* https://github.com/roddhjav/apparmor.d
* https://forums.whonix.org/t/apparmor-d-full-set-of-apparmor-profiles-1500-profiles/17389
** review
* https://github.com/roddhjav/apparmor.d/issues?q=is%3Aissue+author%3Aadrelanos
** check ticket status
* lightweight security review
** conceivable or too much effort?

= WAITING ON =
== ISO - calamares encryption settings ==
* Can we use shell aliases or wrapper to influence cryptsetup default options to set strong encryption settings such as AES512 instead of only AES256?
* https://github.com/calamares/calamares/issues/1452
* or add a calamares feature so distro developers or users can configure the cryptsetup command line options in /etc/calamares

{{CodeSelect|code=
sudo cryptsetup --verbose --use-random --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random luksFormat <device>
}}

* distribution developers should control most if not all of that line
* "sudo" - is probably a given since cameras runs as root.
* "cryptsetup" - maybe a distribution wants to use a wrapper.
* "--verbose --use-random --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random" these are certainly options which a distribution should be able to decide.
* "luksFormat" -
* "<device>" - probably provided by calamares through a variable

Based on theoretic considerations only. Since calamares uses a library to use cryptsetup (?) it may not be as simple for a distribution to set these command-line options?

* Requires support in libkpmcore first, did research and started discussion at https://discuss.kde.org/t/making-libkpmcores-luks2-settings-more-secure/21764 to get the ball rolling

== kloak - add support for /dev/input/mice ==
* VM has no /dev/input/mouseX
* VM has only /dev/input/mice
* kloak ignores /dev/input/mice.
* (user reported using a Ubuntu 24.4 VM)
* kloak only uses /dev/input/eventX devices by design, these are provided by the evdev driver and seem like they should always exist
* Could not reproduce issue with QEMU using either Kicksecure or Lubuntu 24.04 - /dev/input/eventX devices for mouse always exist, as do individual /dev/input/mouse devices. Need to know what hypervisor was in use to test further

Patrick:

* asked user about which VM. waiting for reply.

== kloak - add Qubes support ==
* review to understand the history:
** https://github.com/QubesOS/qubes-issues/issues/1850
* [https://github.com/QubesOS/qubes-issues/issues/8534 enable qvm-service gui-agent-virtual-input-device for Whonix-Workstation App Qubes by default]
** https://github.com/QubesOS/qubes-gui-agent-linux/pull/194
** https://github.com/QubesOS/qubes-app-linux-input-proxy/pull/30
* notify https://github.com/vmonaco/kloak/issues/74

Aaron:

* Final implementation needs orchestration, asked for advice from Qubes OS devs at https://github.com/QubesOS/qubes-issues/issues/1850#issuecomment-2374908358
* May also implement as part of GUI daemon, see https://github.com/QubesOS/qubes-issues/issues/8541#issuecomment-2377325699

= REVIEW PLEASE =
== live-build dracut test ==
* from a Debian perspective (because Kicksecure will start using it at some point) by building an ISO
* please test and notify upstream about your test results
* https://salsa.debian.org/live-team/live-build/-/merge_requests/353
* does the ISO have the "ISO - error message during boot: mount: /sysroot: special device LiveOS_rootfs does not exist" issue? (related to task below)
* Trixie and Bullseye both work well, Bookworm fails to boot with a sysroot mount failure. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082891

== ISO - error message during boot: mount: /sysroot: special device LiveOS_rootfs does not exist ==
* https://forums.kicksecure.com/t/iso-error-message-during-boot-mount-sysroot-special-device-liveos-rootfs-does-not-exist/418
* fixed in https://github.com/ArrayBolt3/derivative-maker/commit/894d0657b7cd69370d67759709fff166d469cc37
** Patrick: needs further work as discussed
** Patrick: please no modules in derivative-maker (if needed needs to be in a package)
** Patrick: please track down root cause
* Root cause found, reported at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082891

= ARCHIVED =
== unbootable system after installing dracut on a standard Debian installation ==
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078792
* Caused by a missing dracut dependency, "systemd-cryptsetup", see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078792#15
* Bugfix tested, works
* Merge request in Debian at https://salsa.debian.org/debian/dracut/-/merge_requests/37

== grub-live with 90overlayfs ==
* context: [[grub-live]]
* https://github.com/Kicksecure/grub-live
* https://github.com/Kicksecure/grub-live/blob/master/etc/grub.d/11_linux_live
* stop using 90overlay-root
* port grub-live to 90overlayfs

<pre>
## dracut support
## https://www.kicksecure.com/wiki/Grub-live#Developer_Information
##
## using Debian forked upstream module 90overlay-root (tested)
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rootovl"
</pre>

Comment out.

<pre>
## using dracut upstream module 90overlayfs (untested)
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.live.overlay.overlayfs=1 rd.live.overlay.readonly=1"
</pre>

Comment in. Test. Fix if required. Report issues upstream to dracut.

If there are bookworm related issues, please test on trixie.

No backport required. The rationale of this task if to get away from Debian (fork) specific 90overlay-root to 90overlayfs one day. trixie is early enough since there are no major issues in the current implementation but might be in trixie if we don't port.

This works on Trixie - generate an initrd with the <code>overlayfs</code> module added, then boot with <code>rd.live.overlay.overlayfs=1</code> on the kernel command line. '''The <code>rd.live.overlay.readonly=1</code> parameter is unnecessary''' and should be removed - it's for systems where you have an immutable base filesystem and a persistent overlay, and you want to make the overlay read-only, putting another overlay on top of it.

This does '''not''' work on Bookworm - the overlayfs module script is simply not run despite being present. It's possible to drop to a rescue shell using <code>rd.break=mount</code> on the kernel command line, then run the script manually - this works, but is obviously not practical.

comment: [https://github.com/dracutdevs/dracut/issues/1565#issuecomment-2378133277 Boot Existing, Usual Linux Installation from Hard Disk in Live Mode / read-only mode with dracut #1565]

== dracut - test dracut without systemd ==
* as discussed earlier
* as it might fix the issue below
* Works, implemented as https://github.com/ArrayBolt3/derivative-maker/commit/894d0657b7cd69370d67759709fff166d469cc37
** Patrick: not going for this solution (as we would be the odd distribution out not using systemd in dracut, to avoid bugs as a result of that)
** Patrick: instead merged with task [[Dev/todo#ISO_-_error_message_during_boot:_mount:_.2Fsysroot:_special_device_LiveOS_rootfs_does_not_exist|ISO - error message during boot: mount: /sysroot: special device LiveOS_rootfs does not exist]]

== kloak - memory leaks ==
* chatgpt suggests...
** struct entry in main loop might not be freed
** n1 = malloc(sizeof(struct entry));
** please check for other variables (specifically in main loop) which might not be freed
* Double-checked just in case, this had been previously checked in my own ChatGPT code review and doesn't appear to be a problem. Entry items are created and stored temporarily in <code>*n1</code>, then queued. Those items are later assigned to the <code>np</code> variable and then freed in the event release loop (<code>free(np)</code>). The only edge case where I can see this going wrong is if kloak gets stuck and stops delivering events, which would also freeze the keyboard and make the user very likely to immediately termiante kloak.
* The other variable which ChatGPT warned me of is pfds, which is very clearly freed when the loop exits, needed throughout the loop's entire lifetime, and which will be automatically freed if the loop is terminated since terminating the loop terminates the whole program.

== kloak - Qubes support - read and comment in Qubes kloak in dom0 ticket ==
* https://github.com/QubesOS/qubes-issues/issues/8541
* please read
* please consider related to previous Qubes kloak work, communicate with Qubes
* consider future wayland support
* note: kloak doesn't necessarily need to run in dom0. Even if it "only" runs in a VM is a big win. Final decision is up to Qubes. This is yet to be discussed, decided.
* Added comment at https://github.com/QubesOS/qubes-issues/issues/8541#issuecomment-2377325699

== ISO - must choose encrypt vs not encrypt. Empty default setting ==
* https://forums.kicksecure.com/t/iso-no-default-for-encryption-on-off-user-should-choose-explicitly/567
* Done via https://github.com/ArrayBolt3/live-config-dist/commit/410c62e664e7d1387e7c013867242838ff2cb912
* Also discovered and offered a fix for https://github.com/calamares/calamares/issues/2375 while working on this

== kloak - update readme ==
* Please make sure compilation instructions are OK.
* Please check/fix readme.
* https://github.com/ArrayBolt3/kloak/commit/4bbdf38cc6c6f9162348d9b23deef3169f8465b8

== kloak - fix debug symbols ==
=== W: kloak-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/3a/ae8c705abefbd590d2206221eea4c2abd90cf4.debug] ===

<pre>
N: 
N:   The binary is installed as a detached "debug symbols" ELF file, but it
N:   does not appear to have debug information associated with it.
N:   
N:   A common cause is not passing -g to GCC when compiling.
N:   
N:   Implementation detail: Lintian checks for the ".debug_line" and the
N:   ".debug_str" sections. If either of these are present, the binary is
N:   assumed to contain debug information.
N: 
N:   Please refer to Bug#668437 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: binaries/debug-symbols/detached
N: 
N:
</pre>

* ISO build giving warning about missing debug symbols, advises adding <code>-g</code> flag to gcc commands
* Should be resolved by https://github.com/ArrayBolt3/kloak/commit/29477f98d1192ced4fb0e630c07dbd8b97942d22

== read Dev bash wiki page ==
* https://www.kicksecure.com/wiki/Dev/bash
* might be already known, just in case
* checked it, bookmarked it, some of the issues mentioned there were things I hadn't thought of before (like <code>echo '-e'</code> failing or security risks from failing to use <code>--</code> to signal end of options)

== haveged test suite passes even if only 1s are produced? ==
* please try to reproduce
* comment on the ticket
* https://github.com/jirka-h/haveged/issues/81
* Doesn't appear to be an issue, tweaking the generator to output only 1s results in test failures, see https://github.com/jirka-h/haveged/issues/81#issuecomment-2372664967

== oomd ==
* please comment in case you have any useful input. otherwise nvm.
* https://forums.kicksecure.com/t/consider-installing-systemd-oomd-by-default/223
* Left comments at https://forums.kicksecure.com/t/consider-installing-systemd-oomd-by-default/223/4

== ISO - Install to system desktop icon: maximize window ==
* https://forums.kicksecure.com/t/install-to-system-desktop-icon-maximize-window/419
* Fixed with https://github.com/ArrayBolt3/live-config-dist/commit/ab8a7e1829f7050882385488a67e9a316a9270fd

== gpg sign all your future git commits ==
* similar to https://github.com/onionshare/onionshare/issues/221
* arraybolt3: enabled permanently in Git settings

== add gpg key to your github ==
* Currently in github commit history your keys still show up as unverified.
* https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account
* This is a personal decision for each developer. Some don't want to do it as it might cause a false sense of security letting github verify the gpg key. In case you don't wish to do that, this is OK too.
* arraybolt3: Added to Github, doesn't pose any particular problem for me.

== Add python3 dependency to mediawiki-shell package ==
* Lintian error during build of Kicksecure ISO from derivative-maker commit 8fa4ba76: "E: mediawiki-shell: python3-script-but-no-python3-dep /usr/bin/python3 (does not satisfy python3:any | python3-minimal:any) [usr/bin/mw-urlencode]"

== seccomp debugging documentation ==
copy notes on seecmop debugging from https://github.com/Whonix/kloak/pull/1 to https://www.kicksecure.com/wiki/Seccomp

(so in the future when this is happening, we can link to the documentation so users get an idea how to debug and fix this)

just briefly similar to the pull request

== autostart systemd user unit xdg-desktop-portal ==
* [[Dev/audio#mod.rt:_Can.27t_find_org.freedesktop.portal.Desktop._Is_xdg-desktop-portal_running.3F|mod.rt: Can't find org.freedesktop.portal.Desktop. Is xdg-desktop-portal running?]]
* https://github.com/Kicksecure/desktop-config-dist
* note: is a systemd user (not system) unit
* using systemd preset

== kloak - add configuration option to disable rescue key ==
* user reported that some hotkeys aren't functional due to kloak rescue key.
* suggested solution, feature request: allow rescue key to be disabled thorough configuration
* a command line option + systemd unit drop-in configuration file?
* example systemd unit drop-in configuration: https://github.com/vmonaco/kloak/issues/75#issuecomment-2196543109

== kloak - testing ==
* test kloak
* improve documentation on testing https://www.whonix.org/wiki/Keystroke_Deanonymization#Defense_Testing 
* maybe try to find additional tests (if needed) using perplexity.ai

== kloak - document rescue key ==
* https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak
* document: rescue key
* document: disable rescue key

== kloak - makefile fix ==
* Makefile should check if pkg-config exist because otherwise it fails with libevdev error?

== kloak - verbose log sharing ==
Documentation is currently stating:

<blockquote>Warning: Privacy implications of log sharing are unknown!</blockquote>

Might verbose log reveal the typing fingerprint of the user?

== kloak - mouse click obfuscation ==
* please confirm https://github.com/vmonaco/kloak/issues/51

== kloak - xrdp support ==
* is xrdp support conceivable?
* user reports: when using xrdp, only /dev/input/event0 is there, which does not contain real keystroke.
* This does not seem possible. xrdp is its own X server, logging keystrokes at the X server level is doable but intercepting them does not appear to be doable, see https://www.kicksecure.com/wiki/Progress_Reports?shownotice=1#Investigate_xrdp_support.

== kloak development ==

* instead of this list, does it make more sense to review pull requests, issues and rewrite in python? (Works just fine in C, rewrite not planned at this time)
* strong compile time hardening flags (done)
* goal: perfect string parsing and error handling in case of corner issues, to not break input devices (keyboard, mice) (doesn't appear that much string parsing is done, currently not considered an issue)
* check pull requests, merge if sensible
** Add a header file to make future development easier - https://github.com/vmonaco/kloak/pull/61 (done)
** Chatgpt3 https://github.com/vmonaco/kloak/pull/65 (done)
** update readme  - https://github.com/vmonaco/kloak/pull/70 (specific to vmonaco's version of Kloak, not Whonix's)
** add support for new devices attached after kloak starts (needs cleanup) - https://github.com/vmonaco/kloak/pull/67 (done)
* code review with ChatGPT, claude.ai (done)
* use AddressSanitizer (aka ASan) if doable with reasonable effort and considered useful (done)
* port to C++ if considered useful (rewrite not planned at this time)
* other improvements to increase stability
** strncpy - https://github.com/vmonaco/kloak/issues/66 (done)
* fix compile time warnings if reasonable (probably already resolved by above) https://github.com/vmonaco/kloak/issues/35 (done)
* ARM support, only if doable with reasonable effort - https://github.com/vmonaco/kloak/issues/25 (done)
* fix time related keyboard stops working bug (done)
** https://github.com/vmonaco/kloak/issues/31
** Root cause analysis and potential fixes: https://github.com/vmonaco/kloak/issues/31#issuecomment-2368666686
** https://forums.whonix.org/t/sdwdate-can-cause-system-time-to-jump-backwards-causing-issue-with-kloak/20433
* All relevant issues should be solved by https://github.com/Whonix/kloak/pull/1

= Footnotes =
<references />
{{Footer}}