Add Qubes OS isolation provider #414

apyrgio · 2023-05-15T13:46:40Z

Add an isolation provider for Qubes OS. Currently, we have two isolation providers:

Container: This is our main isolation provider, which is used in every platform. Depending on the platform type, it uses Docker or Podman.
Dummy: This isolation provider is used in some of our tests, e.g., in Windows/MacOS platforms.

The Qubes OS isolation provider should handle the first and second stages of the conversion:

Specify a Qubes RPC policy that will allow running a Qubes RPC service on a disposable VM.
Spawn a disposable VM for the first stage of the conversion, and specify the Qubes service that will run.
Send the file to the disposable VM in the same way that the TrustedPDF sends the file.
Receive the pixels from the disposable VM in a secure fashion.
Convert the pixels to PDF, without OCR or compression.

apyrgio added enhancement New feature or request P:Qubes QubesOS integration labels May 15, 2023

apyrgio mentioned this issue May 15, 2023

Qubes: Packaging #415

Closed

apyrgio changed the title ~~Add QubesOS isolation provider~~ Add Qubes OS isolation provider May 15, 2023

deeplow mentioned this issue Jun 14, 2023

Qubes Integration Proof of Concept #437

Merged

apyrgio mentioned this issue Jun 7, 2023

Qubes: Alpha integration #411

Closed

apyrgio added this to the 0.5.0 milestone Jun 14, 2023

apyrgio mentioned this issue Jun 14, 2023

Qubes: RPM Packaging #431

Closed

apyrgio closed this as completed in baeab9d Jun 21, 2023

apyrgio modified the milestones: 0.5.0, 0.4.2 Aug 23, 2023

Provide feedback