Port select C components to Rust

[DemiMarie]

Qubes OS version (if applicable)

R4.1 most likely

Affected component(s) or functionality (if applicable)

Many; this is a cross-cutting concern

Brief summary

While I believe that most of Qubes OS’s custom code is written in Python, a substantial amount is still written in C. C is known to be a very poor choice for security, so the amount of C code is kept to a minimum.

However, there is another option nowadays: Rust. Rust combines the performance of C with the safety of a managed language. Furthermore, it can call almost any C function, and can also export functions that can be called from C. Finally, Rust’s lack of a managed runtime means that it can export a pure-C interface, without any special considerations with respect to initialization, threading, or memory management.

Additional context

#1495 is due to icon handling being done in Python, as doing it in C would be too risky. If the icon handling was done in Rust instead, it could be done inside the GUI daemon without risking system compromise. This would fix the bug. #4335 is due to the difficulty of using complex data structures in C. A Rust implementation would use the awesome data structure implementations in the standard library.

Relevant documentation you've consulted

Related, non-duplicate issues

#1495
#4335

[andrewdavidwong]

R4.1 most likely

I'm sort of skeptical of this, but I'll take your word for it.

[marmarek]

I'm sort of skeptical of this

You're rightly skeptical here. I'm moving to 4.2, but this is really something that can easily spread across several releases.

[ygrek]

I will just mention that there are other alternatives in between C and Python that can be considered : OCaml (here is a motivating story https://roscidus.com/blog/blog/2014/06/06/python-to-ocaml-retrospective/ ) and D language (basically better C with richer data structures, stronger typing, optional GC, much easier learning curve than Rust)