From e3a80653b17140c00394f36f79c7c6a2858e2c9e Mon Sep 17 00:00:00 2001 From: Karchnu Date: Sun, 3 May 2020 17:57:07 +0200 Subject: [PATCH] After review of the whole baguetteos page. --- content/baguette/index.md | 80 +++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/content/baguette/index.md b/content/baguette/index.md index 78f3c8b..e46d487 100644 --- a/content/baguette/index.md +++ b/content/baguette/index.md @@ -631,10 +631,10 @@ To overcome drawbacks of having simplistic tools, sys-admins developed all kind LXC is *kinda* reasonable, and may be useful in some cases, but it provides no simple way of configuring our services. - **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity*
These programs make the administration simple for sys-admins: no need to configure thoroughly users, groups, etc. - Everyone is root and handle its administration as (s)he wants. - They also helps big companies to have a large computing capacity paying for itself since they rent it when not needed. - At no point Qemu or Xen are helping you getting your services up and running, and [they are not made for security][cveqemu]. - Yes, running broken programs within Qemu still is better than not. + Everyone is root and handles its administration as (s)he wants. + Qemu and alike also help big companies to have a large computing capacity which they can rent when they don't need it. + At no point Qemu or Xen help getting your services up and running, and [they are not made for security][cveqemu]. + Yes, running broken programs may be better within Qemu than on plain non security-oriented OS. But. This is still way less efficient than fixing the application. Running applications as simple users, compiling them with sane default options ([RETGUARD][retguard] for example) and providing a few syscalls (like [pledge][pledge] and [unveil][unveil]) to catch errors and most security holes is simple nowadays, let's use that.
@@ -714,14 +714,13 @@ $ service add wordpress domain=example.com $ service start wordpress ``` -TODO And that's it. 1. Services have tokens. 2. Tokens are used by default. 3. BaguetteOS provides **default** services for each token. 4. If a service is added and its dependencies aren't satisfied, we add other services. 5. (Bonus) If a service isn't installed, we ask nicely if the user wants to install it.
- This is in discussion. + *(This is in discussion.)* Here are a few functionalities `service` brings. @@ -1044,14 +1043,14 @@ end That's easy to write [even in plain C](https://git.baguette.netlib.re/Baguette/libipc/src/branch/master/examples/pongd.c). -LibIPC explanation goes beyond the scope of this page… and may even deserve a whole website of its own but the tool is awesome and performances are crazy (we have to tell the world!). +LibIPC explanation goes beyond the scope of this page… and may even deserve a whole website on its own but the tool is awesome and performances are crazy (we have to tell the world!). [Just go and check!][libipc] Explain remote communications. -Remote remote communications are transparent. +Remote communications are transparent. - clients and services do not need remote communication - any client can join remote services via any communication protocol -- any service is implicitly accessible from anywhere, anyhow +- any service is implicitly accessible from anywhere, with any protocol [Back to top](#top) @@ -1068,7 +1067,7 @@ Remote remote communications are transparent. ### [Webhooksd][webhooksd]: verify recipes. Webhooksd provides an automatic verification of the recipes, based on new application or library version. -Paired with a build system, new recipes received in the repository create packages for a couple of architectures (x86_64, ARM, others will follow). +Paired with a build system, new recipes received in the repository create packages for a couple of architectures (x86\_64, ARM, others will follow). [Back to top](#top) @@ -1088,14 +1087,14 @@ So, we need a language for both administration dashboard and online services, he - useful compilation errors - no runtime error - Elm - - as Purescript but with way fewer documentation (but reading the code is sometimes enough here) + - as Purescript but with way less documentation (but reading the code is sometimes enough here) - less generic code (functions such as `fold` and `map` have hardcoded type), which feels a bit hacky - still very young - WASM - seems to be a very young tech, with no real good language or documentation - Zig has wasm as a Tier 1 support, we should investigate - - Let's rewrite things... QML was the way all along +And we should implement a generic framework, QML was the way all along (but without all the historic tooling and **without C++** it would be awesome!). # 4. Slotting: providing software the right way @@ -1107,13 +1106,14 @@ Maintainers' job is to verify that all programs have the right library versions ### Current set of problems - What happens when two programs need a different version of a library?
- The installation of both may no be possible. - See python from version 2 to 3 as an example: developers knew it will break OSs. - So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/`. + The installation of both may not be possible without workarounds. + See python from version 2 to 3 as an example. + To make it work, OSs have given new names for their binaries (`python-2.7` and `python-3.5` for example). + Libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.5/`. This is mostly done for languages, but what about other packaged applications and libraries? - What happens when two libraries are compatible but you want both on your system (see libressl and openssl)?
One of them could be provided in another path, such as `/usr/lib/libressl`. -- What happens when you want to provide a **very** long term support for your users? +- What happens when you want to provide a **very** long-term support for your users? *see companies running decade-old OSs and databases* BaguetteOS has a simple and safe way to let users and maintainers provide packages: `slotting`. @@ -1122,11 +1122,11 @@ BaguetteOS has a simple and safe way to let users and maintainers provide packag Slotting is a way to use prefixes (paths, directories) to separate execution environments: a program **A**, requiring libraries **B and C** can be installed this way: ```sh -/usr/slot-A/bin/A -/usr/slot-A/lib/B -/usr/slot-A/lib/C +/usr/awesome-slot/bin/A +/usr/awesome-slot/lib/B +/usr/awesome-slot/lib/C ``` -In this example, the `slot` is named **slot-A**, providing an execution environment for A no matter the OS version of *B* and *C*. +In this example, the `slot` is named **awesome-slot**, providing an execution environment for A no matter the OS version of *B* and *C*. **Without slotting** *basically, your life sucks*
@@ -1142,23 +1142,23 @@ This newly installed program will be in `/usr/bin`, as every other program. **With slotting** *your're awesome*
With slotting, the program will be in `/usr/`my-overly-awesome-game`/bin`. -1. What if requires libraries?
- These libraries will be installed in your base system so any of your non-official slot can use them. -2. What if the required libraries aren't available in the official BaguetteOS repository?
+1. What if the game requires libraries?
+ If these libraries are available in the `BaguetteOS` repository, they will be installed in your base system. +2. What if the game requires libraries that aren't available in the official `BaguetteOS` repository?
Either the game slot provides them, or they are in another slot. - In both cases the base system won't change a bit. + In both cases the base system won't change. -Official OS packages are installed in the slot named `baguette` (`/usr/baguette/`), for non-essential programs. +Besides essential programs such as `coreutils` which are in `/bin` and `/sbin`, all official OS packages are installed in the slot named `baguette` (`/usr/baguette/`). Any non-official package is in another slot. Wanna support Python 2.7 **for life**? Just maintain a `python-2.7` slot and tell the world! -If BaguetteOS do not provide required libraries for the continuous support of your application, just add them in your slot. +If BaguetteOS does not provide the libraries required for the continuous support of your application, just add them in your slot. -**This is nothing new, however not used directly in OSs, and still maybe the best way to handle the problem.** +**Slotting is nothing new, however it is usually not used directly in OSs, whereas it may be the best way to handle the problem.** -### Why not use X? +### Why not use *X*? Others are doing slotting too: snap, flatpak, cpanm, pip, go, stack, cabal... *the list seems endless*
They all use slotting... *but*. @@ -1195,38 +1195,38 @@ You will have bleeding-edge technologies and bugs. You're welcome! **Applications and libraries provided by BaguetteOS.**
For all official OS versions of the applications and libraries, `BaguetteOS` will provide them in `/usr/baguette`, the `baguette` slot. In case several versions of a library are provided, they will be slotted. -For example, `LLVM` is provided in several versions (`llvm8`, `llvm9`, etc.), only the most recent is in `baguette`. +For example, `LLVM` is provided in several versions (8, 9 and 10), only the most recent is in `baguette`. ```zsh $ ls /usr /usr/baguette -/usr/llvm8 -/usr/llvm9 -... +/usr/llvm-8 +/usr/llvm-9 ``` **Applications and libraries provided by third parties.**
-`BaguetteOS` allows people providing their applications and libraries easily by creating repositories, but you have to slot them. -For example, if you want to provide a specific `nodejs` version, please use the following convention: +`BaguetteOS` allows third parties to provide their applications and libraries easily by creating repositories, but they have to be slotted. +For example, to provide a specific `nodejs` version, the following convention must be used: ```zsh /usr/$application-$version/ ``` -### How use and change slots used +### How to use slots and install new repositories **Use a slot.**
`BaguetteOS` comes with a `/etc/profile` script, adding the functions `prefix_add` and `prefix_del` to your shell. -So, if you want to use an application in the slot `my-awesome-app`: + +For example, if you want to use an application in the slot `my-awesome-app`, type: ```sh $ prefix_add my-awesome-app ``` -Your `$PATH` is then changed, allowing you to run applications in `/usr/my-awesome-app`: +This will change your `$PATH`, allowing you to run applications in `/usr/my-awesome-app`: ```sh $ echo $PATH -/bin:/usr/bin:/usr/local/bin:/usr/my-awesome-app/bin +/bin:/usr/baguette/bin:/usr/local/bin:/usr/my-awesome-app/bin ``` **Install a new repository.**
@@ -1241,7 +1241,7 @@ https://repos.baguette.netlib.re/$arch/ https://repos.my-awesome-app.com/$arch/ ``` -Then you can update your list of packages and install your application: +You can then update your list of packages and install your application: ```zsh # package update @@ -1253,7 +1253,7 @@ That's all folks! # 5. Roadmap -We currently aim at providing a rootfs with our tools, when we will have enough spare time to contribute. +We currently aim at providing a rootfs with our tools, when we will have enough spare time. **Web interface is for later**: we need more time to design its graphical components. On the other hand, back-end should be straightforward.