[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFC: Packaging a toolchain for CloudABI, a new architecture/runtime

Hi, I'm seeking input on packaging compiler and binutils support
for CloudABI in Debian. The necessary upstream versions of clang and
binutils are already in Sid, and I have rough patches. However the GNU
triplets ({aarch64,x86_64}-unknown-cloudabi) for CloudABI are
currently unknown by dpkg-architecture.

To keep the initial scope manageable I'm restrict myself to the build
tools. I know I need to go through the A few questions:

1. Are there specific rules/procedures regarding adding an entry to
the ostable & tripletable files used by dpkg-architecture? Or is it
just another patch submission?
2. Should I engage any teams in particular?
3. Are there any comments/questions you'd like to add?

Many thank, Alex


Some context/background for those interested:

# What is CloudABI?

CloudABI is a new POSIX-like runtime environment, based on the
principles behind Capsicum. The security model is capability-based,
with file descriptors as the capability tokens. By default CloudABI
processes can only perform actions that have no global impact e.g.
they cannot open files by path, or create network sockets. A process
is granted additional rights by receiving file descriptors when it is
spawned.

In Capsicum a process first acquires the file descriptors it needs,
then calls cap_enter() to enter 'capability mode'. After this the
process cannot interact with global namespaces. Any call (e.g. open())
that would do so returns ENOTCAPABLE. However the process can continue
to interact (e.g. read(), write(), accept()) with file descriptors it
already holds

In CloudABI there is _only_ capability mode. There are only 58 system
calls and open(path) is not amongst them. Calls to open() that would
be a runtime error with Capsicum, become a build time error under
CloudABI. Processes can still allocate memory, create pipes, socket
pairs, threads, subprocesses etc,

# What is the state of CloudABI?

The project is the work of Ed Schouten (not me) and has been going
just over a year. Ed has written cloudlibc, and built ports of various
software including curl, glib, libressl, lua, and x265. A Python port
is in progress.

Clang 3.7+ and Binutils-2.26 support building/analysing CloudABI
binaries. FreeBSD 10.2 has native support for launching cloudabi
processes, most development has taken place in the FreeBSD ecosystem.
A Linux port is in progress, again by Ed.

libcloudabi and cloudabi-tools exist to make launching cloudabi
processes easier - and to pass them file descriptors in a structured
way.

CloudABI libraries and tools are open source (BSD licensed).

# Where can I find out more?

- Ed Schouten's 32c3 talk (Dec 2015)
  - slides https://events.ccc.de/congress/2015/Fahrplan/system/event_attachments/attachments/000/002/821/original/slides.pdf
  - video https://media.ccc.de/v/32c3-7231-cloudabi
- Ed's introduction email (and follow on discussion)
  https://lists.freebsd.org/pipermail/freebsd-hackers/2015-April/047602.html
- CloudABI homepage https://nuxi.nl/
- Debian build environment instructions https://nuxi.nl/doc/debian/
- The code
  - https://github.com/NuxiNL/cloudlibc
  - https://github.com/NuxiNL/cloudabi-ports
  - https://github.com/NuxiNL/linux (in progress)

-- 
Alex Willmer <alex@moreati.org.uk>
http://twitter.com/moreati
Reply to: