I.e. one that would record video.
Sound is not needed, but I certainly need to record many screenshots per second.. Many frames per second.
Thanks
There is already a screenshot tool
This would just be multiple screenshots per second.
I don't see why it isn't possible
What is the command name for your screenshot tool...? Can it be run on the command line..?
Because I'd be willing to just write a script to run it multiple times per second, and then view the JPG / PNG images individually
I'd be willing to write that script myself right now and not even integrate it into Qubes or anything... To just do it for myself.
> >
> >> The threat model is pretty similar to Qubes' Trusted PDF feature.
> > Not quite. The PDF processing happens in a throwaway VM, whereas here
> > the video processing as done today happens in dom0.
>
> I was suggesting the compression could be done in an appVM... it should
> be trivial to do so.
>
> The result is supposed to be a sanitized, trusted document. I think this
> is about as realistic for video as it is for PDFs.
>
I was able to do the following, which I believe is more in line with Qubes' philosophy and allows recording of screencasts using *any* software running in an AppVM *and* realtime streaming (desktop sharing - but view only) on teleconferencing software.
Here's the outline of the solution:
- Install and load v4l2loopback on the AppVM you want to record/simulate cam
- Capture the screen on DOM0 using ffmpeg -f x11grab -f rawvideo
- Open a qubes-rpc channel to an AppVM
- Send the stream to /dev/video0 on the AppVM, enconding to the appropriate format.
Basically, the following script on DOM0:
******
#!/usr/bin/sh
qvm-run -p \
--localcmd="/home/matheus/ffmpeg-static/ffmpeg \
-f x11grab -r 15 -s 800x600 -i :0.0+0,0 \
-pix_fmt yuv420p -threads 0 -f rawvideo -" \
untrusted \
"sleep 3 ; /home/user/Downloads/ffmpeg-static/ffmpeg \
-f rawvideo -s:v 800x600 -pix_fmt yuv420p -re -i pipe: \
-f v4l2 /dev/video0"
******
The trickiest points (for me) were to compile and install v4l2loopback as a kernel module on the template-vm (I had unmatching kernel version and headers installed - had to manually download and install the headers to compile it) and discover the combination of ffmpeg that would deliver the correct image.
Ideally, we could "extract" the x11grab code from ffmpeg and write a simpler utility that only grabs the screen and redirects all the output to the RPC channel, removing the need to bring ffmpeg into DOM0.
If that utility were built into a qubes repo I believe that would pretty much eliminate any attack vectors (as DOM0 is only being used as an input source to another AppVM which does the heavywork encoding and streaming the data).
Do you think the same could work for screen sharing - analgous to this here: https://unix.stackexchange.com/questions/152435/sharing-your-desktop-with-google-hangouts-dual-monitor-and-gnome-shell/408532#408532
a.
yup. that's where I'm failing.
https://gist.github.com/daktak/a3a1025cd9e4ce6e31b5209044877570
Got Qubes-OS 4.0 (Fedora 25) ffmpeg installed in dom0. Manually installed the rpms from archives.fedoraproject.org
It's included in the default Debian Stable repository, so just "sudo apt install obs-studio" installs it.
On Fedora you need to enable the rpmfusion-free repository and then just "sudo dnf install obs-studio --enablerepo=rpmfusion-free"
Of course you could also use it in dom0 if you enable rpmfusion in dom0, the risks of that are already mentioned above.