Qubes: Client-side timeouts #446
Comments
This was referenced Jun 14, 2023
Closed
apyrgio
added a commit
that referenced
this issue
Sep 13, 2023
Extend the client-side capabilities of the Qubes isolation provider, by adding client-side timeout logic. This implementation brings the same logic that we used server-side to the client, by taking into account the original file size and the number of pages that the server returns. Since the code does not have the exact same insight as the server has, the calculated timeouts are in two places: 1. The timeout for getting the number of pages. This timeout takes into account: * the disposable qube startup time, and * the time it takes to convert a file type to PDF 2. The total timeout for converting the PDF into pixels, in the same way that we do it on the server-side. Besides these changes, we also ensure that partial reads (e.g., due to EOF) are detected (see exact=... argument) Some things that are not resolved in this commit are: * We have both client-side and server-side timeouts for the first phase of the conversion. Once containers can stream data back to the application (see #443), these server-side timeouts can be removed. * We do not show a proper error message when a timeout occurs. This will be part of the error handling PR (see #430) Fixes #446 Refs #443 Refs #430
apyrgio
added a commit
that referenced
this issue
Sep 20, 2023
Extend the client-side capabilities of the Qubes isolation provider, by adding client-side timeout logic. This implementation brings the same logic that we used server-side to the client, by taking into account the original file size and the number of pages that the server returns. Since the code does not have the exact same insight as the server has, the calculated timeouts are in two places: 1. The timeout for getting the number of pages. This timeout takes into account: * the disposable qube startup time, and * the time it takes to convert a file type to PDF 2. The total timeout for converting the PDF into pixels, in the same way that we do it on the server-side. Besides these changes, we also ensure that partial reads (e.g., due to EOF) are detected (see exact=... argument) Some things that are not resolved in this commit are: * We have both client-side and server-side timeouts for the first phase of the conversion. Once containers can stream data back to the application (see #443), these server-side timeouts can be removed. * We do not show a proper error message when a timeout occurs. This will be part of the error handling PR (see #430) Fixes #446 Refs #443 Refs #430
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Timeouts are currently implemented within the conversion sandbox, since this is where we know the number of pages in a document (see #327). For edge cases, we allow users to disable timeouts, by passing an environment variable to the container.
In Qubes, this is not as easy, for two reasons:
A better way forward is to implement client timeouts. Due to the streaming nature of conversion in Qubes (see https://github.com/freedomofpress/dangerzone/wiki/Qubes-OS-Integration#wip-binary-protocol), we can find out the number of pages early in the conversion process, and the size of the document and each page as well. So, we can use our
calculate_timeout()method on the client-side, and stop the disposable qube when it exceeds a timeout.Note:
The text was updated successfully, but these errors were encountered: