Spectrum Development
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
October 2022
- 3 participants
- 7 discussions
IMPORTANT NOTE: this series should be applied on top of v2 of my
previous series "Introduce a shared base for application VMs" [1].
I'm much happier with v2 of that series, but I only posted it
yesterday so I still want to leave a little more opportunity for
comment before applying it.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20221009114036.463071…
This series contains the final big chunk of work I had left to do on
Spectrum's original NLnet grant. It adds support for managing
Spectrum VMs from the Spectrum system itself using Nix. Nix is
optional, and can co-exist with VMs provided in some other way. More
information is included in the new documentation. Most of this work
was done earlier this year, but I got stuck on some implementation
details that prevented me from getting over the last hurdle until I
came up with a solution. That's explained in more detail in patch 15.
Patches 1–10 add support for configuring VMs with read/write access to
host directories using virtiofs. Then, in patches 11–14, come various
changes that make the default user data partition more suitable as a
mutable filesystem, which we haven't actually used it for before. And
then the remaining patches actually implement support for a VM that
can run Nix and easily build VMs that are available on the host.
Alyssa Ross (22):
host/start-vm: use MAP_SHARED memory for VMs
host/start-vm: implement shared directories
host/rootfs: generate virtiofsd services
Documentation: explain VM shared directories
vm-lib/make-vm.nix: support shared directories
img/app: add support for testing virtiofs
img/app: don't block app startup on network online
img/app: auto-mount virtiofs0 filesystem
vm/app/mg.nix: init
vm/app/mg.nix: open virtio filesystem in dired
host/rootfs: move ext mounting to s6-rc service
host/rootfs: automatically grow user partition
host/rootfs: use a bigger test ext partition
host/initramfs/extfs.nix: tar2ext4 -> mkfs.ext4 -d
host/start-vm: resolve VM symlinks with /ext root
host/rootfs: resolve VM symlinks with /ext root
Documentation: explain /ext symlink resolution
host/start-vm: increase memory size to 512M
vm/app/nix: add
vm-lib/make-vms.nix: add
host/initramfs/extfs.nix: add example Nix-built VM
Documentation: add how-to guide for Nix-built VMs
.gitignore | 5 +-
Documentation/_sass/custom/custom.scss | 22 ++++++
Documentation/creating-vms.adoc | 12 ++-
Documentation/nix-vms.adoc | 22 ++++++
host/initramfs/extfs.nix | 29 +++++--
host/rootfs/Makefile | 13 +++-
host/rootfs/default.nix | 16 +++-
host/rootfs/etc/mdev/block/add | 1 -
host/rootfs/etc/s6-rc/ext-rc-init/up | 19 ++++-
host/rootfs/etc/s6-rc/ext/up | 5 +-
host/rootfs/etc/template/fs/notification-fd | 1 +
.../etc/template/fs/notification-fd.license | 2 +
host/rootfs/etc/template/fs/run | 11 +++
host/rootfs/etc/template/fs/type | 1 +
host/rootfs/etc/template/fs/type.license | 2 +
host/start-vm/fs.c | 17 +++++
host/start-vm/fs.rs | 68 +++++++++++++++++
host/start-vm/lib.rs | 54 ++++++++++---
host/start-vm/meson.build | 2 +-
host/start-vm/start-vm.rs | 15 ++--
host/start-vm/tests/meson.build | 4 +
host/start-vm/tests/vm_command-basic.rs | 6 +-
.../tests/vm_command-config-symlink.rs | 30 ++++++++
host/start-vm/tests/vm_command-shared-dir.rs | 43 +++++++++++
img/app/Makefile | 24 +++++-
img/app/etc/mdev.conf | 3 +-
img/app/etc/mdev/iface | 4 +-
img/app/etc/mdev/listen | 12 +++
img/app/etc/mdev/virtiofs | 10 +++
img/app/etc/mdev/wait | 15 ++++
img/app/etc/s6-rc/ok-all/contents | 1 +
img/app/shell.nix | 6 +-
tools/resolve_in_root/default.nix | 23 ++++++
tools/resolve_in_root/meson.build | 10 +++
tools/resolve_in_root/resolve_in_root.c | 76 +++++++++++++++++++
tools/resolve_in_root/test.sh | 11 +++
vm-lib/make-vm.nix | 20 ++++-
vm-lib/make-vms.nix | 19 +++++
vm/app/catgirl.nix | 1 +
vm/app/lynx.nix | 1 +
vm/app/{lynx.nix => mg.nix} | 10 ++-
vm/app/nix/bin/vm-rebuild | 25 ++++++
vm/app/nix/default.nix | 43 +++++++++++
vm/app/nix/example.nix | 13 ++++
44 files changed, 673 insertions(+), 54 deletions(-)
create mode 100644 Documentation/_sass/custom/custom.scss
create mode 100644 Documentation/nix-vms.adoc
create mode 100644 host/rootfs/etc/template/fs/notification-fd
create mode 100644 host/rootfs/etc/template/fs/notification-fd.license
create mode 100755 host/rootfs/etc/template/fs/run
create mode 100644 host/rootfs/etc/template/fs/type
create mode 100644 host/rootfs/etc/template/fs/type.license
create mode 100644 host/start-vm/fs.c
create mode 100644 host/start-vm/fs.rs
create mode 100644 host/start-vm/tests/vm_command-config-symlink.rs
create mode 100644 host/start-vm/tests/vm_command-shared-dir.rs
create mode 100755 img/app/etc/mdev/listen
create mode 100755 img/app/etc/mdev/virtiofs
create mode 100755 img/app/etc/mdev/wait
create mode 100644 tools/resolve_in_root/default.nix
create mode 100644 tools/resolve_in_root/meson.build
create mode 100644 tools/resolve_in_root/resolve_in_root.c
create mode 100755 tools/resolve_in_root/test.sh
create mode 100644 vm-lib/make-vms.nix
copy vm/app/{lynx.nix => mg.nix} (52%)
create mode 100755 vm/app/nix/bin/vm-rebuild
create mode 100644 vm/app/nix/default.nix
create mode 100644 vm/app/nix/example.nix
--
2.37.1
2
44
* ADRs based on discussions with Alyssa
* A note on ADRs to architecture.adoc
Signed-off-by: Ville Ilvonen <ville.ilvonen(a)unikie.com>
---
Documentation/architecture.adoc | 13 ++++++++++
...architecture-decision-record-template.adoc | 13 ++++++++++
.../decisions/001-host-update-mechanism.adoc | 19 ++++++++++++++
.../decisions/002-install-options.adoc | 18 +++++++++++++
Documentation/decisions/003-partitioning.adoc | 25 +++++++++++++++++++
.../004-data-at-rest-encryption.adoc | 16 ++++++++++++
.../005-virtual-machine-manager.adoc | 24 ++++++++++++++++++
.../decisions/006-drivers-on-host.adoc | 17 +++++++++++++
.../decisions/007-USB-virtual-machine.adoc | 14 +++++++++++
...008-Inter-VM-communication-mechanisms.adoc | 18 +++++++++++++
10 files changed, 177 insertions(+)
create mode 100644 Documentation/decisions/000-lightweight-architecture-decision-record-template.adoc
create mode 100644 Documentation/decisions/001-host-update-mechanism.adoc
create mode 100644 Documentation/decisions/002-install-options.adoc
create mode 100644 Documentation/decisions/003-partitioning.adoc
create mode 100644 Documentation/decisions/004-data-at-rest-encryption.adoc
create mode 100644 Documentation/decisions/005-virtual-machine-manager.adoc
create mode 100644 Documentation/decisions/006-drivers-on-host.adoc
create mode 100644 Documentation/decisions/007-USB-virtual-machine.adoc
create mode 100644 Documentation/decisions/008-Inter-VM-communication-mechanisms.adoc
diff --git a/Documentation/architecture.adoc b/Documentation/architecture.adoc
index 157907f..185740c 100644
--- a/Documentation/architecture.adoc
+++ b/Documentation/architecture.adoc
@@ -20,6 +20,19 @@ devices and provides network services to application VMs). Refer to
xref:creating-vms.adoc[Creating VMs] and xref:running-vms.adoc[Running
VMs] for more information about using VMs in Spectrum.
+== Architecture Decision Record (ADR)
+
+https://adr.github.io/[Architecturally significant decisions] are
+recorded as https://github.com/joelparkerhenderson/architecture-decision-record/blob/ma… ADRs]
+
+Status of Spectrum OS ADRs:
+Accepted - Implemented and likely not to change.
+Proposed - Designed and possibly partially implmented. May change.
+Other - Not yet in use.
+
+Comments and contributions to ADRs are welcome. ADRs can be found at
+Documentation/decisions
+
== The Spectrum host system
Compartmentalization is implemented using
diff --git a/Documentation/decisions/000-lightweight-architecture-decision-record-template.adoc b/Documentation/decisions/000-lightweight-architecture-decision-record-template.adoc
new file mode 100644
index 0000000..087ec44
--- /dev/null
+++ b/Documentation/decisions/000-lightweight-architecture-decision-record-template.adoc
@@ -0,0 +1,13 @@
+# Title
+
+## Status
+What is the status, such as proposed, accepted, rejected, deprecated, superseded, etc.?
+
+## Context
+What is the issue that we're seeing that is motivating this decision or change?
+
+## Decision
+What is the change that we're proposing and/or doing?
+
+## Consequences
+What becomes easier or more difficult to do because of this change?
diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc
new file mode 100644
index 0000000..03bbae2
--- /dev/null
+++ b/Documentation/decisions/001-host-update-mechanism.adoc
@@ -0,0 +1,19 @@
+# Host update mechanism
+
+## Status
+Proposed
+
+## Context
+Spectrum OS has no implementation for software update. The host - consisting of
+Linux kernel, KVM, cloud-hypervisor and minimal user space tools - software
+updates are required to support feature development and security fixes.
+
+## Decision
+A-B partitioning created by Spectrum installer Installer sets up the system on
+partition A of the block device A-B update scheme where user (or installer)
+writes the update image to partition B Bootloader provides four boot options:
+A, A mutable, B, B mutable
+
+## Consequences
+Default boot selection, incremental updates (e.g. overlays), network update
+postponed for later.
diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc
new file mode 100644
index 0000000..f5857c5
--- /dev/null
+++ b/Documentation/decisions/002-install-options.adoc
@@ -0,0 +1,18 @@
+# Install options
+
+## Status
+Proposed
+
+## Context
+Based on identified different audiences for the Spectrum OS release it is
+proposed we support three base configurations to use with Spectrum OS in the
+first boot.
+
+## Decision
+* Minimal - Spectrum OS host + system VMs: netvm, guivm, usbvm + home-directory
+(optionally encrypted - see 004-disk-encryption.md)
+* Common - Minimal + browser app VM + 2-3 selected app VMs
+* Power - Common + NixOS VM
+
+## Consequences
+Requires first-boot-vm (like wizard) to support user to get started.
diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc
new file mode 100644
index 0000000..345619f
--- /dev/null
+++ b/Documentation/decisions/003-partitioning.adoc
@@ -0,0 +1,25 @@
+# Partitioning
+
+## Status
+Proposed
+
+## Context
+Partitions are required to install the Spectrum OS, VMs and store user data.
+
+## Decision
+----
+<blockdevice> # EFI system partition
+<blockdevice> # XBOOTLDR
+<blockdevice> # A
+<blockdevice> # B
+# first 32 GB are reserved for Spectrum system
+# rest of the disk is reserved for user data
+<blockdevice>n-1 # bootstrap user data
+<blockdevice>n to the end of disk # user data
+----
+
+## Consequences
+LVM may support resizing - both increasing and decreasing with some limitation
+when there's alreay data on volume(s). Does LVM work with all disk types? We
+have to implement XBOOTLDR to support EFI system partition created by Windows -
+to support dual boot
diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc
new file mode 100644
index 0000000..3ed9abb
--- /dev/null
+++ b/Documentation/decisions/004-data-at-rest-encryption.adoc
@@ -0,0 +1,16 @@
+# Data at rest encryption
+
+## Status
+Proposed
+
+## Context
+To support user data and privacy protection, encryption of data at rest is
+required.
+
+## Decision
+User data is encrypted.
+
+## Consequences
+Spectrum OS needs to come with enough SW to get the encryption key via different
+methods (password, usb, fido, etc.) Can we use dm-crypt for everything instead
+of LUKS?
diff --git a/Documentation/decisions/005-virtual-machine-manager.adoc b/Documentation/decisions/005-virtual-machine-manager.adoc
new file mode 100644
index 0000000..b4af595
--- /dev/null
+++ b/Documentation/decisions/005-virtual-machine-manager.adoc
@@ -0,0 +1,24 @@
+# Virtual Machine Manager
+
+## Status
+Accepted
+
+## Context
+rust-vmm-based VMM provides memory and concurrency safe solution.
+cloud-hypervisor was chosen because firecrack does not support other
+virtio-devices than net or block. crosvm was not chosen because cloud-hypervisor
+has more flexible IPC mechanisms, more engaging community as LF-project.
+cloud-hypervisor has more core features - such as snapshotting, live migration
+and more general hot plugging. crosvm supports more devices we will also need.
+It was seen easier to port devices from crosvm to cloud-hypervisor than to port
+core features from cloud-hypervisor to crosvm.
+
+## Decision
+Spectrum OS design and implementation decision is to use cloud-hypervisor as the
+primary VMM.
+
+## Consequences
+We gotta port some stuff from crosvm to cloud-hypervisor. It's easier for
+Spectrum to handle virtualization dynamically with cloud-hypervisor. If the
+primary VMM, cloud-hypervisor, is exchanged for trials etc. functionality is
+expected to break or not supported.
diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc
new file mode 100644
index 0000000..052b596
--- /dev/null
+++ b/Documentation/decisions/006-drivers-on-host.adoc
@@ -0,0 +1,17 @@
+# Drivers on host
+
+## Status
+Accepted
+
+## Context
+To harden the trusted computing base and make it more minimal, the target is to
+minimize the amount of drivers on the Spectrum host kernel.
+
+## Decision
+We are aiming to have as few drivers as possible on the host.
+
+## Consequences
+No networking on the host. Responsibilities of the host are expected to get
+smaller over time. More flexible management of devices. We need to decouple
+device classes - like net, usb, bluetooth and gui - from host to their
+respective VMs.
diff --git a/Documentation/decisions/007-USB-virtual-machine.adoc b/Documentation/decisions/007-USB-virtual-machine.adoc
new file mode 100644
index 0000000..2072427
--- /dev/null
+++ b/Documentation/decisions/007-USB-virtual-machine.adoc
@@ -0,0 +1,14 @@
+# USB Virtual Machine
+
+## Status
+Proposed
+
+## Context
+To support specific USB devices on specific VMs
+
+## Decision
+The decision is to pass-through USB controller to a VM with authorization
+controls inside the VMs to forward a specific USB device using USBIP.
+
+## Consequences
+We need to modify the upstream USBIP daemon to support authorization.
diff --git a/Documentation/decisions/008-Inter-VM-communication-mechanisms.adoc b/Documentation/decisions/008-Inter-VM-communication-mechanisms.adoc
new file mode 100644
index 0000000..1007037
--- /dev/null
+++ b/Documentation/decisions/008-Inter-VM-communication-mechanisms.adoc
@@ -0,0 +1,18 @@
+### Inter VM communication mechanisms
+
+### Status
+Proposed
+
+### Context
+Guest VM software needs to communicate with software in other guest VMs
+
+### Decision
+Spectrum provides two mechanism
+- TCP/IP with virtio-net
+- Wayland with virtio-gpu (nevermind the semantics) for streamed IPC protocol to
+ send references to shared memory
+
+
+### Consequences
+- Examples required on how to write applications which communicate over
+ virtio-gpu
--
2.36.0
4
9
This series was originally developed for some work I'm finishing up
now for NLnet, for letting Spectrum users build VMs on the system with
Nix, so it's time for it to get another round.
Changes since v1:
• make-vm.nix only generates the VM's configuration directory,
not a whole data/$name hierarchy that needs to be merged.
• vm-lib/make-vm.nix and vm/make-vm.nix are separated, so
system-provided VMs can deduplicate against the base image, while
user-defined VMs can't so they're independently upgradeable.
v1: https://spectrum-os.org/lists/archives/spectrum-devel/20220919073659.170327…
The idea here is to reduce duplication between application VMs, both
in terms of source code size and output size. After this change,
creating a new VM just requires writing a very small Nix file like
this:
{ config ? import ../../../nix/eval-config.nix {} }:
import ../../vm-lib/make-vm.nix { inherit config; } {
name = "appvm-lynx";
providers.net = [ "netvm" ];
run = config.pkgs.pkgsStatic.callPackage (
{ writeScript, lynx }:
writeScript "run-lynx" ''
#!/bin/execlineb -P
${lynx}/bin/lynx https://spectrum-os.org
''
) { };
}
Rather than a whole big source tree as before, most of which was
duplicated with every other application VM.
When a VM generated this way is started, it gets two disk images. One
is the shared base image, which is part of the Spectrum base system,
and the other contains only the application-specific stuff: the run
script, and any store path dependencies that are not already present
in the base image. This means that the amount of storage required for
each new application VM is substantially reduced.
Of course, this isn't the only way to generate VMs. Monolithic VMs
like we had before would still work, with some small adjustments for
the new disk layout.
I also see this fitting well into making it possible to configure
extra VMs at build time. It doesn't directly help with that, but
making it so that each VM doesn't need to provide everything itself
will make creating external VMs easier when it does happen.
In future we might want to apply a similar mechanism to service VMs,
like netvm, but since we only have one of those so far, it's not clear
which parts exactly would be duplicated, so I'm leaving it for now.
Other future work is considering the impacts of the shared base image
on guest isolation. Can guests observe whether reads of the shared
base image hit the host page cache, or even an internal disk cache?
At the moment I suspect that the base image doesn't have enough
specialised code in it that there would be any interesting results,
but it's worth thinking about if the shared image grows new
functionality, whether it would be interesting to another guest to
be able to observe whether those resources have previously been loaded
or not. If this _does_ turn out to be a concern, it could be
mitigated by simply copying the base image to temporary storage before
booting a VM, and then booting the VM from the copy.
Alyssa Ross (6):
host/start-vm: support multiple block devices
scripts/make-gpt.sh: add support for labels
vm: build GPT images
host/start-vm: boot using partition label
release: rename from "img"
img/app: extract from appvm-{lynx,catgirl}
Documentation/creating-vms.adoc | 8 +-
Documentation/getting-spectrum.adoc | 2 +-
host/initramfs/extfs.nix | 19 +--
host/rootfs/default.nix | 11 +-
host/start-vm/lib.rs | 38 +++++-
host/start-vm/tests/vm_command-basic.rs | 6 +-
{vm/app/lynx => img/app}/Makefile | 57 ++++----
{vm/app/catgirl => img/app}/bin | 0
{vm/app/lynx => img/app}/default.nix | 22 ++--
img/app/etc/fstab | 8 ++
{vm/app/catgirl => img/app}/etc/init | 0
{vm/app/catgirl => img/app}/etc/mdev.conf | 0
{vm/app/lynx => img/app}/etc/mdev/iface | 2 +-
{vm/app/catgirl => img/app}/etc/passwd | 0
.../catgirl => img/app}/etc/passwd.license | 0
{vm/app/catgirl => img/app}/etc/resolv.conf | 0
.../app}/etc/s6-linux-init/scripts/rc.init | 1 +
.../s6-rc/lynx => img/app/etc/s6-rc/app}/run | 3 +-
.../catgirl => img/app/etc/s6-rc/app}/type | 0
.../app/etc/s6-rc/app}/type.license | 0
.../etc/s6-rc/mdevd-coldplug/dependencies | 0
.../app}/etc/s6-rc/mdevd-coldplug/type | 0
.../etc/s6-rc/mdevd-coldplug/type.license | 0
.../app}/etc/s6-rc/mdevd-coldplug/up | 0
.../app}/etc/s6-rc/mdevd/notification-fd | 0
.../etc/s6-rc/mdevd/notification-fd.license | 0
.../catgirl => img/app}/etc/s6-rc/mdevd/run | 0
.../catgirl => img/app}/etc/s6-rc/mdevd/type | 0
.../app}/etc/s6-rc/mdevd/type.license | 0
.../app}/etc/s6-rc/ok-all/contents | 0
.../catgirl => img/app}/etc/s6-rc/ok-all/type | 0
.../app}/etc/s6-rc/ok-all/type.license | 0
.../app}/etc/ssl/certs/ca-certificates.crt | 0
{vm/app/lynx => img/app}/shell.nix | 11 +-
release.nix | 2 +-
{img => release}/combined/default.nix | 0
{img => release}/combined/eosimages.nix | 0
{img => release}/combined/grub.cfg.in | 0
{img => release}/combined/run-vm.nix | 0
...ble-gpt-partition-attribute-55-check.patch | 0
...pt-disable-partition-table-CRC-check.patch | 0
.../0003-install-remove-Endless-OS-ad.patch | 0
...4-finished-don-t-run-eos-diagnostics.patch | 0
...omote-spectrum-not-the-Endless-forum.patch | 0
{img => release}/installer/app/default.nix | 0
.../installer/app/vendor-customer-support.ini | 0
{img => release}/installer/configuration.nix | 0
{img => release}/installer/default.nix | 0
{img => release}/installer/run-vm.nix | 0
{img => release}/installer/seat.rules | 0
{img => release}/live/Makefile | 0
{img => release}/live/default.nix | 0
{img => release}/live/shell.nix | 0
scripts/make-gpt.sh | 4 +-
scripts/sfdisk-field.awk | 2 +-
vm-lib/make-vm.nix | 51 ++++++++
vm/app/catgirl.nix | 17 +++
vm/app/catgirl/Makefile | 123 ------------------
vm/app/catgirl/default.nix | 92 -------------
vm/app/catgirl/etc/fstab | 6 -
vm/app/catgirl/etc/mdev/iface | 36 -----
.../catgirl/etc/s6-linux-init/scripts/rc.init | 10 --
vm/app/catgirl/etc/s6-rc/catgirl/run | 31 -----
.../data/appvm-catgirl/providers/net/netvm | 0
vm/app/catgirl/shell.nix | 17 ---
vm/app/lynx.nix | 15 +++
vm/app/lynx/bin | 1 -
vm/app/lynx/etc/fstab | 6 -
vm/app/lynx/etc/init | 5 -
vm/app/lynx/etc/mdev.conf | 5 -
vm/app/lynx/etc/passwd | 1 -
vm/app/lynx/etc/passwd.license | 2 -
vm/app/lynx/etc/resolv.conf | 4 -
vm/app/lynx/etc/s6-rc/lynx/type | 1 -
vm/app/lynx/etc/s6-rc/lynx/type.license | 2 -
.../etc/s6-rc/mdevd-coldplug/dependencies | 4 -
vm/app/lynx/etc/s6-rc/mdevd-coldplug/type | 1 -
.../etc/s6-rc/mdevd-coldplug/type.license | 2 -
vm/app/lynx/etc/s6-rc/mdevd-coldplug/up | 4 -
vm/app/lynx/etc/s6-rc/mdevd/notification-fd | 1 -
.../etc/s6-rc/mdevd/notification-fd.license | 2 -
vm/app/lynx/etc/s6-rc/mdevd/run | 5 -
vm/app/lynx/etc/s6-rc/mdevd/type | 1 -
vm/app/lynx/etc/s6-rc/mdevd/type.license | 2 -
vm/app/lynx/etc/s6-rc/ok-all/contents | 4 -
vm/app/lynx/etc/s6-rc/ok-all/type | 1 -
vm/app/lynx/etc/s6-rc/ok-all/type.license | 2 -
vm/app/lynx/etc/ssl/certs/ca-certificates.crt | 1 -
.../host/data/appvm-lynx/providers/net/netvm | 0
vm/make-vm.nix | 9 ++
vm/sys/net/Makefile | 23 ++--
vm/sys/net/default.nix | 10 +-
92 files changed, 236 insertions(+), 457 deletions(-)
rename {vm/app/lynx => img/app}/Makefile (66%)
rename {vm/app/catgirl => img/app}/bin (100%)
rename {vm/app/lynx => img/app}/default.nix (77%)
create mode 100644 img/app/etc/fstab
rename {vm/app/catgirl => img/app}/etc/init (100%)
rename {vm/app/catgirl => img/app}/etc/mdev.conf (100%)
rename {vm/app/lynx => img/app}/etc/mdev/iface (98%)
rename {vm/app/catgirl => img/app}/etc/passwd (100%)
rename {vm/app/catgirl => img/app}/etc/passwd.license (100%)
rename {vm/app/catgirl => img/app}/etc/resolv.conf (100%)
rename {vm/app/lynx => img/app}/etc/s6-linux-init/scripts/rc.init (90%)
rename {vm/app/lynx/etc/s6-rc/lynx => img/app/etc/s6-rc/app}/run (80%)
rename {vm/app/catgirl/etc/s6-rc/catgirl => img/app/etc/s6-rc/app}/type (100%)
rename {vm/app/catgirl/etc/s6-rc/catgirl => img/app/etc/s6-rc/app}/type.license (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd-coldplug/dependencies (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd-coldplug/type (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd-coldplug/type.license (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd-coldplug/up (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd/notification-fd (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd/notification-fd.license (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd/run (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd/type (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/mdevd/type.license (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/ok-all/contents (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/ok-all/type (100%)
rename {vm/app/catgirl => img/app}/etc/s6-rc/ok-all/type.license (100%)
rename {vm/app/catgirl => img/app}/etc/ssl/certs/ca-certificates.crt (100%)
rename {vm/app/lynx => img/app}/shell.nix (51%)
rename {img => release}/combined/default.nix (100%)
rename {img => release}/combined/eosimages.nix (100%)
rename {img => release}/combined/grub.cfg.in (100%)
rename {img => release}/combined/run-vm.nix (100%)
rename {img => release}/installer/app/0001-gpt-disable-gpt-partition-attribute-55-check.patch (100%)
rename {img => release}/installer/app/0002-gpt-disable-partition-table-CRC-check.patch (100%)
rename {img => release}/installer/app/0003-install-remove-Endless-OS-ad.patch (100%)
rename {img => release}/installer/app/0004-finished-don-t-run-eos-diagnostics.patch (100%)
rename {img => release}/installer/app/0005-finished-promote-spectrum-not-the-Endless-forum.patch (100%)
rename {img => release}/installer/app/default.nix (100%)
rename {img => release}/installer/app/vendor-customer-support.ini (100%)
rename {img => release}/installer/configuration.nix (100%)
rename {img => release}/installer/default.nix (100%)
rename {img => release}/installer/run-vm.nix (100%)
rename {img => release}/installer/seat.rules (100%)
rename {img => release}/live/Makefile (100%)
rename {img => release}/live/default.nix (100%)
rename {img => release}/live/shell.nix (100%)
create mode 100644 vm-lib/make-vm.nix
create mode 100644 vm/app/catgirl.nix
delete mode 100644 vm/app/catgirl/Makefile
delete mode 100644 vm/app/catgirl/default.nix
delete mode 100644 vm/app/catgirl/etc/fstab
delete mode 100755 vm/app/catgirl/etc/mdev/iface
delete mode 100755 vm/app/catgirl/etc/s6-linux-init/scripts/rc.init
delete mode 100755 vm/app/catgirl/etc/s6-rc/catgirl/run
delete mode 100644 vm/app/catgirl/host/data/appvm-catgirl/providers/net/netvm
delete mode 100644 vm/app/catgirl/shell.nix
create mode 100644 vm/app/lynx.nix
delete mode 120000 vm/app/lynx/bin
delete mode 100644 vm/app/lynx/etc/fstab
delete mode 100755 vm/app/lynx/etc/init
delete mode 100644 vm/app/lynx/etc/mdev.conf
delete mode 100644 vm/app/lynx/etc/passwd
delete mode 100644 vm/app/lynx/etc/passwd.license
delete mode 100644 vm/app/lynx/etc/resolv.conf
delete mode 100644 vm/app/lynx/etc/s6-rc/lynx/type
delete mode 100644 vm/app/lynx/etc/s6-rc/lynx/type.license
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd-coldplug/dependencies
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd-coldplug/type
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd-coldplug/type.license
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd-coldplug/up
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd/notification-fd
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd/notification-fd.license
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd/run
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd/type
delete mode 100644 vm/app/lynx/etc/s6-rc/mdevd/type.license
delete mode 100644 vm/app/lynx/etc/s6-rc/ok-all/contents
delete mode 100644 vm/app/lynx/etc/s6-rc/ok-all/type
delete mode 100644 vm/app/lynx/etc/s6-rc/ok-all/type.license
delete mode 120000 vm/app/lynx/etc/ssl/certs/ca-certificates.crt
delete mode 100644 vm/app/lynx/host/data/appvm-lynx/providers/net/netvm
create mode 100644 vm/make-vm.nix
base-commit: 7a6d44e24ddcc9cba73deed25fb85038b7c3d823
--
2.37.1
2
12
Vadim found that it was not possible to test networking in the live
image's make run target. This turned out to be for two separate
reasons. One was that we didn't have an IOMMU on that QEMU machine,
but even adding that wasn't enough, because Intel IOMMUs also just
didn't work at all on the live image, due to a missing kernel command
line parameter.
Alyssa Ross (2):
Set intel_iommu=on in kernel command line
Add IOMMU to other host test targets
host/initramfs/Makefile | 4 +++-
img/combined/run-vm.nix | 3 ++-
img/live/Makefile | 4 +++-
3 files changed, 8 insertions(+), 3 deletions(-)
base-commit: 3aa2f8aa7423cdf36c797943ad7d5a9756290909
--
2.37.1
2
4
Create separate folders for new parent pages, update Introduction page,
remove a and the articles from titles, quick check text for simple english
Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
---
Documentation/{ => about}/architecture.adoc | 20 ++++---
Documentation/about/index.adoc | 30 +++++++++++
Documentation/building-documentation.adoc | 52 ------------------
.../decisions/001-host-update-mechanism.adoc | 4 +-
.../decisions/002-install-options.adoc | 4 +-
Documentation/decisions/003-partitioning.adoc | 2 +-
.../004-data-at-rest-encryption.adoc | 4 +-
.../005-virtual-machine-monitor.adoc | 2 +-
.../decisions/006-drivers-on-host.adoc | 2 +-
.../decisions/007-usb-virtual-machines.adoc | 2 +-
...008-inter-vm-communication-mechanisms.adoc | 2 +-
Documentation/decisions/index.adoc | 2 +-
.../build-configuration.adoc | 13 +++--
.../development/building-documentation.adoc | 53 +++++++++++++++++++
.../{ => development}/debugging.adoc | 12 ++---
.../{ => development}/first-patch.adoc | 32 +++++------
Documentation/development/index.adoc | 31 +++++++++++
Documentation/{ => development}/replying.adoc | 13 ++---
.../{ => development}/reviewing-patches.adoc | 4 +-
.../{ => development}/testing-patches.adoc | 34 ++++++------
.../{ => development}/uuid-reference.adoc | 5 +-
Documentation/explanation.adoc | 3 +-
.../{ => getting-started}/creating-vms.adoc | 2 +-
Documentation/getting-started/index.adoc | 14 +++++
.../{ => getting-started}/running-vms.adoc | 2 +-
.../getting-started/user-partition.adoc | 16 ++++++
Documentation/how-to.adoc | 1 +
Documentation/index.adoc | 29 ++++++++--
Documentation/{ => installation}/b4.adoc | 5 +-
.../{ => installation}/binary-cache.adoc | 18 ++++---
.../{ => installation}/getting-spectrum.adoc | 14 ++---
Documentation/installation/index.adoc | 26 +++++++++
Documentation/reference.adoc | 3 +-
Documentation/tutorials.adoc | 3 +-
Documentation/user-partition.adoc | 12 -----
35 files changed, 302 insertions(+), 169 deletions(-)
rename Documentation/{ => about}/architecture.adoc (84%)
create mode 100644 Documentation/about/index.adoc
delete mode 100644 Documentation/building-documentation.adoc
rename Documentation/{ => development}/build-configuration.adoc (73%)
create mode 100644 Documentation/development/building-documentation.adoc
rename Documentation/{ => development}/debugging.adoc (79%)
rename Documentation/{ => development}/first-patch.adoc (80%)
create mode 100644 Documentation/development/index.adoc
rename Documentation/{ => development}/replying.adoc (68%)
rename Documentation/{ => development}/reviewing-patches.adoc (88%)
rename Documentation/{ => development}/testing-patches.adoc (81%)
rename Documentation/{ => development}/uuid-reference.adoc (97%)
rename Documentation/{ => getting-started}/creating-vms.adoc (98%)
create mode 100644 Documentation/getting-started/index.adoc
rename Documentation/{ => getting-started}/running-vms.adoc (93%)
create mode 100644 Documentation/getting-started/user-partition.adoc
rename Documentation/{ => installation}/b4.adoc (93%)
rename Documentation/{ => installation}/binary-cache.adoc (80%)
rename Documentation/{ => installation}/getting-spectrum.adoc (82%)
create mode 100644 Documentation/installation/index.adoc
delete mode 100644 Documentation/user-partition.adoc
diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc
similarity index 84%
rename from Documentation/architecture.adoc
rename to Documentation/about/architecture.adoc
index 1c4307b..c1af320 100644
--- a/Documentation/architecture.adoc
+++ b/Documentation/about/architecture.adoc
@@ -1,17 +1,15 @@
= Architecture
-:page-parent: Explanation
+:page-parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Introduction
+Spectrum is based on the principle of security by compartmentalization.
-Spectrum is based on the principle of security by
-compartmentalization. The high level stack is illustrated in the
-following diagram:
+The high level stack is illustrated in the following diagram:
-image::diagrams/stack.svg[]
+image::../diagrams/stack.svg[]
The default set of virtual machines includes two application VMs,
_appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web
@@ -26,7 +24,7 @@ https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant
decisions] are xref:decisions/index.adoc[recorded] as lightweight
https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[A….
-== The Spectrum host system
+== Spectrum Host System
Compartmentalization is implemented using
https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines.
@@ -35,7 +33,7 @@ https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[Kernel-based Virtual
Machine] (KVM) to provide lightweight, hardware-accelerated VMs.
While Linux (including KVM) is portable between many hardware architectures,
-cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
+cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
works on x86_64, but aarch64 support is in development.
https://skarnet.org/software/s6-rc/overview.html[s6-rc] is used for service
@@ -44,7 +42,7 @@ and service scripts.
https://wayland.freedesktop.org/[Wayland] is used for window management and
display. The Wayland architecture is well documented
-https://wayland.freedesktop.org/architecture.html[here]. The host provides only
+https://wayland.freedesktop.org/architecture.html[here]. The host provides only
a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used
for interacting with VM consoles. In future it will be possible for application
VMs to display windows on the single Wayland compositor on the host system,
@@ -57,7 +55,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion
and security hardening on memory allocation]. Kernel hardening will be
investigated in future.
-== Exploring the Spectrum dependency tree
+== Spectrum Dependency Tree
For a detailed, interactive view of dependencies, use
https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
@@ -67,4 +65,4 @@ https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
nix-build img/live -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz --no-out-link | xargs -o nix-tree
https://diode.zone/w/8DBDQ6HQUe5UUdLkpDuL35[See video of Spectrum live image
-interactive analysis with nix-tree]
+interactive analysis with nix-tree].
diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc
new file mode 100644
index 0000000..9e2a47e
--- /dev/null
+++ b/Documentation/about/index.adoc
@@ -0,0 +1,30 @@
+= About Spectrum
+:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum.
+:page-nav_order: 1
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is a Linux-based system that uses Nix package manager and Nixpkgs
+collection of packages.
+
+This gives an actively-developed base with good
+hardware support, powerful and optimised compartmentalization primitives in
+KVM, and the reproducible packaging and configuration system that is important
+for a maintainable compartmentalized system.
+
+== Why Spectrum
+
+* User data and applications are managed centrally while remaining isolated.
+That means that the system can be backed up and managed as a whole, rather than
+mixed up in several dozen VMs.
+
+* The host system and isolated environments are managed declaratively and
+reproducibly using the Nix package manager.
+This can save the user the burden of maintaining many different virtual
+computers, allowing finer-grained resource access controls and making it
+possible to verify the software running across all environments.
+
+TIP: If you are interested in why we do something _this_ way instead of _that_
+way, see xref:../decisions/index.adoc[Architecture Decision Records].
diff --git a/Documentation/building-documentation.adoc b/Documentation/building-documentation.adoc
deleted file mode 100644
index b491105..0000000
--- a/Documentation/building-documentation.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-= Building the Documentation
-:page-parent: Tutorials
-
-// SPDX-FileCopyrightText: 2022 Unikie
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-
-This tutorial assumes that you have https://nixos.org/[Nix] installed.
-You may also want to xref:binary-cache.adoc[configure the Spectrum
-binary cache], to avoid having to wait for dependencies to compile on
-your local system.
-
-1. Get a copy of the Spectrum source code:
-+
-[source,shell]
-----
-git clone https://spectrum-os.org/git/spectrum
-----
-2. Enter the documentation directory:
-+
-[source,shell]
-----
-cd spectrum/Documentation
-----
-3. Enter the development environment:
-+
-[source,shell]
-----
-nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz
-----
-4. In the development shell, do an initial build of the documentation
-site:
-+
-[source,shell]
-----
-scripts/build.sh
-----
-5. Run a development server for previewing changes locally:
-+
-[source,shell]
-----
-jekyll serve
-----
-+
-This will serve a local copy of the documentation at http://localhost:4000/.
-+
-IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so
-if you modify any of those, or add new ones, you'll have to run
-`scripts/build.sh` again to do a full rebuild of the site.
-
-Once you've made your changes to the documentation, see
-xref:first-patch.adoc[Sending Your First Patch] for information
-about how to submit them for review.
diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc
index 574deb4..39f9f28 100644
--- a/Documentation/decisions/001-host-update-mechanism.adoc
+++ b/Documentation/decisions/001-host-update-mechanism.adoc
@@ -1,6 +1,6 @@
= 001 Host Update Mechanism
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -11,7 +11,7 @@ Proposed
== Context
-Spectrum currently has no implementation for software update. The host --
+Spectrum currently has no implementation for software update. The host --
consisting of the Linux kernel, KVM, cloud-hypervisor and minimal user space
tools -- will require software updates to support feature development and
security fixes.
diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc
index 4412b53..4a745eb 100644
--- a/Documentation/decisions/002-install-options.adoc
+++ b/Documentation/decisions/002-install-options.adoc
@@ -1,6 +1,6 @@
-= 002 Install options
+= 002 Install Options
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc
index 8494ea4..a13b8cc 100644
--- a/Documentation/decisions/003-partitioning.adoc
+++ b/Documentation/decisions/003-partitioning.adoc
@@ -1,6 +1,6 @@
= 003 Partitioning
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc
index 26fe273..5b0f518 100644
--- a/Documentation/decisions/004-data-at-rest-encryption.adoc
+++ b/Documentation/decisions/004-data-at-rest-encryption.adoc
@@ -1,6 +1,6 @@
= 004 Data at Rest Encryption
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -20,5 +20,5 @@ User data is encrypted.
== Consequences
Spectrum needs to come with enough software to get the encryption key
-via different methods (password, usb, fido, etc.) Can we use dm-crypt
+via different methods (password, usb, fido, etc.). Can we use dm-crypt
for everything instead of LUKS?
diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc
index db81c72..df1b501 100644
--- a/Documentation/decisions/005-virtual-machine-monitor.adoc
+++ b/Documentation/decisions/005-virtual-machine-monitor.adoc
@@ -1,6 +1,6 @@
= 005 Virtual Machine Monitor
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc
index 872044e..b92d863 100644
--- a/Documentation/decisions/006-drivers-on-host.adoc
+++ b/Documentation/decisions/006-drivers-on-host.adoc
@@ -1,6 +1,6 @@
= 006 Drivers on Host
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc
index 3bdf78b..d832691 100644
--- a/Documentation/decisions/007-usb-virtual-machines.adoc
+++ b/Documentation/decisions/007-usb-virtual-machines.adoc
@@ -1,6 +1,6 @@
= 007 USB Virtual Machine
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
index a1b7d49..c1e5b87 100644
--- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
+++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
@@ -1,6 +1,6 @@
= 008 Inter-VM Communication Mechanisms
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc
index 772f382..a022239 100644
--- a/Documentation/decisions/index.adoc
+++ b/Documentation/decisions/index.adoc
@@ -1,6 +1,6 @@
= Architecture Decision Records
:page-has_children: true
-:page-parent: Explanation
+:page-parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/build-configuration.adoc b/Documentation/development/build-configuration.adoc
similarity index 73%
rename from Documentation/build-configuration.adoc
rename to Documentation/development/build-configuration.adoc
index b89575f..c9a8c99 100644
--- a/Documentation/build-configuration.adoc
+++ b/Documentation/development/build-configuration.adoc
@@ -1,19 +1,22 @@
= Configuring the Build
-:page-parent: How-to Guides
+:page-parent: Development
+:page-nav_order: 1
:example-caption: Test
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
Some aspects of a Spectrum build can be customised using a build
-configuration file. By default, this configuration file should be
-called config.nix and located in the root of the Spectrum source tree,
-but this can be overridden by setting `spectrum-config` in the
+configuration file.
+
+By default, this configuration file should be called config.nix and located in
+the root of the Spectrum source tree, but this can be overridden by setting
+`spectrum-config` in the
https://nixos.org/manual/nix/stable/command-ref/env-common.html#env-NIX_PAT…
to the path of the configuration file.
The configuration file should contain an attribute set. The only
-currently allowed attribute name is `pkgs`, which allows using a
+currently allowed attribute name is `pkgs`. It allows using a
custom Nixpkgs to evaluate Spectrum.
.config.nix to build Spectrum with a https://nixos.org/manual/nixpkgs/unstable/#sec-overlays-definition[Nixpkgs overlay]
diff --git a/Documentation/development/building-documentation.adoc b/Documentation/development/building-documentation.adoc
new file mode 100644
index 0000000..d83c343
--- /dev/null
+++ b/Documentation/development/building-documentation.adoc
@@ -0,0 +1,53 @@
+= Building Documentation
+:page-parent: Development
+:page-nav_order: 4
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Make sure you have https://nixos.org/[Nix] installed.
+You may also want to xref:binary-cache.adoc[configure the Spectrum
+binary cache], to avoid having to wait for dependencies to compile on
+your local system.
+
+. Get a copy of the Spectrum source code:
++
+[source,shell]
+----
+git clone https://spectrum-os.org/git/spectrum
+----
+. Enter the documentation directory:
++
+[source,shell]
+----
+cd spectrum/Documentation
+----
+. Enter the development environment:
++
+[source,shell]
+----
+nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz
+----
+. In the development shell, do an initial build of the documentation
+site:
++
+[source,shell]
+----
+scripts/build.sh
+----
+. Run a development server for previewing changes locally:
++
+[source,shell]
+----
+jekyll serve
+----
++
+This will serve a local copy of the documentation at http://localhost:4000/.
++
+IMPORTANT: Jekyll does not handle rendering of the draw.io diagrams. If you
+modify any of those, or add new ones, run `scripts/build.sh` again to do a full
+rebuild of the site.
+
+After making changes to the documentation, see
+xref:first-patch.adoc[Working with Patches] for information
+on how to submit your changes for review.
diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc
similarity index 79%
rename from Documentation/debugging.adoc
rename to Documentation/development/debugging.adoc
index 3871a7c..d342294 100644
--- a/Documentation/debugging.adoc
+++ b/Documentation/development/debugging.adoc
@@ -1,7 +1,6 @@
-= Debugging Spectrum
-:page-parent: Explanation
-:toc:
-:toclevels: 1
+= Debugging
+:page-parent: Development
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -9,8 +8,9 @@
== Extracting core dumps when running Spectrum in a VM
When using a VM to run the Spectrum host system, a special mechanism
-is available to enable easy introspection of core files. When a
-program on the Spectrum host system dumps core, the system will
+is available to enable easy introspection of core files.
+
+When a program on the Spectrum host system dumps core, the system will
attempt to upload the core file to _its_ host (i.e. the system running
Spectrum in a VM) using the vsock(7) protocol, on port 1129271877.
diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc
similarity index 80%
rename from Documentation/first-patch.adoc
rename to Documentation/development/first-patch.adoc
index 30672b9..cf19b37 100644
--- a/Documentation/first-patch.adoc
+++ b/Documentation/development/first-patch.adoc
@@ -1,11 +1,11 @@
-= Sending Your First Patch
-:page-parent: Tutorials
+= Working with Patches
+:page-parent: Development
+:page-nav_order: 1
+:page-has_children: true
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Prerequisites
-
This tutorial assumes that you already have basic
https://git-scm.com/[git] experience.
@@ -14,19 +14,18 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need
to have configured `git send-email` — a guide for this can be found at
https://git-send-email.io/.
-== Making your changes
+== Making Changes
-If you've worked on any git repository before, the process for making
-your changes will probably be very familiar.
+The process of making changes is similar to working on any git repository.
-1. Create a branch for your changes:
+. Create a branch for your changes:
+
[source,shell]
----
git checkout -b fix-docs # for example
----
-2. Make changes in your editor.
-3. Stage and commit your changes:
+. Make changes in your editor.
+. Stage and commit your changes:
+
[source,shell]
----
@@ -39,7 +38,7 @@ indicates your acceptance of the
https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's
Certificate of Origin], which is mandatory for Spectrum patches.
-== Submitting changes
+== Submitting Changes
Once you're happy with how the commits on your branch look, run:
@@ -64,13 +63,14 @@ message that will be sent before all of your patches.
Once your patch has been submitted, wait for it to be reviewed.
Feedback, if any, will be sent as email replies to your submitted
-patch. You can respond to feedback in your mail client. Please use
-the Reply All button to ensure that your messages are sent to the
+patch. You can respond to feedback in your mail client.
+
+Use the *Reply All* button to sent your messages to the
mailing list as well as to the person who sent the feedback.
-If you need to make changes to your patch, and submit a new version,
+If you need to make changes to your patch and submit a new version,
use https://git-rebase.io/[`git rebase`] to create a new version of
-your patch(es), and submit it like this:
+your patch(es) and then submit it like this:
[source,shell]
----
@@ -81,7 +81,7 @@ The added `-v2` flag indicates that this is version two of your
patch set. If your patches require more rounds of changes, submit
subsequent rounds with `-v3`, `-v4`, etc. as appropriate.
-If you'd like to describe what has changed from the previous version
+If you would like to describe what has changed from the previous version
of your patches, you can do so in a xref:cover-letter[cover letter]
as described above.
diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc
new file mode 100644
index 0000000..1fe4d8b
--- /dev/null
+++ b/Documentation/development/index.adoc
@@ -0,0 +1,31 @@
+= Development
+:description: Development progress, general development practices
+:page-nav_order: 4
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is free software, currently under active development.
+
+If you made changes in a source code,
+https://spectrum-os.org/installation/getting-spectrum.html#building-an-installer[rebuild Spectrum],
+xref:../development/testing-patches.adoc[test your patch] and
+then https://spectrum-os.org/development/first-patch.html#submitting-changes[sub… your changes for review].
+
+== Developer Setup
+
+Before starting, make sure you are familiar with
+https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4] and the
+https://nixos.org/manual/nix/stable/introduction.html[Nix package manager].
+
+== Mailing Lists
+
+The Spectrum project runs several
+https://spectrum-os.org/mailman3/lists/?all-lists[mailing lists] on which you
+can ask your questions or help other people with the questions they have. All
+the Spectrum developers as well as many long time Linux and Spectrum users are
+on the lists.
+
+For real-time feedback, use
+https://spectrum-os.org/participating.html#irc[IRC/Matrix channel].
diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc
similarity index 68%
rename from Documentation/replying.adoc
rename to Documentation/development/replying.adoc
index bb8e31a..a1ad394 100644
--- a/Documentation/replying.adoc
+++ b/Documentation/development/replying.adoc
@@ -1,5 +1,7 @@
= Replying to Messages in the Mailing List Archives
-:page-parent: Tutorials
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -9,14 +11,13 @@ https://spectrum-os.org/participating.html#mailing-lists[mailing
lists].
Make sure to Reply All when replying to messages, so that the message
-is sent to the mailing list and not just to the person you're
-replying to.
+is sent to the mailing list and not just to the person you reply to.
== Getting a copy of a message
-You may want to reply to a mailing list message that you don't have a
-copy of in your mail client, because you aren't subscribed to the
-list, or because you subscribed after the message was sent.
+You may want to reply to a mailing list message that you do not have a
+copy of in your mail client, because you are not subscribed to the
+list or because you subscribed after the message was sent.
To do this, find the message you want to reply to in the
https://spectrum-os.org/lists/archives[public-inbox list archives],
diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc
similarity index 88%
rename from Documentation/reviewing-patches.adoc
rename to Documentation/development/reviewing-patches.adoc
index 63ff24e..ba47f25 100644
--- a/Documentation/reviewing-patches.adoc
+++ b/Documentation/development/reviewing-patches.adoc
@@ -1,5 +1,7 @@
= Reviewing Patches
-:page-parent: How-to Guides
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc
similarity index 81%
rename from Documentation/testing-patches.adoc
rename to Documentation/development/testing-patches.adoc
index 743cd6e..600cf0f 100644
--- a/Documentation/testing-patches.adoc
+++ b/Documentation/development/testing-patches.adoc
@@ -1,5 +1,7 @@
= Testing Patches
-:page-parent: How-to Guides
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-FileCopyrightText: 2022 Unikie
@@ -9,7 +11,7 @@ Potential changes to Spectrum are posted to and discussed on the
https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os…
mailing list.
-== Apply the patch
+== Apply Patch
. Find the patch series you want to test on
https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
@@ -28,35 +30,31 @@ of the Spectrum root's nix-shell, which allows you to skip this step.
with the patch's Message-Id to download all the patches in the
series into a file.
+
-[example]
[source,shell]
----
b4 am 20220511092352.70E54C980(a)atuin.qyliss.net
----
-
-. b4 will indicate the file name it has downloaded the patches into
- with a line like:
+b4 will indicate the file name it has downloaded the patches into with a line
+like:
+
-[example]
-[listing]
+[source,shell]
+----
Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
+----
+. Run `git am` on that file to apply the patches. For example:
+
-Run `git am` on that file to apply the patches, for example:
-+
-[example]
[source,shell]
----
git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
----
-== Post your test results
+== Post Your Results
-When you've tested a patch, it's really helpful to
+When you tested a patch, it is helpful to
xref:replying.adoc[reply] with your test results.
-If the patch worked for you, please reply to it and include a line
-like the following, separated from any reply text:
-
+If the patch worked for you, please reply to it and include a line like the following, separated from any reply text:
+[source,shell]
----
Tested-by: John Smith <john(a)example.com>
----
@@ -66,10 +64,10 @@ patch replies will be automatically included in the commit message
when a patch is applied.
It's also helpful to explain in your reply how you tested the patch,
-but you don't have to if it's obvious. (For example, if a patch is
+but you don't have to if it's obvious. For example, if a patch is
supposed to fix a bug, and you verified that after applying the patch
the bug is fixed, just the Tested-by line on its own is enough to
-indicate that.)
+indicate that.
If you found an issue with the patch, do not include a Tested-by line,
and instead reply to the patch explaining what you tested, what you
diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc
similarity index 97%
rename from Documentation/uuid-reference.adoc
rename to Documentation/development/uuid-reference.adoc
index 4b0b481..61c602f 100644
--- a/Documentation/uuid-reference.adoc
+++ b/Documentation/development/uuid-reference.adoc
@@ -1,7 +1,8 @@
= UUID Reference
-:page-parent: Reference
+:page-parent: Development
:toc: preamble
:toclevels: 1
+:page-nav_order: 5
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -40,7 +41,7 @@ xref:user-partition.adoc[Spectrum user partition].
=== `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e`
-https://github.com/endlessm/eos-installer["eosimages"] partition on the
+https://github.com/endlessm/eos-installer["eosimages"] partition on the
Spectrum combined live system / installer image.
== Combined Image Partition IDs
diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc
index b39cc6d..f682129 100644
--- a/Documentation/explanation.adoc
+++ b/Documentation/explanation.adoc
@@ -1,6 +1,5 @@
= Explanation
-:page-has_children: true
-:page-nav_order: 4
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/creating-vms.adoc b/Documentation/getting-started/creating-vms.adoc
similarity index 98%
rename from Documentation/creating-vms.adoc
rename to Documentation/getting-started/creating-vms.adoc
index d967098..e06be85 100644
--- a/Documentation/creating-vms.adoc
+++ b/Documentation/getting-started/creating-vms.adoc
@@ -1,5 +1,5 @@
= Creating VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/getting-started/index.adoc b/Documentation/getting-started/index.adoc
new file mode 100644
index 0000000..639e0a6
--- /dev/null
+++ b/Documentation/getting-started/index.adoc
@@ -0,0 +1,14 @@
+= Getting Started
+:description: Exploring Spectrum OS. Using (=How-To-Guides), Configuring (adding smth). Ready to get started with Spectrum OS? After installing you can create VMs and then configure each one.
+:page-nav_order: 3
+:page-has_children: true
+:page-has_toc: false
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Ready to get started with Spectrum? Here is what you can do next:
+
+* xref:../getting-started/creating-vms.adoc[Create your own VM] to use others applications.
+* xref:../getting-started/running-vms.adoc[Start some applications].
+* If needed, xref:../getting-started/user-partition.adoc[change the user partition type].
diff --git a/Documentation/running-vms.adoc b/Documentation/getting-started/running-vms.adoc
similarity index 93%
rename from Documentation/running-vms.adoc
rename to Documentation/getting-started/running-vms.adoc
index d0d3f99..9073e3c 100644
--- a/Documentation/running-vms.adoc
+++ b/Documentation/getting-started/running-vms.adoc
@@ -1,5 +1,5 @@
= Running VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/getting-started/user-partition.adoc b/Documentation/getting-started/user-partition.adoc
new file mode 100644
index 0000000..7c142b8
--- /dev/null
+++ b/Documentation/getting-started/user-partition.adoc
@@ -0,0 +1,16 @@
+= User Partition
+:page-parent: Getting Started
+
+// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+The Spectrum host system is immutable, so configuration and user data
+lives on a separate partition.
+
+The host system discovers the user
+partition by looking for the special partition type
+`9293e1ff-cee4-4658-88be-898ec863944f`.
+
+This behavior can be overridden with the `ext` parameter on the host's kernel
+command line, which works in a similar way to the standard Linux `root`
+parameter.
diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc
index f43fa13..98cc842 100644
--- a/Documentation/how-to.adoc
+++ b/Documentation/how-to.adoc
@@ -1,4 +1,5 @@
= How-to Guides
+:page-nav_exclude: true
:page-has_children: true
:page-nav_order: 2
diff --git a/Documentation/index.adoc b/Documentation/index.adoc
index 3079847..ea28533 100644
--- a/Documentation/index.adoc
+++ b/Documentation/index.adoc
@@ -1,13 +1,32 @@
-= Spectrum Docs
+= Spectrum Documentation
:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Spectrum is a compartmentalized operating system.
-If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting
-Spectrum].
+Spectrum is an open-source project that aims to create a computer operating
+system, based on the principle of security by compartmentalization, that has a
+lower barrier to entry and is easy to use and maintain.
+
+== Using Spectrum
To learn about what Spectrum is and how it's implemented, start with
-the xref:architecture.adoc[architecture overview].
+the xref:about/architecture.adoc[architecture overview].
+
+If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run]
+ to setup a development environment.
+
+
+== Developing and Contributing
+
+Spectrum is made of free and open-source software. It is free for anyone to
+ use, modify, and distribute.
+
+Once you are up and rinning, see
+ xref:../development/index.adoc[Development] to understand how to work with
+ patches, debug the system or build the documentation.
+
+If you are thinking of contributing to Spectrum docs, see
+ xref:../development/building-documentation.adoc[Building Documentation].
diff --git a/Documentation/b4.adoc b/Documentation/installation/b4.adoc
similarity index 93%
rename from Documentation/b4.adoc
rename to Documentation/installation/b4.adoc
index 489ced4..58efd0e 100644
--- a/Documentation/b4.adoc
+++ b/Documentation/installation/b4.adoc
@@ -1,5 +1,6 @@
= Installing and Configuring b4
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-FileCopyrightText: 2022 Unikie
@@ -19,7 +20,7 @@ of the Spectrum root's nix-shell.
You should be able to install b4 from your package manager.
-Using Nix, you can start a shell with b4 available by running
+Using Nix, you can start a shell with b4 available by running:
[listing]
[source,shell]
diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc
similarity index 80%
rename from Documentation/binary-cache.adoc
rename to Documentation/installation/binary-cache.adoc
index 6e69b39..dff12e1 100644
--- a/Documentation/binary-cache.adoc
+++ b/Documentation/installation/binary-cache.adoc
@@ -1,5 +1,6 @@
-= Setting Up the Binary Cache
-:page-parent: How-to Guides
+= Setting Up Binary Cache
+:page-parent: Build and Run
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -20,10 +21,9 @@ encounter any trouble with it.
The binary cache is currently not able to provide logs, due to a
https://github.com/NixOS/nix/pull/6051[Nix bug].
-== On NixOS
+== For NixOS
-The following configuration adds the Spectrum binary cache as a
-substituter, and tells Nix to trust builds signed with its public key.
+Add the following configuration to /etc/nixos/configuration.nix:
[source,nix]
----
@@ -38,7 +38,13 @@ substituter, and tells Nix to trust builds signed with its public key.
}
----
-== On Non-NixOS systems
+This configuration adds the Spectrum binary cache as a substituter and makes
+Nix to trust builds signed with its public key.
+
+To apply changes, rebuild your system with the https://nixos.wiki/wiki/Nixos-rebuild[nixos-rebuild] command.
+
+
+== For Non-NixOS Systems
Add the following configuration to /etc/nix/nix.conf:
diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc
similarity index 82%
rename from Documentation/getting-spectrum.adoc
rename to Documentation/installation/getting-spectrum.adoc
index b3fa1ef..c365a93 100644
--- a/Documentation/getting-spectrum.adoc
+++ b/Documentation/installation/getting-spectrum.adoc
@@ -1,5 +1,6 @@
= Getting Spectrum
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run'
This builds just enough of Spectrum to try it out in a VM, but it will
still take a very long time.
-== Building an installer
+== Building Installer
[source,shell]
----
@@ -47,8 +48,7 @@ This will take a very long time, but when it's done, a symbolic link
named "result" will appear, pointing to a Spectrum USB installer
image.
-CAUTION: Spectrum is not yet suitable for real-world use. Do not use
-your Spectrum system for anything important or sensitive. Spectrum is
-currently missing many important security properties, and there is no
-procedure for updating to new versions of Spectrum -- you have to
-reinstall.
+CAUTION: Do not use Spectrum for anything important or sensitive as it is not
+yet suitable for real-world use. Many important security properties are
+currently missing, and there is no procedure for updating to
+new versions—you have to reinstall the OS.
diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc
new file mode 100644
index 0000000..2c4e9c7
--- /dev/null
+++ b/Documentation/installation/index.adoc
@@ -0,0 +1,26 @@
+= Build and Run
+:description: How to download and install Spectrum OS.
+:page-nav_order: 2
+:page-has_children: true
+:page-has_toc: false
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+
+To start working with Spectrum, you need:
+
+* xref:../installation/binary-cache.adoc[Set up the binary cache] to speed up the build process.
+* xref:../installation/getting-spectrum.adoc[Build Spectrum] from the source.
+* xref:../installation/b4.adoc[Install and configure the b4 utility] to be able to work with patches.
+
+TIP: Currently, Spectrum works only on x86-64. AAarch64 support is in
+development. If you have the configuration layer, you can
+xref:../development/build-configuration.adoc[configure the build] to be able to
+work with specific devices.
+
+== Uninstalling and Updating
+
+Currently, there is no implementation for a software update.
+
+You can replace Spectrum by installing another OS.
diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc
index 44b359d..55259ea 100644
--- a/Documentation/reference.adoc
+++ b/Documentation/reference.adoc
@@ -1,6 +1,5 @@
= Reference
-:page-has_children: true
-:page-nav_order: 3
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc
index cd1fb12..fcef31b 100644
--- a/Documentation/tutorials.adoc
+++ b/Documentation/tutorials.adoc
@@ -1,6 +1,5 @@
= Tutorials
-:page-nav_order: 1
-:page-has_children: true
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/user-partition.adoc b/Documentation/user-partition.adoc
deleted file mode 100644
index 73bc0d0..0000000
--- a/Documentation/user-partition.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-= The User Partition
-:page-parent: Explanation
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-
-The Spectrum host system is immutable, so configuration and user data
-lives on a separate partition. The host system discovers the user
-partition by looking for the special partition type
-`9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be
-overridden with the `ext` parameter on the host's kernel command line,
-which works in a similar way to the standard Linux `root` parameter.
--
2.34.1
3
6
Create separate folders for new parent pages, update Introduction page,
remove a and the articles from titles, quick check text for simple english
Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
---
Documentation/{ => about}/architecture.adoc | 19 ++++-----
Documentation/about/index.adoc | 21 ++++++++++
.../decisions/001-host-update-mechanism.adoc | 2 +-
.../decisions/002-install-options.adoc | 4 +-
Documentation/decisions/003-partitioning.adoc | 2 +-
.../004-data-at-rest-encryption.adoc | 2 +-
.../005-virtual-machine-monitor.adoc | 2 +-
.../decisions/006-drivers-on-host.adoc | 2 +-
.../decisions/007-usb-virtual-machines.adoc | 2 +-
...008-inter-vm-communication-mechanisms.adoc | 2 +-
Documentation/decisions/index.adoc | 2 +-
.../building-documentation.adoc | 10 ++---
.../{ => development}/debugging.adoc | 7 ++--
.../{ => development}/first-patch.adoc | 28 +++++++------
Documentation/development/index.adoc | 17 ++++++++
Documentation/{ => development}/replying.adoc | 4 +-
.../{ => development}/reviewing-patches.adoc | 4 +-
.../{ => development}/testing-patches.adoc | 42 ++++++++-----------
.../{ => development}/uuid-reference.adoc | 4 +-
Documentation/explanation.adoc | 3 +-
.../{ => getting-started}/creating-vms.adoc | 2 +-
Documentation/getting-started/index.adoc | 7 ++++
.../{ => getting-started}/running-vms.adoc | 2 +-
.../{ => getting-started}/user-partition.adoc | 8 ++--
Documentation/how-to.adoc | 1 +
Documentation/index.adoc | 22 +++++++---
Documentation/{ => installation}/b4.adoc | 3 +-
.../{ => installation}/binary-cache.adoc | 11 ++---
.../{ => installation}/getting-spectrum.adoc | 11 ++---
Documentation/installation/index.adoc | 18 ++++++++
Documentation/reference.adoc | 3 +-
Documentation/tutorials.adoc | 3 +-
32 files changed, 171 insertions(+), 99 deletions(-)
rename Documentation/{ => about}/architecture.adoc (84%)
create mode 100644 Documentation/about/index.adoc
rename Documentation/{ => development}/building-documentation.adoc (85%)
rename Documentation/{ => development}/debugging.adoc (92%)
rename Documentation/{ => development}/first-patch.adoc (83%)
create mode 100644 Documentation/development/index.adoc
rename Documentation/{ => development}/replying.adoc (93%)
rename Documentation/{ => development}/reviewing-patches.adoc (89%)
rename Documentation/{ => development}/testing-patches.adoc (62%)
rename Documentation/{ => development}/uuid-reference.adoc (98%)
rename Documentation/{ => getting-started}/creating-vms.adoc (98%)
create mode 100644 Documentation/getting-started/index.adoc
rename Documentation/{ => getting-started}/running-vms.adoc (93%)
rename Documentation/{ => getting-started}/user-partition.adoc (80%)
rename Documentation/{ => installation}/b4.adoc (96%)
rename Documentation/{ => installation}/binary-cache.adoc (90%)
rename Documentation/{ => installation}/getting-spectrum.adoc (85%)
create mode 100644 Documentation/installation/index.adoc
diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc
similarity index 84%
rename from Documentation/architecture.adoc
rename to Documentation/about/architecture.adoc
index 1c4307b..db82d60 100644
--- a/Documentation/architecture.adoc
+++ b/Documentation/about/architecture.adoc
@@ -1,17 +1,16 @@
= Architecture
-:page-parent: Explanation
+:page-parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Introduction
+Spectrum OS is based on the principle of security by compartmentalization.
-Spectrum is based on the principle of security by
-compartmentalization. The high level stack is illustrated in the
-following diagram:
+The high level stack is illustrated in the following diagram:
-image::diagrams/stack.svg[]
+image::../diagrams/stack.svg[]
The default set of virtual machines includes two application VMs,
_appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web
@@ -26,7 +25,7 @@ https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant
decisions] are xref:decisions/index.adoc[recorded] as lightweight
https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[A….
-== The Spectrum host system
+== Spectrum Host System
Compartmentalization is implemented using
https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines.
@@ -35,7 +34,7 @@ https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[Kernel-based Virtual
Machine] (KVM) to provide lightweight, hardware-accelerated VMs.
While Linux (including KVM) is portable between many hardware architectures,
-cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
+cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
works on x86_64, but aarch64 support is in development.
https://skarnet.org/software/s6-rc/overview.html[s6-rc] is used for service
@@ -44,7 +43,7 @@ and service scripts.
https://wayland.freedesktop.org/[Wayland] is used for window management and
display. The Wayland architecture is well documented
-https://wayland.freedesktop.org/architecture.html[here]. The host provides only
+https://wayland.freedesktop.org/architecture.html[here]. The host provides only
a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used
for interacting with VM consoles. In future it will be possible for application
VMs to display windows on the single Wayland compositor on the host system,
@@ -57,7 +56,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion
and security hardening on memory allocation]. Kernel hardening will be
investigated in future.
-== Exploring the Spectrum dependency tree
+== Spectrum Dependency Tree
For a detailed, interactive view of dependencies, use
https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc
new file mode 100644
index 0000000..a882852
--- /dev/null
+++ b/Documentation/about/index.adoc
@@ -0,0 +1,21 @@
+= About Spectrum OS
+:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum.
+:page-nav_order: 1
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is a Linux-based system, derived from NixOS. This gives an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system.
+
+== Why Spectrum
+
+There are several features that make Spectrum OS unique:
+
+* User data and applications are managed centrally, while remaining isolated.
+That means that the system can be backed up and managed as a whole, rather than mixed up in several dozen VMs.
+
+* The host system and isolated environments are managed declaratively and reproducibly using the Nix package manager.
+This can save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments.
+
+TIP: If you are interested in why we do something _this_ way instead of _that_ way, see xref:../decisions/index.adoc[Architecture Decision Records].
diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc
index 574deb4..7032146 100644
--- a/Documentation/decisions/001-host-update-mechanism.adoc
+++ b/Documentation/decisions/001-host-update-mechanism.adoc
@@ -1,6 +1,6 @@
= 001 Host Update Mechanism
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc
index 4412b53..a7c4175 100644
--- a/Documentation/decisions/002-install-options.adoc
+++ b/Documentation/decisions/002-install-options.adoc
@@ -1,6 +1,6 @@
-= 002 Install options
+= 002 Install Options
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc
index 8494ea4..b00f528 100644
--- a/Documentation/decisions/003-partitioning.adoc
+++ b/Documentation/decisions/003-partitioning.adoc
@@ -1,6 +1,6 @@
= 003 Partitioning
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc
index 26fe273..27323db 100644
--- a/Documentation/decisions/004-data-at-rest-encryption.adoc
+++ b/Documentation/decisions/004-data-at-rest-encryption.adoc
@@ -1,6 +1,6 @@
= 004 Data at Rest Encryption
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc
index db81c72..df5a65e 100644
--- a/Documentation/decisions/005-virtual-machine-monitor.adoc
+++ b/Documentation/decisions/005-virtual-machine-monitor.adoc
@@ -1,6 +1,6 @@
= 005 Virtual Machine Monitor
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc
index 872044e..86d3105 100644
--- a/Documentation/decisions/006-drivers-on-host.adoc
+++ b/Documentation/decisions/006-drivers-on-host.adoc
@@ -1,6 +1,6 @@
= 006 Drivers on Host
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc
index 3bdf78b..24dac65 100644
--- a/Documentation/decisions/007-usb-virtual-machines.adoc
+++ b/Documentation/decisions/007-usb-virtual-machines.adoc
@@ -1,6 +1,6 @@
= 007 USB Virtual Machine
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
index a1b7d49..9fce4ef 100644
--- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
+++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
@@ -1,6 +1,6 @@
= 008 Inter-VM Communication Mechanisms
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc
index 772f382..4f3a7e1 100644
--- a/Documentation/decisions/index.adoc
+++ b/Documentation/decisions/index.adoc
@@ -1,6 +1,6 @@
= Architecture Decision Records
:page-has_children: true
-:page-parent: Explanation
+:page-parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/building-documentation.adoc b/Documentation/development/building-documentation.adoc
similarity index 85%
rename from Documentation/building-documentation.adoc
rename to Documentation/development/building-documentation.adoc
index b491105..da5fa8c 100644
--- a/Documentation/building-documentation.adoc
+++ b/Documentation/development/building-documentation.adoc
@@ -1,5 +1,5 @@
-= Building the Documentation
-:page-parent: Tutorials
+= Building Documentation
+:page-parent: Development
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -47,6 +47,6 @@ IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so
if you modify any of those, or add new ones, you'll have to run
`scripts/build.sh` again to do a full rebuild of the site.
-Once you've made your changes to the documentation, see
-xref:first-patch.adoc[Sending Your First Patch] for information
-about how to submit them for review.
+Once you made your changes to the documentation, see
+xref:first-patch.adoc[Patching] for information
+on how to submit your patch for review.
diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc
similarity index 92%
rename from Documentation/debugging.adoc
rename to Documentation/development/debugging.adoc
index 3871a7c..6e529a9 100644
--- a/Documentation/debugging.adoc
+++ b/Documentation/development/debugging.adoc
@@ -1,7 +1,6 @@
-= Debugging Spectrum
-:page-parent: Explanation
-:toc:
-:toclevels: 1
+= Debugging
+:page-parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc
similarity index 83%
rename from Documentation/first-patch.adoc
rename to Documentation/development/first-patch.adoc
index 30672b9..7b8dd1d 100644
--- a/Documentation/first-patch.adoc
+++ b/Documentation/development/first-patch.adoc
@@ -1,11 +1,12 @@
-= Sending Your First Patch
-:page-parent: Tutorials
+= Patching
+:page-parent: Development
+:page-nav_order: 1
+:page-has_children: true
+:toc: preamble
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Prerequisites
-
This tutorial assumes that you already have basic
https://git-scm.com/[git] experience.
@@ -14,10 +15,10 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need
to have configured `git send-email` — a guide for this can be found at
https://git-send-email.io/.
-== Making your changes
+== Making Changes
-If you've worked on any git repository before, the process for making
-your changes will probably be very familiar.
+If you worked on any git repository before, the process for making
+your changes will be very familiar.
1. Create a branch for your changes:
+
@@ -39,7 +40,7 @@ indicates your acceptance of the
https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's
Certificate of Origin], which is mandatory for Spectrum patches.
-== Submitting changes
+== Submitting Changes
Once you're happy with how the commits on your branch look, run:
@@ -64,13 +65,14 @@ message that will be sent before all of your patches.
Once your patch has been submitted, wait for it to be reviewed.
Feedback, if any, will be sent as email replies to your submitted
-patch. You can respond to feedback in your mail client. Please use
-the Reply All button to ensure that your messages are sent to the
+patch. You can respond to feedback in your mail client.
+
+Use the *Reply All* button to sent your messages to the
mailing list as well as to the person who sent the feedback.
-If you need to make changes to your patch, and submit a new version,
+If you need to make changes to your patch and submit a new version,
use https://git-rebase.io/[`git rebase`] to create a new version of
-your patch(es), and submit it like this:
+your patch(es) and then submit it like this:
[source,shell]
----
@@ -81,7 +83,7 @@ The added `-v2` flag indicates that this is version two of your
patch set. If your patches require more rounds of changes, submit
subsequent rounds with `-v3`, `-v4`, etc. as appropriate.
-If you'd like to describe what has changed from the previous version
+If you would like to describe what has changed from the previous version
of your patches, you can do so in a xref:cover-letter[cover letter]
as described above.
diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc
new file mode 100644
index 0000000..471daf7
--- /dev/null
+++ b/Documentation/development/index.adoc
@@ -0,0 +1,17 @@
+= Development
+:description: Development progress, general development practices
+:page-nav_order: 4
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is free software, currently under active development.
+
+== Developer Setup
+
+Before starting, make sure you are familiar with https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4] and the https://nixos.org/manual/nix/stable/introduction.html[Nix package manager].
+
+== Mailing Lists
+
+The Spectrum project runs several https://spectrum-os.org/mailman3/lists/?all-lists[mailing lists] on which you can ask your questions or help other people with the questions they have. All the Spectrum developers as well as many long time Linux and Spectrum users are on the lists.
diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc
similarity index 93%
rename from Documentation/replying.adoc
rename to Documentation/development/replying.adoc
index bb8e31a..05740a0 100644
--- a/Documentation/replying.adoc
+++ b/Documentation/development/replying.adoc
@@ -1,5 +1,7 @@
= Replying to Messages in the Mailing List Archives
-:page-parent: Tutorials
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc
similarity index 89%
rename from Documentation/reviewing-patches.adoc
rename to Documentation/development/reviewing-patches.adoc
index 63ff24e..c8c971f 100644
--- a/Documentation/reviewing-patches.adoc
+++ b/Documentation/development/reviewing-patches.adoc
@@ -1,5 +1,7 @@
= Reviewing Patches
-:page-parent: How-to Guides
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc
similarity index 62%
rename from Documentation/testing-patches.adoc
rename to Documentation/development/testing-patches.adoc
index 8ba7804..99adfd2 100644
--- a/Documentation/testing-patches.adoc
+++ b/Documentation/development/testing-patches.adoc
@@ -1,5 +1,8 @@
= Testing Patches
-:page-parent: How-to Guides
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 1
+:toc: preamble
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -8,52 +11,41 @@ Potential changes to Spectrum are posted to and discussed on the
https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os…
mailing list.
-== Apply the patch
+== Apply Patch
If you haven't already, you'll first need to xref:b4.adoc[install and
configure] https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4].
Then:
-. Find the patch series you want to test on
- https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
-. Navigate to the "permalink" page for any patch in the series.
-. Copy the Message-Id for the patch, as shown on the permalink page, e.g.
- \20220511092352.70E54C980(a)atuin.qyliss.net.
-. In a checkout of the appropriate git repository
- (https://spectrum-os.org/git/spectrum[Spectrum] or
- https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), Run `b4 am`
- with the patch's Message-Id to download all the patches in the
- series into a file.
+1. Find the patch series you want to test on https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
+2. Navigate to the "permalink" page for any patch in the series.
+3. Copy the Message-Id for the patch, as shown on the permalink page, e.g. \20220511092352.70E54C980(a)atuin.qyliss.net.
+4. In a checkout of the appropriate git repository (https://spectrum-os.org/git/spectrum[Spectrum] or https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), run `b4 am` with the patch's Message-Id to download all the patches in the series into a file.
+
-[example]
[source,shell]
----
b4 am 20220511092352.70E54C980(a)atuin.qyliss.net
----
-
-. b4 will indicate the file name it has downloaded the patches into
- with a line like:
+b4 will indicate the file name it has downloaded the patches into with a line like:
+
-[example]
-[listing]
+[source,shell]
+----
Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
+----
+5. Run `git am` on that file to apply the patches, for example:
+
-Run `git am` on that file to apply the patches, for example:
-+
-[example]
[source,shell]
----
git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
----
-== Post your test results
+== Post Your Results
When you've tested a patch, it's really helpful to
xref:replying.adoc[reply] with your test results.
-If the patch worked for you, please reply to it and include a line
-like the following, separated from any reply text:
-
+If the patch worked for you, please reply to it and include a line like the following, separated from any reply text:
+[source,shell]
----
Tested-by: John Smith <john(a)example.com>
----
diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc
similarity index 98%
rename from Documentation/uuid-reference.adoc
rename to Documentation/development/uuid-reference.adoc
index 4b0b481..0eccc82 100644
--- a/Documentation/uuid-reference.adoc
+++ b/Documentation/development/uuid-reference.adoc
@@ -1,5 +1,5 @@
= UUID Reference
-:page-parent: Reference
+:page-parent: Development
:toc: preamble
:toclevels: 1
@@ -40,7 +40,7 @@ xref:user-partition.adoc[Spectrum user partition].
=== `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e`
-https://github.com/endlessm/eos-installer["eosimages"] partition on the
+https://github.com/endlessm/eos-installer["eosimages"] partition on the
Spectrum combined live system / installer image.
== Combined Image Partition IDs
diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc
index b39cc6d..f682129 100644
--- a/Documentation/explanation.adoc
+++ b/Documentation/explanation.adoc
@@ -1,6 +1,5 @@
= Explanation
-:page-has_children: true
-:page-nav_order: 4
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/creating-vms.adoc b/Documentation/getting-started/creating-vms.adoc
similarity index 98%
rename from Documentation/creating-vms.adoc
rename to Documentation/getting-started/creating-vms.adoc
index d967098..e06be85 100644
--- a/Documentation/creating-vms.adoc
+++ b/Documentation/getting-started/creating-vms.adoc
@@ -1,5 +1,5 @@
= Creating VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/getting-started/index.adoc b/Documentation/getting-started/index.adoc
new file mode 100644
index 0000000..1b468ab
--- /dev/null
+++ b/Documentation/getting-started/index.adoc
@@ -0,0 +1,7 @@
+= Getting Started
+:description: Exploring Spectrum OS. Using (=How-To-Guides), Configuring (adding smth). Ready to get started with Spectrum OS? After installing you can create VMs and then configure each one.
+:page-nav_order: 3
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/running-vms.adoc b/Documentation/getting-started/running-vms.adoc
similarity index 93%
rename from Documentation/running-vms.adoc
rename to Documentation/getting-started/running-vms.adoc
index d0d3f99..9073e3c 100644
--- a/Documentation/running-vms.adoc
+++ b/Documentation/getting-started/running-vms.adoc
@@ -1,5 +1,5 @@
= Running VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/user-partition.adoc b/Documentation/getting-started/user-partition.adoc
similarity index 80%
rename from Documentation/user-partition.adoc
rename to Documentation/getting-started/user-partition.adoc
index 73bc0d0..a33d7fc 100644
--- a/Documentation/user-partition.adoc
+++ b/Documentation/getting-started/user-partition.adoc
@@ -1,11 +1,13 @@
-= The User Partition
-:page-parent: Explanation
+= User Partition
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
The Spectrum host system is immutable, so configuration and user data
-lives on a separate partition. The host system discovers the user
+lives on a separate partition.
+
+The host system discovers the user
partition by looking for the special partition type
`9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be
overridden with the `ext` parameter on the host's kernel command line,
diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc
index f43fa13..98cc842 100644
--- a/Documentation/how-to.adoc
+++ b/Documentation/how-to.adoc
@@ -1,4 +1,5 @@
= How-to Guides
+:page-nav_exclude: true
:page-has_children: true
:page-nav_order: 2
diff --git a/Documentation/index.adoc b/Documentation/index.adoc
index 3079847..d26676b 100644
--- a/Documentation/index.adoc
+++ b/Documentation/index.adoc
@@ -1,13 +1,23 @@
-= Spectrum Docs
+= Spectrum Documentation
:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Spectrum is a compartmentalized operating system.
+== Spectrum Project
-If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting
-Spectrum].
+Spectrum is an open source project that aims to create a computer operating system, based on the principle of security by compartmentalization, that has a lower barrier to entry and is easier to use and maintain than other such systems. For more information on the Spectrum project, see https://spectrum-os.org/.
-To learn about what Spectrum is and how it's implemented, start with
-the xref:architecture.adoc[architecture overview].
+Spectrum is made of free and open source software. It is free for anyone to use, modify, and distribute. If you want to be involved with the Spectrum project, see https://spectrum-os.org/contributing.html.
+
+The Spectrum project source code is https://spectrum-os.org/git/spectrum.
+
+== Spectrum OS
+
+Spectrum is an in-development operating system that aims to afford its users security by compartmentalization, while also improving upon other similar projects by maintaining a high level of usability.
+
+To learn about what Spectrum OS is and how it's implemented, start with
+the xref:about/architecture.adoc[architecture overview].
+
+If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run].
diff --git a/Documentation/b4.adoc b/Documentation/installation/b4.adoc
similarity index 96%
rename from Documentation/b4.adoc
rename to Documentation/installation/b4.adoc
index 2519894..1ba87b2 100644
--- a/Documentation/b4.adoc
+++ b/Documentation/installation/b4.adoc
@@ -1,5 +1,6 @@
= Installing and Configuring b4
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc
similarity index 90%
rename from Documentation/binary-cache.adoc
rename to Documentation/installation/binary-cache.adoc
index 6e69b39..232f96c 100644
--- a/Documentation/binary-cache.adoc
+++ b/Documentation/installation/binary-cache.adoc
@@ -1,10 +1,11 @@
-= Setting Up the Binary Cache
-:page-parent: How-to Guides
+= Setting Up Binary Cache
+:page-parent: Build and Run
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Building Spectrum from source can take a very long time. To avoid
+Building Spectrum OS from source can take a very long time. To avoid
having to wait when building the system to try it out or test patches,
an x86_64 binary cache service is available. If configured to do so,
Nix will download build outputs from the cache, instead of building
@@ -20,7 +21,7 @@ encounter any trouble with it.
The binary cache is currently not able to provide logs, due to a
https://github.com/NixOS/nix/pull/6051[Nix bug].
-== On NixOS
+== For NixOS
The following configuration adds the Spectrum binary cache as a
substituter, and tells Nix to trust builds signed with its public key.
@@ -38,7 +39,7 @@ substituter, and tells Nix to trust builds signed with its public key.
}
----
-== On Non-NixOS systems
+== For Non-NixOS Systems
Add the following configuration to /etc/nix/nix.conf:
diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc
similarity index 85%
rename from Documentation/getting-spectrum.adoc
rename to Documentation/installation/getting-spectrum.adoc
index b3fa1ef..a0ea1c4 100644
--- a/Documentation/getting-spectrum.adoc
+++ b/Documentation/installation/getting-spectrum.adoc
@@ -1,10 +1,11 @@
= Getting Spectrum
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-To get Spectrum, you need to build it from source. As long as you're
+To get Spectrum OS, you need to build it from source. As long as you're
running Linuxfootnote:[Building from other operating systems might
work, but hasn't been tested. Patches are welcome to support building
from other operating systems, as long as they're not too invasive.]
@@ -17,7 +18,7 @@ lot of time waiting for builds.
== Trying Spectrum
-If you want to try Spectrum out to get a feel for it, without
+If you want to try Spectrum OS out to get a feel for it, without
installing it, you can run it in a development VM with some example
applications.
@@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run'
This builds just enough of Spectrum to try it out in a VM, but it will
still take a very long time.
-== Building an installer
+== Building Installer
[source,shell]
----
@@ -48,7 +49,7 @@ named "result" will appear, pointing to a Spectrum USB installer
image.
CAUTION: Spectrum is not yet suitable for real-world use. Do not use
-your Spectrum system for anything important or sensitive. Spectrum is
+your Spectrum OS for anything important or sensitive. Spectrum is
currently missing many important security properties, and there is no
procedure for updating to new versions of Spectrum -- you have to
reinstall.
diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc
new file mode 100644
index 0000000..99e9723
--- /dev/null
+++ b/Documentation/installation/index.adoc
@@ -0,0 +1,18 @@
+= Build and Run
+:description: How to download and install Spectrum OS.
+:page-nav_order: 2
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+To try Spectrum OS out or xref:../development/testing-patches.adoc[test patches], you need to build the system from the source.
+
+In order to speed up the build process, set up the binary cache. After building Spectrum OS, you can install and configure the b4 utility to be able to work with patches.
+
+
+TIP: Note that Spectrum OS currently works only on x86-64. AAarch64 support is in development.
+
+Currently, there is no implementation for a software update.
+
+You can replace the installation with some other OS.
diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc
index 44b359d..55259ea 100644
--- a/Documentation/reference.adoc
+++ b/Documentation/reference.adoc
@@ -1,6 +1,5 @@
= Reference
-:page-has_children: true
-:page-nav_order: 3
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc
index cd1fb12..fcef31b 100644
--- a/Documentation/tutorials.adoc
+++ b/Documentation/tutorials.adoc
@@ -1,6 +1,5 @@
= Tutorials
-:page-nav_order: 1
-:page-has_children: true
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
--
2.34.1
4
4
I've published branches called "wayland" on both the spectrum and
nixpkgs repositories, to make it easier to follow the current state of
that work.
I've tested that both hello-wayland and foot work in a Spectrum VM.
(To test foot I just found-and-replaced hello-wayland with foot in
hello-wayland.nix.)
1
0