Baguette
/
website
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

After review of the whole baguetteos page.

master
Karchnu 2020-05-03 17:57:07 +02:00
parent 7674e071a7
commit e3a80653b1
1 changed files with 40 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
content/baguette/index.md
View File

@ -631,10 +631,10 @@ To overcome drawbacks of having simplistic tools, sys-admins developed all kind
LXC is *kinda* reasonable, and may be useful in some cases, but it provides no simple way of configuring our services. LXC is *kinda* reasonable, and may be useful in some cases, but it provides no simple way of configuring our services.
- **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity*<br /> - **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity*<br />
These programs make the administration simple for sys-admins: no need to configure thoroughly users, groups, etc. These programs make the administration simple for sys-admins: no need to configure thoroughly users, groups, etc.
Everyone is root and handle its administration as (s)he wants. Everyone is root and handles its administration as (s)he wants.
They also helps big companies to have a large computing capacity paying for itself since they rent it when not needed. Qemu and alike also help big companies to have a large computing capacity which they can rent when they don't need it.
At no point Qemu or Xen are helping you getting your services up and running, and [they are not made for security][cveqemu]. At no point Qemu or Xen help getting your services up and running, and [they are not made for security][cveqemu].
Yes, running broken programs within Qemu still is better than not. Yes, running broken programs may be better within Qemu than on plain non security-oriented OS.
But. But.
This is still <u>way less efficient than fixing the application</u>. This is still <u>way less efficient than fixing the application</u>.
Running applications as simple users, compiling them with sane default options ([RETGUARD][retguard] for example) and providing a few syscalls (like [pledge][pledge] and [unveil][unveil]) to catch errors and most security holes is simple nowadays, let's use that.<br /> Running applications as simple users, compiling them with sane default options ([RETGUARD][retguard] for example) and providing a few syscalls (like [pledge][pledge] and [unveil][unveil]) to catch errors and most security holes is simple nowadays, let's use that.<br />
@ -714,14 +714,13 @@ $ service add wordpress domain=example.com
$ service start wordpress $ service start wordpress
``` ```
<red>TODO</red>
And <u>that's it</u>. And <u>that's it</u>.
1. Services have tokens. 1. Services have tokens.
2. Tokens are used by default. 2. Tokens are used by default.
3. BaguetteOS provides **default** services for each token. 3. BaguetteOS provides **default** services for each token.
4. If a service is added and its dependencies aren't satisfied, we add other services. 4. If a service is added and its dependencies aren't satisfied, we add other services.
5. (Bonus) If a service isn't installed, we ask nicely if the user wants to install it.<br /> 5. (Bonus) If a service isn't installed, we ask nicely if the user wants to install it.<br />
This is in discussion. *(This is in discussion.)*
Here are a few functionalities `service` brings. Here are a few functionalities `service` brings.
@ -1044,14 +1043,14 @@ end
That's easy to write [even in plain C](https://git.baguette.netlib.re/Baguette/libipc/src/branch/master/examples/pongd.c). That's easy to write [even in plain C](https://git.baguette.netlib.re/Baguette/libipc/src/branch/master/examples/pongd.c).
LibIPC explanation goes beyond the scope of this page… <red>and may even deserve a whole website of its own</red> but the tool is awesome and performances are crazy (we have to tell the world!). LibIPC explanation goes beyond the scope of this page… <red>and may even deserve a whole website on its own</red> but the tool is awesome and performances are crazy (we have to tell the world!).
[Just go and check!][libipc] [Just go and check!][libipc]
<red>Explain remote communications.</red> <red>Explain remote communications.</red>
Remote remote communications are transparent. Remote communications are transparent.
- clients and services do not need remote communication - clients and services do not need remote communication
- any client can join remote services via any communication protocol - any client can join remote services via any communication protocol
- any service is implicitly accessible from anywhere, anyhow - any service is implicitly accessible from anywhere, with any protocol
[Back to top](#top) [Back to top](#top)
@ -1068,7 +1067,7 @@ Remote remote communications are transparent.
### [Webhooksd][webhooksd]: verify recipes. ### [Webhooksd][webhooksd]: verify recipes.
Webhooksd provides an automatic verification of the recipes, based on new application or library version. Webhooksd provides an automatic verification of the recipes, based on new application or library version.
Paired with a build system, new recipes received in the repository create packages for a couple of architectures (x86_64, ARM, others will follow). Paired with a build system, new recipes received in the repository create packages for a couple of architectures (x86\_64, ARM, others will follow).
[Back to top](#top) [Back to top](#top)
@ -1088,14 +1087,14 @@ So, we need a language for both administration dashboard and online services, he
- useful compilation errors - useful compilation errors
- no runtime error - no runtime error
- Elm - Elm
- as Purescript but with way fewer documentation (but reading the code is sometimes enough here) - as Purescript but with way less documentation (but reading the code is sometimes enough here)
- less generic code (functions such as `fold` and `map` have hardcoded type), which feels a bit hacky - less generic code (functions such as `fold` and `map` have hardcoded type), which feels a bit hacky
- still very young - still very young
- WASM - WASM
- seems to be a very young tech, with no real good language or documentation - seems to be a very young tech, with no real good language or documentation
- Zig has wasm as a Tier 1 support, we should investigate - Zig has wasm as a Tier 1 support, we should investigate
- Let's rewrite things... QML was the way all along And we should implement a generic framework, QML was the way all along (but without all the historic tooling and **without C++** it would be awesome!).
<a name="slotting"></a> <a name="slotting"></a>
# 4. Slotting: providing software the right way # 4. Slotting: providing software the right way
@ -1107,13 +1106,14 @@ Maintainers' job is to verify that all programs have the right library versions
### Current set of problems ### Current set of problems
- What happens when two programs need a different version of a library?<br /> - What happens when two programs need a different version of a library?<br />
The installation of both may no be possible. The installation of both may not be possible without workarounds.
See python from version 2 to 3 as an example: developers knew it will break OSs. See python from version 2 to 3 as an example.
So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/`. To make it work, OSs have given new names for their binaries (`python-2.7` and `python-3.5` for example).
Libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.5/`.
This is mostly done for languages, but what about other packaged applications and libraries? This is mostly done for languages, but what about other packaged applications and libraries?
- What happens when two libraries are compatible but you want both on your system (see libressl and openssl)?<br /> - What happens when two libraries are compatible but you want both on your system (see libressl and openssl)?<br />
One of them could be provided in another path, such as `/usr/lib/libressl`. One of them could be provided in another path, such as `/usr/lib/libressl`.
- What happens when you want to provide a **very** long term support for your users? - What happens when you want to provide a **very** long-term support for your users?
*see companies running decade-old OSs and databases* *see companies running decade-old OSs and databases*
BaguetteOS has a simple and safe way to let users and maintainers provide packages: `slotting`. BaguetteOS has a simple and safe way to let users and maintainers provide packages: `slotting`.
@ -1122,11 +1122,11 @@ BaguetteOS has a simple and safe way to let users and maintainers provide packag
Slotting is a way to use prefixes (paths, directories) to separate execution environments: a program **A**, requiring libraries **B and C** can be installed this way: Slotting is a way to use prefixes (paths, directories) to separate execution environments: a program **A**, requiring libraries **B and C** can be installed this way:
```sh ```sh
/usr/slot-A/bin/A /usr/awesome-slot/bin/A
/usr/slot-A/lib/B /usr/awesome-slot/lib/B
/usr/slot-A/lib/C /usr/awesome-slot/lib/C
``` ```
In this example, the `slot` is named **slot-A**, providing an execution environment for A <u>no matter</u> the OS version of *B* and *C*. In this example, the `slot` is named **awesome-slot**, providing an execution environment for A <u>no matter</u> the OS version of *B* and *C*.
**Without slotting** <side-note>*basically, your life sucks*</side-note><br /> **Without slotting** <side-note>*basically, your life sucks*</side-note><br />
@ -1142,23 +1142,23 @@ This newly installed program will be in `/usr/bin`, as every other program.
**With slotting** <side-note>*your're awesome*</side-note><br /> **With slotting** <side-note>*your're awesome*</side-note><br />
With slotting, the program will be in `/usr/`<blue>my-overly-awesome-game</blue>`/bin`. With slotting, the program will be in `/usr/`<blue>my-overly-awesome-game</blue>`/bin`.
1. What if requires libraries?<br /> 1. What if the game requires libraries?<br />
These libraries will be installed in your base system so any of your non-official slot can use them. If these libraries are available in the `BaguetteOS` repository, they will be installed in your base system.
2. What if the required libraries aren't available in the official BaguetteOS repository?<br /> 2. What if the game requires libraries that aren't available in the official `BaguetteOS` repository?<br />
Either the game slot provides them, or they are in another slot. Either the game slot provides them, or they are in another slot.
In <u>both cases</u> the base system won't change a bit. In <u>both cases</u> the base system won't change.
Official OS packages are installed in the slot named `baguette` (`/usr/baguette/`), for non-essential programs. Besides essential programs such as `coreutils` which are in `/bin` and `/sbin`, all official OS packages are installed in the slot named `baguette` (`/usr/baguette/`).
Any non-official package is in another slot. Any non-official package is in another slot.
Wanna support Python 2.7 **for life**? Wanna support Python 2.7 **for life**?
Just maintain a `python-2.7` slot and tell the world! Just maintain a `python-2.7` slot and tell the world!
If BaguetteOS do not provide required libraries for the continuous support of your application, just add them in your slot. If BaguetteOS does not provide the libraries required for the continuous support of your application, just add them in your slot.
**This is nothing new, however not used directly in OSs, and still maybe the best way to handle the problem.** **Slotting is nothing new, however it is usually not used directly in OSs, whereas it may be the best way to handle the problem.**
### Why not use X? ### Why not use *X*?
Others are doing slotting too: snap, flatpak, cpanm, pip, go, stack, cabal... <side-note>*the list seems endless*</side-note><br /> Others are doing slotting too: snap, flatpak, cpanm, pip, go, stack, cabal... <side-note>*the list seems endless*</side-note><br />
They all use slotting... *but*. They all use slotting... *but*.
@ -1195,38 +1195,38 @@ You will have bleeding-edge technologies and bugs. You're welcome!
**Applications and libraries provided by BaguetteOS.**<br /> **Applications and libraries provided by BaguetteOS.**<br />
For all official OS versions of the applications and libraries, `BaguetteOS` will provide them in `/usr/baguette`, the `baguette` slot. For all official OS versions of the applications and libraries, `BaguetteOS` will provide them in `/usr/baguette`, the `baguette` slot.
In case several versions of a library are provided, they will be slotted. In case several versions of a library are provided, they will be slotted.
For example, `LLVM` is provided in several versions (`llvm8`, `llvm9`, etc.), only the most recent is in `baguette`. For example, `LLVM` is provided in several versions (8, 9 and 10), only the most recent is in `baguette`.
```zsh ```zsh
$ ls /usr $ ls /usr
/usr/baguette /usr/baguette
/usr/llvm8 /usr/llvm-8
/usr/llvm9 /usr/llvm-9
...
``` ```
**Applications and libraries provided by third parties.**<br /> **Applications and libraries provided by third parties.**<br />
`BaguetteOS` allows people providing their applications and libraries easily by creating repositories, but you have to slot them. `BaguetteOS` allows third parties to provide their applications and libraries easily by creating repositories, but they have to be slotted.
For example, if you want to provide a specific `nodejs` version, please use the following convention: For example, to provide a specific `nodejs` version, the following convention must be used:
```zsh ```zsh
/usr/$application-$version/ /usr/$application-$version/
``` ```
### How use and change slots used ### How to use slots and install new repositories
**Use a slot.**<br /> **Use a slot.**<br />
`BaguetteOS` comes with a `/etc/profile` script, adding the functions `prefix_add` and `prefix_del` to your shell. `BaguetteOS` comes with a `/etc/profile` script, adding the functions `prefix_add` and `prefix_del` to your shell.
So, if you want to use an application in the slot `my-awesome-app`:
For example, if you want to use an application in the slot `my-awesome-app`, type:
```sh ```sh
$ prefix_add my-awesome-app $ prefix_add my-awesome-app
``` ```
Your `$PATH` is then changed, allowing you to run applications in `/usr/my-awesome-app`: This will change your `$PATH`, allowing you to run applications in `/usr/my-awesome-app`:
```sh ```sh
$ echo $PATH $ echo $PATH
/bin:/usr/bin:/usr/local/bin:/usr/my-awesome-app/bin /bin:/usr/baguette/bin:/usr/local/bin:/usr/my-awesome-app/bin
``` ```
**Install a new repository.**<br /> **Install a new repository.**<br />
@ -1241,7 +1241,7 @@ https://repos.baguette.netlib.re/$arch/
https://repos.my-awesome-app.com/$arch/ https://repos.my-awesome-app.com/$arch/
``` ```
Then you can update your list of packages and install your application: You can then update your list of packages and install your application:
```zsh ```zsh
# package update # package update
@ -1253,7 +1253,7 @@ That's all folks!
<a name="roadmap"></a> <a name="roadmap"></a>
# 5. Roadmap # 5. Roadmap
We currently aim at providing a rootfs with our tools, when we will have enough spare time to contribute. We currently aim at providing a rootfs with our tools, when we will have enough spare time.
**Web interface is for later**: we need more time to design its graphical components. **Web interface is for later**: we need more time to design its graphical components.
On the other hand, back-end should be straightforward. On the other hand, back-end should be straightforward.